function doModel() { switch ($this->action) { case 'login_post': //post execution for the login if (!osc_users_enabled()) { osc_add_flash_error_message(_m('Users are not enabled')); $this->redirectTo(osc_base_url()); } osc_csrf_check(); osc_run_hook('before_validating_login'); // e-mail or/and password is/are empty or incorrect $wrongCredentials = false; $email = Params::getParam('email'); $password = Params::getParam('password', false, false); if ($email == '') { osc_add_flash_error_message(_m('Please provide an email address')); $wrongCredentials = true; } if ($password == '') { osc_add_flash_error_message(_m('Empty passwords are not allowed. Please provide a password')); $wrongCredentials = true; } if ($wrongCredentials) { $this->redirectTo(osc_user_login_url()); } if (osc_validate_email($email)) { $user = User::newInstance()->findByEmail($email); } if (empty($user)) { $user = User::newInstance()->findByUsername($email); } if (empty($user)) { osc_add_flash_error_message(_m("The user doesn't exist")); $this->redirectTo(osc_user_login_url()); } if (!osc_verify_password($password, isset($user['s_password']) ? $user['s_password'] : '')) { osc_add_flash_error_message(_m('The password is incorrect')); $this->redirectTo(osc_user_login_url()); // @TODO if valid user, send email parameter back to the login form } else { if (@$user['s_password'] != '') { if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $user['s_password'], $cost)) { if ($cost[1] != BCRYPT_COST) { User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id'])); } } else { User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id'])); } } } // e-mail or/and IP is/are banned $banned = osc_is_banned($email); // int 0: not banned or unknown, 1: email is banned, 2: IP is banned, 3: both email & IP are banned if ($banned & 1) { osc_add_flash_error_message(_m('Your current email is not allowed')); } if ($banned & 2) { osc_add_flash_error_message(_m('Your current IP is not allowed')); } if ($banned !== 0) { $this->redirectTo(osc_user_login_url()); } osc_run_hook('before_login'); $url_redirect = osc_get_http_referer(); $page_redirect = ''; if (osc_rewrite_enabled()) { if ($url_redirect != '') { $request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $url_redirect)); $tmp_ar = explode("?", $request_uri); $request_uri = $tmp_ar[0]; $rules = Rewrite::newInstance()->listRules(); foreach ($rules as $match => $uri) { if (preg_match('#' . $match . '#', $request_uri, $m)) { $request_uri = preg_replace('#' . $match . '#', $uri, $request_uri); if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) { $page_redirect = $match[2]; if ($page_redirect == '' || $page_redirect == 'login') { $url_redirect = osc_user_dashboard_url(); } } break; } } } } require_once LIB_PATH . 'osclass/UserActions.php'; $uActions = new UserActions(false); $logged = $uActions->bootstrap_login($user['pk_i_id']); if ($logged == 0) { osc_add_flash_error_message(_m("The user doesn't exist")); } else { if ($logged == 1) { if (time() - strtotime($user['dt_access_date']) > 1200) { // EACH 20 MINUTES osc_add_flash_error_message(sprintf(_m('The user has not been validated yet. Would you like to re-send your <a href="%s">activation?</a>'), osc_user_resend_activation_link($user['pk_i_id'], $user['s_email']))); } else { osc_add_flash_error_message(_m('The user has not been validated yet')); } } else { if ($logged == 2) { osc_add_flash_error_message(_m('The user has been suspended')); } else { if ($logged == 3) { if (Params::getParam('remember') == 1) { //this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_userId', $user['pk_i_id']); Cookie::newInstance()->push('oc_userSecret', $secret); Cookie::newInstance()->set(); } if ($url_redirect == '') { $url_redirect = osc_user_dashboard_url(); } osc_run_hook("after_login", $user, $url_redirect); $this->redirectTo(osc_apply_filter('correct_login_url_redirect', $url_redirect)); } else { osc_add_flash_error_message(_m('This should never happen')); } } } } if (!$user['b_enabled']) { $this->redirectTo(osc_user_login_url()); } $this->redirectTo(osc_user_login_url()); break; case 'resend': $id = Params::getParam('id'); $email = Params::getParam('email'); $user = User::newInstance()->findByPrimaryKey($id); if ($id == '' || $email == '' || !isset($user) || $user['b_active'] == 1 || $email != $user['s_email']) { osc_add_flash_error_message(_m('Incorrect link')); $this->redirectTo(osc_user_login_url()); } if (time() - strtotime($user['dt_access_date']) > 1200) { // EACH 20 MINUTES if (osc_notify_new_user()) { osc_run_hook('hook_email_admin_new_user', $user); } if (osc_user_validation_enabled()) { osc_run_hook('hook_email_user_validation', $user, $user); } User::newInstance()->update(array('dt_access_date' => date('Y-m-d H:i:s')), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_ok_message(_m('Validation email re-sent')); } else { osc_add_flash_warning_message(_m('We have just sent you an email to validate your account, you will have to wait a few minutes to resend it again')); } $this->redirectTo(osc_user_login_url()); break; case 'recover': //form to recover the password (in this case we have the form in /gui/) $this->doView('user-recover.php'); break; case 'recover_post': //post execution to recover the password osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; // e-mail is incorrect if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) { osc_add_flash_error_message(_m('Invalid email address')); $this->redirectTo(osc_recover_user_password_url()); } $userActions = new UserActions(false); $success = $userActions->recover_password(); switch ($success) { case 0: // recover ok osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password')); $this->redirectTo(osc_base_url()); break; case 1: // e-mail does not exist osc_add_flash_error_message(_m('We were not able to identify you given the information provided')); $this->redirectTo(osc_recover_user_password_url()); break; case 2: // recaptcha wrong osc_add_flash_error_message(_m('The recaptcha code is wrong')); $this->redirectTo(osc_recover_user_password_url()); break; } break; case 'forgot': //form to recover the password (in this case we have the form in /gui/) $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user) { $this->doView('user-forgot_password.php'); } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'forgot_post': osc_csrf_check(); if (Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') { osc_add_flash_warning_message(_m('Password cannot be blank')); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user['b_enabled'] == 1) { if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) { User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => Params::getServerParam('REMOTE_ADDR'), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_ok_message(_m('The password has been changed')); $this->redirectTo(osc_user_login_url()); } else { osc_add_flash_error_message(_m("Error, the password don't match")); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); } $this->redirectTo(osc_base_url()); break; default: //login Session::newInstance()->_setReferer(osc_get_http_referer()); if (osc_logged_user_id() != '') { $this->redirectTo(osc_user_dashboard_url()); } $this->doView('user-login.php'); } }
function basic_info() { require_once LIB_PATH . 'osclass/model/Admin.php'; require_once LIB_PATH . 'osclass/helpers/hSecurity.php'; $admin = Params::getParam('s_name'); if ($admin == '') { $admin = 'admin'; } $password = Params::getParam('s_passwd', false, false); if ($password == '') { $password = osc_genRandomPassword(); } Admin::newInstance()->insert(array('s_name' => 'Administrator', 's_username' => $admin, 's_password' => osc_hash_password($password), 's_email' => Params::getParam('email'))); $mPreference = Preference::newInstance(); $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'pageTitle', 's_value' => Params::getParam('webtitle'), 'e_type' => 'STRING')); $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'contactEmail', 's_value' => Params::getParam('email'), 'e_type' => 'STRING')); $body = sprintf(__('Hi %s,'), Params::getParam('webtitle')) . "<br/><br/>"; $body .= sprintf(__('Your Osclass installation at %s is up and running. You can access the administration panel with these details:'), WEB_PATH) . '<br/>'; $body .= '<ul>'; $body .= '<li>' . sprintf(__('username: %s'), $admin) . '</li>'; $body .= '<li>' . sprintf(__('password: %s'), $password) . '</li>'; $body .= '</ul>'; $body .= sprintf(__('Remember that for any doubts you might have you can consult our <a href="%1$s">documentation</a>, <a href="%2$s">forum</a> or <a href="%3$s">blog</a>.'), 'http://doc.osclass.org/', 'http://forums.osclass.org/', 'http://blog.osclass.org/'); $body .= sprintf(' ' . __('Osclass doesn’t run any developments but we can put you in touch with third party developers through a Premium Support. And hey, if you would like to contribute to Osclass - learn how <a href="%1$s">here</a>!'), 'http://blog.osclass.org/2012/11/22/how-to-collaborate-to-osclass/') . '<br/><br/>'; $body .= __('Cheers,') . "<br/>"; $body .= __('The <a href="http://osclass.org/">Osclass</a> team'); $sitename = strtolower($_SERVER['SERVER_NAME']); if (substr($sitename, 0, 4) == 'www.') { $sitename = substr($sitename, 4); } try { require_once LIB_PATH . 'phpmailer/class.phpmailer.php'; $mail = new PHPMailer(true); $mail->CharSet = "utf-8"; $mail->Host = "localhost"; $mail->From = 'osclass@' . $sitename; $mail->FromName = 'Osclass'; $mail->Subject = 'Osclass successfully installed!'; $mail->AddAddress(Params::getParam('email'), 'Osclass administrator'); $mail->Body = $body; $mail->AltBody = $body; if (!$mail->Send()) { return array('email_status' => Params::getParam('email') . "<br>" . $mail->ErrorInfo, 's_password' => $password); } return array('email_status' => '', 's_password' => $password); } catch (phpmailerException $exception) { return array('email_status' => Params::getParam('email') . "<br>" . $exception->errorMessage(), 's_password' => $password); } }
function basic_info() { require_once LIB_PATH . 'osclass/model/Admin.php'; require_once LIB_PATH . 'osclass/helpers/hSecurity.php'; $admin = Params::getParam('s_name'); if ($admin == '') { $admin = 'admin'; } $password = Params::getParam('s_passwd', false, false); if ($password == '') { $password = osc_genRandomPassword(); } Admin::newInstance()->insert(array('s_name' => 'Administrator', 's_username' => $admin, 's_password' => osc_hash_password($password), 's_email' => Params::getParam('email'))); $mPreference = Preference::newInstance(); $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'pageTitle', 's_value' => Params::getParam('webtitle'), 'e_type' => 'STRING')); $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'contactEmail', 's_value' => Params::getParam('email'), 'e_type' => 'STRING')); $body = sprintf(__('Привет %s,'), Params::getParam('webtitle')) . "<br/><br/>"; $body .= sprintf(__('Osclass успешно установлен %s и запущен. Вы можете получить доступ к панели администрирования:'), WEB_PATH) . '<br/>'; $body .= '<ul>'; $body .= '<li>' . sprintf(__('username: %s'), $admin) . '</li>'; $body .= '<li>' . sprintf(__('password: %s'), $password) . '</li>'; $body .= '</ul>'; $body .= sprintf(__('Помните, если у вас появяться вопросы вы можете прочитать <a href="%1$s">документацию</a>, спросить на <a href="%2$s">форуме</a> или в <a href="%3$s">блоге</a>.'), 'http://os-class.ru/wiki', 'http://os-class.ru/frm', 'http://os-class.ru/category/articles'); $body .= sprintf(' ' . __('Osclass doesn’t run any developments but we can put you in touch with third party developers through a Premium Support. And hey, if you would like to contribute to Osclass - learn how <a href="%1$s">here</a>!'), 'http://blog.osclass.org/2012/11/22/how-to-collaborate-to-osclass/') . '<br/><br/>'; $body .= __('Аплодисменты,') . "<br/>"; $body .= __('Ваш <a href="http://os-class.ru/">Osclass Rus Team</a> team'); $sitename = strtolower($_SERVER['SERVER_NAME']); if (substr($sitename, 0, 4) == 'www.') { $sitename = substr($sitename, 4); } try { require_once LIB_PATH . 'phpmailer/class.phpmailer.php'; $mail = new PHPMailer(true); $mail->CharSet = "utf-8"; $mail->Host = "localhost"; $mail->From = 'osclass@' . $sitename; $mail->FromName = 'Osclass'; $mail->Subject = 'Osclass успешно установлен!'; $mail->AddAddress(Params::getParam('email'), 'Osclass administrator'); $mail->Body = $body; $mail->AltBody = $body; if (!$mail->Send()) { return array('email_status' => Params::getParam('email') . "<br>" . $mail->ErrorInfo, 's_password' => $password); } return array('email_status' => '', 's_password' => $password); } catch (phpmailerException $exception) { return array('email_status' => Params::getParam('email') . "<br>" . $exception->errorMessage(), 's_password' => $password); } }
function doModel() { switch ($this->action) { case 'dashboard': //dashboard... $max_items = Params::getParam('max_items') != '' ? Params::getParam('max_items') : 5; $aItems = Item::newInstance()->findByUserIDEnabled(osc_logged_user_id(), 0, $max_items); //calling the view... $this->_exportVariableToView('items', $aItems); $this->_exportVariableToView('max_items', $max_items); $this->doView('user-dashboard.php'); break; case 'profile': //profile... $user = User::newInstance()->findByPrimaryKey(osc_logged_user_id()); $aCountries = Country::newInstance()->listAll(); $aRegions = array(); if ($user['fk_c_country_code'] != '') { $aRegions = Region::newInstance()->findByCountry($user['fk_c_country_code']); } elseif (count($aCountries) > 0) { $aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']); } $aCities = array(); if ($user['fk_i_region_id'] != '') { $aCities = City::newInstance()->findByRegion($user['fk_i_region_id']); } else { if (count($aRegions) > 0) { $aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']); } } //calling the view... $this->_exportVariableToView('countries', $aCountries); $this->_exportVariableToView('regions', $aRegions); $this->_exportVariableToView('cities', $aCities); $this->_exportVariableToView('user', $user); $this->_exportVariableToView('locales', OSCLocale::newInstance()->listAllEnabled()); $this->doView('user-profile.php'); break; case 'profile_post': //profile post... osc_csrf_check(); $userId = Session::newInstance()->_get('userId'); require_once LIB_PATH . 'osclass/UserActions.php'; $userActions = new UserActions(false); $success = $userActions->edit($userId); if ($success == 1 || $success == 2) { osc_add_flash_ok_message(_m('Your profile has been updated successfully')); } else { osc_add_flash_error_message($success); } $this->redirectTo(osc_user_profile_url()); break; case 'alerts': //alerts $aAlerts = Alerts::newInstance()->findByUser(Session::newInstance()->_get('userId'), false); $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId')); foreach ($aAlerts as $k => $a) { $array_conditions = (array) json_decode($a['s_search']); // $search = Search::newInstance(); $search = new Search(); $search->setJsonAlert($array_conditions); $search->limit(0, 3); $aAlerts[$k]['items'] = $search->doSearch(); } $this->_exportVariableToView('alerts', $aAlerts); View::newInstance()->_reset('alerts'); $this->_exportVariableToView('user', $user); $this->doView('user-alerts.php'); break; case 'change_email': //change email $this->doView('user-change_email.php'); break; case 'change_email_post': //change email post osc_csrf_check(); if (!osc_validate_email(Params::getParam('new_email'))) { osc_add_flash_error_message(_m('The specified e-mail is not valid')); $this->redirectTo(osc_change_user_email_url()); } else { $user = User::newInstance()->findByEmail(Params::getParam('new_email')); if (!isset($user['pk_i_id'])) { $userEmailTmp = array(); $userEmailTmp['fk_i_user_id'] = Session::newInstance()->_get('userId'); $userEmailTmp['s_new_email'] = Params::getParam('new_email'); UserEmailTmp::newInstance()->insertOrUpdate($userEmailTmp); $code = osc_genRandomPassword(30); $date = date('Y-m-d H:i:s'); $userManager = new User(); $userManager->update(array('s_pass_code' => $code, 's_pass_date' => $date, 's_pass_ip' => $_SERVER['REMOTE_ADDR']), array('pk_i_id' => Session::newInstance()->_get('userId'))); $validation_url = osc_change_user_email_confirm_url(Session::newInstance()->_get('userId'), $code); osc_run_hook('hook_email_new_email', Params::getParam('new_email'), $validation_url); $this->redirectTo(osc_user_profile_url()); } else { osc_add_flash_error_message(_m('The specified e-mail is already in use')); $this->redirectTo(osc_change_user_email_url()); } } break; case 'change_username': //change username $this->doView('user-change_username.php'); break; case 'change_username_post': //change username $username = osc_sanitize_username(Params::getParam('s_username')); osc_run_hook('before_username_change', Session::newInstance()->_get('userId'), $username); if ($username != '') { $user = User::newInstance()->findByUsername($username); if (isset($user['s_username'])) { osc_add_flash_error_message(_m('The specified username is already in use')); } else { if (!osc_is_username_blacklisted($username)) { User::newInstance()->update(array('s_username' => $username), array('pk_i_id' => Session::newInstance()->_get('userId'))); osc_add_flash_ok_message(_m('The username was updated')); osc_run_hook('after_username_change', Session::newInstance()->_get('userId'), Params::getParam('s_username')); $this->redirectTo(osc_user_profile_url()); } else { osc_add_flash_error_message(_m('The specified username is not valid, it contains some invalid words')); } } } else { osc_add_flash_error_message(_m('The specified username could not be empty')); } $this->redirectTo(osc_change_user_username_url()); break; case 'change_password': //change password $this->doView('user-change_password.php'); break; case 'change_password_post': //change password post osc_csrf_check(); $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId')); if (Params::getParam('password', false, false) == '' || Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') { osc_add_flash_warning_message(_m('Password cannot be blank')); $this->redirectTo(osc_change_user_password_url()); } if (!osc_verify_password(Params::getParam('password', false, false), $user['s_password'])) { osc_add_flash_error_message(_m("Current password doesn't match")); $this->redirectTo(osc_change_user_password_url()); } if (!Params::getParam('new_password', false, false)) { osc_add_flash_error_message(_m("Passwords can't be empty")); $this->redirectTo(osc_change_user_password_url()); } if (Params::getParam('new_password', false, false) != Params::getParam('new_password2', false, false)) { osc_add_flash_error_message(_m("Passwords don't match")); $this->redirectTo(osc_change_user_password_url()); } User::newInstance()->update(array('s_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => Session::newInstance()->_get('userId'))); osc_add_flash_ok_message(_m('Password has been changed')); $this->redirectTo(osc_user_profile_url()); break; case 'items': // view items user $itemsPerPage = Params::getParam('itemsPerPage') != '' ? Params::getParam('itemsPerPage') : 10; $page = Params::getParam('iPage') > 0 ? Params::getParam('iPage') - 1 : 0; $itemType = Params::getParam('itemType'); $total_items = Item::newInstance()->countItemTypesByUserID(osc_logged_user_id(), $itemType); $total_pages = ceil($total_items / $itemsPerPage); $items = Item::newInstance()->findItemTypesByUserID(osc_logged_user_id(), $page * $itemsPerPage, $itemsPerPage, $itemType); $this->_exportVariableToView('items', $items); $this->_exportVariableToView('search_total_pages', $total_pages); $this->_exportVariableToView('search_total_items', $total_items); $this->_exportVariableToView('items_per_page', $itemsPerPage); $this->_exportVariableToView('items_type', $itemType); $this->_exportVariableToView('search_page', $page); $this->doView('user-items.php'); break; case 'activate_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $result = 0; if ($email != '' && $secret != '') { $result = Alerts::newInstance()->activate($email, $secret); } if ($result == 1) { osc_add_flash_ok_message(_m('Alert activated')); } else { osc_add_flash_error_message(_m('Oops! There was a problem trying to activate your alert. Please contact an administrator')); } $this->redirectTo(osc_base_url()); break; case 'unsub_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $id = Params::getParam('id'); $alert = Alerts::newInstance()->findByPrimaryKey($id); $result = 0; if (!empty($alert)) { if ($email == $alert['s_email'] && $secret == $alert['s_secret']) { $result = Alerts::newInstance()->unsub($id); } } if ($result == 1) { osc_add_flash_ok_message(_m('Unsubscribed correctly')); } else { osc_add_flash_error_message(_m('Oops! There was a problem trying to unsubscribe you. Please contact an administrator')); } $this->redirectTo(osc_user_alerts_url()); break; case 'delete': $id = Params::getParam('id'); $secret = Params::getParam('secret'); if (osc_is_web_user_logged_in()) { $user = User::newInstance()->findByPrimaryKey(osc_logged_user_id()); View::newInstance()->_exportVariableToView('user', $user); if (!empty($user) && osc_logged_user_id() == $id && $secret == $user['s_secret']) { User::newInstance()->deleteUser(osc_logged_user_id()); Session::newInstance()->_drop('userId'); Session::newInstance()->_drop('userName'); Session::newInstance()->_drop('userEmail'); Session::newInstance()->_drop('userPhone'); Cookie::newInstance()->pop('oc_userId'); Cookie::newInstance()->pop('oc_userSecret'); Cookie::newInstance()->set(); osc_add_flash_ok_message(_m("Your account have been deleted")); $this->redirectTo(osc_base_url()); } else { osc_add_flash_error_message(_m("Oops! you can not do that")); $this->redirectTo(osc_user_dashboard_url()); } } else { osc_add_flash_error_message(_m("Oops! you can not do that")); $this->redirectTo(osc_base_url()); } break; } }
function doModel() { parent::doModel(); switch($this->action) { case('add'): // callin add view $this->_exportVariableToView( 'admin', null ); $this->doView('admins/frm.php'); break; case('add_post'): if( defined('DEMO') ) { osc_add_flash_warning_message( _m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } osc_csrf_check(); // adding a new admin $sPassword = Params::getParam('s_password', false, false); $sName = Params::getParam('s_name'); $sEmail = Params::getParam('s_email'); $sUserName = Params::getParam('s_username'); $bModerator = Params::getParam('b_moderator')==0?0:1; // cleaning parameters $sPassword = strip_tags($sPassword); $sPassword = trim($sPassword); $sName = strip_tags($sName); $sName = trim($sName); $sEmail = strip_tags($sEmail); $sEmail = trim($sEmail); $sUserName = strip_tags($sUserName); $sUserName = trim($sUserName); // Checks for legit data if( !osc_validate_email($sEmail, true) ) { osc_add_flash_warning_message( _m("Email invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } if( !osc_validate_username($sUserName) ) { osc_add_flash_warning_message( _m("Username invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } if( $sName == '' ) { osc_add_flash_warning_message( _m("Name invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true).'?page=admins&action=add'); } if( $sPassword == '' ) { osc_add_flash_warning_message( _m("Password invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } $admin = $this->adminManager->findByEmail($sEmail); if( $admin ) { osc_add_flash_warning_message( _m("Email already in use"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } $admin = $this->adminManager->findByUsername($sUserName); if( $admin ) { osc_add_flash_warning_message( _m("Username already in use"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } $array = array( 's_password' => osc_hash_password($sPassword), 's_name' => $sName, 's_email' => $sEmail, 's_username' => $sUserName, 'b_moderator' => $bModerator ); $isInserted = $this->adminManager->insert($array); if( $isInserted ) { // send email osc_run_hook('hook_email_new_admin', array( 's_name' => $sName, 's_username' => $sUserName, 's_password' => $sPassword, 's_email' => $sEmail ) ); osc_add_flash_ok_message( _m('The admin has been added'), 'admin'); } else { osc_add_flash_error_message( _m('There has been an error adding a new admin'), 'admin'); } $this->redirectTo(osc_admin_base_url(true).'?page=admins'); break; case('edit'): // calling edit admin view $adminEdit = null; $adminId = Params::getParam('id'); if( $adminId != '' ) { $adminEdit = $this->adminManager->findByPrimaryKey((int) $adminId); } elseif( Session::newInstance()->_get('adminId') != '') { $adminEdit = $this->adminManager->findByPrimaryKey( Session::newInstance()->_get('adminId') ); } if( count($adminEdit) == 0 ) { osc_add_flash_error_message( _m('There is no admin with this id'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } $this->_exportVariableToView("admin", $adminEdit); $this->doView('admins/frm.php'); break; case('edit_post'): if( defined('DEMO') ) { osc_add_flash_warning_message( _m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } osc_csrf_check(); // updating a new admin $iUpdated = 0; $adminId = Params::getParam('id'); $sPassword = Params::getParam('s_password', false, false); $sPassword2 = Params::getParam('s_password2', false, false); $sOldPassword = Params::getParam('old_password', false, false); $sName = Params::getParam('s_name'); $sEmail = Params::getParam('s_email'); $sUserName = Params::getParam('s_username'); $bModerator = Params::getParam('b_moderator')==0?0:1; // cleaning parameters $sPassword = strip_tags($sPassword); $sPassword = trim($sPassword); $sPassword2 = strip_tags($sPassword2); $sPassword2 = trim($sPassword2); $sName = strip_tags($sName); $sName = trim($sName); $sEmail = strip_tags($sEmail); $sEmail = trim($sEmail); $sUserName = strip_tags($sUserName); $sUserName = trim($sUserName); // Checks for legit data if( !osc_validate_email($sEmail, true) ) { osc_add_flash_warning_message( _m("Email invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } if( !osc_validate_username($sUserName) ) { osc_add_flash_warning_message( _m("Username invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } if( $sName == '' ) { osc_add_flash_warning_message( _m("Name invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } $aAdmin = $this->adminManager->findByPrimaryKey($adminId); if( count($aAdmin) == 0 ) { osc_add_flash_error_message( _m("This admin doesn't exist"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } if( $aAdmin['s_email'] != $sEmail ) { if($this->adminManager->findByEmail( $sEmail ) ) { osc_add_flash_warning_message( _m('Existing email'), 'admin'); $this->redirectTo(osc_admin_base_url(true).'?page=admins&action=edit&id=' . $adminId); } } if( $aAdmin['s_username'] != $sUserName ) { if( $this->adminManager->findByUsername( $sUserName ) ) { osc_add_flash_warning_message( _m('Existing username'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } } $conditions = array('pk_i_id' => $adminId); $array = array(); if(osc_logged_admin_id()==$adminId) { if($sOldPassword != '' ) { if( $sPassword=='' ) { osc_add_flash_warning_message( _m("Password invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } else { $firstCondition = osc_verify_password($sOldPassword, $aAdmin['s_password']); $secondCondition = ( $sPassword == $sPassword2 ); if( $firstCondition && $secondCondition ) { $array['s_password'] = osc_hash_password($sPassword); } else { osc_add_flash_warning_message( _m("The password couldn't be updated. Passwords don't match"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } } } } else { if( $sPassword!='') { if($sPassword == $sPassword2) { $array['s_password'] = osc_hash_password($sPassword); } else { osc_add_flash_warning_message( _m("The password couldn't be updated. Passwords don't match"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } } } if($adminId!=osc_logged_admin_id()) { $array['b_moderator'] = $bModerator; } $array['s_name'] = Params::getParam('s_name'); $array['s_username'] = $sUserName; $array['s_email'] = $sEmail; $iUpdated = $this->adminManager->update($array, $conditions); if( $iUpdated > 0 ) { osc_add_flash_ok_message( _m('The admin has been updated'), 'admin'); } if( $this->isModerator() ) { $this->redirectTo(osc_admin_base_url(true)); } else { $this->redirectTo(osc_admin_base_url(true).'?page=admins'); } break; case('delete'): if( defined('DEMO') ) { osc_add_flash_warning_message( _m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } osc_csrf_check(); // deleting and admin $isDeleted = false; $adminId = Params::getParam('id'); if( !is_array($adminId) ) { osc_add_flash_error_message( _m("The admin id isn't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } // Verification to avoid an administrator trying to remove to itself if( in_array(Session::newInstance()->_get('adminId'), $adminId) ) { osc_add_flash_error_message( _m("The operation hasn't been completed. You're trying to remove yourself!"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } $isDeleted = $this->adminManager->deleteBatch( $adminId ); if( $isDeleted ) { osc_add_flash_ok_message( _m('The admin has been deleted correctly'), 'admin'); } else { osc_add_flash_error_message( _m('The admin couldn\'t be deleted'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); break; default: if(Params::getParam("action")!="") { osc_run_hook("admin_bulk_".Params::getParam("action"), Params::getParam('id')); } if( Params::getParam('iDisplayLength') == '' ) { Params::setParam('iDisplayLength', 10 ); } $p_iPage = 1; if( is_numeric(Params::getParam('iPage')) && Params::getParam('iPage') >= 1 ) { $p_iPage = Params::getParam('iPage'); } Params::setParam('iPage', $p_iPage); $admins = $this->adminManager->listAll(); // pagination $start = ($p_iPage-1) * Params::getParam('iDisplayLength'); $limit = Params::getParam('iDisplayLength'); $count = count( $admins ); $displayRecords = $limit; if( ($start+$limit ) > $count ) { $displayRecords = ($start+$limit) - $count; } // ---- $aData = array(); $max = ($start+$limit); if($max > $count) $max = $count; for($i = $start; $i < $max; $i++) { $admin = $admins[$i]; $options = array(); $options[] = '<a href="' . osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $admin['pk_i_id'] . '">' . __('Edit') . '</a>'; $options[] = '<a onclick="return delete_dialog(\'' . $admin['pk_i_id'] . '\');" href="' . osc_admin_base_url(true) . '?page=admins&action=delete&id[]=' . $admin['pk_i_id'] . '">' . __('Delete') . '</a>'; $auxOptions = '<ul>'.PHP_EOL; foreach( $options as $actual ) { $auxOptions .= '<li>'.$actual.'</li>'.PHP_EOL; } $actions = '<div class="actions">'.$auxOptions.'</div>'.PHP_EOL; $row = array(); $row[] = '<input type="checkbox" name="id[]" value="' . $admin['pk_i_id'] . '" />'; $row[] = $admin['s_username'] . $actions; $row[] = $admin['s_name']; $row[] = $admin['s_email']; $aData[] = $row; } $array['iTotalRecords'] = $displayRecords; $array['iTotalDisplayRecords'] = count($admins); $array['iDisplayLength'] = $limit; $array['aaData'] = $aData; $page = (int)Params::getParam('iPage'); if(count($array['aaData']) == 0 && $page!=1) { $total = (int)$array['iTotalDisplayRecords']; $maxPage = ceil( $total / (int)$array['iDisplayLength'] ); $url = osc_admin_base_url(true).'?'.$_SERVER['QUERY_STRING']; if($maxPage==0) { $url = preg_replace('/&iPage=(\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if($page > 1) { $url = preg_replace('/&iPage=(\d)+/', '&iPage='.$maxPage, $url); $this->redirectTo($url); } } $bulk_options = array( array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'delete', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected admins?'), strtolower(__('Delete'))), 'label' => __('Delete')) ); $bulk_options = osc_apply_filter("admin_bulk_filter", $bulk_options); $this->_exportVariableToView('bulk_options', $bulk_options); $this->_exportVariableToView('aAdmins', $array); // calling manage admins view $this->doView('admins/index.php'); break; } }
function prepareData($is_add) { $input = array(); if ( $is_add ) { $input['s_secret'] = osc_genRandomPassword(); $input['dt_reg_date'] = date('Y-m-d H:i:s'); } else { $input['dt_mod_date'] = date('Y-m-d H:i:s'); } //only for administration, in the public website this two params are edited separately if ( $this->is_admin || $is_add ) { $input['s_email'] = Params::getParam('s_email'); //if we want to change the password if( Params::getParam('s_password', false, false) != '') { $input['s_password'] = osc_hash_password(Params::getParam('s_password', false, false)); } $input['s_username'] = osc_sanitize_username(Params::getParam('s_username')); } $input['s_name'] = trim(Params::getParam('s_name')); $input['s_website'] = trim(Params::getParam('s_website')); $input['s_phone_land'] = trim(Params::getParam('s_phone_land')); $input['s_phone_mobile'] = trim(Params::getParam('s_phone_mobile')); if(strtolower(substr($input['s_website'], 0, 4))!=='http') { $input['s_website'] = 'http://'.$input['s_website']; } $input['s_website'] = osc_sanitize_url($input['s_website']); if ( ! osc_validate_url($input['s_website'])) $input['s_website'] = ''; //locations... $country = Country::newInstance()->findByCode( Params::getParam('countryId') ); if(count($country) > 0) { $countryId = $country['pk_c_code']; $countryName = $country['s_name']; } else { $countryId = null; $countryName = Params::getParam('country'); } if( intval( Params::getParam('regionId') ) ) { $region = Region::newInstance()->findByPrimaryKey( Params::getParam('regionId') ); if( count($region) > 0 ) { $regionId = $region['pk_i_id']; $regionName = $region['s_name']; } } else { $regionId = null; $regionName = Params::getParam('region'); } if( intval( Params::getParam('cityId') ) ) { $city = City::newInstance()->findByPrimaryKey( Params::getParam('cityId') ); if( count($city) > 0 ) { $cityId = $city['pk_i_id']; $cityName = $city['s_name']; } } else { $cityId = null; $cityName = Params::getParam('city'); } $input['fk_c_country_code'] = $countryId; $input['s_country'] = $countryName; $input['fk_i_region_id'] = $regionId; $input['s_region'] = $regionName; $input['fk_i_city_id'] = $cityId; $input['s_city'] = $cityName; $input['s_city_area'] = Params::getParam('cityArea'); $input['s_address'] = Params::getParam('address'); $input['s_zip'] = Params::getParam('zip'); $input['d_coord_lat'] = (Params::getParam('d_coord_lat') != '') ? Params::getParam('d_coord_lat') : null; $input['d_coord_long'] = (Params::getParam('d_coord_long') != '') ? Params::getParam('d_coord_long') : null; $input['b_company'] = (Params::getParam('b_company') != '' && Params::getParam('b_company') != 0) ? 1 : 0; return($input); }
function doModel() { switch ($this->action) { case 'login_post': //post execution for the login osc_csrf_check(); osc_run_hook('before_login_admin'); $url_redirect = osc_get_http_referer(); $page_redirect = ''; $password = Params::getParam('password', false, false); if (preg_match('|[\\?&]page=([^&]+)|', $url_redirect . '&', $match)) { $page_redirect = $match[1]; } if ($page_redirect == '' || $page_redirect == 'login' || $url_redirect == '') { $url_redirect = osc_admin_base_url(); } if (Params::getParam('user') == '') { osc_add_flash_error_message(_m('The username field is empty'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=login"); } if (Params::getParam('password', false, false) == '') { osc_add_flash_error_message(_m('The password field is empty'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=login"); } // fields are not empty $admin = Admin::newInstance()->findByUsername(Params::getParam('user')); if (!$admin) { osc_add_flash_error_message(sprintf(_m('Sorry, incorrect username. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=login"); } if (!osc_verify_password($password, $admin['s_password'])) { osc_add_flash_error_message(sprintf(_m('Sorry, incorrect password. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=login"); } else { if (@$admin['s_password'] != '') { if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $admin['s_password'], $cost)) { if ($cost[1] != BCRYPT_COST) { Admin::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $admin['pk_i_id'])); } } else { Admin::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $admin['pk_i_id'])); } } } if (Params::getParam('remember')) { // this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); Admin::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $admin['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_adminId', $admin['pk_i_id']); Cookie::newInstance()->push('oc_adminSecret', $secret); Cookie::newInstance()->push('oc_adminLocale', Params::getParam('locale')); Cookie::newInstance()->set(); } // we are logged in... let's go! Session::newInstance()->_set('adminId', $admin['pk_i_id']); Session::newInstance()->_set('adminUserName', $admin['s_username']); Session::newInstance()->_set('adminName', $admin['s_name']); Session::newInstance()->_set('adminEmail', $admin['s_email']); Session::newInstance()->_set('adminLocale', Params::getParam('locale')); osc_run_hook('login_admin', $admin); $this->redirectTo($url_redirect); break; case 'recover': // form to recover the password (in this case we have the form in /gui/) $this->doView('gui/recover.php'); break; case 'recover_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url()); } osc_csrf_check(); // post execution to recover the password $admin = Admin::newInstance()->findByEmail(Params::getParam('email')); if ($admin) { if (osc_recaptcha_private_key() != '') { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The reCAPTCHA code is wrong'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=login&action=recover'); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $newPassword = osc_genRandomPassword(40); Admin::newInstance()->update(array('s_secret' => $newPassword), array('pk_i_id' => $admin['pk_i_id'])); $password_url = osc_forgot_admin_password_confirm_url($admin['pk_i_id'], $newPassword); osc_run_hook('hook_email_user_forgot_password', $admin, $password_url); } osc_add_flash_ok_message(_m('A new password has been sent to your e-mail'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=login'); break; case 'forgot': // form to recover the password (in this case we have the form in /gui/) $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code')); if (!$admin) { osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin'); $this->redirectTo(osc_admin_base_url()); } $this->doView('gui/forgot_password.php'); break; case 'forgot_post': osc_csrf_check(); $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code')); if (!$admin) { osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin'); $this->redirectTo(osc_admin_base_url()); } if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) { Admin::newInstance()->update(array('s_secret' => osc_genRandomPassword(), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $admin['pk_i_id'])); osc_add_flash_ok_message(_m('The password has been changed'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=login'); } else { osc_add_flash_error_message(_m("Error, the passwords don't match"), 'admin'); $this->redirectTo(osc_forgot_admin_password_confirm_url(Params::getParam('adminId'), Params::getParam('code'))); } break; default: //osc_run_hook( 'init_admin' ); Session::newInstance()->_setReferer(osc_get_http_referer()); $this->doView('gui/login.php'); break; } }