/** * gets Itemid of CB profile, or by default of homepage * (If possible, use $_CB_framework->userProfiler...Url and ->viewUrl from CB 1.2.3 on) * * @param boolean $htmlspecialchars TRUE if should return "&:Itemid...." instead of "&Itemid..." (with FALSE as default), === 0 if return only int * @param string $task task/view e.g. 'userslist' (since CB 1.2.3) * @return string "&Itemid=xxx" */ function getCBprofileItemid($htmlspecialchars = false, $task = 'userprofile') { global $_CB_database, $_CB_framework; static $cacheItemids = array(); if (!isset($cacheItemids[$task])) { if (class_exists('moscomprofilerUser', false)) { $viewLevels = CBuser::getMyInstance()->getAuthorisedViewLevelsIds(checkJversion() >= 2 ? false : true); } else { // Compute View Level using CMS without loading cb.table and cb.database if they are not already loaded (e.g. when using this function in modules): if (checkJversion() >= 2) { $viewLevels = JUser::getInstance()->getAuthorisedViewLevels(); } else { $viewLevels = range(0, $_CB_framework->myCmsGid()); } } $cleanedANDpubAccess = ' AND published = 1 AND access IN (' . implode(',', cbArrayToInts($viewLevels)) . ')'; if (checkJversion() >= 2) { $cleanedANDpubAccess .= ' AND ' . $_CB_database->NameQuote('language') . ' IN ( ' . $_CB_database->Quote($_CB_framework->getCfg('lang_tag')) . ', ' . $_CB_database->Quote('*') . ', ' . $_CB_database->Quote('') . ' )'; } if ($task !== 'userprofile' && is_string($task)) { $_CB_database->setQuery('SELECT id FROM #__menu WHERE link LIKE ' . $_CB_database->Quote('index.php?option=com_comprofiler&task=' . $_CB_database->getEscaped($task, true) . '%', false) . $cleanedANDpubAccess); $Itemid = (int) $_CB_database->loadResult(); } else { $Itemid = null; } if ($task === 'userprofile' || !$Itemid && !in_array($task, array('login', 'logout', 'registers', 'lostpassword'))) { // $task used to be a boolean before CB 1.2.3 but with no effect: $task = 'userprofile'; $_CB_database->setQuery("SELECT id FROM #__menu WHERE link = 'index.php?option=com_comprofiler'" . $cleanedANDpubAccess); $Itemid = (int) $_CB_database->loadResult(); if (!$Itemid) { // if no user profile, try getting itemid of the default list: $_CB_database->setQuery("SELECT id FROM #__menu WHERE link = 'index.php?option=com_comprofiler&task=usersList'" . $cleanedANDpubAccess); $Itemid = (int) $_CB_database->loadResult(); } } $cacheItemids[$task] = $Itemid; } if ($cacheItemids[$task]) { if (is_bool($htmlspecialchars)) { return ($htmlspecialchars ? "&" : "&") . "Itemid=" . $cacheItemids[$task]; } else { return $cacheItemids[$task]; } } else { return null; } }
function getDisplayTab($tab, $user, $ui) { global $_CB_framework, $_CB_database, $mainframe; $jVer = checkJversion(); $showHits = $_CB_framework->getCfg('hits'); $showRating = $_CB_framework->getCfg('vote'); $return = ''; if ($jVer >= 2) { $curTz = date_default_timezone_get(); date_default_timezone_set('UTC'); $now = date('Y-m-d H:i:s'); date_default_timezone_set($curTz); } else { $now = date('Y-m-d H:i:s', $_CB_framework->now() + $_CB_framework->getCfg('offset') * 60 * 60); } $query = "SELECT a.id, a.catid, a.title, a.hits,a.created, ROUND( r.rating_sum / r.rating_count ) AS rating,r.rating_count"; if ($jVer >= 1) { $query .= ', CASE WHEN CHAR_LENGTH(a.alias) THEN CONCAT_WS(\':\', a.id, a.alias) ELSE a.id END as slug,' . ' CASE WHEN CHAR_LENGTH(cc.alias) THEN CONCAT_WS(":", cc.id, cc.alias) ELSE cc.id END as catslug'; } $query .= "\n FROM #__content AS a" . "\n LEFT JOIN #__content_rating AS r ON r.content_id=a.id"; if ($jVer < 2) { $query .= "\n INNER JOIN #__sections AS s ON s.id=a.sectionid AND s.title != 'Mamblog'"; } if ($jVer >= 1) { $query .= "\n LEFT JOIN #__categories AS cc ON cc.id = a.catid"; } $query .= "\n WHERE a.created_by=" . (int) $user->id . "" . "\n AND a.state = 1 " . "\n AND (publish_up = '0000-00-00 00:00:00' OR publish_up <= '{$now}')" . "\n AND (publish_down = '0000-00-00 00:00:00' OR publish_down >= '{$now}')" . "\n AND a.access IN (" . implode(',', CBuser::getMyInstance()->getAuthorisedViewLevelsIds($jVer >= 2 ? false : true)) . ')' . "\n ORDER BY a.created DESC"; $_CB_database->setQuery($query); //print $_CB_database->getQuery(); $items = $_CB_database->loadObjectList(); if (!count($items) > 0) { $return .= "<br /><br /><div class=\"cbNoArticles\" style=\"width:95%;\">"; $return .= _UE_NOARTICLES; $return .= "</div>"; return $return; } $return .= $this->_writeTabDescription($tab, $user); $return .= "<table cellpadding=\"5\" cellspacing=\"0\" border=\"0\" width=\"95%\">"; $return .= "<tr class=\"sectiontableheader\">"; $return .= "<th>" . _UE_ARTICLEDATE . "</th>"; $return .= "<th>" . _UE_ARTICLETITLE . "</th>"; if ($showHits) { $return .= "<th>" . _UE_ARTICLEHITS . "</th>"; } if ($showRating) { $return .= "<th>" . _UE_ARTICLERATING . "</th>"; } $return .= "</tr>"; $i = 1; $hits = ""; $rating = ""; foreach ($items as $item) { if (isset($mainframe) && is_callable(array($mainframe, "getItemid"))) { $itemid = $mainframe->getItemid($item->id); } elseif (is_callable("JApplicationHelper::getItemid")) { $itemid = JApplicationHelper::getItemid($item->id); } else { $itemid = null; } $itemidtxt = $itemid ? "&Itemid=" . (int) $itemid : ""; $i = $i == 1 ? 2 : 1; if (is_callable(array("mosAdminMenus", "ImageCheck"))) { $starImageOn = mosAdminMenus::ImageCheck('rating_star.png', '/images/M_images/'); $starImageOff = mosAdminMenus::ImageCheck('rating_star_blank.png', '/images/M_images/'); } else { // Mambo 4.5.0: $starImageOn = '<img src="' . $_CB_framework->getCfg('live_site') . '/images/M_images/rating_star.png" alt="" align="middle" style="border:0px;" />'; $starImageOff = '<img src="' . $_CB_framework->getCfg('live_site') . '/images/M_images/rating_star_blank.png" alt="" align="middle" style="border:0px;" />'; } $img = ""; if ($showRating) { for ($j = 0; $j < $item->rating; $j++) { $img .= $starImageOn; } for ($j = $item->rating; $j < 5; $j++) { $img .= $starImageOff; } $rating = '<td><span class="content_rating">'; $rating .= $img . ' / '; $rating .= intval($item->rating_count); $rating .= "</span></td>\n"; } if ($showHits) { $hits = "<td>" . $item->hits . "</td>"; } if ($jVer == 2) { require_once $_CB_framework->getCfg('absolute_path') . '/components/com_content/helpers/route.php'; $url = ContentHelperRoute::getArticleRoute($item->id, $item->catid); if (!stristr($url, 'Itemid')) { $url = $_CB_framework->getCfg('live_site') . '/' . $url; } else { $url = cbSef($url); } } elseif ($jVer == 1) { $url = cbSef('index.php?option=com_content&view=article&id=' . $item->slug . '&catid=' . $item->catslug . $itemidtxt); } else { $url = cbSef('index.php?option=com_content&task=view&id=' . (int) $item->id . $itemidtxt); } $return .= "<tr class=\"sectiontableentry{$i}\"><td>" . cbFormatDate($item->created) . "</td><td><a href=\"" . $url . "\">" . $item->title . "</a></td>" . $hits . $rating . "</tr>\n"; } $return .= "</table>"; return $return; }
/** * Prepares field data for saving to database (safe transfer from $postdata to $user) * Override * * @param moscomprofilerFields $field * @param moscomprofilerUser $user RETURNED populated: touch only variables related to saving this field (also when not validating for showing re-edit) * @param array $postdata Typically $_POST (but not necessarily), filtering required. * @param string $reason 'edit' for save profile edit, 'register' for registration, 'search' for searches */ function prepareFieldDataSave(&$field, &$user, &$postdata, $reason) { $this->_prepareFieldMetaSave($field, $user, $postdata, $reason); global $_CB_framework, $ueConfig; // Nb. frontend registration setting of usertype, gid, block, sendEmail, confirmed, approved // are handled in moscomprofilerUser::bindSafely() so they are available to other plugins. // this is (for now) handled in the core of CB... except params and block/email/approved/confirmed: if ($_CB_framework->getUi() == 2) { $canBlockUser = CBuser::getMyInstance()->authoriseAction('core.edit.state', 'com_users'); if ($canBlockUser) { if (checkJversion() == 2) { $user->gids = cbGetParam($postdata, 'gid', array(0)); $user->gid = (int) $_CB_framework->acl->getBackwardsCompatibleGid($user->gids); } else { $user->gid = cbGetParam($postdata, 'gid', 0); $user->gids = array($user->gid); } if (isset($postdata['block'])) { $user->block = cbGetParam($postdata, 'block', 0); } if (isset($postdata['approved'])) { $user->approved = cbGetParam($postdata, 'approved', 0); } if (isset($postdata['confirmed'])) { $user->confirmed = cbGetParam($postdata, 'confirmed', 0); } if (isset($postdata['sendEmail'])) { $user->sendEmail = cbGetParam($postdata, 'sendEmail', 0); } } } if ($_CB_framework->getUi() == 2 || (isset($ueConfig['frontend_userparams']) ? $ueConfig['frontend_userparams'] == 1 : in_array($_CB_framework->getCfg("frontend_userparams"), array('1', null)))) { // save user params $params = cbGetParam($_POST, 'params', null); //TBD: verify if stripslashes is needed here: it might be needed...leaving as is for now. if ($params != null) { if (is_array($params)) { if (checkJversion() == 2) { $registry = new JRegistry($params); $value = $registry->toArray(); $valueString = $registry->toString(); } else { $txt = array(); foreach ($params as $k => $v) { $txt[] = $k . '=' . $v; } $value = implode("\n", $txt); $valueString = $value; } if ((string) $user->params !== (string) $valueString) { $this->_logFieldUpdate($field, $user, $reason, $user->params, $value); } $user->params = $value; } } } else { if (checkJversion() == 2) { // Joomla 2.5 has a bug, where an untouched $user->params string is not saved correctly: So let's workaround this here: if ($user->id) { $juser = JUser::getInstance($user->id); } else { $juser = JUser::getInstance(); } $user->params = $juser->getParameters(true)->toArray(); } } }
/** * Saves a new or existing CB+CMS user * WARNINGS: * - You must verify authorization of user to perform this (user checkCBpermissions() ) * - You must $this->load() existing user first * * @param array $array Raw unfiltered input, typically $_POST * @param int $ui 1 = Front-end (limitted rights), 2 = Backend (almost unlimitted), 0 = automated (full) * @param string $reason 'edit' or 'register' * @return boolean */ function saveSafely(&$array, $ui, $reason) { global $_CB_framework, $_CB_database, $ueConfig, $_PLUGINS; // Get current user state and store it into $oldUserComplete: $oldUserComplete = new moscomprofilerUser($this->_db); foreach (array_keys(get_object_vars($this)) as $k) { if (substr($k, 0, 1) != '_') { // ignore internal vars $oldUserComplete->{$k} = $this->{$k}; } } if ($oldUserComplete->gids === null) { $oldUserComplete->gids = array(); } // 1) Process and validate the fields in form by CB field plugins: // 2) Bind the fields to CMS User: $bindResults = $this->bindSafely($array, $ui, $reason, $oldUserComplete); if ($bindResults) { // During bindSafely, in saveTabContents, the validations have already taken place, for mandatory fields. if ($this->name == '' && $this->username == '' && $this->email != '') { $this->username = $this->email; $this->_cmsUser->username = $this->username; } // Checks that name is set. If not, uses the username as name, as Mambo/Joola mosUser::store() uses name for ACL // and ACL bugs with no name. if ($this->name == '') { $this->name = $this->username; $this->_cmsUser->name = $this->name; } elseif ($this->username == '') { $this->username = $this->name; $this->_cmsUser->username = $this->username; } if (!$this->checkSafely()) { $bindResults = false; } } // For new registrations or backend user creations, set registration date and password if neeeded: $isNew = !$this->id; $newCBuser = $oldUserComplete->user_id == null; if ($isNew) { if (checkJversion() != 1) { // J1.5 works better with null here... has bug that it offsets the time by server date, others need this: $this->registerDate = $_CB_framework->dateDbOfNow(); } } if ($bindResults) { if ($isNew) { if ($this->password == null) { $this->setRandomPassword(); $ueConfig['emailpass'] = 1; // set this global to 1 to force password to be sent to new users. } } // In backend only: if group has been changed and where original group was a Super Admin: check if there is at least a super-admin left: if ($ui == 2) { $myGids = $_CB_framework->acl->get_groups_below_me(null, true); $cms_admin = $_CB_framework->acl->mapGroupNamesToValues('Administrator'); $cms_super_admin = $_CB_framework->acl->mapGroupNamesToValues('Superadministrator'); $i_am_super_admin = $_CB_framework->acl->amIaSuperAdmin(); $i_am_admin = in_array($cms_admin, $myGids); if (!$isNew) { if (checkJversion() == 2) { if ($i_am_super_admin && $_CB_framework->myId() == $this->id) { // Check that a fool Super User does not block himself: if ($this->block && !$oldUserComplete->block) { $this->_error = 'Super Users can not block themselves'; return false; } // Check that a fool Super User does not demote himself from Super-User rights: if ($this->gids != $oldUserComplete->gids) { $staysSuperUser = $_CB_framework->acl->authorizeGroupsForAction($this->gids, 'core.admin', null); if (!$staysSuperUser) { $this->_error = 'You cannot demote yourself from your Super User permission'; return false; } } } // Check that a non-Super User/non-admin does not demote an admin or a Super user: if ($this->gids != $oldUserComplete->gids) { if (!$i_am_super_admin && !(CBuser::getMyInstance()->authoriseAction('core.admin') || CBuser::getMyInstance()->authoriseAction('core.manage', 'com_users') && CBuser::getMyInstance()->authoriseAction('core.edit', 'com_users') && CBuser::getMyInstance()->authoriseAction('core.edit.state', 'com_users'))) { // I am not a Super User and not an Users administrator: $userIsSuperUser = JUser::getInstance($this->id)->authorise('core.admin'); // User is super-user: Check if he stays so: if ($userIsSuperUser) { $staysSuperUser = $_CB_framework->acl->authorizeGroupsForAction($this->gids, 'core.admin', null); if (!$staysSuperUser) { $this->_error = 'You cannot remove a Super User permission. Only Super Users can do that.'; return false; } } $userCanAdminUsers = (CBuser::getInstance($this->id)->authoriseAction('core.manage', 'com_users') || CBuser::getInstance($this->id)->authoriseAction('core.manage')) && CBuser::getInstance($this->id)->authoriseAction('core.edit', 'com_users') && CBuser::getInstance($this->id)->authoriseAction('core.edit.state', 'com_users'); // User is users-administrator: check if he can stay so: if ($userCanAdminUsers) { $staysUserAdmin = ($_CB_framework->acl->authorizeGroupsForAction($this->gids, 'core.manage', 'com_users') || $_CB_framework->acl->authorizeGroupsForAction($this->gids, 'core.manage')) && $_CB_framework->acl->authorizeGroupsForAction($this->gids, 'core.edit', 'com_users') && $_CB_framework->acl->authorizeGroupsForAction($this->gids, 'core.edit.state', 'com_users'); if (!$staysUserAdmin) { $this->_error = 'An users manager cannot be demoted by a non-administrator'; return false; } } } } } else { if ($this->gid != $oldUserComplete->gid) { if ($oldUserComplete->gid == $cms_super_admin) { // count number of active super admins $query = 'SELECT COUNT( id )' . "\n FROM #__users" . "\n WHERE gid = " . (int) $cms_super_admin . "\n AND block = 0"; $_CB_database->setQuery($query); $count = $_CB_database->loadResult(); if ($count <= 1) { // disallow change if only one Super Admin exists $this->_error = 'You cannot change this users Group as it is the only active Super Administrator for your site'; return false; } } $user_group = strtolower($_CB_framework->acl->get_group_name($oldUserComplete->gid, 'ARO')); if ($user_group == 'super administrator' && !$i_am_super_admin) { // disallow change of super-Admin by non-super admin $this->_error = 'You cannot change this users Group as you are not a Super Administrator for your site'; return false; } elseif ($this->id == $_CB_framework->myId() && $i_am_super_admin) { // CB-specific: disallow change of own Super Admin group: $this->_error = 'You cannot change your own Super Administrator status for your site'; return false; } else { if (!$i_am_super_admin && $i_am_admin && $oldUserComplete->gid == $cms_admin) { // disallow change of super-Admin by non-super admin $this->_error = 'You cannot change the Group of another Administrator as you are not a Super Administrator for your site'; return false; } elseif (in_array($oldUserComplete->gid, $myGids) && !in_array($this->gid, $myGids)) { // disallow change of group of user into a group that is not child of admin/superadmin: $this->_error = 'You cannot change the Group of this user to a group that is not child of Registered or Manager as otherwise that user cannot login. If you really need to do that, you can do it in Joomla User Manager.'; return false; } } } // ensure user can't add group higher than themselves done below } } // Security check to avoid creating/editing user to higher level than himself: CB response to artf4529. if (!$i_am_super_admin && $this->gids != $oldUserComplete->gids) { // Does user try to edit a user that has higher groups ? if (count(array_diff($this->gids, $myGids)) != 0) { $this->_error = 'Unauthorized attempt to change an user at higher level than allowed !'; return false; } // Does the user try to demote higher levels ? if (array_diff($this->gids, $myGids) != array_diff($oldUserComplete->gids, $myGids)) { $this->_error = 'Unauthorized attempt to change higher groups of an user than allowed !'; return false; } } } } if ($reason == 'edit') { if ($ui == 1) { $_PLUGINS->trigger('onBeforeUserUpdate', array(&$this, &$this, &$oldUserComplete, &$oldUserComplete)); } elseif ($ui == 2) { if ($isNew || $newCBuser) { $_PLUGINS->trigger('onBeforeNewUser', array(&$this, &$this, false)); } else { $_PLUGINS->trigger('onBeforeUpdateUser', array(&$this, &$this, &$oldUserComplete)); } } } elseif ($reason == 'register') { $_PLUGINS->trigger('onBeforeUserRegistration', array(&$this, &$this)); } $beforeResult = !$_PLUGINS->is_errors(); if (!$beforeResult) { $this->_error = $_PLUGINS->getErrorMSG(false); // $_PLUGIN collects all error messages, incl. previous ones. } // Saves tab plugins: // on edits, user params and block/email/approved/confirmed are done in cb.core predefined fields. // So now calls this and more (CBtabs are already created in $this->bindSafely() ). $pluginTabsResult = true; if ($reason == 'edit') { $this->_cbTabs->savePluginTabs($this, $array); $pluginTabsResult = !$_PLUGINS->is_errors(); if (!$pluginTabsResult) { $this->_error = $_PLUGINS->getErrorMSG(false); // $_PLUGIN collects all error messages, incl. previous ones. } } if ($bindResults && $beforeResult && $pluginTabsResult) { // Hashes password for CMS storage: $clearTextPassword = $this->password; if ($clearTextPassword) { $hashedPassword = $this->hashAndSaltPassword($clearTextPassword); $this->password = $hashedPassword; } // Stores user if it's a new user: if ($isNew) { if (!$this->store()) { return false; } } // Restores cleartext password for the saveRegistrationPluginTabs: $this->password = $clearTextPassword; if ($isNew) { // Sets the instance of user, to avoid reload from database, and loss of the cleartext password. CBuser::setUserGetCBUserInstance($this); } } if ($reason == 'register') { // call here since we got to have a user id: $registerResults = array(); $registerResults['tabs'] = $this->_cbTabs->saveRegistrationPluginTabs($this, $array); if ($_PLUGINS->is_errors()) { if ($bindResults && $beforeResult && $pluginTabsResult) { $plugins_error = $_PLUGINS->getErrorMSG(false); // $_PLUGIN collects all error messages, incl. previous ones. if ($isNew) { // if it was a new user, and plugin gave error, revert the creation: $this->delete(); } $this->_error = $plugins_error; } else { $this->_error = $_PLUGINS->getErrorMSG(false); // $_PLUGIN collects all error messages, incl. previous ones. } $pluginTabsResult = false; } } if ($bindResults && $beforeResult && $pluginTabsResult) { $this->_cbTabs->commitTabsContents($this, $array, $reason); $commit_errors = $_PLUGINS->getErrorMSG(false); if (count($commit_errors) > 0) { $this->_error = $commit_errors; $bindResults = false; } } if (!($bindResults && $beforeResult && $pluginTabsResult)) { $this->_cbTabs->rollbackTabsContents($this, $array, $reason); // Normal error exit point: $_PLUGINS->trigger('onSaveUserError', array(&$this, $this->_error, $reason)); if (is_array($this->_error)) { $this->_error = implode('<br />', $this->_error); } return false; } // Stores the user (again if it's a new as the plugins might have changed the user record): if ($clearTextPassword) { $this->password = $hashedPassword; } if (!$this->store()) { return false; } // Restores cleartext password for the onAfter and activation events: $this->password = $clearTextPassword; // Triggers onAfter and activateUser events: if ($reason == 'edit') { if ($ui == 1) { $_PLUGINS->trigger('onAfterUserUpdate', array(&$this, &$this, $oldUserComplete)); } elseif ($ui == 2) { if ($isNew || $newCBuser) { if ($isNew) { $ueConfig['emailpass'] = 1; // set this global to 1 to force password to be sent to new users. } $_PLUGINS->trigger('onAfterNewUser', array(&$this, &$this, false, true)); if ($this->block == 0 && $this->approved == 1 && $this->confirmed) { activateUser($this, 2, 'NewUser', false, $isNew); } } else { if (!(($oldUserComplete->approved == 1 || $oldUserComplete->approved == 2) && $oldUserComplete->confirmed) && ($this->approved == 1 && $this->confirmed)) { // first time a just registered and confirmed user got approved in backend through save user: if (isset($ueConfig['emailpass']) && $ueConfig['emailpass'] == "1" && $this->password == '') { // generate the password is auto-generated and not set by the admin at this occasion: $this->setRandomPassword(); $pwd = $this->hashAndSaltPassword($this->password); $_CB_database->setQuery("UPDATE #__users SET password="******" WHERE id = " . (int) $this->id); $_CB_database->query(); } } $_PLUGINS->trigger('onAfterUpdateUser', array(&$this, &$this, $oldUserComplete)); if (!(($oldUserComplete->approved == 1 || $oldUserComplete->approved == 2) && $oldUserComplete->confirmed) && ($this->approved == 1 && $this->confirmed)) { // first time a just registered and confirmed user got approved in backend through save user: activateUser($this, 2, 'UpdateUser', false); } } } } elseif ($reason == 'register') { $registerResults['after'] = $_PLUGINS->trigger('onAfterUserRegistration', array(&$this, &$this, true)); $registerResults['ok'] = true; return $registerResults; } return true; }
/** * render backend edit plugin view * * @param object $row * @param string $option * @param string $task * @param int $uid * @param string $action * @param string $element * @param int $mode * @param object $pluginParams */ public function editPluginView( $row, $option, $task, $uid, $action, $element, $mode, $pluginParams ) { global $_CB_framework, $_CB_database, $_CB_Backend_Menu, $_CB_Backend_task, $_GJ_Backend_Title, $_PLUGINS; if ( ! CBuser::getMyInstance()->authoriseAction( 'core.manage' ) ) { cbRedirect( $_CB_framework->backendUrl( 'index.php' ), _UE_NOT_AUTHORIZED, 'error' ); } outputCbJs( 2 ); outputCbTemplate( 2 ); $plugin = cbgjClass::getPlugin(); $_CB_framework->document->addHeadStyleSheet( $plugin->livePath . '/admin.' . $plugin->element . '.css' ); require_once( $plugin->absPath . '/admin.' . $plugin->element . '.html.php' ); $_CB_Backend_task = $task; $_GJ_Backend_Title = array(); $_CB_Backend_Menu->mode = $plugin->element . 'Admin'; $actions = explode( '.', $action ); $action = ( isset( $actions[0] ) ? $actions[0] : null ); $function = ( isset( $actions[1] ) ? $actions[1] : null ); $id = cbGetParam( $_REQUEST, 'id', array( 0 ) ); $order = cbGetParam( $_REQUEST, 'order', array( 0 ) ); $user =& CBuser::getUserDataInstance( $_CB_framework->myId() ); if ( ! is_array( $id ) ) { $id = array( $id ); } if ( ! $id ) { $id = array( 0 ); } if ( ! is_array( $order ) ) { $order = array( $order ); } if ( ! $order ) { $order = array( 0 ); } $save_mode = ( $mode == 'applyPlugin' ? 'apply' : $function ); ob_start(); switch ( $action ) { case 'categories': switch ( $function ) { case 'menu': $this->createCategoryMenu( $id[0], $user, $plugin ); break; case 'publish': cbSpoofCheck( 'plugin' ); $this->stateCategory( $id, 1, $user, $plugin ); break; case 'unpublish': cbSpoofCheck( 'plugin' ); $this->stateCategory( $id, 0, $user, $plugin ); break; case 'order': cbSpoofCheck( 'plugin' ); $this->orderCategory( $id, $order, $user, $plugin ); break; case 'orderup': cbSpoofCheck( 'plugin' ); $this->orderCategory( $id[0], -1, $user, $plugin ); break; case 'orderdown': cbSpoofCheck( 'plugin' ); $this->orderCategory( $id[0], 1, $user, $plugin ); break; case 'batch': $this->batchCategory( $id, $user, $plugin ); break; case 'copy': $this->copyCategory( $id, $user, $plugin ); break; case 'delete': cbSpoofCheck( 'plugin' ); $this->deleteCategory( $id, $user, $plugin ); break; case 'new': $this->showCategoryEdit( null, $user, $plugin ); break; case 'edit': $this->showCategoryEdit( $id[0], $user, $plugin ); break; case 'save': case 'apply': cbSpoofCheck( 'plugin' ); $this->saveCategoryEdit( $id[0], $save_mode, $user, $plugin ); break; case 'show': default: $this->showCategories( $user, $plugin ); break; } break; case 'groups': switch ( $function ) { case 'menu': $this->createGroupMenu( $id[0], $user, $plugin ); break; case 'publish': cbSpoofCheck( 'plugin' ); $this->stateGroup( $id, 1, $user, $plugin ); break; case 'unpublish': cbSpoofCheck( 'plugin' ); $this->stateGroup( $id, 0, $user, $plugin ); break; case 'order': cbSpoofCheck( 'plugin' ); $this->orderGroup( $id, $order, $user, $plugin ); break; case 'orderup': cbSpoofCheck( 'plugin' ); $this->orderGroup( $id[0], -1, $user, $plugin ); break; case 'orderdown': cbSpoofCheck( 'plugin' ); $this->orderGroup( $id[0], 1, $user, $plugin ); break; case 'batch': $this->batchGroup( $id, $user, $plugin ); break; case 'copy': $this->copyGroup( $id, $user, $plugin ); break; case 'delete': cbSpoofCheck( 'plugin' ); $this->deleteGroup( $id, $user, $plugin ); break; case 'new': $this->showGroupEdit( null, $user, $plugin ); break; case 'edit': $this->showGroupEdit( $id[0], $user, $plugin ); break; case 'save': case 'apply': cbSpoofCheck( 'plugin' ); $this->saveGroupEdit( $id[0], $save_mode, $user, $plugin ); break; case 'show': default: $this->showGroups( $user, $plugin ); break; } break; case 'users': switch ( $function ) { case 'ban': cbSpoofCheck( 'plugin' ); $this->statusUser( $id, -1, $user, $plugin ); break; case 'active': cbSpoofCheck( 'plugin' ); $this->statusUser( $id, 1, $user, $plugin ); break; case 'inactive': cbSpoofCheck( 'plugin' ); $this->statusUser( $id, 0, $user, $plugin ); break; case 'mod': cbSpoofCheck( 'plugin' ); $this->statusUser( $id, 2, $user, $plugin ); break; case 'admin': cbSpoofCheck( 'plugin' ); $this->statusUser( $id, 3, $user, $plugin ); break; case 'owner': cbSpoofCheck( 'plugin' ); $this->statusUser( $id, 4, $user, $plugin ); break; case 'batch': $this->batchUser( $id, $user, $plugin ); break; case 'delete': cbSpoofCheck( 'plugin' ); $this->deleteUser( $id, $user, $plugin ); break; case 'new': $this->showUserEdit( null, $user, $plugin ); break; case 'edit': $this->showUserEdit( $id[0], $user, $plugin ); break; case 'save': case 'apply': cbSpoofCheck( 'plugin' ); $this->saveUserEdit( $id[0], $save_mode, $user, $plugin ); break; case 'show': default: $this->showUsers( $user, $plugin ); break; } break; case 'invites': switch ( $function ) { case 'delete': cbSpoofCheck( 'plugin' ); $this->deleteInvite( $id, $user, $plugin ); break; case 'show': default: $this->showInvites( $user, $plugin ); break; } break; case 'config': switch ( $function ) { case 'save': cbSpoofCheck( 'plugin' ); $this->saveConfig( $_POST, $user, $plugin ); break; case 'show': default: $this->showConfig( $user, $plugin ); break; } break; case 'tools': switch ( $function ) { case 'migrate': $this->showMigrate( $user, $plugin ); break; case 'delmigrate': $this->deleteMigrate( $user, $plugin ); break; case 'show': default: $this->showTools( $user, $plugin ); break; } break; case 'fix': switch ( $function ) { case 'categories': $this->fixCategories( $id[0], $user, $plugin ); break; case 'groups': $this->fixGroups( $id[0], $user, $plugin ); break; case 'users': $this->fixUsers( $id[0], $user, $plugin ); break; default: $this->showTools( $user, $plugin ); break; } break; case 'integrations': $this->showIntegrations( $user, $plugin ); break; case 'menus': switch ( $function ) { case 'save': $this->saveMenus( $user, $plugin ); break; default: $this->showMenus( $user, $plugin ); break; } break; case 'plugin': $_PLUGINS->trigger( 'gj_onPluginBE', array( array( $function, $id, $order, $save_mode ), $user, $plugin ) ); break; default: switch ( $function ) { case 'menu': $this->createPluginMenu( $user, $plugin ); break; case 'show': default: $this->showPlugin( $user, $plugin ); break; } break; } $html = ob_get_contents(); ob_end_clean(); ob_start(); include( $_CB_framework->getCfg( 'absolute_path' ) . '/components/com_comprofiler/plugin/user/plug_cbgroupjive/toolbar.cbgroupjive.php' ); $toolbar = ob_get_contents(); ob_end_clean(); $title = ( isset( $_GJ_Backend_Title[0] ) ? $_GJ_Backend_Title[0] : null ); $class = ( isset( $_GJ_Backend_Title[1] ) ? ' ' . $_GJ_Backend_Title[1] : null ); $return = '<div style="margin:0px;border-width:0px;padding:0px;float:left;width:100%;text-align:left;" class="gjAdmin">' . '<div id="cbAdminMainWrapper" style="margin:0px;border-width:0px;padding:0px;float:none;width:auto;">' . '<div style="float:right;" class="gjAdminToolbar">' . $toolbar . '</div>' . '<div style="float:left;" class="header' . $class . '">' . $title . '</div>' . '<div style="clear:both;"></div>' . '<div style="float:left;width:100%;margin-top:10px;">' . $html . '</div>' . '<div style="clear:both;"></div>' . '</div>' . '</div>'; echo $return; }
/** * Get the field columns for $listId * * @param int $listId The list id to parse * @param int $userId The user id to use for substitutions * @return array */ public static function getColumns($listId, $userId = null) { $row = self::getInstance($listId); if (!$row) { return ''; } if ($userId) { $cbUser = CBuser::getInstance((int) $userId, false); } else { $cbUser = CBuser::getMyInstance(); } $columns = array(); $params = new Registry($row->params); $cols = $params->get('columns'); if ($cols) { foreach ($cols as $i => $column) { $colFields = array(); if (isset($column['fields']) && $column['fields']) { foreach ($column['fields'] as $colField) { if (isset($colField['field']) && $colField['field']) { $colFields[] = array('fieldid' => $colField['field'], 'display' => isset($colField['display']) ? (int) $colField['display'] : 4); } } } $col = new stdClass(); $col->fields = $colFields; $col->title = isset($column['title']) ? $column['title'] : null; $col->titleRendered = $cbUser->replaceUserVars($col->title); $col->size = isset($column['size']) ? (int) $column['size'] : 3; $col->cssclass = isset($column['cssclass']) ? $column['cssclass'] : null; $columns[$i] = $col; } } return $columns; }
} global $_CB_framework, $_CB_database; if (!file_exists(JPATH_SITE . '/libraries/CBLib/CBLib/Core/CBLib.php') || !file_exists(JPATH_ADMINISTRATOR . '/components/com_comprofiler/plugin.foundation.php')) { echo 'CB not installed'; return; } include_once JPATH_ADMINISTRATOR . '/components/com_comprofiler/plugin.foundation.php'; cbimport('cb.html'); cbimport('language.front'); outputCbTemplate(); require_once dirname(__FILE__) . '/helper.php'; if ((int) $params->get('cb_plugins', 1)) { global $_PLUGINS; $_PLUGINS->loadPluginGroup('user'); } $cbUser = CBuser::getMyInstance(); $user = $cbUser->getUserData(); $templateClass = 'cb_template cb_template_' . selectTemplate('dir'); $mode = (int) $params->get('mode', 1); if ($params->get('pretext')) { $preText = $cbUser->replaceUserVars($params->get('pretext')); } else { $preText = null; } if ($params->get('posttext')) { $postText = $cbUser->replaceUserVars($params->get('posttext')); } else { $postText = null; } if ($mode < 6) { $limit = (int) $params->get('limit', 30);
function _getTabFieldsDb($tabid, &$user, $reason, $fieldIdOrName = null, $prefetchFields = true, $fullAccess = false) { static $prefetched = array(); static $fieldsByName = null; $preIdx = $fullAccess ? 'full' : $reason; if (!$prefetchFields || !isset($prefetched[$preIdx])) { global $_CB_framework, $_CB_database, $ueConfig; $where = array(); $ordering = array(); if ($fieldIdOrName && !$prefetchFields) { if (is_int($fieldIdOrName)) { $where[] = 'f.fieldid = ' . (int) $fieldIdOrName; } else { $where[] = 'f.name = ' . $_CB_database->Quote($fieldIdOrName); } } if ($reason == 'list' && in_array($ueConfig['name_format'], array(1, 2, 4))) { $where[] = "( f.published = 1 OR f.name = 'name' )"; } elseif ($reason != 'adminfulllist') { $where[] = 'f.published = 1'; } if (!$fullAccess) { switch ($reason) { case 'profile': $where[] = 'f.profile != 0'; break; case 'list': $where[] = "( f.profile != 0 OR f.name = 'username'" . (in_array($ueConfig['name_format'], array(1, 2, 4)) ? " OR f.name = 'name'" : '') . ')'; break; case 'register': $where[] = 'f.registration = 1'; break; case 'adminfulllist': default: break; } if ($tabid && !$prefetchFields) { $where[] = 'f.tabid = ' . (int) $tabid; } else { if ($reason != 'adminfulllist') { $where[] = 't.enabled = 1'; } if ($reason != 'register' && !($_CB_framework->getUi() == 2 && $_CB_framework->acl->amIaSuperAdmin())) { $where[] = 't.viewaccesslevel IN (' . implode(',', CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false)) . ')'; $where[] = 't.useraccessgroupid IN (' . implode(',', $_CB_framework->acl->get_groups_below_me(null, true)) . ')'; } } if (($reason == 'profile' || $reason == 'list') && $ueConfig['allow_email_display'] == 0 && $reason != 'adminfulllist') { $where[] = 'f.type != ' . $_CB_database->Quote('emailaddress'); } } if (!$tabid || $prefetchFields) { if ($reason == 'register') { $ordering[] = 't.ordering_register'; } $ordering[] = 't.position'; $ordering[] = 't.ordering'; } $ordering[] = 'f.ordering'; $sql = 'SELECT f.*'; if ($reason == 'register') { $sql .= ', t.ordering_register AS tab_ordering_register, t.position AS tab_position, t.ordering AS tab_ordering'; } $sql .= ' FROM #__comprofiler_fields f'; if (!$tabid || $prefetchFields) { // don't get fields which are not assigned to tabs: $sql .= "\n INNER JOIN #__comprofiler_tabs AS t ON (f.tabid = t.tabid)"; } $sql .= ($where ? "\n WHERE " . implode(' AND ', $where) : '') . "\n ORDER BY " . implode(', ', $ordering); $_CB_database->setQuery($sql); if ($prefetchFields) { $fieldsByName = $_CB_database->loadObjectList('name', 'moscomprofilerFields', array(&$_CB_database), true); // true means strtolower array indexes of name if (!$_CB_database->getErrorNum()) { foreach (array_keys($fieldsByName) as $i) { $fieldsByName[$i]->params = new cbParamsBase($fieldsByName[$i]->params); $prefetched[$preIdx][(int) $fieldsByName[$i]->tabid][$fieldsByName[$i]->fieldid] = $fieldsByName[$i]; } } } else { $fields = $_CB_database->loadObjectList(null, 'moscomprofilerFields', array(&$_CB_database)); if (!$_CB_database->getErrorNum()) { for ($i = 0, $n = count($fields); $i < $n; $i++) { $fields[$i]->params = new cbParamsBase($fields[$i]->params); } } } } if (isset($prefetched[$preIdx])) { if ($tabid) { if (isset($prefetched[$preIdx][(int) $tabid])) { $fields = $prefetched[$preIdx][(int) $tabid]; } else { $fields = array(); } } elseif ($fieldIdOrName) { if (is_int($fieldIdOrName)) { $fields = array(); foreach (array_keys($prefetched[$preIdx]) as $k) { if (isset($prefetched[$preIdx][$k][$fieldIdOrName])) { $fields[] = $prefetched[$preIdx][$k][$fieldIdOrName]; break; } } } elseif (isset($fieldsByName[strtolower($fieldIdOrName)])) { $fields = array($fieldsByName[strtolower($fieldIdOrName)]); } else { $fields = array(); } } else { $fields = array(); foreach ($prefetched[$preIdx] as $flds) { // $fields = array_merge( $fields, $flds ); foreach ($flds as $fl) { $fields[$fl->fieldid] = $fl; } } } } // THIS is VERY experimental, and not yet part of CB API !!! : global $_PLUGINS; $_PLUGINS->loadPluginGroup('user'); $_PLUGINS->trigger('onAfterFieldsFetch', array(&$fields, &$user, $reason, $tabid, $fieldIdOrName, $fullAccess)); return $fields; }
function saveTab($option) { global $_CB_database, $_CB_framework, $_POST; $this->_importNeeded(); $this->_importNeededSave(); if (isset($_POST['params'])) { $_POST['params'] = cbParamsEditorController::getRawParamsMagicgpcEscaped($_POST['params']); } else { $_POST['params'] = ''; } if (!isset($_POST['tabid']) || count($_POST) == 0) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Missing post values')) . "'); window.history.go(-2); </script>\n"; exit; } $oldrow = new moscomprofilerTabs($_CB_database); if (isset($_POST['tabid']) && $_POST['tabid']) { $oldrow->load((int) $_POST['tabid']); // Check if user is a super user: if (!$_CB_framework->acl->amIaSuperAdmin()) { // Check if user belongs to useraccessgroupid: if (!in_array($oldrow->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user belongs to viewaccesslevel: if (!in_array($oldrow->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } } $row = new moscomprofilerTabs($_CB_database); if (!$row->bind($_POST)) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } // Set defaults if nothing is found // Also check if oldrow value to use its current value or default otherwise // This prevents a tab from storing to database with null values when some inputs are set disabled: if ($row->useraccessgroupid == '') { $row->useraccessgroupid = $oldrow->useraccessgroupid != '' ? $oldrow->useraccessgroupid : -2; } if ($row->viewaccesslevel == '') { $row->viewaccesslevel = $oldrow->viewaccesslevel != '' ? $oldrow->viewaccesslevel : 1; } if ($row->ordering == '') { $row->ordering = $oldrow->ordering != '' ? $oldrow->ordering : 999; } if ($row->ordering_register == '') { $row->ordering_register = $oldrow->ordering_register != '' ? $oldrow->ordering_register : 10; } if ($row->enabled == '') { $row->enabled = $oldrow->enabled != '' ? $oldrow->enabled : 1; } $row->description = cleanEditorsTranslationJunk(trim($row->description)); if (!$row->check()) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } $row->tabid = (int) cbGetParam($_POST, 'tabid', 0); // Check if user is a super user: if (!$_CB_framework->acl->amIaSuperAdmin()) { $canEditState = CBuser::getMyInstance()->authoriseAction('core.edit.state'); // Check if user belongs to useraccessgroupid if ($row->useraccessgroupid != '' && !in_array($row->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user belongs to viewaccesslevel if ($row->viewaccesslevel != '' && !in_array($row->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user can edit status (and if not, that status are as expected): if (!$canEditState) { $failed = false; // Check if row exists and if useraccessgroupid is different from existing row // Check if row doesn't exist and if useraccessgroupid is different from default if ($oldrow->tabid && ($row->useraccessgroupid != '' && $oldrow->useraccessgroupid != $row->useraccessgroupid) || !$oldrow->tabid && ($row->useraccessgroupid != '' && $row->useraccessgroupid != -2)) { $failed = true; } // Check if row exists and if viewaccesslevel is different from existing row // Check if row doesn't exist and if viewaccesslevel is different from default // Check if user can edit status: if ($oldrow->tabid && ($row->viewaccesslevel != '' && $oldrow->viewaccesslevel != $row->viewaccesslevel) || !$oldrow->tabid && ($row->viewaccesslevel != '' && $row->viewaccesslevel != 1)) { $failed = true; } // Check if row exists and if ordering is different from existing row // Check if row doesn't exist and if ordering is different from default // Check if user can edit status: if ($oldrow->tabid && ($row->ordering != '' && $oldrow->ordering != $row->ordering) || !$oldrow->tabid && ($row->ordering != '' && $row->ordering != 999)) { $failed = true; } // Check if row exists and if ordering_register is different from existing row // Check if row doesn't exist and if ordering_register is different from default // Check if user can edit status: if ($oldrow->tabid && ($row->ordering_register != '' && $oldrow->ordering_register != $row->ordering_register) || !$oldrow->tabid && ($row->ordering_register != '' && $row->ordering_register != 10)) { $failed = true; } // Check if row exists and if publish is different from existing row // Check if row doesn't exist and if publish is different from default // Check if user can edit status: if ($oldrow->tabid && ($row->enabled != '' && $oldrow->enabled != $row->enabled) || !$oldrow->tabid && ($row->enabled != '' && $row->enabled != 1)) { $failed = true; } if ($failed) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } } if (!$row->store()) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } $row->checkin(); cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=showTab"), CBTxt::T('Successfully Saved Tab') . ": " . $row->title); }
function reportUser($option, $form = 1, $uid = 0) { global $_CB_framework, $ueConfig, $_PLUGINS, $_POST; if ($ueConfig['allowUserReports'] == 0) { $msg = CBTxt::Th('UE_FUNCTIONALITY_DISABLED', 'This functionality is currently disabled.'); } elseif (!CBuser::getMyInstance()->authoriseView('profile', $uid)) { $msg = CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!'); } else { $msg = null; } $_PLUGINS->loadPluginGroup('user'); $_PLUGINS->trigger('onBeforeReportUserRequest', array($uid, &$msg, $form)); if ($msg) { $_CB_framework->enqueueMessage($msg, 'error'); return; } $reportedByUser = CBuser::getUserDataInstance($_CB_framework->myId()); $reportedUser = CBuser::getUserDataInstance($uid); if ($form == 1) { $results = $_PLUGINS->trigger('onBeforeReportUserForm', array($uid, &$reportedByUser, &$reportedUser)); if ($_PLUGINS->is_errors()) { $_CB_framework->enqueueMessage($_PLUGINS->getErrorMSG('<br />'), 'error'); return; } if (implode('', $results) != "") { $return = '<div class="cb_template cb_template_' . selectTemplate('dir') . '">' . '<div>' . implode('</div><div>', $results) . '</div>' . '</div>'; echo $return; return; } HTML_comprofiler::reportUserForm($option, $uid, $reportedByUser, $reportedUser); } else { cbSpoofCheck('reportuser'); $row = new UserReportTable(); $_PLUGINS->trigger('onStartSaveReportUser', array(&$row, &$reportedByUser, &$reportedUser)); if ($_PLUGINS->is_errors()) { cbRedirect($_CB_framework->viewUrl('reportuser', false), $_PLUGINS->getErrorMSG(), 'error'); return; } if (!$row->bind($_POST)) { cbRedirect($_CB_framework->viewUrl('reportuser', false), $row->getError(), 'error'); return; } $row->reportedondate = htmlspecialchars($row->reportedondate, ENT_QUOTES); //TBD: remove this: not urgent but isn't right $row->reportexplaination = htmlspecialchars($row->reportexplaination, ENT_QUOTES); //TBD: remove this: not urgent but isn't right $row->reportedondate = $_CB_framework->getUTCDate(); if (!$row->check()) { cbRedirect($_CB_framework->viewUrl('reportuser', false), $row->getError(), 'error'); return; } $_PLUGINS->trigger('onBeforeSaveReportUser', array(&$row, &$reportedByUser, &$reportedUser)); if (!$row->store()) { cbRedirect($_CB_framework->viewUrl('reportuser', false), $row->getError(), 'error'); return; } if ($ueConfig['moderatorEmail'] == 1) { $cbNotification = new cbNotification(); $cbNotification->sendToModerators(CBTxt::T('UE_USERREPORT_SUB', 'User Report Pending Review'), CBTxt::T('UE_USERREPORT_MSG', 'A user has submitted a report regarding a user that requires your review. Please log in and take the appropriate action.')); } $_PLUGINS->trigger('onAfterSaveReportUser', array(&$row, &$reportedByUser, &$reportedUser)); $_CB_framework->enqueueMessage(CBTxt::Th('UE_USERREPORT_SUCCESSFUL', 'User report submitted successfully.')); } }
function saveUser($option) { global $_CB_framework, $_CB_database, $_POST, $_PLUGINS; $this->_importNeeded(); $this->_importNeededSave(); // Check rights to access: $myGids = CBuser::getMyInstance()->getUserData()->gids; $userIdPosted = (int) cbGetParam($_POST, "id", 0); if ($userIdPosted == 0) { $_POST['id'] = null; } $this->_authorizedEdit($userIdPosted); if ($userIdPosted != 0) { $msg = checkCBpermissions(array($userIdPosted), 'save', true); } else { $msg = checkCBpermissions(null, 'save', true); } if ($msg) { echo "<script type=\"text/javascript\"> alert('" . addslashes($msg) . "'); window.history.go(-1);</script>\n"; exit; } $_PLUGINS->loadPluginGroup('user'); // Get current user state: if ($userIdPosted != 0) { $userComplete = CBuser::getUserDataInstance((int) $userIdPosted); if (!($userComplete && $userComplete->id)) { echo "<script type=\"text/javascript\"> alert('" . addslashes(_UE_USER_PROFILE_NOT) . "'); window.history.go(-1);</script>\n"; return; } } else { $userComplete = new moscomprofilerUser($_CB_database); } // Store new user state: $saveResult = $userComplete->saveSafely($_POST, $_CB_framework->getUi(), 'edit'); if (!$saveResult) { $regErrorMSG = $userComplete->getError(); $msg = checkCBpermissions(array($userComplete->id), "edit", true); if ($msg) { echo "<script type=\"text/javascript\"> alert('" . addslashes($msg) . "'); window.history.go(-1);</script>\n"; exit; } echo "<script type=\"text/javascript\">alert('" . str_replace('\\\\n', '\\n', addslashes(strip_tags(str_replace('<br />', '\\n', $regErrorMSG)))) . "'); </script>\n"; global $_CB_Backend_task; $_CB_Backend_task = 'edit'; // so the toolbar comes up... $_PLUGINS->loadPluginGroup('user'); // resets plugin errors $usersView = _CBloadView('user'); $usersView->edituser($userComplete, $option, $userComplete->user_id != null ? '0' : '1', $_POST); // echo "<script type=\"text/javascript\">alert('" . addslashes( str_replace( '<br />', '\n', $userComplete->getError() ) ) . "'); window.history.go(-1);</script>\n"; return; } // Checks-in the row: $userComplete->checkin(); cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=showusers"), sprintf(CBTxt::T('Successfully Saved User: %s'), $userComplete->username)); }
/** * Checks if operation is allowed, and exits to previous page if not, as it should not be possible at all. * * @since 1.8 * * @param string $action Action to perform: core.admin, core.manage, core.create, core.delete, core.edit, core.edit.state, core.edit.own, ... * @param array|int $cid Plugin-id * @param string $assetname OPTIONAL: asset name e.g. com_comprofiler.plugin.$pluginId * @return void */ function checkCanAdminPlugins($actions, $cid = null, $assetname = 'com_comprofiler') { $allowed = false; foreach ((array) $actions as $action) { $allowed = CBuser::getMyInstance()->authoriseAction($action, $assetname); if ($allowed) { break; } } if (!$allowed) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T("Operation not allowed by the Permissions of your group(s).")) . "'); window.history.go(-1); </script>\n"; exit; } }
/** * Generates the HTML to display the user profile tab * @param moscomprofilerTab $tab the tab database entry * @param moscomprofilerUser $user the user being displayed * @param int $ui 1 for front-end, 2 for back-end * @return mixed either string HTML for tab content, or false if ErrorMSG generated */ function getDisplayTab($tab, $user, $ui) { global $_CB_framework, $ueConfig, $_POST, $_CB_OneTwoRowsStyleToggle; if (!$_CB_framework->myId()) { return null; } $return = ""; $params = $this->params; $pmsType = $params->get('pmsType', '1'); $showTitle = $params->get('showTitle', "1"); $showSubject = $params->get('showSubject', "1"); $width = $params->get('width', "30"); $height = $params->get('height', "5"); $capabilities = $this->getPMScapabilites(); if (!$this->_checkPMSinstalled($pmsType) || $capabilities === false) { return false; } if ($_CB_framework->myId() == $user->id) { return null; } $newsub = null; $newmsg = null; // send PMS from this tab form input: if (cbGetParam($_POST, $this->_getPagingParamName("sndnewmsg")) == _UE_PM_SENDMESSAGE) { $sender = $this->_getReqParam("sender", null); $recip = $this->_getReqParam("recip", null); if ($sender && $recip && $sender == $_CB_framework->myId() && $recip == $user->id && CBuser::getMyInstance()->authoriseView('profile', $user->id)) { cbSpoofCheck('pms'); $newsub = htmlspecialchars($this->_getReqParam("newsub", null)); //urldecode done in _getReqParam if ($pmsType == '3' || $pmsType == '4') { $newmsg = $this->_getReqParam("newmsg", null); } else { $newmsg = htmlspecialchars($this->_getReqParam("newmsg", null)); //don't allow html input on user profile! } if (($newsub || $newmsg) && isset($_POST[$this->_getPagingParamName("protect")])) { $parts = explode('_', $this->_getReqParam('protect', '')); if (count($parts) == 3 && $parts[0] == 'cbpms1' && strlen($parts[2]) == 32 && $parts[1] == md5($parts[2] . $user->id . $user->lastvisitDate)) { if (!$newsub && $capabilities["subject"]) { $newsub = _UE_PM_PROFILEMSG; } if ($this->sendUserPMS($recip, $sender, $newsub, $newmsg, $systemGenerated = false, $escaped = true)) { $return .= "\n<script type='text/javascript'>alert('" . _UE_PM_SENTSUCCESS . "')</script>"; $newsub = null; $newmsg = null; } else { $return .= "\n<script type='text/javascript'>alert('" . $this->getErrorMSG() . "')</script>"; } } else { $return .= "\n<script type='text/javascript'>alert('" . _UE_SESSIONTIMEOUT . " " . _UE_PM_NOTSENT . " " . _UE_TRYAGAIN . "')</script>"; } } else { $return .= "\n<script type='text/javascript'>alert('" . _UE_PM_EMPTYMESSAGE . " " . _UE_PM_NOTSENT . "')</script>"; } } } // display Quick Message tab: $return .= "\n\t<div class=\"sectiontableentry" . $_CB_OneTwoRowsStyleToggle . "\" style=\"padding-bottom:5px;\">\n"; $_CB_OneTwoRowsStyleToggle = $_CB_OneTwoRowsStyleToggle == 1 ? 2 : 1; if ($showTitle) { $return .= "\t\t<div class=\"titleCell\" style=\"align: left; text-align:left; margin-left: 0px;\">" . cbUnHtmlspecialchars(getLangDefinition($tab->title)) . ($showSubject && $capabilities["subject"] ? "" : ":") . "</div>\n"; } $return .= $this->_writeTabDescription($tab, $user); $base_url = $this->_getAbsURLwithParam(array()); $return .= '<form method="post" action="' . $base_url . '">'; $return .= '<table cellspacing="0" cellpadding="5" class="contentpane" style="border:0px;align:left;width:90%;">'; if ($showSubject && $capabilities["subject"]) { $return .= '<tr><td><b>' . _UE_EMAILFORMSUBJECT . '</b></td>'; $return .= '<td><input type="text" class="inputbox" name="' . $this->_getPagingParamName("newsub") . '" size="' . ($width - 8) . '" value="' . stripslashes($newsub) . '" /></td></tr>'; $return .= '<tr class="sectiontableentry1"><td colspan="2"><b>' . _UE_EMAILFORMMESSAGE . '</b></td></tr>'; } $return .= '<tr><td colspan="2"><textarea name="' . $this->_getPagingParamName("newmsg") . '" class="inputbox" rows="' . $height . '" cols="' . $width . '">' . stripslashes($newmsg) . '</textarea></td></tr>'; $return .= '<tr><td colspan="2"><input type="submit" class="button" name="' . $this->_getPagingParamName("sndnewmsg") . '" value="' . _UE_PM_SENDMESSAGE . '" /></td></tr>'; $return .= '</table>'; $return .= "<input type=\"hidden\" name=\"" . $this->_getPagingParamName("sender") . "\" value=\"" . $_CB_framework->myId() . "\" />"; $return .= "<input type=\"hidden\" name=\"" . $this->_getPagingParamName("recip") . "\" value=\"{$user->id}\" />"; $salt = cbMakeRandomString(32); $return .= "<input type=\"hidden\" name=\"" . $this->_getPagingParamName("protect") . "\" value=\"" . 'cbpms1_' . md5($salt . $user->id . $user->lastvisitDate) . '_' . $salt . "\" />"; $return .= cbGetSpoofInputTag('pms'); $return .= '</form>'; $return .= "</div>"; return $return; }
function reportUser($option, $form = 1, $uid = 0) { global $_CB_framework, $_CB_database, $ueConfig, $_POST; if ($ueConfig['allowUserReports'] == 0) { echo _UE_FUNCTIONALITY_DISABLED; exit; } if (!CBuser::getMyInstance()->authoriseView('profile', $uid)) { echo _UE_NOT_AUTHORIZED; return; } if ($form == 1) { HTML_comprofiler::reportUserForm($option, $uid); } else { // simple spoof check security cbSpoofCheck('reportUserForm'); $row = new moscomprofilerUserReport($_CB_database); $Itemid = $_CB_framework->itemid(); if (!$row->bind($_POST)) { cbRedirect(cbSef("index.php?option={$option}&task=reportUser" . ($Itemid ? "&Itemid=" . (int) $Itemid : ""), false), $row->getError(), 'error'); return; } _cbMakeHtmlSafe($row); //TBD: remove this: not urgent but isn't right $row->reportedondate = date("Y-m-d H:i:s"); if (!$row->check()) { cbRedirect(cbSef("index.php?option={$option}&task=reportUser" . ($Itemid ? "&Itemid=" . (int) $Itemid : ""), false), $row->getError(), 'error'); return; } if (!$row->store()) { cbRedirect(cbSef("index.php?option={$option}&task=reportUser" . ($Itemid ? "&Itemid=" . (int) $Itemid : ""), false), $row->getError(), 'error'); return; } if ($ueConfig['moderatorEmail'] == 1) { $cbNotification = new cbNotification(); $cbNotification->sendToModerators(_UE_USERREPORT_SUB, _UE_USERREPORT_MSG); } echo _UE_USERREPORT_SUCCESSFUL; } }
/** * prepare GroupJive Itemid if not found return CB Itemid * * @param boolean $htmlspecialchars * @param string $task * @return string */ static public function getItemid( $htmlspecialchars = false, $task = null ) { global $_CB_framework, $_CB_database; static $Itemid = array(); if ( ! isset( $Itemid[$task] ) ) { $plugin = cbgjClass::getPlugin(); $generalItemid = $plugin->params->get( 'general_itemid', null ); $url = 'index.php?option=com_comprofiler&task=pluginclass&plugin=cbgroupjive'; if ( $task ) { $url .= $task; } $url .= '%'; if ( ( ! $generalItemid ) || $task ) { $query = 'SELECT ' . $_CB_database->NameQuote( 'id' ) . "\n FROM " . $_CB_database->NameQuote( '#__menu' ) . "\n WHERE " . $_CB_database->NameQuote( 'link' ) . " LIKE " . $_CB_database->Quote( $url ) . "\n AND " . $_CB_database->NameQuote( 'published' ) . " = 1" . "\n AND " . $_CB_database->NameQuote( 'access' ) . " IN ( " . implode( ',', cbToArrayOfInt( CBuser::getMyInstance()->getAuthorisedViewLevelsIds( ( checkJversion() >= 2 ? false : true ) ) ) ) . " )" . ( checkJversion() >= 2 ? "\n AND " . $_CB_database->NameQuote( 'language' ) . " IN ( " . $_CB_database->Quote( $_CB_framework->getCfg( 'lang_tag' ) ) . ", '*', '' )" : null ); $_CB_database->setQuery( $query ); $Itemid[$task] = $_CB_database->loadResult(); if ( ( ! $Itemid[$task] ) && $task ) { $Itemid[$task] = cbgjClass::getItemid( 0 ); } elseif ( ! $Itemid[$task] ) { $Itemid[$task] = getCBprofileItemid( null ); } } else { $Itemid[$task] = $generalItemid; } } if ( is_bool( $htmlspecialchars ) ) { return ( $htmlspecialchars ? '&' : '&' ) . 'Itemid=' . $Itemid[$task]; } else { return $Itemid[$task]; } }
function viewPlugins($option) { global $_CB_database, $_CB_framework; $limit = (int) $_CB_framework->getCfg('list_limit'); if ($limit == 0) { $limit = 10; } $limit = $_CB_framework->getUserStateFromRequest("viewlistlimit", 'limit', $limit); $lastCBlist = $_CB_framework->getUserState("view{$option}lastCBlist", null); if ($lastCBlist == 'showplugins') { $limitstart = $_CB_framework->getUserStateFromRequest("view{$option}limitstart", 'limitstart', 0); $lastSearch = $_CB_framework->getUserState("search{$option}", null); $search = $_CB_framework->getUserStateFromRequest("search{$option}", 'search', ''); if ($lastSearch != $search) { $limitstart = 0; $_CB_framework->setUserState("view{$option}limitstart", $limitstart); } $search = trim(strtolower($search)); $filter_type = $_CB_framework->getUserStateFromRequest("filter_type{$option}", 'filter_type', "0"); } else { clearSearchBox(); $search = ""; $limitstart = 0; $_CB_framework->setUserState("view{$option}limitstart", $limitstart); $_CB_framework->setUserState("view{$option}lastCBlist", "showplugins"); $filter_type = "0"; $_CB_framework->setUserState("filter_type{$option}", $filter_type); } $where = array(); // used by filter if ($filter_type) { $where[] = "m.type = '{$filter_type}'"; } if ($search) { $search = cbEscapeSQLsearch(trim(strtolower(cbGetEscaped($search)))); $where[] = "LOWER( m.name ) LIKE '%{$search}%'"; } if (!$_CB_framework->acl->amIaSuperAdmin()) { $viewAccessLevels = CBuser::getMyInstance()->getAuthorisedViewLevelsIds(true); $viewAccessLevelsCleaned = implode(',', cbArrayToInts($viewAccessLevels)); $where[] = 'm.access IN (' . $viewAccessLevelsCleaned . ')'; } // get the total number of records $query = "SELECT COUNT(*) FROM #__comprofiler_plugin AS m " . (count($where) ? "\n WHERE " . implode(' AND ', $where) : ''); $_CB_database->setQuery($query); $total = $_CB_database->loadResult(); if ($total <= $limitstart) { $limitstart = 0; } cbimport('cb.pagination'); $pageNav = new cbPageNav($total, $limitstart, $limit); if (checkJversion() == 2) { $title = 'title'; } else { $title = 'name'; } $query = "SELECT m.*, u.name AS editor, g.{$title} AS groupname" . "\n FROM #__comprofiler_plugin AS m" . "\n LEFT JOIN #__users AS u ON u.id = m.checked_out"; if (checkJversion() == 2) { $query .= "\n LEFT JOIN #__viewlevels AS g ON g.id = m.access + IF(m.access <= 2, 1, 0)"; // fix J1.6's wrong access levels, same as g.id = IF( m.access = 0, 1, IF( m.access = 1, 2, IF( m.access = 2, 3, m.access ) ) ) } else { $query .= "\n LEFT JOIN #__groups AS g ON g.id = m.access"; } $query .= (count($where) ? "\n WHERE " . implode(' AND ', $where) : '') . "\n GROUP BY m.id" . "\n ORDER BY m.type ASC, m.ordering ASC, m.name ASC"; $_CB_database->setQuery($query, (int) $pageNav->limitstart, (int) $pageNav->limit); $rows = $_CB_database->loadObjectList(); if ($_CB_database->getErrorNum()) { echo $_CB_database->stderr(); return false; } // get list of Positions for dropdown filter $query = "SELECT type AS value, type AS text" . "\n FROM #__comprofiler_plugin" . "\n GROUP BY type" . "\n ORDER BY type"; $types[] = moscomprofilerHTML::makeOption('0', !defined('_SEL_TYPE') ? '- ' . CBTxt::T('Select Type') . ' -' : _SEL_TYPE); // Mambo 4.5.1 Compatibility $_CB_database->setQuery($query); $types = array_merge($types, $_CB_database->loadObjectList()); $lists['type'] = moscomprofilerHTML::selectList($types, 'filter_type', 'class="inputbox" size="1" onchange="document.adminForm.submit( );"', 'value', 'text', $filter_type, 2); $canAdmin = CBuser::getMyInstance()->authoriseAction('core.admin'); $canEdit = CBuser::getMyInstance()->authoriseAction('core.edit'); $canEditState = CBuser::getMyInstance()->authoriseAction('core.edit.state'); HTML_comprofiler::showPlugins($rows, $pageNav, $option, $lists, $search, $canAdmin, $canEdit, $canEditState); return true; }
function editPluginSettingsParams(&$row, $option, $task, $uid, &$element, &$params, &$options) { global $_CB_database, $_CB_framework; $canEditState = CBuser::getMyInstance()->authoriseAction('core.edit.state'); $lists = array(); // get list of groups if ($row->access == 99 || $row->client_id == 1) { $lists['access'] = CBTxt::T('Administrator') . '<input type="hidden" name="access" value="99" />'; } else { // build the html drop-down select list for the group access (filtered by View Access Levels visible by the admin if not super user: $accessTree = $_CB_framework->acl->get_access_children_tree(true, true, !$_CB_framework->acl->amIaSuperAdmin()); $lists['access'] = moscomprofilerHTML::selectList($accessTree, 'access', 'class="inputbox"' . ($canEditState ? '' : ' disabled="disabled"'), 'value', 'text', intval($row->access), 2); } if ($uid) { $row->checkout($_CB_framework->myId()); if ($row->ordering > -10000 && $row->ordering < 10000) { // build the html select list for ordering $query = "SELECT ordering AS value, name AS text" . "\n FROM #__comprofiler_plugin" . "\n WHERE type='" . $_CB_database->getEscaped($row->type) . "'" . "\n AND published > 0" . "\n AND ordering > -10000" . "\n AND ordering < 10000" . "\n ORDER BY ordering"; $order = $this->_cbGetOrderingList($query); $lists['ordering'] = moscomprofilerHTML::selectList($order, 'ordering', 'class="inputbox" size="1"' . ($canEditState ? '' : ' disabled="disabled"'), 'value', 'text', intval($row->ordering), 2); } else { $lists['ordering'] = '<input type="hidden" name="ordering" value="' . $row->ordering . '" />' . CBTxt::T('This plugin cannot be reordered'); } $lists['type'] = '<input type="hidden" name="type" value="' . $row->type . '" />' . $row->type; if ($element && $element->name() == 'cbinstall' && $element->attributes('type') == 'plugin') { $description =& $element->getElementByPath('description'); $row->description = $description ? trim($description->data()) : ''; } } else { $row->folder = ''; $row->ordering = 999; $row->published = 1; $row->description = ''; $folders = cbReadDirectory($_CB_framework->getCfg('absolute_path') . '/components/com_comprofiler/plugin/'); $folders2 = array(); foreach ($folders as $folder) { if (is_dir($_CB_framework->getCfg('absolute_path') . '/components/com_comprofiler/plugin/' . $folder) && $folder != 'CVS') { $folders2[] = moscomprofilerHTML::makeOption($folder); } } $lists['type'] = moscomprofilerHTML::selectList($folders2, 'type', 'class="inputbox" size="1"', 'value', 'text', null, 2); $lists['ordering'] = '<input type="hidden" name="ordering" value="' . $row->ordering . '" />' . CBTxt::T('New items default to the last place. Ordering can be changed after this item is saved.'); } $Yesoptions = array(); $Yesoptions[] = moscomprofilerHTML::makeOption('1', _UE_YES); if ($row->type == 'language' || $row->id == 1) { $row->published = 1; } else { $Yesoptions[] = moscomprofilerHTML::makeOption('0', _UE_NO); } $lists['published'] = moscomprofilerHTML::radioList($Yesoptions, 'published', 'class="inputbox"' . ($canEditState ? '' : ' disabled="disabled"'), 'value', 'text', $row->published, 2); $pluginView = _CBloadView('plugin'); $pluginView->editPlugin($row, $lists, $params, $options); }
function saveField($option, $task) { global $_CB_database, $_CB_framework, $_POST, $_PLUGINS; if ($task == 'showField' || !(isset($_POST['oldtabid']) && isset($_POST['fieldid']))) { cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task={$task}")); return; } $this->_importNeeded(); $this->_importNeededSave(); $fieldOldTab = new moscomprofilerTabs($_CB_database); if (isset($_POST['oldtabid']) && $_POST['oldtabid']) { $fieldOldTab->load((int) $_POST['oldtabid']); // Check if user is a super user: if (!$_CB_framework->acl->amIaSuperAdmin()) { // Check if user belongs to useraccessgroupid: if (!in_array($fieldOldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user belongs to viewaccesslevel: if (!in_array($fieldOldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } } $fid = (int) $_POST['fieldid']; $row = new moscomprofilerFields($_CB_database); if ($fid) { // load the row from the db table if (!$row->load((int) $fid)) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Innexistant field')) . "'); window.history.go(-1);</script>\n"; exit; } $fieldTab = new moscomprofilerTabs($_CB_database); // load the row from the db table $fieldTab->load((int) $row->tabid); // Check if user is a super user: if (!$_CB_framework->acl->amIaSuperAdmin()) { // Check if user belongs to useraccessgroupid: if (!in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user belongs to viewaccesslevel: if (!in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } } $oldrow = new moscomprofilerFields($_CB_database); foreach (array_keys(get_object_vars($row)) as $k) { if (substr($k, 0, 1) != '_') { $oldrow->{$k} = $row->{$k}; } } $_PLUGINS->loadPluginGroup('user'); if (!$this->_prov_bind_CB_field($row, $fid)) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } // Set defaults if nothing is found // Also check if oldrow value to use its current value or default otherwise // This prevents a tab from storing to database with null values when some inputs are set disabled: if ($row->tabid == '') { $row->tabid = $oldrow->tabid != '' ? $oldrow->tabid : 11; } if ($row->profile == '') { $row->profile = $oldrow->profile != '' ? $oldrow->profile : 1; } if ($row->registration == '') { $row->registration = $oldrow->registration != '' ? $oldrow->registration : 1; } if ($row->published == '') { $row->published = $oldrow->published != '' ? $oldrow->published : 1; } if ($row->required == '') { $row->required = $oldrow->required != '' ? $oldrow->required : 0; } if ($row->readonly == '') { $row->readonly = $oldrow->readonly != '' ? $oldrow->readonly : 0; } if ($row->tablecolumns != '' && !in_array($row->type, array('password', 'userparams'))) { $searchable_default = 1; } else { $searchable_default = 0; } if ($row->searchable == '') { $row->searchable = $oldrow->searchable != '' ? $oldrow->searchable : $searchable_default; } // If the input is disabled we need to apply the default if the tabid isn't in POST: if (!isset($_POST['tabid'])) { $_POST['tabid'] = $row->tabid; } // Moved above check here just encase it ends up being empty: if ($task == 'showField' || !isset($_POST['tabid'])) { cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task={$task}")); return; } // in case the above changed perms.... really ? $fieldTab = new moscomprofilerTabs($_CB_database); $fieldTab->load((int) $row->tabid); // Check if user is a super user: if (!$_CB_framework->acl->amIaSuperAdmin()) { // Check if user belongs to useraccessgroupid: if (!in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user belongs to viewaccesslevel: if (!in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } if ($row->type == 'webaddress') { $row->rows = $_POST['webaddresstypes']; if (!($row->rows == 0 || $row->rows == 2)) { $row->rows = 0; } } if ($_POST['oldtabid'] != $_POST['tabid']) { if ($_POST['oldtabid'] !== '') { //Re-order old tab $sql = "UPDATE #__comprofiler_fields SET ordering = ordering-1 WHERE ordering > " . (int) $_POST['ordering'] . " AND tabid = " . (int) $_POST['oldtabid']; $_CB_database->setQuery($sql); $_CB_database->query(); } //Select Last Order in New Tab $sql = "SELECT MAX(ordering) FROM #__comprofiler_fields WHERE tabid=" . (int) $_POST['tabid']; $_CB_database->SetQuery($sql); $max = $_CB_database->LoadResult(); $row->ordering = max($max + 1, 1); } if (cbStartOfStringMatch($row->name, 'cb_')) { $row->name = str_replace(" ", "", strtolower($row->name)); } if (!$row->check()) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } // Check if user is a super user: if (!$_CB_framework->acl->amIaSuperAdmin()) { $canEditState = CBuser::getMyInstance()->authoriseAction('core.edit.state'); // Check if user belongs to useraccessgroupid if ($fieldTab->useraccessgroupid != '' && !in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user belongs to viewaccesslevel if ($fieldTab->viewaccesslevel != '' && !in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user can edit status (and if not, that status are as expected): if (!$canEditState) { $failed = false; // Check if row exists and if tabid is different from existing row // Check if row doesn't exist and if tabid is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->tabid != '' && $oldrow->tabid != $row->tabid) || !$oldrow->fieldid && ($row->tabid != '' && $row->tabid != 11)) { $failed = true; } // Check if row exists and if profile is different from existing row // Check if row doesn't exist and if profile is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->profile != '' && $oldrow->profile != $row->profile) || !$oldrow->fieldid && ($row->profile != '' && $row->profile != 1)) { $failed = true; } // Check if row exists and if registration is different from existing row // Check if row doesn't exist and if registration is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->registration != '' && $oldrow->registration != $row->registration) || !$oldrow->fieldid && ($row->registration != '' && $row->registration != 1)) { $failed = true; } // Check if row exists and if published is different from existing row // Check if row doesn't exist and if published is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->published != '' && $oldrow->published != $row->published) || !$oldrow->fieldid && ($row->published != '' && $row->published != 1)) { $failed = true; } // Check if row exists and if required is different from existing row // Check if row doesn't exist and if required is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->required != '' && $oldrow->required != $row->required) || !$oldrow->fieldid && ($row->required != '' && $row->required != 0)) { $failed = true; } // Check if row exists and if readonly is different from existing row // Check if row doesn't exist and if readonly is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->readonly != '' && $oldrow->readonly != $row->readonly) || !$oldrow->fieldid && ($row->readonly != '' && $row->readonly != 0)) { $failed = true; } // Check if row exists and if searchable is different from existing row // Check if row doesn't exist and if searchable is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->searchable != '' && $oldrow->searchable != $row->searchable) || !$oldrow->fieldid && ($row->searchable != '' && $row->searchable != $searchable_default)) { $failed = true; } if ($failed) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } } if (!$row->store((int) $fid)) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } $fieldNames = $_POST['vNames']; $j = 1; if ($row->fieldid > 0) { $_CB_database->setQuery("DELETE FROM #__comprofiler_field_values" . " WHERE fieldid = " . (int) $row->fieldid); if ($_CB_database->query() === false) { echo $_CB_database->getErrorMsg(); } } else { $_CB_database->setQuery("SELECT MAX(fieldid) FROM #__comprofiler_fields"); $maxID = $_CB_database->loadResult(); $row->fieldid = $maxID; echo $_CB_database->getErrorMsg(); } //for($i=0, $n=count( $fieldNames ); $i < $n; $i++) { foreach ($fieldNames as $fieldName) { if (trim($fieldName) != null || trim($fieldName) != '') { $_CB_database->setQuery("INSERT INTO #__comprofiler_field_values (fieldid,fieldtitle,ordering)" . " VALUES( " . (int) $row->fieldid . ",'" . cbGetEscaped(trim($fieldName)) . "', " . (int) $j . ")"); if ($_CB_database->query() === false) { echo $_CB_database->getErrorMsg(); } $j++; } } switch ($task) { case 'applyField': $msg = CBTxt::T('Successfully Saved changes to Field') . ': ' . $row->name; cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=editField&cid={$row->fieldid}"), $msg); break; case 'saveField': default: $msg = CBTxt::T('Successfully Saved Field') . ': ' . $row->name; cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=showField"), $msg); break; } }
static function _DEFAULT_PLUGIN() { CBtoolmenuBar::startTable(); if (CBuser::getMyInstance()->authoriseAction('core.edit.state')) { CBtoolmenuBar::publishList('publishPlugin'); CBtoolmenuBar::spacer(); CBtoolmenuBar::unpublishList('unpublishPlugin'); // CBtoolmenuBar::spacer(); // CBtoolmenuBar:: "addInstall" link ('newPlugin'); /* CBtoolmenuBar::spacer(); if (is_callable(array("CBtoolmenuBar","addNewX"))) { // Mambo 4.5.0 support: CBtoolmenuBar::addNewX('newPlugin'); } else { CBtoolmenuBar::addNew('newPlugin'); } */ CBtoolmenuBar::spacer(); } if (CBuser::getMyInstance()->authoriseAction('core.edit')) { CBtoolmenuBar::editList('editPlugin'); CBtoolmenuBar::spacer(); } if (CBuser::getMyInstance()->authoriseAction('core.admin')) { CBtoolmenuBar::deleteList('', 'deletePlugin'); CBtoolmenuBar::spacer(); } CBtoolmenuBar::endTable(); }
/** * Loads all the bot files for a particular group (if group not already loaded) * @param string $group The group name, relates to the sub-directory in the plugins directory * @param mixed $ids array of int : ids of plugins to load. OR: string : name of element (OR new in CB 1.2.2: string if ends with a ".": elements starting with "string.") * @param int $publishedStatus if 1 (DEFAULT): load only published plugins, if 0: load all plugins including unpublished ones * @return boolean TRUE: load done, FALSE: no plugin loaded */ function loadPluginGroup($group, $ids = null, $publishedStatus = 1) { global $_CB_framework, $_CB_database; static $dbCache = null; $this->_iserror = false; $group = trim($group); if ($group && !isset($this->_pluginGroups[$group]) || !$this->all_in_array_key($ids, $this->_plugins)) { $cmsAccess = CBuser::getMyInstance()->getAuthorisedViewLevelsIds(true); $cmsAccessCleaned = implode(',', cbArrayToInts($cmsAccess)); if (!isset($dbCache[$publishedStatus][$cmsAccessCleaned][$group])) { $where = array(); if ($publishedStatus == 1) { $where[] = 'published = 1'; } else { $where[] = 'published >= ' . (int) $publishedStatus; } $where[] = 'access IN (' . $cmsAccessCleaned . ')'; if ($group) { $where[] = 'type = ' . $_CB_database->Quote(trim($group)); } /* if ( ( $ids !== null ) && ( count( $ids ) > 0 ) ) { cbArrayToInts( $ids ); if ( count( $ids ) == 1 ) { $where[] = 'id = ' . implode( '', $ids ); } else { $where[] = 'id IN (' . implode( ',', $ids ) . ')'; } } */ $_CB_database->setQuery("SELECT id, folder, element, published, type, params, CONCAT_WS('/',folder,element) AS lookup, name" . "\n FROM #__comprofiler_plugin" . "\n WHERE " . implode(' AND ', $where) . "\n ORDER BY ordering"); $dbCache[$publishedStatus][$cmsAccessCleaned][$group] = $_CB_database->loadObjectList(); if ($_CB_database->getErrorNum()) { $dbCache[$publishedStatus][$cmsAccessCleaned][$group] = null; return false; } } if (count($ids) == 0) { $ids = null; } foreach ($dbCache[$publishedStatus][$cmsAccessCleaned][$group] as $plugin) { if ($ids === null || (is_array($ids) ? in_array($plugin->id, $ids) : (substr($ids, strlen($ids) - 1, 1) == '.' ? substr($plugin->element, 0, strlen($ids)) == $ids : $plugin->element == $ids))) { if (!isset($this->_plugins[$plugin->id]) && $this->_loadPluginFile($plugin)) { $this->_plugins[$plugin->id] = $plugin; if (!isset($this->_pluginGroups[$plugin->type][$plugin->id])) { $this->_pluginGroups[$plugin->type][$plugin->id] =& $this->_plugins[$plugin->id]; } } } } } return true; }
if ($avatarDisplayed && !$horizontal) { echo $preDiv . '" id="mod_login_greeting' . $id_sfx . '">'; echo '<br />'; echo $cbUser->replaceUserVars(sprintf(_UE_HI_NAME, '<br />' . $name)); echo $postDiv; } else { echo '<span id="mod_login_greeting' . $id_sfx . '">' . $cbUser->replaceUserVars(sprintf(_UE_HI_NAME, $name)) . '</span>'; } } $pms = 0; if ($show_pms != 0) { $pms = $pms_type; // RC2 quick fix if ($pms != 0) { if (class_exists('moscomprofilerUser', false)) { $viewLevels = CBuser::getMyInstance()->getAuthorisedViewLevelsIds(checkJversion() >= 2 ? false : true); } else { // Compute View Level using CMS without loading cb.table and cb.database if they are not already loaded (e.g. when using this function in modules): if (checkJversion() >= 2) { $viewLevels = JUser::getInstance()->getAuthorisedViewLevels(); } else { $viewLevels = range(0, $_CB_framework->myCmsGid()); } } $cleanedANDpubAccess = ' AND published = 1 AND access IN (' . implode(',', cbArrayToInts($viewLevels)) . ')'; if (checkJversion() >= 2) { $cleanedANDpubAccess .= ' AND ' . $_CB_database->NameQuote('language') . ' IN ( ' . $_CB_database->Quote($_CB_framework->getCfg('lang_tag')) . ', ' . $_CB_database->Quote('*') . ', ' . $_CB_database->Quote('') . ' )'; } switch ($pms) { case 1: $pmsnameprefix = "";
function get_user_permission_task($user_id, $action) { global $_CB_framework, $ueConfig; if ($user_id == 0) { $user_id = $_CB_framework->myId(); } else { $user_id = (int) $user_id; } if ($user_id == 0) { $ret = false; } elseif ($user_id == $_CB_framework->myId()) { $ret = null; } else { if (!isset($ueConfig[$action]) || $ueConfig[$action] == 0) { $ret = _UE_FUNCTIONALITY_DISABLED; } elseif ($ueConfig[$action] == 1) { $isModerator = $this->get_user_moderator($_CB_framework->myId()); if (!$isModerator) { $ret = false; } else { $isModerator_user = $this->get_user_moderator($user_id); if ($isModerator_user) { $ret = $this->get_users_permission(array($user_id), 'edit', true); } else { $ret = null; } } } elseif ($ueConfig[$action] > 1) { // 8: super admins only // 7: admins and super admins only if ($_CB_framework->acl->amIaSuperAdmin()) { $ret = null; } elseif ($ueConfig[$action] != 7) { $ret = false; } else { // Admins and Super-admins: if (checkJversion() >= 2) { $myCBuser = CBuser::getMyInstance(); if ($myCBuser->authoriseAction('core.manage', 'com_users') && $myCBuser->authoriseAction('core.edit', 'com_users')) { $ret = null; } else { $ret = false; } } else { if (in_array($ueConfig[$action], $this->get_groups_below_me($_CB_framework->myId(), true))) { $ret = null; } else { $ret = false; } } } } else { $ret = false; } } if ($ret === false) { $ret = _UE_NOT_AUTHORIZED; if ($_CB_framework->myId() < 1) { $ret .= '<br />' . _UE_DO_LOGIN; } } return $ret; }
function showUsers($option, $task, $cid) { global $_CB_database, $_CB_framework, $_POST, $_PLUGINS, $_CB_TxtIntStore; $this->_importNeeded(); $limit = (int) $_CB_framework->getCfg('list_limit'); if ($limit == 0) { $limit = 10; } $filter_type = $_CB_framework->getUserStateFromRequest("filter_type{$option}", 'filter_type', 0); $filter_status = $_CB_framework->getUserStateFromRequest("filter_status{$option}", 'filter_status', 0); $filter_logged = intval($_CB_framework->getUserStateFromRequest("filter_logged{$option}", 'filter_logged', 0)); $lastCBlist = $_CB_framework->getUserState("view{$option}lastCBlist", null); if ($lastCBlist == 'showusers') { if ($task == 'showusers') { $limit = $_CB_framework->getUserStateFromRequest("viewlistlimit", 'limit', $limit); $limitstart = $_CB_framework->getUserStateFromRequest("view{$option}limitstart", 'limitstart', 0); } $lastSearch = $_CB_framework->getUserState("search{$option}", null); $search = $_CB_framework->getUserStateFromRequest("search{$option}", 'search', ''); if ($lastSearch != $search) { $limitstart = 0; $_CB_framework->setUserState("view{$option}limitstart", $limitstart); } $search = stripslashes(trim($_CB_TxtIntStore->_iso != 'UTF-8' ? strtolower($search) : (is_callable('mb_convert_case') ? mb_convert_case($search, MB_CASE_LOWER, "UTF-8") : utf8_encode(strtolower(utf8_decode($search)))))); } else { $filter_type = 0; $filter_status = 0; $filter_logged = 0; clearSearchBox(); $search = ''; $limitstart = 0; $_CB_framework->setUserState("view{$option}limitstart", $limitstart); $_CB_framework->setUserState("view{$option}lastCBlist", "showusers"); } if ($task !== 'showusers') { if ($task == 'ajaxemailusers') { $limitstart = cbGetParam($_POST, 'limitstart', 0); $limit = cbGetParam($_POST, 'limit', 0); } else { $limitstart = 0; if ($task == 'emailusers') { $limit = 101; // so that first 100 users and more... is displayed. } else { $limit = cbGetParam($_POST, 'limit', 0); } } } $tablesSQL = array('u' => '#__users AS u'); $joinsSQL = array('ue' => 'LEFT JOIN #__comprofiler AS ue ON u.id = ue.id'); $tablesWhereSQL = array(); if (isset($search) && $search != "") { $tablesWhereSQL[] = "(u.username LIKE '%" . $_CB_database->getEscaped($search, true) . "%' OR u.email LIKE '%" . $_CB_database->getEscaped($search, true) . "%' OR u.name LIKE '%" . $_CB_database->getEscaped($search, true) . "%')"; } if ($filter_type) { if (checkJversion() == 2) { $tablesWhereSQL[] = "aro.group_id = " . (int) $filter_type; } else { if ($filter_type == 'Public Frontend') { $tablesWhereSQL[] = "(u.usertype = 'Registered' OR u.usertype = 'Author' OR u.usertype = 'Editor'OR u.usertype = 'Publisher')"; } else { if ($filter_type == 'Public Backend') { $tablesWhereSQL[] = "( u.usertype = 'Manager' OR u.usertype = 'Administrator' OR u.usertype = 'Super Administrator' )"; } else { $tablesWhereSQL[] = "u.usertype = " . $_CB_database->Quote($filter_type); } } } } $tBlocked = CBTxt::T('Blocked'); $tEnabled = CBTxt::T('Enabled'); $tUnconfirmed = CBTxt::T('Unconfirmed'); $tConfirmed = CBTxt::T('Confirmed'); $tUnapproved = CBTxt::T('Unapproved'); $tDisapproved = CBTxt::T('Disapproved'); $tApproved = CBTxt::T('Approved'); $tBanned = CBTxt::T('Banned'); $p = ' + '; $userstates = array($tBlocked => 'u.block = 1', $tEnabled => 'u.block = 0', $tUnconfirmed => 'ue.confirmed = 0', $tConfirmed => 'ue.confirmed = 1', $tUnapproved => 'ue.approved = 0', $tDisapproved => 'ue.approved = 2', $tApproved => 'ue.approved = 1', $tBanned => 'ue.banned <> 0', $tBlocked . $p . $tUnconfirmed . $p . $tUnapproved => '(u.block = 1 AND ue.confirmed = 0 AND ue.approved = 0)', $tEnabled . $p . $tUnconfirmed . $p . $tUnapproved => '(u.block = 0 AND ue.confirmed = 0 AND ue.approved = 0)', $tBlocked . $p . $tConfirmed . $p . $tUnapproved => '(u.block = 1 AND ue.confirmed = 1 AND ue.approved = 0)', $tEnabled . $p . $tConfirmed . $p . $tUnapproved => '(u.block = 0 AND ue.confirmed = 1 AND ue.approved = 0)', $tBlocked . $p . $tUnconfirmed . $p . $tDisapproved => '(u.block = 1 AND ue.confirmed = 0 AND ue.approved = 2)', $tEnabled . $p . $tUnconfirmed . $p . $tDisapproved => '(u.block = 0 AND ue.confirmed = 0 AND ue.approved = 2)', $tBlocked . $p . $tConfirmed . $p . $tDisapproved => '(u.block = 1 AND ue.confirmed = 1 AND ue.approved = 2)', $tEnabled . $p . $tConfirmed . $p . $tDisapproved => '(u.block = 0 AND ue.confirmed = 1 AND ue.approved = 2)', $tBlocked . $p . $tUnconfirmed . $p . $tApproved => '(u.block = 1 AND ue.confirmed = 0 AND ue.approved = 1)', $tEnabled . $p . $tUnconfirmed . $p . $tApproved => '(u.block = 0 AND ue.confirmed = 0 AND ue.approved = 1)', $tBlocked . $p . $tConfirmed . $p . $tApproved => '(u.block = 1 AND ue.confirmed = 1 AND ue.approved = 1)', $tEnabled . $p . $tConfirmed . $p . $tApproved => '(u.block = 0 AND ue.confirmed = 1 AND ue.approved = 1)', CBTxt::T('Avatar not approved') => "(ue.avatar > '' AND ue.avatarapproved = 0)"); if ($filter_status) { $tablesWhereSQL[] = $userstates[$filter_status]; } if ($filter_logged == 1) { $tablesWhereSQL[] = "s.userid = u.id"; } else { if ($filter_logged == 2) { $tablesWhereSQL[] = "s.userid IS NULL"; } } // exclude any child group id's for this user //$_CB_framework->acl->_debug = true; if (!$_CB_framework->acl->amIaSuperAdmin()) { $pgids = $_CB_framework->acl->get_groups_below_me(null, true); if (is_array($pgids) && count($pgids) > 0) { if (checkJversion() == 2) { $tablesWhereSQL[] = "( aro.group_id IN ( " . implode(',', $pgids) . " ) )"; } else { $tablesWhereSQL[] = "( u.gid IN ( " . implode(',', $pgids) . " ) )"; } } } // Filter the checkmarked users only: if ($task !== 'showusers') { if (is_array($cid) && count($cid) > 0) { cbArrayToInts($cid); $tablesWhereSQL[] = "( u.id IN ( " . implode(',', $cid) . " ) )"; } } // Advanced searches: $myCbUser =& CBuser::getInstance($_CB_framework->myId()); $myUser =& $myCbUser->getUserData(); $tabs = $myCbUser->_getCbTabs(); // new cbTabs( 0, 1 ); //TBD: later: this private method should not be called here, but the whole users-list should go into there and be called here. $allFields = $tabs->_getTabFieldsDb(null, $myUser, 'adminfulllist'); foreach ($allFields as $k => $v) { if (in_array($v->type, array('pm', 'status', 'formatname', 'hidden', 'delimiter', 'userparams'))) { unset($allFields[$k]); // delimiter, userparams do not have search for now! } } $searchVals = new stdClass(); $list_compare_types = 1; // Advanced: all possibilities (WARNING: can be slow) $tableReferences = array('#__comprofiler' => 'ue', '#__users' => 'u'); $searchesFromFields = $tabs->applySearchableContents($allFields, $searchVals, $_POST, $list_compare_types); $whereFields = $searchesFromFields->reduceSqlFormula($tableReferences, $joinsSQL, TRUE); if ($whereFields) { $tablesWhereSQL[] = '(' . $whereFields . ')'; } $searchTabContent = $tabs->getSearchablesContents($allFields, $myUser, $searchVals, $list_compare_types); if ($filter_logged == 1 || $filter_logged == 2) { $joinsSQL[] .= "\n INNER JOIN #__session AS s ON s.userid = u.id"; // } else { done later, to avoid blocking site: // $joinsSQL[] .= "\n LEFT JOIN #__session AS s ON s.userid = u.id"; } if (checkJversion() == 2) { $joinsSQL[] = "INNER JOIN #__user_usergroup_map AS aro ON aro.user_id = u.id"; // map user to aro for selection (and display if no selection) if ($filter_type) { $joinsSQL[] = "LEFT JOIN #__user_usergroup_map AS arodisplay ON arodisplay.user_id = u.id"; // map user to aro for display of all groups $joinsSQL[] = "INNER JOIN #__usergroups AS g ON g.id = arodisplay.group_id"; // map aro to group for display group name } else { $joinsSQL[] = "INNER JOIN #__usergroups AS g ON g.id = aro.group_id"; // map aro to group } } $_PLUGINS->loadPluginGroup('user'); $_PLUGINS->trigger('onBeforeBackendUsersListBuildQuery', array(&$tablesSQL, &$joinsSQL, &$tablesWhereSQL, $option)); $queryFrom = "\n FROM " . implode(', ', $tablesSQL) . (count($joinsSQL) ? "\n " . implode("\n ", $joinsSQL) : '') . (count($tablesWhereSQL) ? "\n WHERE " . implode(' AND ', $tablesWhereSQL) : ''); // Counting query: $query = "SELECT COUNT(DISTINCT u.id)" . $queryFrom; $_CB_database->setQuery($query); $total = $_CB_database->loadResult(); if ($total === null) { echo $_CB_database->getErrorMsg(); } if ($total <= $limitstart) { $limitstart = 0; } cbimport('cb.pagination'); $pageNav = new cbPageNav($total, $limitstart, $limit); if (checkJversion() == 2) { $grp_name = 'title'; } elseif (checkJversion() == 1) { $grp_name = 'name'; $joinsSQL[] = "INNER JOIN #__core_acl_aro AS aro ON aro.value = u.id"; // map user to aro $joinsSQL[] = "INNER JOIN #__core_acl_groups_aro_map AS gm ON gm.aro_id = aro.id"; // map aro to group $joinsSQL[] = "INNER JOIN #__core_acl_aro_groups AS g ON g.id = gm.group_id"; $tablesWhereSQL[] = "aro.section_value = 'users'"; } else { $grp_name = 'name'; $joinsSQL[] = "INNER JOIN #__core_acl_aro AS aro ON aro.value = u.id"; // map user to aro $joinsSQL[] = "INNER JOIN #__core_acl_groups_aro_map AS gm ON gm.aro_id = aro.aro_id"; // map aro to group $joinsSQL[] = "INNER JOIN #__core_acl_aro_groups AS g ON g.group_id = gm.group_id"; $tablesWhereSQL[] = "aro.section_value = 'users'"; } $queryFrom = "\n FROM " . implode(', ', $tablesSQL) . (count($joinsSQL) ? "\n " . implode("\n ", $joinsSQL) : '') . (count($tablesWhereSQL) ? "\n WHERE " . implode(' AND ', $tablesWhereSQL) : ''); // Main query: if (checkJversion() == 2) { $query = "SELECT u.*, GROUP_CONCAT( DISTINCT g.{$grp_name} ORDER BY g.{$grp_name} SEPARATOR ', ') AS groupname, ue.approved, ue.confirmed, ue.cbactivation" . $queryFrom . ' GROUP BY u.id'; } else { $query = "SELECT DISTINCT u.*, g.{$grp_name} AS groupname, ue.approved, ue.confirmed, ue.cbactivation" . $queryFrom; } $_CB_database->setQuery($query, (int) $pageNav->limitstart, (int) $pageNav->limit); $rows = $_CB_database->loadObjectList(null, 'moscomprofilerUser', array(&$_CB_database)); if ($_CB_database->getErrorNum()) { echo $_CB_database->stderr(); return false; } // creates the CBUsers in cache corresponding to the $users: foreach (array_keys($rows) as $k) { // do not do this otherwise substitutions do not work: // CBuser::setUserGetCBUserInstance( $rows[$k] ); } $template = 'SELECT COUNT(s.userid) FROM #__session AS s WHERE s.userid = '; $n = count($rows); for ($i = 0; $i < $n; $i++) { $row =& $rows[$i]; $query = $template . (int) $row->id; $_CB_database->setQuery($query); $row->loggedin = $_CB_database->loadResult(); } if (checkJversion() >= 2 && version_compare(checkJversion('release'), '2.5', '>=')) { $userids = array(); for ($i = 0; $i < $n; $i++) { $userids[] = (int) $rows[$i]->id; $rows[$i]->note_count = 0; } if ($userids) { $query = "SELECT n.user_id, COUNT(n.id) AS note_count" . "\n FROM " . $_CB_database->NameQuote('#__user_notes') . ' AS n' . "\n WHERE n.user_id IN (" . implode(',', $userids) . ')' . "\n AND n.state >= 0" . "\n GROUP BY n.user_id"; $_CB_database->setQuery($query); $notes = $_CB_database->loadObjectList('user_id'); for ($i = 0; $i < $n; $i++) { $rows[$i]->note_count = isset($notes[$rows[$i]->id]) ? $notes[$rows[$i]->id]->note_count : 0; } } } $select_tag_attribs = 'class="inputbox" size="1" onchange="document.adminForm.submit( );"'; $inputTextExtras = ''; if ($task != 'showusers') { $inputTextExtras = ' disabled="disabled"'; $select_tag_attribs .= $inputTextExtras; } // get list of Log Status for dropdown filter $logged[] = moscomprofilerHTML::makeOption(0, CBTxt::T('- Select Login State -')); $logged[] = moscomprofilerHTML::makeOption(1, CBTxt::T('Logged In')); $lists['logged'] = moscomprofilerHTML::selectList($logged, 'filter_logged', $select_tag_attribs, 'value', 'text', "{$filter_logged}", 2); // get list of Groups for dropdown filter if (checkJversion() == 2) { $query = "SELECT id AS value, title AS text" . "\n FROM #__usergroups"; } else { $query = "SELECT name AS value, name AS text" . "\n FROM #__core_acl_aro_groups" . "\n WHERE name != 'ROOT'" . "\n AND name != 'USERS'"; } $types[] = moscomprofilerHTML::makeOption('0', CBTxt::T('- Select Group -')); $_CB_database->setQuery($query); $types = array_merge($types, $_CB_database->loadObjectList()); $lists['type'] = moscomprofilerHTML::selectList($types, 'filter_type', $select_tag_attribs, 'value', 'text', "{$filter_type}", 2); $status[] = moscomprofilerHTML::makeOption(0, CBTxt::T('- Select User Status -')); foreach (array_keys($userstates) as $k) { $status[] = moscomprofilerHTML::makeOption($k, $k); } $lists['status'] = moscomprofilerHTML::selectList($status, 'filter_status', $select_tag_attribs, 'value', 'text', "{$filter_status}", 2); $pluginAdditions = $_PLUGINS->trigger('onAfterBackendUsersList', array(1, &$rows, &$pageNav, &$search, &$lists, $option, $select_tag_attribs)); $pluginColumns = array(); foreach ($pluginAdditions as $addition) { if (is_array($addition)) { $pluginColumns = array_merge($pluginColumns, $addition); } } if ($task == 'showusers') { $canAdmin = CBuser::getMyInstance()->authoriseAction('core.admin', 'com_users'); $canManage = CBuser::getMyInstance()->authoriseAction('core.manage', 'com_users'); $canCreate = CBuser::getMyInstance()->authoriseAction('core.create', 'com_users'); $canEdit = CBuser::getMyInstance()->authoriseAction('core.edit', 'com_users'); $canEditOwn = CBuser::getMyInstance()->authoriseAction('core.edit.own', 'com_users'); $canEditState = CBuser::getMyInstance()->authoriseAction('core.edit.state', 'com_users'); $usersView = _CBloadView('users'); $usersView->showUsers($rows, $pageNav, $search, $option, $lists, $pluginColumns, $inputTextExtras, $searchTabContent, $canAdmin, $canManage, $canCreate, $canEdit, $canEditOwn, $canEditState); } elseif ($task == 'resendconfirmationemails') { $this->_cbadmin_resendconfirmationemailsToUsers($rows, $pageNav, $search, $option, $lists, $pluginColumns, $inputTextExtras, $searchTabContent); } else { $emailSubject = stripslashes(cbGetParam($_POST, 'emailsubject', '')); $emailBody = stripslashes(cbGetParam($_POST, 'emailbody', '', _CB_ALLOWRAW | _CB_NOTRIM)); $emailsPerBatch = stripslashes(cbGetParam($_POST, 'emailsperbatch', 50)); $emailPause = stripslashes(cbGetParam($_POST, 'emailpause', 30)); $simulationMode = stripslashes(cbGetParam($_POST, 'simulationmode', '')); if (count($cid) > 0 && count($cid) < $total) { $total = count($cid); } if ($task == 'emailusers') { $pluginRows = $_PLUGINS->trigger('onBeforeBackendUsersEmailForm', array(&$rows, &$pageNav, &$search, &$lists, &$cid, &$emailSubject, &$emailBody, &$inputTextExtras, &$select_tag_attribs, $simulationMode, $option)); $usersView = _CBloadView('users'); $usersView->emailUsers($rows, $total, $search, $option, $lists, $cid, $inputTextExtras, $searchTabContent, $emailSubject, $emailBody, $emailsPerBatch, $emailPause, $simulationMode, $pluginRows); } elseif ($task == 'startemailusers') { $pluginRows = $_PLUGINS->trigger('onBeforeBackendUsersEmailStart', array(&$rows, $total, $search, $lists, $cid, &$emailSubject, &$emailBody, &$inputTextExtras, $simulationMode, $option)); $usersView = _CBloadView('users'); $usersView->startEmailUsers($rows, $search, $option, $lists, $cid, $inputTextExtras, $searchTabContent, $emailSubject, $emailBody, $emailsPerBatch, $emailPause, $total, $simulationMode, $pluginRows); } elseif ($task == 'ajaxemailusers') { $this->_cbadmin_emailUsers($rows, $emailSubject, $emailBody, $limitstart, $limit, $total, $simulationMode); } } return true; }