/**
* Fills object with all standard items of a Notification record
*
* @param cbpaidPayHandler $payHandler
* @param int $test_ipn
* @param string $log_type
* @param string $paymentStatus
* @param string $paymentType
* @param string $reasonCode
* @param int $paymentTime
* @param string $charset
*/
public function initNotification($payHandler, $test_ipn, $log_type, $paymentStatus, $paymentType, $reasonCode, $paymentTime, $charset = 'utf-8')
{
$this->payment_method = $payHandler->getPayName();
$this->gateway_account = $payHandler->getAccountParam('id');
$this->log_type = $log_type;
$this->time_received = Application::Database()->getUtcDateTime();
$this->ip_addresses = cbpaidRequest::getIPlist();
$this->geo_ip_country_code = cbpaidRequest::getGeoIpCountryCode();
$this->notify_version = '2.1';
$this->user_id = (int) cbGetParam($_GET, 'user', 0);
$this->charset = $charset;
$this->test_ipn = $test_ipn;
$this->payer_status = 'unverified';
$this->payment_status = $paymentStatus;
if (in_array($paymentStatus, array('Completed', 'Pending', 'Processed', 'Failed', 'Reversed', 'Refunded', 'Partially-Refunded', 'Canceled_Reversal'))) {
if (in_array($paymentStatus, array('Completed', 'Reversed', 'Refunded', 'Partially-Refunded', 'Canceled_Reversal'))) {
$this->payment_date = gmdate('H:i:s M d, Y T', $paymentTime);
// paypal-style
}
$this->payment_type = $paymentType;
}
if ($reasonCode) {
$this->reason_code = $reasonCode;
}
}
/**
* Handles the gateway-specific result of payments (redirects back to this site and gateway notifications). WARNING: unchecked access !
*
* @param cbpaidPaymentBasket $paymentBasket New empty object. returning: includes the id of the payment basket of this callback (strictly verified, otherwise untouched)
* @param array $postdata _POST data for saving edited tab content as generated with getEditTab
* @param boolean $allowHumanHtmlOutput Input+Output: set to FALSE if it's an IPN, and if it is already false, keep quiet
* @return string HTML to display if frontend, text to return to gateway if notification, FALSE if registration cancelled and ErrorMSG generated, or NULL if nothing to display
*/
public function resultNotification( $paymentBasket, $postdata, &$allowHumanHtmlOutput )
{
$ret = null;
// $privateVarsList = 'id payment_method gateway_account user_id time_initiated time_completed ip_addresses mc_gross mc_currency quantity item_number item_name shared_secret payment_status';
if ( cbGetParam( $_GET, 'result' ) == 'cancel') {
// The user cancelled his payment (and registration):
/* this check is done in cbpaidsubscription AFTER we return, as well as the updatePayment() call:
$paymentBasketId = (int) $this->_getReqParam( 'basket' );
if ( $paymentBasket->load( (int) $paymentBasketId ) ) {
if ( $paymentBasket->payment_status == 'NotInitiated') {
*/
if ( $this->hashPdtBackCheck( $this->_getReqParam( 'pdtback', '' ) ) ) {
$paymentBasketId = (int) $this->_getReqParam( 'basket' );
$paymentBasket->id = $paymentBasketId;
$paymentBasket->payment_status = 'RegistrationCancelled';
$this->_setErrorMSG(CBPTXT::T("Payment cancelled."));
$ret = false;
}
}
return $ret;
}
case 'fixcbdb':
case 'fixacldb':
case 'fixcbmiscdb':
case 'fixcbdeprecdb':
TOOLBAR_usersextras::_TOOLS();
break;
case 'editPlugin':
if (isset($_CB_Backend_Menu->mode)) {
if (isset($_CB_Backend_Menu->menuItems) && $_CB_Backend_Menu->menuItems) {
// Done above: TOOLBAR_usersextras::_PLUGIN_MENU( $_CB_Backend_Menu->menuItems );
} elseif ($_CB_Backend_Menu->mode == 'show') {
TOOLBAR_usersextras::_PLUGIN_ACTION_SHOW();
} elseif ($_CB_Backend_Menu->mode == 'edit') {
TOOLBAR_usersextras::_PLUGIN_ACTION_EDIT();
}
}
break;
case 'pluginmenu':
$plugin = new PluginTable();
$result = $plugin->load((int) cbGetParam($_REQUEST, 'pluginid', -1));
if ($result) {
$pluginMenuToolbarFile = $_CB_framework->getCfg('absolute_path') . '/' . $_PLUGINS->getPluginRelPath($plugin) . '/toolbar.' . $plugin->element . '.php';
if (file_exists($pluginMenuToolbarFile)) {
/** @noinspection PhpIncludeInspection */
include_once $pluginMenuToolbarFile;
break;
}
}
TOOLBAR_usersextras::_DEFAULT_PLUGIN_MENU();
break;
}
function saveTab( $option ) {
global $_CB_database, $_CB_framework, $_POST;
$this->_importNeeded();
$this->_importNeededSave();
if ( isset( $_POST['params'] ) ) {
$_POST['params'] = cbParamsEditorController::getRawParamsMagicgpcEscaped( $_POST['params'] );
} else {
$_POST['params'] = '';
}
if ( ! isset( $_POST['tabid'] ) || ( count( $_POST ) == 0 ) ) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Missing post values') ) . "'); window.history.go(-2); </script>\n";
exit();
}
if ( $_POST['tabid'] ) {
$oldrow = new moscomprofilerTabs( $_CB_database );
if ( $oldrow->load( (int) $_POST['tabid'] )
&& ( ! in_array( $oldrow->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) ) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) . "'); window.history.go(-1);</script>\n";
exit;
}
}
$row = new moscomprofilerTabs( $_CB_database );
if (!$row->bind( $_POST )) {
echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-1); </script>\n";
exit();
}
if ( ! $row->ordering_register ) {
$row->ordering_register = 10;
}
$row->description = cleanEditorsTranslationJunk( trim( $row->description ) );
if (!$row->check()) {
echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n";
exit();
}
$row->tabid = (int) cbGetParam( $_POST, 'tabid', 0 );
if ( ! $row->store() ) {
echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n";
exit();
}
$row->checkin();
cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showTab" ), CBTxt::T('Successfully Saved Tab') . ": ". $row->title );
}
/**
* Gives the URL of a link with plugin parameters.
*
* @param array $paramArray array of string with key name of parameters
* @param string $task cb task to link to (default: userProfile)
* @param boolean $sefed TRUE to call cbSef (default), FALSE to leave URL unsefed
* @param array $excludeParamList of string with keys of parameters to not include
* @param string $format 'html', 'raw' (added in CB 1.2.3)
* @return string value of the parameter (htmlspecialchared)
*/
function _getAbsURLwithParam($paramArray, $task = 'userProfile', $sefed = true, $excludeParamList = null, $format = 'html')
{
global $_POST, $_GET;
if ($excludeParamList === null) {
$excludeParamList = array();
}
$prefix = $this->_getPrefix();
if ($task == 'userProfile') {
$Itemid = (int) getCBprofileItemid(0);
unset($paramArray['Itemid']);
} elseif (isset($paramArray['Itemid'])) {
$Itemid = (int) $paramArray['Itemid'];
unset($paramArray['Itemid']);
} elseif (isset($_POST['Itemid'])) {
$Itemid = (int) cbGetParam($_POST, 'Itemid', 0);
} elseif (isset($_GET['Itemid'])) {
$Itemid = (int) cbGetParam($_GET, 'Itemid', 0);
} else {
$Itemid = (int) getCBprofileItemid(0);
}
if ($task == 'userProfile' && !isset($paramArray['user'])) {
if (isset($_POST['user'])) {
$paramArray['user'] = urldecode(cbGetParam($_POST, 'user', null));
} else {
$paramArray['user'] = urldecode(cbGetParam($_GET, 'user', null));
}
}
if ($task == 'pluginclass') {
$plugin = $this->getPluginObject();
$unsecureChars = array('/', '\\', ':', ';', '{', '}', '(', ')', "\"", "'", '.', ',', "", ' ', "\t", "\n", "\r", "\v");
$paramArray['plugin'] = substr(str_replace($unsecureChars, '', $plugin->element), 0, 32);
$paramArray['tab'] = null;
} elseif (strtolower($task) == 'manageconnections') {
$paramArray['plugin'] = null;
$paramArray['tab'] = null;
} else {
$paramArray['plugin'] = null;
if (!isset($paramArray['tab'])) {
$paramArray['tab'] = strtolower(get_class($this));
}
}
$uri = 'index.php?option=com_comprofiler&task=' . $task . (isset($paramArray['user']) && $paramArray['user'] ? '&user='******'user'])) : '') . ($Itemid ? '&Itemid=' . $Itemid : '') . ($paramArray['tab'] ? '&tab=' . htmlspecialchars(stripslashes($paramArray['tab'])) : '') . ($paramArray['plugin'] ? '&plugin=' . htmlspecialchars(stripslashes($paramArray['plugin'])) : '');
reset($paramArray);
while (list($key, $val) = each($paramArray)) {
if (!in_array($key, array('Itemid', 'user', 'tab', 'plugin')) && !in_array($key, $excludeParamList)) {
if ($val) {
$uri .= '&' . htmlspecialchars($prefix . $key) . '=' . htmlspecialchars(stripslashes($val));
}
}
}
if ($sefed) {
return cbSef($uri, true, $format);
} else {
return $uri;
}
}
/**
* USED by XML interface ONLY !!! Renders invoice
*
* @param string $value
* @param ParamsInterface $params
* @return string HTML to display
*/
public function renderInvoice( $value, &$params ) {
global $_CB_framework;
if ( ( $_CB_framework->getUi() == 2 ) && ( $_CB_framework->myId() != 0 ) ) {
if ( cbpaidApp::getBaseClass() === null ) {
//TODO: check if this is even needed:
$pseudoPlugin = new getcbpaidsubscriptionsTab();
$pseudoPlugin->params =& $params;
cbpaidApp::getBaseClass( $pseudoPlugin );
}
$baseClass =& cbpaidApp::getBaseClass();
$itsmyself = true; // simulate user's view of invoice.
$baseClass->outputRegTemplate();
if ( strpos( cbGetParam( $_GET, 'invoice' ), ',') === false ) {
if ( $this->load( (int) $value ) ) {
$user = CBuser::getUserDataInstance( (int) $this->user_id );
}
return $this->displayInvoice( $user, $itsmyself, true );
} else {
$html = '<div class="cbregmultipage">';
foreach ( explode( ',', cbGetParam( $_GET, 'invoice' ) ) as $basketId ) {
$paymentBasket = new self();
if ( $paymentBasket->load( (int) $basketId ) ) {
$user = CBuser::getUserDataInstance( (int) $paymentBasket->user_id );
}
$html .= $paymentBasket->displayInvoice( $user, $itsmyself, false )
. '<hr class="cbregpagebreak" />';
if ( is_callable( array( 'CBuser', 'unsetUsersNotNeeded' ) ) ) {
// CB 1.8+:
CBuser::unsetUsersNotNeeded( array( (int) $paymentBasket->user_id ) );
}
unset( $paymentBasket, $user );
}
$html .= '</div>';
}
return $html;
}
return null;
}
/**
* Logs notification
*
* @param string $log_type
* @param int $now
* @param cbpaidPaymentBasket $paymentBasket
* @return cbpaidPaymentNotification
*/
private function _logNotification( $log_type, $now, $paymentBasket )
{
global $_CB_database;
$ipn = new cbpaidPaymentNotification($_CB_database);
$ipn->payment_method = $this->getPayName();
$ipn->gateway_account = $this->getAccountParam( 'id' );
$ipn->log_type = $log_type;
$ipn->time_received = date( 'Y-m-d H:i:s', $now );
$ipn->payment_basket_id = $paymentBasket->id;
$ipn->raw_data = '$_POST=' . var_export( $_POST, true ) . ';\n';
$ipn->raw_result = 'FREE_TRIAL';
$ipn->ip_addresses = cbpaidRequest::getIPlist();
$ipn->notify_version = '2.1';
$ipn->user_id = (int) cbGetParam( $_GET, 'user', 0 );
$ipn->charset = 'utf-8';
$ipn->test_ipn = 0;
$ipn->first_name = $paymentBasket->first_name;
$ipn->last_name = $paymentBasket->last_name;
$ipn->payer_status = 'unverified';
$ipn->item_name = $paymentBasket->item_name;
$ipn->item_number = $paymentBasket->item_number;
$ipn->quantity = $paymentBasket->quantity;
$ipn->custom = $paymentBasket->id;
$ipn->invoice = $paymentBasket->invoice;
$ipn->mc_currency = $paymentBasket->mc_currency;
$ipn->tax = '0.00';
$ipn->mc_gross = '0.00';
$ipn->payment_status = 'Completed';
$ipn->payment_date = date( 'H:i:s M d, Y T', $now ); // paypal-style
$ipn->payment_type = 'Free trial';
$ipn->txn_id = null;
$ipn->txn_type = 'web_accept';
$ipn->recurring = 0;
$_CB_database->insertObject( $ipn->getTableName(), $ipn, $ipn->getKeyName() );
return $ipn;
}
private function getGroups( $field, $postdata ) {
$value = cbGetParam( $postdata, $field->name, null, _CB_ALLOWRAW );
if ( is_array( $value ) ) {
if ( $value ) foreach ( $value as $k => $v ) {
if ( ( $v === null ) || ( $v === '' ) ) {
unset( $value[$k] );
}
}
if ( count( $value ) > 0 ) {
cbArrayToInts( $value );
$value = $this->_implodeCBvalues( $value );
} else {
$value = '';
}
} elseif ( ( $value === null ) || ( $value === '' ) ) {
$value = '';
} else {
$value = (int) $value;
}
return $value;
}
/**
* Direct access to field for custom operations, like for Ajax
*
* WARNING: direct unchecked access, except if $user is set, then check well for the $reason ...
*
* @param FieldTable $field
* @param UserTable $user
* @param array $postdata
* @param string $reason 'profile' for user profile view, 'edit' for profile edit, 'register' for registration, 'search' for searches
* @return string Expected output.
*/
public function getAjaxResponse( &$field, &$user, &$postdata, $reason )
{
global $_CB_framework, $_CB_database, $_PLUGINS, $ueConfig;
if ( ( cbGetParam( $_GET, 'function', null ) == 'savevalue' ) && $this->canAjax( $field, $user, 'html', $reason, true ) ) {
$field->set( '_noAjax', true );
if ( in_array( $field->get( 'name' ), array ( 'firstname', 'middlename', 'lastname' ) ) ) {
if ( $field->get( 'name' ) != 'firstname' ) {
$postdata['firstname'] = $user->get( 'firstname' );
}
if ( $field->get( 'name' ) != 'middlename' ) {
$postdata['middlename'] = $user->get( 'middlename' );
}
if ( $field->get( 'name' ) != 'lastname' ) {
$postdata['lastname'] = $user->get( 'lastname' );
}
}
$_PLUGINS->callField( $field->get( 'type' ), 'fieldClass', array( &$field, &$user, &$postdata, $reason ), $field );
$oldUserComplete = new UserTable( $_CB_database );
foreach ( array_keys( get_object_vars( $user ) ) as $k ) {
if ( substr( $k, 0, 1 ) != '_' ) {
$oldUserComplete->set( $k, $user->get( $k ) );
}
}
$orgValue = $user->get( $field->get( 'name' ) );
$_PLUGINS->callField( $field->get( 'type' ), 'prepareFieldDataSave', array( &$field, &$user, &$postdata, $reason ), $field );
$store = false;
if ( ! count( $_PLUGINS->getErrorMSG( false ) ) ) {
$_PLUGINS->callField( $field->get( 'type' ), 'commitFieldDataSave', array( &$field, &$user, &$postdata, $reason ), $field );
if ( ! count( $_PLUGINS->getErrorMSG( false ) ) ) {
if ( $_CB_framework->myId() == $user->get( 'id' ) ) {
$user->set( 'lastupdatedate', $_CB_framework->getUTCDate() );
}
$_PLUGINS->trigger( 'onBeforeUserUpdate', array( &$user, &$user, &$oldUserComplete, &$oldUserComplete ) );
$clearTextPassword = null;
if ( $field->get( 'name' ) == 'password' ) {
$clearTextPassword = $user->get( 'password' );
$user->set( 'password', $user->hashAndSaltPassword( $clearTextPassword ) );
}
$store = $user->store();
if ( $clearTextPassword ) {
$user->set( 'password', $clearTextPassword );
}
$_PLUGINS->trigger( 'onAfterUserUpdate', array( &$user, &$user, $oldUserComplete ) );
} else {
$_PLUGINS->callField( $field->get( 'type' ), 'rollbackFieldDataSave', array( &$field, &$user, &$postdata, $reason ), $field );
$_PLUGINS->trigger( 'onSaveUserError', array( &$user, $user->getError(), $reason ) );
}
}
if ( ! $store ) {
if ( $orgValue != $user->get( $field->get( 'name' ) ) ) {
$user->set( $field->get( 'name' ), $orgValue );
}
}
$return = null;
switch ( $field->get( 'type' ) ) {
case 'emailaddress';
$value = $user->get( $field->get( 'name' ) );
if ( $value ) {
if ( $ueConfig['allow_email'] == 1 ) {
$return .= '<a href="mailto:' . htmlspecialchars( $value ) . '" target="_blank">' . htmlspecialchars( $value ) . '</a>';
} else {
$return .= htmlspecialchars( $value );
}
}
break;
case 'primaryemailaddress';
$value = $user->get( $field->get( 'name' ) );
if ( $value && ( $ueConfig['allow_email_display'] != 4 ) ) {
switch ( $ueConfig['allow_email_display'] ) {
case 1:
$return .= htmlspecialchars( $value );
break;
case 2:
$return .= '<a href="mailto:' . htmlspecialchars( $value ) . '">' . htmlspecialchars( $value ) . '</a>';
break;
case 3:
$return .= '<a href="' . $_CB_framework->viewUrl( 'emailuser', true, array( 'uid' => (int) $user->get( 'id' ) ) ) . '" title="' . htmlspecialchars( CBTxt::T( 'UE_MENU_SENDUSEREMAIL_DESC', 'Send an Email to this user' ) ) . '">' . CBTxt::T( 'UE_SENDEMAIL', 'Send Email' ) . '</a>';
break;
}
}
break;
default:
$return .= $_PLUGINS->callField( $field->get( 'type' ), 'getFieldRow', array( &$field, &$user, 'html', 'none', $reason, 0 ), $field );
break;
}
$placeholder = cbReplaceVars( CBTxt::T( $field->params->get( 'ajax_placeholder' ) ), $user );
$emptyValue = cbReplaceVars( $ueConfig['emptyFieldsText'], $user );
if ( ( ( ! $return ) || ( $return == $emptyValue ) ) && $placeholder ) {
$return = $placeholder;
} elseif ( ( ! $return ) && ( ! $ueConfig['showEmptyFields'] ) ) {
$return = $emptyValue;
}
$error = $this->getFieldAjaxError( $field, $user, $reason );
$return = ( $error ? '<div class="alert alert-danger">' . $error . '</div>' : null ) . $return;
$field->set( '_noAjax', false );
return $return;
}
return null;
}
/**
* gets cookie set by cbSetcookie ! WARNING: always unescaped
* //TBD: add domain info in cookie-name
*
* @param string $name
* @param string|array $defaultValue
* @return string|array|null
*/
function getcookie( $name, $defaultValue = null ) {
global $_COOKIE;
return cbStripslashes( cbGetParam( $_COOKIE, $name, $defaultValue ) );
}
/**
* Direct access to field for custom operations, like for Ajax
*
* WARNING: direct unchecked access, except if $user is set, then check well for the $reason ...
*
* @param FieldTable $field
* @param UserTable $user
* @param array $postdata
* @param string $reason 'profile' for user profile view, 'edit' for profile edit, 'register' for registration, 'search' for searches
* @return string Expected output.
*/
public function fieldClass(&$field, &$user, &$postdata, $reason)
{
global $_CB_framework, $_CB_database, $_PLUGINS;
parent::fieldClass($field, $user, $postdata, $reason);
// Performs spoof check
$myId = (int) $_CB_framework->myId();
$userId = (int) $user->get('id');
$fieldId = (int) $field->get('fieldid');
$ipAddresses = cbGetIParray();
$ipAddress = trim(array_shift($ipAddresses));
$fieldName = $field->get('name');
$readOnly = $this->_isReadOnly($field, $user, $reason);
if (cbGetParam($_GET, 'function', null) == 'savevalue' && (!$readOnly && $this->getIncrementAccess($field, $user)) && $userId) {
$oldUserComplete = new UserTable($field->getDbo());
foreach (array_keys(get_object_vars($user)) as $k) {
if (substr($k, 0, 1) != '_') {
$oldUserComplete->set($k, $user->get($k));
}
}
$direction = stripslashes(cbGetParam($postdata, 'value'));
$value = (int) $user->get($fieldName);
if ($direction == 'plus') {
$increment = (int) $field->params->get('points_inc_plus', 1);
$value += $increment && $increment > 0 ? $increment : 0;
} elseif ($direction == 'minus') {
$increment = (int) $field->params->get('points_inc_minus', 1);
$value -= $increment && $increment > 0 ? $increment : 0;
$increment = $increment ? -$increment : 0;
} else {
$increment = 0;
}
$postdata[$fieldName] = $value;
if ($this->validate($field, $user, $fieldName, $value, $postdata, $reason) && $increment && (int) $user->get($fieldName) != $value) {
$query = 'INSERT INTO ' . $_CB_database->NameQuote('#__comprofiler_ratings') . "\n (" . $_CB_database->NameQuote('user_id') . ', ' . $_CB_database->NameQuote('type') . ', ' . $_CB_database->NameQuote('item') . ', ' . $_CB_database->NameQuote('target') . ', ' . $_CB_database->NameQuote('rating') . ', ' . $_CB_database->NameQuote('ip_address') . ', ' . $_CB_database->NameQuote('date') . ')' . "\n VALUES (" . $myId . ', ' . $_CB_database->Quote('field') . ', ' . $fieldId . ', ' . $userId . ', ' . (double) $increment . ', ' . $_CB_database->Quote($ipAddress) . ', ' . $_CB_database->Quote($_CB_framework->getUTCDate()) . ')';
$_CB_database->setQuery($query);
$_CB_database->query();
$user->set($fieldName, (int) $value);
$_PLUGINS->trigger('onBeforeUserUpdate', array(&$user, &$user, &$oldUserComplete, &$oldUserComplete));
$query = 'UPDATE ' . $_CB_database->NameQuote('#__comprofiler') . "\n SET " . $_CB_database->NameQuote($fieldName) . " = " . (int) $user->get($fieldName) . "\n WHERE " . $_CB_database->NameQuote('id') . " = " . $userId;
$_CB_database->setQuery($query);
if ($_CB_database->query()) {
$_PLUGINS->trigger('onAfterUserUpdate', array(&$user, &$user, $oldUserComplete));
}
}
}
return $this->getPointsHTML($field, $user, $reason, true);
}
/**
* Validates saving permissions of $postArray depending on $params
* Temporary hack!
*
* @param RegistryEditController $params The params editor
* @param array $postArray The array received from a POST of the form
* @return boolean|string
*/
public static function validateAndBindPost( $params, &$postArray ) {
if ( count( $postArray ) ) {
// Special handling for <param type="permissions"> fields:
$xmls = $params->_xml->xpath( 'descendant::param[@type="permissions"]' );
if ( count( $xmls ) > 0 ) {
/** @var $node SimpleXMLElement */
foreach ( $xmls as $node ) {
if ( isset( $postArray[$node->attributes( 'name' )] ) ) {
$rules = self::_save_permissions( $node->attributes( 'name' ), $postArray[$node->attributes( 'name' )], $node, '' );
if ( is_object( $rules ) ) {
// let's save the JSON string for future use:
$postArray[$node->attributes( 'name' )] = (string) $rules;
} elseif ( is_string( $rules ) ) {
return $rules;
}
}
}
}
// Special handling for <param onsave="class::method" key="firstparam" nosave="true"
$xmls = $params->_xml->xpath( 'descendant::param[@onsave]' );
if ( count( $xmls ) > 0 ) {
foreach ( $xmls as $node ) {
if ( isset( $postArray[$node->attributes( 'name' )] ) ) {
// Call static method of class with first attribute key, and second the value:
$classFunction = explode( '::', $node->attributes( 'onsave' ) );
$key = $node->attributes( 'key' );
if ( $classFunction && $key ) {
call_user_func_array( $classFunction, array( $key, cbGetParam( $postArray, $node->attributes( 'name' ) ) ) );
}
// Unset the posted variable if nosave="true":
if ( $node->attributes( 'nosave' ) == 'true' ) {
unset( $postArray[$node->attributes( 'name' )] );
}
}
}
}
}
return true;
}
/**
* @param string $option
*/
function saveRegistrationNOCHECKSLOL($option)
{
global $_CB_framework, $_CB_database, $ueConfig, $_POST, $_PLUGINS;
// Check rights to access:
if ($_CB_framework->getCfg('allowUserRegistration') == '0' && (!isset($ueConfig['reg_admin_allowcbregistration']) || $ueConfig['reg_admin_allowcbregistration'] != '1') || $_CB_framework->myId()) {
cbNotAuth();
return;
}
if (!isset($ueConfig['emailpass'])) {
$ueConfig['emailpass'] = '******';
}
$userComplete = new moscomprofilerUser($_CB_database);
// Pre-registration trigger:
$_PLUGINS->loadPluginGroup('user');
$_PLUGINS->trigger('onStartSaveUserRegistration', array());
if ($_PLUGINS->is_errors()) {
echo "<script type=\"text/javascript\">alert('" . addslashes($_PLUGINS->getErrorMSG()) . "'); </script>\n";
$oldUserComplete = new moscomprofilerUser($_CB_database);
$userComplete->bindSafely($_POST, $_CB_framework->getUi(), 'register', $oldUserComplete);
HTML_comprofiler::registerForm($option, $ueConfig['emailpass'], $userComplete, $_POST, $_PLUGINS->getErrorMSG("<br />"));
return;
}
// Check if this user already registered with exactly this username and password:
$username = cbGetParam($_POST, 'username', '');
$usernameExists = $userComplete->loadByUsername($username);
if ($usernameExists) {
$password = cbGetParam($_POST, 'password', '', _CB_ALLOWRAW);
if ($userComplete->verifyPassword($password)) {
$pwd_md5 = $userComplete->password;
$userComplete->password = $password;
$messagesToUser = activateUser($userComplete, 1, 'SameUserRegistrationAgain');
$userComplete->password = $pwd_md5;
echo "\n<div>" . implode("</div>\n<div>", $messagesToUser) . "</div>\n";
return;
} else {
$msg = sprintf(_UE_USERNAME_ALREADY_EXISTS, $username);
echo "<script type=\"text/javascript\">alert('" . addslashes($msg) . "'); </script>\n";
$oldUserComplete = new moscomprofilerUser($_CB_database);
$userComplete->bindSafely($_POST, $_CB_framework->getUi(), 'register', $oldUserComplete);
HTML_comprofiler::registerForm($option, $ueConfig['emailpass'], $userComplete, $_POST, htmlspecialchars($msg));
return;
}
}
// Store and check terms and conditions accepted (not a field yet !!!!):
if (isset($_POST['acceptedterms'])) {
$userComplete->acceptedterms = (int) cbGetParam($_POST, 'acceptedterms', 0) == 1 ? 1 : 0;
} else {
$userComplete->acceptedterms = null;
}
if ($ueConfig['reg_enable_toc']) {
if ($userComplete->acceptedterms != 1) {
echo "<script type=\"text/javascript\">alert('" . addslashes(cbUnHtmlspecialchars(_UE_TOC_REQUIRED)) . "'); </script>\n";
$oldUserComplete = new moscomprofilerUser($_CB_database);
$userComplete->bindSafely($_POST, $_CB_framework->getUi(), 'register', $oldUserComplete);
HTML_comprofiler::registerForm($option, $ueConfig['emailpass'], $userComplete, $_POST, _UE_TOC_REQUIRED . '<br />');
return;
}
}
// Set id to 0 for autoincrement and store IP address used for registration:
$userComplete->id = 0;
$userComplete->registeripaddr = cbGetIPlist();
// Store new user state:
$saveResult = $userComplete->saveSafely($_POST, $_CB_framework->getUi(), 'register');
if ($saveResult === false) {
echo "<script type=\"text/javascript\">alert('" . str_replace('\\\\n', '\\n', addslashes(strip_tags(str_replace('<br />', '\\n', $userComplete->getError())))) . "'); </script>\n";
HTML_comprofiler::registerForm($option, $ueConfig['emailpass'], $userComplete, $_POST, $userComplete->getError());
return;
}
if ($saveResult['ok'] === true) {
$messagesToUser = activateUser($userComplete, 1, "UserRegistration");
}
foreach ($saveResult['tabs'] as $res) {
if ($res) {
$messagesToUser[] = $res;
}
}
if ($saveResult['ok'] === false) {
echo "<script type=\"text/javascript\">alert('" . str_replace('\\\\n', '\\n', addslashes(strip_tags(str_replace('<br />', '\\n', $userComplete->getError())))) . "'); </script>\n";
HTML_comprofiler::registerForm($option, $ueConfig['emailpass'], $userComplete, $_POST, $userComplete->getError());
return;
}
$_PLUGINS->trigger('onAfterUserRegistrationMailsSent', array(&$userComplete, &$userComplete, &$messagesToUser, $ueConfig['reg_confirmation'], $ueConfig['reg_admin_approval'], true));
foreach ($saveResult['after'] as $res) {
if ($res) {
echo "\n<div>" . $res . "</div>\n";
}
}
if ($_PLUGINS->is_errors()) {
echo $_PLUGINS->getErrorMSG();
HTML_comprofiler::registerForm($option, $ueConfig['emailpass'], $userComplete, $_POST, $_PLUGINS->getErrorMSG());
return;
}
echo "\n<div>" . implode("</div>\n<div>", $messagesToUser) . "</div>\n";
}
/**
* Prepares and signs payflow payment $requestParams
*
* @param cbpaidPaymentBasket $paymentBasket
* @param bool $subscription
* @return array $requestParams
*/
private function _payflowPayment( $paymentBasket, $subscription = false )
{
$requestParams = array();
if ( $this->hasPaypalPayflow() ) {
$countries = new cbpaidCountries();
if ( $paymentBasket->period3 ) {
if ( $paymentBasket->period1 ) {
$amount = sprintf( '%.2f', $paymentBasket->mc_amount1 );
} else {
$amount = sprintf( '%.2f', $paymentBasket->mc_amount3 );
}
} else {
$amount = sprintf( '%.2f', $paymentBasket->mc_gross );
}
if ( $this->getAccountParam( 'normal_gateway' ) == '0' ) {
$requestParams['MODE'] = 'TEST';
}
$request = array( 'PARTNER' => 'PayPal',
'VENDOR' => $this->getAccountParam( 'paypal_payflow_vendor' ),
'USER' => $this->getAccountParam( 'paypal_payflow_user' ),
'PWD' => $this->getAccountParam( 'paypal_payflow_password' ),
'TRXTYPE' => 'S',
'AMT' => $amount,
'CREATESECURETOKEN' => 'Y',
'SECURETOKENID' => uniqid(),
'TEMPLATE' => $this->getAccountParam( 'template_layout', 'MINLAYOUT' ),
'ORDERDESC' => $paymentBasket->item_name,
'INVNUM' => $paymentBasket->invoice,
'CURRENCY' => $paymentBasket->mc_currency,
'USER1' => $paymentBasket->id,
'USER2' => $paymentBasket->user_id,
'USER3' => $paymentBasket->item_number,
'USER4' => ( $subscription ? 'R' : 'S' )
);
if ( $subscription ) {
$request['RECURRING'] = 'Y';
}
if ( $this->getAccountParam( 'givehiddenbillemail' ) && ( strlen( $paymentBasket->payer_email ) <= 127 ) ) {
$request['EMAIL'] = $paymentBasket->payer_email;
}
if ( $this->getAccountParam( 'givehiddenbilladdress' ) ) {
cbimport( 'cb.tabs' );
$addressFields = array( 'BILLTOFIRSTNAME' => array( $paymentBasket->first_name, 30 ),
'BILLTOLASTNAME' => array( $paymentBasket->last_name, 30 ),
'BILLTOSTREET' => array( $paymentBasket->address_street, 150 ),
'BILLTOZIP' => array( $paymentBasket->address_zip, 9 ),
'BILLTOCITY' => array( $paymentBasket->address_city, 45 ),
'BILLTOCOUNTRY' => array( $countries->countryToTwoLetters( $paymentBasket->address_country ), 2 )
);
if ( $paymentBasket->address_state != 'other' ) {
$addressFields['BILLTOSTATE'] = array( substr( $paymentBasket->address_state, -2 ), 2 );
}
foreach ( $addressFields as $k => $valueMaxlength ) {
$adrField = cbIsoUtf_substr( $valueMaxlength[0], 0, $valueMaxlength[1] );
if ( $adrField ) {
$request[$k] = $adrField;
}
}
}
if ( $this->getAccountParam( 'givehiddenbilltelno' ) && ( strlen( $paymentBasket->contact_phone ) <= 50 ) ) {
$request['BILLTOPHONENUM'] = $paymentBasket->contact_phone;
}
if ( $this->getAccountParam( 'givehiddenshipemail' ) && ( strlen( $paymentBasket->payer_email ) <= 127 ) ) {
$request['SHIPTOEMAIL'] = $paymentBasket->payer_email;
}
if ( $this->getAccountParam( 'givehiddenshipaddress' ) ) {
cbimport( 'cb.tabs' );
$addressFields = array( 'SHIPTOFIRSTNAME' => array( $paymentBasket->first_name, 30 ),
'SHIPTOLASTNAME' => array( $paymentBasket->last_name, 30 ),
'SHIPTOSTREET' => array( $paymentBasket->address_street, 150 ),
'SHIPTOZIP' => array( $paymentBasket->address_zip, 9 ),
'SHIPTOCITY' => array( $paymentBasket->address_city, 45 ),
'SHIPTOCOUNTRY' => array( $countries->countryToThreeLetters( $paymentBasket->address_country ), 3 )
);
if ( $paymentBasket->address_state != 'other' ) {
$addressFields['SHIPTOSTATE'] = array( substr( $paymentBasket->address_state, -2 ), 2 );
}
foreach ( $addressFields as $k => $valueMaxlength ) {
$adrField = cbIsoUtf_substr( $valueMaxlength[0], 0, $valueMaxlength[1] );
if ( $adrField ) {
$request[$k] = $adrField;
}
}
}
if ( $this->getAccountParam( 'givehiddenshiptelno' ) && ( strlen( $paymentBasket->contact_phone ) <= 50 ) ) {
$request['SHIPTOPHONENUM'] = $paymentBasket->contact_phone;
}
$formUrl = array();
foreach ( $request as $k => $v ) {
$formUrl[$k] = $k . '=' . $v;
}
$formUrl = implode( '&', $formUrl );
$results = array();
$response = null;
$status = null;
$error = $this->_httpsRequest( $this->gatewayUrl( 'psp' ), $formUrl, 105, $response, $status, 'post', 'normal' );
if ( $response ) {
parse_str( $response, $results );
}
if ( $error || ( $status != 200 ) || ( ! $response ) ) {
$this->_setLogErrorMSG( 3, null, $this->getPayName() . ' HTTPS POST request to payment gateway server failed.', CBPTXT::T( "Submitted subscription payment didn't return an error but didn't complete." ) . ' ' . CBPTXT::T( 'Please contact site administrator to check error log.' ) );
} else {
if ( cbGetParam( $results, 'RESULT' ) == '0' ) {
$requestParams['SECURETOKEN'] = cbGetParam( $results, 'SECURETOKEN' );
$requestParams['SECURETOKENID'] = cbGetParam( $results, 'SECURETOKENID' );
} else{
$this->_setLogErrorMSG( 3, null, $this->getPayName() . ' Paypal Payflow error returned. ERROR: ' . cbGetParam( $results, 'RESPMSG' ), CBPTXT::T( 'Please contact site administrator to check error log.' ) );
}
}
}
return $requestParams;
}
/**
* Update all field values for a given $fieldId to match $fieldValues[]
*
* @param int $fieldId Id of field
* @param array $fieldValues New or existing values: ordered array( array( 'fieldtitle' => 'Title of field', 'fieldlabel' => 'Label of field' ) )
* @return boolean Result
*/
public function updateFieldValues($fieldId, array $fieldValues)
{
$existingFieldValues = $this->getFieldValuesOfField($fieldId);
if ($fieldValues) {
// Remove deleted field values:
foreach ($existingFieldValues as $i => $existingFieldValue) {
$i = (int) $i;
$exists = false;
foreach ($fieldValues as $fieldValue) {
$fieldValue = (array) $fieldValue;
$id = (int) cbGetParam($fieldValue, 'fieldvalueid');
//TODO: Use new Input class
$title = trim(stripslashes(cbGetParam($fieldValue, 'fieldtitle')));
if ($id && $i == $id && $title != '') {
$exists = true;
break;
}
}
if (!$exists) {
if (!$this->delete($i)) {
return false;
}
unset($existingFieldValues[$i]);
}
}
// Insert new field values or update existing:
foreach ($fieldValues as $i => $fieldValue) {
$fieldValue = (array) $fieldValue;
$id = (int) cbGetParam($fieldValue, 'fieldvalueid');
//TODO: Use new Input class
$title = trim(stripslashes(cbGetParam($fieldValue, 'fieldtitle')));
$label = trim(stripslashes(cbGetParam($fieldValue, 'fieldlabel')));
if ($title != '') {
if (isset($existingFieldValues[$id])) {
$newFieldValue = $existingFieldValues[$id];
if ((int) $newFieldValue->get('fieldid') == (int) $fieldId && $newFieldValue->get('fieldtitle') == $title && $newFieldValue->get('fieldlabel') == $label && (int) $newFieldValue->get('ordering') == (int) ($i + 1)) {
continue;
}
} else {
$newFieldValue = new FieldValueTable($this->_db);
}
$newFieldValue->set('fieldid', (int) $fieldId);
$newFieldValue->set('fieldtitle', $title);
$newFieldValue->set('fieldlabel', $label);
$newFieldValue->set('ordering', (int) ($i + 1));
if (!$newFieldValue->store()) {
return false;
}
}
}
$this->updateOrder($this->_db->NameQuote('fieldid') . " = " . (int) $fieldId);
} else {
// Delete all current field values:
$query = 'DELETE' . "\n FROM " . $this->_db->NameQuote($this->_tbl) . "\n WHERE " . $this->_db->NameQuote('fieldid') . " = " . (int) $fieldId;
$this->_db->setQuery($query);
if (!$this->_db->query()) {
return false;
}
}
return true;
}
/**
* @param FieldTable $field
* @param UserTable $user
* @param array $postdata
* @param bool $joined
* @return null|string
*/
private function getValue( $field, $user, $postdata, $joined = false )
{
$value = cbGetParam( $postdata, $field->get( 'name' ), null, _CB_ALLOWRAW );
if ( ( $value === null ) || ( $value === '' ) || ( is_array( $value ) && ( count( $value ) <= 0 ) ) ) {
$value = '';
} else {
$options = $this->getGroups( $field, $user, true, $joined );
$groups = array();
foreach ( $options as $option ) {
$groups[] = $option->value;
}
if ( is_array( $value ) ) {
$values = array();
foreach ( $value as $k => $v ) {
$v = stripslashes( $v );
if ( in_array( $value, $groups ) ) {
$values[] = $v;
}
}
$value = $this->_implodeCBvalues( $values );
} else {
$value = stripslashes( $value );
if ( ! in_array( $value, $groups ) ) {
$value = null;
}
}
}
return $value;
}
/**
* Gets a cleaned value from a PHP global
*
* @param string $arn
* @param string $name
* @param mixed $def
* @return mixed
*/
protected static function _globalConv($arn, $name, $def = null)
{
switch ($arn) {
case 'request':
global $_REQUEST;
$value = cbGetParam($_REQUEST, $name, $def);
break;
case 'get':
global $_GET;
$value = cbGetParam($_GET, $name, $def);
break;
case 'post':
global $_POST;
$value = cbGetParam($_POST, $name, $def);
break;
case 'cookie':
global $_COOKIE;
$value = cbGetParam($_COOKIE, $name, $def);
break;
case 'cbcookie':
cbimport('cb.session');
$value = CBCookie::getcookie($name, $def);
break;
case 'session':
global $_SESSION;
$value = cbGetParam($_SESSION, $name, $def);
break;
case 'server':
global $_SERVER;
$value = cbGetParam($_SERVER, $name, $def);
break;
case 'env':
global $_ENV;
$value = cbGetParam($_ENV, $name, $def);
break;
default:
trigger_error(sprintf('SQLXML::globalconv error: unknown type %s for %s.', $arn, $name), E_USER_NOTICE);
$value = null;
break;
}
return stripslashes($value);
}
/**
* Checks ARB silent post hash
*
* @param array $postdata $_POST data to check
* @return bool TRUE: hash correct, FALSE: incorrect
*/
private function _checkHashARBsilent( $postdata )
{
$amount = sprintf( '%0.2f', (float) cbGetParam( $postdata, 'x_amount' ) );
$transid = cbGetParam( $postdata, 'x_trans_id' );
$hash = cbGetParam( $postdata, 'x_MD5_Hash' );
$mdhash = $this->getAccountParam( 'authorize_md_hash', '' );
return ( md5( $mdhash . $transid . $amount ) === strtolower( $hash ) );
}
function tabClass($option, $task, $uid)
{
global $_PLUGINS, $_REQUEST, $_POST;
if ($uid) {
$cbUser =& CBuser::getInstance((int) $uid);
if ($cbUser) {
$user =& $cbUser->getUserData();
} else {
$cbUser =& CBuser::getInstance(null);
$user = null;
}
} else {
$cbUser =& CBuser::getInstance(null);
$user = null;
}
$unsecureChars = array('/', '\\', ':', ';', '{', '}', '(', ')', "\"", "'", '.', ',', "", ' ', "\t", "\n", "\r", "\v");
if ($task == 'fieldclass') {
if ($user && $user->id) {
$uid = $user->id;
} else {
$uid = 0;
}
$msg = checkCBpermissions(array($uid), "edit", true);
$_PLUGINS->trigger('onBeforeUserProfileEditRequest', array($uid, &$msg, 2));
if ($msg) {
echo $msg;
return;
}
$fieldName = trim(substr(str_replace($unsecureChars, '', urldecode(stripslashes(cbGetParam($_REQUEST, "field")))), 0, 50));
if (!$fieldName) {
echo CBTxt::T('no field');
return;
}
$pluginName = null;
$tabClassName = null;
$method = null;
} elseif ($task == 'tabclass') {
$tabClassName = urldecode(stripslashes(cbGetParam($_REQUEST, "tab")));
if (!$tabClassName) {
return;
}
$pluginName = null;
$tabClassName = substr(str_replace($unsecureChars, '', $tabClassName), 0, 32);
$method = 'getTabComponent';
$fieldName = null;
} elseif ($task == 'pluginclass') {
$pluginName = urldecode(stripslashes(cbGetParam($_REQUEST, "plugin")));
if (!$pluginName) {
return;
}
$tabClassName = 'CBplug_' . strtolower(substr(str_replace($unsecureChars, '', $pluginName), 0, 32));
$method = 'getCBpluginComponent';
$fieldName = null;
} else {
throw new LogicException('Unexpected task for CB tabClass');
}
$tabs = $cbUser->_getCbTabs(false);
if ($task == 'fieldclass') {
$result = $tabs->fieldCall($fieldName, $user, $_POST, 'edit');
} else {
$result = $tabs->tabClassPluginTabs($user, $_POST, $pluginName, $tabClassName, $method);
}
if ($result === false) {
if ($_PLUGINS->is_errors()) {
echo "<script type=\"text/javascript\">alert(\"" . $_PLUGINS->getErrorMSG() . "\"); </script>\n";
}
} elseif ($result !== null) {
echo $result;
}
}
/**
* Saves the registration tab/area postdata into the tab's permanent storage
* @param moscomprofilerTab $tab the tab database entry
* @param moscomprofilerUser $user the user being displayed
* @param int $ui 1 for front-end, 2 for back-end
* @param array $postdata _POST data for saving edited tab content as generated with getEditTab
* @return mixed either string HTML for tab content, or false if ErrorMSG generated
*/
function saveRegistrationTab($tab, &$user, $ui, $postdata)
{
global $ueConfig, $_CB_framework, $mainframe;
// $mainframe needed by the require
if (!$this->_CheckYancInstalled()) {
return null;
}
$ret = null;
if (true) {
require_once $_CB_framework->getCfg('absolute_path') . _NEWSLETTERFILE;
$newslettersSubscriptions = new YancSubscription();
$lists = cbGetParam($postdata, 'newsLitems', array(0));
$html = cbGetParam($postdata, 'newsLhtml', 1);
$sendEmail = ($ueConfig['reg_confirmation'] != "1" and $ueConfig['reg_admin_approval'] != "1");
// $result = $newslettersSubscriptions->saveMassSubscribe($user, $lists, $html, $sendEmail);
foreach ($lists as $li) {
$result = $newslettersSubscriptions->saveSubscription($user, $li, $html, $sendEmail);
if ($result !== true) {
$this->_setErrorMSG($result);
$ret = false;
}
}
}
return $ret;
}
/**
* Saves legacy user edit display
*
* @param string $option
* @param string $task
*/
public function saveUser($option, $task = 'save')
{
global $_CB_framework, $_CB_Backend_task, $_POST, $_PLUGINS;
cbimport('language.all');
cbimport('cb.tabs');
cbimport('cb.params');
cbimport('cb.adminfilesystem');
cbimport('cb.imgtoolbox');
$userIdPosted = (int) cbGetParam($_POST, 'id', 0);
if ($userIdPosted == 0) {
$_POST['id'] = null;
}
$msg = $this->_authorizedEdit($userIdPosted);
if (!$msg) {
if ($userIdPosted != 0) {
$msg = checkCBpermissions(array($userIdPosted), 'save', true);
} else {
$msg = checkCBpermissions(null, 'save', true);
}
}
if ($userIdPosted != 0) {
$_PLUGINS->trigger('onBeforeUserProfileSaveRequest', array($userIdPosted, &$msg, 2));
}
if ($msg) {
cbRedirect($_CB_framework->backendViewUrl('showusers', false), $msg, 'error');
}
$_PLUGINS->loadPluginGroup('user');
// Get current user state:
if ($userIdPosted != 0) {
$userComplete = CBuser::getUserDataInstance($userIdPosted);
if (!($userComplete && $userComplete->id)) {
cbRedirect($_CB_framework->backendViewUrl('showusers', false), CBTxt::T('Your profile could not be updated.'), 'error');
}
} else {
$userComplete = new UserTable();
}
// Store new user state:
$saveResult = $userComplete->saveSafely($_POST, $_CB_framework->getUi(), 'edit');
if (!$saveResult) {
$regErrorMSG = $userComplete->getError();
$msg = checkCBpermissions(array((int) $userComplete->id), 'edit', true);
if ($userIdPosted != 0) {
$_PLUGINS->trigger('onBeforeUserProfileEditRequest', array((int) $userComplete->id, &$msg, 2));
}
if ($msg) {
cbRedirect($_CB_framework->backendViewUrl('showusers', false), $msg, 'error');
}
if ($userIdPosted != 0) {
$_PLUGINS->trigger('onAfterUserProfileSaveFailed', array(&$userComplete, &$regErrorMSG, 2));
} else {
$_PLUGINS->trigger('onAfterUserRegistrationSaveFailed', array(&$userComplete, &$regErrorMSG, 2));
}
$_CB_framework->enqueueMessage($regErrorMSG, 'error');
$_CB_Backend_task = 'edit';
// so the toolbar comes up...
$_PLUGINS->loadPluginGroup('user');
// resets plugin errors
$userView = _CBloadView('user');
/** @var CBController_user $userView */
$userView->edituser($userComplete, $option, $userComplete->user_id != null ? 0 : 1, $_POST);
return;
}
// Checks-in the row:
$userComplete->checkin();
if ($userIdPosted != 0) {
$_PLUGINS->trigger('onAfterUserProfileSaved', array(&$userComplete, 2));
} else {
$messagesToUser = array();
$_PLUGINS->trigger('onAfterSaveUserRegistration', array(&$userComplete, &$messagesToUser, 2));
}
if ($task == 'apply') {
cbRedirect($_CB_framework->backendViewUrl('edit', false, array('cid' => (int) $userComplete->user_id)), CBTxt::T('SUCCESSFULLY_SAVED_USER_USERNAME', 'Successfully Saved User: [username]', array('[username]' => $userComplete->username)));
} else {
cbRedirect($_CB_framework->backendViewUrl('showusers', false), CBTxt::T('SUCCESSFULLY_SAVED_USER_USERNAME', 'Successfully Saved User: [username]', array('[username]' => $userComplete->username)));
}
}
/**
* Checks messaging anti-spam
*
* @param boolean $autoBack TRUE: returns code 403 and attempts a "back" in browser with Javascript, FALSE: Returns error text
* @param boolean $allowPublic TRUE: Also checks for guests, FALSE: Only for registered and logged-in users
* @return null|string NULL: Ok, String: translated error text
*/
function cbAntiSpamCheck($autoBack = true, $allowPublic = false)
{
global $_POST;
$validateValuePost = cbGetParam($_POST, 'cbvssps', '');
cbimport('cb.session');
$validateValueCookie = CBCookie::getcookie('cbvs');
$parts0 = explode('_', $validateValuePost);
$parts1 = explode('_', $validateValueCookie);
$match = false;
if (count($parts0) == 3 && count($parts1) == 3) {
$validate = cbGetAntiSpams($parts0[2], $parts1[2], $allowPublic);
$match = $validateValuePost === $validate[0] || $validateValueCookie === $validate[1];
}
if (!$match) {
if ($autoBack) {
_cbExpiredSessionJSterminate();
} else {
return CBTxt::Th('UE_SESSION_EXPIRED', 'Session expired or cookies are not enabled in your browser. Please press "reload page" in your browser, and enable cookies in your browser.') . ' ' . CBTxt::Th('UE_PLEASE_REFRESH', 'Please refresh/reload page before filling-in.');
}
}
return null;
}
/**
* gets the chosen plans from the form, and checks if they are allowed for that user
* also gets the options of the plans
* In detail:
* gets an array of array of int as an array of int (removing first level), verifying that if index is not 0 the parent exists
* In each plan object there is a ->_options variable with a Registry object with the option values of the plan
*
* @param UserTable $user Reflecting the user being registered or saved
* @param string $name name of parameter in REQUEST URL
* @param cbpaidProduct[] $allowedPlans array of cbpaidProduct which are allowed
* @param boolean $isRegistration TRUE: Registration process (guest), or FALSE: upgrade-process (logged-in user)
* @param string $reason Subscription reason: 'N'=new subscription (default), 'R'=renewal, 'U'=update
* @param boolean $returnPlans TRUE: returns plan objects or FALSE: returns plan ids only.
* @param string $postfix postfix for identifying multiple plans spaces (optional)
* @return int[]|cbpaidProduct[]|string ARRAY of int|of cbpaidProducts : Plans which are selected within hierarchy (according to the post, to be rechecked !) or STRING: error message.
*/
protected function & _planGetAndCheckReqParamArray( &$user, $name, &$allowedPlans, $isRegistration, $reason, $returnPlans = false, $postfix = '' ) {
global $_CB_framework, $_POST;
$params =& cbpaidApp::settingsParams();
$enableFreeRegisteredUser = $params->get( 'enableFreeRegisteredUser', 1 );
$createAlsoFreeSubscriptions = $params->get( 'createAlsoFreeSubscriptions', 0 );
$ui = $_CB_framework->getUi();
if ( ! $isRegistration ) {
if ( $ui == 1 ) {
$userId = (int) cbGetParam( $_POST, 'user', 0 );
} else {
$userId = (int) cbGetParam( $_POST, 'id', 0 );
}
} else {
$userId = null;
}
$selectedPlanIds = $this->_plangetReqParamArray( $name, $postfix );
/// $validSub = array();
// 1. checks that selected plans hierarchy is respected:
$ok = true;
$plansMgr = null;
foreach ( $selectedPlanIds as $id ) {
if ( $id != 0 ) { // ignore "None" plan in backend edit profile
$ok = false;
// foreach ( $allowedPlans as $planid => $p ) {
if ( isset( $allowedPlans[(int) $id] ) ) {
$p = $allowedPlans[(int) $id];
if ( $id == $p->id ) {
$parentOk = true;
$parentId = $p->get( 'parent' );
if ( $parentId != 0 ) {
// the selected plan has a parent plan: check if parent plan is also chosen or already subscribed and active:
$parentOk = false;
foreach ($selectedPlanIds as $selPlanId ) {
if ( $parentId == $selPlanId ) {
$parentOk = true;
break;
}
}
if ( ( ! $isRegistration ) && ( ! $parentOk ) ) {
// try to see if user is subscribed already to the parent plan:
if ( $userId ) {
if ( $plansMgr === null ) {
$plansMgr =& cbpaidPlansMgr::getInstance();
}
$plan = $plansMgr->loadPlan( $parentId );
/** @var $plan cbpaidProduct */
if ( $plan ) {
// Check if allow free lifetime users without need to create such subscriptions:
if ( $enableFreeRegisteredUser && ( ! $createAlsoFreeSubscriptions ) && $plan->isLifetimeValidity() && $plan->isFree() ) {
$parentOk = true;
} else {
$sub = $plan->newSubscription();
/** @var $sub cbpaidSomething */
if ( $sub->loadValidUserSubscription( $userId ) ) {
$parentOk = true;
/// $validSub[$parentId] = $sub->id;
}
}
}
}
}
}
if ( $parentOk ) {
$ok = true;
}
break;
}
}
if ( ! $ok ) {
break;
}
}
}
if ( ! $ok ) {
$selectedPlanIds = CBPTXT::T("Chosen plans combination is not allowed (you must choose coherent plans selection, e.g. parent subscriptions to a plan must be active).");
} else {
// 2. Check that all exclusivities are respected:
$plansMgr =& cbpaidPlansMgr::getInstance();
// 2.a. build array of exclusive [parent][plan]:
$exclusiveChildren = array();
// 2.a.1. add the plans just selected now:
foreach ($allowedPlans as $id => $p ) {
if ( $p->get( 'exclusive' ) ) {
$exclusiveChildren[$p->get( 'parent' )][$p->get( 'id' )] = ( in_array( $id, $selectedPlanIds ) ? 1 : 0 );
}
}
// 2.a.2. add the plans already subscribed with active subscription (if we are not just upgrading that level):
$ValidUserPlans = array();
$validSubExists = array();
if ( ( ! $isRegistration ) && $userId ) {
foreach ( $exclusiveChildren as $parentId => $exclPlansArray ) {
if ( $parentId != 0 ) {
$plan = $plansMgr->loadPlan( $parentId );
if ( $plan ) {
$sub = $plan->newSubscription();
$ValidUserPlans[$parentId] = ( $sub->loadValidUserSubscription( $userId ) );
} else {
$selectedPlanIds = CBPTXT::T("Chosen plan has a parent plan configured that doesn't exist anymore.");
}
}
$numberOfSelected = array_sum( $exclPlansArray );
if ( $numberOfSelected == 0 ) {
$firstFreeLifeTime = array();
// foreach ( $exclPlansArray as $childId => $selected )
foreach ( array_keys( $exclPlansArray ) as $childId ) {
$plan = $plansMgr->loadPlan( $childId );
if ( ( ! isset( $firstFreeLifeTime[$parentId] ) ) && ( $enableFreeRegisteredUser && ( ! $createAlsoFreeSubscriptions ) && $plan->isLifetimeValidity() && $plan->isFree() ) ) {
$firstFreeLifeTime[$parentId] = $plan->get( 'id' );
}
if ( ! isset( $ValidUserPlans[$childId] ) ) {
$sub = $plan->newSubscription();
$ValidUserPlans[$childId] = ( $sub->loadValidUserSubscription( $userId ) );
}
if ( $ValidUserPlans[$childId] ) {
$exclusiveChildren[$parentId][$childId] = 1;
$validSubExists[$parentId] = 1;
}
}
}
}
}
// 2.b. check that exactly 1 exclusive plan is selected at each level (including still valid subscribed plans) which matters:
if ( ! ( ( $ui == 2 ) && ( $selectedPlanIds == array( '0' ) ) ) ) { // ignore "None" plan in backend edit profile
foreach ( $exclusiveChildren as $parentId => $exclPlansArray ) {
$numberOfSelected = array_sum( $exclPlansArray );
if ( $numberOfSelected > 1 ) {
$selectedPlanIds = CBPTXT::T("Chosen plans combination is not allowed (you can't choose more than one mandatory plan).") . $numberOfSelected;
break;
}
elseif ( ( $numberOfSelected == 0 ) && ( ! isset( $validSubExists[$parentId] ) ) && ( ! isset( $firstFreeLifeTime[$parentId] ) ) ) {
if ( ( $parentId == 0 ) || in_array( $parentId, $selectedPlanIds ) || ( isset( $ValidUserPlans[$parentId] ) && ( $ValidUserPlans[$parentId] == true ) ) )
{
$selectedPlanIds = CBPTXT::T("Chosen plans combination is not allowed (you must choose coherent plans selection, e.g. mandatory subscription(s) must be active or mandatory plan(s) must be chosen).");
$names = array();
foreach ( array_keys( $exclPlansArray ) as $childId ) {
$exclPlan =& $plansMgr->loadPlan( $childId );
/** @var $exclPlan cbpaidProduct */
$names[] = $exclPlan->get( 'name' );
}
if ( $parentId ) {
$parentPlan =& $plansMgr->loadPlan( $parentId );
/** @var $parentPlan cbpaidProduct */
$parentName = $parentPlan->get( 'name' );
$selectedPlanIds .= ' ' . CBPTXT::T( sprintf( "'%s' has mandatory options '%s' and none is selected." , $parentName, implode( "', '", $names ) ) );
}
break;
}
}
}
}
// 3. Checks that all selected plans' conditions are met:
if ( is_array( $selectedPlanIds ) ) {
foreach ( $selectedPlanIds as $id ) {
if ( $id ) {
$plan =& $plansMgr->loadPlan( $id );
if ( $plan ) {
if ( ! $plan->checkActivateConditions( $user, $reason, $selectedPlanIds ) ) {
// Error text will be in selectedPlanIds in case of error returning false:
break;
}
}
}
}
}
// 4. Checks done:
if ( $returnPlans && is_array( $selectedPlanIds ) && ( count( $selectedPlanIds ) > 0 ) ) {
// if returning selected plans, sort them in same order and with same keys as corresponding allowed plans:
global $_PLUGINS;
$_PLUGINS->loadPluginGroup( 'user', 'cbsubs.' );
$_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin');
$selectedPlans = array();
foreach ($allowedPlans as $id => $p ) {
if ( in_array( $id, $selectedPlanIds ) ) {
/** @var cbpaidProduct[] $selectedPlans */
$selectedPlans[(int) $id] = $allowedPlans[$id];
$selectionId = 'plan' . $id;
$selectionName = 'plan' . ( $selectedPlans[$id]->get( 'exclusive' ) ? 'E' : 'N' ) . '[' . (int) $selectedPlans[$id]->parent . ']';
$selectionValue = $id;
$view = $selectedPlans[$id]->getViewer();
$paramsOrString = $view->getOptions( $selectionId, $selectionName, $selectionValue, $reason );
if ( is_string( $paramsOrString ) ) {
$selectedPlans = $paramsOrString; // error message
break;
}
$selectedPlans[(int) $id]->_options = $paramsOrString;
$selectedPlans[(int) $id]->_integrations = new Registry( '' );
$_PLUGINS->trigger( 'onCPayAfterPlanSelected', array( &$selectedPlans[(int) $id], &$selectedPlans[(int) $id]->_integrations , $reason ) );
if ( $_PLUGINS->is_errors() ) {
$selectedPlans = $_PLUGINS->getErrorMSG();
break;
}
}
}
return $selectedPlans;
}
}
return $selectedPlanIds;
}
/**
* Gets html code for all cb tabs, sorted by position (default: all, no position name in db means "cb_tabmain")
*
* @param UserTable $user CB user object to display
* @param string $position Name of position if only one position to display (default: null)
* @return array Array of string with html to display at each position, key = position name, or NULL if position is empty.
*
* @throws \LogicException
*/
public function getViewTabs($user, $position = '')
{
global $_CB_framework, $ueConfig;
// returns cached rendering if needed:
static $renderedCache = array();
if (isset($renderedCache[$user->id])) {
if ($position == '') {
return $renderedCache[$user->id];
}
if (isset($renderedCache[$user->id][$position])) {
return array($position => $renderedCache[$user->id][$position]);
}
}
// detects recursion loops (e.g. trying to render a position within a position !):
static $callCounter = 0;
if ($callCounter++ > 10) {
throw new \LogicException('Rendering recursion for CB position: ' . $position, 500);
}
// loads the tabs and generate the inside content of the tab:
$this->generateViewTabsContent($user, $position);
// recursion counter decrement:
$callCounter--;
if (!isset($this->tabsToDisplay[$position])) {
return null;
}
// $output = 'html';
$tabsMap = array();
$html = array();
$results = array();
$oNest = array();
$oNestVert = array();
$oMenu = array();
$oMenuNest = array();
$oVert = array();
$i = 0;
//Pass 3: generate formatted output for each position by display type (keeping tabs together in each position)
foreach ($this->tabsToDisplay[$position] as $k => $oTab) {
if ($oTab->pluginclass) {
$tabsMap[strtolower($oTab->pluginclass)] = $oTab->tabid;
}
$pos = $oTab->position;
if (!isset($html[$pos])) {
$html[$pos] = '';
$results[$pos] = '';
$oNest[$pos] = '';
$oNestVert[$pos] = '';
$oMenu[$pos] = '';
$oMenuNest[$pos] = '';
$oVert[$pos] = '';
}
// handles content of tab:
$tabContent = $this->tabsContents[$k];
if ($tabContent != '' || $oTab->fields && $oTab->_fieldsCount > 0 && isset($ueConfig['showEmptyTabs']) && $ueConfig['showEmptyTabs'] == 1) {
$overlaysWidth = '400';
//BB later this could be one more tab parameter...
$tabTitle = $this->_callTabPlugin($oTab, $user, $oTab->pluginclass, 'getTabTitle', $oTab->pluginid);
switch ($oTab->displaytype) {
// case "template":
// $cbTemplate = HTML_comprofiler::_cbTemplateLoad();
// $html[$pos] .= HTML_comprofiler::_cbTemplateRender( $cbTemplate, $user, 'Profile', 'drawTab', array( &$user, $oTab, $tabTitle, $tabContent, 'cb_tabid_' . $oTab->tabid ), $output );
// break;
case "html":
$html[$pos] .= '<div class="cb_tab_content cb_tab_html' . ($oTab->cssclass ? ' ' . htmlspecialchars($oTab->cssclass) : null) . '" id="cb_tabid_' . (int) $oTab->tabid . '">' . $tabContent . '</div>';
break;
case "div":
$html[$pos] .= '<div class="cb_tab_content cb_tab_div' . ($oTab->cssclass ? ' ' . htmlspecialchars($oTab->cssclass) : null) . '" id="cb_tabid_' . (int) $oTab->tabid . '">' . '<div class="cb_tab_content_heading page-header"><h4>' . $tabTitle . '</h4></div>' . $tabContent . '</div>';
break;
case "rounddiv":
$html[$pos] .= '<div class="cb_tab_container cb_tab_rounddiv panel panel-default' . ($oTab->cssclass ? ' ' . htmlspecialchars($oTab->cssclass) : null) . '">' . '<div class="panel-heading">' . $tabTitle . '</div>' . '<div class="cb_tab_content panel-body" id="cb_tabid_' . (int) $oTab->tabid . '">' . $tabContent . '</div>' . '</div>';
break;
case "roundhtml":
$html[$pos] .= '<div class="cb_tab_container cb_tab_roundhtml panel panel-default' . ($oTab->cssclass ? ' ' . htmlspecialchars($oTab->cssclass) : null) . '">' . '<div class="cb_tab_content panel-body" id="cb_tabid_' . (int) $oTab->tabid . '">' . $tabContent . '</div>' . '</div>';
break;
case "overlib":
$fieldTip = '<div class="cb_tab_content cb_tab_overlib' . ($oTab->cssclass ? ' ' . htmlspecialchars($oTab->cssclass) : null) . '" id="cb_tabid_' . (int) $oTab->tabid . '" style="width:100%">' . $tabContent . '</div>';
$html[$pos] .= cbTooltip($this->ui, $fieldTip, $tabTitle, $overlaysWidth, null, $tabTitle, null, 'data-cbtooltip-position-target="mouse" data-cbtooltip-tip-hide="true" class="cb_tab_overlib_container"');
break;
case "overlibfix":
$fieldTip = '<div class="cb_tab_content cb_tab_overlib_fix' . ($oTab->cssclass ? ' ' . htmlspecialchars($oTab->cssclass) : null) . '" id="cb_tabid_' . (int) $oTab->tabid . '" style="width:100%">' . $tabContent . '</div>';
$html[$pos] .= cbTooltip($this->ui, $fieldTip, $tabTitle, $overlaysWidth, null, $tabTitle, null, 'data-cbtooltip-delay="200" class="cb_tab_overlib_fix_container"');
break;
case "overlibsticky":
$fieldTitle = '<button type="button" class="cb_tab_overlib_sticky_button btn btn-default">' . $tabTitle . '</button>';
$fieldTip = '<div class="cb_tab_content cb_tab_overlib_sticky' . ($oTab->cssclass ? ' ' . htmlspecialchars($oTab->cssclass) : null) . '" id="cb_tabid_' . (int) $oTab->tabid . '" style="width:100%">' . $tabContent . '</div>';
$html[$pos] .= cbTooltip($this->ui, $fieldTip, $tabTitle, $overlaysWidth, null, $fieldTitle, null, 'data-cbtooltip-open-event="click" data-cbtooltip-close-event="click unfocus" class="cb_tab_overlib_sticky_container"');
break;
case "nested":
$oNest[$pos] .= $this->startTab('CBNested' . $pos, $tabTitle, $oTab->tabid, array('tab' => 'cbTabNavNested' . ($oTab->cssclass ? ' ' . $oTab->cssclass : null), 'pane' => 'cbTabPaneNested' . ($oTab->cssclass ? ' ' . $oTab->cssclass : null))) . '<div class="cb_tab_content cb_tab_nested" id="cb_tabid_' . $oTab->tabid . '">' . $tabContent . '</div>' . $this->endTab();
$i++;
break;
case "nestedvertical":
$oNestVert[$pos] .= $this->startTab('CBNestedVertical' . $pos, $tabTitle, $oTab->tabid, array('tab' => 'cbTabNavNestedVertical' . ($oTab->cssclass ? ' ' . $oTab->cssclass : null), 'pane' => 'cbTabPaneNestedVertical' . ($oTab->cssclass ? ' ' . $oTab->cssclass : null))) . '<div class="cb_tab_content cb_tab_vertical_nested" id="cb_tabid_' . $oTab->tabid . '">' . $tabContent . '</div>' . $this->endTab();
$i++;
break;
case "menu":
$oMenu[$pos] .= $this->startTab('CBMenu' . $pos, $tabTitle, $oTab->tabid, array('tab' => 'cbTabNavMenu' . ($oTab->cssclass ? ' ' . $oTab->cssclass : null), 'pane' => 'tab-pane cbTabPaneMenu' . ($oTab->cssclass ? ' ' . $oTab->cssclass : null), 'override' => true)) . '<div class="cb_tab_content cb_tab_menu" id="cb_tabid_' . $oTab->tabid . '">' . $tabContent . '</div>' . $this->endTab();
$i++;
break;
case "menunested":
$oMenuNest[$pos] .= $this->startTab('CBMenu' . $pos, $tabTitle, $oTab->tabid, array('tab' => 'cbTabNavMenuNested' . ($oTab->cssclass ? ' ' . $oTab->cssclass : null), 'pane' => 'tab-pane cbTabPaneMenuNested' . ($oTab->cssclass ? ' ' . $oTab->cssclass : null), 'override' => true)) . '<div class="cb_tab_content cb_tab_menu_nested" id="cb_tabid_' . $oTab->tabid . '">' . $tabContent . '</div>' . $this->endTab();
$i++;
break;
case "vertical":
$oVert[$pos] .= $this->startTab('CBVertical' . $pos, $tabTitle, $oTab->tabid, array('tab' => 'cbTabNavVertical' . ($oTab->cssclass ? ' ' . $oTab->cssclass : null), 'pane' => 'cbTabPaneVertical' . ($oTab->cssclass ? ' ' . $oTab->cssclass : null))) . '<div class="cb_tab_content cb_tab_vertical" id="cb_tabid_' . $oTab->tabid . '">' . $tabContent . '</div>' . $this->endTab();
$i++;
break;
case "tab":
default:
$results[$pos] .= $this->startTab($pos, $tabTitle, $oTab->tabid, array('tab' => $oTab->cssclass, 'pane' => $oTab->cssclass)) . '<div class="cb_tab_content cb_tab_main" id="cb_tabid_' . $oTab->tabid . '">' . $tabContent . '</div>' . $this->endTab();
$i++;
break;
}
}
}
//foreach tab
// Pass 4: concat different types, generating tabs preambles/postambles:
foreach ($html as $pos => $val) {
if ($oNest[$pos]) {
$results[$pos] .= $this->startTab($pos, CBTxt::T('TABS_NESTED_MORE TABS_NESTED_HORIZONTAL_MORE', 'More'), $pos . 0, array('tab' => 'cbTabNavNested', 'pane' => 'cbTabPaneNested')) . '<div class="cb_tab_container cb_tab_nested_main" id="cb_position_' . $pos . '">' . $this->startPane('CBNested' . $pos, array('container' => 'cbTabsNested', 'nav' => 'cbTabsNavNested', 'content' => 'cbTabsContentNested')) . $oNest[$pos] . $this->endPane() . '</div>' . $this->endTab();
}
if ($oNestVert[$pos]) {
$oVert[$pos] .= $this->startTab($pos, CBTxt::T('TABS_NESTED_MORE TABS_NESTED_VERTICAL_MORE', 'More'), $pos . 0, array('tab' => 'cbTabNavVertical', 'pane' => 'cbTabPaneVertical')) . '<div class="cb_tab_content cb_tab_nested_vertical" id="cb_position_' . $pos . '">' . $this->startPane('CBNestedVertical' . $pos, array('container' => 'cbTabsNestedVertical', 'nav' => 'cbTabsNavNestedVertical', 'content' => 'cbTabsContentNestedVertical')) . $oNestVert[$pos] . $this->endPane() . '</div>' . $this->endTab();
}
if ($oMenu[$pos] || $oMenuNest[$pos]) {
static $oMenuJS = 0;
if (!$oMenuJS++) {
$js = "\$( '.cbTabsMenuNavBar' ).on( 'click', '.navbar-toggle', function() {" . "if ( ! \$( this ).hasClass( 'dropdown-toggle' ) ) {" . "var navbar = \$( this ).closest( '.cbTabsMenuNavBar' ).find( '.navbar-collapse' );" . "var toggle = \$( this ).closest( '.cbTabsMenuNavBar' ).find( '.navbar-toggle' );" . "if ( toggle.hasClass( 'collapsed' ) ) {" . "navbar.addClass( 'in' );" . "toggle.removeClass( 'collapsed' );" . "} else {" . "navbar.removeClass( 'in' );" . "toggle.addClass( 'collapsed' );" . "}" . "}" . "}).find( '.cbScroller' ).cbscroller({" . "ignore: '.cbTabNavMenuMore,.cbTabNavMenuNested'," . "height: false" . "});" . "\$( '.cbTabsMenu' ).on( 'cbtabs.selected', function( e, event, cbtabs, tab ) {" . "var dropdownNav = \$( event.target ).closest( '.cbTabsMenuNavBar' );" . "if ( dropdownNav.length ) {" . "var toggle = dropdownNav.find( '.navbar-toggle' );" . "if ( ! toggle.hasClass( 'collapsed' ) ) {" . "toggle.click();" . "}" . "}" . "var dropdownTab = \$( event.target ).closest( '.cbTabNavMenuNested' );" . "if ( dropdownTab.length ) {" . "if ( dropdownTab.closest( '.cbTabNavMoreDropdown' ).length ) {" . "dropdownTab.siblings().removeClass( 'active' );" . "dropdownTab.addClass( 'active' );" . "}" . "}" . "});" . "\$( window ).load( function(){" . "\$( '.cbTabNavMenuMore' ).on( 'cbtooltip.show', function( e, cbtooltip, event, api ) {" . "if ( \$( this ).siblings( '.active' ).length ) {" . "api.elements.content.find( '.cbTabNav' ).removeClass( 'active' );" . "}" . "});" . "});";
$_CB_framework->outputCbJQuery($js, 'cbscroller');
}
if ($oMenuNest[$pos]) {
$more = '<li class="cbTabNavMore cbTabNavMenuMore cbTooltip dropdown" data-cbtooltip-tooltip-target="#cbtabs' . htmlspecialchars('CBMenu' . $pos) . 'More" data-cbtooltip-menu="true" data-cbtooltip-classes="qtip-nostyle cbTabNavMoreDropdown cbMenuDropdown" data-cbtooltip-adjust-y="0" data-cbtooltip-open-classes="open active">' . '<button type="button" class="cbTabNavMenuMoreBtn dropdown-toggle navbar-toggle">' . '<span class="icon-bar"></span>' . '<span class="icon-bar"></span>' . '<span class="icon-bar"></span>' . '</button>' . '<a href="javascript:void(0);" class="cbTabNavMenuMoreLink dropdown-toggle">' . CBTxt::T('TABS_NESTED_MORE TABS_NESTED_MENU_MORE', 'More') . ' <b class="fa fa-caret-down"></b></a>' . '<ul id="cbtabs' . htmlspecialchars('CBMenu' . $pos) . 'More" class="cbSubMenu dropdown-menu"></ul>' . '</li>';
$js = "\$( '#cbtabs" . addslashes('CBMenu' . $pos) . "' ).find( '.cbTabsNav:first' ).append( '" . addslashes($more) . "' );" . "\$( '#cbtabs" . addslashes('CBMenu' . $pos) . "' ).find( '.cbTabsNav:first' ).children( '.cbTabNavMenuNested' ).appendTo( '#cbtabs" . addslashes('CBMenu' . $pos) . "More' );";
$_CB_framework->outputCbJQuery($js);
}
$html[$pos] .= '<div class="cbTabs cbTabsMenu' . ($oMenuNest[$pos] ? ' cbTabsMenuMore' : null) . '" id="cbtabs' . htmlspecialchars('CBMenu' . $pos) . '">' . '<div class="cbTabsMenuNavBar' . ($oMenuNest[$pos] ? ' cbTabsMenuNavBarMore' : null) . ' navbar navbar-default">' . '<div class="container-fluid">' . '<div class="navbar-header">' . '<button type="button" class="cbTabsMenuNavBarToggle navbar-toggle collapsed">' . '<span class="icon-bar"></span>' . '<span class="icon-bar"></span>' . '<span class="icon-bar"></span>' . '</button>' . '</div>' . '<div class="collapse navbar-collapse cbScroller">' . '<div class="cbScrollerLeft hidden">' . '<button type="button" class="btn btn-xs btn-default"><span class="fa fa-angle-left"></span></button>' . '</div>' . '<ul class="cbTabsNav cbTabsMenuNav' . ($oMenuNest[$pos] ? ' cbTabsMenuNavMore' : null) . ' nav navbar-nav cbScrollerContent"></ul>' . '<div class="cbScrollerRight hidden">' . '<button type="button" class="btn btn-xs btn-default"><span class="fa fa-angle-right"></span></button>' . '</div>' . '</div>' . '</div>' . '</div>' . '<div class="cbTabsContent cbTabsMenuContent tab-content">' . $oMenu[$pos] . $oMenuNest[$pos] . '</div>' . '</div>';
}
if ($oVert[$pos]) {
$html[$pos] .= $this->startPane('CBVertical' . $pos, array('container' => 'row cbTabsVertical', 'nav' => 'nav-stacked col-md-3 cbTabsNavVertical', 'content' => 'col-md-9 cbTabsContentVertical')) . $oVert[$pos] . $this->endPane();
}
if ($results[$pos]) {
if ($val) {
$html[$pos] .= '<br />';
}
$html[$pos] .= $this->startPane($pos) . $results[$pos] . $this->endPane();
}
}
// cache rendering if it's the complete rendering:
if ($position == '') {
$renderedCache[$user->id] = $html;
}
// check if pluginclass has been provided as the tab selected
$tab = strtolower(stripslashes(cbGetParam($_REQUEST, 'tab', null)));
if ($tab && isset($tabsMap[$tab])) {
$_CB_framework->outputCbJQuery("\$( '#cbtabnav" . (int) $tabsMap[$tab] . " > a' ).click();");
}
return $html;
}
/**
* Binds search range mode
*
* @param FieldTable $field
* @param UserTable $searchVals
* @param array $postdata
* @param string $minName
* @param string $maxName
* @param int $list_compare_types IF reason == 'search' : 0 : simple 'is' search, 1 : advanced search with modes, 2 : simple 'any' search
* @return array|string|null
*/
protected function _bindSearchRangeMode(&$field, &$searchVals, &$postdata, $minName, $maxName, $list_compare_types)
{
switch ($list_compare_types) {
case 1:
$value = $this->_bindSearchMode($field, $searchVals, $postdata, 'isisnot', $list_compare_types);
break;
case 2:
case 0:
default:
if (cbGetParam($postdata, $minName) != null || cbGetParam($postdata, $maxName) != null) {
$value = 'is';
} else {
$value = null;
}
break;
}
return $value;
}
/**
* Installs plugin by upload from URL
*
* @return boolean
*/
private function installPluginUpload()
{
global $_FILES;
// Try extending time, as unziping/ftping took already quite some... :
@set_time_limit(240);
_CBsecureAboveForm('showPlugins');
outputCbTemplate(2);
outputCbJs(2);
initToolTip(2);
$installer = new cbInstallerPlugin();
// Check if file uploads are enabled
if (!(bool) ini_get('file_uploads')) {
cbInstaller::showInstallMessage(CBTxt::T('The installer cannot continue before file uploads are enabled. Please use the install from directory method.'), CBTxt::T('Installer - Error'), false);
return false;
}
// Check that the zlib is available
if (!extension_loaded('zlib')) {
cbInstaller::showInstallMessage(CBTxt::T('The installer cannot continue before zlib is installed'), CBTxt::T('Installer - Error'), false);
return false;
}
$userfile = cbGetParam($_FILES, 'uploadfile', null);
if (!$userfile || $userfile == null) {
cbInstaller::showInstallMessage(CBTxt::T('No file selected'), CBTxt::T('Upload new plugin - error'), false);
return false;
}
// $userfile['tmp_name'] = stripslashes( $userfile['tmp_name'] );
// $userfile['name'] = stripslashes( $userfile['name'] );
$msg = '';
$localName = $_FILES['uploadfile']['name'];
$resultdir = $this->uploadFile($_FILES['uploadfile']['tmp_name'], $localName, $msg);
// $localName is updated here
if ($resultdir === false) {
cbInstaller::showInstallMessage($msg, CBTxt::T('UPLOAD_ERROR', 'Upload Error'), false);
return false;
}
if (!$installer->upload($localName)) {
if ($installer->unpackDir()) {
$installer->cleanupInstall($localName, $installer->unpackDir());
}
cbInstaller::showInstallMessage($installer->getError(), CBTxt::T('UPLOAD_FAILED', 'Upload Failed'), false);
return false;
}
$ret = $installer->install();
$installer->cleanupInstall($localName, $installer->unpackDir());
cbInstaller::showInstallMessage($installer->getError(), $ret ? CBTxt::T('UPLOAD_SUCCESS', 'Upload Success') : CBTxt::T('UPLOAD_FAILED', 'Upload Failed'), $ret);
$installer->cleanupInstall($localName, $installer->unpackDir());
return $ret;
}
function edituser($user, $option, $newCBuser, &$postdata)
{
global $_CB_framework, $_PLUGINS;
$results = $_PLUGINS->trigger('onBeforeUserProfileEditDisplay', array(&$user, 2));
if ($_PLUGINS->is_errors()) {
echo "<script type=\"text/javascript\">alert(\"" . str_replace(array("\n", '<br />'), array('\\n', '\\n'), addslashes($_PLUGINS->getErrorMSG())) . "\"); window.history.go(-1); </script>\n";
exit;
}
_CBsecureAboveForm('edituser');
outputCbTemplate(2);
initToolTip(2);
$tabs = new cbTabs($_CB_framework->getUi() == 2 && !isset($_REQUEST['tab']) ? 1 : 0, 2);
// use cookies in backend to remember selected tab.
$tabcontent = $tabs->getEditTabs($user, $postdata);
outputCbJs(2);
global $_CB_Backend_Title;
//OLD: $_CB_Backend_Title = array( 0 => array( 'cbicon-48-users', "Community Builder User: <small>" . ( $user->id ? "Edit" . ' [ '. $user->username .' ]' : "New" ) . '</small>' ) );
//NEW:
$_CB_Backend_Title = array(0 => array('cbicon-48-users', CBTxt::T('Community Builder User') . ": <small>" . ($user->id ? CBTxt::T('Edit') . ' [ ' . $user->username . ' ]' : CBTxt::T('New')) . '</small>'));
ob_start();
if (defined('_CB_VALIDATE_NEW')) {
cbimport('cb.validator');
cbValidator::renderGenericJs();
?>
$('div.cbtoolbaractions .cbtoolbaraction').click( function() {
if ( $(this).attr('href') ) {
var taskVal = $(this).attr('href').substring(1);
} else if ( $(this).attr('value') ) {
taskVal = $(this).attr('value').substring(1);
}
$('#cbcheckedadminForm input[name=task]').val( taskVal );
if (taskVal == 'showusers') {
$('#cbcheckedadminForm')[0].submit();
} else {
$('#cbcheckedadminForm').submit();
}
return false;
} );
<?php
$cbjavascript = ob_get_contents();
ob_end_clean();
$_CB_framework->outputCbJQuery($cbjavascript, array('metadata', 'validate'));
} else {
// old way:
?>
var cbDefaultFieldbackgroundColor;
function cbFrmSubmitButton() {
var me = this.elements;
<?php
$version = checkJversion();
if ($version == 1) {
// var r = new RegExp("^[a-zA-Z](([\.\-a-zA-Z0-9@])?[a-zA-Z0-9]*)*$", "i");
?>
var r = new RegExp("^[\<|\>|\"|\'|\%|\;|\(|\)|\&|\+|\-]*$", "i");
<?php
} elseif ($version == -1) {
?>
var r = new RegExp("[^A-Za-z0-9]", "i");
<?php
} else {
?>
var r = new RegExp("[\<|\>|\"|\'|\%|\;|\(|\)|\&|\+|\-]", "i");
<?php
}
?>
var errorMSG = '';
var iserror=0;
if (cbDefaultFieldbackgroundColor === undefined) cbDefaultFieldbackgroundColor = ((me['username'].style.getPropertyValue) ? me['username'].style.getPropertyValue("backgroundColor") : me['username'].style.backgroundColor);
<?php
echo $tabs->fieldJS;
?>
if (me['username'].value == "") {
errorMSG += "<?php
echo str_replace(array("\n", "\r"), ' ', CBTxt::html_entity_decode(_REGWARN_UNAME));
?>
\n";
me['username'].style.backgroundColor = "red";
iserror=1;
} else if (r.exec(me['username'].value) || (me['username'].value.length < 3)) {
errorMSG += "<?php
echo str_replace(array("\n", "\r"), ' ', sprintf(CBTxt::html_entity_decode(_VALID_AZ09), CBTxt::html_entity_decode(_PROMPT_UNAME), 2));
?>
\n";
me['username'].style.backgroundColor = "red";
iserror=1;
} else if (me['username'].style.backgroundColor.slice(0,3)=="red") {
me['username'].style.backgroundColor = cbDefaultFieldbackgroundColor;
}
if ((me['password'].value != "") && (me['password'].value != me['password__verify'].value)){
errorMSG += "<?php
echo CBTxt::html_entity_decode(_REGWARN_VPASS2);
?>
\n";
me['password'].style.backgroundColor = "red"; me['password__verify'].style.backgroundColor = "red";
iserror=1;
} else {
if (me['password'].style.backgroundColor.slice(0,3)=="red") me['password'].style.backgroundColor = cbDefaultFieldbackgroundColor;
if (me['password__verify'].style.backgroundColor.slice(0,3)=="red") me['password__verify'].style.backgroundColor = cbDefaultFieldbackgroundColor;
}
if (!$('input[name^=\"gid\"],select[name^=\"gid\"]').val()) {
errorMSG += '<?php
echo addslashes(CBTxt::T('You must assign user to a group.'));
?>
' + "\n";
iserror=1;
}
// loop through all input elements in form
var fieldErrorMessages = new Array;
for (var i=0; i < me.length; i++) {
// check if element is mandatory; here mosReq=1
if ( (typeof(me[i].getAttribute('mosReq')) != "undefined") && ( me[i].getAttribute('mosReq') == 1) ) {
if (me[i].type == 'radio' || me[i].type == 'checkbox') {
var rOptions = me[me[i].getAttribute('name')];
var rChecked = 0;
if(rOptions.length > 1) {
for (var r=0; r < rOptions.length; r++) {
if ( (typeof(rOptions[r].getAttribute('mosReq')) != "undefined") && ( rOptions[r].getAttribute('mosReq') == 1) ) {
if (rOptions[r].checked) {
rChecked=1;
}
}
}
} else {
if (me[i].checked) {
rChecked=1;
}
}
if(rChecked==0) {
for (var k=0; k < me.length; k++) {
if (me[i].getAttribute('name') == me[k].getAttribute('name')) {
if (me[k].checked) {
rChecked=1;
break;
}
}
}
}
if(rChecked==0) {
var alreadyFlagged = false;
for (var j = 0, n = fieldErrorMessages.length; j < n; j++) {
if (fieldErrorMessages[j] == me[i].getAttribute('name')) {
alreadyFlagged = true;
break
}
}
if ( ! alreadyFlagged ) {
fieldErrorMessages.push(me[i].getAttribute('name'));
// add up all error messages
errorMSG += me[i].getAttribute('mosLabel') + ' : <?php
echo CBTxt::html_entity_decode(_UE_REQUIRED_ERROR);
?>
\n';
// notify user by changing background color, in this case to red
me[i].style.backgroundColor = "red";
iserror=1;
}
} else if (me[i].style.backgroundColor.slice(0,3)=="red") me[i].style.backgroundColor = cbDefaultFieldbackgroundColor;
}
if (me[i].value == '') {
// add up all error messages
errorMSG += me[i].getAttribute('mosLabel') + ' : <?php
echo CBTxt::html_entity_decode(_UE_REQUIRED_ERROR);
?>
\n';
// notify user by changing background color, in this case to red
me[i].style.backgroundColor = "red";
iserror=1;
} else if (me[i].style.backgroundColor.slice(0,3)=="red") me[i].style.backgroundColor = cbDefaultFieldbackgroundColor;
}
}
if(iserror==1) {
alert(errorMSG);
return false;
} else {
return true;
}
}
$('#cbcheckedadminForm').submit( cbFrmSubmitButton );
$('div.cbtoolbaractions .cbtoolbaraction').click( function() {
if ( $(this).attr('href') ) {
var taskVal = $(this).attr('href').substring(1);
} else if ( $(this).attr('value') ) {
taskVal = $(this).attr('value').substring(1);
}
$('#cbcheckedadminForm input[name=task]').val( taskVal );
if (taskVal == 'showusers') {
$('#userEditTable input').val('');
$('#cbcheckedadminForm')[0].submit();
} else {
$('#cbcheckedadminForm').submit();
}
return false;
} );
<?php
$cbjavascript = ob_get_contents();
ob_end_clean();
$_CB_framework->outputCbJQuery($cbjavascript);
// end of old way
}
if (is_array($results)) {
echo implode('', $results);
}
$this->_overideWebFxLayout();
?>
<div id="cbErrorMessages"></div>
<form action="<?php
echo $_CB_framework->backendUrl('index.php');
?>
" method="post" name="adminForm" id="cbcheckedadminForm" enctype="multipart/form-data" autocomplete="off">
<?php
echo "<table cellspacing='0' cellpadding='4' border='0' width='100%' id='userEditTable'><tr><td width='100%'>\n";
echo $tabcontent;
echo "</td></tr></table>";
?>
<input type="hidden" name="id" value="<?php
echo $user->id;
?>
" />
<input type="hidden" name="newCBuser" value="<?php
echo $newCBuser;
?>
" />
<input type="hidden" name="option" value="<?php
echo $option;
?>
" />
<input type="hidden" name="task" value="save" />
<?php
echo cbGetSpoofInputTag('user');
?>
</form>
<div style="align:center;">
<?php
echo getFieldIcons(2, true, true, "", "", true);
if (isset($_REQUEST['tab'])) {
$_CB_framework->outputCbJQuery("showCBTab( '" . addslashes(urldecode(stripslashes(cbGetParam($_REQUEST, 'tab')))) . "' );");
}
?>
</div>
<?php
}
/** @var CBController_plugin $cbController */
$cbController->pluginMenu($option, $pluginId);
break;
default:
_CBloadController('default');
break;
}
ob_start();
/** @noinspection PhpIncludeInspection */
include $_CB_adminpath . '/comprofiler.toolbar.php';
$toolbars = trim(ob_get_contents());
ob_end_clean();
$_CB_framework->getAllJsPageCodes();
$html = ob_get_contents();
ob_end_clean();
if (in_array($taskPart1, array('fieldclass', 'tabclass', 'pluginclass')) || cbGetParam($_GET, 'no_html', 0) == 1 || cbGetParam($_GET, 'format') == 'raw') {
echo $html;
} else {
echo $_CB_framework->document->outputToHead();
?>
<div class="cbAdminMain cb_template cb_template_<?php
echo selectTemplate('dir');
?>
" style="margin:0; border-width: 0; padding: 0;width: 100% ;text-align: left;">
<div class="cbAdminMainInner" id="cbAdminMainWrapper" style="margin: 0; border-width: 0; padding: 0; float: none; width: auto;">
<?php
if (checkJversion() >= 2 && !checkJversion('j3.0+')) {
/** @noinspection PhpDeprecationInspection */
JSubMenuHelper::addEntry(CBTxt::T('Control Panel'), 'index.php?option=com_comprofiler', $taskPart1 == '');
if (Application::MyUser()->isAuthorizedToPerformActionOnAsset('core.manage', 'com_users')) {
/** @noinspection PhpDeprecationInspection */
function showUsers( $option, $task, $cid ) {
global $_CB_database, $_CB_framework, $_POST, $_PLUGINS, $_CB_TxtIntStore;
$this->_importNeeded();
$limit = (int) $_CB_framework->getCfg( 'list_limit' );
if ( $limit == 0 ) {
$limit = 10;
}
$filter_type = $_CB_framework->getUserStateFromRequest( "filter_type{$option}", 'filter_type', 0 );
$filter_status = $_CB_framework->getUserStateFromRequest( "filter_status{$option}", 'filter_status', 0 );
$filter_logged = intval( $_CB_framework->getUserStateFromRequest( "filter_logged{$option}", 'filter_logged', 0 ) );
$lastCBlist = $_CB_framework->getUserState( "view{$option}lastCBlist", null );
if( $lastCBlist == 'showusers' ) {
if ( $task == 'showusers' ) {
$limit = $_CB_framework->getUserStateFromRequest( "viewlistlimit", 'limit', $limit );
$limitstart = $_CB_framework->getUserStateFromRequest( "view{$option}limitstart", 'limitstart', 0 );
}
$lastSearch = $_CB_framework->getUserState( "search{$option}", null );
$search = $_CB_framework->getUserStateFromRequest( "search{$option}", 'search', '' );
if ( $lastSearch != $search ) {
$limitstart = 0;
$_CB_framework->setUserState( "view{$option}limitstart", $limitstart );
}
$search = stripslashes( trim( ( $_CB_TxtIntStore->_iso != 'UTF-8' ) ? strtolower( $search ) : ( is_callable( 'mb_convert_case' ) ? mb_convert_case( $search, MB_CASE_LOWER, "UTF-8") : utf8_encode(strtolower(utf8_decode( $search ) ) ) ) ) );
} else {
$filter_type = 0;
$filter_status = 0;
$filter_logged = 0;
clearSearchBox();
$search = '';
$limitstart = 0;
$_CB_framework->setUserState( "view{$option}limitstart", $limitstart );
$_CB_framework->setUserState( "view{$option}lastCBlist", "showusers" );
}
if ( $task !== 'showusers' ) {
if ( $task == 'ajaxemailusers' ) {
$limitstart = cbGetParam( $_POST, 'limitstart', 0 );
$limit = cbGetParam( $_POST, 'limit', 0 );
} else {
$limitstart = 0;
if ( $task == 'emailusers' ) {
$limit = 101; // so that first 100 users and more... is displayed.
} else {
$limit = cbGetParam( $_POST, 'limit', 0 );
}
}
}
$tablesSQL = array( 'u' => '#__users AS u' );
$joinsSQL = array( 'ue' => 'LEFT JOIN #__comprofiler AS ue ON u.id = ue.id' );
$tablesWhereSQL = array();
if ( isset( $search ) && ( $search != "") ) {
$tablesWhereSQL[] = "(u.username LIKE '%" . $_CB_database->getEscaped( $search, true ) . "%' OR u.email LIKE '%" . $_CB_database->getEscaped( $search, true ) . "%' OR u.name LIKE '%" . $_CB_database->getEscaped( $search, true ) . "%')";
}
if ( $filter_type ) {
if ( checkJversion() == 2 ) {
$tablesWhereSQL[] = "aro.group_id = " . (int) $filter_type;
} else {
if ( $filter_type == 'Public Frontend' ) {
$tablesWhereSQL[] = "(u.usertype = 'Registered' OR u.usertype = 'Author' OR u.usertype = 'Editor'OR u.usertype = 'Publisher')";
} else if ( $filter_type == 'Public Backend' ) {
$tablesWhereSQL[] = "( u.usertype = 'Manager' OR u.usertype = 'Administrator' OR u.usertype = 'Super Administrator' )";
} else {
$tablesWhereSQL[] = "u.usertype = " . $_CB_database->Quote( $filter_type );
}
}
}
$tBlocked = CBTxt::T('Blocked');
$tEnabled = CBTxt::T('Enabled');
$tUnconfirmed = CBTxt::T('Unconfirmed');
$tConfirmed = CBTxt::T('Confirmed');
$tUnapproved = CBTxt::T('Unapproved');
$tDisapproved = CBTxt::T('Disapproved');
$tApproved = CBTxt::T('Approved');
$tBanned = CBTxt::T('Banned');
$p = ' + ';
$userstates = array(
$tBlocked => 'u.block = 1',
$tEnabled => 'u.block = 0',
$tUnconfirmed => 'ue.confirmed = 0',
$tConfirmed => 'ue.confirmed = 1',
$tUnapproved => 'ue.approved = 0',
$tDisapproved => 'ue.approved = 2',
$tApproved => 'ue.approved = 1',
$tBanned => 'ue.banned <> 0',
$tBlocked . $p . $tUnconfirmed . $p . $tUnapproved => '(u.block = 1 AND ue.confirmed = 0 AND ue.approved = 0)',
$tEnabled . $p . $tUnconfirmed . $p . $tUnapproved => '(u.block = 0 AND ue.confirmed = 0 AND ue.approved = 0)',
$tBlocked . $p . $tConfirmed . $p . $tUnapproved => '(u.block = 1 AND ue.confirmed = 1 AND ue.approved = 0)',
$tEnabled . $p . $tConfirmed . $p . $tUnapproved => '(u.block = 0 AND ue.confirmed = 1 AND ue.approved = 0)',
$tBlocked . $p . $tUnconfirmed . $p . $tDisapproved => '(u.block = 1 AND ue.confirmed = 0 AND ue.approved = 2)',
$tEnabled . $p . $tUnconfirmed . $p . $tDisapproved => '(u.block = 0 AND ue.confirmed = 0 AND ue.approved = 2)',
$tBlocked . $p . $tConfirmed . $p . $tDisapproved => '(u.block = 1 AND ue.confirmed = 1 AND ue.approved = 2)',
$tEnabled . $p . $tConfirmed . $p . $tDisapproved => '(u.block = 0 AND ue.confirmed = 1 AND ue.approved = 2)',
$tBlocked . $p . $tUnconfirmed . $p . $tApproved => '(u.block = 1 AND ue.confirmed = 0 AND ue.approved = 1)',
$tEnabled . $p . $tUnconfirmed . $p . $tApproved => '(u.block = 0 AND ue.confirmed = 0 AND ue.approved = 1)',
$tBlocked . $p . $tConfirmed . $p . $tApproved => '(u.block = 1 AND ue.confirmed = 1 AND ue.approved = 1)',
$tEnabled . $p . $tConfirmed . $p . $tApproved => '(u.block = 0 AND ue.confirmed = 1 AND ue.approved = 1)',
CBTxt::T('Avatar not approved') => "(ue.avatar > '' AND ue.avatarapproved = 0)" );
if ( $filter_status ) {
$tablesWhereSQL[] = $userstates[$filter_status];
}
if ( $filter_logged == 1 ) {
$tablesWhereSQL[] = "s.userid = u.id";
} else if ($filter_logged == 2) {
$tablesWhereSQL[] = "s.userid IS NULL";
}
// exclude any child group id's for this user
//$_CB_framework->acl->_debug = true;
$pgids = $_CB_framework->acl->get_group_children( userGID( $_CB_framework->myId() ), 'ARO', 'RECURSE' );
if ( is_array( $pgids ) && (count( $pgids ) > 0 ) ) {
if ( checkJversion() == 2 ) {
$tablesWhereSQL[] = "( aro.group_id NOT IN ( " . implode( ',', $pgids ) . " ) )";
} else {
$tablesWhereSQL[] = "( u.gid NOT IN ( " . implode( ',', $pgids ) . " ) )";
}
}
// Filter the checkmarked users only:
if ( $task !== 'showusers' ) {
if ( is_array( $cid ) && ( count( $cid ) > 0 ) ) {
cbArrayToInts( $cid );
$tablesWhereSQL[] = "( u.id IN ( " . implode( ',', $cid ) . " ) )";
}
}
// Advanced searches:
$myCbUser =& CBuser::getInstance( $_CB_framework->myId() );
$myUser =& $myCbUser->getUserData();
$tabs = $myCbUser->_getCbTabs(); // new cbTabs( 0, 1 ); //TBD: later: this private method should not be called here, but the whole users-list should go into there and be called here.
$allFields = $tabs->_getTabFieldsDb( null, $myUser, 'adminfulllist' );
foreach ( $allFields as $k => $v ) {
if ( in_array( $v->type, array( 'pm', 'status', 'formatname', 'hidden', 'delimiter', 'userparams' ) ) ) {
unset( $allFields[$k] ); // delimiter, userparams do not have search for now!
}
}
$searchVals = new stdClass();
$list_compare_types = 1; // Advanced: all possibilities (WARNING: can be slow)
$tableReferences = array( '#__comprofiler' => 'ue', '#__users' => 'u' );
$searchesFromFields = $tabs->applySearchableContents( $allFields, $searchVals, $_POST, $list_compare_types );
$whereFields = $searchesFromFields->reduceSqlFormula( $tableReferences, $joinsSQL, TRUE );
if ( $whereFields ) {
$tablesWhereSQL[] = '(' . $whereFields . ')';
}
$searchTabContent = $tabs->getSearchablesContents( $allFields, $myUser, $searchVals, $list_compare_types );
if ($filter_logged == 1 || $filter_logged == 2) {
$joinsSQL[] .= "\n INNER JOIN #__session AS s ON s.userid = u.id";
// } else { done later, to avoid blocking site:
// $joinsSQL[] .= "\n LEFT JOIN #__session AS s ON s.userid = u.id";
}
if ( checkJversion() == 2 ) {
$joinsSQL[] = "INNER JOIN #__user_usergroup_map AS aro ON aro.user_id = u.id"; // map user to aro for selection (and display if no selection)
if ( $filter_type ) {
$joinsSQL[] = "LEFT JOIN #__user_usergroup_map AS arodisplay ON arodisplay.user_id = u.id"; // map user to aro for display of all groups
$joinsSQL[] = "INNER JOIN #__usergroups AS g ON g.id = arodisplay.group_id"; // map aro to group for display group name
} else {
$joinsSQL[] = "INNER JOIN #__usergroups AS g ON g.id = aro.group_id"; // map aro to group
}
}
$_PLUGINS->loadPluginGroup('user');
$_PLUGINS->trigger( 'onBeforeBackendUsersListBuildQuery', array( &$tablesSQL, &$joinsSQL, &$tablesWhereSQL, $option ) );
$queryFrom = "\n FROM " . implode( ', ', $tablesSQL )
. ( count( $joinsSQL ) ? "\n " . implode( "\n ", $joinsSQL ) : '' )
. ( count( $tablesWhereSQL ) ? "\n WHERE " . implode( ' AND ', $tablesWhereSQL ) : '' )
;
// Counting query:
$query = "SELECT COUNT(DISTINCT u.id)"
. $queryFrom
;
$_CB_database->setQuery( $query );
$total = $_CB_database->loadResult();
if ( $total === null ) {
echo $_CB_database->getErrorMsg();
}
if ( $total <= $limitstart ) {
$limitstart = 0;
}
cbimport( 'cb.pagination' );
$pageNav = new cbPageNav( $total, $limitstart, $limit );
if ( checkJversion() == 2 ) {
$grp_name = 'title';
} elseif ( checkJversion() == 1 ) {
$grp_name = 'name';
$joinsSQL[] = "INNER JOIN #__core_acl_aro AS aro ON aro.value = u.id"; // map user to aro
$joinsSQL[] = "INNER JOIN #__core_acl_groups_aro_map AS gm ON gm.aro_id = aro.id"; // map aro to group
$joinsSQL[] = "INNER JOIN #__core_acl_aro_groups AS g ON g.id = gm.group_id";
$tablesWhereSQL[] = "aro.section_value = 'users'";
} else {
$grp_name = 'name';
$joinsSQL[] = "INNER JOIN #__core_acl_aro AS aro ON aro.value = u.id"; // map user to aro
$joinsSQL[] = "INNER JOIN #__core_acl_groups_aro_map AS gm ON gm.aro_id = aro.aro_id"; // map aro to group
$joinsSQL[] = "INNER JOIN #__core_acl_aro_groups AS g ON g.group_id = gm.group_id";
$tablesWhereSQL[] = "aro.section_value = 'users'";
}
$queryFrom = "\n FROM " . implode( ', ', $tablesSQL )
. ( count( $joinsSQL ) ? "\n " . implode( "\n ", $joinsSQL ) : '' )
. ( count( $tablesWhereSQL ) ? "\n WHERE " . implode( ' AND ', $tablesWhereSQL ) : '' )
;
// Main query:
if ( checkJversion() == 2 ) {
$query = "SELECT u.*, GROUP_CONCAT( DISTINCT g.$grp_name ORDER BY g.$grp_name SEPARATOR ', ') AS groupname, ue.approved, ue.confirmed"
. $queryFrom
. ' GROUP BY u.id'
;
} else {
$query = "SELECT DISTINCT u.*, g.$grp_name AS groupname, ue.approved, ue.confirmed"
. $queryFrom
;
}
$_CB_database->setQuery( $query, (int) $pageNav->limitstart, (int) $pageNav->limit );
$rows = $_CB_database->loadObjectList( null, 'moscomprofilerUser', array( &$_CB_database ) );
if ($_CB_database->getErrorNum()) {
echo $_CB_database->stderr();
return false;
}
// creates the CBUsers in cache corresponding to the $users:
foreach ( array_keys( $rows ) as $k) {
// do not do this otherwise substitutions do not work:
// CBuser::setUserGetCBUserInstance( $rows[$k] );
}
$template = 'SELECT COUNT(s.userid) FROM #__session AS s WHERE s.userid = ';
$n = count( $rows );
for ( $i = 0; $i < $n; $i++ ) {
$row = &$rows[$i];
$query = $template . (int) $row->id;
$_CB_database->setQuery( $query );
$row->loggedin = $_CB_database->loadResult();
}
$select_tag_attribs = 'class="inputbox" size="1" onchange="document.adminForm.submit( );"';
$inputTextExtras = '';
if ( $task != 'showusers' ) {
$inputTextExtras = ' disabled="disabled"';
$select_tag_attribs .= $inputTextExtras;
}
// get list of Log Status for dropdown filter
$logged[] = moscomprofilerHTML::makeOption( 0, CBTxt::T('- Select Login State -'));
$logged[] = moscomprofilerHTML::makeOption( 1, CBTxt::T('Logged In'));
$lists['logged'] = moscomprofilerHTML::selectList( $logged, 'filter_logged', $select_tag_attribs, 'value', 'text', "$filter_logged", 2 );
// get list of Groups for dropdown filter
if ( checkJversion() == 2 ) {
$query = "SELECT id AS value, title AS text"
. "\n FROM #__usergroups";
} else {
$query = "SELECT name AS value, name AS text"
. "\n FROM #__core_acl_aro_groups"
. "\n WHERE name != 'ROOT'"
. "\n AND name != 'USERS'";
}
$types[] = moscomprofilerHTML::makeOption( '0', CBTxt::T('- Select Group -') );
$_CB_database->setQuery( $query );
$types = array_merge( $types, $_CB_database->loadObjectList() );
$lists['type'] = moscomprofilerHTML::selectList( $types, 'filter_type', $select_tag_attribs, 'value', 'text', "$filter_type", 2 );
$status[] = moscomprofilerHTML::makeOption( 0, CBTxt::T('- Select User Status -'));
foreach ( array_keys( $userstates ) as $k ) {
$status[] = moscomprofilerHTML::makeOption( $k, $k );
}
$lists['status'] = moscomprofilerHTML::selectList( $status, 'filter_status', $select_tag_attribs, 'value', 'text', "$filter_status", 2 );
$pluginAdditions = $_PLUGINS->trigger( 'onAfterBackendUsersList', array( 1, &$rows, &$pageNav, &$search, &$lists, $option, $select_tag_attribs ) );
$pluginColumns = array();
foreach ( $pluginAdditions as $addition ) {
if ( is_array( $addition ) ) {
$pluginColumns = array_merge( $pluginColumns, $addition );
}
}
if ( $task == 'showusers' ) {
$usersView = _CBloadView( 'users' );
$usersView->showUsers( $rows, $pageNav, $search, $option, $lists, $pluginColumns, $inputTextExtras, $searchTabContent );
} else {
$emailSubject = stripslashes( cbGetParam( $_POST, 'emailsubject', '' ) );
$emailBody = stripslashes( cbGetParam( $_POST, 'emailbody', '', _CB_ALLOWRAW | _CB_NOTRIM ) );
$emailsPerBatch = stripslashes( cbGetParam( $_POST, 'emailsperbatch', 50 ) );
$emailPause = stripslashes( cbGetParam( $_POST, 'emailpause', 30 ) );
$simulationMode = stripslashes( cbGetParam( $_POST, 'simulationmode', '' ) );
if ( count( $cid ) > 0 && count( $cid ) < $total ) {
$total = count( $cid );
}
if ( $task == 'emailusers' ) {
$pluginRows = $_PLUGINS->trigger( 'onBeforeBackendUsersEmailForm', array( &$rows, &$pageNav, &$search, &$lists, &$cid, &$emailSubject, &$emailBody, &$inputTextExtras, &$select_tag_attribs, $simulationMode, $option ) );
$usersView = _CBloadView( 'users' );
$usersView->emailUsers( $rows, $total, $search, $option, $lists, $cid, $inputTextExtras, $searchTabContent, $emailSubject, $emailBody, $emailsPerBatch, $emailPause, $simulationMode, $pluginRows );
} elseif ( $task == 'startemailusers' ) {
$pluginRows = $_PLUGINS->trigger( 'onBeforeBackendUsersEmailStart', array( &$rows, $total, $search, $lists, $cid, &$emailSubject, &$emailBody, &$inputTextExtras, $simulationMode, $option ) );
$usersView = _CBloadView( 'users' );
$usersView->startEmailUsers( $rows, $search, $option, $lists, $cid, $inputTextExtras, $searchTabContent, $emailSubject, $emailBody, $emailsPerBatch, $emailPause, $total, $simulationMode, $pluginRows );
} elseif ( $task == 'ajaxemailusers' ) {
$this->_cbadmin_emailUsers( $rows, $emailSubject, $emailBody, $limitstart, $limit, $total, $simulationMode );
}
}
return true;
}
/**
* Draws Users list (ECHO)
*
* @param int $userId
* @param int $listId
* @param array $postData
* @return void
*/
public function drawUsersList($userId, $listId, $postData)
{
global $_CB_database, $_PLUGINS;
$_PLUGINS->loadPluginGroup('user');
$searchData = cbGetParam($postData, 'search');
$limitstart = (int) cbGetParam($postData, 'limitstart');
$searchMode = (int) cbGetParam($postData, 'searchmode', 0);
$random = (int) cbGetParam($postData, 'rand', 0);
$cbUser = CBuser::getInstance((int) $userId, false);
$user = $cbUser->getUserData();
$search = null;
$input = array();
$publishedLists = array();
$query = 'SELECT *' . "\n FROM " . $_CB_database->NameQuote('#__comprofiler_lists') . "\n WHERE " . $_CB_database->NameQuote('published') . " = 1" . "\n AND " . $_CB_database->NameQuote('viewaccesslevel') . " IN " . $_CB_database->safeArrayOfIntegers(Application::MyUser()->getAuthorisedViewLevels()) . "\n ORDER BY " . $_CB_database->NameQuote('ordering');
$_CB_database->setQuery($query);
/** @var ListTable[] $userLists */
$userLists = $_CB_database->loadObjectList(null, '\\CB\\Database\\Table\\ListTable', array($_CB_database));
if ($userLists) {
foreach ($userLists as $userList) {
$publishedLists[] = moscomprofilerHTML::makeOption((int) $userList->listid, strip_tags($cbUser->replaceUserVars($userList->title, false, false)));
if (!$listId && $userList->default) {
$listId = (int) $userList->listid;
}
}
if (!$listId) {
$listId = (int) $userLists[0]->listid;
}
}
if (!$listId) {
echo CBTxt::Th('UE_NOLISTFOUND', 'There are no published user lists!');
return;
}
if ($userLists) {
$input['plists'] = moscomprofilerHTML::selectList($publishedLists, 'listid', 'class="form-control input-block" onchange="this.form.submit();"', 'value', 'text', (int) $listId, 1);
}
$row = self::getInstance((int) $listId);
if (!$row) {
echo CBTxt::Th('UE_LIST_DOES_NOT_EXIST', 'This list does not exist');
return;
}
if (!$cbUser->authoriseView('userslist', $row->listid)) {
echo CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!');
return;
}
$params = new Registry($row->params);
if ($params->get('hotlink_protection', 0) == 1) {
if ($searchData !== null || $limitstart) {
cbSpoofCheck('userslist', 'GET');
}
}
$limit = (int) $params->get('list_limit', 30);
if (!$limit) {
$limit = 30;
}
if ($params->get('list_paging', 1) != 1) {
$limitstart = 0;
}
$isModerator = Application::MyUser()->isGlobalModerator();
$_PLUGINS->trigger('onStartUsersList', array(&$listId, &$row, &$search, &$limitstart, &$limit));
// Prepare query variables:
$userGroupIds = explode('|*|', $row->usergroupids);
$orderBy = self::getSorting($listId, $userId, $random);
$filterBy = self::getFiltering($listId, $userId);
$columns = self::getColumns($listId, $userId);
// Grab all the fields the $user can access:
$tabs = new cbTabs(0, 1);
$fields = $tabs->_getTabFieldsDb(null, $user, 'list');
// Build the field SQL:
$tableReferences = array('#__comprofiler' => 'ue', '#__users' => 'u');
$searchableFields = array();
$fieldsSQL = cbUsersList::getFieldsSQL($columns, $fields, $tableReferences, $searchableFields, $params);
$_PLUGINS->trigger('onAfterUsersListFieldsSql', array(&$columns, &$fields, &$tableReferences));
// Build the internal joins and where statements best off list parameters:
$tablesSQL = array();
$joinsSQL = array();
$tablesWhereSQL = array();
if ($isModerator) {
if (!$params->get('list_show_blocked', 0)) {
$tablesWhereSQL['block'] = 'u.block = 0';
}
if (!$params->get('list_show_banned', 1)) {
$tablesWhereSQL['banned'] = 'ue.banned = 0';
}
if (!$params->get('list_show_unapproved', 0)) {
$tablesWhereSQL['approved'] = 'ue.approved = 1';
}
if (!$params->get('list_show_unconfirmed', 0)) {
$tablesWhereSQL['confirmed'] = 'ue.confirmed = 1';
}
} else {
$tablesWhereSQL = array('block' => 'u.block = 0', 'approved' => 'ue.approved = 1', 'confirmed' => 'ue.confirmed = 1', 'banned' => 'ue.banned = 0');
}
$joinsSQL[] = 'JOIN #__user_usergroup_map g ON g.`user_id` = u.`id`';
if ($userGroupIds) {
$tablesWhereSQL['gid'] = 'g.group_id IN ' . $_CB_database->safeArrayOfIntegers($userGroupIds);
}
foreach ($tableReferences as $table => $name) {
if ($name == 'u') {
$tablesSQL[] = $table . ' ' . $name;
} else {
$joinsSQL[] = 'JOIN ' . $table . ' ' . $name . ' ON ' . $name . '.`id` = u.`id`';
}
}
// Build the search criteria:
$searchValues = new stdClass();
$searchesFromFields = $tabs->applySearchableContents($searchableFields, $searchValues, $postData, $params->get('list_compare_types', 0));
$whereFields = $searchesFromFields->reduceSqlFormula($tableReferences, $joinsSQL, true);
if ($whereFields) {
$tablesWhereSQL[] = '(' . $whereFields . ')';
}
$_PLUGINS->trigger('onBeforeUsersListBuildQuery', array(&$tablesSQL, &$joinsSQL, &$tablesWhereSQL));
// Construct the FROM and WHERE for the userlist query:
$queryFrom = "FROM " . implode(', ', $tablesSQL) . (count($joinsSQL) ? "\n " . implode("\n ", $joinsSQL) : '') . "\n WHERE " . implode("\n AND ", $tablesWhereSQL) . " " . $filterBy;
$_PLUGINS->trigger('onBeforeUsersListQuery', array(&$queryFrom, 1, $listId));
// $ui = 1 (frontend)
$errorMsg = null;
// Checks if the list is being actively searched and it allows searching; otherwise reset back to normal:
$searchCount = count(get_object_vars($searchValues));
if ($params->get('list_search', 1) > 0 && $params->get('list_search_empty', 0) && !$searchCount) {
$searchMode = 1;
$listAll = false;
} else {
$listAll = $searchCount ? true : false;
}
if ($searchMode == 0 || $searchMode == 1 && $searchCount || $searchMode == 2) {
// Prepare the userlist count query for pagination:
$_CB_database->setQuery("SELECT COUNT( DISTINCT u.id ) " . $queryFrom);
$total = $_CB_database->loadResult();
if ($limit > $total || $limitstart >= $total) {
$limitstart = 0;
}
// Prepare the actual userlist query to build a list of users:
$query = "SELECT DISTINCT ue.*, u.*, '' AS 'NA' " . ($fieldsSQL ? ", " . $fieldsSQL . " " : '') . $queryFrom . " " . $orderBy;
$_CB_database->setQuery($query, (int) $limitstart, (int) $limit);
/** @var UserTable[] $users */
$users = $_CB_database->loadObjectList(null, '\\CB\\Database\\Table\\UserTable', array($_CB_database));
if (!$_CB_database->getErrorNum()) {
$profileLink = $params->get('allow_profilelink', 1);
// If users exist lets cache them and disable profile linking if necessary:
if ($users) {
foreach (array_keys($users) as $k) {
// Add this user to cache:
CBuser::setUserGetCBUserInstance($users[$k]);
if (!$profileLink) {
$users[$k]->set('_allowProfileLink', 0);
}
}
}
} else {
$errorMsg = CBTxt::T('UE_ERROR_IN_QUERY_TURN_SITE_DEBUG_ON_TO_VIEW', 'There is an error in the database query. Site admin can turn site debug to on to view and fix the query.');
}
if ($searchCount) {
$search = '';
} else {
$search = null;
}
if ($search === null && ($searchMode == 1 && $searchCount || $searchMode == 2)) {
$search = '';
}
} else {
$total = 0;
$users = array();
if ($search === null) {
$search = '';
}
}
$pageNav = new cbPageNav($total, $limitstart, $limit);
HTML_comprofiler::usersList($row, $users, $columns, $fields, $input, $search, $searchMode, $pageNav, $user, $searchableFields, $searchValues, $tabs, $errorMsg, $listAll, $random);
}
