public static function social_network_profile_update($network, $network_user_id, $extra = '', $data = array())
{
global $DB;
global $webuser;
global $website;
if (is_array($extra)) {
$extra = serialize($extra);
}
// the profile exists?
$swuser = $DB->query_single('webuser', 'nv_webuser_profiles', ' network = ' . protect($network) . ' AND ' . ' network_user_id = ' . protect($network_user_id));
// the webuser already exists/is logged in?
$wuser = new webuser();
if (!empty($webuser->id)) {
// an existing webuser is already signed in, but we don't have his/her social profile
if (empty($swuser)) {
$DB->execute('
INSERT nv_webuser_profiles
(id, network, network_user_id, webuser, extra)
VALUES
( 0, :network, :network_user_id, :webuser, :extra )', array('network' => $network, 'network_user_id' => $network_user_id, 'webuser' => $webuser->id, 'extra' => $extra));
}
$wuser->load($webuser->id);
} else {
// there is no webuser logged in
if (empty($swuser)) {
// and we don't have any social profile that matches the one used to sign in
// Ex. Signed in with Facebook without having a previous webuser account in the current website
$wuser->website = $website->id;
$wuser->joindate = core_time();
$wuser->lastseen = core_time();
$wuser->access = 0;
$wuser->insert();
$DB->execute('
INSERT nv_webuser_profiles
(id, network, network_user_id, webuser, extra)
VALUES
( 0, :network, :network_user_id, :webuser, :extra )', array('network' => $network, 'network_user_id' => $network_user_id, 'webuser' => $wuser->id, 'extra' => $extra));
} else {
// BUT we have a social profile matching a previous webuser in database
// Ex. Signed in with Facebook having a webuser account previously
$wuser->load($swuser);
}
}
// either way, now we have a webuser account that we need to update
foreach ($data as $field => $value) {
$wuser->{$field} = $value;
}
$wuser->update();
return $wuser->id;
}
function nvweb_webuser($vars = array())
{
global $website;
global $theme;
global $current;
global $webgets;
global $webuser;
global $DB;
$webget = "webuser";
if (!isset($webgets[$webget])) {
$webgets[$webget] = array();
global $lang;
if (empty($lang)) {
$lang = new language();
$lang->load($current['lang']);
}
// default translations
$webgets[$webget]['translations'] = array('login_incorrect' => t(4, 'Login incorrect.'), 'subscribed_ok' => t(541, 'Your email has been successfully subscribed to the newsletter.'), 'subscribe_error' => t(542, 'There was a problem subscribing your email to the newsletter.'), 'email_confirmation' => t(454, "An e-mail with a confirmation link has been sent to your e-mail account."), 'click_to_confirm_account' => t(607, "Click on the link below to confirm your account"), 'email_confirmation_notice' => t(608, "This is an automated e-mail sent as a result of a newsletter subscription request. If you received this e-mail by error just ignore it."), 'forgot_password_success' => t(648, "An e-mail with a temporary password has been sent to your e-mail account."), 'forgot_password_error' => t(446, "We're sorry. Your contact request could not be sent. Please try again or find another way to contact us."));
// theme translations
// if the web theme has custom translations for this string subtypes, use it (for the user selected language)
/* just add the following translations to your json theme dictionary:
"login_incorrect": "Login incorrect.",
"subscribed_ok": "Your email has been successfully subscribed to the newsletter.",
"subscribe_error": "There was a problem subscribing your email to the newsletter.",
"email_confirmation": "An e-mail with a confirmation link has been sent to your e-mail account.",
"click_to_confirm_account": "Click on the link below to confirm your account",
"email_confirmation_notice": "This is an automated e-mail sent as a result of a newsletter subscription request. If you received this e-mail by error just ignore it."
"forgot_password_success": "An e-mail with a temporary password has been sent to your e-mail account.",
"forgot_password_error": "We're sorry. Your contact request could not be sent. Please try again or find another way to contact us."
*/
if (!empty($website->theme) && method_exists($theme, 't')) {
foreach ($webgets[$webget]['translations'] as $code => $text) {
$theme_translation = $theme->t($code);
if (!empty($theme_translation) && $code != $theme_translation) {
$webgets[$webget]['translations'][$code] = $theme_translation;
}
}
}
}
$out = '';
switch ($vars['mode']) {
case 'id':
if (!empty($webuser->id)) {
$out = $webuser->id;
}
break;
case 'username':
if (!empty($webuser->username)) {
$out = $webuser->username;
}
break;
case 'fullname':
if (!empty($webuser->fullname)) {
$out = $webuser->fullname;
}
break;
case 'gender':
if (!empty($webuser->gender)) {
$out = $webuser->gender;
}
break;
case 'newsletter':
$out = $webuser->newsletter;
break;
case 'email':
if (!empty($webuser->email)) {
$out = $webuser->email;
}
break;
case 'authenticate':
$webuser_website = $vars['website'];
if (empty($webuser_website)) {
$webuser_website = $website->id;
}
$signin_username = $_REQUEST[empty($vars['username_field']) ? 'signin_username' : $vars['username_field']];
$signin_password = $_REQUEST[empty($vars['password_field']) ? 'signin_password' : $vars['password_field']];
// a page may have several forms, which one do we have to check?
if (!empty($vars['form'])) {
list($field_name, $field_value) = explode('=', $vars['form']);
if ($_POST[$field_name] != $field_value) {
return;
}
}
// ignore empty (or partial empty) forms
if (!empty($signin_username) && !empty($signin_password)) {
$signed_in = $webuser->authenticate($webuser_website, $signin_username, $signin_password);
if (!$signed_in) {
$message = $webgets[$webget]['translations']['login_incorrect'];
if (empty($vars['notify'])) {
$vars['notify'] = 'inline';
}
switch ($vars['notify']) {
case 'alert':
nvweb_after_body('js', 'alert("' . $message . '");');
break;
case 'inline':
$out = '<div class="nvweb-signin-form-error">' . $message . '</div>';
break;
// javascript callback
// javascript callback
default:
nvweb_after_body('js', $vars['error_callback'] . '("' . $message . '");');
break;
}
} else {
$webuser->set_cookie();
if (!empty($vars['notify'])) {
if ($vars['notify'] == 'callback') {
nvweb_after_body('js', $vars['callback'] . '(true);');
}
}
}
}
break;
case 'signout_link':
$out = NVWEB_ABSOLUTE . $website->homepage() . '?webuser_signout';
break;
case 'forgot_password':
// pre checks: correct form, not spambot, email not empty and valid
// load the associated user account
// create temporary password and send email
// TODO: don't change the password, just generate a link and let the user enter their preferred new password
// a page may have several forms, which one do we have to check?
if (!empty($vars['form'])) {
list($field_name, $field_value) = explode('=', $vars['form']);
if ($_POST[$field_name] != $field_value) {
return;
}
}
// check if this send request really comes from the website and not from a spambot
if (parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) != $website->subdomain . '.' . $website->domain && parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) != $website->domain) {
return;
}
if (empty($vars['email_field'])) {
$vars['email_field'] = 'newsletter_email';
}
$email = $_REQUEST[$vars['email_field']];
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
if (!empty($vars['email_field']) && !empty($email)) {
$ok = false;
if (filter_var($email, FILTER_VALIDATE_EMAIL) !== FALSE) {
$wu_id = $DB->query_single('id', 'nv_webusers', ' email = ' . protect($email) . '
AND website = ' . $website->id);
$wu = new webuser();
if (!empty($wu_id)) {
$wu->load($wu_id);
if ($wu->access == 0 || $wu->access == 2 && ($wu->access_begin == 0 || time() > $wu->access_begin) && ($wu->access_end == 0 || time() < $wu->access_end)) {
// generate new password
$password = generate_password(8, false, 'luds');
$wu->set_password($password);
$ok = $wu->save();
// send a message to communicate the new webuser's email
$message = navigate_compose_email(array(array('title' => $website->name, 'content' => t(451, "This is an automated e-mail sent as a result of a password request process. If you received this e-mail by error just ignore it.")), array('title' => t(1, "User"), 'content' => $wu->username), array('title' => t(2, "Password"), 'content' => $password), array('footer' => '<a href="' . $website->absolute_path() . $website->homepage() . '">' . $website->name . '</a>')));
@nvweb_send_email($website->name, $message, $wu->email);
}
}
}
if ($ok) {
$message = $webgets[$webget]['translations']['forgot_password_success'];
} else {
$message = $webgets[$webget]['translations']['forgot_password_error'];
}
if (empty($vars['notify'])) {
$vars['notify'] = 'inline';
}
switch ($vars['notify']) {
case 'alert':
nvweb_after_body('js', 'alert("' . $message . '");');
break;
case 'inline':
if ($ok) {
$out = '<div class="nvweb-forgot-password-form-success">' . $message . '</div>';
} else {
$out = '<div class="nvweb-forgot-password-form-error">' . $message . '</div>';
}
break;
case 'boolean':
$out = $ok;
break;
case 'false':
break;
// javascript callback
// javascript callback
case 'callback':
default:
if ($ok) {
nvweb_after_body('js', $vars['callback'] . '("' . $message . '");');
} else {
if (!empty($vars['error_callback'])) {
nvweb_after_body('js', $vars['error_callback'] . '("' . $message . '");');
} else {
nvweb_after_body('js', $vars['callback'] . '("' . $message . '");');
}
}
break;
}
}
break;
case 'signup':
// TODO
// pre checks: correct form, not spambot, email not empty and valid
// get the profile data from the form
// more checks: password strength & confirmation, etc.
// save the new webuser account
// prepare account confirmation (unless not required by webget attributes)
// leave the account blocked
// generate an activation key
// send confirmation email
// if no account confirmation is required, auto login
break;
case 'avatar':
$size = '48';
$extra = '';
if (!empty($vars['size'])) {
$size = intval($vars['size']);
}
if (!empty($vars['border'])) {
$extra .= '&border=' . $vars['border'];
}
if (!empty($webuser->avatar)) {
$out = '<img class="' . $vars['class'] . '" src="' . NVWEB_OBJECT . '?type=image' . $extra . '&id=' . $webuser->avatar . '" width="' . $size . 'px" height="' . $size . 'px"/>';
} else {
if (!empty($vars['default'])) {
// the comment creator has not an avatar, but the template wants to show a default one
// 3 cases:
// numerical -> ID of the avatar image file in Navigate CMS
// absolute path (http://www...)
// relative path (/img/avatar.png) -> path to the avatar file included in the THEME used
if (is_numeric($vars['default'])) {
$out = '<img class="' . $vars['class'] . '" src="' . NVWEB_OBJECT . '?type=image' . $extra . '&id=' . $vars['default'] . '" width="' . $size . 'px" height="' . $size . 'px"/>';
} else {
if (strpos($vars['default'], 'http://') === 0) {
$out = '<img class="' . $vars['class'] . '" src="' . $vars['default'] . '" width="' . $size . 'px" height="' . $size . 'px"/>';
} else {
if ($vars['default'] == 'none') {
$out = '';
} else {
$out = '<img class="' . $vars['class'] . '"src="' . NAVIGATE_URL . '/themes/' . $website->theme . '/' . $vars['default'] . '" width="' . $size . 'px" height="' . $size . 'px"/>';
}
}
}
} else {
$gravatar_hash = "";
$gravatar_default = 'blank';
if (!empty($vars['gravatar_default'])) {
$gravatar_default = $vars['gravatar_default'];
}
if (!empty($webuser->email)) {
$gravatar_hash = md5(strtolower(trim($webuser->email)));
}
if (!empty($gravatar_hash) && $gravatar_default != 'none') {
// gravatar real url: https://www.gravatar.com/avatar/
// we use libravatar to get more userbase
$gravatar_url = 'https://seccdn.libravatar.org/avatar/' . $gravatar_hash . '?s=' . $size . '&d=' . $gravatar_default;
$out = '<img class="' . $vars['class'] . '" src="' . $gravatar_url . '" width="' . $size . 'px" height="' . $size . 'px"/>';
} else {
$out = '<img class="' . $vars['class'] . '" src="data:image/gif;base64,R0lGODlhAQABAPAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==" width="' . $size . 'px" height="' . $size . 'px"/>';
}
}
}
break;
case 'newsletter_subscribe':
// a page may have several forms, which one do we have to check?
if (!empty($vars['form'])) {
list($field_name, $field_value) = explode('=', $vars['form']);
if ($_POST[$field_name] != $field_value) {
return;
}
}
// check if this send request really comes from the website and not from a spambot
if (parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) != $website->subdomain . '.' . $website->domain && parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) != $website->domain) {
return;
}
if (empty($vars['email_field'])) {
$vars['email_field'] = 'newsletter_email';
}
$email = $_REQUEST[$vars['email_field']];
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
if (!empty($vars['email_field']) && !empty($email)) {
$ok = false;
if (filter_var($email, FILTER_VALIDATE_EMAIL) !== FALSE) {
$wu_id = $DB->query_single('id', 'nv_webusers', ' email = ' . protect($email) . '
AND website = ' . $website->id);
$wu = new webuser();
if (!empty($wu_id)) {
$wu->load($wu_id);
if ($wu->access == 0 || $wu->access == 2 && ($wu->access_begin == 0 || time() > $wu->access_begin) && ($wu->access_end == 0 || time() < $wu->access_end)) {
$wu->newsletter = 1;
$ok = $wu->save();
}
}
if (empty($wu_id) || $wu->access == 1 && !empty($wu->activation_key)) {
// create a new webuser account with that email
$username = strtolower(substr($email, 0, strpos($email, '@')));
// left part of the email
if (!empty($username) && !in_array($username, array('info', 'admin', 'contact', 'demo', 'test'))) {
// check if the proposed username already exists,
// in that case use the full email as username
// ** if the email already exists, the subscribe process only updates the newsletter setting!
$wu_id = $DB->query_single('id', 'nv_webusers', ' username = '******'
AND website = ' . $website->id);
}
if (!empty($wu_id)) {
// oops, user already exists... try another username -- the full email address
$wu_id = $DB->query_single('id', 'nv_webusers', ' username = '******'
AND website = ' . $website->id);
if (empty($wu_id)) {
// ok, email is a new username
$username = $email;
} else {
// nope, email is already used (this code should never execute **)
$username = uniqid($username . '-');
}
} else {
// new sign up
$wu->id = 0;
$wu->website = $website->id;
$wu->email = $email;
$wu->newsletter = 1;
$wu->language = $current['lang'];
// infer the webuser language by the active website language
$wu->username = $username;
$wu->access = 1;
// user is blocked until the server recieves an email confirmation
}
$wu->activation_key = md5($wu->email . rand(1, 9999999));
$ok = $wu->save();
// send a message to verify the new user's email
$email_confirmation_link = $website->absolute_path() . '/nv.webuser/verify?email=' . $wu->email . '&hash=' . $wu->activation_key;
$message = navigate_compose_email(array(array('title' => $website->name, 'content' => $webgets[$webget]['translations']['click_to_confirm_account'] . '<br />' . '<a href="' . $email_confirmation_link . '">' . $email_confirmation_link . '</a>'), array('footer' => $webgets[$webget]['translations']['email_confirmation_notice'] . '<br />' . '<a href="' . $website->absolute_path() . $website->homepage() . '">' . $website->name . '</a>')));
@nvweb_send_email($website->name, $message, $wu->email);
$pending_confirmation = true;
}
}
$message = $webgets[$webget]['translations']['subscribe_error'];
if ($pending_confirmation) {
$message = $webgets[$webget]['translations']['email_confirmation'];
} else {
if ($ok) {
$message = $webgets[$webget]['translations']['subscribed_ok'];
}
}
if (empty($vars['notify'])) {
$vars['notify'] = 'inline';
}
switch ($vars['notify']) {
case 'alert':
nvweb_after_body('js', 'alert("' . $message . '");');
break;
case 'inline':
if ($ok) {
$out = '<div class="nvweb-newsletter-form-success">' . $message . '</div>';
} else {
$out = '<div class="nvweb-newsletter-form-error">' . $message . '</div>';
}
break;
case 'boolean':
$out = $ok;
break;
case 'false':
break;
// javascript callback
// javascript callback
case 'callback':
default:
if ($ok) {
nvweb_after_body('js', $vars['callback'] . '("' . $message . '");');
} else {
if (!empty($vars['error_callback'])) {
nvweb_after_body('js', $vars['error_callback'] . '("' . $message . '");');
} else {
nvweb_after_body('js', $vars['callback'] . '("' . $message . '");');
}
}
break;
}
}
break;
}
return $out;
}
public function load_from_webuser($property_id, $webuser_id = null)
{
global $website;
global $theme;
global $webuser;
$wu = $webuser;
if (!empty($webuser_id)) {
$wu = new webuser();
$wu->load($webuser_id);
}
$ws = $website;
$ws_theme = $theme;
if ($wu->website != $website->id) {
$ws = new website();
$ws->load($wu->website);
$ws_theme = new theme();
$ws_theme->load($ws->theme);
}
if (empty($ws_theme->webusers['properties'])) {
$ws_theme->webusers['properties'] = array();
}
foreach ($ws_theme->webusers['properties'] as $to) {
if ($to->id == $property_id || $to->name == $property_id) {
$webuser_option = $to;
$webuser_option->element = 'webuser';
break;
}
}
$this->id = $webuser_option->id;
$this->website = $ws->id;
$this->element = $webuser_option->element;
$this->template = '';
$this->name = $webuser_option->name;
$this->type = $webuser_option->type;
$this->options = (array) $webuser_option->options;
$this->dvalue = $webuser_option->dvalue;
// default value
$this->width = $webuser_option->width;
$this->multilanguage = $webuser_option->multilanguage;
$this->helper = $webuser_option->helper;
$this->function = $webuser_option->function;
$this->conditional = $webuser_option->conditional;
$this->position = 0;
$this->enabled = 1;
// decimal format extra fields
$this->precision = $webuser_option->precision;
$this->prefix = $webuser_option->prefix;
$this->suffix = $webuser_option->suffix;
if (substr($this->name, 0, 1) == '@') {
// get translation from theme dictionary
$this->name = $ws_theme->t(substr($this->name, 1));
}
if (substr($this->helper, 0, 1) == '@') {
$this->helper = $ws_theme->t(substr($this->helper, 1));
}
$values = property::load_properties_associative('webuser', '', 'webuser', $wu->id);
$this->value = $values[$this->id];
if (is_null($this->value) && !empty($this->dvalue)) {
$this->value = $this->dvalue;
}
if (is_object($this->value)) {
$this->value = (array) $this->value;
}
}
function run()
{
global $user;
global $layout;
global $DB;
global $website;
$out = '';
$item = new webuser();
switch ($_REQUEST['act']) {
// json data retrieval & operations
case 'json':
case 1:
switch ($_REQUEST['oper']) {
case 'del':
// remove rows
$ids = $_REQUEST['ids'];
foreach ($ids as $id) {
$item->load($id);
$item->delete();
}
echo json_encode(true);
break;
default:
// list or search
$page = intval($_REQUEST['page']);
$max = intval($_REQUEST['rows']);
$offset = ($page - 1) * $max;
$orderby = $_REQUEST['sidx'] . ' ' . $_REQUEST['sord'];
$where = ' website = ' . $website->id;
if ($_REQUEST['_search'] == 'true' || isset($_REQUEST['quicksearch'])) {
if (isset($_REQUEST['quicksearch'])) {
$where .= $item->quicksearch($_REQUEST['quicksearch']);
} else {
if (isset($_REQUEST['filters'])) {
$filters = $_REQUEST['filters'];
if (is_array($filters)) {
$filters = json_encode($filters);
}
$where .= navitable::jqgridsearch($filters);
} else {
// single search
$where .= ' AND ' . navitable::jqgridcompare($_REQUEST['searchField'], $_REQUEST['searchOper'], $_REQUEST['searchString']);
}
}
}
$DB->queryLimit('id,avatar,username,email,fullname,groups,joindate,access,access_begin,access_end', 'nv_webusers', $where, $orderby, $offset, $max);
$dataset = $DB->result();
$total = $DB->foundRows();
$dataset = grid_notes::summary($dataset, 'webuser', 'id');
global $webusers_groups_all;
$webusers_groups_all = webuser_group::all_in_array();
//echo $DB->get_last_error();
$out = array();
for ($i = 0; $i < count($dataset); $i++) {
$wug = str_replace('g', '', $dataset[$i]['groups']);
$wug = explode(',', $wug);
$wug = array_map(function ($in) {
global $webusers_groups_all;
if (empty($in)) {
return;
}
return $webusers_groups_all[$in];
}, $wug);
$blocked = 1;
if ($dataset[$i]['access'] == 0 || $dataset[$i]['access'] == 2 && ($dataset[$i]['access_begin'] == 0 || $dataset[$i]['access_begin'] < time()) && ($dataset[$i]['access_end'] == 0 || $dataset[$i]['access_end'] > time())) {
$blocked = 0;
}
$out[$i] = array(0 => $dataset[$i]['id'], 1 => empty($dataset[$i]['avatar']) ? '' : '<img title="' . $dataset[$i]['username'] . '" src="' . NAVIGATE_DOWNLOAD . '?wid=' . $website->id . '&id=' . urlencode($dataset[$i]['avatar']) . '&disposition=inline&width=32&height=32" />', 2 => '<div class="list-row" data-blocked="' . $blocked . '" title="' . $dataset[$i]['email'] . '">' . $dataset[$i]['username'] . '</div>', 3 => $dataset[$i]['fullname'], 4 => implode("<br />", $wug), 5 => core_ts2date($dataset[$i]['joindate'], true), 6 => $blocked == 0 ? '<img src="img/icons/silk/accept.png" />' : '<img src="img/icons/silk/cancel.png" />', 7 => $dataset[$i]['_grid_notes_html']);
}
navitable::jqgridJson($out, $page, $offset, $max, $total);
break;
}
session_write_close();
exit;
break;
case 2:
// edit/new form
// edit/new form
case 'create':
case 'edit':
if (!empty($_REQUEST['id'])) {
$item->load(intval($_REQUEST['id']));
}
if (isset($_REQUEST['form-sent'])) {
$item->load_from_post();
try {
$item->save();
property::save_properties_from_post('webuser', $item->id);
$layout->navigate_notification(t(53, "Data saved successfully."), false, false, 'fa fa-check');
} catch (Exception $e) {
$layout->navigate_notification($e->getMessage(), true, true);
}
if (!empty($item->id)) {
users_log::action($_REQUEST['fid'], $item->id, 'save', $item->username, json_encode($_REQUEST));
}
} else {
if (!empty($item->id)) {
users_log::action($_REQUEST['fid'], $item->id, 'load', $item->username);
}
}
$out = webusers_form($item);
break;
case 4:
// remove
// remove
case 'remove':
if (!empty($_REQUEST['id'])) {
$item->load(intval($_REQUEST['id']));
if ($item->delete() > 0) {
$layout->navigate_notification(t(55, 'Item removed successfully.'), false);
$out = webusers_list();
users_log::action($_REQUEST['fid'], $item->id, 'remove', $item->username, json_encode($_REQUEST));
} else {
$layout->navigate_notification(t(56, 'Unexpected error.'), false);
$out = webusers_form($item);
}
}
break;
case 90:
// json request: timezones by country
$timezones = property::timezones($_REQUEST['country']);
if (empty($timezones)) {
$timezones = property::timezones();
}
echo json_encode($timezones);
core_terminate();
break;
case 'export':
// export web users list to a CSV file
users_log::action($_REQUEST['fid'], 0, 'export', "all", json_encode($_REQUEST));
webuser::export();
break;
case 'webuser_groups_list':
$out = webuser_groups_list();
break;
case 'webuser_groups_json':
$page = intval($_REQUEST['page']);
$max = intval($_REQUEST['rows']);
$offset = ($page - 1) * $max;
$rs = webuser_group::all($_REQUEST['sidx'], $_REQUEST['sord']);
$dataset = array();
foreach ($rs as $row) {
$dataset[] = array('id' => $row->id, 'code' => $row->code, 'name' => $row->name);
}
$total = count($dataset);
navitable::jqgridJson($dataset, $page, $offset, $max, $total, 'id');
session_write_close();
exit;
break;
case 'webuser_group_edit':
$webuser_group = new webuser_group();
if (!empty($_REQUEST['id'])) {
$webuser_group->load(intval($_REQUEST['id']));
}
if (isset($_REQUEST['form-sent'])) {
$webuser_group->load_from_post();
try {
$ok = $webuser_group->save();
$layout->navigate_notification(t(53, "Data saved successfully."), false, false, 'fa fa-check');
users_log::action($_REQUEST['fid'], $webuser_group->id, 'save_webuser_group', $webuser_group->name, json_encode($_REQUEST));
} catch (Exception $e) {
$layout->navigate_notification($e->getMessage(), true, true);
}
} else {
users_log::action($_REQUEST['fid'], $webuser_group->id, 'load_webuser_group', $webuser_group->name, json_encode($_REQUEST));
}
$out = webuser_groups_form($webuser_group);
break;
case 'webuser_group_delete':
$webuser_group = new webuser_group();
if (!empty($_REQUEST['id'])) {
$webuser_group->load(intval($_REQUEST['id']));
}
try {
$webuser_group->delete();
$layout->navigate_notification(t(55, 'Item removed successfully.'), false);
$out = webuser_groups_list();
users_log::action($_REQUEST['fid'], $webuser_group->id, 'remove_webuser_group', $webuser_group->name, json_encode($_REQUEST));
} catch (Exception $e) {
$out = $layout->navigate_message("error", t(24, 'Web users') . ' / ' . t(506, 'Groups'), t(56, 'Unexpected error.'));
}
break;
case 0:
// list / search result
// list / search result
case 'list':
default:
$out = webusers_list();
break;
}
return $out;
}
public function author_name()
{
if (!empty($this->user)) {
$w = new webuser();
$w->load($this->user);
return $w->username;
} else {
return $this->name;
}
}
if (!empty($force_language)) {
$session['lang'] = $force_language;
} else {
if (isset($_REQUEST['lang'])) {
$session['lang'] = $_REQUEST['lang'];
}
}
// load dictionary, extensions and bind events (as soon as possible)
$dictionary = nvweb_dictionary_load();
// global data across webgets
$current = array('lang' => $session['lang'], 'route' => $route, 'object' => '', 'template' => '', 'category' => '', 'webuser' => '', 'plugins' => '', 'plugins_called' => '', 'delayed_nvlists' => array(), 'delayed_nvsearches' => array(), 'delayed_tags_pre' => array(), 'delayed_tags_code' => array(), 'navigate_session' => !empty($_SESSION['APP_USER#' . APP_UNIQUE]), 'html_after_body' => array(), 'js_after_body' => array());
nvweb_plugins_load();
$current['plugins'] = $plugins;
$events->extension_backend_bindings(null, true);
if (!empty($session['webuser'])) {
$webuser->load($session['webuser']);
} else {
if (!empty($_COOKIE["webuser"])) {
$webuser->load_by_hash($_COOKIE['webuser']);
}
}
// if the webuser was removed, it doesn't exist anymore,
// $session/$_COOKIE may have obsolete data, force a log out
// also check date range access
if (empty($webuser->id) && (!empty($session['webuser']) || !empty($_COOKIE['webuser'])) || !$webuser->access_allowed()) {
$webuser->unset_cookie();
unset($webuser);
$webuser = new webuser();
}
if (!empty($webuser->id)) {
$webuser->lastseen = core_time();
function nvweb_list_parse_tag($tag, $item, $source = 'item', $item_relative_position, $item_absolute_position, $total)
{
global $current;
global $website;
global $structure;
global $DB;
$out = '';
switch ($tag['attributes']['source']) {
// special condition, return direct query result values
case 'query':
$out = $item->_query->{$tag}['attributes']['value'];
break;
// special: return element position in list
// special: return element position in list
case 'position':
$position = $item_relative_position;
if ($tag['attributes']['absolute'] == 'true') {
$position = $item_absolute_position;
}
switch ($tag['attributes']['type']) {
case 'alphabetic':
$out = number2alphabet($position);
break;
case 'numeric':
default:
$out = $position + 1;
// first element is 1, but in list is zero
break;
}
break;
// NOTE: the following refers to structure information of an ITEM, useless if the source are categories!
// NOTE: the following refers to structure information of an ITEM, useless if the source are categories!
case 'structure':
case 'category':
nvweb_menu_load_dictionary();
// load menu translations if not already done
nvweb_menu_load_routes();
// load menu paths if not already done
switch ($tag['attributes']['value']) {
case 'title':
if ($source == 'structure' || $source == 'category') {
$out = $structure['dictionary'][$item->id];
} else {
$out = $structure['dictionary'][$item->category];
}
if (!empty($tag['attributes']['length'])) {
$out = core_string_cut($out, $tag['attributes']['length'], '…');
}
break;
case 'slug':
if ($source == 'structure' || $source == 'category') {
$out = $structure['dictionary'][$item->id];
} else {
$out = $structure['dictionary'][$item->category];
}
// remove spaces, special chars, etc.
$out = core_string_clean($out);
$out = slug($out);
break;
case 'property':
$id = $item->id;
if ($source != 'structure' && $source != 'category') {
$id = $item->category;
}
$nvweb_properties_parameters = array_replace($tag['attributes'], array('mode' => !isset($tag['attributes']['mode']) ? 'structure' : $tag['attributes']['mode'], 'id' => $id, 'property' => !empty($tag['attributes']['property']) ? $tag['attributes']['property'] : $tag['attributes']['name']));
$out = nvweb_properties($nvweb_properties_parameters);
break;
case 'url':
case 'path':
if ($source == 'structure' || $source == 'category') {
$out = $structure['routes'][$item->id];
} else {
$out = $structure['routes'][$item->category];
}
$out = nvweb_prepare_link($out);
break;
case 'id':
if ($source == 'structure' || $source == 'category') {
$out = $item->id;
} else {
// source = 'item'?
$out = $item->category;
}
break;
default:
break;
}
break;
// ITEM comments
// ITEM comments
case 'comment':
case 'comments':
switch ($tag['attributes']['value']) {
case 'id':
$out = $item->id;
break;
case 'avatar':
$size = '48';
$extra = '';
if (!empty($tag['attributes']['size'])) {
$size = intval($tag['attributes']['size']);
}
if (!empty($tag['attributes']['border'])) {
$extra .= '&border=' . $tag['attributes']['border'];
}
if (!empty($item->avatar)) {
$out = '<img class="' . $tag['attributes']['class'] . '" src="' . NVWEB_OBJECT . '?type=image' . $extra . '&id=' . $item->avatar . '" width="' . $size . 'px" height="' . $size . 'px"/>';
} else {
if (!empty($tag['attributes']['default'])) {
// the comment creator has not an avatar, but the template wants to show a default one
// 3 cases:
// numerical -> ID of the avatar image file in Navigate CMS
// absolute path (http://www...)
// relative path (/img/avatar.png) -> path to the avatar file included in the THEME used
if (is_numeric($tag['attributes']['default'])) {
$out = '<img class="' . $tag['attributes']['class'] . '" src="' . NVWEB_OBJECT . '?type=image' . $extra . '&id=' . $tag['attributes']['default'] . '" width="' . $size . 'px" height="' . $size . 'px"/>';
} else {
if (strpos($tag['attributes']['default'], 'http://') === 0) {
$out = '<img class="' . $tag['attributes']['class'] . '" src="' . $tag['attributes']['default'] . '" width="' . $size . 'px" height="' . $size . 'px"/>';
} else {
if ($tag['attributes']['default'] == 'none') {
$out = '';
} else {
$out = '<img class="' . $tag['attributes']['class'] . '"src="' . NAVIGATE_URL . '/themes/' . $website->theme . '/' . $tag['attributes']['default'] . '" width="' . $size . 'px" height="' . $size . 'px"/>';
}
}
}
} else {
$gravatar_hash = "";
$gravatar_default = 'blank';
if (!empty($tag['attributes']['gravatar_default'])) {
$gravatar_default = $tag['attributes']['gravatar_default'];
}
if (!empty($item->email)) {
$gravatar_hash = md5(strtolower(trim($item->email)));
} else {
if (!empty($item->user)) {
$email = $DB->query_single('email', 'nv_webusers', 'id = ' . protect($item->user));
if (!empty($email)) {
$gravatar_hash = md5(strtolower(trim($item->email)));
}
}
}
if (!empty($gravatar_hash) && $gravatar_default != 'none') {
// gravatar real url: https://www.gravatar.com/avatar/
// we use libravatar to get more userbase
$gravatar_url = 'https://seccdn.libravatar.org/avatar/' . $gravatar_hash . '?s=' . $size . '&d=' . $gravatar_default;
$out = '<img class="' . $tag['attributes']['class'] . '" src="' . $gravatar_url . '" width="' . $size . 'px" height="' . $size . 'px"/>';
} else {
$out = '<img class="' . $tag['attributes']['class'] . '" src="data:image/gif;base64,R0lGODlhAQABAPAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==" width="' . $size . 'px" height="' . $size . 'px"/>';
}
}
}
if ($tag['attributes']['linked'] == 'true' && !empty($out)) {
if (!empty($item->url)) {
$comment_link = $item->url;
} else {
if (!empty($item->user)) {
$wu = new webuser();
$wu->load($item->user);
$comment_link = $wu->social_website;
}
}
if (!empty($comment_link)) {
$out = '<a href="' . $comment_link . '" target="_blank">' . $out . '</a>';
}
}
break;
case 'username':
$out = !empty($item->username) ? $item->username : $item->name;
if ($tag['attributes']['linked'] == 'true' && !empty($out)) {
if (!empty($item->url)) {
$comment_link = $item->url;
} else {
if (!empty($item->user)) {
$wu = new webuser();
$wu->load($item->user);
$comment_link = $wu->social_website;
}
}
if (!empty($comment_link)) {
$out = '<a href="' . $comment_link . '" target="_blank">' . $out . '</a>';
}
}
break;
case 'website':
if (!empty($item->url)) {
$out = $item->url;
} else {
if (!empty($item->user)) {
$wu = new webuser();
$wu->load($item->user);
$out = $wu->social_website;
}
}
if (empty($out)) {
$out = '#';
}
break;
case 'message':
if (!empty($tag['attributes']['length'])) {
$out = core_string_cut($item->message, $tag['attributes']['length'], '…');
} else {
$out = nl2br($item->message);
}
break;
case 'date':
// Navigate CMS 1.6.6 compatibility
if (empty($tag['attributes']['format']) && !empty($tag['attributes']['date_format'])) {
$tag['attributes']['format'] = $tag['attributes']['date_format'];
}
if (!empty($tag['attributes']['format'])) {
// custom date format
$out = nvweb_content_date_format($tag['attributes']['format'], $item->date_created);
} else {
$out = date($website->date_format . ' H:i', $item->date_created);
}
break;
case 'item_url':
$out = nvweb_source_url('item', $item->item, $current['lang']);
break;
case 'item_title':
$out = $item->item_title;
break;
case 'reply_to':
$out = $item->reply_to;
break;
case 'depth':
$c = new comment();
$c->load_from_resultset(array($item));
$out = $c->depth();
break;
case 'property':
$c = new comment();
$c->load_from_resultset(array($item));
// pass all nvlist tag parameters to properties nvweb, but some attribute/values take preference
$nvweb_properties_parameters = array_replace($tag['attributes'], array('mode' => 'comment', 'id' => $c->id, 'template' => $c->element_template(), 'property' => !empty($tag['attributes']['property']) ? $tag['attributes']['property'] : $tag['attributes']['name']));
$out = nvweb_properties($nvweb_properties_parameters);
break;
}
break;
case 'block':
switch ($tag['attributes']['value']) {
case 'id':
$out = $item->id;
break;
// only for blocks in a block group!
// only for blocks in a block group!
case 'uid':
$out = $item->uid;
break;
case 'block':
// generate the full block code
if ($item->type == "extension") {
if (function_exists('nvweb_' . $item->extension . '_' . $item->id)) {
// load extension block property values
$item->properties = property::load_properties(NULL, $item->id, "extension_block", NULL, $item->uid);
$out = call_user_func('nvweb_' . $item->extension . '_' . $item->id, $item);
}
} else {
$out = nvweb_blocks_render($item->type, $item->trigger, $item->action, NULL, NULL, $tag['attributes']);
}
break;
// not for extension_blocks
// not for extension_blocks
case 'title':
$out = $item->dictionary[$current['lang']]['title'];
if (!empty($tag['attributes']['length'])) {
$out = core_string_cut($out, $tag['attributes']['length'], '…');
}
break;
case 'content':
if ($item->type == "extension") {
if (function_exists('nvweb_' . $item->extension . '_' . $item->id)) {
// load extension block property values
$item->properties = property::load_properties(NULL, $item->id, "extension_block", NULL, $item->uid);
$out = call_user_func('nvweb_' . $item->extension . '_' . $item->id, $item);
}
} else {
$out = nvweb_blocks_render($item->type, $item->trigger, $item->action, 'content', $item, $tag['attributes']);
}
break;
// not for extension_blocks
// not for extension_blocks
case 'url':
case 'path':
$out = nvweb_blocks_render_action($item->action, '', $current['lang'], true);
if (empty($out)) {
$out = '#';
} else {
$out = nvweb_prepare_link($out);
}
break;
// not for extension_blocks
// not for extension_blocks
case 'target':
if ($item->action['action-type'][$current['lang']] == 'web-n') {
$out = '_blank';
} else {
$out = '_self';
}
break;
// not for extension_blocks (only for standard blocks and block group blocks)
// not for extension_blocks (only for standard blocks and block group blocks)
case 'property':
$properties_mode = 'block';
if (!is_numeric($item->id)) {
$properties_mode = 'block_group_block';
}
$nvweb_properties_parameters = array_replace($tag['attributes'], array('mode' => !isset($tag['attributes']['mode']) ? $properties_mode : $tag['attributes']['mode'], 'id' => $item->id, 'property' => !empty($tag['attributes']['property']) ? $tag['attributes']['property'] : $tag['attributes']['name'], 'uid' => @$item->uid));
$out = nvweb_properties($nvweb_properties_parameters);
break;
// not for extension_blocks
// not for extension_blocks
case 'poll_answers':
$out = nvweb_blocks_render_poll($item);
break;
default:
break;
}
break;
case 'block_link':
switch ($tag['attributes']['value']) {
case 'id':
$out = $item->id;
break;
case 'title':
$out = $item->title;
if (!empty($tag['attributes']['length'])) {
$out = core_string_cut($out, $tag['attributes']['length'], '…');
}
break;
case 'url':
case 'path':
$out = $item->link;
if (empty($out)) {
$out = '#';
} else {
$out = nvweb_prepare_link($out);
}
break;
case 'target':
if ($item->new_window == 1) {
$out = '_blank';
} else {
$out = '_self';
}
break;
case 'icon':
$out = @$item->icon;
break;
default:
break;
}
break;
case 'block_type':
switch ($tag['attributes']['value']) {
case 'title':
$title_obj = json_decode($item->title, true);
if (empty($title_obj)) {
// not json
$out = $item->title;
} else {
$out = $title_obj[$current['lang']];
}
break;
}
break;
case 'gallery':
switch ($tag['attributes']['value']) {
case 'url':
case 'path':
$out = NVWEB_OBJECT . '?wid=' . $website->id . '&id=' . $item['file'] . '&disposition=inline';
break;
case 'thumbnail':
case 'thumbnail_url':
$thumbnail_url = NVWEB_OBJECT . '?wid=' . $website->id . '&id=' . $item['file'] . '&disposition=inline&width=' . $tag['attributes']['width'] . '&height=' . $tag['attributes']['height'] . '&border=' . $tag['attributes']['border'];
if ($tag['attributes']['value'] == 'thumbnail_url' || @$tag['attributes']['return'] == 'url') {
$out = $thumbnail_url;
} else {
$out = '<img src="' . $thumbnail_url . '" alt="' . $item[$current['lang']] . '" title="' . $item[$current['lang']] . '" />';
}
break;
case 'title':
$f = new file();
$f->load($item['file']);
$out = $f->title[$current['lang']];
break;
case 'alt':
case 'description':
$f = new file();
$f->load($item['file']);
$out = $f->description[$current['lang']];
break;
default:
$out = '<a href="' . NVWEB_OBJECT . '?wid=' . $website->id . '&id=' . $item['file'] . '&disposition=inline">
<img src="' . NVWEB_OBJECT . '?wid=' . $website->id . '&id=' . $item['file'] . '&disposition=inline&width=' . $tag['attributes']['width'] . '&height=' . $tag['attributes']['height'] . '&border=' . $tag['attributes']['border'] . '"
alt="' . $item[$current['lang']] . '" title="' . $item[$current['lang']] . '" />
</a>';
break;
}
break;
case 'item':
// useful also for source="structure" (but some are nonsense: title, comments, etc)
// useful also for source="structure" (but some are nonsense: title, comments, etc)
default:
switch ($tag['attributes']['value']) {
case 'id':
$out = $item->id;
break;
case 'slug':
$lang = $current['lang'];
if (!empty($tag['attributes']['lang'])) {
$lang = $tag['attributes']['lang'];
}
$out = $item->dictionary[$lang]['title'];
// remove spaces, special chars, etc.
$out = core_string_clean($out);
$out = slug($out);
break;
case 'title':
$lang = $current['lang'];
if (!empty($tag['attributes']['lang'])) {
$lang = $tag['attributes']['lang'];
}
$out = $item->dictionary[$lang]['title'];
if (!empty($tag['attributes']['length'])) {
$out = core_string_cut($out, $tag['attributes']['length'], '…', $tag['attributes']['length']);
}
break;
case 'author':
if (!empty($item->author)) {
$nu = new user();
$nu->load($item->author);
$out = $nu->username;
unset($nu);
}
if (empty($out)) {
$out = $website->name;
}
break;
case 'date':
case 'date_post':
if (!empty($tag['attributes']['format'])) {
// custom date format
$out = nvweb_content_date_format($tag['attributes']['format'], $item->date_to_display);
} else {
$out = date($website->date_format, $item->date_to_display);
}
break;
case 'content':
case 'section':
if ($source == 'structure' && $tag['attributes']['source'] == 'item') {
$items = nvweb_content_items($item->id, true, 1, false, 'priority');
// we force finding the first non-embedded item ordered by priority
if (empty($items)) {
$items = nvweb_content_items($item->id, true, 1, true, 'priority');
}
// find the first embedded item ordered by priority
$item = $items[0];
}
$section = $tag['attributes']['section'];
if (empty($section)) {
$section = 'main';
}
$out = $item->dictionary[$current['lang']]['section-' . $section];
if (!empty($tag['attributes']['length'])) {
$allowed_tags = '';
if (!empty($tag['attributes']['allowed_tags'])) {
$allowed_tags = explode(',', $tag['attributes']['allowed_tags']);
}
$out = core_string_cut($out, $tag['attributes']['length'], '…', $allowed_tags);
}
break;
case 'comments':
$out = nvweb_content_comments_count($item->id);
break;
case 'gallery':
$params = array('item' => $item->id);
$params = array_merge($params, $tag['attributes']);
$out = nvweb_gallery($params);
break;
case 'image':
case 'photo':
$photo = @array_shift(array_keys($item->galleries[0]));
if (empty($photo)) {
$out = NVWEB_OBJECT . '?type=transparent';
} else {
$out = NVWEB_OBJECT . '?wid=' . $website->id . '&id=' . $photo . '&disposition=inline&width=' . $tag['attributes']['width'] . '&height=' . $tag['attributes']['height'] . '&border=' . $tag['attributes']['border'];
}
break;
case 'url':
case 'path':
// rss -> full url
// item -> relative url
// embedded item -> category url
if ($item->embedding == 1 && $item->association == 'category') {
nvweb_menu_load_routes();
// load menu paths if not already done
$out = nvweb_prepare_link($structure['routes'][$item->category]);
} else {
$path = $item->paths[$current['lang']];
if (empty($path)) {
$path = '/node/' . $item->id;
}
$out = nvweb_prepare_link($path);
}
break;
case 'tags':
// pass all nvlist tag parameters to the content nvweb, but some attribute/values take preference
$nvweb_parameters = array_replace($tag['attributes'], array('mode' => 'tags', 'id' => $item->id));
$out = nvweb_content($nvweb_parameters);
break;
case 'score':
$out = nvweb_votes_calc($item, $tag['attributes']['round'], $tag['attributes']['half'], $tag['attributes']['min'], $tag['attributes']['max']);
break;
case 'votes':
$out = intval($item->votes);
break;
case 'views':
$out = intval($item->views);
break;
case 'property':
if ($source == 'structure' && $tag['attributes']['source'] == 'item') {
$items = nvweb_content_items($item->id, true, 1, false, 'priority');
// we force finding the first non-embedded item ordered by priority
if (empty($items)) {
$items = nvweb_content_items($item->id, true, 1, true, 'priority');
}
// find the first embedded item ordered by priority
$item = $items[0];
$source = "item";
}
// pass all nvlist tag parameters to properties nvweb, but some attribute/values take preference
$nvweb_properties_parameters = array_replace($tag['attributes'], array('mode' => $source == 'structure' || $source == 'category' ? 'structure' : 'item', 'id' => $item->id, 'template' => $item->template, 'property' => !empty($tag['attributes']['property']) ? $tag['attributes']['property'] : $tag['attributes']['name']));
$out = nvweb_properties($nvweb_properties_parameters);
break;
default:
// maybe a special tag not related to a source? (unimplemented)
}
break;
}
return $out;
}
function nv_plugin_init()
{
global $DB;
global $webuser;
global $config;
global $website;
global $current;
global $dictionary;
global $session;
global $events;
global $idn;
// create database connection
$DB = new database();
if (!$DB->connect()) {
die(APP_NAME . ' # ERROR<br /> ' . $DB->get_last_error());
}
// global exception catcher
try {
$idn = new idna_convert();
// which website do we have to load?
$url = nvweb_self_url();
if (!empty($_REQUEST['wid'])) {
$website = new website();
$website->load(intval($_REQUEST['wid']));
} else {
$website = nvweb_load_website_by_url($url);
}
if ($website->permission == 2 || $website->permission == 1 && empty($_SESSION['APP_USER#' . APP_UNIQUE])) {
nvweb_clean_exit();
}
// global helper variables
$session = array();
// user session
$webuser = new webuser();
$nvweb_absolute = empty($website->protocol) ? 'http://' : $website->protocol;
if (!empty($website->subdomain)) {
$nvweb_absolute .= $website->subdomain . '.';
}
$nvweb_absolute .= $website->domain . $website->folder;
define('NVWEB_ABSOLUTE', $nvweb_absolute);
define('NVWEB_OBJECT', $nvweb_absolute . '/object');
if (!defined('NAVIGATE_URL')) {
define('NAVIGATE_URL', NAVIGATE_PARENT . NAVIGATE_FOLDER);
}
if (!isset($_SESSION['nvweb.' . $website->id])) {
$_SESSION['nvweb.' . $website->id] = array();
$session['lang'] = nvweb_country_language();
} else {
$session = $_SESSION['nvweb.' . $website->id];
if (empty($session['lang'])) {
$session['lang'] = nvweb_country_language();
}
}
if (isset($_REQUEST['lang'])) {
$session['lang'] = $_REQUEST['lang'];
}
if (!empty($session['webuser'])) {
$webuser->load($session['webuser']);
} else {
if (!empty($_COOKIE["webuser"])) {
$webuser->load_by_hash($_COOKIE['webuser']);
}
}
@setlocale(LC_ALL, $website->languages[$session['lang']]['system_locale']);
// remove the "folder" part of the route
$route = '';
if (!empty($_REQUEST['route'])) {
$route = $_REQUEST['route'];
// remove the "folder" part of the route (only if this url is really under a folder)
if (!empty($website->folder) && strpos('/' . $route, $website->folder) === 0) {
$route = substr('/' . $route, strlen($website->folder) + 1);
}
}
// global data across webgets
$current = array('lang' => $session['lang'], 'route' => $route, 'object' => '', 'template' => '', 'category' => '', 'webuser' => @$session['webuser'], 'navigate_session' => !empty($_SESSION['APP_USER#' . APP_UNIQUE]), 'html_after_body' => array(), 'js_after_body' => array());
$dictionary = nvweb_dictionary_load();
$_SESSION['nvweb.' . $website->id] = $session;
} catch (Exception $e) {
?>
<html>
<body>
ERROR
<br /><br />
<?php
echo $e->getMessage();
?>
</body>
</html>
<?php
}
$events = new events();
nvweb_plugins_load();
$events->extension_backend_bindings();
}