function tabClass($option, $task, $uid)
{
global $_CB_framework, $_PLUGINS, $_REQUEST, $_POST;
$user =& loadComprofilerUser($uid);
$cbUser =& CBuser::getInstance($user === null ? null : $user->id);
$unsecureChars = array('/', '\\', ':', ';', '{', '}', '(', ')', "\"", "'", '.', ',', "", ' ', "\t", "\n", "\r", "\v");
$appendClass = false;
if ($task == 'fieldclass') {
$reason = cbGetParam($_REQUEST, 'reason');
if ($user && $user->id) {
$_PLUGINS->loadPluginGroup('user');
if ($reason === 'edit') {
$msg = cbCheckIfUserCanPerformUserTask($user->id, 'allowModeratorsUserEdit');
if ($uid != $_CB_framework->myId() && $msg === null) {
// safeguard against missconfiguration of the above: also avoids lower-level users editing higher level ones:
$msg = checkCBpermissions(array((int) $user->id), 'edit', true);
}
$_PLUGINS->trigger('onBeforeUserProfileEditRequest', array($user->id, &$msg, 1));
} elseif ($reason === 'profile' || $reason === 'list') {
if (CBuser::getMyInstance()->authoriseView('profile', $user->id)) {
$msg = null;
} else {
$msg = CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!');
}
$_PLUGINS->trigger('onBeforeUserProfileAccess', array($user->id, &$msg, 1));
} else {
$msg = CBTxt::Th('UE_NO_INDICATION', 'No indication');
}
if ($msg) {
echo $msg;
return;
}
} elseif ($reason == 'register') {
if ($_CB_framework->myId() != 0) {
echo CBTxt::Th('UE_ALREADY_LOGGED_IN', 'You are already logged in');
return;
}
} else {
$msg = CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!');
echo $msg;
return;
}
$fieldName = trim(substr(str_replace($unsecureChars, '', urldecode(stripslashes(cbGetParam($_REQUEST, "field")))), 0, 50));
if (!$fieldName) {
echo 'no field';
return;
}
$pluginName = null;
$tabClassName = null;
$method = null;
} elseif ($task == 'tabclass') {
$tabClassName = urldecode(stripslashes(cbGetParam($_REQUEST, "tab")));
if (!$tabClassName) {
return;
}
$pluginName = null;
$tabClassName = substr(str_replace($unsecureChars, '', $tabClassName), 0, 32);
$method = 'getTabComponent';
$fieldName = null;
$reason = null;
} elseif ($task == 'pluginclass') {
$pluginName = urldecode(stripslashes(cbGetParam($_REQUEST, "plugin")));
if (!$pluginName) {
return;
}
$tabClassName = 'CBplug_' . strtolower(substr(str_replace($unsecureChars, '', $pluginName), 0, 32));
$method = 'getCBpluginComponent';
$appendClass = cbGetParam($_REQUEST, 'format') != 'raw' && cbGetParam($_REQUEST, 'format') != 'rawraw' ? true : false;
$fieldName = null;
$reason = null;
} else {
throw new LogicException('Unexpected task for CB tabClass');
}
$tabs = $cbUser->_getCbTabs(false);
if ($task == 'fieldclass') {
ob_start();
$results = $tabs->fieldCall($fieldName, $user, $_POST, $reason);
$result = ob_get_contents() . $results;
ob_end_clean();
} else {
ob_start();
$results = $tabs->tabClassPluginTabs($user, $_POST, $pluginName, $tabClassName, $method);
$result = ob_get_contents() . $results;
ob_end_clean();
}
if ($result === false) {
if ($_PLUGINS->is_errors()) {
echo "<script type=\"text/javascript\">alert(\"" . $_PLUGINS->getErrorMSG() . "\"); </script>\n";
}
} elseif ($result !== null) {
if ($appendClass) {
$pageClass = $_CB_framework->getMenuPageClass();
echo '<div class="cb_template cb_template_' . selectTemplate('dir') . ($pageClass ? ' ' . htmlspecialchars($pageClass) : null) . '">' . $result . '</div>';
$_CB_framework->setMenuMeta();
} else {
echo $result;
}
}
}
function tabClass( $option, $task, $uid ) {
global $_CB_framework, $_PLUGINS, $ueConfig, $_REQUEST, $_POST;
$user =& loadComprofilerUser( $uid );
$cbUser =& CBuser::getInstance( ( $user === null ? null : $user->id ) );
$unsecureChars = array( '/', '\\', ':', ';', '{', '}', '(', ')', "\"", "'", '.', ',', "\0", ' ', "\t", "\n", "\r", "\x0B" );
if ( $task == 'fieldclass' ) {
$reason = cbGetParam( $_REQUEST, 'reason' );
if ( $user && $user->id ) {
if ( $reason === 'edit' ) {
$msg = cbCheckIfUserCanPerformUserTask( $user->id, 'allowModeratorsUserEdit' );
if ( ( $uid != $_CB_framework->myId() ) && ( $msg === null ) ) {
// safeguard against missconfiguration of the above: also avoids lower-level users editing higher level ones:
$msg = checkCBpermissions( array( (int) $user->id ), 'edit', true );
}
} elseif ( ( $reason === 'profile' ) || ( $reason === 'list' ) ) {
if ( allowAccess( $ueConfig['allow_profileviewbyGID'], 'RECURSE', userGID( $_CB_framework->myId() ) ) ) {
$msg = null;
} else {
$msg = _UE_NOT_AUTHORIZED;
}
} else {
$msg = _UE_NO_INDICATION;
}
if ( $msg ) {
echo $msg;
return;
}
} elseif ( $reason == 'register' ) {
if ( $_CB_framework->myId() != 0 ) {
echo _UE_ALREADY_LOGGED_IN;
return;
}
} else {
/*
if ( ( ! ( ( ( $_CB_framework->getCfg( 'allowUserRegistration' ) == '0' )
&& ( ( ! isset($ueConfig['reg_admin_allowcbregistration']) ) || $ueConfig['reg_admin_allowcbregistration'] != '1' ) )
)
)
&&
allowAccess( $ueConfig['allow_profileviewbyGID'], 'RECURSE', $_CB_framework->acl->get_group_id('Registered','ARO') )
) {
$msg = _UE_REGISTERFORPROFILEVIEW;
echo $msg;
return;
} else {
$msg = _UE_NOT_AUTHORIZED;
echo $msg;
return;
}
*/
$msg = _UE_NOT_AUTHORIZED;
echo $msg;
return;
}
$fieldName = trim( substr( str_replace( $unsecureChars, '', urldecode( stripslashes( cbGetParam( $_REQUEST, "field" ) ) ) ), 0, 50 ) );
if ( ! $fieldName ) {
echo 'no field';
return;
}
} elseif ( $task == 'tabclass' ) {
$tabClassName = urldecode( stripslashes( cbGetParam( $_REQUEST, "tab" ) ) );
if ( ! $tabClassName ) {
return;
}
$pluginName = null;
$tabClassName = substr( str_replace( $unsecureChars, '', $tabClassName ), 0, 32 );
$method = 'getTabComponent';
} elseif ( $task == 'pluginclass' ) {
$pluginName = urldecode( stripslashes( cbGetParam( $_REQUEST, "plugin" ) ) );
if ( ! $pluginName ) {
return;
}
$tabClassName = 'CBplug_' . strtolower( substr( str_replace( $unsecureChars, '', $pluginName ), 0, 32 ) );
$method = 'getCBpluginComponent';
}
$tabs = $cbUser->_getCbTabs( false );
if ( $task == 'fieldclass' ) {
$result = $tabs->fieldCall( $fieldName, $user, $_POST, $reason );
} else {
$result = $tabs->tabClassPluginTabs( $user, $_POST, $pluginName, $tabClassName, $method );
}
if ( $result === false ) {
if( $_PLUGINS->is_errors() ) {
echo "<script type=\"text/javascript\">alert(\"" . $_PLUGINS->getErrorMSG() . "\"); </script>\n";
}
} elseif ( $result !== null ) {
echo $result;
}
}
/**
* @param int $uid
* @param string $msg
*/
public function getProfile( $uid, &$msg )
{
if ( ( ! Application::Cms()->getClientId() ) && ( ! cbprivacyClass::checkUserModerator() ) ) {
$user = loadComprofilerUser( $uid );
if ( $user && ( Application::MyUser()->getUserId() != $user->get( 'id' ) ) && ( ! cbprivacyClass::checkProfileDisplayAccess( $user ) ) ) {
$msg = CBTxt::Th( 'UE_NOT_AUTHORIZED', 'You are not authorized to view this page!' );
}
}
}
