/** * Saves legacy user edit display * * @param string $option * @param string $task */ public function saveUser($option, $task = 'save') { global $_CB_framework, $_CB_Backend_task, $_POST, $_PLUGINS; cbimport('language.all'); cbimport('cb.tabs'); cbimport('cb.params'); cbimport('cb.adminfilesystem'); cbimport('cb.imgtoolbox'); $userIdPosted = (int) cbGetParam($_POST, 'id', 0); if ($userIdPosted == 0) { $_POST['id'] = null; } $msg = $this->_authorizedEdit($userIdPosted); if (!$msg) { if ($userIdPosted != 0) { $msg = checkCBpermissions(array($userIdPosted), 'save', true); } else { $msg = checkCBpermissions(null, 'save', true); } } if ($userIdPosted != 0) { $_PLUGINS->trigger('onBeforeUserProfileSaveRequest', array($userIdPosted, &$msg, 2)); } if ($msg) { cbRedirect($_CB_framework->backendViewUrl('showusers', false), $msg, 'error'); } $_PLUGINS->loadPluginGroup('user'); // Get current user state: if ($userIdPosted != 0) { $userComplete = CBuser::getUserDataInstance($userIdPosted); if (!($userComplete && $userComplete->id)) { cbRedirect($_CB_framework->backendViewUrl('showusers', false), CBTxt::T('Your profile could not be updated.'), 'error'); } } else { $userComplete = new UserTable(); } // Store new user state: $saveResult = $userComplete->saveSafely($_POST, $_CB_framework->getUi(), 'edit'); if (!$saveResult) { $regErrorMSG = $userComplete->getError(); $msg = checkCBpermissions(array((int) $userComplete->id), 'edit', true); if ($userIdPosted != 0) { $_PLUGINS->trigger('onBeforeUserProfileEditRequest', array((int) $userComplete->id, &$msg, 2)); } if ($msg) { cbRedirect($_CB_framework->backendViewUrl('showusers', false), $msg, 'error'); } if ($userIdPosted != 0) { $_PLUGINS->trigger('onAfterUserProfileSaveFailed', array(&$userComplete, &$regErrorMSG, 2)); } else { $_PLUGINS->trigger('onAfterUserRegistrationSaveFailed', array(&$userComplete, &$regErrorMSG, 2)); } $_CB_framework->enqueueMessage($regErrorMSG, 'error'); $_CB_Backend_task = 'edit'; // so the toolbar comes up... $_PLUGINS->loadPluginGroup('user'); // resets plugin errors $userView = _CBloadView('user'); /** @var CBController_user $userView */ $userView->edituser($userComplete, $option, $userComplete->user_id != null ? 0 : 1, $_POST); return; } // Checks-in the row: $userComplete->checkin(); if ($userIdPosted != 0) { $_PLUGINS->trigger('onAfterUserProfileSaved', array(&$userComplete, 2)); } else { $messagesToUser = array(); $_PLUGINS->trigger('onAfterSaveUserRegistration', array(&$userComplete, &$messagesToUser, 2)); } if ($task == 'apply') { cbRedirect($_CB_framework->backendViewUrl('edit', false, array('cid' => (int) $userComplete->user_id)), CBTxt::T('SUCCESSFULLY_SAVED_USER_USERNAME', 'Successfully Saved User: [username]', array('[username]' => $userComplete->username))); } else { cbRedirect($_CB_framework->backendViewUrl('showusers', false), CBTxt::T('SUCCESSFULLY_SAVED_USER_USERNAME', 'Successfully Saved User: [username]', array('[username]' => $userComplete->username))); } }
function tabClass($option, $task, $uid) { global $_PLUGINS, $_REQUEST, $_POST; if ($uid) { $cbUser =& CBuser::getInstance((int) $uid); if ($cbUser) { $user =& $cbUser->getUserData(); } else { $cbUser =& CBuser::getInstance(null); $user = null; } } else { $cbUser =& CBuser::getInstance(null); $user = null; } $unsecureChars = array('/', '\\', ':', ';', '{', '}', '(', ')', "\"", "'", '.', ',', "", ' ', "\t", "\n", "\r", "\v"); if ($task == 'fieldclass') { if ($user && $user->id) { $uid = $user->id; } else { $uid = 0; } $msg = checkCBpermissions(array($uid), "edit", true); $_PLUGINS->trigger('onBeforeUserProfileEditRequest', array($uid, &$msg, 2)); if ($msg) { echo $msg; return; } $fieldName = trim(substr(str_replace($unsecureChars, '', urldecode(stripslashes(cbGetParam($_REQUEST, "field")))), 0, 50)); if (!$fieldName) { echo CBTxt::T('no field'); return; } $pluginName = null; $tabClassName = null; $method = null; } elseif ($task == 'tabclass') { $tabClassName = urldecode(stripslashes(cbGetParam($_REQUEST, "tab"))); if (!$tabClassName) { return; } $pluginName = null; $tabClassName = substr(str_replace($unsecureChars, '', $tabClassName), 0, 32); $method = 'getTabComponent'; $fieldName = null; } elseif ($task == 'pluginclass') { $pluginName = urldecode(stripslashes(cbGetParam($_REQUEST, "plugin"))); if (!$pluginName) { return; } $tabClassName = 'CBplug_' . strtolower(substr(str_replace($unsecureChars, '', $pluginName), 0, 32)); $method = 'getCBpluginComponent'; $fieldName = null; } else { throw new LogicException('Unexpected task for CB tabClass'); } $tabs = $cbUser->_getCbTabs(false); if ($task == 'fieldclass') { $result = $tabs->fieldCall($fieldName, $user, $_POST, 'edit'); } else { $result = $tabs->tabClassPluginTabs($user, $_POST, $pluginName, $tabClassName, $method); } if ($result === false) { if ($_PLUGINS->is_errors()) { echo "<script type=\"text/javascript\">alert(\"" . $_PLUGINS->getErrorMSG() . "\"); </script>\n"; } } elseif ($result !== null) { echo $result; } }
function saveUser( $option ) { global $_CB_framework, $_CB_database, $_POST, $_PLUGINS; $this->_importNeeded(); $this->_importNeededSave(); if ( ! ( isset( $_POST['approved'] ) && isset( $_POST['confirmed'] ) && isset( $_POST['username'] ) ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Not Authorized') ) ."'); window.history.go(-1);</script>\n"; exit; } // Check rights to access: $myGid = userGID( $_CB_framework->myId() ); $userIdPosted = (int) cbGetParam($_POST, "id", 0 ); if ( $userIdPosted == 0 ) { $_POST['id'] = null; } $adminGroups = $_CB_framework->acl->mapGroupNamesToValues( array( 'Administrator', 'Superadministrator' ) ); if ( $userIdPosted != 0 ) { $msg = checkCBpermissions( array( $userIdPosted ), 'save', in_array( $myGid, $adminGroups ) ); } else { $msg = checkCBpermissions( null, 'save', in_array( $myGid, $adminGroups ) ); } if ($msg) { echo "<script type=\"text/javascript\"> alert('" . addslashes( $msg ) . "'); window.history.go(-1);</script>\n"; exit; } $_PLUGINS->loadPluginGroup('user'); // Get current user state: $userComplete = new moscomprofilerUser( $_CB_database ); if ( $userIdPosted != 0 ) { if ( ! $userComplete->load( (int) $userIdPosted ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( _UE_USER_PROFILE_NOT ) . "'); window.history.go(-1);</script>\n"; return; } } // Store new user state: $saveResult = $userComplete->saveSafely( $_POST, $_CB_framework->getUi(), 'edit' ); if ( ! $saveResult ) { $regErrorMSG = $userComplete->getError(); $msg = checkCBpermissions( array( $userComplete->id ), "edit", true ); if ($msg) { echo "<script type=\"text/javascript\"> alert('" . addslashes( $msg ) ."'); window.history.go(-1);</script>\n"; exit; } echo "<script type=\"text/javascript\">alert('" . str_replace( '\\\\n', '\\n', addslashes( strip_tags( str_replace( '<br />', '\\n', $regErrorMSG ) ) ) ) . "'); </script>\n"; global $_CB_Backend_task; $_CB_Backend_task = 'edit'; // so the toolbar comes up... $_PLUGINS->loadPluginGroup( 'user' ); // resets plugin errors $usersView = _CBloadView( 'user' ); $usersView->edituser( $userComplete, $option, ( $userComplete->user_id != null ? '0' : '1' ), $_POST ); // echo "<script type=\"text/javascript\">alert('" . addslashes( str_replace( '<br />', '\n', $userComplete->getError() ) ) . "'); window.history.go(-1);</script>\n"; return; } // Checks-in the row: $userComplete->checkin(); cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showusers" ), sprintf(CBTxt::T('Successfully Saved User: %s'), $userComplete->username) ); }
function tabClass( $option, $task, $uid ) { global $_CB_framework, $_PLUGINS, $ueConfig, $_REQUEST, $_POST; $user =& loadComprofilerUser( $uid ); $cbUser =& CBuser::getInstance( ( $user === null ? null : $user->id ) ); $unsecureChars = array( '/', '\\', ':', ';', '{', '}', '(', ')', "\"", "'", '.', ',', "\0", ' ', "\t", "\n", "\r", "\x0B" ); if ( $task == 'fieldclass' ) { $reason = cbGetParam( $_REQUEST, 'reason' ); if ( $user && $user->id ) { if ( $reason === 'edit' ) { $msg = cbCheckIfUserCanPerformUserTask( $user->id, 'allowModeratorsUserEdit' ); if ( ( $uid != $_CB_framework->myId() ) && ( $msg === null ) ) { // safeguard against missconfiguration of the above: also avoids lower-level users editing higher level ones: $msg = checkCBpermissions( array( (int) $user->id ), 'edit', true ); } } elseif ( ( $reason === 'profile' ) || ( $reason === 'list' ) ) { if ( allowAccess( $ueConfig['allow_profileviewbyGID'], 'RECURSE', userGID( $_CB_framework->myId() ) ) ) { $msg = null; } else { $msg = _UE_NOT_AUTHORIZED; } } else { $msg = _UE_NO_INDICATION; } if ( $msg ) { echo $msg; return; } } elseif ( $reason == 'register' ) { if ( $_CB_framework->myId() != 0 ) { echo _UE_ALREADY_LOGGED_IN; return; } } else { /* if ( ( ! ( ( ( $_CB_framework->getCfg( 'allowUserRegistration' ) == '0' ) && ( ( ! isset($ueConfig['reg_admin_allowcbregistration']) ) || $ueConfig['reg_admin_allowcbregistration'] != '1' ) ) ) ) && allowAccess( $ueConfig['allow_profileviewbyGID'], 'RECURSE', $_CB_framework->acl->get_group_id('Registered','ARO') ) ) { $msg = _UE_REGISTERFORPROFILEVIEW; echo $msg; return; } else { $msg = _UE_NOT_AUTHORIZED; echo $msg; return; } */ $msg = _UE_NOT_AUTHORIZED; echo $msg; return; } $fieldName = trim( substr( str_replace( $unsecureChars, '', urldecode( stripslashes( cbGetParam( $_REQUEST, "field" ) ) ) ), 0, 50 ) ); if ( ! $fieldName ) { echo 'no field'; return; } } elseif ( $task == 'tabclass' ) { $tabClassName = urldecode( stripslashes( cbGetParam( $_REQUEST, "tab" ) ) ); if ( ! $tabClassName ) { return; } $pluginName = null; $tabClassName = substr( str_replace( $unsecureChars, '', $tabClassName ), 0, 32 ); $method = 'getTabComponent'; } elseif ( $task == 'pluginclass' ) { $pluginName = urldecode( stripslashes( cbGetParam( $_REQUEST, "plugin" ) ) ); if ( ! $pluginName ) { return; } $tabClassName = 'CBplug_' . strtolower( substr( str_replace( $unsecureChars, '', $pluginName ), 0, 32 ) ); $method = 'getCBpluginComponent'; } $tabs = $cbUser->_getCbTabs( false ); if ( $task == 'fieldclass' ) { $result = $tabs->fieldCall( $fieldName, $user, $_POST, $reason ); } else { $result = $tabs->tabClassPluginTabs( $user, $_POST, $pluginName, $tabClassName, $method ); } if ( $result === false ) { if( $_PLUGINS->is_errors() ) { echo "<script type=\"text/javascript\">alert(\"" . $_PLUGINS->getErrorMSG() . "\"); </script>\n"; } } elseif ( $result !== null ) { echo $result; } }
function tabClass($option, $task, $uid) { global $_CB_framework, $_PLUGINS, $_REQUEST, $_POST; $user =& loadComprofilerUser($uid); $cbUser =& CBuser::getInstance($user === null ? null : $user->id); $unsecureChars = array('/', '\\', ':', ';', '{', '}', '(', ')', "\"", "'", '.', ',', "", ' ', "\t", "\n", "\r", "\v"); $appendClass = false; if ($task == 'fieldclass') { $reason = cbGetParam($_REQUEST, 'reason'); if ($user && $user->id) { $_PLUGINS->loadPluginGroup('user'); if ($reason === 'edit') { $msg = cbCheckIfUserCanPerformUserTask($user->id, 'allowModeratorsUserEdit'); if ($uid != $_CB_framework->myId() && $msg === null) { // safeguard against missconfiguration of the above: also avoids lower-level users editing higher level ones: $msg = checkCBpermissions(array((int) $user->id), 'edit', true); } $_PLUGINS->trigger('onBeforeUserProfileEditRequest', array($user->id, &$msg, 1)); } elseif ($reason === 'profile' || $reason === 'list') { if (CBuser::getMyInstance()->authoriseView('profile', $user->id)) { $msg = null; } else { $msg = CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!'); } $_PLUGINS->trigger('onBeforeUserProfileAccess', array($user->id, &$msg, 1)); } else { $msg = CBTxt::Th('UE_NO_INDICATION', 'No indication'); } if ($msg) { echo $msg; return; } } elseif ($reason == 'register') { if ($_CB_framework->myId() != 0) { echo CBTxt::Th('UE_ALREADY_LOGGED_IN', 'You are already logged in'); return; } } else { $msg = CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!'); echo $msg; return; } $fieldName = trim(substr(str_replace($unsecureChars, '', urldecode(stripslashes(cbGetParam($_REQUEST, "field")))), 0, 50)); if (!$fieldName) { echo 'no field'; return; } $pluginName = null; $tabClassName = null; $method = null; } elseif ($task == 'tabclass') { $tabClassName = urldecode(stripslashes(cbGetParam($_REQUEST, "tab"))); if (!$tabClassName) { return; } $pluginName = null; $tabClassName = substr(str_replace($unsecureChars, '', $tabClassName), 0, 32); $method = 'getTabComponent'; $fieldName = null; $reason = null; } elseif ($task == 'pluginclass') { $pluginName = urldecode(stripslashes(cbGetParam($_REQUEST, "plugin"))); if (!$pluginName) { return; } $tabClassName = 'CBplug_' . strtolower(substr(str_replace($unsecureChars, '', $pluginName), 0, 32)); $method = 'getCBpluginComponent'; $appendClass = cbGetParam($_REQUEST, 'format') != 'raw' && cbGetParam($_REQUEST, 'format') != 'rawraw' ? true : false; $fieldName = null; $reason = null; } else { throw new LogicException('Unexpected task for CB tabClass'); } $tabs = $cbUser->_getCbTabs(false); if ($task == 'fieldclass') { ob_start(); $results = $tabs->fieldCall($fieldName, $user, $_POST, $reason); $result = ob_get_contents() . $results; ob_end_clean(); } else { ob_start(); $results = $tabs->tabClassPluginTabs($user, $_POST, $pluginName, $tabClassName, $method); $result = ob_get_contents() . $results; ob_end_clean(); } if ($result === false) { if ($_PLUGINS->is_errors()) { echo "<script type=\"text/javascript\">alert(\"" . $_PLUGINS->getErrorMSG() . "\"); </script>\n"; } } elseif ($result !== null) { if ($appendClass) { $pageClass = $_CB_framework->getMenuPageClass(); echo '<div class="cb_template cb_template_' . selectTemplate('dir') . ($pageClass ? ' ' . htmlspecialchars($pageClass) : null) . '">' . $result . '</div>'; $_CB_framework->setMenuMeta(); } else { echo $result; } } }