/** * Direct access to field for custom operations, like for Ajax * * WARNING: direct unchecked access, except if $user is set, then check well for the $reason ... * * @param FieldTable $field * @param UserTable $user * @param array $postdata * @param string $reason 'profile' for user profile view, 'edit' for profile edit, 'register' for registration, 'search' for searches * @return string Expected output. */ public function fieldClass(&$field, &$user, &$postdata, $reason) { global $_CB_framework; // simple spoof check security if (!cbSpoofCheck('fieldclass', 'POST', 2) || $reason == 'register' && $_CB_framework->getUi() == 1 && !cbRegAntiSpamCheck(2)) { echo '<div class="alert alert-danger">' . CBTxt::Th('UE_SESSION_EXPIRED', 'Session expired or cookies are not enabled in your browser. Please press "reload page" in your browser, and enable cookies in your browser.') . "</div>"; exit; } return false; }
function _cbadmin_emailUsers( &$rows, $emailSubject, $emailBody, $limitstart, $limit, $total, $simulationMode ) { global $_PLUGINS; // simple spoof check security cbSpoofCheck( 'cbadmingui' ); cbRegAntiSpamCheck(); $cbNotification = new cbNotification(); $mode = 1; // html $usernames = ''; foreach ( $rows as $row ) { $user = CBuser::getUserDataInstance( (int) $row->id ); $usernames .= ( $usernames ? ', ' : '' ) . htmlspecialchars( $user->username ); if ( $simulationMode ) { $usernames .= ' (' . htmlspecialchars( CBTxt::T('email not send: simulation mode') ) . ')'; } else { $extraStrings = array(); $_PLUGINS->trigger( 'onBeforeBackendUserEmail', array( &$user, &$emailSubject, &$emailBody, $mode, &$extraStrings, $simulationMode ) ); if ( ! $cbNotification->sendFromSystem( $user, $emailSubject, $this->_cbadmin_makeLinksAbsolute( $emailBody ), true, $mode, null, null, null, $extraStrings, false ) ) { $usernames .= ': <span class="cb_result_error">' . htmlspecialchars( CBTxt::T('Error sending email!') ) . '</span>'; } } } if ( $total < $limit ) { $limit = $total; } ob_start(); $usersView = _CBloadView( 'users' ); $usersView->ajaxResults( $usernames, $emailSubject, $this->_cbadmin_makeLinksAbsolute( $emailBody ), $limitstart, $limit, $total ); $html = ob_get_contents(); ob_end_clean(); $reply = array( 'result' => 1, 'htmlcontent' => $html ); if ( ! ( $total - ( $limitstart + $limit ) > 0 ) ) { $reply['result'] = 2; } echo json_encode( $reply ); sleep(3); }
/** * Direct access to field for custom operations, like for Ajax * * WARNING: direct unchecked access, except if $user is set, then check well for the $reason ... * * @param moscomprofilerFields $field * @param moscomprofilerUser $user * @param array $postdata * @param string $reason 'profile' for user profile view, 'edit' for profile edit, 'register' for registration, 'search' for searches * @return string Expected output. */ function fieldClass(&$field, &$user, &$postdata, $reason) { global $_CB_framework; // simple spoof check security if (!cbSpoofCheck('fieldclass', 'POST', 2) || $reason == 'register' && $_CB_framework->getUi() == 1 && !cbRegAntiSpamCheck(2)) { echo '<span class="cb_result_error">' . _UE_SESSION_EXPIRED . "</span>"; exit; } return false; }
/** * Ajax function: Checks the availability of a username for registration and echoes a text containing the result of username search. * * @param string $username */ function performCheckEmail( $email, $function ) { global $_CB_framework, $_CB_database, $ueConfig; if ( ( ! isset( $ueConfig['reg_email_checker'] ) ) || ( ! $ueConfig['reg_email_checker'] ) ) { echo ISOtoUtf8( _UE_NOT_AUTHORIZED ); exit(); } // simple spoof check security if ( ( ! cbSpoofCheck( 'registerForm', 'POST', 2 ) ) || ( ! cbRegAntiSpamCheck( 2 ) ) ) { echo '<span class="cb_result_error">' . ISOtoUtf8( _UE_SESSION_EXPIRED ) . "</span>"; exit; } $email = stripslashes( $email ); $emailISO = utf8ToISO( $email ); // ajax sends in utf8, we need to convert back to the site's encoding. if ( $ueConfig['reg_email_checker'] > 1 ) { if ( $_CB_database->isDbCollationCaseInsensitive() ) { $query = "SELECT COUNT(*) AS result FROM #__users WHERE email = " . $_CB_database->Quote( ( trim( $emailISO ) ) ); } else { $query = "SELECT COUNT(*) AS result FROM #__users WHERE LOWER(email) = " . $_CB_database->Quote( ( strtolower( trim( $emailISO ) ) ) ); } $_CB_database->setQuery($query); $dataObj = null; if ( $_CB_database->loadObject( $dataObj ) ) { if ( $function == 'testexists' ) { if ( $dataObj->result ) { echo '<span class="cb_result_ok">' . sprintf( ISOtoUtf8( _UE_EMAIL_EXISTS_ON_SITE ), htmlspecialchars( $email ) ) . "</span>"; return; } else { echo '<span class="cb_result_error">' . sprintf( ISOtoUtf8( _UE_EMAIL_DOES_NOT_EXISTS_ON_SITE ), htmlspecialchars( $email ) ) . "</span>"; return; } } else { if ( $dataObj->result ) { echo '<span class="cb_result_error">' . sprintf( ISOtoUtf8( _UE_EMAIL_ALREADY_REGISTERED ), htmlspecialchars( $email ) ) . "</span>"; return; } } } } if ( $function == 'testexists' ) { echo ISOtoUtf8( _UE_NOT_AUTHORIZED ); return; } else { $checkResult = cbCheckMail( $_CB_framework->getCfg( 'mailfrom' ), $email ); } switch ( $checkResult ) { case -2: echo '<span class="cb_result_error">' . sprintf( ISOtoUtf8( _UE_EMAIL_NOVALID ), htmlspecialchars( $email ) ) . "</span>"; break; case -1: echo '<span class="cb_result_warning">' . sprintf( ISOtoUtf8( _UE_EMAIL_COULD_NOT_CHECK ), htmlspecialchars( $email ) ) . "</span>"; break; case 0: if ( $ueConfig['reg_confirmation'] == 0 ) { echo '<span class="cb_result_error">' . sprintf( ISOtoUtf8( _UE_EMAIL_INCORRECT_CHECK ), htmlspecialchars( $email ) ) . "</span>"; } else { echo '<span class="cb_result_error">' . sprintf( ISOtoUtf8( _UE_EMAIL_INCORRECT_CHECK_NEEDED ), htmlspecialchars( $email ) ) . "</span>"; } break; case 1: echo '<span class="cb_result_ok">' . sprintf( ISOtoUtf8( _UE_EMAIL_VERIFIED ), htmlspecialchars( $email ) ) . "</span>"; break; default: echo '<span class="cb_result_error">performCheckEmail:: Unexpected cbCheckMail result.</span>'; break; } }
/** * Outputs legacy user mass mailer and user reconfirm email display * * @param string $option * @param string $task * @param int[] $cid * @return bool * @deprecated 2.0 */ public function showUsers($option, $task, $cid) { global $_CB_framework, $_CB_database, $ueConfig, $_PLUGINS; cbimport('language.all'); cbimport('cb.tabs'); cbimport('cb.params'); cbimport('cb.pagination'); cbimport('cb.lists'); // We just need the user rows as we've already filtered down the IDs in user management: $query = 'SELECT *' . "\n FROM " . $_CB_database->NameQuote('#__comprofiler') . " AS c" . "\n INNER JOIN " . $_CB_database->NameQuote('#__users') . " AS u" . ' ON u.' . $_CB_database->NameQuote('id') . ' = c.' . $_CB_database->NameQuote('id') . "\n WHERE u." . $_CB_database->NameQuote('id') . " IN ( " . implode(', ', cbArrayToInts($cid)) . " )"; $_CB_database->setQuery($query); $rows = $_CB_database->loadObjectList(null, '\\CB\\Database\\Table\\UserTable', array($_CB_database)); $total = count($rows); if ($task == 'resendconfirmationemails') { if (!$rows) { cbRedirect($_CB_framework->backendViewUrl('showusers', false), CBTxt::T('SELECT_A_ROW_TO_TASK', 'Select a row to [task]', array('[task]' => $task)), 'error'); } $count = 0; /** @var UserTable[] $rows */ foreach ($rows as $row) { if ($row->confirmed == 0) { if ($row->cbactivation == '') { // Generate a new confirmation code if the user doesn't have one (requires email confirmation to be enabled): $row->store(); } $cbNotification = new cbNotification(); $cbNotification->sendFromSystem($row->id, CBTxt::T($ueConfig['reg_pend_appr_sub']), CBTxt::T($ueConfig['reg_pend_appr_msg']), true, isset($ueConfig['reg_email_html']) ? (int) $ueConfig['reg_email_html'] : 0); ++$count; } } cbRedirect($_CB_framework->backendViewUrl('showusers', false), CBTxt::T('SENT_CONFIRMATION_EMAILS_TO_NUM_USERS_USERS', 'Sent confirmation emails to [NUM_USERS] users', array('[NUM_USERS]' => $count))); } else { $emailSubject = stripslashes(cbGetParam($_POST, 'emailsubject', '')); $emailBody = stripslashes(rawurldecode(cbGetParam($_POST, 'emailbody', '', _CB_ALLOWRAW | _CB_NOTRIM))); $emailAttach = stripslashes(cbGetParam($_POST, 'emailattach', '')); $emailsPerBatch = stripslashes(cbGetParam($_POST, 'emailsperbatch', 50)); $emailsBatch = stripslashes(cbGetParam($_POST, 'emailsbatch', 0)); $emailFromName = stripslashes(cbGetParam($_POST, 'emailfromname', '')); $emailFromAddr = stripslashes(cbGetParam($_POST, 'emailfromaddr', '')); $emailReplyName = stripslashes(cbGetParam($_POST, 'emailreplyname', '')); $emailReplyAddr = stripslashes(cbGetParam($_POST, 'emailreplyaddr', '')); $emailPause = stripslashes(cbGetParam($_POST, 'emailpause', 30)); $simulationMode = stripslashes(cbGetParam($_POST, 'simulationmode', '')); // B/C trigger variables: if (count($cid) > 0 && count($cid) < $total) { $total = count($cid); } $pageNav = new cbPageNav($total, 0, 10); $search = ''; $lists = array(); $inputTextExtras = null; $select_tag_attribs = null; if ($task == 'emailusers') { if (!$rows) { cbRedirect($_CB_framework->backendViewUrl('showusers', false), CBTxt::T('SELECT_A_ROW_TO_TASK', 'Select a row to [task]', array('[task]' => $task)), 'error'); } $pluginRows = $_PLUGINS->trigger('onBeforeBackendUsersEmailForm', array(&$rows, &$pageNav, &$search, &$lists, &$cid, &$emailSubject, &$emailBody, &$inputTextExtras, &$select_tag_attribs, $simulationMode, $option, &$emailAttach, &$emailFromName, &$emailFromAddr, &$emailReplyName, &$emailReplyAddr)); $usersView = _CBloadView('users'); /** @var CBView_users $usersView */ $usersView->emailUsers($rows, $emailSubject, $emailBody, $emailAttach, $emailFromName, $emailFromAddr, $emailReplyName, $emailReplyAddr, $emailsPerBatch, $emailsBatch, $emailPause, $simulationMode, $pluginRows); } elseif ($task == 'startemailusers') { $pluginRows = $_PLUGINS->trigger('onBeforeBackendUsersEmailStart', array(&$rows, $total, $search, $lists, $cid, &$emailSubject, &$emailBody, &$inputTextExtras, $simulationMode, $option, &$emailAttach, &$emailFromName, &$emailFromAddr, &$emailReplyName, &$emailReplyAddr)); $usersView = _CBloadView('users'); /** @var CBView_users $usersView */ $usersView->startEmailUsers($rows, $emailSubject, $emailBody, $emailAttach, $emailFromName, $emailFromAddr, $emailReplyName, $emailReplyAddr, $emailsPerBatch, $emailsBatch, $emailPause, $simulationMode, $pluginRows); } elseif ($task == 'ajaxemailusers') { cbSpoofCheck('cbadmingui'); cbRegAntiSpamCheck(); $cbNotification = new cbNotification(); $mode = 1; // html $errors = 0; $success = array(); $failed = array(); $users = array_slice($rows, $emailsBatch, $emailsPerBatch); if ($simulationMode) { $success = array('<div class="alert alert-info">' . CBTxt::T('Emails do not send in simulation mode') . '</div>'); } else { foreach ($users as $user) { $extraStrings = array(); $_PLUGINS->trigger('onBeforeBackendUserEmail', array(&$user, &$emailSubject, &$emailBody, $mode, &$extraStrings, $simulationMode, &$emailAttach, &$emailFromName, &$emailFromAddr, &$emailReplyName, &$emailReplyAddr)); $attachments = cbReplaceVars($emailAttach, $user, $mode, true, $extraStrings); if ($attachments) { $attachments = preg_split(' *, *', $attachments); } else { $attachments = null; } if (!$cbNotification->sendFromSystem($user, $emailSubject, $this->makeLinksAbsolute($emailBody), true, $mode, null, null, $attachments, $extraStrings, false, $emailFromName, $emailFromAddr, $emailReplyName, $emailReplyAddr)) { $failed[] = '<div class="alert alert-danger">' . '<strong>' . htmlspecialchars($user->name . ' <' . $user->email . '>') . '</strong>: ' . CBTxt::Th('ERROR_SENDING_EMAIL_ERRORMSG', 'Error sending email: [ERROR_MSG]', array('[ERROR_MSG]' => $cbNotification->errorMSG)) . '</div>'; ++$errors; } else { $success[] = htmlspecialchars($user->name . ' <' . $user->email . '>'); } } } $usernames = implode(', ', $success) . implode('', $failed); if ($total < $emailsPerBatch) { $limit = $total; } else { $limit = $emailsPerBatch; } ob_start(); $usersView = _CBloadView('users'); /** @var CBView_users $usersView */ $usersView->ajaxResults($usernames, $emailSubject, $this->makeLinksAbsolute($emailBody), $emailAttach, $emailFromName, $emailFromAddr, $emailReplyName, $emailReplyAddr, $emailsBatch, $limit, $total, $errors); $html = ob_get_contents(); ob_end_clean(); $reply = array('result' => 1, 'htmlcontent' => $html); if (!($total - ((int) $emailsBatch + (int) $emailsPerBatch) > 0)) { $reply['result'] = 2; } echo json_encode($reply); } } }
/** * Ajax function: Checks the availability of a username for registration and echoes a text containing the result of username search. * * @deprecated 2.0.0 use cbValidator::getRuleHtmlAttributes instead * * @param string $email * @param string $function */ function performCheckEmail($email, $function) { global $_CB_framework, $_CB_database, $ueConfig; $field = new \CB\Database\Table\FieldTable(); $field->load(array('name' => 'email')); $field->params = new \CBLib\Registry\Registry($field->params); if (!$field->params->get('field_check_email', 0)) { echo CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!'); exit; } // simple spoof check security if (!cbSpoofCheck('registerForm', 'POST', 2) || !cbRegAntiSpamCheck(2)) { echo '<div class="alert alert-danger">' . CBTxt::Th('UE_SESSION_EXPIRED', 'Session expired or cookies are not enabled in your browser. Please press "reload page" in your browser, and enable cookies in your browser.') . "</div>"; exit; } $email = stripslashes($email); $emailISO = $email; // ajax sends in utf8, but no need to change encoding anymore. if ($field->params->get('field_check_email', 0) > 1) { if ($_CB_database->isDbCollationCaseInsensitive()) { $query = "SELECT COUNT(*) AS result FROM #__users WHERE email = " . $_CB_database->Quote(trim($emailISO)); } else { $query = "SELECT COUNT(*) AS result FROM #__users WHERE LOWER(email) = " . $_CB_database->Quote(strtolower(trim($emailISO))); } $_CB_database->setQuery($query); $dataObj = null; if ($_CB_database->loadObject($dataObj)) { /** @var StdClass $dataObj */ if ($function == 'testexists') { if ($dataObj->result) { echo '<div class="alert alert-success">' . CBTxt::Th('UE_EMAIL_EXISTS_ON_SITE', "The email '[email]' exists on this site.", array('[email]' => htmlspecialchars($email))) . "</div>"; return; } else { echo '<div class="alert alert-danger">' . CBTxt::Th('UE_EMAIL_DOES_NOT_EXISTS_ON_SITE', "The email '[email]' does not exist on this site.", array('[email]' => htmlspecialchars($email))) . "</div>"; return; } } else { if ($dataObj->result) { echo '<div class="alert alert-danger">' . CBTxt::Th('UE_EMAIL_NOT_AVAILABLE', "The email '[email]' is already in use.", array('[email]' => htmlspecialchars($email))) . "</div>"; return; } } } } if ($function == 'testexists') { echo CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!'); return; } else { $checkResult = cbCheckMail($_CB_framework->getCfg('mailfrom'), $email); } switch ($checkResult) { case -2: // Wrong Format echo '<span class="alert alert-danger">' . sprintf(CBTxt::Th('UE_EMAIL_NOVALID', 'This is not a valid email address.')), htmlspecialchars($email) . "</span>"; break; case -1: // Couldn't Check break; case 0: // Invalid if ($ueConfig['reg_confirmation'] == 0) { echo '<span class="alert alert-danger">' . sprintf(CBTxt::Th('UE_EMAIL_INCORRECT_CHECK', 'This email does not accept email: Please check.')), htmlspecialchars($email) . "</span>"; } else { echo '<span class="alert alert-danger">' . sprintf(CBTxt::Th('UE_EMAIL_INCORRECT_CHECK_NEEDED', 'This address does not accept email: Needed for confirmation.')), htmlspecialchars($email) . "</span>"; } break; case 1: // Valid echo '<span class="alert alert-success">' . sprintf(CBTxt::Th('UE_EMAIL_VERIFIED', 'This email address seems valid.')), htmlspecialchars($email) . "</span>"; break; default: echo '<span class="alert alert-danger">performCheckEmail:: Unexpected cbCheckMail result.</span>'; break; } }