/**
* Loads all (published) plans from database in a way which is ordered as a tree
*
* @param int $owner reflecting the user needing to see plan (NULL: means all plans)
* @param boolean $enabled TRUE if to load only published plans
* @param array $currency Currency of payment that must be accepted
* @return cbpaidGatewayAccount[]
*/
public function loadEnabledAccounts($owner = 0, $enabled = true, $currency = null)
{
static $_objects = array();
if (!isset($_objects[$enabled][$owner])) {
$sql = "SELECT a.* FROM `" . $this->_tbl . "` AS a";
$where = array();
if ($enabled) {
$where[] = "a.enabled > 0";
}
if ($owner !== null) {
$where[] = "a.owner = " . (int) $owner;
}
$where[] = "a.viewaccesslevel IN " . $this->_db->safeArrayOfIntegers(Application::MyUser()->getAuthorisedViewLevels());
if (count($where) > 0) {
$sql .= "\n WHERE " . implode(" AND ", $where);
}
$sql .= "\n ORDER BY a.`ordering` ASC";
$this->_db->setQuery($sql);
$_objects[$enabled][$owner] = $this->_loadTrueObjects($this->_tbl_key);
}
if ($currency) {
// A currency has been specified: we need to filter available gateways by their list of accepted currencies:
$acts = array();
foreach ($_objects[$enabled][$owner] as $k => $v) {
/** @noinspection PhpUndefinedMethodInspection */
if ($_objects[$enabled][$owner][$k]->acceptsCurrency($currency)) {
$acts[] = $_objects[$enabled][$owner][$k];
}
}
return $acts;
} else {
return $_objects[$enabled][$owner];
}
}
private function canAjax( &$field, &$user, $output, $reason, $ignoreEmpty = false )
{
global $_CB_framework, $ueConfig;
if ( ( $_CB_framework->getUi() == 1 ) && ( $output == 'html' ) && ( $reason == 'profile' ) && ( $field instanceof FieldTable ) && ( $user instanceof UserTable ) ) {
if ( ! ( $field->params instanceof ParamsInterface ) ) {
$params = new Registry( $field->params );
} else {
$params = $field->params;
}
$value = $user->get( $field->get( 'name' ) );
$notEmpty = ( ( ! ( ( $value === null ) || ( $value === '' ) ) ) || $ueConfig['showEmptyFields'] || cbReplaceVars( CBTxt::T( $field->params->get( 'ajax_placeholder' ) ), $user ) );
$readOnly = $field->get( 'readonly' );
if ( $field->get( 'name' ) == 'username' ) {
if ( ! $ueConfig['usernameedit'] ) {
$readOnly = true;
}
}
if ( ( ! $field->get( '_noAjax', false ) ) && ( ! $readOnly ) && ( $notEmpty || $ignoreEmpty )
&& $params->get( 'ajax_profile', 0 ) && Application::MyUser()->canViewAccessLevel( (int) $params->get( 'ajax_profile_access', 2 ) )
&& ( ! cbCheckIfUserCanPerformUserTask( $user->get( 'id' ), 'allowModeratorsUserEdit' ) )
) {
return true;
}
}
return false;
}
/**
* @param null $tab
* @param UserTable $user
* @param int $ui
* @param array $postdata
*/
public function getCBpluginComponent($tab, $user, $ui, $postdata)
{
global $_CB_framework, $_PLUGINS, $_CB_PMS;
cbSpoofCheck('plugin');
$id = $this->input('id', null, GetterInterface::INT);
$user = CBuser::getMyUserDataInstance();
if (!$id) {
cbRedirect($_CB_framework->userProfileUrl($user->get('id'), false, 'getmypmsproTab'), CBTxt::T('SEND_PMS_MISSING_TO_USER', 'Private message failed to send! Error: Missing to user'), 'error');
}
$profileUrl = $_CB_framework->userProfileUrl($id, false, 'getmypmsproTab');
if (!$user->get('id')) {
cbRedirect($profileUrl, CBTxt::T('Not authorized.'), 'error');
}
if ($id == $user->get('id')) {
cbRedirect($profileUrl, CBTxt::T('SEND_PMS_ERROR_SELF', 'Private message failed to send! Error: You can not send a private message to your self'), 'error');
}
$tab = new TabTable();
$tab->load(array('pluginclass' => 'getmypmsproTab'));
if (!($tab->enabled && Application::MyUser()->canViewAccessLevel($tab->viewaccesslevel))) {
cbRedirect($profileUrl, CBTxt::T('Not authorized.'), 'error');
}
$subject = $this->input('subject', null, GetterInterface::STRING);
$message = $this->input('message', null, GetterInterface::STRING);
$send = $_CB_PMS->sendPMSMSG($id, $user->get('id'), $subject, $message, false);
if (is_array($send) && count($send) > 0) {
$result = $send[0];
} else {
$result = false;
}
if ($result) {
cbRedirect($profileUrl, CBTxt::T('SEND_PMS_SUCCESS', 'Private message sent successfully!'));
} else {
cbRedirect($profileUrl, $_PLUGINS->getErrorMSG(), 'error');
}
}
/**
* If table key (id) is NULL : inserts a new row
* otherwise updates existing row in the database table
*
* Can be overridden or overloaded by the child class
*
* @param boolean $updateNulls TRUE: null object variables are also updated, FALSE: not.
* @return boolean TRUE if successful otherwise FALSE
*/
public function store($updateNulls = false)
{
$key = $this->_tbl_key;
if (!$this->{$key}) {
$this->event_time = $this->_db->getUtcDateTime();
$this->user_id = Application::MyUser()->getUserId();
$this->ip_addresses = cbpaidRequest::getIPlist();
$this->log_version = 1;
}
return parent::store($updateNulls);
}
/**
* @param null $tab
* @param UserTable $user
* @param int $ui
* @param array $postdata
*/
public function getCBpluginComponent( $tab, $user, $ui, $postdata )
{
global $_CB_framework;
outputCbJs( 1 );
outputCbTemplate( 1 );
$action = $this->input( 'action', null, GetterInterface::STRING );
$function = $this->input( 'func', null, GetterInterface::STRING );
$id = $this->input( 'id', null, GetterInterface::INT );
$user = CBuser::getMyUserDataInstance();
$tab = new TabTable();
$tab->load( array( 'pluginclass' => 'cbinvitesTab' ) );
$profileUrl = $_CB_framework->userProfileUrl( $user->get( 'id' ), false, 'cbinvitesTab' );
if ( ! ( $tab->enabled && Application::MyUser()->canViewAccessLevel( $tab->viewaccesslevel ) ) ) {
cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' );
}
ob_start();
switch ( $action ) {
case 'preparaty':
switch ( $function ) {
case 'delete':
$this->deletePreparaty( $id, $user );
break;
}
break;
default:
cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' );
break;
}
$html = ob_get_contents();
ob_end_clean();
$class = $this->params->get( 'general_class', null );
$return = '<div id="cbInvites" class="cbInvites' . ( $class ? ' ' . htmlspecialchars( $class ) : null ) . '">'
. '<div id="cbInvitesInner" class="cbInvitesInner">'
. $html
. '</div>'
. '</div>';
echo $return;
}
/**
* Cleans the field value by type in a secure way for SQL
*
* @param mixed $fieldValue
* @param string $type const,sql,param : string,int,float,datetime,formula
* @param GetterInterface $pluginParams
* @param DatabaseDriverInterface $db
* @param array|null $extDataModels
* @return string|boolean STRING: sql-safe value, Quoted or type-casted to int or float, or FALSE in case of type error
*/
public static function sqlCleanQuote($fieldValue, $type, GetterInterface $pluginParams, DatabaseDriverInterface $db, array $extDataModels = null)
{
$typeArray = explode(':', $type, 3);
if (count($typeArray) < 2) {
$typeArray = array('const', $type);
}
if ($typeArray[0] == 'param') {
$fieldValue = $pluginParams->get($fieldValue);
} elseif ($typeArray[0] == 'user') {
// TODO: Change this to use Inversion Of Control, and allow XML valuetypes to be extended dynamically (e.g. instead of calling specifically CBLib\CB\User or similar when available, it is CB that adds the type and a closure to handle that type.
if ($fieldValue == 'viewaccesslevels') {
$fieldValue = Application::MyUser()->getAuthorisedViewLevels();
} else {
if ($fieldValue == 'usergroups') {
$fieldValue = Application::MyUser()->getAuthorisedGroups(false);
} else {
$fieldValue = \CBuser::getMyUserDataInstance()->get($fieldValue);
}
}
} elseif (in_array($typeArray[0], array('request', 'get', 'post', 'cookie', 'cbcookie', 'session', 'server', 'env'))) {
$fieldValue = self::_globalConv($typeArray[0], $fieldValue);
} elseif ($typeArray[0] == 'ext') {
if (isset($typeArray[2]) && $extDataModels && isset($extDataModels[$typeArray[2]])) {
$model = $extDataModels[$typeArray[2]];
if (is_object($model)) {
if ($model instanceof ParamsInterface) {
$fieldValue = $model->get($fieldValue);
} elseif (isset($model->{$fieldValue})) {
$fieldValue = $model->{$fieldValue};
}
} elseif (is_array($model)) {
if (isset($model[$fieldValue])) {
$fieldValue = $model[$fieldValue];
}
} else {
$fieldValue = $model;
}
} else {
trigger_error('SQLXML::sqlCleanQuote: ERROR: ext valuetype "' . htmlspecialchars($type) . '" has not been setExternalDataTypeValues.', E_USER_NOTICE);
}
// } elseif ( ( $typeArray[0] == 'const' ) || ( $cnt_valtypeArray[0] == 'sql' ) {
// $fieldValue = $fieldValue;
}
if (is_array($fieldValue)) {
return self::cleanArrayType($fieldValue, $typeArray[1], $db);
}
return self::cleanScalarType($fieldValue, $typeArray[1], $db);
}
/**
* Gets articles
*
* @param int[] $paging
* @param string $where
* @param UserTable $viewer
* @param UserTable $user
* @param PluginTable $plugin
* @return Table[]
*/
public static function getArticles($paging, $where, $viewer, $user, $plugin)
{
global $_CB_database;
$categories = $plugin->params->get('article_k2_category', null);
$query = 'SELECT a.*' . ', b.' . $_CB_database->NameQuote('id') . ' AS category' . ', b.' . $_CB_database->NameQuote('name') . ' AS category_title' . ', b.' . $_CB_database->NameQuote('published') . ' AS category_published' . ', b.' . $_CB_database->NameQuote('alias') . ' AS category_alias' . "\n FROM " . $_CB_database->NameQuote('#__k2_items') . " AS a" . "\n LEFT JOIN " . $_CB_database->NameQuote('#__k2_categories') . " AS b" . ' ON b.' . $_CB_database->NameQuote('id') . ' = a.' . $_CB_database->NameQuote('catid') . "\n WHERE a." . $_CB_database->NameQuote('created_by') . " = " . (int) $user->get('id') . "\n AND a." . $_CB_database->NameQuote('published') . " = 1" . "\n AND a." . $_CB_database->NameQuote('trash') . " = 0" . "\n AND a." . $_CB_database->NameQuote('access') . " IN " . $_CB_database->safeArrayOfIntegers(Application::MyUser()->getAuthorisedViewLevels()) . "\n AND b." . $_CB_database->NameQuote('published') . " = 1" . "\n AND b." . $_CB_database->NameQuote('trash') . " = 0" . "\n AND b." . $_CB_database->NameQuote('access') . " IN " . $_CB_database->safeArrayOfIntegers(Application::MyUser()->getAuthorisedViewLevels());
if ($categories) {
$categories = explode('|*|', $categories);
cbArrayToInts($categories);
$query .= "\n AND a." . $_CB_database->NameQuote('catid') . " NOT IN ( " . implode(',', $categories) . " )";
}
$query .= $where . "\n ORDER BY a." . $_CB_database->NameQuote('created') . " DESC";
if ($paging) {
$_CB_database->setQuery($query, $paging[0], $paging[1]);
} else {
$_CB_database->setQuery($query);
}
return $_CB_database->loadObjectList(null, '\\CBLib\\Database\\Table\\Table', array(null, '#__k2_items', 'id'));
}
/**
* Checks user access permission
*
* @param int $userIdPosted
* @return null|string
*/
private function _authorizedEdit($userIdPosted)
{
global $_CB_framework;
$iAmAdmin = Application::MyUser()->isSuperAdmin();
if (!$iAmAdmin) {
if (Application::MyUser()->isAuthorizedToPerformActionOnAsset('core.manage', 'com_users')) {
if ($userIdPosted == 0) {
$action = 'core.create';
} elseif ($userIdPosted == $_CB_framework->myId()) {
$action = 'core.edit.own';
} else {
$action = 'core.edit';
}
$iAmAdmin = Application::MyUser()->isAuthorizedToPerformActionOnAsset($action, 'com_users') && !Application::User((int) $userIdPosted)->isSuperAdmin();
}
}
if (!$iAmAdmin) {
return CBTxt::T("Not Authorized");
} else {
return null;
}
}
function deleteUsers($cid, $inComprofilerOnly = false)
{
global $_CB_framework;
$msg = null;
if (!Application::MyUser()->isAuthorizedToPerformActionOnAsset('core.admin', 'com_comprofiler')) {
$msg = CBTxt::T('You cannot delete a user. Only higher-level users have this power.');
}
if (!$msg && is_array($cid) && count($cid)) {
new cbTabs(0, 2, null, false);
// loads plugins
foreach ($cid as $id) {
$obj = null;
if (!$inComprofilerOnly) {
$obj =& $_CB_framework->_getCmsUserObject((int) $id);
}
if ($obj !== null || $inComprofilerOnly) {
// Just a double-check as framework checks that too:
if ($_CB_framework->myId() != $id && ($obj === null || !(Application::User((int) $id)->isSuperAdmin() && !Application::MyUser()->isSuperAdmin()))) {
// delete user
$result = cbDeleteUser($id, null, $inComprofilerOnly);
if ($result === null) {
$msg .= CBTxt::T('User not found');
} elseif (is_string($result) && $result != "") {
$msg .= $result;
}
} else {
// cannot delete Super Admin where it is the only one that exists
$msg .= CBTxt::T('You cannot delete yourself nor a Super Administrator without being Super Administrator');
}
} else {
$msg .= CBTxt::T('User not found');
}
}
}
return $msg;
}
/**
* Check for authorization to perform an action on an asset.
*
* $action:
* Configure core.admin
* Access component core.manage
* Create core.create
* Delete core.delete
* Edit core.edit
* Edit State core.edit.state (e.g. block users and get CB/users administration mails)
* Edit Own core.edit.own
*
* Baskets:
* Pay: baskets.pay
* Record payment baskets.recordpayment
* Refund: baskets.refund
*
* $assetname:
* 'com_comprofiler.plugin.cbsubs' (default) : For all CBSubs aspects except user management
* '.plan.id' : For plan number id
* 'com_users' : For all user management aspects (except core.manage, left for deactivating core Joomla User)
* null : For global super-user rights check: ( 'core.admin', null )
*
* @since 2.0
*
* @param string $action Action to perform: core.admin, core.manage, core.create, core.delete, core.edit, core.edit.state, core.edit.own, ...
* @param string $assetName OPTIONAL: asset name e.g. "com_comprofiler.plugin.$pluginId" or "com_users", or null for global rights
* @return boolean|null True: Authorized, False: Not Authorized, Null: Default (not authorized
* @throws \InvalidArgumentException
*/
public static function authoriseAction($action, $assetName = 'root')
{
global $_CB_framework;
if (!$assetName) {
trigger_error(CBTxt::T('ACTION_MISSING_ASSET_NAME', '[action] missing asset name', array('[action]' => $action)), E_USER_NOTICE);
$assetName = 'com_cbsubs';
// CBSubs GPL 3.0.0 is the only ones that will ever need that !
}
static $cache = array();
$myId = $_CB_framework->myId();
if (!isset($cache[$myId][$assetName][$action])) {
if (Application::MyUser()->isSuperAdmin()) {
// Super Admins have all rights:
$authorized = true;
} else {
// Send null asset name if requesting root permissions:
if ($assetName == 'root') {
$assetName = null;
}
$authorized = Application::MyUser()->isAuthorizedToPerformActionOnAsset($action, $assetName);
}
$cache[$myId][$assetName][$action] = $authorized;
}
return $cache[$myId][$assetName][$action];
}
<?php
/**
* Community Builder (TM)
* @version $Id: $
* @package CommunityBuilder
* @copyright (C) 2004-2015 www.joomlapolis.com / Lightning MultiCom SA - and its licensors, all rights reserved
* @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU/GPL version 2
*/
use CBLib\Application\Application;
use CBLib\Language\CBTxt;
if (!(defined('_VALID_CB') || defined('_JEXEC') || defined('_VALID_MOS'))) {
die('Direct Access to this location is not allowed.');
}
if (Application::MyUser()->isAuthorizedToPerformActionOnAsset('core.manage', 'com_comprofiler')) {
if ($params->get('menu_cb', 1) && file_exists($_CB_framework->getCfg('absolute_path') . '/components/com_comprofiler')) {
$prevStateBase = 'option=com_comprofiler';
$cbMenu = array();
$cbMenu['component'] = array('title' => CBTxt::Th('Community Builder'));
$cbMenu['menu'] = array(array('title' => CBTxt::Th('Control Panel'), 'link' => $_CB_framework->backendViewUrl(null), 'icon' => 'cb-control_panel'), array('title' => CBTxt::Th('User Management'), 'link' => $_CB_framework->backendViewUrl('showusers'), 'access' => array('core.manage', 'com_users'), 'icon' => 'cb-user_management', 'submenu' => array(array('title' => CBTxt::Th('Add New User'), 'link' => $_CB_framework->backendViewUrl('new', true, array('cbprevstate' => base64_encode($prevStateBase . '&view=showusers'))), 'access' => array('core.create', 'com_users'), 'icon' => 'cb-new'))), array('title' => CBTxt::Th('Tab Management'), 'link' => $_CB_framework->backendViewUrl('showTab'), 'access' => array('core.manage', 'com_comprofiler.tabs'), 'icon' => 'cb-tab_management', 'submenu' => array(array('title' => CBTxt::Th('Add New Tab'), 'link' => $_CB_framework->backendViewUrl('editrow', true, array('table' => 'tabsbrowser', 'action' => 'editrow', 'cbprevstate' => base64_encode($prevStateBase . '&view=showTab'))), 'access' => array(array('core.create', 'core.edit'), 'com_comprofiler.tabs'), 'icon' => 'cb-new'))), array('title' => CBTxt::Th('Field Management'), 'link' => $_CB_framework->backendViewUrl('showField'), 'access' => array('core.manage', 'com_comprofiler.fields'), 'icon' => 'cb-field_management', 'submenu' => array(array('title' => CBTxt::Th('Add New Field'), 'link' => $_CB_framework->backendViewUrl('editrow', true, array('table' => 'fieldsbrowser', 'action' => 'editrow', 'cbprevstate' => base64_encode($prevStateBase . '&view=showField'))), 'access' => array(array('core.create', 'core.edit'), 'com_comprofiler.fields'), 'icon' => 'cb-new'))), array('title' => CBTxt::Th('List Management'), 'link' => $_CB_framework->backendViewUrl('showLists'), 'access' => array('core.manage', 'com_comprofiler.lists'), 'icon' => 'cb-list_management', 'submenu' => array(array('title' => CBTxt::Th('Add New List'), 'link' => $_CB_framework->backendViewUrl('editrow', true, array('table' => 'listsbrowser', 'action' => 'editrow', 'cbprevstate' => base64_encode($prevStateBase . '&view=showLists'))), 'access' => array(array('core.create', 'core.edit'), 'com_comprofiler.lists'), 'icon' => 'cb-new'))), array('title' => CBTxt::Th('Plugin Management'), 'link' => $_CB_framework->backendViewUrl('showPlugins'), 'access' => array('core.manage', 'com_comprofiler.plugins'), 'icon' => 'cb-plugin_management', 'submenu' => array(array('title' => CBTxt::Th('Install New Plugin'), 'link' => $_CB_framework->backendViewUrl('installcbplugin', true, array('cbprevstate' => base64_encode($prevStateBase . '&view=showPlugins'))), 'access' => array('core.admin', 'root'), 'icon' => 'cb-upload'))), array('title' => CBTxt::Th('Tools'), 'link' => $_CB_framework->backendViewUrl('tools', true, array('cbprevstate' => base64_encode($prevStateBase))), 'access' => array('core.manage', 'com_comprofiler.tools'), 'icon' => 'cb-tools'), array('title' => CBTxt::Th('Configuration'), 'link' => $_CB_framework->backendViewUrl('showconfig', true, array('cbprevstate' => base64_encode($prevStateBase))), 'access' => array('core.admin', 'com_comprofiler'), 'icon' => 'cb-configuration'), array('title' => CBTxt::Th('Credits'), 'link' => $_CB_framework->backendViewUrl('credits', true, array('cbprevstate' => base64_encode($prevStateBase))), 'icon' => 'cb-credits'));
$menu[] = $cbMenu;
}
if ($params->get('menu_cbsubs', 1) && file_exists($_CB_framework->getCfg('absolute_path') . '/components/com_comprofiler/plugin/user/plug_cbpaidsubscriptions')) {
$query = 'SELECT ' . $_CB_database->NameQuote('id') . "\n FROM " . $_CB_database->NameQuote('#__comprofiler_plugin') . "\n WHERE " . $_CB_database->NameQuote('element') . ' = ' . $_CB_database->Quote('cbpaidsubscriptions');
$_CB_database->setQuery($query, 0, 1);
$pluginId = $_CB_database->loadResult();
if ($pluginId) {
$prevStateBase = 'option=com_comprofiler&view=editPlugin&pluginid=' . (int) $pluginId;
$cbsubsMenu = array();
$cbsubsMenu['component'] = array('title' => CBTxt::Th('Paid Subscriptions'));
$cbsubsMenu['menu'] = array(array('title' => CBTxt::Th('Payments Center'), 'link' => $_CB_framework->backendViewUrl('editPlugin', true, array('cid' => $pluginId)), 'icon' => 'cbsubs-payments_center'), array('title' => CBTxt::Th('Settings'), 'link' => $_CB_framework->backendViewUrl('editPlugin', true, array('cid' => $pluginId, 'action' => 'showparams', 'cbprevstate' => base64_encode($prevStateBase))), 'access' => array('cbsubs.settings', 'com_cbsubs'), 'icon' => 'cbsubs-settings'), array('title' => CBTxt::Th('Gateways'), 'link' => $_CB_framework->backendViewUrl('editPlugin', true, array('cid' => $pluginId, 'action' => 'showtable', 'table' => 'gateways', 'cbprevstate' => base64_encode($prevStateBase))), 'access' => array('cbsubs.gateways', 'com_cbsubs'), 'icon' => 'cbsubs-gateways', 'submenu' => array(array('title' => CBTxt::Th('Add New Gateway'), 'link' => $_CB_framework->backendViewUrl('editPlugin', true, array('cid' => $pluginId, 'action' => 'editrow', 'table' => 'gatewaysbrowser', 'cbprevstate' => base64_encode($prevStateBase . '&action=showtable&table=gateways'))), 'access' => array('cbsubs.gateways', 'com_cbsubs'), 'icon' => 'cb-new'))), array('title' => CBTxt::Th('Plans'), 'link' => $_CB_framework->backendViewUrl('editPlugin', true, array('cid' => $pluginId, 'action' => 'showtable', 'table' => 'plans', 'cbprevstate' => base64_encode($prevStateBase))), 'access' => array('cbsubs.marketing', 'com_cbsubs'), 'icon' => 'cbsubs-plans', 'submenu' => array(array('title' => CBTxt::Th('Add New Plan'), 'link' => $_CB_framework->backendViewUrl('editPlugin', true, array('cid' => $pluginId, 'action' => 'editrow', 'table' => 'plansbrowser', 'cbprevstate' => base64_encode($prevStateBase . '&action=showtable&table=plans'))), 'access' => array('cbsubs.marketing', 'com_cbsubs'), 'icon' => 'cb-new'))), array('title' => CBTxt::Th('Subscriptions'), 'link' => $_CB_framework->backendViewUrl('editPlugin', true, array('cid' => $pluginId, 'action' => 'showtable', 'table' => 'subscriptions', 'cbprevstate' => base64_encode($prevStateBase))), 'access' => array('cbsubs.usersubscriptionview', 'com_cbsubs'), 'icon' => 'cbsubs-subscriptions'), array('title' => CBTxt::Th('Baskets'), 'link' => $_CB_framework->backendViewUrl('editPlugin', true, array('cid' => $pluginId, 'action' => 'showtable', 'table' => 'paymentbaskets', 'cbprevstate' => base64_encode($prevStateBase))), 'access' => array(array('cbsubs.sales', 'cbsubs.financial'), 'com_cbsubs'), 'icon' => 'cbsubs-baskets'), array('title' => CBTxt::Th('Payments'), 'link' => $_CB_framework->backendViewUrl('editPlugin', true, array('cid' => $pluginId, 'action' => 'showtable', 'table' => 'payments', 'cbprevstate' => base64_encode($prevStateBase))), 'access' => array(array('cbsubs.sales', 'cbsubs.financial'), 'com_cbsubs'), 'icon' => 'cbsubs-payments'), array('title' => CBTxt::Th('Notifications'), 'link' => $_CB_framework->backendViewUrl('editPlugin', true, array('cid' => $pluginId, 'action' => 'showtable', 'table' => 'notifications', 'cbprevstate' => base64_encode($prevStateBase))), 'access' => array(array('cbsubs.settings', 'cbsubs.gateways', 'cbsubs.sales'), 'com_cbsubs'), 'icon' => 'cbsubs-notifications'), array('title' => CBTxt::Th('Currencies'), 'link' => $_CB_framework->backendViewUrl('editPlugin', true, array('cid' => $pluginId, 'action' => 'showtable', 'table' => 'currencies', 'cbprevstate' => base64_encode($prevStateBase))), 'access' => array(array('cbsubs.marketing', 'cbsubs.financial'), 'com_cbsubs'), 'icon' => 'cbsubs-currencies'), array('title' => CBTxt::Th('Statistics'), 'link' => $_CB_framework->backendViewUrl('editPlugin', true, array('cid' => $pluginId, 'action' => 'showstats', 'cbprevstate' => base64_encode($prevStateBase))), 'access' => array('cbsubs.financial', 'com_cbsubs'), 'icon' => 'cbsubs-statistics', 'submenu' => array(array('title' => CBTxt::Th('Payments Monthly'), 'link' => $_CB_framework->backendViewUrl('editPlugin', true, array('cid' => $pluginId, 'action' => 'showstatsmonthly', 'cbprevstate' => base64_encode($prevStateBase . '&action=showstats'))), 'access' => array('cbsubs.financial', 'com_cbsubs'), 'icon' => 'cbsubs-statistics_payments_monthly'), array('title' => CBTxt::Th('Payments Weekly'), 'link' => $_CB_framework->backendViewUrl('editPlugin', true, array('cid' => $pluginId, 'action' => 'showstatsweekly', 'cbprevstate' => base64_encode($prevStateBase . '&action=showstats'))), 'access' => array('cbsubs.financial', 'com_cbsubs'), 'icon' => 'cbsubs-statistics_payments_weekly'), array('title' => CBTxt::Th('Payments by Weekday'), 'link' => $_CB_framework->backendViewUrl('editPlugin', true, array('cid' => $pluginId, 'action' => 'showstatsdayofweek', 'cbprevstate' => base64_encode($prevStateBase . '&action=showstats'))), 'access' => array('cbsubs.financial', 'com_cbsubs'), 'icon' => 'cbsubs-statistics_payments_weekday'), array('title' => CBTxt::Th('Payments by Hour'), 'link' => $_CB_framework->backendViewUrl('editPlugin', true, array('cid' => $pluginId, 'action' => 'showstatshourofday', 'cbprevstate' => base64_encode($prevStateBase . '&action=showstats'))), 'access' => array('cbsubs.financial', 'com_cbsubs'), 'icon' => 'cbsubs-statistics_payments_hourly'), array('title' => CBTxt::Th('Payments by Country'), 'link' => $_CB_framework->backendViewUrl('editPlugin', true, array('cid' => $pluginId, 'action' => 'showstatscountrypayments', 'cbprevstate' => base64_encode($prevStateBase . '&action=showstats'))), 'access' => array('cbsubs.financial', 'com_cbsubs'), 'icon' => 'cbsubs-statistics_payments_country'), array('title' => CBTxt::Th('Payments Free Query'), 'link' => $_CB_framework->backendViewUrl('editPlugin', true, array('cid' => $pluginId, 'action' => 'showstatsfreequery', 'cbprevstate' => base64_encode($prevStateBase . '&action=showstats'))), 'access' => array('cbsubs.financial', 'com_cbsubs'), 'icon' => 'cbsubs-statistics_payments_query'), array('title' => CBTxt::Th('Sales Monthly'), 'link' => $_CB_framework->backendViewUrl('editPlugin', true, array('cid' => $pluginId, 'action' => 'showstatsitemsmonthly', 'cbprevstate' => base64_encode($prevStateBase . '&action=showstats'))), 'access' => array('cbsubs.financial', 'com_cbsubs'), 'icon' => 'cbsubs-statistics_sales_monthly'), array('title' => CBTxt::Th('Sales Weekly'), 'link' => $_CB_framework->backendViewUrl('editPlugin', true, array('cid' => $pluginId, 'action' => 'showstatsitemsweekly', 'cbprevstate' => base64_encode($prevStateBase . '&action=showstats'))), 'access' => array('cbsubs.financial', 'com_cbsubs'), 'icon' => 'cbsubs-statistics_sales_weekly'), array('title' => CBTxt::Th('Sales by Weekday'), 'link' => $_CB_framework->backendViewUrl('editPlugin', true, array('cid' => $pluginId, 'action' => 'showstatsitemsdayofweek', 'cbprevstate' => base64_encode($prevStateBase . '&action=showstats'))), 'access' => array('cbsubs.financial', 'com_cbsubs'), 'icon' => 'cbsubs-statistics_sales_weekday'))), array('title' => CBTxt::Th('Merchandise'), 'link' => $_CB_framework->backendViewUrl('editPlugin', true, array('cid' => $pluginId, 'action' => 'showtable', 'table' => 'merchandises', 'cbprevstate' => base64_encode($prevStateBase))), 'access' => array('cbsubs.merchandisemanage', 'com_cbsubs'), 'icon' => 'cbsubs-merchandise'), array('title' => CBTxt::Th('Donations'), 'link' => $_CB_framework->backendViewUrl('editPlugin', true, array('cid' => $pluginId, 'action' => 'showtable', 'table' => 'donations', 'cbprevstate' => base64_encode($prevStateBase))), 'access' => array('cbsubs.donationview', 'com_cbsubs'), 'icon' => 'cbsubs-donations'), array('title' => CBTxt::Th('Import'), 'link' => $_CB_framework->backendViewUrl('editPlugin', true, array('cid' => $pluginId, 'action' => 'import', 'cbprevstate' => base64_encode($prevStateBase))), 'access' => array(array('cbsubs.settings', 'cbsubs.recordpayments'), 'com_cbsubs'), 'icon' => 'cbsubs-import'), array('title' => CBTxt::Th('History Logs'), 'link' => $_CB_framework->backendViewUrl('editPlugin', true, array('cid' => $pluginId, 'action' => 'showtable', 'table' => 'history', 'cbprevstate' => base64_encode($prevStateBase))), 'access' => array(array('cbsubs.settings', 'cbsubs.gateways'), 'com_cbsubs'), 'icon' => 'cbsubs-history_logs'));
/**
* Returns an options array of available groups
*
* @param bool $raw
* @param array $excludeCategories
* @param array $excludeGroups
* @return array|\stdClass[]
*/
static public function getGroupOptions( $raw = false, $excludeCategories = array(), $excludeGroups = array() )
{
global $_CB_database;
if ( Application::Cms()->getClientId() ) {
$raw = false;
$excludeCategories = array();
$excludeGroups = array();
}
static $cache = array();
$userId = Application::MyUser()->getUserId();
if ( ! isset( $cache[$userId] ) ) {
$query = 'SELECT g.' . $_CB_database->NameQuote( 'id' ) . ' AS value'
. ', g.' . $_CB_database->NameQuote( 'name' ) . ' AS text'
. ', g.' . $_CB_database->NameQuote( 'category' )
. ', c.' . $_CB_database->NameQuote( 'name' ) . ' AS category_name'
. "\n FROM " . $_CB_database->NameQuote( '#__groupjive_groups' ) . " AS g"
. "\n LEFT JOIN " . $_CB_database->NameQuote( '#__groupjive_categories' ) . " AS c"
. ' ON c.' . $_CB_database->NameQuote( 'id' ) . ' = g.' . $_CB_database->NameQuote( 'category' );
if ( ( ! self::isModerator( $userId ) ) && ( ! Application::Cms()->getClientId() ) ) {
$query .= "\n LEFT JOIN " . $_CB_database->NameQuote( '#__groupjive_users' ) . " AS u"
. ' ON u.' . $_CB_database->NameQuote( 'group' ) . ' = g.' . $_CB_database->NameQuote( 'id' )
. ' AND u.' . $_CB_database->NameQuote( 'user_id' ) . ' = ' . (int) $userId
. ' AND u.' . $_CB_database->NameQuote( 'status' ) . ' >= 1'
. "\n WHERE c." . $_CB_database->NameQuote( 'published' ) . " = 1"
. "\n AND c." . $_CB_database->NameQuote( 'access' ) . " IN " . $_CB_database->safeArrayOfIntegers( self::getAccess( $userId ) )
. "\n AND ( g." . $_CB_database->NameQuote( 'user_id' ) . " = " . (int) $userId
. ' OR ( ( g.' . $_CB_database->NameQuote( 'published' ) . ' = 1 )'
. ' AND ( ( g.' . $_CB_database->NameQuote( 'type' ) . ' IN ( 1, 2 ) )'
. ' OR ( u.' . $_CB_database->NameQuote( 'id' ) . ' IS NOT NULL ) ) ) )'
. ( $excludeCategories ? "\n AND c." . $_CB_database->NameQuote( 'id' ) . " NOT IN " . $_CB_database->safeArrayOfIntegers( $excludeCategories ) : null )
. ( $excludeGroups ? "\n AND g." . $_CB_database->NameQuote( 'id' ) . " NOT IN " . $_CB_database->safeArrayOfIntegers( $excludeGroups ) : null );
} else {
$query .= ( $excludeCategories ? "\n WHERE c." . $_CB_database->NameQuote( 'id' ) . " NOT IN " . $_CB_database->safeArrayOfIntegers( $excludeCategories ) : null )
. ( $excludeGroups ? "\n " . ( $excludeCategories ? 'AND' : 'WHERE' ) . " g." . $_CB_database->NameQuote( 'id' ) . " NOT IN " . $_CB_database->safeArrayOfIntegers( $excludeGroups ) : null );
}
$query .= "\n ORDER BY c." . $_CB_database->NameQuote( 'ordering' ) . ", g." . $_CB_database->NameQuote( 'ordering' );
$_CB_database->setQuery( $query );
$cache[$userId] = $_CB_database->loadObjectList();
}
if ( $raw === true ) {
return $cache[$userId];
}
$optGroups = array();
$options = array();
foreach ( $cache[$userId] as $group ) {
$category = (int) $group->category;
if ( ! in_array( $category, $optGroups ) ) {
$options[] = \moscomprofilerHTML::makeOptGroup( ( $category ? CBTxt::T( $group->category_name ) : CBTxt::T( 'Uncategorized' ) ) );
$optGroups[] = $category;
}
$options[] = \moscomprofilerHTML::makeOption( (int) $group->value, CBTxt::T( $group->text ) );
}
return $options;
}
/**
* @param null|int $id
* @param UserTable $user
*/
private function saveInviteEdit( $id, $user )
{
global $_CB_framework, $_CB_database, $_PLUGINS;
$inviteLimit = (int) $this->params->get( 'invite_limit', null );
$cbModerator = Application::User( (int) $user->get( 'id' ) )->isGlobalModerator();
$row = new cbinvitesInviteTable();
$row->load( (int) $id );
$canAccess = false;
$inviteCount = 0;
if ( ! $row->get( 'id' ) ) {
if ( $cbModerator ) {
$canAccess = true;
} elseif ( $user->get( 'id' ) && Application::MyUser()->canViewAccessLevel( $this->params->get( 'invite_create_access', 2 ) ) ) {
if ( $inviteLimit ) {
$query = 'SELECT COUNT(*)'
. "\n FROM " . $_CB_database->NameQuote( '#__comprofiler_plugin_invites' )
. "\n WHERE " . $_CB_database->NameQuote( 'user_id' ) . " = " . (int) $user->get( 'id' )
. "\n AND ( " . $_CB_database->NameQuote( 'user' ) . " IS NULL OR " . $_CB_database->NameQuote( 'user' ) . " = " . $_CB_database->Quote( '' ) . " )";
$_CB_database->setQuery( $query );
$inviteCount = (int) $_CB_database->loadResult();
if ( $inviteCount < $inviteLimit ) {
$canAccess = true;
}
} else {
$canAccess = true;
}
}
} elseif ( $cbModerator || ( $row->get( 'user_id' ) == $user->get( 'id' ) ) ) {
$canAccess = true;
}
$profileUrl = $_CB_framework->userProfileUrl( $row->get( 'user_id', $user->get( 'id' ) ), false, 'cbinvitesTab' );
if ( $canAccess && ( ! $row->isAccepted() ) ) {
$toArray = explode( ',', $this->input( 'post/to', null, GetterInterface::STRING ) );
if ( ( ! $this->params->get( 'invite_multiple', 1 ) ) && ( ! $cbModerator ) && ( count( $toArray ) > 1 ) ) {
$this->showInviteEdit( $row->get( 'id' ), $user, CBTxt::T( 'Comma seperated lists are not supported! Please use a single To address.' ) ); return;
}
$sent = false;
if ( ! empty( $toArray ) ) {
foreach ( $toArray as $k => $to ) {
if ( $k != 0 ) {
$row->set( 'id', null );
$row->set( 'code', null );
}
$orgTo = $row->get( 'to' );
$row->set( 'to', $to );
$row->set( 'subject', $this->input( 'post/subject', $row->get( 'subject' ), GetterInterface::STRING ) );
if ( $this->params->get( 'invite_editor', 2 ) >= 2 ) {
$row->set( 'body', $this->input( 'post/body', $row->get( 'body' ), GetterInterface::HTML ) );
} else {
$row->set( 'body', $this->input( 'post/body', $row->get( 'body' ), GetterInterface::STRING ) );
}
$row->set( 'user_id', (int) $this->input( 'post/user_id', $row->get( 'user_id', $user->get( 'id' ) ), GetterInterface::INT ) );
if ( $cbModerator ) {
$row->set( 'user', (int) $this->input( 'post/user', $row->get( 'user' ), GetterInterface::INT ) );
}
if ( ! $row->get( 'code' ) ) {
$row->set( 'code', md5( uniqid() ) );
}
$new = ( $row->get( 'id' ) ? false : true );
if ( $new && $inviteLimit ) {
$inviteCount++;
if ( $inviteCount > $inviteLimit ) {
cbRedirect( $profileUrl, CBTxt::T( 'Invite limit reached!' ), 'error' );
}
}
if ( ! $row->get( 'user' ) ) {
$toUser = new UserTable();
$toUser->loadByEmail( $row->get( 'to' ) );
} else {
$toUser = CBuser::getUserDataInstance( (int) $row->get( 'user' ) );
}
if ( ! $row->get( 'to' ) ) {
$row->setError( CBTxt::T( 'To address not specified.' ) );
} elseif ( ! cbIsValidEmail( $row->get( 'to' ) ) ) {
$row->setError( CBTxt::T( 'INVITE_TO_ADDRESS_INVALID', 'To address not valid: [to_address]', array( '[to_address]' => $row->get( 'to' ) ) ) );
} elseif ( $toUser->id == $row->get( 'user_id' ) ) {
$row->setError( CBTxt::T( 'You can not invite your self.' ) );
} elseif ( $toUser->id && ( $row->get( 'to' ) != $orgTo ) ) {
$row->setError( CBTxt::T( 'To address is already a user.' ) );
} elseif ( ( ! $this->params->get( 'invite_duplicate', 0 ) ) && ( ! $cbModerator ) && $row->isDuplicate() ) {
$row->setError( CBTxt::T( 'To address is already invited.' ) );
} elseif ( $this->params->get( 'invite_captcha', 0 ) && ( ! $row->get( 'id' ) ) && ( $k == 0 ) && ( ! $cbModerator ) ) {
$_PLUGINS->loadPluginGroup( 'user' );
$_PLUGINS->trigger( 'onCheckCaptchaHtmlElements', array() );
if ( $_PLUGINS->is_errors() ) {
$row->setError( CBTxt::T( $_PLUGINS->getErrorMSG() ) );
}
}
$_PLUGINS->trigger( 'invites_onBeforeInvite', array( &$row, $user ) );
if ( $row->getError() || ( ! $row->store() ) ) {
$this->showInviteEdit( $row->get( 'id' ), $user, CBTxt::T( 'INVITE_FAILED_SAVE_ERROR', 'Invite failed to save! Error: [error]', array( '[error]' => $row->getError() ) ) ); return;
}
if ( ( $new || ( ! $row->isSent() ) ) && ( ! $toUser->id ) ) {
if ( ! $row->send() ) {
$this->showInviteEdit( $row->get( 'id' ), $user, CBTxt::T( 'INVITE_FAILED_SEND_ERROR', 'Invite failed to send! Error: [error]', array( '[error]' => $row->getError() ) ) ); return;
} else {
$sent = true;
}
}
$_PLUGINS->trigger( 'invites_onAfterInvite', array( $row, $sent, $user ) );
}
cbRedirect( $profileUrl, ( $sent ? CBTxt::T( 'Invite sent successfully!' ) : CBTxt::T( 'Invite saved successfully!' ) ) );
} else {
$this->showInviteEdit( $row->get( 'id' ), $user, CBTxt::T( 'To address not specified.' ) ); return;
}
} else {
cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' );
}
}
/**
* Checks if operation is allowed, and exits to previous page if not, as it should not be possible at all.
*
* @since 1.8
*
* @param string $actions Action to perform: core.admin, core.manage, core.create, core.delete, core.edit, core.edit.state, core.edit.own, ...
* @param array|int $cid Plugin-id
* @param string $assetname OPTIONAL: asset name e.g. com_comprofiler.plugin.$pluginId
* @return void
*/
function checkCanAdminPlugins($actions, $cid = null, $assetname = 'com_comprofiler')
{
$allowed = false;
foreach ((array) $actions as $action) {
$allowed = Application::MyUser()->isAuthorizedToPerformActionOnAsset($action, $assetname);
if ($allowed) {
break;
}
}
if (!$allowed) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Operation not allowed by the Permissions of your group(s).')) . "'); window.history.go(-1); </script>\n";
exit;
}
}
/**
* @deprecated 2.0 We need to add that Config allowModeratorsUserEdit as param when we remove its use.
* Current uses are only: cbCheckIfUserCanPerformUserTask( $user->id, 'allowModeratorsUserEdit' )
*
* @param int $user_id
* @param string $action
* @return boolean|null|string
*/
public function get_user_permission_task($user_id, $action)
{
global $_CB_framework, $_PLUGINS, $ueConfig;
if ($user_id == 0) {
$user_id = $_CB_framework->myId();
} else {
$user_id = (int) $user_id;
}
if ($user_id == 0) {
$ret = false;
} elseif ($user_id == $_CB_framework->myId()) {
$ret = null;
} else {
if (!isset($ueConfig[$action]) || $ueConfig[$action] == 0) {
$ret = CBTxt::Th('UE_FUNCTIONALITY_DISABLED', 'This functionality is currently disabled.');
} elseif ($ueConfig[$action] == 1) {
$isModerator = Application::MyUser()->isGlobalModerator();
if (!$isModerator) {
$ret = false;
} else {
$isModerator_user = Application::User((int) $user_id)->isGlobalModerator();
if ($isModerator_user) {
/** @noinspection PhpDeprecationInspection */
$ret = $this->get_users_permission(array($user_id), 'edit', true);
} else {
$ret = null;
}
}
} elseif ($ueConfig[$action] > 1) {
// 8: super admins only
// 7: admins and super admins only
if (Application::MyUser()->isSuperAdmin()) {
$ret = null;
} elseif ($ueConfig[$action] != 7) {
$ret = false;
} else {
// Admins and Super-admins:
if (Application::MyUser()->isAuthorizedToPerformActionOnAsset('core.manage', 'com_users') && Application::MyUser()->isAuthorizedToPerformActionOnAsset('core.edit', 'com_users')) {
$ret = null;
} else {
$ret = false;
}
}
} else {
$ret = false;
}
}
if ($ret === false) {
$ret = CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!');
if ($_CB_framework->myId() < 1) {
$ret .= '<br />' . CBTxt::Th('UE_DO_LOGIN', 'You need to log in.');
}
}
if ($_PLUGINS) {
$_PLUGINS->trigger('onUserPermissionTask', array($user_id, $action, &$ret));
}
return $ret;
}
/**
* Loads all the bot files for a particular group (if group not already loaded)
*
* @param string $group The group name, relates to the sub-directory in the plugins directory
* @param mixed $ids array of int : ids of plugins to load. OR: string : name of element (OR new in CB 1.2.2: string if ends with a ".": elements starting with "string.")
* @param int $publishedStatus if 1 (DEFAULT): load only published plugins, if 0: load all plugins including unpublished ones
* @return boolean TRUE: load done, FALSE: no plugin loaded
*/
public function loadPluginGroup($group, $ids = null, $publishedStatus = 1)
{
global $_CB_framework, $_CB_database;
static $dbCache = null;
$this->_iserror = false;
$group = trim($group);
if ($group && !isset($this->_pluginGroups[$group]) || !$this->all_in_array_key($ids, $this->_plugins)) {
$cmsAccess = Application::MyUser()->getAuthorisedViewLevels();
$cmsAccessCleaned = implode(',', cbArrayToInts($cmsAccess));
if (!isset($dbCache[$publishedStatus][$cmsAccessCleaned][$group])) {
$where = array();
if ($publishedStatus == 1) {
$where[0] = $_CB_database->NameQuote('published') . ' = 1';
} else {
$where[0] = $_CB_database->NameQuote('published') . ' >= ' . (int) $publishedStatus;
}
$where[1] = $_CB_database->NameQuote('viewaccesslevel') . ' IN (' . $cmsAccessCleaned . ')';
if ($group) {
$where[2] = $_CB_database->NameQuote('type') . ' = ' . $_CB_database->Quote(trim($group));
}
$queryFunction = function ($where) use($_CB_database) {
return 'SELECT *' . ', CONCAT_WS( "/", ' . $_CB_database->NameQuote('folder') . ', ' . $_CB_database->NameQuote('element') . ' ) AS lookup' . "\n FROM " . $_CB_database->NameQuote('#__comprofiler_plugin') . "\n WHERE " . implode("\n AND ", $where) . "\n ORDER BY " . $_CB_database->NameQuote('ordering');
};
$query = $queryFunction($where);
$_CB_database->setQuery($query);
try {
$plugins = $_CB_database->loadObjectList('id', '\\CB\\Database\\Table\\PluginTable', array(&$_CB_database));
} catch (\RuntimeException $e) {
try {
$cmsAccessOld = array();
foreach ($cmsAccess as $level) {
$cmsAccessOld[] = $level > 3 ? $level : $level - 1;
}
$where[1] = $_CB_database->NameQuote('access') . ' IN ' . $_CB_database->safeArrayOfIntegers($cmsAccessOld);
$query = $queryFunction($where);
$_CB_database->setQuery($query);
$plugins = $_CB_database->loadObjectList('id', '\\CB\\Database\\Table\\PluginTable', array(&$_CB_database));
$_CB_framework->enqueueMessage(CBTxt::T('CB_PLUGINS_DATABASE_NOT_UPGRADED', 'CB Plugins database not upgraded.') . ' ' . CBTxt::T('CB_DATABASE_PLEASE_CHECK_WITH_INSTRUCTIONS', 'Please check and fix CB database in administration area in Components / Community Builder / Tools / Check Community Builder Database.') . (Application::MyUser()->isSuperAdmin() ? '<br />SQL Error (visible to super-admins only): ' . $e->getMessage() : ''), $_CB_framework->getUi() == 2 ? 'warning' : 'notice');
} catch (\RuntimeException $e) {
$_CB_framework->enqueueMessage(CBTxt::T('CB_PLUGINS_DATABASE_ERROR', 'CB Plugins database error.') . ' ' . CBTxt::T('CB_DATABASE_PLEASE_CHECK_WITH_INSTRUCTIONS', 'Please check and fix CB database in administration area in Components / Community Builder / Tools / Check Community Builder Database.') . (Application::MyUser()->isSuperAdmin() ? '<br />SQL Error (visible to super-admins only): ' . $e->getMessage() : ''), 'error');
$dbCache[$publishedStatus][$cmsAccessCleaned][$group] = array();
return false;
}
}
if ($_CB_database->getErrorNum()) {
$dbCache[$publishedStatus][$cmsAccessCleaned][$group] = null;
return false;
} else {
$dbCache[$publishedStatus][$cmsAccessCleaned][$group] = $plugins;
}
}
if (count($ids) == 0) {
$ids = null;
}
$plugins = $dbCache[$publishedStatus][$cmsAccessCleaned][$group];
if ($plugins) {
foreach ($plugins as $plugin) {
if ($ids === null || (is_array($ids) ? in_array($plugin->id, $ids) : (substr($ids, strlen($ids) - 1, 1) == '.' ? substr($plugin->element, 0, strlen($ids)) == $ids : $plugin->element == $ids))) {
if (!isset($this->_plugins[$plugin->id]) && $this->_checkPluginFile($plugin)) {
$this->_plugins[$plugin->id] = $plugin;
if (!isset($this->_pluginGroups[$plugin->type][$plugin->id])) {
$this->_pluginGroups[$plugin->type][$plugin->id] =& $this->_plugins[$plugin->id];
}
$this->_loadPluginFile($plugin);
}
}
}
} else {
return false;
}
}
return true;
}
/**
* @param int[] $paging
* @param string $where
* @param UserTable $viewer
* @param UserTable $user
* @param PluginTable $plugin
* @return cbconsultationsconsultationTable[]
*/
static public function getconsultations( $paging, $where, $viewer, $user, /** @noinspection PhpUnusedParameterInspection */ $plugin )
{
global $_CB_database;
$categories = cbconsultationsModel::getCategoriesList( true );
$consultations = array();
if ( $categories ) {
$query = 'SELECT a.*'
. ', a.' . $_CB_database->NameQuote( 'created_by' ) . ' AS user'
. ', a.' . $_CB_database->NameQuote( 'introtext' ) . ' AS consultation_intro'
. ', a.' . $_CB_database->NameQuote( 'fulltext' ) . ' AS consultation_full'
. ', b.' . $_CB_database->NameQuote( 'name' ) . ' AS category'
. ', b.' . $_CB_database->NameQuote( 'published' ) . ' AS category_published'
. ', b.' . $_CB_database->NameQuote( 'alias' ) . ' AS category_alias'
. "\n FROM " . $_CB_database->NameQuote( '#__k2_items' ) . " AS a"
. "\n LEFT JOIN " . $_CB_database->NameQuote( '#__k2_categories' ) . " AS b"
. ' ON b.' . $_CB_database->NameQuote( 'id' ) . ' = a.' . $_CB_database->NameQuote( 'catid' )
. "\n LEFT JOIN " . $_CB_database->NameQuote( '#__users' ) . " AS c"
. ' ON c.' . $_CB_database->NameQuote( 'id' ) . ' = a.' . $_CB_database->NameQuote( 'created_by' )
. "\n WHERE a." . $_CB_database->NameQuote( 'catid' ) . " IN ( " . implode( ',', $categories ) . " )"
. "\n AND a." . $_CB_database->NameQuote( 'created_by' ) . " = " . (int) $user->get( 'id' )
. ( ( $viewer->get( 'id' ) != $user->get( 'id' ) ) && ( ! Application::User( (int) $viewer->get( 'id' ) )->isGlobalModerator() ) ? "\n AND a." . $_CB_database->NameQuote( 'published' ) . " = 1" : null )
. "\n AND a." . $_CB_database->NameQuote( 'access' ) . " IN " . $_CB_database->safeArrayOfIntegers( Application::MyUser()->getAuthorisedViewLevels() )
. $where
. "\n ORDER BY a." . $_CB_database->NameQuote( 'created' ) . " DESC";
if ( $paging ) {
$_CB_database->setQuery( $query, $paging[0], $paging[1] );
} else {
$_CB_database->setQuery( $query );
}
$consultations = $_CB_database->loadObjectList( null, 'cbconsultationsconsultationTable', array( $_CB_database ) );
}
return $consultations;
}
/**
* @param \CB\Database\Table\UserTable $user
*/
public function prepareStatus($user)
{
global $_CB_framework;
$this->ui = $_CB_framework->getUi();
$this->cbUserIsModerator = Application::User((int) $user->id)->isGlobalModerator();
$this->cbMyIsModerator = Application::MyUser()->isModeratorFor(Application::User((int) $user->id));
$params = $this->params;
switch ($params->get('statusFormat', 'menuList')) {
case 'menuBar':
$this->menuList = new cbMenuBar(1);
break;
case 'menuUL':
$this->menuList = new cbMenuUL(1);
break;
case 'menuDivs':
$this->menuList = new cbMenuDivs(1);
break;
case 'menuList':
default:
$this->menuList = new cbMenuList(1);
break;
}
$this->menuList->outputScripts(1);
}
/**
* Gets the FieldTable's corresponding to $tabid (and $reason if not $fullAccess)
*
* @param int $tabId
* @param UserTable $user
* @param string $reason
* @param int|string $fieldIdOrName
* @param boolean $prefetchFields
* @param boolean $fullAccess
* @return FieldTable[]
*/
public function _getTabFieldsDb($tabId, $user, $reason, $fieldIdOrName = null, $prefetchFields = true, $fullAccess = false)
{
static $preFetched = array();
static $fieldsByName = array();
$fields = array();
$preIdx = $fullAccess ? 'full' : $reason;
if (!$prefetchFields || !isset($preFetched[$preIdx])) {
global $_CB_framework, $_CB_database, $ueConfig;
$where = array();
$ordering = array();
if ($fieldIdOrName && !$prefetchFields) {
if (is_int($fieldIdOrName)) {
$where[] = 'f.fieldid = ' . (int) $fieldIdOrName;
} else {
$where[] = 'f.name = ' . $_CB_database->Quote($fieldIdOrName);
}
}
if ($reason == 'list' && in_array($ueConfig['name_format'], array(1, 2, 4))) {
$where[] = "( f.published = 1 OR f.name = 'name' )";
} elseif ($reason != 'adminfulllist') {
$where[] = 'f.published = 1';
}
if (!$fullAccess) {
switch ($reason) {
case 'edit':
if ($_CB_framework->getUi() == 1) {
$where[] = 'f.edit > 0';
}
break;
case 'profile':
$where[] = 'f.profile > 0';
break;
case 'list':
$where[] = "( f.profile > 0 OR f.name = 'username'" . (in_array($ueConfig['name_format'], array(1, 2, 4)) ? " OR f.name = 'name'" : '') . ')';
break;
case 'register':
$where[] = 'f.registration > 0';
break;
case 'adminfulllist':
default:
break;
}
if ($tabId && !$prefetchFields) {
$where[] = 'f.tabid = ' . (int) $tabId;
} else {
if ($reason != 'adminfulllist') {
$where[] = 't.enabled = 1';
}
if ($reason != 'register' && !($_CB_framework->getUi() == 2 && Application::MyUser()->isSuperAdmin())) {
$where[] = 't.viewaccesslevel IN ' . $_CB_database->safeArrayOfIntegers(Application::MyUser()->getAuthorisedViewLevels());
}
}
if (($reason == 'profile' || $reason == 'list') && $ueConfig['allow_email_display'] == 0 && $reason != 'adminfulllist') {
$where[] = 'f.type != ' . $_CB_database->Quote('emailaddress');
}
}
if (!$tabId || $prefetchFields) {
if ($reason == 'register') {
$ordering[] = 't.ordering_register';
}
$ordering[] = 't.position';
$ordering[] = 't.ordering';
}
$ordering[] = 'f.ordering';
$sql = 'SELECT f.*';
if ($reason == 'register') {
$sql .= ', t.ordering_register AS tab_ordering_register, t.position AS tab_position, t.ordering AS tab_ordering';
}
$sql .= ' FROM #__comprofiler_fields f';
if (!$tabId || $prefetchFields) {
// don't get fields which are not assigned to tabs:
$sql .= "\n INNER JOIN #__comprofiler_tabs AS t ON (f.tabid = t.tabid)";
}
$sql .= ($where ? "\n WHERE " . implode(' AND ', $where) : '') . "\n ORDER BY " . implode(', ', $ordering);
$_CB_database->setQuery($sql);
$fields = $_CB_database->loadObjectList(null, '\\CB\\Database\\Table\\FieldTable', array());
if (!$_CB_database->getErrorNum()) {
for ($i = 0, $n = count($fields); $i < $n; $i++) {
$fields[$i]->params = new Registry($fields[$i]->params);
if ($prefetchFields) {
$fieldsByName[$preIdx][strtolower($fields[$i]->name)] = $fields[$i];
$preFetched[$preIdx][(int) $fields[$i]->tabid][(int) $fields[$i]->fieldid] = $fields[$i];
}
}
}
}
if (isset($preFetched[$preIdx])) {
if ($tabId) {
if (isset($preFetched[$preIdx][(int) $tabId])) {
$fields = $preFetched[$preIdx][(int) $tabId];
} else {
$fields = array();
}
} elseif ($fieldIdOrName) {
if (is_int($fieldIdOrName)) {
$fields = array();
foreach (array_keys($preFetched[$preIdx]) as $k) {
if (isset($preFetched[$preIdx][$k][$fieldIdOrName])) {
$fields[] = $preFetched[$preIdx][$k][$fieldIdOrName];
break;
}
}
} elseif (isset($fieldsByName[$preIdx][strtolower($fieldIdOrName)])) {
$fields = array($fieldsByName[$preIdx][strtolower($fieldIdOrName)]);
} else {
$fields = array();
}
} else {
$fields = array();
foreach ($preFetched[$preIdx] as $flds) {
// $fields = array_merge( $fields, $flds );
foreach ($flds as $fl) {
$fields[$fl->fieldid] = $fl;
}
}
}
}
// THIS is VERY experimental, and not yet part of CB API !!! :
global $_PLUGINS;
$_PLUGINS->loadPluginGroup('user');
$_PLUGINS->trigger('onAfterFieldsFetch', array(&$fields, &$user, $reason, $tabId, $fieldIdOrName, $fullAccess));
return $fields;
}
/**
* @param string $source
* @param null|UserTable $user
* @param int $direction
* @return Comments|null
*/
public function replies( $source = 'stream', $user = null, $direction = 1 )
{
$params = $this->params()->subTree( 'replies' );
if ( ! $params->get( 'display', 1 ) ) {
return null;
}
/** @var Comments[] $cache */
static $cache = array();
$id = md5( $this->get( 'id' ) . $source . ( $user ? $user->get( 'id' ) : null ) . $direction . Application::MyUser()->getUserId() );
if ( ! isset( $cache[$id] ) ) {
$stream = new Comments( $source, $user, $direction );
$stream->set( 'type', 'comment' );
$stream->set( 'item', (int) $this->get( 'id' ) );
$object = array( 'source' => 'comment',
'id' => (int) $this->get( 'id' ),
'user_id' => (int) $this->get( 'user_id' ),
'type' => $this->get( 'type' ),
'subtype' => $this->get( 'subtype' ),
'item' => $this->get( 'item' ),
'parent' => $this->get( 'parent' )
);
$stream->set( 'object', $object );
$cache[$id] = $stream;
}
return $cache[$id];
}
/**
* Evaluate [cb:if ...]
*
* @access private (public because it's recursively calling itself in the preg_replace_callback function at bottom)
*
* @param string|array $input
* @param array $extraStrings
* @return string
*/
public function _evaluateIfs($input, $extraStrings = array())
{
// $regex = "#\[if ([^\]]+)\](.*?)\[/if\]#s";
// $regex = '#\[indent]((?:[^[]|\[(?!/?indent])|(?R))+)\[/indent]#s';
$regex = '#\\[cb:if(?: +user="******"/\\[\\] ]+)")?( +[^\\]]+)\\]((?:[^\\[]|\\[(?!/?cb:if[^\\]]*])|(?R))+)\\[/cb:if]#';
$that = $this;
return preg_replace_callback($regex, function (array $matches) use($extraStrings, $that) {
$regex2 = '# +(?:(&&|and|\\|\\||or|) +)?([^=<!>~ ]+) *(=|<|>|>=|<=|<>|!=|=~|!~| includes |!includes ) *"([^"]*)"#';
$conditions = null;
if (preg_match_all($regex2, $matches[2], $conditions)) {
$user = $that->_evaluateUserAttrib($matches[1]);
$resultsIdx = 0;
$results = array($resultsIdx => true);
for ($i = 0, $n = count($conditions[0]); $i < $n; $i++) {
$operator = $conditions[1][$i];
$field = $conditions[2][$i];
$compare = $conditions[3][$i];
$value = $conditions[4][$i];
if ($field === 'viewaccesslevel') {
$var = Application::User((int) $user->getUserData()->get('id'))->getAuthorisedViewLevels();
} elseif ($field === 'usergroup') {
$var = Application::User((int) $user->getUserData()->get('id'))->getAuthorisedGroups();
} elseif ($field === 'application_context') {
$var = Application::Cms()->getClientId() ? 'administrator' : 'frontend';
} elseif ($field === 'language_code') {
list($var) = explode('-', Application::Cms()->getLanguageTag());
} elseif ($field === 'language_tag') {
$var = Application::Cms()->getLanguageTag();
} elseif ($field) {
if (isset($extraStrings[$field])) {
$var = $extraStrings[$field];
} else {
$var = $user->getField($field, null, 'php', 'none', 'profile', 0, true);
// allow accessing all fields in the if
if (is_array($var)) {
$var = array_shift($var);
} elseif (isset($user->_cbuser->{$field})) {
// fall-back to the record if it exists:
$var = $user->_cbuser->get($field);
} else {
$fieldLower = strtolower($field);
if (isset($user->_cbuser->{$fieldLower})) {
// second fall-back to the record if it exists:
$var = $user->_cbuser->get($fieldLower);
} else {
$var = null;
}
}
}
} else {
$var = null;
}
// When using an includes or !includes operator ensure the value stays an array if it is an array:
if (is_array($var) && !in_array($compare, array(' includes ', '!includes '))) {
$var = implode('|*|', $var);
}
// Ensure user id is always an integer:
if (in_array($field, array('id', 'user_id'))) {
$var = (int) $var;
}
if ($field == 'user_id' && $value == 'myid') {
$value = (int) Application::MyUser()->getUserId();
}
switch ($compare) {
case '=':
$r = $var == $value;
break;
case '<':
$r = $var < $value;
break;
case '>':
$r = $var > $value;
break;
case '>=':
$r = $var >= $value;
break;
case '<=':
$r = $var <= $value;
break;
case '<>':
case '!=':
$r = $var != $value;
break;
case '=~':
case '!~':
$ma = @preg_match($value, $var);
$r = $compare == '=~' ? $ma === 1 : $ma == 0;
if ($ma === false) {
// error in regexp itself:
global $_CB_framework;
if ($_CB_framework->getCfg('debug') > 0) {
echo sprintf(CBTxt::T("CB Regexp Error %s in expression %s"), !is_callable('preg_last_error') ? '' : preg_last_error(), htmlspecialchars($value));
}
}
break;
case ' includes ':
// [cb:if viewaccesslevel includes "1"] or [cb:if multicheckboxfield includes "choice2"]
$r = in_array($value, (array) $var);
break;
case '!includes ':
// [cb:if viewaccesslevel !includes "3"] or [cb:if multicheckboxfield !includes "choice2"]
$r = !in_array($value, (array) $var);
break;
default:
return CBTxt::T('UNDEFINED_IF_COMPARISON_OPERATOR_OPERATOR', 'Undefined [cb:if ...] comparison operator [OPERATOR] !', array('[OPERATOR]' => $compare));
}
if (in_array($operator, array('or', '||'))) {
$resultsIdx++;
$results[++$resultsIdx] = true;
}
// combine and:
$results[$resultsIdx] = $results[$resultsIdx] && $r;
}
// combine or:
$r = false;
foreach ($results as $rr) {
$r = $r || $rr;
}
return $r ? $matches[3] : '';
} else {
return '';
}
}, $input);
}
/**
* Retrieves comment stream data rows or row count
*
* @param bool $count
* @param array $where
* @param array $join
* @return CommentTable[]|int
*/
public function data( $count = false, $where = array(), $join = array() )
{
global $_CB_database, $_PLUGINS;
static $cache = array();
$whereCache = $where;
$joinCache = $join;
if ( $count ) {
$select = 'COUNT( a.' . $_CB_database->NameQuote( 'id' ) . ' )';
} else {
$select = 'a.*';
}
$_PLUGINS->trigger( 'activity_onQueryComments', array( $count, &$select, &$where, &$join, &$this ) );
$query = 'SELECT ' . $select
. "\n FROM " . $_CB_database->NameQuote( '#__comprofiler_plugin_activity_comments' ) . " AS a"
. "\n LEFT JOIN " . $_CB_database->NameQuote( '#__comprofiler_plugin_activity_hidden' ) . " AS b"
. ' ON b.' . $_CB_database->NameQuote( 'type' ) . ' = ' . $_CB_database->Quote( 'comment' )
. ' AND b.' . $_CB_database->NameQuote( 'item' ) . ' = a.' . $_CB_database->NameQuote( 'id' );
if ( $this->source != 'hidden' ) {
$query .= ' AND b.' . $_CB_database->NameQuote( 'user_id' ) . ' = ' . (int) Application::MyUser()->getUserId();
}
$query .= "\n LEFT JOIN " . $_CB_database->NameQuote( '#__comprofiler' ) . " AS c"
. ' ON c.' . $_CB_database->NameQuote( 'id' ) . ' = a.' . $_CB_database->NameQuote( 'user_id' )
. "\n LEFT JOIN " . $_CB_database->NameQuote( '#__users' ) . " AS d"
. ' ON d.' . $_CB_database->NameQuote( 'id' ) . ' = c.' . $_CB_database->NameQuote( 'id' )
. ( $join ? "\n " . implode( "\n ", $join ) : null );
if ( $this->source == 'hidden' ) {
$query .= "\n WHERE b." . $_CB_database->NameQuote( 'id' ) . " IS NOT NULL"
. "\n AND b." . $_CB_database->NameQuote( 'user_id' ) . " = " . (int) Application::MyUser()->getUserId();
} else {
$query .= "\n WHERE b." . $_CB_database->NameQuote( 'id' ) . " IS NULL";
}
$query .= "\n AND c." . $_CB_database->NameQuote( 'approved' ) . " = 1"
. "\n AND c." . $_CB_database->NameQuote( 'confirmed' ) . " = 1"
. "\n AND d." . $_CB_database->NameQuote( 'block' ) . " = 0";
if ( $this->get( 'id' ) ) {
$query .= "\n AND a." . $_CB_database->NameQuote( 'id' ) . " = " . (int) $this->get( 'id', null, GetterInterface::INT );
}
if ( $this->get( 'type' ) ) {
$query .= "\n AND a." . $_CB_database->NameQuote( 'type' ) . " = " . $_CB_database->Quote( $this->get( 'type', null, GetterInterface::STRING ) );
}
if ( $this->get( 'subtype' ) ) {
$query .= "\n AND a." . $_CB_database->NameQuote( 'subtype' ) . " = " . $_CB_database->Quote( $this->get( 'subtype', null, GetterInterface::STRING ) );
}
if ( $this->get( 'item' ) ) {
$query .= "\n AND a." . $_CB_database->NameQuote( 'item' ) . " = " . $_CB_database->Quote( $this->get( 'item', null, GetterInterface::STRING ) );
}
if ( $this->get( 'parent' ) ) {
$query .= "\n AND a." . $_CB_database->NameQuote( 'parent' ) . " = " . $_CB_database->Quote( $this->get( 'parent', null, GetterInterface::STRING ) );
}
if ( $this->get( 'filter' ) ) {
$query .= "\n AND a." . $_CB_database->NameQuote( 'message' ) . " LIKE " . $_CB_database->Quote( '%' . $_CB_database->getEscaped( $this->get( 'filter', null, GetterInterface::STRING ), true ) . '%', false );
}
$query .= ( $where ? "\n AND " . implode( "\n AND ", $where ) : null )
. ( ! $count ? "\n ORDER BY a." . $_CB_database->NameQuote( 'date' ) . " DESC" : null );
$cacheId = md5( $query . ( $count ? 'count' : (int) $this->get( 'limitstart', null, GetterInterface::INT ) . (int) $this->get( 'limit', null, GetterInterface::INT ) ) );
if ( ( ! isset( $cache[$cacheId] ) ) || ( ( $count && $this->resetCount ) || $this->resetSelect ) ) {
if ( $count ) {
$this->resetCount = false;
$_CB_database->setQuery( $query );
$cache[$cacheId] = (int) $_CB_database->loadResult();
} else {
$this->resetSelect = false;
if ( $this->get( 'limit' ) ) {
$_CB_database->setQuery( $query, (int) $this->get( 'limitstart', null, GetterInterface::INT ), (int) $this->get( 'limit', null, GetterInterface::INT ) );
} else {
$_CB_database->setQuery( $query );
}
$rows = $_CB_database->loadObjectList( null, '\CB\Plugin\Activity\Table\CommentTable', array( $_CB_database ) );
$rowsCount = count( $rows );
$_PLUGINS->trigger( 'activity_onLoadComments', array( &$rows, $this ) );
if ( $this->get( 'limit' ) && $rowsCount && ( ! count( $rows ) ) ) {
$directionCache = $this->direction;
$this->direction = 0;
$this->set( 'limitstart', ( (int) $this->get( 'limitstart', null, GetterInterface::INT ) + (int) $this->get( 'limit', null, GetterInterface::INT ) ) );
$cache[$cacheId] = $this->data( $whereCache, $joinCache );
$this->direction = $directionCache;
} else {
$cache[$cacheId] = $rows;
}
}
}
$rows = $cache[$cacheId];
if ( $this->direction && ( ! $count ) ) {
$rows = array_reverse( $rows );
}
return $rows;
}
/**
* Returns the number of items in this folder
*
* @return int
*/
public function countItems()
{
global $_CB_database;
static $cache = array();
$id = $this->get( 'id' );
$userId = Application::MyUser()->getUserId();
if ( ! isset( $cache[$id][$userId] ) ) {
$query = 'SELECT COUNT(*)'
. "\n FROM " . $_CB_database->NameQuote( '#__comprofiler_plugin_gallery_items' )
. "\n WHERE " . $_CB_database->NameQuote( 'type' ) . " = " . $_CB_database->Quote( $this->get( 'type' ) )
. "\n AND " . $_CB_database->NameQuote( 'user_id' ) . " = " . (int) $this->get( 'user_id' )
. "\n AND " . $_CB_database->NameQuote( 'folder' ) . " = " . (int) $id
. ( ( ( $userId != (int) $this->get( 'user_id' ) ) && ( ! Application::User( $userId )->isGlobalModerator() ) ) ? "\n AND " . $_CB_database->NameQuote( 'published' ) . " = 1" : null );
$_CB_database->setQuery( $query );
$cache[$id][$userId] = (int) $_CB_database->loadResult();
}
return $cache[$id][$userId];
}
/**
* Loads all (published) plans from database in a way which is ordered as a tree
*
* Avoid using this function, prefer the new getPublishedPlan()
*
* @param UserTable|null $user ( or NULL: means all plans)
* @param boolean $published TRUE if to load only published plans
* @param string $forCause specific cause (in addition of $published = TRUE): 'any', 'registration' or 'upgrade', 'auto' (automatically 'registration' or 'upgrade' depending on $user existing and logged-in or not, if $user = null 'any')
* @param int|null $owner plan owner (seller), 0 = System, NULL = any
* @return cbpaidProduct[] Products
* @todo Remove returned reference & after CBSubs 4.0.x releases, as integration plugins do use =&
*/
public function &loadPublishedPlans($user, $published, $forCause, $owner)
{
global $_CB_framework;
if ($forCause == 'auto') {
$forCause = $user ? $user->id ? 'upgrade' : 'registration' : 'any';
}
static $_plans = array();
if (is_object($user)) {
$gids = (array) $user->gids;
} elseif ($user === null || $user === 0) {
// === 0 is by backwards compatibility for when doing an update and cbsubs.content_access.php is from provious version
$gids = array();
} else {
trigger_error('loadPublishedPlans: user is not object or null.', E_USER_NOTICE);
$emptyArray = array();
return $emptyArray;
}
$pIdx = 'P' . implode('-', $gids);
if (!isset($_plans[$pIdx][$published][$forCause])) {
$sql = "SELECT a.* FROM `" . $this->_tbl . "` AS a" . "\n LEFT JOIN `" . $this->_tbl . "` AS b ON b.`id` = a.`parent`";
$where = array();
if ($published) {
$where[] = "a.published = 1";
}
if ($forCause == 'registration') {
$where[] = "a.allow_newsubscriptions = 1";
$where[] = "a.allow_registration = 1";
if ($_CB_framework->getUi() == 1) {
$where[] = 'a.allow_frontend = 1';
}
} elseif ($forCause == 'upgrade') {
$where[] = "a.allow_newsubscriptions = 1";
$where[] = "a.allow_upgrade_to_this = 1";
if ($_CB_framework->getUi() == 1) {
$where[] = 'a.allow_frontend = 1';
}
}
if ($owner !== null) {
$where[] = "a.owner = " . (int) $owner;
}
if ($user) {
// Old groups-based access:
$where[] = "a.access IN (" . implode(',', $_CB_framework->acl->get_groups_below_me($user->id, true)) . ")";
}
// New view access levels:
$where[] = "a.viewaccesslevel IN " . $this->_db->safeArrayOfIntegers(Application::MyUser()->getAuthorisedViewLevels());
if (count($where) > 0) {
$sql .= "\n WHERE " . implode(" AND ", $where);
}
$sql .= "\n GROUP BY a.id";
$sql .= "\n ORDER BY IF( ISNULL( b.`ordering` ) , a.`ordering`, b.`ordering` ) ASC, IF( ISNULL( b.`ordering` ) , a.`ordering`, 11000 + a.`ordering` ) ASC";
$this->_db->setQuery($sql);
$_plans[$pIdx][$published][$forCause] = $this->_loadTrueObjects($this->_tbl_key);
if ($forCause == 'registration') {
foreach ($_plans[$pIdx][$published][$forCause] as $k => $v) {
/** @var $v cbpaidProduct */
if (!$v->isPlanAllowingRegistration()) {
unset($_plans[$pIdx][$published][$forCause][$k]);
}
}
} elseif ($forCause == 'upgrade') {
foreach ($_plans[$pIdx][$published][$forCause] as $k => $v) {
/** @var $v cbpaidProduct */
$resultTexts = array();
if (!$v->isPlanAllowingUpgradesToThis($user && isset($user->id) ? $user->id : null, $resultTexts)) {
unset($_plans[$pIdx][$published][$forCause][$k]);
}
}
}
}
return $_plans[$pIdx][$published][$forCause];
}
/**
* @param boolean $raw
* @return array
*/
static public function getCategoriesList( $raw = false )
{
global $_CB_database;
static $cache = null;
if ( ! isset( $cache ) ) {
$plugin = cbblogsClass::getPlugin();
$section = $plugin->params->get( 'blog_j_section', null );
if ( $section ) {
$query = 'SELECT cat.' . $_CB_database->NameQuote( 'id' ) . ' AS value'
. ", IF( cat." . $_CB_database->NameQuote( 'level' ) . " = ( sec." . $_CB_database->NameQuote( 'level' ) . " + 1 ), cat." . $_CB_database->NameQuote( 'title' ) . ", CONCAT( REPEAT( '- ', cat." . $_CB_database->NameQuote( 'level' ) . " - ( sec." . $_CB_database->NameQuote( 'level' ) . " + 1 ) ), cat." . $_CB_database->NameQuote( 'title' ) . " ) ) AS text"
. "\n FROM " . $_CB_database->NameQuote( '#__categories' ) . " AS cat"
. "\n LEFT JOIN " . $_CB_database->NameQuote( '#__categories' ) . " AS sec"
. ' ON sec.' . $_CB_database->NameQuote( 'id' ) . ' = ' . (int) $section
. "\n WHERE cat." . $_CB_database->NameQuote( 'lft' ) . " BETWEEN ( sec." . $_CB_database->NameQuote( 'lft' ) . " + 1 ) AND ( sec." . $_CB_database->NameQuote( 'rgt' ) . " - 1 )"
. "\n AND sec." . $_CB_database->NameQuote( 'access' ) . " IN " . $_CB_database->safeArrayOfIntegers( Application::MyUser()->getAuthorisedViewLevels() )
. "\n AND sec." . $_CB_database->NameQuote( 'extension' ) . " = " . $_CB_database->Quote( 'com_content' )
. "\n AND cat." . $_CB_database->NameQuote( 'published' ) . " = 1"
. "\n AND cat." . $_CB_database->NameQuote( 'access' ) . " IN " . $_CB_database->safeArrayOfIntegers( Application::MyUser()->getAuthorisedViewLevels() )
. "\n AND cat." . $_CB_database->NameQuote( 'extension' ) . " = " . $_CB_database->Quote( 'com_content' );
} else {
$query = 'SELECT ' . $_CB_database->NameQuote( 'id' ) . ' AS value'
. ", CONCAT( REPEAT( '- ', " . $_CB_database->NameQuote( 'level' ) . " ), " . $_CB_database->NameQuote( 'title' ) . " ) AS text"
. "\n FROM " . $_CB_database->NameQuote( '#__categories' )
. "\n WHERE " . $_CB_database->NameQuote( 'published' ) . " = 1"
. "\n AND " . $_CB_database->NameQuote( 'access' ) . " IN " . $_CB_database->safeArrayOfIntegers( Application::MyUser()->getAuthorisedViewLevels() )
. "\n AND " . $_CB_database->NameQuote( 'extension' ) . " = " . $_CB_database->Quote( 'com_content' );
}
$_CB_database->setQuery( $query );
$cache = $_CB_database->loadObjectList();
}
$rows = $cache;
if ( $rows ) {
if ( $raw === true ) {
$categories = array();
foreach ( $rows as $row ) {
$categories[] = (int) $row->value;
}
$rows = $categories;
}
} else {
$rows = array();
}
return $rows;
}
/**
* Check for authorization to perform an action on an asset.
*
* $action:
* Configure core.admin
* Access component core.manage
* Create core.create
* Delete core.delete
* Edit core.edit
* Edit State core.edit.state (e.g. block users and get CB/users administration mails)
* Edit Own core.edit.own
*
* Baskets:
* Pay: baskets.pay
* Record payment baskets.recordpayment
* Refund: baskets.refund
*
* $assetname:
* 'com_comprofiler.plugin.cbsubs' (default) : For all CBSubs aspects except user management
* '.plan.id' : For plan number id
* 'com_users' : For all user management aspects (except core.manage, left for deactivating core Joomla/Mambo User)
* null : For global super-user rights check: ( 'core.admin', null )
*
* @since 2.0
*
* @param string $action Action to perform: core.admin, core.manage, core.create, core.delete, core.edit, core.edit.state, core.edit.own, ...
* @param string $assetname OPTIONAL: asset name e.g. "com_comprofiler.plugin.$pluginId" or "com_users", or null for global rights
* @return boolean|null True: Authorized, False: Not Authorized, Null: Default (not authorized
*/
public static function authoriseAction($action, $assetname = 'com_cbsubs')
{
if (Application::MyUser()->isSuperAdmin()) {
// Super Admins have all rights:
return true;
}
// Others must be authorized:
if ($assetname && $assetname[0] == '.') {
$assetname = 'com_cbsubs' . $assetname;
}
return Application::MyUser()->isAuthorizedToPerformActionOnAsset($action, $assetname);
}
/**
* Renders record payment view
*
* @param int $paymentBasketId
* @return string
*/
public static function displayRecordPaymentForm($paymentBasketId)
{
// also called in the case of reload of invoicing address:
cbpaidApp::loadLang('admin');
$paymentRecorder = new self();
$exists = $paymentBasketId && $paymentRecorder->load((int) $paymentBasketId);
if ($exists) {
if ($paymentRecorder->authoriseAction('cbsubs.recordpayments')) {
$return = $paymentRecorder->renderRecordPaymentForm(Application::MyUser()->getUserId());
} else {
$return = CBPTXT::T("You are not authorized to record payments.");
}
} else {
$return = CBPTXT::T("Payment basket not found.");
}
return $return;
}
/**
* @param int[] $paging
* @param string $where
* @param UserTable $viewer
* @param UserTable $user
* @param PluginTable $plugin
* @return cbconsultationsconsultationTable[]
*/
static public function getconsultations( $paging, $where, $viewer, $user, /** @noinspection PhpUnusedParameterInspection */ $plugin )
{
global $_CB_database;
$query = 'SELECT a.*'
. "\n FROM " . $_CB_database->NameQuote( '#__comprofiler_plugin_consultations' ) . " AS a"
. "\n LEFT JOIN " . $_CB_database->NameQuote( '#__users' ) . " AS c"
. ' ON c.' . $_CB_database->NameQuote( 'id' ) . ' = a.' . $_CB_database->NameQuote( 'user' )
. "\n WHERE a." . $_CB_database->NameQuote( 'user' ) . " = " . (int) $user->get( 'id' )
. ( ( $viewer->get( 'id' ) != $user->get( 'id' ) ) && ( ! Application::User( (int) $viewer->get( 'id' ) )->isGlobalModerator() ) ? "\n AND a." . $_CB_database->NameQuote( 'published' ) . " = 1" : null )
. "\n AND a." . $_CB_database->NameQuote( 'access' ) . " IN " . $_CB_database->safeArrayOfIntegers( Application::MyUser()->getAuthorisedViewLevels() )
. $where
. "\n ORDER BY a." . $_CB_database->NameQuote( 'created' ) . " DESC";
if ( $paging ) {
$_CB_database->setQuery( $query, $paging[0], $paging[1] );
} else {
$_CB_database->setQuery( $query );
}
$consultations = $_CB_database->loadObjectList( null, 'cbconsultationsconsultationTable', array( $_CB_database ) );
return $consultations;
}
/**
* Validator:
* Validates $value for $field->required and other rules
* Override
*
* @param FieldTable $field
* @param UserTable $user RETURNED populated: touch only variables related to saving this field (also when not validating for showing re-edit)
* @param string $columnName Column to validate
* @param string $value (RETURNED:) Value to validate, Returned Modified if needed !
* @param array $postdata Typically $_POST (but not necessarily), filtering required.
* @param string $reason 'edit' for save user edit, 'register' for save registration
* @return boolean True if validate, $this->_setErrorMSG if False
*/
public function validate(&$field, &$user, $columnName, &$value, &$postdata, $reason)
{
if (Application::MyUser()->getUserId() != $user->get('id')) {
// Terms and Conditions should never be required to be accepted by a user other than the profile owner:
$field->set('required', 0);
}
return parent::validate($field, $user, $columnName, $value, $postdata, $reason);
}
/**
* Draws Users list (ECHO)
*
* @param int $userId
* @param int $listId
* @param array $postData
* @return void
*/
public function drawUsersList($userId, $listId, $postData)
{
global $_CB_database, $_PLUGINS;
$_PLUGINS->loadPluginGroup('user');
$searchData = cbGetParam($postData, 'search');
$limitstart = (int) cbGetParam($postData, 'limitstart');
$searchMode = (int) cbGetParam($postData, 'searchmode', 0);
$random = (int) cbGetParam($postData, 'rand', 0);
$cbUser = CBuser::getInstance((int) $userId, false);
$user = $cbUser->getUserData();
$search = null;
$input = array();
$publishedLists = array();
$query = 'SELECT *' . "\n FROM " . $_CB_database->NameQuote('#__comprofiler_lists') . "\n WHERE " . $_CB_database->NameQuote('published') . " = 1" . "\n AND " . $_CB_database->NameQuote('viewaccesslevel') . " IN " . $_CB_database->safeArrayOfIntegers(Application::MyUser()->getAuthorisedViewLevels()) . "\n ORDER BY " . $_CB_database->NameQuote('ordering');
$_CB_database->setQuery($query);
/** @var ListTable[] $userLists */
$userLists = $_CB_database->loadObjectList(null, '\\CB\\Database\\Table\\ListTable', array($_CB_database));
if ($userLists) {
foreach ($userLists as $userList) {
$publishedLists[] = moscomprofilerHTML::makeOption((int) $userList->listid, strip_tags($cbUser->replaceUserVars($userList->title, false, false)));
if (!$listId && $userList->default) {
$listId = (int) $userList->listid;
}
}
if (!$listId) {
$listId = (int) $userLists[0]->listid;
}
}
if (!$listId) {
echo CBTxt::Th('UE_NOLISTFOUND', 'There are no published user lists!');
return;
}
if ($userLists) {
$input['plists'] = moscomprofilerHTML::selectList($publishedLists, 'listid', 'class="form-control input-block" onchange="this.form.submit();"', 'value', 'text', (int) $listId, 1);
}
$row = self::getInstance((int) $listId);
if (!$row) {
echo CBTxt::Th('UE_LIST_DOES_NOT_EXIST', 'This list does not exist');
return;
}
if (!$cbUser->authoriseView('userslist', $row->listid)) {
echo CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!');
return;
}
$params = new Registry($row->params);
if ($params->get('hotlink_protection', 0) == 1) {
if ($searchData !== null || $limitstart) {
cbSpoofCheck('userslist', 'GET');
}
}
$limit = (int) $params->get('list_limit', 30);
if (!$limit) {
$limit = 30;
}
if ($params->get('list_paging', 1) != 1) {
$limitstart = 0;
}
$isModerator = Application::MyUser()->isGlobalModerator();
$_PLUGINS->trigger('onStartUsersList', array(&$listId, &$row, &$search, &$limitstart, &$limit));
// Prepare query variables:
$userGroupIds = explode('|*|', $row->usergroupids);
$orderBy = self::getSorting($listId, $userId, $random);
$filterBy = self::getFiltering($listId, $userId);
$columns = self::getColumns($listId, $userId);
// Grab all the fields the $user can access:
$tabs = new cbTabs(0, 1);
$fields = $tabs->_getTabFieldsDb(null, $user, 'list');
// Build the field SQL:
$tableReferences = array('#__comprofiler' => 'ue', '#__users' => 'u');
$searchableFields = array();
$fieldsSQL = cbUsersList::getFieldsSQL($columns, $fields, $tableReferences, $searchableFields, $params);
$_PLUGINS->trigger('onAfterUsersListFieldsSql', array(&$columns, &$fields, &$tableReferences));
// Build the internal joins and where statements best off list parameters:
$tablesSQL = array();
$joinsSQL = array();
$tablesWhereSQL = array();
if ($isModerator) {
if (!$params->get('list_show_blocked', 0)) {
$tablesWhereSQL['block'] = 'u.block = 0';
}
if (!$params->get('list_show_banned', 1)) {
$tablesWhereSQL['banned'] = 'ue.banned = 0';
}
if (!$params->get('list_show_unapproved', 0)) {
$tablesWhereSQL['approved'] = 'ue.approved = 1';
}
if (!$params->get('list_show_unconfirmed', 0)) {
$tablesWhereSQL['confirmed'] = 'ue.confirmed = 1';
}
} else {
$tablesWhereSQL = array('block' => 'u.block = 0', 'approved' => 'ue.approved = 1', 'confirmed' => 'ue.confirmed = 1', 'banned' => 'ue.banned = 0');
}
$joinsSQL[] = 'JOIN #__user_usergroup_map g ON g.`user_id` = u.`id`';
if ($userGroupIds) {
$tablesWhereSQL['gid'] = 'g.group_id IN ' . $_CB_database->safeArrayOfIntegers($userGroupIds);
}
foreach ($tableReferences as $table => $name) {
if ($name == 'u') {
$tablesSQL[] = $table . ' ' . $name;
} else {
$joinsSQL[] = 'JOIN ' . $table . ' ' . $name . ' ON ' . $name . '.`id` = u.`id`';
}
}
// Build the search criteria:
$searchValues = new stdClass();
$searchesFromFields = $tabs->applySearchableContents($searchableFields, $searchValues, $postData, $params->get('list_compare_types', 0));
$whereFields = $searchesFromFields->reduceSqlFormula($tableReferences, $joinsSQL, true);
if ($whereFields) {
$tablesWhereSQL[] = '(' . $whereFields . ')';
}
$_PLUGINS->trigger('onBeforeUsersListBuildQuery', array(&$tablesSQL, &$joinsSQL, &$tablesWhereSQL));
// Construct the FROM and WHERE for the userlist query:
$queryFrom = "FROM " . implode(', ', $tablesSQL) . (count($joinsSQL) ? "\n " . implode("\n ", $joinsSQL) : '') . "\n WHERE " . implode("\n AND ", $tablesWhereSQL) . " " . $filterBy;
$_PLUGINS->trigger('onBeforeUsersListQuery', array(&$queryFrom, 1, $listId));
// $ui = 1 (frontend)
$errorMsg = null;
// Checks if the list is being actively searched and it allows searching; otherwise reset back to normal:
$searchCount = count(get_object_vars($searchValues));
if ($params->get('list_search', 1) > 0 && $params->get('list_search_empty', 0) && !$searchCount) {
$searchMode = 1;
$listAll = false;
} else {
$listAll = $searchCount ? true : false;
}
if ($searchMode == 0 || $searchMode == 1 && $searchCount || $searchMode == 2) {
// Prepare the userlist count query for pagination:
$_CB_database->setQuery("SELECT COUNT( DISTINCT u.id ) " . $queryFrom);
$total = $_CB_database->loadResult();
if ($limit > $total || $limitstart >= $total) {
$limitstart = 0;
}
// Prepare the actual userlist query to build a list of users:
$query = "SELECT DISTINCT ue.*, u.*, '' AS 'NA' " . ($fieldsSQL ? ", " . $fieldsSQL . " " : '') . $queryFrom . " " . $orderBy;
$_CB_database->setQuery($query, (int) $limitstart, (int) $limit);
/** @var UserTable[] $users */
$users = $_CB_database->loadObjectList(null, '\\CB\\Database\\Table\\UserTable', array($_CB_database));
if (!$_CB_database->getErrorNum()) {
$profileLink = $params->get('allow_profilelink', 1);
// If users exist lets cache them and disable profile linking if necessary:
if ($users) {
foreach (array_keys($users) as $k) {
// Add this user to cache:
CBuser::setUserGetCBUserInstance($users[$k]);
if (!$profileLink) {
$users[$k]->set('_allowProfileLink', 0);
}
}
}
} else {
$errorMsg = CBTxt::T('UE_ERROR_IN_QUERY_TURN_SITE_DEBUG_ON_TO_VIEW', 'There is an error in the database query. Site admin can turn site debug to on to view and fix the query.');
}
if ($searchCount) {
$search = '';
} else {
$search = null;
}
if ($search === null && ($searchMode == 1 && $searchCount || $searchMode == 2)) {
$search = '';
}
} else {
$total = 0;
$users = array();
if ($search === null) {
$search = '';
}
}
$pageNav = new cbPageNav($total, $limitstart, $limit);
HTML_comprofiler::usersList($row, $users, $columns, $fields, $input, $search, $searchMode, $pageNav, $user, $searchableFields, $searchValues, $tabs, $errorMsg, $listAll, $random);
}
