/** * Direct access to field for custom operations, like for Ajax * * WARNING: direct unchecked access, except if $user is set, then check * that the logged-in user has rights to edit that $user. * * @param moscomprofilerFields $field * @param moscomprofilerUser $user * @param array $postdata * @param string $reason 'profile' for user profile view, 'edit' for profile edit, 'register' for registration, 'search' for searches * @return string Expected output. */ function fieldClass(&$field, &$user, &$postdata, $reason) { global $_CB_framework, $_CB_database, $ueConfig, $_GET; parent::fieldClass($field, $user, $postdata, $reason); // performs spoofcheck. if (($field->type == 'primaryemailaddress' && (isset($ueConfig['reg_email_checker']) && $ueConfig['reg_email_checker'] > 0) || $field->params->get('field_check_email', 0) || $_CB_framework->getUi() == 2) && ($reason == 'edit' || $reason == 'register')) { $function = cbGetParam($_GET, 'function', ''); if ($function == 'checkvalue') { $email = stripslashes(cbGetParam($postdata, 'value', '')); $emailISO = CBTxt::utf8ToISO($email); // ajax sends in utf8, we need to convert back to the site's encoding. if ($field->type == 'primaryemailaddress' && ((isset($ueConfig['reg_email_checker']) ? $ueConfig['reg_email_checker'] > 1 : false) && ($reason == 'register' || $reason == 'edit' && $user && $emailISO != $user->email) || $_CB_framework->getUi() == 2)) { if ($_CB_database->isDbCollationCaseInsensitive()) { $query = "SELECT COUNT(*) AS result FROM #__users WHERE email = " . $_CB_database->Quote(trim($emailISO)); } else { $query = "SELECT COUNT(*) AS result FROM #__users WHERE LOWER(email) = " . $_CB_database->Quote(strtolower(trim($emailISO))); } $_CB_database->setQuery($query); $dataObj = null; if ($_CB_database->loadObject($dataObj)) { if ($function == 'testexists') { if ($dataObj->result) { return '<span class="cb_result_ok">' . sprintf(ISOtoUtf8(_UE_EMAIL_EXISTS_ON_SITE), htmlspecialchars($email)) . "</span>"; } else { return '<span class="cb_result_error">' . sprintf(ISOtoUtf8(_UE_EMAIL_DOES_NOT_EXISTS_ON_SITE), htmlspecialchars($email)) . "</span>"; } } else { if ($dataObj->result) { return '<span class="cb_result_error">' . sprintf(ISOtoUtf8(_UE_EMAIL_ALREADY_REGISTERED), htmlspecialchars($email)) . "</span>"; } } } } if ($function == 'testexists') { return ISOtoUtf8(_UE_NOT_AUTHORIZED); } else { if ($reason == 'register' || $reason == 'edit' && $user && $emailISO != $user->email || $_CB_framework->getUi() == 2) { $checkResult = cbCheckMail($_CB_framework->getCfg('mailfrom'), $emailISO); } else { return '<span class="cb_result_info">' . sprintf(ISOtoUtf8(CBTxt::T("No changes.")), htmlspecialchars($email)) . "</span>"; } } switch ($checkResult) { case -2: return '<span class="cb_result_error">' . sprintf(ISOtoUtf8(_UE_EMAIL_NOVALID), htmlspecialchars($email)) . "</span>"; break; case -1: return '<span class="cb_result_warning">' . sprintf(ISOtoUtf8(_UE_EMAIL_COULD_NOT_CHECK), htmlspecialchars($email)) . "</span>"; break; case 0: if ($ueConfig['reg_confirmation'] == 0) { return '<span class="cb_result_error">' . sprintf(ISOtoUtf8(_UE_EMAIL_INCORRECT_CHECK), htmlspecialchars($email)) . "</span>"; } else { return '<span class="cb_result_error">' . sprintf(ISOtoUtf8(_UE_EMAIL_INCORRECT_CHECK_NEEDED), htmlspecialchars($email)) . "</span>"; } break; case 1: return '<span class="cb_result_ok">' . sprintf(ISOtoUtf8(_UE_EMAIL_VERIFIED), htmlspecialchars($email)) . "</span>"; break; default: return '<span class="cb_result_error">' . sprintf(CBTxt::T('Unexpected cbCheckMail result: %s'), $checkResult) . '.</span>'; break; } } return null; } else { return ISOtoUtf8(_UE_NOT_AUTHORIZED); } }
/** * Direct access to field for custom operations, like for Ajax * * WARNING: direct unchecked access, except if $user is set, then check * that the logged-in user has rights to edit that $user. * * @param FieldTable $field * @param UserTable $user * @param array $postdata * @param string $reason 'profile' for user profile view, 'edit' for profile edit, 'register' for registration, 'search' for searches * @return string Expected output. */ public function fieldClass(&$field, &$user, &$postdata, $reason) { global $_CB_framework, $_CB_database, $ueConfig, $_GET; parent::fieldClass($field, $user, $postdata, $reason); // Performs spoof check $function = cbGetParam($_GET, 'function', ''); $valid = true; $message = null; if ($function == 'checkvalue' || $function == 'testexists') { $emailChecker = $field->params->get('field_check_email', 0); if ($emailChecker && ($reason == 'edit' || $reason == 'register')) { $email = stripslashes(cbGetParam($postdata, 'value', '')); $emailConfirmation = $field->name == 'email' && $ueConfig['reg_confirmation']; foreach ($field->getTableColumns() as $col) { if (!$user || strtolower(trim($email)) != strtolower(trim($user->{$col}))) { if (!$this->validate($field, $user, $col, $email, $postdata, $reason)) { global $_PLUGINS; $valid = false; $message = $_PLUGINS->getErrorMSG('<br />'); } else { // Advanced: if ($emailChecker == 2) { $query = 'SELECT COUNT(*)' . "\n FROM " . $_CB_database->NameQuote($field->table); if ($_CB_database->isDbCollationCaseInsensitive()) { $query .= "\n WHERE " . $_CB_database->NameQuote($col) . " = " . $_CB_database->Quote(trim($email)); } else { $query .= "\n WHERE LOWER( " . $_CB_database->NameQuote($col) . " ) = " . $_CB_database->Quote(strtolower(trim($email))); } $_CB_database->setQuery($query); $exists = $_CB_database->loadResult(); if ($function == 'testexists') { if ($exists) { $message = CBTxt::Th('UE_EMAIL_EXISTS_ON_SITE', "The email '[email]' exists on this site.", array('[email]' => htmlspecialchars($email))); } else { $valid = false; $message = CBTxt::Th('UE_EMAIL_DOES_NOT_EXISTS_ON_SITE', "The email '[email]' does not exist on this site.", array('[email]' => htmlspecialchars($email))); } } else { if ($exists) { $valid = false; $message = CBTxt::Th('UE_EMAIL_NOT_AVAILABLE', "The email '[email]' is already in use.", array('[email]' => htmlspecialchars($email))); } else { $message = CBTxt::Th('UE_EMAIL_AVAILABLE', "The email '[email]' is available.", array('[email]' => htmlspecialchars($email))); } } } // Simple: if ($function != 'testexists' && $valid) { $checkResult = cbCheckMail($_CB_framework->getCfg('mailfrom'), $email); switch ($checkResult) { case -2: // Wrong Format $valid = false; $message = CBTxt::Th('UE_EMAIL_NOVALID', 'This is not a valid email address.', array('[email]' => htmlspecialchars($email))); break; case -1: // Couldn't Check break; case 0: // Invalid $valid = false; if ($emailConfirmation) { $message = CBTxt::Th('UE_EMAIL_INCORRECT_CHECK_NEEDED', 'This address does not accept email: Needed for confirmation.', array('[email]' => htmlspecialchars($email))); } else { $message = CBTxt::Th('UE_EMAIL_INCORRECT_CHECK', 'This email does not accept email: Please check.', array('[email]' => htmlspecialchars($email))); } break; } } } } } } } return json_encode(array('valid' => $valid, 'message' => $message)); }
/** * @param FieldTable $field * @param UserTable $user * @param array $postdata * @param string $reason * @return null|string */ public function fieldClass( &$field, &$user, &$postdata, $reason ) { parent::fieldClass( $field, $user, $postdata, $reason ); $function = cbGetParam( $_GET, 'function', null ); $valid = true; $message = null; if ( $function == 'checkvalue' ) { $value = stripslashes( cbGetParam( $postdata, 'value', null ) ); if ( $value ) { $invite = new cbinvitesInviteTable(); $invite->load( array( 'code' => $value ) ); if ( ! $invite->get( 'id' ) ) { $valid = false; $message = CBTxt::T( 'Invite code not valid.' ); } else { if ( $invite->isAccepted() ) { $valid = false; $message = CBTxt::T( 'Invite code already used.' ); } else { $message = CBTxt::T( 'Invite code is valid.' ); } } } } return json_encode( array( 'valid' => $valid, 'message' => $message ) ); }