/**
* @param TabTable $tab Current tab
* @param UserTable $user Current user
* @param int $ui 1 front, 2 admin UI
* @param array $postdata Raw unfiltred POST data
* @return string HTML
*/
public function getCBpluginComponent($tab, $user, $ui, $postdata)
{
global $_CB_framework;
outputCbJs(1);
outputCbTemplate(1);
$plugin = cbblogsClass::getPlugin();
$model = cbblogsClass::getModel();
$action = $this->input('action', null, GetterInterface::STRING);
$function = $this->input('func', null, GetterInterface::STRING);
$id = $this->input('id', null, GetterInterface::INT);
$user = CBuser::getUserDataInstance($_CB_framework->myId());
$tab = new TabTable();
$tab->load(array('pluginid' => (int) $plugin->id));
$profileUrl = $_CB_framework->userProfileUrl($user->get('id'), false, 'cbblogsTab');
if (!($tab->enabled && Application::MyUser()->canViewAccessLevel($tab->viewaccesslevel))) {
cbRedirect($profileUrl, CBTxt::T('Not authorized.'), 'error');
}
ob_start();
switch ($action) {
case 'blogs':
switch ($function) {
case 'new':
$this->showBlogEdit(null, $user, $model, $plugin);
break;
case 'edit':
$this->showBlogEdit($id, $user, $model, $plugin);
break;
case 'save':
cbSpoofCheck('plugin');
$this->saveBlogEdit($id, $user, $model, $plugin);
break;
case 'publish':
$this->stateBlog(1, $id, $user, $model, $plugin);
break;
case 'unpublish':
$this->stateBlog(0, $id, $user, $model, $plugin);
break;
case 'delete':
$this->deleteBlog($id, $user, $model, $plugin);
break;
case 'show':
default:
if ($model->type != 2) {
cbRedirect(cbblogsModel::getUrl((int) $id, false));
} else {
$this->showBlog($id, $user, $model, $plugin);
}
break;
}
break;
default:
cbRedirect($profileUrl, CBTxt::T('Not authorized.'), 'error');
break;
}
$html = ob_get_contents();
ob_end_clean();
$class = $plugin->params->get('general_class', null);
$return = '<div id="cbBlogs" class="cbBlogs' . ($class ? ' ' . htmlspecialchars($class) : null) . '">' . '<div id="cbBlogsInner" class="cbBlogsInner">' . $html . '</div>' . '</div>';
echo $return;
}
/**
* @param null $tab
* @param UserTable $user
* @param int $ui
* @param array $postdata
*/
public function getCBpluginComponent($tab, $user, $ui, $postdata)
{
global $_CB_framework, $_PLUGINS, $_CB_PMS;
cbSpoofCheck('plugin');
$id = $this->input('id', null, GetterInterface::INT);
$user = CBuser::getMyUserDataInstance();
if (!$id) {
cbRedirect($_CB_framework->userProfileUrl($user->get('id'), false, 'getmypmsproTab'), CBTxt::T('SEND_PMS_MISSING_TO_USER', 'Private message failed to send! Error: Missing to user'), 'error');
}
$profileUrl = $_CB_framework->userProfileUrl($id, false, 'getmypmsproTab');
if (!$user->get('id')) {
cbRedirect($profileUrl, CBTxt::T('Not authorized.'), 'error');
}
if ($id == $user->get('id')) {
cbRedirect($profileUrl, CBTxt::T('SEND_PMS_ERROR_SELF', 'Private message failed to send! Error: You can not send a private message to your self'), 'error');
}
$tab = new TabTable();
$tab->load(array('pluginclass' => 'getmypmsproTab'));
if (!($tab->enabled && Application::MyUser()->canViewAccessLevel($tab->viewaccesslevel))) {
cbRedirect($profileUrl, CBTxt::T('Not authorized.'), 'error');
}
$subject = $this->input('subject', null, GetterInterface::STRING);
$message = $this->input('message', null, GetterInterface::STRING);
$send = $_CB_PMS->sendPMSMSG($id, $user->get('id'), $subject, $message, false);
if (is_array($send) && count($send) > 0) {
$result = $send[0];
} else {
$result = false;
}
if ($result) {
cbRedirect($profileUrl, CBTxt::T('SEND_PMS_SUCCESS', 'Private message sent successfully!'));
} else {
cbRedirect($profileUrl, $_PLUGINS->getErrorMSG(), 'error');
}
}
/**
* If table key (id) is NULL : inserts a new row
* otherwise updates existing row in the database table
*
* Can be overridden or overloaded by the child class
*
* @param boolean $updateNulls TRUE: null object variables are also updated, FALSE: not.
* @return boolean TRUE if successful otherwise FALSE
*
* @throws \InvalidArgumentException
* @throws \RuntimeException
*/
public function store($updateNulls = false)
{
cbimport('cb.tabs');
cbimport('cb.imgtoolbox');
cbimport('cb.adminfilesystem');
cbimport('cb.installer');
cbimport('cb.params');
cbimport('cb.pagination');
cbSpoofCheck('plugin');
checkCanAdminPlugins('core.admin');
ob_start();
switch ($this->func) {
case 'installPluginUpload':
$success = $this->installPluginUpload();
break;
case 'installPluginDir':
$success = $this->installPluginDir($this->localdirectory);
break;
case 'installPluginURL':
$success = $this->installPluginURL($this->packageurl);
break;
case 'installPluginDisc':
$success = $this->installPluginDisc($this->plgfile);
break;
default:
throw new \InvalidArgumentException(CBTxt::T('INVALID_FUNCTION', 'Invalid function'), 500);
}
$html = ob_get_contents();
ob_end_clean();
$this->_resultMessage = $html;
if (!$success) {
$this->setError('Installation error');
}
return $success;
}
/**
* @param null $tab
* @param UserTable $user
* @param int $ui
* @param array $postdata
*/
public function getCBpluginComponent( $tab, $user, $ui, $postdata )
{
global $_CB_framework;
outputCbJs( 1 );
outputCbTemplate( 1 );
$action = $this->input( 'action', null, GetterInterface::STRING );
$function = $this->input( 'func', null, GetterInterface::STRING );
$id = $this->input( 'id', null, GetterInterface::INT );
$user = CBuser::getMyUserDataInstance();
$profileUrl = $_CB_framework->userProfileUrl( $user->get( 'id' ), false );
if ( ! $user->get( 'id' ) ) {
$profileUrl = 'index.php';
}
ob_start();
switch ( $action ) {
case 'privacy':
switch ( $function ) {
case 'disable':
$this->disableProfile( $id, $user );
break;
case 'disableuser':
cbSpoofCheck( 'plugin' );
$this->disableUser( $id, $user );
break;
case 'delete':
$this->deleteProfile( $id, $user );
break;
case 'deleteuser':
cbSpoofCheck( 'plugin' );
$this->deleteUser( $id, $user );
break;
default:
cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' );
break;
}
break;
default:
cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' );
break;
}
$html = ob_get_contents();
ob_end_clean();
$class = $this->params->get( 'general_class', null );
$return = '<div id="cbPrivacy" class="cbPrivacy' . ( $class ? ' ' . htmlspecialchars( $class ) : null ) . '">'
. '<div id="cbPrivacyInner" class="cbPrivacyInner">'
. $html
. '</div>'
. '</div>';
echo $return;
}
/**
* @param TabTable $tab Current tab
* @param UserTable $user Current user
* @param int $ui 1 front, 2 admin UI
* @param array $postdata Raw unfiltred POST data
* @return string HTML
*/
public function getCBpluginComponent( $tab, $user, $ui, $postdata )
{
$format = $this->input( 'format', null, GetterInterface::STRING );
if ( $format != 'raw' ) {
outputCbJs();
outputCbTemplate();
}
$action = $this->input( 'action', null, GetterInterface::STRING );
$function = $this->input( 'func', null, GetterInterface::STRING );
$id = (int) $this->input( 'id', null, GetterInterface::INT );
$user = CBuser::getMyUserDataInstance();
if ( $format != 'raw' ) {
ob_start();
}
switch ( $action ) {
case 'wall':
switch ( $function ) {
case 'publish':
$this->stateWall( 1, $id, $user );
break;
case 'unpublish':
$this->stateWall( 0, $id, $user );
break;
case 'delete':
$this->deleteWall( $id, $user );
break;
case 'new':
$this->showWallEdit( null, $user );
break;
case 'edit':
$this->showWallEdit( $id, $user );
break;
case 'save':
cbSpoofCheck( 'plugin' );
$this->saveWallEdit( $id, $user );
break;
}
break;
}
if ( $format != 'raw' ) {
$html = ob_get_contents();
ob_end_clean();
$class = $this->_gjParams->get( 'general_class', null );
$return = '<div class="cbGroupJive' . ( $class ? ' ' . htmlspecialchars( $class ) : null ) . '">'
. '<div class="cbGroupJiveInner">'
. $html
. '</div>'
. '</div>';
echo $return;
}
}
/**
* Direct access to field for custom operations, like for Ajax
*
* WARNING: direct unchecked access, except if $user is set, then check well for the $reason ...
*
* @param moscomprofilerFields $field
* @param moscomprofilerUser $user
* @param array $postdata
* @param string $reason 'profile' for user profile view, 'edit' for profile edit, 'register' for registration, 'search' for searches
* @return string Expected output.
*/
function fieldClass(&$field, &$user, &$postdata, $reason)
{
global $_CB_framework;
// simple spoof check security
if (!cbSpoofCheck('fieldclass', 'POST', 2) || $reason == 'register' && $_CB_framework->getUi() == 1 && !cbRegAntiSpamCheck(2)) {
echo '<span class="cb_result_error">' . _UE_SESSION_EXPIRED . "</span>";
exit;
}
return false;
}
/**
* @param null $tab
* @param UserTable $user
* @param int $ui
* @param array $postdata
*/
public function getCBpluginComponent( $tab, $user, $ui, $postdata )
{
global $_CB_framework;
outputCbJs( 1 );
outputCbTemplate( 1 );
$action = $this->input( 'action', null, GetterInterface::STRING );
$function = $this->input( 'func', null, GetterInterface::STRING );
$id = $this->input( 'id', null, GetterInterface::INT );
$user = CBuser::getMyUserDataInstance();
$tab = new TabTable();
$tab->load( array( 'pluginclass' => 'cbinvitesTab' ) );
$profileUrl = $_CB_framework->userProfileUrl( $user->get( 'id' ), false, 'cbinvitesTab' );
if ( ! ( $tab->enabled && Application::MyUser()->canViewAccessLevel( $tab->viewaccesslevel ) ) ) {
cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' );
}
ob_start();
switch ( $action ) {
case 'invites':
switch ( $function ) {
case 'new':
$this->showInviteEdit( null, $user );
break;
case 'edit':
$this->showInviteEdit( $id, $user );
break;
case 'save':
cbSpoofCheck( 'plugin' );
$this->saveInviteEdit( $id, $user );
break;
case 'send':
$this->sendInvite( $id, $user );
break;
case 'delete':
$this->deleteInvite( $id, $user );
break;
case 'show':
default:
cbRedirect( $profileUrl );
break;
}
break;
default:
cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' );
break;
}
$html = ob_get_contents();
ob_end_clean();
$class = $this->params->get( 'general_class', null );
$return = '<div id="cbInvites" class="cbInvites' . ( $class ? ' ' . htmlspecialchars( $class ) : null ) . '">'
. '<div id="cbInvitesInner" class="cbInvitesInner">'
. $html
. '</div>'
. '</div>';
echo $return;
}
/**
* render backend edit plugin view
*
* @param object $row
* @param string $option
* @param string $task
* @param int $uid
* @param string $action
* @param string $element
* @param int $mode
* @param object $pluginParams
*/
public function editPluginView( $row, $option, $task, $uid, $action, $element, $mode, $pluginParams ) {
global $_CB_framework, $_CB_database, $_CB_Backend_Menu, $_CB_Backend_task, $_GJ_Backend_Title, $_PLUGINS;
if ( ! CBuser::getMyInstance()->authoriseAction( 'core.manage' ) ) {
cbRedirect( $_CB_framework->backendUrl( 'index.php' ), _UE_NOT_AUTHORIZED, 'error' );
}
outputCbJs( 2 );
outputCbTemplate( 2 );
$plugin = cbgjClass::getPlugin();
$_CB_framework->document->addHeadStyleSheet( $plugin->livePath . '/admin.' . $plugin->element . '.css' );
require_once( $plugin->absPath . '/admin.' . $plugin->element . '.html.php' );
$_CB_Backend_task = $task;
$_GJ_Backend_Title = array();
$_CB_Backend_Menu->mode = $plugin->element . 'Admin';
$actions = explode( '.', $action );
$action = ( isset( $actions[0] ) ? $actions[0] : null );
$function = ( isset( $actions[1] ) ? $actions[1] : null );
$id = cbGetParam( $_REQUEST, 'id', array( 0 ) );
$order = cbGetParam( $_REQUEST, 'order', array( 0 ) );
$user =& CBuser::getUserDataInstance( $_CB_framework->myId() );
if ( ! is_array( $id ) ) {
$id = array( $id );
}
if ( ! $id ) {
$id = array( 0 );
}
if ( ! is_array( $order ) ) {
$order = array( $order );
}
if ( ! $order ) {
$order = array( 0 );
}
$save_mode = ( $mode == 'applyPlugin' ? 'apply' : $function );
ob_start();
switch ( $action ) {
case 'categories':
switch ( $function ) {
case 'menu':
$this->createCategoryMenu( $id[0], $user, $plugin );
break;
case 'publish':
cbSpoofCheck( 'plugin' );
$this->stateCategory( $id, 1, $user, $plugin );
break;
case 'unpublish':
cbSpoofCheck( 'plugin' );
$this->stateCategory( $id, 0, $user, $plugin );
break;
case 'order':
cbSpoofCheck( 'plugin' );
$this->orderCategory( $id, $order, $user, $plugin );
break;
case 'orderup':
cbSpoofCheck( 'plugin' );
$this->orderCategory( $id[0], -1, $user, $plugin );
break;
case 'orderdown':
cbSpoofCheck( 'plugin' );
$this->orderCategory( $id[0], 1, $user, $plugin );
break;
case 'batch':
$this->batchCategory( $id, $user, $plugin );
break;
case 'copy':
$this->copyCategory( $id, $user, $plugin );
break;
case 'delete':
cbSpoofCheck( 'plugin' );
$this->deleteCategory( $id, $user, $plugin );
break;
case 'new':
$this->showCategoryEdit( null, $user, $plugin );
break;
case 'edit':
$this->showCategoryEdit( $id[0], $user, $plugin );
break;
case 'save':
case 'apply':
cbSpoofCheck( 'plugin' );
$this->saveCategoryEdit( $id[0], $save_mode, $user, $plugin );
break;
case 'show':
default:
$this->showCategories( $user, $plugin );
break;
}
break;
case 'groups':
switch ( $function ) {
case 'menu':
$this->createGroupMenu( $id[0], $user, $plugin );
break;
case 'publish':
cbSpoofCheck( 'plugin' );
$this->stateGroup( $id, 1, $user, $plugin );
break;
case 'unpublish':
cbSpoofCheck( 'plugin' );
$this->stateGroup( $id, 0, $user, $plugin );
break;
case 'order':
cbSpoofCheck( 'plugin' );
$this->orderGroup( $id, $order, $user, $plugin );
break;
case 'orderup':
cbSpoofCheck( 'plugin' );
$this->orderGroup( $id[0], -1, $user, $plugin );
break;
case 'orderdown':
cbSpoofCheck( 'plugin' );
$this->orderGroup( $id[0], 1, $user, $plugin );
break;
case 'batch':
$this->batchGroup( $id, $user, $plugin );
break;
case 'copy':
$this->copyGroup( $id, $user, $plugin );
break;
case 'delete':
cbSpoofCheck( 'plugin' );
$this->deleteGroup( $id, $user, $plugin );
break;
case 'new':
$this->showGroupEdit( null, $user, $plugin );
break;
case 'edit':
$this->showGroupEdit( $id[0], $user, $plugin );
break;
case 'save':
case 'apply':
cbSpoofCheck( 'plugin' );
$this->saveGroupEdit( $id[0], $save_mode, $user, $plugin );
break;
case 'show':
default:
$this->showGroups( $user, $plugin );
break;
}
break;
case 'users':
switch ( $function ) {
case 'ban':
cbSpoofCheck( 'plugin' );
$this->statusUser( $id, -1, $user, $plugin );
break;
case 'active':
cbSpoofCheck( 'plugin' );
$this->statusUser( $id, 1, $user, $plugin );
break;
case 'inactive':
cbSpoofCheck( 'plugin' );
$this->statusUser( $id, 0, $user, $plugin );
break;
case 'mod':
cbSpoofCheck( 'plugin' );
$this->statusUser( $id, 2, $user, $plugin );
break;
case 'admin':
cbSpoofCheck( 'plugin' );
$this->statusUser( $id, 3, $user, $plugin );
break;
case 'owner':
cbSpoofCheck( 'plugin' );
$this->statusUser( $id, 4, $user, $plugin );
break;
case 'batch':
$this->batchUser( $id, $user, $plugin );
break;
case 'delete':
cbSpoofCheck( 'plugin' );
$this->deleteUser( $id, $user, $plugin );
break;
case 'new':
$this->showUserEdit( null, $user, $plugin );
break;
case 'edit':
$this->showUserEdit( $id[0], $user, $plugin );
break;
case 'save':
case 'apply':
cbSpoofCheck( 'plugin' );
$this->saveUserEdit( $id[0], $save_mode, $user, $plugin );
break;
case 'show':
default:
$this->showUsers( $user, $plugin );
break;
}
break;
case 'invites':
switch ( $function ) {
case 'delete':
cbSpoofCheck( 'plugin' );
$this->deleteInvite( $id, $user, $plugin );
break;
case 'show':
default:
$this->showInvites( $user, $plugin );
break;
}
break;
case 'config':
switch ( $function ) {
case 'save':
cbSpoofCheck( 'plugin' );
$this->saveConfig( $_POST, $user, $plugin );
break;
case 'show':
default:
$this->showConfig( $user, $plugin );
break;
}
break;
case 'tools':
switch ( $function ) {
case 'migrate':
$this->showMigrate( $user, $plugin );
break;
case 'delmigrate':
$this->deleteMigrate( $user, $plugin );
break;
case 'show':
default:
$this->showTools( $user, $plugin );
break;
}
break;
case 'fix':
switch ( $function ) {
case 'categories':
$this->fixCategories( $id[0], $user, $plugin );
break;
case 'groups':
$this->fixGroups( $id[0], $user, $plugin );
break;
case 'users':
$this->fixUsers( $id[0], $user, $plugin );
break;
default:
$this->showTools( $user, $plugin );
break;
}
break;
case 'integrations':
$this->showIntegrations( $user, $plugin );
break;
case 'menus':
switch ( $function ) {
case 'save':
$this->saveMenus( $user, $plugin );
break;
default:
$this->showMenus( $user, $plugin );
break;
}
break;
case 'plugin':
$_PLUGINS->trigger( 'gj_onPluginBE', array( array( $function, $id, $order, $save_mode ), $user, $plugin ) );
break;
default:
switch ( $function ) {
case 'menu':
$this->createPluginMenu( $user, $plugin );
break;
case 'show':
default:
$this->showPlugin( $user, $plugin );
break;
}
break;
}
$html = ob_get_contents();
ob_end_clean();
ob_start();
include( $_CB_framework->getCfg( 'absolute_path' ) . '/components/com_comprofiler/plugin/user/plug_cbgroupjive/toolbar.cbgroupjive.php' );
$toolbar = ob_get_contents();
ob_end_clean();
$title = ( isset( $_GJ_Backend_Title[0] ) ? $_GJ_Backend_Title[0] : null );
$class = ( isset( $_GJ_Backend_Title[1] ) ? ' ' . $_GJ_Backend_Title[1] : null );
$return = '<div style="margin:0px;border-width:0px;padding:0px;float:left;width:100%;text-align:left;" class="gjAdmin">'
. '<div id="cbAdminMainWrapper" style="margin:0px;border-width:0px;padding:0px;float:none;width:auto;">'
. '<div style="float:right;" class="gjAdminToolbar">'
. $toolbar
. '</div>'
. '<div style="float:left;" class="header' . $class . '">'
. $title
. '</div>'
. '<div style="clear:both;"></div>'
. '<div style="float:left;width:100%;margin-top:10px;">'
. $html
. '</div>'
. '<div style="clear:both;"></div>'
. '</div>'
. '</div>';
echo $return;
}
function _cbadmin_emailUsers( &$rows, $emailSubject, $emailBody, $limitstart, $limit, $total, $simulationMode ) {
global $_PLUGINS;
// simple spoof check security
cbSpoofCheck( 'cbadmingui' );
cbRegAntiSpamCheck();
$cbNotification = new cbNotification();
$mode = 1; // html
$usernames = '';
foreach ( $rows as $row ) {
$user = CBuser::getUserDataInstance( (int) $row->id );
$usernames .= ( $usernames ? ', ' : '' ) . htmlspecialchars( $user->username );
if ( $simulationMode ) {
$usernames .= ' (' . htmlspecialchars( CBTxt::T('email not send: simulation mode') ) . ')';
} else {
$extraStrings = array();
$_PLUGINS->trigger( 'onBeforeBackendUserEmail', array( &$user, &$emailSubject, &$emailBody, $mode, &$extraStrings, $simulationMode ) );
if ( ! $cbNotification->sendFromSystem( $user, $emailSubject, $this->_cbadmin_makeLinksAbsolute( $emailBody ), true, $mode, null, null, null, $extraStrings, false ) ) {
$usernames .= ': <span class="cb_result_error">' . htmlspecialchars( CBTxt::T('Error sending email!') ) . '</span>';
}
}
}
if ( $total < $limit ) {
$limit = $total;
}
ob_start();
$usersView = _CBloadView( 'users' );
$usersView->ajaxResults( $usernames, $emailSubject, $this->_cbadmin_makeLinksAbsolute( $emailBody ), $limitstart, $limit, $total );
$html = ob_get_contents();
ob_end_clean();
$reply = array( 'result' => 1,
'htmlcontent' => $html );
if ( ! ( $total - ( $limitstart + $limit ) > 0 ) ) {
$reply['result'] = 2;
}
echo json_encode( $reply );
sleep(3);
}
/**
* Saves the CB plugin view after an edit view form submit
*
* @param array $options
* @param array $actionPath
* @param array $keyValues
* @param array $parametersValues
* @param SimpleXMLElement $viewModel
* @param TableInterface $data
* @param RegistryEditController $params
* @param string $mode
* @param string $dataModelType
* @param PluginTable $plugin
* @param SimpleXMLElement $dataModel
* @param RegistryInterface $pluginParams
* @param string $cbprevstate
* @param int $ui
* @return null|string NULL: ok, STRING: error
*/
protected function savePluginView($options, $actionPath, $keyValues, $parametersValues, $viewModel, $data, $params, &$mode, $dataModelType, $plugin, $dataModel, $pluginParams, $cbprevstate, $ui)
{
global $_CB_framework;
new cbTabs(false, 2, -1, false);
// prevents output of CB tabs js code until we are done with drawing (or redirecting)
$resultingMsg = null;
cbSpoofCheck('plugin');
$postArray = $this->input->getNamespaceRegistry('post')->asArray();
// List of variables to exclude from the $postArray:
$exclude = array('option', 'cid', 'cbprevstate', cbSpoofField());
foreach ($actionPath as $k => $v) {
$exclude[] = $k;
}
// Remove the exclude variables from the $postArray before being used in the below cases:
foreach ($exclude as $v) {
if (isset($postArray[$v])) {
unset($postArray[$v]);
}
}
// Fix multi-selects and multi-checkboxes arrays to |*|-delimited strings:
$postArray = $this->recursiveMultiSelectFix($postArray);
foreach ($postArray as $key => $value) {
if (property_exists($data, $key)) {
$postArray[$key] = is_array($value) ? json_encode($value) : $value;
}
}
$errorMsg = null;
switch ($dataModelType) {
case 'sql:row':
if ($ui == 2) {
if (true !== ($error = RegistryEditView::validateAndBindPost($params, $postArray))) {
$errorMsg = $error;
break;
}
if (!$data->bind($postArray)) {
$errorMsg = $data->getError();
break;
}
} else {
RegistryEditView::setFieldsListArrayValues(true);
$fields = $params->draw(null, null, null, null, null, null, false, 'param', 'fieldsListArray');
// New CB2.0 way for bind():
foreach ($fields as $key => $value) {
if (property_exists($data, $key)) {
$data->{$key} = is_array($value) ? json_encode($value) : $value;
}
}
}
if (!$data->check()) {
$errorMsg = $data->getError();
break;
}
$dataModelKey = $data->getKeyName();
$dataModelValueOld = $data->{$dataModelKey};
if ($mode == 'savecopy') {
if (!$data->canCopy($data)) {
$errorMsg = $data->getError();
break;
}
if (!$data->copy($data)) {
$errorMsg = $data->getError();
break;
}
} else {
if (!$data->store()) {
$errorMsg = $data->getError();
break;
}
}
$dataModelValue = $data->{$dataModelKey};
// Id changed; be sure to update the url encase of redirect:
if (count($keyValues) == 1) {
$urlKeys = array_keys($keyValues);
$urlDataKey = $urlKeys[0];
if ($mode == 'savenew') {
unset($actionPath[$urlDataKey]);
} elseif ($dataModelValue != $dataModelValueOld) {
$actionPath[$urlDataKey] = $dataModelValue;
}
}
if ($data->hasFeature('checkout')) {
/** @var \CBLib\Database\Table\CheckedOrderedTable $data */
$data->checkin();
}
$this->savePluginViewOrder($data, $viewModel);
$resultingMsg = $data->cbResultOfStore();
break;
case 'sql:field':
// <data name="params" type="sql:field" table="#__cbsubs_config" class="cbpaidConfig" key="id" value="1" valuetype="sql:int" />
$dataModelName = $dataModel->attributes('name');
$dataModelKey = $dataModel->attributes('key');
$dataModelValue = $dataModel->attributes('value');
if ($ui == 2) {
if (true !== ($error = RegistryEditView::validateAndBindPost($params, $postArray))) {
$errorMsg = $error;
break;
}
}
$rawParams = array();
$rawParams[$dataModelName] = json_encode($postArray);
$xmlsql = new XmlQuery($this->db, null, $pluginParams);
$xmlsql->process_data($dataModel);
if ($dataModelValue) {
$result = $xmlsql->queryUpdate($rawParams);
} else {
$result = $xmlsql->queryInsert($rawParams, $dataModelKey);
}
if (!$result) {
$errorMsg = $xmlsql->getErrorMsg();
}
break;
case 'parameters':
if ($ui == 2) {
if (true !== ($error = RegistryEditView::validateAndBindPost($params, $postArray))) {
$errorMsg = $error;
break;
}
}
$rawParams = array();
$rawParams['params'] = json_encode($postArray);
// $plugin = new PluginTable( $this->_db );
// $plugin->load( $pluginId );
if (!$plugin->bind($rawParams)) {
$errorMsg = $plugin->getError();
break;
}
if (!$plugin->check()) {
$errorMsg = $plugin->getError();
break;
}
if (!$plugin->store()) {
$errorMsg = $plugin->getError();
break;
}
$plugin->checkin();
$plugin->updateOrder("type='" . $plugin->getDbo()->getEscaped($plugin->type) . "' AND ordering > -10000 AND ordering < 10000 ");
$resultingMsg = $plugin->cbResultOfStore();
break;
case 'class':
if ($ui == 2) {
if (true !== ($error = RegistryEditView::validateAndBindPost($params, $postArray))) {
$errorMsg = $error;
break;
}
}
if (!$data->bind($postArray)) {
$errorMsg = $data->getError();
break;
}
if (!$data->check()) {
$errorMsg = $data->getError();
break;
}
if (!$data->store()) {
$errorMsg = $data->getError();
break;
}
if ($data->hasFeature('checkout')) {
/** @var \CBLib\Database\Table\CheckedOrderedTable $data */
$data->checkin();
}
$this->savePluginViewOrder($data, $viewModel);
$resultingMsg = $data->cbResultOfStore();
break;
case 'sql:multiplerows':
default:
echo 'Save error: showview data type: ' . $dataModelType . ' not implemented !';
exit;
break;
}
if ($ui == 2) {
$url = 'index.php?option=' . $options['option'] . '&view=' . $options['view'];
if ($options['view'] == 'editPlugin') {
$url .= '&cid=' . $options['pluginid'];
}
$url = $_CB_framework->backendUrl($url);
} else {
$url = 'index.php';
if (count($options) > 0) {
$fixOptions = array();
foreach ($options as $k => $v) {
$fixOptions[$k] = $k . '=' . urlencode($v);
}
$url .= '?' . implode('&', $fixOptions);
}
}
if (isset($data->title)) {
$dataItem = CBTxt::T($data->title);
} elseif (isset($data->name)) {
$dataItem = CBTxt::T($data->name);
} else {
$dataItem = null;
}
if ($errorMsg) {
if (in_array($mode, array('save', 'savenew', 'savecopy'))) {
$mode = 'apply';
}
$msg = CBTxt::T('FAILED_TO_SAVE_LABEL_ITEM_BECAUSE_ERROR', 'Failed to save [label] [item] because: [error]', array('[label]' => $viewModel->attributes('label'), '[item]' => $dataItem, '[error]' => $errorMsg));
$msgType = 'error';
} else {
$msg = CBTxt::T('SUCCESSFULLY_SAVED_LABEL_ITEM', 'Successfully saved [label] [item]', array('[label]' => $viewModel->attributes('label'), '[item]' => $dataItem));
$msgType = 'message';
}
switch ($mode) {
case 'apply':
case 'savenew':
case 'savecopy':
unset($actionPath['view']);
foreach ($actionPath as $k => $v) {
if ($v !== '') {
$url .= '&' . $k . '=' . $v;
}
}
foreach ($parametersValues as $k => $v) {
$url .= '&' . $k . '=' . $v;
}
if ($cbprevstate) {
$url .= '&cbprevstate=' . $cbprevstate;
}
break;
case 'save':
if ($cbprevstate) {
$prevUrl = base64_decode($cbprevstate);
// $parametersValues[] = "'" . base64_encode( implode( '&', $cbprevstate ) ) . "'";
if (!preg_match('$[:/]$', $prevUrl)) {
$prevUrl = str_replace('&pluginid=', '&cid=', $prevUrl);
if ($ui == 2) {
$url = $_CB_framework->backendUrl('index.php?' . $prevUrl);
} else {
$url = 'index.php?' . $prevUrl;
}
}
}
break;
}
if ($resultingMsg) {
if ($ui != 2) {
return $resultingMsg;
// in frontend, for now, don't redirect here: think this is right !
} else {
// If not an apply then change it to an apply so we can redisplay the view with the resulting message above it:
if (in_array($mode, array('save', 'savenew', 'savecopy'))) {
$mode = 'apply';
}
echo $resultingMsg;
}
} else {
if ($ui != 2) {
return null;
// in frontend, for now, don't redirect here: think this is right !
// $url = cbUnHtmlspecialchars( cbSef( $url ) );
}
if ($mode == 'apply' && $errorMsg) {
$_CB_framework->enqueueMessage($msg, $msgType);
} else {
cbRedirect($ui == 2 ? $url : cbSef(htmlspecialchars($url), false), $msg, $msgType);
}
}
return null;
}
/**
* Generates the HTML to display the user profile tab
* @param moscomprofilerTab $tab the tab database entry
* @param moscomprofilerUser $user the user being displayed
* @param int $ui 1 for front-end, 2 for back-end
* @return mixed either string HTML for tab content, or false if ErrorMSG generated
*/
function getDisplayTab($tab,$user,$ui) {
global $_CB_framework, $_POST, $_CB_OneTwoRowsStyleToggle;
if ( ! $_CB_framework->myId() ) {
return null;
}
$return = "";
$params = $this->params;
$pmsType = $params->get('pmsType', '1');
$showTitle = $params->get('showTitle', "1");
$showSubject = $params->get('showSubject', "1");
$width = $params->get('width', "30");
$height = $params->get('height', "5");
$capabilities = $this->getPMScapabilites();
if (!$this->_checkPMSinstalled($pmsType) || ($capabilities === false)) {
return false;
}
if ($_CB_framework->myId() == $user->id) {
return null;
}
$newsub = null;
$newmsg = null;
// send PMS from this tab form input:
if ( cbGetParam( $_POST, $this->_getPagingParamName("sndnewmsg") ) == _UE_PM_SENDMESSAGE ) {
$sender = $this->_getReqParam("sender", null);
$recip = $this->_getReqParam("recip", null);
if ( $sender && $recip && ( $sender == $_CB_framework->myId() ) && ( $recip == $user->id ) ) {
cbSpoofCheck( 'pms' );
$newsub = htmlspecialchars($this->_getReqParam("newsub", null)); //urldecode done in _getReqParam
if($pmsType=='3' || $pmsType=='4') {
$newmsg = $this->_getReqParam("newmsg", null);
} else {
$newmsg = htmlspecialchars($this->_getReqParam("newmsg", null)); //don't allow html input on user profile!
}
if ( ( $newsub || $newmsg ) && isset( $_POST[$this->_getPagingParamName( "protect" )] ) ) {
$parts = explode( '_', $this->_getReqParam('protect', '' ) );
if ( ( count( $parts ) == 3 ) && ( $parts[0] == 'cbpms1' ) && ( strlen( $parts[2] ) == 32 ) && ( $parts[1] == md5($parts[2].$user->id.$user->lastvisitDate) ) )
{
if (!$newsub && $capabilities["subject"]) $newsub = _UE_PM_PROFILEMSG;
if ($this->sendUserPMS($recip, $sender, $newsub, $newmsg, $systemGenerated=false, $escaped=true)) {
$return .= "\n<script type='text/javascript'>alert('"._UE_PM_SENTSUCCESS."')</script>";
$newsub = null;
$newmsg = null;
} else {
$return .= "\n<script type='text/javascript'>alert('".$this->getErrorMSG()."')</script>";
}
} else {
$return .= "\n<script type='text/javascript'>alert('"._UE_SESSIONTIMEOUT." "._UE_PM_NOTSENT." "._UE_TRYAGAIN."')</script>";
}
} else {
$return .= "\n<script type='text/javascript'>alert('"._UE_PM_EMPTYMESSAGE." "._UE_PM_NOTSENT."')</script>";
}
}
}
// display Quick Message tab:
$return .= "\n\t<div class=\"sectiontableentry".$_CB_OneTwoRowsStyleToggle."\" style=\"padding-bottom:5px;\">\n";
$_CB_OneTwoRowsStyleToggle = ($_CB_OneTwoRowsStyleToggle == 1 ? 2 : 1);
if($showTitle) $return .= "\t\t<div class=\"titleCell\" style=\"align: left; text-align:left; margin-left: 0px;\">"
.cbUnHtmlspecialchars(getLangDefinition($tab->title)).(($showSubject && $capabilities["subject"])?"" : ":")."</div>\n";
$return .= $this->_writeTabDescription( $tab, $user );
$base_url = $this->_getAbsURLwithParam(array());
$return .= '<form method="post" action="'.$base_url.'">';
$return .= '<table cellspacing="0" cellpadding="5" class="contentpane" style="border:0px;align:left;width:90%;">';
if ($showSubject && $capabilities["subject"]) {
$return .= '<tr><td><b>'._UE_EMAILFORMSUBJECT.'</b></td>';
$return .= '<td><input type="text" class="inputbox" name="'.$this->_getPagingParamName("newsub")
.'" size="'.($width-8).'" value="'.stripslashes($newsub).'" /></td></tr>';
$return .= '<tr class="sectiontableentry1"><td colspan="2"><b>'._UE_EMAILFORMMESSAGE.'</b></td></tr>';
}
$return .= '<tr><td colspan="2"><textarea name="'.$this->_getPagingParamName("newmsg")
.'" class="inputbox" rows="'.$height.'" cols="'.$width.'">'.stripslashes($newmsg).'</textarea></td></tr>';
$return .= '<tr><td colspan="2"><input type="submit" class="button" name="'.$this->_getPagingParamName("sndnewmsg").'" value="'._UE_PM_SENDMESSAGE.'" /></td></tr>';
$return .= '</table>';
$return .= "<input type=\"hidden\" name=\"".$this->_getPagingParamName("sender")."\" value=\"" . $_CB_framework->myId() . "\" />";
$return .= "<input type=\"hidden\" name=\"".$this->_getPagingParamName("recip")."\" value=\"$user->id\" />";
$salt = cbMakeRandomString( 32 );
$return .= "<input type=\"hidden\" name=\"".$this->_getPagingParamName("protect")."\" value=\""
. 'cbpms1_' . md5($salt.$user->id.$user->lastvisitDate) . '_' . $salt . "\" />";
$return .= cbGetSpoofInputTag( 'pms' );
$return .= '</form>';
$return .= "</div>";
return $return;
}
/**
* @param TabTable $tab Current tab
* @param UserTable $user Current user
* @param int $ui 1 front, 2 admin UI
* @param array $postdata Raw unfiltred POST data
* @return string HTML
*/
public function getCBpluginComponent( $tab, $user, $ui, $postdata )
{
global $_CB_framework;
$format = $this->input( 'format', null, GetterInterface::STRING );
if ( $format != 'raw' ) {
outputCbJs( 1 );
outputCbTemplate( 1 );
}
$action = $this->input( 'action', null, GetterInterface::STRING );
$function = $this->input( 'func', null, GetterInterface::STRING );
$type = $this->input( 'type', null, GetterInterface::STRING );
$id = (int) $this->input( 'id', null, GetterInterface::INT );
$userId = (int) $this->input( 'user', null, GetterInterface::INT );
$tabId = (int) $this->input( 'tab', null, GetterInterface::INT );
if ( ! $tabId ) {
switch( $type ) {
case 'photos':
$tabId = 'cbgalleryTabPhotos';
break;
case 'files':
$tabId = 'cbgalleryTabFiles';
break;
case 'videos':
$tabId = 'cbgalleryTabVideos';
break;
case 'music':
$tabId = 'cbgalleryTabMusic';
break;
}
}
$viewer = CBuser::getMyUserDataInstance();
if ( $userId ) {
$user = CBuser::getUserDataInstance( (int) $userId );
} else {
$user = CBuser::getMyUserDataInstance();
}
$profileUrl = $_CB_framework->userProfileUrl( (int) $user->get( 'id' ), false, $tabId );
if ( ! in_array( $type, array( 'photos', 'files', 'videos', 'music' ) ) ) {
if ( ( $action == 'items' ) && in_array( $function, array( 'download', 'preview', 'show' ) ) ) {
header( 'HTTP/1.0 401 Unauthorized' );
exit();
} else {
cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' );
}
}
$tab = new TabTable();
$tab->load( ( is_integer( $tabId ) ? $tabId : array( 'pluginclass' => $tabId ) ) );
if ( ! ( $tab->get( 'enabled' ) && Application::User( (int) $viewer->get( 'id' ) )->canViewAccessLevel( $tab->get( 'viewaccesslevel' ) ) ) ) {
if ( ( $action == 'items' ) && in_array( $function, array( 'download', 'preview', 'show' ) ) ) {
header( 'HTTP/1.0 401 Unauthorized' );
exit();
} else {
cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' );
}
}
if ( ! ( $tab->params instanceof ParamsInterface ) ) {
$tab->params = new Registry( $tab->params );
}
if ( $format != 'raw' ) {
ob_start();
}
switch ( $action ) {
case 'items':
switch ( $function ) {
case 'download':
$this->outputItem( false, false, $id, $type, $tab, $user, $viewer );
break;
case 'edit':
$this->showItemEdit( $id, $type, $tab, $user, $viewer );
break;
case 'new':
$this->showItemEdit( null, $type, $tab, $user, $viewer );
break;
case 'save':
cbSpoofCheck( 'plugin' );
$this->saveItemEdit( $id, $type, $tab, $user, $viewer );
break;
case 'publish':
$this->stateItem( 1, $id, $type, $tab, $user, $viewer );
break;
case 'unpublish':
$this->stateItem( 0, $id, $type, $tab, $user, $viewer );
break;
case 'delete':
$this->deleteItem( $id, $type, $tab, $user, $viewer );
break;
case 'preview':
$this->outputItem( true, true, $id, $type, $tab, $user, $viewer );
break;
case 'show':
default:
$this->outputItem( true, false, $id, $type, $tab, $user, $viewer );
break;
}
break;
case 'folders':
if ( ! $tab->params->get( 'tab_' . $type . '_folders', 1 ) ) {
cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' );
}
switch ( $function ) {
case 'edit':
$this->showFolderEdit( $id, $type, $tab, $user, $viewer );
break;
case 'new':
$this->showFolderEdit( null, $type, $tab, $user, $viewer );
break;
case 'save':
cbSpoofCheck( 'plugin' );
$this->saveFolderEdit( $id, $type, $tab, $user, $viewer );
break;
case 'publish':
$this->stateFolder( 1, $id, $type, $tab, $user, $viewer );
break;
case 'unpublish':
$this->stateFolder( 0, $id, $type, $tab, $user, $viewer );
break;
case 'delete':
$this->deleteFolder( $id, $type, $tab, $user, $viewer );
break;
case 'show':
default:
$this->showFolder( $id, $type, $tab, $user, $viewer );
break;
}
break;
default:
cbRedirect( 'index.php', CBTxt::T( 'Not authorized.' ), 'error' );
break;
}
if ( $format != 'raw' ) {
$html = ob_get_contents();
ob_end_clean();
$class = $this->params->get( 'general_class', null );
$return = '<div id="cbGallery" class="cbGallery' . ( $class ? ' ' . htmlspecialchars( $class ) : null ) . '">'
. '<div id="cbGalleryInner" class="cbGalleryInner">'
. $html
. '</div>'
. '</div>';
echo $return;
}
}
/**
* Outputs legacy user mass mailer and user reconfirm email display
*
* @param string $option
* @param string $task
* @param int[] $cid
* @return bool
* @deprecated 2.0
*/
public function showUsers($option, $task, $cid)
{
global $_CB_framework, $_CB_database, $ueConfig, $_PLUGINS;
cbimport('language.all');
cbimport('cb.tabs');
cbimport('cb.params');
cbimport('cb.pagination');
cbimport('cb.lists');
// We just need the user rows as we've already filtered down the IDs in user management:
$query = 'SELECT *' . "\n FROM " . $_CB_database->NameQuote('#__comprofiler') . " AS c" . "\n INNER JOIN " . $_CB_database->NameQuote('#__users') . " AS u" . ' ON u.' . $_CB_database->NameQuote('id') . ' = c.' . $_CB_database->NameQuote('id') . "\n WHERE u." . $_CB_database->NameQuote('id') . " IN ( " . implode(', ', cbArrayToInts($cid)) . " )";
$_CB_database->setQuery($query);
$rows = $_CB_database->loadObjectList(null, '\\CB\\Database\\Table\\UserTable', array($_CB_database));
$total = count($rows);
if ($task == 'resendconfirmationemails') {
if (!$rows) {
cbRedirect($_CB_framework->backendViewUrl('showusers', false), CBTxt::T('SELECT_A_ROW_TO_TASK', 'Select a row to [task]', array('[task]' => $task)), 'error');
}
$count = 0;
/** @var UserTable[] $rows */
foreach ($rows as $row) {
if ($row->confirmed == 0) {
if ($row->cbactivation == '') {
// Generate a new confirmation code if the user doesn't have one (requires email confirmation to be enabled):
$row->store();
}
$cbNotification = new cbNotification();
$cbNotification->sendFromSystem($row->id, CBTxt::T($ueConfig['reg_pend_appr_sub']), CBTxt::T($ueConfig['reg_pend_appr_msg']), true, isset($ueConfig['reg_email_html']) ? (int) $ueConfig['reg_email_html'] : 0);
++$count;
}
}
cbRedirect($_CB_framework->backendViewUrl('showusers', false), CBTxt::T('SENT_CONFIRMATION_EMAILS_TO_NUM_USERS_USERS', 'Sent confirmation emails to [NUM_USERS] users', array('[NUM_USERS]' => $count)));
} else {
$emailSubject = stripslashes(cbGetParam($_POST, 'emailsubject', ''));
$emailBody = stripslashes(rawurldecode(cbGetParam($_POST, 'emailbody', '', _CB_ALLOWRAW | _CB_NOTRIM)));
$emailAttach = stripslashes(cbGetParam($_POST, 'emailattach', ''));
$emailsPerBatch = stripslashes(cbGetParam($_POST, 'emailsperbatch', 50));
$emailsBatch = stripslashes(cbGetParam($_POST, 'emailsbatch', 0));
$emailFromName = stripslashes(cbGetParam($_POST, 'emailfromname', ''));
$emailFromAddr = stripslashes(cbGetParam($_POST, 'emailfromaddr', ''));
$emailReplyName = stripslashes(cbGetParam($_POST, 'emailreplyname', ''));
$emailReplyAddr = stripslashes(cbGetParam($_POST, 'emailreplyaddr', ''));
$emailPause = stripslashes(cbGetParam($_POST, 'emailpause', 30));
$simulationMode = stripslashes(cbGetParam($_POST, 'simulationmode', ''));
// B/C trigger variables:
if (count($cid) > 0 && count($cid) < $total) {
$total = count($cid);
}
$pageNav = new cbPageNav($total, 0, 10);
$search = '';
$lists = array();
$inputTextExtras = null;
$select_tag_attribs = null;
if ($task == 'emailusers') {
if (!$rows) {
cbRedirect($_CB_framework->backendViewUrl('showusers', false), CBTxt::T('SELECT_A_ROW_TO_TASK', 'Select a row to [task]', array('[task]' => $task)), 'error');
}
$pluginRows = $_PLUGINS->trigger('onBeforeBackendUsersEmailForm', array(&$rows, &$pageNav, &$search, &$lists, &$cid, &$emailSubject, &$emailBody, &$inputTextExtras, &$select_tag_attribs, $simulationMode, $option, &$emailAttach, &$emailFromName, &$emailFromAddr, &$emailReplyName, &$emailReplyAddr));
$usersView = _CBloadView('users');
/** @var CBView_users $usersView */
$usersView->emailUsers($rows, $emailSubject, $emailBody, $emailAttach, $emailFromName, $emailFromAddr, $emailReplyName, $emailReplyAddr, $emailsPerBatch, $emailsBatch, $emailPause, $simulationMode, $pluginRows);
} elseif ($task == 'startemailusers') {
$pluginRows = $_PLUGINS->trigger('onBeforeBackendUsersEmailStart', array(&$rows, $total, $search, $lists, $cid, &$emailSubject, &$emailBody, &$inputTextExtras, $simulationMode, $option, &$emailAttach, &$emailFromName, &$emailFromAddr, &$emailReplyName, &$emailReplyAddr));
$usersView = _CBloadView('users');
/** @var CBView_users $usersView */
$usersView->startEmailUsers($rows, $emailSubject, $emailBody, $emailAttach, $emailFromName, $emailFromAddr, $emailReplyName, $emailReplyAddr, $emailsPerBatch, $emailsBatch, $emailPause, $simulationMode, $pluginRows);
} elseif ($task == 'ajaxemailusers') {
cbSpoofCheck('cbadmingui');
cbRegAntiSpamCheck();
$cbNotification = new cbNotification();
$mode = 1;
// html
$errors = 0;
$success = array();
$failed = array();
$users = array_slice($rows, $emailsBatch, $emailsPerBatch);
if ($simulationMode) {
$success = array('<div class="alert alert-info">' . CBTxt::T('Emails do not send in simulation mode') . '</div>');
} else {
foreach ($users as $user) {
$extraStrings = array();
$_PLUGINS->trigger('onBeforeBackendUserEmail', array(&$user, &$emailSubject, &$emailBody, $mode, &$extraStrings, $simulationMode, &$emailAttach, &$emailFromName, &$emailFromAddr, &$emailReplyName, &$emailReplyAddr));
$attachments = cbReplaceVars($emailAttach, $user, $mode, true, $extraStrings);
if ($attachments) {
$attachments = preg_split(' *, *', $attachments);
} else {
$attachments = null;
}
if (!$cbNotification->sendFromSystem($user, $emailSubject, $this->makeLinksAbsolute($emailBody), true, $mode, null, null, $attachments, $extraStrings, false, $emailFromName, $emailFromAddr, $emailReplyName, $emailReplyAddr)) {
$failed[] = '<div class="alert alert-danger">' . '<strong>' . htmlspecialchars($user->name . ' <' . $user->email . '>') . '</strong>: ' . CBTxt::Th('ERROR_SENDING_EMAIL_ERRORMSG', 'Error sending email: [ERROR_MSG]', array('[ERROR_MSG]' => $cbNotification->errorMSG)) . '</div>';
++$errors;
} else {
$success[] = htmlspecialchars($user->name . ' <' . $user->email . '>');
}
}
}
$usernames = implode(', ', $success) . implode('', $failed);
if ($total < $emailsPerBatch) {
$limit = $total;
} else {
$limit = $emailsPerBatch;
}
ob_start();
$usersView = _CBloadView('users');
/** @var CBView_users $usersView */
$usersView->ajaxResults($usernames, $emailSubject, $this->makeLinksAbsolute($emailBody), $emailAttach, $emailFromName, $emailFromAddr, $emailReplyName, $emailReplyAddr, $emailsBatch, $limit, $total, $errors);
$html = ob_get_contents();
ob_end_clean();
$reply = array('result' => 1, 'htmlcontent' => $html);
if (!($total - ((int) $emailsBatch + (int) $emailsPerBatch) > 0)) {
$reply['result'] = 2;
}
echo json_encode($reply);
}
}
}
function processConnectionActions($connectionids)
{
global $_CB_framework, $ueConfig, $_PLUGINS;
// simple spoof check security
cbSpoofCheck('manageconnections');
if (!$ueConfig['allowConnections']) {
$msg = CBTxt::Th('UE_FUNCTIONALITY_DISABLED', 'This functionality is currently disabled.');
} elseif (!($_CB_framework->myId() > 0)) {
$msg = CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!');
} else {
$msg = null;
}
$_PLUGINS->loadPluginGroup('user');
$_PLUGINS->trigger('onBeforeProcessConnectionsRequest', array($connectionids, &$msg));
if ($msg) {
$_CB_framework->enqueueMessage($msg, 'error');
return;
}
$cbCon = new cbConnection($_CB_framework->myId());
if (is_array($connectionids)) {
foreach ($connectionids as $cid) {
$action = cbGetParam($_POST, $cid . 'action');
if ($action == 'd') {
$cbCon->denyConnection($_CB_framework->myId(), $cid);
} elseif ($action == 'a') {
$cbCon->acceptConnection($_CB_framework->myId(), $cid);
}
}
}
$error = $cbCon->getErrorMSG();
if ($error) {
cbRedirect($_CB_framework->viewUrl('manageconnections', false), $error, 'error');
} else {
cbRedirect($_CB_framework->viewUrl('manageconnections', false), is_array($connectionids) ? CBTxt::Th('UE_CONNECTIONACTIONSSUCCESSFULL', 'Connection actions successful!') : null);
}
}
$cbController->editField(0, $option, $task);
break;
case "editField":
checkCanAdminPlugins('core.edit');
$cbController = _CBloadController('field');
$cbController->editField(intval($cid[0]), $option, $task);
break;
case "reloadField":
checkCanAdminPlugins('core.edit');
cbSpoofCheck('field');
$cbController = _CBloadController('field');
$cbController->editField((int) cbGetParam($_POST, 'fieldid', 0), $option, $task);
break;
case "saveField":
case "applyField":
cbSpoofCheck('field');
checkCanAdminPlugins('core.edit');
$cbController = _CBloadController('field');
$cbController->saveField($option, $task);
break;
default:
_CBloadController('default');
break;
}
ob_start();
include $_CB_adminpath . '/comprofiler.toolbar.php';
$toolbars = trim(ob_get_contents());
ob_end_clean();
if (checkJversion('j3.0+')) {
$bar = JToolbar::getInstance('toolbar');
$bar->prependButton('Custom', $toolbars, null);
public function getPluginBE( $params, $user, $plugin ) {
global $_CB_framework;
if ( strstr( $params[0], 'auto' ) ) {
$_CB_framework->document->addHeadStyleSheet( $plugin->livePath . '/plugins/cbgroupjiveauto/cbgroupjiveauto.css' );
switch ( $params[0] ) {
case 'auto_publish':
cbSpoofCheck( 'plugin' );
$this->stateAuto( $params[1], 1, $user, $plugin );
break;
case 'auto_unpublish':
cbSpoofCheck( 'plugin' );
$this->stateAuto( $params[1], 0, $user, $plugin );
break;
case 'auto_order':
cbSpoofCheck( 'plugin' );
$this->orderAuto( $params[1], $params[2], $user, $plugin );
break;
case 'auto_orderup':
cbSpoofCheck( 'plugin' );
$this->orderAuto( $params[1][0], -1, $user, $plugin );
break;
case 'auto_orderdown':
cbSpoofCheck( 'plugin' );
$this->orderAuto( $params[1][0], 1, $user, $plugin );
break;
case 'auto_copy':
cbSpoofCheck( 'plugin' );
$this->copyAuto( $params[1], $user, $plugin );
break;
case 'auto_delete':
cbSpoofCheck( 'plugin' );
$this->deleteAuto( $params[1], $user, $plugin );
break;
case 'auto_new':
$this->getAutoEdit( null, $user, $plugin );
break;
case 'auto_edit':
$this->getAutoEdit( $params[1][0], $user, $plugin );
break;
case 'auto_save':
case 'auto_apply':
cbSpoofCheck( 'plugin' );
$this->saveAutoEdit( $params[1][0], $params[3], $user, $plugin );
break;
case 'auto_show':
case 'auto':
default:
$this->getAuto( $user, $plugin );
break;
}
}
}
function drawUsersList( $uid, $listid, $searchFormValuesRAW ) {
global $_CB_database, $_CB_framework, $ueConfig, $Itemid, $_PLUGINS;
$search = null;
$searchGET = cbGetParam( $searchFormValuesRAW, 'search' );
$limitstart = (int) cbGetParam( $searchFormValuesRAW, 'limitstart', 0 );
$searchmode = (int) cbGetParam( $searchFormValuesRAW, 'searchmode', 0 );
$randomParam = (int) cbGetParam( $searchFormValuesRAW, 'rand', 0 );
// old search on formated name:
/* if ( $searchPOST || count( $_POST ) ) {
// simple spoof check security
cbSpoofCheck( 'usersList' );
if ( cbGetParam( $searchFormValuesRAW, "action" ) == "search" ) {
$search = $searchPOST;
}
} else
if ( isset( $searchFormValuesRAW['limitstart'] ) ) {
$search = stripslashes( $searchGET );
}
*/
// get my user and gets the list of user lists he is allowed to see (ACL):
$myCbUser =& CBuser::getInstance( $uid );
if ( $myCbUser === null ) {
$myCbUser =& CBuser::getInstance( null );
}
$myUser =& $myCbUser->getUserData();
/*
$myUser = new moscomprofilerUser( $_CB_database );
if ( $uid ) {
$myUser->load( (int) $uid );
}
*/
$useraccessgroupSQL = " AND useraccessgroupid IN (".implode(',',getChildGIDS(userGID($uid))).")";
$_CB_database->setQuery( "SELECT listid, title FROM #__comprofiler_lists WHERE published=1" . $useraccessgroupSQL . " ORDER BY ordering" );
$plists = $_CB_database->loadObjectList();
$lists = array();
$publishedlists = array();
for ( $i=0, $n=count( $plists ); $i < $n; $i++ ) {
$plist =& $plists[$i];
$listTitleNoHtml = strip_tags( cbReplaceVars( getLangDefinition( $plist->title ), $myUser, false, false ) );
$publishedlists[] = moscomprofilerHTML::makeOption( $plist->listid, $listTitleNoHtml );
}
// select either list selected or default list to which he has access (ACL):
if ( $listid == 0 ) {
$_CB_database->setQuery( "SELECT listid FROM #__comprofiler_lists "
. "\n WHERE `default`=1 AND published=1" . $useraccessgroupSQL );
$listid = (int) $_CB_database->loadresult();
if ( $listid == 0 && ( count( $plists ) > 0 ) ) {
$listid = (int) $plists[0]->listid;
}
}
if ( ! ( $listid > 0 ) ) {
echo _UE_NOLISTFOUND;
return;
}
// generates the drop-down list of lists:
if ( count( $plists ) > 1 ) {
$lists['plists'] = moscomprofilerHTML::selectList( $publishedlists, 'listid', 'class="inputbox" size="1" onchange="this.form.submit();"', 'value', 'text', $listid, 1 );
}
// loads the list record:
$row = new moscomprofilerLists( $_CB_database );
if ( ( ! $row->load( (int) $listid ) ) || ( $row->published != 1 ) ) {
echo _UE_LIST_DOES_NOT_EXIST;
return;
}
if ( ! allowAccess( $row->useraccessgroupid,'RECURSE', userGID($uid) ) ) {
echo _UE_NOT_AUTHORIZED;
return;
}
$params = new cbParamsBase( $row->params );
$hotlink_protection = $params->get( 'hotlink_protection', 0 );
if ( $hotlink_protection == 1 ) {
if ( ( $searchGET !== null ) || $limitstart ) {
cbSpoofCheck( 'usersList', 'GET' );
}
}
$limit = (int) $params->get( 'list_limit' );
if ( $limit == 0 ) {
$limit = (int) $ueConfig['num_per_page'];
}
$showPaging = $params->get( 'list_paging', 1 );
if ( $showPaging != 1 ) {
$limitstart = 0;
}
$isModerator = isModerator( $_CB_framework->myId() );
$_PLUGINS->loadPluginGroup( 'user' );
// $plugSearchFieldsArray = $_PLUGINS->trigger( 'onStartUsersList', array( &$listid, &$row, &$search, &$limitstart, &$limit ) );
$_PLUGINS->trigger( 'onStartUsersList', array( &$listid, &$row, &$search, &$limitstart, &$limit ) );
// handles the users allowed to be listed in the list by ACL:
$allusergids = array();
$usergids = explode( ',', $row->usergroupids );
/* This was a bug tending to list admins when "public backend" was checked, and all frontend users when "public backend was checked. Now just ignore them:
foreach( $usergids AS $usergid ) {
$allusergids[] = $usergid;
if ($usergid==29 || $usergid==30) {
$groupchildren = array();
$groupchildren = $_CB_framework->acl->get_group_children( $usergid, 'ARO','RECURSE' );
$allusergids = array_merge($allusergids,$groupchildren);
}
}
*/
$allusergids = array_diff( $usergids, array( 29, 30 ) );
$usergids = implode( ",", $allusergids );
// build SQL Select query:
$random = 0;
if( $row->sortfields != '' ) {
$matches = null;
if ( preg_match( '/^RAND\(\)\s(ASC|DESC)$/', $row->sortfields, $matches ) ) {
// random sorting needs to have same seed on pages > 1 to not have probability to show same users:
if ( $limitstart ) {
$random = (int) $randomParam;
}
if ( ! $random ) {
$random = rand( 0, 32767 );
}
$row->sortfields = 'RAND(' . (int) $random . ') ' . $matches[1];
}
$orderby = "\n ORDER BY " . $row->sortfields;
}
$filterby = '';
if ( $row->filterfields != '' ) {
$filterRules = utf8RawUrlDecode( substr( $row->filterfields, 1 ) );
if ( $_CB_framework->myId() ) {
$user = new moscomprofilerUser( $_CB_database );
if ( $user->load( (int) $_CB_framework->myId() ) ) {
$filterRules = cbReplaceVars( $filterRules, $user, array( $_CB_database, 'getEscaped' ), false, array() );
}
}
$filterby = " AND ". $filterRules;
}
// Prepare part after SELECT .... " and before "FROM" :
$tableReferences = array( '#__comprofiler' => 'ue', '#__users' => 'u' );
// Fetch all fields:
$tabs = $myCbUser->_getCbTabs(); // new cbTabs( 0, 1 ); //TBD: later: this private method should not be called here, but the whole users-list should go into there and be called here.
$allFields = $tabs->_getTabFieldsDb( null, $myUser, 'list' );
// $_CB_database->setQuery( "SELECT * FROM #__comprofiler_fields WHERE published = 1" );
// $allFields = $_CB_database->loadObjectList( 'fieldid', 'moscomprofilerFields', array( &$_CB_database ) );
//Make columns array. This array will later be constructed from the tabs table:
$columns = array();
for ( $i = 1; $i < 50; ++$i ) {
$enabledVar = "col".$i."enabled";
if ( ! isset( $row->$enabledVar ) ) {
break;
}
$titleVar = "col".$i."title";
$fieldsVar = "col".$i."fields";
$captionsVar = "col".$i."captions";
if ( $row->$enabledVar == 1 ) {
$col = new stdClass();
$col->fields = ( $row->$fieldsVar ? explode( '|*|', $row->$fieldsVar ) : array() );
$col->title = $row->$titleVar;
$col->titleRendered = $myCbUser->replaceUserVars( $col->title );
$col->captions = $row->$captionsVar;
// $col->sort = 1; //All columns can be sorted
$columns[$i] = $col;
}
}
// build fields and tables accesses, also check for searchable fields:
$searchableFields = array();
$fieldsSQL = cbUsersList::getFieldsSQL( $columns, $allFields, $tableReferences, $searchableFields, $params );
$_PLUGINS->trigger( 'onAfterUsersListFieldsSql', array( &$columns, &$allFields, &$tableReferences ) );
$tablesSQL = array();
$joinsSQL = array();
$tablesWhereSQL = array( 'block' => 'u.block = 0',
'approved' => 'ue.approved = 1',
'confirmed' => 'ue.confirmed = 1'
);
if ( checkJversion() == 2 ) {
$joinsSQL[] = 'JOIN #__user_usergroup_map g ON g.`user_id` = u.`id`';
}
if ( ! $isModerator ) {
$tablesWhereSQL['banned'] = 'ue.banned = 0';
}
if ( $usergids ) {
if ( checkJversion() == 2 ) {
$tablesWhereSQL['gid'] = 'g.group_id IN (' . $usergids . ')';
} else {
$tablesWhereSQL['gid'] = 'u.gid IN (' . $usergids . ')';
}
}
foreach ( $tableReferences as $table => $name ) {
$tablesSQL[] = $table . ' ' . $name;
if ( $name != 'u' ) {
$tablesWhereSQL[] = "u.`id` = " . $name . ".`id`";
}
}
// handles search criterias:
$list_compare_types = $params->get( 'list_compare_types', 0 );
$searchVals = new stdClass();
$searchesFromFields = $tabs->applySearchableContents( $searchableFields, $searchVals, $searchFormValuesRAW, $list_compare_types );
$whereFields = $searchesFromFields->reduceSqlFormula( $tableReferences, $joinsSQL, TRUE );
if ( $whereFields ) {
$tablesWhereSQL[] = '(' . $whereFields . ')';
/*
if ( $search === null ) {
$search = '';
}
*/
}
$_PLUGINS->trigger( 'onBeforeUsersListBuildQuery', array( &$tablesSQL, &$joinsSQL, &$tablesWhereSQL ) );
$queryFrom = "FROM " . implode( ', ', $tablesSQL )
. ( count( $joinsSQL ) ? "\n " . implode( "\n ", $joinsSQL ) : '' )
. "\n WHERE " . implode( "\n AND ", $tablesWhereSQL );
// handles old formatted names search:
/*
if ( $search != '' ) {
$searchSQL = cbEscapeSQLsearch( strtolower( $_CB_database->getEscaped( $search ) ) );
$queryFrom .= " AND (";
$searchFields = array();
if ( $ueConfig['name_format']!='3' ) {
$searchFields[] = "u.name LIKE '%%s%'";
}
if ( $ueConfig['name_format']!='1' ) {
$searchFields[] = "u.username LIKE '%%s%'";
}
if ( is_array( $plugSearchFieldsArray ) ) {
foreach ( $plugSearchFieldsArray as $v ) {
if ( is_array( $v ) ) {
$searchFields = array_merge( $searchFields, $v );
}
}
}
$queryFrom .= str_replace( '%s', $searchSQL, implode( " OR ", $searchFields ) );
$queryFrom .= ")";
}
*/
$queryFrom .= " " . $filterby;
$_PLUGINS->trigger( 'onBeforeUsersListQuery', array( &$queryFrom, 1, $listid ) ); // $uid = 1
$errorMsg = null;
// counts number of users and loads the listed fields of the users if not in search-form-only mode:
if ( $searchmode == 0 ) {
if ( checkJversion() == 2 ) {
$_CB_database->setQuery( "SELECT COUNT(DISTINCT u.id) " . $queryFrom );
} else {
$_CB_database->setQuery( "SELECT COUNT(*) " . $queryFrom );
}
$total = $_CB_database->loadResult();
if ( ( $limit > $total ) || ( $limitstart >= $total ) ) {
$limitstart = 0;
}
// $query = "SELECT u.id, ue.banned, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby
if ( checkJversion() == 2 ) {
$query = "SELECT DISTINCT ue.*, u.*, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby;
} else {
$query = "SELECT ue.*, u.*, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby;
}
$_CB_database->setQuery( $query, (int) $limitstart, (int) $limit );
$users = $_CB_database->loadObjectList( null, 'moscomprofilerUser', array( &$_CB_database ) );
if ( ! $_CB_database->getErrorNum() ) {
// creates the CBUsers in cache corresponding to the $users:
foreach ( array_keys( $users ) as $k) {
CBuser::setUserGetCBUserInstance( $users[$k] );
}
} else {
$users = array();
$errorMsg = _UE_ERROR_IN_QUERY_TURN_SITE_DEBUG_ON_TO_VIEW;
}
if ( count( get_object_vars( $searchVals ) ) > 0 ) {
$search = '';
} else {
$search = null;
}
} else {
$total = null;
$users = array();
if ( $search === null ) {
$search = '';
}
}
// Compute itemId of users in users-list:
if ( $Itemid ) {
$option_itemid = (int) $Itemid;
} else {
$option_itemid = getCBprofileItemid( 0 );
}
HTML_comprofiler::usersList( $row, $users, $columns, $allFields, $lists, $listid, $search, $searchmode, $option_itemid, $limitstart, $limit, $total, $myUser, $searchableFields, $searchVals, $tabs, $list_compare_types, $showPaging, $hotlink_protection, $errorMsg, $random );
}
/**
* WARNING: UNCHECKED ACCESS! On purpose unchecked access for M2M operations
* Generates the HTML to display for a specific component-like page for the tab. WARNING: unchecked access !
* @param TabTable|null $tab the tab database entry
* @param UserTable $user the user being displayed
* @param int $ui 1 for front-end, 2 for back-end
* @param array $postdata _POST data for saving edited tab content as generated with getEditTab
* @return mixed either string HTML for tab content, or false if ErrorMSG generated
*/
public function getTabComponent( /** @noinspection PhpUnusedParameterInspection */ $tab, $user, $ui, $postdata ) {
global $_CB_database, $_CB_framework, $_POST;
$return = '';
$paid = false;
$oldignoreuserabort = ignore_user_abort(true);
$allowHumanHtmlOutput = true; // this will be reverted in case of M2M server-to-server notifications
$act = $this->base->_getReqParam( 'act' );
$actPosted = isset($_POST[$this->base->_getPagingParamName('act')]);
if ( $act === null ) {
$act = $this->base->input( 'act', null, GetterInterface::COMMAND );
$actPosted = $this->base->input( 'post/act', null, GetterInterface::COMMAND ) !== null;
}
$post_user_id = (int) cbGetParam( $_GET, 'user', 0 );
if ( $actPosted && ( $post_user_id > 0 ) ) {
$access = false;
$myId = $_CB_framework->myId();
if ( is_object( $user ) ) {
if ( $myId == 0 ) {
if ( in_array( $act, array( 'saveeditinvoiceaddress', 'saveeditbasketintegration', 'showbskt' ) ) ) {
$access = true;
} else {
$paidsubsManager =& cbpaidSubscriptionsMgr::getInstance();
if ( ! $paidsubsManager->checkExpireMe( __FUNCTION__, $user->id, false ) ) {
// expired subscriptions: we will allow limited access to:
if ( in_array( $act, array( 'upgrade', 'pay', 'reactivate', 'resubscribe', 'display_subscriptions' ) ) ) {
$access = true;
}
}
}
} else {
if ( ( $ui == 1 && ( $user->id == $myId ) )
|| ( cbpaidApp::authoriseAction( 'cbsubs.usersubscriptionmanage' ) ) ) {
$access = true;
}
}
} else {
$return = CBPTXT::T("User does not exist") . '.';
}
if ( ! $access ) {
$return .= '<br />' . CBPTXT::T("Not authorized action") . '.';
return $return;
}
cbSpoofCheck( 'plugin' ); // anti-spoofing check
// renew or upgrade subscription payment form:
$params = $this->params;
$now = $_CB_framework->now();
$subscriptionsGUI = new cbpaidControllerUI();
$subscriptionIds = $subscriptionsGUI->getEditPostedBoxes( 'id' );
if ( $subscriptionIds == array( 0 ) ) {
$subscriptionIds = array();
}
if ( $post_user_id && ( $user->id == $post_user_id ) ) {
outputCbTemplate();
$this->base->outputRegTemplate();
outputCbJs();
switch ( $act ) {
case 'upgrade': // upgrade an existing subscription
// display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present:
$chosenPlans = $subscriptionsGUI->getAndCheckChosenUpgradePlans( $postdata, $user, $now );
if ( ( ! is_array( $chosenPlans ) ) || ( count( $chosenPlans ) == 0 ) ) {
$subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) );
$return .= ( is_string( $chosenPlans ) ? $chosenPlans . '<br />' : '' )
. sprintf( CBPTXT::Th("Please press back button and select the %s plan to which you would like to upgrade."), $subTxt );
break;
}
$introText = CBPTXT::Th( $params->get( 'intro_text_upgrade', null ) );
//TBD: check if already exists (reload protection):
$paymentBasket = cbpaidControllerOrder::createSubscriptionsAndPayment( $user, $chosenPlans, $postdata, $subscriptionIds, null, 'R', CBPTXT::T("Upgrade"), 'U' );
if ( is_object( $paymentBasket ) ) {
$return = cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
} else {
$return = $paymentBasket; // show messages as nothing to pay.
}
break;
case 'pay': // pay for an unpaid subscription
// display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present:
$plan = $this->base->_getReqParam( 'plan' );
if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) {
$subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) );
$return .= sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt );
break;
}
$plansMgr =& cbpaidPlansMgr::getInstance();
$chosenPlans = array();
$chosenPlans[(int) $plan] = $plansMgr->loadPlan( (int) $plan );
$introText = CBPTXT::Th( $params->get( 'intro_text', null ) );
$paymentStatus = null;
$return = cbpaidControllerOrder::showPaymentForm( $user, $chosenPlans, $introText, $subscriptionIds, $paymentStatus );
break;
case 'renew': // renew a still valid subscription
case 'reactivate': // reactivate an expired subscription
case 'resubscribe': // resubscribe a cancelled subscription
// display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present:
$plan = $this->base->_getReqParam( 'plan' );
if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) {
$subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) );
$return .= sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt );
break;
}
$plansMgr =& cbpaidPlansMgr::getInstance();
$chosenPlans = array();
$chosenPlans[(int) $plan] = $plansMgr->loadPlan( (int) $plan );
$paidSomethingMgr =& cbpaidSomethingMgr::getInstance();
$subscription = $paidSomethingMgr->loadSomething( $subscriptionIds[$plan][0], $subscriptionIds[$plan][1] );
global $_PLUGINS;
$_PLUGINS->loadPluginGroup( 'user', 'cbsubs.' );
$_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin');
$_PLUGINS->trigger( 'onCPayAfterPlanRenewalSelected', array( &$chosenPlans[(int) $plan], &$subscription, $act ) );
if ( $_PLUGINS->is_errors() ) {
$return .= $_PLUGINS->getErrorMSG();
break;
}
$introText = CBPTXT::Th( $params->get( 'intro_text_renew', null ) );
//TBD: check if already exists (reload protection):
$paymentBasket = cbpaidControllerOrder::createSubscriptionsAndPayment( $user, $chosenPlans, $postdata, $subscriptionIds, null, null, CBPTXT::T("Renew"), 'R' );
if ( is_object( $paymentBasket ) ) {
$return = cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
} else {
$return = $paymentBasket; // show messages as nothing to pay.
}
break;
case 'unsubscribe': // request to unsubscribe an active subscription
// display unsubscribe confirmation form:
$plan = $this->base->_getReqParam( 'plan' );
if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) {
$subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) );
$return .= sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt );
break;
}
$introText = CBPTXT::Th( $params->get( 'unsubscribe_intro_text' , null ) );
$return = $subscriptionsGUI->showUnsubscribeForm( $user, $introText, (int) $plan, (int) $subscriptionIds[$plan][1] );
break;
case 'confirm_unsubscribe': // confirm previous request to unsubscribe an active subscription
// unsubscribe confirmed:
$plan = $this->base->_getReqParam( 'plan' );
if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) {
$subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) );
$return .= sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt );
break;
}
if ( ( $plan ) && ( count( $subscriptionIds ) == 1 ) ) {
$unsubscribeConfText = CBPTXT::Th( $params->get( 'unsubscribe_confirmation_text', null ) );
$return = cbpaidControllerOrder::doUnsubscribeConfirm( $user, $unsubscribeConfText, (int) $plan, (int) $subscriptionIds[$plan][1] );
}
break;
case 'display_subscriptions':
// unsubscribe cancelled: display subscriptions:
$return = $this->base->displayUserTab( $user );
break;
case 'showinvoice':
// shows a particular user invoice:
if ( $params->get( 'show_invoices', 1 ) ) {
$invoiceNo = $this->base->_getReqParam( 'invoice' );
$return = $this->showInvoice( $invoiceNo, $user );
}
break;
case 'saveeditinvoiceaddress':
case 'editinvoiceaddress': // this is the case of reload of invoicing address
$invoicingAddressQuery = $params->get( 'invoicing_address_query' );
if ( $invoicingAddressQuery > 0 ) {
$basketId = $this->base->_getReqParam( 'basket', 0 );
$hashToCheck = $this->base->_getReqParam( 'bck' );
$paymentBasket = new cbpaidPaymentBasket( $_CB_database );
if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) {
if ( ( $act == 'saveeditinvoiceaddress' ) && $this->base->input( 'actbutton', null, GetterInterface::COMMAND ) ) { // IE7-8 will return text instead of value and IE6 will return button all the time http://www.dev-archive.net/articles/forms/multiple-submit-buttons.html
$return = $paymentBasket->saveInvoicingAddressForm( $user );
if ( $return === null ) {
$paymentBasket->storeInvoicingDefaultAddress();
$introText = CBPTXT::Th( $params->get( 'intro_text', null ) );
$return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
}
} else {
// invoice has reloaded itself (e.g. for country change):
$return = $paymentBasket->renderInvoicingAddressForm( $user );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
break;
case 'saverecordpayment':
case 'editrecordpayment': // this is the case of reload of the form
$basketId = $this->base->_getReqParam( 'basket', 0 );
$hashToCheck = $this->base->_getReqParam( 'bck' );
$paymentBasket = new cbpaidPaymentBasket( $_CB_database );
if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status != 'Completed' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) {
if ( $paymentBasket->authoriseAction( 'cbsubs.recordpayments' ) ) {
if ( ( $act == 'saverecordpayment' ) && $this->base->input( 'actbutton', null, GetterInterface::COMMAND ) ) { // IE7-8 will return text instead of value and IE6 will return button all the time http://www.dev-archive.net/articles/forms/multiple-submit-buttons.html
$return = cbpaidRecordBasketPayment::saveRecordPayment( $paymentBasket->id );
if ( $return === null ) {
$return .= CBPTXT::T("Payment recorded.")
. ' <a href="' . $_CB_framework->userProfileUrl( $paymentBasket->user_id, true ) . '">'
. CBPTXT::Th("View user profile")
. '</a>';
}
} else {
// invoice has reloaded itself (e.g. for country change):
$return = cbpaidRecordBasketPayment::displayRecordPaymentForm( $paymentBasket->id );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
}
break;
default:
cbNotAuth();
return '';
break;
}
}
} elseif ( $this->base->_getReqParam( 'account' ) && ( ( (int) cbGetParam( $_GET, 'user', 0 ) ) > 0 ) ) {
$account = $this->base->_getReqParam( 'account' );
$post_user_id = (int) cbGetParam( $_GET, 'user', 0 );
$user = CBuser::getUserDataInstance( (int) $post_user_id );
if ( $user->id ) {
if ( isset( $_SESSION['cbsubs']['expireduser'] ) && ( $_SESSION['cbsubs']['expireduser'] == $user->id ) ) {
// expired subscriptions of membership: show possibilities:
$subscriptionsGUI = new cbpaidControllerUI();
outputCbTemplate();
$this->base->outputRegTemplate();
outputCbJs();
switch ( $account ) {
case 'expired':
$paidsubsManager =& cbpaidSubscriptionsMgr::getInstance();
if ( ! $paidsubsManager->checkExpireMe( __FUNCTION__, $user->id, false ) ) {
// no valid membership:
$return = $subscriptionsGUI->getShowSubscriptionUpgrades( $user, true );
}
break;
default:
break;
}
} else {
$return = CBPTXT::Th("Browser cookies must be enabled.");
}
}
} elseif ( in_array( $act, array( 'setbsktpmtmeth', 'setbsktcurrency' ) ) ) {
cbSpoofCheck( 'plugin' ); // anti-spoofing check
$params = $this->params;
outputCbTemplate();
$this->base->outputRegTemplate();
outputCbJs();
$basketId = $this->base->_getReqParam( 'bskt', 0 );
$hashToCheck = $this->base->_getReqParam( 'bck' );
$paymentBasket = new cbpaidPaymentBasket( $_CB_database );
if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) {
switch ( $act ) {
case 'setbsktpmtmeth':
if ( $params->get( 'payment_method_selection_type' ) == 'radios' ) {
$chosenPaymentMethod = cbGetParam( $_POST, 'payment_method' );
$introText = CBPTXT::Th( $params->get( 'intro_text', null ) );
$return = $paymentBasket->saveBasketPaymentMethodForm( $user, $introText, $chosenPaymentMethod );
if ( $return === null ) {
$return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
break;
case 'setbsktcurrency':
if ( $params->get( 'allow_select_currency', '0' ) ) {
$newCurrency = cbGetParam( $_POST, 'currency' );
if ( $newCurrency ) {
if ( in_array( $newCurrency, cbpaidControllerPaychoices::getInstance()->getAllCurrencies() ) ) {
$paymentBasket->changeCurrency( $newCurrency );
} else {
$this->base->_setErrorMSG( CBPTXT::T("This currency is not allowed") );
}
$introText = CBPTXT::Th( $params->get( 'intro_text', null ) );
$return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("Changes of currency of orders are not authorized") );
}
break;
default:
cbNotAuth();
return '';
break;
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
}
} elseif ( $act == 'cbsubsclass' ) {
$pluginName = $this->base->_getReqParam( 'class' );
if ( preg_match( '/^[a-z]+$/', $pluginName ) ) {
$element = 'cbsubs.' . $pluginName;
global $_PLUGINS;
$_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin', $element );
$loadedPlugins =& $_PLUGINS->getLoadedPluginGroup( 'user/plug_cbpaidsubscriptions/plugin' );
$params = $this->params;
foreach ($loadedPlugins as $p ) {
if ( $p->element == $element ) {
$pluginId = $p->id;
$args = array( &$user, &$params, &$postdata );
/** @noinspection PhpUndefinedCallbackInspection */
$return = $_PLUGINS->call( $pluginId, 'executeTask', 'getcbsubs' . $pluginName . 'Tab', $args, null );
break;
}
}
}
} elseif ( $act && ( ! in_array( $act, array( 'showbskt', 'setbsktpmtmeth' ) ) ) && ( ( (int) cbGetParam( $_GET, 'user', 0 ) ) > 0 ) ) {
if ( ! is_object( $user ) ) {
return CBPTXT::T("User does not exist.");
}
$params = $this->params;
$post_user_id = (int) cbGetParam( $_GET, 'user', 0 );
if ( $post_user_id && ( ( $user->id == $post_user_id ) || ( cbpaidApp::authoriseAction( 'cbsubs.usersubscriptionmanage' ) ) ) ) {
outputCbTemplate();
$this->base->outputRegTemplate();
outputCbJs();
switch ( $act ) {
case 'showinvoice':
if ( $params->get( 'show_invoices', 1 ) ) {
$invoiceNo = $this->base->_getReqParam( 'invoice', 0 );
// This also checks for cbpaidApp::authoriseAction on cbsubs.sales or cbsubs.financial access permissions:
$return = $this->showInvoice( $invoiceNo, $user );
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
break;
case 'showinvoiceslist':
$showInvoices = $params->get( 'show_invoices', 1 );
$invoicesShowPeriod = $params->get( 'invoices_show_period', '0000-06-00 00:00:00' );
$itsmyself = ( $_CB_framework->myId() == $user->id );
if ( $showInvoices && ( $itsmyself || ( cbpaidApp::authoriseAction( 'cbsubs.sales' ) || cbpaidApp::authoriseAction( 'cbsubs.financial' ) ) ) ) {
$subscriptionsGUI = new cbpaidControllerUI();
$invoices = $this->_getInvoices( $user, $invoicesShowPeriod, false );
if ( $invoicesShowPeriod && ( $invoicesShowPeriod != '0000-00-00 00:00:00' ) ) {
$cbpaidTimes =& cbpaidTimes::getInstance();
$periodText = $cbpaidTimes->renderPeriod( $invoicesShowPeriod, 1, false );
} else {
$periodText = '';
}
$return .= $subscriptionsGUI->showInvoicesList( $invoices, $user, $itsmyself, $periodText );
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
break;
case 'editinvoiceaddress': // this is the case of the initial edit address link
if ( $params->get( 'invoicing_address_query' ) > 0 ) {
$basketId = $this->base->_getReqParam( 'basket', 0 );
$hashToCheck = $this->base->_getReqParam( 'bck' );
$paymentBasket = new cbpaidPaymentBasket( $_CB_database );
if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) {
$return = $paymentBasket->renderInvoicingAddressForm( $user );
} else {
$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
break;
case 'showrecordpayment':
$paymentBasketId = $this->base->_getReqParam( 'recordpayment', 0 );
if ( $paymentBasketId ) {
$paymentBasket = new cbpaidPaymentBasket();
if ( $paymentBasket->load( (int) $paymentBasketId ) && $paymentBasket->authoriseAction( 'cbsubs.recordpayments' ) ) {
// Auto-loads class: and authorization is checked inside:
$return = cbpaidRecordBasketPayment::displayRecordPaymentForm( $paymentBasketId );
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
break;
default:
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
break;
}
}
} elseif ( $act == 'showbskt' && ( ( ( (int) cbGetParam( $_GET, 'user', 0 ) ) > 0 ) ) || ( $this->base->_getReqParam( 'bskt', 0 ) && $this->base->_getReqParam( 'bck' ) ) ) {
$basketId = $this->base->_getReqParam( 'bskt', 0 );
$hashToCheck = $this->base->_getReqParam( 'bck' );
// Basket integrations saving/editing url:
if ( in_array($act, array( 'saveeditbasketintegration', 'editbasketintegration' ) ) ) { // edit is the case of edit or reload of integration form
$integration = $this->base->_getReqParam( 'integration' );
$paymentBasket = new cbpaidPaymentBasket( $_CB_database );
if ( preg_match( '/^[a-z]+$/', $integration ) && $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) {
global $_PLUGINS;
$element = 'cbsubs.' . $integration;
$_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin', $element );
$results = $_PLUGINS->trigger( 'onCPayEditBasketIntegration', array( $integration, $act, &$paymentBasket ) );
$return = null;
foreach ( $results as $r ) {
if ( $r ) {
$return .= $r;
}
}
if ( $act == 'editbasketintegration' ) {
if ( $return !== null ) {
return $return;
}
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
}
}
$post_user_id = (int) cbGetParam( $_GET, 'user', 0 );
if ( $post_user_id && ! ( ( is_object( $user ) && ( $user->id == $post_user_id ) ) ) ) {
return CBPTXT::T("User does not exist.");
}
outputCbTemplate();
$this->base->outputRegTemplate();
outputCbJs();
$params = $this->params;
$paymentBasket = new cbpaidPaymentBasket( $_CB_database );
if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) ) {
if ( ! $post_user_id ) {
$cbUser =& CBuser::getInstance( (int) $paymentBasket->user_id );
$user =& $cbUser->getUserData();
if ( ( ! is_object( $user ) ) || ! $user->id ) {
return CBPTXT::T("User does not exist.");
}
}
if ( ( $hashToCheck && $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) )
|| ( ( ! $hashToCheck ) && $paymentBasket->user_id && ( $paymentBasket->user_id == $_CB_framework->myId() ) ) )
{
$introText = CBPTXT::Th( $params->get( 'intro_text', null ) );
$return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
}
// } elseif ( isset($_REQUEST['result']) && isset( $_REQUEST['user'] ) && ( $_REQUEST['user'] > 0 ) ) {
} elseif ( isset($_REQUEST['result']) && ( $this->base->_getReqParam('method') || $this->base->_getReqParam('gacctno') ) ) {
// don't check license here so initiated payments can complete !
$params = $this->params;
$method = $this->base->_getReqParam('method');
if ( ( $method == 'freetrial' ) || ( $method == 'cancelpay' ) ) {
cbpaidApp::import( 'processors.freetrial.freetrial' );
cbpaidApp::import( 'processors.cancelpay.cancelpay' );
$className = 'cbpaidGatewayAccount' . $method;
$payAccount = new $className( $_CB_database );
} else {
$gateAccount = $this->base->_getReqParam('gacctno');
$payAccount = cbpaidControllerPaychoices::getInstance()->getPayAccount( $gateAccount );
if ( ! $payAccount ) {
return '';
}
}
$payClass = $payAccount->getPayMean();
$paymentBasket = new cbpaidPaymentBasket($_CB_database);
if ( $payClass && ( ( $this->base->_getReqParam('method') == $payClass->getPayName() ) || ( $this->base->_getReqParam('method') == null ) ) && $payClass->hashPdtBackCheck( $this->base->_getReqParam('pdtback') ) ) {
// output for resultNotification: $return and $allowHumanHtmlOutput
$return = $payClass->resultNotification( $paymentBasket, $postdata, $allowHumanHtmlOutput );
}
if ( ! $paymentBasket->id ) {
$this->base->_setErrorMSG(CBPTXT::T("No suitable basket found."));
} else {
$user =& CBuser::getUserDataInstance( (int) $paymentBasket->user_id );
if ( $paymentBasket->payment_status == 'RegistrationCancelled' ) {
// registration cancelled: delete payment basket and delete user after checking that he is not yet active:
if ( $paymentBasket->load( (int) $paymentBasket->id ) ) {
if ( $payClass->hashPdtBackCheck( $this->base->_getReqParam('pdtback') ) && ( ( $paymentBasket->payment_status == 'NotInitiated' ) || ( ( $paymentBasket->payment_status === 'Pending' ) && ( $paymentBasket->payment_method === 'offline' ) ) ) ) {
$notification = new cbpaidPaymentNotification();
$notification->initNotification( $payClass, 0, 'P', $paymentBasket->payment_status, $paymentBasket->payment_type, null, $_CB_framework->now(), $paymentBasket->charset );
$payClass->updatePaymentStatus( $paymentBasket, 'web_accept', 'RegistrationCancelled', $notification, 0, 0, 0, true );
// This is a notification or a return to site after payment, we want to log any error happening in third-party stuff in case:
cbpaidErrorHandler::keepTurnedOn();
}
}
}
if ( $allowHumanHtmlOutput ) {
// If frontend, we display result, otherwise, If Server-to-server notification: do not display any additional text here !
switch ( $paymentBasket->payment_status ) {
case 'Completed':
// PayPal recommends including the following information with the confirmation:
// - Item name
// - Amount paid
// - Payer email
// - Shipping address
$newMsg = sprintf( CBPTXT::Th("Thank you for your payment of %s for the %s %s."), $paymentBasket->renderPrice(),
$paymentBasket->item_name,
htmlspecialchars( $payClass->getTxtUsingAccount( $paymentBasket ) ) ) // ' using your paypal account ' . $paymentBasket->payer_email
. ' ' . $payClass->getTxtNextStep( $paymentBasket );
// . "Your transaction has been completed, and a receipt for your purchase has been emailed to you by PayPal. "
// . "You may log into your account at www.paypal.com to view details of this transaction.</p>\n";
if ( $params->get( 'show_invoices' ) ) {
$itsmyself = ( $_CB_framework->myId() == $user->id );
$subscriptionsGUI = new cbpaidControllerUI();
$newMsg .= '<p id="cbregviewinvoicelink">'
. $subscriptionsGUI->getInvoiceShowAhtml( $paymentBasket, $user, $itsmyself, CBPTXT::Th("View printable invoice") )
. '</p>'
;
}
$paid = true;
break;
case 'Pending':
$newMsg = sprintf( CBPTXT::Th("Thank you for initiating the payment of %s for the %s %s."), $paymentBasket->renderPrice(),
$paymentBasket->item_name,
htmlspecialchars( $payClass->getTxtUsingAccount( $paymentBasket ) ) ) // ' using your paypal account ' . $paymentBasket->payer_email
. ' ' . $payClass->getTxtNextStep( $paymentBasket );
// . "Your payment is currently being processed. "
// . "A receipt for your purchase will be emailed to you by PayPal once processing is complete. "
// . "You may log into your account at www.paypal.com to view status details of this transaction.</p>\n";
break;
case 'RegistrationCancelled':
$newMsg = $payClass->getTxtNextStep( $paymentBasket );
break;
case 'FreeTrial':
$newMsg = CBPTXT::Th("Thank you for subscribing to") . ' ' . $paymentBasket->item_name . '.'
. ' ' . $payClass->getTxtNextStep( $paymentBasket );
break;
case null:
$newMsg = CBPTXT::T("Payment basket does not exist.");
break;
case 'NotInitiated':
$newMsg = '';
break;
case 'RedisplayOriginalBasket':
if ( $paymentBasket->load( (int) $paymentBasket->id ) && ( $paymentBasket->payment_status == 'NotInitiated' ) ) {
$introText = CBPTXT::Th( $params->get( 'intro_text', null ) );
$return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
}
$newMsg = '';
break;
case 'Processed':
case 'Denied':
case 'Reversed':
case 'Refunded':
case 'Partially-Refunded':
default:
$newMsg = $payClass->getTxtNextStep( $paymentBasket );
// "<p>Your transaction is not cleared and has currently following status: <strong>" . $paymentBasket->payment_status . ".</strong></p>"
// . "<p>You may log into your account at www.paypal.com to view status details of this transaction.</p>";
break;
}
if ( in_array( $paymentBasket->payment_status, array( 'Completed', 'Pending' ) ) ) {
$subscriptions = $paymentBasket->getSubscriptions();
$texts = array(); // avoid repeating several times identical texts:
if ( is_array( $subscriptions ) ) {
foreach ( $subscriptions as $sub ) {
/** @var $sub cbpaidSomething */
$thankYouParam = ( $paymentBasket->payment_status == 'Completed') ? 'thankyoutextcompleted' : 'thankyoutextpending';
$thankYouText = $sub->getPersonalized( $thankYouParam, true );
if ( $thankYouText && ! in_array( $thankYouText, $texts ) ) {
$texts[] = $thankYouText;
if ( strpos( $thankYouText, '<' ) === false ) {
$msgTag = 'p';
} else {
$msgTag = 'div';
}
$newMsg .= '<' . $msgTag . ' class="cbregThanks" id="cbregThanks' . $sub->plan_id . '">' . $thankYouText . '</' . $msgTag . ">\n";
}
}
}
}
if ( $newMsg ) {
$return .= '<div>' . $newMsg . '</div>';
}
if ( $paid && ( $_CB_framework->myId() < 1 ) && ( cbGetParam( $_REQUEST, 'user', 0 ) == $paymentBasket->user_id ) ) {
$_CB_database->setQuery( "SELECT * FROM #__comprofiler c, #__users u WHERE c.id=u.id AND c.id=".(int) $paymentBasket->user_id );
if ( $_CB_database->loadObject( $user ) && ( $user->lastvisitDate == '0000-00-00 00:00:00' ) ) {
$return = '<p>' . implode( '', getActivationMessage( $user, 'UserRegistration' ) ) . '</p>' . $return;
}
}
}
}
} else {
cbNotAuth();
return ' ' . CBPTXT::T("No result.");
}
if ( $allowHumanHtmlOutput ) {
$allErrorMsgs = $this->base->getErrorMSG( '</div><div class="error">' );
if ( $allErrorMsgs ) {
$errorMsg = '<div class="error">' . $allErrorMsgs . '</div>';
} else {
$errorMsg = null;
}
/** @var string $return */
if ( ( $return == '' ) && ( $errorMsg ) ) {
$this->base->outputRegTemplate();
$return = $errorMsg . '<br /><br />' . $return;
$return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, '' );
} else {
$return = $errorMsg . $return;
}
}
if ( ! is_null( $oldignoreuserabort ) ) {
ignore_user_abort($oldignoreuserabort);
}
return $return;
}
} else {
checkCanAdminPlugins('core.edit', $userIdPosted, 'com_users');
}
$cbController = _CBloadController('user');
/** @var CBController_user $cbController */
$cbController->saveUser($option, $task);
break;
case 'editPlugin':
checkCanAdminPlugins('core.edit', $pluginId);
$cbController = _CBloadController('plugin');
/** @var CBController_plugin $cbController */
$cbController->editPlugin($option, $task, $pluginId);
break;
case 'savePlugin':
case 'applyPlugin':
cbSpoofCheck('plugin');
checkCanAdminPlugins('core.edit');
$cbController = _CBloadController('plugin');
/** @var CBController_plugin $cbController */
$cbController->savePlugin($option, $task);
break;
case 'pluginmenu':
$cbController = _CBloadController('plugin');
/** @var CBController_plugin $cbController */
$cbController->pluginMenu($option, $pluginId);
break;
default:
_CBloadController('default');
break;
}
ob_start();
function processConnectionActions($connectionids) {
global $_CB_framework, $ueConfig, $_POST;
// simple spoof check security
cbSpoofCheck( 'manageConnections' );
if(!$ueConfig['allowConnections']) {
echo _UE_FUNCTIONALITY_DISABLED;
return;
}
if ( ! ( $_CB_framework->myId() > 0 ) ) {
cbNotAuth();
return;
}
$cbCon = new cbConnection( $_CB_framework->myId() );
if (is_array($connectionids)) {
foreach($connectionids AS $cid) {
$action = cbGetParam( $_POST, $cid . 'action' );
if ( $action== 'd' ) {
$cbCon->denyConnection( $_CB_framework->myId(), $cid );
} elseif ( $action == 'a' ) {
$cbCon->acceptConnection( $_CB_framework->myId(), $cid );
}
}
}
$error = $cbCon->getErrorMSG();
if ( $error ) {
cbRedirect( cbSef( 'index.php?option=com_comprofiler&task=manageConnections' . getCBprofileItemid(), false ), $error, 'error' );
} else {
cbRedirect( cbSef( 'index.php?option=com_comprofiler&task=manageConnections' . getCBprofileItemid(), false ),
( is_array($connectionids) ) ? _UE_CONNECTIONACTIONSSUCCESSFULL : null );
}
return;
}
/**
* Direct access to field for custom operations, like for Ajax
*
* WARNING: direct unchecked access, except if $user is set, then check well for the $reason ...
*
* @param FieldTable $field
* @param UserTable $user
* @param array $postdata
* @param string $reason 'profile' for user profile view, 'edit' for profile edit, 'register' for registration, 'search' for searches
* @return string Expected output.
*/
public function fieldClass(&$field, &$user, &$postdata, $reason)
{
global $_CB_framework;
// simple spoof check security
if (!cbSpoofCheck('fieldclass', 'POST', 2) || $reason == 'register' && $_CB_framework->getUi() == 1 && !cbRegAntiSpamCheck(2)) {
echo '<div class="alert alert-danger">' . CBTxt::Th('UE_SESSION_EXPIRED', 'Session expired or cookies are not enabled in your browser. Please press "reload page" in your browser, and enable cookies in your browser.') . "</div>";
exit;
}
return false;
}
/**
* @param TabTable $tab Current tab
* @param UserTable $user Current user
* @param int $ui 1 front, 2 admin UI
* @param array $postdata Raw unfiltred POST data
* @return string HTML
*/
public function getCBpluginComponent( $tab, $user, $ui, $postdata )
{
$format = $this->input( 'format', null, GetterInterface::STRING );
if ( $format != 'raw' ) {
outputCbJs();
outputCbTemplate();
}
$action = $this->input( 'action', null, GetterInterface::STRING );
$function = $this->input( 'func', null, GetterInterface::STRING );
$id = (int) $this->input( 'id', null, GetterInterface::INT );
$user = CBuser::getMyUserDataInstance();
if ( $format != 'raw' ) {
ob_start();
}
// TODO: For B/C: remove
$cat = (int) $this->input( 'cat', null, GetterInterface::INT );
$grp = (int) $this->input( 'grp', null, GetterInterface::INT );
switch ( $action ) {
case 'overview': // TODO: For B/C: remove
case 'allcategories':
$action = 'categories';
$function = 'all';
break;
case 'allgroups':
$action = 'groups';
$function = 'all';
break;
case 'panel': // TODO: For B/C: remove
case 'mygroups':
$action = 'groups';
$function = 'my';
break;
case 'joinedgroups':
$action = 'groups';
$function = 'joined';
break;
case 'invitedgroups':
$action = 'groups';
$function = 'invited';
break;
case 'groupsapproval':
$action = 'groups';
$function = 'approval';
break;
case 'newgroup':
$action = 'groups';
$function = 'new';
if ( $id ) {
$this->getInput()->set( 'category', $id );
}
break;
case 'editgroup':
$action = 'groups';
$function = 'edit';
break;
case 'messagegroup':
$action = 'groups';
$function = 'message';
break;
case 'groupnotifications':
$action = 'groups';
$function = 'notifications';
break;
case 'categories': // TODO: For B/C: remove
if ( $cat ) {
$id = $cat;
}
break;
case 'groups': // TODO: For B/C: remove
if ( $cat ) {
$this->getInput()->set( 'category', $cat );
}
if ( $grp ) {
$id = $grp;
}
break;
default: // TODO: For B/C: remove
if ( $cat ) {
$this->getInput()->set( 'category', $cat );
}
if ( $grp ) {
$this->getInput()->set( 'group', $grp );
}
break;
}
switch ( $action ) {
case 'groups':
switch ( $function ) {
case 'reject':
$this->rejectGroupInvites( $id, $user );
break;
case 'cancel':
$this->cancelGroupJoin( $id, $user );
break;
case 'join':
$this->joinGroup( $id, $user );
break;
case 'leave':
$this->leaveGroup( $id, $user );
break;
case 'publish':
$this->stateGroup( 1, $id, $user );
break;
case 'unpublish':
$this->stateGroup( 0, $id, $user );
break;
case 'delete':
$this->deleteGroup( $id, $user );
break;
case 'new':
$this->showGroupEdit( null, $user );
break;
case 'edit':
$this->showGroupEdit( $id, $user );
break;
case 'save':
cbSpoofCheck( 'plugin' );
$this->saveGroupEdit( $id, $user );
break;
case 'message':
$this->showGroupMessage( $id, $user );
break;
case 'send':
cbSpoofCheck( 'plugin' );
$this->sendMessage( $id, $user );
break;
case 'notifications':
$this->showGroupNotifications( $id, $user );
break;
case 'all':
$this->showGroups( 0, $user );
break;
case 'allmy': // TODO: For B/C: remove
case 'my':
$this->showGroups( 1, $user );
break;
case 'joined':
$this->showGroups( 2, $user );
break;
case 'invited':
$this->showGroups( 3, $user );
break;
case 'approval':
$this->showGroups( 4, $user );
break;
case 'show':
default:
$this->showGroup( $id, $user );
break;
}
break;
case 'users':
switch ( $function ) {
case 'ban':
$this->statusUser( -1, $id, $user );
break;
case 'active':
$this->statusUser( 1, $id, $user );
break;
case 'moderator':
$this->statusUser( 2, $id, $user );
break;
case 'admin':
$this->statusUser( 3, $id, $user );
break;
case 'owner':
$this->statusUser( 4, $id, $user );
break;
case 'delete':
$this->deleteUser( $id, $user );
break;
}
break;
case 'invites':
switch ( $function ) {
case 'send':
$this->sendInvite( $id, $user );
break;
case 'new':
$this->showInviteEdit( null, $user );
break;
case 'edit':
$this->showInviteEdit( $id, $user );
break;
case 'save':
cbSpoofCheck( 'plugin' );
$this->saveInviteEdit( $id, $user );
break;
case 'delete':
$this->deleteInvite( $id, $user );
break;
}
break;
case 'notifications':
switch ( $function ) {
case 'save':
cbSpoofCheck( 'plugin' );
$this->saveNotifications( $id, $user );
break;
}
break;
case 'categories':
default:
switch ( $function ) {
case 'all':
$this->showCategories( $user );
break;
case 'show':
default:
$this->showCategory( $id, $user );
break;
}
break;
}
if ( $format != 'raw' ) {
$html = ob_get_contents();
ob_end_clean();
$class = $this->params->get( 'general_class', null );
$return = '<div class="cbGroupJive' . ( $class ? ' ' . htmlspecialchars( $class ) : null ) . '">'
. '<div class="cbGroupJiveInner">'
. $html
. '</div>'
. '</div>';
echo $return;
}
}
/**
* @param TabTable $tab Current tab
* @param UserTable $user Current user
* @param int $ui 1 front, 2 admin UI
* @param array $postdata Raw unfiltred POST data
* @return string HTML
*/
public function getCBpluginComponent( $tab, $user, $ui, $postdata )
{
global $_CB_framework;
$format = $this->input( 'format', null, GetterInterface::STRING );
if ( $format != 'raw' ) {
outputCbJs( 1 );
outputCbTemplate( 1 );
}
$action = $this->input( 'action', null, GetterInterface::STRING );
$function = $this->input( 'func', null, GetterInterface::STRING );
$id = $this->input( 'id', null, GetterInterface::STRING );
$userId = (int) $this->input( 'usr', null, GetterInterface::INT );
$this->_tab = (int) $this->input( 'tab', null, GetterInterface::INT );
if ( $userId ) {
$user = CBuser::getUserDataInstance( (int) $userId );
} else {
$user = CBuser::getMyUserDataInstance();
}
ob_start();
switch ( $action ) {
case 'prune':
switch ( $function ) {
case 'block':
case 'log':
case 'attempts':
$this->pruneItems( $function, false );
break;
case 'all':
default:
$this->pruneAll( false );
break;
}
break;
case 'captcha':
switch ( $function ) {
case 'question':
case 'internal':
case 'image':
$this->captchaImage( $id, $function );
break;
case 'audio':
$this->captchaAudio( $id );
break;
}
break;
case 'block':
if ( ! $this->_tab ) {
$this->_tab = 'cbantispamTabBlocks';
}
$profileUrl = $_CB_framework->userProfileUrl( (int) $user->get( 'id' ), false, $this->_tab );
if ( ! $this->params->get( 'general_block', 1 ) ) {
cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' );
}
if ( ( ! Application::MyUser()->isGlobalModerator() ) || Application::User( (int) $user->get( 'id' ) )->isGlobalModerator() ) {
cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' );
}
switch ( $function ) {
case 'user':
$this->showBlock( $id, 'user', $user );
break;
case 'ip':
$this->showBlock( $id, 'ip', $user );
break;
case 'email':
$this->showBlock( $id, 'email', $user );
break;
case 'domain':
$this->showBlock( $id, 'domain', $user );
break;
case 'edit':
$this->showBlock( $id, null, $user );
break;
case 'new':
$this->showBlock( null, null, $user );
break;
case 'save':
cbSpoofCheck( 'plugin' );
$this->saveBlock( $id, $user );
break;
case 'delete':
$this->deleteBlock( $id, $user );
break;
case 'show':
default:
cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' );
break;
}
break;
case 'whitelist':
if ( ! $this->_tab ) {
$this->_tab = 'cbantispamTabWhitelists';
}
$profileUrl = $_CB_framework->userProfileUrl( $user->get( 'id' ), false, $this->_tab );
if ( ! $this->params->get( 'general_whitelist', 1 ) ) {
cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' );
}
if ( ( ! Application::MyUser()->isGlobalModerator() ) || Application::User( (int) $user->get( 'id' ) )->isGlobalModerator() ) {
cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' );
}
switch ( $function ) {
case 'user':
$this->showWhitelist( $id, 'user', $user );
break;
case 'ip':
$this->showWhitelist( $id, 'ip', $user );
break;
case 'email':
$this->showWhitelist( $id, 'email', $user );
break;
case 'domain':
$this->showWhitelist( $id, 'domain', $user );
break;
case 'edit':
$this->showWhitelist( $id, null, $user );
break;
case 'new':
$this->showWhitelist( null, null, $user );
break;
case 'save':
cbSpoofCheck( 'plugin' );
$this->saveWhitelist( $id, $user );
break;
case 'delete':
$this->deleteWhitelist( $id, $user );
break;
case 'show':
default:
cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' );
break;
}
break;
case 'attempt':
if ( ! $this->_tab ) {
$this->_tab = 'cbantispamTabAttempts';
}
$profileUrl = $_CB_framework->userProfileUrl( $user->get( 'id' ), false, $this->_tab );
if ( ! $this->params->get( 'general_attempts', 1 ) ) {
cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' );
}
if ( ( ! Application::MyUser()->isGlobalModerator() ) || Application::User( (int) $user->get( 'id' ) )->isGlobalModerator() ) {
cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' );
}
switch ( $function ) {
case 'delete':
$this->deleteAttempt( $id, $user );
break;
case 'show':
default:
cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' );
break;
}
break;
case 'log':
if ( ! $this->_tab ) {
$this->_tab = 'cbantispamTabLog';
}
$profileUrl = $_CB_framework->userProfileUrl( $user->get( 'id' ), false, $this->_tab );
if ( ! $this->params->get( 'general_log', 1 ) ) {
cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' );
}
if ( ( ! Application::MyUser()->isGlobalModerator() ) || Application::User( (int) $user->get( 'id' ) )->isGlobalModerator() ) {
cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' );
}
switch ( $function ) {
case 'delete':
$this->deleteLog( $id, $user );
break;
case 'show':
default:
cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' );
break;
}
break;
default:
cbRedirect( 'index.php', CBTxt::T( 'Not authorized.' ), 'error' );
break;
}
$html = ob_get_contents();
ob_end_clean();
if ( $format != 'raw' ) {
$class = $this->params->get( 'general_class', null );
$return = '<div id="cbAntiSpam" class="cbAntiSpam' . ( $class ? ' ' . htmlspecialchars( $class ) : null ) . '">'
. '<div id="cbAntiSpamInner" class="cbAntiSpamInner">'
. $html
. '</div>'
. '</div>';
} else {
$return = $html;
}
echo $return;
}
/**
* Draws Users list (ECHO)
*
* @param int $userId
* @param int $listId
* @param array $postData
* @return void
*/
public function drawUsersList($userId, $listId, $postData)
{
global $_CB_database, $_PLUGINS;
$_PLUGINS->loadPluginGroup('user');
$searchData = cbGetParam($postData, 'search');
$limitstart = (int) cbGetParam($postData, 'limitstart');
$searchMode = (int) cbGetParam($postData, 'searchmode', 0);
$random = (int) cbGetParam($postData, 'rand', 0);
$cbUser = CBuser::getInstance((int) $userId, false);
$user = $cbUser->getUserData();
$search = null;
$input = array();
$publishedLists = array();
$query = 'SELECT *' . "\n FROM " . $_CB_database->NameQuote('#__comprofiler_lists') . "\n WHERE " . $_CB_database->NameQuote('published') . " = 1" . "\n AND " . $_CB_database->NameQuote('viewaccesslevel') . " IN " . $_CB_database->safeArrayOfIntegers(Application::MyUser()->getAuthorisedViewLevels()) . "\n ORDER BY " . $_CB_database->NameQuote('ordering');
$_CB_database->setQuery($query);
/** @var ListTable[] $userLists */
$userLists = $_CB_database->loadObjectList(null, '\\CB\\Database\\Table\\ListTable', array($_CB_database));
if ($userLists) {
foreach ($userLists as $userList) {
$publishedLists[] = moscomprofilerHTML::makeOption((int) $userList->listid, strip_tags($cbUser->replaceUserVars($userList->title, false, false)));
if (!$listId && $userList->default) {
$listId = (int) $userList->listid;
}
}
if (!$listId) {
$listId = (int) $userLists[0]->listid;
}
}
if (!$listId) {
echo CBTxt::Th('UE_NOLISTFOUND', 'There are no published user lists!');
return;
}
if ($userLists) {
$input['plists'] = moscomprofilerHTML::selectList($publishedLists, 'listid', 'class="form-control input-block" onchange="this.form.submit();"', 'value', 'text', (int) $listId, 1);
}
$row = self::getInstance((int) $listId);
if (!$row) {
echo CBTxt::Th('UE_LIST_DOES_NOT_EXIST', 'This list does not exist');
return;
}
if (!$cbUser->authoriseView('userslist', $row->listid)) {
echo CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!');
return;
}
$params = new Registry($row->params);
if ($params->get('hotlink_protection', 0) == 1) {
if ($searchData !== null || $limitstart) {
cbSpoofCheck('userslist', 'GET');
}
}
$limit = (int) $params->get('list_limit', 30);
if (!$limit) {
$limit = 30;
}
if ($params->get('list_paging', 1) != 1) {
$limitstart = 0;
}
$isModerator = Application::MyUser()->isGlobalModerator();
$_PLUGINS->trigger('onStartUsersList', array(&$listId, &$row, &$search, &$limitstart, &$limit));
// Prepare query variables:
$userGroupIds = explode('|*|', $row->usergroupids);
$orderBy = self::getSorting($listId, $userId, $random);
$filterBy = self::getFiltering($listId, $userId);
$columns = self::getColumns($listId, $userId);
// Grab all the fields the $user can access:
$tabs = new cbTabs(0, 1);
$fields = $tabs->_getTabFieldsDb(null, $user, 'list');
// Build the field SQL:
$tableReferences = array('#__comprofiler' => 'ue', '#__users' => 'u');
$searchableFields = array();
$fieldsSQL = cbUsersList::getFieldsSQL($columns, $fields, $tableReferences, $searchableFields, $params);
$_PLUGINS->trigger('onAfterUsersListFieldsSql', array(&$columns, &$fields, &$tableReferences));
// Build the internal joins and where statements best off list parameters:
$tablesSQL = array();
$joinsSQL = array();
$tablesWhereSQL = array();
if ($isModerator) {
if (!$params->get('list_show_blocked', 0)) {
$tablesWhereSQL['block'] = 'u.block = 0';
}
if (!$params->get('list_show_banned', 1)) {
$tablesWhereSQL['banned'] = 'ue.banned = 0';
}
if (!$params->get('list_show_unapproved', 0)) {
$tablesWhereSQL['approved'] = 'ue.approved = 1';
}
if (!$params->get('list_show_unconfirmed', 0)) {
$tablesWhereSQL['confirmed'] = 'ue.confirmed = 1';
}
} else {
$tablesWhereSQL = array('block' => 'u.block = 0', 'approved' => 'ue.approved = 1', 'confirmed' => 'ue.confirmed = 1', 'banned' => 'ue.banned = 0');
}
$joinsSQL[] = 'JOIN #__user_usergroup_map g ON g.`user_id` = u.`id`';
if ($userGroupIds) {
$tablesWhereSQL['gid'] = 'g.group_id IN ' . $_CB_database->safeArrayOfIntegers($userGroupIds);
}
foreach ($tableReferences as $table => $name) {
if ($name == 'u') {
$tablesSQL[] = $table . ' ' . $name;
} else {
$joinsSQL[] = 'JOIN ' . $table . ' ' . $name . ' ON ' . $name . '.`id` = u.`id`';
}
}
// Build the search criteria:
$searchValues = new stdClass();
$searchesFromFields = $tabs->applySearchableContents($searchableFields, $searchValues, $postData, $params->get('list_compare_types', 0));
$whereFields = $searchesFromFields->reduceSqlFormula($tableReferences, $joinsSQL, true);
if ($whereFields) {
$tablesWhereSQL[] = '(' . $whereFields . ')';
}
$_PLUGINS->trigger('onBeforeUsersListBuildQuery', array(&$tablesSQL, &$joinsSQL, &$tablesWhereSQL));
// Construct the FROM and WHERE for the userlist query:
$queryFrom = "FROM " . implode(', ', $tablesSQL) . (count($joinsSQL) ? "\n " . implode("\n ", $joinsSQL) : '') . "\n WHERE " . implode("\n AND ", $tablesWhereSQL) . " " . $filterBy;
$_PLUGINS->trigger('onBeforeUsersListQuery', array(&$queryFrom, 1, $listId));
// $ui = 1 (frontend)
$errorMsg = null;
// Checks if the list is being actively searched and it allows searching; otherwise reset back to normal:
$searchCount = count(get_object_vars($searchValues));
if ($params->get('list_search', 1) > 0 && $params->get('list_search_empty', 0) && !$searchCount) {
$searchMode = 1;
$listAll = false;
} else {
$listAll = $searchCount ? true : false;
}
if ($searchMode == 0 || $searchMode == 1 && $searchCount || $searchMode == 2) {
// Prepare the userlist count query for pagination:
$_CB_database->setQuery("SELECT COUNT( DISTINCT u.id ) " . $queryFrom);
$total = $_CB_database->loadResult();
if ($limit > $total || $limitstart >= $total) {
$limitstart = 0;
}
// Prepare the actual userlist query to build a list of users:
$query = "SELECT DISTINCT ue.*, u.*, '' AS 'NA' " . ($fieldsSQL ? ", " . $fieldsSQL . " " : '') . $queryFrom . " " . $orderBy;
$_CB_database->setQuery($query, (int) $limitstart, (int) $limit);
/** @var UserTable[] $users */
$users = $_CB_database->loadObjectList(null, '\\CB\\Database\\Table\\UserTable', array($_CB_database));
if (!$_CB_database->getErrorNum()) {
$profileLink = $params->get('allow_profilelink', 1);
// If users exist lets cache them and disable profile linking if necessary:
if ($users) {
foreach (array_keys($users) as $k) {
// Add this user to cache:
CBuser::setUserGetCBUserInstance($users[$k]);
if (!$profileLink) {
$users[$k]->set('_allowProfileLink', 0);
}
}
}
} else {
$errorMsg = CBTxt::T('UE_ERROR_IN_QUERY_TURN_SITE_DEBUG_ON_TO_VIEW', 'There is an error in the database query. Site admin can turn site debug to on to view and fix the query.');
}
if ($searchCount) {
$search = '';
} else {
$search = null;
}
if ($search === null && ($searchMode == 1 && $searchCount || $searchMode == 2)) {
$search = '';
}
} else {
$total = 0;
$users = array();
if ($search === null) {
$search = '';
}
}
$pageNav = new cbPageNav($total, $limitstart, $limit);
HTML_comprofiler::usersList($row, $users, $columns, $fields, $input, $search, $searchMode, $pageNav, $user, $searchableFields, $searchValues, $tabs, $errorMsg, $listAll, $random);
}
