/**
* Direct access to field for custom operations, like for Ajax
*
* WARNING: direct unchecked access, except if $user is set, then check well for the $reason ...
*
* @param FieldTable $field
* @param UserTable $user
* @param array $postdata
* @param string $reason 'profile' for user profile view, 'edit' for profile edit, 'register' for registration, 'search' for searches
* @return string Expected output.
*/
public function fieldClass(&$field, &$user, &$postdata, $reason)
{
global $_CB_framework;
// simple spoof check security
if (!cbSpoofCheck('fieldclass', 'POST', 2) || $reason == 'register' && $_CB_framework->getUi() == 1 && !cbRegAntiSpamCheck(2)) {
echo '<div class="alert alert-danger">' . CBTxt::Th('UE_SESSION_EXPIRED', 'Session expired or cookies are not enabled in your browser. Please press "reload page" in your browser, and enable cookies in your browser.') . "</div>";
exit;
}
return false;
}
function _cbadmin_emailUsers( &$rows, $emailSubject, $emailBody, $limitstart, $limit, $total, $simulationMode ) {
global $_PLUGINS;
// simple spoof check security
cbSpoofCheck( 'cbadmingui' );
cbRegAntiSpamCheck();
$cbNotification = new cbNotification();
$mode = 1; // html
$usernames = '';
foreach ( $rows as $row ) {
$user = CBuser::getUserDataInstance( (int) $row->id );
$usernames .= ( $usernames ? ', ' : '' ) . htmlspecialchars( $user->username );
if ( $simulationMode ) {
$usernames .= ' (' . htmlspecialchars( CBTxt::T('email not send: simulation mode') ) . ')';
} else {
$extraStrings = array();
$_PLUGINS->trigger( 'onBeforeBackendUserEmail', array( &$user, &$emailSubject, &$emailBody, $mode, &$extraStrings, $simulationMode ) );
if ( ! $cbNotification->sendFromSystem( $user, $emailSubject, $this->_cbadmin_makeLinksAbsolute( $emailBody ), true, $mode, null, null, null, $extraStrings, false ) ) {
$usernames .= ': <span class="cb_result_error">' . htmlspecialchars( CBTxt::T('Error sending email!') ) . '</span>';
}
}
}
if ( $total < $limit ) {
$limit = $total;
}
ob_start();
$usersView = _CBloadView( 'users' );
$usersView->ajaxResults( $usernames, $emailSubject, $this->_cbadmin_makeLinksAbsolute( $emailBody ), $limitstart, $limit, $total );
$html = ob_get_contents();
ob_end_clean();
$reply = array( 'result' => 1,
'htmlcontent' => $html );
if ( ! ( $total - ( $limitstart + $limit ) > 0 ) ) {
$reply['result'] = 2;
}
echo json_encode( $reply );
sleep(3);
}
/**
* Direct access to field for custom operations, like for Ajax
*
* WARNING: direct unchecked access, except if $user is set, then check well for the $reason ...
*
* @param moscomprofilerFields $field
* @param moscomprofilerUser $user
* @param array $postdata
* @param string $reason 'profile' for user profile view, 'edit' for profile edit, 'register' for registration, 'search' for searches
* @return string Expected output.
*/
function fieldClass(&$field, &$user, &$postdata, $reason)
{
global $_CB_framework;
// simple spoof check security
if (!cbSpoofCheck('fieldclass', 'POST', 2) || $reason == 'register' && $_CB_framework->getUi() == 1 && !cbRegAntiSpamCheck(2)) {
echo '<span class="cb_result_error">' . _UE_SESSION_EXPIRED . "</span>";
exit;
}
return false;
}
/**
* Ajax function: Checks the availability of a username for registration and echoes a text containing the result of username search.
*
* @param string $username
*/
function performCheckEmail( $email, $function ) {
global $_CB_framework, $_CB_database, $ueConfig;
if ( ( ! isset( $ueConfig['reg_email_checker'] ) ) || ( ! $ueConfig['reg_email_checker'] ) ) {
echo ISOtoUtf8( _UE_NOT_AUTHORIZED );
exit();
}
// simple spoof check security
if ( ( ! cbSpoofCheck( 'registerForm', 'POST', 2 ) ) || ( ! cbRegAntiSpamCheck( 2 ) ) ) {
echo '<span class="cb_result_error">' . ISOtoUtf8( _UE_SESSION_EXPIRED ) . "</span>";
exit;
}
$email = stripslashes( $email );
$emailISO = utf8ToISO( $email ); // ajax sends in utf8, we need to convert back to the site's encoding.
if ( $ueConfig['reg_email_checker'] > 1 ) {
if ( $_CB_database->isDbCollationCaseInsensitive() ) {
$query = "SELECT COUNT(*) AS result FROM #__users WHERE email = " . $_CB_database->Quote( ( trim( $emailISO ) ) );
} else {
$query = "SELECT COUNT(*) AS result FROM #__users WHERE LOWER(email) = " . $_CB_database->Quote( ( strtolower( trim( $emailISO ) ) ) );
}
$_CB_database->setQuery($query);
$dataObj = null;
if ( $_CB_database->loadObject( $dataObj ) ) {
if ( $function == 'testexists' ) {
if ( $dataObj->result ) {
echo '<span class="cb_result_ok">' . sprintf( ISOtoUtf8( _UE_EMAIL_EXISTS_ON_SITE ), htmlspecialchars( $email ) ) . "</span>";
return;
} else {
echo '<span class="cb_result_error">' . sprintf( ISOtoUtf8( _UE_EMAIL_DOES_NOT_EXISTS_ON_SITE ), htmlspecialchars( $email ) ) . "</span>";
return;
}
} else {
if ( $dataObj->result ) {
echo '<span class="cb_result_error">' . sprintf( ISOtoUtf8( _UE_EMAIL_ALREADY_REGISTERED ), htmlspecialchars( $email ) ) . "</span>";
return;
}
}
}
}
if ( $function == 'testexists' ) {
echo ISOtoUtf8( _UE_NOT_AUTHORIZED );
return;
} else {
$checkResult = cbCheckMail( $_CB_framework->getCfg( 'mailfrom' ), $email );
}
switch ( $checkResult ) {
case -2:
echo '<span class="cb_result_error">' . sprintf( ISOtoUtf8( _UE_EMAIL_NOVALID ), htmlspecialchars( $email ) ) . "</span>";
break;
case -1:
echo '<span class="cb_result_warning">' . sprintf( ISOtoUtf8( _UE_EMAIL_COULD_NOT_CHECK ), htmlspecialchars( $email ) ) . "</span>";
break;
case 0:
if ( $ueConfig['reg_confirmation'] == 0 ) {
echo '<span class="cb_result_error">' . sprintf( ISOtoUtf8( _UE_EMAIL_INCORRECT_CHECK ), htmlspecialchars( $email ) ) . "</span>";
} else {
echo '<span class="cb_result_error">' . sprintf( ISOtoUtf8( _UE_EMAIL_INCORRECT_CHECK_NEEDED ), htmlspecialchars( $email ) ) . "</span>";
}
break;
case 1:
echo '<span class="cb_result_ok">' . sprintf( ISOtoUtf8( _UE_EMAIL_VERIFIED ), htmlspecialchars( $email ) ) . "</span>";
break;
default:
echo '<span class="cb_result_error">performCheckEmail:: Unexpected cbCheckMail result.</span>';
break;
}
}
/**
* Outputs legacy user mass mailer and user reconfirm email display
*
* @param string $option
* @param string $task
* @param int[] $cid
* @return bool
* @deprecated 2.0
*/
public function showUsers($option, $task, $cid)
{
global $_CB_framework, $_CB_database, $ueConfig, $_PLUGINS;
cbimport('language.all');
cbimport('cb.tabs');
cbimport('cb.params');
cbimport('cb.pagination');
cbimport('cb.lists');
// We just need the user rows as we've already filtered down the IDs in user management:
$query = 'SELECT *' . "\n FROM " . $_CB_database->NameQuote('#__comprofiler') . " AS c" . "\n INNER JOIN " . $_CB_database->NameQuote('#__users') . " AS u" . ' ON u.' . $_CB_database->NameQuote('id') . ' = c.' . $_CB_database->NameQuote('id') . "\n WHERE u." . $_CB_database->NameQuote('id') . " IN ( " . implode(', ', cbArrayToInts($cid)) . " )";
$_CB_database->setQuery($query);
$rows = $_CB_database->loadObjectList(null, '\\CB\\Database\\Table\\UserTable', array($_CB_database));
$total = count($rows);
if ($task == 'resendconfirmationemails') {
if (!$rows) {
cbRedirect($_CB_framework->backendViewUrl('showusers', false), CBTxt::T('SELECT_A_ROW_TO_TASK', 'Select a row to [task]', array('[task]' => $task)), 'error');
}
$count = 0;
/** @var UserTable[] $rows */
foreach ($rows as $row) {
if ($row->confirmed == 0) {
if ($row->cbactivation == '') {
// Generate a new confirmation code if the user doesn't have one (requires email confirmation to be enabled):
$row->store();
}
$cbNotification = new cbNotification();
$cbNotification->sendFromSystem($row->id, CBTxt::T($ueConfig['reg_pend_appr_sub']), CBTxt::T($ueConfig['reg_pend_appr_msg']), true, isset($ueConfig['reg_email_html']) ? (int) $ueConfig['reg_email_html'] : 0);
++$count;
}
}
cbRedirect($_CB_framework->backendViewUrl('showusers', false), CBTxt::T('SENT_CONFIRMATION_EMAILS_TO_NUM_USERS_USERS', 'Sent confirmation emails to [NUM_USERS] users', array('[NUM_USERS]' => $count)));
} else {
$emailSubject = stripslashes(cbGetParam($_POST, 'emailsubject', ''));
$emailBody = stripslashes(rawurldecode(cbGetParam($_POST, 'emailbody', '', _CB_ALLOWRAW | _CB_NOTRIM)));
$emailAttach = stripslashes(cbGetParam($_POST, 'emailattach', ''));
$emailsPerBatch = stripslashes(cbGetParam($_POST, 'emailsperbatch', 50));
$emailsBatch = stripslashes(cbGetParam($_POST, 'emailsbatch', 0));
$emailFromName = stripslashes(cbGetParam($_POST, 'emailfromname', ''));
$emailFromAddr = stripslashes(cbGetParam($_POST, 'emailfromaddr', ''));
$emailReplyName = stripslashes(cbGetParam($_POST, 'emailreplyname', ''));
$emailReplyAddr = stripslashes(cbGetParam($_POST, 'emailreplyaddr', ''));
$emailPause = stripslashes(cbGetParam($_POST, 'emailpause', 30));
$simulationMode = stripslashes(cbGetParam($_POST, 'simulationmode', ''));
// B/C trigger variables:
if (count($cid) > 0 && count($cid) < $total) {
$total = count($cid);
}
$pageNav = new cbPageNav($total, 0, 10);
$search = '';
$lists = array();
$inputTextExtras = null;
$select_tag_attribs = null;
if ($task == 'emailusers') {
if (!$rows) {
cbRedirect($_CB_framework->backendViewUrl('showusers', false), CBTxt::T('SELECT_A_ROW_TO_TASK', 'Select a row to [task]', array('[task]' => $task)), 'error');
}
$pluginRows = $_PLUGINS->trigger('onBeforeBackendUsersEmailForm', array(&$rows, &$pageNav, &$search, &$lists, &$cid, &$emailSubject, &$emailBody, &$inputTextExtras, &$select_tag_attribs, $simulationMode, $option, &$emailAttach, &$emailFromName, &$emailFromAddr, &$emailReplyName, &$emailReplyAddr));
$usersView = _CBloadView('users');
/** @var CBView_users $usersView */
$usersView->emailUsers($rows, $emailSubject, $emailBody, $emailAttach, $emailFromName, $emailFromAddr, $emailReplyName, $emailReplyAddr, $emailsPerBatch, $emailsBatch, $emailPause, $simulationMode, $pluginRows);
} elseif ($task == 'startemailusers') {
$pluginRows = $_PLUGINS->trigger('onBeforeBackendUsersEmailStart', array(&$rows, $total, $search, $lists, $cid, &$emailSubject, &$emailBody, &$inputTextExtras, $simulationMode, $option, &$emailAttach, &$emailFromName, &$emailFromAddr, &$emailReplyName, &$emailReplyAddr));
$usersView = _CBloadView('users');
/** @var CBView_users $usersView */
$usersView->startEmailUsers($rows, $emailSubject, $emailBody, $emailAttach, $emailFromName, $emailFromAddr, $emailReplyName, $emailReplyAddr, $emailsPerBatch, $emailsBatch, $emailPause, $simulationMode, $pluginRows);
} elseif ($task == 'ajaxemailusers') {
cbSpoofCheck('cbadmingui');
cbRegAntiSpamCheck();
$cbNotification = new cbNotification();
$mode = 1;
// html
$errors = 0;
$success = array();
$failed = array();
$users = array_slice($rows, $emailsBatch, $emailsPerBatch);
if ($simulationMode) {
$success = array('<div class="alert alert-info">' . CBTxt::T('Emails do not send in simulation mode') . '</div>');
} else {
foreach ($users as $user) {
$extraStrings = array();
$_PLUGINS->trigger('onBeforeBackendUserEmail', array(&$user, &$emailSubject, &$emailBody, $mode, &$extraStrings, $simulationMode, &$emailAttach, &$emailFromName, &$emailFromAddr, &$emailReplyName, &$emailReplyAddr));
$attachments = cbReplaceVars($emailAttach, $user, $mode, true, $extraStrings);
if ($attachments) {
$attachments = preg_split(' *, *', $attachments);
} else {
$attachments = null;
}
if (!$cbNotification->sendFromSystem($user, $emailSubject, $this->makeLinksAbsolute($emailBody), true, $mode, null, null, $attachments, $extraStrings, false, $emailFromName, $emailFromAddr, $emailReplyName, $emailReplyAddr)) {
$failed[] = '<div class="alert alert-danger">' . '<strong>' . htmlspecialchars($user->name . ' <' . $user->email . '>') . '</strong>: ' . CBTxt::Th('ERROR_SENDING_EMAIL_ERRORMSG', 'Error sending email: [ERROR_MSG]', array('[ERROR_MSG]' => $cbNotification->errorMSG)) . '</div>';
++$errors;
} else {
$success[] = htmlspecialchars($user->name . ' <' . $user->email . '>');
}
}
}
$usernames = implode(', ', $success) . implode('', $failed);
if ($total < $emailsPerBatch) {
$limit = $total;
} else {
$limit = $emailsPerBatch;
}
ob_start();
$usersView = _CBloadView('users');
/** @var CBView_users $usersView */
$usersView->ajaxResults($usernames, $emailSubject, $this->makeLinksAbsolute($emailBody), $emailAttach, $emailFromName, $emailFromAddr, $emailReplyName, $emailReplyAddr, $emailsBatch, $limit, $total, $errors);
$html = ob_get_contents();
ob_end_clean();
$reply = array('result' => 1, 'htmlcontent' => $html);
if (!($total - ((int) $emailsBatch + (int) $emailsPerBatch) > 0)) {
$reply['result'] = 2;
}
echo json_encode($reply);
}
}
}
/**
* Ajax function: Checks the availability of a username for registration and echoes a text containing the result of username search.
*
* @deprecated 2.0.0 use cbValidator::getRuleHtmlAttributes instead
*
* @param string $email
* @param string $function
*/
function performCheckEmail($email, $function)
{
global $_CB_framework, $_CB_database, $ueConfig;
$field = new \CB\Database\Table\FieldTable();
$field->load(array('name' => 'email'));
$field->params = new \CBLib\Registry\Registry($field->params);
if (!$field->params->get('field_check_email', 0)) {
echo CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!');
exit;
}
// simple spoof check security
if (!cbSpoofCheck('registerForm', 'POST', 2) || !cbRegAntiSpamCheck(2)) {
echo '<div class="alert alert-danger">' . CBTxt::Th('UE_SESSION_EXPIRED', 'Session expired or cookies are not enabled in your browser. Please press "reload page" in your browser, and enable cookies in your browser.') . "</div>";
exit;
}
$email = stripslashes($email);
$emailISO = $email;
// ajax sends in utf8, but no need to change encoding anymore.
if ($field->params->get('field_check_email', 0) > 1) {
if ($_CB_database->isDbCollationCaseInsensitive()) {
$query = "SELECT COUNT(*) AS result FROM #__users WHERE email = " . $_CB_database->Quote(trim($emailISO));
} else {
$query = "SELECT COUNT(*) AS result FROM #__users WHERE LOWER(email) = " . $_CB_database->Quote(strtolower(trim($emailISO)));
}
$_CB_database->setQuery($query);
$dataObj = null;
if ($_CB_database->loadObject($dataObj)) {
/** @var StdClass $dataObj */
if ($function == 'testexists') {
if ($dataObj->result) {
echo '<div class="alert alert-success">' . CBTxt::Th('UE_EMAIL_EXISTS_ON_SITE', "The email '[email]' exists on this site.", array('[email]' => htmlspecialchars($email))) . "</div>";
return;
} else {
echo '<div class="alert alert-danger">' . CBTxt::Th('UE_EMAIL_DOES_NOT_EXISTS_ON_SITE', "The email '[email]' does not exist on this site.", array('[email]' => htmlspecialchars($email))) . "</div>";
return;
}
} else {
if ($dataObj->result) {
echo '<div class="alert alert-danger">' . CBTxt::Th('UE_EMAIL_NOT_AVAILABLE', "The email '[email]' is already in use.", array('[email]' => htmlspecialchars($email))) . "</div>";
return;
}
}
}
}
if ($function == 'testexists') {
echo CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!');
return;
} else {
$checkResult = cbCheckMail($_CB_framework->getCfg('mailfrom'), $email);
}
switch ($checkResult) {
case -2:
// Wrong Format
echo '<span class="alert alert-danger">' . sprintf(CBTxt::Th('UE_EMAIL_NOVALID', 'This is not a valid email address.')), htmlspecialchars($email) . "</span>";
break;
case -1:
// Couldn't Check
break;
case 0:
// Invalid
if ($ueConfig['reg_confirmation'] == 0) {
echo '<span class="alert alert-danger">' . sprintf(CBTxt::Th('UE_EMAIL_INCORRECT_CHECK', 'This email does not accept email: Please check.')), htmlspecialchars($email) . "</span>";
} else {
echo '<span class="alert alert-danger">' . sprintf(CBTxt::Th('UE_EMAIL_INCORRECT_CHECK_NEEDED', 'This address does not accept email: Needed for confirmation.')), htmlspecialchars($email) . "</span>";
}
break;
case 1:
// Valid
echo '<span class="alert alert-success">' . sprintf(CBTxt::Th('UE_EMAIL_VERIFIED', 'This email address seems valid.')), htmlspecialchars($email) . "</span>";
break;
default:
echo '<span class="alert alert-danger">performCheckEmail:: Unexpected cbCheckMail result.</span>';
break;
}
}
