本文整理汇总了PHP中osc_csrf_check函数的典型用法代码示例。如果您正苦于以下问题:PHP osc_csrf_check函数的具体用法?PHP osc_csrf_check怎么用?PHP osc_csrf_check使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了osc_csrf_check函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: doModel
function doModel()
{
switch ($this->action) {
case 'login_post':
//post execution for the login
if (!osc_users_enabled()) {
osc_add_flash_error_message(_m('Users are not enabled'));
$this->redirectTo(osc_base_url());
}
osc_csrf_check();
osc_run_hook('before_validating_login');
// e-mail or/and password is/are empty or incorrect
$wrongCredentials = false;
$email = Params::getParam('email');
$password = Params::getParam('password', false, false);
if ($email == '') {
osc_add_flash_error_message(_m('Please provide an email address'));
$wrongCredentials = true;
}
if ($password == '') {
osc_add_flash_error_message(_m('Empty passwords are not allowed. Please provide a password'));
$wrongCredentials = true;
}
if ($wrongCredentials) {
$this->redirectTo(osc_user_login_url());
}
if (osc_validate_email($email)) {
$user = User::newInstance()->findByEmail($email);
}
if (empty($user)) {
$user = User::newInstance()->findByUsername($email);
}
if (empty($user)) {
osc_add_flash_error_message(_m("The user doesn't exist"));
$this->redirectTo(osc_user_login_url());
}
if (!osc_verify_password($password, isset($user['s_password']) ? $user['s_password'] : '')) {
osc_add_flash_error_message(_m('The password is incorrect'));
$this->redirectTo(osc_user_login_url());
// @TODO if valid user, send email parameter back to the login form
} else {
if (@$user['s_password'] != '') {
if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $user['s_password'], $cost)) {
if ($cost[1] != BCRYPT_COST) {
User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id']));
}
} else {
User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id']));
}
}
}
// e-mail or/and IP is/are banned
$banned = osc_is_banned($email);
// int 0: not banned or unknown, 1: email is banned, 2: IP is banned, 3: both email & IP are banned
if ($banned & 1) {
osc_add_flash_error_message(_m('Your current email is not allowed'));
}
if ($banned & 2) {
osc_add_flash_error_message(_m('Your current IP is not allowed'));
}
if ($banned !== 0) {
$this->redirectTo(osc_user_login_url());
}
osc_run_hook('before_login');
$url_redirect = osc_get_http_referer();
$page_redirect = '';
if (osc_rewrite_enabled()) {
if ($url_redirect != '') {
$request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $url_redirect));
$tmp_ar = explode("?", $request_uri);
$request_uri = $tmp_ar[0];
$rules = Rewrite::newInstance()->listRules();
foreach ($rules as $match => $uri) {
if (preg_match('#' . $match . '#', $request_uri, $m)) {
$request_uri = preg_replace('#' . $match . '#', $uri, $request_uri);
if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) {
$page_redirect = $match[2];
if ($page_redirect == '' || $page_redirect == 'login') {
$url_redirect = osc_user_dashboard_url();
}
}
break;
}
}
}
}
require_once LIB_PATH . 'osclass/UserActions.php';
$uActions = new UserActions(false);
$logged = $uActions->bootstrap_login($user['pk_i_id']);
if ($logged == 0) {
osc_add_flash_error_message(_m("The user doesn't exist"));
} else {
if ($logged == 1) {
if (time() - strtotime($user['dt_access_date']) > 1200) {
// EACH 20 MINUTES
osc_add_flash_error_message(sprintf(_m('The user has not been validated yet. Would you like to re-send your <a href="%s">activation?</a>'), osc_user_resend_activation_link($user['pk_i_id'], $user['s_email'])));
} else {
osc_add_flash_error_message(_m('The user has not been validated yet'));
}
} else {
//.........这里部分代码省略.........
示例2: doModel
function doModel()
{
parent::doModel();
//specific things for this class
switch ($this->action) {
case 'add_post_default':
// add default category and reorder parent categories
osc_csrf_check();
$fields['fk_i_parent_id'] = NULL;
$fields['i_expiration_days'] = 0;
$fields['i_position'] = 0;
$fields['b_enabled'] = 1;
$default_locale = osc_language();
$aFieldsDescription[$default_locale]['s_name'] = "NEW CATEGORY, EDIT ME!";
$categoryId = $this->categoryManager->insert($fields, $aFieldsDescription);
// reorder parent categories. NEW category first
$rootCategories = $this->categoryManager->findRootCategories();
foreach ($rootCategories as $cat) {
$order = $cat['i_position'];
$order++;
$this->categoryManager->updateOrder($cat['pk_i_id'], $order);
}
$this->categoryManager->updateOrder($categoryId, '0');
$this->redirectTo(osc_admin_base_url(true) . '?page=categories');
break;
default:
//
$this->_exportVariableToView("categories", $this->categoryManager->toTreeAll());
$this->doView("categories/index.php");
}
}示例3: doModel
function doModel()
{
switch ($this->action) {
case 'latestsearches':
//calling the comments settings view
$this->doView('settings/searches.php');
break;
case 'latestsearches_post':
// updating comment
osc_csrf_check();
if (Params::getParam('save_latest_searches') == 'on') {
osc_set_preference('save_latest_searches', 1);
} else {
osc_set_preference('save_latest_searches', 0);
}
if (Params::getParam('customPurge') == '') {
osc_add_flash_error_message(_m('Custom number could not be left empty'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=latestsearches');
} else {
osc_set_preference('purge_latest_searches', Params::getParam('customPurge'));
osc_add_flash_ok_message(_m('Last search settings have been updated'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=latestsearches');
}
break;
}
}示例4: doModel
function doModel()
{
switch ($this->action) {
case 'advanced':
//calling the advanced settings view
$this->doView('settings/advanced.php');
break;
case 'advanced_post':
// updating advanced settings
if (defined('DEMO')) {
osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=advanced');
}
osc_csrf_check();
$subdomain_type = Params::getParam('e_type');
if (!in_array($subdomain_type, array('category', 'country', 'region', 'city', 'user'))) {
$subdomain_type = '';
}
$iUpdated = osc_set_preference('subdomain_type', $subdomain_type);
$iUpdated += osc_set_preference('subdomain_host', Params::getParam('s_host'));
if ($iUpdated > 0) {
osc_add_flash_ok_message(_m("Advanced settings have been updated"), 'admin');
}
osc_calculate_location_slug(osc_subdomain_type());
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=advanced');
break;
case 'advanced_cache_flush':
osc_cache_flush();
osc_add_flash_ok_message(_m("Cache flushed correctly"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=advanced');
break;
}
}示例5: doModel
function doModel()
{
switch ($this->action) {
case 'comments':
//calling the comments settings view
$this->doView('settings/comments.php');
break;
case 'comments_post':
// updating comment
osc_csrf_check();
$iUpdated = 0;
$enabledComments = Params::getParam('enabled_comments');
$enabledComments = $enabledComments != '' ? true : false;
$moderateComments = Params::getParam('moderate_comments');
$moderateComments = $moderateComments != '' ? true : false;
$numModerateComments = Params::getParam('num_moderate_comments');
$commentsPerPage = Params::getParam('comments_per_page');
$notifyNewComment = Params::getParam('notify_new_comment');
$notifyNewComment = $notifyNewComment != '' ? true : false;
$notifyNewCommentUser = Params::getParam('notify_new_comment_user');
$notifyNewCommentUser = $notifyNewCommentUser != '' ? true : false;
$regUserPostComments = Params::getParam('reg_user_post_comments');
$regUserPostComments = $regUserPostComments != '' ? true : false;
$msg = '';
if (!osc_validate_int(Params::getParam("num_moderate_comments"))) {
$msg .= _m("Number of moderate comments must only contain numeric characters") . "<br/>";
}
if (!osc_validate_int(Params::getParam("comments_per_page"))) {
$msg .= _m("Comments per page must only contain numeric characters") . "<br/>";
}
if ($msg != '') {
osc_add_flash_error_message($msg, 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=comments');
}
$iUpdated += osc_set_preference('enabled_comments', $enabledComments);
if ($moderateComments) {
$iUpdated += osc_set_preference('moderate_comments', $numModerateComments);
} else {
$iUpdated += osc_set_preference('moderate_comments', '-1');
}
$iUpdated += osc_set_preference('notify_new_comment', $notifyNewComment);
$iUpdated += osc_set_preference('notify_new_comment_user', $notifyNewCommentUser);
$iUpdated += osc_set_preference('comments_per_page', $commentsPerPage);
$iUpdated += osc_set_preference('reg_user_post_comments', $regUserPostComments);
if ($iUpdated > 0) {
osc_add_flash_ok_message(_m("Comment settings have been updated"), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=comments');
break;
}
}示例6: doModel
function doModel()
{
switch ($this->action) {
case 'spamNbots':
// calling the spam and bots view
$akismet_key = osc_akismet_key();
$akismet_status = 3;
if ($akismet_key != '') {
require_once osc_lib_path() . 'Akismet.class.php';
$akismet_obj = new Akismet(osc_base_url(), $akismet_key);
$akismet_status = 2;
if ($akismet_obj->isKeyValid()) {
$akismet_status = 1;
}
}
View::newInstance()->_exportVariableToView('akismet_status', $akismet_status);
$this->doView('settings/spamNbots.php');
break;
case 'akismet_post':
// updating spam and bots option
osc_csrf_check();
$updated = 0;
$akismetKey = Params::getParam('akismetKey');
$akismetKey = trim($akismetKey);
$updated = osc_set_preference('akismetKey', $akismetKey);
if ($akismetKey == '') {
osc_add_flash_info_message(_m('Your Akismet key has been cleared'), 'admin');
} else {
osc_add_flash_ok_message(_m('Your Akismet key has been updated'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=spamNbots');
break;
case 'recaptcha_post':
// updating spam and bots option
osc_csrf_check();
$iUpdated = 0;
$recaptchaPrivKey = Params::getParam('recaptchaPrivKey');
$recaptchaPrivKey = trim($recaptchaPrivKey);
$recaptchaPubKey = Params::getParam('recaptchaPubKey');
$recaptchaPubKey = trim($recaptchaPubKey);
$iUpdated += osc_set_preference('recaptchaPrivKey', $recaptchaPrivKey);
$iUpdated += osc_set_preference('recaptchaPubKey', $recaptchaPubKey);
if ($recaptchaPubKey == '') {
osc_add_flash_info_message(_m('Your reCAPTCHA key has been cleared'), 'admin');
} else {
osc_add_flash_ok_message(_m('Your reCAPTCHA key has been updated'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=spamNbots');
break;
}
}示例7: doModel
function doModel()
{
switch ($this->action) {
case 'mailserver':
// calling the mailserver view
$this->doView('settings/mailserver.php');
break;
case 'mailserver_post':
if (defined('DEMO')) {
osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=mailserver');
}
osc_csrf_check();
// updating mailserver
$iUpdated = 0;
$mailserverAuth = Params::getParam('mailserver_auth');
$mailserverAuth = $mailserverAuth != '' ? true : false;
$mailserverPop = Params::getParam('mailserver_pop');
$mailserverPop = $mailserverPop != '' ? true : false;
$mailserverType = Params::getParam('mailserver_type');
$mailserverHost = Params::getParam('mailserver_host');
$mailserverPort = Params::getParam('mailserver_port');
$mailserverUsername = Params::getParam('mailserver_username');
$mailserverPassword = Params::getParam('mailserver_password', false, false);
$mailserverSsl = Params::getParam('mailserver_ssl');
$mailserverMailFrom = Params::getParam('mailserver_mail_from');
$mailserverNameFrom = Params::getParam('mailserver_name_from');
if (!in_array($mailserverType, array('custom', 'gmail'))) {
osc_add_flash_error_message(_m('Mail server type is incorrect'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=mailserver');
}
$iUpdated += osc_set_preference('mailserver_auth', $mailserverAuth);
$iUpdated += osc_set_preference('mailserver_pop', $mailserverPop);
$iUpdated += osc_set_preference('mailserver_type', $mailserverType);
$iUpdated += osc_set_preference('mailserver_host', $mailserverHost);
$iUpdated += osc_set_preference('mailserver_port', $mailserverPort);
$iUpdated += osc_set_preference('mailserver_username', $mailserverUsername);
$iUpdated += osc_set_preference('mailserver_password', $mailserverPassword);
$iUpdated += osc_set_preference('mailserver_ssl', $mailserverSsl);
$iUpdated += osc_set_preference('mailserver_mail_from', $mailserverMailFrom);
$iUpdated += osc_set_preference('mailserver_name_from', $mailserverNameFrom);
if ($iUpdated > 0) {
osc_add_flash_ok_message(_m('Mail server configuration has changed'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=mailserver');
break;
}
}示例8: doModel
function doModel()
{
switch ($this->action) {
case 'dashboard':
//dashboard...
$max_items = Params::getParam('max_items') != '' ? Params::getParam('max_items') : 5;
$aItems = Item::newInstance()->findByUserIDEnabled(osc_logged_user_id(), 0, $max_items);
//calling the view...
$this->_exportVariableToView('items', $aItems);
$this->_exportVariableToView('max_items', $max_items);
$this->doView('user-dashboard.php');
break;
case 'profile':
//profile...
$user = User::newInstance()->findByPrimaryKey(osc_logged_user_id());
$aCountries = Country::newInstance()->listAll();
$aRegions = array();
if ($user['fk_c_country_code'] != '') {
$aRegions = Region::newInstance()->findByCountry($user['fk_c_country_code']);
} elseif (count($aCountries) > 0) {
$aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']);
}
$aCities = array();
if ($user['fk_i_region_id'] != '') {
$aCities = City::newInstance()->findByRegion($user['fk_i_region_id']);
} else {
if (count($aRegions) > 0) {
$aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']);
}
}
//calling the view...
$this->_exportVariableToView('countries', $aCountries);
$this->_exportVariableToView('regions', $aRegions);
$this->_exportVariableToView('cities', $aCities);
$this->_exportVariableToView('user', $user);
$this->_exportVariableToView('locales', OSCLocale::newInstance()->listAllEnabled());
$this->doView('user-profile.php');
break;
case 'profile_post':
//profile post...
osc_csrf_check();
$userId = Session::newInstance()->_get('userId');
require_once LIB_PATH . 'osclass/UserActions.php';
$userActions = new UserActions(false);
$success = $userActions->edit($userId);
if ($success == 1 || $success == 2) {
osc_add_flash_ok_message(_m('Your profile has been updated successfully'));
} else {
osc_add_flash_error_message($success);
}
$this->redirectTo(osc_user_profile_url());
break;
case 'alerts':
//alerts
$aAlerts = Alerts::newInstance()->findByUser(Session::newInstance()->_get('userId'), false);
$user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId'));
foreach ($aAlerts as $k => $a) {
$array_conditions = (array) json_decode($a['s_search']);
// $search = Search::newInstance();
$search = new Search();
$search->setJsonAlert($array_conditions);
$search->limit(0, 3);
$aAlerts[$k]['items'] = $search->doSearch();
}
$this->_exportVariableToView('alerts', $aAlerts);
View::newInstance()->_reset('alerts');
$this->_exportVariableToView('user', $user);
$this->doView('user-alerts.php');
break;
case 'change_email':
//change email
$this->doView('user-change_email.php');
break;
case 'change_email_post':
//change email post
osc_csrf_check();
if (!osc_validate_email(Params::getParam('new_email'))) {
osc_add_flash_error_message(_m('The specified e-mail is not valid'));
$this->redirectTo(osc_change_user_email_url());
} else {
$user = User::newInstance()->findByEmail(Params::getParam('new_email'));
if (!isset($user['pk_i_id'])) {
$userEmailTmp = array();
$userEmailTmp['fk_i_user_id'] = Session::newInstance()->_get('userId');
$userEmailTmp['s_new_email'] = Params::getParam('new_email');
UserEmailTmp::newInstance()->insertOrUpdate($userEmailTmp);
$code = osc_genRandomPassword(30);
$date = date('Y-m-d H:i:s');
$userManager = new User();
$userManager->update(array('s_pass_code' => $code, 's_pass_date' => $date, 's_pass_ip' => $_SERVER['REMOTE_ADDR']), array('pk_i_id' => Session::newInstance()->_get('userId')));
$validation_url = osc_change_user_email_confirm_url(Session::newInstance()->_get('userId'), $code);
osc_run_hook('hook_email_new_email', Params::getParam('new_email'), $validation_url);
$this->redirectTo(osc_user_profile_url());
} else {
osc_add_flash_error_message(_m('The specified e-mail is already in use'));
$this->redirectTo(osc_change_user_email_url());
}
}
break;
case 'change_username':
//.........这里部分代码省略.........
示例9: doModel
function doModel()
{
switch (Params::getParam('type')) {
case 'add':
// calling add currency view
$aCurrency = array('pk_c_code' => '', 's_name' => '', 's_description' => '');
$this->_exportVariableToView('aCurrency', $aCurrency);
$this->_exportVariableToView('typeForm', 'add_post');
$this->doView('settings/currency_form.php');
break;
case 'add_post':
// adding a new currency
osc_csrf_check();
$currencyCode = Params::getParam('pk_c_code');
$currencyName = Params::getParam('s_name');
$currencyDescription = Params::getParam('s_description');
// cleaning parameters
$currencyName = trim(strip_tags($currencyName));
$currencyDescription = trim(strip_tags($currencyDescription));
$currencyCode = trim(strip_tags($currencyCode));
if (!preg_match('/^.{1,3}$/', $currencyCode)) {
osc_add_flash_error_message(_m('The currency code is not in the correct format'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies');
}
$fields = array('pk_c_code' => $currencyCode, 's_name' => $currencyName, 's_description' => $currencyDescription);
$isInserted = Currency::newInstance()->insert($fields);
if ($isInserted) {
osc_add_flash_ok_message(_m('Currency added'), 'admin');
} else {
osc_add_flash_error_message(_m("Currency couldn't be added"), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies');
break;
case 'edit':
// calling edit currency view
$currencyCode = Params::getParam('code');
$currencyCode = trim(strip_tags($currencyCode));
if ($currencyCode == '') {
osc_add_flash_warning_message(sprintf(_m("The currency code '%s' doesn't exist"), $currencyCode), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies');
}
$aCurrency = Currency::newInstance()->findByPrimaryKey($currencyCode);
if (!$aCurrency) {
osc_add_flash_warning_message(sprintf(_m("The currency code '%s' doesn't exist"), $currencyCode), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies');
}
$this->_exportVariableToView('aCurrency', $aCurrency);
$this->_exportVariableToView('typeForm', 'edit_post');
$this->doView('settings/currency_form.php');
break;
case 'edit_post':
// updating currency
osc_csrf_check();
$currencyName = Params::getParam('s_name');
$currencyDescription = Params::getParam('s_description');
$currencyCode = Params::getParam('pk_c_code');
// cleaning parameters
$currencyName = trim(strip_tags($currencyName));
$currencyDescription = trim(strip_tags($currencyDescription));
$currencyCode = trim(strip_tags($currencyCode));
if (!preg_match('/.{1,3}/', $currencyCode)) {
osc_add_flash_error_message(_m('Error: the currency code is not in the correct format'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies');
}
$updated = Currency::newInstance()->update(array('s_name' => $currencyName, 's_description' => $currencyDescription), array('pk_c_code' => $currencyCode));
if ($updated == 1) {
osc_add_flash_ok_message(_m('Currency updated'), 'admin');
} else {
osc_add_flash_info_message(_m('No changes were made'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies');
break;
case 'delete':
// deleting a currency
osc_csrf_check();
$rowChanged = 0;
$aCurrencyCode = Params::getParam('code');
if (!is_array($aCurrencyCode)) {
$aCurrencyCode = array($aCurrencyCode);
}
$msg_current = '';
foreach ($aCurrencyCode as $currencyCode) {
if (preg_match('/.{1,3}/', $currencyCode) && $currencyCode != osc_currency()) {
$rowChanged += Currency::newInstance()->delete(array('pk_c_code' => $currencyCode));
}
// foreign key error
if (Currency::newInstance()->getErrorLevel() == '1451') {
$msg_current .= sprintf('</p><p>' . _m("%s couldn't be deleted because it has listings associated to it"), $currencyCode);
} else {
if ($currencyCode == osc_currency()) {
$msg_current .= sprintf('</p><p>' . _m("%s couldn't be deleted because it's the default currency"), $currencyCode);
}
}
}
$msg = '';
$status = '';
switch ($rowChanged) {
case '0':
$msg = _m('No currencies have been deleted');
$status = 'error';
//.........这里部分代码省略.........
示例10: doModel
function doModel()
{
parent::doModel();
//specific things for this class
switch ($this->action) {
case 'edit':
if (Params::getParam("id") == '') {
$this->redirectTo(osc_admin_base_url(true) . "?page=emails");
}
$form = count(Session::newInstance()->_getForm());
$keepForm = count(Session::newInstance()->_getKeepForm());
if ($form == 0 || $form == $keepForm) {
Session::newInstance()->_dropKeepForm();
}
$this->_exportVariableToView("email", $this->emailManager->findByPrimaryKey(Params::getParam("id")));
$this->doView("emails/frm.php");
break;
case 'edit_post':
osc_csrf_check();
$id = Params::getParam("id");
$s_internal_name = Params::getParam("s_internal_name");
$aFieldsDescription = array();
$postParams = Params::getParamsAsArray('', false);
$not_empty = false;
foreach ($postParams as $k => $v) {
if (preg_match('|(.+?)#(.+)|', $k, $m)) {
if ($m[2] == 's_title' && $v != '') {
$not_empty = true;
}
$aFieldsDescription[$m[1]][$m[2]] = $v;
}
}
Session::newInstance()->_setForm('s_internal_name', $s_internal_name);
Session::newInstance()->_setForm('aFieldsDescription', $aFieldsDescription);
if ($not_empty) {
foreach ($aFieldsDescription as $k => $_data) {
$this->emailManager->updateDescription($id, $k, $_data['s_title'], $_data['s_text']);
}
if (!$this->emailManager->internalNameExists($id, $s_internal_name)) {
if (!$this->emailManager->isIndelible($id)) {
$this->emailManager->updateInternalName($id, $s_internal_name);
}
Session::newInstance()->_clearVariables();
osc_add_flash_ok_message(_m('The email/alert has been updated'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=emails");
}
osc_add_flash_error_message(_m('You can\'t repeat internal name'), 'admin');
} else {
osc_add_flash_error_message(_m('The email couldn\'t be updated, at least one title should not be empty'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . "?page=emails&action=edit&id=" . $id);
break;
default:
//-
if (Params::getParam('iDisplayLength') == '') {
Params::setParam('iDisplayLength', 10);
}
$p_iPage = 1;
if (is_numeric(Params::getParam('iPage')) && Params::getParam('iPage') >= 1) {
$p_iPage = Params::getParam('iPage');
}
Params::setParam('iPage', $p_iPage);
$prefLocale = osc_current_admin_locale();
$emails = $this->emailManager->listAll(1);
// pagination
$start = ($p_iPage - 1) * Params::getParam('iDisplayLength');
$limit = Params::getParam('iDisplayLength');
$count = count($emails);
$displayRecords = $limit;
if ($start + $limit > $count) {
$displayRecords = $start + $limit - $count;
}
// ----
$aData = array();
$max = $start + $limit;
if ($max > $count) {
$max = $count;
}
for ($i = $start; $i < $max; $i++) {
$email = $emails[$i];
if (isset($email['locale'][$prefLocale]) && !empty($email['locale'][$prefLocale]['s_title'])) {
$title = $email['locale'][$prefLocale];
} else {
$title = current($email['locale']);
}
$options = array();
$options[] = '<a href="' . osc_admin_base_url(true) . '?page=emails&action=edit&id=' . $email["pk_i_id"] . '">' . __('Edit') . '</a>';
$auxOptions = '<ul>' . PHP_EOL;
foreach ($options as $actual) {
$auxOptions .= '<li>' . $actual . '</li>' . PHP_EOL;
}
$actions = '<div class="actions">' . $auxOptions . '</div>' . PHP_EOL;
$row = array();
$row[] = $email['s_internal_name'] . $actions;
$row[] = $title['s_title'];
$aData[] = $row;
}
// ----
$array['iTotalRecords'] = $displayRecords;
$array['iTotalDisplayRecords'] = count($emails);
//.........这里部分代码省略.........
示例11: doModel
function doModel()
{
parent::doModel();
switch($this->action) {
case('add'): // callin add view
$this->_exportVariableToView( 'admin', null );
$this->doView('admins/frm.php');
break;
case('add_post'): if( defined('DEMO') ) {
osc_add_flash_warning_message( _m("This action can't be done because it's a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
osc_csrf_check();
// adding a new admin
$sPassword = Params::getParam('s_password', false, false);
$sName = Params::getParam('s_name');
$sEmail = Params::getParam('s_email');
$sUserName = Params::getParam('s_username');
$bModerator = Params::getParam('b_moderator')==0?0:1;
// cleaning parameters
$sPassword = strip_tags($sPassword);
$sPassword = trim($sPassword);
$sName = strip_tags($sName);
$sName = trim($sName);
$sEmail = strip_tags($sEmail);
$sEmail = trim($sEmail);
$sUserName = strip_tags($sUserName);
$sUserName = trim($sUserName);
// Checks for legit data
if( !osc_validate_email($sEmail, true) ) {
osc_add_flash_warning_message( _m("Email invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
if( !osc_validate_username($sUserName) ) {
osc_add_flash_warning_message( _m("Username invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
if( $sName == '' ) {
osc_add_flash_warning_message( _m("Name invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true).'?page=admins&action=add');
}
if( $sPassword == '' ) {
osc_add_flash_warning_message( _m("Password invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
$admin = $this->adminManager->findByEmail($sEmail);
if( $admin ) {
osc_add_flash_warning_message( _m("Email already in use"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
$admin = $this->adminManager->findByUsername($sUserName);
if( $admin ) {
osc_add_flash_warning_message( _m("Username already in use"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
$array = array(
's_password' => osc_hash_password($sPassword),
's_name' => $sName,
's_email' => $sEmail,
's_username' => $sUserName,
'b_moderator' => $bModerator
);
$isInserted = $this->adminManager->insert($array);
if( $isInserted ) {
// send email
osc_run_hook('hook_email_new_admin', array(
's_name' => $sName,
's_username' => $sUserName,
's_password' => $sPassword,
's_email' => $sEmail
)
);
osc_add_flash_ok_message( _m('The admin has been added'), 'admin');
} else {
osc_add_flash_error_message( _m('There has been an error adding a new admin'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true).'?page=admins');
break;
case('edit'): // calling edit admin view
$adminEdit = null;
$adminId = Params::getParam('id');
if( $adminId != '' ) {
$adminEdit = $this->adminManager->findByPrimaryKey((int) $adminId);
} elseif( Session::newInstance()->_get('adminId') != '') {
$adminEdit = $this->adminManager->findByPrimaryKey( Session::newInstance()->_get('adminId') );
}
if( count($adminEdit) == 0 ) {
osc_add_flash_error_message( _m('There is no admin with this id'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
$this->_exportVariableToView("admin", $adminEdit);
//.........这里部分代码省略.........
示例12: doModel
function doModel()
{
switch ($this->action) {
case 'register':
//register user
$this->doView('user-register.php');
break;
case 'register_post':
//register user
osc_csrf_check();
if (!osc_users_enabled()) {
osc_add_flash_error_message(_m('Users are not enabled'));
$this->redirectTo(osc_base_url());
}
osc_run_hook('before_user_register');
$banned = osc_is_banned(Params::getParam('s_email'));
if ($banned == 1) {
osc_add_flash_error_message(_m('Your current email is not allowed'));
$this->redirectTo(osc_register_account_url());
} else {
if ($banned == 2) {
osc_add_flash_error_message(_m('Your current IP is not allowed'));
$this->redirectTo(osc_register_account_url());
}
}
require_once LIB_PATH . 'osclass/UserActions.php';
$userActions = new UserActions(false);
$success = $userActions->add();
switch ($success) {
case 1:
osc_add_flash_ok_message(_m('The user has been created. An activation email has been sent'));
$this->redirectTo(osc_base_url());
break;
case 2:
osc_add_flash_ok_message(_m('Your account has been created successfully'));
$this->doView('user-login.php');
break;
case 3:
osc_add_flash_warning_message(_m('The specified e-mail is already in use'));
$this->doView('user-register.php');
break;
case 4:
osc_add_flash_error_message(_m('The reCAPTCHA was not entered correctly'));
$this->doView('user-register.php');
break;
case 5:
osc_add_flash_warning_message(_m('The email is not valid'));
$this->doView('user-register.php');
break;
case 6:
osc_add_flash_warning_message(_m('The password cannot be empty'));
$this->doView('user-register.php');
break;
case 7:
osc_add_flash_warning_message(_m("Passwords don't match"));
$this->doView('user-register.php');
break;
case 8:
osc_add_flash_warning_message(_m("Username is already taken"));
$this->doView('user-register.php');
break;
case 9:
osc_add_flash_warning_message(_m("The specified username is not valid, it contains some invalid words"));
$this->doView('user-register.php');
break;
}
break;
case 'validate':
//validate account
$id = intval(Params::getParam('id'));
$code = Params::getParam('code');
$userManager = new User();
$user = $userManager->findByIdSecret($id, $code);
if (!$user) {
osc_add_flash_error_message(_m('The link is not valid anymore. Sorry for the inconvenience!'));
$this->redirectTo(osc_base_url());
}
if ($user['b_active'] == 1) {
osc_add_flash_error_message(_m('Your account has already been validated'));
$this->redirectTo(osc_base_url());
}
$userManager = new User();
$userManager->update(array('b_active' => '1'), array('pk_i_id' => $id, 's_secret' => $code));
// Auto-login
Session::newInstance()->_set('userId', $user['pk_i_id']);
Session::newInstance()->_set('userName', $user['s_name']);
Session::newInstance()->_set('userEmail', $user['s_email']);
$phone = $user['s_phone_mobile'] ? $user['s_phone_mobile'] : $user['s_phone_land'];
Session::newInstance()->_set('userPhone', $phone);
osc_run_hook('hook_email_user_registration', $user);
osc_run_hook('validate_user', $user);
osc_add_flash_ok_message(_m('Your account has been validated'));
$this->redirectTo(osc_base_url());
break;
}
}示例13: doModel
function doModel()
{
parent::doModel();
if (osc_is_moderator() && ($this->action == 'settings' || $this->action == 'settings_post')) {
osc_add_flash_error_message(_m("You don't have enough permissions"), "admin");
$this->redirectTo(osc_admin_base_url());
}
//specific things for this class
switch ($this->action) {
case 'bulk_actions':
osc_csrf_check();
$mItems = new ItemActions(true);
switch (Params::getParam('bulk_actions')) {
case 'enable_all':
$id = Params::getParam('id');
if ($id) {
$numSuccess = 0;
foreach ($id as $_id) {
if ($mItems->enable($_id)) {
$numSuccess++;
}
}
osc_add_flash_ok_message(sprintf(_mn('%d listing has been enabled', '%d listings have been enabled', $numSuccess), $numSuccess), 'admin');
}
break;
case 'disable_all':
$id = Params::getParam('id');
if ($id) {
$numSuccess = 0;
foreach ($id as $_id) {
if ($mItems->disable((int) $_id)) {
$numSuccess++;
}
}
osc_add_flash_ok_message(sprintf(_mn('%d listing has been disabled', '%d listings have been disabled', $numSuccess), $numSuccess), 'admin');
}
break;
case 'activate_all':
$id = Params::getParam('id');
if ($id) {
$numSuccess = 0;
foreach ($id as $_id) {
if ($mItems->activate($_id)) {
$numSuccess++;
}
}
osc_add_flash_ok_message(sprintf(_mn('%d listing has been activated', '%d listings have been activated', $numSuccess), $numSuccess), 'admin');
}
break;
case 'deactivate_all':
$id = Params::getParam('id');
if ($id) {
$numSuccess = 0;
foreach ($id as $_id) {
if ($mItems->deactivate($_id)) {
$numSuccess++;
}
}
osc_add_flash_ok_message(sprintf(_m('%d listing has been deactivated', '%d listings have been deactivated', $numSuccess), $numSuccess), 'admin');
}
break;
case 'premium_all':
$id = Params::getParam('id');
if ($id) {
$numSuccess = 0;
foreach ($id as $_id) {
if ($mItems->premium($_id)) {
$numSuccess++;
}
}
osc_add_flash_ok_message(sprintf(_mn('%d listing has been marked as premium', '%d listings have been marked as premium', $numSuccess), $numSuccess), 'admin');
}
break;
case 'depremium_all':
$id = Params::getParam('id');
if ($id) {
$numSuccess = 0;
foreach ($id as $_id) {
if ($mItems->premium($_id, false)) {
$numSuccess++;
}
}
osc_add_flash_ok_message(sprintf(_mn('%d change has been made', '%d changes have been made', $numSuccess), $numSuccess), 'admin');
}
break;
case 'spam_all':
$id = Params::getParam('id');
if ($id) {
$numSuccess = 0;
foreach ($id as $_id) {
if ($mItems->spam($_id)) {
$numSuccess++;
}
}
osc_add_flash_ok_message(sprintf(_mn('%d listing has been marked as spam', '%d listings have been marked as spam', $numSuccess), $numSuccess), 'admin');
}
break;
case 'despam_all':
$id = Params::getParam('id');
if ($id) {
//.........这里部分代码省略.........
示例14: doModel
function doModel()
{
parent::doModel();
//specific things for this class
switch ($this->action) {
case 'add':
$this->doView("appearance/add.php");
break;
case 'add_post':
if (defined('DEMO')) {
osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=appearance');
}
osc_csrf_check();
$filePackage = Params::getFiles('package');
if (isset($filePackage['size']) && $filePackage['size'] != 0) {
$path = osc_themes_path();
(int) ($status = osc_unzip_file($filePackage['tmp_name'], $path));
} else {
$status = 3;
}
switch ($status) {
case 0:
$msg = _m('The theme folder is not writable');
osc_add_flash_error_message($msg, 'admin');
break;
case 1:
$msg = _m('The theme has been installed correctly');
osc_add_flash_ok_message($msg, 'admin');
break;
case 2:
$msg = _m('The zip file is not valid');
osc_add_flash_error_message($msg, 'admin');
break;
case 3:
$msg = _m('No file was uploaded');
osc_add_flash_error_message($msg, 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=appearance&action=add");
break;
case -1:
default:
$msg = _m('There was a problem adding the theme');
osc_add_flash_error_message($msg, 'admin');
break;
}
$this->redirectTo(osc_admin_base_url(true) . "?page=appearance");
break;
case 'delete':
if (defined('DEMO')) {
osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=appearance');
}
osc_csrf_check();
$theme = Params::getParam('webtheme');
if ($theme != '') {
if ($theme != osc_current_web_theme()) {
if (osc_deleteDir(osc_content_path() . "themes/" . $theme . "/")) {
osc_add_flash_ok_message(_m("Theme removed successfully"), "admin");
} else {
osc_add_flash_error_message(_m("There was a problem removing the theme"), "admin");
}
} else {
osc_add_flash_error_message(_m("Current theme can not be deleted"), "admin");
}
} else {
osc_add_flash_error_message(_m("No theme selected"), "admin");
}
$this->redirectTo(osc_admin_base_url(true) . "?page=appearance");
break;
/* widgets */
/* widgets */
case 'widgets':
$info = WebThemes::newInstance()->loadThemeInfo(osc_theme());
$this->_exportVariableToView("info", $info);
$this->doView('appearance/widgets.php');
break;
case 'add_widget':
$this->doView('appearance/add_widget.php');
break;
case 'edit_widget':
$id = Params::getParam('id');
$widget = Widget::newInstance()->findByPrimaryKey($id);
$this->_exportVariableToView("widget", $widget);
$this->doView('appearance/add_widget.php');
break;
case 'delete_widget':
osc_csrf_check();
Widget::newInstance()->delete(array('pk_i_id' => Params::getParam('id')));
osc_add_flash_ok_message(_m('Widget removed correctly'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=appearance&action=widgets");
break;
case 'edit_widget_post':
osc_csrf_check();
if (!osc_validate_text(Params::getParam("description"))) {
osc_add_flash_error_message(_m('Description field is required'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=appearance&action=widgets");
}
$res = Widget::newInstance()->update(array('s_description' => Params::getParam('description'), 's_content' => Params::getParam('content', false, false)), array('pk_i_id' => Params::getParam('id')));
if ($res) {
osc_add_flash_ok_message(_m('Widget updated correctly'), 'admin');
//.........这里部分代码省略.........
示例15: doModel
function doModel()
{
switch ($this->action) {
case 'login_post':
//post execution for the login
osc_csrf_check();
osc_run_hook('before_login_admin');
$url_redirect = osc_get_http_referer();
$page_redirect = '';
$password = Params::getParam('password', false, false);
if (preg_match('|[\\?&]page=([^&]+)|', $url_redirect . '&', $match)) {
$page_redirect = $match[1];
}
if ($page_redirect == '' || $page_redirect == 'login' || $url_redirect == '') {
$url_redirect = osc_admin_base_url();
}
if (Params::getParam('user') == '') {
osc_add_flash_error_message(_m('The username field is empty'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=login");
}
if (Params::getParam('password', false, false) == '') {
osc_add_flash_error_message(_m('The password field is empty'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=login");
}
// fields are not empty
$admin = Admin::newInstance()->findByUsername(Params::getParam('user'));
if (!$admin) {
osc_add_flash_error_message(sprintf(_m('Sorry, incorrect username. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=login");
}
if (!osc_verify_password($password, $admin['s_password'])) {
osc_add_flash_error_message(sprintf(_m('Sorry, incorrect password. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=login");
} else {
if (@$admin['s_password'] != '') {
if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $admin['s_password'], $cost)) {
if ($cost[1] != BCRYPT_COST) {
Admin::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $admin['pk_i_id']));
}
} else {
Admin::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $admin['pk_i_id']));
}
}
}
if (Params::getParam('remember')) {
// this include contains de osc_genRandomPassword function
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$secret = osc_genRandomPassword();
Admin::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $admin['pk_i_id']));
Cookie::newInstance()->set_expires(osc_time_cookie());
Cookie::newInstance()->push('oc_adminId', $admin['pk_i_id']);
Cookie::newInstance()->push('oc_adminSecret', $secret);
Cookie::newInstance()->push('oc_adminLocale', Params::getParam('locale'));
Cookie::newInstance()->set();
}
// we are logged in... let's go!
Session::newInstance()->_set('adminId', $admin['pk_i_id']);
Session::newInstance()->_set('adminUserName', $admin['s_username']);
Session::newInstance()->_set('adminName', $admin['s_name']);
Session::newInstance()->_set('adminEmail', $admin['s_email']);
Session::newInstance()->_set('adminLocale', Params::getParam('locale'));
osc_run_hook('login_admin', $admin);
$this->redirectTo($url_redirect);
break;
case 'recover':
// form to recover the password (in this case we have the form in /gui/)
$this->doView('gui/recover.php');
break;
case 'recover_post':
if (defined('DEMO')) {
osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url());
}
osc_csrf_check();
// post execution to recover the password
$admin = Admin::newInstance()->findByEmail(Params::getParam('email'));
if ($admin) {
if (osc_recaptcha_private_key() != '') {
if (!osc_check_recaptcha()) {
osc_add_flash_error_message(_m('The reCAPTCHA code is wrong'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=login&action=recover');
return false;
// BREAK THE PROCESS, THE RECAPTCHA IS WRONG
}
}
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$newPassword = osc_genRandomPassword(40);
Admin::newInstance()->update(array('s_secret' => $newPassword), array('pk_i_id' => $admin['pk_i_id']));
$password_url = osc_forgot_admin_password_confirm_url($admin['pk_i_id'], $newPassword);
osc_run_hook('hook_email_user_forgot_password', $admin, $password_url);
}
osc_add_flash_ok_message(_m('A new password has been sent to your e-mail'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=login');
break;
case 'forgot':
// form to recover the password (in this case we have the form in /gui/)
$admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code'));
if (!$admin) {
osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin');
$this->redirectTo(osc_admin_base_url());
//.........这里部分代码省略.........