/** * Installs a tab into database, finding already existing one if needed. * * @param int $pluginid * @param CBSimpleXMLElement $tab * @return int|boolean id of tab or FALSE in case of error (error saved with $this->setError() ). */ function installTab($pluginid, &$tab) { global $_CB_database, $_CB_framework; // Check to see if plugin tab already exists in db if ($tab->attributes('class')) { $query = "SELECT tabid FROM #__comprofiler_tabs WHERE " . "pluginclass = " . $_CB_database->Quote($tab->attributes('class')); } else { $query = "SELECT tabid FROM #__comprofiler_tabs WHERE pluginid = " . (int) $pluginid . " AND pluginclass = ''"; } $_CB_database->setQuery($query); $tabid = $_CB_database->loadResult(); if ($tab->attributes('type') == 'existingSytemTab') { if ($tabid == null) { $this->setError(1, 'installTab error: existingSystemTab' . ': ' . $tab->attributes('class') . ' ' . 'not found' . '.'); return false; } } else { $row = new moscomprofilerTabs($_CB_database); if ($tabid) { $row->load((int) $tabid); } if (!$row->tabid) { $row->title = $tab->attributes('name'); $row->description = trim($tab->attributes('description')); $row->ordering = 99; $row->position = $tab->attributes('position'); $row->displaytype = $tab->attributes('displaytype'); $row->ordering_register = $tab->attributes('ordering_register'); } $row->width = $tab->attributes('width'); $row->pluginclass = $tab->attributes('class'); $row->pluginid = $pluginid; $row->fields = $tab->attributes('fields'); $row->sys = $tab->attributes('sys'); $row->useraccessgroupid = -2; $row->viewaccesslevel = 1; $userGroupName = $tab->attributes('useraccessgroup'); $viewAccessLevelName = $tab->attributes('viewaccesslevel'); switch ($userGroupName) { case 'All Registered Users': $row->useraccessgroupid = -1; break; case 'Everybody': default: if ($userGroupName && $userGroupName != 'Everybody') { $groupId = $_CB_framework->acl->get_group_id($userGroupName, 'ARO'); if ($groupId) { $row->useraccessgroupid = $groupId; } break; } } if ($viewAccessLevelName) { $accessLevels = $_CB_framework->acl->get_access_children_tree(2, false, false); $viewAccessLevelId = array_search($viewAccessLevelName, $accessLevels); if ($viewAccessLevelId !== false) { $row->viewaccesslevel = $viewAccessLevelId; } } if (!$row->store()) { $this->setError(1, 'SQL error' . ': ' . $row->getError()); return false; } $tabid = (int) $row->tabid; } return $tabid; }
function saveTab( $option ) { global $_CB_database, $_CB_framework, $_POST; $this->_importNeeded(); $this->_importNeededSave(); if ( isset( $_POST['params'] ) ) { $_POST['params'] = cbParamsEditorController::getRawParamsMagicgpcEscaped( $_POST['params'] ); } else { $_POST['params'] = ''; } if ( ! isset( $_POST['tabid'] ) || ( count( $_POST ) == 0 ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Missing post values') ) . "'); window.history.go(-2); </script>\n"; exit(); } if ( $_POST['tabid'] ) { $oldrow = new moscomprofilerTabs( $_CB_database ); if ( $oldrow->load( (int) $_POST['tabid'] ) && ( ! in_array( $oldrow->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) . "'); window.history.go(-1);</script>\n"; exit; } } $row = new moscomprofilerTabs( $_CB_database ); if (!$row->bind( $_POST )) { echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-1); </script>\n"; exit(); } if ( ! $row->ordering_register ) { $row->ordering_register = 10; } $row->description = cleanEditorsTranslationJunk( trim( $row->description ) ); if (!$row->check()) { echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n"; exit(); } $row->tabid = (int) cbGetParam( $_POST, 'tabid', 0 ); if ( ! $row->store() ) { echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n"; exit(); } $row->checkin(); cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showTab" ), CBTxt::T('Successfully Saved Tab') . ": ". $row->title ); }
function saveField($option, $task) { global $_CB_database, $_CB_framework, $_POST, $_PLUGINS; if ($task == 'showField' || !(isset($_POST['oldtabid']) && isset($_POST['fieldid']))) { cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task={$task}")); return; } $this->_importNeeded(); $this->_importNeededSave(); $fieldOldTab = new moscomprofilerTabs($_CB_database); if (isset($_POST['oldtabid']) && $_POST['oldtabid']) { $fieldOldTab->load((int) $_POST['oldtabid']); // Check if user is a super user: if (!$_CB_framework->acl->amIaSuperAdmin()) { // Check if user belongs to useraccessgroupid: if (!in_array($fieldOldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user belongs to viewaccesslevel: if (!in_array($fieldOldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } } $fid = (int) $_POST['fieldid']; $row = new moscomprofilerFields($_CB_database); if ($fid) { // load the row from the db table if (!$row->load((int) $fid)) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Innexistant field')) . "'); window.history.go(-1);</script>\n"; exit; } $fieldTab = new moscomprofilerTabs($_CB_database); // load the row from the db table $fieldTab->load((int) $row->tabid); // Check if user is a super user: if (!$_CB_framework->acl->amIaSuperAdmin()) { // Check if user belongs to useraccessgroupid: if (!in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user belongs to viewaccesslevel: if (!in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } } $oldrow = new moscomprofilerFields($_CB_database); foreach (array_keys(get_object_vars($row)) as $k) { if (substr($k, 0, 1) != '_') { $oldrow->{$k} = $row->{$k}; } } $_PLUGINS->loadPluginGroup('user'); if (!$this->_prov_bind_CB_field($row, $fid)) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } // Set defaults if nothing is found // Also check if oldrow value to use its current value or default otherwise // This prevents a tab from storing to database with null values when some inputs are set disabled: if ($row->tabid == '') { $row->tabid = $oldrow->tabid != '' ? $oldrow->tabid : 11; } if ($row->profile == '') { $row->profile = $oldrow->profile != '' ? $oldrow->profile : 1; } if ($row->registration == '') { $row->registration = $oldrow->registration != '' ? $oldrow->registration : 1; } if ($row->published == '') { $row->published = $oldrow->published != '' ? $oldrow->published : 1; } if ($row->required == '') { $row->required = $oldrow->required != '' ? $oldrow->required : 0; } if ($row->readonly == '') { $row->readonly = $oldrow->readonly != '' ? $oldrow->readonly : 0; } if ($row->tablecolumns != '' && !in_array($row->type, array('password', 'userparams'))) { $searchable_default = 1; } else { $searchable_default = 0; } if ($row->searchable == '') { $row->searchable = $oldrow->searchable != '' ? $oldrow->searchable : $searchable_default; } // If the input is disabled we need to apply the default if the tabid isn't in POST: if (!isset($_POST['tabid'])) { $_POST['tabid'] = $row->tabid; } // Moved above check here just encase it ends up being empty: if ($task == 'showField' || !isset($_POST['tabid'])) { cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task={$task}")); return; } // in case the above changed perms.... really ? $fieldTab = new moscomprofilerTabs($_CB_database); $fieldTab->load((int) $row->tabid); // Check if user is a super user: if (!$_CB_framework->acl->amIaSuperAdmin()) { // Check if user belongs to useraccessgroupid: if (!in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user belongs to viewaccesslevel: if (!in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } if ($row->type == 'webaddress') { $row->rows = $_POST['webaddresstypes']; if (!($row->rows == 0 || $row->rows == 2)) { $row->rows = 0; } } if ($_POST['oldtabid'] != $_POST['tabid']) { if ($_POST['oldtabid'] !== '') { //Re-order old tab $sql = "UPDATE #__comprofiler_fields SET ordering = ordering-1 WHERE ordering > " . (int) $_POST['ordering'] . " AND tabid = " . (int) $_POST['oldtabid']; $_CB_database->setQuery($sql); $_CB_database->query(); } //Select Last Order in New Tab $sql = "SELECT MAX(ordering) FROM #__comprofiler_fields WHERE tabid=" . (int) $_POST['tabid']; $_CB_database->SetQuery($sql); $max = $_CB_database->LoadResult(); $row->ordering = max($max + 1, 1); } if (cbStartOfStringMatch($row->name, 'cb_')) { $row->name = str_replace(" ", "", strtolower($row->name)); } if (!$row->check()) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } // Check if user is a super user: if (!$_CB_framework->acl->amIaSuperAdmin()) { $canEditState = CBuser::getMyInstance()->authoriseAction('core.edit.state'); // Check if user belongs to useraccessgroupid if ($fieldTab->useraccessgroupid != '' && !in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user belongs to viewaccesslevel if ($fieldTab->viewaccesslevel != '' && !in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user can edit status (and if not, that status are as expected): if (!$canEditState) { $failed = false; // Check if row exists and if tabid is different from existing row // Check if row doesn't exist and if tabid is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->tabid != '' && $oldrow->tabid != $row->tabid) || !$oldrow->fieldid && ($row->tabid != '' && $row->tabid != 11)) { $failed = true; } // Check if row exists and if profile is different from existing row // Check if row doesn't exist and if profile is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->profile != '' && $oldrow->profile != $row->profile) || !$oldrow->fieldid && ($row->profile != '' && $row->profile != 1)) { $failed = true; } // Check if row exists and if registration is different from existing row // Check if row doesn't exist and if registration is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->registration != '' && $oldrow->registration != $row->registration) || !$oldrow->fieldid && ($row->registration != '' && $row->registration != 1)) { $failed = true; } // Check if row exists and if published is different from existing row // Check if row doesn't exist and if published is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->published != '' && $oldrow->published != $row->published) || !$oldrow->fieldid && ($row->published != '' && $row->published != 1)) { $failed = true; } // Check if row exists and if required is different from existing row // Check if row doesn't exist and if required is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->required != '' && $oldrow->required != $row->required) || !$oldrow->fieldid && ($row->required != '' && $row->required != 0)) { $failed = true; } // Check if row exists and if readonly is different from existing row // Check if row doesn't exist and if readonly is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->readonly != '' && $oldrow->readonly != $row->readonly) || !$oldrow->fieldid && ($row->readonly != '' && $row->readonly != 0)) { $failed = true; } // Check if row exists and if searchable is different from existing row // Check if row doesn't exist and if searchable is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->searchable != '' && $oldrow->searchable != $row->searchable) || !$oldrow->fieldid && ($row->searchable != '' && $row->searchable != $searchable_default)) { $failed = true; } if ($failed) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } } if (!$row->store((int) $fid)) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } $fieldNames = $_POST['vNames']; $j = 1; if ($row->fieldid > 0) { $_CB_database->setQuery("DELETE FROM #__comprofiler_field_values" . " WHERE fieldid = " . (int) $row->fieldid); if ($_CB_database->query() === false) { echo $_CB_database->getErrorMsg(); } } else { $_CB_database->setQuery("SELECT MAX(fieldid) FROM #__comprofiler_fields"); $maxID = $_CB_database->loadResult(); $row->fieldid = $maxID; echo $_CB_database->getErrorMsg(); } //for($i=0, $n=count( $fieldNames ); $i < $n; $i++) { foreach ($fieldNames as $fieldName) { if (trim($fieldName) != null || trim($fieldName) != '') { $_CB_database->setQuery("INSERT INTO #__comprofiler_field_values (fieldid,fieldtitle,ordering)" . " VALUES( " . (int) $row->fieldid . ",'" . cbGetEscaped(trim($fieldName)) . "', " . (int) $j . ")"); if ($_CB_database->query() === false) { echo $_CB_database->getErrorMsg(); } $j++; } } switch ($task) { case 'applyField': $msg = CBTxt::T('Successfully Saved changes to Field') . ': ' . $row->name; cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=editField&cid={$row->fieldid}"), $msg); break; case 'saveField': default: $msg = CBTxt::T('Successfully Saved Field') . ': ' . $row->name; cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=showField"), $msg); break; } }
function orderTabs($tid, $inc, $option) { global $_CB_database, $_CB_framework; $row = new moscomprofilerTabs($_CB_database); $row->load((int) $tid); if (!$_CB_framework->acl->amIaSuperAdmin()) { if (!in_array($row->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } $row->move($inc, "position='{$row->position}' AND ordering > -10000 AND ordering < 10000 "); cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=showTab")); }
function orderTabs( $tid, $inc, $option ) { global $_CB_database, $_CB_framework; $row = new moscomprofilerTabs( $_CB_database ); $row->load( (int) $tid ); if ( ! in_array( $row->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) . "'); window.history.go(-1);</script>\n"; exit; } $row->move( $inc, "position='$row->position' AND ordering > -10000 AND ordering < 10000 " ); cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showTab" ) ); }
function saveField( $option, $task ) { global $_CB_database, $_CB_framework, $_POST, $_PLUGINS; if ( ( $task == 'showField' ) || ! ( isset( $_POST['oldtabid'] ) && isset( $_POST['tabid'] ) && isset( $_POST['fieldid'] ) ) ) { cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=$task" ) ); return; } $this->_importNeeded(); $this->_importNeededSave(); $fid = (int) $_POST['fieldid']; $row = new moscomprofilerFields( $_CB_database ); if ( $fid ) { // load the row from the db table if ( ! $row->load( (int) $fid ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Innexistant field') ) . "'); window.history.go(-1);</script>\n"; exit; } $fieldTab = new moscomprofilerTabs( $_CB_database ); // load the row from the db table $fieldTab->load( (int) $row->tabid ); if ( ! in_array( $fieldTab->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) ."'); window.history.go(-1);</script>\n"; exit; } } $_PLUGINS->loadPluginGroup( 'user' ); if ( ! $this->_prov_bind_CB_field( $row, $fid ) ) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit(); } // in case the above changed perms.... really ? $fieldTab = new moscomprofilerTabs( $_CB_database ); $fieldTab->load( (int) $row->tabid ); if ( ! in_array( $fieldTab->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) . "'); window.history.go(-1);</script>\n"; exit; } if ($row->type == 'webaddress') { $row->rows = $_POST['webaddresstypes']; if ( !(($row->rows == 0) || ($row->rows == 2)) ) { $row->rows = 0; } } if ( $_POST['oldtabid'] != $_POST['tabid'] ) { if ( $_POST['oldtabid'] !== '' ) { //Re-order old tab $sql = "UPDATE #__comprofiler_fields SET ordering = ordering-1 WHERE ordering > ".(int) $_POST['ordering']." AND tabid = ".(int) $_POST['oldtabid']; $_CB_database->setQuery($sql); $_CB_database->query(); } //Select Last Order in New Tab $sql = "SELECT MAX(ordering) FROM #__comprofiler_fields WHERE tabid=".(int) $_POST['tabid']; $_CB_database->SetQuery($sql); $max = $_CB_database->LoadResult(); $row->ordering = max( $max + 1, 1 ); } if ( cbStartOfStringMatch( $row->name, 'cb_' ) ) { $row->name = str_replace(" ", "", strtolower($row->name)); } if ( ! $row->check() ) { echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n"; exit(); } if ( ! $row->store( (int) $fid ) ) { echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n"; exit(); } $fieldNames = $_POST['vNames']; $j = 1; if( $row->fieldid > 0 ) { $_CB_database->setQuery( "DELETE FROM #__comprofiler_field_values" . " WHERE fieldid = " . (int) $row->fieldid ); if( $_CB_database->query() === false ) { echo $_CB_database->getErrorMsg(); } } else { $_CB_database->setQuery( "SELECT MAX(fieldid) FROM #__comprofiler_fields"); $maxID = $_CB_database->loadResult(); $row->fieldid = $maxID; echo $_CB_database->getErrorMsg(); } //for($i=0, $n=count( $fieldNames ); $i < $n; $i++) { foreach ($fieldNames as $fieldName) { if(trim($fieldName)!=null || trim($fieldName)!='') { $_CB_database->setQuery( "INSERT INTO #__comprofiler_field_values (fieldid,fieldtitle,ordering)" . " VALUES( " . (int) $row->fieldid . ",'".cbGetEscaped(trim($fieldName))."', " . (int) $j . ")" ); if ( $_CB_database->query() === false ) { echo $_CB_database->getErrorMsg(); } $j++; } } switch ( $task ) { case 'applyField': $msg = CBTxt::T('Successfully Saved changes to Field') . ': '. $row->name; cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=editField&cid=$row->fieldid" ), $msg ); break; case 'saveField': default: $msg = CBTxt::T('Successfully Saved Field') . ': '. $row->name; cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showField" ), $msg ); break; } }
function saveTab($option) { global $_CB_database, $_CB_framework, $_POST; $this->_importNeeded(); $this->_importNeededSave(); if (isset($_POST['params'])) { $_POST['params'] = cbParamsEditorController::getRawParamsMagicgpcEscaped($_POST['params']); } else { $_POST['params'] = ''; } if (!isset($_POST['tabid']) || count($_POST) == 0) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Missing post values')) . "'); window.history.go(-2); </script>\n"; exit; } $oldrow = new moscomprofilerTabs($_CB_database); if (isset($_POST['tabid']) && $_POST['tabid']) { $oldrow->load((int) $_POST['tabid']); // Check if user is a super user: if (!$_CB_framework->acl->amIaSuperAdmin()) { // Check if user belongs to useraccessgroupid: if (!in_array($oldrow->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user belongs to viewaccesslevel: if (!in_array($oldrow->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } } $row = new moscomprofilerTabs($_CB_database); if (!$row->bind($_POST)) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } // Set defaults if nothing is found // Also check if oldrow value to use its current value or default otherwise // This prevents a tab from storing to database with null values when some inputs are set disabled: if ($row->useraccessgroupid == '') { $row->useraccessgroupid = $oldrow->useraccessgroupid != '' ? $oldrow->useraccessgroupid : -2; } if ($row->viewaccesslevel == '') { $row->viewaccesslevel = $oldrow->viewaccesslevel != '' ? $oldrow->viewaccesslevel : 1; } if ($row->ordering == '') { $row->ordering = $oldrow->ordering != '' ? $oldrow->ordering : 999; } if ($row->ordering_register == '') { $row->ordering_register = $oldrow->ordering_register != '' ? $oldrow->ordering_register : 10; } if ($row->enabled == '') { $row->enabled = $oldrow->enabled != '' ? $oldrow->enabled : 1; } $row->description = cleanEditorsTranslationJunk(trim($row->description)); if (!$row->check()) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } $row->tabid = (int) cbGetParam($_POST, 'tabid', 0); // Check if user is a super user: if (!$_CB_framework->acl->amIaSuperAdmin()) { $canEditState = CBuser::getMyInstance()->authoriseAction('core.edit.state'); // Check if user belongs to useraccessgroupid if ($row->useraccessgroupid != '' && !in_array($row->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user belongs to viewaccesslevel if ($row->viewaccesslevel != '' && !in_array($row->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user can edit status (and if not, that status are as expected): if (!$canEditState) { $failed = false; // Check if row exists and if useraccessgroupid is different from existing row // Check if row doesn't exist and if useraccessgroupid is different from default if ($oldrow->tabid && ($row->useraccessgroupid != '' && $oldrow->useraccessgroupid != $row->useraccessgroupid) || !$oldrow->tabid && ($row->useraccessgroupid != '' && $row->useraccessgroupid != -2)) { $failed = true; } // Check if row exists and if viewaccesslevel is different from existing row // Check if row doesn't exist and if viewaccesslevel is different from default // Check if user can edit status: if ($oldrow->tabid && ($row->viewaccesslevel != '' && $oldrow->viewaccesslevel != $row->viewaccesslevel) || !$oldrow->tabid && ($row->viewaccesslevel != '' && $row->viewaccesslevel != 1)) { $failed = true; } // Check if row exists and if ordering is different from existing row // Check if row doesn't exist and if ordering is different from default // Check if user can edit status: if ($oldrow->tabid && ($row->ordering != '' && $oldrow->ordering != $row->ordering) || !$oldrow->tabid && ($row->ordering != '' && $row->ordering != 999)) { $failed = true; } // Check if row exists and if ordering_register is different from existing row // Check if row doesn't exist and if ordering_register is different from default // Check if user can edit status: if ($oldrow->tabid && ($row->ordering_register != '' && $oldrow->ordering_register != $row->ordering_register) || !$oldrow->tabid && ($row->ordering_register != '' && $row->ordering_register != 10)) { $failed = true; } // Check if row exists and if publish is different from existing row // Check if row doesn't exist and if publish is different from default // Check if user can edit status: if ($oldrow->tabid && ($row->enabled != '' && $oldrow->enabled != $row->enabled) || !$oldrow->tabid && ($row->enabled != '' && $row->enabled != 1)) { $failed = true; } if ($failed) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } } if (!$row->store()) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } $row->checkin(); cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=showTab"), CBTxt::T('Successfully Saved Tab') . ": " . $row->title); }