function viewReports($option, $uid, $act) { global $_CB_framework, $_CB_database, $ueConfig, $_REQUEST; $isModerator = isModerator($_CB_framework->myId()); if ($isModerator == 0) { cbNotAuth(); return; } $Itemid = $_CB_framework->itemid(); $ue_base_url = "index.php?option=com_comprofiler&task=viewReports" . ($Itemid ? "&Itemid=" . (int) $Itemid : ""); // Base URL string $query = "SELECT count(*) FROM #__comprofiler_userreports WHERE " . ($act == 1 ? '' : "reportedstatus=0 AND ") . "reporteduser="******"SELECT u2.name as reportedbyname, u2.username as reportedbyusername, u.name as reportedname, u.username as reportedusername, ur.* FROM #__users u, #__comprofiler_userreports ur, #__users u2 WHERE u.id=ur.reporteduser AND u2.id=ur.reportedbyuser AND " . ($act == 1 ? '' : "ur.reportedstatus=0 AND ") . "ur.reporteduser="******" ORDER BY ur.reporteduser,ur.reportedondate"; $_CB_database->setQuery($query, $limitstart, $limit); $row = $_CB_database->loadObjectList(); outputCbTemplate(1); ?> <!-- TAB --> <div class="componentheading"><?php echo _UE_MODERATE_TITLE; ?> </div><br /><br /> <?php if ($total < 1) { echo _UE_NOREPORTSTOPROCESS; return; } ?> <div class='contentheading'><?php echo _UE_USERREPORT; ?> </div><br /> <?php if ($total > $limit) { ?> <div style="width:100%;text-align:center;"><?php echo writePagesLinks($limitstart, $limit, $total, $ue_base_url); ?> </div><hr /> <?php } ?> <table width='98%' border='0' cellpadding='4' cellspacing='1'> <thead><tr align='left' class="sectiontableheader"> <th><?php echo _UE_REPORTEDUSER; ?> </th> <th><?php echo _UE_REPORT; ?> </th> <th><?php echo _UE_REPORTEDONDATE; ?> </th> <th><?php echo _UE_REPORTEDBY; ?> </th> <th><?php echo _UE_REPORTSTATUS; ?> </th> </tr></thead> <?php for ($i = 0; $i < count($row); $i++) { $class = "sectiontableentry" . (1 + $i % 2); echo "<tr align='left' valign='middle' class='" . $class . "'>"; echo "<td><a href='" . cbSef("index.php?option=com_comprofiler&task=userProfile&user="******"&Itemid=" . (int) $Itemid : "")) . "'>" . getNameFormat($row[$i]->reportedname, $row[$i]->reportedusername, $ueConfig['name_format']) . "</a></td>"; echo "<td>" . $row[$i]->reportexplaination . "</td>"; echo "<td>" . dateConverter($row[$i]->reportedondate, 'Y-m-d', $ueConfig['date_format']) . "</td>"; echo "<td><a href='" . cbSef("index.php?option=com_comprofiler&task=userProfile&user="******"&Itemid=" . (int) $Itemid : "")) . "'>" . getNameFormat($row[$i]->reportedbyname, $row[$i]->reportedbyusername, $ueConfig['name_format']) . "</a></td>"; echo "<td>" . ($row[$i]->reportedstatus ? '<span style="color:green;">' . _UE_REPORTSTATUS_PROCESSED . '</span>' : '<span style="color:red;font-weight:bold;">' . _UE_REPORTSTATUS_OPEN . '</span>') . "</td>"; echo "</tr>\n"; } echo "</table>\n"; if ($total > $limit) { ?> <hr /><div style="width:100%;text-align:center;"><?php echo writePagesLinks($limitstart, $limit, $total, $ue_base_url); ?> </div> <?php } echo "<br /><div style='width:100%;text-align:center;'>\n"; echo "<form action='" . cbSef('index.php?option=com_comprofiler&task=moderateReports' . ($Itemid ? "&Itemid=" . (int) $Itemid : "")) . "' method='post' name='adminForm'>\n"; echo '<input class="button" type="submit" value="' . _UE_USERREPORT_MODERATE . "\" />\n"; echo "</form>\n</div>\n"; }
/** * Draws Users list (ECHO) * * @param int $uid * @param int $listid * @param boolean $searchFormValuesRAW * @return void */ public function drawUsersList($uid, $listid, $searchFormValuesRAW) { global $_CB_database, $_CB_framework, $ueConfig, $_PLUGINS; $search = null; $searchGET = cbGetParam($searchFormValuesRAW, 'search'); $limitstart = (int) getPagesLimitStart($searchFormValuesRAW); $searchmode = (int) cbGetParam($searchFormValuesRAW, 'searchmode', 0); $randomParam = (int) cbGetParam($searchFormValuesRAW, 'rand', 0); // old search on formated name: /* if ( $searchPOST || count( $_POST ) ) { // simple spoof check security cbSpoofCheck( 'usersList' ); if ( cbGetParam( $searchFormValuesRAW, "action" ) == "search" ) { $search = $searchPOST; } } else if ( isset( $searchFormValuesRAW['limitstart'] ) ) { $search = stripslashes( $searchGET ); } */ // get my user and gets the list of user lists he is allowed to see (ACL): $myCbUser =& CBuser::getInstance($uid); if ($myCbUser === null) { $myCbUser =& CBuser::getInstance(null); } $myUser =& $myCbUser->getUserData(); /* $myUser = new moscomprofilerUser( $_CB_database ); if ( $uid ) { $myUser->load( (int) $uid ); } */ $plists = array(); $lists = array(); $publishedlists = array(); $viewAccessLevelsInts = $myCbUser->getAuthorisedViewLevelsIds(false); $useraccessgroupids = $_CB_framework->acl->get_groups_below_me($uid, true); if (count($viewAccessLevelsInts) && count($useraccessgroupids)) { $useraccessgroupSQL = ' AND viewaccesslevel IN (' . implode(',', $viewAccessLevelsInts) . ')'; $useraccessgroupSQL .= ' AND useraccessgroupid IN (' . implode(',', $useraccessgroupids) . ')'; $_CB_database->setQuery("SELECT listid, title FROM #__comprofiler_lists WHERE published=1" . $useraccessgroupSQL . " ORDER BY ordering"); $plists = $_CB_database->loadObjectList(); for ($i = 0, $n = count($plists); $i < $n; $i++) { $plist =& $plists[$i]; $listTitleNoHtml = strip_tags(cbReplaceVars(getLangDefinition($plist->title), $myUser, false, false)); $publishedlists[] = moscomprofilerHTML::makeOption($plist->listid, $listTitleNoHtml); } } // select either list selected or default list to which he has access (ACL): if ($listid == 0 && count($plists)) { $_CB_database->setQuery("SELECT listid FROM #__comprofiler_lists " . "\n WHERE `default`=1 AND published=1" . $useraccessgroupSQL); $listid = (int) $_CB_database->loadresult(); if ($listid == 0 && count($plists) > 0) { $listid = (int) $plists[0]->listid; } } if (!($listid > 0)) { echo _UE_NOLISTFOUND; return; } // generates the drop-down list of lists: if (count($plists) > 1) { $lists['plists'] = moscomprofilerHTML::selectList($publishedlists, 'listid', 'class="inputbox" size="1" onchange="this.form.submit();"', 'value', 'text', $listid, 1); } // loads the list record: $row = self::getInstance($listid); if (!$row) { echo _UE_LIST_DOES_NOT_EXIST; return; } //if ( ! allowAccess( $row->useraccessgroupid,'RECURSE', $_CB_framework->acl->get_groups_below_me( $uid, true ) ) ) { if (!$myCbUser->authoriseView('userslist', $row->listid)) { echo _UE_NOT_AUTHORIZED; return; } $params = new cbParamsBase($row->params); $hotlink_protection = $params->get('hotlink_protection', 0); if ($hotlink_protection == 1) { if ($searchGET !== null || $limitstart) { cbSpoofCheck('usersList', 'GET'); } } $limit = (int) $params->get('list_limit'); if ($limit == 0) { $limit = (int) $ueConfig['num_per_page']; } $showPaging = $params->get('list_paging', 1); if ($showPaging != 1) { $limitstart = 0; } $isModerator = isModerator($_CB_framework->myId()); $_PLUGINS->loadPluginGroup('user'); // $plugSearchFieldsArray = $_PLUGINS->trigger( 'onStartUsersList', array( &$listid, &$row, &$search, &$limitstart, &$limit ) ); $_PLUGINS->trigger('onStartUsersList', array(&$listid, &$row, &$search, &$limitstart, &$limit)); // handles the users allowed to be listed in the list by ACL: $usergids = explode(',', $row->usergroupids); $allusergids = array_diff($usergids, $_CB_framework->acl->mapGroupNamesToValues(array('Public', 'Backend'))); $usergids = implode(",", $allusergids); // build SQL Select query: $random = 0; if ($row->sortfields != '') { $matches = null; if (preg_match('/^RAND\\(\\)\\s(ASC|DESC)$/', $row->sortfields, $matches)) { // random sorting needs to have same seed on pages > 1 to not have probability to show same users: if ($limitstart) { $random = (int) $randomParam; } if (!$random) { $random = rand(0, 32767); } $row->sortfields = 'RAND(' . (int) $random . ') ' . $matches[1]; } $orderby = "\n ORDER BY " . $row->sortfields; } $filterby = ''; if ($row->filterfields != '') { $filterRules = utf8RawUrlDecode(substr($row->filterfields, 1)); if ($_CB_framework->myId()) { $user = new moscomprofilerUser($_CB_database); if ($user->load((int) $_CB_framework->myId())) { $filterRules = cbReplaceVars($filterRules, $user, array($_CB_database, 'getEscaped'), false, array()); } } $filterby = " AND " . $filterRules; } // Prepare part after SELECT .... " and before "FROM" : $tableReferences = array('#__comprofiler' => 'ue', '#__users' => 'u'); // Fetch all fields: $tabs = $myCbUser->_getCbTabs(); // new cbTabs( 0, 1 ); //TBD: later: this private method should not be called here, but the whole users-list should go into there and be called here. $allFields = $tabs->_getTabFieldsDb(null, $myUser, 'list'); // $_CB_database->setQuery( "SELECT * FROM #__comprofiler_fields WHERE published = 1" ); // $allFields = $_CB_database->loadObjectList( 'fieldid', 'moscomprofilerFields', array( &$_CB_database ) ); //Make columns array. This array will later be constructed from the tabs table: $columns = array(); for ($i = 1; $i < 50; ++$i) { $enabledVar = "col" . $i . "enabled"; if (!isset($row->{$enabledVar})) { break; } $titleVar = "col" . $i . "title"; $fieldsVar = "col" . $i . "fields"; $captionsVar = "col" . $i . "captions"; if ($row->{$enabledVar} == 1) { $col = new stdClass(); $col->fields = $row->{$fieldsVar} ? explode('|*|', $row->{$fieldsVar}) : array(); $col->title = $row->{$titleVar}; $col->titleRendered = $myCbUser->replaceUserVars($col->title); $col->captions = $row->{$captionsVar}; // $col->sort = 1; //All columns can be sorted $columns[$i] = $col; } } // build fields and tables accesses, also check for searchable fields: $searchableFields = array(); $fieldsSQL = cbUsersList::getFieldsSQL($columns, $allFields, $tableReferences, $searchableFields, $params); $_PLUGINS->trigger('onAfterUsersListFieldsSql', array(&$columns, &$allFields, &$tableReferences)); $tablesSQL = array(); $joinsSQL = array(); $tablesWhereSQL = array('block' => 'u.block = 0', 'approved' => 'ue.approved = 1', 'confirmed' => 'ue.confirmed = 1'); if (checkJversion() == 2) { $joinsSQL[] = 'JOIN #__user_usergroup_map g ON g.`user_id` = u.`id`'; } if (!$isModerator) { $tablesWhereSQL['banned'] = 'ue.banned = 0'; } if ($usergids) { if (checkJversion() == 2) { $tablesWhereSQL['gid'] = 'g.group_id IN (' . $usergids . ')'; } else { $tablesWhereSQL['gid'] = 'u.gid IN (' . $usergids . ')'; } } foreach ($tableReferences as $table => $name) { if ($name == 'u') { $tablesSQL[] = $table . ' ' . $name; } else { $joinsSQL[] = 'JOIN ' . $table . ' ' . $name . ' ON ' . $name . '.`id` = u.`id`'; } } // handles search criterias: $list_compare_types = $params->get('list_compare_types', 0); $searchVals = new stdClass(); $searchesFromFields = $tabs->applySearchableContents($searchableFields, $searchVals, $searchFormValuesRAW, $list_compare_types); $whereFields = $searchesFromFields->reduceSqlFormula($tableReferences, $joinsSQL, TRUE); if ($whereFields) { $tablesWhereSQL[] = '(' . $whereFields . ')'; /* if ( $search === null ) { $search = ''; } */ } $_PLUGINS->trigger('onBeforeUsersListBuildQuery', array(&$tablesSQL, &$joinsSQL, &$tablesWhereSQL)); $queryFrom = "FROM " . implode(', ', $tablesSQL) . (count($joinsSQL) ? "\n " . implode("\n ", $joinsSQL) : '') . "\n WHERE " . implode("\n AND ", $tablesWhereSQL); // handles old formatted names search: /* if ( $search != '' ) { $searchSQL = cbEscapeSQLsearch( strtolower( $_CB_database->getEscaped( $search ) ) ); $queryFrom .= " AND ("; $searchFields = array(); if ( $ueConfig['name_format']!='3' ) { $searchFields[] = "u.name LIKE '%%s%'"; } if ( $ueConfig['name_format']!='1' ) { $searchFields[] = "u.username LIKE '%%s%'"; } if ( is_array( $plugSearchFieldsArray ) ) { foreach ( $plugSearchFieldsArray as $v ) { if ( is_array( $v ) ) { $searchFields = array_merge( $searchFields, $v ); } } } $queryFrom .= str_replace( '%s', $searchSQL, implode( " OR ", $searchFields ) ); $queryFrom .= ")"; } */ $queryFrom .= " " . $filterby; $_PLUGINS->trigger('onBeforeUsersListQuery', array(&$queryFrom, 1, $listid)); // $uid = 1 $errorMsg = null; // counts number of users and loads the listed fields of the users if not in search-form-only mode: if ($searchmode == 0) { if (checkJversion() == 2) { $_CB_database->setQuery("SELECT COUNT(DISTINCT u.id) " . $queryFrom); } else { $_CB_database->setQuery("SELECT COUNT(*) " . $queryFrom); } $total = $_CB_database->loadResult(); if ($limit > $total || $limitstart >= $total) { $limitstart = 0; } // $query = "SELECT u.id, ue.banned, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby if (checkJversion() == 2) { $query = "SELECT DISTINCT ue.*, u.*, '' AS 'NA' " . ($fieldsSQL ? ", " . $fieldsSQL . " " : '') . $queryFrom . " " . $orderby; } else { $query = "SELECT ue.*, u.*, '' AS 'NA' " . ($fieldsSQL ? ", " . $fieldsSQL . " " : '') . $queryFrom . " " . $orderby; } $_CB_database->setQuery($query, (int) $limitstart, (int) $limit); $users = $_CB_database->loadObjectList(null, 'moscomprofilerUser', array(&$_CB_database)); if ($users) { foreach ($users as $k => $v) { $users[$k]->afterBindFromDatabase(); // load gids and fix CMS database storage bugs } } else { $users = array(); } if (!$_CB_database->getErrorNum()) { // creates the CBUsers in cache corresponding to the $users: if ($users) { foreach (array_keys($users) as $k) { CBuser::setUserGetCBUserInstance($users[$k]); } } } else { $users = array(); $errorMsg = _UE_ERROR_IN_QUERY_TURN_SITE_DEBUG_ON_TO_VIEW; } if (count(get_object_vars($searchVals)) > 0) { $search = ''; } else { $search = null; } } else { $total = null; $users = array(); if ($search === null) { $search = ''; } } // Compute itemId of users in users-list: $Itemid = $_CB_framework->itemid(); if ($Itemid) { $option_itemid = (int) $Itemid; } else { $option_itemid = getCBprofileItemid(0); } HTML_comprofiler::usersList($row, $users, $columns, $allFields, $lists, $listid, $search, $searchmode, $option_itemid, $limitstart, $limit, $total, $myUser, $searchableFields, $searchVals, $tabs, $list_compare_types, $showPaging, $hotlink_protection, $errorMsg, $random); }
function viewReports($option, $uid, $act) { global $_CB_framework, $_CB_database, $_PLUGINS, $_REQUEST; $_PLUGINS->loadPluginGroup('user'); $results = $_PLUGINS->trigger('onBeforeViewReportsFormDisplay', array($uid, $act)); if ($_PLUGINS->is_errors()) { echo "<script type=\"text/javascript\">alert(\"" . $_PLUGINS->getErrorMSG() . "\"); window.history.go(-1); </script>\n"; exit; } $isModerator = Application::MyUser()->isGlobalModerator(); if (!$isModerator) { cbNotAuth(); return; } $query = 'SELECT COUNT(*)' . "\n FROM " . $_CB_database->NameQuote('#__comprofiler_userreports') . "\n WHERE " . $_CB_database->NameQuote('reporteduser') . " = " . (int) $uid . ($act == 1 ? "\n AND " . $_CB_database->NameQuote('reportedstatus') . " = 0" : null); $_CB_database->setQuery($query); $total = $_CB_database->loadResult(); $limitstart = (int) getPagesLimitStart($_REQUEST); $limit = 20; if ($limit > $total) { $limitstart = 0; } $query = 'SELECT *' . "\n FROM " . $_CB_database->NameQuote('#__comprofiler_userreports') . "\n WHERE " . $_CB_database->NameQuote('reporteduser') . " = " . (int) $uid . ($act == 1 ? "\n AND " . $_CB_database->NameQuote('reportedstatus') . " = 0" : null) . "\n ORDER BY " . $_CB_database->NameQuote('reporteduser') . ", " . $_CB_database->NameQuote('reportedondate'); $_CB_database->setQuery($query, $limitstart, $limit); $rows = $_CB_database->loadObjectList(); outputCbTemplate(1); $return = '<div class="cbViewReports cb_template cb_template_' . selectTemplate('dir') . '">'; if (is_array($results)) { $return .= implode('', $results); } $return .= '<div class="page-header"><h3>' . CBTxt::Th('UE_USERREPORT', 'User Report') . '</h3></div>'; if ($total < 1) { $return .= CBTxt::Th('UE_NOREPORTSTOPROCESS', 'No User Reports to Process'); } else { $return .= '<form action="' . $_CB_framework->viewUrl('moderatereports') . '" method="post" id="adminForm" name="adminForm" class="cb_form form-auto">' . '<table class="table table-hover table-responsive">' . '<thead>' . '<tr>' . '<th style="width: 20%;" class="text-left">' . CBTxt::Th('UE_REPORTEDUSER', 'Reported User') . '</th>' . '<th style="width: 20%;" class="text-left">' . CBTxt::Th('UE_REPORT', 'Report') . '</th>' . '<th style="width: 20%;" class="text-left xs-hidden">' . CBTxt::Th('UE_REPORTEDONDATE', 'Report Date') . '</th>' . '<th style="width: 20%;" class="text-left xs-hidden">' . CBTxt::Th('UE_REPORTEDBY', 'Reported By') . '</th>' . '<th style="width: 20%;" class="text-left">' . CBTxt::Th('UE_REPORTSTATUS', 'Report status') . '</th>' . '</tr>' . '</thead>' . '<tbody>'; for ($i = 0; $i < count($rows); $i++) { $row = $rows[$i]; $return .= '<tr>' . '<td style="width: 20%;" class="text-left">' . CBuser::getInstance((int) $row->reporteduser, false)->getField('formatname', null, 'html', 'none', 'list', 0, true) . '</td>' . '<td style="width: 20%;" class="text-left">' . $row->reportexplaination . '</td>' . '<td style="width: 20%;" class="text-left xs-hidden">' . cbFormatDate($row->reportedondate) . '</td>' . '<td style="width: 20%;" class="text-left xs-hidden">' . CBuser::getInstance((int) $row->reportedbyuser, false)->getField('formatname', null, 'html', 'none', 'list', 0, true) . '</td>' . '<td style="width: 20%;" class="text-left ' . ($row->reportedstatus ? 'text-success' : 'text-danger') . '">' . ($row->reportedstatus ? CBTxt::Th('UE_REPORTSTATUS_PROCESSED', 'Processed') : CBTxt::Th('UE_REPORTSTATUS_OPEN', 'Open')) . '</td>' . '</tr>'; } $return .= '</tbody>' . '</table>' . '<div class="form-group cb_form_line clearfix">' . '<input type="submit" class="btn btn-primary cbViewReportsMod" value="' . htmlspecialchars(CBTxt::Th('UE_USERREPORT_MODERATE', 'Moderate User Reports')) . '" />' . '</div>' . '</form>'; if ($total > $limit) { $return .= '<div class="form-group cb_form_line text-center clearfix">' . writePagesLinks($limitstart, $limit, $total, $_CB_framework->viewUrl('viewreports')) . '</div>'; } } $return .= '</div>'; echo $return; }