/** * Removes live_site from the URL making it relative * * @param string $url The URL to make relative * @return string */ public function makeUrlRelative($url) { global $_CB_framework; $liveSite = $_CB_framework->getCfg('live_site'); if (cbStartOfStringMatch($url, $liveSite)) { $url = substr($url, strlen($liveSite)); } return $url; }
/** * displays $action toolbar button * * @param string $action * @param string $link * @param string $alt * @param string $class */ public static function linkAction($action = 'new', $link = null, $alt = 'New', $class = null) { if (cbStartOfStringMatch($link, 'javascript:')) { $href = '#'; $onClickJs = substr($link, 11); } else { $href = $link; $onClickJs = null; } CBtoolmenuBar::_output($onClickJs, $action, $alt, $href, $class); }
/** * Utility for gateways to get the payment gateway URL without https:// out of $this->serverUrls array * - depends on $case * - depends on 'normal_gateway' account-param: 0 = test, 1 = normal, 2 = special url in 'gateway_$case_url' account-param * * @param string $case Must be safe ! 'single', 'recurring' or any other case, from constant, not request * @return string URL with HTTPS:// */ protected function gatewayUrl( $case = 'single' ) { $serverType = $this->getAccountParam( 'normal_gateway', 1 ); if ( $serverType == 0 ) { $url = 'https://' . $this->_gatewayUrls[$case . '+test']; } elseif ( $serverType == 2 ) { $url = $this->getAccountParam( 'gateway_' . $case . '_url', '' ); if ( ! cbStartOfStringMatch( $url, 'https://' ) ) { $url = 'https://' . $url; } } else { $url = 'https://' . $this->_gatewayUrls[$case . '+normal']; } return $url; }
/** * Implements a form http request render of its result (read-only) * * @param string $name The name of the form element * @param string $value The value of the element * @param SimpleXMLElement $node The xml element for the parameter * @param string $control_name The control name * @return string The html for the element */ function _form_httprequest( /** @noinspection PhpUnusedParameterInspection */ $name, $value, &$node, $control_name ) { $link = $node->attributes( 'link' ); if ( ! $link ) { return null; } $this->substituteName( $link, false ); // TODO: Improve drawUrl or here directly to handle local raw URLs (e.g. test.html should prefix with live_site) $url = $this->_controllerView->drawUrl( $link, $node, $this->_modelOfData[0], $this->_modelOfData[0]->get( 'id' ) ); if ( ( ! $url ) || cbStartOfStringMatch( $url, 'javascript:' ) ) { return null; } $client = new GuzzleHttp\Client(); try { $result = $client->get( $url ); // TODO: Implement handling of <data and sending as post instead of get when present if ( $result->getStatusCode() != 200 ) { $result = false; } } catch ( Exception $e ) { $result = false; } $return = null; if ( $result !== false ) { switch( $result->getHeader( 'Content-Type' ) ) { case 'application/xml': // TODO: Implement parsing of XML responses through params if it's a CB xml file otherwise parse to array then into fields output $return = CBTxt::T( 'HTTP Request XML response handling is not yet implemented.' ); break; case 'application/json': $return = $this->_json_render( $result->json(), $node ); break; default: $return = $result->getBody(); break; } } else { $return = $value; } return $return; }
/** * Formatter: * Returns a field in specified format * * @param FieldTable $field * @param UserTable $user * @param string $output 'html', 'xml', 'json', 'php', 'csvheader', 'csv', 'rss', 'fieldslist', 'htmledit' * @param string $formatting 'tr', 'td', 'div', 'span', 'none', 'table'?? * @param string $reason 'profile' for user profile view, 'edit' for profile edit, 'register' for registration, 'search' for searches * @param int $list_compare_types IF reason == 'search' : 0 : simple 'is' search, 1 : advanced search with modes, 2 : simple 'any' search * @return mixed */ public function getFieldRow(&$field, &$user, $output, $formatting, $reason, $list_compare_types) { global $ueConfig; $results = null; $oValue = $this->getField($field, $user, $output, $reason, $list_compare_types); if ($reason == 'edit') { $displayMode = $field->get('edit', 1); } elseif ($reason == 'register') { $displayMode = $field->get('registration', 1); } elseif ($reason == 'search') { $displayMode = 1; } else { $displayMode = $field->get('profile', 1); } $displayTitle = in_array($displayMode, array(3, 4)) ? false : true; if (!($oValue != null || trim($oValue) != '') && $output == 'html' && isset($ueConfig['showEmptyFields']) && $ueConfig['showEmptyFields'] == 1 && $reason != 'search' && $displayTitle) { $oValue = cbReplaceVars($ueConfig['emptyFieldsText'], $user); } if ($oValue != null || trim($oValue) != '') { if (cbStartOfStringMatch($output, 'html')) { $results = $this->renderFieldHtml($field, $user, $oValue, $output, $formatting, $reason, array()); } else { $results = $oValue; } } return $results; }
/** * Compiles $this SQL query into a real SQL query * * @param array $tableReferences * @param array $joinsSQL * @param boolean $wildcards TRUE only at top recursion * @return null|string */ public function reduceSqlFormula(&$tableReferences, &$joinsSQL, $wildcards = null) { static $replaceWildcards = false; static $joinedTableKey = 'a'; if ($wildcards !== null) { // Top call of recursion: $replaceWildcards = $wildcards; $joinedTableKey = 'a'; } $condition = null; $subFormulas = array(); switch ($this->getName()) { case 'data': $table = $this->attributes('table'); if ($table) { if (isset($tableReferences[$table])) { $prevJoinKey = $tableReferences[$table]; } else { $prevJoinKey = null; } $joinKey = 'j' . $joinedTableKey; $tableReferences[$table] = $joinKey; $joinedTableKey = chr(ord($joinedTableKey) + 1); } else { $joinKey = null; $prevJoinKey = null; } break; default: $table = null; $joinKey = null; $prevJoinKey = null; break; } // Recurse: foreach ($this->children() as $child) { $subForm = $child->reduceSqlFormula($tableReferences, $joinsSQL, null); if ($subForm != '') { $subFormulas[] = $subForm; } } switch ($this->getName()) { case 'data': if (substr($this->attributes('type'), 0, 6) == 'const:') { $condition = $this->_sqlCleanQuote($this->attributes('value'), $this->attributes('type')); } else { global $_CB_database; $joinType = 'LEFT'; if (count($subFormulas) > 0) { $condition = '(' . implode(') ' . $this->attributes('operator') . ' (', $subFormulas) . ')'; foreach ($this->children() as $child) { if ($child->getName() == 'joinkeys') { if ($child->attributes('type') === 'inner') { $joinType = 'INNER'; } break; } } } else { $condition = ($joinKey ? $joinKey . '.' : '') . $_CB_database->NameQuote($this->attributes('key')) . ' = ' . $_CB_database->NameQuote($this->attributes('value')); } if ($joinKey) { $joinsSQL[] = $joinType . ' JOIN ' . $_CB_database->NameQuote($table) . ' AS ' . $joinKey . ' ON ' . $condition; $condition = $joinKey . '.' . $this->attributes('name'); if ($prevJoinKey) { $tableReferences[$table] = $prevJoinKey; } else { unset($tableReferences[$table]); } } } break; case 'joinkeys': if (count($subFormulas) > 0) { $condition = '(' . implode(') ' . $this->attributes('operator') . ' (', $subFormulas) . ')'; } break; case 'column': case 'where': switch ($this->attributes('type')) { case 'sql:operator': if (count($subFormulas) > 0) { $condition = '(' . implode(') ' . $this->attributes('operator') . ' (', $subFormulas) . ')'; } break; case 'sql:function': $condition = $this->attributes('operator') . '( ' . implode(', ', $subFormulas) . ' )'; break; case 'sql:field': if (isset($tableReferences[$this->attributes('table')])) { $operator = $this->attributes('operator'); $value = $this->attributes('value'); $valuetype = $this->attributes('valuetype'); $searchmode = $this->attributes('searchmode'); if (in_array($operator, array('=', '<>', '!=')) && $valuetype == 'const:string') { switch ($searchmode) { case 'all': case 'any': case 'anyis': case 'phrase': case 'allnot': case 'anynot': case 'anyisnot': case 'phrasenot': $precise = in_array($searchmode, array('anyis', 'anyisnot')); if ($replaceWildcards && !$precise) { $this->_replaceWildCards($operator, $value); // changes $operator and $value ! } if (is_array($value)) { $eachValues = $value; } else { if (cbStartOfStringMatch($searchmode, 'phrase')) { $eachValues = array($value); } else { global $_CB_framework; if ($_CB_framework->outputCharset() == 'UTF-8') { $eachValues = @preg_split('/\\p{Z}+/u', $value); if (preg_last_error() == PREG_INTERNAL_ERROR) { // PCRE has not been compiled with utf-8 support, do our best: $eachValues = preg_split('/\\W+/', $value); } } else { $eachValues = preg_split('/\\W+/', $value); } } } $conditions = array(); foreach ($eachValues as $v) { if ($v != '') { if (!($precise || in_array($operator, array('LIKE', 'NOT LIKE')))) { $operator = $this->_operatorToLike($operator); } $conditions[] = $this->_buildop($operator, $precise ? $v : $this->_prepostfixPercent($v), $valuetype, $tableReferences); } } if (count($conditions) > 1) { $op = in_array($searchmode, array('all', 'allnot')) ? ') AND (' : ') OR ('; $condition = '(' . implode($op, $conditions) . ')'; } elseif (count($conditions) == 1) { $condition = implode('', $conditions); } else { $condition = null; } if (in_array($searchmode, array('allnot', 'anynot', 'anyisnot', 'phrasenot')) && $condition) { $condition = 'NOT(' . $condition . ')'; } break; case 'isnot': $operator = $operator == '=' ? '<>' : '='; $condition = $this->_buildop($operator, $value, $valuetype, $tableReferences); break; case 'is': default: $condition = $this->_buildop($operator, $value, $valuetype, $tableReferences); break; } } else { $condition = $this->_buildop($operator, $value, $valuetype, $tableReferences); } } break; default: break; } break; default: break; } return $condition; }
/** * View for <param type="private" class="cbpaidParamsExt" method="checkifexecutable">... * * @param string $value Stored Data of Model Value associated with the element * @param ParamsInterface $pluginParams Main settigns parameters of the plugin * @param string $name Name attribute * @param CBSimpleXMLElement $param This XML node * @param string $control_name Name of the control * @param string $control_name_name css id-encode of the names of the controls surrounding this node * @param boolean $view TRUE: view, FALSE: edit * @param cbpaidTable $modelOfData Data of the Model corresponding to this View * @param cbpaidTable[] $modelOfDataRows Displayed Rows if it is a table * @param int $modelOfDataRowsNumber Total Number of rows * @return null|string */ public function checkifexecutable($value, &$pluginParams, $name, &$param, $control_name, $control_name_name, $view, &$modelOfData, &$modelOfDataRows, &$modelOfDataRowsNumber) { $default = $param->attributes('default'); $return = ''; $filePath = isset($modelOfData->{$default}) ? $modelOfData->{$default} : null; //->get( 'default' ); if ($filePath) { if (function_exists('is_executable')) { $executable = @is_executable($filePath); $return .= $this->_outputGreenRed($filePath, $executable, "is executable", "is not found or not executable"); } else { $return .= $this->_outputGreenRed($filePath, false, '', "can not be checked because of SafeMode enabled or is_executable function disabled."); } } else { $return .= $this->_outputGreenRed('', false, '', "No path defined yet. Please define then apply setting to get result of check."); } // $openSSLloaded = extension_loaded( 'openssl' ); // $return .= $this->_outputGreenRed( "openSSL library", $openSSLloaded ); if (!cbStartOfStringMatch($return, '<div class="cbEnabled">')) { if ($default == 'openssl_exec_path') { $resultOpenssl = $this->opensslstatus($value, $pluginParams, $name, $param, $control_name, $control_name_name, $view, $modelOfData, $modelOfDataRows, $modelOfDataRowsNumber); if (cbStartOfStringMatch($resultOpenssl, '<div class="cbEnabled">')) { $return = '<div class="cbEnabled">' . CBPTXT::Th("Not needed, as OpenSSL PHP module is loaded") . '</div>'; return $return; } } } return $return; }
/** * Converts a XML description of a SQL column into a full SQL type * * <column name="_rate" nametype="namesuffix" type="sql:decimal(16,8)" unsigned="true" null="true" default="NULL" auto_increment="100" /> * * Returns: $fulltype: 'decimal(16,8) unsigned NULL DEFAULT NULL' * * @param SimpleXMLElement $column Column to determine type * @param string $tableName Name of table (for determining engine for preferred type) * @param string $tableEngine Engine of table (if $tableName is not yet created, for preferred type) * @return string|boolean Full SQL creation type or FALSE in case of error */ protected function fullColumnType(SimpleXMLElement $column, $tableName, $tableEngine = null) { $fullType = false; if ($column->getName() == 'column') { // $colName = $column->attributes( 'name' ); // $colNameType = $column->attributes( 'nametype' ); // if ( $colNameType == 'namesuffix' ) { // $colName = $colNamePrefix . $colName; // } $type = $this->getPreferredColumnType($column, $tableName, $tableEngine); $unsigned = $column->attributes('unsigned'); $null = $column->attributes('null'); $default = $column->attributes('default'); $auto_increment = $column->attributes('auto_increment'); if (cbStartOfStringMatch($type, 'sql:')) { $type = trim(substr($type, 4)); // remove 'sql:' if ($type) { $notQuoted = array('int', 'float', 'tinyint', 'bigint', 'decimal', 'boolean', 'bit', 'serial', 'smallint', 'mediumint', 'double', 'year'); $isInt = false; foreach ($notQuoted as $n) { if (cbStartOfStringMatch($type, $n)) { $isInt = true; break; } } $fullType = $type; if ($unsigned == 'true') { $fullType .= ' unsigned'; } if ($null !== 'true') { $fullType .= ' NOT NULL'; } if (!in_array($type, array('text', 'blob', 'tinytext', 'mediumtext', 'longtext', 'tinyblob', 'mediumblob', 'longblob'))) { // BLOB and TEXT columns cannot have DEFAULT values. http://dev.mysql.com/doc/refman/5.0/en/blob.html if ($default !== null) { $fullType .= ' DEFAULT ' . ($isInt || $default === 'NULL' ? $default : $this->_db->Quote($default)); } elseif (!$auto_increment) { // MySQL 5.0.51a and b have a bug: they need a default value always to be able to return it correctly in SHOW COLUMNS FROM ...: if ($null === 'true') { $default = 'NULL'; } elseif ($isInt) { $default = 0; } elseif (in_array($type, array('datetime', 'date', 'time'))) { $default = $this->_db->getNullDate($type); } else { $default = ''; } $fullType .= ' DEFAULT ' . ($isInt || $default === 'NULL' ? $default : $this->_db->Quote($default)); } } if ($auto_increment) { $fullType .= ' auto_increment'; } } } } return $fullType; }
function drawUrl( $cbUri, &$sourceElem, &$data, $id, $htmlspecialchars = true, $inPage = true ) { global $_CB_framework; $ui = $_CB_framework->getUi(); if ( substr( $cbUri, 0, 4 ) == 'cbo:' ) { $subTaskValue = substr( $cbUri, 4 ); switch ( $subTaskValue ) { case 'newrow': $id = 0; // fallthrough: no break on purpose. case 'rowedit': //TBD this is duplicate of below $baseUrl = 'index.php'; $baseUrl .= '?option=' . $this->_options['option'] . '&task=' . $this->_options['task'] . '&cid=' . $this->_options['pluginid']; $url = $baseUrl . '&table=' . $this->_tableBrowserModel->attributes( 'name' ) . '&action=editrow'; // below: . '&tid=' . $id; break; case 'saveorder': case 'editrows': case 'deleterows': case 'copyrows': case 'updaterows': case 'publish': case 'unpublish': case 'enable': case 'disable': default: $url = 'javascript:cbDoListTask(this, ' // cb //TBD: this is duplicate of pager. . "'" . $this->taskName( false ). "','" // task . $this->subtaskName( false ). "','" // subtaskName . $this->subtaskValue( $subTaskValue, false ) . "','" // subtaskValue . $this->fieldId( 'id', null, false ) . "'" // fldName . ");"; break; } } elseif ( substr( $cbUri, 0, 10 ) == 'cb_action:' ) { $actionName = substr( $cbUri, 10 ); $action =& $this->_actions->getChildByNameAttr( 'action', 'name', $actionName ); if ( $action ) { $requestNames = explode( ' ', $action->attributes( 'request' ) ); $requestValues = explode( ' ', $action->attributes( 'action' ) ); $parametersValues = explode( ' ', $action->attributes( 'parameters' ) ); $baseUrl = 'index.php'; $baseUrl .= '?'; $baseRequests = array( 'option' => 'option', 'task' => 'task', 'cid' => 'pluginid' ); $urlParams = array(); foreach ( $baseRequests as $breq => $breqOptionsValue ) { if ( ( ! ( in_array( $breq, $requestNames ) || in_array( $breq, $parametersValues ) ) ) && isset( $this->_options[$breqOptionsValue] ) ) { $urlParams[$breq] = $breq . '=' . $this->_options[$breqOptionsValue]; } } $url = $baseUrl; for ( $i = 0, $n = count( $requestNames ); $i < $n; $i++ ) { $urlParams[$requestNames[$i]] = $requestNames[$i] . '=' . $requestValues[$i]; // other parameters = paramvalues added below } $url = $baseUrl . implode( '&', $urlParams ); } else { $url = "#action_not_defined:" . $actionName; } } else { $url = $cbUri; } if ( ! cbStartOfStringMatch( $url, 'javascript:' ) ) { // get the parameters of action/link from XML : $parametersNames = explode( ' ', $sourceElem->attributes( 'parameters' ) ); $parametersValues = explode( ' ', $sourceElem->attributes( 'paramvalues' ) ); $parametersValuesTypes = explode( ' ', $sourceElem->attributes( 'paramvaluestypes' ) ); // add currently activated filters to the parameters: if ( count( $this->_filters ) > 0 ) { foreach ( $this->_filters as $k => $v ) { $filterName = $this->fieldName( $k ); if ( ( $v['value'] != $v['default'] ) && ( ! in_array( $filterName, $parametersNames ) ) ) { $parametersNames[] = $filterName; $parametersValues[] = "'" . $v['value'] . "'"; //TBD: check this. } } } // add current search string, if any: $searchName = $this->fieldName( 'search' ); $searchValue = $this->fieldValue( 'search' ); if ( $searchValue && ( ! in_array( $searchName, $parametersNames ) ) ) { $parametersNames[] = $searchName; $parametersValues[] = "'" . $searchValue . "'"; } // generate current action (and parameters ?) as cbprevstate $cbprevstate = array(); foreach ( $this->_options as $req => $act ) { if ( $req && $act && ! in_array( $req, array( 'cbprevstate' ) ) ) { $cbprevstate[] = $req . '=' . $act; } } $parametersNames[] = 'cbprevstate'; $parametersValues[] = "'" . base64_encode( implode( '&', $cbprevstate ) ) . "'"; // finally generate URL: for ( $i = 0, $n = count( $parametersNames ); $i < $n; $i++ ) { $nameOfVariable = $parametersValues[$i]; if ( $nameOfVariable ) { if ( isset( $parametersValuesTypes[$i] ) && $parametersValuesTypes[$i] ) { if ( $parametersValuesTypes[$i] == 'sql:field' ) { $nameOfVariable = $data->$nameOfVariable; } else { // $nameOfVariable untouched } } elseif ( ( substr( $nameOfVariable, 0, 1 ) == "'" ) && ( substr( $nameOfVariable, -1 ) == "'" ) ) { $nameOfVariable = substr( $nameOfVariable, 1, -1 ); } else { $nameOfVariable = $data->$nameOfVariable; } $url .= '&' . $parametersNames[$i] . '=' . urlencode( $nameOfVariable ); } } if ( $ui == 2 ) { $url = $_CB_framework->backendUrl( $url, $htmlspecialchars, ( $inPage ? 'html' : 'component' ) ); } else { $url = cbSef( $url, $htmlspecialchars, ( $inPage ? 'html' : 'component' ) ); } } elseif ( $htmlspecialchars ) { $url = htmlspecialchars( $url ); } return $url; }
/** * Checks that plugin is properly installed and sets, if returned true: * $this->i_elementdir To the directory of the plugin (with final / ) * $this->i_xmldocument To a SimpleXMLElement of the XML file * * @param int $pluginId * @param string $option * @param string $action * @return boolean */ function checkPluginGetXml($pluginId, $option, $action = 'Uninstall') { global $_CB_framework; $row = new PluginTable(); try { $loadResult = $row->load((int) $pluginId); } catch (\RuntimeException $e) { self::renderInstallMessage($e->getMessage(), $action . ' - error', $this->returnTo($option, 'showPlugins')); return false; } if (!$loadResult) { self::renderInstallMessage('Invalid plugin id', $action . ' - error', $this->returnTo($option, 'showPlugins')); return false; } if (trim($row->folder) == '') { self::renderInstallMessage('Folder field empty, cannot remove files', $action . ' - error', $this->returnTo($option, 'showPlugins')); return false; } if ($row->iscore) { self::renderInstallMessage($row->name . ' ' . "is a core element, and cannot be uninstalled.<br />You need to unpublish it if you don't want to use it", 'Uninstall - error', $this->returnTo($option, 'showPlugins')); return false; } if (trim($row->folder) == '') { return 'Folder field empty'; } elseif (cbStartOfStringMatch($row->folder, '/')) { $this->elementDir($_CB_framework->getCfg('absolute_path') . $row->folder . '/'); } else { $this->elementDir($_CB_framework->getCfg('absolute_path') . '/components/com_comprofiler/plugin/' . $row->type . '/' . $row->folder . '/'); } $this->installFilename($this->elementDir() . $row->element . '.xml'); if (!(file_exists($this->i_installfilename) && is_readable($this->i_installfilename))) { self::renderInstallMessage($row->name . ' ' . "has no readable xml file " . $this->i_installfilename . ", and might not be uninstalled completely.", $action . ' - warning', $this->returnTo($option, 'showPlugins')); } // see if there is an xml install file, must be same name as element if (file_exists($this->i_installfilename) && is_readable($this->i_installfilename)) { $this->i_xmldocument = new SimpleXMLElement(trim(file_get_contents($this->i_installfilename))); } else { $this->i_xmldocument = null; } return true; }
/** * Writes the common $action icon for the button bar * @param string url link * @param string action (for displaying correct icon)) * @param string An override for the alt text */ public static function linkAction($action = 'new', $link = '', $alt = 'New') { if (cbStartOfStringMatch($link, 'javascript:')) { $href = '#'; $onClickJs = substr($link, 11); } else { $href = $link; $onClickJs = null; } echo CBtoolmenuBar::_output($onClickJs, $action, $alt, $href); // CBTxt::T("....") done in _output }
/** * Returns URL of logo image to pass to paypal for checkout page * * @return string */ private function getImageUrl( ) { global $_CB_framework; $image_url = trim( $this->getAccountParam( 'paypal_regLogoImage' ) ); if ( $image_url && ! cbStartOfStringMatch( $image_url, 'http' ) ) { $image_url = $_CB_framework->getCfg( 'live_site' ) . '/' . $image_url; } return $image_url; }
function saveField( $option, $task ) { global $_CB_database, $_CB_framework, $_POST, $_PLUGINS; if ( ( $task == 'showField' ) || ! ( isset( $_POST['oldtabid'] ) && isset( $_POST['tabid'] ) && isset( $_POST['fieldid'] ) ) ) { cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=$task" ) ); return; } $this->_importNeeded(); $this->_importNeededSave(); $fid = (int) $_POST['fieldid']; $row = new moscomprofilerFields( $_CB_database ); if ( $fid ) { // load the row from the db table if ( ! $row->load( (int) $fid ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Innexistant field') ) . "'); window.history.go(-1);</script>\n"; exit; } $fieldTab = new moscomprofilerTabs( $_CB_database ); // load the row from the db table $fieldTab->load( (int) $row->tabid ); if ( ! in_array( $fieldTab->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) ."'); window.history.go(-1);</script>\n"; exit; } } $_PLUGINS->loadPluginGroup( 'user' ); if ( ! $this->_prov_bind_CB_field( $row, $fid ) ) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit(); } // in case the above changed perms.... really ? $fieldTab = new moscomprofilerTabs( $_CB_database ); $fieldTab->load( (int) $row->tabid ); if ( ! in_array( $fieldTab->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) . "'); window.history.go(-1);</script>\n"; exit; } if ($row->type == 'webaddress') { $row->rows = $_POST['webaddresstypes']; if ( !(($row->rows == 0) || ($row->rows == 2)) ) { $row->rows = 0; } } if ( $_POST['oldtabid'] != $_POST['tabid'] ) { if ( $_POST['oldtabid'] !== '' ) { //Re-order old tab $sql = "UPDATE #__comprofiler_fields SET ordering = ordering-1 WHERE ordering > ".(int) $_POST['ordering']." AND tabid = ".(int) $_POST['oldtabid']; $_CB_database->setQuery($sql); $_CB_database->query(); } //Select Last Order in New Tab $sql = "SELECT MAX(ordering) FROM #__comprofiler_fields WHERE tabid=".(int) $_POST['tabid']; $_CB_database->SetQuery($sql); $max = $_CB_database->LoadResult(); $row->ordering = max( $max + 1, 1 ); } if ( cbStartOfStringMatch( $row->name, 'cb_' ) ) { $row->name = str_replace(" ", "", strtolower($row->name)); } if ( ! $row->check() ) { echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n"; exit(); } if ( ! $row->store( (int) $fid ) ) { echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n"; exit(); } $fieldNames = $_POST['vNames']; $j = 1; if( $row->fieldid > 0 ) { $_CB_database->setQuery( "DELETE FROM #__comprofiler_field_values" . " WHERE fieldid = " . (int) $row->fieldid ); if( $_CB_database->query() === false ) { echo $_CB_database->getErrorMsg(); } } else { $_CB_database->setQuery( "SELECT MAX(fieldid) FROM #__comprofiler_fields"); $maxID = $_CB_database->loadResult(); $row->fieldid = $maxID; echo $_CB_database->getErrorMsg(); } //for($i=0, $n=count( $fieldNames ); $i < $n; $i++) { foreach ($fieldNames as $fieldName) { if(trim($fieldName)!=null || trim($fieldName)!='') { $_CB_database->setQuery( "INSERT INTO #__comprofiler_field_values (fieldid,fieldtitle,ordering)" . " VALUES( " . (int) $row->fieldid . ",'".cbGetEscaped(trim($fieldName))."', " . (int) $j . ")" ); if ( $_CB_database->query() === false ) { echo $_CB_database->getErrorMsg(); } $j++; } } switch ( $task ) { case 'applyField': $msg = CBTxt::T('Successfully Saved changes to Field') . ': '. $row->name; cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=editField&cid=$row->fieldid" ), $msg ); break; case 'saveField': default: $msg = CBTxt::T('Successfully Saved Field') . ': '. $row->name; cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showField" ), $msg ); break; } }
* @subpackage Template for Paid Subscriptions * @copyright (C) 2007-2014 and Trademark of Lightning MultiCom SA, Switzerland - www.joomlapolis.com - and its licensors, all rights reserved * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU/GPL version 2 */ /** ensure this file is being included by a parent file */ if ( ! ( defined( '_VALID_CB' ) || defined( '_JEXEC' ) || defined( '_VALID_MOS' ) ) ) { die( 'Direct Access to this location is not allowed.' ); } $tmplVersion = 1; // This is the template version that needs to match $cssId = 'paym' . $this->radioValue; $images = array(); foreach ( $this->cardtypes as $cardtype ) { if ( $cardtype[0] == '/' ) { $url = cbpaidApp::getLiveSiteFilePath( substr( $cardtype, 1 ) ); } elseif ( cbStartOfStringMatch( $cardtype, 'http' ) ) { $url = $cardtype; } else { $url = $this->getMediaUrl( 'icons/cards/cc_' . $cardtype . '.png' ); if ( $url == null ) { $url = cbpaidApp::getLiveSiteFilePath( 'icons/cards/cc_' . $cardtype . '.gif' ); } } if ( $url ) { $images[$cardtype] = $url; } } $cssClass = 'cbregCCselInput'; if ( $this->payNameForCssClass ) { $cssClass .= ' ' . $this->payNameForCssClass;
function logout() { global $_CB_framework, $_POST, $_PLUGINS; $return = trim(stripslashes(cbGetParam($_POST, 'return', null))); if (cbStartOfStringMatch($return, 'B:')) { $return = base64_decode(substr($return, 2)); $arrToClean = array('B' => get_magic_quotes_gpc() ? addslashes($return) : $return); $return = cbGetParam($arrToClean, 'B', ''); } $message = trim(cbGetParam($_POST, 'message', 0)); if ($return || $message) { $spoofCheckOk = false; if (cbSpoofCheck('logout', 'POST', 2)) { $spoofCheckOk = true; } if (!$spoofCheckOk) { $_CB_framework->enqueueMessage(CBTxt::Th('UE_SESSION_EXPIRED', 'Session expired or cookies are not enabled in your browser. Please press "reload page" in your browser, and enable cookies in your browser.') . ' ' . CBTxt::Th('UE_PLEASE_REFRESH', 'Please refresh/reload page before filling-in.'), 'error'); return; } } $_PLUGINS->loadPluginGroup('user'); // Do the logout including all authentications and event firing: cbimport('cb.authentication'); $cbAuthenticate = new CBAuthentication(); $resultError = $cbAuthenticate->logout($return); if ($resultError) { $resultError = $_PLUGINS->getErrorMSG(); $_PLUGINS->trigger('onAfterUserLogoutFailed', array(&$resultError)); $_CB_framework->enqueueMessage($resultError); return; } $messageToUser = stripslashes(CBTxt::Th('LOGOUT_SUCCESS', 'You have successfully logged out')); $_PLUGINS->trigger('onAfterUserLogoutSuccess', array(&$return, &$message, &$messageToUser)); cbRedirect(cbSef($return ? $return : 'index.php', false), $message ? $messageToUser : ''); }
/** * Treats a <filter> node and its children <data> nodes * * @param SimpleXmlElement $filter * @param array $filterValuesArray for reverse traversals and columns of type sql:formula: ( 'name' => colName (must match), 'internalvalue' => colValue (value to compare in where) ) * @param string $valueType * @return void */ public function process_filter($filter, $filterValuesArray, $valueType) { if (!$filter) { return; } // Process the filter data: $data = $filter->getElementByPath('data'); if ($data) { $where = $data->getElementByPath('where'); if ($where) { if (cbStartOfStringMatch($valueType, 'xml:')) { // this is a quick fix to make the baskets plan filter still work, as it's very different $saveReverse = $this->setReverse(true); $this->process_where($where, $filterValuesArray); $this->setReverse($saveReverse); return; } } // Only parse data for joins if it hasn't been processed yet: if ($data->attributes('dataprocessed') != 'true') { // Process the joins to ensure fields array is correct: $this->_addGetJoinAs($data); // Check if the data has a join that needs to be a part of the count: $this->processJoinsNeededForCount(array($data->attributes('name') => null)); // Ensure this datas join is inner and not left: $this->_changeJoinType($data->attributes('name')); } } // Process a single filter: if (!is_array($filterValuesArray['valuefield'])) { $saveAs = $this->_currentTableAs; if (isset($this->fieldsArray[$filterValuesArray['valuefield']])) { if (preg_match('/^[a-z]\\./i', $this->fieldsArray[$filterValuesArray['valuefield']])) { $this->_currentTableAs = substr($this->fieldsArray[$filterValuesArray['valuefield']], 0, 1); } else { $this->_currentTableAs = null; } } elseif (isset($this->leftJoinedFieldsTable[$filterValuesArray['valuefield']])) { // Field has already been joined; lets use its tableAs: $this->_currentTableAs = $this->leftJoinedFieldsTable[$filterValuesArray['valuefield']]; } $this->addWhere($filterValuesArray['valuefield'], $filterValuesArray['operator'], $filterValuesArray['internalvalue'], $valueType); $this->_currentTableAs = $saveAs; return; } // Process a repeat filter: for ($i = 0, $n = count($filterValuesArray['valuefield']); $i < $n; $i++) { $saveAs = $this->_currentTableAs; $this->_currentTableAs = $this->findTableAs($filterValuesArray['table'], $filterValuesArray['table_key'], 'id', 'sql:field', 'sql:field'); if ($this->_currentTableAs !== false) { $this->addWhere($filterValuesArray['valuefield'][$i], $filterValuesArray['operator'][$i], $filterValuesArray['internalvalue'][$i], 'const:string'); } $this->_currentTableAs = $saveAs; } }
/** * Checks that plugin is properly installed and sets, if returned true: * $this->i_elementdir To the directory of the plugin (with final / ) * $this->i_xmldocument To a CBSimpleXMLElement of the XML file * * @param int $id * @param string $option * @param int $client * @param string $action * @return boolean */ function checkPluginGetXml($id, $option, $client = 0, $action = 'Uninstall') { global $_CB_database, $_CB_framework; $_CB_database->setQuery("SELECT `name`, `folder`, `element`, `type`, `iscore` FROM #__comprofiler_plugin WHERE `id` = " . (int) $id); $row = null; $_CB_database->loadObject($row); if ($_CB_database->getErrorNum()) { HTML_comprofiler::showInstallMessage($_CB_database->stderr(), $action . ' - error', $this->returnTo($option, 'showPlugins')); return false; } if ($row == null) { HTML_comprofiler::showInstallMessage('Invalid object id', $action . ' - error', $this->returnTo($option, 'showPlugins')); return false; } if (trim($row->folder) == '') { HTML_comprofiler::showInstallMessage('Folder field empty, cannot remove files', $action . ' - error', $this->returnTo($option, 'showPlugins')); return false; } if ($row->iscore) { HTML_comprofiler::showInstallMessage($row->name . ' ' . "is a core element, and cannot be uninstalled.<br />You need to unpublish it if you don't want to use it", 'Uninstall - error', $this->returnTo($option, 'showPlugins')); return false; } if (trim($row->folder) == '') { return 'Folder field empty'; } elseif (cbStartOfStringMatch($row->folder, '/')) { $this->elementDir($_CB_framework->getCfg('absolute_path') . $row->folder . '/'); } else { $this->elementDir($_CB_framework->getCfg('absolute_path') . '/components/com_comprofiler/plugin/' . $row->type . '/' . $row->folder . '/'); } $this->installFilename($this->elementDir() . $row->element . '.xml'); if (!(file_exists($this->i_installfilename) && is_readable($this->i_installfilename))) { HTML_comprofiler::showInstallMessage($row->name . ' ' . "has no readable xml file " . $this->i_installfilename . ", and might not be uninstalled completely.", $action . ' - warning', $this->returnTo($option, 'showPlugins')); } // see if there is an xml install file, must be same name as element if (file_exists($this->i_installfilename) && is_readable($this->i_installfilename)) { cbimport('cb.xml.simplexml'); $this->i_xmldocument = new CBSimpleXMLElement(trim(file_get_contents($this->i_installfilename))); } else { $this->i_xmldocument = null; } return true; }
/** * Logouts on host CMS using any allowed authentication methods * * @param string $return IN&OUT: IN: suggested URL for redirect, OUT: needed URL for redirect (unsefed) * @return string null or HTML-clean error to display */ function logout( $return ) { global $_POST, $_CB_framework, $_CB_database, $_PLUGINS; $myId = (int) $_CB_framework->myId(); if ( $myId ) { $myCbUser =& CBuser::getInstance( $myId ); if ( $myCbUser !== null ) { $myUser =& $myCbUser->getUserData(); $_PLUGINS->loadPluginGroup('user'); $_PLUGINS->trigger( 'onBeforeLogout', array( $myUser ) ); if($_PLUGINS->is_errors()) { return $_PLUGINS->getErrorMSG(); } $loggedOut = false; $_PLUGINS->trigger( 'onDoLogoutNow', array( &$loggedOut, &$myUser, &$return ) ); if ( ! $loggedOut ) { $_CB_framework->logout(); } $_PLUGINS->trigger( 'onAfterLogout', array( $myUser, true ) ); } } if ( ! ( ( cbStartOfStringMatch( $return, $_CB_framework->getCfg( 'live_site' ) ) || cbStartOfStringMatch( $return, 'index.php' ) ) ) ) { $return = null; } elseif ( strpos( $return, 'comprofiler' /* 'com_comprofiler' */ ) && ( strpos( $return, 'login') || strpos( $return, 'logout') || strpos( $return, 'registers' ) || strpos( strtolower( $return ), 'lostpassword' ) ) ) { // checks for the presence of a return url // and ensures that this url is not the registration or login pages $return = null; } return null; }
/** * Renders price of basket * * @param float $amount * @param string $period private validity string (U:)datetime * @param int $occurrences * @param boolean $html * @return string HTML or text of basket's price */ public function renderPrice( $amount = null, $period = null, $occurrences = null, $html = true ) { if ( $amount === null ) { $amount = $this->mc_gross; } $cbpaidMoney =& cbpaidMoney::getInstance(); $cbpaidTimes =& cbpaidTimes::getInstance(); $text = $cbpaidMoney->renderPrice( $amount, $this->mc_currency, $html, false ); if ( $period ) { if ( cbStartOfStringMatch( $period, 'U:' ) ) { $period = substr( $period, 2 ); $prefix = CBPTXT::T("calendar"); } else { $prefix = ''; } $text .= ' ' . CBPTXT::T("per") . ' ' . $cbpaidTimes->renderPeriod( $period, 1 , false, $prefix ); if ( $occurrences ) { $text .= ' ' . sprintf( CBPTXT::T("in %d other installments for a total of %s."), $occurrences, $cbpaidTimes->renderPeriod( $period, $occurrences ) //TBD: check for ->period3 ????? //FIXME ); } } return $text; }
/** * displays "help" toolbar button * * @param string $ref * @param string $option * @param bool $com */ static function help($ref, $option = 'com_comprofiler', $com = false) { global $_CB_framework; if (cbStartOfStringMatch($ref, 'http')) { $url = $ref; } else { $liveSite = $_CB_framework->getCfg('live_site'); $rootpath = $_CB_framework->getCfg('absolute_path'); if (substr($option, 0, 4) != 'com_') { $option = "com_{$option}"; } $component = substr($option, 4); if ($com) { $url = '/administrator/components/' . $option . '/help/'; } else { $url = '/help/'; } $ref = $component . '.' . $ref . '.html'; $url .= $ref; if (!file_exists($rootpath . '/help/' . $ref)) { return; } $url = $liveSite . $url; } $onClickJs = "window.open( '{$url}', 'mambo_help_win', 'status=no,toolbar=no,scrollbars=yes,titlebar=no,menubar=no,resizable=yes,width=1024,height=640,directories=no,location=no' );"; if (checkJversion('3.0+')) { JToolbarHelper::help('help', false, $url); } else { CBtoolmenuBar::_output($onClickJs, 'help', 'Help'); } }
function checkcbdb($dbId = 0) { global $_CB_database, $_CB_framework, $ueConfig, $_PLUGINS; // Try extending time, as unziping/ftping took already quite some... : @set_time_limit(240); _CBsecureAboveForm('checkcbdb'); outputCbTemplate(2); outputCbJs(2); global $_CB_Backend_Title; $_CB_Backend_Title = array(0 => array('fa fa-wrench', CBTxt::T('CB Tools: Check database: Results'))); $cbSpoofField = cbSpoofField(); $cbSpoofString = cbSpoofString(null, 'plugin'); $version = $_CB_database->getVersion(); $version = substr($version, 0, strpos($version, '-')); if ($dbId == 0) { echo '<div class="text-left"><div class="form-group cb_form_line clearfix">' . CBTxt::T('Checking Community Builder Database') . ':</div>'; // 1. check comprofiler_field_values table for bad rows $sql = "SELECT fieldvalueid,fieldid FROM #__comprofiler_field_values WHERE fieldid=0"; $_CB_database->setQuery($sql); $bad_rows = $_CB_database->loadObjectList(); if ($_CB_database->getErrorNum()) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('ERROR: sql query: %s : returned error: %s'), htmlspecialchars($sql), stripslashes($_CB_database->getErrorMsg())) . '</div>'; } elseif (count($bad_rows) != 0) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('Warning: %s entries in Community Builder comprofiler_field_values have bad fieldid values.'), count($bad_rows)) . '</div>'; foreach ($bad_rows as $bad_row) { if ($bad_row->fieldvalueid == 0) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('ZERO fieldvalueid illegal: fieldvalueid=%s fieldid=0'), $bad_row->fieldvalueid) . '</div>'; } else { echo '"<div class="form-group cb_form_line clearfix text-danger">fieldvalueid="' . $bad_row->fieldvalueid . " fieldid=0</div>"; } } echo '<div class="form-group cb_form_line clearfix text-danger">' . CBTxt::T('This one can be fixed by <strong>first backing up database</strong>') . ' <a href="' . $_CB_framework->backendUrl("index.php?option=com_comprofiler&view=fixcbmiscdb&{$cbSpoofField}={$cbSpoofString}") . '"> ' . CBTxt::T('then by clicking here') . '</a>.</div>'; } else { echo '<div class="form-group cb_form_line clearfix text-success">' . CBTxt::T('All Community Builder comprofiler_field_values table fieldid rows all match existing fields.') . '</div>'; } // 2. check if comprofiler_field_values table has entries where corresponding fieldtype value in comprofiler_fields table // does not allow values $sql = "SELECT v.fieldvalueid, v.fieldid, f.name, f.type FROM #__comprofiler_field_values as v, #__comprofiler_fields as f WHERE v.fieldid = f.fieldid AND f.type NOT IN ('checkbox','multicheckbox','select','multiselect','radio')"; $_CB_database->setQuery($sql); $bad_rows = $_CB_database->loadObjectList(); if ($_CB_database->getErrorNum()) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('ERROR: sql query: %s : returned error: %s'), htmlspecialchars($sql), stripslashes($_CB_database->getErrorMsg())) . '</div>'; } elseif (count($bad_rows) != 0) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('Warning: %s entries in Community Builder comprofiler_field_values link back to fields of wrong fieldtype.'), count($bad_rows)) . '</div>'; foreach ($bad_rows as $bad_row) { echo '<div class="form-group cb_form_line clearfix text-danger">fieldvalueid=' . $bad_row->fieldvalueid . ' fieldtype=' . $bad_row->type . '</div>'; } echo '<div class="form-group cb_form_line clearfix text-danger">' . CBTxt::T('This one can be fixed in SQL using a tool like phpMyAdmin.') . '</div>'; // not done automatically since some fields might have field values ! echo '<p><font color=red>This one can be fixed by <strong>first backing up database</strong> then <a href="' . $_CB_framework->backendUrl( "index.php?option=com_comprofiler&task=fixcbmiscdb&$cbSpoofField=$cbSpoofString" ) . '">by clicking here</a>.</font></p>'; } else { echo '<div class="form-group cb_form_line clearfix text-success">' . CBTxt::T('All Community Builder comprofiler_field_values table rows link to correct fieldtype fields in comprofiler_field table.') . '</div>'; } // 5. check if all cb defined fields have corresponding comprofiler columns $sql = "SELECT * FROM #__comprofiler"; $_CB_database->setQuery($sql, 0, 1); $all_comprofiler_fields_and_values = $_CB_database->loadAssoc(); $all_comprofiler_fields = array(); if ($all_comprofiler_fields_and_values === null) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('ERROR: sql query: %s : returned error: %s'), htmlspecialchars($sql), stripslashes($_CB_database->getErrorMsg())) . '</div>'; } elseif (is_array($all_comprofiler_fields_and_values)) { while (false != (list($_cbfield) = each($all_comprofiler_fields_and_values))) { array_push($all_comprofiler_fields, $_cbfield); } } $sql = "SELECT * FROM #__comprofiler_fields WHERE `name` != 'NA' AND `table` = '#__comprofiler'"; $_CB_database->setQuery($sql); $field_rows = $_CB_database->loadObjectList(null, '\\CB\\Database\\Table\\FieldTable', array(&$_CB_database)); if ($_CB_database->getErrorNum()) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('ERROR: sql query: %s : returned error: %s'), htmlspecialchars($sql), stripslashes($_CB_database->getErrorMsg())) . '</div>'; } else { $html_output = array(); $cb11 = true; foreach ($field_rows as $field_row) { if ($field_row->tablecolumns !== null) { // CB 1.2 way: if ($field_row->tablecolumns != '') { $tableColumns = explode(',', $field_row->tablecolumns); foreach ($tableColumns as $col) { if (!in_array($col, $all_comprofiler_fields)) { $html_output[] = '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T(' - Field %s - Column %s is missing from comprofiler table.'), $field_row->name, $col) . '</div>'; } } } $cb11 = false; } else { // cb 1.1 way if (!in_array($field_row->name, $all_comprofiler_fields)) { $html_output[] = '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T(' - Column %s is missing from comprofiler table.'), $field_row->name) . '</div>'; } } } if (count($html_output) > 0) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('There are %s column(s) missing in the comprofiler table, which are defined as fields (rows in comprofiler_fields):'), count($html_output)) . '</div>'; echo implode('', $html_output); echo '<div class="form-group cb_form_line clearfix text-danger">' . CBTxt::T('This one can be fixed by deleting and recreating the field(s) using components / Community Builder / Field Management.') . '<br />' . CBTxt::T('Please additionally make sure that columns in comprofiler table <strong>are not also duplicated in users table</strong>.') . '</div>'; } elseif ($cb11) { echo '<div class="form-group cb_form_line clearfix text-danger">' . CBTxt::T('All Community Builder fields from comprofiler_fields are present as columns in the comprofiler table, but comprofiler_fields table is not yet upgraded to CB 1.2 table structure. Just going to Community Builder Fields Management will fix this automatically.') . '</div>'; } else { echo '<div class="form-group cb_form_line clearfix text-success">' . CBTxt::T('All Community Builder fields from comprofiler_fields are present as columns in the comprofiler table.') . '</div>'; } } // 9. Check if images/comprofiler is writable: $folder = 'images/comprofiler/'; echo '<div class="form-group cb_form_line clearfix">' . CBTxt::T('Checking Community Builder folders:') . '</div>'; if (!is_writable($_CB_framework->getCfg('absolute_path') . '/' . $folder)) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('Avatars and thumbnails folder: %s/%s is NOT writeable by the webserver.'), $_CB_framework->getCfg('absolute_path'), $folder) . ' </div>'; } else { echo '<div class="form-group cb_form_line clearfix text-success">' . CBTxt::T('Avatars and thumbnails folder is Writeable.') . '</div>'; } // 10. check if depreciated core plugins are still core plugins $sql = "SELECT `name`, `id` FROM `#__comprofiler_plugin` WHERE `element` IN ( 'winclassic', 'webfx', 'osx', 'luna', 'dark', 'yanc', 'cb.mamblogtab', 'cb.simpleboardtab', 'cb.authortab' ) AND `iscore` = 1"; $_CB_database->setQuery($sql); $bad_rows = $_CB_database->loadObjectList(); if ($_CB_database->getErrorNum()) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('ERROR: sql query: %s : returned error: %s'), htmlspecialchars($sql), stripslashes($_CB_database->getErrorMsg())) . '</div>'; } elseif (count($bad_rows) != 0) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('Warning: %s entries in Community Builder _comprofiler_plugin have bad iscore values.'), count($bad_rows)) . '</div>'; foreach ($bad_rows as $bad_row) { echo '<div class="form-group cb_form_line clearfix text-danger">plugin=' . $bad_row->name . ' pluginid=' . $bad_row->id . '</div>'; } echo '<div class="form-group cb_form_line clearfix text-danger">' . CBTxt::T('This one can be fixed by <strong>first backing up database</strong>') . ' <a href="' . $_CB_framework->backendUrl("index.php?option=com_comprofiler&view=fixcbdeprecdb&{$cbSpoofField}={$cbSpoofString}") . '"> ' . CBTxt::T('then by clicking here') . '</a>.</div>'; } else { echo '<div class="form-group cb_form_line clearfix text-success">' . CBTxt::T('All Community Builder _comprofiler_plugin table iscore values are correct.') . '</div>'; } // 11. check if depreciated core tabs are still system tabs $sql = "SELECT `title`, `tabid` FROM `#__comprofiler_tabs` WHERE `pluginclass` IN ( 'getNewslettersTab', 'getBlogTab', 'getForumTab', 'getAuthorTab' ) AND `sys` = 1"; $_CB_database->setQuery($sql); $bad_rows = $_CB_database->loadObjectList(); if ($_CB_database->getErrorNum()) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('ERROR: sql query: %s : returned error: %s'), htmlspecialchars($sql), stripslashes($_CB_database->getErrorMsg())) . '</div>'; } elseif (count($bad_rows) != 0) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('Warning: %s entries in Community Builder _comprofiler_tabs have bad sys values.'), count($bad_rows)) . '</div>'; foreach ($bad_rows as $bad_row) { echo '<div class="form-group cb_form_line clearfix text-danger">tab=' . $bad_row->title . ' tabid=' . $bad_row->tabid . '</div>'; } echo '<div class="form-group cb_form_line clearfix text-danger">' . CBTxt::T('This one can be fixed by <strong>first backing up database</strong>') . ' <a href="' . $_CB_framework->backendUrl("index.php?option=com_comprofiler&view=fixcbdeprecdb&{$cbSpoofField}={$cbSpoofString}") . '"> ' . CBTxt::T('then by clicking here') . '</a>.</div>'; } else { echo '<div class="form-group cb_form_line clearfix text-success">' . CBTxt::T('All Community Builder _comprofiler_tabs table sys values are correct.') . '</div>'; } // 12. check if depreciated core fields are still system fields $sql = "SELECT `title`, `fieldid` FROM `#__comprofiler_fields` WHERE `type` IN ( 'forumstats', 'forumsettings' ) AND `sys` = 1"; $_CB_database->setQuery($sql); $bad_rows = $_CB_database->loadObjectList(); if ($_CB_database->getErrorNum()) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('ERROR: sql query: %s : returned error: %s'), htmlspecialchars($sql), stripslashes($_CB_database->getErrorMsg())) . '</div>'; } elseif (count($bad_rows) != 0) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('Warning: %s entries in Community Builder _comprofiler_fields have bad sys values.'), count($bad_rows)) . '</div>'; foreach ($bad_rows as $bad_row) { echo '<div class="form-group cb_form_line clearfix text-danger">field=' . $bad_row->title . ' fieldid=' . $bad_row->fieldid . '</div>'; } echo '<div class="form-group cb_form_line clearfix text-danger">' . CBTxt::T('This one can be fixed by <strong>first backing up database</strong>') . ' <a href="' . $_CB_framework->backendUrl("index.php?option=com_comprofiler&view=fixcbdeprecdb&{$cbSpoofField}={$cbSpoofString}") . '"> ' . CBTxt::T('then by clicking here') . '</a>.</div>'; } else { echo '<div class="form-group cb_form_line clearfix text-success">' . CBTxt::T('All Community Builder _comprofiler_fields table sys values are correct.') . '</div>'; } // 13. check if new core plugins are core $sql = "SELECT `name`, `id` FROM `#__comprofiler_plugin` WHERE `element` IN ( 'cbarticles', 'cbforums', 'cbblogs' ) AND `iscore` != 1"; $_CB_database->setQuery($sql); $bad_rows = $_CB_database->loadObjectList(); if ($_CB_database->getErrorNum()) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('ERROR: sql query: %s : returned error: %s'), htmlspecialchars($sql), stripslashes($_CB_database->getErrorMsg())) . '</div>'; } elseif (count($bad_rows) != 0) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('Warning: %s entries in Community Builder _comprofiler_plugin have bad iscore values.'), count($bad_rows)) . '</div>'; foreach ($bad_rows as $bad_row) { echo '<div class="form-group cb_form_line clearfix text-danger">plugin=' . $bad_row->name . ' pluginid=' . $bad_row->id . '</div>'; } echo '<div class="form-group cb_form_line clearfix text-danger">' . CBTxt::T('This one can be fixed by <strong>first backing up database</strong>') . ' <a href="' . $_CB_framework->backendUrl("index.php?option=com_comprofiler&view=fixcbdeprecdb&{$cbSpoofField}={$cbSpoofString}") . '"> ' . CBTxt::T('then by clicking here') . '</a>.</div>'; } else { echo '<div class="form-group cb_form_line clearfix text-success">' . CBTxt::T('All Community Builder _comprofiler_plugin table iscore values are correct.') . '</div>'; } // 13. check if new core tabs are core $sql = "SELECT `title`, `tabid` FROM `#__comprofiler_tabs` WHERE `pluginclass` IN ( 'cbarticlesTab', 'cbforumsTab', 'cbblogsTab' ) AND `sys` != 1"; $_CB_database->setQuery($sql); $bad_rows = $_CB_database->loadObjectList(); if ($_CB_database->getErrorNum()) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('ERROR: sql query: %s : returned error: %s'), htmlspecialchars($sql), stripslashes($_CB_database->getErrorMsg())) . '</div>'; } elseif (count($bad_rows) != 0) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('Warning: %s entries in Community Builder _comprofiler_tabs have bad sys values.'), count($bad_rows)) . '</div>'; foreach ($bad_rows as $bad_row) { echo '<div class="form-group cb_form_line clearfix text-danger">plugin=' . $bad_row->name . ' pluginid=' . $bad_row->id . '</div>'; } echo '<div class="form-group cb_form_line clearfix text-danger">' . CBTxt::T('This one can be fixed by <strong>first backing up database</strong>') . ' <a href="' . $_CB_framework->backendUrl("index.php?option=com_comprofiler&view=fixcbdeprecdb&{$cbSpoofField}={$cbSpoofString}") . '"> ' . CBTxt::T('then by clicking here') . '</a>.</div>'; } else { echo '<div class="form-group cb_form_line clearfix text-success">' . CBTxt::T('All Community Builder _comprofiler_tabs table sys values are correct.') . '</div>'; } // 14. check if there are duplicate plugins $sql = 'SELECT p1.' . $_CB_database->NameQuote('name') . ', p1.' . $_CB_database->NameQuote('id') . "\n FROM " . $_CB_database->NameQuote('#__comprofiler_plugin') . " AS p1" . "\n INNER JOIN " . $_CB_database->NameQuote('#__comprofiler_plugin') . " AS p2" . "\n WHERE p1." . $_CB_database->NameQuote('id') . " > p2." . $_CB_database->NameQuote('id') . "\n AND p1." . $_CB_database->NameQuote('element') . " = p2." . $_CB_database->NameQuote('element'); $_CB_database->setQuery($sql); $bad_rows = $_CB_database->loadObjectList(); if ($_CB_database->getErrorNum()) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('ERROR: sql query: %s : returned error: %s'), htmlspecialchars($sql), stripslashes($_CB_database->getErrorMsg())) . '</div>'; } elseif (count($bad_rows) != 0) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('Warning: %s entries in Community Builder __comprofiler_plugin are duplicates.'), count($bad_rows)) . '</div>'; foreach ($bad_rows as $bad_row) { echo '<div class="form-group cb_form_line clearfix text-danger">plugin=' . $bad_row->name . ' pluginid=' . $bad_row->id . '</div>'; } echo '<div class="form-group cb_form_line clearfix text-danger">' . CBTxt::T('This one can be fixed by <strong>first backing up database</strong>') . ' <a href="' . $_CB_framework->backendUrl("index.php?option=com_comprofiler&view=fixcbmiscdb&{$cbSpoofField}={$cbSpoofString}") . '"> ' . CBTxt::T('then by clicking here') . '</a>.</div>'; } else { echo '<div class="form-group cb_form_line clearfix text-success">' . CBTxt::T('All Community Builder __comprofiler_plugin table rows are unique.') . '</div>'; } cbimport('cb.dbchecker'); $dbChecker = new CBDatabaseChecker(); $result = $dbChecker->checkCBMandatoryDb(false); $dbName = CBTxt::T('Core CB mandatory basics'); $messagesAfter = array(); $messagesBefore = array(); CBDatabaseChecker::renderDatabaseResults($dbChecker, false, false, $result, $messagesBefore, $messagesAfter, $dbName, $dbId); $dbChecker = new CBDatabaseChecker(); $result = $dbChecker->checkDatabase(false); $_PLUGINS->loadPluginGroup('user'); $messagesAfter = $_PLUGINS->trigger('onAfterCheckCbDb', array(true)); $dbName = CBTxt::T('Core CB'); $messagesBefore = array(); CBDatabaseChecker::renderDatabaseResults($dbChecker, false, false, $result, $messagesBefore, $messagesAfter, $dbName, $dbId); echo '</div>'; // adapt published fields to global CB config (regarding name type) _cbAdaptNameFieldsPublished($ueConfig); } elseif ($dbId == 1) { // Check plugins db: $dbName = CBTxt::T('CB plugin'); $messagesBefore = array(); $messagesAfter = array(); $result = true; cbimport('cb.installer'); $sql = 'SELECT `id`, `name` FROM `#__comprofiler_plugin` ORDER BY `ordering`'; $_CB_database->setQuery($sql); $plugins = $_CB_database->loadObjectList(); if (!$_CB_database->getErrorNum()) { $cbInstaller = new cbInstallerPlugin(); foreach ($plugins as $plug) { $result = $cbInstaller->checkDatabase($plug->id, false); if (is_bool($result)) { CBDatabaseChecker::renderDatabaseResults($cbInstaller, false, false, $result, $messagesBefore, $messagesAfter, $dbName . ' "' . $plug->name . '"', $dbId, false); } elseif (is_string($result)) { echo '<div class="form-group cb_form_line clearfix text-warning">' . $dbName . ' "' . $plug->name . '"' . ': ' . $result . '</div>'; } else { echo '<div class="form-group cb_form_line clearfix">' . sprintf(CBTxt::T('%s "%s": no database or no database description.'), $dbName, $plug->name) . '</div>'; } } } $dbName = CBTxt::T('CB plugins'); $null = null; CBDatabaseChecker::renderDatabaseResults($null, false, false, $result, array(), array(), $dbName, $dbId, true); } elseif ($dbId == 2) { echo '<div class="text-left"><div class="form-group cb_form_line clearfix">' . CBTxt::T('Checking Users Database') . ':</div>'; // 3. check if comprofiler table is in sync with users table $sql = "SELECT c.id FROM #__comprofiler c LEFT JOIN #__users u ON u.id = c.id WHERE u.id IS NULL"; $_CB_database->setQuery($sql); $bad_rows = $_CB_database->loadObjectList(); if ($_CB_database->getErrorNum()) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('ERROR: sql query: %s : returned error: %s'), htmlspecialchars($sql), stripslashes($_CB_database->getErrorMsg())) . '</div>'; } elseif (count($bad_rows) != 0) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('Warning: %s entries in Community Builder comprofiler table without corresponding user table rows.'), count($bad_rows)) . '</div>'; $badids = array(); foreach ($bad_rows as $bad_row) { $badids[(int) $bad_row->id] = $bad_row->id; } echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('Following comprofiler id: %s are missing in user table'), implode(', ', $badids)) . (isset($badids[0]) ? " " . CBtxt::T('This comprofiler entry with id 0 should be removed, as it\'s not allowed.') : "") . '</div>'; echo '<div class="form-group cb_form_line clearfix text-danger">' . CBTxt::Th('This one can be fixed using menu Components / Community Builder / tools and then click "Synchronize users".') . '</div>'; } else { echo '<div class="form-group cb_form_line clearfix text-success">' . CBTxt::T('All Community Builder comprofiler table rows have links to user table.') . '</div>'; } // 4. check if users table is in sync with comprofiler table $sql = "SELECT u.id FROM #__users u LEFT JOIN #__comprofiler c ON c.id = u.id WHERE c.id IS NULL"; $_CB_database->setQuery($sql); $bad_rows = $_CB_database->loadObjectList(); if ($_CB_database->getErrorNum()) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('ERROR: sql query: %s : returned error: %s'), htmlspecialchars($sql), stripslashes($_CB_database->getErrorMsg())) . '</div>'; } elseif (count($bad_rows) != 0) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('Warning: %s entries in users table without corresponding comprofiler table rows.'), count($bad_rows)) . '</div>'; $badids = array(); foreach ($bad_rows as $bad_row) { $badids[(int) $bad_row->id] = $bad_row->id; } echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('users id: %s are missing in comprofiler table'), implode(', ', $badids)) . '</div>'; echo '<div class="form-group cb_form_line clearfix text-danger">' . CBTxt::Th('This one can be fixed using menu Components / Community Builder / tools and then click "Synchronize users".') . '</div>'; } else { echo '<div class="form-group cb_form_line clearfix text-success">' . CBTxt::T('All users table rows have links to comprofiler table.') . '</div>'; } // 6. check if users table has id=0 in it $sql = "SELECT u.id FROM #__users u WHERE u.id = 0"; $_CB_database->setQuery($sql); $bad_rows = $_CB_database->loadObjectList(); if ($_CB_database->getErrorNum()) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('ERROR: sql query: %s : returned error: %s'), htmlspecialchars($sql), stripslashes($_CB_database->getErrorMsg())) . '</div>'; } elseif (count($bad_rows) != 0) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('Warning: %s entries in users table with id=0.'), count($bad_rows)) . '</div>'; foreach ($bad_rows as $bad_row) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('users id=%s is not allowed.'), $bad_row->id) . '</div>'; } echo '<div class="form-group cb_form_line clearfix text-danger">' . CBTxt::Th('This one can be fixed using menu Components / Community Builder / tools and then click "Synchronize users".') . '</div>'; // echo '<div class="form-group cb_form_line clearfix text-danger">' . CBTxt::T('This one can be fixed in SQL using a tool like phpMyAdmin.') . " <strong><u>" . CBTxt::T('You also need to check in SQL if id is autoincremented.') . "<u><strong></font></p>"; } else { echo '<div class="form-group cb_form_line clearfix text-success">' . CBTxt::T('users table has no zero id row.') . '</div>'; } // 7. check if comprofiler table has id=0 in it $sql = "SELECT c.id FROM #__comprofiler c WHERE c.id = 0"; $_CB_database->setQuery($sql); $bad_rows = $_CB_database->loadObjectList(); if ($_CB_database->getErrorNum()) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('ERROR: sql query: %s : returned error: %s'), htmlspecialchars($sql), stripslashes($_CB_database->getErrorMsg())) . '</div>'; } elseif (count($bad_rows) != 0) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('Warning: %s entries in comprofiler table with id=0.'), count($bad_rows)) . '</div>'; foreach ($bad_rows as $bad_row) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('comprofiler id=%s is not allowed.'), $bad_row->id) . '</div>'; } echo '<div class="form-group cb_form_line clearfix text-danger">' . CBTxt::Th('This one can be fixed using menu Components / Community Builder / Tools and then click "Synchronize users".') . '</div>'; } else { echo '<div class="form-group cb_form_line clearfix text-success">' . CBTxt::T('comprofiler table has no zero id row.') . '</div>'; } // 8. check if comprofiler table has user_id != id in it $sql = "SELECT c.id, c.user_id FROM #__comprofiler c WHERE c.id <> c.user_id"; $_CB_database->setQuery($sql); $bad_rows = $_CB_database->loadObjectList(); if ($_CB_database->getErrorNum()) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('ERROR: sql query: %s : returned error: %s'), htmlspecialchars($sql), stripslashes($_CB_database->getErrorMsg())) . '</div>'; } elseif (count($bad_rows) != 0) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('Warning: %s entries in comprofiler table with user_id <> id.'), count($bad_rows)) . '</div>'; foreach ($bad_rows as $bad_row) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('comprofiler id=%s is different from user_id=%s.'), $bad_row->id, $bad_row->user_id) . '</div>'; } echo '<div class="form-group cb_form_line clearfix text-danger">' . CBTxt::Th('This one can be fixed using menu Components / Community Builder / tools and then click "Synchronize users".') . '</div>'; } else { echo '<div class="form-group cb_form_line clearfix text-success">' . CBTxt::T('All rows in comprofiler table have user_id columns identical to id columns.') . '</div>'; } // 10. check if #__user_usergroup_map table is in sync with users table : A: user -> aro if (!cbStartOfStringMatch($version, '3.23')) { $sql = "SELECT u.id FROM #__users u LEFT JOIN #__user_usergroup_map a ON a.user_id = CAST( u.id AS CHAR ) WHERE a.user_id IS NULL"; } else { $sql = "SELECT u.id FROM #__users u LEFT JOIN #__user_usergroup_map a ON a.user_id = u.id WHERE a.user_id IS NULL"; } $_CB_database->setQuery($sql); $bad_rows = $_CB_database->loadObjectList(); if ($_CB_database->getErrorNum()) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('ERROR: sql query: %s : returned error: %s'), htmlspecialchars($sql), stripslashes($_CB_database->getErrorMsg())) . '</div>'; } elseif (count($bad_rows) != 0) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('Warning: %s entries in the users table without corresponding user_usergroup_map table rows.'), count($bad_rows)) . '</div>'; $badids = array(); foreach ($bad_rows as $bad_row) { $badids[(int) $bad_row->id] = $bad_row->id; } echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::T('user id: %s are missing in user_usergroup_map table'), implode(', ', $badids)); echo (isset($badids[0]) ? " " . CBTxt::T('This user entry with id 0 should be removed, as it\'s not allowed.') : "") . '</div>'; echo '<div class="form-group cb_form_line clearfix text-danger">' . CBTxt::T('This one can be fixed by <strong>first backing up database</strong>') . ' <a href="' . $_CB_framework->backendUrl("index.php?option=com_comprofiler&view=fixacldb&{$cbSpoofField}={$cbSpoofString}") . '">' . CBTxt::T('then by clicking here') . '</a>.</div>'; } else { echo '<div class="form-group cb_form_line clearfix text-success">' . CBTxt::T('All users table rows have ACL entries in user_usergroup_map table.') . '</div>'; } // 11. check if #__user_usergroup_map table is in sync with users table : B: aro -> user $sql = "SELECT a.user_id AS id FROM #__user_usergroup_map a LEFT JOIN #__users u ON u.id = a.user_id WHERE u.id IS NULL"; $_CB_database->setQuery($sql); $bad_rows = $_CB_database->loadObjectList(); if ($_CB_database->getErrorNum()) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::Th('ERROR: sql query: %s : returned error: %s'), htmlspecialchars($sql), stripslashes($_CB_database->getErrorMsg())) . '</div>'; } elseif (count($bad_rows) != 0) { echo '<div class="form-group cb_form_line clearfix text-danger">' . sprintf(CBTxt::Th('Warning: %s entries in the __user_usergroup_map table without corresponding users table rows.'), count($bad_rows)) . '</div>'; $badids = array(); foreach ($bad_rows as $bad_row) { $badids[(int) $bad_row->id] = "user id=" . $bad_row->id; } echo '<div class="form-group cb_form_line clearfix text-danger">' . CBTxt::Th('DATABASE_CHECK_ENTRIES_OF_TABLE_MISSING_IN_TABLE', 'Following entries of [tablename1] table are missing in [tablename2] table: [badids].', array('[tablename1]' => 'user_usergroup_map', '[tablename2]' => 'users', '[badids]' => implode(', ', $badids))) . (isset($badids[0]) ? "<br /> " . CBTxt::T('This user_usergroup_map entry with (user) value 0 should be removed, as it\'s not allowed.') : "") . '</div>'; echo '<div class="form-group cb_form_line clearfix text-danger">' . CBTxt::Th('This one can be fixed by <strong>first backing up database</strong>') . ' <a href="' . $_CB_framework->backendUrl("index.php?option=com_comprofiler&view=fixacldb&{$cbSpoofField}={$cbSpoofString}") . '">' . CBTxt::T('then by clicking here') . '</a>.</div>'; } else { echo '<div class="form-group cb_form_line clearfix text-success">' . CBTxt::Th('DATABASE_CHECK_ALL_ENTRIES_OF_TABLE_HAVE_CORRESPONDANCE_IN_TABLE', 'All [tablename1] table rows have corresponding entries in [tablename2] table.', array('[tablename1]' => 'ACL user_usergroup_map', '[tablename2]' => 'users')) . '</div>'; } $dbName = CBTxt::T('Users'); echo '</div>'; } elseif ($dbId == 3) { // adapt published fields to global CB config (regarding name type) _cbAdaptNameFieldsPublished($ueConfig); $strictcolumns = cbGetParam($_REQUEST, 'strictcolumns', 0) == 1; // Check fields db: cbimport('cb.dbchecker'); $dbChecker = new CBDatabaseChecker(); $result = $dbChecker->checkAllCBfieldsDb(false, false, $strictcolumns); $dbName = CBTxt::T('CB fields data storage'); $messagesBefore = array(); $_PLUGINS->loadPluginGroup('user'); $messagesAfter = $_PLUGINS->trigger('onAfterCheckCbFieldsDb', array(true)); if ($strictcolumns) { $dbId = $dbId . '&strictcolumns=1'; } CBDatabaseChecker::renderDatabaseResults($dbChecker, false, false, $result, $messagesBefore, $messagesAfter, $dbName, $dbId); } else { $dbName = CBTxt::T('DATABASE_CHECK_NO_DATABASE_SPECIFIED', 'No Database Specified'); } global $_CB_Backend_Title; $_CB_Backend_Title = array(0 => array('fa fa-wrench', sprintf(CBTxt::T("CB Tools: Check %s database: Results"), $dbName))); }
function fixacldb() { global $_CB_database; // Try extending time, as unziping/ftping took already quite some... : @set_time_limit(240); $version = $_CB_database->getVersion(); $version = substr($version, 0, strpos($version, '-')); if (checkJversion() <= 1) { // 1. put #__core_acl_aro table in sync with users table : A: user -> aro if (!cbStartOfStringMatch($version, '3.23')) { $sql = "INSERT INTO #__core_acl_aro (section_value,value,order_value,name,hidden) SELECT 'users' AS section_value, u.id AS value, 0 AS order_value, u.name as name, 0 AS hidden FROM #__users u LEFT JOIN #__core_acl_aro a ON a.section_value = 'users' AND a.value = CAST( u.id AS CHAR ) WHERE a.value IS NULL"; } else { $sql = "INSERT INTO #__core_acl_aro (section_value,value,order_value,name,hidden) SELECT 'users' AS section_value, u.id AS value, 0 AS order_value, u.name as name, 0 AS hidden FROM #__users u LEFT JOIN #__core_acl_aro a ON a.section_value = 'users' AND a.value = u.id WHERE a.value IS NULL"; } $_CB_database->setQuery($sql); if (!$_CB_database->query()) { print "<font color=red>" . sprintf(CBTxt::T('SQL error %s'), $_CB_database->stderr(true)) . "</font><br />"; return; } $affected = $_CB_database->getAffectedRows(); if ($affected) { print "<p><font color='orange'>" . sprintf(CBTxt::T('Added %s new entries to core_acl_aro table from users Table.'), $affected) . "</font></p>"; } // 2. delete #__core_acl_aro table entries which are not in users table : B: aro -> user if (!cbStartOfStringMatch($version, '3.23')) { if (checkJversion() == 2) { $sql = "DELETE a FROM #__user_usergroup_map a LEFT JOIN #__users u ON u.id = a.user_id WHERE u.id IS NULL"; } elseif (checkJversion() == 1) { $sql = "DELETE a FROM #__core_acl_aro a LEFT JOIN #__users u ON u.id = a.value WHERE a.section_value = 'users' AND u.id IS NULL"; } else { $sql = "DELETE a FROM #__core_acl_aro a LEFT JOIN #__users u ON u.id = a.value WHERE a.section_value = 'users' AND u.id IS NULL"; } $_CB_database->setQuery($sql); if (!$_CB_database->query()) { print "<font color=red>" . sprintf(CBTxt::T('SQL error %s'), $_CB_database->stderr(true)) . "</font><br />"; return; } $affected = $_CB_database->getAffectedRows(); if ($affected) { print "<p><font color='orange'>" . sprintf(CBTxt::T('Deleted %s core_acl_aro entries which didn\'t correspond to users table.'), $affected) . "</font></p>"; } } } // 3. add missing #__core_acl_groups_aro_map table entries to put in sync with #__core_acl_aro table A: aro -> groups if (checkJversion() == 2) { $sql = "INSERT INTO #__user_usergroup_map (user_id,group_id) SELECT u.id AS user_id, 2 AS group_id FROM #__users u LEFT JOIN #__user_usergroup_map g ON g.user_id = u.id WHERE g.user_id IS NULL"; } elseif (checkJversion() == 1) { // $sql = "SELECT a.value AS id, a.id AS aro_id FROM #__core_acl_aro a LEFT JOIN #__core_acl_groups_aro_map g ON g.aro_id = a.id WHERE g.aro_id IS NULL"; $sql = "INSERT INTO #__core_acl_groups_aro_map (aro_id,section_value,group_id) SELECT a.id AS aro_id, '', 18 AS group_id FROM #__core_acl_aro a LEFT JOIN #__core_acl_groups_aro_map g ON g.aro_id = a.id WHERE g.aro_id IS NULL"; } else { // $sql = "SELECT a.value AS id, a.aro_id FROM #__core_acl_aro a LEFT JOIN #__core_acl_groups_aro_map g ON g.aro_id = a.aro_id WHERE g.aro_id IS NULL"; $sql = "INSERT INTO #__core_acl_groups_aro_map (aro_id,section_value,group_id) SELECT a.aro_id, '', 18 AS group_id FROM #__core_acl_aro a LEFT JOIN #__core_acl_groups_aro_map g ON g.aro_id = a.aro_id WHERE g.aro_id IS NULL"; } $_CB_database->setQuery($sql); if (!$_CB_database->query()) { print "<font color=red>" . sprintf(CBTxt::T('SQL error %s'), $_CB_database->stderr(true)) . "</font><br />"; return; } $affected = $_CB_database->getAffectedRows(); if ($affected) { print "<p><font color='orange'>" . sprintf(CBTxt::T('Added %s new entries to core_acl_groups_aro_map table from core_acl_aro Table.'), $affected) . "</font></p>"; } if (checkJversion() <= 1) { // 4. delete #__core_acl_groups_aro_map table entries which are not in sync with #__core_acl_aro table B: groups -> aro if (!cbStartOfStringMatch($version, '3.23')) { if (checkJversion() == 1) { $sql = "DELETE g FROM #__core_acl_groups_aro_map g LEFT JOIN #__core_acl_aro a ON a.id = g.aro_id WHERE a.id IS NULL"; } else { $sql = "DELETE g FROM #__core_acl_groups_aro_map g LEFT JOIN #__core_acl_aro a ON a.aro_id = g.aro_id WHERE a.aro_id IS NULL"; } $_CB_database->setQuery($sql); if (!$_CB_database->query()) { print "<font color=red>" . sprintf(CBTxt::T('SQL error %s'), $_CB_database->stderr(true)) . "</font><br />"; return; } $affected = $_CB_database->getAffectedRows(); if ($affected) { print "<p><font color='orange'>" . sprintf(CBTxt::T('Deleted %s core_acl_groups_aro_map entries which didn\'t correspond to core_acl_aro table.'), $affected) . "</font></p>"; } } } print "<font color=green>" . CBTxt::T('Joomla/Mambo User Table and Joomla/Mambo ACL Table should now be in sync!') . "</font>"; }
/** * store() function override, instead of storing it imports. * * @param boolean $updateNulls * @return boolean */ public function store($updateNulls = false) { $return = ''; // Check if file uploads are enabled if (!(bool) ini_get('file_uploads')) { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("The importer can't continue before file uploads are enabled in PHP settings."); return false; } if (!$this->import_type) { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("No import type selected"); return false; } $fromFile = cbStartOfStringMatch($this->import_type, 'file_'); if ($fromFile) { $userfile = $_FILES['userfile']; if (!$userfile || $userfile == null) { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("No file selected"); return false; } if (isset($userfile['error']) && $userfile['error']) { $errors_array = array(1 => CBPTXT::T("The uploaded file exceeds the upload_max_filesize directive in php.ini."), 2 => CBPTXT::T("The uploaded file exceeds the maximum size allowed by this form."), 3 => CBPTXT::T("The uploaded file was only partially uploaded."), 4 => CBPTXT::T("No file was selected and uploaded."), 6 => CBPTXT::T("Missing a temporary folder in php.ini."), 7 => CBPTXT::T("Failed to write file to disk."), 8 => CBPTXT::T("File upload stopped by extension.")); if (in_array($userfile['error'], $errors_array)) { $fileErrorTxt = $errors_array[$userfile['error']]; } else { $fileErrorTxt = CBPTXT::T("File upload error number ") . htmlspecialchars($userfile['error']); } $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . $fileErrorTxt; return false; } if (!$userfile['tmp_name'] || !is_uploaded_file($userfile['tmp_name'])) { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("No temporary file name"); return false; } if ($userfile['size'] == 0) { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("Empty file"); return false; } } else { $userfile = null; } if ($this->import_type == 'cms_acl') { if (!$this->usergroup) { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("No usergroup selected"); return false; } } if ($this->import_type == 'subscription') { if (!$this->from_plan) { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("No subscription plan selected"); return false; } if (!$this->from_sub_status) { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("No subscription status selected"); return false; } } if ($this->import_type != 'file_uid_plan_exp') { if (!$this->plan) { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("No plan selected"); return false; } if (!$this->state) { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("No subscription state selected"); return false; } if (!$this->date) { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("No subscription date selected"); return false; } } if ($fromFile) { $tmpName = $userfile['tmp_name']; $fileSize = (int) $userfile['size']; // $fileType = $userfile['type']; } else { $tmpName = null; $fileSize = null; } $planStateDate = array(); switch ($this->import_type) { case 'file_uid': $fp = fopen($tmpName, 'r'); $content = fread($fp, $fileSize); fclose($fp); unlink($tmpName); $userIdList = explode(',', trim($content)); break; case 'file_uid_plan_exp': $userIdList = array(); $fp = fopen($tmpName, 'r'); if ($fp) { $n = 0; while (!feof($fp)) { $line = trim(str_replace('"', '', fgets($fp, 256))); $n += 1; if (strlen($line) > 0) { $matches = null; if (preg_match('/([1-9][0-9]*),([1-9][0-9]*),([AXC]),([0-9]{4}-[0-9]{2}-[0-9]{2} [0-9][0-9]:[0-9][0-9]:[0-9][0-9])/', $line, $matches)) { if (!in_array((int) $matches[1], $userIdList)) { $userIdList[] = (int) $matches[1]; } $planStateDate[(int) $matches[1]][] = array('plan' => (int) $matches[2], 'status' => $matches[3], 'date' => $matches[4]); } else { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . sprintf(CBPTXT::T("Line %s does not match the format userid,planid,status,date, e.g. 63,1,A,2009-01-01 00:00:00, and is instead: %s ."), $n, htmlspecialchars($line)); fclose($fp); unlink($tmpName); return false; } } } } fclose($fp); unlink($tmpName); break; case 'cms_acl': if (checkJversion() >= 2) { $sql = 'SELECT id FROM #__users u' . ' JOIN #__user_usergroup_map m ON ( u.id = m.user_id )' . ' WHERE m.group_id = ' . (int) $this->usergroup; } else { $sql = 'SELECT id FROM #__users' . ' WHERE gid = ' . (int) $this->usergroup; } $this->_db->setQuery($sql); $userIdList = $this->_db->loadResultArray(); break; case 'subscription': $statuses = $this->from_sub_status; foreach (array_keys($statuses) as $k) { $statuses[$k] = $this->_db->Quote($statuses[$k][0]); } $sql = 'SELECT s.user_id FROM #__cbsubs_subscriptions s' . ' JOIN #__users u ON ( u.id = s.user_id AND u.block = 0 )' . ' JOIN #__comprofiler c ON ( c.id = s.user_id AND c.confirmed = 1 AND c.approved = 1 )' . ' WHERE s.plan_id = ' . (int) $this->from_plan . ' AND s.status IN (' . implode(',', $statuses) . ')'; $this->_db->setQuery($sql); $userIdList = $this->_db->loadResultArray(); break; default: $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("Import type not implemented!"); return false; break; } if (count($userIdList) == 0) { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("No user to import"); return false; } $plansMgr = cbpaidPlansMgr::getInstance(); if ($this->import_type != 'file_uid_plan_exp') { $plan = $plansMgr->loadPlan((int) $this->plan); $subscriptionTime = (int) $plan->strToTime($this->date); foreach ($userIdList as $key => $value) { if (!is_numeric($value)) { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("non-numeric userid value: ") . str_replace("\n", ' ', htmlspecialchars($value)); return false; } $userIdList[$key] = (int) $value; } } else { $plan = null; $subscriptionTime = null; } $this->_db->setQuery("SELECT u.id, u.username FROM #__comprofiler c, #__users u WHERE c.id=u.id AND u.block = 0 AND c.approved = 1 AND c.confirmed = 1 AND c.id IN (" . implode(',', $userIdList) . ")"); $users = $this->_db->loadObjectList('id'); if (count($userIdList) != count($users)) { if (is_array($users)) { foreach ($users as $u) { $keys = array_keys($userIdList, $u->id); unset($userIdList[$keys[0]]); unset($planStateDate[(int) $u->id]); } } $idList = implode(', ', $userIdList); $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("Not all userId exist, are active (confirmed, approved and enabled) ! innexistant or inactive ids: ") . $idList; return false; } $this->_db->setQuery("SELECT DISTINCT user_id FROM #__cbsubs_subscriptions WHERE user_id IN (" . implode(',', $userIdList) . ")" . " ORDER BY user_id"); $usersSubscribed = $this->_db->loadResultArray(); $incompatibleUsersSubs = array(); if ($this->import_type != 'file_uid_plan_exp') { foreach ($users as $user) { @set_time_limit(60); $incompatible = false; if (in_array($user->id, $usersSubscribed)) { if ($plan->get('exclusive') && $plan->get('item_type') == 'usersubscription') { $paidUserExtension = cbpaidUserExtension::getInstance($user->id); $subscriptions = $paidUserExtension->getUserSubscriptions(null, false); foreach ($subscriptions as $s) { if ($s->parent_plan == $plan->get('parent') && $s->checkIfValid()) { $sPlan = $s->getPlan(); if ($sPlan->get('exclusive') && $sPlan->get('item_type') == 'usersubscription') { // check if any other exclusive subscription with same parent plan is active: $incompatible = true; break; } } } } } if (!$incompatible) { if ($plan->get('parent')) { $plansMgr = cbpaidPlansMgr::getInstance(); $parentPlan = $plansMgr->loadPlan($plan->get('parent')); $parentSub = $parentPlan->loadLatestSomethingOfUser($user->id, null); if (!$parentSub) { $incompatible = true; } } } if ($incompatible) { if (!in_array($user->id, $incompatibleUsersSubs)) { $incompatibleUsersSubs[] = $user->id; } continue; } if (!$this->dryrun) { $userFull = CBuser::getUserDataInstance($user->id); $this->createSomething($plan, $userFull, $this->state, $subscriptionTime); CBuser::unsetUsersNotNeeded(array((int) $user->id)); } } } else { $cbpaidTimes = cbpaidTimes::getInstance(); $systemTimeZone = new DateTimeZone($cbpaidTimes->systemTimeZone()); foreach ($users as $user) { @set_time_limit(60); foreach ($planStateDate[(int) $user->id] as $psd) { $plan = $plansMgr->loadPlan((int) $psd['plan']); $status = $psd['status']; if ($psd['date']) { $date = DateTime::createFromFormat('Y-m-d H:i:s', $psd['date'], $systemTimeZone); $subscriptionTime = $date->getTimestamp(); } else { $subscriptionTime = $cbpaidTimes->startTime(); } $incompatible = false; if (in_array($user->id, $usersSubscribed)) { if ($plan->get('exclusive') && $plan->get('item_type') == 'usersubscription') { $paidUserExtension = cbpaidUserExtension::getInstance($user->id); $subscriptions = $paidUserExtension->getUserSubscriptions(null, false); foreach ($subscriptions as $s) { if ($s->parent_plan == $plan->get('parent') && $s->checkIfValid()) { $sPlan = $s->getPlan(); if ($sPlan->get('exclusive') && $sPlan->get('item_type') == 'usersubscription') { // check if any other exclusive subscription with same parent plan is active: $incompatible = true; break; } } } } } if (!$incompatible) { if ($plan->get('parent')) { $plansMgr = cbpaidPlansMgr::getInstance(); $parentPlan = $plansMgr->loadPlan($plan->get('parent')); $parentSub = $parentPlan->loadLatestSomethingOfUser($user->id, null); if (!$parentSub) { $incompatible = true; } } } if ($incompatible) { if (!in_array($user->id, $incompatibleUsersSubs)) { $incompatibleUsersSubs[] = $user->id; } continue; } if (!$this->dryrun) { $userFull = CBuser::getUserDataInstance($user->id); $this->createSomething($plan, $userFull, $status, $subscriptionTime); CBuser::unsetUsersNotNeeded(array((int) $user->id)); } } } } if (count($userIdList) > 0 && count($incompatibleUsersSubs) == 0) { $resultText = CBPTXT::T("Success"); } elseif (count($userIdList) > count($incompatibleUsersSubs)) { $resultText = CBPTXT::T("Partial Success"); } elseif (count($userIdList) == count($incompatibleUsersSubs)) { $resultText = CBPTXT::T("Import failed"); } else { $resultText = CBPTXT::T("Unknown Result"); } $return .= '<h1>' . $resultText . ($this->dryrun ? ' [' . CBPTXT::T("DRY-RUN - NO REAL SUBSCRIPTION") . ']' : '') . ':</h1>'; if (count($incompatibleUsersSubs) > 0) { $idList = implode(', ', $incompatibleUsersSubs); $return .= '<p>' . CBPTXT::T("Some users have already subscriptions: user ids: ") . $idList . '</p>'; // $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("Some users have already subscriptions: user ids: ") . $idList; // return false; } if ($this->import_type != 'file_uid_plan_exp') { $return .= '<p>' . sprintf(CBPTXT::T("%d users subscribed to plan: %s , with state: %s"), count($userIdList) - count($incompatibleUsersSubs), $plan->get('name'), CBPTXT::T($this->_states[$this->state])) . '</p>'; if (count($userIdList) - count($incompatibleUsersSubs) > 0) { $return .= '<p>' . CBPTXT::T("Users subscribed (usernames):") . '</p>'; $return .= '<p>'; foreach ($users as $user) { if (!in_array($user->id, $incompatibleUsersSubs)) { $return .= $user->username . ' '; } } $return .= '</p>'; } } else { $return .= '<p>' . sprintf(CBPTXT::T("%d users subscribed"), count($userIdList) - count($incompatibleUsersSubs)) . '</p>'; if (count($userIdList) - count($incompatibleUsersSubs) > 0) { $return .= '<p>' . CBPTXT::T("Users subscribed (usernames):") . '</p>'; foreach ($users as $user) { if (!in_array($user->id, $incompatibleUsersSubs)) { $return .= '<p>' . $user->username . ' ' . CBPTXT::T("to") . ' '; foreach ($planStateDate[(int) $user->id] as $psd) { $plan = $plansMgr->loadPlan((int) $psd['plan']); $status = $psd['status']; $return .= sprintf(CBPTXT::T("plan: %s , with state: %s") . ' ', $plan->get('name'), CBPTXT::T($this->_states[$status])); } } } $return .= '</p>'; } } if (count($incompatibleUsersSubs) > 0) { $return .= '<p>' . CBPTXT::T("Following Users could not be subscribed (usernames) because either: (A) an exclusive active subscription exists that would conflict with the imported user subscription, or: (B) it is a children plan but the parent plan subscription does not exist:") . '</p>'; $return .= '<p>'; foreach ($incompatibleUsersSubs as $uid) { if (isset($users[$uid])) { $return .= $users[$uid]->username . ' '; } } $return .= '</p>'; } $this->_resultOfStore = $return; return true; }
function saveField($option, $task) { global $_CB_database, $_CB_framework, $_POST, $_PLUGINS; if ($task == 'showField' || !(isset($_POST['oldtabid']) && isset($_POST['fieldid']))) { cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task={$task}")); return; } $this->_importNeeded(); $this->_importNeededSave(); $fieldOldTab = new moscomprofilerTabs($_CB_database); if (isset($_POST['oldtabid']) && $_POST['oldtabid']) { $fieldOldTab->load((int) $_POST['oldtabid']); // Check if user is a super user: if (!$_CB_framework->acl->amIaSuperAdmin()) { // Check if user belongs to useraccessgroupid: if (!in_array($fieldOldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user belongs to viewaccesslevel: if (!in_array($fieldOldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } } $fid = (int) $_POST['fieldid']; $row = new moscomprofilerFields($_CB_database); if ($fid) { // load the row from the db table if (!$row->load((int) $fid)) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Innexistant field')) . "'); window.history.go(-1);</script>\n"; exit; } $fieldTab = new moscomprofilerTabs($_CB_database); // load the row from the db table $fieldTab->load((int) $row->tabid); // Check if user is a super user: if (!$_CB_framework->acl->amIaSuperAdmin()) { // Check if user belongs to useraccessgroupid: if (!in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user belongs to viewaccesslevel: if (!in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } } $oldrow = new moscomprofilerFields($_CB_database); foreach (array_keys(get_object_vars($row)) as $k) { if (substr($k, 0, 1) != '_') { $oldrow->{$k} = $row->{$k}; } } $_PLUGINS->loadPluginGroup('user'); if (!$this->_prov_bind_CB_field($row, $fid)) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } // Set defaults if nothing is found // Also check if oldrow value to use its current value or default otherwise // This prevents a tab from storing to database with null values when some inputs are set disabled: if ($row->tabid == '') { $row->tabid = $oldrow->tabid != '' ? $oldrow->tabid : 11; } if ($row->profile == '') { $row->profile = $oldrow->profile != '' ? $oldrow->profile : 1; } if ($row->registration == '') { $row->registration = $oldrow->registration != '' ? $oldrow->registration : 1; } if ($row->published == '') { $row->published = $oldrow->published != '' ? $oldrow->published : 1; } if ($row->required == '') { $row->required = $oldrow->required != '' ? $oldrow->required : 0; } if ($row->readonly == '') { $row->readonly = $oldrow->readonly != '' ? $oldrow->readonly : 0; } if ($row->tablecolumns != '' && !in_array($row->type, array('password', 'userparams'))) { $searchable_default = 1; } else { $searchable_default = 0; } if ($row->searchable == '') { $row->searchable = $oldrow->searchable != '' ? $oldrow->searchable : $searchable_default; } // If the input is disabled we need to apply the default if the tabid isn't in POST: if (!isset($_POST['tabid'])) { $_POST['tabid'] = $row->tabid; } // Moved above check here just encase it ends up being empty: if ($task == 'showField' || !isset($_POST['tabid'])) { cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task={$task}")); return; } // in case the above changed perms.... really ? $fieldTab = new moscomprofilerTabs($_CB_database); $fieldTab->load((int) $row->tabid); // Check if user is a super user: if (!$_CB_framework->acl->amIaSuperAdmin()) { // Check if user belongs to useraccessgroupid: if (!in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user belongs to viewaccesslevel: if (!in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } if ($row->type == 'webaddress') { $row->rows = $_POST['webaddresstypes']; if (!($row->rows == 0 || $row->rows == 2)) { $row->rows = 0; } } if ($_POST['oldtabid'] != $_POST['tabid']) { if ($_POST['oldtabid'] !== '') { //Re-order old tab $sql = "UPDATE #__comprofiler_fields SET ordering = ordering-1 WHERE ordering > " . (int) $_POST['ordering'] . " AND tabid = " . (int) $_POST['oldtabid']; $_CB_database->setQuery($sql); $_CB_database->query(); } //Select Last Order in New Tab $sql = "SELECT MAX(ordering) FROM #__comprofiler_fields WHERE tabid=" . (int) $_POST['tabid']; $_CB_database->SetQuery($sql); $max = $_CB_database->LoadResult(); $row->ordering = max($max + 1, 1); } if (cbStartOfStringMatch($row->name, 'cb_')) { $row->name = str_replace(" ", "", strtolower($row->name)); } if (!$row->check()) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } // Check if user is a super user: if (!$_CB_framework->acl->amIaSuperAdmin()) { $canEditState = CBuser::getMyInstance()->authoriseAction('core.edit.state'); // Check if user belongs to useraccessgroupid if ($fieldTab->useraccessgroupid != '' && !in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user belongs to viewaccesslevel if ($fieldTab->viewaccesslevel != '' && !in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user can edit status (and if not, that status are as expected): if (!$canEditState) { $failed = false; // Check if row exists and if tabid is different from existing row // Check if row doesn't exist and if tabid is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->tabid != '' && $oldrow->tabid != $row->tabid) || !$oldrow->fieldid && ($row->tabid != '' && $row->tabid != 11)) { $failed = true; } // Check if row exists and if profile is different from existing row // Check if row doesn't exist and if profile is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->profile != '' && $oldrow->profile != $row->profile) || !$oldrow->fieldid && ($row->profile != '' && $row->profile != 1)) { $failed = true; } // Check if row exists and if registration is different from existing row // Check if row doesn't exist and if registration is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->registration != '' && $oldrow->registration != $row->registration) || !$oldrow->fieldid && ($row->registration != '' && $row->registration != 1)) { $failed = true; } // Check if row exists and if published is different from existing row // Check if row doesn't exist and if published is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->published != '' && $oldrow->published != $row->published) || !$oldrow->fieldid && ($row->published != '' && $row->published != 1)) { $failed = true; } // Check if row exists and if required is different from existing row // Check if row doesn't exist and if required is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->required != '' && $oldrow->required != $row->required) || !$oldrow->fieldid && ($row->required != '' && $row->required != 0)) { $failed = true; } // Check if row exists and if readonly is different from existing row // Check if row doesn't exist and if readonly is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->readonly != '' && $oldrow->readonly != $row->readonly) || !$oldrow->fieldid && ($row->readonly != '' && $row->readonly != 0)) { $failed = true; } // Check if row exists and if searchable is different from existing row // Check if row doesn't exist and if searchable is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->searchable != '' && $oldrow->searchable != $row->searchable) || !$oldrow->fieldid && ($row->searchable != '' && $row->searchable != $searchable_default)) { $failed = true; } if ($failed) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } } if (!$row->store((int) $fid)) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } $fieldNames = $_POST['vNames']; $j = 1; if ($row->fieldid > 0) { $_CB_database->setQuery("DELETE FROM #__comprofiler_field_values" . " WHERE fieldid = " . (int) $row->fieldid); if ($_CB_database->query() === false) { echo $_CB_database->getErrorMsg(); } } else { $_CB_database->setQuery("SELECT MAX(fieldid) FROM #__comprofiler_fields"); $maxID = $_CB_database->loadResult(); $row->fieldid = $maxID; echo $_CB_database->getErrorMsg(); } //for($i=0, $n=count( $fieldNames ); $i < $n; $i++) { foreach ($fieldNames as $fieldName) { if (trim($fieldName) != null || trim($fieldName) != '') { $_CB_database->setQuery("INSERT INTO #__comprofiler_field_values (fieldid,fieldtitle,ordering)" . " VALUES( " . (int) $row->fieldid . ",'" . cbGetEscaped(trim($fieldName)) . "', " . (int) $j . ")"); if ($_CB_database->query() === false) { echo $_CB_database->getErrorMsg(); } $j++; } } switch ($task) { case 'applyField': $msg = CBTxt::T('Successfully Saved changes to Field') . ': ' . $row->name; cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=editField&cid={$row->fieldid}"), $msg); break; case 'saveField': default: $msg = CBTxt::T('Successfully Saved Field') . ': ' . $row->name; cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=showField"), $msg); break; } }
/** * Gets the content for the fields of the tab * * @param FieldTable[] $oFields Fields of tab * @param UserTable $user User * @param int $tabid Tab id * @param string $output 'html', 'xml', 'json', 'php', 'csvheader', 'csv', 'rss', 'fieldslist', 'htmledit' * @param string $formatting 'tr', 'td', 'div', 'span', 'none', 'table'?? * @param string $reason 'profile' for user profile view, 'edit' for profile edit, 'register' for registration, 'search' for searches * @param int $list_compare_types IF reason == 'search' : 0 : simple 'is' search, 1 : advanced search with modes, 2 : simple 'any' search * @return null|string */ private function _getFieldsContents($oFields, $user, $tabid, $output = 'html', $formatting = 'table', $reason = 'profile', $list_compare_types = 0) { global $_CB_OneTwoRowsStyleToggle; $results = null; if (is_array($oFields)) { if (cbStartOfStringMatch($output, 'html')) { $formattingFields = $this->_stepDownFormatting[$formatting]; foreach ($oFields as $oField) { $results .= $this->_getSingleFieldContent($oField, $user, $output, $formattingFields, $reason, $list_compare_types); } if ($results != null) { switch ($formatting) { case 'table': // only displayed at Profile Edit: $return .= $this->_writeTabDescription( $tab, $user ); return "\n\t\t\t" . '<table class="cbFieldsContentsTab cbFields table table-hover" id="cbtf_' . $tabid . '">' . $results . "\n\t\t\t</table>"; break; case 'tr': $class = 'sectiontableentry' . $_CB_OneTwoRowsStyleToggle; $_CB_OneTwoRowsStyleToggle = $_CB_OneTwoRowsStyleToggle == 1 ? 2 : 1; return "\n\t\t\t\t<tr class=\"cbFieldsContentsTab " . $class . '" id="cbtf_' . $tabid . '">' . $results . "\n\t\t\t\t</tr>"; case 'td': return "\n\t\t\t\t\t" . '<td class="cbFieldsContentsTab" id="cbtf_' . $tabid . '">' . $results . "\n\t\t\t\t\t</td>"; case 'div': case 'divs': return '<div class="cbFieldsContentsTab" id="cbtf_' . $tabid . '">' . $results . '</div>'; case 'span': return '<span class="cbFieldsContentsTab" id="cbtf_' . $tabid . '">' . $results . '</span>'; case 'ul': return '<ul class="cbFieldsContentsList" id="cbtf_' . $tabid . '">' . $results . '</ul>'; case 'ol': return '<ol class="cbFieldsContentsList" id="cbtf_' . $tabid . '">' . $results . '</ol>'; case 'li': return '<li class="cbFieldsContentsList" id="cbtf_' . $tabid . '">' . $results . '</li>'; case 'tabletrs': case 'none': return $results; default: return '*' . $results . '*'; break; } } } else { foreach ($oFields as $k => $oField) { $results[$k] = $this->_getSingleFieldContent($oField, $user, $output, $formatting, $reason); } } } return $results; }
function logout() { global $_POST, $_CB_framework, $_CB_database, $_PLUGINS; $return = trim( stripslashes( cbGetParam( $_POST, 'return', null ) ) ); if ( cbStartOfStringMatch( $return, 'B:' ) ) { $return = base64_decode( substr( $return, 2 ) ); $arrToClean = array( 'B' => get_magic_quotes_gpc() ? addslashes( $return ) : $return ); $return = cbGetParam( $arrToClean, 'B', '' ); } $message = trim( cbGetParam( $_POST, 'message', 0 ) ); if ($return || $message) { $spoofCheckOk = false; if ( cbSpoofCheck( 'logout', 'POST', 2 ) ) { $spoofCheckOk = true; } else { if ( is_callable("josSpoofCheck") && is_callable("josSpoofValue") ) { $validate = josSpoofValue(); if ( cbGetParam( $_POST, $validate ) ) { josSpoofCheck(1); $spoofCheckOk = true; } } } if ( ! $spoofCheckOk ) { echo _UE_SESSION_EXPIRED . ' ' . _UE_PLEASE_REFRESH; return; } } // Do the logout including all authentications and event firing: cbimport( 'cb.authentication' ); $cbAuthenticate = new CBAuthentication(); $resultError = $cbAuthenticate->logout( $return ); if ( $resultError ) { echo "<script type=\"text/javascript\">alert('".addslashes($_PLUGINS->getErrorMSG())."');</script>\n"; echo "<div class=\"message\">".$_PLUGINS->getErrorMSG()."</div>";; return; } cbRedirect( cbSef( ( $return ? $return : 'index.php' ), false ), ( $message ? stripslashes( _LOGOUT_SUCCESS ) : '' ) ); }
/** * @param string $cbUri The CB-URI (cbo;,,,) * @param SimpleXMLElement $sourceElem The XML element from which the URL is computed * @param TableInterface $data The data of the object for dynamic URL request values * @param int $id The id of the current row * @param bool $htmlspecialchars If htmlspecialchars should be made for this * @param bool $inPage URL target: true: html (full page), false: raw (only center component content) * @return string The URL */ function drawUrl($cbUri, SimpleXMLElement $sourceElem, $data, $id, $htmlspecialchars = true, $inPage = true) { global $_CB_framework; if (!Access::authorised($sourceElem)) { return null; } $ui = $_CB_framework->getUi(); $actionName = null; if (substr($cbUri, 0, 4) == 'cbo:') { $subTaskValue = substr($cbUri, 4); switch ($subTaskValue) { /** @noinspection PhpMissingBreakStatementInspection */ case 'newrow': // $id = 0; // fallthrough: no break on purpose. // $id = 0; // fallthrough: no break on purpose. case 'rowedit': //TBD this is duplicate of below $baseUrl = 'index.php'; if ($this->_options['view'] == 'editPlugin') { $task = $this->_options['view']; } else { $task = 'editrow'; } $baseUrl .= '?option=' . $this->_options['option'] . '&view=' . $task; if (isset($this->_options['pluginid'])) { $baseUrl .= '&cid=' . $this->_options['pluginid']; } $url = $baseUrl . '&table=' . $this->_tableBrowserModel->attributes('name') . '&action=editrow'; // below: . '&tid=' . $id; break; case 'saveorder': case 'editrows': case 'deleterows': case 'copyrows': case 'updaterows': case 'publish': case 'unpublish': case 'enable': case 'disable': default: $url = 'javascript:cbDoListTask(this, ' . "'" . addslashes($this->taskName(false)) . "','" . addslashes($this->subtaskName(false)) . "','" . addslashes($this->subtaskValue($subTaskValue, false)) . "','" . addslashes($this->fieldId('id', null, false)) . "'" . ");"; break; } } elseif (substr($cbUri, 0, 10) == 'cb_action:') { $actionName = substr($cbUri, 10); $action = $this->_actions->getChildByNameAttr('action', 'name', $actionName); if ($action) { if (!Access::authorised($action)) { return null; } $requestNames = explode(' ', $action->attributes('request')); $requestValues = explode(' ', $action->attributes('action')); $parametersValues = explode(' ', $action->attributes('parameters')); $baseUrl = 'index.php'; $baseUrl .= '?'; $baseRequests = array('option' => 'option', 'view' => 'view', 'cid' => 'pluginid'); $urlParams = array(); foreach ($baseRequests as $breq => $breqOptionsValue) { if (!(in_array($breq, $requestNames) || in_array($breq, $parametersValues)) && isset($this->_options[$breqOptionsValue])) { $urlParams[$breq] = $breq . '=' . $this->_options[$breqOptionsValue]; } } for ($i = 0, $n = count($requestNames); $i < $n; $i++) { $urlParams[$requestNames[$i]] = $requestNames[$i] . '=' . $requestValues[$i]; // other parameters = paramvalues added below } $url = $baseUrl . implode('&', $urlParams); } else { $url = "#action_not_defined:" . $actionName; } } else { $url = cbUnHtmlspecialchars($cbUri); } if (cbStartOfStringMatch($url, 'index.php')) { // get the parameters of action/link from XML : $parametersNames = explode(' ', $sourceElem->attributes('parameters')); $parametersValues = explode(' ', $sourceElem->attributes('paramvalues')); $parametersValuesTypes = explode(' ', $sourceElem->attributes('paramvaluestypes')); // generate current action (and parameters ?) as cbprevstate $cbprevstate = array(); foreach ($this->_options as $req => $act) { if ($req && $act && !in_array($req, array('cbprevstate'))) { $cbprevstate[] = $req . '=' . $act; } } $parametersNames[] = 'cbprevstate'; $parametersValues[] = "'" . base64_encode(implode('&', $cbprevstate)) . "'"; // finally generate URL: for ($i = 0, $n = count($parametersNames); $i < $n; $i++) { $nameOfVariable = $parametersValues[$i]; if ($nameOfVariable != '') { if (isset($parametersValuesTypes[$i]) && $parametersValuesTypes[$i]) { if ($parametersValuesTypes[$i] == 'sql:field') { if (is_callable(array($data, 'get'))) { $nameOfVariable = $data->get($nameOfVariable); } else { $nameOfVariable = $data->{$nameOfVariable}; } } else { // $nameOfVariable untouched } } elseif (substr($nameOfVariable, 0, 1) == "'" && substr($nameOfVariable, -1) == "'") { $nameOfVariable = substr($nameOfVariable, 1, -1); } else { if (is_callable(array($data, 'get'))) { $nameOfVariable = $data->get($nameOfVariable); } else { $nameOfVariable = $data->{$nameOfVariable}; } } $url .= '&' . $parametersNames[$i] . '=' . urlencode($nameOfVariable); } } if ($ui == 2) { $url = $_CB_framework->backendUrl($url, $htmlspecialchars, $inPage ? 'html' : 'component'); } else { $url = cbSef($url, $htmlspecialchars, $inPage ? 'html' : 'component'); } } elseif ($htmlspecialchars) { $url = htmlspecialchars($url); } return $url; }
/** * Gets the HTTPS redirect URL for a given payment basket $paymentBasket of a a user $user * * @param cbpaidPaymentBasket $paymentBasket * @param array $addPluginUrlVars GET-variables of the plugin (will be handled by CB plugins API) * @param array $addUrlVars Additional GET-variables (no CB plugins API handling) * @param string $httpmode HTTP/HTTPS mode: 'https' (default) or 'http' * @return string Sefed URL */ protected function _getHttpsRedirectUrl( /** @noinspection PhpUnusedParameterInspection */ &$paymentBasket, $addPluginUrlVars = null, $addUrlVars = null, $httpmode = 'https' ) { if ( $addPluginUrlVars === null ) { $addPluginUrlVars = array(); } if ( $addUrlVars === null ) { $addUrlVars = array(); } $additionalArr = array(); $arr = array_merge( $additionalArr, $addPluginUrlVars ); $url = $this->_getAbsURLwithParam( $arr, 'pluginclass', false ); foreach ( $addUrlVars as $k => $v ) { $url .= '&'.urlencode( $k ) . '=' . urlencode( $v ); } $url = cbSef( $url, false ); if ( ! cbStartOfStringMatch( $url, 'http' ) ) { echo CBPTXT::T("Your Joomla global configuration for live_site does not start with http:// or https:// . Secure https:// URL could not be generated. Please fix your configuration.php"); exit; } if ( $httpmode != 'http' ) { $url = str_replace( 'http://', 'https://', $url ); } return $url; }