/**
  * Activates a user
  * user plugins must have been loaded
  *
  * @param  UserTable  $user
  * @param  int        $ui               1=frontend, 2=backend, 0=no UI: machine-machine UI
  * @param  string     $cause            (one of: 'UserRegistration', 'UserConfirmation', 'UserApproval', 'NewUser', 'UpdateUser')
  * @param  boolean    $mailToAdmins     true if the standard new-user email should be sent to admins if moderator emails are enabled
  * @param  boolean    $mailToUser       true if the welcome new user email (from CB config) should be sent to the new user
  * @param  boolean    $triggerBeforeActivate
  * @return array                        Texts to display
  */
 function activateUser(&$user, $ui, $cause, $mailToAdmins = true, $mailToUser = true, $triggerBeforeActivate = true)
 {
     global $ueConfig, $_PLUGINS;
     static $notificationsSent = array();
     $activate = $user->confirmed && $user->approved == 1;
     $showSysMessage = true;
     $savedLanguage = CBTxt::setLanguage($user->getUserLanguage());
     $messagesToUser = getActivationMessage($user, $cause);
     CBTxt::setLanguage($savedLanguage);
     if ($cause == 'UserConfirmation' && $user->approved == 0) {
         $activate = false;
         $msg = array('emailAdminSubject' => array('sys' => CBTxt::T('UE_REG_ADMIN_PA_SUB', 'ACTION REQUIRED! New user sign up request pending approval')), 'emailAdminMessage' => array('sys' => CBTxt::T('UE_REG_ADMIN_PA_MSG', "A new user has signed up at [SITEURL] and requires approval.\nThis email contains their details\n\nName - [NAME]\nE-mail - [EMAILADDRESS]\nUsername - [USERNAME]\n\n\nPlease do not respond to this message as it is automatically generated and is for informational purposes only.\n")), 'emailUserSubject' => array(), 'emailUserMessage' => array());
     } elseif ($user->confirmed == 0) {
         $msg = array('emailAdminSubject' => array(), 'emailAdminMessage' => array());
         $savedLanguage = CBTxt::setLanguage($user->getUserLanguage());
         $msg['emailUserSubject'] = array('sys' => CBTxt::T(stripslashes($ueConfig['reg_pend_appr_sub'])));
         $msg['emailUserMessage'] = array('sys' => CBTxt::T(stripslashes($ueConfig['reg_pend_appr_msg'])));
         CBTxt::setLanguage($savedLanguage);
     } elseif ($cause == 'SameUserRegistrationAgain') {
         $activate = false;
         $msg = array('emailAdminSubject' => array(), 'emailAdminMessage' => array(), 'emailUserSubject' => array(), 'emailUserMessage' => array());
     } elseif ($user->confirmed && !($user->approved == 1)) {
         $msg = array('emailAdminSubject' => array('sys' => CBTxt::T('UE_REG_ADMIN_PA_SUB', 'ACTION REQUIRED! New user sign up request pending approval')), 'emailAdminMessage' => array('sys' => CBTxt::T('UE_REG_ADMIN_PA_MSG', "A new user has signed up at [SITEURL] and requires approval.\nThis email contains their details\n\nName - [NAME]\nE-mail - [EMAILADDRESS]\nUsername - [USERNAME]\n\n\nPlease do not respond to this message as it is automatically generated and is for informational purposes only.\n")));
         $savedLanguage = CBTxt::setLanguage($user->getUserLanguage());
         $msg['emailUserSubject'] = array('sys' => CBTxt::T(stripslashes($ueConfig['reg_pend_appr_sub'])));
         $msg['emailUserMessage'] = array('sys' => CBTxt::T(stripslashes($ueConfig['reg_pend_appr_msg'])));
         CBTxt::setLanguage($savedLanguage);
     } elseif ($user->confirmed && $user->approved == 1) {
         $msg = array('emailAdminSubject' => array('sys' => CBTxt::T('UE_REG_ADMIN_SUB', 'New user sign up')), 'emailAdminMessage' => array('sys' => CBTxt::T('UE_REG_ADMIN_MSG', "A new user has signed up at [SITEURL].\nThis email contains their details\n\nName - [NAME]\nE-mail - [EMAILADDRESS]\nUsername - [USERNAME]\n\n\nPlease do not respond to this message as it is automatically generated and is for information purposes only.\n")));
         $savedLanguage = CBTxt::setLanguage($user->getUserLanguage());
         $msg['emailUserSubject'] = array('sys' => CBTxt::T(stripslashes($ueConfig['reg_welcome_sub'])));
         $msg['emailUserMessage'] = array('sys' => CBTxt::T(stripslashes($ueConfig['reg_welcome_msg'])));
         CBTxt::setLanguage($savedLanguage);
     }
     $msg['messagesToUser'] = $messagesToUser;
     if ($triggerBeforeActivate) {
         $results = $_PLUGINS->trigger('onBeforeUserActive', array(&$user, $ui, $cause, $mailToAdmins, $mailToUser));
         if ($_PLUGINS->is_errors() && $ui != 0) {
             echo $_PLUGINS->getErrorMSG('<br />');
         }
         foreach ($results as $res) {
             if (is_array($res)) {
                 $activate = $activate && $res['activate'];
                 $mailToAdmins = $mailToAdmins && $res['mailToAdmins'];
                 $mailToUser = $mailToUser && $res['mailToUser'];
                 $showSysMessage = $showSysMessage && $res['showSysMessage'];
                 foreach (array_keys($msg) as $key) {
                     if (isset($res[$key]) && $res[$key]) {
                         array_push($msg[$key], $res[$key]);
                     }
                 }
             }
         }
         if (!($mailToAdmins && $ueConfig['moderatorEmail'] == 1)) {
             unset($msg['emailAdminSubject']['sys']);
             unset($msg['emailAdminMessage']['sys']);
         }
         if (!$mailToUser) {
             unset($msg['emailUserSubject']['sys']);
             unset($msg['emailUserMessage']['sys']);
         }
         if (!$showSysMessage) {
             unset($msg['messagesToUser']['sys']);
         }
     }
     if ($activate) {
         $user->block = 0;
         $user->storeBlock(false);
         $user->removeActivationCode();
     }
     if ($activate) {
         $_PLUGINS->trigger('onUserActive', array(&$user, $ui, $cause, $mailToAdmins, $mailToUser));
         if ($_PLUGINS->is_errors() && $ui != 0) {
             $msg['messagesToUser'] = $_PLUGINS->getErrorMSG('<br />') . $msg['messagesToUser'];
         }
     }
     if (!isset($notificationsSent[$user->id][$user->confirmed][$user->approved][$user->block])) {
         // in case done several times (e.g. plugins), avoid resending messages.
         $cbNotification = new cbNotification();
         if ($ueConfig['moderatorEmail'] && count($msg['emailAdminMessage'])) {
             $pwd = $user->password;
             $user->password = null;
             $cbNotification->sendToModerators(implode(', ', $msg['emailAdminSubject']), $cbNotification->_replaceVariables(implode('\\n\\n', $msg['emailAdminMessage']), $user));
             $user->password = $pwd;
         }
         if (count($msg['emailUserMessage'])) {
             $cbNotification->sendFromSystem($user, implode(', ', $msg['emailUserSubject']), implode('\\n\\n', $msg['emailUserMessage']), true, isset($ueConfig['reg_email_html']) ? (int) $ueConfig['reg_email_html'] : 0);
         }
         $notificationsSent[$user->id][$user->confirmed][$user->approved][$user->block] = true;
     }
     return $msg['messagesToUser'];
 }
Ejemplo n.º 2
0
function confirm( $confirmcode ) {
	global $_CB_database, $_CB_framework, $ueConfig, $_PLUGINS;

	if( $_CB_framework->myId() < 1 ) {
		$unscrambledId						=	moscomprofilerUser::getUserIdFromActivationCode( $confirmcode );
		if ( $unscrambledId ) {
			$cbUser							=	CBuser::getInstance( (int) $unscrambledId );
			if ( $cbUser ) {
				$user						=	$cbUser->getUserData();
				if ( $user && $user->id ) {
					if ( $user->confirmed == 0 ) {
						if ( $user->checkActivationCode( $confirmcode ) ) {
							// THIS is the normal case: user exists, is not yet confirmed, and confirmation code does match:
							$messagesToUser	=	null;
							$confirmed		=	$user->confirmUser( $messagesToUser );
						} else {
							// confirmation code does not match:
							$messagesToUser	=	array( _UE_WRONG_CONFIRMATION_CODE );
							$confirmed		=	false;
						}
					} else {
						// User has already confirmed: show friendly activation messages depending on his state:
						$messagesToUser		=	getActivationMessage( $user, 'UserConfirmation' );
						$confirmed			=	true;
					}

					if ( $confirmed ) {
						// THIS is the normal case: user exists, is not yet confirmed, and confirmation code does match:
						$class				=	'cbconfirmationinfo';
					} else {
						$class				=	'error';
					}
					echo "\n" . '<div class="cbconfirming"><div class="' . $class . '">' . implode( '</div><div class="' . $class . '">', $messagesToUser ) . "</div></div>\n";
					return;
				}
			}
		}
		// this is the error case where the URL is simply not right:
		cbNotAuth();
		return;
	} else {
		// this is the case where the user is already logged in (mostly test-cases):
		echo '<div class="error">' . _UE_NOT_AUTHORIZED." :<br /><br />"._UE_DO_LOGOUT." !</div>";
	}
}
/**
 * Activates a user
 * user plugins must have been loaded
 *
 * @param  moscomprofilerUser  $user
 * @param  int      $ui               1=frontend, 2=backend, 0=no UI: machine-machine UI
 * @param  string   $cause            (one of: 'UserRegistration', 'UserConfirmation', 'UserApproval', 'NewUser', 'UpdateUser')
 * @param  boolean  $mailToAdmins     true if the standard new-user email should be sent to admins if moderator emails are enabled
 * @param  boolean  $mailToUser       true if the welcome new user email (from CB config) should be sent to the new user
 * @param  boolean  $triggerBeforeActivate
 * @return array of string          texts to display
 */
function activateUser(&$user, $ui, $cause, $mailToAdmins = true, $mailToUser = true, $triggerBeforeActivate = true)
{
    global $_CB_database, $ueConfig, $_PLUGINS;
    static $notificationsSent = array();
    $activate = $user->confirmed && $user->approved == 1;
    $showSysMessage = true;
    $messagesToUser = getActivationMessage($user, $cause);
    if ($cause == 'UserConfirmation' && $user->approved == 0) {
        $activate = false;
        $msg = array('emailAdminSubject' => array('sys' => _UE_REG_ADMIN_PA_SUB), 'emailAdminMessage' => array('sys' => _UE_REG_ADMIN_PA_MSG), 'emailUserSubject' => array(), 'emailUserMessage' => array());
    } elseif ($user->confirmed == 0) {
        $msg = array('emailAdminSubject' => array(), 'emailAdminMessage' => array(), 'emailUserSubject' => array('sys' => getLangDefinition(stripslashes($ueConfig['reg_pend_appr_sub']))), 'emailUserMessage' => array('sys' => getLangDefinition(stripslashes($ueConfig['reg_pend_appr_msg']))));
    } elseif ($cause == 'SameUserRegistrationAgain') {
        $activate = false;
        $msg = array('emailAdminSubject' => array(), 'emailAdminMessage' => array(), 'emailUserSubject' => array(), 'emailUserMessage' => array());
    } elseif ($user->confirmed && !($user->approved == 1)) {
        $msg = array('emailAdminSubject' => array('sys' => _UE_REG_ADMIN_PA_SUB), 'emailAdminMessage' => array('sys' => _UE_REG_ADMIN_PA_MSG), 'emailUserSubject' => array('sys' => getLangDefinition(stripslashes($ueConfig['reg_pend_appr_sub']))), 'emailUserMessage' => array('sys' => getLangDefinition(stripslashes($ueConfig['reg_pend_appr_msg']))));
    } elseif ($user->confirmed && $user->approved == 1) {
        $msg = array('emailAdminSubject' => array('sys' => _UE_REG_ADMIN_SUB), 'emailAdminMessage' => array('sys' => _UE_REG_ADMIN_MSG), 'emailUserSubject' => array('sys' => getLangDefinition(stripslashes($ueConfig['reg_welcome_sub']))), 'emailUserMessage' => array('sys' => getLangDefinition(stripslashes($ueConfig['reg_welcome_msg']))));
    }
    $msg['messagesToUser'] = $messagesToUser;
    if ($triggerBeforeActivate) {
        $results = $_PLUGINS->trigger('onBeforeUserActive', array(&$user, $ui, $cause, $mailToAdmins, $mailToUser));
        if ($_PLUGINS->is_errors() && $ui != 0) {
            echo $_PLUGINS->getErrorMSG('<br />');
        }
        foreach ($results as $res) {
            if (is_array($res)) {
                $activate = $activate && $res['activate'];
                $mailToAdmins = $mailToAdmins && $res['mailToAdmins'];
                $mailToUser = $mailToUser && $res['mailToUser'];
                $showSysMessage = $showSysMessage && $res['showSysMessage'];
                foreach (array_keys($msg) as $key) {
                    if (isset($res[$key]) && $res[$key]) {
                        array_push($msg[$key], $res[$key]);
                    }
                }
            }
        }
        if (!($mailToAdmins && $ueConfig['moderatorEmail'] == 1)) {
            unset($msg['emailAdminSubject']['sys']);
            unset($msg['emailAdminMessage']['sys']);
        }
        if (!$mailToUser) {
            unset($msg['emailUserSubject']['sys']);
            unset($msg['emailUserMessage']['sys']);
        }
        if (!$showSysMessage) {
            unset($msg['messagesToUser']['sys']);
        }
    }
    if ($activate) {
        $user->block = 0;
        $user->storeBlock(false);
        $user->removeActivationCode();
    }
    if ($activate) {
        $_PLUGINS->trigger('onUserActive', array(&$user, $ui, $cause, $mailToAdmins, $mailToUser));
        if ($_PLUGINS->is_errors() && $ui != 0) {
            $msg['messagesToUser'] = $_PLUGINS->getErrorMSG('<br />') . $msg['messagesToUser'];
        }
    }
    if (!isset($notificationsSent[$user->id][$user->confirmed][$user->approved][$user->block])) {
        // in case done several times (e.g. plugins), avoid resending messages.
        $cbNotification = new cbNotification();
        if ($ueConfig['moderatorEmail'] && count($msg['emailAdminMessage'])) {
            $pwd = $user->password;
            $user->password = null;
            $cbNotification->sendToModerators(implode(', ', $msg['emailAdminSubject']), $cbNotification->_replaceVariables(implode('\\n\\n', $msg['emailAdminMessage']), $user));
            $user->password = $pwd;
        }
        if (count($msg['emailUserMessage'])) {
            $cbNotification->sendFromSystem($user, implode(', ', $msg['emailUserSubject']), implode('\\n\\n', $msg['emailUserMessage']));
        }
        $notificationsSent[$user->id][$user->confirmed][$user->approved][$user->block] = true;
    }
    return $msg['messagesToUser'];
}
	/**
	 * WARNING: UNCHECKED ACCESS! On purpose unchecked access for M2M operations
	 * Generates the HTML to display for a specific component-like page for the tab. WARNING: unchecked access !
	 * @param  TabTable|null  $tab       the tab database entry
	 * @param  UserTable      $user      the user being displayed
	 * @param  int            $ui        1 for front-end, 2 for back-end
	 * @param  array          $postdata  _POST data for saving edited tab content as generated with getEditTab
	 * @return mixed                     either string HTML for tab content, or false if ErrorMSG generated
	 */
	public function getTabComponent( /** @noinspection PhpUnusedParameterInspection */ $tab, $user, $ui, $postdata ) {
		global $_CB_database, $_CB_framework, $_POST;

		$return								=	'';
		$paid								=	false;

		$oldignoreuserabort = ignore_user_abort(true);

		$allowHumanHtmlOutput				=	true;			// this will be reverted in case of M2M server-to-server notifications

		$act								=	$this->base->_getReqParam( 'act' );
		$actPosted							=	isset($_POST[$this->base->_getPagingParamName('act')]);

		if ( $act === null ) {
			$act							=	$this->base->input( 'act', null, GetterInterface::COMMAND );
			$actPosted						=	$this->base->input( 'post/act', null, GetterInterface::COMMAND ) !== null;
		}

		$post_user_id						=	(int) cbGetParam( $_GET, 'user', 0 );

		if ( $actPosted && ( $post_user_id > 0 ) ) {
			$access							=	false;
			$myId							=	$_CB_framework->myId();
			if ( is_object( $user ) ) {
				if ( $myId == 0 ) {
					if ( in_array( $act, array( 'saveeditinvoiceaddress', 'saveeditbasketintegration', 'showbskt' ) ) ) {
						$access				=	true;
					} else {
						$paidsubsManager	=&	cbpaidSubscriptionsMgr::getInstance();
						if ( ! $paidsubsManager->checkExpireMe( __FUNCTION__, $user->id, false ) ) {
							// expired subscriptions: we will allow limited access to:
							if ( in_array( $act, array( 'upgrade', 'pay', 'reactivate', 'resubscribe', 'display_subscriptions' ) ) ) {
								$access		=	true;
							}
						}
					}
				} else {
					if ( ( $ui == 1 && ( $user->id == $myId ) )
						||	 ( cbpaidApp::authoriseAction( 'cbsubs.usersubscriptionmanage' ) ) ) {
						$access				=	true;
					}
				}
			} else {
				$return						=	CBPTXT::T("User does not exist") . '.';
			}
			if ( ! $access ) {
				$return						.=	'<br />' . CBPTXT::T("Not authorized action") . '.';
				return $return;
			}

			cbSpoofCheck( 'plugin' );		// anti-spoofing check


			// renew or upgrade subscription payment form:
			$params							=	$this->params;
			$now							=	$_CB_framework->now();
			$subscriptionsGUI				=	new cbpaidControllerUI();
			$subscriptionIds				=	$subscriptionsGUI->getEditPostedBoxes( 'id' );

			if ( $subscriptionIds == array( 0 ) ) {
				$subscriptionIds			=	array();
			}
			if ( $post_user_id && ( $user->id == $post_user_id ) ) {
				outputCbTemplate();
				$this->base->outputRegTemplate();
				outputCbJs();
				switch ( $act ) {
					case 'upgrade':		// upgrade an existing subscription
						// display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present:
						$chosenPlans		=	$subscriptionsGUI->getAndCheckChosenUpgradePlans( $postdata, $user, $now );
						if ( ( ! is_array( $chosenPlans ) ) || ( count( $chosenPlans ) == 0 ) ) {
							$subTxt			=	CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) );
							$return			.=	( is_string( $chosenPlans ) ? $chosenPlans . '<br />' : '' )
								.	sprintf( CBPTXT::Th("Please press back button and select the %s plan to which you would like to upgrade."), $subTxt );
							break;
						}
						$introText			=	CBPTXT::Th( $params->get( 'intro_text_upgrade', null ) );
						//TBD: check if already exists (reload protection):
						$paymentBasket		=	cbpaidControllerOrder::createSubscriptionsAndPayment( $user, $chosenPlans, $postdata, $subscriptionIds, null, 'R', CBPTXT::T("Upgrade"), 'U' );
						if ( is_object( $paymentBasket ) ) {
							$return			=	cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
						} else {
							$return			=	$paymentBasket;		// show messages as nothing to pay.
						}
						break;
					case 'pay':			// pay for an unpaid subscription
						// display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present:
						$plan				=	$this->base->_getReqParam( 'plan' );
						if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) {
							$subTxt			=	CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) );
							$return			.=	sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt );
							break;
						}
						$plansMgr			=&	cbpaidPlansMgr::getInstance();
						$chosenPlans		=	array();
						$chosenPlans[(int) $plan]		=	$plansMgr->loadPlan( (int) $plan );
						$introText			=	CBPTXT::Th( $params->get( 'intro_text', null ) );
						$paymentStatus		=	null;
						$return				=	cbpaidControllerOrder::showPaymentForm( $user, $chosenPlans, $introText, $subscriptionIds, $paymentStatus );
						break;
					case 'renew':		// renew a still valid subscription
					case 'reactivate':	// reactivate an expired subscription
					case 'resubscribe':	// resubscribe a cancelled subscription
						// display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present:
						$plan				=	$this->base->_getReqParam( 'plan' );
						if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) {
							$subTxt			=	CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) );
							$return			.=	sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt );
							break;
						}
						$plansMgr			=&	cbpaidPlansMgr::getInstance();
						$chosenPlans		=	array();
						$chosenPlans[(int) $plan]		=	$plansMgr->loadPlan( (int) $plan );

						$paidSomethingMgr	=&	cbpaidSomethingMgr::getInstance();
						$subscription		=	$paidSomethingMgr->loadSomething( $subscriptionIds[$plan][0], $subscriptionIds[$plan][1] );
						global $_PLUGINS;
						$_PLUGINS->loadPluginGroup( 'user', 'cbsubs.' );
						$_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin');
						$_PLUGINS->trigger( 'onCPayAfterPlanRenewalSelected', array( &$chosenPlans[(int) $plan], &$subscription, $act ) );
						if ( $_PLUGINS->is_errors() ) {
							$return			.=	$_PLUGINS->getErrorMSG();
							break;
						}

						$introText			=	CBPTXT::Th( $params->get( 'intro_text_renew', null ) );
						//TBD: check if already exists (reload protection):
						$paymentBasket		=	cbpaidControllerOrder::createSubscriptionsAndPayment( $user, $chosenPlans, $postdata, $subscriptionIds, null, null, CBPTXT::T("Renew"), 'R' );
						if ( is_object( $paymentBasket ) ) {
							$return			=	cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
						} else {
							$return			=	$paymentBasket;		// show messages as nothing to pay.
						}
						break;
					case 'unsubscribe':	// request to unsubscribe an active subscription
						// display unsubscribe confirmation form:
						$plan				=	$this->base->_getReqParam( 'plan' );
						if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) {
							$subTxt			=	CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) );
							$return			.=	sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt );
							break;
						}
						$introText			=	CBPTXT::Th( $params->get( 'unsubscribe_intro_text' , null ) );
						$return				=	$subscriptionsGUI->showUnsubscribeForm( $user, $introText, (int) $plan, (int) $subscriptionIds[$plan][1] );

						break;
					case 'confirm_unsubscribe':	// confirm previous request to unsubscribe an active subscription
						// unsubscribe confirmed:
						$plan				=	$this->base->_getReqParam( 'plan' );
						if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) {
							$subTxt			=	CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) );
							$return			.=	sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt );
							break;
						}
						if ( ( $plan ) && ( count( $subscriptionIds ) == 1 ) ) {
							$unsubscribeConfText =	CBPTXT::Th( $params->get( 'unsubscribe_confirmation_text', null ) );
							$return			=	cbpaidControllerOrder::doUnsubscribeConfirm( $user, $unsubscribeConfText, (int) $plan, (int) $subscriptionIds[$plan][1] );
						}
						break;
					case 'display_subscriptions':
						// unsubscribe cancelled: display subscriptions:
						$return				=	$this->base->displayUserTab( $user );
						break;
					case 'showinvoice':
						// shows a particular user invoice:
						if ( $params->get( 'show_invoices', 1 ) ) {
							$invoiceNo		=	$this->base->_getReqParam( 'invoice' );
							$return			=	$this->showInvoice( $invoiceNo, $user );
						}
						break;
					case 'saveeditinvoiceaddress':
					case 'editinvoiceaddress':		// this is the case of reload of invoicing address
						$invoicingAddressQuery		=	$params->get( 'invoicing_address_query' );
						if ( $invoicingAddressQuery > 0 ) {
							$basketId				=	$this->base->_getReqParam( 'basket', 0 );
							$hashToCheck			=	$this->base->_getReqParam( 'bck' );
							$paymentBasket			=	new cbpaidPaymentBasket( $_CB_database );
							if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) {
								if ( ( $act == 'saveeditinvoiceaddress' ) && $this->base->input( 'actbutton', null, GetterInterface::COMMAND ) ) {				// IE7-8 will return text instead of value and IE6 will return button all the time http://www.dev-archive.net/articles/forms/multiple-submit-buttons.html
									$return			=	$paymentBasket->saveInvoicingAddressForm( $user );
									if ( $return === null ) {
										$paymentBasket->storeInvoicingDefaultAddress();
										$introText	=	CBPTXT::Th( $params->get( 'intro_text', null ) );
										$return		.=	cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
									}
								} else {
									// invoice has reloaded itself (e.g. for country change):
									$return			=	$paymentBasket->renderInvoicingAddressForm( $user );
								}
							} else {
								$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
							}
						} else {
							$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
						}

						break;
					case 'saverecordpayment':
					case 'editrecordpayment':		// this is the case of reload of the form
						$basketId				=	$this->base->_getReqParam( 'basket', 0 );
						$hashToCheck			=	$this->base->_getReqParam( 'bck' );
						$paymentBasket			=	new cbpaidPaymentBasket( $_CB_database );
						if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status != 'Completed' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) {
							if ( $paymentBasket->authoriseAction( 'cbsubs.recordpayments' ) ) {
								if ( ( $act == 'saverecordpayment' ) && $this->base->input( 'actbutton', null, GetterInterface::COMMAND ) ) {				// IE7-8 will return text instead of value and IE6 will return button all the time http://www.dev-archive.net/articles/forms/multiple-submit-buttons.html
									$return			=	cbpaidRecordBasketPayment::saveRecordPayment( $paymentBasket->id );
									if ( $return === null ) {
										$return		.=	CBPTXT::T("Payment recorded.")
											.	' <a href="' . $_CB_framework->userProfileUrl( $paymentBasket->user_id, true ) . '">'
											.	CBPTXT::Th("View user profile")
											.	'</a>';
									}
								} else {
									// invoice has reloaded itself (e.g. for country change):
									$return			=	cbpaidRecordBasketPayment::displayRecordPaymentForm( $paymentBasket->id );
								}
							} else {
								$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
							}
						} else {
							$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
						}

						break;

					default:
						cbNotAuth();
						return '';
						break;
				}
			}

		} elseif ( $this->base->_getReqParam( 'account' ) && ( ( (int) cbGetParam( $_GET, 'user', 0 ) ) > 0 ) ) {

			$account					=	$this->base->_getReqParam( 'account' );
			$post_user_id				=	(int) cbGetParam( $_GET, 'user', 0 );
			$user						=	CBuser::getUserDataInstance( (int) $post_user_id );
			if ( $user->id ) {
				if ( isset( $_SESSION['cbsubs']['expireduser'] ) && ( $_SESSION['cbsubs']['expireduser'] == $user->id ) ) {
					// expired subscriptions of membership: show possibilities:
					$subscriptionsGUI		=	new cbpaidControllerUI();

					outputCbTemplate();
					$this->base->outputRegTemplate();
					outputCbJs();

					switch ( $account ) {
						case 'expired':
							$paidsubsManager		=&	cbpaidSubscriptionsMgr::getInstance();
							if ( ! $paidsubsManager->checkExpireMe( __FUNCTION__, $user->id, false ) ) {
								// no valid membership:
								$return				=	$subscriptionsGUI->getShowSubscriptionUpgrades( $user, true );
							}

							break;
						default:
							break;
					}
				} else {
					$return					=	CBPTXT::Th("Browser cookies must be enabled.");
				}
			}

		} elseif ( in_array( $act, array( 'setbsktpmtmeth', 'setbsktcurrency' ) ) ) {

			cbSpoofCheck( 'plugin' );		// anti-spoofing check
			$params							=	$this->params;
			outputCbTemplate();
			$this->base->outputRegTemplate();
			outputCbJs();

			$basketId				=	$this->base->_getReqParam( 'bskt', 0 );
			$hashToCheck			=	$this->base->_getReqParam( 'bck' );

			$paymentBasket			=	new cbpaidPaymentBasket( $_CB_database );
			if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) {

				switch ( $act ) {
					case 'setbsktpmtmeth':
						if ( $params->get( 'payment_method_selection_type' ) == 'radios' ) {
							$chosenPaymentMethod	=	cbGetParam( $_POST, 'payment_method' );
							$introText				=	CBPTXT::Th( $params->get( 'intro_text', null ) );
							$return					=	$paymentBasket->saveBasketPaymentMethodForm( $user, $introText, $chosenPaymentMethod );
							if ( $return === null ) {
								$return				.=	cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
							}
						} else {
							$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
						}
						break;

					case 'setbsktcurrency':
						if ( $params->get( 'allow_select_currency', '0' ) ) {
							$newCurrency			=	cbGetParam( $_POST, 'currency' );
							if ( $newCurrency ) {
								if ( in_array( $newCurrency, cbpaidControllerPaychoices::getInstance()->getAllCurrencies() ) ) {
									$paymentBasket->changeCurrency( $newCurrency );
								} else {
									$this->base->_setErrorMSG( CBPTXT::T("This currency is not allowed") );
								}
								$introText			=	CBPTXT::Th( $params->get( 'intro_text', null ) );
								$return				.=	cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
							} else {
								$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
							}
						} else {
							$this->base->_setErrorMSG( CBPTXT::T("Changes of currency of orders are not authorized") );
						}
						break;

					default:
						cbNotAuth();
						return '';
						break;
				}

			} else {
				$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
			}

		} elseif ( $act == 'cbsubsclass' ) {

			$pluginName						=	$this->base->_getReqParam( 'class' );
			if ( preg_match( '/^[a-z]+$/', $pluginName ) ) {
				$element					=	'cbsubs.' . $pluginName;
				global $_PLUGINS;
				$_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin', $element );
				$loadedPlugins				=&	$_PLUGINS->getLoadedPluginGroup( 'user/plug_cbpaidsubscriptions/plugin' );
				$params						=	$this->params;
				foreach ($loadedPlugins as $p ) {
					if ( $p->element == $element ) {
						$pluginId			=	$p->id;
						$args				=	array( &$user, &$params, &$postdata );
						/** @noinspection PhpUndefinedCallbackInspection */
						$return				=	$_PLUGINS->call( $pluginId, 'executeTask', 'getcbsubs' . $pluginName . 'Tab', $args, null );
						break;
					}
				}
			}

		} elseif ( $act && ( ! in_array( $act, array( 'showbskt', 'setbsktpmtmeth' ) ) ) && ( ( (int) cbGetParam( $_GET, 'user', 0 ) ) > 0 ) ) {

			if ( ! is_object( $user ) ) {
				return CBPTXT::T("User does not exist.");
			}

			$params								=	$this->params;

			$post_user_id						=	(int) cbGetParam( $_GET, 'user', 0 );
			if ( $post_user_id && ( ( $user->id == $post_user_id ) || ( cbpaidApp::authoriseAction( 'cbsubs.usersubscriptionmanage' ) ) ) ) {

				outputCbTemplate();
				$this->base->outputRegTemplate();
				outputCbJs();

				switch ( $act ) {
					case 'showinvoice':
						if ( $params->get( 'show_invoices', 1 ) ) {
							$invoiceNo			=	$this->base->_getReqParam( 'invoice', 0 );
							// This also checks for cbpaidApp::authoriseAction on cbsubs.sales or cbsubs.financial access permissions:
							$return				=	$this->showInvoice( $invoiceNo, $user );
						} else {
							$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
						}
						break;
					case 'showinvoiceslist':
						$showInvoices			=	$params->get( 'show_invoices', 1 );
						$invoicesShowPeriod		=	$params->get( 'invoices_show_period', '0000-06-00 00:00:00' );
						$itsmyself				=	( $_CB_framework->myId() == $user->id );
						if ( $showInvoices && ( $itsmyself || ( cbpaidApp::authoriseAction( 'cbsubs.sales' ) || cbpaidApp::authoriseAction( 'cbsubs.financial' ) ) ) ) {
							$subscriptionsGUI	=	new cbpaidControllerUI();
							$invoices			=	$this->_getInvoices( $user, $invoicesShowPeriod, false );

							if ( $invoicesShowPeriod && ( $invoicesShowPeriod != '0000-00-00 00:00:00' ) ) {
								$cbpaidTimes	=&	cbpaidTimes::getInstance();
								$periodText		=	$cbpaidTimes->renderPeriod( $invoicesShowPeriod, 1, false );
							} else {
								$periodText		=	'';
							}
							$return				.=	$subscriptionsGUI->showInvoicesList( $invoices, $user, $itsmyself, $periodText );
						} else {
							$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
						}
						break;
					case 'editinvoiceaddress':			// this is the case of the initial edit address link
						if ( $params->get( 'invoicing_address_query' ) > 0 ) {
							$basketId			=	$this->base->_getReqParam( 'basket', 0 );
							$hashToCheck		=	$this->base->_getReqParam( 'bck' );
							$paymentBasket		=	new cbpaidPaymentBasket( $_CB_database );
							if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) {
								$return			=	$paymentBasket->renderInvoicingAddressForm( $user );
							} else {
								$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
							}
						} else {
							$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
						}
						break;
					case 'showrecordpayment':
						$paymentBasketId		=	$this->base->_getReqParam( 'recordpayment', 0 );
						if ( $paymentBasketId ) {
							$paymentBasket		=	new cbpaidPaymentBasket();
							if ( $paymentBasket->load( (int) $paymentBasketId ) && $paymentBasket->authoriseAction( 'cbsubs.recordpayments' ) ) {
								// Auto-loads class: and authorization is checked inside:
								$return				=	cbpaidRecordBasketPayment::displayRecordPaymentForm( $paymentBasketId );
							} else {
								$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
							}
						} else {
							$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
						}
						break;
					default:
						$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
						break;
				}
			}

		} elseif ( $act == 'showbskt' && ( ( ( (int) cbGetParam( $_GET, 'user', 0 ) ) > 0 ) ) || ( $this->base->_getReqParam( 'bskt', 0 ) && $this->base->_getReqParam( 'bck' ) ) ) {

			$basketId			=	$this->base->_getReqParam( 'bskt', 0 );
			$hashToCheck		=	$this->base->_getReqParam( 'bck' );

			// Basket integrations saving/editing url:
			if ( in_array($act, array( 'saveeditbasketintegration', 'editbasketintegration' ) ) ) {		// edit is the case of edit or reload of integration form
				$integration			=	$this->base->_getReqParam( 'integration' );
				$paymentBasket			=	new cbpaidPaymentBasket( $_CB_database );
				if ( preg_match( '/^[a-z]+$/', $integration ) && $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) {
					global $_PLUGINS;
					$element			=	'cbsubs.' . $integration;
					$_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin', $element );
					$results		=	$_PLUGINS->trigger( 'onCPayEditBasketIntegration', array( $integration, $act, &$paymentBasket ) );
					$return			=	null;
					foreach ( $results as $r ) {
						if ( $r ) {
							$return	.=	$r;
						}
					}
					if ( $act == 'editbasketintegration' ) {
						if ( $return !== null ) {
							return $return;
						}
					}
				} else {
					$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
				}
			}


			$post_user_id							=	(int) cbGetParam( $_GET, 'user', 0 );
			if ( $post_user_id && ! ( ( is_object( $user ) && ( $user->id == $post_user_id ) ) ) ) {
				return CBPTXT::T("User does not exist.");
			}

			outputCbTemplate();
			$this->base->outputRegTemplate();
			outputCbJs();
			$params				=	$this->params;

			$paymentBasket		=	new cbpaidPaymentBasket( $_CB_database );
			if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) ) {
				if ( ! $post_user_id ) {
					$cbUser		=&	CBuser::getInstance( (int) $paymentBasket->user_id );
					$user		=&	$cbUser->getUserData();
					if ( ( ! is_object( $user ) ) || ! $user->id ) {
						return CBPTXT::T("User does not exist.");
					}
				}
				if ( ( $hashToCheck && $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) )
					|| ( ( ! $hashToCheck ) && $paymentBasket->user_id && ( $paymentBasket->user_id == $_CB_framework->myId() ) ) )
				{
					$introText	=	CBPTXT::Th( $params->get( 'intro_text', null ) );
					$return		.=	cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
				} else {
					$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
				}
			} else {
				$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
			}

			//	} elseif ( isset($_REQUEST['result']) && isset( $_REQUEST['user'] ) && ( $_REQUEST['user'] > 0 ) ) {
		} elseif ( isset($_REQUEST['result']) && ( $this->base->_getReqParam('method') || $this->base->_getReqParam('gacctno') ) ) {

			// don't check license here so initiated payments can complete !

			$params				=	$this->params;

			$method				=	$this->base->_getReqParam('method');

			if ( ( $method == 'freetrial' ) || ( $method == 'cancelpay' ) ) {
				cbpaidApp::import( 'processors.freetrial.freetrial' );
				cbpaidApp::import( 'processors.cancelpay.cancelpay' );
				$className		=	'cbpaidGatewayAccount' . $method;
				$payAccount		=	new $className( $_CB_database );
			} else {
				$gateAccount	=	$this->base->_getReqParam('gacctno');

				$payAccount		=	cbpaidControllerPaychoices::getInstance()->getPayAccount( $gateAccount );
				if ( ! $payAccount ) {
					return '';
				}
			}
			$payClass			=	$payAccount->getPayMean();
			$paymentBasket		=	new cbpaidPaymentBasket($_CB_database);

			if ( $payClass && ( ( $this->base->_getReqParam('method') == $payClass->getPayName() ) || ( $this->base->_getReqParam('method') == null ) ) && $payClass->hashPdtBackCheck( $this->base->_getReqParam('pdtback') ) ) {
				// output for resultNotification: $return and $allowHumanHtmlOutput
				$return			=	$payClass->resultNotification( $paymentBasket, $postdata, $allowHumanHtmlOutput );
			}

			if ( ! $paymentBasket->id ) {
				$this->base->_setErrorMSG(CBPTXT::T("No suitable basket found."));
			} else {
				$user			=&	CBuser::getUserDataInstance( (int) $paymentBasket->user_id );

				if ( $paymentBasket->payment_status == 'RegistrationCancelled' ) {
					// registration cancelled: delete payment basket and delete user after checking that he is not yet active:
					if ( $paymentBasket->load( (int) $paymentBasket->id ) ) {
						if ( $payClass->hashPdtBackCheck( $this->base->_getReqParam('pdtback') ) && ( ( $paymentBasket->payment_status == 'NotInitiated' ) || ( ( $paymentBasket->payment_status === 'Pending' ) && ( $paymentBasket->payment_method === 'offline' ) ) ) ) {

							$notification						=	new cbpaidPaymentNotification();
							$notification->initNotification( $payClass, 0, 'P', $paymentBasket->payment_status, $paymentBasket->payment_type, null, $_CB_framework->now(), $paymentBasket->charset );

							$payClass->updatePaymentStatus( $paymentBasket, 'web_accept', 'RegistrationCancelled', $notification, 0, 0, 0, true );

							// This is a notification or a return to site after payment, we want to log any error happening in third-party stuff in case:
							cbpaidErrorHandler::keepTurnedOn();
						}
					}
				}
				if ( $allowHumanHtmlOutput ) {
					// If frontend, we display result, otherwise, If Server-to-server notification: do not display any additional text here !
					switch ( $paymentBasket->payment_status ) {
						case 'Completed':
							// PayPal recommends including the following information with the confirmation:
							// - Item name
							// - Amount paid
							// - Payer email
							// - Shipping address
							$newMsg = sprintf( CBPTXT::Th("Thank you for your payment of %s for the %s %s."), $paymentBasket->renderPrice(),
								$paymentBasket->item_name,
								htmlspecialchars( $payClass->getTxtUsingAccount( $paymentBasket ) ) )		// ' using your paypal account ' . $paymentBasket->payer_email
								. ' ' . $payClass->getTxtNextStep( $paymentBasket );
							// . "Your transaction has been completed, and a receipt for your purchase has been emailed to you by PayPal. "
							// . "You may log into your account at www.paypal.com to view details of this transaction.</p>\n";
							if ( $params->get( 'show_invoices' ) ) {
								$itsmyself			=	( $_CB_framework->myId() == $user->id );
								$subscriptionsGUI	=	new cbpaidControllerUI();
								$newMsg				.=	'<p id="cbregviewinvoicelink">'
									.	$subscriptionsGUI->getInvoiceShowAhtml( $paymentBasket, $user, $itsmyself, CBPTXT::Th("View printable invoice") )
									.	'</p>'
								;
							}
							$paid = true;
							break;
						case 'Pending':
							$newMsg = sprintf( CBPTXT::Th("Thank you for initiating the payment of %s for the %s %s."), $paymentBasket->renderPrice(),
								$paymentBasket->item_name,
								htmlspecialchars( $payClass->getTxtUsingAccount( $paymentBasket ) ) )		// ' using your paypal account ' . $paymentBasket->payer_email
								. ' ' . $payClass->getTxtNextStep( $paymentBasket );
							// . "Your payment is currently being processed. "
							// . "A receipt for your purchase will be emailed to you by PayPal once processing is complete. "
							// . "You may log into your account at www.paypal.com to view status details of this transaction.</p>\n";
							break;
						case 'RegistrationCancelled':
							$newMsg		=	$payClass->getTxtNextStep( $paymentBasket );
							break;
						case 'FreeTrial':
							$newMsg = CBPTXT::Th("Thank you for subscribing to") . ' ' . $paymentBasket->item_name . '.'
								. ' ' . $payClass->getTxtNextStep( $paymentBasket );
							break;
						case null:
							$newMsg	= CBPTXT::T("Payment basket does not exist.");
							break;
						case 'NotInitiated':
							$newMsg	=	'';
							break;
						case 'RedisplayOriginalBasket':
							if ( $paymentBasket->load( (int) $paymentBasket->id ) && ( $paymentBasket->payment_status == 'NotInitiated' ) ) {
								$introText		=	CBPTXT::Th( $params->get( 'intro_text', null ) );
								$return			.=	cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
							}
							$newMsg				=	'';
							break;
						case 'Processed':
						case 'Denied':
						case 'Reversed':
						case 'Refunded':
						case 'Partially-Refunded':
						default:
							$newMsg = $payClass->getTxtNextStep( $paymentBasket );
							// "<p>Your transaction is not cleared and has currently following status: <strong>" . $paymentBasket->payment_status . ".</strong></p>"
							// . "<p>You may log into your account at www.paypal.com to view status details of this transaction.</p>";
							break;
					}

					if ( in_array( $paymentBasket->payment_status, array( 'Completed', 'Pending' ) ) ) {
						$subscriptions = $paymentBasket->getSubscriptions();
						$texts		=	array();			// avoid repeating several times identical texts:
						if ( is_array( $subscriptions ) ) {
							foreach ( $subscriptions as $sub ) {
								/** @var $sub cbpaidSomething */
								$thankYouParam		=	( $paymentBasket->payment_status == 'Completed') ? 'thankyoutextcompleted' : 'thankyoutextpending';
								$thankYouText		=	$sub->getPersonalized( $thankYouParam, true );
								if ( $thankYouText && ! in_array( $thankYouText, $texts ) ) {
									$texts[]		=	$thankYouText;
									if ( strpos( $thankYouText, '<' ) === false ) {
										$msgTag		=	'p';
									} else {
										$msgTag		=	'div';
									}
									$newMsg			.=	'<' . $msgTag . ' class="cbregThanks" id="cbregThanks' . $sub->plan_id . '">' . $thankYouText . '</' . $msgTag . ">\n";
								}
							}
						}
					}
					if ( $newMsg ) {
						$return .= '<div>' . $newMsg . '</div>';
					}

					if ( $paid && ( $_CB_framework->myId() < 1 ) && ( cbGetParam( $_REQUEST, 'user', 0 ) == $paymentBasket->user_id ) ) {
						$_CB_database->setQuery( "SELECT * FROM #__comprofiler c, #__users u WHERE c.id=u.id AND c.id=".(int) $paymentBasket->user_id );
						if ( $_CB_database->loadObject( $user ) && ( $user->lastvisitDate == '0000-00-00 00:00:00' ) ) {
							$return = '<p>' . implode( '', getActivationMessage( $user, 'UserRegistration' ) ) . '</p>' . $return;
						}
					}
				}
			}

		} else {
			cbNotAuth();
			return ' ' . CBPTXT::T("No result.");
		}

		if ( $allowHumanHtmlOutput ) {
			$allErrorMsgs	=	$this->base->getErrorMSG( '</div><div class="error">' );
			if ( $allErrorMsgs ) {
				$errorMsg	=	'<div class="error">' . $allErrorMsgs . '</div>';
			} else {
				$errorMsg	=	null;
			}

			/** @var string $return */
			if ( ( $return == '' ) && ( $errorMsg ) ) {
				$this->base->outputRegTemplate();
				$return		=	$errorMsg . '<br /><br />' . $return;
				$return		.=	cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, '' );
			} else {
				$return		=	$errorMsg . $return;
			}
		}

		if ( ! is_null( $oldignoreuserabort ) ) {
			ignore_user_abort($oldignoreuserabort);
		}

		return $return;
	}
Ejemplo n.º 5
0
function confirm($confirmcode)
{
    global $_CB_framework, $_PLUGINS;
    $_PLUGINS->loadPluginGroup('user');
    $_PLUGINS->trigger('onBeforeUserConfirmationRequest', array());
    if ($_CB_framework->myId() < 1) {
        $unscrambledId = UserTable::getUserIdFromActivationCode($confirmcode);
        if ($unscrambledId) {
            $cbUser = CBuser::getInstance((int) $unscrambledId);
            if ($cbUser) {
                $user = $cbUser->getUserData();
                if ($user && $user->id) {
                    if ($user->confirmed == 0) {
                        if ($user->checkActivationCode($confirmcode)) {
                            // THIS is the normal case: user exists, is not yet confirmed, and confirmation code does match:
                            $messagesToUser = null;
                            $confirmed = $user->confirmUser(1, $messagesToUser);
                        } else {
                            // confirmation code does not match:
                            $messagesToUser = array(CBTxt::Th('UE_WRONG_CONFIRMATION_CODE', 'Wrong confirmation code. Please check your Email and spambox.'));
                            $confirmed = false;
                        }
                    } else {
                        // User has already confirmed: show friendly activation messages depending on his state:
                        $messagesToUser = getActivationMessage($user, 'UserConfirmation');
                        $confirmed = true;
                    }
                    if ($confirmed) {
                        // THIS is the normal case: user exists, is not yet confirmed, and confirmation code does match:
                        $class = 'info';
                    } else {
                        $class = 'error';
                    }
                    $_PLUGINS->trigger('onAfterUserConfirmation', array(&$user, $confirmcode, $confirmed, &$class, &$messagesToUser));
                    $return = '<div class="cbUserConfirmation cb_template cb_template_' . selectTemplate('dir') . '">' . '<div class="' . htmlspecialchars($class) . '">' . implode('</div><div class="' . htmlspecialchars($class) . '">', $messagesToUser) . '</div>' . '</div>';
                    echo $return;
                    return;
                }
            }
        }
        // this is the error case where the URL is simply not right:
        cbNotAuth(true);
        return;
    } else {
        $_CB_framework->enqueueMessage(CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!') . ' ' . CBTxt::Th('UE_DO_LOGOUT', 'You need to logout.'), 'error');
    }
}