/** * Display notes for a user * * @return void */ public function modalTask() { Request::setVar('hidemainmenu', 1); $user = Member::oneOrFail(Request::getInt('id', 0)); $rows = Note::all()->including(['category', function ($category) { $category->select('id')->select('title'); }])->whereEquals('user_id', (int) $user->get('id'))->ordered()->rows(); // Output the HTML $this->view->set('user', $user)->set('rows', $rows)->setErrors($this->getErrors())->display(); }
/** * Display a form for updating profile info * * @return void */ public function updateTask() { // Check if the user is logged in if (User::isGuest()) { return App::abort(500, Lang::txt('COM_MEMBERS_REGISTER_ERROR_SESSION_EXPIRED')); } $force = false; $updateEmail = false; // Set the pathway $this->_buildPathway(); // Set the page title $this->_buildTitle(); // Instantiate a new registration object $xregistration = new \Components\Members\Models\Registration(); $xprofile = Member::oneOrFail(User::get('id')); $hzal = \Hubzero\Auth\Link::find_by_id(User::get('auth_link_id')); // Get users component config options, specifically whether or not 'simple' registration is enabled $method = Request::getMethod(); $usersConfig = Component::params('com_members'); $simpleRegistration = $usersConfig->get('simple_registration', false); if ($method == 'POST') { // Load POSTed data $xregistration->loadPOST(); } else { // Load data from the user object $xregistration->loadProfile($xprofile); $username = User::get('username'); $email = User::get('email'); if ($username[0] == '-' && is_object($hzal)) { $sub_email = explode('@', (string) $hzal->email, 2); $tmp_username = Session::get('auth_link.tmp_username', $sub_email[0]); $xregistration->set('login', $tmp_username); $xregistration->set('orcid', Session::get('auth_link.tmp_orcid', '')); $xregistration->set('email', $hzal->email); $xregistration->set('confirmEmail', $hzal->email); if ($simpleRegistration) { $force = false; $method = 'POST'; } else { $force = true; } } } $check = $xregistration->check('update'); if (!$force && $check && $method == 'GET') { Session::set('registration.incomplete', false); if ($_SERVER['REQUEST_URI'] == rtrim(Request::base(true), '/') . '/register/update' || $_SERVER['REQUEST_URI'] == rtrim(Request::base(true), '/') . '/members/register/update') { App::redirect(rtrim(Request::base(true), '/') . '/'); } else { App::redirect($_SERVER['REQUEST_URI']); } return true; } if (!$force && $check && $method == 'POST') { // Before going any further, we need to do a sanity check to make sure username isn't being changed. // This really only happens on a race condition where someone is creating the same account // using a 3rd party auth service in two different browsers. Yes, it's crazy! if ($xregistration->get('login') && substr(User::get('username'), 0, 1) == '-') { // Make sure the username hasn't since been set in the database if (substr(User::getInstance(User::get('id'))->get('username'), 0, 1) != '-') { App::redirect(Route::url('index.php?option=com_users&view=logout'), Lang::txt('This account appears to already exist. Please try logging in again.'), 'warning'); return; } } $hubHomeDir = rtrim($this->config->get('homedir'), DS); $updateEmail = false; if ($xprofile->get('homeDirectory') == '') { $xprofile->set('homeDirectory', $hubHomeDir . DS . $xprofile->get('username')); } if ($xprofile->get('registerIP') == '') { $xprofile->set('registerIP', Request::getVar('REMOTE_ADDR', '', 'server')); } if ($xprofile->get('registerDate') == '') { $xprofile->set('registerDate', Date::toSql()); } if ($xregistration->get('email') != $xprofile->get('email')) { if (is_object($hzal) && $xregistration->get('email') == $hzal->email) { $xprofile->set('activation', 3); } else { $code = \Components\Members\Helpers\Utility::genemailconfirm(); $xprofile->set('activation', $code); $updateEmail = true; } } if ($xregistration->get('login') != $xprofile->get('username')) { $xprofile->set('homeDirectory', $hubHomeDir . DS . $xregistration->get('login')); } $keys = array('email', 'name', 'surname', 'givenName', 'middleName', 'usageAgreement', 'sendEmail', 'password'); foreach ($keys as $key) { if ($xregistration->get($key) !== null) { $xprofile->set($key, $xregistration->get($key)); } } $xprofile->set('username', $xregistration->get('login')); $xprofile->save(); // Update current session if appropriate // TODO: update all session of this user // TODO: only update if changed if ($xprofile->get('id') == User::get('id')) { $suser = Session::get('user'); $suser->set('username', $xprofile->get('username')); $suser->set('email', $xprofile->get('email')); $suser->set('name', $xprofile->get('name')); Session::set('user', $suser); // Get the session object $table = \JTable::getInstance('session'); $table->load(Session::getId()); $table->username = $xprofile->get('username'); $table->update(); } Session::set('registration.incomplete', false); // Notify the user if ($updateEmail) { \Components\Members\Helpers\Utility::sendConfirmEmail($xprofile, $xregistration); } // Notify administration if ($method == 'POST') { $subject = Config::get('sitename') . ' ' . Lang::txt('COM_MEMBERS_REGISTER_EMAIL_ACCOUNT_UPDATE'); $eaview = new \Hubzero\Component\View(array('name' => 'emails', 'layout' => 'adminupdate')); $eaview->option = $this->_option; $eaview->controller = $this->_controller; $eaview->sitename = Config::get('sitename'); $eaview->xprofile = $xprofile; $eaview->baseURL = $this->baseURL; $message = $eaview->loadTemplate(); $message = str_replace("\n", "\r\n", $message); } if (!$updateEmail) { $suri = Request::getVar('REQUEST_URI', '/', 'server'); if ($suri == '/register/update' || $suri == '/members/update' || $suri == '/members/register/update') { $suri = Route::url('index.php?option=' . $this->_option . '&task=myaccount'); } App::redirect($suri); return; } else { // Instantiate a new view $this->view->set('title', Lang::txt('COM_MEMBERS_REGISTER_UPDATE'))->set('sitename', Config::get('sitename'))->set('xprofile', $xprofile)->set('isSelf', true)->set('updateEmail', $updateEmail)->setErrors($this->getErrors())->display(); } return true; } return $this->_show_registration_form($xregistration, 'update'); }
/** * Display host entries for a member * * @param object $profile * @return void */ public function displayTask($profile = null) { // Incoming if (!$profile) { $id = Request::getInt('id', 0); $profile = Member::oneOrFail($id); } // Output the HTML $this->view->set('id', $profile->get('id'))->set('rows', $profile->purgeCache()->hosts)->setErrors($this->getErrors())->setLayout('display')->display(); }
/** * Get user profile info * * @apiMethod GET * @apiUri /members/{id} * @apiParameter { * "name": "id", * "description": "Member identifier", * "type": "integer", * "required": true, * "default": null * } * @return void */ public function readTask() { $userid = Request::getInt('id', 0); $result = Member::oneOrFail($userid); if (!$result || !$result->get('id')) { throw new Exception(Lang::txt('COM_MEMBERS_ERROR_USER_NOT_FOUND'), 404); } // Get any request vars $base = rtrim(Request::base(), '/'); $profile = array('id' => $result->get('id'), 'username' => $result->get('username'), 'name' => $result->get('name'), 'first_name' => $result->get('givenName'), 'middle_name' => $result->get('middleName'), 'last_name' => $result->get('surname'), 'email' => $result->get('email'), 'member_since' => $result->get('registerDate'), 'picture' => array('thumb' => $result->picture(0, true), 'full' => $result->picture(0, false)), 'interests' => array(), 'url' => str_replace('/api', '', $base . '/' . ltrim(Route::url($result->link()), '/'))); // Get custom fields $attribs = Field::all()->ordered()->rows(); foreach ($attribs as $attrib) { $key = $attrib->get('name'); if ($attrib->get('type') == 'tags') { $val = $result->tags('string'); } else { $val = $result->get($key); } if (is_array($val)) { $val = implode(';', $val); } $profile[$key] = $val; } require_once dirname(dirname(__DIR__)) . DS . 'models' . DS . 'tags.php'; $cloud = new \Components\Members\Models\Tags($userid); foreach ($cloud->tags('list') as $i => $tag) { $obj = new stdClass(); $obj->id = $tag->get('id'); $obj->raw_tag = $tag->get('raw_tag'); $obj->tag = $tag->get('tag'); $obj->uri = str_replace('/api', '', $base . '/' . ltrim(Route::url($tag->link()), '/')); $obj->substitutes_count = $tag->get('substitutes'); $obj->objects_count = $tag->get('total'); $profile['interests'][] = $obj; } // Corrects image path, API application breaks Route::url() in the Helper::getMemberPhoto() method. $profile['picture']['thumb'] = str_replace('/api', '', $base . '/' . $profile['picture']['thumb']); $profile['picture']['full'] = str_replace('/api', '', $base . '/' . $profile['picture']['full']); // Encode and return result $object = new stdClass(); $object->profile = $profile; $this->send($object); }
/** * Debug user permissions * * @return void */ public function debuguserTask() { include_once dirname(dirname(__DIR__)) . DS . 'helpers' . DS . 'debug.php'; // Get filters $filters = array('search' => urldecode(Request::getState($this->_option . '.' . $this->_controller . '.search', 'search', '')), 'sort' => Request::getState($this->_option . '.' . $this->_controller . '.sort', 'filter_order', 'lft'), 'sort_Dir' => Request::getState($this->_option . '.' . $this->_controller . '.sortdir', 'filter_order_Dir', 'ASC'), 'level_start' => Request::getState($this->_option . '.' . $this->_controller . '.filter_level_start', 'filter_level_start', 0, 'int'), 'level_end' => Request::getState($this->_option . '.' . $this->_controller . '.filter_level_end', 'filter_level_end', 0, 'int'), 'component' => Request::getState($this->_option . '.' . $this->_controller . '.filter_component', 'filter_component', '')); if ($filters['level_end'] > 0 && $filters['level_end'] < $filters['level_start']) { $filters['level_end'] = $filters['level_start']; } $id = Request::getInt('id', 0); // Load member $member = Member::oneOrFail($id); // Select the required fields from the table. $entries = \Hubzero\Access\Asset::all(); if ($filters['search']) { $entries->whereLike('name', $filters['search'], 1)->orWhereLike('title', $filters['search'], 1)->resetDepth(); } if ($filters['level_start'] > 0) { $entries->where('level', '>=', $filters['level_start']); } if ($filters['level_end'] > 0) { $entries->where('level', '<=', $filters['level_end']); } // Filter the items over the component if set. if ($filters['component']) { $entries->whereEquals('name', $filters['component'], 1)->orWhereLike('name', $filters['component'], 1)->resetDepth(); } $assets = $entries->order($filters['sort'], $filters['sort_Dir'])->paginated()->rows(); $actions = \Components\Members\Helpers\Debug::getActions($filters['component']); $data = $assets->raw(); $assets->clear(); foreach ($data as $key => $asset) { $checks = array(); foreach ($actions as $action) { $name = $action[0]; $level = $action[1]; // Check that we check this action for the level of the asset. if ($action[1] === null || $action[1] >= $asset->get('level')) { // We need to test this action. $checks[$name] = \JAccess::check($id, $action[0], $asset->get('name')); } else { // We ignore this action. $checks[$name] = 'skip'; } } $asset->set('checks', $checks); $assets->push($asset); } $levels = \Components\Members\Helpers\Debug::getLevelsOptions(); $components = \Components\Members\Helpers\Debug::getComponents(); // Output the HTML $this->view->set('user', $member)->set('filters', $filters)->set('assets', $assets)->set('actions', $actions)->set('levels', $levels)->set('components', $components)->display(); }
/** * Save changes to a profile * Outputs JSON when called via AJAX, redirects to profile otherwise * * @return string JSON */ public function saveTask() { // Check if they are logged in if (User::isGuest()) { return false; } Request::checkToken(array('get', 'post')); $no_html = Request::getVar('no_html', 0); // Incoming user ID $id = Request::getInt('id', 0, 'post'); // Do we have an ID? if (!$id) { App::abort(404, Lang::txt('COM_MEMBERS_NO_ID')); } // Load the profile $member = Member::oneOrFail($id); // Name changed? $name = Request::getVar('name', array(), 'post'); if ($name && !empty($name)) { $member->set('givenName', trim($name['first'])); $member->set('middleName', trim($name['middle'])); $member->set('surname', trim($name['last'])); $name = implode(' ', $name); $name = preg_replace('/\\s+/', ' ', $name); $member->set('name', $name); } // Set profile access $visibility = Request::getVar('profileaccess', null, 'post'); if (!is_null($visibility)) { $member->set('access', $visibility); } // Check email $oldemail = $member->get('email'); $email = Request::getVar('email', null, 'post'); if (!is_null($email)) { $member->set('email', (string) $email); // Unconfirm if the email address changed if ($oldemail != $email) { // Get a new confirmation code $confirm = \Components\Members\Helpers\Utility::genemailconfirm(); $member->set('activation', $confirm); } } // Receieve email updates? $sendEmail = Request::getVar('sendEmail', null, 'post'); if (!is_null($sendEmail)) { $member->set('sendEmail', $sendEmail); } // Usage agreement $usageAgreement = Request::getVar('usageAgreement', null, 'post'); if (!is_null($usageAgreement)) { $member->set('usageAgreement', (int) $usageAgreement); } // Are we declining the terms of use? // If yes we want to set the usage agreement to 0 and profile to private $declineTOU = Request::getVar('declinetou', 0); if ($declineTOU) { $member->set('access', 0); $member->set('usageAgreement', 0); } // Save the changes if (!$member->save()) { $this->setError($member->getError()); if ($no_html) { echo json_encode($this->getErrors()); exit; } return $this->editTask($member); } // Incoming profile edits $profile = Request::getVar('profile', array(), 'post', 'none', 2); $access = Request::getVar('access', array(), 'post'); $field_to_check = Request::getVar('field_to_check', array()); $old = Profile::collect($member->profiles); $profile = array_merge($old, $profile); // Compile profile data foreach ($profile as $key => $data) { if (isset($profile[$key]) && is_array($profile[$key])) { $profile[$key] = array_filter($profile[$key]); } if (isset($profile[$key . '_other']) && trim($profile[$key . '_other'])) { if (is_array($profile[$key])) { $profile[$key][] = $profile[$key . '_other']; } else { $profile[$key] = $profile[$key . '_other']; } unset($profile[$key . '_other']); } } // Validate profile data $fields = Field::all()->including(['options', function ($option) { $option->select('*'); }])->where('action_edit', '!=', Field::STATE_HIDDEN)->ordered()->rows(); $form = new \Hubzero\Form\Form('profile', array('control' => 'profile')); $form->load(Field::toXml($fields, 'edit', $profile)); $form->bind(new \Hubzero\Config\Registry($profile)); $errors = array('_missing' => array(), '_invalid' => array()); if (!$form->validate($profile)) { foreach ($form->getErrors() as $key => $error) { // Filter out fields if (!empty($field_to_check) && !in_array($key, $field_to_check)) { continue; } if ($error instanceof \Hubzero\Form\Exception\MissingData) { $errors['_missing'][$key] = (string) $error; } $errors['_invalid'][$key] = (string) $error; $this->setError((string) $error); } } if ($this->getError()) { if ($no_html) { echo json_encode($errors); exit; } return $this->editTask($member); } // Save profile data if (!$member->saveProfile($profile, $access)) { $this->setError($member->getError()); if ($no_html) { echo json_encode($this->getErrors()); exit; } return $this->editTask($member); } $email = $member->get('email'); // Make sure certain changes make it back to the user table if ($member->get('id') == User::get('id')) { $user = App::get('session')->get('user'); if ($member->get('name') != $user->get('name')) { $user->set('name', $member->get('name')); } // Update session if email is changing if ($member->get('email') != $user->get('email')) { $user->set('email', $member->get('email')); // Add item to session to mark that the user changed emails // this way we can serve profile images for these users but not all // unconfirmed users App::get('session')->set('userchangedemail', 1); } App::get('session')->set('user', $user); } // Send a new confirmation code AFTER we've successfully saved the changes to the e-mail address if ($email != $oldemail) { $this->_sendConfirmationCode($member->get('username'), $email, $confirm); } // If were declinging the terms we want to logout user and tell the javascript if ($declineTOU) { App::get('auth')->logout(); echo json_encode(array('loggedout' => true)); return; } if ($no_html) { // Output JSON echo json_encode(array('success' => true)); exit; } // Redirect App::redirect(Route::url('index.php?option=' . $this->_option . ($id ? '&id=' . $id . '&active=profile' : ''))); }
/** * Save an ORCID to a profile * * @param string $orcid * @return boolean */ private function _save($orcid) { // Instantiate a new profile object $profile = Member::oneOrFail(User::get('id')); if ($profile) { $profile->set('orcid', $orcid); return $profile->save(); } return false; }
/** * Download a file * * @return void */ public function downloadTask() { //get vars $id = Request::getInt('id', 0); //check to make sure we have an id if (!$id || $id == 0) { return; } //Load member profile $member = Member::oneOrFail($id); // check to make sure we have member profile if (!$member) { return; } //get the file name // make sure to leave out any query params (ex. ?v={timestamp}) $uri = Request::getVar('SCRIPT_URL', '', 'server'); if (strstr($uri, 'Image:')) { $file = str_replace('Image:', '', strstr($uri, 'Image:')); } elseif (strstr($uri, 'File:')) { $file = str_replace('File:', '', strstr($uri, 'File:')); } //decode file name $file = urldecode($file); // build base path $base_path = $this->filespace() . DS . \Hubzero\Utility\String::pad($member->get('id'), 5); //if we are on the blog if (Request::getVar('active', 'profile') == 'blog') { // @FIXME Check still needs to occur for non-public entries //authorize checks /*if ($this->_authorize() != 'admin') { if (User::get('id') != $member->get('id')) { App::abort(403, Lang::txt('You are not authorized to download the file: ') . ' ' . $file); } }*/ //get the params from the members blog plugin $blog_params = Plugin::params('members', 'blog'); //build the base path to file based of upload path param $base_path = str_replace('{{uid}}', \Hubzero\Utility\String::pad($member->get('id'), 5), $blog_params->get('uploadpath')); } //build file path $file_path = $base_path . DS . $file; // Ensure the file exist if (!file_exists(PATH_APP . DS . $file_path)) { App::abort(404, Lang::txt('The requested file could not be found: ') . ' ' . $file); return; } // Serve up the image $xserver = new \Hubzero\Content\Server(); $xserver->filename(PATH_APP . DS . $file_path); $xserver->disposition('attachment'); $xserver->acceptranges(false); // @TODO fix byte range support //serve up file if (!$xserver->serve()) { // Should only get here on error App::abort(404, Lang::txt('An error occured while trying to output the file')); } exit; }