/**
* gets Itemid of CB profile, or by default of homepage
* (If possible, use $_CB_framework->userProfiler...Url and ->viewUrl from CB 1.2.3 on)
*
* @param boolean $htmlspecialchars TRUE if should return "&:Itemid...." instead of "&Itemid..." (with FALSE as default), === 0 if return only int
* @param string $task task/view e.g. 'userslist' (since CB 1.2.3)
* @return string "&Itemid=xxx"
*/
function getCBprofileItemid($htmlspecialchars = false, $task = 'userprofile')
{
global $_CB_database, $_CB_framework;
static $cacheItemids = array();
if (!isset($cacheItemids[$task])) {
if (class_exists('moscomprofilerUser', false)) {
$viewLevels = CBuser::getMyInstance()->getAuthorisedViewLevelsIds(checkJversion() >= 2 ? false : true);
} else {
// Compute View Level using CMS without loading cb.table and cb.database if they are not already loaded (e.g. when using this function in modules):
if (checkJversion() >= 2) {
$viewLevels = JUser::getInstance()->getAuthorisedViewLevels();
} else {
$viewLevels = range(0, $_CB_framework->myCmsGid());
}
}
$cleanedANDpubAccess = ' AND published = 1 AND access IN (' . implode(',', cbArrayToInts($viewLevels)) . ')';
if (checkJversion() >= 2) {
$cleanedANDpubAccess .= ' AND ' . $_CB_database->NameQuote('language') . ' IN ( ' . $_CB_database->Quote($_CB_framework->getCfg('lang_tag')) . ', ' . $_CB_database->Quote('*') . ', ' . $_CB_database->Quote('') . ' )';
}
if ($task !== 'userprofile' && is_string($task)) {
$_CB_database->setQuery('SELECT id FROM #__menu WHERE link LIKE ' . $_CB_database->Quote('index.php?option=com_comprofiler&task=' . $_CB_database->getEscaped($task, true) . '%', false) . $cleanedANDpubAccess);
$Itemid = (int) $_CB_database->loadResult();
} else {
$Itemid = null;
}
if ($task === 'userprofile' || !$Itemid && !in_array($task, array('login', 'logout', 'registers', 'lostpassword'))) {
// $task used to be a boolean before CB 1.2.3 but with no effect:
$task = 'userprofile';
$_CB_database->setQuery("SELECT id FROM #__menu WHERE link = 'index.php?option=com_comprofiler'" . $cleanedANDpubAccess);
$Itemid = (int) $_CB_database->loadResult();
if (!$Itemid) {
// if no user profile, try getting itemid of the default list:
$_CB_database->setQuery("SELECT id FROM #__menu WHERE link = 'index.php?option=com_comprofiler&task=usersList'" . $cleanedANDpubAccess);
$Itemid = (int) $_CB_database->loadResult();
}
}
$cacheItemids[$task] = $Itemid;
}
if ($cacheItemids[$task]) {
if (is_bool($htmlspecialchars)) {
return ($htmlspecialchars ? "&" : "&") . "Itemid=" . $cacheItemids[$task];
} else {
return $cacheItemids[$task];
}
} else {
return null;
}
}
function getDisplayTab($tab, $user, $ui)
{
global $_CB_framework, $_CB_database, $mainframe;
$jVer = checkJversion();
$showHits = $_CB_framework->getCfg('hits');
$showRating = $_CB_framework->getCfg('vote');
$return = '';
if ($jVer >= 2) {
$curTz = date_default_timezone_get();
date_default_timezone_set('UTC');
$now = date('Y-m-d H:i:s');
date_default_timezone_set($curTz);
} else {
$now = date('Y-m-d H:i:s', $_CB_framework->now() + $_CB_framework->getCfg('offset') * 60 * 60);
}
$query = "SELECT a.id, a.catid, a.title, a.hits,a.created, ROUND( r.rating_sum / r.rating_count ) AS rating,r.rating_count";
if ($jVer >= 1) {
$query .= ', CASE WHEN CHAR_LENGTH(a.alias) THEN CONCAT_WS(\':\', a.id, a.alias) ELSE a.id END as slug,' . ' CASE WHEN CHAR_LENGTH(cc.alias) THEN CONCAT_WS(":", cc.id, cc.alias) ELSE cc.id END as catslug';
}
$query .= "\n FROM #__content AS a" . "\n LEFT JOIN #__content_rating AS r ON r.content_id=a.id";
if ($jVer < 2) {
$query .= "\n INNER JOIN #__sections AS s ON s.id=a.sectionid AND s.title != 'Mamblog'";
}
if ($jVer >= 1) {
$query .= "\n LEFT JOIN #__categories AS cc ON cc.id = a.catid";
}
$query .= "\n WHERE a.created_by=" . (int) $user->id . "" . "\n AND a.state = 1 " . "\n AND (publish_up = '0000-00-00 00:00:00' OR publish_up <= '{$now}')" . "\n AND (publish_down = '0000-00-00 00:00:00' OR publish_down >= '{$now}')" . "\n AND a.access IN (" . implode(',', CBuser::getMyInstance()->getAuthorisedViewLevelsIds($jVer >= 2 ? false : true)) . ')' . "\n ORDER BY a.created DESC";
$_CB_database->setQuery($query);
//print $_CB_database->getQuery();
$items = $_CB_database->loadObjectList();
if (!count($items) > 0) {
$return .= "<br /><br /><div class=\"cbNoArticles\" style=\"width:95%;\">";
$return .= _UE_NOARTICLES;
$return .= "</div>";
return $return;
}
$return .= $this->_writeTabDescription($tab, $user);
$return .= "<table cellpadding=\"5\" cellspacing=\"0\" border=\"0\" width=\"95%\">";
$return .= "<tr class=\"sectiontableheader\">";
$return .= "<th>" . _UE_ARTICLEDATE . "</th>";
$return .= "<th>" . _UE_ARTICLETITLE . "</th>";
if ($showHits) {
$return .= "<th>" . _UE_ARTICLEHITS . "</th>";
}
if ($showRating) {
$return .= "<th>" . _UE_ARTICLERATING . "</th>";
}
$return .= "</tr>";
$i = 1;
$hits = "";
$rating = "";
foreach ($items as $item) {
if (isset($mainframe) && is_callable(array($mainframe, "getItemid"))) {
$itemid = $mainframe->getItemid($item->id);
} elseif (is_callable("JApplicationHelper::getItemid")) {
$itemid = JApplicationHelper::getItemid($item->id);
} else {
$itemid = null;
}
$itemidtxt = $itemid ? "&Itemid=" . (int) $itemid : "";
$i = $i == 1 ? 2 : 1;
if (is_callable(array("mosAdminMenus", "ImageCheck"))) {
$starImageOn = mosAdminMenus::ImageCheck('rating_star.png', '/images/M_images/');
$starImageOff = mosAdminMenus::ImageCheck('rating_star_blank.png', '/images/M_images/');
} else {
// Mambo 4.5.0:
$starImageOn = '<img src="' . $_CB_framework->getCfg('live_site') . '/images/M_images/rating_star.png" alt="" align="middle" style="border:0px;" />';
$starImageOff = '<img src="' . $_CB_framework->getCfg('live_site') . '/images/M_images/rating_star_blank.png" alt="" align="middle" style="border:0px;" />';
}
$img = "";
if ($showRating) {
for ($j = 0; $j < $item->rating; $j++) {
$img .= $starImageOn;
}
for ($j = $item->rating; $j < 5; $j++) {
$img .= $starImageOff;
}
$rating = '<td><span class="content_rating">';
$rating .= $img . ' / ';
$rating .= intval($item->rating_count);
$rating .= "</span></td>\n";
}
if ($showHits) {
$hits = "<td>" . $item->hits . "</td>";
}
if ($jVer == 2) {
require_once $_CB_framework->getCfg('absolute_path') . '/components/com_content/helpers/route.php';
$url = ContentHelperRoute::getArticleRoute($item->id, $item->catid);
if (!stristr($url, 'Itemid')) {
$url = $_CB_framework->getCfg('live_site') . '/' . $url;
} else {
$url = cbSef($url);
}
} elseif ($jVer == 1) {
$url = cbSef('index.php?option=com_content&view=article&id=' . $item->slug . '&catid=' . $item->catslug . $itemidtxt);
} else {
$url = cbSef('index.php?option=com_content&task=view&id=' . (int) $item->id . $itemidtxt);
}
$return .= "<tr class=\"sectiontableentry{$i}\"><td>" . cbFormatDate($item->created) . "</td><td><a href=\"" . $url . "\">" . $item->title . "</a></td>" . $hits . $rating . "</tr>\n";
}
$return .= "</table>";
return $return;
}
/**
* Prepares field data for saving to database (safe transfer from $postdata to $user)
* Override
*
* @param moscomprofilerFields $field
* @param moscomprofilerUser $user RETURNED populated: touch only variables related to saving this field (also when not validating for showing re-edit)
* @param array $postdata Typically $_POST (but not necessarily), filtering required.
* @param string $reason 'edit' for save profile edit, 'register' for registration, 'search' for searches
*/
function prepareFieldDataSave(&$field, &$user, &$postdata, $reason)
{
$this->_prepareFieldMetaSave($field, $user, $postdata, $reason);
global $_CB_framework, $ueConfig;
// Nb. frontend registration setting of usertype, gid, block, sendEmail, confirmed, approved
// are handled in moscomprofilerUser::bindSafely() so they are available to other plugins.
// this is (for now) handled in the core of CB... except params and block/email/approved/confirmed:
if ($_CB_framework->getUi() == 2) {
$canBlockUser = CBuser::getMyInstance()->authoriseAction('core.edit.state', 'com_users');
if ($canBlockUser) {
if (checkJversion() == 2) {
$user->gids = cbGetParam($postdata, 'gid', array(0));
$user->gid = (int) $_CB_framework->acl->getBackwardsCompatibleGid($user->gids);
} else {
$user->gid = cbGetParam($postdata, 'gid', 0);
$user->gids = array($user->gid);
}
if (isset($postdata['block'])) {
$user->block = cbGetParam($postdata, 'block', 0);
}
if (isset($postdata['approved'])) {
$user->approved = cbGetParam($postdata, 'approved', 0);
}
if (isset($postdata['confirmed'])) {
$user->confirmed = cbGetParam($postdata, 'confirmed', 0);
}
if (isset($postdata['sendEmail'])) {
$user->sendEmail = cbGetParam($postdata, 'sendEmail', 0);
}
}
}
if ($_CB_framework->getUi() == 2 || (isset($ueConfig['frontend_userparams']) ? $ueConfig['frontend_userparams'] == 1 : in_array($_CB_framework->getCfg("frontend_userparams"), array('1', null)))) {
// save user params
$params = cbGetParam($_POST, 'params', null);
//TBD: verify if stripslashes is needed here: it might be needed...leaving as is for now.
if ($params != null) {
if (is_array($params)) {
if (checkJversion() == 2) {
$registry = new JRegistry($params);
$value = $registry->toArray();
$valueString = $registry->toString();
} else {
$txt = array();
foreach ($params as $k => $v) {
$txt[] = $k . '=' . $v;
}
$value = implode("\n", $txt);
$valueString = $value;
}
if ((string) $user->params !== (string) $valueString) {
$this->_logFieldUpdate($field, $user, $reason, $user->params, $value);
}
$user->params = $value;
}
}
} else {
if (checkJversion() == 2) {
// Joomla 2.5 has a bug, where an untouched $user->params string is not saved correctly: So let's workaround this here:
if ($user->id) {
$juser = JUser::getInstance($user->id);
} else {
$juser = JUser::getInstance();
}
$user->params = $juser->getParameters(true)->toArray();
}
}
}
/**
* Saves a new or existing CB+CMS user
* WARNINGS:
* - You must verify authorization of user to perform this (user checkCBpermissions() )
* - You must $this->load() existing user first
*
* @param array $array Raw unfiltered input, typically $_POST
* @param int $ui 1 = Front-end (limitted rights), 2 = Backend (almost unlimitted), 0 = automated (full)
* @param string $reason 'edit' or 'register'
* @return boolean
*/
function saveSafely(&$array, $ui, $reason)
{
global $_CB_framework, $_CB_database, $ueConfig, $_PLUGINS;
// Get current user state and store it into $oldUserComplete:
$oldUserComplete = new moscomprofilerUser($this->_db);
foreach (array_keys(get_object_vars($this)) as $k) {
if (substr($k, 0, 1) != '_') {
// ignore internal vars
$oldUserComplete->{$k} = $this->{$k};
}
}
if ($oldUserComplete->gids === null) {
$oldUserComplete->gids = array();
}
// 1) Process and validate the fields in form by CB field plugins:
// 2) Bind the fields to CMS User:
$bindResults = $this->bindSafely($array, $ui, $reason, $oldUserComplete);
if ($bindResults) {
// During bindSafely, in saveTabContents, the validations have already taken place, for mandatory fields.
if ($this->name == '' && $this->username == '' && $this->email != '') {
$this->username = $this->email;
$this->_cmsUser->username = $this->username;
}
// Checks that name is set. If not, uses the username as name, as Mambo/Joola mosUser::store() uses name for ACL
// and ACL bugs with no name.
if ($this->name == '') {
$this->name = $this->username;
$this->_cmsUser->name = $this->name;
} elseif ($this->username == '') {
$this->username = $this->name;
$this->_cmsUser->username = $this->username;
}
if (!$this->checkSafely()) {
$bindResults = false;
}
}
// For new registrations or backend user creations, set registration date and password if neeeded:
$isNew = !$this->id;
$newCBuser = $oldUserComplete->user_id == null;
if ($isNew) {
if (checkJversion() != 1) {
// J1.5 works better with null here... has bug that it offsets the time by server date, others need this:
$this->registerDate = $_CB_framework->dateDbOfNow();
}
}
if ($bindResults) {
if ($isNew) {
if ($this->password == null) {
$this->setRandomPassword();
$ueConfig['emailpass'] = 1;
// set this global to 1 to force password to be sent to new users.
}
}
// In backend only: if group has been changed and where original group was a Super Admin: check if there is at least a super-admin left:
if ($ui == 2) {
$myGids = $_CB_framework->acl->get_groups_below_me(null, true);
$cms_admin = $_CB_framework->acl->mapGroupNamesToValues('Administrator');
$cms_super_admin = $_CB_framework->acl->mapGroupNamesToValues('Superadministrator');
$i_am_super_admin = $_CB_framework->acl->amIaSuperAdmin();
$i_am_admin = in_array($cms_admin, $myGids);
if (!$isNew) {
if (checkJversion() == 2) {
if ($i_am_super_admin && $_CB_framework->myId() == $this->id) {
// Check that a fool Super User does not block himself:
if ($this->block && !$oldUserComplete->block) {
$this->_error = 'Super Users can not block themselves';
return false;
}
// Check that a fool Super User does not demote himself from Super-User rights:
if ($this->gids != $oldUserComplete->gids) {
$staysSuperUser = $_CB_framework->acl->authorizeGroupsForAction($this->gids, 'core.admin', null);
if (!$staysSuperUser) {
$this->_error = 'You cannot demote yourself from your Super User permission';
return false;
}
}
}
// Check that a non-Super User/non-admin does not demote an admin or a Super user:
if ($this->gids != $oldUserComplete->gids) {
if (!$i_am_super_admin && !(CBuser::getMyInstance()->authoriseAction('core.admin') || CBuser::getMyInstance()->authoriseAction('core.manage', 'com_users') && CBuser::getMyInstance()->authoriseAction('core.edit', 'com_users') && CBuser::getMyInstance()->authoriseAction('core.edit.state', 'com_users'))) {
// I am not a Super User and not an Users administrator:
$userIsSuperUser = JUser::getInstance($this->id)->authorise('core.admin');
// User is super-user: Check if he stays so:
if ($userIsSuperUser) {
$staysSuperUser = $_CB_framework->acl->authorizeGroupsForAction($this->gids, 'core.admin', null);
if (!$staysSuperUser) {
$this->_error = 'You cannot remove a Super User permission. Only Super Users can do that.';
return false;
}
}
$userCanAdminUsers = (CBuser::getInstance($this->id)->authoriseAction('core.manage', 'com_users') || CBuser::getInstance($this->id)->authoriseAction('core.manage')) && CBuser::getInstance($this->id)->authoriseAction('core.edit', 'com_users') && CBuser::getInstance($this->id)->authoriseAction('core.edit.state', 'com_users');
// User is users-administrator: check if he can stay so:
if ($userCanAdminUsers) {
$staysUserAdmin = ($_CB_framework->acl->authorizeGroupsForAction($this->gids, 'core.manage', 'com_users') || $_CB_framework->acl->authorizeGroupsForAction($this->gids, 'core.manage')) && $_CB_framework->acl->authorizeGroupsForAction($this->gids, 'core.edit', 'com_users') && $_CB_framework->acl->authorizeGroupsForAction($this->gids, 'core.edit.state', 'com_users');
if (!$staysUserAdmin) {
$this->_error = 'An users manager cannot be demoted by a non-administrator';
return false;
}
}
}
}
} else {
if ($this->gid != $oldUserComplete->gid) {
if ($oldUserComplete->gid == $cms_super_admin) {
// count number of active super admins
$query = 'SELECT COUNT( id )' . "\n FROM #__users" . "\n WHERE gid = " . (int) $cms_super_admin . "\n AND block = 0";
$_CB_database->setQuery($query);
$count = $_CB_database->loadResult();
if ($count <= 1) {
// disallow change if only one Super Admin exists
$this->_error = 'You cannot change this users Group as it is the only active Super Administrator for your site';
return false;
}
}
$user_group = strtolower($_CB_framework->acl->get_group_name($oldUserComplete->gid, 'ARO'));
if ($user_group == 'super administrator' && !$i_am_super_admin) {
// disallow change of super-Admin by non-super admin
$this->_error = 'You cannot change this users Group as you are not a Super Administrator for your site';
return false;
} elseif ($this->id == $_CB_framework->myId() && $i_am_super_admin) {
// CB-specific: disallow change of own Super Admin group:
$this->_error = 'You cannot change your own Super Administrator status for your site';
return false;
} else {
if (!$i_am_super_admin && $i_am_admin && $oldUserComplete->gid == $cms_admin) {
// disallow change of super-Admin by non-super admin
$this->_error = 'You cannot change the Group of another Administrator as you are not a Super Administrator for your site';
return false;
} elseif (in_array($oldUserComplete->gid, $myGids) && !in_array($this->gid, $myGids)) {
// disallow change of group of user into a group that is not child of admin/superadmin:
$this->_error = 'You cannot change the Group of this user to a group that is not child of Registered or Manager as otherwise that user cannot login. If you really need to do that, you can do it in Joomla User Manager.';
return false;
}
}
}
// ensure user can't add group higher than themselves done below
}
}
// Security check to avoid creating/editing user to higher level than himself: CB response to artf4529.
if (!$i_am_super_admin && $this->gids != $oldUserComplete->gids) {
// Does user try to edit a user that has higher groups ?
if (count(array_diff($this->gids, $myGids)) != 0) {
$this->_error = 'Unauthorized attempt to change an user at higher level than allowed !';
return false;
}
// Does the user try to demote higher levels ?
if (array_diff($this->gids, $myGids) != array_diff($oldUserComplete->gids, $myGids)) {
$this->_error = 'Unauthorized attempt to change higher groups of an user than allowed !';
return false;
}
}
}
}
if ($reason == 'edit') {
if ($ui == 1) {
$_PLUGINS->trigger('onBeforeUserUpdate', array(&$this, &$this, &$oldUserComplete, &$oldUserComplete));
} elseif ($ui == 2) {
if ($isNew || $newCBuser) {
$_PLUGINS->trigger('onBeforeNewUser', array(&$this, &$this, false));
} else {
$_PLUGINS->trigger('onBeforeUpdateUser', array(&$this, &$this, &$oldUserComplete));
}
}
} elseif ($reason == 'register') {
$_PLUGINS->trigger('onBeforeUserRegistration', array(&$this, &$this));
}
$beforeResult = !$_PLUGINS->is_errors();
if (!$beforeResult) {
$this->_error = $_PLUGINS->getErrorMSG(false);
// $_PLUGIN collects all error messages, incl. previous ones.
}
// Saves tab plugins:
// on edits, user params and block/email/approved/confirmed are done in cb.core predefined fields.
// So now calls this and more (CBtabs are already created in $this->bindSafely() ).
$pluginTabsResult = true;
if ($reason == 'edit') {
$this->_cbTabs->savePluginTabs($this, $array);
$pluginTabsResult = !$_PLUGINS->is_errors();
if (!$pluginTabsResult) {
$this->_error = $_PLUGINS->getErrorMSG(false);
// $_PLUGIN collects all error messages, incl. previous ones.
}
}
if ($bindResults && $beforeResult && $pluginTabsResult) {
// Hashes password for CMS storage:
$clearTextPassword = $this->password;
if ($clearTextPassword) {
$hashedPassword = $this->hashAndSaltPassword($clearTextPassword);
$this->password = $hashedPassword;
}
// Stores user if it's a new user:
if ($isNew) {
if (!$this->store()) {
return false;
}
}
// Restores cleartext password for the saveRegistrationPluginTabs:
$this->password = $clearTextPassword;
if ($isNew) {
// Sets the instance of user, to avoid reload from database, and loss of the cleartext password.
CBuser::setUserGetCBUserInstance($this);
}
}
if ($reason == 'register') {
// call here since we got to have a user id:
$registerResults = array();
$registerResults['tabs'] = $this->_cbTabs->saveRegistrationPluginTabs($this, $array);
if ($_PLUGINS->is_errors()) {
if ($bindResults && $beforeResult && $pluginTabsResult) {
$plugins_error = $_PLUGINS->getErrorMSG(false);
// $_PLUGIN collects all error messages, incl. previous ones.
if ($isNew) {
// if it was a new user, and plugin gave error, revert the creation:
$this->delete();
}
$this->_error = $plugins_error;
} else {
$this->_error = $_PLUGINS->getErrorMSG(false);
// $_PLUGIN collects all error messages, incl. previous ones.
}
$pluginTabsResult = false;
}
}
if ($bindResults && $beforeResult && $pluginTabsResult) {
$this->_cbTabs->commitTabsContents($this, $array, $reason);
$commit_errors = $_PLUGINS->getErrorMSG(false);
if (count($commit_errors) > 0) {
$this->_error = $commit_errors;
$bindResults = false;
}
}
if (!($bindResults && $beforeResult && $pluginTabsResult)) {
$this->_cbTabs->rollbackTabsContents($this, $array, $reason);
// Normal error exit point:
$_PLUGINS->trigger('onSaveUserError', array(&$this, $this->_error, $reason));
if (is_array($this->_error)) {
$this->_error = implode('<br />', $this->_error);
}
return false;
}
// Stores the user (again if it's a new as the plugins might have changed the user record):
if ($clearTextPassword) {
$this->password = $hashedPassword;
}
if (!$this->store()) {
return false;
}
// Restores cleartext password for the onAfter and activation events:
$this->password = $clearTextPassword;
// Triggers onAfter and activateUser events:
if ($reason == 'edit') {
if ($ui == 1) {
$_PLUGINS->trigger('onAfterUserUpdate', array(&$this, &$this, $oldUserComplete));
} elseif ($ui == 2) {
if ($isNew || $newCBuser) {
if ($isNew) {
$ueConfig['emailpass'] = 1;
// set this global to 1 to force password to be sent to new users.
}
$_PLUGINS->trigger('onAfterNewUser', array(&$this, &$this, false, true));
if ($this->block == 0 && $this->approved == 1 && $this->confirmed) {
activateUser($this, 2, 'NewUser', false, $isNew);
}
} else {
if (!(($oldUserComplete->approved == 1 || $oldUserComplete->approved == 2) && $oldUserComplete->confirmed) && ($this->approved == 1 && $this->confirmed)) {
// first time a just registered and confirmed user got approved in backend through save user:
if (isset($ueConfig['emailpass']) && $ueConfig['emailpass'] == "1" && $this->password == '') {
// generate the password is auto-generated and not set by the admin at this occasion:
$this->setRandomPassword();
$pwd = $this->hashAndSaltPassword($this->password);
$_CB_database->setQuery("UPDATE #__users SET password="******" WHERE id = " . (int) $this->id);
$_CB_database->query();
}
}
$_PLUGINS->trigger('onAfterUpdateUser', array(&$this, &$this, $oldUserComplete));
if (!(($oldUserComplete->approved == 1 || $oldUserComplete->approved == 2) && $oldUserComplete->confirmed) && ($this->approved == 1 && $this->confirmed)) {
// first time a just registered and confirmed user got approved in backend through save user:
activateUser($this, 2, 'UpdateUser', false);
}
}
}
} elseif ($reason == 'register') {
$registerResults['after'] = $_PLUGINS->trigger('onAfterUserRegistration', array(&$this, &$this, true));
$registerResults['ok'] = true;
return $registerResults;
}
return true;
}
/**
* render backend edit plugin view
*
* @param object $row
* @param string $option
* @param string $task
* @param int $uid
* @param string $action
* @param string $element
* @param int $mode
* @param object $pluginParams
*/
public function editPluginView( $row, $option, $task, $uid, $action, $element, $mode, $pluginParams ) {
global $_CB_framework, $_CB_database, $_CB_Backend_Menu, $_CB_Backend_task, $_GJ_Backend_Title, $_PLUGINS;
if ( ! CBuser::getMyInstance()->authoriseAction( 'core.manage' ) ) {
cbRedirect( $_CB_framework->backendUrl( 'index.php' ), _UE_NOT_AUTHORIZED, 'error' );
}
outputCbJs( 2 );
outputCbTemplate( 2 );
$plugin = cbgjClass::getPlugin();
$_CB_framework->document->addHeadStyleSheet( $plugin->livePath . '/admin.' . $plugin->element . '.css' );
require_once( $plugin->absPath . '/admin.' . $plugin->element . '.html.php' );
$_CB_Backend_task = $task;
$_GJ_Backend_Title = array();
$_CB_Backend_Menu->mode = $plugin->element . 'Admin';
$actions = explode( '.', $action );
$action = ( isset( $actions[0] ) ? $actions[0] : null );
$function = ( isset( $actions[1] ) ? $actions[1] : null );
$id = cbGetParam( $_REQUEST, 'id', array( 0 ) );
$order = cbGetParam( $_REQUEST, 'order', array( 0 ) );
$user =& CBuser::getUserDataInstance( $_CB_framework->myId() );
if ( ! is_array( $id ) ) {
$id = array( $id );
}
if ( ! $id ) {
$id = array( 0 );
}
if ( ! is_array( $order ) ) {
$order = array( $order );
}
if ( ! $order ) {
$order = array( 0 );
}
$save_mode = ( $mode == 'applyPlugin' ? 'apply' : $function );
ob_start();
switch ( $action ) {
case 'categories':
switch ( $function ) {
case 'menu':
$this->createCategoryMenu( $id[0], $user, $plugin );
break;
case 'publish':
cbSpoofCheck( 'plugin' );
$this->stateCategory( $id, 1, $user, $plugin );
break;
case 'unpublish':
cbSpoofCheck( 'plugin' );
$this->stateCategory( $id, 0, $user, $plugin );
break;
case 'order':
cbSpoofCheck( 'plugin' );
$this->orderCategory( $id, $order, $user, $plugin );
break;
case 'orderup':
cbSpoofCheck( 'plugin' );
$this->orderCategory( $id[0], -1, $user, $plugin );
break;
case 'orderdown':
cbSpoofCheck( 'plugin' );
$this->orderCategory( $id[0], 1, $user, $plugin );
break;
case 'batch':
$this->batchCategory( $id, $user, $plugin );
break;
case 'copy':
$this->copyCategory( $id, $user, $plugin );
break;
case 'delete':
cbSpoofCheck( 'plugin' );
$this->deleteCategory( $id, $user, $plugin );
break;
case 'new':
$this->showCategoryEdit( null, $user, $plugin );
break;
case 'edit':
$this->showCategoryEdit( $id[0], $user, $plugin );
break;
case 'save':
case 'apply':
cbSpoofCheck( 'plugin' );
$this->saveCategoryEdit( $id[0], $save_mode, $user, $plugin );
break;
case 'show':
default:
$this->showCategories( $user, $plugin );
break;
}
break;
case 'groups':
switch ( $function ) {
case 'menu':
$this->createGroupMenu( $id[0], $user, $plugin );
break;
case 'publish':
cbSpoofCheck( 'plugin' );
$this->stateGroup( $id, 1, $user, $plugin );
break;
case 'unpublish':
cbSpoofCheck( 'plugin' );
$this->stateGroup( $id, 0, $user, $plugin );
break;
case 'order':
cbSpoofCheck( 'plugin' );
$this->orderGroup( $id, $order, $user, $plugin );
break;
case 'orderup':
cbSpoofCheck( 'plugin' );
$this->orderGroup( $id[0], -1, $user, $plugin );
break;
case 'orderdown':
cbSpoofCheck( 'plugin' );
$this->orderGroup( $id[0], 1, $user, $plugin );
break;
case 'batch':
$this->batchGroup( $id, $user, $plugin );
break;
case 'copy':
$this->copyGroup( $id, $user, $plugin );
break;
case 'delete':
cbSpoofCheck( 'plugin' );
$this->deleteGroup( $id, $user, $plugin );
break;
case 'new':
$this->showGroupEdit( null, $user, $plugin );
break;
case 'edit':
$this->showGroupEdit( $id[0], $user, $plugin );
break;
case 'save':
case 'apply':
cbSpoofCheck( 'plugin' );
$this->saveGroupEdit( $id[0], $save_mode, $user, $plugin );
break;
case 'show':
default:
$this->showGroups( $user, $plugin );
break;
}
break;
case 'users':
switch ( $function ) {
case 'ban':
cbSpoofCheck( 'plugin' );
$this->statusUser( $id, -1, $user, $plugin );
break;
case 'active':
cbSpoofCheck( 'plugin' );
$this->statusUser( $id, 1, $user, $plugin );
break;
case 'inactive':
cbSpoofCheck( 'plugin' );
$this->statusUser( $id, 0, $user, $plugin );
break;
case 'mod':
cbSpoofCheck( 'plugin' );
$this->statusUser( $id, 2, $user, $plugin );
break;
case 'admin':
cbSpoofCheck( 'plugin' );
$this->statusUser( $id, 3, $user, $plugin );
break;
case 'owner':
cbSpoofCheck( 'plugin' );
$this->statusUser( $id, 4, $user, $plugin );
break;
case 'batch':
$this->batchUser( $id, $user, $plugin );
break;
case 'delete':
cbSpoofCheck( 'plugin' );
$this->deleteUser( $id, $user, $plugin );
break;
case 'new':
$this->showUserEdit( null, $user, $plugin );
break;
case 'edit':
$this->showUserEdit( $id[0], $user, $plugin );
break;
case 'save':
case 'apply':
cbSpoofCheck( 'plugin' );
$this->saveUserEdit( $id[0], $save_mode, $user, $plugin );
break;
case 'show':
default:
$this->showUsers( $user, $plugin );
break;
}
break;
case 'invites':
switch ( $function ) {
case 'delete':
cbSpoofCheck( 'plugin' );
$this->deleteInvite( $id, $user, $plugin );
break;
case 'show':
default:
$this->showInvites( $user, $plugin );
break;
}
break;
case 'config':
switch ( $function ) {
case 'save':
cbSpoofCheck( 'plugin' );
$this->saveConfig( $_POST, $user, $plugin );
break;
case 'show':
default:
$this->showConfig( $user, $plugin );
break;
}
break;
case 'tools':
switch ( $function ) {
case 'migrate':
$this->showMigrate( $user, $plugin );
break;
case 'delmigrate':
$this->deleteMigrate( $user, $plugin );
break;
case 'show':
default:
$this->showTools( $user, $plugin );
break;
}
break;
case 'fix':
switch ( $function ) {
case 'categories':
$this->fixCategories( $id[0], $user, $plugin );
break;
case 'groups':
$this->fixGroups( $id[0], $user, $plugin );
break;
case 'users':
$this->fixUsers( $id[0], $user, $plugin );
break;
default:
$this->showTools( $user, $plugin );
break;
}
break;
case 'integrations':
$this->showIntegrations( $user, $plugin );
break;
case 'menus':
switch ( $function ) {
case 'save':
$this->saveMenus( $user, $plugin );
break;
default:
$this->showMenus( $user, $plugin );
break;
}
break;
case 'plugin':
$_PLUGINS->trigger( 'gj_onPluginBE', array( array( $function, $id, $order, $save_mode ), $user, $plugin ) );
break;
default:
switch ( $function ) {
case 'menu':
$this->createPluginMenu( $user, $plugin );
break;
case 'show':
default:
$this->showPlugin( $user, $plugin );
break;
}
break;
}
$html = ob_get_contents();
ob_end_clean();
ob_start();
include( $_CB_framework->getCfg( 'absolute_path' ) . '/components/com_comprofiler/plugin/user/plug_cbgroupjive/toolbar.cbgroupjive.php' );
$toolbar = ob_get_contents();
ob_end_clean();
$title = ( isset( $_GJ_Backend_Title[0] ) ? $_GJ_Backend_Title[0] : null );
$class = ( isset( $_GJ_Backend_Title[1] ) ? ' ' . $_GJ_Backend_Title[1] : null );
$return = '<div style="margin:0px;border-width:0px;padding:0px;float:left;width:100%;text-align:left;" class="gjAdmin">'
. '<div id="cbAdminMainWrapper" style="margin:0px;border-width:0px;padding:0px;float:none;width:auto;">'
. '<div style="float:right;" class="gjAdminToolbar">'
. $toolbar
. '</div>'
. '<div style="float:left;" class="header' . $class . '">'
. $title
. '</div>'
. '<div style="clear:both;"></div>'
. '<div style="float:left;width:100%;margin-top:10px;">'
. $html
. '</div>'
. '<div style="clear:both;"></div>'
. '</div>'
. '</div>';
echo $return;
}
/**
* Get the field columns for $listId
*
* @param int $listId The list id to parse
* @param int $userId The user id to use for substitutions
* @return array
*/
public static function getColumns($listId, $userId = null)
{
$row = self::getInstance($listId);
if (!$row) {
return '';
}
if ($userId) {
$cbUser = CBuser::getInstance((int) $userId, false);
} else {
$cbUser = CBuser::getMyInstance();
}
$columns = array();
$params = new Registry($row->params);
$cols = $params->get('columns');
if ($cols) {
foreach ($cols as $i => $column) {
$colFields = array();
if (isset($column['fields']) && $column['fields']) {
foreach ($column['fields'] as $colField) {
if (isset($colField['field']) && $colField['field']) {
$colFields[] = array('fieldid' => $colField['field'], 'display' => isset($colField['display']) ? (int) $colField['display'] : 4);
}
}
}
$col = new stdClass();
$col->fields = $colFields;
$col->title = isset($column['title']) ? $column['title'] : null;
$col->titleRendered = $cbUser->replaceUserVars($col->title);
$col->size = isset($column['size']) ? (int) $column['size'] : 3;
$col->cssclass = isset($column['cssclass']) ? $column['cssclass'] : null;
$columns[$i] = $col;
}
}
return $columns;
}
}
global $_CB_framework, $_CB_database;
if (!file_exists(JPATH_SITE . '/libraries/CBLib/CBLib/Core/CBLib.php') || !file_exists(JPATH_ADMINISTRATOR . '/components/com_comprofiler/plugin.foundation.php')) {
echo 'CB not installed';
return;
}
include_once JPATH_ADMINISTRATOR . '/components/com_comprofiler/plugin.foundation.php';
cbimport('cb.html');
cbimport('language.front');
outputCbTemplate();
require_once dirname(__FILE__) . '/helper.php';
if ((int) $params->get('cb_plugins', 1)) {
global $_PLUGINS;
$_PLUGINS->loadPluginGroup('user');
}
$cbUser = CBuser::getMyInstance();
$user = $cbUser->getUserData();
$templateClass = 'cb_template cb_template_' . selectTemplate('dir');
$mode = (int) $params->get('mode', 1);
if ($params->get('pretext')) {
$preText = $cbUser->replaceUserVars($params->get('pretext'));
} else {
$preText = null;
}
if ($params->get('posttext')) {
$postText = $cbUser->replaceUserVars($params->get('posttext'));
} else {
$postText = null;
}
if ($mode < 6) {
$limit = (int) $params->get('limit', 30);
function _getTabFieldsDb($tabid, &$user, $reason, $fieldIdOrName = null, $prefetchFields = true, $fullAccess = false)
{
static $prefetched = array();
static $fieldsByName = null;
$preIdx = $fullAccess ? 'full' : $reason;
if (!$prefetchFields || !isset($prefetched[$preIdx])) {
global $_CB_framework, $_CB_database, $ueConfig;
$where = array();
$ordering = array();
if ($fieldIdOrName && !$prefetchFields) {
if (is_int($fieldIdOrName)) {
$where[] = 'f.fieldid = ' . (int) $fieldIdOrName;
} else {
$where[] = 'f.name = ' . $_CB_database->Quote($fieldIdOrName);
}
}
if ($reason == 'list' && in_array($ueConfig['name_format'], array(1, 2, 4))) {
$where[] = "( f.published = 1 OR f.name = 'name' )";
} elseif ($reason != 'adminfulllist') {
$where[] = 'f.published = 1';
}
if (!$fullAccess) {
switch ($reason) {
case 'profile':
$where[] = 'f.profile != 0';
break;
case 'list':
$where[] = "( f.profile != 0 OR f.name = 'username'" . (in_array($ueConfig['name_format'], array(1, 2, 4)) ? " OR f.name = 'name'" : '') . ')';
break;
case 'register':
$where[] = 'f.registration = 1';
break;
case 'adminfulllist':
default:
break;
}
if ($tabid && !$prefetchFields) {
$where[] = 'f.tabid = ' . (int) $tabid;
} else {
if ($reason != 'adminfulllist') {
$where[] = 't.enabled = 1';
}
if ($reason != 'register' && !($_CB_framework->getUi() == 2 && $_CB_framework->acl->amIaSuperAdmin())) {
$where[] = 't.viewaccesslevel IN (' . implode(',', CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false)) . ')';
$where[] = 't.useraccessgroupid IN (' . implode(',', $_CB_framework->acl->get_groups_below_me(null, true)) . ')';
}
}
if (($reason == 'profile' || $reason == 'list') && $ueConfig['allow_email_display'] == 0 && $reason != 'adminfulllist') {
$where[] = 'f.type != ' . $_CB_database->Quote('emailaddress');
}
}
if (!$tabid || $prefetchFields) {
if ($reason == 'register') {
$ordering[] = 't.ordering_register';
}
$ordering[] = 't.position';
$ordering[] = 't.ordering';
}
$ordering[] = 'f.ordering';
$sql = 'SELECT f.*';
if ($reason == 'register') {
$sql .= ', t.ordering_register AS tab_ordering_register, t.position AS tab_position, t.ordering AS tab_ordering';
}
$sql .= ' FROM #__comprofiler_fields f';
if (!$tabid || $prefetchFields) {
// don't get fields which are not assigned to tabs:
$sql .= "\n INNER JOIN #__comprofiler_tabs AS t ON (f.tabid = t.tabid)";
}
$sql .= ($where ? "\n WHERE " . implode(' AND ', $where) : '') . "\n ORDER BY " . implode(', ', $ordering);
$_CB_database->setQuery($sql);
if ($prefetchFields) {
$fieldsByName = $_CB_database->loadObjectList('name', 'moscomprofilerFields', array(&$_CB_database), true);
// true means strtolower array indexes of name
if (!$_CB_database->getErrorNum()) {
foreach (array_keys($fieldsByName) as $i) {
$fieldsByName[$i]->params = new cbParamsBase($fieldsByName[$i]->params);
$prefetched[$preIdx][(int) $fieldsByName[$i]->tabid][$fieldsByName[$i]->fieldid] = $fieldsByName[$i];
}
}
} else {
$fields = $_CB_database->loadObjectList(null, 'moscomprofilerFields', array(&$_CB_database));
if (!$_CB_database->getErrorNum()) {
for ($i = 0, $n = count($fields); $i < $n; $i++) {
$fields[$i]->params = new cbParamsBase($fields[$i]->params);
}
}
}
}
if (isset($prefetched[$preIdx])) {
if ($tabid) {
if (isset($prefetched[$preIdx][(int) $tabid])) {
$fields = $prefetched[$preIdx][(int) $tabid];
} else {
$fields = array();
}
} elseif ($fieldIdOrName) {
if (is_int($fieldIdOrName)) {
$fields = array();
foreach (array_keys($prefetched[$preIdx]) as $k) {
if (isset($prefetched[$preIdx][$k][$fieldIdOrName])) {
$fields[] = $prefetched[$preIdx][$k][$fieldIdOrName];
break;
}
}
} elseif (isset($fieldsByName[strtolower($fieldIdOrName)])) {
$fields = array($fieldsByName[strtolower($fieldIdOrName)]);
} else {
$fields = array();
}
} else {
$fields = array();
foreach ($prefetched[$preIdx] as $flds) {
// $fields = array_merge( $fields, $flds );
foreach ($flds as $fl) {
$fields[$fl->fieldid] = $fl;
}
}
}
}
// THIS is VERY experimental, and not yet part of CB API !!! :
global $_PLUGINS;
$_PLUGINS->loadPluginGroup('user');
$_PLUGINS->trigger('onAfterFieldsFetch', array(&$fields, &$user, $reason, $tabid, $fieldIdOrName, $fullAccess));
return $fields;
}
function saveTab($option)
{
global $_CB_database, $_CB_framework, $_POST;
$this->_importNeeded();
$this->_importNeededSave();
if (isset($_POST['params'])) {
$_POST['params'] = cbParamsEditorController::getRawParamsMagicgpcEscaped($_POST['params']);
} else {
$_POST['params'] = '';
}
if (!isset($_POST['tabid']) || count($_POST) == 0) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Missing post values')) . "'); window.history.go(-2); </script>\n";
exit;
}
$oldrow = new moscomprofilerTabs($_CB_database);
if (isset($_POST['tabid']) && $_POST['tabid']) {
$oldrow->load((int) $_POST['tabid']);
// Check if user is a super user:
if (!$_CB_framework->acl->amIaSuperAdmin()) {
// Check if user belongs to useraccessgroupid:
if (!in_array($oldrow->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
// Check if user belongs to viewaccesslevel:
if (!in_array($oldrow->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
}
}
$row = new moscomprofilerTabs($_CB_database);
if (!$row->bind($_POST)) {
echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
// Set defaults if nothing is found
// Also check if oldrow value to use its current value or default otherwise
// This prevents a tab from storing to database with null values when some inputs are set disabled:
if ($row->useraccessgroupid == '') {
$row->useraccessgroupid = $oldrow->useraccessgroupid != '' ? $oldrow->useraccessgroupid : -2;
}
if ($row->viewaccesslevel == '') {
$row->viewaccesslevel = $oldrow->viewaccesslevel != '' ? $oldrow->viewaccesslevel : 1;
}
if ($row->ordering == '') {
$row->ordering = $oldrow->ordering != '' ? $oldrow->ordering : 999;
}
if ($row->ordering_register == '') {
$row->ordering_register = $oldrow->ordering_register != '' ? $oldrow->ordering_register : 10;
}
if ($row->enabled == '') {
$row->enabled = $oldrow->enabled != '' ? $oldrow->enabled : 1;
}
$row->description = cleanEditorsTranslationJunk(trim($row->description));
if (!$row->check()) {
echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
exit;
}
$row->tabid = (int) cbGetParam($_POST, 'tabid', 0);
// Check if user is a super user:
if (!$_CB_framework->acl->amIaSuperAdmin()) {
$canEditState = CBuser::getMyInstance()->authoriseAction('core.edit.state');
// Check if user belongs to useraccessgroupid
if ($row->useraccessgroupid != '' && !in_array($row->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
// Check if user belongs to viewaccesslevel
if ($row->viewaccesslevel != '' && !in_array($row->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
// Check if user can edit status (and if not, that status are as expected):
if (!$canEditState) {
$failed = false;
// Check if row exists and if useraccessgroupid is different from existing row
// Check if row doesn't exist and if useraccessgroupid is different from default
if ($oldrow->tabid && ($row->useraccessgroupid != '' && $oldrow->useraccessgroupid != $row->useraccessgroupid) || !$oldrow->tabid && ($row->useraccessgroupid != '' && $row->useraccessgroupid != -2)) {
$failed = true;
}
// Check if row exists and if viewaccesslevel is different from existing row
// Check if row doesn't exist and if viewaccesslevel is different from default
// Check if user can edit status:
if ($oldrow->tabid && ($row->viewaccesslevel != '' && $oldrow->viewaccesslevel != $row->viewaccesslevel) || !$oldrow->tabid && ($row->viewaccesslevel != '' && $row->viewaccesslevel != 1)) {
$failed = true;
}
// Check if row exists and if ordering is different from existing row
// Check if row doesn't exist and if ordering is different from default
// Check if user can edit status:
if ($oldrow->tabid && ($row->ordering != '' && $oldrow->ordering != $row->ordering) || !$oldrow->tabid && ($row->ordering != '' && $row->ordering != 999)) {
$failed = true;
}
// Check if row exists and if ordering_register is different from existing row
// Check if row doesn't exist and if ordering_register is different from default
// Check if user can edit status:
if ($oldrow->tabid && ($row->ordering_register != '' && $oldrow->ordering_register != $row->ordering_register) || !$oldrow->tabid && ($row->ordering_register != '' && $row->ordering_register != 10)) {
$failed = true;
}
// Check if row exists and if publish is different from existing row
// Check if row doesn't exist and if publish is different from default
// Check if user can edit status:
if ($oldrow->tabid && ($row->enabled != '' && $oldrow->enabled != $row->enabled) || !$oldrow->tabid && ($row->enabled != '' && $row->enabled != 1)) {
$failed = true;
}
if ($failed) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
}
}
if (!$row->store()) {
echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
exit;
}
$row->checkin();
cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=showTab"), CBTxt::T('Successfully Saved Tab') . ": " . $row->title);
}
function reportUser($option, $form = 1, $uid = 0)
{
global $_CB_framework, $ueConfig, $_PLUGINS, $_POST;
if ($ueConfig['allowUserReports'] == 0) {
$msg = CBTxt::Th('UE_FUNCTIONALITY_DISABLED', 'This functionality is currently disabled.');
} elseif (!CBuser::getMyInstance()->authoriseView('profile', $uid)) {
$msg = CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!');
} else {
$msg = null;
}
$_PLUGINS->loadPluginGroup('user');
$_PLUGINS->trigger('onBeforeReportUserRequest', array($uid, &$msg, $form));
if ($msg) {
$_CB_framework->enqueueMessage($msg, 'error');
return;
}
$reportedByUser = CBuser::getUserDataInstance($_CB_framework->myId());
$reportedUser = CBuser::getUserDataInstance($uid);
if ($form == 1) {
$results = $_PLUGINS->trigger('onBeforeReportUserForm', array($uid, &$reportedByUser, &$reportedUser));
if ($_PLUGINS->is_errors()) {
$_CB_framework->enqueueMessage($_PLUGINS->getErrorMSG('<br />'), 'error');
return;
}
if (implode('', $results) != "") {
$return = '<div class="cb_template cb_template_' . selectTemplate('dir') . '">' . '<div>' . implode('</div><div>', $results) . '</div>' . '</div>';
echo $return;
return;
}
HTML_comprofiler::reportUserForm($option, $uid, $reportedByUser, $reportedUser);
} else {
cbSpoofCheck('reportuser');
$row = new UserReportTable();
$_PLUGINS->trigger('onStartSaveReportUser', array(&$row, &$reportedByUser, &$reportedUser));
if ($_PLUGINS->is_errors()) {
cbRedirect($_CB_framework->viewUrl('reportuser', false), $_PLUGINS->getErrorMSG(), 'error');
return;
}
if (!$row->bind($_POST)) {
cbRedirect($_CB_framework->viewUrl('reportuser', false), $row->getError(), 'error');
return;
}
$row->reportedondate = htmlspecialchars($row->reportedondate, ENT_QUOTES);
//TBD: remove this: not urgent but isn't right
$row->reportexplaination = htmlspecialchars($row->reportexplaination, ENT_QUOTES);
//TBD: remove this: not urgent but isn't right
$row->reportedondate = $_CB_framework->getUTCDate();
if (!$row->check()) {
cbRedirect($_CB_framework->viewUrl('reportuser', false), $row->getError(), 'error');
return;
}
$_PLUGINS->trigger('onBeforeSaveReportUser', array(&$row, &$reportedByUser, &$reportedUser));
if (!$row->store()) {
cbRedirect($_CB_framework->viewUrl('reportuser', false), $row->getError(), 'error');
return;
}
if ($ueConfig['moderatorEmail'] == 1) {
$cbNotification = new cbNotification();
$cbNotification->sendToModerators(CBTxt::T('UE_USERREPORT_SUB', 'User Report Pending Review'), CBTxt::T('UE_USERREPORT_MSG', 'A user has submitted a report regarding a user that requires your review. Please log in and take the appropriate action.'));
}
$_PLUGINS->trigger('onAfterSaveReportUser', array(&$row, &$reportedByUser, &$reportedUser));
$_CB_framework->enqueueMessage(CBTxt::Th('UE_USERREPORT_SUCCESSFUL', 'User report submitted successfully.'));
}
}
function saveUser($option)
{
global $_CB_framework, $_CB_database, $_POST, $_PLUGINS;
$this->_importNeeded();
$this->_importNeededSave();
// Check rights to access:
$myGids = CBuser::getMyInstance()->getUserData()->gids;
$userIdPosted = (int) cbGetParam($_POST, "id", 0);
if ($userIdPosted == 0) {
$_POST['id'] = null;
}
$this->_authorizedEdit($userIdPosted);
if ($userIdPosted != 0) {
$msg = checkCBpermissions(array($userIdPosted), 'save', true);
} else {
$msg = checkCBpermissions(null, 'save', true);
}
if ($msg) {
echo "<script type=\"text/javascript\"> alert('" . addslashes($msg) . "'); window.history.go(-1);</script>\n";
exit;
}
$_PLUGINS->loadPluginGroup('user');
// Get current user state:
if ($userIdPosted != 0) {
$userComplete = CBuser::getUserDataInstance((int) $userIdPosted);
if (!($userComplete && $userComplete->id)) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(_UE_USER_PROFILE_NOT) . "'); window.history.go(-1);</script>\n";
return;
}
} else {
$userComplete = new moscomprofilerUser($_CB_database);
}
// Store new user state:
$saveResult = $userComplete->saveSafely($_POST, $_CB_framework->getUi(), 'edit');
if (!$saveResult) {
$regErrorMSG = $userComplete->getError();
$msg = checkCBpermissions(array($userComplete->id), "edit", true);
if ($msg) {
echo "<script type=\"text/javascript\"> alert('" . addslashes($msg) . "'); window.history.go(-1);</script>\n";
exit;
}
echo "<script type=\"text/javascript\">alert('" . str_replace('\\\\n', '\\n', addslashes(strip_tags(str_replace('<br />', '\\n', $regErrorMSG)))) . "'); </script>\n";
global $_CB_Backend_task;
$_CB_Backend_task = 'edit';
// so the toolbar comes up...
$_PLUGINS->loadPluginGroup('user');
// resets plugin errors
$usersView = _CBloadView('user');
$usersView->edituser($userComplete, $option, $userComplete->user_id != null ? '0' : '1', $_POST);
// echo "<script type=\"text/javascript\">alert('" . addslashes( str_replace( '<br />', '\n', $userComplete->getError() ) ) . "'); window.history.go(-1);</script>\n";
return;
}
// Checks-in the row:
$userComplete->checkin();
cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=showusers"), sprintf(CBTxt::T('Successfully Saved User: %s'), $userComplete->username));
}
/**
* Checks if operation is allowed, and exits to previous page if not, as it should not be possible at all.
*
* @since 1.8
*
* @param string $action Action to perform: core.admin, core.manage, core.create, core.delete, core.edit, core.edit.state, core.edit.own, ...
* @param array|int $cid Plugin-id
* @param string $assetname OPTIONAL: asset name e.g. com_comprofiler.plugin.$pluginId
* @return void
*/
function checkCanAdminPlugins($actions, $cid = null, $assetname = 'com_comprofiler')
{
$allowed = false;
foreach ((array) $actions as $action) {
$allowed = CBuser::getMyInstance()->authoriseAction($action, $assetname);
if ($allowed) {
break;
}
}
if (!$allowed) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T("Operation not allowed by the Permissions of your group(s).")) . "'); window.history.go(-1); </script>\n";
exit;
}
}
/**
* Generates the HTML to display the user profile tab
* @param moscomprofilerTab $tab the tab database entry
* @param moscomprofilerUser $user the user being displayed
* @param int $ui 1 for front-end, 2 for back-end
* @return mixed either string HTML for tab content, or false if ErrorMSG generated
*/
function getDisplayTab($tab, $user, $ui)
{
global $_CB_framework, $ueConfig, $_POST, $_CB_OneTwoRowsStyleToggle;
if (!$_CB_framework->myId()) {
return null;
}
$return = "";
$params = $this->params;
$pmsType = $params->get('pmsType', '1');
$showTitle = $params->get('showTitle', "1");
$showSubject = $params->get('showSubject', "1");
$width = $params->get('width', "30");
$height = $params->get('height', "5");
$capabilities = $this->getPMScapabilites();
if (!$this->_checkPMSinstalled($pmsType) || $capabilities === false) {
return false;
}
if ($_CB_framework->myId() == $user->id) {
return null;
}
$newsub = null;
$newmsg = null;
// send PMS from this tab form input:
if (cbGetParam($_POST, $this->_getPagingParamName("sndnewmsg")) == _UE_PM_SENDMESSAGE) {
$sender = $this->_getReqParam("sender", null);
$recip = $this->_getReqParam("recip", null);
if ($sender && $recip && $sender == $_CB_framework->myId() && $recip == $user->id && CBuser::getMyInstance()->authoriseView('profile', $user->id)) {
cbSpoofCheck('pms');
$newsub = htmlspecialchars($this->_getReqParam("newsub", null));
//urldecode done in _getReqParam
if ($pmsType == '3' || $pmsType == '4') {
$newmsg = $this->_getReqParam("newmsg", null);
} else {
$newmsg = htmlspecialchars($this->_getReqParam("newmsg", null));
//don't allow html input on user profile!
}
if (($newsub || $newmsg) && isset($_POST[$this->_getPagingParamName("protect")])) {
$parts = explode('_', $this->_getReqParam('protect', ''));
if (count($parts) == 3 && $parts[0] == 'cbpms1' && strlen($parts[2]) == 32 && $parts[1] == md5($parts[2] . $user->id . $user->lastvisitDate)) {
if (!$newsub && $capabilities["subject"]) {
$newsub = _UE_PM_PROFILEMSG;
}
if ($this->sendUserPMS($recip, $sender, $newsub, $newmsg, $systemGenerated = false, $escaped = true)) {
$return .= "\n<script type='text/javascript'>alert('" . _UE_PM_SENTSUCCESS . "')</script>";
$newsub = null;
$newmsg = null;
} else {
$return .= "\n<script type='text/javascript'>alert('" . $this->getErrorMSG() . "')</script>";
}
} else {
$return .= "\n<script type='text/javascript'>alert('" . _UE_SESSIONTIMEOUT . " " . _UE_PM_NOTSENT . " " . _UE_TRYAGAIN . "')</script>";
}
} else {
$return .= "\n<script type='text/javascript'>alert('" . _UE_PM_EMPTYMESSAGE . " " . _UE_PM_NOTSENT . "')</script>";
}
}
}
// display Quick Message tab:
$return .= "\n\t<div class=\"sectiontableentry" . $_CB_OneTwoRowsStyleToggle . "\" style=\"padding-bottom:5px;\">\n";
$_CB_OneTwoRowsStyleToggle = $_CB_OneTwoRowsStyleToggle == 1 ? 2 : 1;
if ($showTitle) {
$return .= "\t\t<div class=\"titleCell\" style=\"align: left; text-align:left; margin-left: 0px;\">" . cbUnHtmlspecialchars(getLangDefinition($tab->title)) . ($showSubject && $capabilities["subject"] ? "" : ":") . "</div>\n";
}
$return .= $this->_writeTabDescription($tab, $user);
$base_url = $this->_getAbsURLwithParam(array());
$return .= '<form method="post" action="' . $base_url . '">';
$return .= '<table cellspacing="0" cellpadding="5" class="contentpane" style="border:0px;align:left;width:90%;">';
if ($showSubject && $capabilities["subject"]) {
$return .= '<tr><td><b>' . _UE_EMAILFORMSUBJECT . '</b></td>';
$return .= '<td><input type="text" class="inputbox" name="' . $this->_getPagingParamName("newsub") . '" size="' . ($width - 8) . '" value="' . stripslashes($newsub) . '" /></td></tr>';
$return .= '<tr class="sectiontableentry1"><td colspan="2"><b>' . _UE_EMAILFORMMESSAGE . '</b></td></tr>';
}
$return .= '<tr><td colspan="2"><textarea name="' . $this->_getPagingParamName("newmsg") . '" class="inputbox" rows="' . $height . '" cols="' . $width . '">' . stripslashes($newmsg) . '</textarea></td></tr>';
$return .= '<tr><td colspan="2"><input type="submit" class="button" name="' . $this->_getPagingParamName("sndnewmsg") . '" value="' . _UE_PM_SENDMESSAGE . '" /></td></tr>';
$return .= '</table>';
$return .= "<input type=\"hidden\" name=\"" . $this->_getPagingParamName("sender") . "\" value=\"" . $_CB_framework->myId() . "\" />";
$return .= "<input type=\"hidden\" name=\"" . $this->_getPagingParamName("recip") . "\" value=\"{$user->id}\" />";
$salt = cbMakeRandomString(32);
$return .= "<input type=\"hidden\" name=\"" . $this->_getPagingParamName("protect") . "\" value=\"" . 'cbpms1_' . md5($salt . $user->id . $user->lastvisitDate) . '_' . $salt . "\" />";
$return .= cbGetSpoofInputTag('pms');
$return .= '</form>';
$return .= "</div>";
return $return;
}
function reportUser($option, $form = 1, $uid = 0)
{
global $_CB_framework, $_CB_database, $ueConfig, $_POST;
if ($ueConfig['allowUserReports'] == 0) {
echo _UE_FUNCTIONALITY_DISABLED;
exit;
}
if (!CBuser::getMyInstance()->authoriseView('profile', $uid)) {
echo _UE_NOT_AUTHORIZED;
return;
}
if ($form == 1) {
HTML_comprofiler::reportUserForm($option, $uid);
} else {
// simple spoof check security
cbSpoofCheck('reportUserForm');
$row = new moscomprofilerUserReport($_CB_database);
$Itemid = $_CB_framework->itemid();
if (!$row->bind($_POST)) {
cbRedirect(cbSef("index.php?option={$option}&task=reportUser" . ($Itemid ? "&Itemid=" . (int) $Itemid : ""), false), $row->getError(), 'error');
return;
}
_cbMakeHtmlSafe($row);
//TBD: remove this: not urgent but isn't right
$row->reportedondate = date("Y-m-d H:i:s");
if (!$row->check()) {
cbRedirect(cbSef("index.php?option={$option}&task=reportUser" . ($Itemid ? "&Itemid=" . (int) $Itemid : ""), false), $row->getError(), 'error');
return;
}
if (!$row->store()) {
cbRedirect(cbSef("index.php?option={$option}&task=reportUser" . ($Itemid ? "&Itemid=" . (int) $Itemid : ""), false), $row->getError(), 'error');
return;
}
if ($ueConfig['moderatorEmail'] == 1) {
$cbNotification = new cbNotification();
$cbNotification->sendToModerators(_UE_USERREPORT_SUB, _UE_USERREPORT_MSG);
}
echo _UE_USERREPORT_SUCCESSFUL;
}
}
/**
* prepare GroupJive Itemid if not found return CB Itemid
*
* @param boolean $htmlspecialchars
* @param string $task
* @return string
*/
static public function getItemid( $htmlspecialchars = false, $task = null ) {
global $_CB_framework, $_CB_database;
static $Itemid = array();
if ( ! isset( $Itemid[$task] ) ) {
$plugin = cbgjClass::getPlugin();
$generalItemid = $plugin->params->get( 'general_itemid', null );
$url = 'index.php?option=com_comprofiler&task=pluginclass&plugin=cbgroupjive';
if ( $task ) {
$url .= $task;
}
$url .= '%';
if ( ( ! $generalItemid ) || $task ) {
$query = 'SELECT ' . $_CB_database->NameQuote( 'id' )
. "\n FROM " . $_CB_database->NameQuote( '#__menu' )
. "\n WHERE " . $_CB_database->NameQuote( 'link' ) . " LIKE " . $_CB_database->Quote( $url )
. "\n AND " . $_CB_database->NameQuote( 'published' ) . " = 1"
. "\n AND " . $_CB_database->NameQuote( 'access' ) . " IN ( " . implode( ',', cbToArrayOfInt( CBuser::getMyInstance()->getAuthorisedViewLevelsIds( ( checkJversion() >= 2 ? false : true ) ) ) ) . " )"
. ( checkJversion() >= 2 ? "\n AND " . $_CB_database->NameQuote( 'language' ) . " IN ( " . $_CB_database->Quote( $_CB_framework->getCfg( 'lang_tag' ) ) . ", '*', '' )" : null );
$_CB_database->setQuery( $query );
$Itemid[$task] = $_CB_database->loadResult();
if ( ( ! $Itemid[$task] ) && $task ) {
$Itemid[$task] = cbgjClass::getItemid( 0 );
} elseif ( ! $Itemid[$task] ) {
$Itemid[$task] = getCBprofileItemid( null );
}
} else {
$Itemid[$task] = $generalItemid;
}
}
if ( is_bool( $htmlspecialchars ) ) {
return ( $htmlspecialchars ? '&' : '&' ) . 'Itemid=' . $Itemid[$task];
} else {
return $Itemid[$task];
}
}
function viewPlugins($option)
{
global $_CB_database, $_CB_framework;
$limit = (int) $_CB_framework->getCfg('list_limit');
if ($limit == 0) {
$limit = 10;
}
$limit = $_CB_framework->getUserStateFromRequest("viewlistlimit", 'limit', $limit);
$lastCBlist = $_CB_framework->getUserState("view{$option}lastCBlist", null);
if ($lastCBlist == 'showplugins') {
$limitstart = $_CB_framework->getUserStateFromRequest("view{$option}limitstart", 'limitstart', 0);
$lastSearch = $_CB_framework->getUserState("search{$option}", null);
$search = $_CB_framework->getUserStateFromRequest("search{$option}", 'search', '');
if ($lastSearch != $search) {
$limitstart = 0;
$_CB_framework->setUserState("view{$option}limitstart", $limitstart);
}
$search = trim(strtolower($search));
$filter_type = $_CB_framework->getUserStateFromRequest("filter_type{$option}", 'filter_type', "0");
} else {
clearSearchBox();
$search = "";
$limitstart = 0;
$_CB_framework->setUserState("view{$option}limitstart", $limitstart);
$_CB_framework->setUserState("view{$option}lastCBlist", "showplugins");
$filter_type = "0";
$_CB_framework->setUserState("filter_type{$option}", $filter_type);
}
$where = array();
// used by filter
if ($filter_type) {
$where[] = "m.type = '{$filter_type}'";
}
if ($search) {
$search = cbEscapeSQLsearch(trim(strtolower(cbGetEscaped($search))));
$where[] = "LOWER( m.name ) LIKE '%{$search}%'";
}
if (!$_CB_framework->acl->amIaSuperAdmin()) {
$viewAccessLevels = CBuser::getMyInstance()->getAuthorisedViewLevelsIds(true);
$viewAccessLevelsCleaned = implode(',', cbArrayToInts($viewAccessLevels));
$where[] = 'm.access IN (' . $viewAccessLevelsCleaned . ')';
}
// get the total number of records
$query = "SELECT COUNT(*) FROM #__comprofiler_plugin AS m " . (count($where) ? "\n WHERE " . implode(' AND ', $where) : '');
$_CB_database->setQuery($query);
$total = $_CB_database->loadResult();
if ($total <= $limitstart) {
$limitstart = 0;
}
cbimport('cb.pagination');
$pageNav = new cbPageNav($total, $limitstart, $limit);
if (checkJversion() == 2) {
$title = 'title';
} else {
$title = 'name';
}
$query = "SELECT m.*, u.name AS editor, g.{$title} AS groupname" . "\n FROM #__comprofiler_plugin AS m" . "\n LEFT JOIN #__users AS u ON u.id = m.checked_out";
if (checkJversion() == 2) {
$query .= "\n LEFT JOIN #__viewlevels AS g ON g.id = m.access + IF(m.access <= 2, 1, 0)";
// fix J1.6's wrong access levels, same as g.id = IF( m.access = 0, 1, IF( m.access = 1, 2, IF( m.access = 2, 3, m.access ) ) )
} else {
$query .= "\n LEFT JOIN #__groups AS g ON g.id = m.access";
}
$query .= (count($where) ? "\n WHERE " . implode(' AND ', $where) : '') . "\n GROUP BY m.id" . "\n ORDER BY m.type ASC, m.ordering ASC, m.name ASC";
$_CB_database->setQuery($query, (int) $pageNav->limitstart, (int) $pageNav->limit);
$rows = $_CB_database->loadObjectList();
if ($_CB_database->getErrorNum()) {
echo $_CB_database->stderr();
return false;
}
// get list of Positions for dropdown filter
$query = "SELECT type AS value, type AS text" . "\n FROM #__comprofiler_plugin" . "\n GROUP BY type" . "\n ORDER BY type";
$types[] = moscomprofilerHTML::makeOption('0', !defined('_SEL_TYPE') ? '- ' . CBTxt::T('Select Type') . ' -' : _SEL_TYPE);
// Mambo 4.5.1 Compatibility
$_CB_database->setQuery($query);
$types = array_merge($types, $_CB_database->loadObjectList());
$lists['type'] = moscomprofilerHTML::selectList($types, 'filter_type', 'class="inputbox" size="1" onchange="document.adminForm.submit( );"', 'value', 'text', $filter_type, 2);
$canAdmin = CBuser::getMyInstance()->authoriseAction('core.admin');
$canEdit = CBuser::getMyInstance()->authoriseAction('core.edit');
$canEditState = CBuser::getMyInstance()->authoriseAction('core.edit.state');
HTML_comprofiler::showPlugins($rows, $pageNav, $option, $lists, $search, $canAdmin, $canEdit, $canEditState);
return true;
}
function editPluginSettingsParams(&$row, $option, $task, $uid, &$element, &$params, &$options)
{
global $_CB_database, $_CB_framework;
$canEditState = CBuser::getMyInstance()->authoriseAction('core.edit.state');
$lists = array();
// get list of groups
if ($row->access == 99 || $row->client_id == 1) {
$lists['access'] = CBTxt::T('Administrator') . '<input type="hidden" name="access" value="99" />';
} else {
// build the html drop-down select list for the group access (filtered by View Access Levels visible by the admin if not super user:
$accessTree = $_CB_framework->acl->get_access_children_tree(true, true, !$_CB_framework->acl->amIaSuperAdmin());
$lists['access'] = moscomprofilerHTML::selectList($accessTree, 'access', 'class="inputbox"' . ($canEditState ? '' : ' disabled="disabled"'), 'value', 'text', intval($row->access), 2);
}
if ($uid) {
$row->checkout($_CB_framework->myId());
if ($row->ordering > -10000 && $row->ordering < 10000) {
// build the html select list for ordering
$query = "SELECT ordering AS value, name AS text" . "\n FROM #__comprofiler_plugin" . "\n WHERE type='" . $_CB_database->getEscaped($row->type) . "'" . "\n AND published > 0" . "\n AND ordering > -10000" . "\n AND ordering < 10000" . "\n ORDER BY ordering";
$order = $this->_cbGetOrderingList($query);
$lists['ordering'] = moscomprofilerHTML::selectList($order, 'ordering', 'class="inputbox" size="1"' . ($canEditState ? '' : ' disabled="disabled"'), 'value', 'text', intval($row->ordering), 2);
} else {
$lists['ordering'] = '<input type="hidden" name="ordering" value="' . $row->ordering . '" />' . CBTxt::T('This plugin cannot be reordered');
}
$lists['type'] = '<input type="hidden" name="type" value="' . $row->type . '" />' . $row->type;
if ($element && $element->name() == 'cbinstall' && $element->attributes('type') == 'plugin') {
$description =& $element->getElementByPath('description');
$row->description = $description ? trim($description->data()) : '';
}
} else {
$row->folder = '';
$row->ordering = 999;
$row->published = 1;
$row->description = '';
$folders = cbReadDirectory($_CB_framework->getCfg('absolute_path') . '/components/com_comprofiler/plugin/');
$folders2 = array();
foreach ($folders as $folder) {
if (is_dir($_CB_framework->getCfg('absolute_path') . '/components/com_comprofiler/plugin/' . $folder) && $folder != 'CVS') {
$folders2[] = moscomprofilerHTML::makeOption($folder);
}
}
$lists['type'] = moscomprofilerHTML::selectList($folders2, 'type', 'class="inputbox" size="1"', 'value', 'text', null, 2);
$lists['ordering'] = '<input type="hidden" name="ordering" value="' . $row->ordering . '" />' . CBTxt::T('New items default to the last place. Ordering can be changed after this item is saved.');
}
$Yesoptions = array();
$Yesoptions[] = moscomprofilerHTML::makeOption('1', _UE_YES);
if ($row->type == 'language' || $row->id == 1) {
$row->published = 1;
} else {
$Yesoptions[] = moscomprofilerHTML::makeOption('0', _UE_NO);
}
$lists['published'] = moscomprofilerHTML::radioList($Yesoptions, 'published', 'class="inputbox"' . ($canEditState ? '' : ' disabled="disabled"'), 'value', 'text', $row->published, 2);
$pluginView = _CBloadView('plugin');
$pluginView->editPlugin($row, $lists, $params, $options);
}
function saveField($option, $task)
{
global $_CB_database, $_CB_framework, $_POST, $_PLUGINS;
if ($task == 'showField' || !(isset($_POST['oldtabid']) && isset($_POST['fieldid']))) {
cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task={$task}"));
return;
}
$this->_importNeeded();
$this->_importNeededSave();
$fieldOldTab = new moscomprofilerTabs($_CB_database);
if (isset($_POST['oldtabid']) && $_POST['oldtabid']) {
$fieldOldTab->load((int) $_POST['oldtabid']);
// Check if user is a super user:
if (!$_CB_framework->acl->amIaSuperAdmin()) {
// Check if user belongs to useraccessgroupid:
if (!in_array($fieldOldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
// Check if user belongs to viewaccesslevel:
if (!in_array($fieldOldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
}
}
$fid = (int) $_POST['fieldid'];
$row = new moscomprofilerFields($_CB_database);
if ($fid) {
// load the row from the db table
if (!$row->load((int) $fid)) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Innexistant field')) . "'); window.history.go(-1);</script>\n";
exit;
}
$fieldTab = new moscomprofilerTabs($_CB_database);
// load the row from the db table
$fieldTab->load((int) $row->tabid);
// Check if user is a super user:
if (!$_CB_framework->acl->amIaSuperAdmin()) {
// Check if user belongs to useraccessgroupid:
if (!in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
// Check if user belongs to viewaccesslevel:
if (!in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
}
}
$oldrow = new moscomprofilerFields($_CB_database);
foreach (array_keys(get_object_vars($row)) as $k) {
if (substr($k, 0, 1) != '_') {
$oldrow->{$k} = $row->{$k};
}
}
$_PLUGINS->loadPluginGroup('user');
if (!$this->_prov_bind_CB_field($row, $fid)) {
echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
// Set defaults if nothing is found
// Also check if oldrow value to use its current value or default otherwise
// This prevents a tab from storing to database with null values when some inputs are set disabled:
if ($row->tabid == '') {
$row->tabid = $oldrow->tabid != '' ? $oldrow->tabid : 11;
}
if ($row->profile == '') {
$row->profile = $oldrow->profile != '' ? $oldrow->profile : 1;
}
if ($row->registration == '') {
$row->registration = $oldrow->registration != '' ? $oldrow->registration : 1;
}
if ($row->published == '') {
$row->published = $oldrow->published != '' ? $oldrow->published : 1;
}
if ($row->required == '') {
$row->required = $oldrow->required != '' ? $oldrow->required : 0;
}
if ($row->readonly == '') {
$row->readonly = $oldrow->readonly != '' ? $oldrow->readonly : 0;
}
if ($row->tablecolumns != '' && !in_array($row->type, array('password', 'userparams'))) {
$searchable_default = 1;
} else {
$searchable_default = 0;
}
if ($row->searchable == '') {
$row->searchable = $oldrow->searchable != '' ? $oldrow->searchable : $searchable_default;
}
// If the input is disabled we need to apply the default if the tabid isn't in POST:
if (!isset($_POST['tabid'])) {
$_POST['tabid'] = $row->tabid;
}
// Moved above check here just encase it ends up being empty:
if ($task == 'showField' || !isset($_POST['tabid'])) {
cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task={$task}"));
return;
}
// in case the above changed perms.... really ?
$fieldTab = new moscomprofilerTabs($_CB_database);
$fieldTab->load((int) $row->tabid);
// Check if user is a super user:
if (!$_CB_framework->acl->amIaSuperAdmin()) {
// Check if user belongs to useraccessgroupid:
if (!in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
// Check if user belongs to viewaccesslevel:
if (!in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
}
if ($row->type == 'webaddress') {
$row->rows = $_POST['webaddresstypes'];
if (!($row->rows == 0 || $row->rows == 2)) {
$row->rows = 0;
}
}
if ($_POST['oldtabid'] != $_POST['tabid']) {
if ($_POST['oldtabid'] !== '') {
//Re-order old tab
$sql = "UPDATE #__comprofiler_fields SET ordering = ordering-1 WHERE ordering > " . (int) $_POST['ordering'] . " AND tabid = " . (int) $_POST['oldtabid'];
$_CB_database->setQuery($sql);
$_CB_database->query();
}
//Select Last Order in New Tab
$sql = "SELECT MAX(ordering) FROM #__comprofiler_fields WHERE tabid=" . (int) $_POST['tabid'];
$_CB_database->SetQuery($sql);
$max = $_CB_database->LoadResult();
$row->ordering = max($max + 1, 1);
}
if (cbStartOfStringMatch($row->name, 'cb_')) {
$row->name = str_replace(" ", "", strtolower($row->name));
}
if (!$row->check()) {
echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
exit;
}
// Check if user is a super user:
if (!$_CB_framework->acl->amIaSuperAdmin()) {
$canEditState = CBuser::getMyInstance()->authoriseAction('core.edit.state');
// Check if user belongs to useraccessgroupid
if ($fieldTab->useraccessgroupid != '' && !in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
// Check if user belongs to viewaccesslevel
if ($fieldTab->viewaccesslevel != '' && !in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
// Check if user can edit status (and if not, that status are as expected):
if (!$canEditState) {
$failed = false;
// Check if row exists and if tabid is different from existing row
// Check if row doesn't exist and if tabid is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->tabid != '' && $oldrow->tabid != $row->tabid) || !$oldrow->fieldid && ($row->tabid != '' && $row->tabid != 11)) {
$failed = true;
}
// Check if row exists and if profile is different from existing row
// Check if row doesn't exist and if profile is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->profile != '' && $oldrow->profile != $row->profile) || !$oldrow->fieldid && ($row->profile != '' && $row->profile != 1)) {
$failed = true;
}
// Check if row exists and if registration is different from existing row
// Check if row doesn't exist and if registration is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->registration != '' && $oldrow->registration != $row->registration) || !$oldrow->fieldid && ($row->registration != '' && $row->registration != 1)) {
$failed = true;
}
// Check if row exists and if published is different from existing row
// Check if row doesn't exist and if published is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->published != '' && $oldrow->published != $row->published) || !$oldrow->fieldid && ($row->published != '' && $row->published != 1)) {
$failed = true;
}
// Check if row exists and if required is different from existing row
// Check if row doesn't exist and if required is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->required != '' && $oldrow->required != $row->required) || !$oldrow->fieldid && ($row->required != '' && $row->required != 0)) {
$failed = true;
}
// Check if row exists and if readonly is different from existing row
// Check if row doesn't exist and if readonly is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->readonly != '' && $oldrow->readonly != $row->readonly) || !$oldrow->fieldid && ($row->readonly != '' && $row->readonly != 0)) {
$failed = true;
}
// Check if row exists and if searchable is different from existing row
// Check if row doesn't exist and if searchable is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->searchable != '' && $oldrow->searchable != $row->searchable) || !$oldrow->fieldid && ($row->searchable != '' && $row->searchable != $searchable_default)) {
$failed = true;
}
if ($failed) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
}
}
if (!$row->store((int) $fid)) {
echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
exit;
}
$fieldNames = $_POST['vNames'];
$j = 1;
if ($row->fieldid > 0) {
$_CB_database->setQuery("DELETE FROM #__comprofiler_field_values" . " WHERE fieldid = " . (int) $row->fieldid);
if ($_CB_database->query() === false) {
echo $_CB_database->getErrorMsg();
}
} else {
$_CB_database->setQuery("SELECT MAX(fieldid) FROM #__comprofiler_fields");
$maxID = $_CB_database->loadResult();
$row->fieldid = $maxID;
echo $_CB_database->getErrorMsg();
}
//for($i=0, $n=count( $fieldNames ); $i < $n; $i++) {
foreach ($fieldNames as $fieldName) {
if (trim($fieldName) != null || trim($fieldName) != '') {
$_CB_database->setQuery("INSERT INTO #__comprofiler_field_values (fieldid,fieldtitle,ordering)" . " VALUES( " . (int) $row->fieldid . ",'" . cbGetEscaped(trim($fieldName)) . "', " . (int) $j . ")");
if ($_CB_database->query() === false) {
echo $_CB_database->getErrorMsg();
}
$j++;
}
}
switch ($task) {
case 'applyField':
$msg = CBTxt::T('Successfully Saved changes to Field') . ': ' . $row->name;
cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=editField&cid={$row->fieldid}"), $msg);
break;
case 'saveField':
default:
$msg = CBTxt::T('Successfully Saved Field') . ': ' . $row->name;
cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=showField"), $msg);
break;
}
}
static function _DEFAULT_PLUGIN()
{
CBtoolmenuBar::startTable();
if (CBuser::getMyInstance()->authoriseAction('core.edit.state')) {
CBtoolmenuBar::publishList('publishPlugin');
CBtoolmenuBar::spacer();
CBtoolmenuBar::unpublishList('unpublishPlugin');
// CBtoolmenuBar::spacer();
// CBtoolmenuBar:: "addInstall" link ('newPlugin');
/*
CBtoolmenuBar::spacer();
if (is_callable(array("CBtoolmenuBar","addNewX"))) { // Mambo 4.5.0 support:
CBtoolmenuBar::addNewX('newPlugin');
} else {
CBtoolmenuBar::addNew('newPlugin');
}
*/
CBtoolmenuBar::spacer();
}
if (CBuser::getMyInstance()->authoriseAction('core.edit')) {
CBtoolmenuBar::editList('editPlugin');
CBtoolmenuBar::spacer();
}
if (CBuser::getMyInstance()->authoriseAction('core.admin')) {
CBtoolmenuBar::deleteList('', 'deletePlugin');
CBtoolmenuBar::spacer();
}
CBtoolmenuBar::endTable();
}
/**
* Loads all the bot files for a particular group (if group not already loaded)
* @param string $group The group name, relates to the sub-directory in the plugins directory
* @param mixed $ids array of int : ids of plugins to load. OR: string : name of element (OR new in CB 1.2.2: string if ends with a ".": elements starting with "string.")
* @param int $publishedStatus if 1 (DEFAULT): load only published plugins, if 0: load all plugins including unpublished ones
* @return boolean TRUE: load done, FALSE: no plugin loaded
*/
function loadPluginGroup($group, $ids = null, $publishedStatus = 1)
{
global $_CB_framework, $_CB_database;
static $dbCache = null;
$this->_iserror = false;
$group = trim($group);
if ($group && !isset($this->_pluginGroups[$group]) || !$this->all_in_array_key($ids, $this->_plugins)) {
$cmsAccess = CBuser::getMyInstance()->getAuthorisedViewLevelsIds(true);
$cmsAccessCleaned = implode(',', cbArrayToInts($cmsAccess));
if (!isset($dbCache[$publishedStatus][$cmsAccessCleaned][$group])) {
$where = array();
if ($publishedStatus == 1) {
$where[] = 'published = 1';
} else {
$where[] = 'published >= ' . (int) $publishedStatus;
}
$where[] = 'access IN (' . $cmsAccessCleaned . ')';
if ($group) {
$where[] = 'type = ' . $_CB_database->Quote(trim($group));
}
/*
if ( ( $ids !== null ) && ( count( $ids ) > 0 ) ) {
cbArrayToInts( $ids );
if ( count( $ids ) == 1 ) {
$where[] = 'id = ' . implode( '', $ids );
} else {
$where[] = 'id IN (' . implode( ',', $ids ) . ')';
}
}
*/
$_CB_database->setQuery("SELECT id, folder, element, published, type, params, CONCAT_WS('/',folder,element) AS lookup, name" . "\n FROM #__comprofiler_plugin" . "\n WHERE " . implode(' AND ', $where) . "\n ORDER BY ordering");
$dbCache[$publishedStatus][$cmsAccessCleaned][$group] = $_CB_database->loadObjectList();
if ($_CB_database->getErrorNum()) {
$dbCache[$publishedStatus][$cmsAccessCleaned][$group] = null;
return false;
}
}
if (count($ids) == 0) {
$ids = null;
}
foreach ($dbCache[$publishedStatus][$cmsAccessCleaned][$group] as $plugin) {
if ($ids === null || (is_array($ids) ? in_array($plugin->id, $ids) : (substr($ids, strlen($ids) - 1, 1) == '.' ? substr($plugin->element, 0, strlen($ids)) == $ids : $plugin->element == $ids))) {
if (!isset($this->_plugins[$plugin->id]) && $this->_loadPluginFile($plugin)) {
$this->_plugins[$plugin->id] = $plugin;
if (!isset($this->_pluginGroups[$plugin->type][$plugin->id])) {
$this->_pluginGroups[$plugin->type][$plugin->id] =& $this->_plugins[$plugin->id];
}
}
}
}
}
return true;
}
if ($avatarDisplayed && !$horizontal) {
echo $preDiv . '" id="mod_login_greeting' . $id_sfx . '">';
echo '<br />';
echo $cbUser->replaceUserVars(sprintf(_UE_HI_NAME, '<br />' . $name));
echo $postDiv;
} else {
echo '<span id="mod_login_greeting' . $id_sfx . '">' . $cbUser->replaceUserVars(sprintf(_UE_HI_NAME, $name)) . '</span>';
}
}
$pms = 0;
if ($show_pms != 0) {
$pms = $pms_type;
// RC2 quick fix
if ($pms != 0) {
if (class_exists('moscomprofilerUser', false)) {
$viewLevels = CBuser::getMyInstance()->getAuthorisedViewLevelsIds(checkJversion() >= 2 ? false : true);
} else {
// Compute View Level using CMS without loading cb.table and cb.database if they are not already loaded (e.g. when using this function in modules):
if (checkJversion() >= 2) {
$viewLevels = JUser::getInstance()->getAuthorisedViewLevels();
} else {
$viewLevels = range(0, $_CB_framework->myCmsGid());
}
}
$cleanedANDpubAccess = ' AND published = 1 AND access IN (' . implode(',', cbArrayToInts($viewLevels)) . ')';
if (checkJversion() >= 2) {
$cleanedANDpubAccess .= ' AND ' . $_CB_database->NameQuote('language') . ' IN ( ' . $_CB_database->Quote($_CB_framework->getCfg('lang_tag')) . ', ' . $_CB_database->Quote('*') . ', ' . $_CB_database->Quote('') . ' )';
}
switch ($pms) {
case 1:
$pmsnameprefix = "";
function get_user_permission_task($user_id, $action)
{
global $_CB_framework, $ueConfig;
if ($user_id == 0) {
$user_id = $_CB_framework->myId();
} else {
$user_id = (int) $user_id;
}
if ($user_id == 0) {
$ret = false;
} elseif ($user_id == $_CB_framework->myId()) {
$ret = null;
} else {
if (!isset($ueConfig[$action]) || $ueConfig[$action] == 0) {
$ret = _UE_FUNCTIONALITY_DISABLED;
} elseif ($ueConfig[$action] == 1) {
$isModerator = $this->get_user_moderator($_CB_framework->myId());
if (!$isModerator) {
$ret = false;
} else {
$isModerator_user = $this->get_user_moderator($user_id);
if ($isModerator_user) {
$ret = $this->get_users_permission(array($user_id), 'edit', true);
} else {
$ret = null;
}
}
} elseif ($ueConfig[$action] > 1) {
// 8: super admins only
// 7: admins and super admins only
if ($_CB_framework->acl->amIaSuperAdmin()) {
$ret = null;
} elseif ($ueConfig[$action] != 7) {
$ret = false;
} else {
// Admins and Super-admins:
if (checkJversion() >= 2) {
$myCBuser = CBuser::getMyInstance();
if ($myCBuser->authoriseAction('core.manage', 'com_users') && $myCBuser->authoriseAction('core.edit', 'com_users')) {
$ret = null;
} else {
$ret = false;
}
} else {
if (in_array($ueConfig[$action], $this->get_groups_below_me($_CB_framework->myId(), true))) {
$ret = null;
} else {
$ret = false;
}
}
}
} else {
$ret = false;
}
}
if ($ret === false) {
$ret = _UE_NOT_AUTHORIZED;
if ($_CB_framework->myId() < 1) {
$ret .= '<br />' . _UE_DO_LOGIN;
}
}
return $ret;
}
function showUsers($option, $task, $cid)
{
global $_CB_database, $_CB_framework, $_POST, $_PLUGINS, $_CB_TxtIntStore;
$this->_importNeeded();
$limit = (int) $_CB_framework->getCfg('list_limit');
if ($limit == 0) {
$limit = 10;
}
$filter_type = $_CB_framework->getUserStateFromRequest("filter_type{$option}", 'filter_type', 0);
$filter_status = $_CB_framework->getUserStateFromRequest("filter_status{$option}", 'filter_status', 0);
$filter_logged = intval($_CB_framework->getUserStateFromRequest("filter_logged{$option}", 'filter_logged', 0));
$lastCBlist = $_CB_framework->getUserState("view{$option}lastCBlist", null);
if ($lastCBlist == 'showusers') {
if ($task == 'showusers') {
$limit = $_CB_framework->getUserStateFromRequest("viewlistlimit", 'limit', $limit);
$limitstart = $_CB_framework->getUserStateFromRequest("view{$option}limitstart", 'limitstart', 0);
}
$lastSearch = $_CB_framework->getUserState("search{$option}", null);
$search = $_CB_framework->getUserStateFromRequest("search{$option}", 'search', '');
if ($lastSearch != $search) {
$limitstart = 0;
$_CB_framework->setUserState("view{$option}limitstart", $limitstart);
}
$search = stripslashes(trim($_CB_TxtIntStore->_iso != 'UTF-8' ? strtolower($search) : (is_callable('mb_convert_case') ? mb_convert_case($search, MB_CASE_LOWER, "UTF-8") : utf8_encode(strtolower(utf8_decode($search))))));
} else {
$filter_type = 0;
$filter_status = 0;
$filter_logged = 0;
clearSearchBox();
$search = '';
$limitstart = 0;
$_CB_framework->setUserState("view{$option}limitstart", $limitstart);
$_CB_framework->setUserState("view{$option}lastCBlist", "showusers");
}
if ($task !== 'showusers') {
if ($task == 'ajaxemailusers') {
$limitstart = cbGetParam($_POST, 'limitstart', 0);
$limit = cbGetParam($_POST, 'limit', 0);
} else {
$limitstart = 0;
if ($task == 'emailusers') {
$limit = 101;
// so that first 100 users and more... is displayed.
} else {
$limit = cbGetParam($_POST, 'limit', 0);
}
}
}
$tablesSQL = array('u' => '#__users AS u');
$joinsSQL = array('ue' => 'LEFT JOIN #__comprofiler AS ue ON u.id = ue.id');
$tablesWhereSQL = array();
if (isset($search) && $search != "") {
$tablesWhereSQL[] = "(u.username LIKE '%" . $_CB_database->getEscaped($search, true) . "%' OR u.email LIKE '%" . $_CB_database->getEscaped($search, true) . "%' OR u.name LIKE '%" . $_CB_database->getEscaped($search, true) . "%')";
}
if ($filter_type) {
if (checkJversion() == 2) {
$tablesWhereSQL[] = "aro.group_id = " . (int) $filter_type;
} else {
if ($filter_type == 'Public Frontend') {
$tablesWhereSQL[] = "(u.usertype = 'Registered' OR u.usertype = 'Author' OR u.usertype = 'Editor'OR u.usertype = 'Publisher')";
} else {
if ($filter_type == 'Public Backend') {
$tablesWhereSQL[] = "( u.usertype = 'Manager' OR u.usertype = 'Administrator' OR u.usertype = 'Super Administrator' )";
} else {
$tablesWhereSQL[] = "u.usertype = " . $_CB_database->Quote($filter_type);
}
}
}
}
$tBlocked = CBTxt::T('Blocked');
$tEnabled = CBTxt::T('Enabled');
$tUnconfirmed = CBTxt::T('Unconfirmed');
$tConfirmed = CBTxt::T('Confirmed');
$tUnapproved = CBTxt::T('Unapproved');
$tDisapproved = CBTxt::T('Disapproved');
$tApproved = CBTxt::T('Approved');
$tBanned = CBTxt::T('Banned');
$p = ' + ';
$userstates = array($tBlocked => 'u.block = 1', $tEnabled => 'u.block = 0', $tUnconfirmed => 'ue.confirmed = 0', $tConfirmed => 'ue.confirmed = 1', $tUnapproved => 'ue.approved = 0', $tDisapproved => 'ue.approved = 2', $tApproved => 'ue.approved = 1', $tBanned => 'ue.banned <> 0', $tBlocked . $p . $tUnconfirmed . $p . $tUnapproved => '(u.block = 1 AND ue.confirmed = 0 AND ue.approved = 0)', $tEnabled . $p . $tUnconfirmed . $p . $tUnapproved => '(u.block = 0 AND ue.confirmed = 0 AND ue.approved = 0)', $tBlocked . $p . $tConfirmed . $p . $tUnapproved => '(u.block = 1 AND ue.confirmed = 1 AND ue.approved = 0)', $tEnabled . $p . $tConfirmed . $p . $tUnapproved => '(u.block = 0 AND ue.confirmed = 1 AND ue.approved = 0)', $tBlocked . $p . $tUnconfirmed . $p . $tDisapproved => '(u.block = 1 AND ue.confirmed = 0 AND ue.approved = 2)', $tEnabled . $p . $tUnconfirmed . $p . $tDisapproved => '(u.block = 0 AND ue.confirmed = 0 AND ue.approved = 2)', $tBlocked . $p . $tConfirmed . $p . $tDisapproved => '(u.block = 1 AND ue.confirmed = 1 AND ue.approved = 2)', $tEnabled . $p . $tConfirmed . $p . $tDisapproved => '(u.block = 0 AND ue.confirmed = 1 AND ue.approved = 2)', $tBlocked . $p . $tUnconfirmed . $p . $tApproved => '(u.block = 1 AND ue.confirmed = 0 AND ue.approved = 1)', $tEnabled . $p . $tUnconfirmed . $p . $tApproved => '(u.block = 0 AND ue.confirmed = 0 AND ue.approved = 1)', $tBlocked . $p . $tConfirmed . $p . $tApproved => '(u.block = 1 AND ue.confirmed = 1 AND ue.approved = 1)', $tEnabled . $p . $tConfirmed . $p . $tApproved => '(u.block = 0 AND ue.confirmed = 1 AND ue.approved = 1)', CBTxt::T('Avatar not approved') => "(ue.avatar > '' AND ue.avatarapproved = 0)");
if ($filter_status) {
$tablesWhereSQL[] = $userstates[$filter_status];
}
if ($filter_logged == 1) {
$tablesWhereSQL[] = "s.userid = u.id";
} else {
if ($filter_logged == 2) {
$tablesWhereSQL[] = "s.userid IS NULL";
}
}
// exclude any child group id's for this user
//$_CB_framework->acl->_debug = true;
if (!$_CB_framework->acl->amIaSuperAdmin()) {
$pgids = $_CB_framework->acl->get_groups_below_me(null, true);
if (is_array($pgids) && count($pgids) > 0) {
if (checkJversion() == 2) {
$tablesWhereSQL[] = "( aro.group_id IN ( " . implode(',', $pgids) . " ) )";
} else {
$tablesWhereSQL[] = "( u.gid IN ( " . implode(',', $pgids) . " ) )";
}
}
}
// Filter the checkmarked users only:
if ($task !== 'showusers') {
if (is_array($cid) && count($cid) > 0) {
cbArrayToInts($cid);
$tablesWhereSQL[] = "( u.id IN ( " . implode(',', $cid) . " ) )";
}
}
// Advanced searches:
$myCbUser =& CBuser::getInstance($_CB_framework->myId());
$myUser =& $myCbUser->getUserData();
$tabs = $myCbUser->_getCbTabs();
// new cbTabs( 0, 1 ); //TBD: later: this private method should not be called here, but the whole users-list should go into there and be called here.
$allFields = $tabs->_getTabFieldsDb(null, $myUser, 'adminfulllist');
foreach ($allFields as $k => $v) {
if (in_array($v->type, array('pm', 'status', 'formatname', 'hidden', 'delimiter', 'userparams'))) {
unset($allFields[$k]);
// delimiter, userparams do not have search for now!
}
}
$searchVals = new stdClass();
$list_compare_types = 1;
// Advanced: all possibilities (WARNING: can be slow)
$tableReferences = array('#__comprofiler' => 'ue', '#__users' => 'u');
$searchesFromFields = $tabs->applySearchableContents($allFields, $searchVals, $_POST, $list_compare_types);
$whereFields = $searchesFromFields->reduceSqlFormula($tableReferences, $joinsSQL, TRUE);
if ($whereFields) {
$tablesWhereSQL[] = '(' . $whereFields . ')';
}
$searchTabContent = $tabs->getSearchablesContents($allFields, $myUser, $searchVals, $list_compare_types);
if ($filter_logged == 1 || $filter_logged == 2) {
$joinsSQL[] .= "\n INNER JOIN #__session AS s ON s.userid = u.id";
// } else { done later, to avoid blocking site:
// $joinsSQL[] .= "\n LEFT JOIN #__session AS s ON s.userid = u.id";
}
if (checkJversion() == 2) {
$joinsSQL[] = "INNER JOIN #__user_usergroup_map AS aro ON aro.user_id = u.id";
// map user to aro for selection (and display if no selection)
if ($filter_type) {
$joinsSQL[] = "LEFT JOIN #__user_usergroup_map AS arodisplay ON arodisplay.user_id = u.id";
// map user to aro for display of all groups
$joinsSQL[] = "INNER JOIN #__usergroups AS g ON g.id = arodisplay.group_id";
// map aro to group for display group name
} else {
$joinsSQL[] = "INNER JOIN #__usergroups AS g ON g.id = aro.group_id";
// map aro to group
}
}
$_PLUGINS->loadPluginGroup('user');
$_PLUGINS->trigger('onBeforeBackendUsersListBuildQuery', array(&$tablesSQL, &$joinsSQL, &$tablesWhereSQL, $option));
$queryFrom = "\n FROM " . implode(', ', $tablesSQL) . (count($joinsSQL) ? "\n " . implode("\n ", $joinsSQL) : '') . (count($tablesWhereSQL) ? "\n WHERE " . implode(' AND ', $tablesWhereSQL) : '');
// Counting query:
$query = "SELECT COUNT(DISTINCT u.id)" . $queryFrom;
$_CB_database->setQuery($query);
$total = $_CB_database->loadResult();
if ($total === null) {
echo $_CB_database->getErrorMsg();
}
if ($total <= $limitstart) {
$limitstart = 0;
}
cbimport('cb.pagination');
$pageNav = new cbPageNav($total, $limitstart, $limit);
if (checkJversion() == 2) {
$grp_name = 'title';
} elseif (checkJversion() == 1) {
$grp_name = 'name';
$joinsSQL[] = "INNER JOIN #__core_acl_aro AS aro ON aro.value = u.id";
// map user to aro
$joinsSQL[] = "INNER JOIN #__core_acl_groups_aro_map AS gm ON gm.aro_id = aro.id";
// map aro to group
$joinsSQL[] = "INNER JOIN #__core_acl_aro_groups AS g ON g.id = gm.group_id";
$tablesWhereSQL[] = "aro.section_value = 'users'";
} else {
$grp_name = 'name';
$joinsSQL[] = "INNER JOIN #__core_acl_aro AS aro ON aro.value = u.id";
// map user to aro
$joinsSQL[] = "INNER JOIN #__core_acl_groups_aro_map AS gm ON gm.aro_id = aro.aro_id";
// map aro to group
$joinsSQL[] = "INNER JOIN #__core_acl_aro_groups AS g ON g.group_id = gm.group_id";
$tablesWhereSQL[] = "aro.section_value = 'users'";
}
$queryFrom = "\n FROM " . implode(', ', $tablesSQL) . (count($joinsSQL) ? "\n " . implode("\n ", $joinsSQL) : '') . (count($tablesWhereSQL) ? "\n WHERE " . implode(' AND ', $tablesWhereSQL) : '');
// Main query:
if (checkJversion() == 2) {
$query = "SELECT u.*, GROUP_CONCAT( DISTINCT g.{$grp_name} ORDER BY g.{$grp_name} SEPARATOR ', ') AS groupname, ue.approved, ue.confirmed, ue.cbactivation" . $queryFrom . ' GROUP BY u.id';
} else {
$query = "SELECT DISTINCT u.*, g.{$grp_name} AS groupname, ue.approved, ue.confirmed, ue.cbactivation" . $queryFrom;
}
$_CB_database->setQuery($query, (int) $pageNav->limitstart, (int) $pageNav->limit);
$rows = $_CB_database->loadObjectList(null, 'moscomprofilerUser', array(&$_CB_database));
if ($_CB_database->getErrorNum()) {
echo $_CB_database->stderr();
return false;
}
// creates the CBUsers in cache corresponding to the $users:
foreach (array_keys($rows) as $k) {
// do not do this otherwise substitutions do not work:
// CBuser::setUserGetCBUserInstance( $rows[$k] );
}
$template = 'SELECT COUNT(s.userid) FROM #__session AS s WHERE s.userid = ';
$n = count($rows);
for ($i = 0; $i < $n; $i++) {
$row =& $rows[$i];
$query = $template . (int) $row->id;
$_CB_database->setQuery($query);
$row->loggedin = $_CB_database->loadResult();
}
if (checkJversion() >= 2 && version_compare(checkJversion('release'), '2.5', '>=')) {
$userids = array();
for ($i = 0; $i < $n; $i++) {
$userids[] = (int) $rows[$i]->id;
$rows[$i]->note_count = 0;
}
if ($userids) {
$query = "SELECT n.user_id, COUNT(n.id) AS note_count" . "\n FROM " . $_CB_database->NameQuote('#__user_notes') . ' AS n' . "\n WHERE n.user_id IN (" . implode(',', $userids) . ')' . "\n AND n.state >= 0" . "\n GROUP BY n.user_id";
$_CB_database->setQuery($query);
$notes = $_CB_database->loadObjectList('user_id');
for ($i = 0; $i < $n; $i++) {
$rows[$i]->note_count = isset($notes[$rows[$i]->id]) ? $notes[$rows[$i]->id]->note_count : 0;
}
}
}
$select_tag_attribs = 'class="inputbox" size="1" onchange="document.adminForm.submit( );"';
$inputTextExtras = '';
if ($task != 'showusers') {
$inputTextExtras = ' disabled="disabled"';
$select_tag_attribs .= $inputTextExtras;
}
// get list of Log Status for dropdown filter
$logged[] = moscomprofilerHTML::makeOption(0, CBTxt::T('- Select Login State -'));
$logged[] = moscomprofilerHTML::makeOption(1, CBTxt::T('Logged In'));
$lists['logged'] = moscomprofilerHTML::selectList($logged, 'filter_logged', $select_tag_attribs, 'value', 'text', "{$filter_logged}", 2);
// get list of Groups for dropdown filter
if (checkJversion() == 2) {
$query = "SELECT id AS value, title AS text" . "\n FROM #__usergroups";
} else {
$query = "SELECT name AS value, name AS text" . "\n FROM #__core_acl_aro_groups" . "\n WHERE name != 'ROOT'" . "\n AND name != 'USERS'";
}
$types[] = moscomprofilerHTML::makeOption('0', CBTxt::T('- Select Group -'));
$_CB_database->setQuery($query);
$types = array_merge($types, $_CB_database->loadObjectList());
$lists['type'] = moscomprofilerHTML::selectList($types, 'filter_type', $select_tag_attribs, 'value', 'text', "{$filter_type}", 2);
$status[] = moscomprofilerHTML::makeOption(0, CBTxt::T('- Select User Status -'));
foreach (array_keys($userstates) as $k) {
$status[] = moscomprofilerHTML::makeOption($k, $k);
}
$lists['status'] = moscomprofilerHTML::selectList($status, 'filter_status', $select_tag_attribs, 'value', 'text', "{$filter_status}", 2);
$pluginAdditions = $_PLUGINS->trigger('onAfterBackendUsersList', array(1, &$rows, &$pageNav, &$search, &$lists, $option, $select_tag_attribs));
$pluginColumns = array();
foreach ($pluginAdditions as $addition) {
if (is_array($addition)) {
$pluginColumns = array_merge($pluginColumns, $addition);
}
}
if ($task == 'showusers') {
$canAdmin = CBuser::getMyInstance()->authoriseAction('core.admin', 'com_users');
$canManage = CBuser::getMyInstance()->authoriseAction('core.manage', 'com_users');
$canCreate = CBuser::getMyInstance()->authoriseAction('core.create', 'com_users');
$canEdit = CBuser::getMyInstance()->authoriseAction('core.edit', 'com_users');
$canEditOwn = CBuser::getMyInstance()->authoriseAction('core.edit.own', 'com_users');
$canEditState = CBuser::getMyInstance()->authoriseAction('core.edit.state', 'com_users');
$usersView = _CBloadView('users');
$usersView->showUsers($rows, $pageNav, $search, $option, $lists, $pluginColumns, $inputTextExtras, $searchTabContent, $canAdmin, $canManage, $canCreate, $canEdit, $canEditOwn, $canEditState);
} elseif ($task == 'resendconfirmationemails') {
$this->_cbadmin_resendconfirmationemailsToUsers($rows, $pageNav, $search, $option, $lists, $pluginColumns, $inputTextExtras, $searchTabContent);
} else {
$emailSubject = stripslashes(cbGetParam($_POST, 'emailsubject', ''));
$emailBody = stripslashes(cbGetParam($_POST, 'emailbody', '', _CB_ALLOWRAW | _CB_NOTRIM));
$emailsPerBatch = stripslashes(cbGetParam($_POST, 'emailsperbatch', 50));
$emailPause = stripslashes(cbGetParam($_POST, 'emailpause', 30));
$simulationMode = stripslashes(cbGetParam($_POST, 'simulationmode', ''));
if (count($cid) > 0 && count($cid) < $total) {
$total = count($cid);
}
if ($task == 'emailusers') {
$pluginRows = $_PLUGINS->trigger('onBeforeBackendUsersEmailForm', array(&$rows, &$pageNav, &$search, &$lists, &$cid, &$emailSubject, &$emailBody, &$inputTextExtras, &$select_tag_attribs, $simulationMode, $option));
$usersView = _CBloadView('users');
$usersView->emailUsers($rows, $total, $search, $option, $lists, $cid, $inputTextExtras, $searchTabContent, $emailSubject, $emailBody, $emailsPerBatch, $emailPause, $simulationMode, $pluginRows);
} elseif ($task == 'startemailusers') {
$pluginRows = $_PLUGINS->trigger('onBeforeBackendUsersEmailStart', array(&$rows, $total, $search, $lists, $cid, &$emailSubject, &$emailBody, &$inputTextExtras, $simulationMode, $option));
$usersView = _CBloadView('users');
$usersView->startEmailUsers($rows, $search, $option, $lists, $cid, $inputTextExtras, $searchTabContent, $emailSubject, $emailBody, $emailsPerBatch, $emailPause, $total, $simulationMode, $pluginRows);
} elseif ($task == 'ajaxemailusers') {
$this->_cbadmin_emailUsers($rows, $emailSubject, $emailBody, $limitstart, $limit, $total, $simulationMode);
}
}
return true;
}
