Esempio n. 1
0
function editUser($uid = '0', $option = 'users')
{
    global $database, $my, $acl, $adminLanguage;
    $row = new mosUser($database);
    // load the row from the db table
    $row->load($uid);
    if ($uid) {
        $query = "SELECT * FROM #__contact_details WHERE user_id='" . $row->id . "'";
        $database->setQuery($query);
        $contact = $database->loadObjectList();
    } else {
        $contact = NULL;
    }
    $my_group = strtolower($acl->get_group_name($row->gid, 'ARO'));
    if ($my_group == 'super administrator') {
        $lists['gid'] = '<input type="hidden" name="gid" value="' . $my->gid . '" /><strong>' . $adminLanguage->A_COMP_USERS_SUPER_ADMIN . '</strong>';
    } else {
        // ensure user can't add group higher than themselves
        $my_groups = $acl->get_object_groups('users', $my->id, 'ARO');
        if (is_array($my_groups) && count($my_groups) > 0) {
            $ex_groups = $acl->get_group_children($my_groups[0], 'ARO', 'RECURSE');
        } else {
            $ex_groups = array();
        }
        $gtree = $acl->get_group_children_tree(null, 'USERS', false);
        // remove users 'above' me
        $i = 0;
        while ($i < count($gtree)) {
            if (in_array($gtree[$i]->value, $ex_groups)) {
                array_splice($gtree, $i, 1);
            } else {
                $i++;
            }
        }
        $lists['gid'] = mosHTML::selectList($gtree, 'gid', 'size="4"', 'value', 'text', $row->gid);
    }
    // build the html select list
    $lists['block'] = mosHTML::yesnoRadioList('block', 'class="inputbox" size="1"', $row->block);
    // build the html select list
    $lists['sendEmail'] = mosHTML::yesnoRadioList('sendEmail', 'class="inputbox" size="1"', $row->sendEmail);
    HTML_users::edituser($row, $contact, $lists, $option, $uid);
}
 /**
  * Gets access levels of CMS for $user_id
  * 
  * @param  int      $user_id
  * @param  boolean  $recurse		(DEPRECATED 1.8)
  * @param  boolean  $cb1xNumbering  (SINCE 1.8)      DEFAULT: FALSE: (if $cb1xNumbering with CB 1.x's definition for standard levels 0,1,2)
  * @return array of int
  */
 function get_object_access($user_id, $recurse = false, $cb1xNumbering = true)
 {
     global $_CB_database;
     if (checkJversion() == 2) {
         $levels = $this->_acl->getAuthorisedViewLevels((int) $user_id);
         // Keep backwards levels compatible: J1.6's 1 is CB 1.7-'s 0, 2 is 1, 3 is 2:
         if ($cb1xNumbering) {
             foreach ($levels as $k => $v) {
                 if ($v <= 3) {
                     --$levels[$k];
                 }
             }
         }
     } else {
         if (checkJversion() == 1) {
             $user =& JFactory::getUser($user_id ? (int) $user_id : null);
             $level = $user->get('aid', 0);
         } else {
             $user = new mosUser($_CB_database);
             $user->load((int) $user_id);
             $level = $user->gid;
         }
         $query = 'SELECT ' . $_CB_database->NameQuote('id') . "\n FROM " . $_CB_database->NameQuote('#__groups') . "\n WHERE " . $_CB_database->NameQuote('id') . " <= " . (int) $level . "\n ORDER BY " . $_CB_database->NameQuote('id');
         $_CB_database->setQuery($query);
         $levels = $_CB_database->loadResultArray();
         if (!$cb1xNumbering) {
             for ($i = 0, $n = count($levels); $i < $n; $i++) {
                 if (in_array($levels[$i], array(0, 1, 2))) {
                     ++$levels[$i];
                     // J1.5's 0 is CB's 1, 1 is 2, 2 is 3.
                 }
             }
         }
         // This makes sense only on J<1.6, thus it's only here:
         if (!$recurse) {
             $levels = array_slice($levels, -1);
         }
     }
     return array_unique(cbArrayToInts($levels));
 }
Esempio n. 3
0
function userSave($option, $uid)
{
    global $database, $my, $mosConfig_frontend_userparams;
    $user_id = intval(mosGetParam($_POST, 'id', 0));
    // do some security checks
    if ($uid == 0 || $user_id == 0 || $user_id != $uid) {
        mosNotAuth();
        return;
    }
    // simple spoof check security
    josSpoofCheck();
    $row = new mosUser($database);
    $row->load((int) $user_id);
    $orig_password = $row->password;
    $orig_username = $row->username;
    if (!$row->bind($_POST, 'gid usertype')) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    $row->name = trim($row->name);
    $row->email = trim($row->email);
    $row->username = trim($row->username);
    mosMakeHtmlSafe($row);
    if (isset($_POST['password']) && $_POST['password'] != '') {
        if (isset($_POST['verifyPass']) && $_POST['verifyPass'] == $_POST['password']) {
            $row->password = trim($row->password);
            $salt = mosMakePassword(16);
            $crypt = md5($row->password . $salt);
            $row->password = $crypt . ':' . $salt;
        } else {
            echo "<script> alert(\"" . addslashes(_PASS_MATCH) . "\"); window.history.go(-1); </script>\n";
            exit;
        }
    } else {
        // Restore 'original password'
        $row->password = $orig_password;
    }
    if ($mosConfig_frontend_userparams == '1' || $mosConfig_frontend_userparams == 1 || $mosConfig_frontend_userparams == NULL) {
        // save params
        $params = mosGetParam($_POST, 'params', '');
        if (is_array($params)) {
            $txt = array();
            foreach ($params as $k => $v) {
                $txt[] = "{$k}={$v}";
            }
            $row->params = implode("\n", $txt);
        }
    }
    if (!$row->check()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    if (!$row->store()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    // check if username has been changed
    if ($orig_username != $row->username) {
        // change username value in session table
        $query = "UPDATE #__session" . "\n SET username = "******"\n WHERE username = "******"\n AND userid = " . (int) $my->id . "\n AND gid = " . (int) $my->gid . "\n AND guest = 0";
        $database->setQuery($query);
        $database->query();
    }
    mosRedirect('index.php', _USER_DETAILS_SAVE);
}
Esempio n. 4
0
$query = "SELECT COUNT(*) FROM #__users WHERE block = '0' {$where}";
$database->setQuery($query);
$total = $database->loadResult();
$limit = jTipsGetParam($_REQUEST, 'limit', $jTips['NumMax']);
$pageNav = new mosPageNav($total, $offset, $limit);
$tpl->pageNav = $pageNav;
$direction = jTipsGetParam($_REQUEST, 'filter_order_Dir', 'asc');
if (empty($direction)) {
    $direction = 'asc';
}
$orderby = jTipsGetParam($_REQUEST, 'filter_order', 'name');
if (empty($orderby)) {
    $orderby = 'name';
}
// BUG 319 - creating users that don't require activation, or creating a user by admin leaves an activation code
//$query = "SELECT id FROM #__users WHERE activation = '' ORDER BY $orderby $direction";
$query = "SELECT id FROM #__users WHERE block = '0' {$where} ORDER BY {$orderby} {$direction}";
$database->setQuery($query, $pageNav->limitstart, $pageNav->limit);
$list = (array) $database->loadResultArray();
$users = array();
foreach ($list as $id) {
    if (isJoomla15()) {
        $JoomlaUser = new JUser();
    } else {
        $JoomlaUser = new mosUser($database);
    }
    $JoomlaUser->load($id);
    $users[] = $JoomlaUser;
}
$tpl->users = $users;
$tpl->display();
Esempio n. 5
0
 function sendNotificationEmail($type)
 {
     jTipsLogger::_log('preparing to send ' . $type . ' notification email', 'INFO');
     global $jTips, $database;
     $subject = stripslashes($jTips["UserNotify" . $type . "Subject"]);
     $message = stripslashes($jTips["UserNotify" . $type . "Message"]);
     $from_name = $jTips['UserNotifyFromName'];
     $from_email = $jTips['UserNotifyFromEmail'];
     $variables = array();
     $values = array();
     foreach (get_object_vars($this) as $key => $val) {
         if (is_string($key)) {
             array_push($variables, $key);
             $values[$key] = $val;
         }
     }
     if (isJoomla15()) {
         $user = new JUser();
     } else {
         $user = new mosUser($database);
     }
     $user->load($this->user_id);
     foreach (get_object_vars($user) as $key => $val) {
         if (is_string($key)) {
             array_push($variables, $key);
             $values[$key] = $val;
         }
     }
     // find out which season this is for an add it to the avaialble variables
     $query = "SELECT name FROM #__jtips_seasons WHERE id = '" . $this->season_id . "'";
     $database->setQuery($query);
     $season = $database->loadResult();
     $values['competition'] = $season;
     $values['season'] = $season;
     $body = parseTemplate($message, $variables, $values);
     jTipsLogger::_log('sending email: ' . $body, 'INFO');
     if (jTipsMail($from_email, $from_name, $this->getUserField('email'), $subject, $body)) {
         jTipsLogger::_log('notification email sent successfully', 'INFO');
         return TRUE;
     } else {
         jTipsLogger::_log('sending notification email failed', 'ERROR');
         return FALSE;
     }
 }
Esempio n. 6
0
function UserView($option, $uid)
{
    global $database;
    if ($uid == 0) {
        mosNotAuth();
        return;
    }
    $user_id = intval(mosGetParam($_REQUEST, 'userid', 0));
    if ($user_id == 0) {
        $user_id = $uid;
    }
    //  echo "<script>alert('$user_id');</script>";
    include_once "administrator/components/com_user_extended/user_extended.class.php";
    $row = new mosUser_Extended($database);
    $row->load($user_id);
    $urow = new mosUser($database);
    $urow->load($user_id);
    $u_name = $urow->name;
    $u_username = $urow->username;
    $u_email = $urow->email;
    UserExtended_content::UserView($option, $row, $u_name, $u_username, $u_email);
}
Esempio n. 7
0
function AuthorDateLine(&$row, &$params)
{
    global $database;
    $text = '';
    if ($params->get('author')) {
        // Display Author name
        //Find Author Name
        $users_rows = new mosUser($database);
        $users_rows->load($row->created_by);
        $row->author = $users_rows->name;
        $row->usertype = $users_rows->usertype;
        if ($row->usertype == 'administrator' || $row->usertype == 'superadministrator') {
            $text .= "\n";
            $text .= _WRITTEN_BY . ' ' . ($row->created_by_alias ? $row->created_by_alias : $row->author);
        } else {
            $text .= "\n";
            $text .= _AUTHOR_BY . ' ' . ($row->created_by_alias ? $row->created_by_alias : $row->author);
        }
    }
    if ($params->get('createdate') && $params->get('author')) {
        // Display Separator
        $text .= "\n";
    }
    if ($params->get('createdate')) {
        // Display Created Date
        if (intval($row->created)) {
            $create_date = mosFormatDate($row->created);
            $text .= $create_date;
        }
    }
    if ($params->get('modifydate') && ($params->get('author') || $params->get('createdate'))) {
        // Display Separator
        $text .= "\n";
    }
    if ($params->get('modifydate')) {
        // Display Modified Date
        if (intval($row->modified)) {
            $mod_date = mosFormatDate($row->modified);
            $text .= _LAST_UPDATED . ' ' . $mod_date;
        }
    }
    $text .= "\n\n";
    return $text;
}
Esempio n. 8
0
/**
 * Check if users are of lower permissions than current user (if not super-admin) and if the user himself is not included
 *
 * @param array of userId $cid
 * @param string $actionName to insert in message.
 * @return string of error if error, otherwise null
 * Added 1.0.11
 */
function checkUserPermissions($cid, $actionName, $allowActionToMyself = false)
{
    global $database, $acl, $my;
    $msg = null;
    if (is_array($cid) && count($cid)) {
        $obj = new mosUser($database);
        foreach ($cid as $id) {
            if ($id != 0) {
                $obj->load($id);
                $groups = $acl->get_object_groups('users', $id, 'ARO');
                $this_group = strtolower($acl->get_group_name($groups[0], 'ARO'));
            } else {
                $this_group = 'Registered';
                // minimal user group
                $obj->gid = $acl->get_group_id($this_group, 'ARO');
            }
            if (!$allowActionToMyself && $id == $my->id) {
                $msg .= 'Não pode ' . $actionName . ' seu próprio nome!';
            } else {
                if ($obj->gid == $my->gid && !in_array($my->gid, array(24, 25)) || $obj->gid && !in_array($obj->gid, getGIDSChildren($my->gid))) {
                    $msg .= 'Não pode ' . $actionName . ' a `' . $this_group . '`. Apenas usuários com um nível de grupo superior têm esta permissão. ';
                }
            }
        }
    }
    return $msg;
}
Esempio n. 9
0
	function get_object_access( $user_id, $recurse = false ) {
		global $_CB_database;

		$user_id			=	(int) $user_id;

		if ( checkJversion() == 2 ) {
			$levels 		=	$this->_acl->getAuthorisedViewLevels( $user_id );

			$return 		=	( $recurse ? $levels : array_slice( $levels, -1 ) );
		} else {
			if ( checkJversion() == 1 ) {
				$user		=&	JFactory::getUser();

				$user->load( $user_id );

				$level		=	$user->get( 'aid', 0 );
			} else {
				$user		=	new mosUser( $_CB_database );

				$user->load( $user_id );

				$level		=	$user->gid;
			}

			$query			=	'SELECT ' . $_CB_database->NameQuote( 'id' )
							.	"\n FROM " . $_CB_database->NameQuote( '#__groups' )
							.	"\n WHERE " . $_CB_database->NameQuote( 'id' ) . " <= " . (int) $level
							.	"\n ORDER BY " . $_CB_database->NameQuote( 'id' );
			$_CB_database->setQuery( $query );
			$levels			=	$_CB_database->loadResultArray();

			for ( $i = 0, $n = count( $levels ); $i < $n; $i++ ) {
				$levels[$i]	=	(int) $levels[$i];
			}

			$return 		=	( $recurse ? $levels : array_slice( $levels, -1 ) );
		}

		return $return;
	}
Esempio n. 10
0
function editUser($uid = '0', $option = 'users')
{
    global $database, $my, $acl;
    $row = new mosUser($database);
    // load the row from the db table
    $row->load($uid);
    if ($uid) {
        $query = "SELECT * FROM #__contact_details WHERE user_id='" . $row->id . "'";
        $database->setQuery($query);
        $contact = $database->loadObjectList();
    } else {
        $contact = NULL;
        $row->block = 0;
    }
    // check to ensure only super admins can edit super admin info
    if ($my->gid < 25 && $row->gid == 25) {
        mosRedirect('index2.php?option=com_users', T_('You are not authorized to view this resource.'));
    }
    $my_group = strtolower($acl->get_group_name($row->gid, 'ARO'));
    if ($my_group == 'super administrator') {
        $lists['gid'] = '<input type="hidden" name="gid" value="' . $my->gid . '" /><strong>' . T_('Super Administrator') . '</strong>';
    } else {
        if ($my->gid == 24 && $row->gid == 24) {
            $lists['gid'] = '<input type="hidden" name="gid" value="' . $my->gid . '" /><strong>' . T_('Administrator') . '</strong>';
        } else {
            // ensure user can't add group higher than themselves
            $my_groups = $acl->get_object_groups('users', $my->id, 'ARO');
            if (is_array($my_groups) && count($my_groups) > 0) {
                $ex_groups = $acl->get_group_children($my_groups[0], 'ARO', 'RECURSE');
                if (!$ex_groups) {
                    $ex_groups = array();
                }
            } else {
                $ex_groups = array();
            }
            $gtree = $acl->get_group_children_tree(null, 'USERS', false);
            // remove users 'above' me
            $i = 0;
            while ($i < count($gtree)) {
                if (in_array($gtree[$i]->value, $ex_groups)) {
                    array_splice($gtree, $i, 1);
                } else {
                    $i++;
                }
            }
            $lists['gid'] = mosHTML::selectList($gtree, 'gid', 'size="10"', 'value', 'text', $row->gid);
        }
    }
    // build the html select list
    $lists['block'] = mosHTML::yesnoRadioList('block', 'class="inputbox" size="1"', $row->block);
    // build the html select list
    $lists['sendEmail'] = mosHTML::yesnoRadioList('sendEmail', 'class="inputbox" size="1"', $row->sendEmail);
    HTML_users::edituser($row, $contact, $lists, $option, $uid);
}
Esempio n. 11
0
/**
 * Check if users are of lower permissions than current user (if not super-admin) and if the user himself is not included
 *
 * @param array of userId $cid
 * @param string $actionName to insert in message.
 * @return string of error if error, otherwise null
 * Added 1.0.11
 */
function checkUserPermissions($cid, $actionName, $allowActionToMyself = false)
{
    global $database, $acl, $my;
    $msg = null;
    if (is_array($cid) && count($cid)) {
        $obj = new mosUser($database);
        foreach ($cid as $id) {
            if ($id != 0) {
                $obj->load($id);
                $groups = $acl->get_object_groups('users', $id, 'ARO');
                $this_group = strtolower($acl->get_group_name($groups[0], 'ARO'));
            } else {
                $this_group = 'Registered';
                // minimal user group
                $obj->gid = $acl->get_group_id($this_group, 'ARO');
            }
            if (!$allowActionToMyself && $id == $my->id) {
                $msg .= 'You cannot ' . $actionName . ' Yourself!';
            } else {
                if ($obj->gid == $my->gid && !in_array($my->gid, array(24, 25)) || $obj->gid && !in_array($obj->gid, getGIDSChildren($my->gid))) {
                    $msg .= 'You cannot ' . $actionName . ' a `' . $this_group . '`. Only higher-level users have this power. ';
                }
            }
        }
    }
    return $msg;
}
Esempio n. 12
0
function userSave($option, $uid)
{
    global $database;
    $user_id = intval(mosGetParam($_POST, 'id', 0));
    // do some security checks
    if ($uid == 0 || $user_id == 0 || $user_id != $uid) {
        mosNotAuth();
        return;
    }
    $row = new mosUser($database);
    $row->load($user_id);
    $row->orig_password = $row->password;
    if (!$row->bind($_POST, "gid usertype")) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    mosMakeHtmlSafe($row);
    if (isset($_POST["password"]) && $_POST["password"] != "") {
        if (isset($_POST["verifyPass"]) && $_POST["verifyPass"] == $_POST["password"]) {
            $row->password = md5($_POST["password"]);
        } else {
            echo "<script> alert(\"" . T_('Passwords do not match') . "\"); window.history.go(-1); </script>\n";
            exit;
        }
    } else {
        // Restore 'original password'
        $row->password = $row->orig_password;
    }
    if (!$row->check()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    unset($row->orig_password);
    // prevent DB error!!
    if (!$row->store()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    $loginfo = new mosLoginDetails($row->username, $_POST['password']);
    $mambothandler =& mosMambotHandler::getInstance();
    $mambothandler->loadBotGroup('authenticator');
    $mambothandler->trigger('userChange', array($loginfo));
    mosRedirect("index.php?option={$option}", T_('Your settings have been saved.'));
}
Esempio n. 13
0
File: pdf.php Progetto: cwcw/cms
function dofreePDF($database)
{
    global $mosConfig_live_site, $mosConfig_sitename, $mosConfig_offset, $mosConfig_hideCreateDate, $mosConfig_hideAuthor, $mosConfig_hideModifyDate;
    $id = intval(mosGetParam($_REQUEST, 'id', 1));
    include 'includes/class.ezpdf.php';
    $row = new mosContent($database);
    $row->load($id);
    //Find Author Name
    $users_rows = new mosUser($database);
    $users_rows->load($row->created_by);
    $row->author = $users_rows->name;
    $row->usertype = $users_rows->usertype;
    // Ugly but needed to get rid of all the stuff the PDF class cant handle
    $row->fulltext = str_replace('<p>', "\n\n", $row->fulltext);
    $row->fulltext = str_replace('<P>', "\n\n", $row->fulltext);
    $row->fulltext = str_replace('<br />', "\n", $row->fulltext);
    $row->fulltext = str_replace('<br>', "\n", $row->fulltext);
    $row->fulltext = str_replace('<BR />', "\n", $row->fulltext);
    $row->fulltext = str_replace('<BR>', "\n", $row->fulltext);
    $row->fulltext = str_replace('<li>', "\n - ", $row->fulltext);
    $row->fulltext = str_replace('<LI>', "\n - ", $row->fulltext);
    $row->fulltext = strip_tags($row->fulltext);
    $row->fulltext = str_replace('{mosimage}', '', $row->fulltext);
    $row->fulltext = str_replace('{mospagebreak}', '', $row->fulltext);
    $row->fulltext = decodeHTML($row->fulltext);
    $row->introtext = str_replace('<p>', "\n\n", $row->introtext);
    $row->introtext = str_replace('<P>', "\n\n", $row->introtext);
    $row->introtext = str_replace('<li>', "\n - ", $row->introtext);
    $row->introtext = str_replace('<LI>', "\n - ", $row->introtext);
    $row->introtext = strip_tags($row->introtext);
    $row->introtext = str_replace('{mosimage}', '', $row->introtext);
    $row->introtext = str_replace('{mospagebreak}', '', $row->introtext);
    $row->introtext = decodeHTML($row->introtext);
    $pdf =& new Cezpdf('a4', 'P');
    //A4 Portrait
    $pdf->ezSetCmMargins(2, 1.5, 1, 1);
    $pdf->selectFont('./fonts/Helvetica.afm');
    //choose font
    $all = $pdf->openObject();
    $pdf->saveState();
    $pdf->setStrokeColor(0, 0, 0, 1);
    // footer
    $pdf->line(10, 40, 578, 40);
    $pdf->line(10, 822, 578, 822);
    $pdf->addText(30, 34, 6, $mosConfig_live_site . ' - ' . $mosConfig_sitename);
    $pdf->addText(250, 34, 6, 'Powered by Mambo');
    $pdf->addText(450, 34, 6, 'Generated: ' . date('j F, Y, H:i', time() + $mosConfig_offset * 60 * 60));
    $pdf->restoreState();
    $pdf->closeObject();
    $pdf->addObject($all, 'all');
    $pdf->ezSetDy(30);
    $txt1 = $row->title;
    $pdf->ezText($txt1, 14);
    $txt2 = NULL;
    $mod_date = NULL;
    $create_date = NULL;
    if (intval($row->modified) != 0) {
        $mod_date = mosFormatDate($row->modified);
    }
    if (intval($row->created) != 0) {
        $create_date = mosFormatDate($row->created);
    }
    if ($mosConfig_hideCreateDate == '0') {
        $txt2 .= '(' . $create_date . ') - ';
    }
    if ($mosConfig_hideAuthor == "0") {
        if ($row->author != '' && $mosConfig_hideAuthor == '0') {
            if ($row->usertype == 'administrator' || $row->usertype == 'superadministrator') {
                $txt2 .= _WRITTEN_BY . ' ' . ($row->created_by_alias ? $row->created_by_alias : $row->author);
            } else {
                $txt2 .= _AUTHOR_BY . ' ' . ($row->created_by_alias ? $row->created_by_alias : $row->author);
            }
        }
    }
    if ($mosConfig_hideModifyDate == "0") {
        $txt2 .= ' - ' . _LAST_UPDATED . ' (' . $mod_date . ') ';
    }
    $txt2 .= "\n\n";
    $pdf->ezText($txt2, 8);
    $txt3 = $row->introtext . "\n" . $row->fulltext;
    $pdf->ezText($txt3, 10);
    $pdf->ezStream();
}
Esempio n. 14
0
function dofreePDF($database)
{
    global $mosConfig_live_site, $mosConfig_sitename, $mosConfig_offset, $mosConfig_hideCreateDate, $mosConfig_hideAuthor, $mosConfig_hideModifyDate;
    $id = intval(mosGetParam($_REQUEST, 'id', 1));
    // Access check
    global $gid;
    $now = date('Y-m-d H:i:s', time() + $mosConfig_offset * 60 * 60);
    $query = "SELECT COUNT(a.id)" . "\n FROM #__content AS a" . "\n LEFT JOIN #__categories AS cc ON cc.id = a.catid" . "\n LEFT JOIN #__sections AS s ON s.id = cc.section AND s.scope='content'" . "\n LEFT JOIN #__users AS u ON u.id = a.created_by" . "\n LEFT JOIN #__content_rating AS v ON a.id = v.content_id" . "\n LEFT JOIN #__groups AS g ON a.access = g.id" . "\n WHERE a.id='" . $id . "' " . "\n AND (a.state = '1' OR a.state = '-1')" . "\n AND (publish_up = '0000-00-00 00:00:00' OR publish_up <= '{$now}')" . "\n AND (publish_down = '0000-00-00 00:00:00' OR publish_down >= '{$now}')" . "\n AND a.access <= " . intval($gid);
    $database->setQuery($query);
    if (!$database->loadResult()) {
        exit(T_('You are not authorized to view this resource.'));
    }
    include 'includes/class.ezpdf.php';
    $row = new mosContent($database);
    $row->load($id);
    //Find Author Name
    $users_rows = new mosUser($database);
    $users_rows->load($row->created_by);
    $row->author = $users_rows->name;
    $row->usertype = $users_rows->usertype;
    // Ugly but needed to get rid of all the stuff the PDF class cant handle
    $row->fulltext = str_replace('<p>', "\n\n", $row->fulltext);
    $row->fulltext = str_replace('<P>', "\n\n", $row->fulltext);
    $row->fulltext = str_replace('<br />', "\n", $row->fulltext);
    $row->fulltext = str_replace('<br>', "\n", $row->fulltext);
    $row->fulltext = str_replace('<BR />', "\n", $row->fulltext);
    $row->fulltext = str_replace('<BR>', "\n", $row->fulltext);
    $row->fulltext = str_replace('<li>', "\n - ", $row->fulltext);
    $row->fulltext = str_replace('<LI>', "\n - ", $row->fulltext);
    $row->fulltext = strip_tags($row->fulltext);
    $row->fulltext = str_replace('{mosimage}', '', $row->fulltext);
    $row->fulltext = str_replace('{mospagebreak}', '', $row->fulltext);
    $row->fulltext = decodeHTML($row->fulltext);
    $row->introtext = str_replace('<p>', "\n\n", $row->introtext);
    $row->introtext = str_replace('<P>', "\n\n", $row->introtext);
    $row->introtext = str_replace('<li>', "\n - ", $row->introtext);
    $row->introtext = str_replace('<LI>', "\n - ", $row->introtext);
    $row->introtext = strip_tags($row->introtext);
    $row->introtext = str_replace('{mosimage}', '', $row->introtext);
    $row->introtext = str_replace('{mospagebreak}', '', $row->introtext);
    $row->introtext = decodeHTML($row->introtext);
    $pdf =& new Cezpdf('a4', 'P');
    //A4 Portrait
    $pdf->ezSetCmMargins(2, 1.5, 1, 1);
    $pdf->selectFont('./fonts/Helvetica.afm');
    //choose font
    $all = $pdf->openObject();
    $pdf->saveState();
    $pdf->setStrokeColor(0, 0, 0, 1);
    // footer
    $pdf->line(10, 40, 578, 40);
    $pdf->line(10, 822, 578, 822);
    $pdf->addText(30, 34, 6, $mosConfig_live_site . ' - ' . $mosConfig_sitename);
    $pdf->addText(250, 34, 6, T_('Powered by Mambo'));
    $pdf->addText(450, 34, 6, T_('Generated:') . date('j F, Y, H:i', time() + $mosConfig_offset * 60 * 60));
    $pdf->restoreState();
    $pdf->closeObject();
    $pdf->addObject($all, 'all');
    $pdf->ezSetDy(30);
    $txt1 = $row->title;
    $pdf->ezText($txt1, 14);
    $txt2 = NULL;
    $mod_date = NULL;
    $create_date = NULL;
    if (intval($row->modified) != 0) {
        $mod_date = mosFormatDate($row->modified);
    }
    if (intval($row->created) != 0) {
        $create_date = mosFormatDate($row->created);
    }
    if ($mosConfig_hideCreateDate == '0') {
        $txt2 .= '(' . $create_date . ') - ';
    }
    if ($mosConfig_hideAuthor == "0") {
        if ($row->author != '' && $mosConfig_hideAuthor == '0') {
            if ($row->usertype == 'administrator' || $row->usertype == 'superadministrator') {
                $txt2 .= T_('Written by') . ' ' . ($row->created_by_alias ? $row->created_by_alias : $row->author);
            } else {
                $txt2 .= T_('Contributed by') . ' ' . ($row->created_by_alias ? $row->created_by_alias : $row->author);
            }
        }
    }
    if ($mosConfig_hideModifyDate == "0") {
        $txt2 .= ' - ' . T_('Last Updated') . ' (' . $mod_date . ') ';
    }
    $txt2 .= "\n\n";
    $pdf->ezText($txt2, 8);
    $txt3 = $row->introtext . "\n" . $row->fulltext;
    $pdf->ezText($txt3, 10);
    $pdf->ezStream();
}
Esempio n. 15
0
 /**
  * Returns a reference to the global {@link JUser} object, 
  * only creating it if it doesn't already exist.
  * 
  * @param int $id An user identifier
  * @return JUser
  */
 public static function getUser($id = null)
 {
     if (JCOMMENTS_JVERSION == '1.0') {
         if (!is_null($id)) {
             global $database;
             $user = new mosUser($database);
             $user->load($id);
         } else {
             global $mainframe;
             $user = $mainframe->getUser();
         }
     } else {
         $user = JFactory::getUser($id);
     }
     return $user;
 }
Esempio n. 16
0
 /**
  * Function to remove a user from Joomla
  */
 function removeUsers($cid)
 {
     global $database, $acl, $my, $vmLogger, $VM_LANG;
     if (!is_array($cid)) {
         $cid = array($cid);
     }
     if (count($cid)) {
         $obj = new mosUser($database);
         foreach ($cid as $id) {
             // check for a super admin ... can't delete them
             //TODO: Find out the group name of the User to be deleted
             //				$groups 	= $acl->get_object_groups( 'users', $id, 'ARO' );
             //				$this_group = strtolower( $acl->get_group_name( $groups[0], 'ARO' ) );
             $obj->load($id);
             $this_group = strtolower($obj->get('usertype'));
             if ($this_group == 'super administrator') {
                 $vmLogger->err($VM_LANG->_('VM_USER_DELETE_ERR_SUPERADMIN'));
                 return false;
             } else {
                 if ($id == $my->id) {
                     $vmLogger->err($VM_LANG->_('VM_USER_DELETE_ERR_YOURSELF'));
                     return false;
                 } else {
                     if ($this_group == 'administrator' && $my->gid == 24) {
                         $vmLogger->err($VM_LANG->_('VM_USER_DELETE_ERR_ADMIN'));
                         return false;
                     } else {
                         $obj->delete($id);
                         $err = $obj->getError();
                         if ($err) {
                             $vmLogger->err($err);
                             return false;
                         }
                         return true;
                     }
                 }
             }
         }
     }
 }
Esempio n. 17
0
if (!isset($ps_shopper_group)) {
    $ps_shopper_group = new ps_shopper_group();
}
$user_id = intval(vmGet($_REQUEST, 'user_id'));
$cid = vmRequest::getVar('cid', array(0), '', 'array');
if (!empty($user_id)) {
    $q = "SELECT * FROM #__users AS u LEFT JOIN #__{vm}_user_info AS ui ON id=user_id ";
    $q .= "WHERE id={$user_id} ";
    $q .= "AND (address_type='BT' OR address_type IS NULL ) ";
    $q .= "AND gid <= " . $my->gid;
    $db->query($q);
    $db->next_record();
}
// Set up the CMS General User Information
$row = new mosUser($database);
$row->load((int) $user_id);
if ($user_id) {
    $query = "SELECT *" . "\n FROM #__contact_details" . "\n WHERE user_id = " . (int) $row->id;
    $database->setQuery($query);
    $contact = $database->loadObjectList();
    $row->name = trim($row->name);
    $row->email = trim($row->email);
    $row->username = trim($row->username);
    $row->password = trim($row->password);
} else {
    $contact = NULL;
    $row->block = 0;
}
// check to ensure only super admins can edit super admin info
if ($my->gid < 25 && $row->gid == 25) {
    vmRedirect('index2.php?option=com_users', _NOT_AUTH);
Esempio n. 18
0
File: user.php Progetto: cwcw/cms
function userSave($option, $uid)
{
    global $database;
    $user_id = intval(mosGetParam($_POST, 'id', 0));
    // do some security checks
    if ($uid == 0 || $user_id == 0 || $user_id != $uid) {
        mosNotAuth();
        return;
    }
    $row = new mosUser($database);
    $row->load($user_id);
    $row->orig_password = $row->password;
    if (!$row->bind($_POST, "gid usertype")) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    mosMakeHtmlSafe($row);
    if (isset($_POST["password"]) && $_POST["password"] != "") {
        if (isset($_POST["verifyPass"]) && $_POST["verifyPass"] == $_POST["password"]) {
            $row->password = md5($_POST["password"]);
        } else {
            echo "<script> alert(\"" . _PASS_MATCH . "\"); window.history.go(-1); </script>\n";
            exit;
        }
    } else {
        // Restore 'original password'
        $row->password = $row->orig_password;
    }
    if (!$row->check()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    unset($row->orig_password);
    // prevent DB error!!
    if (!$row->store()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    mosRedirect("index.php?option={$option}", _USER_DETAILS_SAVE);
}