function saveTab( $option ) {
		global $_CB_database, $_CB_framework, $_POST;

		$this->_importNeeded();
		$this->_importNeededSave();

		if ( isset( $_POST['params'] ) ) {
		 	$_POST['params']	=	cbParamsEditorController::getRawParamsMagicgpcEscaped( $_POST['params'] );
		} else {
			$_POST['params']	=	'';
		}
	
		if ( ! isset( $_POST['tabid'] ) || ( count( $_POST ) == 0 ) ) {
			echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Missing post values') ) . "'); window.history.go(-2); </script>\n";
			exit();
		}
		if ( $_POST['tabid'] ) {
			$oldrow		=	new moscomprofilerTabs( $_CB_database );
			if ( $oldrow->load( (int) $_POST['tabid'] )
				&& 	( ! in_array( $oldrow->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) ) {
				echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) . "'); window.history.go(-1);</script>\n";
				exit;
			}
		}
	
		$row = new moscomprofilerTabs( $_CB_database );
		if (!$row->bind( $_POST )) {
			echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-1); </script>\n";
			exit();
		}
	
		if ( ! $row->ordering_register ) {
			$row->ordering_register		=	10;
		}
	
		$row->description	=	cleanEditorsTranslationJunk( trim( $row->description ) );
	
		if (!$row->check()) {
			echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n";
			exit();
		}
		$row->tabid			=	(int) cbGetParam( $_POST, 'tabid', 0 );
		if ( ! $row->store() ) {
			echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n";
			exit();
		}
	
		$row->checkin();
		cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showTab" ), CBTxt::T('Successfully Saved Tab') . ": ". $row->title );
	}
Exemple #2
0
	function drawUsersList( $uid, $listid, $searchFormValuesRAW ) {
		global $_CB_database, $_CB_framework, $ueConfig, $Itemid, $_PLUGINS;
	
		$search					=	null;
		$searchGET				=	cbGetParam( $searchFormValuesRAW, 'search' );
		$limitstart				=	(int) cbGetParam( $searchFormValuesRAW, 'limitstart', 0 );
		$searchmode				=	(int) cbGetParam( $searchFormValuesRAW, 'searchmode', 0 );
		$randomParam			=	(int) cbGetParam( $searchFormValuesRAW, 'rand', 0 );
	
		// old search on formated name:
	
	/*	if ( $searchPOST || count( $_POST ) ) {
			// simple spoof check security
			cbSpoofCheck( 'usersList' );
			if ( cbGetParam( $searchFormValuesRAW, "action" ) == "search" ) {
				$search			=	$searchPOST;
			}
		} else
			if ( isset( $searchFormValuesRAW['limitstart'] ) ) {
				$search				=	stripslashes( $searchGET );
			}
	*/
		// get my user and gets the list of user lists he is allowed to see (ACL):
	
		$myCbUser				=&	CBuser::getInstance( $uid );
		if ( $myCbUser === null ) {
			$myCbUser			=&	CBuser::getInstance( null );
		}
		$myUser					=&	$myCbUser->getUserData();
	/*
		$myUser					=	new moscomprofilerUser( $_CB_database );
		if ( $uid ) {
			$myUser->load( (int) $uid );
		}
	*/
		$useraccessgroupSQL		=	" AND useraccessgroupid IN (".implode(',',getChildGIDS(userGID($uid))).")";
		$_CB_database->setQuery( "SELECT listid, title FROM #__comprofiler_lists WHERE published=1" . $useraccessgroupSQL . " ORDER BY ordering" );
		$plists					=	$_CB_database->loadObjectList();
		$lists					=	array();
		$publishedlists			=	array();
	
		for ( $i=0, $n=count( $plists ); $i < $n; $i++ ) {
			$plist				=&	$plists[$i];
			$listTitleNoHtml	=	strip_tags( cbReplaceVars( getLangDefinition( $plist->title ), $myUser, false, false ) );
		   	$publishedlists[]	=	moscomprofilerHTML::makeOption( $plist->listid, $listTitleNoHtml );
		}
	
		// select either list selected or default list to which he has access (ACL):
	
		if ( $listid == 0 ) {
			$_CB_database->setQuery( "SELECT listid FROM #__comprofiler_lists "
			. "\n WHERE `default`=1 AND published=1" . $useraccessgroupSQL );
			$listid				=	(int) $_CB_database->loadresult();
			if ( $listid == 0 && ( count( $plists ) > 0 ) ) {
				$listid			=	(int) $plists[0]->listid;
			}
		}
		if ( ! ( $listid > 0 ) ) {
			echo _UE_NOLISTFOUND;
			return;
		}
	
		// generates the drop-down list of lists:
	
		if ( count( $plists ) > 1 ) {
			$lists['plists']	=	moscomprofilerHTML::selectList( $publishedlists, 'listid', 'class="inputbox" size="1" onchange="this.form.submit();"', 'value', 'text', $listid, 1 );
		}
	
		// loads the list record:
	
		$row					=	new moscomprofilerLists( $_CB_database );
		if ( ( ! $row->load( (int) $listid ) ) || ( $row->published != 1 ) ) {
			echo _UE_LIST_DOES_NOT_EXIST;
			return;
		}
		if ( ! allowAccess( $row->useraccessgroupid,'RECURSE', userGID($uid) ) ) {
			echo _UE_NOT_AUTHORIZED;
			return;
		}
	
		$params					=	new cbParamsBase( $row->params );
	
		$hotlink_protection		=	$params->get( 'hotlink_protection', 0 );
		if ( $hotlink_protection == 1 ) {
			if ( ( $searchGET !== null ) || $limitstart ) {
				cbSpoofCheck( 'usersList', 'GET' );
			}
		}
	
		$limit					=	(int) $params->get( 'list_limit' );
		if ( $limit == 0 ) {
			$limit				=	(int) $ueConfig['num_per_page'];
		}
	
		$showPaging				=	$params->get( 'list_paging', 1 );
		if ( $showPaging != 1 ) {
			$limitstart			=	0;
		}
	
		$isModerator			=	isModerator( $_CB_framework->myId() );
	
		$_PLUGINS->loadPluginGroup( 'user' );
		// $plugSearchFieldsArray	=	$_PLUGINS->trigger( 'onStartUsersList', array( &$listid, &$row, &$search, &$limitstart, &$limit ) );
		$_PLUGINS->trigger( 'onStartUsersList', array( &$listid, &$row, &$search, &$limitstart, &$limit ) );
	
		// handles the users allowed to be listed in the list by ACL:
	
		$allusergids			=	array();
		$usergids				=	explode( ',', $row->usergroupids );
	/*	This was a bug tending to list admins when "public backend" was checked, and all frontend users when "public backend was checked. Now just ignore them:
		foreach( $usergids AS $usergid ) {
			$allusergids[]		=	$usergid;
			if ($usergid==29 || $usergid==30) {
				$groupchildren	=	array();
				$groupchildren	=	$_CB_framework->acl->get_group_children( $usergid, 'ARO','RECURSE' );
				$allusergids	=	array_merge($allusergids,$groupchildren);
			}
		}
	*/
		$allusergids			=	array_diff( $usergids, array( 29, 30 ) );
		$usergids				=	implode( ",", $allusergids );
	
		// build SQL Select query:
	
		$random					=	0;
		if( $row->sortfields != '' ) {
			$matches			=	null;
			if ( preg_match( '/^RAND\(\)\s(ASC|DESC)$/', $row->sortfields, $matches ) ) {
				// random sorting needs to have same seed on pages > 1 to not have probability to show same users:
				if ( $limitstart ) {
					$random		=	(int) $randomParam;
				}
				if ( ! $random ) {
					$random		=	rand( 0, 32767 );
				}
				$row->sortfields =	'RAND(' . (int) $random . ') ' . $matches[1];
			}
			$orderby			=	"\n ORDER BY " . $row->sortfields;
		}
		$filterby				=	'';
		if ( $row->filterfields != '' ) {
			$filterRules		=	utf8RawUrlDecode( substr( $row->filterfields, 1 ) );
	
			if ( $_CB_framework->myId() ) {
				$user			=	new moscomprofilerUser( $_CB_database );
				if ( $user->load( (int) $_CB_framework->myId() ) ) {
					$filterRules	=	cbReplaceVars( $filterRules, $user, array( $_CB_database, 'getEscaped' ), false, array() );
				}
			}
			$filterby			=	" AND ". $filterRules;
		}
	
		// Prepare part after SELECT .... " and before "FROM" :
	
		$tableReferences		=	array( '#__comprofiler' => 'ue', '#__users' => 'u' );
	
		// Fetch all fields:
	
		$tabs					=	$myCbUser->_getCbTabs();		//	new cbTabs( 0, 1 );		//TBD: later: this private method should not be called here, but the whole users-list should go into there and be called here.
	
		$allFields				=	$tabs->_getTabFieldsDb( null, $myUser, 'list' );
		// $_CB_database->setQuery( "SELECT * FROM #__comprofiler_fields WHERE published = 1" );
		// $allFields				=	$_CB_database->loadObjectList( 'fieldid', 'moscomprofilerFields', array( &$_CB_database ) );
	
	
		//Make columns array. This array will later be constructed from the tabs table:
	
		$columns				=	array();
	
		for ( $i = 1; $i < 50; ++$i ) {
			$enabledVar			=	"col".$i."enabled";
	
			if ( ! isset( $row->$enabledVar ) ) {
				break;
			}
			$titleVar			=	"col".$i."title";
			$fieldsVar			=	"col".$i."fields";
			$captionsVar		=	"col".$i."captions";
	
			if ( $row->$enabledVar == 1 ) {
				$col			=	new stdClass();
				$col->fields	=	( $row->$fieldsVar ? explode( '|*|', $row->$fieldsVar ) : array() );
				$col->title		=	$row->$titleVar;
				$col->titleRendered		=	$myCbUser->replaceUserVars( $col->title );
				$col->captions	=	$row->$captionsVar;
				// $col->sort	=	1; //All columns can be sorted
				$columns[$i]	=	$col;
			}
		}
	
		// build fields and tables accesses, also check for searchable fields:
	
		$searchableFields		=	array();
		$fieldsSQL				=	cbUsersList::getFieldsSQL( $columns, $allFields, $tableReferences, $searchableFields, $params );
	
		$_PLUGINS->trigger( 'onAfterUsersListFieldsSql', array( &$columns, &$allFields, &$tableReferences ) );
	
		$tablesSQL				=	array();
		$joinsSQL				=	array();
		$tablesWhereSQL			=	array(	'block'		=>	'u.block = 0',
											'approved'	=>	'ue.approved = 1',
											'confirmed'	=>	'ue.confirmed = 1'
										 );
	
		if ( checkJversion() == 2 ) {
			$joinsSQL[]				=	'JOIN #__user_usergroup_map g ON g.`user_id` = u.`id`';
		}
	
		if ( ! $isModerator ) {
			$tablesWhereSQL['banned']	=	'ue.banned = 0';
		}
		if ( $usergids ) {
			if ( checkJversion() == 2 ) {
				$tablesWhereSQL['gid']	=	'g.group_id IN (' . $usergids . ')';
			} else {
				$tablesWhereSQL['gid']	=	'u.gid IN (' . $usergids . ')';
			}
		}
	
		foreach ( $tableReferences as $table => $name ) {
			$tablesSQL[]				=	$table . ' ' . $name;
			if ( $name != 'u' ) {
				$tablesWhereSQL[]		=	"u.`id` = " . $name . ".`id`";
			}
		}
	
		// handles search criterias:
	
		$list_compare_types		=	$params->get( 'list_compare_types', 0 );
		$searchVals				=	new stdClass();
		$searchesFromFields		=	$tabs->applySearchableContents( $searchableFields, $searchVals, $searchFormValuesRAW, $list_compare_types );
		$whereFields			=	$searchesFromFields->reduceSqlFormula( $tableReferences, $joinsSQL, TRUE );
		if ( $whereFields ) {
			$tablesWhereSQL[]	=	'(' . $whereFields . ')';
	/*
			if ( $search === null ) {
				$search			=	'';
			}
	*/
		}
	
		$_PLUGINS->trigger( 'onBeforeUsersListBuildQuery', array( &$tablesSQL, &$joinsSQL, &$tablesWhereSQL ) );
	
		$queryFrom				=	"FROM " . implode( ', ', $tablesSQL )
								.	( count( $joinsSQL ) ? "\n " . implode( "\n ", $joinsSQL ) : '' )
								.	"\n WHERE " . implode( "\n AND ", $tablesWhereSQL );
	
		// handles old formatted names search:
	/*
		if ( $search != '' ) {
			$searchSQL			=	cbEscapeSQLsearch( strtolower( $_CB_database->getEscaped( $search ) ) );
			$queryFrom 			.=	" AND (";
	
			$searchFields		=	array();
			if ( $ueConfig['name_format']!='3' ) {
				$searchFields[]	=	"u.name LIKE '%%s%'";
			}
			if ( $ueConfig['name_format']!='1' ) {
				$searchFields[]	=	"u.username LIKE '%%s%'";
			}
			if ( is_array( $plugSearchFieldsArray ) ) {
				foreach ( $plugSearchFieldsArray as $v ) {
					if ( is_array( $v ) ) {
						$searchFields	=	array_merge( $searchFields, $v );
					}
				}
			}
			$queryFrom			.=	str_replace( '%s', $searchSQL, implode( " OR ", $searchFields ) );
			$queryFrom			.=	")";
		}
	*/
		$queryFrom				.=	" " . $filterby;
	
		$_PLUGINS->trigger( 'onBeforeUsersListQuery', array( &$queryFrom, 1, $listid ) );	// $uid = 1
	
		$errorMsg		=	null;
	
		// counts number of users and loads the listed fields of the users if not in search-form-only mode:
	
		if ( $searchmode == 0 ) {
			if ( checkJversion() == 2 ) {
				$_CB_database->setQuery( "SELECT COUNT(DISTINCT u.id) " . $queryFrom );
			} else {
			$_CB_database->setQuery( "SELECT COUNT(*) " . $queryFrom );
			}
			$total					=	$_CB_database->loadResult();
	
			if ( ( $limit > $total ) || ( $limitstart >= $total ) ) {
				$limitstart			=	0;
			}
	
			// $query					=	"SELECT u.id, ue.banned, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby
			if ( checkJversion() == 2 ) {
				$query				=	"SELECT DISTINCT ue.*, u.*, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby;
			} else {
				$query				=	"SELECT ue.*, u.*, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby;
			}
			$_CB_database->setQuery( $query, (int) $limitstart, (int) $limit );
			$users				=	$_CB_database->loadObjectList( null, 'moscomprofilerUser', array( &$_CB_database ) );
	
			if ( ! $_CB_database->getErrorNum() ) {
				// creates the CBUsers in cache corresponding to the $users:
				foreach ( array_keys( $users ) as $k) {
					CBuser::setUserGetCBUserInstance( $users[$k] );
				}
			} else {
				$users			=	array();
				$errorMsg		=	_UE_ERROR_IN_QUERY_TURN_SITE_DEBUG_ON_TO_VIEW;
			}
	
			if ( count( get_object_vars( $searchVals ) ) > 0 ) {
				$search			=	'';
			} else {
				$search			=	null;
			}
	
		} else {
			$total				=	null;
			$users				=	array();
			if ( $search === null ) {
				$search			=	'';
			}
		}
	
		// Compute itemId of users in users-list:
	
		if ( $Itemid ) {
			$option_itemid		=	(int) $Itemid;
		} else {
			$option_itemid		=	getCBprofileItemid( 0 );
		}
		HTML_comprofiler::usersList( $row, $users, $columns, $allFields, $lists, $listid, $search, $searchmode, $option_itemid, $limitstart, $limit, $total, $myUser, $searchableFields, $searchVals, $tabs, $list_compare_types, $showPaging, $hotlink_protection, $errorMsg, $random );
	}
function orderTabs( $tid, $inc, $option ) {
	global $_CB_database, $_CB_framework;

	$row = new moscomprofilerTabs( $_CB_database );
	$row->load( (int) $tid );

	if ( ! in_array( $row->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) {
		echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) . "'); window.history.go(-1);</script>\n";
		exit;
	}

	$row->move( $inc, "position='$row->position' AND ordering > -10000 AND ordering < 10000 "  );
	cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showTab" ) );
}
	function saveField( $option, $task ) {
		global $_CB_database, $_CB_framework, $_POST, $_PLUGINS;
	
		if ( ( $task == 'showField' ) || ! ( isset( $_POST['oldtabid'] ) && isset( $_POST['tabid'] ) && isset( $_POST['fieldid'] ) ) ) {
			cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=$task" ) );
			return;
		}
	
		$this->_importNeeded();
		$this->_importNeededSave();
	
		$fid					=	(int) $_POST['fieldid'];
	
		$row					=	new moscomprofilerFields( $_CB_database );
	
		if ( $fid ) {
			// load the row from the db table
			if ( ! $row->load( (int) $fid ) ) {
				echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Innexistant field') ) . "'); window.history.go(-1);</script>\n";
				exit;
			}
	
			$fieldTab			=	new moscomprofilerTabs( $_CB_database );
			// load the row from the db table
			$fieldTab->load( (int) $row->tabid );
	
			if ( ! in_array( $fieldTab->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) {
				echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) ."'); window.history.go(-1);</script>\n";
				exit;
			}
		}
	
		$_PLUGINS->loadPluginGroup( 'user' );
	
		if ( ! $this->_prov_bind_CB_field( $row, $fid ) ) {
			echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
			exit();
		}
	
		// in case the above changed perms.... really ?
		$fieldTab				=	new moscomprofilerTabs( $_CB_database );
		$fieldTab->load( (int) $row->tabid );
		if ( ! in_array( $fieldTab->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) {
			echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) . "'); window.history.go(-1);</script>\n";
			exit;
		}
	
		if ($row->type == 'webaddress') {
			$row->rows			=	$_POST['webaddresstypes'];
			if ( !(($row->rows == 0) || ($row->rows == 2)) ) {
				$row->rows = 0;
			}
		}
		if ( $_POST['oldtabid'] != $_POST['tabid'] ) {
			if ( $_POST['oldtabid'] !== '' ) {
				//Re-order old tab
				$sql			=	"UPDATE #__comprofiler_fields SET ordering = ordering-1 WHERE ordering > ".(int) $_POST['ordering']." AND tabid = ".(int) $_POST['oldtabid'];
				$_CB_database->setQuery($sql);
				$_CB_database->query();
			}
			//Select Last Order in New Tab
			$sql				=	"SELECT MAX(ordering) FROM #__comprofiler_fields WHERE tabid=".(int) $_POST['tabid'];
			$_CB_database->SetQuery($sql);
			$max				=	$_CB_database->LoadResult();
			$row->ordering		=	max( $max + 1, 1 );
		}
	
		if ( cbStartOfStringMatch( $row->name, 'cb_' ) ) {
			$row->name			=	str_replace(" ", "", strtolower($row->name));
		}
		if ( ! $row->check() ) {
			echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n";
			exit();
		}
		if ( ! $row->store( (int) $fid ) ) {
			echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n";
			exit();
		}
		$fieldNames				=	$_POST['vNames'];
		$j						=	1;
		if( $row->fieldid > 0 ) {
			$_CB_database->setQuery( "DELETE FROM #__comprofiler_field_values"
				. " WHERE fieldid = " . (int) $row->fieldid );
			if( $_CB_database->query() === false ) {
				echo $_CB_database->getErrorMsg();
			}
		} else {
			$_CB_database->setQuery( "SELECT MAX(fieldid) FROM #__comprofiler_fields");
			$maxID				=	$_CB_database->loadResult();
			$row->fieldid		=	$maxID;
			echo $_CB_database->getErrorMsg();
		}
		//for($i=0, $n=count( $fieldNames ); $i < $n; $i++) {
		foreach ($fieldNames as $fieldName) {
			if(trim($fieldName)!=null || trim($fieldName)!='') {
				$_CB_database->setQuery( "INSERT INTO #__comprofiler_field_values (fieldid,fieldtitle,ordering)"
					. " VALUES( " . (int) $row->fieldid . ",'".cbGetEscaped(trim($fieldName))."', " . (int) $j . ")"
				);
				if ( $_CB_database->query() === false ) {
					echo $_CB_database->getErrorMsg();
				}
				$j++;
			}
	
		}
	
		switch ( $task ) {
			case 'applyField':
				$msg = CBTxt::T('Successfully Saved changes to Field') . ': '. $row->name;
				cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=editField&cid=$row->fieldid" ), $msg );
				break;
			case 'saveField':
			default:
				$msg = CBTxt::T('Successfully Saved Field') . ': '. $row->name;
				cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showField" ), $msg );
				break;
		}
	}
Exemple #5
0
	/**
	 * Saves a new or existing CB+CMS user
	 * WARNINGS:
	 * - You must verify authorization of user to perform this (user checkCBpermissions() )
	 * - You must $this->load() existing user first
	 *
	 * @param  array   $array   Raw unfiltered input, typically $_POST
	 * @param  int     $ui      1 = Front-end (limitted rights), 2 = Backend (almost unlimitted), 0 = automated (full)
	 * @param  string  $reason  'edit' or 'register'
	 * @return boolean
	 */
	function saveSafely( &$array, $ui, $reason ) {
		global $_CB_framework, $_CB_database, $ueConfig, $_PLUGINS;

		// Get current user state and store it into $oldUserComplete:

		$oldUserComplete						=	new moscomprofilerUser( $this->_db );
		foreach ( array_keys( get_object_vars( $this ) ) as $k ) {
			if( substr( $k, 0, 1 ) != '_' ) {		// ignore internal vars
				$oldUserComplete->$k			=	$this->$k;
			}
		}


		// 1) Process and validate the fields in form by CB field plugins:
		// 2) Bind the fields to CMS User:
		$bindResults							=	$this->bindSafely( $array, $ui, $reason, $oldUserComplete );

		if ( $bindResults ) {
			// During bindSafely, in saveTabContents, the validations have already taken place, for mandatory fields.
			if ( ( $this->name == '' ) && ( $this->username == '' ) && ( $this->email != '' ) ) {
				$this->username						=	$this->email;
				$this->_cmsUser->username			=	$this->username;
			}
			// Checks that name is set. If not, uses the username as name, as Mambo/Joola mosUser::store() uses name for ACL
			// and ACL bugs with no name.
			if ( $this->name == '' ) {
				$this->name							=	$this->username;
				$this->_cmsUser->name				=	$this->name;
			} elseif ( $this->username == '' ) {
				$this->username						=	$this->name;
				$this->_cmsUser->username			=	$this->username;
			}

			if ( ! $this->checkSafely() ) {
				$bindResults					=	false;
			}
		}

		// For new registrations or backend user creations, set registration date and password if neeeded:
		$isNew									=	( ! $this->id );
		$newCBuser								=	( $oldUserComplete->user_id == null );

		if ( $isNew ) {
			if ( checkJversion() != 1 ) {
				// J1.5 works better with null here... has bug that it offsets the time by server date, others need this:
				$this->registerDate				=	date('Y-m-d H:i:s', $_CB_framework->now() );
			}
		}

		if ( $bindResults ) {
			if ( $isNew ) {
				if ( $this->password == null ) {
					$this->setRandomPassword();
					$ueConfig['emailpass']		=	1;		// set this global to 1 to force password to be sent to new users.
				}
			}

			// In backend only: if group has been changed and where original group was a Super Admin: check if there is at least a super-admin left:
			if ( $ui == 2 ) {
				$myGid							=	userGID( $_CB_framework->myId() );
				$cms_admin						=	$_CB_framework->acl->mapGroupNamesToValues( 'Administrator' );
				$cms_super_admin				=	$_CB_framework->acl->mapGroupNamesToValues( 'Superadministrator' );
				if ( ! $isNew ) {
					if ( $this->gid != $oldUserComplete->gid ) {
						if ( $oldUserComplete->gid == $cms_super_admin ) {
							// count number of active super admins
							if ( checkJversion() == 2 ) {
								$query			=	'SELECT COUNT( a.id )'
												.	"\n FROM #__users AS a"
												.	"\n INNER JOIN #__user_usergroup_map AS b"
												.	' ON b.user_id = a.id'
												.	"\n WHERE b.group_id = " . (int) $cms_super_admin
												.	"\n AND a.block = 0"
												;
							} else {
								$query			=	'SELECT COUNT( id )'
												.	"\n FROM #__users"
												.	"\n WHERE gid = " . (int) $cms_super_admin
												.	"\n AND block = 0"
												;
							}
							$_CB_database->setQuery( $query );
							$count				=	$_CB_database->loadResult();

							if ( $count <= 1 ) {
								// disallow change if only one Super Admin exists
								$this->_error	=	'You cannot change this users Group as it is the only active Super Administrator for your site';
								return false;
							}
						}

						$user_group				=	strtolower( $_CB_framework->acl->get_group_name( $oldUserComplete->gid, 'ARO' ) );

						if ( ( $user_group == 'super administrator' && $myGid != $cms_super_admin ) ) {
							// disallow change of super-Admin by non-super admin
							$this->_error		=	'You cannot change this users Group as you are not a Super Administrator for your site';
								return false;
						} elseif ( $this->id == $_CB_framework->myId() && $myGid == $cms_super_admin ) {
							// CB-specific: disallow change of own Super Admin group:
							$this->_error		=	'You cannot change your own Super Administrator status for your site';
								return false;
						} else if ( $myGid == $cms_admin && $oldUserComplete->gid == $cms_admin ) {
							// disallow change of super-Admin by non-super admin
							$this->_error		=	'You cannot change the Group of another Administrator as you are not a Super Administrator for your site';
								return false;
						}	// ensure user can't add group higher than themselves done below
					}

				}
				// Security check to avoid creating/editing user to higher level than himself: CB response to artf4529.
				if ( ! in_array( $this->gid, getChildGIDS( $myGid ) ) ) {
						$this->_error				=	'illegal attempt to set user at higher level than allowed !';
						return false;
					}

			}

		}

		if ( $reason == 'edit' ) {
			if ( $ui == 1 ) {
				$_PLUGINS->trigger( 'onBeforeUserUpdate', array( &$this, &$this, &$oldUserComplete, &$oldUserComplete ) );
			} elseif ( $ui == 2 ) {
				if ( $isNew || $newCBuser ) {
					$_PLUGINS->trigger( 'onBeforeNewUser', array( &$this, &$this, false ) );
				} else {
					$_PLUGINS->trigger( 'onBeforeUpdateUser', array( &$this, &$this, &$oldUserComplete ) );
				}
			}
		} elseif ( $reason == 'register' ) {
			$_PLUGINS->trigger( 'onBeforeUserRegistration', array( &$this, &$this ) );
		}
		$beforeResult							=	! $_PLUGINS->is_errors();
		if ( ! $beforeResult ) {
			$this->_error						=	$_PLUGINS->getErrorMSG( false );			// $_PLUGIN collects all error messages, incl. previous ones.
		}

		// Saves tab plugins:

		// on edits, user params and block/email/approved/confirmed are done in cb.core predefined fields.
		// So now calls this and more (CBtabs are already created in $this->bindSafely() ).
		$pluginTabsResult						=	true;
		if ( $reason == 'edit' ) {
			$this->_cbTabs->savePluginTabs( $this, $array );
			$pluginTabsResult					=	! $_PLUGINS->is_errors();
			if ( ! $pluginTabsResult ) {
				$this->_error					=	$_PLUGINS->getErrorMSG( false );			// $_PLUGIN collects all error messages, incl. previous ones.
			}
		}

		if ( $bindResults && $beforeResult && $pluginTabsResult ) {
			// Hashes password for CMS storage:

			$clearTextPassword					=	$this->password;
			if ( $clearTextPassword ) {
				$hashedPassword					=	$this->hashAndSaltPassword( $clearTextPassword );
				$this->password					=	$hashedPassword;
			}

			// Stores user if it's a new user:

			if ( $isNew ) {
				if ( ! $this->store() ) {
					return false;
				}
			}

			// Restores cleartext password for the saveRegistrationPluginTabs:

			$this->password						=	$clearTextPassword;
		}

		if ( $reason == 'register' ) {
			if ( $bindResults && $beforeResult && $pluginTabsResult ) {
				// Sets the instance of user, to avoid reload from database, and loss of the cleartext password.
				CBuser::setUserGetCBUserInstance( $this );
			}
			// call here since we got to have a user id:
			$registerResults					=	array();
			$registerResults['tabs']			=	$this->_cbTabs->saveRegistrationPluginTabs( $this, $array );
			if ( $_PLUGINS->is_errors() ) {

				if ( $bindResults && $beforeResult && $pluginTabsResult ) {
					$plugins_error				=	$_PLUGINS->getErrorMSG( false );			// $_PLUGIN collects all error messages, incl. previous ones.
					if ( $isNew ) {
						// if it was a new user, and plugin gave error, revert the creation:
						$this->delete();
					}
					$this->_error				=	$plugins_error;
				} else {
					$this->_error				=	$_PLUGINS->getErrorMSG( false );			// $_PLUGIN collects all error messages, incl. previous ones.
				}
				$pluginTabsResult				=	false;
			}
		}

		if ( ! ( $bindResults && $beforeResult && $pluginTabsResult ) ) {
			// Normal error exit point:
			$_PLUGINS->trigger( 'onSaveUserError', array( &$this, $this->_error, $reason ) );
			if ( is_array( $this->_error ) ) {
				$this->_error						=	implode( '<br />', $this->_error );
			}
			return false;
		}

		// Stores the user (again if it's a new as the plugins might have changed the user record):
		if ( $clearTextPassword ) {
			$this->password						=	$hashedPassword;
		}
		if ( ! $this->store() ) {
			return false;
		}

		// Restores cleartext password for the onAfter and activation events:

		$this->password							=	$clearTextPassword;

		// Triggers onAfter and activateUser events:

		if ( $reason == 'edit' ) {
			if ( $ui == 1 ) {
				$_PLUGINS->trigger( 'onAfterUserUpdate', array( &$this, &$this, $oldUserComplete ) );
			} elseif ( $ui == 2 ) {
				if ( $isNew || $newCBuser ) {
					if ( $isNew ) {
						$ueConfig['emailpass']	=	1;		// set this global to 1 to force password to be sent to new users.
					}
					$_PLUGINS->trigger( 'onAfterNewUser', array( &$this, &$this, false, true ) );
					if ( $this->block == 0 && $this->approved == 1 && $this->confirmed ) {
						activateUser( $this, 2, 'NewUser', false, $isNew );
					}
				} else {
					if ( ( ! ( ( $oldUserComplete->approved == 1 || $oldUserComplete->approved == 2 ) && $oldUserComplete->confirmed ) )
						 && ($this->approved == 1 && $this->confirmed ) )
					{
						// first time a just registered and confirmed user got approved in backend through save user:
						if( isset( $ueConfig['emailpass'] ) && ( $ueConfig['emailpass'] == "1" ) && ( $this->password == '' ) ) {
							// generate the password is auto-generated and not set by the admin at this occasion:
							$this->setRandomPassword();
							$pwd			=	$this->hashAndSaltPassword( $this->password );
							$_CB_database->setQuery( "UPDATE #__users SET password="******" WHERE id = " . (int) $this->id );
			    			$_CB_database->query();
						}
					}
					$_PLUGINS->trigger( 'onAfterUpdateUser', array( &$this, &$this, $oldUserComplete ) );
					if ( ( ! ( ( $oldUserComplete->approved == 1 || $oldUserComplete->approved == 2 ) && $oldUserComplete->confirmed ) )
						 && ($this->approved == 1 && $this->confirmed ) )
					{
						// first time a just registered and confirmed user got approved in backend through save user:
						activateUser( $this, 2, 'UpdateUser', false );
					}

				}
			}
		} elseif ( $reason == 'register' ) {
			$registerResults['after']			=	$_PLUGINS->trigger( 'onAfterUserRegistration', array( &$this, &$this, true ) );
			$registerResults['ok']				=	true;
			return $registerResults;
		}
		return true;
	}
	function _getTabFieldsDb( $tabid, &$user, $reason, $fieldIdOrName = null, $prefetchFields = true ) {
		static $prefetched		=	null;
		static $fieldsByName	=	null;

		if ( ( ! $prefetchFields ) || ( $prefetched === null ) ) {

			global $_CB_framework, $_CB_database, $ueConfig;

			$where				=	array();
			$ordering			=	array();

			if ( $fieldIdOrName && ! $prefetchFields ) {
				if ( is_int( $fieldIdOrName ) ) {
					$where[]	=	'f.fieldid = ' . (int) $fieldIdOrName;
				} else {
					$where[]	=	'f.name = ' . $_CB_database->Quote( $fieldIdOrName );
				}
			}
			if ( ( $reason == 'list' ) && ( in_array( $ueConfig['name_format'], array( 1, 2, 4 ) ) ) ) {
				$where[]		=	"( f.published = 1 OR f.name = 'name' )";
			} elseif ( $reason != 'adminfulllist' ) {
				$where[]		=	'f.published = 1';
			}
			switch ( $reason ) {
				case 'profile':
					$where[]	=	'f.profile != 0';
					break;
				case 'list':
					$where[]	=	"( f.profile != 0 OR f.name = 'username'" . ( in_array( $ueConfig['name_format'], array( 1, 2, 4 ) ) ? " OR f.name = 'name'" : '' ) . ')';
					break;
				case 'register':
					$where[]	=	'f.registration = 1';
					break;
				case 'adminfulllist':
				default:
					break;
			}

			if ( $tabid && ! $prefetchFields ) {
				$where[]		=	'f.tabid = ' . (int) $tabid;
			} else {
				if ( $reason != 'adminfulllist' ) {
					$where[]	=	't.enabled = 1';
				}
				if ( $reason != 'register' ) {
					$where[]	=	't.useraccessgroupid IN (' . implode(',',getChildGIDS(userGID( $_CB_framework->myId() ))) . ')';
				}
			}
			if ( ( ( $reason == 'profile' ) || ( $reason == 'list' ) ) && ( $ueConfig['allow_email_display'] == 0 ) && ( $reason != 'adminfulllist' ) ) {
				$where[]		=	'f.type != ' . $_CB_database->Quote( 'emailaddress' );
			}

			if ( ( ! $tabid ) || $prefetchFields ) {
				if ( $reason == 'register' ) {
					$ordering[]	=	't.ordering_register';
				}
				$ordering[]		=	't.position';
				$ordering[]		=	't.ordering';
			}
			$ordering[]			=	'f.ordering';

			$sql				=	'SELECT f.*';
			if ( $reason == 'register' ) {
				$sql			.=	', t.ordering_register AS tab_ordering_register, t.position AS tab_position, t.ordering AS tab_ordering';
			}
			$sql				.=	' FROM #__comprofiler_fields f';
			if ( ( ! $tabid ) || $prefetchFields ) {
				// don't get fields which are not assigned to tabs:
				$sql			.=	"\n INNER JOIN #__comprofiler_tabs AS t ON (f.tabid = t.tabid)";
			}
			$sql				.=	"\n WHERE " . implode( ' AND ', $where )
								.	"\n ORDER BY " . implode( ', ', $ordering );
								;
			$_CB_database->setQuery( $sql );
			if ( $prefetchFields ) {
				$fieldsByName	=	$_CB_database->loadObjectList( 'name', 'moscomprofilerFields', array( &$_CB_database ) );
				if ( ! $_CB_database->getErrorNum() ) {
					foreach ( array_keys( $fieldsByName ) as $i ) {
						$fieldsByName[$i]->params								=	new cbParamsBase( $fieldsByName[$i]->params );
						$prefetched[(int) $fieldsByName[$i]->tabid][$fieldsByName[$i]->fieldid]	=	$fieldsByName[$i];
					}
				}
			} else {
				$fields			=	$_CB_database->loadObjectList( null, 'moscomprofilerFields', array( &$_CB_database ) );
				if ( ! $_CB_database->getErrorNum() ) {
					for ( $i = 0, $n = count( $fields ); $i < $n; $i++ ) {
						$fields[$i]->params										=	new cbParamsBase( $fields[$i]->params );
					}
				}
			}
		}
		if ( $prefetched !== null ) {
			if ( $tabid ) {
				if (isset( $prefetched[(int) $tabid] ) ) {
					$fields		=	$prefetched[(int) $tabid];
				} else {
					$fields		=	array();
				}
			} elseif ( $fieldIdOrName ) {
				if ( is_int( $fieldIdOrName ) ) {
					$fields		=	array();
					foreach ( array_keys( $prefetched ) as $k ) {
						if ( isset( $prefetched[$k][$fieldIdOrName] ) ) {
							$fields[]	=	$prefetched[$k][$fieldIdOrName];
							break;
						}
					}
				} elseif (isset( $fieldsByName[$fieldIdOrName] ) ) {
					$fields		=	array( $fieldsByName[$fieldIdOrName] );
				} else {
					$fields		=	array();
				}
			} else {
				$fields			=	array();
				foreach ( $prefetched as /* $tid => */ $flds ) {
				//	$fields		=	array_merge( $fields, $flds );
					foreach ( $flds as $fl ) {
						$fields[$fl->fieldid]	=	$fl;
					}
				}
			}
		}

		// THIS is VERY experimental, and not yet part of CB API !!! :
		global $_PLUGINS;
		$_PLUGINS->loadPluginGroup( 'user' );
		$_PLUGINS->trigger( 'onAfterFieldsFetch', array( &$fields, &$user, $reason, $tabid, $fieldIdOrName ) );

		return $fields;
	}