function showUsers( $option, $task, $cid ) { global $_CB_database, $_CB_framework, $_POST, $_PLUGINS, $_CB_TxtIntStore; $this->_importNeeded(); $limit = (int) $_CB_framework->getCfg( 'list_limit' ); if ( $limit == 0 ) { $limit = 10; } $filter_type = $_CB_framework->getUserStateFromRequest( "filter_type{$option}", 'filter_type', 0 ); $filter_status = $_CB_framework->getUserStateFromRequest( "filter_status{$option}", 'filter_status', 0 ); $filter_logged = intval( $_CB_framework->getUserStateFromRequest( "filter_logged{$option}", 'filter_logged', 0 ) ); $lastCBlist = $_CB_framework->getUserState( "view{$option}lastCBlist", null ); if( $lastCBlist == 'showusers' ) { if ( $task == 'showusers' ) { $limit = $_CB_framework->getUserStateFromRequest( "viewlistlimit", 'limit', $limit ); $limitstart = $_CB_framework->getUserStateFromRequest( "view{$option}limitstart", 'limitstart', 0 ); } $lastSearch = $_CB_framework->getUserState( "search{$option}", null ); $search = $_CB_framework->getUserStateFromRequest( "search{$option}", 'search', '' ); if ( $lastSearch != $search ) { $limitstart = 0; $_CB_framework->setUserState( "view{$option}limitstart", $limitstart ); } $search = stripslashes( trim( ( $_CB_TxtIntStore->_iso != 'UTF-8' ) ? strtolower( $search ) : ( is_callable( 'mb_convert_case' ) ? mb_convert_case( $search, MB_CASE_LOWER, "UTF-8") : utf8_encode(strtolower(utf8_decode( $search ) ) ) ) ) ); } else { $filter_type = 0; $filter_status = 0; $filter_logged = 0; clearSearchBox(); $search = ''; $limitstart = 0; $_CB_framework->setUserState( "view{$option}limitstart", $limitstart ); $_CB_framework->setUserState( "view{$option}lastCBlist", "showusers" ); } if ( $task !== 'showusers' ) { if ( $task == 'ajaxemailusers' ) { $limitstart = cbGetParam( $_POST, 'limitstart', 0 ); $limit = cbGetParam( $_POST, 'limit', 0 ); } else { $limitstart = 0; if ( $task == 'emailusers' ) { $limit = 101; // so that first 100 users and more... is displayed. } else { $limit = cbGetParam( $_POST, 'limit', 0 ); } } } $tablesSQL = array( 'u' => '#__users AS u' ); $joinsSQL = array( 'ue' => 'LEFT JOIN #__comprofiler AS ue ON u.id = ue.id' ); $tablesWhereSQL = array(); if ( isset( $search ) && ( $search != "") ) { $tablesWhereSQL[] = "(u.username LIKE '%" . $_CB_database->getEscaped( $search, true ) . "%' OR u.email LIKE '%" . $_CB_database->getEscaped( $search, true ) . "%' OR u.name LIKE '%" . $_CB_database->getEscaped( $search, true ) . "%')"; } if ( $filter_type ) { if ( checkJversion() == 2 ) { $tablesWhereSQL[] = "aro.group_id = " . (int) $filter_type; } else { if ( $filter_type == 'Public Frontend' ) { $tablesWhereSQL[] = "(u.usertype = 'Registered' OR u.usertype = 'Author' OR u.usertype = 'Editor'OR u.usertype = 'Publisher')"; } else if ( $filter_type == 'Public Backend' ) { $tablesWhereSQL[] = "( u.usertype = 'Manager' OR u.usertype = 'Administrator' OR u.usertype = 'Super Administrator' )"; } else { $tablesWhereSQL[] = "u.usertype = " . $_CB_database->Quote( $filter_type ); } } } $tBlocked = CBTxt::T('Blocked'); $tEnabled = CBTxt::T('Enabled'); $tUnconfirmed = CBTxt::T('Unconfirmed'); $tConfirmed = CBTxt::T('Confirmed'); $tUnapproved = CBTxt::T('Unapproved'); $tDisapproved = CBTxt::T('Disapproved'); $tApproved = CBTxt::T('Approved'); $tBanned = CBTxt::T('Banned'); $p = ' + '; $userstates = array( $tBlocked => 'u.block = 1', $tEnabled => 'u.block = 0', $tUnconfirmed => 'ue.confirmed = 0', $tConfirmed => 'ue.confirmed = 1', $tUnapproved => 'ue.approved = 0', $tDisapproved => 'ue.approved = 2', $tApproved => 'ue.approved = 1', $tBanned => 'ue.banned <> 0', $tBlocked . $p . $tUnconfirmed . $p . $tUnapproved => '(u.block = 1 AND ue.confirmed = 0 AND ue.approved = 0)', $tEnabled . $p . $tUnconfirmed . $p . $tUnapproved => '(u.block = 0 AND ue.confirmed = 0 AND ue.approved = 0)', $tBlocked . $p . $tConfirmed . $p . $tUnapproved => '(u.block = 1 AND ue.confirmed = 1 AND ue.approved = 0)', $tEnabled . $p . $tConfirmed . $p . $tUnapproved => '(u.block = 0 AND ue.confirmed = 1 AND ue.approved = 0)', $tBlocked . $p . $tUnconfirmed . $p . $tDisapproved => '(u.block = 1 AND ue.confirmed = 0 AND ue.approved = 2)', $tEnabled . $p . $tUnconfirmed . $p . $tDisapproved => '(u.block = 0 AND ue.confirmed = 0 AND ue.approved = 2)', $tBlocked . $p . $tConfirmed . $p . $tDisapproved => '(u.block = 1 AND ue.confirmed = 1 AND ue.approved = 2)', $tEnabled . $p . $tConfirmed . $p . $tDisapproved => '(u.block = 0 AND ue.confirmed = 1 AND ue.approved = 2)', $tBlocked . $p . $tUnconfirmed . $p . $tApproved => '(u.block = 1 AND ue.confirmed = 0 AND ue.approved = 1)', $tEnabled . $p . $tUnconfirmed . $p . $tApproved => '(u.block = 0 AND ue.confirmed = 0 AND ue.approved = 1)', $tBlocked . $p . $tConfirmed . $p . $tApproved => '(u.block = 1 AND ue.confirmed = 1 AND ue.approved = 1)', $tEnabled . $p . $tConfirmed . $p . $tApproved => '(u.block = 0 AND ue.confirmed = 1 AND ue.approved = 1)', CBTxt::T('Avatar not approved') => "(ue.avatar > '' AND ue.avatarapproved = 0)" ); if ( $filter_status ) { $tablesWhereSQL[] = $userstates[$filter_status]; } if ( $filter_logged == 1 ) { $tablesWhereSQL[] = "s.userid = u.id"; } else if ($filter_logged == 2) { $tablesWhereSQL[] = "s.userid IS NULL"; } // exclude any child group id's for this user //$_CB_framework->acl->_debug = true; $pgids = $_CB_framework->acl->get_group_children( userGID( $_CB_framework->myId() ), 'ARO', 'RECURSE' ); if ( is_array( $pgids ) && (count( $pgids ) > 0 ) ) { if ( checkJversion() == 2 ) { $tablesWhereSQL[] = "( aro.group_id NOT IN ( " . implode( ',', $pgids ) . " ) )"; } else { $tablesWhereSQL[] = "( u.gid NOT IN ( " . implode( ',', $pgids ) . " ) )"; } } // Filter the checkmarked users only: if ( $task !== 'showusers' ) { if ( is_array( $cid ) && ( count( $cid ) > 0 ) ) { cbArrayToInts( $cid ); $tablesWhereSQL[] = "( u.id IN ( " . implode( ',', $cid ) . " ) )"; } } // Advanced searches: $myCbUser =& CBuser::getInstance( $_CB_framework->myId() ); $myUser =& $myCbUser->getUserData(); $tabs = $myCbUser->_getCbTabs(); // new cbTabs( 0, 1 ); //TBD: later: this private method should not be called here, but the whole users-list should go into there and be called here. $allFields = $tabs->_getTabFieldsDb( null, $myUser, 'adminfulllist' ); foreach ( $allFields as $k => $v ) { if ( in_array( $v->type, array( 'pm', 'status', 'formatname', 'hidden', 'delimiter', 'userparams' ) ) ) { unset( $allFields[$k] ); // delimiter, userparams do not have search for now! } } $searchVals = new stdClass(); $list_compare_types = 1; // Advanced: all possibilities (WARNING: can be slow) $tableReferences = array( '#__comprofiler' => 'ue', '#__users' => 'u' ); $searchesFromFields = $tabs->applySearchableContents( $allFields, $searchVals, $_POST, $list_compare_types ); $whereFields = $searchesFromFields->reduceSqlFormula( $tableReferences, $joinsSQL, TRUE ); if ( $whereFields ) { $tablesWhereSQL[] = '(' . $whereFields . ')'; } $searchTabContent = $tabs->getSearchablesContents( $allFields, $myUser, $searchVals, $list_compare_types ); if ($filter_logged == 1 || $filter_logged == 2) { $joinsSQL[] .= "\n INNER JOIN #__session AS s ON s.userid = u.id"; // } else { done later, to avoid blocking site: // $joinsSQL[] .= "\n LEFT JOIN #__session AS s ON s.userid = u.id"; } if ( checkJversion() == 2 ) { $joinsSQL[] = "INNER JOIN #__user_usergroup_map AS aro ON aro.user_id = u.id"; // map user to aro for selection (and display if no selection) if ( $filter_type ) { $joinsSQL[] = "LEFT JOIN #__user_usergroup_map AS arodisplay ON arodisplay.user_id = u.id"; // map user to aro for display of all groups $joinsSQL[] = "INNER JOIN #__usergroups AS g ON g.id = arodisplay.group_id"; // map aro to group for display group name } else { $joinsSQL[] = "INNER JOIN #__usergroups AS g ON g.id = aro.group_id"; // map aro to group } } $_PLUGINS->loadPluginGroup('user'); $_PLUGINS->trigger( 'onBeforeBackendUsersListBuildQuery', array( &$tablesSQL, &$joinsSQL, &$tablesWhereSQL, $option ) ); $queryFrom = "\n FROM " . implode( ', ', $tablesSQL ) . ( count( $joinsSQL ) ? "\n " . implode( "\n ", $joinsSQL ) : '' ) . ( count( $tablesWhereSQL ) ? "\n WHERE " . implode( ' AND ', $tablesWhereSQL ) : '' ) ; // Counting query: $query = "SELECT COUNT(DISTINCT u.id)" . $queryFrom ; $_CB_database->setQuery( $query ); $total = $_CB_database->loadResult(); if ( $total === null ) { echo $_CB_database->getErrorMsg(); } if ( $total <= $limitstart ) { $limitstart = 0; } cbimport( 'cb.pagination' ); $pageNav = new cbPageNav( $total, $limitstart, $limit ); if ( checkJversion() == 2 ) { $grp_name = 'title'; } elseif ( checkJversion() == 1 ) { $grp_name = 'name'; $joinsSQL[] = "INNER JOIN #__core_acl_aro AS aro ON aro.value = u.id"; // map user to aro $joinsSQL[] = "INNER JOIN #__core_acl_groups_aro_map AS gm ON gm.aro_id = aro.id"; // map aro to group $joinsSQL[] = "INNER JOIN #__core_acl_aro_groups AS g ON g.id = gm.group_id"; $tablesWhereSQL[] = "aro.section_value = 'users'"; } else { $grp_name = 'name'; $joinsSQL[] = "INNER JOIN #__core_acl_aro AS aro ON aro.value = u.id"; // map user to aro $joinsSQL[] = "INNER JOIN #__core_acl_groups_aro_map AS gm ON gm.aro_id = aro.aro_id"; // map aro to group $joinsSQL[] = "INNER JOIN #__core_acl_aro_groups AS g ON g.group_id = gm.group_id"; $tablesWhereSQL[] = "aro.section_value = 'users'"; } $queryFrom = "\n FROM " . implode( ', ', $tablesSQL ) . ( count( $joinsSQL ) ? "\n " . implode( "\n ", $joinsSQL ) : '' ) . ( count( $tablesWhereSQL ) ? "\n WHERE " . implode( ' AND ', $tablesWhereSQL ) : '' ) ; // Main query: if ( checkJversion() == 2 ) { $query = "SELECT u.*, GROUP_CONCAT( DISTINCT g.$grp_name ORDER BY g.$grp_name SEPARATOR ', ') AS groupname, ue.approved, ue.confirmed" . $queryFrom . ' GROUP BY u.id' ; } else { $query = "SELECT DISTINCT u.*, g.$grp_name AS groupname, ue.approved, ue.confirmed" . $queryFrom ; } $_CB_database->setQuery( $query, (int) $pageNav->limitstart, (int) $pageNav->limit ); $rows = $_CB_database->loadObjectList( null, 'moscomprofilerUser', array( &$_CB_database ) ); if ($_CB_database->getErrorNum()) { echo $_CB_database->stderr(); return false; } // creates the CBUsers in cache corresponding to the $users: foreach ( array_keys( $rows ) as $k) { // do not do this otherwise substitutions do not work: // CBuser::setUserGetCBUserInstance( $rows[$k] ); } $template = 'SELECT COUNT(s.userid) FROM #__session AS s WHERE s.userid = '; $n = count( $rows ); for ( $i = 0; $i < $n; $i++ ) { $row = &$rows[$i]; $query = $template . (int) $row->id; $_CB_database->setQuery( $query ); $row->loggedin = $_CB_database->loadResult(); } $select_tag_attribs = 'class="inputbox" size="1" onchange="document.adminForm.submit( );"'; $inputTextExtras = ''; if ( $task != 'showusers' ) { $inputTextExtras = ' disabled="disabled"'; $select_tag_attribs .= $inputTextExtras; } // get list of Log Status for dropdown filter $logged[] = moscomprofilerHTML::makeOption( 0, CBTxt::T('- Select Login State -')); $logged[] = moscomprofilerHTML::makeOption( 1, CBTxt::T('Logged In')); $lists['logged'] = moscomprofilerHTML::selectList( $logged, 'filter_logged', $select_tag_attribs, 'value', 'text', "$filter_logged", 2 ); // get list of Groups for dropdown filter if ( checkJversion() == 2 ) { $query = "SELECT id AS value, title AS text" . "\n FROM #__usergroups"; } else { $query = "SELECT name AS value, name AS text" . "\n FROM #__core_acl_aro_groups" . "\n WHERE name != 'ROOT'" . "\n AND name != 'USERS'"; } $types[] = moscomprofilerHTML::makeOption( '0', CBTxt::T('- Select Group -') ); $_CB_database->setQuery( $query ); $types = array_merge( $types, $_CB_database->loadObjectList() ); $lists['type'] = moscomprofilerHTML::selectList( $types, 'filter_type', $select_tag_attribs, 'value', 'text', "$filter_type", 2 ); $status[] = moscomprofilerHTML::makeOption( 0, CBTxt::T('- Select User Status -')); foreach ( array_keys( $userstates ) as $k ) { $status[] = moscomprofilerHTML::makeOption( $k, $k ); } $lists['status'] = moscomprofilerHTML::selectList( $status, 'filter_status', $select_tag_attribs, 'value', 'text', "$filter_status", 2 ); $pluginAdditions = $_PLUGINS->trigger( 'onAfterBackendUsersList', array( 1, &$rows, &$pageNav, &$search, &$lists, $option, $select_tag_attribs ) ); $pluginColumns = array(); foreach ( $pluginAdditions as $addition ) { if ( is_array( $addition ) ) { $pluginColumns = array_merge( $pluginColumns, $addition ); } } if ( $task == 'showusers' ) { $usersView = _CBloadView( 'users' ); $usersView->showUsers( $rows, $pageNav, $search, $option, $lists, $pluginColumns, $inputTextExtras, $searchTabContent ); } else { $emailSubject = stripslashes( cbGetParam( $_POST, 'emailsubject', '' ) ); $emailBody = stripslashes( cbGetParam( $_POST, 'emailbody', '', _CB_ALLOWRAW | _CB_NOTRIM ) ); $emailsPerBatch = stripslashes( cbGetParam( $_POST, 'emailsperbatch', 50 ) ); $emailPause = stripslashes( cbGetParam( $_POST, 'emailpause', 30 ) ); $simulationMode = stripslashes( cbGetParam( $_POST, 'simulationmode', '' ) ); if ( count( $cid ) > 0 && count( $cid ) < $total ) { $total = count( $cid ); } if ( $task == 'emailusers' ) { $pluginRows = $_PLUGINS->trigger( 'onBeforeBackendUsersEmailForm', array( &$rows, &$pageNav, &$search, &$lists, &$cid, &$emailSubject, &$emailBody, &$inputTextExtras, &$select_tag_attribs, $simulationMode, $option ) ); $usersView = _CBloadView( 'users' ); $usersView->emailUsers( $rows, $total, $search, $option, $lists, $cid, $inputTextExtras, $searchTabContent, $emailSubject, $emailBody, $emailsPerBatch, $emailPause, $simulationMode, $pluginRows ); } elseif ( $task == 'startemailusers' ) { $pluginRows = $_PLUGINS->trigger( 'onBeforeBackendUsersEmailStart', array( &$rows, $total, $search, $lists, $cid, &$emailSubject, &$emailBody, &$inputTextExtras, $simulationMode, $option ) ); $usersView = _CBloadView( 'users' ); $usersView->startEmailUsers( $rows, $search, $option, $lists, $cid, $inputTextExtras, $searchTabContent, $emailSubject, $emailBody, $emailsPerBatch, $emailPause, $total, $simulationMode, $pluginRows ); } elseif ( $task == 'ajaxemailusers' ) { $this->_cbadmin_emailUsers( $rows, $emailSubject, $emailBody, $limitstart, $limit, $total, $simulationMode ); } } return true; }
function reportUser($option,$form=1,$uid=0) { global $_CB_framework, $_CB_database, $ueConfig, $Itemid, $_POST; if($ueConfig['allowUserReports']==0) { echo _UE_FUNCTIONALITY_DISABLED; exit(); } if (!allowAccess( $ueConfig['allow_profileviewbyGID'],'RECURSE', userGID( $_CB_framework->myId() ))) { echo _UE_NOT_AUTHORIZED; return; } if($form==1) { HTML_comprofiler::reportUserForm($option,$uid); } else { // simple spoof check security cbSpoofCheck( 'reportUserForm' ); $row = new moscomprofilerUserReport( $_CB_database ); if (!$row->bind( $_POST )) { cbRedirect( cbSef("index.php?option=$option&task=reportUser".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $row->getError(), 'error' ); return; } _cbMakeHtmlSafe($row); //TBD: remove this: not urgent but isn't right $row->reportedondate = date("Y-m-d H:i:s"); if (!$row->check()) { cbRedirect( cbSef("index.php?option=$option&task=reportUser".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $row->getError(), 'error' ); return; } if (!$row->store()) { cbRedirect( cbSef("index.php?option=$option&task=reportUser".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $row->getError(), 'error' ); return; } if($ueConfig['moderatorEmail']==1) { $cbNotification = new cbNotification(); $cbNotification->sendToModerators(_UE_USERREPORT_SUB,_UE_USERREPORT_MSG); } echo _UE_USERREPORT_SUCCESSFUL; } }
function saveTab( $option ) { global $_CB_database, $_CB_framework, $_POST; $this->_importNeeded(); $this->_importNeededSave(); if ( isset( $_POST['params'] ) ) { $_POST['params'] = cbParamsEditorController::getRawParamsMagicgpcEscaped( $_POST['params'] ); } else { $_POST['params'] = ''; } if ( ! isset( $_POST['tabid'] ) || ( count( $_POST ) == 0 ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Missing post values') ) . "'); window.history.go(-2); </script>\n"; exit(); } if ( $_POST['tabid'] ) { $oldrow = new moscomprofilerTabs( $_CB_database ); if ( $oldrow->load( (int) $_POST['tabid'] ) && ( ! in_array( $oldrow->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) . "'); window.history.go(-1);</script>\n"; exit; } } $row = new moscomprofilerTabs( $_CB_database ); if (!$row->bind( $_POST )) { echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-1); </script>\n"; exit(); } if ( ! $row->ordering_register ) { $row->ordering_register = 10; } $row->description = cleanEditorsTranslationJunk( trim( $row->description ) ); if (!$row->check()) { echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n"; exit(); } $row->tabid = (int) cbGetParam( $_POST, 'tabid', 0 ); if ( ! $row->store() ) { echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n"; exit(); } $row->checkin(); cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showTab" ), CBTxt::T('Successfully Saved Tab') . ": ". $row->title ); }
function saveUser( $option ) { global $_CB_framework, $_CB_database, $_POST, $_PLUGINS; $this->_importNeeded(); $this->_importNeededSave(); if ( ! ( isset( $_POST['approved'] ) && isset( $_POST['confirmed'] ) && isset( $_POST['username'] ) ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Not Authorized') ) ."'); window.history.go(-1);</script>\n"; exit; } // Check rights to access: $myGid = userGID( $_CB_framework->myId() ); $userIdPosted = (int) cbGetParam($_POST, "id", 0 ); if ( $userIdPosted == 0 ) { $_POST['id'] = null; } $adminGroups = $_CB_framework->acl->mapGroupNamesToValues( array( 'Administrator', 'Superadministrator' ) ); if ( $userIdPosted != 0 ) { $msg = checkCBpermissions( array( $userIdPosted ), 'save', in_array( $myGid, $adminGroups ) ); } else { $msg = checkCBpermissions( null, 'save', in_array( $myGid, $adminGroups ) ); } if ($msg) { echo "<script type=\"text/javascript\"> alert('" . addslashes( $msg ) . "'); window.history.go(-1);</script>\n"; exit; } $_PLUGINS->loadPluginGroup('user'); // Get current user state: $userComplete = new moscomprofilerUser( $_CB_database ); if ( $userIdPosted != 0 ) { if ( ! $userComplete->load( (int) $userIdPosted ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( _UE_USER_PROFILE_NOT ) . "'); window.history.go(-1);</script>\n"; return; } } // Store new user state: $saveResult = $userComplete->saveSafely( $_POST, $_CB_framework->getUi(), 'edit' ); if ( ! $saveResult ) { $regErrorMSG = $userComplete->getError(); $msg = checkCBpermissions( array( $userComplete->id ), "edit", true ); if ($msg) { echo "<script type=\"text/javascript\"> alert('" . addslashes( $msg ) ."'); window.history.go(-1);</script>\n"; exit; } echo "<script type=\"text/javascript\">alert('" . str_replace( '\\\\n', '\\n', addslashes( strip_tags( str_replace( '<br />', '\\n', $regErrorMSG ) ) ) ) . "'); </script>\n"; global $_CB_Backend_task; $_CB_Backend_task = 'edit'; // so the toolbar comes up... $_PLUGINS->loadPluginGroup( 'user' ); // resets plugin errors $usersView = _CBloadView( 'user' ); $usersView->edituser( $userComplete, $option, ( $userComplete->user_id != null ? '0' : '1' ), $_POST ); // echo "<script type=\"text/javascript\">alert('" . addslashes( str_replace( '<br />', '\n', $userComplete->getError() ) ) . "'); window.history.go(-1);</script>\n"; return; } // Checks-in the row: $userComplete->checkin(); cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showusers" ), sprintf(CBTxt::T('Successfully Saved User: %s'), $userComplete->username) ); }
function drawUsersList( $uid, $listid, $searchFormValuesRAW ) { global $_CB_database, $_CB_framework, $ueConfig, $Itemid, $_PLUGINS; $search = null; $searchGET = cbGetParam( $searchFormValuesRAW, 'search' ); $limitstart = (int) cbGetParam( $searchFormValuesRAW, 'limitstart', 0 ); $searchmode = (int) cbGetParam( $searchFormValuesRAW, 'searchmode', 0 ); $randomParam = (int) cbGetParam( $searchFormValuesRAW, 'rand', 0 ); // old search on formated name: /* if ( $searchPOST || count( $_POST ) ) { // simple spoof check security cbSpoofCheck( 'usersList' ); if ( cbGetParam( $searchFormValuesRAW, "action" ) == "search" ) { $search = $searchPOST; } } else if ( isset( $searchFormValuesRAW['limitstart'] ) ) { $search = stripslashes( $searchGET ); } */ // get my user and gets the list of user lists he is allowed to see (ACL): $myCbUser =& CBuser::getInstance( $uid ); if ( $myCbUser === null ) { $myCbUser =& CBuser::getInstance( null ); } $myUser =& $myCbUser->getUserData(); /* $myUser = new moscomprofilerUser( $_CB_database ); if ( $uid ) { $myUser->load( (int) $uid ); } */ $useraccessgroupSQL = " AND useraccessgroupid IN (".implode(',',getChildGIDS(userGID($uid))).")"; $_CB_database->setQuery( "SELECT listid, title FROM #__comprofiler_lists WHERE published=1" . $useraccessgroupSQL . " ORDER BY ordering" ); $plists = $_CB_database->loadObjectList(); $lists = array(); $publishedlists = array(); for ( $i=0, $n=count( $plists ); $i < $n; $i++ ) { $plist =& $plists[$i]; $listTitleNoHtml = strip_tags( cbReplaceVars( getLangDefinition( $plist->title ), $myUser, false, false ) ); $publishedlists[] = moscomprofilerHTML::makeOption( $plist->listid, $listTitleNoHtml ); } // select either list selected or default list to which he has access (ACL): if ( $listid == 0 ) { $_CB_database->setQuery( "SELECT listid FROM #__comprofiler_lists " . "\n WHERE `default`=1 AND published=1" . $useraccessgroupSQL ); $listid = (int) $_CB_database->loadresult(); if ( $listid == 0 && ( count( $plists ) > 0 ) ) { $listid = (int) $plists[0]->listid; } } if ( ! ( $listid > 0 ) ) { echo _UE_NOLISTFOUND; return; } // generates the drop-down list of lists: if ( count( $plists ) > 1 ) { $lists['plists'] = moscomprofilerHTML::selectList( $publishedlists, 'listid', 'class="inputbox" size="1" onchange="this.form.submit();"', 'value', 'text', $listid, 1 ); } // loads the list record: $row = new moscomprofilerLists( $_CB_database ); if ( ( ! $row->load( (int) $listid ) ) || ( $row->published != 1 ) ) { echo _UE_LIST_DOES_NOT_EXIST; return; } if ( ! allowAccess( $row->useraccessgroupid,'RECURSE', userGID($uid) ) ) { echo _UE_NOT_AUTHORIZED; return; } $params = new cbParamsBase( $row->params ); $hotlink_protection = $params->get( 'hotlink_protection', 0 ); if ( $hotlink_protection == 1 ) { if ( ( $searchGET !== null ) || $limitstart ) { cbSpoofCheck( 'usersList', 'GET' ); } } $limit = (int) $params->get( 'list_limit' ); if ( $limit == 0 ) { $limit = (int) $ueConfig['num_per_page']; } $showPaging = $params->get( 'list_paging', 1 ); if ( $showPaging != 1 ) { $limitstart = 0; } $isModerator = isModerator( $_CB_framework->myId() ); $_PLUGINS->loadPluginGroup( 'user' ); // $plugSearchFieldsArray = $_PLUGINS->trigger( 'onStartUsersList', array( &$listid, &$row, &$search, &$limitstart, &$limit ) ); $_PLUGINS->trigger( 'onStartUsersList', array( &$listid, &$row, &$search, &$limitstart, &$limit ) ); // handles the users allowed to be listed in the list by ACL: $allusergids = array(); $usergids = explode( ',', $row->usergroupids ); /* This was a bug tending to list admins when "public backend" was checked, and all frontend users when "public backend was checked. Now just ignore them: foreach( $usergids AS $usergid ) { $allusergids[] = $usergid; if ($usergid==29 || $usergid==30) { $groupchildren = array(); $groupchildren = $_CB_framework->acl->get_group_children( $usergid, 'ARO','RECURSE' ); $allusergids = array_merge($allusergids,$groupchildren); } } */ $allusergids = array_diff( $usergids, array( 29, 30 ) ); $usergids = implode( ",", $allusergids ); // build SQL Select query: $random = 0; if( $row->sortfields != '' ) { $matches = null; if ( preg_match( '/^RAND\(\)\s(ASC|DESC)$/', $row->sortfields, $matches ) ) { // random sorting needs to have same seed on pages > 1 to not have probability to show same users: if ( $limitstart ) { $random = (int) $randomParam; } if ( ! $random ) { $random = rand( 0, 32767 ); } $row->sortfields = 'RAND(' . (int) $random . ') ' . $matches[1]; } $orderby = "\n ORDER BY " . $row->sortfields; } $filterby = ''; if ( $row->filterfields != '' ) { $filterRules = utf8RawUrlDecode( substr( $row->filterfields, 1 ) ); if ( $_CB_framework->myId() ) { $user = new moscomprofilerUser( $_CB_database ); if ( $user->load( (int) $_CB_framework->myId() ) ) { $filterRules = cbReplaceVars( $filterRules, $user, array( $_CB_database, 'getEscaped' ), false, array() ); } } $filterby = " AND ". $filterRules; } // Prepare part after SELECT .... " and before "FROM" : $tableReferences = array( '#__comprofiler' => 'ue', '#__users' => 'u' ); // Fetch all fields: $tabs = $myCbUser->_getCbTabs(); // new cbTabs( 0, 1 ); //TBD: later: this private method should not be called here, but the whole users-list should go into there and be called here. $allFields = $tabs->_getTabFieldsDb( null, $myUser, 'list' ); // $_CB_database->setQuery( "SELECT * FROM #__comprofiler_fields WHERE published = 1" ); // $allFields = $_CB_database->loadObjectList( 'fieldid', 'moscomprofilerFields', array( &$_CB_database ) ); //Make columns array. This array will later be constructed from the tabs table: $columns = array(); for ( $i = 1; $i < 50; ++$i ) { $enabledVar = "col".$i."enabled"; if ( ! isset( $row->$enabledVar ) ) { break; } $titleVar = "col".$i."title"; $fieldsVar = "col".$i."fields"; $captionsVar = "col".$i."captions"; if ( $row->$enabledVar == 1 ) { $col = new stdClass(); $col->fields = ( $row->$fieldsVar ? explode( '|*|', $row->$fieldsVar ) : array() ); $col->title = $row->$titleVar; $col->titleRendered = $myCbUser->replaceUserVars( $col->title ); $col->captions = $row->$captionsVar; // $col->sort = 1; //All columns can be sorted $columns[$i] = $col; } } // build fields and tables accesses, also check for searchable fields: $searchableFields = array(); $fieldsSQL = cbUsersList::getFieldsSQL( $columns, $allFields, $tableReferences, $searchableFields, $params ); $_PLUGINS->trigger( 'onAfterUsersListFieldsSql', array( &$columns, &$allFields, &$tableReferences ) ); $tablesSQL = array(); $joinsSQL = array(); $tablesWhereSQL = array( 'block' => 'u.block = 0', 'approved' => 'ue.approved = 1', 'confirmed' => 'ue.confirmed = 1' ); if ( checkJversion() == 2 ) { $joinsSQL[] = 'JOIN #__user_usergroup_map g ON g.`user_id` = u.`id`'; } if ( ! $isModerator ) { $tablesWhereSQL['banned'] = 'ue.banned = 0'; } if ( $usergids ) { if ( checkJversion() == 2 ) { $tablesWhereSQL['gid'] = 'g.group_id IN (' . $usergids . ')'; } else { $tablesWhereSQL['gid'] = 'u.gid IN (' . $usergids . ')'; } } foreach ( $tableReferences as $table => $name ) { $tablesSQL[] = $table . ' ' . $name; if ( $name != 'u' ) { $tablesWhereSQL[] = "u.`id` = " . $name . ".`id`"; } } // handles search criterias: $list_compare_types = $params->get( 'list_compare_types', 0 ); $searchVals = new stdClass(); $searchesFromFields = $tabs->applySearchableContents( $searchableFields, $searchVals, $searchFormValuesRAW, $list_compare_types ); $whereFields = $searchesFromFields->reduceSqlFormula( $tableReferences, $joinsSQL, TRUE ); if ( $whereFields ) { $tablesWhereSQL[] = '(' . $whereFields . ')'; /* if ( $search === null ) { $search = ''; } */ } $_PLUGINS->trigger( 'onBeforeUsersListBuildQuery', array( &$tablesSQL, &$joinsSQL, &$tablesWhereSQL ) ); $queryFrom = "FROM " . implode( ', ', $tablesSQL ) . ( count( $joinsSQL ) ? "\n " . implode( "\n ", $joinsSQL ) : '' ) . "\n WHERE " . implode( "\n AND ", $tablesWhereSQL ); // handles old formatted names search: /* if ( $search != '' ) { $searchSQL = cbEscapeSQLsearch( strtolower( $_CB_database->getEscaped( $search ) ) ); $queryFrom .= " AND ("; $searchFields = array(); if ( $ueConfig['name_format']!='3' ) { $searchFields[] = "u.name LIKE '%%s%'"; } if ( $ueConfig['name_format']!='1' ) { $searchFields[] = "u.username LIKE '%%s%'"; } if ( is_array( $plugSearchFieldsArray ) ) { foreach ( $plugSearchFieldsArray as $v ) { if ( is_array( $v ) ) { $searchFields = array_merge( $searchFields, $v ); } } } $queryFrom .= str_replace( '%s', $searchSQL, implode( " OR ", $searchFields ) ); $queryFrom .= ")"; } */ $queryFrom .= " " . $filterby; $_PLUGINS->trigger( 'onBeforeUsersListQuery', array( &$queryFrom, 1, $listid ) ); // $uid = 1 $errorMsg = null; // counts number of users and loads the listed fields of the users if not in search-form-only mode: if ( $searchmode == 0 ) { if ( checkJversion() == 2 ) { $_CB_database->setQuery( "SELECT COUNT(DISTINCT u.id) " . $queryFrom ); } else { $_CB_database->setQuery( "SELECT COUNT(*) " . $queryFrom ); } $total = $_CB_database->loadResult(); if ( ( $limit > $total ) || ( $limitstart >= $total ) ) { $limitstart = 0; } // $query = "SELECT u.id, ue.banned, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby if ( checkJversion() == 2 ) { $query = "SELECT DISTINCT ue.*, u.*, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby; } else { $query = "SELECT ue.*, u.*, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby; } $_CB_database->setQuery( $query, (int) $limitstart, (int) $limit ); $users = $_CB_database->loadObjectList( null, 'moscomprofilerUser', array( &$_CB_database ) ); if ( ! $_CB_database->getErrorNum() ) { // creates the CBUsers in cache corresponding to the $users: foreach ( array_keys( $users ) as $k) { CBuser::setUserGetCBUserInstance( $users[$k] ); } } else { $users = array(); $errorMsg = _UE_ERROR_IN_QUERY_TURN_SITE_DEBUG_ON_TO_VIEW; } if ( count( get_object_vars( $searchVals ) ) > 0 ) { $search = ''; } else { $search = null; } } else { $total = null; $users = array(); if ( $search === null ) { $search = ''; } } // Compute itemId of users in users-list: if ( $Itemid ) { $option_itemid = (int) $Itemid; } else { $option_itemid = getCBprofileItemid( 0 ); } HTML_comprofiler::usersList( $row, $users, $columns, $allFields, $lists, $listid, $search, $searchmode, $option_itemid, $limitstart, $limit, $total, $myUser, $searchableFields, $searchVals, $tabs, $list_compare_types, $showPaging, $hotlink_protection, $errorMsg, $random ); }
function orderTabs( $tid, $inc, $option ) { global $_CB_database, $_CB_framework; $row = new moscomprofilerTabs( $_CB_database ); $row->load( (int) $tid ); if ( ! in_array( $row->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) . "'); window.history.go(-1);</script>\n"; exit; } $row->move( $inc, "position='$row->position' AND ordering > -10000 AND ordering < 10000 " ); cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showTab" ) ); }
/** * Returns a USERPARAMS field in specified format * * @param moscomprofilerFields $field * @param moscomprofilerUser $user * @param string $output 'html', 'xml', 'json', 'php', 'csvheader', 'csv', 'rss', 'fieldslist', 'htmledit' * @param string $formatting 'table', 'td', 'span', 'div', 'none' * @param string $reason 'profile' for user profile view, 'edit' for profile edit, 'register' for registration, 'list' for user-lists * @param int $list_compare_types IF reason == 'search' : 0 : simple 'is' search, 1 : advanced search with modes, 2 : simple 'any' search * @return mixed */ function getFieldRow( &$field, &$user, $output, $formatting, $reason, $list_compare_types ) { global $_CB_framework, $_CB_database, $ueConfig; $results = null; if ( class_exists( 'JFactory' ) ) { // Joomla 1.5 : $lang =& JFactory::getLanguage(); $lang->load( 'com_users' ); } $pseudoFields = array(); //Implementing Joomla's new user parameters such as editor $ui = $_CB_framework->getUi(); $userParams = $this->_getUserParams( $ui, $user ); if ( is_array( $userParams ) && ( count( $userParams ) > 0 ) && ( ( $ui == 2 ) || ( ( isset( $ueConfig['frontend_userparams'] ) ) ? ( $ueConfig['frontend_userparams'] == 1 ) : in_array( $_CB_framework->getCfg( "frontend_userparams" ), array( '1', null) ) ) ) ) { //Loop through each parameter and prepare rendering appropriately. foreach ( $userParams AS $k => $userParam ) { $paramField = new moscomprofilerFields( $_CB_database ); $paramField->title = $userParam[0]; $paramField->_html = $userParam[1]; $paramField->description = ( isset( $userParam[2] ) && class_exists("JText") ? JText::_( $userParam[2] ) : null ); $paramField->name = ( isset( $userParam[3] ) && class_exists("JText") ? JText::_( $userParam[3] ) : null ); // very probably wrong! $paramField->fieldid = 'userparam_' . $k; $paramField->displaytitle = substr( $userParam[0], 0, 6 ) == '<label' ? -1 : 1; // don't redisplay <label for> markup $paramField->type = 'param'; // this is for cb_ftparam class to be correct. $pseudoFields[] = $paramField; } } if( $_CB_framework->getUi() == 2 ) { $myGid = userGID( $_CB_framework->myId() ); $cms_mod = $_CB_framework->acl->mapGroupNamesToValues( 'Administrator' ); $cms_admin = $_CB_framework->acl->mapGroupNamesToValues( 'Superadministrator' ); if ( checkJversion() == 2 ) { $cms_admin_title = 'Super Users'; } else { $cms_admin_title = 'Super Administrator'; } $canBlockUser = $_CB_framework->check_acl( 'canBlockUsers', $_CB_framework->myUserType() ); $canEmailEvents = ( ( $user->id == 0 ) && ( in_array( $myGid, array( $cms_mod, $cms_admin ) ) ) ) || $_CB_framework->check_acl( 'canReceiveAdminEmails', $_CB_framework->acl->get_group_name( $user->gid, 'ARO' ) ) || in_array( $user->gid, getParentGIDS( $ueConfig['imageApproverGid'] ) ); // allow also CB isModerator $lists = array(); $user_group = strtolower( $_CB_framework->acl->get_group_name( $user->gid, 'ARO' ) ); if (( $user_group == strtolower( $cms_admin_title ) && $myGid != $cms_admin) || ( $user->id == $_CB_framework->myId() && $myGid == $cms_admin)) { $lists['gid'] = "<input type=\"hidden\" name=\"gid\" value=\"$user->gid\" /><strong>$cms_admin_title</strong>"; } else if ( $myGid == $cms_mod && $user->gid == $cms_mod ) { $lists['gid'] = "<input type=\"hidden\" name=\"gid\" value=\"$user->gid\" /><strong>Administrator</strong>"; } else { // ensure user can't add group higher than themselves if ( checkJversion() <= 0 ) { $my_groups = $_CB_framework->acl->get_object_groups( 'users', $_CB_framework->myId(), 'ARO' ); } else { $aro_id = $_CB_framework->acl->get_object_id( 'users', $_CB_framework->myId(), 'ARO' ); $my_groups = $_CB_framework->acl->get_object_groups( $aro_id, 'ARO' ); } if ( is_array( $my_groups ) && ( count( $my_groups ) > 0 ) ) { $ex_groups = $_CB_framework->acl->get_group_children( $my_groups[0], 'ARO', 'RECURSE' ); if ( $ex_groups === null ) { $ex_groups = array(); // mambo fix } } else { $ex_groups = array(); } $gtree = $_CB_framework->acl->get_group_children_tree( null, 'USERS', false ); // remove users 'above' me $i = 0; while ( $i < count( $gtree ) ) { if ( in_array( $gtree[$i]->value, $ex_groups ) ) { array_splice( $gtree, $i, 1 ); } else { $i++; } } if ( checkJversion() == 2 ) { $lists['gid'] = moscomprofilerHTML::selectList( $gtree, 'gid[]', 'class="inputbox" size="11" multiple="multiple"', 'value', 'text', $user->gids, 2, false ); } else { $lists['gid'] = moscomprofilerHTML::selectList( $gtree, 'gid', 'class="inputbox" size="11"', 'value', 'text', $user->gid, 2, false ); } } // build the html select list $lists['block'] = moscomprofilerHTML::yesnoSelectList( 'block', 'class="inputbox" size="1"', $user->block ); $list_approved = array(); $list_approved[] = moscomprofilerHTML::makeOption( '0', CBTxt::T( 'Unapproved' ) ); $list_approved[] = moscomprofilerHTML::makeOption( '1', CBTxt::T( 'Approved' ) ); $list_approved[] = moscomprofilerHTML::makeOption( '2', CBTxt::T( 'Disapproved' ) ); $lists['approved'] = moscomprofilerHTML::selectList( $list_approved, 'approved', 'class="inputbox" size="1"', 'value', 'text', $user->approved, 2, false ); $lists['confirmed'] = moscomprofilerHTML::yesnoSelectList( 'confirmed', 'class="inputbox" size="1"', $user->confirmed ); // build the html select list $lists['sendEmail'] = moscomprofilerHTML::yesnoSelectList( 'sendEmail', 'class="inputbox" size="1"', $user->sendEmail ); $paramField = new moscomprofilerFields( $_CB_database ); $paramField->title = CBTxt::T( 'Group' ); $paramField->_html = $lists['gid']; $paramField->description = ''; $paramField->name = 'gid'; $pseudoFields[] = $paramField; if ( $canBlockUser ) { $paramField = new moscomprofilerFields( $_CB_database ); $paramField->title = CBTxt::T( 'Block User' ); $paramField->_html = $lists['block']; $paramField->description = ''; $paramField->name = 'block'; $pseudoFields[] = $paramField; $paramField = new moscomprofilerFields( $_CB_database ); $paramField->title = CBTxt::T( 'Approve User' ); $paramField->_html = $lists['approved']; $paramField->description = ''; $paramField->name = 'approved'; $pseudoFields[] = $paramField; $paramField = new moscomprofilerFields( $_CB_database ); $paramField->title = CBTxt::T( 'Confirm User' ); $paramField->_html = $lists['confirmed']; $paramField->description = ''; $paramField->name = 'confirmed'; $pseudoFields[] = $paramField; } $paramField = new moscomprofilerFields( $_CB_database ); $paramField->title = CBTxt::T( 'Receive Moderator Emails' ); if ($canEmailEvents || $user->sendEmail) { $paramField->_html = $lists['sendEmail']; } else { $paramField->_html = CBTxt::T('No (User\'s group-level doesn\'t allow this)') . '<input type="hidden" name="sendEmail" value="0" />'; } $paramField->description = ''; $paramField->name = 'sendEmail'; $pseudoFields[] = $paramField; if( $user->id) { $paramField = new moscomprofilerFields( $_CB_database ); $paramField->title = CBTxt::T( 'Register Date' ); $paramField->_html = cbFormatDate( $user->registerDate ); $paramField->description = ''; $paramField->name = 'registerDate'; $pseudoFields[] = $paramField; $paramField = new moscomprofilerFields( $_CB_database ); $paramField->title = CBTxt::T( 'Last Visit Date' ); $paramField->_html = cbFormatDate( $user->lastvisitDate ); $paramField->description = ''; $paramField->name = 'lastvisitDate'; $pseudoFields[] = $paramField; } } switch ( $output ) { case 'htmledit': foreach ( $pseudoFields as $paramField ) { $paramField->required = $this->_isRequired( $field, $user, $reason ); $paramField->profile = $field->profile; $results .= parent::getFieldRow( $paramField, $user, $output, $formatting, $reason, $list_compare_types ); } unset( $pseudoFields ); return $results; break; default: return null; break; } }
function saveField( $option, $task ) { global $_CB_database, $_CB_framework, $_POST, $_PLUGINS; if ( ( $task == 'showField' ) || ! ( isset( $_POST['oldtabid'] ) && isset( $_POST['tabid'] ) && isset( $_POST['fieldid'] ) ) ) { cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=$task" ) ); return; } $this->_importNeeded(); $this->_importNeededSave(); $fid = (int) $_POST['fieldid']; $row = new moscomprofilerFields( $_CB_database ); if ( $fid ) { // load the row from the db table if ( ! $row->load( (int) $fid ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Innexistant field') ) . "'); window.history.go(-1);</script>\n"; exit; } $fieldTab = new moscomprofilerTabs( $_CB_database ); // load the row from the db table $fieldTab->load( (int) $row->tabid ); if ( ! in_array( $fieldTab->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) ."'); window.history.go(-1);</script>\n"; exit; } } $_PLUGINS->loadPluginGroup( 'user' ); if ( ! $this->_prov_bind_CB_field( $row, $fid ) ) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit(); } // in case the above changed perms.... really ? $fieldTab = new moscomprofilerTabs( $_CB_database ); $fieldTab->load( (int) $row->tabid ); if ( ! in_array( $fieldTab->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) . "'); window.history.go(-1);</script>\n"; exit; } if ($row->type == 'webaddress') { $row->rows = $_POST['webaddresstypes']; if ( !(($row->rows == 0) || ($row->rows == 2)) ) { $row->rows = 0; } } if ( $_POST['oldtabid'] != $_POST['tabid'] ) { if ( $_POST['oldtabid'] !== '' ) { //Re-order old tab $sql = "UPDATE #__comprofiler_fields SET ordering = ordering-1 WHERE ordering > ".(int) $_POST['ordering']." AND tabid = ".(int) $_POST['oldtabid']; $_CB_database->setQuery($sql); $_CB_database->query(); } //Select Last Order in New Tab $sql = "SELECT MAX(ordering) FROM #__comprofiler_fields WHERE tabid=".(int) $_POST['tabid']; $_CB_database->SetQuery($sql); $max = $_CB_database->LoadResult(); $row->ordering = max( $max + 1, 1 ); } if ( cbStartOfStringMatch( $row->name, 'cb_' ) ) { $row->name = str_replace(" ", "", strtolower($row->name)); } if ( ! $row->check() ) { echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n"; exit(); } if ( ! $row->store( (int) $fid ) ) { echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n"; exit(); } $fieldNames = $_POST['vNames']; $j = 1; if( $row->fieldid > 0 ) { $_CB_database->setQuery( "DELETE FROM #__comprofiler_field_values" . " WHERE fieldid = " . (int) $row->fieldid ); if( $_CB_database->query() === false ) { echo $_CB_database->getErrorMsg(); } } else { $_CB_database->setQuery( "SELECT MAX(fieldid) FROM #__comprofiler_fields"); $maxID = $_CB_database->loadResult(); $row->fieldid = $maxID; echo $_CB_database->getErrorMsg(); } //for($i=0, $n=count( $fieldNames ); $i < $n; $i++) { foreach ($fieldNames as $fieldName) { if(trim($fieldName)!=null || trim($fieldName)!='') { $_CB_database->setQuery( "INSERT INTO #__comprofiler_field_values (fieldid,fieldtitle,ordering)" . " VALUES( " . (int) $row->fieldid . ",'".cbGetEscaped(trim($fieldName))."', " . (int) $j . ")" ); if ( $_CB_database->query() === false ) { echo $_CB_database->getErrorMsg(); } $j++; } } switch ( $task ) { case 'applyField': $msg = CBTxt::T('Successfully Saved changes to Field') . ': '. $row->name; cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=editField&cid=$row->fieldid" ), $msg ); break; case 'saveField': default: $msg = CBTxt::T('Successfully Saved Field') . ': '. $row->name; cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showField" ), $msg ); break; } }
/** * Saves a new or existing CB+CMS user * WARNINGS: * - You must verify authorization of user to perform this (user checkCBpermissions() ) * - You must $this->load() existing user first * * @param array $array Raw unfiltered input, typically $_POST * @param int $ui 1 = Front-end (limitted rights), 2 = Backend (almost unlimitted), 0 = automated (full) * @param string $reason 'edit' or 'register' * @return boolean */ function saveSafely( &$array, $ui, $reason ) { global $_CB_framework, $_CB_database, $ueConfig, $_PLUGINS; // Get current user state and store it into $oldUserComplete: $oldUserComplete = new moscomprofilerUser( $this->_db ); foreach ( array_keys( get_object_vars( $this ) ) as $k ) { if( substr( $k, 0, 1 ) != '_' ) { // ignore internal vars $oldUserComplete->$k = $this->$k; } } // 1) Process and validate the fields in form by CB field plugins: // 2) Bind the fields to CMS User: $bindResults = $this->bindSafely( $array, $ui, $reason, $oldUserComplete ); if ( $bindResults ) { // During bindSafely, in saveTabContents, the validations have already taken place, for mandatory fields. if ( ( $this->name == '' ) && ( $this->username == '' ) && ( $this->email != '' ) ) { $this->username = $this->email; $this->_cmsUser->username = $this->username; } // Checks that name is set. If not, uses the username as name, as Mambo/Joola mosUser::store() uses name for ACL // and ACL bugs with no name. if ( $this->name == '' ) { $this->name = $this->username; $this->_cmsUser->name = $this->name; } elseif ( $this->username == '' ) { $this->username = $this->name; $this->_cmsUser->username = $this->username; } if ( ! $this->checkSafely() ) { $bindResults = false; } } // For new registrations or backend user creations, set registration date and password if neeeded: $isNew = ( ! $this->id ); $newCBuser = ( $oldUserComplete->user_id == null ); if ( $isNew ) { if ( checkJversion() != 1 ) { // J1.5 works better with null here... has bug that it offsets the time by server date, others need this: $this->registerDate = date('Y-m-d H:i:s', $_CB_framework->now() ); } } if ( $bindResults ) { if ( $isNew ) { if ( $this->password == null ) { $this->setRandomPassword(); $ueConfig['emailpass'] = 1; // set this global to 1 to force password to be sent to new users. } } // In backend only: if group has been changed and where original group was a Super Admin: check if there is at least a super-admin left: if ( $ui == 2 ) { $myGid = userGID( $_CB_framework->myId() ); $cms_admin = $_CB_framework->acl->mapGroupNamesToValues( 'Administrator' ); $cms_super_admin = $_CB_framework->acl->mapGroupNamesToValues( 'Superadministrator' ); if ( ! $isNew ) { if ( $this->gid != $oldUserComplete->gid ) { if ( $oldUserComplete->gid == $cms_super_admin ) { // count number of active super admins if ( checkJversion() == 2 ) { $query = 'SELECT COUNT( a.id )' . "\n FROM #__users AS a" . "\n INNER JOIN #__user_usergroup_map AS b" . ' ON b.user_id = a.id' . "\n WHERE b.group_id = " . (int) $cms_super_admin . "\n AND a.block = 0" ; } else { $query = 'SELECT COUNT( id )' . "\n FROM #__users" . "\n WHERE gid = " . (int) $cms_super_admin . "\n AND block = 0" ; } $_CB_database->setQuery( $query ); $count = $_CB_database->loadResult(); if ( $count <= 1 ) { // disallow change if only one Super Admin exists $this->_error = 'You cannot change this users Group as it is the only active Super Administrator for your site'; return false; } } $user_group = strtolower( $_CB_framework->acl->get_group_name( $oldUserComplete->gid, 'ARO' ) ); if ( ( $user_group == 'super administrator' && $myGid != $cms_super_admin ) ) { // disallow change of super-Admin by non-super admin $this->_error = 'You cannot change this users Group as you are not a Super Administrator for your site'; return false; } elseif ( $this->id == $_CB_framework->myId() && $myGid == $cms_super_admin ) { // CB-specific: disallow change of own Super Admin group: $this->_error = 'You cannot change your own Super Administrator status for your site'; return false; } else if ( $myGid == $cms_admin && $oldUserComplete->gid == $cms_admin ) { // disallow change of super-Admin by non-super admin $this->_error = 'You cannot change the Group of another Administrator as you are not a Super Administrator for your site'; return false; } // ensure user can't add group higher than themselves done below } } // Security check to avoid creating/editing user to higher level than himself: CB response to artf4529. if ( ! in_array( $this->gid, getChildGIDS( $myGid ) ) ) { $this->_error = 'illegal attempt to set user at higher level than allowed !'; return false; } } } if ( $reason == 'edit' ) { if ( $ui == 1 ) { $_PLUGINS->trigger( 'onBeforeUserUpdate', array( &$this, &$this, &$oldUserComplete, &$oldUserComplete ) ); } elseif ( $ui == 2 ) { if ( $isNew || $newCBuser ) { $_PLUGINS->trigger( 'onBeforeNewUser', array( &$this, &$this, false ) ); } else { $_PLUGINS->trigger( 'onBeforeUpdateUser', array( &$this, &$this, &$oldUserComplete ) ); } } } elseif ( $reason == 'register' ) { $_PLUGINS->trigger( 'onBeforeUserRegistration', array( &$this, &$this ) ); } $beforeResult = ! $_PLUGINS->is_errors(); if ( ! $beforeResult ) { $this->_error = $_PLUGINS->getErrorMSG( false ); // $_PLUGIN collects all error messages, incl. previous ones. } // Saves tab plugins: // on edits, user params and block/email/approved/confirmed are done in cb.core predefined fields. // So now calls this and more (CBtabs are already created in $this->bindSafely() ). $pluginTabsResult = true; if ( $reason == 'edit' ) { $this->_cbTabs->savePluginTabs( $this, $array ); $pluginTabsResult = ! $_PLUGINS->is_errors(); if ( ! $pluginTabsResult ) { $this->_error = $_PLUGINS->getErrorMSG( false ); // $_PLUGIN collects all error messages, incl. previous ones. } } if ( $bindResults && $beforeResult && $pluginTabsResult ) { // Hashes password for CMS storage: $clearTextPassword = $this->password; if ( $clearTextPassword ) { $hashedPassword = $this->hashAndSaltPassword( $clearTextPassword ); $this->password = $hashedPassword; } // Stores user if it's a new user: if ( $isNew ) { if ( ! $this->store() ) { return false; } } // Restores cleartext password for the saveRegistrationPluginTabs: $this->password = $clearTextPassword; } if ( $reason == 'register' ) { if ( $bindResults && $beforeResult && $pluginTabsResult ) { // Sets the instance of user, to avoid reload from database, and loss of the cleartext password. CBuser::setUserGetCBUserInstance( $this ); } // call here since we got to have a user id: $registerResults = array(); $registerResults['tabs'] = $this->_cbTabs->saveRegistrationPluginTabs( $this, $array ); if ( $_PLUGINS->is_errors() ) { if ( $bindResults && $beforeResult && $pluginTabsResult ) { $plugins_error = $_PLUGINS->getErrorMSG( false ); // $_PLUGIN collects all error messages, incl. previous ones. if ( $isNew ) { // if it was a new user, and plugin gave error, revert the creation: $this->delete(); } $this->_error = $plugins_error; } else { $this->_error = $_PLUGINS->getErrorMSG( false ); // $_PLUGIN collects all error messages, incl. previous ones. } $pluginTabsResult = false; } } if ( ! ( $bindResults && $beforeResult && $pluginTabsResult ) ) { // Normal error exit point: $_PLUGINS->trigger( 'onSaveUserError', array( &$this, $this->_error, $reason ) ); if ( is_array( $this->_error ) ) { $this->_error = implode( '<br />', $this->_error ); } return false; } // Stores the user (again if it's a new as the plugins might have changed the user record): if ( $clearTextPassword ) { $this->password = $hashedPassword; } if ( ! $this->store() ) { return false; } // Restores cleartext password for the onAfter and activation events: $this->password = $clearTextPassword; // Triggers onAfter and activateUser events: if ( $reason == 'edit' ) { if ( $ui == 1 ) { $_PLUGINS->trigger( 'onAfterUserUpdate', array( &$this, &$this, $oldUserComplete ) ); } elseif ( $ui == 2 ) { if ( $isNew || $newCBuser ) { if ( $isNew ) { $ueConfig['emailpass'] = 1; // set this global to 1 to force password to be sent to new users. } $_PLUGINS->trigger( 'onAfterNewUser', array( &$this, &$this, false, true ) ); if ( $this->block == 0 && $this->approved == 1 && $this->confirmed ) { activateUser( $this, 2, 'NewUser', false, $isNew ); } } else { if ( ( ! ( ( $oldUserComplete->approved == 1 || $oldUserComplete->approved == 2 ) && $oldUserComplete->confirmed ) ) && ($this->approved == 1 && $this->confirmed ) ) { // first time a just registered and confirmed user got approved in backend through save user: if( isset( $ueConfig['emailpass'] ) && ( $ueConfig['emailpass'] == "1" ) && ( $this->password == '' ) ) { // generate the password is auto-generated and not set by the admin at this occasion: $this->setRandomPassword(); $pwd = $this->hashAndSaltPassword( $this->password ); $_CB_database->setQuery( "UPDATE #__users SET password="******" WHERE id = " . (int) $this->id ); $_CB_database->query(); } } $_PLUGINS->trigger( 'onAfterUpdateUser', array( &$this, &$this, $oldUserComplete ) ); if ( ( ! ( ( $oldUserComplete->approved == 1 || $oldUserComplete->approved == 2 ) && $oldUserComplete->confirmed ) ) && ($this->approved == 1 && $this->confirmed ) ) { // first time a just registered and confirmed user got approved in backend through save user: activateUser( $this, 2, 'UpdateUser', false ); } } } } elseif ( $reason == 'register' ) { $registerResults['after'] = $_PLUGINS->trigger( 'onAfterUserRegistration', array( &$this, &$this, true ) ); $registerResults['ok'] = true; return $registerResults; } return true; }
function _getTabFieldsDb( $tabid, &$user, $reason, $fieldIdOrName = null, $prefetchFields = true ) { static $prefetched = null; static $fieldsByName = null; if ( ( ! $prefetchFields ) || ( $prefetched === null ) ) { global $_CB_framework, $_CB_database, $ueConfig; $where = array(); $ordering = array(); if ( $fieldIdOrName && ! $prefetchFields ) { if ( is_int( $fieldIdOrName ) ) { $where[] = 'f.fieldid = ' . (int) $fieldIdOrName; } else { $where[] = 'f.name = ' . $_CB_database->Quote( $fieldIdOrName ); } } if ( ( $reason == 'list' ) && ( in_array( $ueConfig['name_format'], array( 1, 2, 4 ) ) ) ) { $where[] = "( f.published = 1 OR f.name = 'name' )"; } elseif ( $reason != 'adminfulllist' ) { $where[] = 'f.published = 1'; } switch ( $reason ) { case 'profile': $where[] = 'f.profile != 0'; break; case 'list': $where[] = "( f.profile != 0 OR f.name = 'username'" . ( in_array( $ueConfig['name_format'], array( 1, 2, 4 ) ) ? " OR f.name = 'name'" : '' ) . ')'; break; case 'register': $where[] = 'f.registration = 1'; break; case 'adminfulllist': default: break; } if ( $tabid && ! $prefetchFields ) { $where[] = 'f.tabid = ' . (int) $tabid; } else { if ( $reason != 'adminfulllist' ) { $where[] = 't.enabled = 1'; } if ( $reason != 'register' ) { $where[] = 't.useraccessgroupid IN (' . implode(',',getChildGIDS(userGID( $_CB_framework->myId() ))) . ')'; } } if ( ( ( $reason == 'profile' ) || ( $reason == 'list' ) ) && ( $ueConfig['allow_email_display'] == 0 ) && ( $reason != 'adminfulllist' ) ) { $where[] = 'f.type != ' . $_CB_database->Quote( 'emailaddress' ); } if ( ( ! $tabid ) || $prefetchFields ) { if ( $reason == 'register' ) { $ordering[] = 't.ordering_register'; } $ordering[] = 't.position'; $ordering[] = 't.ordering'; } $ordering[] = 'f.ordering'; $sql = 'SELECT f.*'; if ( $reason == 'register' ) { $sql .= ', t.ordering_register AS tab_ordering_register, t.position AS tab_position, t.ordering AS tab_ordering'; } $sql .= ' FROM #__comprofiler_fields f'; if ( ( ! $tabid ) || $prefetchFields ) { // don't get fields which are not assigned to tabs: $sql .= "\n INNER JOIN #__comprofiler_tabs AS t ON (f.tabid = t.tabid)"; } $sql .= "\n WHERE " . implode( ' AND ', $where ) . "\n ORDER BY " . implode( ', ', $ordering ); ; $_CB_database->setQuery( $sql ); if ( $prefetchFields ) { $fieldsByName = $_CB_database->loadObjectList( 'name', 'moscomprofilerFields', array( &$_CB_database ) ); if ( ! $_CB_database->getErrorNum() ) { foreach ( array_keys( $fieldsByName ) as $i ) { $fieldsByName[$i]->params = new cbParamsBase( $fieldsByName[$i]->params ); $prefetched[(int) $fieldsByName[$i]->tabid][$fieldsByName[$i]->fieldid] = $fieldsByName[$i]; } } } else { $fields = $_CB_database->loadObjectList( null, 'moscomprofilerFields', array( &$_CB_database ) ); if ( ! $_CB_database->getErrorNum() ) { for ( $i = 0, $n = count( $fields ); $i < $n; $i++ ) { $fields[$i]->params = new cbParamsBase( $fields[$i]->params ); } } } } if ( $prefetched !== null ) { if ( $tabid ) { if (isset( $prefetched[(int) $tabid] ) ) { $fields = $prefetched[(int) $tabid]; } else { $fields = array(); } } elseif ( $fieldIdOrName ) { if ( is_int( $fieldIdOrName ) ) { $fields = array(); foreach ( array_keys( $prefetched ) as $k ) { if ( isset( $prefetched[$k][$fieldIdOrName] ) ) { $fields[] = $prefetched[$k][$fieldIdOrName]; break; } } } elseif (isset( $fieldsByName[$fieldIdOrName] ) ) { $fields = array( $fieldsByName[$fieldIdOrName] ); } else { $fields = array(); } } else { $fields = array(); foreach ( $prefetched as /* $tid => */ $flds ) { // $fields = array_merge( $fields, $flds ); foreach ( $flds as $fl ) { $fields[$fl->fieldid] = $fl; } } } } // THIS is VERY experimental, and not yet part of CB API !!! : global $_PLUGINS; $_PLUGINS->loadPluginGroup( 'user' ); $_PLUGINS->trigger( 'onAfterFieldsFetch', array( &$fields, &$user, $reason, $tabid, $fieldIdOrName ) ); return $fields; }