/**
* @param null|int $oid
* @return bool
*/
public function load( $oid = null )
{
$input = Application::Input()->subTree( 'usersbrowser' );
foreach ( $input->subTree( 'idcid' ) as $id ) {
if ( $id ) {
$this->users[] = array( 'user_id' => (int) $id, 'status' => 1 );
}
}
return true;
}
static function getReturnURL($params, $type)
{
global $cbSpecialReturnAfterLogin, $cbSpecialReturnAfterLogout;
static $returnUrl = null;
if (!isset($returnUrl)) {
$returnUrl = Application::Input()->get('get/return', '', GetterInterface::BASE64);
if ($returnUrl) {
$returnUrl = base64_decode($returnUrl);
if (!JUri::isInternal($returnUrl)) {
// The URL isn't internal to the site; reset it to index to be safe:
$returnUrl = 'index.php';
}
} else {
$isHttps = isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off';
$returnUrl = 'http' . ($isHttps ? 's' : '') . '://' . $_SERVER['HTTP_HOST'];
if (!empty($_SERVER['PHP_SELF']) && !empty($_SERVER['REQUEST_URI'])) {
$returnUrl .= $_SERVER['REQUEST_URI'];
} else {
$returnUrl .= $_SERVER['SCRIPT_NAME'];
if (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) {
$returnUrl .= '?' . $_SERVER['QUERY_STRING'];
}
}
}
$returnUrl = cbUnHtmlspecialchars(preg_replace('/[\\\\"\\\'][\\s]*javascript:(.*)[\\\\"\\\']/', '""', preg_replace('/eval\\((.*)\\)/', '', htmlspecialchars(urldecode($returnUrl)))));
if (preg_match('/index.php\\?option=com_comprofiler&task=confirm&confirmCode=|index.php\\?option=com_comprofiler&view=confirm&confirmCode=|index.php\\?option=com_comprofiler&task=login|index.php\\?option=com_comprofiler&view=login/', $returnUrl)) {
$returnUrl = 'index.php';
}
}
$secureForm = (int) $params->get('https_post', 0);
if ($type == 'login') {
$loginReturnUrl = $params->get('login', $returnUrl);
if (isset($cbSpecialReturnAfterLogin)) {
$loginReturnUrl = $cbSpecialReturnAfterLogin;
}
$url = cbSef($loginReturnUrl, true, 'html', $secureForm);
} elseif ($type == 'logout') {
$logoutReturnUrl = $params->get('logout', 'index.php');
if ($logoutReturnUrl == '#') {
$logoutReturnUrl = $returnUrl;
}
if (isset($cbSpecialReturnAfterLogout)) {
$logoutReturnUrl = $cbSpecialReturnAfterLogout;
}
$url = cbSef($logoutReturnUrl, true, 'html', $secureForm);
} else {
$url = $returnUrl;
}
return base64_encode($url);
}
/**
* Constructor (must stay old-named for compatibility with CBSubs GPL 3.0.0)
*
* @param Registry $pluginParams The parameters of the plugin
* @param SimpleXMLElement $types The types definitions in XML
* @param SimpleXMLElement $actions The actions definitions in XML
* @param SimpleXMLElement $views The views definitions in XML
* @param PluginTable $pluginObject The plugin object
* @param int $tabId The tab id (if there is one)
*/
public function cbEditRowView($pluginParams, $types, $actions, $views, $pluginObject, $tabId = null)
{
global $_CB_database;
$input = Application::Input();
/** @noinspection PhpDeprecationInspection */
if ($pluginParams instanceof cbParamsBase) {
// Backwards-compatibility:
/** @noinspection PhpDeprecationInspection */
$pluginParams = new Registry($pluginParams->toParamsArray());
}
$this->registryEditView = new RegistryEditView($input, $_CB_database, $pluginParams, $types, $actions, $views, $pluginObject, $tabId);
foreach (array_keys(get_object_vars($this->registryEditView)) as $k) {
$this->{$k} =& $this->registryEditView->{$k};
}
}
function cbPoweredBy()
{
global $ueConfig;
if (isset($ueConfig['poweredBy']) && !$ueConfig['poweredBy']) {
return null;
}
$input = Application::Input();
$url = $input->get('server/SERVER_NAME', null, GetterInterface::STRING) . $input->get('server/REQUEST_URI', null, GetterInterface::STRING);
$urls = array(array('title' => 'social network platform', 'url' => 'http://www.joomlapolis.com/social-networking?pk_campaign=in-cb&pk_kwd=poweredby'), array('title' => 'community software', 'url' => 'http://www.joomlapolis.com/community-builder?pk_campaign=in-cb&pk_kwd=poweredby'), array('title' => 'online community software', 'url' => 'http://www.joomlapolis.com/community-builder?pk_campaign=in-cb&pk_kwd=poweredby'), array('title' => 'social networking software', 'url' => 'http://www.joomlapolis.com/community-builder?pk_campaign=in-cb&pk_kwd=poweredby'), array('title' => 'open source social networking', 'url' => 'http://www.joomlapolis.com/social-networking?pk_campaign=in-cb&pk_kwd=poweredby'), array('title' => 'social network script', 'url' => 'http://www.joomlapolis.com/community-builder?pk_campaign=in-cb&pk_kwd=poweredby'), array('title' => 'social community software', 'url' => 'http://www.joomlapolis.com/community-builder?pk_campaign=in-cb&pk_kwd=poweredby'), array('title' => 'online social networking', 'url' => 'http://www.joomlapolis.com/community-builder?pk_campaign=in-cb&pk_kwd=poweredby'), array('title' => 'social websites', 'url' => 'http://www.joomlapolis.com/social-networking?pk_campaign=in-cb&pk_kwd=poweredby'), array('title' => 'online community sites', 'url' => 'http://www.joomlapolis.com/community-builder?pk_campaign=in-cb&pk_kwd=poweredby'), array('title' => 'how to build a social networking site', 'url' => 'http://www.joomlapolis.com?pk_campaign=in-cb&pk_kwd=poweredby'), array('title' => 'how to create a social network', 'url' => 'http://www.joomlapolis.com?pk_campaign=in-cb&pk_kwd=poweredby'), array('title' => 'online membership sites', 'url' => 'http://www.joomlapolis.com/cb-solutions/cbsubs?pk_campaign=in-cb&pk_kwd=poweredby'), array('title' => 'online paid subscription sites', 'url' => 'http://www.joomlapolis.com/cb-solutions/cbsubs?pk_campaign=in-cb&pk_kwd=poweredby'), array('title' => 'membership sites', 'url' => 'http://www.joomlapolis.com/cb-solutions/cbsubs?pk_campaign=in-cb&pk_kwd=poweredby'), array('title' => 'paid membership sites', 'url' => 'http://www.joomlapolis.com/cb-solutions/cbsubs?pk_campaign=in-cb&pk_kwd=poweredby'));
list($urlBits) = sscanf(substr(md5($url), -4), '%4x');
$key = $urlBits % count($urls);
$return = '<div class="cbPoweredBy cb_template cb_template_' . selectTemplate('dir') . '">' . '<div class="text-center text-small content-spacer">' . '<a title="' . htmlspecialchars($urls[$key]['title']) . '" href="' . htmlspecialchars($urls[$key]['url']) . '" target="_blank">' . 'Powered by Community Builder' . '</a>' . '</div>' . '</div>';
return $return;
}
/**
* Get plugin inputs
*
* @return InputInterface
*/
public function getInput()
{
if ($this->input) {
return $this->input;
}
return Application::Input();
}
/**
* Gets a cleaned value from a PHP global
*
* @param string $arn
* @param string $name
* @param mixed $def
* @return mixed
*/
protected static function _globalConv($arn, $name, $def = null)
{
switch ($arn) {
case 'request':
$value = Application::Input()->get($name, 0, GetterInterface::STRING);
break;
case 'get':
case 'post':
case 'cookie':
case 'server':
case 'env':
$value = Application::Input()->get($arn . '/' . $name, 0, GetterInterface::STRING);
break;
case 'session':
$value = Application::Session()->get($name, null, GetterInterface::STRING);
break;
case 'cbcookie':
$value = CBCookie::getcookie($name, $def);
break;
default:
trigger_error(sprintf('SQLXML::globalconv error: unknown type %s for %s.', $arn, $name), E_USER_NOTICE);
$value = null;
break;
}
return stripslashes($value);
}
/**
* Returns extension name being executed (e.g. com_comprofiler or mod_cblogin)
*
* @return string
*/
public function getExtensionName()
{
return Application::Input()->get('option', null, GetterInterface::COMMAND);
}
/**
* Uploads category or group canvas or logo
*
* @param string $type
* @param CategoryTable|GroupTable $row
* @return bool
*/
static public function uploadImage( $type = 'canvas', &$row )
{
global $_CB_framework, $_PLUGINS;
if ( ( ! $type ) || ( ! in_array( $type, array( 'canvas', 'logo' ) ) ) ) {
return false;
}
$method = Application::Input()->get( 'post/' . $type . '_method', null, GetterInterface::INT );
if ( $method === 0 ) {
return true;
}
static $params = null;
if ( ! $params ) {
$plugin = $_PLUGINS->getLoadedPlugin( 'user', 'cbgroupjive' );
$params = $_PLUGINS->getPluginParams( $plugin );
}
$basePath = $_CB_framework->getCfg( 'absolute_path' ) . '/images/comprofiler/plug_cbgroupjive';
if ( $row instanceof GroupTable ) {
$imagePath = $basePath . '/' . (int) $row->get( 'category' ) . '/' . (int) $row->get( 'id' );
} else {
$imagePath = $basePath . '/' . (int) $row->get( 'id' );
}
if ( ( ( $method === null ) || ( $method === 1 ) ) && isset( $_FILES[$type]['tmp_name'] ) && ( ! empty( $_FILES[$type]['tmp_name'] ) ) ) {
if ( $row instanceof GroupTable ) {
self::createDirectory( $basePath, $row->get( 'category' ), $row->get( 'id' ) );
} else {
self::createDirectory( $basePath, $row->get( 'id' ) );
}
$resample = $params->get( $type . '_resample', 1 );
$aspectRatio = $params->get( $type . '_maintain_aspect_ratio', 1 );
$imageHeight = (int) $params->get( $type . '_image_height', 640 );
if ( ! $imageHeight ) {
$imageHeight = 640;
}
$imageWidth = (int) $params->get( $type . '_image_width', 1280 );
if ( ! $imageWidth ) {
$imageWidth = 1280;
}
$thumbHeight = (int) $params->get( $type . '_thumbnail_height', 320 );
if ( ! $thumbHeight ) {
$thumbHeight = 320;
}
$thumbWidth = (int) $params->get( $type . '_thumbnail_width', 640 );
if ( ! $thumbWidth ) {
$thumbWidth = 640;
}
$conversionType = (int) Application::Config()->get( 'conversiontype', 0 );
$imageSoftware = ( $conversionType == 5 ? 'gmagick' : ( $conversionType == 1 ? 'imagick' : 'gd' ) );
$imageId = uniqid();
try {
$image = new \CBLib\Image\Image( $imageSoftware, $resample, $aspectRatio );
$image->setName( $imageId );
$image->setSource( $_FILES[$type] );
$image->setDestination( $imagePath . '/' );
$image->processImage( $imageWidth, $imageHeight );
$newFileName = $image->getCleanFilename();
$image->setName( 'tn' . $imageId );
$image->processImage( $thumbWidth, $thumbHeight );
if ( $row->get( $type ) ) {
$oldImage = $imagePath . '/' . $row->get( $type );
if ( file_exists( $oldImage ) ) {
@unlink( $oldImage );
}
$oldThumbnail = $imagePath . '/tn' . $row->get( $type );
if ( file_exists( $oldThumbnail ) ) {
@unlink( $oldThumbnail );
}
}
$row->set( $type, $newFileName );
} catch ( \Exception $e ) {
$row->setError( $e->getMessage() );
return false;
}
} elseif ( ( $method === 2 ) && $row->get( $type ) ) {
$image = $imagePath . '/' . $row->get( $type );
if ( file_exists( $image ) ) {
@unlink( $image );
}
$thumbnail = $imagePath . '/tn' . $row->get( $type );
if ( file_exists( $thumbnail ) ) {
@unlink( $thumbnail );
}
$row->set( $type, '' );
}
return true;
}
/**
* Constructor
*
* @param string $paramsValues The string raw parms text
* @param SimpleXMLElement $xmlElement The element in XML corresponding to the parameters
* @param SimpleXMLElement $xml The root element
* @param PluginTable $pluginObject The plugin object
* @param int $tabId The tab id (if there is one)
* @param string $maintagname The main name of the tag pf the file
* @param string $attrname The attribute name to test for $attrvalue
* @param string $attrvalue The attribute value to be tested
*/
public function __construct($paramsValues, $xmlElement, $xml, &$pluginObject, $tabId = null, $maintagname = 'cbinstall', $attrname = 'type', $attrvalue = 'plugin')
{
global $_CB_database;
$input = Application::Input();
$this->registryEditController = new RegistryEditController($input, $_CB_database, new Registry($paramsValues), $xmlElement, $xml, $pluginObject, $tabId, $maintagname, $attrname, $attrvalue);
foreach (array_keys(get_object_vars($this)) as $k) {
if (isset($this->registryEditController->{$k})) {
$this->{$k} =& $this->registryEditController->{$k};
}
}
$this->_params = $this->registryEditController->getEditedParams();
}
/**
* Constructor
*
* @param SimpleXMLElement $tableBrowserModel The model for the browser
* @param SimpleXMLElement $actions The actions node
* @param string[] $options The input request options
*/
public function __construct($tableBrowserModel, $actions, $options)
{
parent::__construct(Application::Input(), $tableBrowserModel, $actions, $options);
}
/**
* WARNING: UNCHECKED ACCESS! On purpose unchecked access for M2M operations
* Generates the HTML to display for a specific component-like page for the tab. WARNING: unchecked access !
* @param TabTable|null $tab the tab database entry
* @param UserTable $user the user being displayed
* @param int $ui 1 for front-end, 2 for back-end
* @param array $postdata _POST data for saving edited tab content as generated with getEditTab
* @return mixed either string HTML for tab content, or false if ErrorMSG generated
*/
public function getTabComponent($tab, $user, $ui, $postdata)
{
global $_CB_database, $_CB_framework, $_POST;
$return = '';
$paid = false;
$oldignoreuserabort = ignore_user_abort(true);
$allowHumanHtmlOutput = true;
// this will be reverted in case of M2M server-to-server notifications
$act = $this->base->_getReqParam('act');
$actPosted = isset($_POST[$this->base->_getPagingParamName('act')]);
if ($act === null) {
$act = $this->base->input('act', null, GetterInterface::COMMAND);
$actPosted = $this->base->input('post/act', null, GetterInterface::COMMAND) !== null;
}
$post_user_id = (int) cbGetParam($_GET, 'user', 0);
if ($actPosted && $post_user_id > 0) {
$access = false;
$myId = $_CB_framework->myId();
if (is_object($user)) {
if ($myId == 0) {
if (in_array($act, array('saveeditinvoiceaddress', 'saveeditbasketintegration', 'showbskt'))) {
$access = true;
} else {
$paidsubsManager = cbpaidSubscriptionsMgr::getInstance();
if (!$paidsubsManager->checkExpireMe(__FUNCTION__, $user->id, false)) {
// expired subscriptions: we will allow limited access to:
if (in_array($act, array('upgrade', 'pay', 'reactivate', 'resubscribe', 'display_subscriptions'))) {
$access = true;
}
}
}
} else {
if ($ui == 1 && $user->id == $myId || cbpaidApp::authoriseAction('cbsubs.usersubscriptionmanage')) {
$access = true;
}
}
} else {
$return = CBPTXT::T("User does not exist") . '.';
}
if (!$access) {
$return .= '<br />' . CBPTXT::T("Not authorized action") . '.';
return $return;
}
cbSpoofCheck('plugin');
// anti-spoofing check
// renew or upgrade subscription payment form:
$params = $this->params;
$now = $_CB_framework->now();
$subscriptionsGUI = new cbpaidControllerUI();
$subscriptionIds = $subscriptionsGUI->getEditPostedBoxes('id');
if ($subscriptionIds == array(0)) {
$subscriptionIds = array();
}
if ($post_user_id && $user->id == $post_user_id) {
outputCbTemplate();
$this->base->outputRegTemplate();
outputCbJs();
switch ($act) {
case 'upgrade':
// upgrade an existing subscription
// display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present:
$chosenPlans = $subscriptionsGUI->getAndCheckChosenUpgradePlans($postdata, $user, $now);
if (!is_array($chosenPlans) || count($chosenPlans) == 0) {
$subTxt = CBPTXT::T($params->get('subscription_name', 'subscription'));
$return .= (is_string($chosenPlans) ? $chosenPlans . '<br />' : '') . sprintf(CBPTXT::Th("Please press back button and select the %s plan to which you would like to upgrade."), $subTxt);
break;
}
$introText = CBPTXT::Th($params->get('intro_text_upgrade', null));
//TBD: check if already exists (reload protection):
$paymentBasket = cbpaidControllerOrder::createSubscriptionsAndPayment($user, $chosenPlans, $postdata, $subscriptionIds, null, 'R', CBPTXT::T("Upgrade"), 'U');
if (is_object($paymentBasket)) {
$return = cbpaidControllerOrder::showBasketForPayment($user, $paymentBasket, $introText);
} else {
$return = $paymentBasket;
// show messages as nothing to pay.
}
break;
case 'pay':
// pay for an unpaid subscription
// display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present:
$plan = $this->base->_getReqParam('plan');
if (!$plan || !isset($subscriptionIds[$plan]) || !$subscriptionIds[$plan]) {
$subTxt = CBPTXT::T($params->get('subscription_name', 'subscription'));
$return .= sprintf(CBPTXT::Th("Please press back button and select a %s plan."), $subTxt);
break;
}
$plansMgr = cbpaidPlansMgr::getInstance();
$chosenPlans = array();
$chosenPlans[(int) $plan] = $plansMgr->loadPlan((int) $plan);
$introText = CBPTXT::Th($params->get('intro_text', null));
$paymentStatus = null;
$return = cbpaidControllerOrder::showPaymentForm($user, $chosenPlans, $introText, $subscriptionIds, $paymentStatus);
break;
case 'renew':
// renew a still valid subscription
// renew a still valid subscription
case 'reactivate':
// reactivate an expired subscription
// reactivate an expired subscription
case 'resubscribe':
// resubscribe a cancelled subscription
// display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present:
$plan = $this->base->_getReqParam('plan');
if (!$plan || !isset($subscriptionIds[$plan]) || !$subscriptionIds[$plan]) {
$subTxt = CBPTXT::T($params->get('subscription_name', 'subscription'));
$return .= sprintf(CBPTXT::Th("Please press back button and select a %s plan."), $subTxt);
break;
}
$plansMgr = cbpaidPlansMgr::getInstance();
$chosenPlans = array();
$chosenPlans[(int) $plan] = $plansMgr->loadPlan((int) $plan);
$paidSomethingMgr = cbpaidSomethingMgr::getInstance();
$subscription = $paidSomethingMgr->loadSomething($subscriptionIds[$plan][0], $subscriptionIds[$plan][1]);
global $_PLUGINS;
$_PLUGINS->loadPluginGroup('user', 'cbsubs.');
$_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin');
$_PLUGINS->trigger('onCPayAfterPlanRenewalSelected', array(&$chosenPlans[(int) $plan], &$subscription, $act));
if ($_PLUGINS->is_errors()) {
$return .= $_PLUGINS->getErrorMSG();
break;
}
$introText = CBPTXT::Th($params->get('intro_text_renew', null));
//TBD: check if already exists (reload protection):
$paymentBasket = cbpaidControllerOrder::createSubscriptionsAndPayment($user, $chosenPlans, $postdata, $subscriptionIds, null, null, CBPTXT::T("Renew"), 'R');
if (is_object($paymentBasket)) {
$return = cbpaidControllerOrder::showBasketForPayment($user, $paymentBasket, $introText);
} else {
$return = $paymentBasket;
// show messages as nothing to pay.
}
break;
case 'unsubscribe':
// request to unsubscribe an active subscription
// display unsubscribe confirmation form:
$plan = $this->base->_getReqParam('plan');
if (!$plan || !isset($subscriptionIds[$plan]) || !$subscriptionIds[$plan]) {
$subTxt = CBPTXT::T($params->get('subscription_name', 'subscription'));
$return .= sprintf(CBPTXT::Th("Please press back button and select a %s plan."), $subTxt);
break;
}
$introText = CBPTXT::Th($params->get('unsubscribe_intro_text', null));
$return = $subscriptionsGUI->showUnsubscribeForm($user, $introText, (int) $plan, (int) $subscriptionIds[$plan][1]);
break;
case 'confirm_unsubscribe':
// confirm previous request to unsubscribe an active subscription
// unsubscribe confirmed:
$plan = $this->base->_getReqParam('plan');
if (!$plan || !isset($subscriptionIds[$plan]) || !$subscriptionIds[$plan]) {
$subTxt = CBPTXT::T($params->get('subscription_name', 'subscription'));
$return .= sprintf(CBPTXT::Th("Please press back button and select a %s plan."), $subTxt);
break;
}
if ($plan && count($subscriptionIds) == 1) {
$unsubscribeConfText = CBPTXT::Th($params->get('unsubscribe_confirmation_text', null));
$return = cbpaidControllerOrder::doUnsubscribeConfirm($user, $unsubscribeConfText, (int) $plan, (int) $subscriptionIds[$plan][1]);
}
break;
case 'display_subscriptions':
// unsubscribe cancelled: display subscriptions:
$return = $this->base->displayUserTab($user);
break;
case 'showinvoice':
// shows a particular user invoice:
if ($params->get('show_invoices', 1)) {
$invoiceNo = $this->base->_getReqParam('invoice');
$return = $this->showInvoice($invoiceNo, $user);
}
break;
case 'saveeditinvoiceaddress':
case 'editinvoiceaddress':
// this is the case of reload of invoicing address
$invoicingAddressQuery = $params->get('invoicing_address_query');
if ($invoicingAddressQuery > 0) {
$basketId = $this->base->_getReqParam('basket', 0);
$hashToCheck = $this->base->_getReqParam('bck');
$paymentBasket = new cbpaidPaymentBasket($_CB_database);
if ($basketId && $paymentBasket->load((int) $basketId) && $paymentBasket->payment_status == 'NotInitiated' && $hashToCheck == $paymentBasket->checkHashUser($hashToCheck)) {
if ($act == 'saveeditinvoiceaddress' && $this->base->input('actbutton', null, GetterInterface::COMMAND)) {
// IE7-8 will return text instead of value and IE6 will return button all the time http://www.dev-archive.net/articles/forms/multiple-submit-buttons.html
$return = $paymentBasket->saveInvoicingAddressForm($user);
if ($return === null) {
$introText = CBPTXT::Th($params->get('intro_text', null));
$return .= cbpaidControllerOrder::showBasketForPayment($user, $paymentBasket, $introText);
}
} else {
// invoice has reloaded itself (e.g. for country change):
$return = $paymentBasket->renderInvoicingAddressForm($user, Application::Input());
}
} else {
$this->base->_setErrorMSG(CBPTXT::T("No unpaid payment basket found."));
}
} else {
$this->base->_setErrorMSG(CBPTXT::T("Not authorized action"));
}
break;
case 'saverecordpayment':
case 'editrecordpayment':
// this is the case of reload of the form
$basketId = $this->base->_getReqParam('basket', 0);
$hashToCheck = $this->base->_getReqParam('bck');
$paymentBasket = new cbpaidPaymentBasket($_CB_database);
if ($basketId && $paymentBasket->load((int) $basketId) && $paymentBasket->payment_status != 'Completed' && $hashToCheck == $paymentBasket->checkHashUser($hashToCheck)) {
if ($paymentBasket->authoriseAction('cbsubs.recordpayments')) {
if ($act == 'saverecordpayment' && $this->base->input('actbutton', null, GetterInterface::COMMAND)) {
// IE7-8 will return text instead of value and IE6 will return button all the time http://www.dev-archive.net/articles/forms/multiple-submit-buttons.html
$return = cbpaidRecordBasketPayment::saveRecordPayment($paymentBasket->id);
if ($return === null) {
$return .= CBPTXT::T("Payment recorded.") . ' <a href="' . $_CB_framework->userProfileUrl($paymentBasket->user_id, true) . '">' . CBPTXT::Th("View user profile") . '</a>';
}
} else {
// invoice has reloaded itself (e.g. for country change):
$return = cbpaidRecordBasketPayment::displayRecordPaymentForm($paymentBasket->id);
}
} else {
$this->base->_setErrorMSG(CBPTXT::T("Not authorized action"));
}
} else {
$this->base->_setErrorMSG(CBPTXT::T("No unpaid payment basket found."));
}
break;
default:
cbNotAuth();
return '';
break;
}
}
} elseif ($this->base->_getReqParam('account') && (int) cbGetParam($_GET, 'user', 0) > 0) {
$account = $this->base->_getReqParam('account');
$post_user_id = (int) cbGetParam($_GET, 'user', 0);
$user = CBuser::getUserDataInstance((int) $post_user_id);
if ($user->id) {
if (isset($_SESSION['cbsubs']['expireduser']) && $_SESSION['cbsubs']['expireduser'] == $user->id) {
// expired subscriptions of membership: show possibilities:
$subscriptionsGUI = new cbpaidControllerUI();
outputCbTemplate();
$this->base->outputRegTemplate();
outputCbJs();
switch ($account) {
case 'expired':
$paidsubsManager = cbpaidSubscriptionsMgr::getInstance();
if (!$paidsubsManager->checkExpireMe(__FUNCTION__, $user->id, false)) {
// no valid membership:
$return = $subscriptionsGUI->getShowSubscriptionUpgrades($user, true);
}
break;
default:
break;
}
} else {
$return = CBPTXT::Th("Browser cookies must be enabled.");
}
}
} elseif (in_array($act, array('setbsktpmtmeth', 'setbsktcurrency'))) {
cbSpoofCheck('plugin');
// anti-spoofing check
$params = $this->params;
outputCbTemplate();
$this->base->outputRegTemplate();
outputCbJs();
$basketId = $this->base->_getReqParam('bskt', 0);
$hashToCheck = $this->base->_getReqParam('bck');
$paymentBasket = new cbpaidPaymentBasket($_CB_database);
if ($basketId && $paymentBasket->load((int) $basketId) && $paymentBasket->payment_status == 'NotInitiated' && $hashToCheck == $paymentBasket->checkHashUser($hashToCheck)) {
switch ($act) {
case 'setbsktpmtmeth':
if ($params->get('payment_method_selection_type') == 'radios') {
$chosenPaymentMethod = cbGetParam($_POST, 'payment_method');
$introText = CBPTXT::Th($params->get('intro_text', null));
$return = $paymentBasket->saveBasketPaymentMethodForm($user, $introText, $chosenPaymentMethod);
if ($return === null) {
$return .= cbpaidControllerOrder::showBasketForPayment($user, $paymentBasket, $introText);
}
} else {
$this->base->_setErrorMSG(CBPTXT::T("Not authorized action"));
}
break;
case 'setbsktcurrency':
if ($params->get('allow_select_currency', '0')) {
$newCurrency = cbGetParam($_POST, 'currency');
if ($newCurrency) {
if (in_array($newCurrency, cbpaidControllerPaychoices::getInstance()->getAllCurrencies())) {
$paymentBasket->changeCurrency($newCurrency);
} else {
$this->base->_setErrorMSG(CBPTXT::T("This currency is not allowed"));
}
$introText = CBPTXT::Th($params->get('intro_text', null));
$return .= cbpaidControllerOrder::showBasketForPayment($user, $paymentBasket, $introText);
} else {
$this->base->_setErrorMSG(CBPTXT::T("Not authorized action"));
}
} else {
$this->base->_setErrorMSG(CBPTXT::T("Changes of currency of orders are not authorized"));
}
break;
default:
cbNotAuth();
return '';
break;
}
} else {
$this->base->_setErrorMSG(CBPTXT::T("No unpaid payment basket found."));
}
} elseif ($act == 'cbsubsclass') {
$pluginName = $this->base->_getReqParam('class');
if (preg_match('/^[a-z]+$/', $pluginName)) {
$element = 'cbsubs.' . $pluginName;
global $_PLUGINS;
$_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin', $element);
$loadedPlugins = $_PLUGINS->getLoadedPluginGroup('user/plug_cbpaidsubscriptions/plugin');
$params = $this->params;
foreach ($loadedPlugins as $p) {
if ($p->element == $element) {
$pluginId = $p->id;
$args = array(&$user, &$params, &$postdata);
/** @noinspection PhpUndefinedCallbackInspection */
$return = $_PLUGINS->call($pluginId, 'executeTask', 'getcbsubs' . $pluginName . 'Tab', $args, null);
break;
}
}
}
} elseif ($act && !in_array($act, array('showbskt', 'setbsktpmtmeth')) && (int) cbGetParam($_GET, 'user', 0) > 0) {
if (!is_object($user)) {
return CBPTXT::T("User does not exist.");
}
$params = $this->params;
$post_user_id = (int) cbGetParam($_GET, 'user', 0);
if ($post_user_id && ($user->id == $post_user_id || cbpaidApp::authoriseAction('cbsubs.usersubscriptionmanage'))) {
outputCbTemplate();
$this->base->outputRegTemplate();
outputCbJs();
switch ($act) {
case 'showinvoice':
if ($params->get('show_invoices', 1)) {
$invoiceNo = $this->base->_getReqParam('invoice', 0);
// This also checks for cbpaidApp::authoriseAction on cbsubs.sales or cbsubs.financial access permissions:
$return = $this->showInvoice($invoiceNo, $user);
} else {
$this->base->_setErrorMSG(CBPTXT::T("Not authorized action"));
}
break;
case 'showinvoiceslist':
$showInvoices = $params->get('show_invoices', 1);
$invoicesShowPeriod = $params->get('invoices_show_period', '0000-06-00 00:00:00');
$itsmyself = $_CB_framework->myId() == $user->id;
if ($showInvoices && ($itsmyself || (cbpaidApp::authoriseAction('cbsubs.sales') || cbpaidApp::authoriseAction('cbsubs.financial')))) {
$subscriptionsGUI = new cbpaidControllerUI();
$invoices = $this->_getInvoices($user, $invoicesShowPeriod, false);
if ($invoicesShowPeriod && $invoicesShowPeriod != '0000-00-00 00:00:00') {
$cbpaidTimes = cbpaidTimes::getInstance();
$periodText = $cbpaidTimes->renderPeriod($invoicesShowPeriod, 1, false);
} else {
$periodText = '';
}
$return .= $subscriptionsGUI->showInvoicesList($invoices, $user, $itsmyself, $periodText);
} else {
$this->base->_setErrorMSG(CBPTXT::T("Not authorized action"));
}
break;
case 'editinvoiceaddress':
// this is the case of the initial edit address link
if ($params->get('invoicing_address_query') > 0) {
$basketId = $this->base->_getReqParam('basket', 0);
$hashToCheck = $this->base->_getReqParam('bck');
$paymentBasket = new cbpaidPaymentBasket($_CB_database);
if ($basketId && $paymentBasket->load((int) $basketId) && $paymentBasket->payment_status == 'NotInitiated' && $hashToCheck == $paymentBasket->checkHashUser($hashToCheck)) {
$return = $paymentBasket->renderInvoicingAddressForm($user);
} else {
$this->base->_setErrorMSG(CBPTXT::T("No unpaid payment basket found."));
}
} else {
$this->base->_setErrorMSG(CBPTXT::T("Not authorized action"));
}
break;
case 'showrecordpayment':
$paymentBasketId = $this->base->_getReqParam('recordpayment', 0);
if ($paymentBasketId) {
$paymentBasket = new cbpaidPaymentBasket();
if ($paymentBasket->load((int) $paymentBasketId) && $paymentBasket->authoriseAction('cbsubs.recordpayments')) {
// Auto-loads class: and authorization is checked inside:
$return = cbpaidRecordBasketPayment::displayRecordPaymentForm($paymentBasketId);
} else {
$this->base->_setErrorMSG(CBPTXT::T("Not authorized action"));
}
} else {
$this->base->_setErrorMSG(CBPTXT::T("Not authorized action"));
}
break;
default:
$this->base->_setErrorMSG(CBPTXT::T("Not authorized action"));
break;
}
}
} elseif ($act == 'showbskt' && (int) cbGetParam($_GET, 'user', 0) > 0 || $this->base->_getReqParam('bskt', 0) && $this->base->_getReqParam('bck')) {
$basketId = $this->base->_getReqParam('bskt', 0);
$hashToCheck = $this->base->_getReqParam('bck');
// Basket integrations saving/editing url:
if (in_array($act, array('saveeditbasketintegration', 'editbasketintegration'))) {
// edit is the case of edit or reload of integration form
$integration = $this->base->_getReqParam('integration');
$paymentBasket = new cbpaidPaymentBasket($_CB_database);
if (preg_match('/^[a-z]+$/', $integration) && $basketId && $paymentBasket->load((int) $basketId) && $paymentBasket->payment_status == 'NotInitiated' && $hashToCheck == $paymentBasket->checkHashUser($hashToCheck)) {
global $_PLUGINS;
$element = 'cbsubs.' . $integration;
$_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin', $element);
$results = $_PLUGINS->trigger('onCPayEditBasketIntegration', array($integration, $act, &$paymentBasket));
$return = null;
foreach ($results as $r) {
if ($r) {
$return .= $r;
}
}
if ($act == 'editbasketintegration') {
if ($return !== null) {
return $return;
}
}
} else {
$this->base->_setErrorMSG(CBPTXT::T("No unpaid payment basket found."));
}
}
$post_user_id = (int) cbGetParam($_GET, 'user', 0);
if ($post_user_id && !(is_object($user) && $user->id == $post_user_id)) {
return CBPTXT::T("User does not exist.");
}
outputCbTemplate();
$this->base->outputRegTemplate();
outputCbJs();
$params = $this->params;
$paymentBasket = new cbpaidPaymentBasket($_CB_database);
if ($basketId && $paymentBasket->load((int) $basketId) && $paymentBasket->payment_status == 'NotInitiated') {
if (!$post_user_id) {
$cbUser = CBuser::getInstance((int) $paymentBasket->user_id);
$user = $cbUser->getUserData();
if (!is_object($user) || !$user->id) {
return CBPTXT::T("User does not exist.");
}
}
if ($hashToCheck && $hashToCheck == $paymentBasket->checkHashUser($hashToCheck) || !$hashToCheck && $paymentBasket->user_id && $paymentBasket->user_id == $_CB_framework->myId()) {
$introText = CBPTXT::Th($params->get('intro_text', null));
$return .= cbpaidControllerOrder::showBasketForPayment($user, $paymentBasket, $introText);
} else {
$this->base->_setErrorMSG(CBPTXT::T("Not authorized action"));
}
} else {
$this->base->_setErrorMSG(CBPTXT::T("No unpaid payment basket found."));
}
// } elseif ( isset($_REQUEST['result']) && isset( $_REQUEST['user'] ) && ( $_REQUEST['user'] > 0 ) ) {
} elseif (isset($_REQUEST['result']) && ($this->base->_getReqParam('method') || $this->base->_getReqParam('gacctno'))) {
// don't check license here so initiated payments can complete !
$params = $this->params;
$method = $this->base->_getReqParam('method');
if ($method == 'freetrial' || $method == 'cancelpay') {
cbpaidApp::import('processors.freetrial.freetrial');
cbpaidApp::import('processors.cancelpay.cancelpay');
$className = 'cbpaidGatewayAccount' . $method;
$payAccount = new $className($_CB_database);
} else {
$gateAccount = $this->base->_getReqParam('gacctno');
$payAccount = cbpaidControllerPaychoices::getInstance()->getPayAccount($gateAccount);
if (!$payAccount) {
return '';
}
}
$payClass = $payAccount->getPayMean();
$paymentBasket = new cbpaidPaymentBasket($_CB_database);
if ($payClass && ($this->base->_getReqParam('method') == $payClass->getPayName() || $this->base->_getReqParam('method') == null) && $payClass->hashPdtBackCheck($this->base->_getReqParam('pdtback'))) {
// output for resultNotification: $return and $allowHumanHtmlOutput
$return = $payClass->resultNotification($paymentBasket, $postdata, $allowHumanHtmlOutput);
}
if (!$paymentBasket->id) {
$this->base->_setErrorMSG(CBPTXT::T("No suitable basket found."));
} else {
$user = CBuser::getUserDataInstance((int) $paymentBasket->user_id);
if ($paymentBasket->payment_status == 'RegistrationCancelled') {
// registration cancelled: delete payment basket and delete user after checking that he is not yet active:
if ($paymentBasket->load((int) $paymentBasket->id)) {
if ($payClass->hashPdtBackCheck($this->base->_getReqParam('pdtback')) && ($paymentBasket->payment_status == 'NotInitiated' || $paymentBasket->payment_status === 'Pending' && $paymentBasket->payment_method === 'offline')) {
$notification = new cbpaidPaymentNotification();
$notification->initNotification($payClass, 0, 'P', $paymentBasket->payment_status, $paymentBasket->payment_type, null, $_CB_framework->now(), $paymentBasket->charset);
$payClass->updatePaymentStatus($paymentBasket, 'web_accept', 'RegistrationCancelled', $notification, 0, 0, 0, true);
// This is a notification or a return to site after payment, we want to log any error happening in third-party stuff in case:
cbpaidErrorHandler::keepTurnedOn();
}
}
}
if ($allowHumanHtmlOutput) {
// If frontend, we display result, otherwise, If Server-to-server notification: do not display any additional text here !
switch ($paymentBasket->payment_status) {
case 'Completed':
// PayPal recommends including the following information with the confirmation:
// - Item name
// - Amount paid
// - Payer email
// - Shipping address
$newMsg = sprintf(CBPTXT::Th("Thank you for your payment of %s for the %s %s."), $paymentBasket->renderPrice(), $paymentBasket->item_name, htmlspecialchars($payClass->getTxtUsingAccount($paymentBasket))) . ' ' . $payClass->getTxtNextStep($paymentBasket);
// . "Your transaction has been completed, and a receipt for your purchase has been emailed to you by PayPal. "
// . "You may log into your account at www.paypal.com to view details of this transaction.</p>\n";
if ($params->get('show_invoices')) {
$itsmyself = $_CB_framework->myId() == $user->id;
$subscriptionsGUI = new cbpaidControllerUI();
$newMsg .= '<p id="cbregviewinvoicelink">' . $subscriptionsGUI->getInvoiceShowAhtml($paymentBasket, $user, $itsmyself, CBPTXT::Th("View printable invoice")) . '</p>';
}
$paid = true;
break;
case 'Pending':
$newMsg = sprintf(CBPTXT::Th("Thank you for initiating the payment of %s for the %s %s."), $paymentBasket->renderPrice(), $paymentBasket->item_name, htmlspecialchars($payClass->getTxtUsingAccount($paymentBasket))) . ' ' . $payClass->getTxtNextStep($paymentBasket);
// . "Your payment is currently being processed. "
// . "A receipt for your purchase will be emailed to you by PayPal once processing is complete. "
// . "You may log into your account at www.paypal.com to view status details of this transaction.</p>\n";
break;
case 'RegistrationCancelled':
$newMsg = $payClass->getTxtNextStep($paymentBasket);
break;
case 'FreeTrial':
$newMsg = CBPTXT::Th("Thank you for subscribing to") . ' ' . $paymentBasket->item_name . '.' . ' ' . $payClass->getTxtNextStep($paymentBasket);
break;
case null:
$newMsg = CBPTXT::T("Payment basket does not exist.");
break;
case 'NotInitiated':
$newMsg = '';
break;
case 'RedisplayOriginalBasket':
if ($paymentBasket->load((int) $paymentBasket->id) && $paymentBasket->payment_status == 'NotInitiated') {
$introText = CBPTXT::Th($params->get('intro_text', null));
$return .= cbpaidControllerOrder::showBasketForPayment($user, $paymentBasket, $introText);
}
$newMsg = '';
break;
case 'Processed':
case 'Denied':
case 'Reversed':
case 'Refunded':
case 'Partially-Refunded':
default:
$newMsg = $payClass->getTxtNextStep($paymentBasket);
// "<p>Your transaction is not cleared and has currently following status: <strong>" . $paymentBasket->payment_status . ".</strong></p>"
// . "<p>You may log into your account at www.paypal.com to view status details of this transaction.</p>";
break;
}
if (in_array($paymentBasket->payment_status, array('Completed', 'Pending'))) {
$subscriptions = $paymentBasket->getSubscriptions();
$texts = array();
// avoid repeating several times identical texts:
if (is_array($subscriptions)) {
foreach ($subscriptions as $sub) {
/** @var $sub cbpaidSomething */
$thankYouParam = $paymentBasket->payment_status == 'Completed' ? 'thankyoutextcompleted' : 'thankyoutextpending';
$thankYouText = $sub->getPersonalized($thankYouParam, true);
if ($thankYouText && !in_array($thankYouText, $texts)) {
$texts[] = $thankYouText;
if (strpos($thankYouText, '<') === false) {
$msgTag = 'p';
} else {
$msgTag = 'div';
}
$newMsg .= '<' . $msgTag . ' class="cbregThanks" id="cbregThanks' . $sub->plan_id . '">' . $thankYouText . '</' . $msgTag . ">\n";
}
}
}
}
if ($newMsg) {
$return .= '<div>' . $newMsg . '</div>';
}
if ($paid && $_CB_framework->myId() < 1 && cbGetParam($_REQUEST, 'user', 0) == $paymentBasket->user_id) {
$_CB_database->setQuery("SELECT * FROM #__comprofiler c, #__users u WHERE c.id=u.id AND c.id=" . (int) $paymentBasket->user_id);
if ($_CB_database->loadObject($user) && $user->lastvisitDate == '0000-00-00 00:00:00') {
$return = '<p>' . implode('', getActivationMessage($user, 'UserRegistration')) . '</p>' . $return;
}
}
}
}
} else {
cbNotAuth();
return ' ' . CBPTXT::T("No result.");
}
if ($allowHumanHtmlOutput) {
$allErrorMsgs = $this->base->getErrorMSG('</div><div class="error">');
if ($allErrorMsgs) {
$errorMsg = '<div class="error">' . $allErrorMsgs . '</div>';
} else {
$errorMsg = null;
}
/** @var string $return */
if ($return == '' && $errorMsg && isset($paymentBasket)) {
$this->base->outputRegTemplate();
$return = $errorMsg . '<br /><br />' . $return;
$return .= cbpaidControllerOrder::showBasketForPayment($user, $paymentBasket, '');
} else {
$return = $errorMsg . $return;
}
}
if (!is_null($oldignoreuserabort)) {
ignore_user_abort($oldignoreuserabort);
}
return $return;
}
