function saveTab( $option ) { global $_CB_database, $_CB_framework, $_POST; $this->_importNeeded(); $this->_importNeededSave(); if ( isset( $_POST['params'] ) ) { $_POST['params'] = cbParamsEditorController::getRawParamsMagicgpcEscaped( $_POST['params'] ); } else { $_POST['params'] = ''; } if ( ! isset( $_POST['tabid'] ) || ( count( $_POST ) == 0 ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Missing post values') ) . "'); window.history.go(-2); </script>\n"; exit(); } if ( $_POST['tabid'] ) { $oldrow = new moscomprofilerTabs( $_CB_database ); if ( $oldrow->load( (int) $_POST['tabid'] ) && ( ! in_array( $oldrow->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) . "'); window.history.go(-1);</script>\n"; exit; } } $row = new moscomprofilerTabs( $_CB_database ); if (!$row->bind( $_POST )) { echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-1); </script>\n"; exit(); } if ( ! $row->ordering_register ) { $row->ordering_register = 10; } $row->description = cleanEditorsTranslationJunk( trim( $row->description ) ); if (!$row->check()) { echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n"; exit(); } $row->tabid = (int) cbGetParam( $_POST, 'tabid', 0 ); if ( ! $row->store() ) { echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n"; exit(); } $row->checkin(); cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showTab" ), CBTxt::T('Successfully Saved Tab') . ": ". $row->title ); }
function removeTabs($cid, $option) { global $_CB_database, $_CB_framework; if (!is_array($cid) || count($cid) < 1) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Select an item to delete')) . "'); window.history.go(-1);</script>\n"; exit; } $msg = ''; if (count($cid)) { $obj = new moscomprofilerTabs($_CB_database); foreach ($cid as $id) { $noDelete = 0; $obj->load((int) $id); if (!$_CB_framework->acl->amIaSuperAdmin()) { if (!in_array($obj->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } $_CB_database->setQuery("SELECT COUNT(*) FROM #__comprofiler_fields WHERE tabid=" . (int) $id); $onField = $_CB_database->loadResult(); if ($obj->sys > 0) { $msg .= sprintf(CBTxt::T('%s cannot be deleted because it is a system tab.'), getLangDefinition($obj->title)) . " \n"; $noDelete = 1; } if ($obj->pluginid) { $plugin = new moscomprofilerPlugin($_CB_database); if ($plugin->load($obj->pluginid)) { $msg .= sprintf(CBTxt::T('%s cannot be deleted because it is a tab belonging to an installed plugin.'), getLangDefinition($obj->title)) . " \n"; $noDelete = 1; } } if ($onField > 0) { $msg .= sprintf(CBTxt::T('%s is being referenced by an existing field and cannot be deleted!'), getLangDefinition($obj->title)); $noDelete = 1; } if ($noDelete == 0) { $obj->delete($id); $msg .= $obj->getError(); } } } if ($msg) { echo "<script type=\"text/javascript\"> alert('" . str_replace("\n", '\\n', addslashes($msg)) . "'); window.history.go(-1);</script>\n"; exit; } cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=showTab")); }
/** * Installs a tab into database, finding already existing one if needed. * * @param int $pluginid * @param CBSimpleXMLElement $tab * @return int|boolean id of tab or FALSE in case of error (error saved with $this->setError() ). */ function installTab($pluginid, &$tab) { global $_CB_database, $_CB_framework; // Check to see if plugin tab already exists in db if ($tab->attributes('class')) { $query = "SELECT tabid FROM #__comprofiler_tabs WHERE " . "pluginclass = " . $_CB_database->Quote($tab->attributes('class')); } else { $query = "SELECT tabid FROM #__comprofiler_tabs WHERE pluginid = " . (int) $pluginid . " AND pluginclass = ''"; } $_CB_database->setQuery($query); $tabid = $_CB_database->loadResult(); if ($tab->attributes('type') == 'existingSytemTab') { if ($tabid == null) { $this->setError(1, 'installTab error: existingSystemTab' . ': ' . $tab->attributes('class') . ' ' . 'not found' . '.'); return false; } } else { $row = new moscomprofilerTabs($_CB_database); if ($tabid) { $row->load((int) $tabid); } if (!$row->tabid) { $row->title = $tab->attributes('name'); $row->description = trim($tab->attributes('description')); $row->ordering = 99; $row->position = $tab->attributes('position'); $row->displaytype = $tab->attributes('displaytype'); $row->ordering_register = $tab->attributes('ordering_register'); } $row->width = $tab->attributes('width'); $row->pluginclass = $tab->attributes('class'); $row->pluginid = $pluginid; $row->fields = $tab->attributes('fields'); $row->sys = $tab->attributes('sys'); $row->useraccessgroupid = -2; $row->viewaccesslevel = 1; $userGroupName = $tab->attributes('useraccessgroup'); $viewAccessLevelName = $tab->attributes('viewaccesslevel'); switch ($userGroupName) { case 'All Registered Users': $row->useraccessgroupid = -1; break; case 'Everybody': default: if ($userGroupName && $userGroupName != 'Everybody') { $groupId = $_CB_framework->acl->get_group_id($userGroupName, 'ARO'); if ($groupId) { $row->useraccessgroupid = $groupId; } break; } } if ($viewAccessLevelName) { $accessLevels = $_CB_framework->acl->get_access_children_tree(2, false, false); $viewAccessLevelId = array_search($viewAccessLevelName, $accessLevels); if ($viewAccessLevelId !== false) { $row->viewaccesslevel = $viewAccessLevelId; } } if (!$row->store()) { $this->setError(1, 'SQL error' . ': ' . $row->getError()); return false; } $tabid = (int) $row->tabid; } return $tabid; }
function saveTab($option) { global $_CB_database, $_CB_framework, $_POST; $this->_importNeeded(); $this->_importNeededSave(); if (isset($_POST['params'])) { $_POST['params'] = cbParamsEditorController::getRawParamsMagicgpcEscaped($_POST['params']); } else { $_POST['params'] = ''; } if (!isset($_POST['tabid']) || count($_POST) == 0) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Missing post values')) . "'); window.history.go(-2); </script>\n"; exit; } $oldrow = new moscomprofilerTabs($_CB_database); if (isset($_POST['tabid']) && $_POST['tabid']) { $oldrow->load((int) $_POST['tabid']); // Check if user is a super user: if (!$_CB_framework->acl->amIaSuperAdmin()) { // Check if user belongs to useraccessgroupid: if (!in_array($oldrow->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user belongs to viewaccesslevel: if (!in_array($oldrow->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } } $row = new moscomprofilerTabs($_CB_database); if (!$row->bind($_POST)) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } // Set defaults if nothing is found // Also check if oldrow value to use its current value or default otherwise // This prevents a tab from storing to database with null values when some inputs are set disabled: if ($row->useraccessgroupid == '') { $row->useraccessgroupid = $oldrow->useraccessgroupid != '' ? $oldrow->useraccessgroupid : -2; } if ($row->viewaccesslevel == '') { $row->viewaccesslevel = $oldrow->viewaccesslevel != '' ? $oldrow->viewaccesslevel : 1; } if ($row->ordering == '') { $row->ordering = $oldrow->ordering != '' ? $oldrow->ordering : 999; } if ($row->ordering_register == '') { $row->ordering_register = $oldrow->ordering_register != '' ? $oldrow->ordering_register : 10; } if ($row->enabled == '') { $row->enabled = $oldrow->enabled != '' ? $oldrow->enabled : 1; } $row->description = cleanEditorsTranslationJunk(trim($row->description)); if (!$row->check()) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } $row->tabid = (int) cbGetParam($_POST, 'tabid', 0); // Check if user is a super user: if (!$_CB_framework->acl->amIaSuperAdmin()) { $canEditState = CBuser::getMyInstance()->authoriseAction('core.edit.state'); // Check if user belongs to useraccessgroupid if ($row->useraccessgroupid != '' && !in_array($row->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user belongs to viewaccesslevel if ($row->viewaccesslevel != '' && !in_array($row->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user can edit status (and if not, that status are as expected): if (!$canEditState) { $failed = false; // Check if row exists and if useraccessgroupid is different from existing row // Check if row doesn't exist and if useraccessgroupid is different from default if ($oldrow->tabid && ($row->useraccessgroupid != '' && $oldrow->useraccessgroupid != $row->useraccessgroupid) || !$oldrow->tabid && ($row->useraccessgroupid != '' && $row->useraccessgroupid != -2)) { $failed = true; } // Check if row exists and if viewaccesslevel is different from existing row // Check if row doesn't exist and if viewaccesslevel is different from default // Check if user can edit status: if ($oldrow->tabid && ($row->viewaccesslevel != '' && $oldrow->viewaccesslevel != $row->viewaccesslevel) || !$oldrow->tabid && ($row->viewaccesslevel != '' && $row->viewaccesslevel != 1)) { $failed = true; } // Check if row exists and if ordering is different from existing row // Check if row doesn't exist and if ordering is different from default // Check if user can edit status: if ($oldrow->tabid && ($row->ordering != '' && $oldrow->ordering != $row->ordering) || !$oldrow->tabid && ($row->ordering != '' && $row->ordering != 999)) { $failed = true; } // Check if row exists and if ordering_register is different from existing row // Check if row doesn't exist and if ordering_register is different from default // Check if user can edit status: if ($oldrow->tabid && ($row->ordering_register != '' && $oldrow->ordering_register != $row->ordering_register) || !$oldrow->tabid && ($row->ordering_register != '' && $row->ordering_register != 10)) { $failed = true; } // Check if row exists and if publish is different from existing row // Check if row doesn't exist and if publish is different from default // Check if user can edit status: if ($oldrow->tabid && ($row->enabled != '' && $oldrow->enabled != $row->enabled) || !$oldrow->tabid && ($row->enabled != '' && $row->enabled != 1)) { $failed = true; } if ($failed) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } } if (!$row->store()) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } $row->checkin(); cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=showTab"), CBTxt::T('Successfully Saved Tab') . ": " . $row->title); }