Esempio n. 1
0
	function showUsers( $option, $task, $cid ) {
		global $_CB_database, $_CB_framework, $_POST, $_PLUGINS, $_CB_TxtIntStore;

		$this->_importNeeded();

		$limit						=	(int) $_CB_framework->getCfg( 'list_limit' );
		if ( $limit == 0 ) {
			$limit					=	10;
		}
		$filter_type				=	$_CB_framework->getUserStateFromRequest( "filter_type{$option}", 'filter_type', 0 );
		$filter_status				=	$_CB_framework->getUserStateFromRequest( "filter_status{$option}", 'filter_status', 0 );
		$filter_logged				=	intval( $_CB_framework->getUserStateFromRequest( "filter_logged{$option}", 'filter_logged', 0 ) );
		$lastCBlist					=	$_CB_framework->getUserState( "view{$option}lastCBlist", null );
		if( $lastCBlist == 'showusers' ) {
			if ( $task == 'showusers' ) {
				$limit				=	$_CB_framework->getUserStateFromRequest( "viewlistlimit", 'limit', $limit );
				$limitstart			=	$_CB_framework->getUserStateFromRequest( "view{$option}limitstart", 'limitstart', 0 );
			}
			$lastSearch 			=	$_CB_framework->getUserState( "search{$option}", null );
			$search					=	$_CB_framework->getUserStateFromRequest( "search{$option}", 'search', '' );
			if ( $lastSearch != $search ) {
				$limitstart			=	0;
				$_CB_framework->setUserState( "view{$option}limitstart", $limitstart );
			}
			$search					=	stripslashes( trim( ( $_CB_TxtIntStore->_iso != 'UTF-8' ) ? strtolower( $search ) : ( is_callable( 'mb_convert_case' ) ? mb_convert_case( $search, MB_CASE_LOWER, "UTF-8") : utf8_encode(strtolower(utf8_decode( $search ) ) ) ) ) );
		} else {
			$filter_type			=	0;
			$filter_status			=	0;
			$filter_logged			=	0;
			clearSearchBox();
			$search					=	'';
			$limitstart				=	0;
			$_CB_framework->setUserState( "view{$option}limitstart", $limitstart );
			$_CB_framework->setUserState( "view{$option}lastCBlist", "showusers" );
		}
	
		if ( $task !== 'showusers' ) {
			if ( $task == 'ajaxemailusers' ) {
				$limitstart			=	cbGetParam( $_POST, 'limitstart', 0 );
				$limit				=	cbGetParam( $_POST, 'limit', 0 );
			} else {
				$limitstart			=	0;
				if ( $task == 'emailusers' ) {
					$limit			=	101;		// so that first 100 users and more... is displayed.
				} else {
					$limit			=	cbGetParam( $_POST, 'limit', 0 );
				}
			}
		}
		
		$tablesSQL					=	array( 'u'	=> '#__users AS u' );
		$joinsSQL					=	array( 'ue'	=> 'LEFT JOIN #__comprofiler AS ue ON u.id = ue.id' );
		$tablesWhereSQL				=	array();
	
		if ( isset( $search ) && ( $search != "") ) {
			$tablesWhereSQL[]		=	"(u.username LIKE '%" . $_CB_database->getEscaped( $search, true ) . "%' OR u.email LIKE '%" . $_CB_database->getEscaped( $search, true ) . "%' OR u.name LIKE '%" . $_CB_database->getEscaped( $search, true ) . "%')";
		}
		if ( $filter_type ) {
			if ( checkJversion() == 2 ) {
				$tablesWhereSQL[]	=	"aro.group_id = " . (int)  $filter_type;
			} else {
				if ( $filter_type == 'Public Frontend' ) {
					$tablesWhereSQL[]	=	"(u.usertype = 'Registered' OR u.usertype = 'Author' OR u.usertype = 'Editor'OR u.usertype = 'Publisher')";
				} else if ( $filter_type == 'Public Backend' ) {
					$tablesWhereSQL[]	=	"( u.usertype = 'Manager' OR u.usertype = 'Administrator' OR u.usertype = 'Super Administrator' )";
				} else {
					$tablesWhereSQL[]	=	"u.usertype = " . $_CB_database->Quote( $filter_type );
				}
			}
		}
		$tBlocked					=	CBTxt::T('Blocked');
		$tEnabled					=	CBTxt::T('Enabled');
		$tUnconfirmed				=	CBTxt::T('Unconfirmed');
		$tConfirmed					=	CBTxt::T('Confirmed');
		$tUnapproved				=	CBTxt::T('Unapproved');
		$tDisapproved				=	CBTxt::T('Disapproved');
		$tApproved					=	CBTxt::T('Approved');
		$tBanned					=	CBTxt::T('Banned');
		$p							=	' + ';
		$userstates	=	array(
						$tBlocked											=>	'u.block = 1',
						$tEnabled											=>	'u.block = 0',
						$tUnconfirmed										=>	'ue.confirmed = 0',
						$tConfirmed											=>	'ue.confirmed = 1',
						$tUnapproved										=>	'ue.approved = 0',
						$tDisapproved										=>	'ue.approved = 2',
						$tApproved											=>	'ue.approved = 1',
						$tBanned											=>	'ue.banned <> 0',
						$tBlocked . $p . $tUnconfirmed . $p . $tUnapproved	=>	'(u.block = 1 AND ue.confirmed = 0 AND ue.approved = 0)',
						$tEnabled . $p . $tUnconfirmed . $p . $tUnapproved	=>	'(u.block = 0 AND ue.confirmed = 0 AND ue.approved = 0)',
						$tBlocked . $p . $tConfirmed   . $p . $tUnapproved	=>	'(u.block = 1 AND ue.confirmed = 1 AND ue.approved = 0)',
						$tEnabled . $p . $tConfirmed   . $p . $tUnapproved	=>	'(u.block = 0 AND ue.confirmed = 1 AND ue.approved = 0)',
						$tBlocked . $p . $tUnconfirmed . $p . $tDisapproved	=>	'(u.block = 1 AND ue.confirmed = 0 AND ue.approved = 2)',
						$tEnabled . $p . $tUnconfirmed . $p . $tDisapproved	=>	'(u.block = 0 AND ue.confirmed = 0 AND ue.approved = 2)',
						$tBlocked . $p . $tConfirmed   . $p . $tDisapproved	=>	'(u.block = 1 AND ue.confirmed = 1 AND ue.approved = 2)',
						$tEnabled . $p . $tConfirmed   . $p . $tDisapproved	=>	'(u.block = 0 AND ue.confirmed = 1 AND ue.approved = 2)',
						$tBlocked . $p . $tUnconfirmed . $p . $tApproved	=>	'(u.block = 1 AND ue.confirmed = 0 AND ue.approved = 1)',
						$tEnabled . $p . $tUnconfirmed . $p . $tApproved	=>	'(u.block = 0 AND ue.confirmed = 0 AND ue.approved = 1)',
						$tBlocked . $p . $tConfirmed   . $p . $tApproved	=>	'(u.block = 1 AND ue.confirmed = 1 AND ue.approved = 1)',
						$tEnabled . $p . $tConfirmed   . $p . $tApproved	=>	'(u.block = 0 AND ue.confirmed = 1 AND ue.approved = 1)',
						CBTxt::T('Avatar not approved')						=>	"(ue.avatar > '' AND ue.avatarapproved = 0)" );
		if ( $filter_status ) {
			$tablesWhereSQL[]		=	$userstates[$filter_status];
		}
		if ( $filter_logged == 1 ) {
			$tablesWhereSQL[]		=	"s.userid = u.id";
		} else if ($filter_logged == 2) {
			$tablesWhereSQL[]		=	"s.userid IS NULL";
		}
	
		// exclude any child group id's for this user
		//$_CB_framework->acl->_debug = true;
		$pgids						=	$_CB_framework->acl->get_group_children( userGID( $_CB_framework->myId() ), 'ARO', 'RECURSE' );
		if ( is_array( $pgids ) && (count( $pgids ) > 0 ) ) {
			if ( checkJversion() == 2 ) {
				$tablesWhereSQL[]	=	"( aro.group_id NOT IN ( " . implode( ',', $pgids ) . " ) )";
			} else {
				$tablesWhereSQL[]	=	"( u.gid NOT IN ( " . implode( ',', $pgids ) . " ) )";
			}
		}
		// Filter the checkmarked users only:
		if ( $task !== 'showusers' ) {
			if ( is_array( $cid ) && ( count( $cid ) > 0 ) ) {
				cbArrayToInts( $cid );
				$tablesWhereSQL[]		=	"( u.id IN ( " . implode( ',', $cid ) . " ) )";
			}
		}
	
		// Advanced searches:
		$myCbUser				=&	CBuser::getInstance( $_CB_framework->myId() );
		$myUser					=&	$myCbUser->getUserData();
		$tabs					=	$myCbUser->_getCbTabs();		//	new cbTabs( 0, 1 );		//TBD: later: this private method should not be called here, but the whole users-list should go into there and be called here.
		$allFields				=	$tabs->_getTabFieldsDb( null, $myUser, 'adminfulllist' );
		foreach ( $allFields as $k => $v ) {
			if ( in_array( $v->type, array( 'pm', 'status', 'formatname', 'hidden', 'delimiter', 'userparams' ) ) ) {
				unset( $allFields[$k] );		// delimiter, userparams do not have search for now!
			}
		}
		$searchVals				=	new stdClass();
		$list_compare_types		=	1;		// Advanced: all possibilities (WARNING: can be slow)
		$tableReferences		=	array( '#__comprofiler' => 'ue', '#__users' => 'u' );
		$searchesFromFields		=	$tabs->applySearchableContents( $allFields, $searchVals, $_POST, $list_compare_types );
		$whereFields			=	$searchesFromFields->reduceSqlFormula( $tableReferences, $joinsSQL, TRUE );
		if ( $whereFields ) {
			$tablesWhereSQL[]	=	'(' . $whereFields . ')';
		}
		$searchTabContent		=	$tabs->getSearchablesContents( $allFields, $myUser, $searchVals, $list_compare_types );
		
		if ($filter_logged == 1 || $filter_logged == 2) {
			$joinsSQL[]				.=	"\n INNER JOIN #__session AS s ON s.userid = u.id";
		// } else {		done later, to avoid blocking site:
		//	$joinsSQL[]				.=	"\n LEFT JOIN #__session AS s ON s.userid = u.id";
		}
	
		if ( checkJversion() == 2 ) {
			$joinsSQL[]				=	"INNER JOIN #__user_usergroup_map AS aro ON aro.user_id = u.id";			// map user to aro for selection (and display if no selection)
			if ( $filter_type ) {
				$joinsSQL[]			=	"LEFT JOIN #__user_usergroup_map AS arodisplay ON arodisplay.user_id = u.id";	// map user to aro for display of all groups
				$joinsSQL[]			=	"INNER JOIN #__usergroups AS g ON g.id = arodisplay.group_id"; 					// map aro to group for display group name
			} else {
				$joinsSQL[]			=	"INNER JOIN #__usergroups AS g ON g.id = aro.group_id"; 					// map aro to group
			}
		}
	
	   	$_PLUGINS->loadPluginGroup('user');
		$_PLUGINS->trigger( 'onBeforeBackendUsersListBuildQuery', array( &$tablesSQL, &$joinsSQL, &$tablesWhereSQL, $option ) );
	
		$queryFrom					=	"\n FROM " . implode( ', ', $tablesSQL )
									.	( count( $joinsSQL ) ? "\n " . implode( "\n ", $joinsSQL ) : '' )
									.	( count( $tablesWhereSQL ) ? "\n WHERE " . implode( ' AND ', $tablesWhereSQL ) : '' )
									;
	
		// Counting query:
		$query						=	"SELECT COUNT(DISTINCT u.id)"
									.	$queryFrom
									;
		$_CB_database->setQuery( $query );
		$total						=	$_CB_database->loadResult();
		if ( $total === null ) {
			echo $_CB_database->getErrorMsg();
		}
		if ( $total <= $limitstart ) {
			$limitstart				=	0;
		}
	
		cbimport( 'cb.pagination' );
		$pageNav					=	new cbPageNav( $total, $limitstart, $limit  );
	
		if ( checkJversion() == 2 ) {
			$grp_name				=	'title';
		} elseif ( checkJversion() == 1 ) {
			$grp_name				=	'name';
			$joinsSQL[]				=	"INNER JOIN #__core_acl_aro AS aro ON aro.value = u.id";					// map user to aro
			$joinsSQL[]				=	"INNER JOIN #__core_acl_groups_aro_map AS gm ON gm.aro_id = aro.id";		// map aro to group
			$joinsSQL[]				=	"INNER JOIN #__core_acl_aro_groups AS g ON g.id = gm.group_id";
			$tablesWhereSQL[]		=	"aro.section_value = 'users'";
		} else {
			$grp_name				=	'name';
			$joinsSQL[]				=	"INNER JOIN #__core_acl_aro AS aro ON aro.value = u.id";					// map user to aro
			$joinsSQL[]				=	"INNER JOIN #__core_acl_groups_aro_map AS gm ON gm.aro_id = aro.aro_id";	// map aro to group
			$joinsSQL[]				=	"INNER JOIN #__core_acl_aro_groups AS g ON g.group_id = gm.group_id";
			$tablesWhereSQL[]		=	"aro.section_value = 'users'";
		}
	
		$queryFrom					=	"\n FROM " . implode( ', ', $tablesSQL )
									.	( count( $joinsSQL ) ? "\n " . implode( "\n ", $joinsSQL ) : '' )
									.	( count( $tablesWhereSQL ) ? "\n WHERE " . implode( ' AND ', $tablesWhereSQL ) : '' )
									;
	
		// Main query:
		if ( checkJversion() == 2 ) {
			$query					=	"SELECT u.*, GROUP_CONCAT( DISTINCT g.$grp_name ORDER BY g.$grp_name SEPARATOR ', ') AS groupname, ue.approved, ue.confirmed"
									.	$queryFrom
									.	' GROUP BY u.id'
									;
		} else {
			$query					=	"SELECT DISTINCT u.*, g.$grp_name AS groupname, ue.approved, ue.confirmed"
									.	$queryFrom
									;
		}
		$_CB_database->setQuery( $query, (int) $pageNav->limitstart, (int) $pageNav->limit );
		$rows						=	$_CB_database->loadObjectList( null, 'moscomprofilerUser', array( &$_CB_database ) );
		if ($_CB_database->getErrorNum()) {
			echo $_CB_database->stderr();
			return false;
		}
		// creates the CBUsers in cache corresponding to the $users:
		foreach ( array_keys( $rows ) as $k) {
			// do not do this otherwise substitutions do not work: 
			// CBuser::setUserGetCBUserInstance( $rows[$k] );
		}
	
		$template				=	'SELECT COUNT(s.userid) FROM #__session AS s WHERE s.userid = ';
		$n						=	count( $rows );
		for ( $i = 0; $i < $n; $i++ ) {
			$row				=	&$rows[$i];
			$query				=	$template . (int) $row->id;
			$_CB_database->setQuery( $query );
			$row->loggedin		=	$_CB_database->loadResult();
		}
	
		$select_tag_attribs		=	'class="inputbox" size="1" onchange="document.adminForm.submit( );"';
		$inputTextExtras		=	'';
		if ( $task != 'showusers' ) {
			$inputTextExtras	=	' disabled="disabled"';
			$select_tag_attribs	.=	$inputTextExtras;
		}
	
		// get list of Log Status for dropdown filter
		$logged[]				=	moscomprofilerHTML::makeOption( 0, CBTxt::T('- Select Login State -'));
		$logged[]				=	moscomprofilerHTML::makeOption( 1, CBTxt::T('Logged In'));
		$lists['logged']		=	moscomprofilerHTML::selectList( $logged, 'filter_logged', $select_tag_attribs, 'value', 'text', "$filter_logged", 2 );
	
		// get list of Groups for dropdown filter
		if ( checkJversion() == 2 ) {
			$query				=	"SELECT id AS value, title AS text"
								.	"\n FROM #__usergroups";
		} else {
			$query				=	"SELECT name AS value, name AS text"
								.	"\n FROM #__core_acl_aro_groups"
								.	"\n WHERE name != 'ROOT'"
								.	"\n AND name != 'USERS'";
		}
	
		$types[]				=	moscomprofilerHTML::makeOption( '0', CBTxt::T('- Select Group -') );
		$_CB_database->setQuery( $query );
		$types					=	array_merge( $types, $_CB_database->loadObjectList() );
		$lists['type']			=	moscomprofilerHTML::selectList( $types, 'filter_type', $select_tag_attribs, 'value', 'text', "$filter_type", 2 );
	
		$status[]				=	moscomprofilerHTML::makeOption( 0, CBTxt::T('- Select User Status -'));
		foreach ( array_keys( $userstates ) as $k ) {
			$status[]			=	moscomprofilerHTML::makeOption( $k, $k );
		}
		$lists['status']		=	moscomprofilerHTML::selectList( $status, 'filter_status', $select_tag_attribs, 'value', 'text', "$filter_status", 2 );
	
		$pluginAdditions		=	$_PLUGINS->trigger( 'onAfterBackendUsersList', array( 1, &$rows, &$pageNav, &$search, &$lists, $option, $select_tag_attribs ) );
		$pluginColumns			=	array();
		foreach ( $pluginAdditions as $addition ) {
			if ( is_array( $addition ) ) {
				$pluginColumns	=	array_merge( $pluginColumns, $addition );
			}
		}
	
		if ( $task == 'showusers' ) {
			$usersView			=	_CBloadView( 'users' );
			$usersView->showUsers( $rows, $pageNav, $search, $option, $lists, $pluginColumns, $inputTextExtras, $searchTabContent );
		} else {
			$emailSubject		=	stripslashes( cbGetParam( $_POST, 'emailsubject', '' ) );
			$emailBody			=	stripslashes( cbGetParam( $_POST, 'emailbody', '', _CB_ALLOWRAW | _CB_NOTRIM ) );
			$emailsPerBatch		=	stripslashes( cbGetParam( $_POST, 'emailsperbatch', 50 ) );
			$emailPause			=	stripslashes( cbGetParam( $_POST, 'emailpause', 30 ) );
			$simulationMode		=	stripslashes( cbGetParam( $_POST, 'simulationmode', '' ) );
			if ( count( $cid ) > 0 && count( $cid ) < $total ) {
				$total			=	count( $cid );
			}
			if ( $task == 'emailusers' ) {
				$pluginRows		=	$_PLUGINS->trigger( 'onBeforeBackendUsersEmailForm', array( &$rows, &$pageNav, &$search, &$lists, &$cid, &$emailSubject, &$emailBody, &$inputTextExtras, &$select_tag_attribs, $simulationMode, $option ) );
				$usersView		=	_CBloadView( 'users' );
				$usersView->emailUsers( $rows, $total, $search, $option, $lists, $cid, $inputTextExtras, $searchTabContent, $emailSubject, $emailBody, $emailsPerBatch, $emailPause, $simulationMode, $pluginRows );
			} elseif ( $task == 'startemailusers' ) {
				$pluginRows		=	$_PLUGINS->trigger( 'onBeforeBackendUsersEmailStart', array( &$rows, $total, $search, $lists, $cid, &$emailSubject, &$emailBody, &$inputTextExtras, $simulationMode, $option ) );
				$usersView		=	_CBloadView( 'users' );
				$usersView->startEmailUsers( $rows, $search, $option, $lists, $cid, $inputTextExtras, $searchTabContent, $emailSubject, $emailBody, $emailsPerBatch, $emailPause, $total, $simulationMode, $pluginRows );
			} elseif ( $task == 'ajaxemailusers' ) {
				$this->_cbadmin_emailUsers( $rows, $emailSubject, $emailBody, $limitstart, $limit, $total, $simulationMode );
			}
		}
		return true;
	}
function viewPlugins($option)
{
    global $_CB_database, $_CB_framework;
    $limit = (int) $_CB_framework->getCfg('list_limit');
    if ($limit == 0) {
        $limit = 10;
    }
    $limit = $_CB_framework->getUserStateFromRequest("viewlistlimit", 'limit', $limit);
    $lastCBlist = $_CB_framework->getUserState("view{$option}lastCBlist", null);
    if ($lastCBlist == 'showplugins') {
        $limitstart = $_CB_framework->getUserStateFromRequest("view{$option}limitstart", 'limitstart', 0);
        $lastSearch = $_CB_framework->getUserState("search{$option}", null);
        $search = $_CB_framework->getUserStateFromRequest("search{$option}", 'search', '');
        if ($lastSearch != $search) {
            $limitstart = 0;
            $_CB_framework->setUserState("view{$option}limitstart", $limitstart);
        }
        $search = trim(strtolower($search));
        $filter_type = $_CB_framework->getUserStateFromRequest("filter_type{$option}", 'filter_type', "0");
    } else {
        clearSearchBox();
        $search = "";
        $limitstart = 0;
        $_CB_framework->setUserState("view{$option}limitstart", $limitstart);
        $_CB_framework->setUserState("view{$option}lastCBlist", "showplugins");
        $filter_type = "0";
        $_CB_framework->setUserState("filter_type{$option}", $filter_type);
    }
    $where = array();
    // used by filter
    if ($filter_type) {
        $where[] = "m.type = '{$filter_type}'";
    }
    if ($search) {
        $search = cbEscapeSQLsearch(trim(strtolower(cbGetEscaped($search))));
        $where[] = "LOWER( m.name ) LIKE '%{$search}%'";
    }
    if (!$_CB_framework->acl->amIaSuperAdmin()) {
        $viewAccessLevels = CBuser::getMyInstance()->getAuthorisedViewLevelsIds(true);
        $viewAccessLevelsCleaned = implode(',', cbArrayToInts($viewAccessLevels));
        $where[] = 'm.access IN (' . $viewAccessLevelsCleaned . ')';
    }
    // get the total number of records
    $query = "SELECT COUNT(*) FROM #__comprofiler_plugin AS m " . (count($where) ? "\n WHERE " . implode(' AND ', $where) : '');
    $_CB_database->setQuery($query);
    $total = $_CB_database->loadResult();
    if ($total <= $limitstart) {
        $limitstart = 0;
    }
    cbimport('cb.pagination');
    $pageNav = new cbPageNav($total, $limitstart, $limit);
    if (checkJversion() == 2) {
        $title = 'title';
    } else {
        $title = 'name';
    }
    $query = "SELECT m.*, u.name AS editor, g.{$title} AS groupname" . "\n FROM #__comprofiler_plugin AS m" . "\n LEFT JOIN #__users AS u ON u.id = m.checked_out";
    if (checkJversion() == 2) {
        $query .= "\n LEFT JOIN #__viewlevels AS g ON g.id = m.access + IF(m.access <= 2, 1, 0)";
        // fix J1.6's wrong access levels, same as g.id = IF( m.access = 0, 1, IF( m.access = 1, 2, IF( m.access = 2, 3, m.access ) ) )
    } else {
        $query .= "\n LEFT JOIN #__groups AS g ON g.id = m.access";
    }
    $query .= (count($where) ? "\n WHERE " . implode(' AND ', $where) : '') . "\n GROUP BY m.id" . "\n ORDER BY m.type ASC, m.ordering ASC, m.name ASC";
    $_CB_database->setQuery($query, (int) $pageNav->limitstart, (int) $pageNav->limit);
    $rows = $_CB_database->loadObjectList();
    if ($_CB_database->getErrorNum()) {
        echo $_CB_database->stderr();
        return false;
    }
    // get list of Positions for dropdown filter
    $query = "SELECT type AS value, type AS text" . "\n FROM #__comprofiler_plugin" . "\n GROUP BY type" . "\n ORDER BY type";
    $types[] = moscomprofilerHTML::makeOption('0', !defined('_SEL_TYPE') ? '- ' . CBTxt::T('Select Type') . ' -' : _SEL_TYPE);
    // Mambo 4.5.1 Compatibility
    $_CB_database->setQuery($query);
    $types = array_merge($types, $_CB_database->loadObjectList());
    $lists['type'] = moscomprofilerHTML::selectList($types, 'filter_type', 'class="inputbox" size="1" onchange="document.adminForm.submit( );"', 'value', 'text', $filter_type, 2);
    $canAdmin = CBuser::getMyInstance()->authoriseAction('core.admin');
    $canEdit = CBuser::getMyInstance()->authoriseAction('core.edit');
    $canEditState = CBuser::getMyInstance()->authoriseAction('core.edit.state');
    HTML_comprofiler::showPlugins($rows, $pageNav, $option, $lists, $search, $canAdmin, $canEdit, $canEditState);
    return true;
}