function showUsers( $option, $task, $cid ) {
global $_CB_database, $_CB_framework, $_POST, $_PLUGINS, $_CB_TxtIntStore;
$this->_importNeeded();
$limit = (int) $_CB_framework->getCfg( 'list_limit' );
if ( $limit == 0 ) {
$limit = 10;
}
$filter_type = $_CB_framework->getUserStateFromRequest( "filter_type{$option}", 'filter_type', 0 );
$filter_status = $_CB_framework->getUserStateFromRequest( "filter_status{$option}", 'filter_status', 0 );
$filter_logged = intval( $_CB_framework->getUserStateFromRequest( "filter_logged{$option}", 'filter_logged', 0 ) );
$lastCBlist = $_CB_framework->getUserState( "view{$option}lastCBlist", null );
if( $lastCBlist == 'showusers' ) {
if ( $task == 'showusers' ) {
$limit = $_CB_framework->getUserStateFromRequest( "viewlistlimit", 'limit', $limit );
$limitstart = $_CB_framework->getUserStateFromRequest( "view{$option}limitstart", 'limitstart', 0 );
}
$lastSearch = $_CB_framework->getUserState( "search{$option}", null );
$search = $_CB_framework->getUserStateFromRequest( "search{$option}", 'search', '' );
if ( $lastSearch != $search ) {
$limitstart = 0;
$_CB_framework->setUserState( "view{$option}limitstart", $limitstart );
}
$search = stripslashes( trim( ( $_CB_TxtIntStore->_iso != 'UTF-8' ) ? strtolower( $search ) : ( is_callable( 'mb_convert_case' ) ? mb_convert_case( $search, MB_CASE_LOWER, "UTF-8") : utf8_encode(strtolower(utf8_decode( $search ) ) ) ) ) );
} else {
$filter_type = 0;
$filter_status = 0;
$filter_logged = 0;
clearSearchBox();
$search = '';
$limitstart = 0;
$_CB_framework->setUserState( "view{$option}limitstart", $limitstart );
$_CB_framework->setUserState( "view{$option}lastCBlist", "showusers" );
}
if ( $task !== 'showusers' ) {
if ( $task == 'ajaxemailusers' ) {
$limitstart = cbGetParam( $_POST, 'limitstart', 0 );
$limit = cbGetParam( $_POST, 'limit', 0 );
} else {
$limitstart = 0;
if ( $task == 'emailusers' ) {
$limit = 101; // so that first 100 users and more... is displayed.
} else {
$limit = cbGetParam( $_POST, 'limit', 0 );
}
}
}
$tablesSQL = array( 'u' => '#__users AS u' );
$joinsSQL = array( 'ue' => 'LEFT JOIN #__comprofiler AS ue ON u.id = ue.id' );
$tablesWhereSQL = array();
if ( isset( $search ) && ( $search != "") ) {
$tablesWhereSQL[] = "(u.username LIKE '%" . $_CB_database->getEscaped( $search, true ) . "%' OR u.email LIKE '%" . $_CB_database->getEscaped( $search, true ) . "%' OR u.name LIKE '%" . $_CB_database->getEscaped( $search, true ) . "%')";
}
if ( $filter_type ) {
if ( checkJversion() == 2 ) {
$tablesWhereSQL[] = "aro.group_id = " . (int) $filter_type;
} else {
if ( $filter_type == 'Public Frontend' ) {
$tablesWhereSQL[] = "(u.usertype = 'Registered' OR u.usertype = 'Author' OR u.usertype = 'Editor'OR u.usertype = 'Publisher')";
} else if ( $filter_type == 'Public Backend' ) {
$tablesWhereSQL[] = "( u.usertype = 'Manager' OR u.usertype = 'Administrator' OR u.usertype = 'Super Administrator' )";
} else {
$tablesWhereSQL[] = "u.usertype = " . $_CB_database->Quote( $filter_type );
}
}
}
$tBlocked = CBTxt::T('Blocked');
$tEnabled = CBTxt::T('Enabled');
$tUnconfirmed = CBTxt::T('Unconfirmed');
$tConfirmed = CBTxt::T('Confirmed');
$tUnapproved = CBTxt::T('Unapproved');
$tDisapproved = CBTxt::T('Disapproved');
$tApproved = CBTxt::T('Approved');
$tBanned = CBTxt::T('Banned');
$p = ' + ';
$userstates = array(
$tBlocked => 'u.block = 1',
$tEnabled => 'u.block = 0',
$tUnconfirmed => 'ue.confirmed = 0',
$tConfirmed => 'ue.confirmed = 1',
$tUnapproved => 'ue.approved = 0',
$tDisapproved => 'ue.approved = 2',
$tApproved => 'ue.approved = 1',
$tBanned => 'ue.banned <> 0',
$tBlocked . $p . $tUnconfirmed . $p . $tUnapproved => '(u.block = 1 AND ue.confirmed = 0 AND ue.approved = 0)',
$tEnabled . $p . $tUnconfirmed . $p . $tUnapproved => '(u.block = 0 AND ue.confirmed = 0 AND ue.approved = 0)',
$tBlocked . $p . $tConfirmed . $p . $tUnapproved => '(u.block = 1 AND ue.confirmed = 1 AND ue.approved = 0)',
$tEnabled . $p . $tConfirmed . $p . $tUnapproved => '(u.block = 0 AND ue.confirmed = 1 AND ue.approved = 0)',
$tBlocked . $p . $tUnconfirmed . $p . $tDisapproved => '(u.block = 1 AND ue.confirmed = 0 AND ue.approved = 2)',
$tEnabled . $p . $tUnconfirmed . $p . $tDisapproved => '(u.block = 0 AND ue.confirmed = 0 AND ue.approved = 2)',
$tBlocked . $p . $tConfirmed . $p . $tDisapproved => '(u.block = 1 AND ue.confirmed = 1 AND ue.approved = 2)',
$tEnabled . $p . $tConfirmed . $p . $tDisapproved => '(u.block = 0 AND ue.confirmed = 1 AND ue.approved = 2)',
$tBlocked . $p . $tUnconfirmed . $p . $tApproved => '(u.block = 1 AND ue.confirmed = 0 AND ue.approved = 1)',
$tEnabled . $p . $tUnconfirmed . $p . $tApproved => '(u.block = 0 AND ue.confirmed = 0 AND ue.approved = 1)',
$tBlocked . $p . $tConfirmed . $p . $tApproved => '(u.block = 1 AND ue.confirmed = 1 AND ue.approved = 1)',
$tEnabled . $p . $tConfirmed . $p . $tApproved => '(u.block = 0 AND ue.confirmed = 1 AND ue.approved = 1)',
CBTxt::T('Avatar not approved') => "(ue.avatar > '' AND ue.avatarapproved = 0)" );
if ( $filter_status ) {
$tablesWhereSQL[] = $userstates[$filter_status];
}
if ( $filter_logged == 1 ) {
$tablesWhereSQL[] = "s.userid = u.id";
} else if ($filter_logged == 2) {
$tablesWhereSQL[] = "s.userid IS NULL";
}
// exclude any child group id's for this user
//$_CB_framework->acl->_debug = true;
$pgids = $_CB_framework->acl->get_group_children( userGID( $_CB_framework->myId() ), 'ARO', 'RECURSE' );
if ( is_array( $pgids ) && (count( $pgids ) > 0 ) ) {
if ( checkJversion() == 2 ) {
$tablesWhereSQL[] = "( aro.group_id NOT IN ( " . implode( ',', $pgids ) . " ) )";
} else {
$tablesWhereSQL[] = "( u.gid NOT IN ( " . implode( ',', $pgids ) . " ) )";
}
}
// Filter the checkmarked users only:
if ( $task !== 'showusers' ) {
if ( is_array( $cid ) && ( count( $cid ) > 0 ) ) {
cbArrayToInts( $cid );
$tablesWhereSQL[] = "( u.id IN ( " . implode( ',', $cid ) . " ) )";
}
}
// Advanced searches:
$myCbUser =& CBuser::getInstance( $_CB_framework->myId() );
$myUser =& $myCbUser->getUserData();
$tabs = $myCbUser->_getCbTabs(); // new cbTabs( 0, 1 ); //TBD: later: this private method should not be called here, but the whole users-list should go into there and be called here.
$allFields = $tabs->_getTabFieldsDb( null, $myUser, 'adminfulllist' );
foreach ( $allFields as $k => $v ) {
if ( in_array( $v->type, array( 'pm', 'status', 'formatname', 'hidden', 'delimiter', 'userparams' ) ) ) {
unset( $allFields[$k] ); // delimiter, userparams do not have search for now!
}
}
$searchVals = new stdClass();
$list_compare_types = 1; // Advanced: all possibilities (WARNING: can be slow)
$tableReferences = array( '#__comprofiler' => 'ue', '#__users' => 'u' );
$searchesFromFields = $tabs->applySearchableContents( $allFields, $searchVals, $_POST, $list_compare_types );
$whereFields = $searchesFromFields->reduceSqlFormula( $tableReferences, $joinsSQL, TRUE );
if ( $whereFields ) {
$tablesWhereSQL[] = '(' . $whereFields . ')';
}
$searchTabContent = $tabs->getSearchablesContents( $allFields, $myUser, $searchVals, $list_compare_types );
if ($filter_logged == 1 || $filter_logged == 2) {
$joinsSQL[] .= "\n INNER JOIN #__session AS s ON s.userid = u.id";
// } else { done later, to avoid blocking site:
// $joinsSQL[] .= "\n LEFT JOIN #__session AS s ON s.userid = u.id";
}
if ( checkJversion() == 2 ) {
$joinsSQL[] = "INNER JOIN #__user_usergroup_map AS aro ON aro.user_id = u.id"; // map user to aro for selection (and display if no selection)
if ( $filter_type ) {
$joinsSQL[] = "LEFT JOIN #__user_usergroup_map AS arodisplay ON arodisplay.user_id = u.id"; // map user to aro for display of all groups
$joinsSQL[] = "INNER JOIN #__usergroups AS g ON g.id = arodisplay.group_id"; // map aro to group for display group name
} else {
$joinsSQL[] = "INNER JOIN #__usergroups AS g ON g.id = aro.group_id"; // map aro to group
}
}
$_PLUGINS->loadPluginGroup('user');
$_PLUGINS->trigger( 'onBeforeBackendUsersListBuildQuery', array( &$tablesSQL, &$joinsSQL, &$tablesWhereSQL, $option ) );
$queryFrom = "\n FROM " . implode( ', ', $tablesSQL )
. ( count( $joinsSQL ) ? "\n " . implode( "\n ", $joinsSQL ) : '' )
. ( count( $tablesWhereSQL ) ? "\n WHERE " . implode( ' AND ', $tablesWhereSQL ) : '' )
;
// Counting query:
$query = "SELECT COUNT(DISTINCT u.id)"
. $queryFrom
;
$_CB_database->setQuery( $query );
$total = $_CB_database->loadResult();
if ( $total === null ) {
echo $_CB_database->getErrorMsg();
}
if ( $total <= $limitstart ) {
$limitstart = 0;
}
cbimport( 'cb.pagination' );
$pageNav = new cbPageNav( $total, $limitstart, $limit );
if ( checkJversion() == 2 ) {
$grp_name = 'title';
} elseif ( checkJversion() == 1 ) {
$grp_name = 'name';
$joinsSQL[] = "INNER JOIN #__core_acl_aro AS aro ON aro.value = u.id"; // map user to aro
$joinsSQL[] = "INNER JOIN #__core_acl_groups_aro_map AS gm ON gm.aro_id = aro.id"; // map aro to group
$joinsSQL[] = "INNER JOIN #__core_acl_aro_groups AS g ON g.id = gm.group_id";
$tablesWhereSQL[] = "aro.section_value = 'users'";
} else {
$grp_name = 'name';
$joinsSQL[] = "INNER JOIN #__core_acl_aro AS aro ON aro.value = u.id"; // map user to aro
$joinsSQL[] = "INNER JOIN #__core_acl_groups_aro_map AS gm ON gm.aro_id = aro.aro_id"; // map aro to group
$joinsSQL[] = "INNER JOIN #__core_acl_aro_groups AS g ON g.group_id = gm.group_id";
$tablesWhereSQL[] = "aro.section_value = 'users'";
}
$queryFrom = "\n FROM " . implode( ', ', $tablesSQL )
. ( count( $joinsSQL ) ? "\n " . implode( "\n ", $joinsSQL ) : '' )
. ( count( $tablesWhereSQL ) ? "\n WHERE " . implode( ' AND ', $tablesWhereSQL ) : '' )
;
// Main query:
if ( checkJversion() == 2 ) {
$query = "SELECT u.*, GROUP_CONCAT( DISTINCT g.$grp_name ORDER BY g.$grp_name SEPARATOR ', ') AS groupname, ue.approved, ue.confirmed"
. $queryFrom
. ' GROUP BY u.id'
;
} else {
$query = "SELECT DISTINCT u.*, g.$grp_name AS groupname, ue.approved, ue.confirmed"
. $queryFrom
;
}
$_CB_database->setQuery( $query, (int) $pageNav->limitstart, (int) $pageNav->limit );
$rows = $_CB_database->loadObjectList( null, 'moscomprofilerUser', array( &$_CB_database ) );
if ($_CB_database->getErrorNum()) {
echo $_CB_database->stderr();
return false;
}
// creates the CBUsers in cache corresponding to the $users:
foreach ( array_keys( $rows ) as $k) {
// do not do this otherwise substitutions do not work:
// CBuser::setUserGetCBUserInstance( $rows[$k] );
}
$template = 'SELECT COUNT(s.userid) FROM #__session AS s WHERE s.userid = ';
$n = count( $rows );
for ( $i = 0; $i < $n; $i++ ) {
$row = &$rows[$i];
$query = $template . (int) $row->id;
$_CB_database->setQuery( $query );
$row->loggedin = $_CB_database->loadResult();
}
$select_tag_attribs = 'class="inputbox" size="1" onchange="document.adminForm.submit( );"';
$inputTextExtras = '';
if ( $task != 'showusers' ) {
$inputTextExtras = ' disabled="disabled"';
$select_tag_attribs .= $inputTextExtras;
}
// get list of Log Status for dropdown filter
$logged[] = moscomprofilerHTML::makeOption( 0, CBTxt::T('- Select Login State -'));
$logged[] = moscomprofilerHTML::makeOption( 1, CBTxt::T('Logged In'));
$lists['logged'] = moscomprofilerHTML::selectList( $logged, 'filter_logged', $select_tag_attribs, 'value', 'text', "$filter_logged", 2 );
// get list of Groups for dropdown filter
if ( checkJversion() == 2 ) {
$query = "SELECT id AS value, title AS text"
. "\n FROM #__usergroups";
} else {
$query = "SELECT name AS value, name AS text"
. "\n FROM #__core_acl_aro_groups"
. "\n WHERE name != 'ROOT'"
. "\n AND name != 'USERS'";
}
$types[] = moscomprofilerHTML::makeOption( '0', CBTxt::T('- Select Group -') );
$_CB_database->setQuery( $query );
$types = array_merge( $types, $_CB_database->loadObjectList() );
$lists['type'] = moscomprofilerHTML::selectList( $types, 'filter_type', $select_tag_attribs, 'value', 'text', "$filter_type", 2 );
$status[] = moscomprofilerHTML::makeOption( 0, CBTxt::T('- Select User Status -'));
foreach ( array_keys( $userstates ) as $k ) {
$status[] = moscomprofilerHTML::makeOption( $k, $k );
}
$lists['status'] = moscomprofilerHTML::selectList( $status, 'filter_status', $select_tag_attribs, 'value', 'text', "$filter_status", 2 );
$pluginAdditions = $_PLUGINS->trigger( 'onAfterBackendUsersList', array( 1, &$rows, &$pageNav, &$search, &$lists, $option, $select_tag_attribs ) );
$pluginColumns = array();
foreach ( $pluginAdditions as $addition ) {
if ( is_array( $addition ) ) {
$pluginColumns = array_merge( $pluginColumns, $addition );
}
}
if ( $task == 'showusers' ) {
$usersView = _CBloadView( 'users' );
$usersView->showUsers( $rows, $pageNav, $search, $option, $lists, $pluginColumns, $inputTextExtras, $searchTabContent );
} else {
$emailSubject = stripslashes( cbGetParam( $_POST, 'emailsubject', '' ) );
$emailBody = stripslashes( cbGetParam( $_POST, 'emailbody', '', _CB_ALLOWRAW | _CB_NOTRIM ) );
$emailsPerBatch = stripslashes( cbGetParam( $_POST, 'emailsperbatch', 50 ) );
$emailPause = stripslashes( cbGetParam( $_POST, 'emailpause', 30 ) );
$simulationMode = stripslashes( cbGetParam( $_POST, 'simulationmode', '' ) );
if ( count( $cid ) > 0 && count( $cid ) < $total ) {
$total = count( $cid );
}
if ( $task == 'emailusers' ) {
$pluginRows = $_PLUGINS->trigger( 'onBeforeBackendUsersEmailForm', array( &$rows, &$pageNav, &$search, &$lists, &$cid, &$emailSubject, &$emailBody, &$inputTextExtras, &$select_tag_attribs, $simulationMode, $option ) );
$usersView = _CBloadView( 'users' );
$usersView->emailUsers( $rows, $total, $search, $option, $lists, $cid, $inputTextExtras, $searchTabContent, $emailSubject, $emailBody, $emailsPerBatch, $emailPause, $simulationMode, $pluginRows );
} elseif ( $task == 'startemailusers' ) {
$pluginRows = $_PLUGINS->trigger( 'onBeforeBackendUsersEmailStart', array( &$rows, $total, $search, $lists, $cid, &$emailSubject, &$emailBody, &$inputTextExtras, $simulationMode, $option ) );
$usersView = _CBloadView( 'users' );
$usersView->startEmailUsers( $rows, $search, $option, $lists, $cid, $inputTextExtras, $searchTabContent, $emailSubject, $emailBody, $emailsPerBatch, $emailPause, $total, $simulationMode, $pluginRows );
} elseif ( $task == 'ajaxemailusers' ) {
$this->_cbadmin_emailUsers( $rows, $emailSubject, $emailBody, $limitstart, $limit, $total, $simulationMode );
}
}
return true;
}
function reportUser($option,$form=1,$uid=0) {
global $_CB_framework, $_CB_database, $ueConfig, $Itemid, $_POST;
if($ueConfig['allowUserReports']==0) {
echo _UE_FUNCTIONALITY_DISABLED;
exit();
}
if (!allowAccess( $ueConfig['allow_profileviewbyGID'],'RECURSE', userGID( $_CB_framework->myId() ))) {
echo _UE_NOT_AUTHORIZED;
return;
}
if($form==1) {
HTML_comprofiler::reportUserForm($option,$uid);
} else {
// simple spoof check security
cbSpoofCheck( 'reportUserForm' );
$row = new moscomprofilerUserReport( $_CB_database );
if (!$row->bind( $_POST )) {
cbRedirect( cbSef("index.php?option=$option&task=reportUser".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $row->getError(), 'error' );
return;
}
_cbMakeHtmlSafe($row); //TBD: remove this: not urgent but isn't right
$row->reportedondate = date("Y-m-d H:i:s");
if (!$row->check()) {
cbRedirect( cbSef("index.php?option=$option&task=reportUser".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $row->getError(), 'error' );
return;
}
if (!$row->store()) {
cbRedirect( cbSef("index.php?option=$option&task=reportUser".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $row->getError(), 'error' );
return;
}
if($ueConfig['moderatorEmail']==1) {
$cbNotification = new cbNotification();
$cbNotification->sendToModerators(_UE_USERREPORT_SUB,_UE_USERREPORT_MSG);
}
echo _UE_USERREPORT_SUCCESSFUL;
}
}
function saveTab( $option ) {
global $_CB_database, $_CB_framework, $_POST;
$this->_importNeeded();
$this->_importNeededSave();
if ( isset( $_POST['params'] ) ) {
$_POST['params'] = cbParamsEditorController::getRawParamsMagicgpcEscaped( $_POST['params'] );
} else {
$_POST['params'] = '';
}
if ( ! isset( $_POST['tabid'] ) || ( count( $_POST ) == 0 ) ) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Missing post values') ) . "'); window.history.go(-2); </script>\n";
exit();
}
if ( $_POST['tabid'] ) {
$oldrow = new moscomprofilerTabs( $_CB_database );
if ( $oldrow->load( (int) $_POST['tabid'] )
&& ( ! in_array( $oldrow->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) ) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) . "'); window.history.go(-1);</script>\n";
exit;
}
}
$row = new moscomprofilerTabs( $_CB_database );
if (!$row->bind( $_POST )) {
echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-1); </script>\n";
exit();
}
if ( ! $row->ordering_register ) {
$row->ordering_register = 10;
}
$row->description = cleanEditorsTranslationJunk( trim( $row->description ) );
if (!$row->check()) {
echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n";
exit();
}
$row->tabid = (int) cbGetParam( $_POST, 'tabid', 0 );
if ( ! $row->store() ) {
echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n";
exit();
}
$row->checkin();
cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showTab" ), CBTxt::T('Successfully Saved Tab') . ": ". $row->title );
}
function saveUser( $option ) {
global $_CB_framework, $_CB_database, $_POST, $_PLUGINS;
$this->_importNeeded();
$this->_importNeededSave();
if ( ! ( isset( $_POST['approved'] ) && isset( $_POST['confirmed'] ) && isset( $_POST['username'] ) ) ) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Not Authorized') ) ."'); window.history.go(-1);</script>\n";
exit;
}
// Check rights to access:
$myGid = userGID( $_CB_framework->myId() );
$userIdPosted = (int) cbGetParam($_POST, "id", 0 );
if ( $userIdPosted == 0 ) {
$_POST['id'] = null;
}
$adminGroups = $_CB_framework->acl->mapGroupNamesToValues( array( 'Administrator', 'Superadministrator' ) );
if ( $userIdPosted != 0 ) {
$msg = checkCBpermissions( array( $userIdPosted ), 'save', in_array( $myGid, $adminGroups ) );
} else {
$msg = checkCBpermissions( null, 'save', in_array( $myGid, $adminGroups ) );
}
if ($msg) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( $msg ) . "'); window.history.go(-1);</script>\n";
exit;
}
$_PLUGINS->loadPluginGroup('user');
// Get current user state:
$userComplete = new moscomprofilerUser( $_CB_database );
if ( $userIdPosted != 0 ) {
if ( ! $userComplete->load( (int) $userIdPosted ) ) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( _UE_USER_PROFILE_NOT ) . "'); window.history.go(-1);</script>\n";
return;
}
}
// Store new user state:
$saveResult = $userComplete->saveSafely( $_POST, $_CB_framework->getUi(), 'edit' );
if ( ! $saveResult ) {
$regErrorMSG = $userComplete->getError();
$msg = checkCBpermissions( array( $userComplete->id ), "edit", true );
if ($msg) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( $msg ) ."'); window.history.go(-1);</script>\n";
exit;
}
echo "<script type=\"text/javascript\">alert('" . str_replace( '\\\\n', '\\n', addslashes( strip_tags( str_replace( '<br />', '\\n', $regErrorMSG ) ) ) ) . "'); </script>\n";
global $_CB_Backend_task;
$_CB_Backend_task = 'edit'; // so the toolbar comes up...
$_PLUGINS->loadPluginGroup( 'user' ); // resets plugin errors
$usersView = _CBloadView( 'user' );
$usersView->edituser( $userComplete, $option, ( $userComplete->user_id != null ? '0' : '1' ), $_POST );
// echo "<script type=\"text/javascript\">alert('" . addslashes( str_replace( '<br />', '\n', $userComplete->getError() ) ) . "'); window.history.go(-1);</script>\n";
return;
}
// Checks-in the row:
$userComplete->checkin();
cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showusers" ), sprintf(CBTxt::T('Successfully Saved User: %s'), $userComplete->username) );
}
function drawUsersList( $uid, $listid, $searchFormValuesRAW ) {
global $_CB_database, $_CB_framework, $ueConfig, $Itemid, $_PLUGINS;
$search = null;
$searchGET = cbGetParam( $searchFormValuesRAW, 'search' );
$limitstart = (int) cbGetParam( $searchFormValuesRAW, 'limitstart', 0 );
$searchmode = (int) cbGetParam( $searchFormValuesRAW, 'searchmode', 0 );
$randomParam = (int) cbGetParam( $searchFormValuesRAW, 'rand', 0 );
// old search on formated name:
/* if ( $searchPOST || count( $_POST ) ) {
// simple spoof check security
cbSpoofCheck( 'usersList' );
if ( cbGetParam( $searchFormValuesRAW, "action" ) == "search" ) {
$search = $searchPOST;
}
} else
if ( isset( $searchFormValuesRAW['limitstart'] ) ) {
$search = stripslashes( $searchGET );
}
*/
// get my user and gets the list of user lists he is allowed to see (ACL):
$myCbUser =& CBuser::getInstance( $uid );
if ( $myCbUser === null ) {
$myCbUser =& CBuser::getInstance( null );
}
$myUser =& $myCbUser->getUserData();
/*
$myUser = new moscomprofilerUser( $_CB_database );
if ( $uid ) {
$myUser->load( (int) $uid );
}
*/
$useraccessgroupSQL = " AND useraccessgroupid IN (".implode(',',getChildGIDS(userGID($uid))).")";
$_CB_database->setQuery( "SELECT listid, title FROM #__comprofiler_lists WHERE published=1" . $useraccessgroupSQL . " ORDER BY ordering" );
$plists = $_CB_database->loadObjectList();
$lists = array();
$publishedlists = array();
for ( $i=0, $n=count( $plists ); $i < $n; $i++ ) {
$plist =& $plists[$i];
$listTitleNoHtml = strip_tags( cbReplaceVars( getLangDefinition( $plist->title ), $myUser, false, false ) );
$publishedlists[] = moscomprofilerHTML::makeOption( $plist->listid, $listTitleNoHtml );
}
// select either list selected or default list to which he has access (ACL):
if ( $listid == 0 ) {
$_CB_database->setQuery( "SELECT listid FROM #__comprofiler_lists "
. "\n WHERE `default`=1 AND published=1" . $useraccessgroupSQL );
$listid = (int) $_CB_database->loadresult();
if ( $listid == 0 && ( count( $plists ) > 0 ) ) {
$listid = (int) $plists[0]->listid;
}
}
if ( ! ( $listid > 0 ) ) {
echo _UE_NOLISTFOUND;
return;
}
// generates the drop-down list of lists:
if ( count( $plists ) > 1 ) {
$lists['plists'] = moscomprofilerHTML::selectList( $publishedlists, 'listid', 'class="inputbox" size="1" onchange="this.form.submit();"', 'value', 'text', $listid, 1 );
}
// loads the list record:
$row = new moscomprofilerLists( $_CB_database );
if ( ( ! $row->load( (int) $listid ) ) || ( $row->published != 1 ) ) {
echo _UE_LIST_DOES_NOT_EXIST;
return;
}
if ( ! allowAccess( $row->useraccessgroupid,'RECURSE', userGID($uid) ) ) {
echo _UE_NOT_AUTHORIZED;
return;
}
$params = new cbParamsBase( $row->params );
$hotlink_protection = $params->get( 'hotlink_protection', 0 );
if ( $hotlink_protection == 1 ) {
if ( ( $searchGET !== null ) || $limitstart ) {
cbSpoofCheck( 'usersList', 'GET' );
}
}
$limit = (int) $params->get( 'list_limit' );
if ( $limit == 0 ) {
$limit = (int) $ueConfig['num_per_page'];
}
$showPaging = $params->get( 'list_paging', 1 );
if ( $showPaging != 1 ) {
$limitstart = 0;
}
$isModerator = isModerator( $_CB_framework->myId() );
$_PLUGINS->loadPluginGroup( 'user' );
// $plugSearchFieldsArray = $_PLUGINS->trigger( 'onStartUsersList', array( &$listid, &$row, &$search, &$limitstart, &$limit ) );
$_PLUGINS->trigger( 'onStartUsersList', array( &$listid, &$row, &$search, &$limitstart, &$limit ) );
// handles the users allowed to be listed in the list by ACL:
$allusergids = array();
$usergids = explode( ',', $row->usergroupids );
/* This was a bug tending to list admins when "public backend" was checked, and all frontend users when "public backend was checked. Now just ignore them:
foreach( $usergids AS $usergid ) {
$allusergids[] = $usergid;
if ($usergid==29 || $usergid==30) {
$groupchildren = array();
$groupchildren = $_CB_framework->acl->get_group_children( $usergid, 'ARO','RECURSE' );
$allusergids = array_merge($allusergids,$groupchildren);
}
}
*/
$allusergids = array_diff( $usergids, array( 29, 30 ) );
$usergids = implode( ",", $allusergids );
// build SQL Select query:
$random = 0;
if( $row->sortfields != '' ) {
$matches = null;
if ( preg_match( '/^RAND\(\)\s(ASC|DESC)$/', $row->sortfields, $matches ) ) {
// random sorting needs to have same seed on pages > 1 to not have probability to show same users:
if ( $limitstart ) {
$random = (int) $randomParam;
}
if ( ! $random ) {
$random = rand( 0, 32767 );
}
$row->sortfields = 'RAND(' . (int) $random . ') ' . $matches[1];
}
$orderby = "\n ORDER BY " . $row->sortfields;
}
$filterby = '';
if ( $row->filterfields != '' ) {
$filterRules = utf8RawUrlDecode( substr( $row->filterfields, 1 ) );
if ( $_CB_framework->myId() ) {
$user = new moscomprofilerUser( $_CB_database );
if ( $user->load( (int) $_CB_framework->myId() ) ) {
$filterRules = cbReplaceVars( $filterRules, $user, array( $_CB_database, 'getEscaped' ), false, array() );
}
}
$filterby = " AND ". $filterRules;
}
// Prepare part after SELECT .... " and before "FROM" :
$tableReferences = array( '#__comprofiler' => 'ue', '#__users' => 'u' );
// Fetch all fields:
$tabs = $myCbUser->_getCbTabs(); // new cbTabs( 0, 1 ); //TBD: later: this private method should not be called here, but the whole users-list should go into there and be called here.
$allFields = $tabs->_getTabFieldsDb( null, $myUser, 'list' );
// $_CB_database->setQuery( "SELECT * FROM #__comprofiler_fields WHERE published = 1" );
// $allFields = $_CB_database->loadObjectList( 'fieldid', 'moscomprofilerFields', array( &$_CB_database ) );
//Make columns array. This array will later be constructed from the tabs table:
$columns = array();
for ( $i = 1; $i < 50; ++$i ) {
$enabledVar = "col".$i."enabled";
if ( ! isset( $row->$enabledVar ) ) {
break;
}
$titleVar = "col".$i."title";
$fieldsVar = "col".$i."fields";
$captionsVar = "col".$i."captions";
if ( $row->$enabledVar == 1 ) {
$col = new stdClass();
$col->fields = ( $row->$fieldsVar ? explode( '|*|', $row->$fieldsVar ) : array() );
$col->title = $row->$titleVar;
$col->titleRendered = $myCbUser->replaceUserVars( $col->title );
$col->captions = $row->$captionsVar;
// $col->sort = 1; //All columns can be sorted
$columns[$i] = $col;
}
}
// build fields and tables accesses, also check for searchable fields:
$searchableFields = array();
$fieldsSQL = cbUsersList::getFieldsSQL( $columns, $allFields, $tableReferences, $searchableFields, $params );
$_PLUGINS->trigger( 'onAfterUsersListFieldsSql', array( &$columns, &$allFields, &$tableReferences ) );
$tablesSQL = array();
$joinsSQL = array();
$tablesWhereSQL = array( 'block' => 'u.block = 0',
'approved' => 'ue.approved = 1',
'confirmed' => 'ue.confirmed = 1'
);
if ( checkJversion() == 2 ) {
$joinsSQL[] = 'JOIN #__user_usergroup_map g ON g.`user_id` = u.`id`';
}
if ( ! $isModerator ) {
$tablesWhereSQL['banned'] = 'ue.banned = 0';
}
if ( $usergids ) {
if ( checkJversion() == 2 ) {
$tablesWhereSQL['gid'] = 'g.group_id IN (' . $usergids . ')';
} else {
$tablesWhereSQL['gid'] = 'u.gid IN (' . $usergids . ')';
}
}
foreach ( $tableReferences as $table => $name ) {
$tablesSQL[] = $table . ' ' . $name;
if ( $name != 'u' ) {
$tablesWhereSQL[] = "u.`id` = " . $name . ".`id`";
}
}
// handles search criterias:
$list_compare_types = $params->get( 'list_compare_types', 0 );
$searchVals = new stdClass();
$searchesFromFields = $tabs->applySearchableContents( $searchableFields, $searchVals, $searchFormValuesRAW, $list_compare_types );
$whereFields = $searchesFromFields->reduceSqlFormula( $tableReferences, $joinsSQL, TRUE );
if ( $whereFields ) {
$tablesWhereSQL[] = '(' . $whereFields . ')';
/*
if ( $search === null ) {
$search = '';
}
*/
}
$_PLUGINS->trigger( 'onBeforeUsersListBuildQuery', array( &$tablesSQL, &$joinsSQL, &$tablesWhereSQL ) );
$queryFrom = "FROM " . implode( ', ', $tablesSQL )
. ( count( $joinsSQL ) ? "\n " . implode( "\n ", $joinsSQL ) : '' )
. "\n WHERE " . implode( "\n AND ", $tablesWhereSQL );
// handles old formatted names search:
/*
if ( $search != '' ) {
$searchSQL = cbEscapeSQLsearch( strtolower( $_CB_database->getEscaped( $search ) ) );
$queryFrom .= " AND (";
$searchFields = array();
if ( $ueConfig['name_format']!='3' ) {
$searchFields[] = "u.name LIKE '%%s%'";
}
if ( $ueConfig['name_format']!='1' ) {
$searchFields[] = "u.username LIKE '%%s%'";
}
if ( is_array( $plugSearchFieldsArray ) ) {
foreach ( $plugSearchFieldsArray as $v ) {
if ( is_array( $v ) ) {
$searchFields = array_merge( $searchFields, $v );
}
}
}
$queryFrom .= str_replace( '%s', $searchSQL, implode( " OR ", $searchFields ) );
$queryFrom .= ")";
}
*/
$queryFrom .= " " . $filterby;
$_PLUGINS->trigger( 'onBeforeUsersListQuery', array( &$queryFrom, 1, $listid ) ); // $uid = 1
$errorMsg = null;
// counts number of users and loads the listed fields of the users if not in search-form-only mode:
if ( $searchmode == 0 ) {
if ( checkJversion() == 2 ) {
$_CB_database->setQuery( "SELECT COUNT(DISTINCT u.id) " . $queryFrom );
} else {
$_CB_database->setQuery( "SELECT COUNT(*) " . $queryFrom );
}
$total = $_CB_database->loadResult();
if ( ( $limit > $total ) || ( $limitstart >= $total ) ) {
$limitstart = 0;
}
// $query = "SELECT u.id, ue.banned, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby
if ( checkJversion() == 2 ) {
$query = "SELECT DISTINCT ue.*, u.*, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby;
} else {
$query = "SELECT ue.*, u.*, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby;
}
$_CB_database->setQuery( $query, (int) $limitstart, (int) $limit );
$users = $_CB_database->loadObjectList( null, 'moscomprofilerUser', array( &$_CB_database ) );
if ( ! $_CB_database->getErrorNum() ) {
// creates the CBUsers in cache corresponding to the $users:
foreach ( array_keys( $users ) as $k) {
CBuser::setUserGetCBUserInstance( $users[$k] );
}
} else {
$users = array();
$errorMsg = _UE_ERROR_IN_QUERY_TURN_SITE_DEBUG_ON_TO_VIEW;
}
if ( count( get_object_vars( $searchVals ) ) > 0 ) {
$search = '';
} else {
$search = null;
}
} else {
$total = null;
$users = array();
if ( $search === null ) {
$search = '';
}
}
// Compute itemId of users in users-list:
if ( $Itemid ) {
$option_itemid = (int) $Itemid;
} else {
$option_itemid = getCBprofileItemid( 0 );
}
HTML_comprofiler::usersList( $row, $users, $columns, $allFields, $lists, $listid, $search, $searchmode, $option_itemid, $limitstart, $limit, $total, $myUser, $searchableFields, $searchVals, $tabs, $list_compare_types, $showPaging, $hotlink_protection, $errorMsg, $random );
}
function orderTabs( $tid, $inc, $option ) {
global $_CB_database, $_CB_framework;
$row = new moscomprofilerTabs( $_CB_database );
$row->load( (int) $tid );
if ( ! in_array( $row->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) . "'); window.history.go(-1);</script>\n";
exit;
}
$row->move( $inc, "position='$row->position' AND ordering > -10000 AND ordering < 10000 " );
cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showTab" ) );
}
/**
* Returns a USERPARAMS field in specified format
*
* @param moscomprofilerFields $field
* @param moscomprofilerUser $user
* @param string $output 'html', 'xml', 'json', 'php', 'csvheader', 'csv', 'rss', 'fieldslist', 'htmledit'
* @param string $formatting 'table', 'td', 'span', 'div', 'none'
* @param string $reason 'profile' for user profile view, 'edit' for profile edit, 'register' for registration, 'list' for user-lists
* @param int $list_compare_types IF reason == 'search' : 0 : simple 'is' search, 1 : advanced search with modes, 2 : simple 'any' search
* @return mixed
*/
function getFieldRow( &$field, &$user, $output, $formatting, $reason, $list_compare_types ) {
global $_CB_framework, $_CB_database, $ueConfig;
$results = null;
if ( class_exists( 'JFactory' ) ) { // Joomla 1.5 :
$lang =& JFactory::getLanguage();
$lang->load( 'com_users' );
}
$pseudoFields = array();
//Implementing Joomla's new user parameters such as editor
$ui = $_CB_framework->getUi();
$userParams = $this->_getUserParams( $ui, $user );
if ( is_array( $userParams ) && ( count( $userParams ) > 0 )
&& ( ( $ui == 2 ) || ( ( isset( $ueConfig['frontend_userparams'] ) ) ? ( $ueConfig['frontend_userparams'] == 1 ) : in_array( $_CB_framework->getCfg( "frontend_userparams" ), array( '1', null) ) ) ) )
{
//Loop through each parameter and prepare rendering appropriately.
foreach ( $userParams AS $k => $userParam ) {
$paramField = new moscomprofilerFields( $_CB_database );
$paramField->title = $userParam[0];
$paramField->_html = $userParam[1];
$paramField->description = ( isset( $userParam[2] ) && class_exists("JText") ? JText::_( $userParam[2] ) : null );
$paramField->name = ( isset( $userParam[3] ) && class_exists("JText") ? JText::_( $userParam[3] ) : null ); // very probably wrong!
$paramField->fieldid = 'userparam_' . $k;
$paramField->displaytitle = substr( $userParam[0], 0, 6 ) == '<label' ? -1 : 1; // don't redisplay <label for> markup
$paramField->type = 'param'; // this is for cb_ftparam class to be correct.
$pseudoFields[] = $paramField;
}
}
if( $_CB_framework->getUi() == 2 ) {
$myGid = userGID( $_CB_framework->myId() );
$cms_mod = $_CB_framework->acl->mapGroupNamesToValues( 'Administrator' );
$cms_admin = $_CB_framework->acl->mapGroupNamesToValues( 'Superadministrator' );
if ( checkJversion() == 2 ) {
$cms_admin_title = 'Super Users';
} else {
$cms_admin_title = 'Super Administrator';
}
$canBlockUser = $_CB_framework->check_acl( 'canBlockUsers', $_CB_framework->myUserType() );
$canEmailEvents = ( ( $user->id == 0 ) && ( in_array( $myGid, array( $cms_mod, $cms_admin ) ) ) )
|| $_CB_framework->check_acl( 'canReceiveAdminEmails', $_CB_framework->acl->get_group_name( $user->gid, 'ARO' ) )
|| in_array( $user->gid, getParentGIDS( $ueConfig['imageApproverGid'] ) ); // allow also CB isModerator
$lists = array();
$user_group = strtolower( $_CB_framework->acl->get_group_name( $user->gid, 'ARO' ) );
if (( $user_group == strtolower( $cms_admin_title ) && $myGid != $cms_admin) || ( $user->id == $_CB_framework->myId() && $myGid == $cms_admin)) {
$lists['gid'] = "<input type=\"hidden\" name=\"gid\" value=\"$user->gid\" /><strong>$cms_admin_title</strong>";
} else if ( $myGid == $cms_mod && $user->gid == $cms_mod ) {
$lists['gid'] = "<input type=\"hidden\" name=\"gid\" value=\"$user->gid\" /><strong>Administrator</strong>";
} else {
// ensure user can't add group higher than themselves
if ( checkJversion() <= 0 ) {
$my_groups = $_CB_framework->acl->get_object_groups( 'users', $_CB_framework->myId(), 'ARO' );
} else {
$aro_id = $_CB_framework->acl->get_object_id( 'users', $_CB_framework->myId(), 'ARO' );
$my_groups = $_CB_framework->acl->get_object_groups( $aro_id, 'ARO' );
}
if ( is_array( $my_groups ) && ( count( $my_groups ) > 0 ) ) {
$ex_groups = $_CB_framework->acl->get_group_children( $my_groups[0], 'ARO', 'RECURSE' );
if ( $ex_groups === null ) {
$ex_groups = array(); // mambo fix
}
} else {
$ex_groups = array();
}
$gtree = $_CB_framework->acl->get_group_children_tree( null, 'USERS', false );
// remove users 'above' me
$i = 0;
while ( $i < count( $gtree ) ) {
if ( in_array( $gtree[$i]->value, $ex_groups ) ) {
array_splice( $gtree, $i, 1 );
} else {
$i++;
}
}
if ( checkJversion() == 2 ) {
$lists['gid'] = moscomprofilerHTML::selectList( $gtree, 'gid[]', 'class="inputbox" size="11" multiple="multiple"', 'value', 'text', $user->gids, 2, false );
} else {
$lists['gid'] = moscomprofilerHTML::selectList( $gtree, 'gid', 'class="inputbox" size="11"', 'value', 'text', $user->gid, 2, false );
}
}
// build the html select list
$lists['block'] = moscomprofilerHTML::yesnoSelectList( 'block', 'class="inputbox" size="1"', $user->block );
$list_approved = array();
$list_approved[] = moscomprofilerHTML::makeOption( '0', CBTxt::T( 'Unapproved' ) );
$list_approved[] = moscomprofilerHTML::makeOption( '1', CBTxt::T( 'Approved' ) );
$list_approved[] = moscomprofilerHTML::makeOption( '2', CBTxt::T( 'Disapproved' ) );
$lists['approved'] = moscomprofilerHTML::selectList( $list_approved, 'approved', 'class="inputbox" size="1"', 'value', 'text', $user->approved, 2, false );
$lists['confirmed'] = moscomprofilerHTML::yesnoSelectList( 'confirmed', 'class="inputbox" size="1"', $user->confirmed );
// build the html select list
$lists['sendEmail'] = moscomprofilerHTML::yesnoSelectList( 'sendEmail', 'class="inputbox" size="1"', $user->sendEmail );
$paramField = new moscomprofilerFields( $_CB_database );
$paramField->title = CBTxt::T( 'Group' );
$paramField->_html = $lists['gid'];
$paramField->description = '';
$paramField->name = 'gid';
$pseudoFields[] = $paramField;
if ( $canBlockUser ) {
$paramField = new moscomprofilerFields( $_CB_database );
$paramField->title = CBTxt::T( 'Block User' );
$paramField->_html = $lists['block'];
$paramField->description = '';
$paramField->name = 'block';
$pseudoFields[] = $paramField;
$paramField = new moscomprofilerFields( $_CB_database );
$paramField->title = CBTxt::T( 'Approve User' );
$paramField->_html = $lists['approved'];
$paramField->description = '';
$paramField->name = 'approved';
$pseudoFields[] = $paramField;
$paramField = new moscomprofilerFields( $_CB_database );
$paramField->title = CBTxt::T( 'Confirm User' );
$paramField->_html = $lists['confirmed'];
$paramField->description = '';
$paramField->name = 'confirmed';
$pseudoFields[] = $paramField;
}
$paramField = new moscomprofilerFields( $_CB_database );
$paramField->title = CBTxt::T( 'Receive Moderator Emails' );
if ($canEmailEvents || $user->sendEmail) {
$paramField->_html = $lists['sendEmail'];
} else {
$paramField->_html = CBTxt::T('No (User\'s group-level doesn\'t allow this)')
. '<input type="hidden" name="sendEmail" value="0" />';
}
$paramField->description = '';
$paramField->name = 'sendEmail';
$pseudoFields[] = $paramField;
if( $user->id) {
$paramField = new moscomprofilerFields( $_CB_database );
$paramField->title = CBTxt::T( 'Register Date' );
$paramField->_html = cbFormatDate( $user->registerDate );
$paramField->description = '';
$paramField->name = 'registerDate';
$pseudoFields[] = $paramField;
$paramField = new moscomprofilerFields( $_CB_database );
$paramField->title = CBTxt::T( 'Last Visit Date' );
$paramField->_html = cbFormatDate( $user->lastvisitDate );
$paramField->description = '';
$paramField->name = 'lastvisitDate';
$pseudoFields[] = $paramField;
}
}
switch ( $output ) {
case 'htmledit':
foreach ( $pseudoFields as $paramField ) {
$paramField->required = $this->_isRequired( $field, $user, $reason );
$paramField->profile = $field->profile;
$results .= parent::getFieldRow( $paramField, $user, $output, $formatting, $reason, $list_compare_types );
}
unset( $pseudoFields );
return $results;
break;
default:
return null;
break;
}
}
function saveField( $option, $task ) {
global $_CB_database, $_CB_framework, $_POST, $_PLUGINS;
if ( ( $task == 'showField' ) || ! ( isset( $_POST['oldtabid'] ) && isset( $_POST['tabid'] ) && isset( $_POST['fieldid'] ) ) ) {
cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=$task" ) );
return;
}
$this->_importNeeded();
$this->_importNeededSave();
$fid = (int) $_POST['fieldid'];
$row = new moscomprofilerFields( $_CB_database );
if ( $fid ) {
// load the row from the db table
if ( ! $row->load( (int) $fid ) ) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Innexistant field') ) . "'); window.history.go(-1);</script>\n";
exit;
}
$fieldTab = new moscomprofilerTabs( $_CB_database );
// load the row from the db table
$fieldTab->load( (int) $row->tabid );
if ( ! in_array( $fieldTab->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) ."'); window.history.go(-1);</script>\n";
exit;
}
}
$_PLUGINS->loadPluginGroup( 'user' );
if ( ! $this->_prov_bind_CB_field( $row, $fid ) ) {
echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit();
}
// in case the above changed perms.... really ?
$fieldTab = new moscomprofilerTabs( $_CB_database );
$fieldTab->load( (int) $row->tabid );
if ( ! in_array( $fieldTab->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) . "'); window.history.go(-1);</script>\n";
exit;
}
if ($row->type == 'webaddress') {
$row->rows = $_POST['webaddresstypes'];
if ( !(($row->rows == 0) || ($row->rows == 2)) ) {
$row->rows = 0;
}
}
if ( $_POST['oldtabid'] != $_POST['tabid'] ) {
if ( $_POST['oldtabid'] !== '' ) {
//Re-order old tab
$sql = "UPDATE #__comprofiler_fields SET ordering = ordering-1 WHERE ordering > ".(int) $_POST['ordering']." AND tabid = ".(int) $_POST['oldtabid'];
$_CB_database->setQuery($sql);
$_CB_database->query();
}
//Select Last Order in New Tab
$sql = "SELECT MAX(ordering) FROM #__comprofiler_fields WHERE tabid=".(int) $_POST['tabid'];
$_CB_database->SetQuery($sql);
$max = $_CB_database->LoadResult();
$row->ordering = max( $max + 1, 1 );
}
if ( cbStartOfStringMatch( $row->name, 'cb_' ) ) {
$row->name = str_replace(" ", "", strtolower($row->name));
}
if ( ! $row->check() ) {
echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n";
exit();
}
if ( ! $row->store( (int) $fid ) ) {
echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n";
exit();
}
$fieldNames = $_POST['vNames'];
$j = 1;
if( $row->fieldid > 0 ) {
$_CB_database->setQuery( "DELETE FROM #__comprofiler_field_values"
. " WHERE fieldid = " . (int) $row->fieldid );
if( $_CB_database->query() === false ) {
echo $_CB_database->getErrorMsg();
}
} else {
$_CB_database->setQuery( "SELECT MAX(fieldid) FROM #__comprofiler_fields");
$maxID = $_CB_database->loadResult();
$row->fieldid = $maxID;
echo $_CB_database->getErrorMsg();
}
//for($i=0, $n=count( $fieldNames ); $i < $n; $i++) {
foreach ($fieldNames as $fieldName) {
if(trim($fieldName)!=null || trim($fieldName)!='') {
$_CB_database->setQuery( "INSERT INTO #__comprofiler_field_values (fieldid,fieldtitle,ordering)"
. " VALUES( " . (int) $row->fieldid . ",'".cbGetEscaped(trim($fieldName))."', " . (int) $j . ")"
);
if ( $_CB_database->query() === false ) {
echo $_CB_database->getErrorMsg();
}
$j++;
}
}
switch ( $task ) {
case 'applyField':
$msg = CBTxt::T('Successfully Saved changes to Field') . ': '. $row->name;
cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=editField&cid=$row->fieldid" ), $msg );
break;
case 'saveField':
default:
$msg = CBTxt::T('Successfully Saved Field') . ': '. $row->name;
cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showField" ), $msg );
break;
}
}
/**
* Saves a new or existing CB+CMS user
* WARNINGS:
* - You must verify authorization of user to perform this (user checkCBpermissions() )
* - You must $this->load() existing user first
*
* @param array $array Raw unfiltered input, typically $_POST
* @param int $ui 1 = Front-end (limitted rights), 2 = Backend (almost unlimitted), 0 = automated (full)
* @param string $reason 'edit' or 'register'
* @return boolean
*/
function saveSafely( &$array, $ui, $reason ) {
global $_CB_framework, $_CB_database, $ueConfig, $_PLUGINS;
// Get current user state and store it into $oldUserComplete:
$oldUserComplete = new moscomprofilerUser( $this->_db );
foreach ( array_keys( get_object_vars( $this ) ) as $k ) {
if( substr( $k, 0, 1 ) != '_' ) { // ignore internal vars
$oldUserComplete->$k = $this->$k;
}
}
// 1) Process and validate the fields in form by CB field plugins:
// 2) Bind the fields to CMS User:
$bindResults = $this->bindSafely( $array, $ui, $reason, $oldUserComplete );
if ( $bindResults ) {
// During bindSafely, in saveTabContents, the validations have already taken place, for mandatory fields.
if ( ( $this->name == '' ) && ( $this->username == '' ) && ( $this->email != '' ) ) {
$this->username = $this->email;
$this->_cmsUser->username = $this->username;
}
// Checks that name is set. If not, uses the username as name, as Mambo/Joola mosUser::store() uses name for ACL
// and ACL bugs with no name.
if ( $this->name == '' ) {
$this->name = $this->username;
$this->_cmsUser->name = $this->name;
} elseif ( $this->username == '' ) {
$this->username = $this->name;
$this->_cmsUser->username = $this->username;
}
if ( ! $this->checkSafely() ) {
$bindResults = false;
}
}
// For new registrations or backend user creations, set registration date and password if neeeded:
$isNew = ( ! $this->id );
$newCBuser = ( $oldUserComplete->user_id == null );
if ( $isNew ) {
if ( checkJversion() != 1 ) {
// J1.5 works better with null here... has bug that it offsets the time by server date, others need this:
$this->registerDate = date('Y-m-d H:i:s', $_CB_framework->now() );
}
}
if ( $bindResults ) {
if ( $isNew ) {
if ( $this->password == null ) {
$this->setRandomPassword();
$ueConfig['emailpass'] = 1; // set this global to 1 to force password to be sent to new users.
}
}
// In backend only: if group has been changed and where original group was a Super Admin: check if there is at least a super-admin left:
if ( $ui == 2 ) {
$myGid = userGID( $_CB_framework->myId() );
$cms_admin = $_CB_framework->acl->mapGroupNamesToValues( 'Administrator' );
$cms_super_admin = $_CB_framework->acl->mapGroupNamesToValues( 'Superadministrator' );
if ( ! $isNew ) {
if ( $this->gid != $oldUserComplete->gid ) {
if ( $oldUserComplete->gid == $cms_super_admin ) {
// count number of active super admins
if ( checkJversion() == 2 ) {
$query = 'SELECT COUNT( a.id )'
. "\n FROM #__users AS a"
. "\n INNER JOIN #__user_usergroup_map AS b"
. ' ON b.user_id = a.id'
. "\n WHERE b.group_id = " . (int) $cms_super_admin
. "\n AND a.block = 0"
;
} else {
$query = 'SELECT COUNT( id )'
. "\n FROM #__users"
. "\n WHERE gid = " . (int) $cms_super_admin
. "\n AND block = 0"
;
}
$_CB_database->setQuery( $query );
$count = $_CB_database->loadResult();
if ( $count <= 1 ) {
// disallow change if only one Super Admin exists
$this->_error = 'You cannot change this users Group as it is the only active Super Administrator for your site';
return false;
}
}
$user_group = strtolower( $_CB_framework->acl->get_group_name( $oldUserComplete->gid, 'ARO' ) );
if ( ( $user_group == 'super administrator' && $myGid != $cms_super_admin ) ) {
// disallow change of super-Admin by non-super admin
$this->_error = 'You cannot change this users Group as you are not a Super Administrator for your site';
return false;
} elseif ( $this->id == $_CB_framework->myId() && $myGid == $cms_super_admin ) {
// CB-specific: disallow change of own Super Admin group:
$this->_error = 'You cannot change your own Super Administrator status for your site';
return false;
} else if ( $myGid == $cms_admin && $oldUserComplete->gid == $cms_admin ) {
// disallow change of super-Admin by non-super admin
$this->_error = 'You cannot change the Group of another Administrator as you are not a Super Administrator for your site';
return false;
} // ensure user can't add group higher than themselves done below
}
}
// Security check to avoid creating/editing user to higher level than himself: CB response to artf4529.
if ( ! in_array( $this->gid, getChildGIDS( $myGid ) ) ) {
$this->_error = 'illegal attempt to set user at higher level than allowed !';
return false;
}
}
}
if ( $reason == 'edit' ) {
if ( $ui == 1 ) {
$_PLUGINS->trigger( 'onBeforeUserUpdate', array( &$this, &$this, &$oldUserComplete, &$oldUserComplete ) );
} elseif ( $ui == 2 ) {
if ( $isNew || $newCBuser ) {
$_PLUGINS->trigger( 'onBeforeNewUser', array( &$this, &$this, false ) );
} else {
$_PLUGINS->trigger( 'onBeforeUpdateUser', array( &$this, &$this, &$oldUserComplete ) );
}
}
} elseif ( $reason == 'register' ) {
$_PLUGINS->trigger( 'onBeforeUserRegistration', array( &$this, &$this ) );
}
$beforeResult = ! $_PLUGINS->is_errors();
if ( ! $beforeResult ) {
$this->_error = $_PLUGINS->getErrorMSG( false ); // $_PLUGIN collects all error messages, incl. previous ones.
}
// Saves tab plugins:
// on edits, user params and block/email/approved/confirmed are done in cb.core predefined fields.
// So now calls this and more (CBtabs are already created in $this->bindSafely() ).
$pluginTabsResult = true;
if ( $reason == 'edit' ) {
$this->_cbTabs->savePluginTabs( $this, $array );
$pluginTabsResult = ! $_PLUGINS->is_errors();
if ( ! $pluginTabsResult ) {
$this->_error = $_PLUGINS->getErrorMSG( false ); // $_PLUGIN collects all error messages, incl. previous ones.
}
}
if ( $bindResults && $beforeResult && $pluginTabsResult ) {
// Hashes password for CMS storage:
$clearTextPassword = $this->password;
if ( $clearTextPassword ) {
$hashedPassword = $this->hashAndSaltPassword( $clearTextPassword );
$this->password = $hashedPassword;
}
// Stores user if it's a new user:
if ( $isNew ) {
if ( ! $this->store() ) {
return false;
}
}
// Restores cleartext password for the saveRegistrationPluginTabs:
$this->password = $clearTextPassword;
}
if ( $reason == 'register' ) {
if ( $bindResults && $beforeResult && $pluginTabsResult ) {
// Sets the instance of user, to avoid reload from database, and loss of the cleartext password.
CBuser::setUserGetCBUserInstance( $this );
}
// call here since we got to have a user id:
$registerResults = array();
$registerResults['tabs'] = $this->_cbTabs->saveRegistrationPluginTabs( $this, $array );
if ( $_PLUGINS->is_errors() ) {
if ( $bindResults && $beforeResult && $pluginTabsResult ) {
$plugins_error = $_PLUGINS->getErrorMSG( false ); // $_PLUGIN collects all error messages, incl. previous ones.
if ( $isNew ) {
// if it was a new user, and plugin gave error, revert the creation:
$this->delete();
}
$this->_error = $plugins_error;
} else {
$this->_error = $_PLUGINS->getErrorMSG( false ); // $_PLUGIN collects all error messages, incl. previous ones.
}
$pluginTabsResult = false;
}
}
if ( ! ( $bindResults && $beforeResult && $pluginTabsResult ) ) {
// Normal error exit point:
$_PLUGINS->trigger( 'onSaveUserError', array( &$this, $this->_error, $reason ) );
if ( is_array( $this->_error ) ) {
$this->_error = implode( '<br />', $this->_error );
}
return false;
}
// Stores the user (again if it's a new as the plugins might have changed the user record):
if ( $clearTextPassword ) {
$this->password = $hashedPassword;
}
if ( ! $this->store() ) {
return false;
}
// Restores cleartext password for the onAfter and activation events:
$this->password = $clearTextPassword;
// Triggers onAfter and activateUser events:
if ( $reason == 'edit' ) {
if ( $ui == 1 ) {
$_PLUGINS->trigger( 'onAfterUserUpdate', array( &$this, &$this, $oldUserComplete ) );
} elseif ( $ui == 2 ) {
if ( $isNew || $newCBuser ) {
if ( $isNew ) {
$ueConfig['emailpass'] = 1; // set this global to 1 to force password to be sent to new users.
}
$_PLUGINS->trigger( 'onAfterNewUser', array( &$this, &$this, false, true ) );
if ( $this->block == 0 && $this->approved == 1 && $this->confirmed ) {
activateUser( $this, 2, 'NewUser', false, $isNew );
}
} else {
if ( ( ! ( ( $oldUserComplete->approved == 1 || $oldUserComplete->approved == 2 ) && $oldUserComplete->confirmed ) )
&& ($this->approved == 1 && $this->confirmed ) )
{
// first time a just registered and confirmed user got approved in backend through save user:
if( isset( $ueConfig['emailpass'] ) && ( $ueConfig['emailpass'] == "1" ) && ( $this->password == '' ) ) {
// generate the password is auto-generated and not set by the admin at this occasion:
$this->setRandomPassword();
$pwd = $this->hashAndSaltPassword( $this->password );
$_CB_database->setQuery( "UPDATE #__users SET password="******" WHERE id = " . (int) $this->id );
$_CB_database->query();
}
}
$_PLUGINS->trigger( 'onAfterUpdateUser', array( &$this, &$this, $oldUserComplete ) );
if ( ( ! ( ( $oldUserComplete->approved == 1 || $oldUserComplete->approved == 2 ) && $oldUserComplete->confirmed ) )
&& ($this->approved == 1 && $this->confirmed ) )
{
// first time a just registered and confirmed user got approved in backend through save user:
activateUser( $this, 2, 'UpdateUser', false );
}
}
}
} elseif ( $reason == 'register' ) {
$registerResults['after'] = $_PLUGINS->trigger( 'onAfterUserRegistration', array( &$this, &$this, true ) );
$registerResults['ok'] = true;
return $registerResults;
}
return true;
}
function _getTabFieldsDb( $tabid, &$user, $reason, $fieldIdOrName = null, $prefetchFields = true ) {
static $prefetched = null;
static $fieldsByName = null;
if ( ( ! $prefetchFields ) || ( $prefetched === null ) ) {
global $_CB_framework, $_CB_database, $ueConfig;
$where = array();
$ordering = array();
if ( $fieldIdOrName && ! $prefetchFields ) {
if ( is_int( $fieldIdOrName ) ) {
$where[] = 'f.fieldid = ' . (int) $fieldIdOrName;
} else {
$where[] = 'f.name = ' . $_CB_database->Quote( $fieldIdOrName );
}
}
if ( ( $reason == 'list' ) && ( in_array( $ueConfig['name_format'], array( 1, 2, 4 ) ) ) ) {
$where[] = "( f.published = 1 OR f.name = 'name' )";
} elseif ( $reason != 'adminfulllist' ) {
$where[] = 'f.published = 1';
}
switch ( $reason ) {
case 'profile':
$where[] = 'f.profile != 0';
break;
case 'list':
$where[] = "( f.profile != 0 OR f.name = 'username'" . ( in_array( $ueConfig['name_format'], array( 1, 2, 4 ) ) ? " OR f.name = 'name'" : '' ) . ')';
break;
case 'register':
$where[] = 'f.registration = 1';
break;
case 'adminfulllist':
default:
break;
}
if ( $tabid && ! $prefetchFields ) {
$where[] = 'f.tabid = ' . (int) $tabid;
} else {
if ( $reason != 'adminfulllist' ) {
$where[] = 't.enabled = 1';
}
if ( $reason != 'register' ) {
$where[] = 't.useraccessgroupid IN (' . implode(',',getChildGIDS(userGID( $_CB_framework->myId() ))) . ')';
}
}
if ( ( ( $reason == 'profile' ) || ( $reason == 'list' ) ) && ( $ueConfig['allow_email_display'] == 0 ) && ( $reason != 'adminfulllist' ) ) {
$where[] = 'f.type != ' . $_CB_database->Quote( 'emailaddress' );
}
if ( ( ! $tabid ) || $prefetchFields ) {
if ( $reason == 'register' ) {
$ordering[] = 't.ordering_register';
}
$ordering[] = 't.position';
$ordering[] = 't.ordering';
}
$ordering[] = 'f.ordering';
$sql = 'SELECT f.*';
if ( $reason == 'register' ) {
$sql .= ', t.ordering_register AS tab_ordering_register, t.position AS tab_position, t.ordering AS tab_ordering';
}
$sql .= ' FROM #__comprofiler_fields f';
if ( ( ! $tabid ) || $prefetchFields ) {
// don't get fields which are not assigned to tabs:
$sql .= "\n INNER JOIN #__comprofiler_tabs AS t ON (f.tabid = t.tabid)";
}
$sql .= "\n WHERE " . implode( ' AND ', $where )
. "\n ORDER BY " . implode( ', ', $ordering );
;
$_CB_database->setQuery( $sql );
if ( $prefetchFields ) {
$fieldsByName = $_CB_database->loadObjectList( 'name', 'moscomprofilerFields', array( &$_CB_database ) );
if ( ! $_CB_database->getErrorNum() ) {
foreach ( array_keys( $fieldsByName ) as $i ) {
$fieldsByName[$i]->params = new cbParamsBase( $fieldsByName[$i]->params );
$prefetched[(int) $fieldsByName[$i]->tabid][$fieldsByName[$i]->fieldid] = $fieldsByName[$i];
}
}
} else {
$fields = $_CB_database->loadObjectList( null, 'moscomprofilerFields', array( &$_CB_database ) );
if ( ! $_CB_database->getErrorNum() ) {
for ( $i = 0, $n = count( $fields ); $i < $n; $i++ ) {
$fields[$i]->params = new cbParamsBase( $fields[$i]->params );
}
}
}
}
if ( $prefetched !== null ) {
if ( $tabid ) {
if (isset( $prefetched[(int) $tabid] ) ) {
$fields = $prefetched[(int) $tabid];
} else {
$fields = array();
}
} elseif ( $fieldIdOrName ) {
if ( is_int( $fieldIdOrName ) ) {
$fields = array();
foreach ( array_keys( $prefetched ) as $k ) {
if ( isset( $prefetched[$k][$fieldIdOrName] ) ) {
$fields[] = $prefetched[$k][$fieldIdOrName];
break;
}
}
} elseif (isset( $fieldsByName[$fieldIdOrName] ) ) {
$fields = array( $fieldsByName[$fieldIdOrName] );
} else {
$fields = array();
}
} else {
$fields = array();
foreach ( $prefetched as /* $tid => */ $flds ) {
// $fields = array_merge( $fields, $flds );
foreach ( $flds as $fl ) {
$fields[$fl->fieldid] = $fl;
}
}
}
}
// THIS is VERY experimental, and not yet part of CB API !!! :
global $_PLUGINS;
$_PLUGINS->loadPluginGroup( 'user' );
$_PLUGINS->trigger( 'onAfterFieldsFetch', array( &$fields, &$user, $reason, $tabid, $fieldIdOrName ) );
return $fields;
}
