示例#1
1
 function doModel()
 {
     switch ($this->action) {
         case 'login_post':
             //post execution for the login
             if (!osc_users_enabled()) {
                 osc_add_flash_error_message(_m('Users are not enabled'));
                 $this->redirectTo(osc_base_url());
             }
             osc_csrf_check();
             osc_run_hook('before_validating_login');
             // e-mail or/and password is/are empty or incorrect
             $wrongCredentials = false;
             $email = Params::getParam('email');
             $password = Params::getParam('password', false, false);
             if ($email == '') {
                 osc_add_flash_error_message(_m('Please provide an email address'));
                 $wrongCredentials = true;
             }
             if ($password == '') {
                 osc_add_flash_error_message(_m('Empty passwords are not allowed. Please provide a password'));
                 $wrongCredentials = true;
             }
             if ($wrongCredentials) {
                 $this->redirectTo(osc_user_login_url());
             }
             if (osc_validate_email($email)) {
                 $user = User::newInstance()->findByEmail($email);
             }
             if (empty($user)) {
                 $user = User::newInstance()->findByUsername($email);
             }
             if (empty($user)) {
                 osc_add_flash_error_message(_m("The user doesn't exist"));
                 $this->redirectTo(osc_user_login_url());
             }
             if (!osc_verify_password($password, isset($user['s_password']) ? $user['s_password'] : '')) {
                 osc_add_flash_error_message(_m('The password is incorrect'));
                 $this->redirectTo(osc_user_login_url());
                 // @TODO if valid user, send email parameter back to the login form
             } else {
                 if (@$user['s_password'] != '') {
                     if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $user['s_password'], $cost)) {
                         if ($cost[1] != BCRYPT_COST) {
                             User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id']));
                         }
                     } else {
                         User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id']));
                     }
                 }
             }
             // e-mail or/and IP is/are banned
             $banned = osc_is_banned($email);
             // int 0: not banned or unknown, 1: email is banned, 2: IP is banned, 3: both email & IP are banned
             if ($banned & 1) {
                 osc_add_flash_error_message(_m('Your current email is not allowed'));
             }
             if ($banned & 2) {
                 osc_add_flash_error_message(_m('Your current IP is not allowed'));
             }
             if ($banned !== 0) {
                 $this->redirectTo(osc_user_login_url());
             }
             osc_run_hook('before_login');
             $url_redirect = osc_get_http_referer();
             $page_redirect = '';
             if (osc_rewrite_enabled()) {
                 if ($url_redirect != '') {
                     $request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $url_redirect));
                     $tmp_ar = explode("?", $request_uri);
                     $request_uri = $tmp_ar[0];
                     $rules = Rewrite::newInstance()->listRules();
                     foreach ($rules as $match => $uri) {
                         if (preg_match('#' . $match . '#', $request_uri, $m)) {
                             $request_uri = preg_replace('#' . $match . '#', $uri, $request_uri);
                             if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) {
                                 $page_redirect = $match[2];
                                 if ($page_redirect == '' || $page_redirect == 'login') {
                                     $url_redirect = osc_user_dashboard_url();
                                 }
                             }
                             break;
                         }
                     }
                 }
             }
             require_once LIB_PATH . 'osclass/UserActions.php';
             $uActions = new UserActions(false);
             $logged = $uActions->bootstrap_login($user['pk_i_id']);
             if ($logged == 0) {
                 osc_add_flash_error_message(_m("The user doesn't exist"));
             } else {
                 if ($logged == 1) {
                     if (time() - strtotime($user['dt_access_date']) > 1200) {
                         // EACH 20 MINUTES
                         osc_add_flash_error_message(sprintf(_m('The user has not been validated yet. Would you like to re-send your <a href="%s">activation?</a>'), osc_user_resend_activation_link($user['pk_i_id'], $user['s_email'])));
                     } else {
                         osc_add_flash_error_message(_m('The user has not been validated yet'));
                     }
                 } else {
                     if ($logged == 2) {
                         osc_add_flash_error_message(_m('The user has been suspended'));
                     } else {
                         if ($logged == 3) {
                             if (Params::getParam('remember') == 1) {
                                 //this include contains de osc_genRandomPassword function
                                 require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
                                 $secret = osc_genRandomPassword();
                                 User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id']));
                                 Cookie::newInstance()->set_expires(osc_time_cookie());
                                 Cookie::newInstance()->push('oc_userId', $user['pk_i_id']);
                                 Cookie::newInstance()->push('oc_userSecret', $secret);
                                 Cookie::newInstance()->set();
                             }
                             if ($url_redirect == '') {
                                 $url_redirect = osc_user_dashboard_url();
                             }
                             osc_run_hook("after_login", $user, $url_redirect);
                             $this->redirectTo(osc_apply_filter('correct_login_url_redirect', $url_redirect));
                         } else {
                             osc_add_flash_error_message(_m('This should never happen'));
                         }
                     }
                 }
             }
             if (!$user['b_enabled']) {
                 $this->redirectTo(osc_user_login_url());
             }
             $this->redirectTo(osc_user_login_url());
             break;
         case 'resend':
             $id = Params::getParam('id');
             $email = Params::getParam('email');
             $user = User::newInstance()->findByPrimaryKey($id);
             if ($id == '' || $email == '' || !isset($user) || $user['b_active'] == 1 || $email != $user['s_email']) {
                 osc_add_flash_error_message(_m('Incorrect link'));
                 $this->redirectTo(osc_user_login_url());
             }
             if (time() - strtotime($user['dt_access_date']) > 1200) {
                 // EACH 20 MINUTES
                 if (osc_notify_new_user()) {
                     osc_run_hook('hook_email_admin_new_user', $user);
                 }
                 if (osc_user_validation_enabled()) {
                     osc_run_hook('hook_email_user_validation', $user, $user);
                 }
                 User::newInstance()->update(array('dt_access_date' => date('Y-m-d H:i:s')), array('pk_i_id' => $user['pk_i_id']));
                 osc_add_flash_ok_message(_m('Validation email re-sent'));
             } else {
                 osc_add_flash_warning_message(_m('We have just sent you an email to validate your account, you will have to wait a few minutes to resend it again'));
             }
             $this->redirectTo(osc_user_login_url());
             break;
         case 'recover':
             //form to recover the password (in this case we have the form in /gui/)
             $this->doView('user-recover.php');
             break;
         case 'recover_post':
             //post execution to recover the password
             osc_csrf_check();
             require_once LIB_PATH . 'osclass/UserActions.php';
             // e-mail is incorrect
             if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) {
                 osc_add_flash_error_message(_m('Invalid email address'));
                 $this->redirectTo(osc_recover_user_password_url());
             }
             $userActions = new UserActions(false);
             $success = $userActions->recover_password();
             switch ($success) {
                 case 0:
                     // recover ok
                     osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password'));
                     $this->redirectTo(osc_base_url());
                     break;
                 case 1:
                     // e-mail does not exist
                     osc_add_flash_error_message(_m('We were not able to identify you given the information provided'));
                     $this->redirectTo(osc_recover_user_password_url());
                     break;
                 case 2:
                     // recaptcha wrong
                     osc_add_flash_error_message(_m('The recaptcha code is wrong'));
                     $this->redirectTo(osc_recover_user_password_url());
                     break;
             }
             break;
         case 'forgot':
             //form to recover the password (in this case we have the form in /gui/)
             $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
             if ($user) {
                 $this->doView('user-forgot_password.php');
             } else {
                 osc_add_flash_error_message(_m('Sorry, the link is not valid'));
                 $this->redirectTo(osc_base_url());
             }
             break;
         case 'forgot_post':
             osc_csrf_check();
             if (Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') {
                 osc_add_flash_warning_message(_m('Password cannot be blank'));
                 $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
             }
             $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
             if ($user['b_enabled'] == 1) {
                 if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) {
                     User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => Params::getServerParam('REMOTE_ADDR'), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $user['pk_i_id']));
                     osc_add_flash_ok_message(_m('The password has been changed'));
                     $this->redirectTo(osc_user_login_url());
                 } else {
                     osc_add_flash_error_message(_m("Error, the password don't match"));
                     $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
                 }
             } else {
                 osc_add_flash_error_message(_m('Sorry, the link is not valid'));
             }
             $this->redirectTo(osc_base_url());
             break;
         default:
             //login
             Session::newInstance()->_setReferer(osc_get_http_referer());
             if (osc_logged_user_id() != '') {
                 $this->redirectTo(osc_user_dashboard_url());
             }
             $this->doView('user-login.php');
     }
 }
示例#2
0
function item_adManage_posted($catId = '', $itemId)
{
    $conn = getConnection();
    $r_secret = '';
    $r_secret = osc_genRandomPassword();
    $conn->osc_dbExec("REPLACE INTO %st_item_adManage_limit (fk_i_item_id, r_secret, r_times) VALUES (%d, '%s', %d)", DB_TABLE_PREFIX, $itemId, $r_secret, 0);
}
示例#3
0
 function doModel()
 {
     switch ($this->action) {
         case 'change_email_confirm':
             //change email confirm
             if (Params::getParam('userId') && Params::getParam('code')) {
                 $userManager = new User();
                 $user = $userManager->findByPrimaryKey(Params::getParam('userId'));
                 if ($user['s_pass_code'] == Params::getParam('code') && $user['b_enabled'] == 1) {
                     $userEmailTmp = UserEmailTmp::newInstance()->findByPk(Params::getParam('userId'));
                     $code = osc_genRandomPassword(50);
                     $userManager->update(array('s_email' => $userEmailTmp['s_new_email']), array('pk_i_id' => $userEmailTmp['fk_i_user_id']));
                     Item::newInstance()->update(array('s_contact_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id']));
                     ItemComment::newInstance()->update(array('s_author_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id']));
                     Alerts::newInstance()->update(array('s_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id']));
                     Session::newInstance()->_set('userEmail', $userEmailTmp['s_new_email']);
                     UserEmailTmp::newInstance()->delete(array('s_new_email' => $userEmailTmp['s_new_email']));
                     osc_add_flash_ok_message(_m('Your email has been changed successfully'));
                     $this->redirectTo(osc_user_profile_url());
                 } else {
                     osc_add_flash_error_message(_m('Sorry, the link is not valid'));
                     $this->redirectTo(osc_base_url());
                 }
             } else {
                 osc_add_flash_error_message(_m('Sorry, the link is not valid'));
                 $this->redirectTo(osc_base_url());
             }
             break;
         case 'activate_alert':
             $email = Params::getParam('email');
             $secret = Params::getParam('secret');
             $result = 0;
             if ($email != '' && $secret != '') {
                 $result = Alerts::newInstance()->activate($email, $secret);
             }
             if ($result == 1) {
                 osc_add_flash_ok_message(_m('Alert activated'));
             } else {
                 osc_add_flash_error_message(_m('Ops! There was a problem trying to activate alert. Please contact the administrator'));
             }
             $this->redirectTo(osc_base_url(true));
             break;
         case 'unsub_alert':
             $email = Params::getParam('email');
             $secret = Params::getParam('secret');
             if ($email != '' && $secret != '') {
                 Alerts::newInstance()->delete(array('s_email' => $email, 'S_secret' => $secret));
                 osc_add_flash_ok_message(_m('Unsubscribed correctly'));
             } else {
                 osc_add_flash_error_message(_m('Ops! There was a problem trying to unsubscribe you. Please contact the administrator'));
             }
             $this->redirectTo(osc_base_url());
             break;
         default:
             $this->redirectTo(osc_user_login_url());
             break;
     }
 }
示例#4
0
function basic_info()
{
    require_once LIB_PATH . 'osclass/model/Admin.php';
    require_once LIB_PATH . 'osclass/model/Preference.php';
    require_once LIB_PATH . 'osclass/helpers/hSecurity.php';
    if ($_POST['s_name'] == '') {
        $admin = 'admin';
    } else {
        $admin = $_POST['s_name'];
    }
    if ($_POST['s_passwd'] == '') {
        $password = osc_genRandomPassword();
    } else {
        $password = $_POST['s_passwd'];
    }
    Admin::newInstance()->insert(array('s_name' => 'Administrator', 's_username' => $admin, 's_password' => sha1($password), 's_email' => $_POST['email']));
    $mPreference = Preference::newInstance();
    $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'pageTitle', 's_value' => $_POST['webtitle'], 'e_type' => 'STRING'));
    $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'contactEmail', 's_value' => $_POST['email'], 'e_type' => 'STRING'));
    $body = 'Welcome ' . $_POST['webtitle'] . ',<br/><br/>';
    $body .= 'Your OSClass installation at ' . WEB_PATH . ' is up and running. You can access to the administration panel with this data access:<br/>';
    $body .= '<ul>';
    $body .= '<li>username: '******'</li>';
    $body .= '<li>password: '******'</li>';
    $body .= '</ul>';
    $body .= 'Regards,<br/>';
    $body .= 'The <a href=\'http://osclass.org/\'>OSClass</a> team';
    $sitename = strtolower($_SERVER['SERVER_NAME']);
    if (substr($sitename, 0, 4) == 'www.') {
        $sitename = substr($sitename, 4);
    }
    try {
        require_once LIB_PATH . 'phpmailer/class.phpmailer.php';
        $mail = new PHPMailer(true);
        $mail->CharSet = "utf-8";
        $mail->Host = "localhost";
        $mail->From = 'osclass@' . $sitename;
        $mail->FromName = 'OSClass';
        $mail->Subject = 'OSClass successfully installed!';
        $mail->AddAddress($_POST['email'], 'OSClass administrator');
        $mail->Body = $body;
        $mail->AltBody = $body;
        if (!$mail->Send()) {
            return array('email_status' => $_POST['email'] . "<br>" . $mail->ErrorInfo, 's_password' => $password);
        } else {
            return array('email_status' => '', 's_password' => $password);
        }
    } catch (phpmailerException $exception) {
    }
}
示例#5
0
function basic_info()
{
    require_once LIB_PATH . 'osclass/model/Admin.php';
    require_once LIB_PATH . 'osclass/helpers/hSecurity.php';
    $admin = Params::getParam('s_name');
    if ($admin == '') {
        $admin = 'admin';
    }
    $password = Params::getParam('s_passwd', false, false);
    if ($password == '') {
        $password = osc_genRandomPassword();
    }
    Admin::newInstance()->insert(array('s_name' => 'Administrator', 's_username' => $admin, 's_password' => osc_hash_password($password), 's_email' => Params::getParam('email')));
    $mPreference = Preference::newInstance();
    $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'pageTitle', 's_value' => Params::getParam('webtitle'), 'e_type' => 'STRING'));
    $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'contactEmail', 's_value' => Params::getParam('email'), 'e_type' => 'STRING'));
    $body = sprintf(__('Привет %s,'), Params::getParam('webtitle')) . "<br/><br/>";
    $body .= sprintf(__('Osclass успешно установлен %s и запущен. Вы можете получить доступ к панели администрирования:'), WEB_PATH) . '<br/>';
    $body .= '<ul>';
    $body .= '<li>' . sprintf(__('username: %s'), $admin) . '</li>';
    $body .= '<li>' . sprintf(__('password: %s'), $password) . '</li>';
    $body .= '</ul>';
    $body .= sprintf(__('Помните, если у вас появяться вопросы вы можете прочитать <a href="%1$s">документацию</a>, спросить на <a href="%2$s">форуме</a> или в <a href="%3$s">блоге</a>.'), 'http://os-class.ru/wiki', 'http://os-class.ru/frm', 'http://os-class.ru/category/articles');
    $body .= sprintf(' ' . __('Osclass doesn’t run any developments but we can put you in touch with third party developers through a Premium Support. And hey, if you would like to contribute to Osclass - learn how <a href="%1$s">here</a>!'), 'http://blog.osclass.org/2012/11/22/how-to-collaborate-to-osclass/') . '<br/><br/>';
    $body .= __('Аплодисменты,') . "<br/>";
    $body .= __('Ваш <a href="http://os-class.ru/">Osclass Rus Team</a> team');
    $sitename = strtolower($_SERVER['SERVER_NAME']);
    if (substr($sitename, 0, 4) == 'www.') {
        $sitename = substr($sitename, 4);
    }
    try {
        require_once LIB_PATH . 'phpmailer/class.phpmailer.php';
        $mail = new PHPMailer(true);
        $mail->CharSet = "utf-8";
        $mail->Host = "localhost";
        $mail->From = 'osclass@' . $sitename;
        $mail->FromName = 'Osclass';
        $mail->Subject = 'Osclass успешно установлен!';
        $mail->AddAddress(Params::getParam('email'), 'Osclass administrator');
        $mail->Body = $body;
        $mail->AltBody = $body;
        if (!$mail->Send()) {
            return array('email_status' => Params::getParam('email') . "<br>" . $mail->ErrorInfo, 's_password' => $password);
        }
        return array('email_status' => '', 's_password' => $password);
    } catch (phpmailerException $exception) {
        return array('email_status' => Params::getParam('email') . "<br>" . $exception->errorMessage(), 's_password' => $password);
    }
}
示例#6
0
function basic_info()
{
    require_once LIB_PATH . 'osclass/model/Admin.php';
    require_once LIB_PATH . 'osclass/helpers/hSecurity.php';
    $admin = Params::getParam('s_name');
    if ($admin == '') {
        $admin = 'admin';
    }
    $password = Params::getParam('s_passwd', false, false);
    if ($password == '') {
        $password = osc_genRandomPassword();
    }
    Admin::newInstance()->insert(array('s_name' => 'Administrator', 's_username' => $admin, 's_password' => osc_hash_password($password), 's_email' => Params::getParam('email')));
    $mPreference = Preference::newInstance();
    $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'pageTitle', 's_value' => Params::getParam('webtitle'), 'e_type' => 'STRING'));
    $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'contactEmail', 's_value' => Params::getParam('email'), 'e_type' => 'STRING'));
    $body = sprintf(__('Hi %s,'), Params::getParam('webtitle')) . "<br/><br/>";
    $body .= sprintf(__('Your Osclass installation at %s is up and running. You can access the administration panel with these details:'), WEB_PATH) . '<br/>';
    $body .= '<ul>';
    $body .= '<li>' . sprintf(__('username: %s'), $admin) . '</li>';
    $body .= '<li>' . sprintf(__('password: %s'), $password) . '</li>';
    $body .= '</ul>';
    $body .= sprintf(__('Remember that for any doubts you might have you can consult our <a href="%1$s">documentation</a>, <a href="%2$s">forum</a> or <a href="%3$s">blog</a>.'), 'http://doc.osclass.org/', 'http://forums.osclass.org/', 'http://blog.osclass.org/');
    $body .= sprintf(' ' . __('Osclass doesn’t run any developments but we can put you in touch with third party developers through a Premium Support. And hey, if you would like to contribute to Osclass - learn how <a href="%1$s">here</a>!'), 'http://blog.osclass.org/2012/11/22/how-to-collaborate-to-osclass/') . '<br/><br/>';
    $body .= __('Cheers,') . "<br/>";
    $body .= __('The <a href="http://osclass.org/">Osclass</a> team');
    $sitename = strtolower($_SERVER['SERVER_NAME']);
    if (substr($sitename, 0, 4) == 'www.') {
        $sitename = substr($sitename, 4);
    }
    try {
        require_once LIB_PATH . 'phpmailer/class.phpmailer.php';
        $mail = new PHPMailer(true);
        $mail->CharSet = "utf-8";
        $mail->Host = "localhost";
        $mail->From = 'osclass@' . $sitename;
        $mail->FromName = 'Osclass';
        $mail->Subject = 'Osclass successfully installed!';
        $mail->AddAddress(Params::getParam('email'), 'Osclass administrator');
        $mail->Body = $body;
        $mail->AltBody = $body;
        if (!$mail->Send()) {
            return array('email_status' => Params::getParam('email') . "<br>" . $mail->ErrorInfo, 's_password' => $password);
        }
        return array('email_status' => '', 's_password' => $password);
    } catch (phpmailerException $exception) {
        return array('email_status' => Params::getParam('email') . "<br>" . $exception->errorMessage(), 's_password' => $password);
    }
}
示例#7
0
function basic_info()
{
    require_once LIB_PATH . 'osclass/model/Admin.php';
    require_once LIB_PATH . 'osclass/helpers/hSecurity.php';
    $admin = Params::getParam('s_name');
    if ($admin == '') {
        $admin = 'admin';
    }
    $password = Params::getParam('s_passwd', false, false);
    if ($password == '') {
        $password = osc_genRandomPassword();
    }
    Admin::newInstance()->insert(array('s_name' => 'Administrator', 's_username' => $admin, 's_password' => sha1($password), 's_email' => Params::getParam('email')));
    $mPreference = Preference::newInstance();
    $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'pageTitle', 's_value' => Params::getParam('webtitle'), 'e_type' => 'STRING'));
    $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'contactEmail', 's_value' => Params::getParam('email'), 'e_type' => 'STRING'));
    $body = sprintf(__('Welcome %s,'), Params::getParam('webtitle')) . "<br/><br/>";
    $body .= sprintf(__('Your OSClass installation at %s is up and running. You can access the administration panel with these details:'), WEB_PATH) . "<br/>";
    $body .= '<ul>';
    $body .= '<li>' . sprintf(__('username: %s'), $admin) . '</li>';
    $body .= '<li>' . sprintf(__('password: %s'), $password) . '</li>';
    $body .= '</ul>';
    $body .= __('Regards,') . "<br/>";
    $body .= __('The <a href="http://osclass.org/">OSClass</a> team');
    $sitename = strtolower($_SERVER['SERVER_NAME']);
    if (substr($sitename, 0, 4) == 'www.') {
        $sitename = substr($sitename, 4);
    }
    try {
        require_once LIB_PATH . 'phpmailer/class.phpmailer.php';
        $mail = new PHPMailer(true);
        $mail->CharSet = "utf-8";
        $mail->Host = "localhost";
        $mail->From = 'osclass@' . $sitename;
        $mail->FromName = 'OSClass';
        $mail->Subject = 'OSClass successfully installed!';
        $mail->AddAddress(Params::getParam('email'), 'OSClass administrator');
        $mail->Body = $body;
        $mail->AltBody = $body;
        if (!$mail->Send()) {
            return array('email_status' => Params::getParam('email') . "<br>" . $mail->ErrorInfo, 's_password' => $password);
        }
        return array('email_status' => '', 's_password' => $password);
    } catch (phpmailerException $exception) {
        return array('email_status' => Params::getParam('email') . "<br>" . $exception->errorMessage(), 's_password' => $password);
    }
}
示例#8
0
 function doModel()
 {
     switch ($this->action) {
         case 'login_post':
             //post execution for the login
             if (Params::getParam('user') == '' && Params::getParam('password', false, false) == '') {
                 $this->redirectTo(osc_admin_base_url());
             }
             if (Params::getParam('user') == '') {
                 osc_add_flash_error_message(_m('The username field is empty'), 'admin');
                 $this->redirectTo(osc_admin_base_url());
             }
             if (Params::getParam('password') == '') {
                 osc_add_flash_error_message(_m('The password field is empty'), 'admin');
                 $this->redirectTo(osc_admin_base_url());
             }
             // fields are not empty
             $admin = Admin::newInstance()->findByUsername(Params::getParam('user'));
             if (!$admin) {
                 osc_add_flash_error_message(sprintf(_m('Sorry, incorrect username. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&amp;action=recover'), 'admin');
                 $this->redirectTo(osc_admin_base_url());
             }
             if ($admin["s_password"] !== sha1(Params::getParam('password', false, false))) {
                 osc_add_flash_error_message(sprintf(_m('Sorry, incorrect password. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&amp;action=recover'), 'admin');
                 $this->redirectTo(osc_admin_base_url());
             }
             if (Params::getParam('remember')) {
                 // this include contains de osc_genRandomPassword function
                 require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
                 $secret = osc_genRandomPassword();
                 Admin::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $admin['pk_i_id']));
                 Cookie::newInstance()->set_expires(osc_time_cookie());
                 Cookie::newInstance()->push('oc_adminId', $admin['pk_i_id']);
                 Cookie::newInstance()->push('oc_adminSecret', $secret);
                 Cookie::newInstance()->push('oc_adminLocale', Params::getParam('locale'));
                 Cookie::newInstance()->set();
             }
             // we are logged in... let's go!
             Session::newInstance()->_set('adminId', $admin['pk_i_id']);
             Session::newInstance()->_set('adminUserName', $admin['s_username']);
             Session::newInstance()->_set('adminName', $admin['s_name']);
             Session::newInstance()->_set('adminEmail', $admin['s_email']);
             Session::newInstance()->_set('adminLocale', Params::getParam('locale'));
             $this->redirectTo(osc_admin_base_url());
             break;
         case 'recover':
             // form to recover the password (in this case we have the form in /gui/)
             $this->doView('gui/recover.php');
             break;
         case 'recover_post':
             if (defined('DEMO')) {
                 osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin');
                 $this->redirectTo(osc_admin_base_url());
             }
             // post execution to recover the password
             $admin = Admin::newInstance()->findByEmail(Params::getParam('email'));
             if ($admin) {
                 if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
                     if (!osc_check_recaptcha()) {
                         osc_add_flash_error_message(_m('The Recaptcha code is wrong'), 'admin');
                         $this->redirectTo(osc_admin_base_url(true) . '?page=login&action=recover');
                         return false;
                         // BREAK THE PROCESS, THE RECAPTCHA IS WRONG
                     }
                 }
                 require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
                 $newPassword = osc_genRandomPassword(40);
                 Admin::newInstance()->update(array('s_secret' => $newPassword), array('pk_i_id' => $admin['pk_i_id']));
                 $password_url = osc_forgot_admin_password_confirm_url($admin['pk_i_id'], $newPassword);
                 osc_run_hook('hook_email_user_forgot_password', $admin, $password_url);
             }
             osc_add_flash_ok_message(_m('A new password has been sent to your e-mail'), 'admin');
             $this->redirectTo(osc_admin_base_url());
             break;
         case 'forgot':
             // form to recover the password (in this case we have the form in /gui/)
             $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code'));
             if (!$admin) {
                 osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin');
                 $this->redirectTo(osc_admin_base_url());
             }
             $this->doView('gui/forgot_password.php');
             break;
         case 'forgot_post':
             $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code'));
             if (!$admin) {
                 osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin');
                 $this->redirectTo(osc_admin_base_url());
             }
             if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) {
                 Admin::newInstance()->update(array('s_secret' => osc_genRandomPassword(), 's_password' => sha1(Params::getParam('new_password', false, false))), array('pk_i_id' => $admin['pk_i_id']));
                 osc_add_flash_ok_message(_m('The password has been changed'), 'admin');
                 $this->redirectTo(osc_admin_base_url());
             } else {
                 osc_add_flash_error_message(_m("Error, the password don't match"), 'admin');
                 $this->redirectTo(osc_forgot_admin_password_confirm_url(Params::getParam('adminId'), Params::getParam('code')));
             }
             break;
     }
 }
示例#9
0
 function doModel()
 {
     switch ($this->action) {
         case 'change_email_confirm':
             //change email confirm
             if (Params::getParam('userId') && Params::getParam('code')) {
                 $userManager = new User();
                 $user = $userManager->findByPrimaryKey(Params::getParam('userId'));
                 if ($user['s_pass_code'] == Params::getParam('code') && $user['b_enabled'] == 1) {
                     $userEmailTmp = UserEmailTmp::newInstance()->findByPk(Params::getParam('userId'));
                     $code = osc_genRandomPassword(50);
                     $userManager->update(array('s_email' => $userEmailTmp['s_new_email']), array('pk_i_id' => $userEmailTmp['fk_i_user_id']));
                     Item::newInstance()->update(array('s_contact_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id']));
                     ItemComment::newInstance()->update(array('s_author_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id']));
                     Alerts::newInstance()->update(array('s_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id']));
                     Session::newInstance()->_set('userEmail', $userEmailTmp['s_new_email']);
                     UserEmailTmp::newInstance()->delete(array('s_new_email' => $userEmailTmp['s_new_email']));
                     osc_add_flash_ok_message(_m('Your email has been changed successfully'));
                     $this->redirectTo(osc_user_profile_url());
                 } else {
                     osc_add_flash_error_message(_m('Sorry, the link is not valid'));
                     $this->redirectTo(osc_base_url());
                 }
             } else {
                 osc_add_flash_error_message(_m('Sorry, the link is not valid'));
                 $this->redirectTo(osc_base_url());
             }
             break;
         case 'activate_alert':
             $email = Params::getParam('email');
             $secret = Params::getParam('secret');
             $result = 0;
             if ($email != '' && $secret != '') {
                 $result = Alerts::newInstance()->activate($email, $secret);
             }
             if ($result == 1) {
                 osc_add_flash_ok_message(_m('Alert activated'));
             } else {
                 osc_add_flash_error_message(_m('Ops! There was a problem trying to activate alert. Please contact the administrator'));
             }
             $this->redirectTo(osc_base_url(true));
             break;
         case 'unsub_alert':
             $email = Params::getParam('email');
             $secret = Params::getParam('secret');
             if ($email != '' && $secret != '') {
                 Alerts::newInstance()->delete(array('s_email' => $email, 'S_secret' => $secret));
                 osc_add_flash_ok_message(_m('Unsubscribed correctly'));
             } else {
                 osc_add_flash_error_message(_m('Ops! There was a problem trying to unsubscribe you. Please contact the administrator'));
             }
             $this->redirectTo(osc_base_url());
             break;
         case 'pub_profile':
             $userID = Params::getParam('id');
             $user = User::newInstance()->findByPrimaryKey($userID);
             // user doesn't exist
             if (!$user) {
                 $this->redirectTo(osc_base_url());
             }
             View::newInstance()->_exportVariableToView('user', $user);
             $items = Item::newInstance()->findByUserIDEnabled($user['pk_i_id'], 0, 3);
             View::newInstance()->_exportVariableToView('items', $items);
             $this->doView('user-public-profile.php');
             break;
         case 'contact_post':
             $user = User::newInstance()->findByPrimaryKey(Params::getParam('id'));
             View::newInstance()->_exportVariableToView('user', $user);
             if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
                 if (!osc_check_recaptcha()) {
                     osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
                     Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail'));
                     Session::newInstance()->_setForm("yourName", Params::getParam('yourName'));
                     Session::newInstance()->_setForm("phoneNumber", Params::getParam('phoneNumber'));
                     Session::newInstance()->_setForm("message_body", Params::getParam('message'));
                     $this->redirectTo(osc_user_public_profile_url());
                     return false;
                     // BREAK THE PROCESS, THE RECAPTCHA IS WRONG
                 }
             }
             osc_run_hook('hook_email_contact_user', Params::getParam('id'), Params::getParam('yourEmail'), Params::getParam('yourName'), Params::getParam('phoneNumber'), Params::getParam('message'));
             $this->redirectTo(osc_user_public_profile_url());
             break;
         default:
             $this->redirectTo(osc_user_login_url());
             break;
     }
 }
示例#10
0
文件: ajax.php 项目: acharei/OSClass
 function doModel()
 {
     //specific things for this class
     switch ($this->action) {
         case 'bulk_actions':
             break;
         case 'regions':
             //Return regions given a countryId
             $regions = Region::newInstance()->findByCountry(Params::getParam("countryId"));
             echo json_encode($regions);
             break;
         case 'cities':
             //Returns cities given a regionId
             $cities = City::newInstance()->findByRegion(Params::getParam("regionId"));
             echo json_encode($cities);
             break;
         case 'location':
             // This is the autocomplete AJAX
             $cities = City::newInstance()->ajax(Params::getParam("term"));
             echo json_encode($cities);
             break;
         case 'location_countries':
             // This is the autocomplete AJAX
             $countries = Country::newInstance()->ajax(Params::getParam("term"));
             echo json_encode($countries);
             break;
         case 'location_regions':
             // This is the autocomplete AJAX
             $regions = Region::newInstance()->ajax(Params::getParam("term"), Params::getParam("country"));
             echo json_encode($regions);
             break;
         case 'location_cities':
             // This is the autocomplete AJAX
             $cities = City::newInstance()->ajax(Params::getParam("term"), Params::getParam("region"));
             echo json_encode($cities);
             break;
         case 'delete_image':
             // Delete images via AJAX
             $id = Params::getParam('id');
             $item = Params::getParam('item');
             $code = Params::getParam('code');
             $secret = Params::getParam('secret');
             $json = array();
             if (Session::newInstance()->_get('userId') != '') {
                 $userId = Session::newInstance()->_get('userId');
                 $user = User::newInstance()->findByPrimaryKey($userId);
             } else {
                 $userId = null;
                 $user = null;
             }
             // Check for required fields
             if (!(is_numeric($id) && is_numeric($item) && preg_match('/^([a-z0-9]+)$/i', $code))) {
                 $json['success'] = false;
                 $json['msg'] = _m("The selected photo couldn't be deleted, the url doesn't exist");
                 echo json_encode($json);
                 return false;
             }
             $aItem = Item::newInstance()->findByPrimaryKey($item);
             // Check if the item exists
             if (count($aItem) == 0) {
                 $json['success'] = false;
                 $json['msg'] = _m('The item doesn\'t exist');
                 echo json_encode($json);
                 return false;
             }
             // Check if the item belong to the user
             if ($userId != null && $userId != $aItem['fk_i_user_id']) {
                 $json['success'] = false;
                 $json['msg'] = _m('The item doesn\'t belong to you');
                 echo json_encode($json);
                 return false;
             }
             // Check if the secret passphrase match with the item
             if ($userId == null && $aItem['fk_i_user_id'] == null && $secret != $aItem['s_secret']) {
                 $json['success'] = false;
                 $json['msg'] = _m('The item doesn\'t belong to you');
                 echo json_encode($json);
                 return false;
             }
             // Does id & code combination exist?
             $result = ItemResource::newInstance()->existResource($id, $code);
             if ($result > 0) {
                 // Delete: file, db table entry
                 osc_deleteResource($id);
                 ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $item, 's_name' => $code));
                 $json['msg'] = _m('The selected photo has been successfully deleted');
                 $json['success'] = 'true';
             } else {
                 $json['msg'] = _m("The selected photo couldn't be deleted");
                 $json['success'] = 'false';
             }
             echo json_encode($json);
             return true;
             break;
         case 'alerts':
             // Allow to register to an alert given (not sure it's used on admin)
             $alert = Params::getParam("alert");
             $email = Params::getParam("email");
             $userid = Params::getParam("userid");
             if ($alert != '' && $email != '') {
                 if (preg_match("/^[_a-z0-9-+]+(\\.[_a-z0-9-+]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$/", $email)) {
                     $secret = osc_genRandomPassword();
                     if (Alerts::newInstance()->createAlert($userid, $email, $alert, $secret)) {
                         if ((int) $userid > 0) {
                             $user = User::newInstance()->findByPrimaryKey($userid);
                             if ($user['b_active'] == 1 && $user['b_enabled'] == 1) {
                                 Alerts::newInstance()->activate($email, $secret);
                                 echo '1';
                                 return true;
                             } else {
                                 echo '-1';
                                 return false;
                             }
                         } else {
                             osc_run_hook('hook_email_alert_validation', $alert, $email, $secret);
                         }
                         echo "1";
                     } else {
                         echo "0";
                     }
                     return true;
                 } else {
                     echo '-1';
                     return false;
                 }
             }
             echo '0';
             return false;
             break;
         case 'runhook':
             //Run hooks
             $hook = Params::getParam("hook");
             switch ($hook) {
                 case 'item_form':
                     $catId = Params::getParam("catId");
                     if ($catId != '') {
                         osc_run_hook("item_form", $catId);
                     } else {
                         osc_run_hook("item_form");
                     }
                     break;
                 case 'item_edit':
                     $catId = Params::getParam("catId");
                     $itemId = Params::getParam("itemId");
                     osc_run_hook("item_edit", $catId, $itemId);
                     break;
                 default:
                     if ($hook == '') {
                         return false;
                     } else {
                         osc_run_hook($hook);
                     }
                     break;
             }
             break;
         case 'custom':
             // Execute via AJAX custom file
             $ajaxfile = Params::getParam("ajaxfile");
             if ($ajaxfile != '') {
                 require_once osc_plugins_path() . $ajaxfile;
             } else {
                 echo json_encode(array('error' => __('no action defined')));
             }
             break;
         default:
             echo json_encode(array('error' => __('no action defined')));
             break;
     }
     // clear all keep variables into session
     Session::newInstance()->_dropKeepForm();
     Session::newInstance()->_clearVariables();
 }
示例#11
0
    function doModel()
    {
        switch ($this->action) {
            case 'comments':
                //calling the comments settings view
                $this->doView('settings/comments.php');
                break;
            case 'comments_post':
                // updating comment
                $iUpdated = 0;
                $enabledComments = Params::getParam('enabled_comments');
                $enabledComments = $enabledComments != '' ? true : false;
                $moderateComments = Params::getParam('moderate_comments');
                $moderateComments = $moderateComments != '' ? true : false;
                $numModerateComments = Params::getParam('num_moderate_comments');
                $commentsPerPage = Params::getParam('comments_per_page');
                $notifyNewComment = Params::getParam('notify_new_comment');
                $notifyNewComment = $notifyNewComment != '' ? true : false;
                $notifyNewCommentUser = Params::getParam('notify_new_comment_user');
                $notifyNewCommentUser = $notifyNewCommentUser != '' ? true : false;
                $regUserPostComments = Params::getParam('reg_user_post_comments');
                $regUserPostComments = $regUserPostComments != '' ? true : false;
                $msg = '';
                if (!osc_validate_int(Params::getParam("num_moderate_comments"))) {
                    $msg .= _m("Number of moderate comments must only contain numeric characters") . "<br/>";
                }
                if (!osc_validate_int(Params::getParam("comments_per_page"))) {
                    $msg .= _m("Comments per page must only contain numeric characters") . "<br/>";
                }
                if ($msg != '') {
                    osc_add_flash_error_message($msg, 'admin');
                    $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=comments');
                }
                $iUpdated += Preference::newInstance()->update(array('s_value' => $enabledComments), array('s_name' => 'enabled_comments'));
                if ($moderateComments) {
                    $iUpdated += Preference::newInstance()->update(array('s_value' => $numModerateComments), array('s_name' => 'moderate_comments'));
                } else {
                    $iUpdated += Preference::newInstance()->update(array('s_value' => '-1'), array('s_name' => 'moderate_comments'));
                }
                $iUpdated += Preference::newInstance()->update(array('s_value' => $notifyNewComment), array('s_name' => 'notify_new_comment'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $notifyNewCommentUser), array('s_name' => 'notify_new_comment_user'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $commentsPerPage), array('s_name' => 'comments_per_page'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $regUserPostComments), array('s_name' => 'reg_user_post_comments'));
                if ($iUpdated > 0) {
                    osc_add_flash_ok_message(_m("Comment settings have been updated"), 'admin');
                }
                $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=comments');
                break;
            case 'locations':
                // calling the locations settings view
                $location_action = Params::getParam('type');
                $mCountries = new Country();
                switch ($location_action) {
                    case 'add_country':
                        // add country
                        $countryCode = strtoupper(Params::getParam('c_country'));
                        $countryName = Params::getParam('country');
                        $exists = $mCountries->findByCode($countryCode);
                        if (isset($exists['s_name'])) {
                            osc_add_flash_error_message(sprintf(_m('%s already was in the database'), $countryName), 'admin');
                        } else {
                            $countries_json = osc_file_get_contents('http://geo.osclass.org/geo.download.php?action=country_code&term=' . urlencode($countryCode));
                            $countries = json_decode($countries_json);
                            $mCountries->insert(array('pk_c_code' => $countryCode, 's_name' => $countryName));
                            CountryStats::newInstance()->setNumItems($countryCode, 0);
                            if (isset($countries->error)) {
                                // Country is not in our GEO database
                                // We have no region for user-typed countries
                            } else {
                                // Country is in our GEO database, add regions and cities
                                $manager_region = new Region();
                                $regions_json = osc_file_get_contents('http://geo.osclass.org/geo.download.php?action=region&country_code=' . urlencode($countryCode) . '&term=all');
                                $regions = json_decode($regions_json);
                                if (!isset($regions->error)) {
                                    if (count($regions) > 0) {
                                        foreach ($regions as $r) {
                                            $manager_region->insert(array("fk_c_country_code" => $r->country_code, "s_name" => $r->name));
                                            $id = $manager_region->dao->insertedId();
                                            RegionStats::newInstance()->setNumItems($id, 0);
                                        }
                                    }
                                    unset($regions);
                                    unset($regions_json);
                                    $manager_city = new City();
                                    if (count($countries) > 0) {
                                        foreach ($countries as $c) {
                                            $regions = $manager_region->findByCountry($c->id);
                                            if (!isset($regions->error)) {
                                                if (count($regions) > 0) {
                                                    foreach ($regions as $region) {
                                                        $cities_json = osc_file_get_contents('http://geo.osclass.org/geo.download.php?action=city&country=' . urlencode($c->name) . '&region=' . urlencode($region['s_name']) . '&term=all');
                                                        $cities = json_decode($cities_json);
                                                        if (!isset($cities->error)) {
                                                            if (count($cities) > 0) {
                                                                foreach ($cities as $ci) {
                                                                    $manager_city->insert(array("fk_i_region_id" => $region['pk_i_id'], "s_name" => $ci->name, "fk_c_country_code" => $ci->country_code));
                                                                    $id = $manager_city->dao->insertedId();
                                                                    CityStats::newInstance()->setNumItems($id, 0);
                                                                }
                                                            }
                                                        }
                                                        unset($cities);
                                                        unset($cities_json);
                                                    }
                                                }
                                            }
                                        }
                                    }
                                }
                            }
                            osc_add_flash_ok_message(sprintf(_m('%s has been added as a new country'), $countryName), 'admin');
                        }
                        $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations');
                        break;
                    case 'edit_country':
                        // edit country
                        $ok = $mCountries->update(array('s_name' => Params::getParam('e_country')), array('pk_c_code' => Params::getParam('country_code')));
                        if ($ok) {
                            osc_add_flash_ok_message(_m('Country has been edited'), 'admin');
                        } else {
                            osc_add_flash_error_message(_m('There were some problems editing the country'), 'admin');
                        }
                        $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations');
                        break;
                    case 'delete_country':
                        // delete country
                        $countryId = Params::getParam('id');
                        Item::newInstance()->deleteByRegion($countryId);
                        $mRegions = new Region();
                        $mCities = new City();
                        $aCountries = $mCountries->findByCode($countryId);
                        $aRegions = $mRegions->findByCountry($aCountries['pk_c_code']);
                        foreach ($aRegions as $region) {
                            // remove city_stats
                            CityStats::newInstance()->deleteByRegion($region['pk_i_id']);
                            // remove region_stats
                            RegionStats::newInstance()->delete(array('fk_i_region_id' => $region['pk_i_id']));
                        }
                        //remove country stats
                        CountryStats::newInstance()->delete(array('fk_c_country_code' => $aCountries['pk_c_code']));
                        $ok = $mCountries->deleteByPrimaryKey($aCountries['pk_c_code']);
                        if ($ok) {
                            osc_add_flash_ok_message(sprintf(_m('%s has been deleted'), $aCountries['s_name']), 'admin');
                        } else {
                            osc_add_flash_error_message(sprintf(_m('There was a problem deleting %s'), $aCountries['s_name']), 'admin');
                        }
                        $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations');
                        break;
                    case 'add_region':
                        // add region
                        if (!Params::getParam('r_manual')) {
                            $this->install_location_by_region();
                        } else {
                            $mRegions = new Region();
                            $regionName = Params::getParam('region');
                            $countryCode = Params::getParam('country_c_parent');
                            $country = Country::newInstance()->findByCode($countryCode);
                            $exists = $mRegions->findByName($regionName, $countryCode);
                            if (!isset($exists['s_name'])) {
                                $data = array('fk_c_country_code' => $countryCode, 's_name' => $regionName);
                                $mRegions->insert($data);
                                $id = $mRegions->dao->insertedId();
                                RegionStats::newInstance()->setNumItems($id, 0);
                                osc_add_flash_ok_message(sprintf(_m('%s has been added as a new region'), $regionName), 'admin');
                            } else {
                                osc_add_flash_error_message(sprintf(_m('%s already was in the database'), $regionName), 'admin');
                            }
                        }
                        $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations&country_code=' . @$countryCode . "&country=" . @$country['s_name']);
                        break;
                    case 'edit_region':
                        // edit region
                        $mRegions = new Region();
                        $newRegion = Params::getParam('e_region');
                        $regionId = Params::getParam('region_id');
                        $exists = $mRegions->findByName($newRegion);
                        if (!isset($exists['pk_i_id']) || $exists['pk_i_id'] == $regionId) {
                            if ($regionId != '') {
                                $aRegion = $mRegions->findByPrimaryKey($regionId);
                                $country = Country::newInstance()->findByCode($aRegion['fk_c_country_code']);
                                $mRegions->update(array('s_name' => $newRegion), array('pk_i_id' => $regionId));
                                ItemLocation::newInstance()->update(array('s_region' => $newRegion), array('fk_i_region_id' => $regionId));
                                osc_add_flash_ok_message(sprintf(_m('%s has been edited'), $newRegion), 'admin');
                            }
                        } else {
                            osc_add_flash_error_message(sprintf(_m('%s already was in the database'), $newRegion), 'admin');
                        }
                        $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations&country_code=' . @$country['pk_c_code'] . "&country=" . @$country['s_name']);
                        break;
                    case 'delete_region':
                        // delete region
                        $mRegion = new Region();
                        $mCities = new City();
                        $regionId = Params::getParam('id');
                        if ($regionId != '') {
                            Item::newInstance()->deleteByRegion($regionId);
                            $aRegion = $mRegion->findByPrimaryKey($regionId);
                            $country = Country::newInstance()->findByCode($aRegion['fk_c_country_code']);
                            // remove city_stats
                            CityStats::newInstance()->deleteByRegion($regionId);
                            $mCities->delete(array('fk_i_region_id' => $regionId));
                            // remove region_stats
                            RegionStats::newInstance()->delete(array('fk_i_region_id' => $regionId));
                            $mRegion->delete(array('pk_i_id' => $regionId));
                            osc_add_flash_ok_message(sprintf(_m('%s has been deleted'), $aRegion['s_name']), 'admin');
                        }
                        $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations&country_code=' . @$country['pk_c_code'] . "&country=" . @$country['s_name']);
                        break;
                    case 'add_city':
                        // add city
                        $mRegion = new Region();
                        $mCities = new City();
                        $regionId = Params::getParam('region_parent');
                        $countryCode = Params::getParam('country_c_parent');
                        $newCity = Params::getParam('city');
                        $exists = $mCities->findByName($newCity, $regionId);
                        $region = $mRegion->findByPrimaryKey($regionId);
                        $country = Country::newInstance()->findByCode($region['fk_c_country_code']);
                        if (!isset($exists['s_name'])) {
                            $mCities->insert(array('fk_i_region_id' => $regionId, 's_name' => $newCity, 'fk_c_country_code' => $countryCode));
                            $id = $mCities->dao->insertedId();
                            CityStats::newInstance()->setNumItems($id, 0);
                            osc_add_flash_ok_message(sprintf(_m('%s has been added as a new city'), $newCity), 'admin');
                        } else {
                            osc_add_flash_error_message(sprintf(_m('%s already was in the database'), $newCity), 'admin');
                        }
                        $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations&country_code=' . @$country['pk_c_code'] . "&country=" . @$country['s_name'] . "&region=" . $regionId);
                        break;
                    case 'edit_city':
                        // edit city
                        $mRegion = new Region();
                        $mCities = new City();
                        $newCity = Params::getParam('e_city');
                        $cityId = Params::getParam('city_id');
                        $exists = $mCities->findByName($newCity);
                        if (!isset($exists['pk_i_id']) || $exists['pk_i_id'] == $cityId) {
                            $city = $mCities->findByPrimaryKey($cityId);
                            $region = $mRegion->findByPrimaryKey($city['fk_i_region_id']);
                            $country = Country::newInstance()->findByCode($region['fk_c_country_code']);
                            $mCities->update(array('s_name' => $newCity), array('pk_i_id' => $cityId));
                            ItemLocation::newInstance()->update(array('s_city' => $newCity), array('fk_i_city_id' => $cityId));
                            osc_add_flash_ok_message(sprintf(_m('%s has been edited'), $newCity), 'admin');
                        } else {
                            osc_add_flash_error_message(sprintf(_m('%s already was in the database'), $newCity), 'admin');
                        }
                        $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations&country_code=' . @$country['pk_c_code'] . "&country=" . @$country['s_name'] . "&region=" . @$region['pk_i_id']);
                        break;
                    case 'delete_city':
                        // delete city
                        $mRegion = new Region();
                        $mCities = new City();
                        $cityId = Params::getParam('id');
                        Item::newInstance()->deleteByCity($cityId);
                        $aCity = $mCities->findByPrimaryKey($cityId);
                        // remove region_stats
                        $region = $mRegion->findByPrimaryKey($aCity['fk_i_region_id']);
                        $country = Country::newInstance()->findByCode($region['fk_c_country_code']);
                        CityStats::newInstance()->delete(array('fk_i_city_id' => $cityId));
                        $mCities->delete(array('pk_i_id' => $cityId));
                        osc_add_flash_ok_message(sprintf(_m('%s has been deleted'), $aCity['s_name']), 'admin');
                        $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations&country_code=' . @$country['pk_c_code'] . "&country=" . @$country['s_name'] . "&region=" . @$region['pk_i_id']);
                        break;
                }
                $aCountries = $mCountries->listAll();
                $this->_exportVariableToView('aCountries', $aCountries);
                $this->doView('settings/locations.php');
                break;
            case 'permalinks':
                // calling the permalinks view
                $htaccess = Params::getParam('htaccess_status');
                $file = Params::getParam('file_status');
                $this->_exportVariableToView('htaccess', $htaccess);
                $this->_exportVariableToView('file', $file);
                $this->doView('settings/permalinks.php');
                break;
            case 'permalinks_post':
                // updating permalinks option
                $htaccess_file = osc_base_path() . '.htaccess';
                $rewriteEnabled = Params::getParam('rewrite_enabled') ? true : false;
                if ($rewriteEnabled) {
                    Preference::newInstance()->update(array('s_value' => '1'), array('s_name' => 'rewriteEnabled'));
                    $rewrite_base = REL_WEB_URL;
                    $htaccess = <<<HTACCESS
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase {$rewrite_base}
    RewriteRule ^index\\.php\$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . {$rewrite_base}index.php [L]
</IfModule>
HTACCESS;
                    // 1. OK (ok)
                    // 2. OK no apache module detected (warning)
                    // 3. No se puede crear + apache
                    // 4. No se puede crear + no apache
                    $status = 3;
                    if (file_exists($htaccess_file)) {
                        if (is_writable($htaccess_file) && file_put_contents($htaccess_file, $htaccess)) {
                            $status = 1;
                        }
                    } else {
                        if (is_writable(osc_base_path()) && file_put_contents($htaccess_file, $htaccess)) {
                            $status = 1;
                        }
                    }
                    if (!@apache_mod_loaded('mod_rewrite')) {
                        $status++;
                    }
                    $errors = 0;
                    $item_url = substr(str_replace('//', '/', Params::getParam('rewrite_item_url') . '/'), 0, -1);
                    if (!osc_validate_text($item_url)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $item_url), array('s_name' => 'rewrite_item_url'));
                    }
                    $page_url = substr(str_replace('//', '/', Params::getParam('rewrite_page_url') . '/'), 0, -1);
                    if (!osc_validate_text($page_url)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $page_url), array('s_name' => 'rewrite_page_url'));
                    }
                    $cat_url = substr(str_replace('//', '/', Params::getParam('rewrite_cat_url') . '/'), 0, -1);
                    if (!osc_validate_text($cat_url)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $cat_url), array('s_name' => 'rewrite_cat_url'));
                    }
                    $search_url = substr(str_replace('//', '/', Params::getParam('rewrite_search_url') . '/'), 0, -1);
                    if (!osc_validate_text($search_url)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $search_url), array('s_name' => 'rewrite_search_url'));
                    }
                    if (!osc_validate_text(Params::getParam('rewrite_search_country'))) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_country')), array('s_name' => 'rewrite_search_country'));
                    }
                    if (!osc_validate_text(Params::getParam('rewrite_search_region'))) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_region')), array('s_name' => 'rewrite_search_region'));
                    }
                    if (!osc_validate_text(Params::getParam('rewrite_search_city'))) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_city')), array('s_name' => 'rewrite_search_city'));
                    }
                    if (!osc_validate_text(Params::getParam('rewrite_search_city_area'))) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_city_area')), array('s_name' => 'rewrite_search_city_area'));
                    }
                    if (!osc_validate_text(Params::getParam('rewrite_search_category'))) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_category')), array('s_name' => 'rewrite_search_category'));
                    }
                    if (!osc_validate_text(Params::getParam('rewrite_search_user'))) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_user')), array('s_name' => 'rewrite_search_user'));
                    }
                    if (!osc_validate_text(Params::getParam('rewrite_search_pattern'))) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_pattern')), array('s_name' => 'rewrite_search_pattern'));
                    }
                    $rewrite_contact = substr(str_replace('//', '/', Params::getParam('rewrite_contact') . '/'), 0, -1);
                    if (!osc_validate_text($rewrite_contact)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $rewrite_contact), array('s_name' => 'rewrite_contact'));
                    }
                    $rewrite_feed = substr(str_replace('//', '/', Params::getParam('rewrite_feed') . '/'), 0, -1);
                    if (!osc_validate_text($rewrite_feed)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $rewrite_feed), array('s_name' => 'rewrite_feed'));
                    }
                    $rewrite_language = substr(str_replace('//', '/', Params::getParam('rewrite_language') . '/'), 0, -1);
                    if (!osc_validate_text($rewrite_language)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $rewrite_language), array('s_name' => 'rewrite_language'));
                    }
                    $rewrite_item_mark = substr(str_replace('//', '/', Params::getParam('rewrite_item_mark') . '/'), 0, -1);
                    if (!osc_validate_text($rewrite_item_mark)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $rewrite_item_mark), array('s_name' => 'rewrite_item_mark'));
                    }
                    $rewrite_item_send_friend = substr(str_replace('//', '/', Params::getParam('rewrite_item_send_friend') . '/'), 0, -1);
                    if (!osc_validate_text($rewrite_item_send_friend)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $rewrite_item_send_friend), array('s_name' => 'rewrite_item_send_friend'));
                    }
                    $rewrite_item_contact = substr(str_replace('//', '/', Params::getParam('rewrite_item_contact') . '/'), 0, -1);
                    if (!osc_validate_text($rewrite_item_contact)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $rewrite_item_contact), array('s_name' => 'rewrite_item_contact'));
                    }
                    $rewrite_item_new = substr(str_replace('//', '/', Params::getParam('rewrite_item_new') . '/'), 0, -1);
                    if (!osc_validate_text($rewrite_item_new)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $rewrite_item_new), array('s_name' => 'rewrite_item_new'));
                    }
                    $rewrite_item_activate = substr(str_replace('//', '/', Params::getParam('rewrite_item_activate') . '/'), 0, -1);
                    if (!osc_validate_text($rewrite_item_activate)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $rewrite_item_activate), array('s_name' => 'rewrite_item_activate'));
                    }
                    $rewrite_item_edit = substr(str_replace('//', '/', Params::getParam('rewrite_item_edit') . '/'), 0, -1);
                    if (!osc_validate_text($rewrite_item_edit)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $rewrite_item_edit), array('s_name' => 'rewrite_item_edit'));
                    }
                    $rewrite_item_delete = substr(str_replace('//', '/', Params::getParam('rewrite_item_delete') . '/'), 0, -1);
                    if (!osc_validate_text($rewrite_item_delete)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $rewrite_item_delete), array('s_name' => 'rewrite_item_delete'));
                    }
                    $rewrite_item_resource_delete = substr(str_replace('//', '/', Params::getParam('rewrite_item_resource_delete') . '/'), 0, -1);
                    if (!osc_validate_text($rewrite_item_resource_delete)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $rewrite_item_resource_delete), array('s_name' => 'rewrite_item_resource_delete'));
                    }
                    $rewrite_user_login = substr(str_replace('//', '/', Params::getParam('rewrite_user_login') . '/'), 0, -1);
                    if (!osc_validate_text($rewrite_user_login)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $rewrite_user_login), array('s_name' => 'rewrite_user_login'));
                    }
                    $rewrite_user_dashboard = substr(str_replace('//', '/', Params::getParam('rewrite_user_dashboard') . '/'), 0, -1);
                    if (!osc_validate_text($rewrite_user_dashboard)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $rewrite_user_dashboard), array('s_name' => 'rewrite_user_dashboard'));
                    }
                    $rewrite_user_logout = substr(str_replace('//', '/', Params::getParam('rewrite_user_logout') . '/'), 0, -1);
                    if (!osc_validate_text($rewrite_user_logout)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $rewrite_user_logout), array('s_name' => 'rewrite_user_logout'));
                    }
                    $rewrite_user_register = substr(str_replace('//', '/', Params::getParam('rewrite_user_register') . '/'), 0, -1);
                    if (!osc_validate_text($rewrite_user_register)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $rewrite_user_register), array('s_name' => 'rewrite_user_register'));
                    }
                    $rewrite_user_activate = substr(str_replace('//', '/', Params::getParam('rewrite_user_activate') . '/'), 0, -1);
                    if (!osc_validate_text($rewrite_user_activate)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $rewrite_user_activate), array('s_name' => 'rewrite_user_activate'));
                    }
                    $rewrite_user_activate_alert = substr(str_replace('//', '/', Params::getParam('rewrite_user_activate_alert') . '/'), 0, -1);
                    if (!osc_validate_text($rewrite_user_activate_alert)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $rewrite_user_activate_alert), array('s_name' => 'rewrite_user_activate_alert'));
                    }
                    $rewrite_user_profile = substr(str_replace('//', '/', Params::getParam('rewrite_user_profile') . '/'), 0, -1);
                    if (!osc_validate_text($rewrite_user_profile)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $rewrite_user_profile), array('s_name' => 'rewrite_user_profile'));
                    }
                    $rewrite_user_items = substr(str_replace('//', '/', Params::getParam('rewrite_user_items') . '/'), 0, -1);
                    if (!osc_validate_text($rewrite_user_items)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $rewrite_user_items), array('s_name' => 'rewrite_user_items'));
                    }
                    $rewrite_user_alerts = substr(str_replace('//', '/', Params::getParam('rewrite_user_alerts') . '/'), 0, -1);
                    if (!osc_validate_text($rewrite_user_alerts)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $rewrite_user_alerts), array('s_name' => 'rewrite_user_alerts'));
                    }
                    $rewrite_user_recover = substr(str_replace('//', '/', Params::getParam('rewrite_user_recover') . '/'), 0, -1);
                    if (!osc_validate_text($rewrite_user_recover)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $rewrite_user_recover), array('s_name' => 'rewrite_user_recover'));
                    }
                    $rewrite_user_forgot = substr(str_replace('//', '/', Params::getParam('rewrite_user_forgot') . '/'), 0, -1);
                    if (!osc_validate_text($rewrite_user_forgot)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $rewrite_user_forgot), array('s_name' => 'rewrite_user_forgot'));
                    }
                    $rewrite_user_change_password = substr(str_replace('//', '/', Params::getParam('rewrite_user_change_password') . '/'), 0, -1);
                    if (!osc_validate_text($rewrite_user_change_password)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $rewrite_user_change_password), array('s_name' => 'rewrite_user_change_password'));
                    }
                    $rewrite_user_change_email = substr(str_replace('//', '/', Params::getParam('rewrite_user_change_email') . '/'), 0, -1);
                    if (!osc_validate_text($rewrite_user_change_email)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $rewrite_user_change_email), array('s_name' => 'rewrite_user_change_email'));
                    }
                    $rewrite_user_change_email_confirm = substr(str_replace('//', '/', Params::getParam('rewrite_user_change_email_confirm') . '/'), 0, -1);
                    if (!osc_validate_text($rewrite_user_change_email_confirm)) {
                        $errors += 1;
                    } else {
                        Preference::newInstance()->update(array('s_value' => $rewrite_user_change_email_confirm), array('s_name' => 'rewrite_user_change_email_confirm'));
                    }
                    osc_reset_preferences();
                    $rewrite = Rewrite::newInstance();
                    osc_run_hook("before_rewrite_rules", array(&$rewrite));
                    $rewrite->clearRules();
                    /*****************************
                     ********* Add rules *********
                     *****************************/
                    // Contact rules
                    $rewrite->addRule('^' . osc_get_preference('rewrite_contact') . '/?$', 'index.php?page=contact');
                    // Feed rules
                    $rewrite->addRule('^' . osc_get_preference('rewrite_feed') . '/?$', 'index.php?page=search&sFeed=rss');
                    $rewrite->addRule('^' . osc_get_preference('rewrite_feed') . '/(.+)/?$', 'index.php?page=search&sFeed=$1');
                    // Language rules
                    $rewrite->addRule('^' . osc_get_preference('rewrite_language') . '/(.*?)/?$', 'index.php?page=language&locale=$1');
                    // Search rules
                    $rewrite->addRule('^' . $search_url . '$', 'index.php?page=search');
                    $rewrite->addRule('^' . $search_url . '/(.*)$', 'index.php?page=search&sParams=$1');
                    // Item rules
                    $rewrite->addRule('^' . osc_get_preference('rewrite_item_mark') . '/(.*?)/([0-9]+)/?$', 'index.php?page=item&action=mark&as=$1&id=$2');
                    $rewrite->addRule('^' . osc_get_preference('rewrite_item_send_friend') . '/([0-9]+)/?$', 'index.php?page=item&action=send_friend&id=$1');
                    $rewrite->addRule('^' . osc_get_preference('rewrite_item_contact') . '/([0-9]+)/?$', 'index.php?page=item&action=contact&id=$1');
                    $rewrite->addRule('^' . osc_get_preference('rewrite_item_new') . '/?$', 'index.php?page=item&action=item_add');
                    $rewrite->addRule('^' . osc_get_preference('rewrite_item_new') . '/([0-9]+)/?$', 'index.php?page=item&action=item_add&catId=$1');
                    $rewrite->addRule('^' . osc_get_preference('rewrite_item_activate') . '/([0-9]+)/(.*?)/?$', 'index.php?page=item&action=activate&id=$1&secret=$2');
                    $rewrite->addRule('^' . osc_get_preference('rewrite_item_edit') . '/([0-9]+)/(.*?)/?$', 'index.php?page=item&action=item_edit&id=$1&secret=$2');
                    $rewrite->addRule('^' . osc_get_preference('rewrite_item_delete') . '/([0-9]+)/(.*?)/?$', 'index.php?page=item&action=item_delete&id=$1&secret=$2');
                    $rewrite->addRule('^' . osc_get_preference('rewrite_item_resource_delete') . '/([0-9]+)/([0-9]+)/([0-9A-Za-z]+)/?(.*?)/?$', 'index.php?page=item&action=deleteResource&id=$1&item=$2&code=$3&secret=$4');
                    // Item rules
                    $id_pos = stripos($item_url, '{ITEM_ID}');
                    $title_pos = stripos($item_url, '{ITEM_TITLE}');
                    $cat_pos = stripos($item_url, '{CATEGORIES');
                    $param_pos = 1;
                    if ($title_pos !== false && $id_pos > $title_pos) {
                        $param_pos++;
                    }
                    if ($cat_pos !== false && $id_pos > $cat_pos) {
                        $param_pos++;
                    }
                    $comments_pos = 1;
                    if ($id_pos !== false) {
                        $comments_pos++;
                    }
                    if ($title_pos !== false) {
                        $comments_pos++;
                    }
                    if ($cat_pos !== false) {
                        $comments_pos++;
                    }
                    $rewrite->addRule('^' . str_replace('{ITEM_CITY}', '.*', str_replace('{CATEGORIES}', '.*', str_replace('{ITEM_TITLE}', '.*', str_replace('{ITEM_ID}', '([0-9]+)', $item_url . '\\?comments-page=([0-9al]*)')))) . '$', 'index.php?page=item&id=$1&comments-page=$2');
                    $rewrite->addRule('^([a-z]{2})_([A-Z]{2})/' . str_replace('{ITEM_CITY}', '.*', str_replace('{CATEGORIES}', '.*', str_replace('{ITEM_TITLE}', '.*', str_replace('{ITEM_ID}', '([0-9]+)', $item_url . '\\?comments-page=([0-9al]*)')))) . '$', 'index.php?page=item&id=$3&lang=$1_$2&comments-page=$4');
                    $rewrite->addRule('^' . str_replace('{ITEM_CITY}', '.*', str_replace('{CATEGORIES}', '.*', str_replace('{ITEM_TITLE}', '.*', str_replace('{ITEM_ID}', '([0-9]+)', $item_url)))) . '$', 'index.php?page=item&id=$1');
                    $rewrite->addRule('^([a-z]{2})_([A-Z]{2})/' . str_replace('{ITEM_CITY}', '.*', str_replace('{CATEGORIES}', '.*', str_replace('{ITEM_TITLE}', '.*', str_replace('{ITEM_ID}', '([0-9]+)', $item_url)))) . '$', 'index.php?page=item&id=$3&lang=$1_$2');
                    // User rules
                    $rewrite->addRule('^' . osc_get_preference('rewrite_user_login') . '/?$', 'index.php?page=login');
                    $rewrite->addRule('^' . osc_get_preference('rewrite_user_dashboard') . '/?$', 'index.php?page=user&action=dashboard');
                    $rewrite->addRule('^' . osc_get_preference('rewrite_user_logout') . '/?$', 'index.php?page=main&action=logout');
                    $rewrite->addRule('^' . osc_get_preference('rewrite_user_register') . '/?$', 'index.php?page=register&action=register');
                    $rewrite->addRule('^' . osc_get_preference('rewrite_user_activate') . '/([0-9]+)/(.*?)/?$', 'index.php?page=register&action=validate&id=$1&code=$2');
                    $rewrite->addRule('^' . osc_get_preference('rewrite_user_activate_alert') . '/([a-zA-Z0-9]+)/(.+)$', 'index.php?page=user&action=activate_alert&email=$2&secret=$1');
                    $rewrite->addRule('^' . osc_get_preference('rewrite_user_profile') . '/?$', 'index.php?page=user&action=profile');
                    $rewrite->addRule('^' . osc_get_preference('rewrite_user_profile') . '/([0-9]+)/?$', 'index.php?page=user&action=pub_profile&id=$1');
                    $rewrite->addRule('^' . osc_get_preference('rewrite_user_items') . '/?$', 'index.php?page=user&action=items');
                    $rewrite->addRule('^' . osc_get_preference('rewrite_user_alerts') . '/?$', 'index.php?page=user&action=alerts');
                    $rewrite->addRule('^' . osc_get_preference('rewrite_user_recover') . '/?$', 'index.php?page=login&action=recover');
                    $rewrite->addRule('^' . osc_get_preference('rewrite_user_forgot') . '/([0-9]+)/(.*)/?$', 'index.php?page=login&action=forgot&userId=$1&code=$2');
                    $rewrite->addRule('^' . osc_get_preference('rewrite_user_change_password') . '/?$', 'index.php?page=user&action=change_password');
                    $rewrite->addRule('^' . osc_get_preference('rewrite_user_change_email') . '/?$', 'index.php?page=user&action=change_email');
                    $rewrite->addRule('^' . osc_get_preference('rewrite_user_change_email_confirm') . '/([0-9]+)/(.*?)/?$', 'index.php?page=user&action=change_email_confirm&userId=$1&code=$2');
                    // Page rules
                    $pos_pID = stripos($page_url, '{PAGE_ID}');
                    $pos_pSlug = stripos($page_url, '{PAGE_SLUG}');
                    $pID_pos = 1;
                    $pSlug_pos = 1;
                    if (is_numeric($pos_pID) && is_numeric($pos_pSlug)) {
                        // set the order of the parameters
                        if ($pos_pID > $pos_pSlug) {
                            $pID_pos++;
                        } else {
                            $pSlug_pos++;
                        }
                        $rewrite->addRule('^' . str_replace('{PAGE_SLUG}', '([\\p{L}\\p{N}_\\-,]+)', str_replace('{PAGE_ID}', '([0-9]+)', $page_url)) . '/?$', 'index.php?page=page&id=$' . $pID_pos . "&slug=\$" . $pSlug_pos);
                        $rewrite->addRule('^([a-z]{2})_([A-Z]{2})/' . str_replace('{PAGE_SLUG}', '([\\p{L}\\p{N}_\\-,]+)', str_replace('{PAGE_ID}', '([0-9]+)', $page_url)) . '/?$', 'index.php?page=page&lang=$1_$2&id=$' . ($pID_pos + 2) . '&slug=$' . ($pSlug_pos + 2));
                    } else {
                        if (is_numeric($pos_pID)) {
                            $rewrite->addRule('^' . str_replace('{PAGE_ID}', '([0-9]+)', $page_url) . '/?$', 'index.php?page=page&id=$1');
                            $rewrite->addRule('^([a-z]{2})_([A-Z]{2})/' . str_replace('{PAGE_ID}', '([0-9]+)', $page_url) . '/?$', 'index.php?page=page&lang=$1_$2&id=$3');
                        } else {
                            $rewrite->addRule('^' . str_replace('{PAGE_SLUG}', '([\\p{L}\\p{N}_\\-,]+)', $page_url) . '/?$', 'index.php?page=page&slug=$1');
                            $rewrite->addRule('^([a-z]{2})_([A-Z]{2})/' . str_replace('{PAGE_SLUG}', '([\\p{L}\\p{N}_\\-,]+)', $page_url) . '/?$', 'index.php?page=page&lang=$1_$2&slug=$3');
                        }
                    }
                    // Clean archive files
                    $rewrite->addRule('^(.+?)\\.php(.*)$', '$1.php$2');
                    // Category rules
                    $id_pos = stripos($item_url, '{CATEGORY_ID}');
                    $title_pos = stripos($item_url, '{CATEGORY_SLUG}');
                    $cat_pos = stripos($item_url, '{CATEGORIES');
                    $param_pos = 1;
                    if ($title_pos !== false && $id_pos > $title_pos) {
                        $param_pos++;
                    }
                    if ($cat_pos !== false && $id_pos > $cat_pos) {
                        $param_pos++;
                    }
                    $rewrite->addRule('^' . str_replace('{CATEGORIES}', '(.+)', str_replace('{CATEGORY_SLUG}', '([^/]+)', str_replace('{CATEGORY_ID}', '([0-9]+)', $cat_url))) . '$', 'index.php?page=search&sCategory=$' . $param_pos);
                    osc_run_hook("after_rewrite_rules", array(&$rewrite));
                    //Write rule to DB
                    $rewrite->setRules();
                    $msg_error = '<br/>' . _m('All fields are required.') . " " . sprintf(_mn('One field was not updated', '%s fields were not updated', $errors), $errors);
                    switch ($status) {
                        case 1:
                            $msg = _m("Permalinks structure updated");
                            if ($errors > 0) {
                                $msg .= $msg_error;
                                osc_add_flash_warning_message($msg, 'admin');
                            } else {
                                osc_add_flash_ok_message($msg, 'admin');
                            }
                            break;
                        case 2:
                            $msg = _m("Permalinks structure updated.");
                            $msg .= " ";
                            $msg .= _m("However, we can't check if Apache module <b>mod_rewrite</b> is loaded. If you experience some problems with the URLs, you should deactivate <em>Friendly URLs</em>");
                            if ($errors > 0) {
                                $msg .= $msg_error;
                            }
                            osc_add_flash_warning_message($msg, 'admin');
                            break;
                        case 3:
                            $msg = _m("File <b>.htaccess</b> couldn't be filled out with the right content.");
                            $msg .= " ";
                            $msg .= _m("Here's the content you have to add to the <b>.htaccess</b> file. If you can't create the file, please deactivate the <em>Friendly URLs</em> option.");
                            $msg .= "</p><pre>" . htmlentities($htaccess, ENT_COMPAT, "UTF-8") . '</pre><p>';
                            if ($errors > 0) {
                                $msg .= $msg_error;
                            }
                            osc_add_flash_error_message($msg, 'admin');
                            break;
                        case 4:
                            $msg = _m("File <b>.htaccess</b> couldn't be filled out with the right content.");
                            $msg .= " ";
                            $msg .= _m("Here's the content you have to add to the <b>.htaccess</b> file. If you can't create the file or experience some problems with the URLs, please deactivate the <em>Friendly URLs</em> option.");
                            $msg .= "</p><pre>" . htmlentities($htaccess, ENT_COMPAT, "UTF-8") . '</pre><p>';
                            if ($errors > 0) {
                                $msg .= $msg_error;
                            }
                            osc_add_flash_error_message($msg, 'admin');
                            break;
                    }
                } else {
                    Preference::newInstance()->update(array('s_value' => '0'), array('s_name' => 'rewriteEnabled'));
                    Preference::newInstance()->update(array('s_value' => '0'), array('s_name' => 'mod_rewrite_loaded'));
                    osc_add_flash_ok_message(_m('Friendly URLs successfully deactivated'), 'admin');
                }
                $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=permalinks');
                break;
            case 'spamNbots':
                // calling the spam and bots view
                $akismet_key = osc_akismet_key();
                $akismet_status = 3;
                if ($akismet_key != '') {
                    require_once osc_lib_path() . 'Akismet.class.php';
                    $akismet_obj = new Akismet(osc_base_url(), $akismet_key);
                    $akismet_status = 2;
                    if ($akismet_obj->isKeyValid()) {
                        $akismet_status = 1;
                    }
                }
                View::newInstance()->_exportVariableToView('akismet_status', $akismet_status);
                $this->doView('settings/spamNbots.php');
                break;
            case 'akismet_post':
                // updating spam and bots option
                $updated = 0;
                $akismetKey = Params::getParam('akismetKey');
                $akismetKey = trim($akismetKey);
                $updated = Preference::newInstance()->update(array('s_value' => $akismetKey), array('s_name' => 'akismetKey'));
                if ($akismetKey == '') {
                    osc_add_flash_info_message(_m('Your Akismet key has been cleared'), 'admin');
                } else {
                    osc_add_flash_ok_message(_m('Your Akismet key has been updated'), 'admin');
                }
                $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=spamNbots');
                break;
            case 'recaptcha_post':
                // updating spam and bots option
                $iUpdated = 0;
                $recaptchaPrivKey = Params::getParam('recaptchaPrivKey');
                $recaptchaPrivKey = trim($recaptchaPrivKey);
                $recaptchaPubKey = Params::getParam('recaptchaPubKey');
                $recaptchaPubKey = trim($recaptchaPubKey);
                $iUpdated += Preference::newInstance()->update(array('s_value' => $recaptchaPrivKey), array('s_name' => 'recaptchaPrivKey'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $recaptchaPubKey), array('s_name' => 'recaptchaPubKey'));
                if ($recaptchaPubKey == '') {
                    osc_add_flash_info_message(_m('Your reCAPTCHA key has been cleared'), 'admin');
                } else {
                    osc_add_flash_ok_message(_m('Your reCAPTCHA key has been updated'), 'admin');
                }
                $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=spamNbots');
                break;
            case 'currencies':
                // currencies settings
                $currencies_action = Params::getParam('type');
                switch ($currencies_action) {
                    case 'add':
                        // calling add currency view
                        $aCurrency = array('pk_c_code' => '', 's_name' => '', 's_description' => '');
                        $this->_exportVariableToView('aCurrency', $aCurrency);
                        $this->_exportVariableToView('typeForm', 'add_post');
                        $this->doView('settings/currency_form.php');
                        break;
                    case 'add_post':
                        // adding a new currency
                        $currencyCode = Params::getParam('pk_c_code');
                        $currencyName = Params::getParam('s_name');
                        $currencyDescription = Params::getParam('s_description');
                        // cleaning parameters
                        $currencyName = strip_tags($currencyName);
                        $currencyDescription = strip_tags($currencyDescription);
                        $currencyCode = strip_tags($currencyCode);
                        $currencyCode = trim($currencyCode);
                        if (!preg_match('/^.{1,3}$/', $currencyCode)) {
                            osc_add_flash_error_message(_m('The currency code is not in the correct format'), 'admin');
                            $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies');
                        }
                        $fields = array('pk_c_code' => $currencyCode, 's_name' => $currencyName, 's_description' => $currencyDescription);
                        $isInserted = Currency::newInstance()->insert($fields);
                        if ($isInserted) {
                            osc_add_flash_ok_message(_m('Currency added'), 'admin');
                        } else {
                            osc_add_flash_error_message(_m("Currency couldn't be added"), 'admin');
                        }
                        $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies');
                        break;
                    case 'edit':
                        // calling edit currency view
                        $currencyCode = Params::getParam('code');
                        $currencyCode = strip_tags($currencyCode);
                        $currencyCode = trim($currencyCode);
                        if ($currencyCode == '') {
                            osc_add_flash_warning_message(sprintf(_m("The currency code '%s' doesn't exist"), $currencyCode), 'admin');
                            $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies');
                        }
                        $aCurrency = Currency::newInstance()->findByPrimaryKey($currencyCode);
                        if (!$aCurrency) {
                            osc_add_flash_warning_message(sprintf(_m("The currency code '%s' doesn't exist"), $currencyCode), 'admin');
                            $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies');
                        }
                        $this->_exportVariableToView('aCurrency', $aCurrency);
                        $this->_exportVariableToView('typeForm', 'edit_post');
                        $this->doView('settings/currency_form.php');
                        break;
                    case 'edit_post':
                        // updating currency
                        $currencyName = Params::getParam('s_name');
                        $currencyDescription = Params::getParam('s_description');
                        $currencyCode = Params::getParam('pk_c_code');
                        // cleaning parameters
                        $currencyName = strip_tags($currencyName);
                        $currencyDescription = strip_tags($currencyDescription);
                        $currencyCode = strip_tags($currencyCode);
                        $currencyCode = trim($currencyCode);
                        if (!preg_match('/.{1,3}/', $currencyCode)) {
                            osc_add_flash_error_message(_m('Error: the currency code is not in the correct format'), 'admin');
                            $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies');
                        }
                        $updated = Currency::newInstance()->update(array('s_name' => $currencyName, 's_description' => $currencyDescription), array('pk_c_code' => $currencyCode));
                        if ($updated == 1) {
                            osc_add_flash_ok_message(_m('Currency updated'), 'admin');
                        } else {
                            osc_add_flash_info_message(_m('No changes were made'), 'admin');
                        }
                        $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies');
                        break;
                    case 'delete':
                        // deleting a currency
                        $rowChanged = 0;
                        $aCurrencyCode = Params::getParam('code');
                        if (!is_array($aCurrencyCode)) {
                            $aCurrencyCode = array($aCurrencyCode);
                        }
                        $msg_current = '';
                        foreach ($aCurrencyCode as $currencyCode) {
                            if (preg_match('/.{1,3}/', $currencyCode) && $currencyCode != osc_currency()) {
                                $rowChanged += Currency::newInstance()->delete(array('pk_c_code' => $currencyCode));
                            }
                            // foreign key error
                            if (Currency::newInstance()->getErrorLevel() == '1451') {
                                $msg_current .= sprintf('</p><p>' . _m("%s couldn't be deleted because it has listings associated to it"), $currencyCode);
                            } else {
                                if ($currencyCode == osc_currency()) {
                                    $msg_current .= sprintf('</p><p>' . _m("%s couldn't be deleted because it's the default currency"), $currencyCode);
                                }
                            }
                        }
                        $msg = '';
                        $status = '';
                        switch ($rowChanged) {
                            case '0':
                                $msg = _m('No currencies have been deleted');
                                $status = 'error';
                                break;
                            case '1':
                                $msg = _m('One currency has been deleted');
                                $status = 'ok';
                                break;
                            default:
                                $msg = sprintf(_m('%s currencies have been deleted'), $rowChanged);
                                $status = 'ok';
                                break;
                        }
                        if ($status == 'ok' && $msg_current != '') {
                            $status = 'warning';
                        }
                        switch ($status) {
                            case 'error':
                                osc_add_flash_error_message($msg . $msg_current, 'admin');
                                break;
                            case 'warning':
                                osc_add_flash_warning_message($msg . $msg_current, 'admin');
                                break;
                            case 'ok':
                                osc_add_flash_ok_message($msg, 'admin');
                                break;
                        }
                        $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies');
                        break;
                    default:
                        // calling the currencies view
                        $aCurrencies = Currency::newInstance()->listAll();
                        $this->_exportVariableToView('aCurrencies', $aCurrencies);
                        $this->doView('settings/currencies.php');
                        break;
                }
                break;
            case 'mailserver':
                // calling the mailserver view
                $this->doView('settings/mailserver.php');
                break;
            case 'mailserver_post':
                if (defined('DEMO')) {
                    osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin');
                    $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=mailserver');
                }
                // updating mailserver
                $iUpdated = 0;
                $mailserverAuth = Params::getParam('mailserver_auth');
                $mailserverAuth = $mailserverAuth != '' ? true : false;
                $mailserverPop = Params::getParam('mailserver_pop');
                $mailserverPop = $mailserverPop != '' ? true : false;
                $mailserverType = Params::getParam('mailserver_type');
                $mailserverHost = Params::getParam('mailserver_host');
                $mailserverPort = Params::getParam('mailserver_port');
                $mailserverUsername = Params::getParam('mailserver_username');
                $mailserverPassword = Params::getParam('mailserver_password');
                $mailserverSsl = Params::getParam('mailserver_ssl');
                if (!in_array($mailserverType, array('custom', 'gmail'))) {
                    osc_add_flash_error_message(_m('Mail server type is incorrect'), 'admin');
                    $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=mailserver');
                }
                $iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverAuth), array('s_name' => 'mailserver_auth'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverPop), array('s_name' => 'mailserver_pop'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverType), array('s_name' => 'mailserver_type'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverHost), array('s_name' => 'mailserver_host'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverPort), array('s_name' => 'mailserver_port'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverUsername), array('s_name' => 'mailserver_username'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverPassword), array('s_name' => 'mailserver_password'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverSsl), array('s_name' => 'mailserver_ssl'));
                if ($iUpdated > 0) {
                    osc_add_flash_ok_message(_m('Mail server configuration has changed'), 'admin');
                }
                $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=mailserver');
                break;
            case 'media':
                // calling the media view
                $max_upload = (int) ini_get('upload_max_filesize');
                $max_post = (int) ini_get('post_max_size');
                $memory_limit = (int) ini_get('memory_limit');
                $upload_mb = min($max_upload, $max_post, $memory_limit) * 1024;
                $this->_exportVariableToView('max_size_upload', $upload_mb);
                $this->doView('settings/media.php');
                break;
            case 'media_post':
                // updating the media config
                $status = 'ok';
                $error = '';
                $iUpdated = 0;
                $maxSizeKb = Params::getParam('maxSizeKb');
                $allowedExt = Params::getParam('allowedExt');
                $dimThumbnail = Params::getParam('dimThumbnail');
                $dimPreview = Params::getParam('dimPreview');
                $dimNormal = Params::getParam('dimNormal');
                $keepOriginalImage = Params::getParam('keep_original_image');
                $use_imagick = Params::getParam('use_imagick');
                $type_watermark = Params::getParam('watermark_type');
                $watermark_color = Params::getParam('watermark_text_color');
                $watermark_text = Params::getParam('watermark_text');
                switch ($type_watermark) {
                    case 'none':
                        $iUpdated += Preference::newInstance()->update(array('s_value' => ''), array('s_name' => 'watermark_text_color'));
                        $iUpdated += Preference::newInstance()->update(array('s_value' => ''), array('s_name' => 'watermark_text'));
                        $iUpdated += Preference::newInstance()->update(array('s_value' => ''), array('s_name' => 'watermark_image'));
                        break;
                    case 'text':
                        $iUpdated += Preference::newInstance()->update(array('s_value' => $watermark_color), array('s_name' => 'watermark_text_color'));
                        $iUpdated += Preference::newInstance()->update(array('s_value' => $watermark_text), array('s_name' => 'watermark_text'));
                        $iUpdated += Preference::newInstance()->update(array('s_value' => ''), array('s_name' => 'watermark_image'));
                        $iUpdated += Preference::newInstance()->update(array('s_value' => Params::getParam('watermark_text_place')), array('s_name' => 'watermark_place'));
                        break;
                    case 'image':
                        // upload image & move to path
                        if ($_FILES['watermark_image']['error'] == UPLOAD_ERR_OK) {
                            if ($_FILES['watermark_image']['type'] == 'image/png') {
                                $tmpName = $_FILES['watermark_image']['tmp_name'];
                                $path = osc_content_path() . 'uploads/watermark.png';
                                if (move_uploaded_file($tmpName, $path)) {
                                    $iUpdated += Preference::newInstance()->update(array('s_value' => $path), array('s_name' => 'watermark_image'));
                                } else {
                                    $error .= _m('There was a problem uploading the watermark image') . "<br />";
                                }
                            } else {
                                $error .= _m('The watermark image has to be a .PNG file') . "<br />";
                            }
                        } else {
                            $error .= _m('There was a problem uploading the watermark image') . "<br />";
                        }
                        $iUpdated += Preference::newInstance()->update(array('s_value' => ''), array('s_name' => 'watermark_text_color'));
                        $iUpdated += Preference::newInstance()->update(array('s_value' => ''), array('s_name' => 'watermark_text'));
                        $iUpdated += Preference::newInstance()->update(array('s_value' => Params::getParam('watermark_image_place')), array('s_name' => 'watermark_place'));
                        break;
                    default:
                        break;
                }
                // format parameters
                $maxSizeKb = strip_tags($maxSizeKb);
                $allowedExt = strip_tags($allowedExt);
                $dimThumbnail = strip_tags($dimThumbnail);
                $dimPreview = strip_tags($dimPreview);
                $dimNormal = strip_tags($dimNormal);
                $keepOriginalImage = $keepOriginalImage != '' ? true : false;
                $use_imagick = $use_imagick != '' ? true : false;
                // is imagick extension loaded?
                if (!@extension_loaded('imagick')) {
                    $use_imagick = false;
                }
                // max size allowed by PHP configuration?
                $max_upload = (int) ini_get('upload_max_filesize');
                $max_post = (int) ini_get('post_max_size');
                $memory_limit = (int) ini_get('memory_limit');
                $upload_mb = min($max_upload, $max_post, $memory_limit) * 1024;
                // set maxSizeKB equals to PHP configuration if it's bigger
                if ($maxSizeKb > $upload_mb) {
                    $status = 'warning';
                    $maxSizeKb = $upload_mb;
                    // flash message text warning
                    $error .= sprintf(_m("You cannot set a maximum file size higher than the one allowed in the PHP configuration: <b>%d KB</b>"), $upload_mb);
                }
                $iUpdated += Preference::newInstance()->update(array('s_value' => $maxSizeKb), array('s_name' => 'maxSizeKb'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $allowedExt), array('s_name' => 'allowedExt'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $dimThumbnail), array('s_name' => 'dimThumbnail'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $dimPreview), array('s_name' => 'dimPreview'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $dimNormal), array('s_name' => 'dimNormal'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $keepOriginalImage), array('s_name' => 'keep_original_image'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $use_imagick), array('s_name' => 'use_imagick'));
                if ($error != '') {
                    switch ($status) {
                        case 'error':
                            osc_add_flash_error_message($error, 'admin');
                            break;
                        case 'warning':
                            osc_add_flash_warning_message($error, 'admin');
                            break;
                        default:
                            osc_add_flash_ok_message($error, 'admin');
                            break;
                    }
                } else {
                    osc_add_flash_ok_message(_m('Media config has been updated'), 'admin');
                }
                $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=media');
                break;
            case 'images_post':
                if (defined('DEMO')) {
                    osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin');
                    $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=media');
                }
                $wat = new Watermark();
                $aResources = ItemResource::newInstance()->getAllResources();
                foreach ($aResources as $resource) {
                    osc_run_hook('regenerate_image', $resource);
                    $path = osc_content_path() . 'uploads/';
                    // comprobar que no haya original
                    $img_original = $path . $resource['pk_i_id'] . "_original*";
                    $aImages = glob($img_original);
                    // there is original image
                    if (count($aImages) == 1) {
                        $image_tmp = $aImages[0];
                    } else {
                        $img_normal = $path . $resource['pk_i_id'] . ".*";
                        $aImages = glob($img_normal);
                        if (count($aImages) == 1) {
                            $image_tmp = $aImages[0];
                        } else {
                            $img_thumbnail = $path . $resource['pk_i_id'] . "_thumbnail*";
                            $aImages = glob($img_thumbnail);
                            $image_tmp = $aImages[0];
                        }
                    }
                    // extension
                    preg_match('/\\.(.*)$/', $image_tmp, $matches);
                    if (isset($matches[1])) {
                        $extension = $matches[1];
                        // Create normal size
                        $path_normal = $path = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . '.jpg';
                        $size = explode('x', osc_normal_dimensions());
                        ImageResizer::fromFile($image_tmp)->resizeTo($size[0], $size[1])->saveToFile($path);
                        if (osc_is_watermark_text()) {
                            $wat->doWatermarkText($path, osc_watermark_text_color(), osc_watermark_text(), 'image/jpeg');
                        } elseif (osc_is_watermark_image()) {
                            $wat->doWatermarkImage($path, 'image/jpeg');
                        }
                        // Create preview
                        $path = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . '_preview.jpg';
                        $size = explode('x', osc_preview_dimensions());
                        ImageResizer::fromFile($path_normal)->resizeTo($size[0], $size[1])->saveToFile($path);
                        // Create thumbnail
                        $path = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . '_thumbnail.jpg';
                        $size = explode('x', osc_thumbnail_dimensions());
                        ImageResizer::fromFile($path_normal)->resizeTo($size[0], $size[1])->saveToFile($path);
                        // update resource info
                        ItemResource::newInstance()->update(array('s_path' => 'oc-content/uploads/', 's_name' => osc_genRandomPassword(), 's_extension' => 'jpg', 's_content_type' => 'image/jpeg'), array('pk_i_id' => $resource['pk_i_id']));
                        osc_run_hook('regenerated_image', ItemResource::newInstance()->findByPrimaryKey($resource['pk_i_id']));
                        // si extension es direfente a jpg, eliminar las imagenes con $extension si hay
                        if ($extension != 'jpg') {
                            @unlink(osc_content_path() . 'uploads/' . $resource['pk_i_id'] . "." . $extension);
                            @unlink(osc_content_path() . 'uploads/' . $resource['pk_i_id'] . "_original." . $extension);
                            @unlink(osc_content_path() . 'uploads/' . $resource['pk_i_id'] . "_preview." . $extension);
                            @unlink(osc_content_path() . 'uploads/' . $resource['pk_i_id'] . "_thumbnail." . $extension);
                        }
                        // ....
                    } else {
                        // no es imagen o imagen sin extesión
                    }
                }
                osc_add_flash_ok_message(_m('Re-generation complete'), 'admin');
                $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=media');
                break;
            case 'update':
                // update index view
                $iUpdated = 0;
                $sPageTitle = Params::getParam('pageTitle');
                $sPageDesc = Params::getParam('pageDesc');
                $sContactEmail = Params::getParam('contactEmail');
                $sLanguage = Params::getParam('language');
                $sDateFormat = Params::getParam('dateFormat');
                $sCurrency = Params::getParam('currency');
                $sWeekStart = Params::getParam('weekStart');
                $sTimeFormat = Params::getParam('timeFormat');
                $sTimezone = Params::getParam('timezone');
                $sNumRssItems = Params::getParam('num_rss_items');
                $maxLatestItems = Params::getParam('max_latest_items_at_home');
                $numItemsSearch = Params::getParam('default_results_per_page');
                $contactAttachment = Params::getParam('enabled_attachment');
                $selectableParent = Params::getParam('selectable_parent_categories');
                $bAutoCron = Params::getParam('auto_cron');
                $bMarketSources = Params::getParam('market_external_sources') == 1 ? 1 : 0;
                // preparing parameters
                $sPageTitle = strip_tags($sPageTitle);
                $sPageDesc = strip_tags($sPageDesc);
                $sContactEmail = strip_tags($sContactEmail);
                $sLanguage = strip_tags($sLanguage);
                $sDateFormat = strip_tags($sDateFormat);
                $sCurrency = strip_tags($sCurrency);
                $sWeekStart = strip_tags($sWeekStart);
                $sTimeFormat = strip_tags($sTimeFormat);
                $sNumRssItems = (int) strip_tags($sNumRssItems);
                $maxLatestItems = (int) strip_tags($maxLatestItems);
                $numItemsSearch = (int) $numItemsSearch;
                $contactAttachment = $contactAttachment != '' ? true : false;
                $bAutoCron = $bAutoCron != '' ? true : false;
                $error = "";
                $msg = '';
                if (!osc_validate_text($sPageTitle)) {
                    $msg .= _m("Page title field is required") . "<br/>";
                }
                if (!osc_validate_text($sContactEmail)) {
                    $msg .= _m("Contact email field is required") . "<br/>";
                }
                if (!osc_validate_int($sNumRssItems)) {
                    $msg .= _m("Number of listings in the RSS has to be a numeric value") . "<br/>";
                }
                if (!osc_validate_int($maxLatestItems)) {
                    $msg .= _m("Max latest listings has to be a numeric value") . "<br/>";
                }
                if (!osc_validate_int($numItemsSearch)) {
                    $msg .= _m("Number of listings on search has to be a numeric value") . "<br/>";
                }
                if ($msg != '') {
                    osc_add_flash_error_message($msg, 'admin');
                    $this->redirectTo(osc_admin_base_url(true) . '?page=settings');
                }
                $iUpdated += Preference::newInstance()->update(array('s_value' => $sPageTitle), array('s_section' => 'osclass', 's_name' => 'pageTitle'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $sPageDesc), array('s_section' => 'osclass', 's_name' => 'pageDesc'));
                if (!defined('DEMO')) {
                    $iUpdated += Preference::newInstance()->update(array('s_value' => $sContactEmail), array('s_section' => 'osclass', 's_name' => 'contactEmail'));
                }
                $iUpdated += Preference::newInstance()->update(array('s_value' => $sLanguage), array('s_section' => 'osclass', 's_name' => 'language'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $sDateFormat), array('s_section' => 'osclass', 's_name' => 'dateFormat'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $sCurrency), array('s_section' => 'osclass', 's_name' => 'currency'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $sWeekStart), array('s_section' => 'osclass', 's_name' => 'weekStart'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $sTimeFormat), array('s_section' => 'osclass', 's_name' => 'timeFormat'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $sTimezone), array('s_section' => 'osclass', 's_name' => 'timezone'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $bMarketSources), array('s_section' => 'osclass', 's_name' => 'marketAllowExternalSources'));
                if (is_int($sNumRssItems)) {
                    $iUpdated += Preference::newInstance()->update(array('s_value' => $sNumRssItems), array('s_section' => 'osclass', 's_name' => 'num_rss_items'));
                } else {
                    if ($error != '') {
                        $error .= "</p><p>";
                    }
                    $error .= _m('Number of listings in the RSS must be an integer');
                }
                if (is_int($maxLatestItems)) {
                    $iUpdated += Preference::newInstance()->update(array('s_value' => $maxLatestItems), array('s_section' => 'osclass', 's_name' => 'maxLatestItems@home'));
                } else {
                    if ($error != '') {
                        $error .= "</p><p>";
                    }
                    $error .= _m('Number of recent listings displayed at home must be an integer');
                }
                $iUpdated += Preference::newInstance()->update(array('s_value' => $numItemsSearch), array('s_section' => 'osclass', 's_name' => 'defaultResultsPerPage@search'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $contactAttachment), array('s_name' => 'contact_attachment'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $bAutoCron), array('s_name' => 'auto_cron'));
                $iUpdated += Preference::newInstance()->update(array('s_value' => $selectableParent), array('s_name' => 'selectable_parent_categories'));
                if ($iUpdated > 0) {
                    if ($error != '') {
                        osc_add_flash_error_message($error . "</p><p>" . _m('General settings have been updated'), 'admin');
                    } else {
                        osc_add_flash_ok_message(_m('General settings have been updated'), 'admin');
                    }
                } else {
                    if ($error != '') {
                        osc_add_flash_error_message($error, 'admin');
                    }
                }
                $this->redirectTo(osc_admin_base_url(true) . '?page=settings');
                break;
            case 'check_updates':
                osc_admin_toolbar_update_themes(true);
                osc_admin_toolbar_update_plugins(true);
                osc_add_flash_ok_message(_m('Last check') . ':   ' . date("Y-m-d H:i"), 'admin');
                $this->redirectTo(osc_admin_base_url(true) . '?page=settings');
                break;
            case 'latestsearches':
                //calling the comments settings view
                $this->doView('settings/searches.php');
                break;
            case 'latestsearches_post':
                // updating comment
                if (Params::getParam('save_latest_searches') == 'on') {
                    Preference::newInstance()->update(array('s_value' => 1), array('s_name' => 'save_latest_searches'));
                } else {
                    Preference::newInstance()->update(array('s_value' => 0), array('s_name' => 'save_latest_searches'));
                }
                if (Params::getParam('customPurge') == '') {
                    osc_add_flash_error_message(_m('Custom number could not be left empty'), 'admin');
                    $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=latestsearches');
                } else {
                    Preference::newInstance()->update(array('s_value' => Params::getParam('customPurge')), array('s_name' => 'purge_latest_searches'));
                    osc_add_flash_ok_message(_m('Last search settings have been updated'), 'admin');
                    $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=latestsearches');
                }
                break;
            default:
                // calling the view
                $aLanguages = OSCLocale::newInstance()->listAllEnabled();
                $aCurrencies = Currency::newInstance()->listAll();
                $this->_exportVariableToView('aLanguages', $aLanguages);
                $this->_exportVariableToView('aCurrencies', $aCurrencies);
                $this->doView('settings/index.php');
                break;
        }
    }
示例#12
0
<?php

$adManage_plugin_data = Plugins::getInfo('advanced_ad_management/index.php');
if (Params::getParam('addExistingAds') == 1) {
    $conn = getConnection();
    $allItem = $conn->osc_dbFetchResults("SELECT DISTINCT * FROM %st_item_description", DB_TABLE_PREFIX);
    $dao_preference = new Preference();
    foreach ($allItem as $itemB) {
        $r_secret = '';
        $r_secret = osc_genRandomPassword();
        $conn->osc_dbExec("REPLACE INTO %st_item_adManage_limit (fk_i_item_id, r_secret, r_times) VALUES (%d, '%s', %d)", DB_TABLE_PREFIX, $itemB['fk_i_item_id'], $r_secret, 0);
    }
    $dao_preference->update(array("s_value" => '1'), array("s_section" => "plugin-item_adManage", "s_name" => "adManageed_installed"));
    unset($dao_preference);
    echo '<script>location.href="' . osc_admin_base_url(true) . '?page=plugins&action=renderplugin&file=advanced_ad_management/admin.php"</script>';
}
// end of the addExistingAds section
//Master setting for expired days.
//Jesse's Ad Expiration plugin.
$days = '';
if (Params::getParam('days') != '') {
    $days = Params::getParam('days');
} else {
    $conn = getConnection();
    $data = $conn->osc_dbFetchResult("SELECT * FROM %st_category", DB_TABLE_PREFIX);
    $days = $data['i_expiration_days'];
}
if (Params::getParam('option') == 'update') {
    if ($days > 999) {
        $days = 999;
    }
示例#13
0
文件: user.php 项目: acharei/OSClass
 function doModel()
 {
     switch ($this->action) {
         case 'dashboard':
             //dashboard...
             $max_items = Params::getParam('max_items') != '' ? Params::getParam('max_items') : 5;
             $aItems = Item::newInstance()->findByUserIDEnabled(Session::newInstance()->_get('userId'), 0, $max_items);
             //calling the view...
             $this->_exportVariableToView('items', $aItems);
             $this->_exportVariableToView('max_items', $max_items);
             $this->doView('user-dashboard.php');
             break;
         case 'profile':
             //profile...
             $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId'));
             $aCountries = Country::newInstance()->listAll();
             $aRegions = array();
             if ($user['fk_c_country_code'] != '') {
                 $aRegions = Region::newInstance()->findByCountry($user['fk_c_country_code']);
             } elseif (count($aCountries) > 0) {
                 $aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']);
             }
             $aCities = array();
             if ($user['fk_i_region_id'] != '') {
                 $aCities = City::newInstance()->findByRegion($user['fk_i_region_id']);
             } else {
                 if (count($aRegions) > 0) {
                     $aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']);
                 }
             }
             //calling the view...
             $this->_exportVariableToView('countries', $aCountries);
             $this->_exportVariableToView('regions', $aRegions);
             $this->_exportVariableToView('cities', $aCities);
             $this->_exportVariableToView('user', $user);
             $this->doView('user-profile.php');
             break;
         case 'profile_post':
             //profile post...
             $userId = Session::newInstance()->_get('userId');
             require_once LIB_PATH . 'osclass/UserActions.php';
             $userActions = new UserActions(false);
             $success = $userActions->edit($userId);
             osc_add_flash_ok_message(_m('Your profile has been updated successfully'));
             $this->redirectTo(osc_user_profile_url());
             break;
         case 'alerts':
             //alerts
             $aAlerts = Alerts::newInstance()->findByUser(Session::newInstance()->_get('userId'));
             $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId'));
             foreach ($aAlerts as $k => $a) {
                 $search = osc_unserialize(base64_decode($a['s_search']));
                 $search->limit(0, 3);
                 $aAlerts[$k]['items'] = $search->doSearch();
             }
             $this->_exportVariableToView('alerts', $aAlerts);
             View::newInstance()->_reset('alerts');
             $this->_exportVariableToView('user', $user);
             $this->doView('user-alerts.php');
             break;
         case 'change_email':
             //change email
             $this->doView('user-change_email.php');
             break;
         case 'change_email_post':
             //change email post
             if (!preg_match("/^[_a-z0-9-\\+]+(\\.[_a-z0-9-\\+]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$/", Params::getParam('new_email'))) {
                 osc_add_flash_error_message(_m('The specified e-mail is not valid'));
                 $this->redirectTo(osc_change_user_email_url());
             } else {
                 $user = User::newInstance()->findByEmail(Params::getParam('new_email'));
                 if (!isset($user['pk_i_id'])) {
                     $userEmailTmp = array();
                     $userEmailTmp['fk_i_user_id'] = Session::newInstance()->_get('userId');
                     $userEmailTmp['s_new_email'] = Params::getParam('new_email');
                     UserEmailTmp::newInstance()->insertOrUpdate($userEmailTmp);
                     $code = osc_genRandomPassword(30);
                     $date = date('Y-m-d H:i:s');
                     $userManager = new User();
                     $userManager->update(array('s_pass_code' => $code, 's_pass_date' => $date, 's_pass_ip' => $_SERVER['REMOTE_ADDR']), array('pk_i_id' => Session::newInstance()->_get('userId')));
                     $validation_url = osc_change_user_email_confirm_url(Session::newInstance()->_get('userId'), $code);
                     osc_run_hook('hook_email_new_email', Params::getParam('new_email'), $validation_url);
                     $this->redirectTo(osc_user_profile_url());
                 } else {
                     osc_add_flash_error_message(_m('The specified e-mail is already in use'));
                     $this->redirectTo(osc_change_user_email_url());
                 }
             }
             break;
         case 'change_password':
             //change password
             $this->doView('user-change_password.php');
             break;
         case 'change_password_post':
             //change password post
             $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId'));
             if (Params::getParam('password') == '' || Params::getParam('new_password') == '' || Params::getParam('new_password2') == '') {
                 osc_add_flash_warning_message(_m('Password cannot be blank'));
                 $this->redirectTo(osc_change_user_password_url());
             }
             if ($user['s_password'] != sha1(Params::getParam('password'))) {
                 osc_add_flash_error_message(_m('Current password doesn\'t match'));
                 $this->redirectTo(osc_change_user_password_url());
             }
             if (!Params::getParam('new_password')) {
                 osc_add_flash_error_message(_m('Passwords can\'t be empty'));
                 $this->redirectTo(osc_change_user_password_url());
             }
             if (Params::getParam('new_password') != Params::getParam('new_password2')) {
                 osc_add_flash_error_message(_m('Passwords don\'t match'));
                 $this->redirectTo(osc_change_user_password_url());
             }
             User::newInstance()->update(array('s_password' => sha1(Params::getParam('new_password'))), array('pk_i_id' => Session::newInstance()->_get('userId')));
             osc_add_flash_ok_message(_m('Password has been changed'));
             $this->redirectTo(osc_user_profile_url());
             break;
         case 'items':
             // view items user
             $itemsPerPage = Params::getParam('itemsPerPage') != '' ? Params::getParam('itemsPerPage') : 5;
             $page = Params::getParam('iPage') != '' ? Params::getParam('iPage') : 0;
             $total_items = Item::newInstance()->countByUserIDEnabled($_SESSION['userId']);
             $total_pages = ceil($total_items / $itemsPerPage);
             $items = Item::newInstance()->findByUserIDEnabled($_SESSION['userId'], $page * $itemsPerPage, $itemsPerPage);
             $this->_exportVariableToView('items', $items);
             $this->_exportVariableToView('list_total_pages', $total_pages);
             $this->_exportVariableToView('list_total_items', $total_items);
             $this->_exportVariableToView('items_per_page', $itemsPerPage);
             $this->_exportVariableToView('list_page', $page);
             $this->doView('user-items.php');
             break;
         case 'activate_alert':
             $email = Params::getParam('email');
             $secret = Params::getParam('secret');
             $result = 0;
             if ($email != '' && $secret != '') {
                 $result = Alerts::newInstance()->activate($email, $secret);
             }
             if ($result == 1) {
                 osc_add_flash_ok_message(_m('Alert activated'));
             } else {
                 osc_add_flash_error_message(_m('Ops! There was a problem trying to activate alert. Please contact the administrator'));
             }
             $this->redirectTo(osc_base_url(true));
             break;
         case 'unsub_alert':
             $email = Params::getParam('email');
             $secret = Params::getParam('secret');
             if ($email != '' && $secret != '') {
                 Alerts::newInstance()->delete(array('s_email' => $email, 's_secret' => $secret));
                 osc_add_flash_ok_message(_m('Unsubscribed correctly'));
             } else {
                 osc_add_flash_error_message(_m('Ops! There was a problem trying to unsubscribe you. Please contact the administrator'));
             }
             $this->redirectTo(osc_user_alerts_url());
             break;
         case 'deleteResource':
             $id = Params::getParam('id');
             $name = Params::getParam('name');
             $fkid = Params::getParam('fkid');
             osc_deleteResource($id);
             ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $fkid, 's_name' => $name));
             $this->redirectTo(osc_base_url(true) . "?page=item&action=item_edit&id=" . $fkid);
             break;
     }
 }
示例#14
0
文件: login.php 项目: acharei/OSClass
 function doModel()
 {
     switch ($this->action) {
         case 'login_post':
             //post execution for the login
             if (!osc_users_enabled()) {
                 osc_add_flash_error_message(_m('Users are not enabled'));
                 $this->redirectTo(osc_base_url());
             }
             require_once LIB_PATH . 'osclass/UserActions.php';
             $user = User::newInstance()->findByEmail(Params::getParam('email'));
             $url_redirect = osc_user_dashboard_url();
             $page_redirect = '';
             if (osc_rewrite_enabled()) {
                 if (isset($_SERVER['HTTP_REFERER'])) {
                     $request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $_SERVER['HTTP_REFERER']));
                     $tmp_ar = explode("?", $request_uri);
                     $request_uri = $tmp_ar[0];
                     $rules = Rewrite::newInstance()->listRules();
                     foreach ($rules as $match => $uri) {
                         if (preg_match('#' . $match . '#', $request_uri, $m)) {
                             $request_uri = preg_replace('#' . $match . '#', $uri, $request_uri);
                             if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) {
                                 $page_redirect = $match[2];
                             }
                             break;
                         }
                     }
                 }
             } else {
                 if (preg_match('|[\\?&]page=([^&]+)|', $_SERVER['HTTP_REFERER'] . '&', $match)) {
                     $page_redirect = $match[1];
                 }
             }
             if (Params::getParam('http_referer') != '') {
                 Session::newInstance()->_setReferer(Params::getParam('http_referer'));
                 $url_redirect = Params::getParam('http_referer');
             } else {
                 if (Session::newInstance()->_getReferer() != '') {
                     Session::newInstance()->_setReferer(Session::newInstance()->_getReferer());
                     $url_redirect = Session::newInstance()->_getReferer();
                 } else {
                     if ($page_redirect != '' && $page_redirect != 'login') {
                         Session::newInstance()->_setReferer($_SERVER['HTTP_REFERER']);
                         $url_redirect = $_SERVER['HTTP_REFERER'];
                     }
                 }
             }
             if (!$user) {
                 osc_add_flash_error_message(_m('The username doesn\'t exist'));
                 $this->redirectTo(osc_user_login_url());
             }
             if ($user["s_password"] != sha1(Params::getParam('password'))) {
                 osc_add_flash_error_message(_m('The password is incorrect'));
                 $this->redirectTo(osc_user_login_url());
             }
             $uActions = new UserActions(false);
             $logged = $uActions->bootstrap_login($user['pk_i_id']);
             if ($logged == 0) {
                 osc_add_flash_error_message(_m('The username doesn\'t exist'));
             } else {
                 if ($logged == 1) {
                     osc_add_flash_error_message(_m('The user has not been validated yet'));
                 } else {
                     if ($logged == 2) {
                         osc_add_flash_error_message(_m('The user has been suspended'));
                     } else {
                         if ($logged == 3) {
                             if (Params::getParam('remember') == 1) {
                                 //this include contains de osc_genRandomPassword function
                                 require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
                                 $secret = osc_genRandomPassword();
                                 User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id']));
                                 Cookie::newInstance()->set_expires(osc_time_cookie());
                                 Cookie::newInstance()->push('oc_userId', $user['pk_i_id']);
                                 Cookie::newInstance()->push('oc_userSecret', $secret);
                                 Cookie::newInstance()->set();
                             }
                             $this->redirectTo($url_redirect);
                         } else {
                             osc_add_flash_error_message(_m('This should never happens'));
                         }
                     }
                 }
             }
             if (!$user['b_enabled']) {
                 $this->redirectTo(osc_user_login_url());
             }
             $this->redirectTo(osc_user_login_url());
             break;
         case 'recover':
             //form to recover the password (in this case we have the form in /gui/)
             $this->doView('user-recover.php');
             break;
         case 'recover_post':
             //post execution to recover the password
             require_once LIB_PATH . 'osclass/UserActions.php';
             // e-mail is incorrect
             if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) {
                 osc_add_flash_error_message(_m('Invalid email address'));
                 $this->redirectTo(osc_recover_user_password_url());
             }
             $userActions = new UserActions(false);
             $success = $userActions->recover_password();
             switch ($success) {
                 case 0:
                     // recover ok
                     osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password'));
                     $this->redirectTo(osc_base_url());
                     break;
                 case 1:
                     // e-mail does not exist
                     osc_add_flash_error_message(_m('We were not able to identify you given the information provided'));
                     $this->redirectTo(osc_recover_user_password_url());
                     break;
                 case 2:
                     // recaptcha wrong
                     osc_add_flash_error_message(_m('The recaptcha code is wrong'));
                     $this->redirectTo(osc_recover_user_password_url());
                     break;
             }
             break;
         case 'forgot':
             //form to recover the password (in this case we have the form in /gui/)
             $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
             if ($user) {
                 $this->doView('user-forgot_password.php');
             } else {
                 osc_add_flash_error_message(_m('Sorry, the link is not valid'));
                 $this->redirectTo(osc_base_url());
             }
             break;
         case 'forgot_post':
             if (Params::getParam('new_password') == '' || Params::getParam('new_password2') == '') {
                 osc_add_flash_warning_message(_m('Password cannot be blank'));
                 $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
             }
             $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
             if ($user['b_enabled'] == 1) {
                 if (Params::getParam('new_password') == Params::getParam('new_password2')) {
                     User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => $_SERVER['REMOTE_ADDR'], 's_password' => sha1(Params::getParam('new_password'))), array('pk_i_id' => $user['pk_i_id']));
                     osc_add_flash_ok_message(_m('The password has been changed'));
                     $this->redirectTo(osc_user_login_url());
                 } else {
                     osc_add_flash_error_message(_m('Error, the password don\'t match'));
                     $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
                 }
             } else {
                 osc_add_flash_error_message(_m('Sorry, the link is not valid'));
             }
             $this->redirectTo(osc_base_url());
             break;
         default:
             //login
             if (osc_logged_user_id() != '') {
                 $this->redirectTo(osc_user_dashboard_url());
             }
             $this->doView('user-login.php');
     }
 }
示例#15
0
        public function uploadItemResources($aResources,$itemId)
        {
            if($aResources != '') {
                $itemResourceManager = ItemResource::newInstance();
                $folder = osc_uploads_path().(floor($itemId/100))."/";

                $numImagesItems = osc_max_images_per_item();
                $numImages = $itemResourceManager->countResources($itemId);
                foreach ($aResources['error'] as $key => $error) {
                    if($numImagesItems==0 || ($numImagesItems>0 && $numImages<$numImagesItems)) {
                        if ($error == UPLOAD_ERR_OK) {
                            $tmpName = $aResources['tmp_name'][$key];
                            $imgres = ImageResizer::fromFile($tmpName);
                            $extension = osc_apply_filter('upload_image_extension', $imgres->getExt());
                            $mime = osc_apply_filter('upload_image_mime', $imgres->getMime());

                            // Create normal size
                            $normal_path = $path = $tmpName."_normal";
                            $size = explode('x', osc_normal_dimensions());
                            $img = ImageResizer::fromFile($tmpName)->autoRotate()->resizeTo($size[0], $size[1]);
                            if( osc_is_watermark_text() ) {
                                $img->doWatermarkText(osc_watermark_text(), osc_watermark_text_color());
                            } else if ( osc_is_watermark_image() ){
                                $img->doWatermarkImage();
                            }
                            $img->saveToFile($path, $extension);

                            // Create preview
                            $path = $tmpName."_preview";
                            $size = explode('x', osc_preview_dimensions());
                            ImageResizer::fromFile($normal_path)->resizeTo($size[0], $size[1])->saveToFile($path, $extension);

                            // Create thumbnail
                            $path = $tmpName."_thumbnail";
                            $size = explode('x', osc_thumbnail_dimensions());
                            ImageResizer::fromFile($normal_path)->resizeTo($size[0], $size[1])->saveToFile($path, $extension);

                            $numImages++;

                            $itemResourceManager->insert(array(
                                'fk_i_item_id' => $itemId
                            ));
                            $resourceId = $itemResourceManager->dao->insertedId();

                            if(!is_dir($folder)) {
                                if (!@mkdir($folder, 0755, true)) {
                                    return 3; // PATH CAN NOT BE CREATED
                                }
                            }
                            osc_copy($tmpName.'_normal', $folder.$resourceId.'.'.$extension);
                            osc_copy($tmpName.'_preview', $folder.$resourceId.'_preview.'.$extension);
                            osc_copy($tmpName.'_thumbnail', $folder.$resourceId.'_thumbnail.'.$extension);
                            if( osc_keep_original_image() ) {
                                $path = $folder.$resourceId.'_original.'.$extension;
                                osc_copy($tmpName, $path);
                            }
                            @unlink($tmpName."_normal");
                            @unlink($tmpName."_preview");
                            @unlink($tmpName."_thumbnail");
                            @unlink($tmpName);

                            $s_path = str_replace(osc_base_path(), '', $folder);
                            $itemResourceManager->update(
                                array(
                                    's_path'          => $s_path
                                    ,'s_name'         => osc_genRandomPassword()
                                    ,'s_extension'    => $extension
                                    ,'s_content_type' => $mime
                                )
                                ,array(
                                    'pk_i_id'       => $resourceId
                                    ,'fk_i_item_id' => $itemId
                                )
                            );
                            osc_run_hook('uploaded_file', ItemResource::newInstance()->findByPrimaryKey($resourceId));
                        }
                    }
                }
                unset($itemResourceManager);
            }
            return 0; // NO PROBLEMS
        }
示例#16
0
function register_user($user)
{
    $manager = User::newInstance();
    $input['s_name'] = $user['name'];
    $input['s_email'] = $user['email'];
    $input['s_password'] = sha1(osc_genRandomPassword());
    $input['dt_reg_date'] = date('Y-m-d H:i:s');
    $input['s_secret'] = osc_genRandomPassword();
    $email_taken = $manager->findByEmail($input['s_email']);
    if ($email_taken == null) {
        $manager->insert($input);
        $userID = $manager->dao->insertedId();
        $result = $manager->dao->replace();
        osc_run_hook('user_register_completed', $userID);
        $userDB = $manager->findByPrimaryKey($userID);
        if (osc_notify_new_user()) {
            osc_run_hook('hook_email_admin_new_user', $userDB);
        }
        if (osc_version() >= 310) {
            $manager->update(array('b_active' => '1', 's_username' => $userID), array('pk_i_id' => $userID));
        } else {
            $manager->update(array('b_active' => '1'), array('pk_i_id' => $userID));
        }
        insert_facebook_user_data($userID, $user['id']);
        osc_run_hook('hook_email_user_registration', $userDB);
        osc_run_hook('validate_user', $userDB);
        osc_add_flash_ok_message(sprintf(__('Your account has been created successfully', 'facebook'), osc_page_title()));
    }
}
示例#17
0
 function prepareData($is_add)
 {
     $input = array();
     if ($is_add) {
         $input['s_secret'] = osc_genRandomPassword();
         $input['dt_reg_date'] = date('Y-m-d H:i:s');
     } else {
         $input['dt_mod_date'] = date('Y-m-d H:i:s');
     }
     //only for administration, in the public website this two params are edited separately
     if ($this->is_admin || $is_add) {
         $input['s_email'] = Params::getParam('s_email');
         if (Params::getParam('s_password', false, false) != Params::getParam('s_password2', false, false)) {
             return 1;
         }
         //if we want to change the password
         if (Params::getParam('s_password', false, false) != '') {
             $input['s_password'] = sha1(Params::getParam('s_password', false, false));
         }
     }
     $input['s_name'] = Params::getParam('s_name');
     $input['s_website'] = Params::getParam('s_website');
     $input['s_phone_land'] = Params::getParam('s_phone_land');
     $input['s_phone_mobile'] = Params::getParam('s_phone_mobile');
     //locations...
     $country = Country::newInstance()->findByCode(Params::getParam('countryId'));
     if (count($country) > 0) {
         $countryId = $country['pk_c_code'];
         $countryName = $country['s_name'];
     } else {
         $countryId = null;
         $countryName = null;
     }
     if (intval(Params::getParam('regionId'))) {
         $region = Region::newInstance()->findByPrimaryKey(Params::getParam('regionId'));
         if (count($region) > 0) {
             $regionId = $region['pk_i_id'];
             $regionName = $region['s_name'];
         }
     } else {
         $regionId = null;
         $regionName = Params::getParam('region');
     }
     if (intval(Params::getParam('cityId'))) {
         $city = City::newInstance()->findByPrimaryKey(Params::getParam('cityId'));
         if (count($city) > 0) {
             $cityId = $city['pk_i_id'];
             $cityName = $city['s_name'];
         }
     } else {
         $cityId = null;
         $cityName = Params::getParam('city');
     }
     $input['fk_c_country_code'] = $countryId;
     $input['s_country'] = $countryName;
     $input['fk_i_region_id'] = $regionId;
     $input['s_region'] = $regionName;
     $input['fk_i_city_id'] = $cityId;
     $input['s_city'] = $cityName;
     $input['s_city_area'] = Params::getParam('cityArea');
     $input['s_address'] = Params::getParam('address');
     $input['b_company'] = Params::getParam('b_company') != '' && Params::getParam('b_company') != 0 ? 1 : 0;
     return $input;
 }
示例#18
0
 function osc_random_string($length) {
     $buffer = '';
     $buffer_valid = false;
     if (function_exists('mcrypt_create_iv') && !defined('PHALANGER')) {
         $buffer = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
         if ($buffer) {
             $buffer_valid = true;
         }
     }
     if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) {
         $buffer = openssl_random_pseudo_bytes($length);
         if ($buffer) {
             $buffer_valid = true;
         }
     }
     if (!$buffer_valid && is_readable('/dev/urandom')) {
         $f = fopen('/dev/urandom', 'r');
         $read = strlen($buffer);
         while ($read < $length) {
             $buffer .= fread($f, $length - $read);
             $read = strlen($buffer);
         }
         fclose($f);
         if ($read >= $length) {
             $buffer_valid = true;
         }
     }
     if (!$buffer_valid || strlen($buffer) < $length) {
         $bl = strlen($buffer);
         for ($i = 0; $i < $length; $i++) {
             if ($i < $bl) {
                 $buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255));
             } else {
                 $buffer .= chr(mt_rand(0, 255));
             }
         }
     }
     if(!$buffer_valid) {
         $buffer = osc_genRandomPassword(2*$length);
     }
     return substr(str_replace('+', '.', base64_encode($buffer)), 0, $length);
 }
示例#19
0
文件: tools.php 项目: acharei/OSClass
 function doModel()
 {
     switch ($this->action) {
         case 'import':
             // calling import view
             $this->doView('tools/import.php');
             break;
         case 'import_post':
             if (defined('DEMO')) {
                 osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin');
                 $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=import');
             }
             // calling
             $sql = Params::getFiles('sql');
             if (isset($sql['size']) && $sql['size'] != 0) {
                 $content_file = file_get_contents($sql['tmp_name']);
                 $conn = DBConnectionClass::newInstance();
                 $c_db = $conn->getOsclassDb();
                 $comm = new DBCommandClass($c_db);
                 if ($comm->importSQL($content_file)) {
                     osc_add_flash_ok_message(_m('Import complete'), 'admin');
                 } else {
                     osc_add_flash_error_message(_m('There was a problem importing data to the database'), 'admin');
                 }
             } else {
                 osc_add_flash_error_message(_m('No file was uploaded'), 'admin');
             }
             $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=import');
             break;
         case 'images':
             // calling images view
             $this->doView('tools/images.php');
             break;
         case 'images_post':
             if (defined('DEMO')) {
                 osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin');
                 $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=images');
             }
             $preferences = Preference::newInstance()->toArray();
             $wat = new Watermark();
             $aResources = ItemResource::newInstance()->getAllResources();
             foreach ($aResources as $resource) {
                 osc_run_hook('regenerate_image', $resource);
                 $path = osc_content_path() . 'uploads/';
                 // comprobar que no haya original
                 $img_original = $path . $resource['pk_i_id'] . "_original*";
                 $aImages = glob($img_original);
                 // there is original image
                 if (count($aImages) == 1) {
                     $image_tmp = $aImages[0];
                 } else {
                     $img_normal = $path . $resource['pk_i_id'] . ".*";
                     $aImages = glob($img_normal);
                     if (count($aImages) == 1) {
                         $image_tmp = $aImages[0];
                     } else {
                         $img_thumbnail = $path . $resource['pk_i_id'] . "_thumbnail*";
                         $aImages = glob($img_thumbnail);
                         $image_tmp = $aImages[0];
                     }
                 }
                 // extension
                 preg_match('/\\.(.*)$/', $image_tmp, $matches);
                 if (isset($matches[1])) {
                     $extension = $matches[1];
                     // Create normal size
                     $path_normal = $path = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . '.jpg';
                     $size = explode('x', osc_normal_dimensions());
                     ImageResizer::fromFile($image_tmp)->resizeTo($size[0], $size[1])->saveToFile($path);
                     if (osc_is_watermark_text()) {
                         $wat->doWatermarkText($path, osc_watermark_text_color(), osc_watermark_text(), 'image/jpeg');
                     } elseif (osc_is_watermark_image()) {
                         $wat->doWatermarkImage($path, 'image/jpeg');
                     }
                     // Create preview
                     $path = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . '_preview.jpg';
                     $size = explode('x', osc_preview_dimensions());
                     ImageResizer::fromFile($path_normal)->resizeTo($size[0], $size[1])->saveToFile($path);
                     // Create thumbnail
                     $path = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . '_thumbnail.jpg';
                     $size = explode('x', osc_thumbnail_dimensions());
                     ImageResizer::fromFile($path_normal)->resizeTo($size[0], $size[1])->saveToFile($path);
                     // update resource info
                     ItemResource::newInstance()->update(array('s_path' => 'oc-content/uploads/', 's_name' => osc_genRandomPassword(), 's_extension' => 'jpg', 's_content_type' => 'image/jpeg'), array('pk_i_id' => $resource['pk_i_id']));
                     osc_run_hook('regenerated_image', ItemResource::newInstance()->findByPrimaryKey($resource['pk_i_id']));
                     // si extension es direfente a jpg, eliminar las imagenes con $extension si hay
                     if ($extension != 'jpg') {
                         $files_to_remove = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . "*" . $extension;
                         $fs = glob($files_to_remove);
                         if (is_array($fs)) {
                             array_map("unlink", $fs);
                         }
                     }
                     // ....
                 } else {
                     // no es imagen o imagen sin extesión
                 }
             }
             osc_add_flash_ok_message(_m('Re-generation complete'), 'admin');
             $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=images');
             break;
         case 'upgrade':
             $this->doView('tools/upgrade.php');
             break;
         case 'backup':
             $this->doView('tools/backup.php');
             break;
         case 'backup-sql':
             if (defined('DEMO')) {
                 osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin');
                 $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=backup');
             }
             //databasse dump...
             if (Params::getParam('bck_dir') != '') {
                 $path = trim(Params::getParam('bck_dir'));
                 if (substr($path, -1, 1) != "/") {
                     $path .= '/';
                 }
             } else {
                 $path = osc_base_path();
             }
             $filename = 'OSClass_mysqlbackup.' . date('YmdHis') . '.sql';
             switch (osc_dbdump($path, $filename)) {
                 case -1:
                     $msg = _m('Path is empty');
                     osc_add_flash_error_message($msg, 'admin');
                     break;
                 case -2:
                     $msg = sprintf(_m('Could not connect with the database. Error: %s'), mysql_error());
                     osc_add_flash_error_message($msg, 'admin');
                     break;
                 case -3:
                     $msg = sprintf(_m('Could not select the database. Error: %s'), mysql_error());
                     osc_add_flash_error_message($msg, 'admin');
                     break;
                 case -4:
                     $msg = _m('There are no tables to back up');
                     osc_add_flash_error_message($msg, 'admin');
                     break;
                 case -5:
                     $msg = _m('The folder is not writable');
                     osc_add_flash_error_message($msg, 'admin');
                     break;
                 default:
                     $msg = _m('Backup has been done properly');
                     osc_add_flash_ok_message($msg, 'admin');
                     break;
             }
             $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=backup');
             break;
         case 'backup-zip':
             if (defined('DEMO')) {
                 osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin');
                 $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=backup');
             }
             //zip of the code just to back it up
             if (Params::getParam('bck_dir') != '') {
                 $archive_name = trim(Params::getParam('bck_dir'));
                 if (substr(trim($archive_name), -1, 1) != "/") {
                     $archive_name .= '/';
                 }
                 $archive_name = Params::getParam('bck_dir') . '/OSClass_backup.' . date('YmdHis') . '.zip';
             } else {
                 $archive_name = osc_base_path() . "OSClass_backup." . date('YmdHis') . ".zip";
             }
             $archive_folder = osc_base_path();
             if (osc_zip_folder($archive_folder, $archive_name)) {
                 $msg = _m('Archiving successful!');
                 osc_add_flash_ok_message($msg, 'admin');
             } else {
                 $msg = _m('Error, the zip file was not created at the specified directory');
                 osc_add_flash_error_message($msg, 'admin');
             }
             $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=backup');
             break;
         case 'backup_post':
             $this->doView('tools/backup.php');
             break;
         case 'maintenance':
             if (defined('DEMO')) {
                 osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin');
                 $this->doView('tools/maintenance.php');
                 break;
             }
             $mode = Params::getParam('mode');
             if ($mode == 'on') {
                 $maintenance_file = ABS_PATH . '.maintenance';
                 $fileHandler = @fopen($maintenance_file, 'w');
                 if ($fileHandler) {
                     osc_add_flash_ok_message(_m('Maintenance mode is ON'), 'admin');
                 } else {
                     osc_add_flash_error_message(_m('There was an error creating .maintenance file, please create it manually at the root folder'), 'admin');
                 }
                 fclose($fileHandler);
                 $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=maintenance');
             } else {
                 if ($mode == 'off') {
                     $deleted = @unlink(ABS_PATH . '.maintenance');
                     if ($deleted) {
                         osc_add_flash_ok_message(_m('Maintenance mode is OFF'), 'admin');
                     } else {
                         osc_add_flash_error_message(_m('There was an error removing .maintenance file, please remove it manually from the root folder'), 'admin');
                     }
                     $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=maintenance');
                 }
             }
             $this->doView('tools/maintenance.php');
             break;
         default:
     }
 }
示例#20
0
 function doModel()
 {
     switch ($this->action) {
         case 'change_email_confirm':
             //change email confirm
             if (Params::getParam('userId') && Params::getParam('code')) {
                 $userManager = new User();
                 $user = $userManager->findByPrimaryKey(Params::getParam('userId'));
                 if ($user['s_pass_code'] == Params::getParam('code') && $user['b_enabled'] == 1) {
                     $userEmailTmp = UserEmailTmp::newInstance()->findByPrimaryKey(Params::getParam('userId'));
                     $code = osc_genRandomPassword(50);
                     $userManager->update(array('s_email' => $userEmailTmp['s_new_email']), array('pk_i_id' => $userEmailTmp['fk_i_user_id']));
                     Item::newInstance()->update(array('s_contact_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id']));
                     ItemComment::newInstance()->update(array('s_author_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id']));
                     Alerts::newInstance()->update(array('s_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id']));
                     Session::newInstance()->_set('userEmail', $userEmailTmp['s_new_email']);
                     UserEmailTmp::newInstance()->delete(array('s_new_email' => $userEmailTmp['s_new_email']));
                     osc_add_flash_ok_message(_m('Your email has been changed successfully'));
                     $this->redirectTo(osc_user_profile_url());
                 } else {
                     osc_add_flash_error_message(_m('Sorry, the link is not valid'));
                     $this->redirectTo(osc_base_url());
                 }
             } else {
                 osc_add_flash_error_message(_m('Sorry, the link is not valid'));
                 $this->redirectTo(osc_base_url());
             }
             break;
         case 'activate_alert':
             $email = Params::getParam('email');
             $secret = Params::getParam('secret');
             $id = Params::getParam('id');
             $alert = Alerts::newInstance()->findByPrimaryKey($id);
             $result = 0;
             if (!empty($alert)) {
                 if ($email == $alert['s_email'] && $secret == $alert['s_secret']) {
                     $user = User::newInstance()->findByEmail($alert['s_email']);
                     if (isset($user['pk_i_id'])) {
                         Alerts::newInstance()->update(array('fk_i_user_id' => $user['pk_i_id']), array('pk_i_id' => $id));
                     }
                     $result = Alerts::newInstance()->activate($id);
                 }
             }
             if ($result == 1) {
                 osc_add_flash_ok_message(_m('Alert activated'));
             } else {
                 osc_add_flash_error_message(_m('Oops! There was a problem trying to activate your alert. Please contact an administrator'));
             }
             $this->redirectTo(osc_base_url());
             break;
         case 'unsub_alert':
             $email = Params::getParam('email');
             $secret = Params::getParam('secret');
             $id = Params::getParam('id');
             $alert = Alerts::newInstance()->findByPrimaryKey($id);
             $result = 0;
             if (!empty($alert)) {
                 if ($email == $alert['s_email'] && $secret == $alert['s_secret']) {
                     $result = Alerts::newInstance()->unsub($id);
                 }
             }
             if ($result == 1) {
                 osc_add_flash_ok_message(_m('Unsubscribed correctly'));
             } else {
                 osc_add_flash_error_message(_m('Oops! There was a problem trying to unsubscribe you. Please contact an administrator'));
             }
             $this->redirectTo(osc_base_url());
             break;
         case 'pub_profile':
             if (Params::getParam('username') != '') {
                 $user = User::newInstance()->findByUsername(Params::getParam('username'));
             } else {
                 $user = User::newInstance()->findByPrimaryKey(Params::getParam('id'));
             }
             // user doesn't exist, show 404 error
             if (!$user) {
                 $this->do404();
                 return;
             }
             $itemsPerPage = Params::getParam('itemsPerPage') != '' ? Params::getParam('itemsPerPage') : 10;
             $page = Params::getParam('iPage') > 0 ? Params::getParam('iPage') - 1 : 0;
             $total_items = Item::newInstance()->countItemTypesByUserID($user['pk_i_id'], 'active');
             if ($itemsPerPage == 'all') {
                 $total_pages = 1;
                 $items = Item::newInstance()->findItemTypesByUserID($user['pk_i_id'], 0, null, 'active');
             } else {
                 $total_pages = ceil($total_items / $itemsPerPage);
                 $items = Item::newInstance()->findItemTypesByUserID($user['pk_i_id'], $page * $itemsPerPage, $itemsPerPage, 'active');
             }
             View::newInstance()->_exportVariableToView('user', $user);
             $this->_exportVariableToView('items', $items);
             $this->_exportVariableToView('search_total_pages', $total_pages);
             $this->_exportVariableToView('search_total_items', $total_items);
             $this->_exportVariableToView('items_per_page', $itemsPerPage);
             $this->_exportVariableToView('search_page', $page);
             $this->_exportVariableToView('canonical', osc_user_public_profile_url());
             $this->doView('user-public-profile.php');
             break;
         case 'contact_post':
             $user = User::newInstance()->findByPrimaryKey(Params::getParam('id'));
             View::newInstance()->_exportVariableToView('user', $user);
             if (osc_recaptcha_private_key() != '') {
                 if (!osc_check_recaptcha()) {
                     osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
                     Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail'));
                     Session::newInstance()->_setForm("yourName", Params::getParam('yourName'));
                     Session::newInstance()->_setForm("phoneNumber", Params::getParam('phoneNumber'));
                     Session::newInstance()->_setForm("message_body", Params::getParam('message'));
                     $this->redirectTo(osc_user_public_profile_url());
                     return false;
                     // BREAK THE PROCESS, THE RECAPTCHA IS WRONG
                 }
             }
             $banned = osc_is_banned(Params::getParam('yourEmail'));
             if ($banned == 1) {
                 osc_add_flash_error_message(_m('Your current email is not allowed'));
                 $this->redirectTo(osc_user_public_profile_url());
             } else {
                 if ($banned == 2) {
                     osc_add_flash_error_message(_m('Your current IP is not allowed'));
                     $this->redirectTo(osc_user_public_profile_url());
                 }
             }
             osc_run_hook('hook_email_contact_user', Params::getParam('id'), Params::getParam('yourEmail'), Params::getParam('yourName'), Params::getParam('phoneNumber'), Params::getParam('message'));
             osc_add_flash_ok_message(_m('Your email has been sent properly.'));
             $this->redirectTo(osc_user_public_profile_url());
             break;
         default:
             $this->redirectTo(osc_user_login_url());
             break;
     }
 }
示例#21
0
 function doModel()
 {
     //specific things for this class
     switch ($this->action) {
         case 'bulk_actions':
             break;
         case 'regions':
             //Return regions given a countryId
             $regions = Region::newInstance()->findByCountry(Params::getParam("countryId"));
             echo json_encode($regions);
             break;
         case 'cities':
             //Returns cities given a regionId
             $cities = City::newInstance()->findByRegion(Params::getParam("regionId"));
             echo json_encode($cities);
             break;
         case 'location':
             // This is the autocomplete AJAX
             $cities = City::newInstance()->ajax(Params::getParam("term"));
             foreach ($cities as $k => $city) {
                 $cities[$k]['label'] = $city['label'] . " (" . $city['region'] . ")";
             }
             echo json_encode($cities);
             break;
         case 'location_countries':
             // This is the autocomplete AJAX
             $countries = Country::newInstance()->ajax(Params::getParam("term"));
             echo json_encode($countries);
             break;
         case 'location_regions':
             // This is the autocomplete AJAX
             $regions = Region::newInstance()->ajax(Params::getParam("term"), Params::getParam("country"));
             echo json_encode($regions);
             break;
         case 'location_cities':
             // This is the autocomplete AJAX
             $cities = City::newInstance()->ajax(Params::getParam("term"), Params::getParam("region"));
             echo json_encode($cities);
             break;
         case 'delete_image':
             // Delete images via AJAX
             $ajax_photo = Params::getParam('ajax_photo');
             $id = Params::getParam('id');
             $item = Params::getParam('item');
             $code = Params::getParam('code');
             $secret = Params::getParam('secret');
             $json = array();
             if ($ajax_photo != '') {
                 $files = Session::newInstance()->_get('ajax_files');
                 $success = false;
                 foreach ($files as $uuid => $file) {
                     if ($file == $ajax_photo) {
                         $filename = $files[$uuid];
                         unset($files[$uuid]);
                         Session::newInstance()->_set('ajax_files', $files);
                         $success = @unlink(osc_content_path() . 'uploads/temp/' . $filename);
                         break;
                     }
                 }
                 echo json_encode(array('success' => $success, 'msg' => $success ? _m('The selected photo has been successfully deleted') : _m("The selected photo couldn't be deleted")));
                 return false;
             }
             if (Session::newInstance()->_get('userId') != '') {
                 $userId = Session::newInstance()->_get('userId');
                 $user = User::newInstance()->findByPrimaryKey($userId);
             } else {
                 $userId = null;
                 $user = null;
             }
             // Check for required fields
             if (!(is_numeric($id) && is_numeric($item) && preg_match('/^([a-z0-9]+)$/i', $code))) {
                 $json['success'] = false;
                 $json['msg'] = _m("The selected photo couldn't be deleted, the url doesn't exist");
                 echo json_encode($json);
                 return false;
             }
             $aItem = Item::newInstance()->findByPrimaryKey($item);
             // Check if the item exists
             if (count($aItem) == 0) {
                 $json['success'] = false;
                 $json['msg'] = _m("The listing doesn't exist");
                 echo json_encode($json);
                 return false;
             }
             if (!osc_is_admin_user_logged_in()) {
                 // Check if the item belong to the user
                 if ($userId != null && $userId != $aItem['fk_i_user_id']) {
                     $json['success'] = false;
                     $json['msg'] = _m("The listing doesn't belong to you");
                     echo json_encode($json);
                     return false;
                 }
                 // Check if the secret passphrase match with the item
                 if ($userId == null && $aItem['fk_i_user_id'] == null && $secret != $aItem['s_secret']) {
                     $json['success'] = false;
                     $json['msg'] = _m("The listing doesn't belong to you");
                     echo json_encode($json);
                     return false;
                 }
             }
             // Does id & code combination exist?
             $result = ItemResource::newInstance()->existResource($id, $code);
             if ($result > 0) {
                 $resource = ItemResource::newInstance()->findByPrimaryKey($id);
                 if ($resource['fk_i_item_id'] == $item) {
                     // Delete: file, db table entry
                     if (defined(OC_ADMIN)) {
                         osc_deleteResource($id, true);
                         Log::newInstance()->insertLog('ajax', 'deleteimage', $id, $id, 'admin', osc_logged_admin_id());
                     } else {
                         osc_deleteResource($id, false);
                         Log::newInstance()->insertLog('ajax', 'deleteimage', $id, $id, 'user', osc_logged_user_id());
                     }
                     ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $item, 's_name' => $code));
                     $json['msg'] = _m('The selected photo has been successfully deleted');
                     $json['success'] = 'true';
                 } else {
                     $json['msg'] = _m("The selected photo does not belong to you");
                     $json['success'] = 'false';
                 }
             } else {
                 $json['msg'] = _m("The selected photo couldn't be deleted");
                 $json['success'] = 'false';
             }
             echo json_encode($json);
             return true;
             break;
         case 'alerts':
             // Allow to register to an alert given (not sure it's used on admin)
             $encoded_alert = Params::getParam("alert");
             $alert = osc_decrypt_alert(base64_decode($encoded_alert));
             // check alert integrity / signature
             $stringToSign = osc_get_alert_public_key() . $encoded_alert;
             $signature = hex2b64(hmacsha1(osc_get_alert_private_key(), $stringToSign));
             $server_signature = Session::newInstance()->_get('alert_signature');
             if ($server_signature != $signature) {
                 echo '-2';
                 return false;
             }
             $email = Params::getParam("email");
             $userid = Params::getParam("userid");
             if (osc_is_web_user_logged_in()) {
                 $userid = osc_logged_user_id();
                 $user = User::newInstance()->findByPrimaryKey($userid);
                 $email = $user['s_email'];
             }
             if ($alert != '' && $email != '') {
                 if (osc_validate_email($email)) {
                     $secret = osc_genRandomPassword();
                     if ($alertID = Alerts::newInstance()->createAlert($userid, $email, $alert, $secret)) {
                         if ((int) $userid > 0) {
                             $user = User::newInstance()->findByPrimaryKey($userid);
                             if ($user['b_active'] == 1 && $user['b_enabled'] == 1) {
                                 Alerts::newInstance()->activate($alertID);
                                 echo '1';
                                 return true;
                             } else {
                                 echo '-1';
                                 return false;
                             }
                         } else {
                             $aAlert = Alerts::newInstance()->findByPrimaryKey($alertID);
                             osc_run_hook('hook_email_alert_validation', $aAlert, $email, $secret);
                         }
                         echo "1";
                     } else {
                         echo "0";
                     }
                     return true;
                 } else {
                     echo '-1';
                     return false;
                 }
             }
             echo '0';
             return false;
             break;
         case 'runhook':
             // run hooks
             $hook = Params::getParam('hook');
             if ($hook == '') {
                 echo json_encode(array('error' => 'hook parameter not defined'));
                 break;
             }
             switch ($hook) {
                 case 'item_form':
                     osc_run_hook('item_form', Params::getParam('catId'));
                     break;
                 case 'item_edit':
                     $catId = Params::getParam("catId");
                     $itemId = Params::getParam("itemId");
                     osc_run_hook("item_edit", $catId, $itemId);
                     break;
                 default:
                     osc_run_hook('ajax_' . $hook);
                     break;
             }
             break;
         case 'custom':
             // Execute via AJAX custom file
             if (Params::existParam('route')) {
                 $routes = Rewrite::newInstance()->getRoutes();
                 $rid = Params::getParam('route');
                 $file = '../';
                 if (isset($routes[$rid]) && isset($routes[$rid]['file'])) {
                     $file = $routes[$rid]['file'];
                 }
             } else {
                 // DEPRECATED: Disclosed path in URL is deprecated, use routes instead
                 // This will be REMOVED in 3.4
                 $file = Params::getParam('ajaxfile');
             }
             if ($file == '') {
                 echo json_encode(array('error' => 'no action defined'));
                 break;
             }
             // valid file?
             if (strpos($file, '../') !== false || strpos($file, '..\\') !== false || stripos($file, '/admin/') !== false) {
                 //If the file is inside an "admin" folder, it should NOT be opened in frontend
                 echo json_encode(array('error' => 'no valid ajaxFile'));
                 break;
             }
             if (!file_exists(osc_plugins_path() . $file)) {
                 echo json_encode(array('error' => "ajaxFile doesn't exist"));
                 break;
             }
             require_once osc_plugins_path() . $file;
             break;
         case 'check_username_availability':
             $username = osc_sanitize_username(Params::getParam('s_username'));
             if (!osc_is_username_blacklisted($username)) {
                 $user = User::newInstance()->findByUsername($username);
                 if (isset($user['s_username'])) {
                     echo json_encode(array('exists' => 1, 's_username' => $username));
                 } else {
                     echo json_encode(array('exists' => 0, 's_username' => $username));
                 }
             } else {
                 echo json_encode(array('exists' => 1, 's_username' => $username));
             }
             break;
         case 'ajax_upload':
             // Include the uploader class
             require_once LIB_PATH . "AjaxUploader.php";
             $uploader = new AjaxUploader();
             $original = pathinfo($uploader->getOriginalName());
             $filename = uniqid("qqfile_") . "." . $original['extension'];
             $result = $uploader->handleUpload(osc_content_path() . 'uploads/temp/' . $filename);
             $result['uploadName'] = $filename;
             echo htmlspecialchars(json_encode($result), ENT_NOQUOTES);
             break;
         case 'ajax_validate':
             $id = Params::getParam('id');
             if (!is_numeric($id)) {
                 echo json_encode(array('success' => false));
                 die;
             }
             $secret = Params::getParam('secret');
             $item = Item::newInstance()->findByPrimaryKey($id);
             if ($item['s_secret'] != $secret) {
                 echo json_encode(array('success' => false));
                 die;
             }
             $nResources = ItemResource::newInstance()->countResources($id);
             $result = array('success' => $nResources < osc_max_images_per_item(), 'count' => $nResources);
             echo json_encode($result);
             break;
         case 'delete_ajax_upload':
             $files = Session::newInstance()->_get('ajax_files');
             $success = false;
             $filename = '';
             if (isset($files[Params::getParam('qquuid')]) && $files[Params::getParam('qquuid')] != '') {
                 $filename = $files[Params::getParam('qquuid')];
                 unset($files[Params::getParam('qquuid')]);
                 Session::newInstance()->_set('ajax_files', $files);
                 $success = @unlink(osc_content_path() . 'uploads/temp/' . $filename);
             }
             echo json_encode(array('success' => $success, 'uploadName' => $filename));
             break;
         default:
             echo json_encode(array('error' => __('no action defined')));
             break;
     }
     // clear all keep variables into session
     Session::newInstance()->_dropKeepForm();
     Session::newInstance()->_clearVariables();
 }
示例#22
0
文件: tools.php 项目: semul/Osclass
 function doModel()
 {
     parent::doModel();
     switch ($this->action) {
         case 'import':
             // calling import view
             $this->doView('tools/import.php');
             break;
         case 'import_post':
             if (defined('DEMO')) {
                 osc_add_flash_warning_message(_m("This action cannot be done because it is a demo site"), 'admin');
                 $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=import');
             }
             // calling
             $sql = Params::getFiles('sql');
             if (isset($sql['size']) && $sql['size'] != 0) {
                 $content_file = file_get_contents($sql['tmp_name']);
                 $conn = DBConnectionClass::newInstance();
                 $c_db = $conn->getOsclassDb();
                 $comm = new DBCommandClass($c_db);
                 if ($comm->importSQL($content_file)) {
                     osc_add_flash_ok_message(_m('Import complete'), 'admin');
                 } else {
                     osc_add_flash_error_message(_m('There was a problem importing data to the database'), 'admin');
                 }
             } else {
                 osc_add_flash_warning_message(_m('No file was uploaded'), 'admin');
             }
             $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=import');
             break;
         case 'images':
             // calling images view
             $this->doView('tools/images.php');
             break;
         case 'images_post':
             if (defined('DEMO')) {
                 osc_add_flash_warning_message(_m("This action cannot be done because it is a demo site"), 'admin');
                 $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=images');
             }
             $preferences = Preference::newInstance()->toArray();
             $wat = new Watermark();
             $aResources = ItemResource::newInstance()->getAllResources();
             foreach ($aResources as $resource) {
                 osc_run_hook('regenerate_image', $resource);
                 $path = osc_content_path() . 'uploads/';
                 // comprobar que no haya original
                 $img_original = $path . $resource['pk_i_id'] . "_original*";
                 $aImages = glob($img_original);
                 // there is original image
                 if (count($aImages) == 1) {
                     $image_tmp = $aImages[0];
                 } else {
                     $img_normal = $path . $resource['pk_i_id'] . ".*";
                     $aImages = glob($img_normal);
                     if (count($aImages) == 1) {
                         $image_tmp = $aImages[0];
                     } else {
                         $img_thumbnail = $path . $resource['pk_i_id'] . "_thumbnail*";
                         $aImages = glob($img_thumbnail);
                         $image_tmp = $aImages[0];
                     }
                 }
                 // extension
                 preg_match('/\\.(.*)$/', $image_tmp, $matches);
                 if (isset($matches[1])) {
                     $extension = $matches[1];
                     // Create normal size
                     $path_normal = $path = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . '.jpg';
                     $size = explode('x', osc_normal_dimensions());
                     ImageResizer::fromFile($image_tmp)->resizeTo($size[0], $size[1])->saveToFile($path);
                     if (osc_is_watermark_text()) {
                         $wat->doWatermarkText($path, osc_watermark_text_color(), osc_watermark_text(), 'image/jpeg');
                     } elseif (osc_is_watermark_image()) {
                         $wat->doWatermarkImage($path, 'image/jpeg');
                     }
                     // Create preview
                     $path = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . '_preview.jpg';
                     $size = explode('x', osc_preview_dimensions());
                     ImageResizer::fromFile($path_normal)->resizeTo($size[0], $size[1])->saveToFile($path);
                     // Create thumbnail
                     $path = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . '_thumbnail.jpg';
                     $size = explode('x', osc_thumbnail_dimensions());
                     ImageResizer::fromFile($path_normal)->resizeTo($size[0], $size[1])->saveToFile($path);
                     // update resource info
                     ItemResource::newInstance()->update(array('s_path' => 'oc-content/uploads/', 's_name' => osc_genRandomPassword(), 's_extension' => 'jpg', 's_content_type' => 'image/jpeg'), array('pk_i_id' => $resource['pk_i_id']));
                     osc_run_hook('regenerated_image', ItemResource::newInstance()->findByPrimaryKey($resource['pk_i_id']));
                     // si extension es direfente a jpg, eliminar las imagenes con $extension si hay
                     if ($extension != 'jpg') {
                         $files_to_remove = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . "*" . $extension;
                         $fs = glob($files_to_remove);
                         if (is_array($fs)) {
                             array_map("unlink", $fs);
                         }
                     }
                     // ....
                 } else {
                     // no es imagen o imagen sin extesión
                 }
             }
             osc_add_flash_ok_message(_m('Re-generation complete'), 'admin');
             $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=images');
             break;
         case 'category':
             $this->doView('tools/category.php');
             break;
         case 'category_post':
             if (defined('DEMO')) {
                 osc_add_flash_warning_message(_m("This action cannot be done because it is a demo site"), 'admin');
                 $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=category');
             }
             osc_update_cat_stats();
             osc_add_flash_ok_message(_m("Recount category stats has been successful"), 'admin');
             $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=category');
             break;
         case 'locations':
             $this->doView('tools/locations.php');
             break;
         case 'locations_post':
             if (defined('DEMO')) {
                 osc_add_flash_warning_message(_m("This action cannot be done because it is a demo site"), 'admin');
                 $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=locations');
             }
             $workToDo = LocationsTmp::newInstance()->count();
             if ($workToDo > 0) {
                 $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=locations');
                 break;
             }
             // we need populate location tmp table
             $aCountry = Country::newInstance()->listAll();
             foreach ($aCountry as $country) {
                 $aRegionsCountry = Region::newInstance()->getByCountry($country['pk_c_code']);
                 LocationsTmp::newInstance()->insert(array('id_location' => $country['pk_c_code'], 'e_type' => 'COUNTRY'));
                 foreach ($aRegionsCountry as $region) {
                     $aCitiesRegion = City::newInstance()->getByRegion($region['pk_i_id']);
                     LocationsTmp::newInstance()->insert(array('id_location' => $region['pk_i_id'], 'e_type' => 'REGION'));
                     foreach ($aCitiesRegion as $city) {
                         LocationsTmp::newInstance()->insert(array('id_location' => $city['pk_i_id'], 'e_type' => 'CITY'));
                     }
                     unset($aCitiesRegion);
                 }
                 unset($aRegionsCountry);
             }
             unset($aCountry);
             $workToDo = LocationsTmp::newInstance()->count();
             Preference::newInstance()->replace('location_todo', $workToDo);
             $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=locations');
             break;
         case 'upgrade':
             $this->doView('tools/upgrade.php');
             break;
         case 'backup':
             $this->doView('tools/backup.php');
             break;
         case 'backup-sql':
             if (defined('DEMO')) {
                 osc_add_flash_warning_message(_m("This action cannot be done because it is a demo site"), 'admin');
                 $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=backup');
             }
             //databasse dump...
             if (Params::getParam('bck_dir') != '') {
                 $path = trim(Params::getParam('bck_dir'));
                 if (substr($path, -1, 1) != "/") {
                     $path .= '/';
                 }
             } else {
                 $path = osc_base_path();
             }
             $filename = 'OSClass_mysqlbackup.' . date('YmdHis') . '.sql';
             switch (osc_dbdump($path, $filename)) {
                 case -1:
                     $msg = _m('Path is empty');
                     osc_add_flash_error_message($msg, 'admin');
                     break;
                 case -2:
                     $msg = sprintf(_m('Could not connect with the database. Error: %s'), mysql_error());
                     osc_add_flash_error_message($msg, 'admin');
                     break;
                 case -3:
                     $msg = _m('There are no tables to back up');
                     osc_add_flash_error_message($msg, 'admin');
                     break;
                 case -4:
                     $msg = _m('The folder is not writable');
                     osc_add_flash_error_message($msg, 'admin');
                     break;
                 default:
                     $msg = _m('Backup completed successfully');
                     osc_add_flash_ok_message($msg, 'admin');
                     break;
             }
             $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=backup');
             break;
         case 'backup-sql_file':
             if (defined('DEMO')) {
                 osc_add_flash_warning_message(_m("This action cannot be done because it is a demo site"), 'admin');
                 $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=backup');
             }
             //databasse dump...
             $filename = 'OSClass_mysqlbackup.' . date('YmdHis') . '.sql';
             $path = sys_get_temp_dir() . "/";
             switch (osc_dbdump($path, $filename)) {
                 case -1:
                     $msg = _m('Path is empty');
                     osc_add_flash_error_message($msg, 'admin');
                     break;
                 case -2:
                     $msg = sprintf(_m('Could not connect with the database. Error: %s'), mysql_error());
                     osc_add_flash_error_message($msg, 'admin');
                     break;
                 case -3:
                     $msg = sprintf(_m('Could not select the database. Error: %s'), mysql_error());
                     osc_add_flash_error_message($msg, 'admin');
                     break;
                 case -4:
                     $msg = _m('There are no tables to back up');
                     osc_add_flash_error_message($msg, 'admin');
                     break;
                 case -5:
                     $msg = _m('The folder is not writable');
                     osc_add_flash_error_message($msg, 'admin');
                     break;
                 default:
                     $msg = _m('Backup completed successfully');
                     osc_add_flash_ok_message($msg, 'admin');
                     header('Content-Description: File Transfer');
                     header('Content-Type: application/octet-stream');
                     header('Content-Disposition: attachment; filename=' . basename($filename));
                     header('Content-Transfer-Encoding: binary');
                     header('Expires: 0');
                     header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
                     header('Pragma: public');
                     header('Content-Length: ' . filesize($path . $filename));
                     flush();
                     readfile($path . $filename);
                     exit;
                     break;
             }
             $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=backup');
             break;
         case 'backup-zip_file':
             if (defined('DEMO')) {
                 osc_add_flash_warning_message(_m("This action cannot be done because it is a demo site"), 'admin');
                 $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=backup');
             }
             $filename = "OSClass_backup." . date('YmdHis') . ".zip";
             $path = sys_get_temp_dir() . "/";
             if (osc_zip_folder(osc_base_path(), $path . $filename)) {
                 $msg = _m('Archived successfully!');
                 osc_add_flash_ok_message($msg, 'admin');
                 header('Content-Description: File Transfer');
                 header('Content-Type: application/octet-stream');
                 header('Content-Disposition: attachment; filename=' . basename($filename));
                 header('Content-Transfer-Encoding: binary');
                 header('Expires: 0');
                 header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
                 header('Pragma: public');
                 header('Content-Length: ' . filesize($path . $filename));
                 flush();
                 readfile($path . $filename);
                 exit;
             } else {
                 $msg = _m('Error, the zip file was not created in the specified directory');
                 osc_add_flash_error_message($msg, 'admin');
             }
             $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=backup');
             break;
         case 'backup-zip':
             if (defined('DEMO')) {
                 osc_add_flash_warning_message(_m("This action cannot be done because it is a demo site"), 'admin');
                 $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=backup');
             }
             //zip of the code just to back it up
             if (Params::getParam('bck_dir') != '') {
                 $archive_name = trim(Params::getParam('bck_dir'));
                 if (substr(trim($archive_name), -1, 1) != "/") {
                     $archive_name .= '/';
                 }
                 $archive_name = Params::getParam('bck_dir') . '/OSClass_backup.' . date('YmdHis') . '.zip';
             } else {
                 $archive_name = osc_base_path() . "OSClass_backup." . date('YmdHis') . ".zip";
             }
             $archive_folder = osc_base_path();
             if (osc_zip_folder($archive_folder, $archive_name)) {
                 $msg = _m('Archived successfully!');
                 osc_add_flash_ok_message($msg, 'admin');
             } else {
                 $msg = _m('Error, the zip file was not created in the specified directory');
                 osc_add_flash_error_message($msg, 'admin');
             }
             $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=backup');
             break;
         case 'backup_post':
             $this->doView('tools/backup.php');
             break;
         case 'maintenance':
             if (defined('DEMO')) {
                 osc_add_flash_warning_message(_m("This action cannot be done because it is a demo site"), 'admin');
                 $this->doView('tools/maintenance.php');
                 break;
             }
             $mode = Params::getParam('mode');
             if ($mode == 'on') {
                 $maintenance_file = osc_base_path() . '.maintenance';
                 $fileHandler = @fopen($maintenance_file, 'w');
                 if ($fileHandler) {
                     osc_add_flash_ok_message(_m('Maintenance mode is ON'), 'admin');
                 } else {
                     osc_add_flash_error_message(_m('There was an error creating the .maintenance file, please create it manually at the root folder'), 'admin');
                 }
                 fclose($fileHandler);
                 $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=maintenance');
             } else {
                 if ($mode == 'off') {
                     $deleted = @unlink(osc_base_path() . '.maintenance');
                     if ($deleted) {
                         osc_add_flash_ok_message(_m('Maintenance mode is OFF'), 'admin');
                     } else {
                         osc_add_flash_error_message(_m('There was an error removing the .maintenance file, please remove it manually from the root folder'), 'admin');
                     }
                     $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=maintenance');
                 }
             }
             $this->doView('tools/maintenance.php');
             break;
         default:
     }
 }
示例#23
0
<?

//Конфигурация
$dbuname = 'u362675236_admin';
$dbpass = '******';
$dbhost = 'mysql.hostinger.ru';
$dbname = 'u362675236_class';

function osc_genRandomPassword($length = 8)
{

$dict = array_merge(range('a', 'z'), range('0', '9'), range('A', 'Z'));
shuffle($dict);
$pass = '';
for($i = 0; $i < $length; $i++)
$pass .= $dict[rand(0, count($dict) - 1)];
return $pass;

}

$token = $_POST ["token"]; if (!$token) exit;
$HTTP_HOST = $_SERVER['HTTP_HOST'];

$s = file_get_contents("http://ulogin.ru/token.php?token=$token&host=$HTTP_HOST");
$user = json_decode($s, true);

$network = $user ["network"];
$identity = $user ["identity"];
$first_name = $user ["first_name"];
$last_name = $user ["last_name"];
示例#24
0
文件: user.php 项目: naneri/Osclass
 function doModel()
 {
     switch ($this->action) {
         case 'dashboard':
             //dashboard...
             $max_items = Params::getParam('max_items') != '' ? Params::getParam('max_items') : 5;
             $aItems = Item::newInstance()->findByUserIDEnabled(osc_logged_user_id(), 0, $max_items);
             //calling the view...
             $this->_exportVariableToView('items', $aItems);
             $this->_exportVariableToView('max_items', $max_items);
             $this->doView('user-dashboard.php');
             break;
         case 'profile':
             //profile...
             $user = User::newInstance()->findByPrimaryKey(osc_logged_user_id());
             $aCountries = Country::newInstance()->listAll();
             $aRegions = array();
             if ($user['fk_c_country_code'] != '') {
                 $aRegions = Region::newInstance()->findByCountry($user['fk_c_country_code']);
             } elseif (count($aCountries) > 0) {
                 $aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']);
             }
             $aCities = array();
             if ($user['fk_i_region_id'] != '') {
                 $aCities = City::newInstance()->findByRegion($user['fk_i_region_id']);
             } else {
                 if (count($aRegions) > 0) {
                     $aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']);
                 }
             }
             //calling the view...
             $this->_exportVariableToView('countries', $aCountries);
             $this->_exportVariableToView('regions', $aRegions);
             $this->_exportVariableToView('cities', $aCities);
             $this->_exportVariableToView('user', $user);
             $this->_exportVariableToView('locales', OSCLocale::newInstance()->listAllEnabled());
             $this->doView('user-profile.php');
             break;
         case 'profile_post':
             //profile post...
             osc_csrf_check();
             $userId = Session::newInstance()->_get('userId');
             require_once LIB_PATH . 'osclass/UserActions.php';
             $userActions = new UserActions(false);
             $success = $userActions->edit($userId);
             if ($success == 1 || $success == 2) {
                 osc_add_flash_ok_message(_m('Your profile has been updated successfully'));
             } else {
                 osc_add_flash_error_message($success);
             }
             $this->redirectTo(osc_user_profile_url());
             break;
         case 'alerts':
             //alerts
             $aAlerts = Alerts::newInstance()->findByUser(Session::newInstance()->_get('userId'), false);
             $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId'));
             foreach ($aAlerts as $k => $a) {
                 $array_conditions = (array) json_decode($a['s_search']);
                 //                                            $search = Search::newInstance();
                 $search = new Search();
                 $search->setJsonAlert($array_conditions);
                 $search->limit(0, 3);
                 $aAlerts[$k]['items'] = $search->doSearch();
             }
             $this->_exportVariableToView('alerts', $aAlerts);
             View::newInstance()->_reset('alerts');
             $this->_exportVariableToView('user', $user);
             $this->doView('user-alerts.php');
             break;
         case 'change_email':
             //change email
             $this->doView('user-change_email.php');
             break;
         case 'change_email_post':
             //change email post
             osc_csrf_check();
             if (!osc_validate_email(Params::getParam('new_email'))) {
                 osc_add_flash_error_message(_m('The specified e-mail is not valid'));
                 $this->redirectTo(osc_change_user_email_url());
             } else {
                 $user = User::newInstance()->findByEmail(Params::getParam('new_email'));
                 if (!isset($user['pk_i_id'])) {
                     $userEmailTmp = array();
                     $userEmailTmp['fk_i_user_id'] = Session::newInstance()->_get('userId');
                     $userEmailTmp['s_new_email'] = Params::getParam('new_email');
                     UserEmailTmp::newInstance()->insertOrUpdate($userEmailTmp);
                     $code = osc_genRandomPassword(30);
                     $date = date('Y-m-d H:i:s');
                     $userManager = new User();
                     $userManager->update(array('s_pass_code' => $code, 's_pass_date' => $date, 's_pass_ip' => $_SERVER['REMOTE_ADDR']), array('pk_i_id' => Session::newInstance()->_get('userId')));
                     $validation_url = osc_change_user_email_confirm_url(Session::newInstance()->_get('userId'), $code);
                     osc_run_hook('hook_email_new_email', Params::getParam('new_email'), $validation_url);
                     $this->redirectTo(osc_user_profile_url());
                 } else {
                     osc_add_flash_error_message(_m('The specified e-mail is already in use'));
                     $this->redirectTo(osc_change_user_email_url());
                 }
             }
             break;
         case 'change_username':
             //change username
             $this->doView('user-change_username.php');
             break;
         case 'change_username_post':
             //change username
             $username = osc_sanitize_username(Params::getParam('s_username'));
             osc_run_hook('before_username_change', Session::newInstance()->_get('userId'), $username);
             if ($username != '') {
                 $user = User::newInstance()->findByUsername($username);
                 if (isset($user['s_username'])) {
                     osc_add_flash_error_message(_m('The specified username is already in use'));
                 } else {
                     if (!osc_is_username_blacklisted($username)) {
                         User::newInstance()->update(array('s_username' => $username), array('pk_i_id' => Session::newInstance()->_get('userId')));
                         osc_add_flash_ok_message(_m('The username was updated'));
                         osc_run_hook('after_username_change', Session::newInstance()->_get('userId'), Params::getParam('s_username'));
                         $this->redirectTo(osc_user_profile_url());
                     } else {
                         osc_add_flash_error_message(_m('The specified username is not valid, it contains some invalid words'));
                     }
                 }
             } else {
                 osc_add_flash_error_message(_m('The specified username could not be empty'));
             }
             $this->redirectTo(osc_change_user_username_url());
             break;
         case 'change_password':
             //change password
             $this->doView('user-change_password.php');
             break;
         case 'change_password_post':
             //change password post
             osc_csrf_check();
             $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId'));
             if (Params::getParam('password', false, false) == '' || Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') {
                 osc_add_flash_warning_message(_m('Password cannot be blank'));
                 $this->redirectTo(osc_change_user_password_url());
             }
             if (!osc_verify_password(Params::getParam('password', false, false), $user['s_password'])) {
                 osc_add_flash_error_message(_m("Current password doesn't match"));
                 $this->redirectTo(osc_change_user_password_url());
             }
             if (!Params::getParam('new_password', false, false)) {
                 osc_add_flash_error_message(_m("Passwords can't be empty"));
                 $this->redirectTo(osc_change_user_password_url());
             }
             if (Params::getParam('new_password', false, false) != Params::getParam('new_password2', false, false)) {
                 osc_add_flash_error_message(_m("Passwords don't match"));
                 $this->redirectTo(osc_change_user_password_url());
             }
             User::newInstance()->update(array('s_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => Session::newInstance()->_get('userId')));
             osc_add_flash_ok_message(_m('Password has been changed'));
             $this->redirectTo(osc_user_profile_url());
             break;
         case 'items':
             // view items user
             $itemsPerPage = Params::getParam('itemsPerPage') != '' ? Params::getParam('itemsPerPage') : 10;
             $page = Params::getParam('iPage') > 0 ? Params::getParam('iPage') - 1 : 0;
             $itemType = Params::getParam('itemType');
             $total_items = Item::newInstance()->countItemTypesByUserID(osc_logged_user_id(), $itemType);
             $total_pages = ceil($total_items / $itemsPerPage);
             $items = Item::newInstance()->findItemTypesByUserID(osc_logged_user_id(), $page * $itemsPerPage, $itemsPerPage, $itemType);
             $this->_exportVariableToView('items', $items);
             $this->_exportVariableToView('search_total_pages', $total_pages);
             $this->_exportVariableToView('search_total_items', $total_items);
             $this->_exportVariableToView('items_per_page', $itemsPerPage);
             $this->_exportVariableToView('items_type', $itemType);
             $this->_exportVariableToView('search_page', $page);
             $this->doView('user-items.php');
             break;
         case 'activate_alert':
             $email = Params::getParam('email');
             $secret = Params::getParam('secret');
             $result = 0;
             if ($email != '' && $secret != '') {
                 $result = Alerts::newInstance()->activate($email, $secret);
             }
             if ($result == 1) {
                 osc_add_flash_ok_message(_m('Alert activated'));
             } else {
                 osc_add_flash_error_message(_m('Oops! There was a problem trying to activate your alert. Please contact an administrator'));
             }
             $this->redirectTo(osc_base_url());
             break;
         case 'unsub_alert':
             $email = Params::getParam('email');
             $secret = Params::getParam('secret');
             $id = Params::getParam('id');
             $alert = Alerts::newInstance()->findByPrimaryKey($id);
             $result = 0;
             if (!empty($alert)) {
                 if ($email == $alert['s_email'] && $secret == $alert['s_secret']) {
                     $result = Alerts::newInstance()->unsub($id);
                 }
             }
             if ($result == 1) {
                 osc_add_flash_ok_message(_m('Unsubscribed correctly'));
             } else {
                 osc_add_flash_error_message(_m('Oops! There was a problem trying to unsubscribe you. Please contact an administrator'));
             }
             $this->redirectTo(osc_user_alerts_url());
             break;
         case 'delete':
             $id = Params::getParam('id');
             $secret = Params::getParam('secret');
             if (osc_is_web_user_logged_in()) {
                 $user = User::newInstance()->findByPrimaryKey(osc_logged_user_id());
                 View::newInstance()->_exportVariableToView('user', $user);
                 if (!empty($user) && osc_logged_user_id() == $id && $secret == $user['s_secret']) {
                     User::newInstance()->deleteUser(osc_logged_user_id());
                     Session::newInstance()->_drop('userId');
                     Session::newInstance()->_drop('userName');
                     Session::newInstance()->_drop('userEmail');
                     Session::newInstance()->_drop('userPhone');
                     Cookie::newInstance()->pop('oc_userId');
                     Cookie::newInstance()->pop('oc_userSecret');
                     Cookie::newInstance()->set();
                     osc_add_flash_ok_message(_m("Your account have been deleted"));
                     $this->redirectTo(osc_base_url());
                 } else {
                     osc_add_flash_error_message(_m("Oops! you can not do that"));
                     $this->redirectTo(osc_user_dashboard_url());
                 }
             } else {
                 osc_add_flash_error_message(_m("Oops! you can not do that"));
                 $this->redirectTo(osc_base_url());
             }
             break;
     }
 }
示例#25
0
        function prepareData($is_add)
        {
            $input = array();

            if ( $is_add ) {
                $input['s_secret']    = osc_genRandomPassword();
                $input['dt_reg_date'] = date('Y-m-d H:i:s');
            } else {
                $input['dt_mod_date'] = date('Y-m-d H:i:s');
            }

            //only for administration, in the public website this two params are edited separately
            if ( $this->is_admin || $is_add ) {
                $input['s_email'] = Params::getParam('s_email');

                //if we want to change the password
                if( Params::getParam('s_password', false, false) != '') {
                    $input['s_password'] = osc_hash_password(Params::getParam('s_password', false, false));
                }
                $input['s_username']     = osc_sanitize_username(Params::getParam('s_username'));
            }

            $input['s_name']         = trim(Params::getParam('s_name'));
            $input['s_website']      = trim(Params::getParam('s_website'));
            $input['s_phone_land']   = trim(Params::getParam('s_phone_land'));
            $input['s_phone_mobile'] = trim(Params::getParam('s_phone_mobile'));

            if(strtolower(substr($input['s_website'], 0, 4))!=='http') {
                $input['s_website'] = 'http://'.$input['s_website'];
            }
            $input['s_website'] = osc_sanitize_url($input['s_website']);
            if ( ! osc_validate_url($input['s_website'])) $input['s_website'] = '';

            //locations...
            $country = Country::newInstance()->findByCode( Params::getParam('countryId') );
            if(count($country) > 0) {
                $countryId   = $country['pk_c_code'];
                $countryName = $country['s_name'];
            } else {
                $countryId   = null;
                $countryName = Params::getParam('country');
            }

            if( intval( Params::getParam('regionId') ) ) {
                $region = Region::newInstance()->findByPrimaryKey( Params::getParam('regionId') );
                if( count($region) > 0 ) {
                    $regionId   = $region['pk_i_id'];
                    $regionName = $region['s_name'];
                }
            } else {
                $regionId   = null;
                $regionName = Params::getParam('region');
            }

            if( intval( Params::getParam('cityId') ) ) {
                $city = City::newInstance()->findByPrimaryKey( Params::getParam('cityId') );
                if( count($city) > 0 ) {
                    $cityId   = $city['pk_i_id'];
                    $cityName = $city['s_name'];
                }
            } else {
                $cityId   = null;
                $cityName = Params::getParam('city');
            }

            $input['fk_c_country_code'] = $countryId;
            $input['s_country'] = $countryName;
            $input['fk_i_region_id'] = $regionId;
            $input['s_region']       = $regionName;
            $input['fk_i_city_id']   = $cityId;
            $input['s_city']         = $cityName;
            $input['s_city_area']    = Params::getParam('cityArea');
            $input['s_address']      = Params::getParam('address');
            $input['s_zip']          = Params::getParam('zip');
            $input['d_coord_lat']    = (Params::getParam('d_coord_lat')  != '') ? Params::getParam('d_coord_lat') : null;
            $input['d_coord_long']   = (Params::getParam('d_coord_long') != '') ? Params::getParam('d_coord_long') : null;
            $input['b_company']      = (Params::getParam('b_company') != '' && Params::getParam('b_company') != 0) ? 1 : 0;

            return($input);
        }
示例#26
0
 function doModel()
 {
     switch ($this->action) {
         case 'login_post':
             //post execution for the login
             osc_csrf_check();
             osc_run_hook('before_login_admin');
             $url_redirect = osc_get_http_referer();
             $page_redirect = '';
             $password = Params::getParam('password', false, false);
             if (preg_match('|[\\?&]page=([^&]+)|', $url_redirect . '&', $match)) {
                 $page_redirect = $match[1];
             }
             if ($page_redirect == '' || $page_redirect == 'login' || $url_redirect == '') {
                 $url_redirect = osc_admin_base_url();
             }
             if (Params::getParam('user') == '') {
                 osc_add_flash_error_message(_m('The username field is empty'), 'admin');
                 $this->redirectTo(osc_admin_base_url(true) . "?page=login");
             }
             if (Params::getParam('password', false, false) == '') {
                 osc_add_flash_error_message(_m('The password field is empty'), 'admin');
                 $this->redirectTo(osc_admin_base_url(true) . "?page=login");
             }
             // fields are not empty
             $admin = Admin::newInstance()->findByUsername(Params::getParam('user'));
             if (!$admin) {
                 osc_add_flash_error_message(sprintf(_m('Sorry, incorrect username. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&amp;action=recover'), 'admin');
                 $this->redirectTo(osc_admin_base_url(true) . "?page=login");
             }
             if (!osc_verify_password($password, $admin['s_password'])) {
                 osc_add_flash_error_message(sprintf(_m('Sorry, incorrect password. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&amp;action=recover'), 'admin');
                 $this->redirectTo(osc_admin_base_url(true) . "?page=login");
             } else {
                 if (@$admin['s_password'] != '') {
                     if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $admin['s_password'], $cost)) {
                         if ($cost[1] != BCRYPT_COST) {
                             Admin::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $admin['pk_i_id']));
                         }
                     } else {
                         Admin::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $admin['pk_i_id']));
                     }
                 }
             }
             if (Params::getParam('remember')) {
                 // this include contains de osc_genRandomPassword function
                 require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
                 $secret = osc_genRandomPassword();
                 Admin::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $admin['pk_i_id']));
                 Cookie::newInstance()->set_expires(osc_time_cookie());
                 Cookie::newInstance()->push('oc_adminId', $admin['pk_i_id']);
                 Cookie::newInstance()->push('oc_adminSecret', $secret);
                 Cookie::newInstance()->push('oc_adminLocale', Params::getParam('locale'));
                 Cookie::newInstance()->set();
             }
             // we are logged in... let's go!
             Session::newInstance()->_set('adminId', $admin['pk_i_id']);
             Session::newInstance()->_set('adminUserName', $admin['s_username']);
             Session::newInstance()->_set('adminName', $admin['s_name']);
             Session::newInstance()->_set('adminEmail', $admin['s_email']);
             Session::newInstance()->_set('adminLocale', Params::getParam('locale'));
             osc_run_hook('login_admin', $admin);
             $this->redirectTo($url_redirect);
             break;
         case 'recover':
             // form to recover the password (in this case we have the form in /gui/)
             $this->doView('gui/recover.php');
             break;
         case 'recover_post':
             if (defined('DEMO')) {
                 osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin');
                 $this->redirectTo(osc_admin_base_url());
             }
             osc_csrf_check();
             // post execution to recover the password
             $admin = Admin::newInstance()->findByEmail(Params::getParam('email'));
             if ($admin) {
                 if (osc_recaptcha_private_key() != '') {
                     if (!osc_check_recaptcha()) {
                         osc_add_flash_error_message(_m('The reCAPTCHA code is wrong'), 'admin');
                         $this->redirectTo(osc_admin_base_url(true) . '?page=login&action=recover');
                         return false;
                         // BREAK THE PROCESS, THE RECAPTCHA IS WRONG
                     }
                 }
                 require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
                 $newPassword = osc_genRandomPassword(40);
                 Admin::newInstance()->update(array('s_secret' => $newPassword), array('pk_i_id' => $admin['pk_i_id']));
                 $password_url = osc_forgot_admin_password_confirm_url($admin['pk_i_id'], $newPassword);
                 osc_run_hook('hook_email_user_forgot_password', $admin, $password_url);
             }
             osc_add_flash_ok_message(_m('A new password has been sent to your e-mail'), 'admin');
             $this->redirectTo(osc_admin_base_url(true) . '?page=login');
             break;
         case 'forgot':
             // form to recover the password (in this case we have the form in /gui/)
             $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code'));
             if (!$admin) {
                 osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin');
                 $this->redirectTo(osc_admin_base_url());
             }
             $this->doView('gui/forgot_password.php');
             break;
         case 'forgot_post':
             osc_csrf_check();
             $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code'));
             if (!$admin) {
                 osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin');
                 $this->redirectTo(osc_admin_base_url());
             }
             if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) {
                 Admin::newInstance()->update(array('s_secret' => osc_genRandomPassword(), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $admin['pk_i_id']));
                 osc_add_flash_ok_message(_m('The password has been changed'), 'admin');
                 $this->redirectTo(osc_admin_base_url(true) . '?page=login');
             } else {
                 osc_add_flash_error_message(_m("Error, the passwords don't match"), 'admin');
                 $this->redirectTo(osc_forgot_admin_password_confirm_url(Params::getParam('adminId'), Params::getParam('code')));
             }
             break;
         default:
             //osc_run_hook( 'init_admin' );
             Session::newInstance()->_setReferer(osc_get_http_referer());
             $this->doView('gui/login.php');
             break;
     }
 }
示例#27
0
 public function uploadItemResources($aResources, $itemId)
 {
     if ($aResources != '') {
         $wat = new Watermark();
         $itemResourceManager = ItemResource::newInstance();
         $numImagesItems = osc_max_images_per_item();
         $numImages = $itemResourceManager->countResources($itemId);
         foreach ($aResources['error'] as $key => $error) {
             if ($numImagesItems == 0 || $numImagesItems > 0 && $numImages < $numImagesItems) {
                 if ($error == UPLOAD_ERR_OK) {
                     $numImages++;
                     $tmpName = $aResources['tmp_name'][$key];
                     $itemResourceManager->insert(array('fk_i_item_id' => $itemId));
                     $resourceId = $itemResourceManager->dao->insertedId();
                     // Create normal size
                     $normal_path = $path = osc_content_path() . 'uploads/' . $resourceId . '.jpg';
                     $size = explode('x', osc_normal_dimensions());
                     ImageResizer::fromFile($tmpName)->resizeTo($size[0], $size[1])->saveToFile($path);
                     if (osc_is_watermark_text()) {
                         $wat->doWatermarkText($path, osc_watermark_text_color(), osc_watermark_text(), 'image/jpeg');
                     } elseif (osc_is_watermark_image()) {
                         $wat->doWatermarkImage($path, 'image/jpeg');
                     }
                     // Create preview
                     $path = osc_content_path() . 'uploads/' . $resourceId . '_preview.jpg';
                     $size = explode('x', osc_preview_dimensions());
                     ImageResizer::fromFile($normal_path)->resizeTo($size[0], $size[1])->saveToFile($path);
                     // Create thumbnail
                     $path = osc_content_path() . 'uploads/' . $resourceId . '_thumbnail.jpg';
                     $size = explode('x', osc_thumbnail_dimensions());
                     ImageResizer::fromFile($normal_path)->resizeTo($size[0], $size[1])->saveToFile($path);
                     if (osc_keep_original_image()) {
                         $path = osc_content_path() . 'uploads/' . $resourceId . '_original.jpg';
                         move_uploaded_file($tmpName, $path);
                     }
                     $s_path = 'oc-content/uploads/';
                     $resourceType = 'image/jpeg';
                     $itemResourceManager->update(array('s_path' => $s_path, 's_name' => osc_genRandomPassword(), 's_extension' => 'jpg', 's_content_type' => $resourceType), array('pk_i_id' => $resourceId, 'fk_i_item_id' => $itemId));
                     osc_run_hook('uploaded_file', ItemResource::newInstance()->findByPrimaryKey($resourceId));
                 }
             }
         }
         unset($itemResourceManager);
     }
 }
示例#28
0
 function doModel()
 {
     switch ($this->action) {
         case 'login_post':
             //post execution for the login
             $user = User::newInstance()->findByEmail(Params::getParam('email'));
             if (!$user) {
                 osc_add_flash_message(_m('The username doesn\'t exist'));
                 $this->redirectTo(osc_user_login_url());
             }
             if (!$user['b_enabled']) {
                 osc_add_flash_message(_m('The user has not been validated yet'));
                 $this->redirectTo(osc_user_login_url());
             }
             if ($user["s_password"] == sha1(Params::getParam('password'))) {
                 if (Params::getParam('remember') == 1) {
                     //this include contains de osc_genRandomPassword function
                     require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
                     $secret = osc_genRandomPassword();
                     User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id']));
                     Cookie::newInstance()->set_expires(osc_time_cookie());
                     Cookie::newInstance()->push('oc_userId', $user['pk_i_id']);
                     Cookie::newInstance()->push('oc_userSecret', $secret);
                     Cookie::newInstance()->set();
                 }
                 //we are logged in... let's go!
                 Session::newInstance()->_set('userId', $user['pk_i_id']);
                 Session::newInstance()->_set('userName', $user['s_name']);
                 Session::newInstance()->_set('userEmail', $user['s_email']);
                 $phone = $user['s_phone_mobile'] ? $user['s_phone_mobile'] : $user['s_phone_land'];
                 Session::newInstance()->_set('userPhone', $phone);
             } else {
                 osc_add_flash_message(_m('The password is incorrect'));
             }
             //returning logged in to the main page...
             $this->redirectTo(osc_user_dashboard_url());
             break;
         case 'recover':
             //form to recover the password (in this case we have the form in /gui/)
             $this->doView('user-recover.php');
             break;
         case 'recover_post':
             //post execution to recover the password
             require_once LIB_PATH . 'osclass/UserActions.php';
             $userActions = new UserActions(false);
             $recaptcha_ok = $userActions->recover_password();
             if ($recaptcha_ok) {
                 // We ALWAYS show the same message, so we don't give clues about which emails are in our database and which don't!
                 osc_add_flash_message(_m('We have sent you an email with the instructions to reset your password'));
                 $this->redirectTo(osc_base_url());
             } else {
                 osc_add_flash_message(_m('The recaptcha code is wrong'));
                 $this->redirectTo(osc_recover_user_password_url());
             }
             break;
         case 'forgot':
             //form to recover the password (in this case we have the form in /gui/)
             $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
             if ($user) {
                 $this->doView('user-forgot_password.php');
             } else {
                 osc_add_flash_message(_m('Sorry, the link is not valid'));
                 $this->redirectTo(osc_base_url());
             }
             break;
         case 'forgot_post':
             $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
             if ($user) {
                 if (Params::getParam('new_password') == Params::getParam('new_password2')) {
                     User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => $_SERVER['REMOTE_ADDR'], 's_password' => sha1(Params::getParam('new_password'))), array('pk_i_id' => $user['pk_i_id']));
                     osc_add_flash_message(_m('The password has been changed'));
                     $this->redirectTo(osc_user_login_url());
                 } else {
                     osc_add_flash_message(_m('Error, the password don\'t match'));
                     $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
                 }
             } else {
                 osc_add_flash_message(_m('Sorry, the link is not valid'));
             }
             $this->redirectTo(osc_base_url());
             break;
         default:
             //login
             if (osc_logged_user_id() != '') {
                 $this->redirectTo(osc_user_dashboard_url());
             }
             $this->doView('user-login.php');
     }
 }
示例#29
0
文件: upload.php 项目: neevan1e/Done
}
if (!(int) $_POST['state']) {
    die("Select state");
}
$extension = array("image/jpeg", "image/jpg", "image/png");
if (!empty($_FILES["imageone"]["name"])) {
    $count = count($_FILES["imageone"]["name"]);
    if (!empty($count)) {
        foreach ($_FILES["imageone"]["error"] as $key => $error) {
            if ($error == UPLOAD_ERR_OK) {
                if (in_array($_FILES["imageone"]["type"][$key], $extension)) {
                    if ($_FILES["imageone"]["type"][$key] < 100000) {
                        $name = $_FILES["imageone"]["name"][$key];
                        $temp = $_FILES["imageone"]["tmp_name"][$key];
                        $ext = substr(strrchr($name, "."), 1);
                        $randName = osc_genRandomPassword();
                        $myfile = $randName . '.' . $ext;
                        $location = "../upload/{$myfile}";
                        move_uploaded_file($temp, $location);
                    } else {
                        die("Image Too Large");
                    }
                } else {
                    die("Invalid File Format");
                }
            }
            $sql = mysql_query("INSERT INTO `photo`(`photo_title`, `photo_description`, `photo_date_taken`, `photo_country`, `photo_state`, `photo_honeymoon_spot`, `photo_image_path`) VALUES('" . $_POST['title'] . "', '" . $_POST['desc'] . "', '" . $_POST['date'] . "', '" . $_POST['country'] . "', '" . $_POST['state'] . "', '" . $_POST['spot'] . "', '" . $myfile . "')");
            echo "1";
            //$sql = mysql_query("insert into sample(title, desc, date) values('".$_POST['title']."', '".$_POST['desc']."', '".$_POST['date']."')");
        }
    } else {
示例#30
0
function finish_installation()
{
    require_once LIB_PATH . 'osclass/helpers/hSecurity.php';
    require_once LIB_PATH . 'osclass/model/Admin.php';
    require_once LIB_PATH . 'osclass/model/Preference.php';
    require_once LIB_PATH . 'osclass/model/Category.php';
    require_once LIB_PATH . 'osclass/model/Item.php';
    require_once LIB_PATH . 'osclass/core/Params.php';
    require_once LIB_PATH . 'osclass/compatibility.php';
    require_once LIB_PATH . 'osclass/utils.php';
    $data = array();
    $password = osc_genRandomPassword();
    $mAdmin = new Admin();
    $admin_user = '******';
    $admin = $mAdmin->update(array('s_password' => sha1($password)), array('s_username' => $admin_user));
    $mPreference = Preference::newInstance();
    $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'osclass_installed', 's_value' => '1', 'e_type' => 'BOOLEAN'));
    // update categories
    $mCategories = new Category();
    if (Params::getParam('submit') != '') {
        $categories = Params::getParam('categories');
        if (is_array($categories)) {
            foreach ($categories as $category_id) {
                $mCategories->update(array('b_enabled' => '1'), array('pk_i_id' => $category_id));
            }
        }
    }
    $aCategoriesToDelete = $mCategories->listWhere("a.b_enabled = 0");
    foreach ($aCategoriesToDelete as $aCategory) {
        $mCategories->deleteByPrimaryKey($aCategory['pk_i_id']);
    }
    $admin = $mAdmin->findByPrimaryKey(1);
    $data['s_email'] = $admin['s_email'];
    $data['admin_user'] = $admin_user;
    $data['password'] = $password;
    $body = 'Welcome ' . $mPreference->get('pageTitle') . ',<br/><br/>';
    $body .= 'Your OSClass installation at ' . WEB_PATH . ' is up and running. You can access to the administration panel with this data access:<br/>';
    $body .= '<ul>';
    $body .= '<li>username: '******'</li>';
    $body .= '<li>password: '******'</li>';
    $body .= '</ul>';
    $body .= 'Regards,<br/>';
    $body .= 'The <a href=\'http://osclass.org/\'>OSClass</a> team';
    $sitename = strtolower($_SERVER['SERVER_NAME']);
    if (substr($sitename, 0, 4) == 'www.') {
        $sitename = substr($sitename, 4);
    }
    require_once LIB_PATH . 'phpmailer/class.phpmailer.php';
    $mail = new PHPMailer();
    $mail->CharSet = "utf-8";
    $mail->Host = "localhost";
    $mail->From = 'osclass@' . $sitename;
    $mail->FromName = 'OSClass';
    $mail->Subject = 'OSClass successfully installed!';
    $mail->AddAddress($admin['s_email'], 'OSClass administrator');
    $mail->Body = $body;
    $mail->AltBody = $body;
    if (!$mail->Send()) {
        echo $mail->ErrorInfo;
    }
    return $data;
}