function _userslistFilters( $search, &$lists, $inputTextExtras, $searchTabContent, $hideAdvancedLink = false ) { if ( count( $searchTabContent ) > 0 ) { cbUsersList::outputAdvancedSearchJs( 'onlyactive' ); } ?> <table cellpadding="4" cellspacing="0" border="0" width="100%"> <tr> <td style="width:80%;"><?php echo CBTxt::T('Search'); ?>: <input type="text" name="search" value="<?php echo htmlspecialchars( $search );?>" class="inputbox" onChange="document.adminForm.submit();"<?php echo $inputTextExtras; ?> /> <?php if ( count( $searchTabContent ) > 0 && ! $hideAdvancedLink ) { ?> <span id="cbUserListsSearchTrigger"><a href="#"><?php echo CBTxt::Th('Advanced Search'); ?></a></span> <?php } ?> </td> <?php foreach ( $lists as $li ) { ?> <td width="right"> <?php echo $li;?> </td> <?php } ?> </tr> </table> <?php if ( $searchTabContent ) { if ( strpos( $inputTextExtras, 'disabled="disabled"' ) === false ) { ?> <div class="cbUsersList"><div id="cbUsersListInner"> <div class="cbUserListHeadTitle"> <div class="contentdescription cbUserListSearch" id="cbUserListsSearcher" style="display:none;"> <button type="submit" class="cbAdvancedSearch"><?php echo CBTxt::T('Search'); ?></button> <div class="cbUserListSearchFields"> <?php echo $searchTabContent; ?> <div class="cbClr"></div> </div> <button type="submit" class="cbAdvancedSearch"><?php echo CBTxt::T('Search'); ?></button> </div> </div> </div><div class="cbClr"> </div></div><div class="cbClr"> </div> <?php } else { echo '<div style="display:none;">' . $searchTabContent . '</div>'; } } }
/** * Check authorization to view for $contentType for content $id * * @since 1.8 (experimental) * * @param string $contentType Content-type: 'profile' * @param int $id Content id * @return boolean True if authorized, False if not authorized */ public function authoriseView($contentType, $id) { global $_PLUGINS; $authorization = false; if ($contentType == 'profile') { // Check for profile View Access Level (new in CB 2.0): $viewAccessLevel = Application::Config()->get('profile_viewaccesslevel', 0, GetterInterface::INT); if ($viewAccessLevel == 0) { // No configuration here: Check for old config (safely defaulting to Special View access level) until config is re-saved: $oldGID = Application::Config()->get('allow_profileviewbyGID', 3, GetterInterface::INT); $mapping = array(-2 => 1, -1 => 2, 0 => 1, 1 => 1, 2 => 2, 3 => 3); if (in_array($oldGID, $mapping)) { $viewAccessLevel = $mapping[$oldGID]; } else { // Default here is "Special" Access level until configuration is saved: $viewAccessLevel = 3; } } $authorization = Application::MyUser()->canViewAccessLevel($viewAccessLevel); } if ($contentType == 'userslist') { $authorization = Application::MyUser()->canViewAccessLevel(cbUsersList::getInstance($id)->viewaccesslevel); } if ($_PLUGINS) { $_PLUGINS->trigger('onAfterAuthorizeView', array($contentType, $id, &$authorization)); } return $authorization; }
function usersList( $uid ) { global $_CB_database, $_CB_framework, $ueConfig, $Itemid, $_PLUGINS, $_POST, $_REQUEST; cbimport( 'cb.lists' ); if ( isset( $_POST['listid'] ) ) { $listid = (int) cbGetParam( $_POST, 'listid', 0 ); } else { $listid = (int) cbGetParam( $_GET, 'listid', 0 ); } $searchFormValuesRAW = $_GET; $cbList = new cbUsersList(); $cbList->drawUsersList( $uid, $listid, $searchFormValuesRAW ); }
function drawUsersList( $uid, $listid, $searchFormValuesRAW ) { global $_CB_database, $_CB_framework, $ueConfig, $Itemid, $_PLUGINS; $search = null; $searchGET = cbGetParam( $searchFormValuesRAW, 'search' ); $limitstart = (int) cbGetParam( $searchFormValuesRAW, 'limitstart', 0 ); $searchmode = (int) cbGetParam( $searchFormValuesRAW, 'searchmode', 0 ); $randomParam = (int) cbGetParam( $searchFormValuesRAW, 'rand', 0 ); // old search on formated name: /* if ( $searchPOST || count( $_POST ) ) { // simple spoof check security cbSpoofCheck( 'usersList' ); if ( cbGetParam( $searchFormValuesRAW, "action" ) == "search" ) { $search = $searchPOST; } } else if ( isset( $searchFormValuesRAW['limitstart'] ) ) { $search = stripslashes( $searchGET ); } */ // get my user and gets the list of user lists he is allowed to see (ACL): $myCbUser =& CBuser::getInstance( $uid ); if ( $myCbUser === null ) { $myCbUser =& CBuser::getInstance( null ); } $myUser =& $myCbUser->getUserData(); /* $myUser = new moscomprofilerUser( $_CB_database ); if ( $uid ) { $myUser->load( (int) $uid ); } */ $useraccessgroupSQL = " AND useraccessgroupid IN (".implode(',',getChildGIDS(userGID($uid))).")"; $_CB_database->setQuery( "SELECT listid, title FROM #__comprofiler_lists WHERE published=1" . $useraccessgroupSQL . " ORDER BY ordering" ); $plists = $_CB_database->loadObjectList(); $lists = array(); $publishedlists = array(); for ( $i=0, $n=count( $plists ); $i < $n; $i++ ) { $plist =& $plists[$i]; $listTitleNoHtml = strip_tags( cbReplaceVars( getLangDefinition( $plist->title ), $myUser, false, false ) ); $publishedlists[] = moscomprofilerHTML::makeOption( $plist->listid, $listTitleNoHtml ); } // select either list selected or default list to which he has access (ACL): if ( $listid == 0 ) { $_CB_database->setQuery( "SELECT listid FROM #__comprofiler_lists " . "\n WHERE `default`=1 AND published=1" . $useraccessgroupSQL ); $listid = (int) $_CB_database->loadresult(); if ( $listid == 0 && ( count( $plists ) > 0 ) ) { $listid = (int) $plists[0]->listid; } } if ( ! ( $listid > 0 ) ) { echo _UE_NOLISTFOUND; return; } // generates the drop-down list of lists: if ( count( $plists ) > 1 ) { $lists['plists'] = moscomprofilerHTML::selectList( $publishedlists, 'listid', 'class="inputbox" size="1" onchange="this.form.submit();"', 'value', 'text', $listid, 1 ); } // loads the list record: $row = new moscomprofilerLists( $_CB_database ); if ( ( ! $row->load( (int) $listid ) ) || ( $row->published != 1 ) ) { echo _UE_LIST_DOES_NOT_EXIST; return; } if ( ! allowAccess( $row->useraccessgroupid,'RECURSE', userGID($uid) ) ) { echo _UE_NOT_AUTHORIZED; return; } $params = new cbParamsBase( $row->params ); $hotlink_protection = $params->get( 'hotlink_protection', 0 ); if ( $hotlink_protection == 1 ) { if ( ( $searchGET !== null ) || $limitstart ) { cbSpoofCheck( 'usersList', 'GET' ); } } $limit = (int) $params->get( 'list_limit' ); if ( $limit == 0 ) { $limit = (int) $ueConfig['num_per_page']; } $showPaging = $params->get( 'list_paging', 1 ); if ( $showPaging != 1 ) { $limitstart = 0; } $isModerator = isModerator( $_CB_framework->myId() ); $_PLUGINS->loadPluginGroup( 'user' ); // $plugSearchFieldsArray = $_PLUGINS->trigger( 'onStartUsersList', array( &$listid, &$row, &$search, &$limitstart, &$limit ) ); $_PLUGINS->trigger( 'onStartUsersList', array( &$listid, &$row, &$search, &$limitstart, &$limit ) ); // handles the users allowed to be listed in the list by ACL: $allusergids = array(); $usergids = explode( ',', $row->usergroupids ); /* This was a bug tending to list admins when "public backend" was checked, and all frontend users when "public backend was checked. Now just ignore them: foreach( $usergids AS $usergid ) { $allusergids[] = $usergid; if ($usergid==29 || $usergid==30) { $groupchildren = array(); $groupchildren = $_CB_framework->acl->get_group_children( $usergid, 'ARO','RECURSE' ); $allusergids = array_merge($allusergids,$groupchildren); } } */ $allusergids = array_diff( $usergids, array( 29, 30 ) ); $usergids = implode( ",", $allusergids ); // build SQL Select query: $random = 0; if( $row->sortfields != '' ) { $matches = null; if ( preg_match( '/^RAND\(\)\s(ASC|DESC)$/', $row->sortfields, $matches ) ) { // random sorting needs to have same seed on pages > 1 to not have probability to show same users: if ( $limitstart ) { $random = (int) $randomParam; } if ( ! $random ) { $random = rand( 0, 32767 ); } $row->sortfields = 'RAND(' . (int) $random . ') ' . $matches[1]; } $orderby = "\n ORDER BY " . $row->sortfields; } $filterby = ''; if ( $row->filterfields != '' ) { $filterRules = utf8RawUrlDecode( substr( $row->filterfields, 1 ) ); if ( $_CB_framework->myId() ) { $user = new moscomprofilerUser( $_CB_database ); if ( $user->load( (int) $_CB_framework->myId() ) ) { $filterRules = cbReplaceVars( $filterRules, $user, array( $_CB_database, 'getEscaped' ), false, array() ); } } $filterby = " AND ". $filterRules; } // Prepare part after SELECT .... " and before "FROM" : $tableReferences = array( '#__comprofiler' => 'ue', '#__users' => 'u' ); // Fetch all fields: $tabs = $myCbUser->_getCbTabs(); // new cbTabs( 0, 1 ); //TBD: later: this private method should not be called here, but the whole users-list should go into there and be called here. $allFields = $tabs->_getTabFieldsDb( null, $myUser, 'list' ); // $_CB_database->setQuery( "SELECT * FROM #__comprofiler_fields WHERE published = 1" ); // $allFields = $_CB_database->loadObjectList( 'fieldid', 'moscomprofilerFields', array( &$_CB_database ) ); //Make columns array. This array will later be constructed from the tabs table: $columns = array(); for ( $i = 1; $i < 50; ++$i ) { $enabledVar = "col".$i."enabled"; if ( ! isset( $row->$enabledVar ) ) { break; } $titleVar = "col".$i."title"; $fieldsVar = "col".$i."fields"; $captionsVar = "col".$i."captions"; if ( $row->$enabledVar == 1 ) { $col = new stdClass(); $col->fields = ( $row->$fieldsVar ? explode( '|*|', $row->$fieldsVar ) : array() ); $col->title = $row->$titleVar; $col->titleRendered = $myCbUser->replaceUserVars( $col->title ); $col->captions = $row->$captionsVar; // $col->sort = 1; //All columns can be sorted $columns[$i] = $col; } } // build fields and tables accesses, also check for searchable fields: $searchableFields = array(); $fieldsSQL = cbUsersList::getFieldsSQL( $columns, $allFields, $tableReferences, $searchableFields, $params ); $_PLUGINS->trigger( 'onAfterUsersListFieldsSql', array( &$columns, &$allFields, &$tableReferences ) ); $tablesSQL = array(); $joinsSQL = array(); $tablesWhereSQL = array( 'block' => 'u.block = 0', 'approved' => 'ue.approved = 1', 'confirmed' => 'ue.confirmed = 1' ); if ( checkJversion() == 2 ) { $joinsSQL[] = 'JOIN #__user_usergroup_map g ON g.`user_id` = u.`id`'; } if ( ! $isModerator ) { $tablesWhereSQL['banned'] = 'ue.banned = 0'; } if ( $usergids ) { if ( checkJversion() == 2 ) { $tablesWhereSQL['gid'] = 'g.group_id IN (' . $usergids . ')'; } else { $tablesWhereSQL['gid'] = 'u.gid IN (' . $usergids . ')'; } } foreach ( $tableReferences as $table => $name ) { $tablesSQL[] = $table . ' ' . $name; if ( $name != 'u' ) { $tablesWhereSQL[] = "u.`id` = " . $name . ".`id`"; } } // handles search criterias: $list_compare_types = $params->get( 'list_compare_types', 0 ); $searchVals = new stdClass(); $searchesFromFields = $tabs->applySearchableContents( $searchableFields, $searchVals, $searchFormValuesRAW, $list_compare_types ); $whereFields = $searchesFromFields->reduceSqlFormula( $tableReferences, $joinsSQL, TRUE ); if ( $whereFields ) { $tablesWhereSQL[] = '(' . $whereFields . ')'; /* if ( $search === null ) { $search = ''; } */ } $_PLUGINS->trigger( 'onBeforeUsersListBuildQuery', array( &$tablesSQL, &$joinsSQL, &$tablesWhereSQL ) ); $queryFrom = "FROM " . implode( ', ', $tablesSQL ) . ( count( $joinsSQL ) ? "\n " . implode( "\n ", $joinsSQL ) : '' ) . "\n WHERE " . implode( "\n AND ", $tablesWhereSQL ); // handles old formatted names search: /* if ( $search != '' ) { $searchSQL = cbEscapeSQLsearch( strtolower( $_CB_database->getEscaped( $search ) ) ); $queryFrom .= " AND ("; $searchFields = array(); if ( $ueConfig['name_format']!='3' ) { $searchFields[] = "u.name LIKE '%%s%'"; } if ( $ueConfig['name_format']!='1' ) { $searchFields[] = "u.username LIKE '%%s%'"; } if ( is_array( $plugSearchFieldsArray ) ) { foreach ( $plugSearchFieldsArray as $v ) { if ( is_array( $v ) ) { $searchFields = array_merge( $searchFields, $v ); } } } $queryFrom .= str_replace( '%s', $searchSQL, implode( " OR ", $searchFields ) ); $queryFrom .= ")"; } */ $queryFrom .= " " . $filterby; $_PLUGINS->trigger( 'onBeforeUsersListQuery', array( &$queryFrom, 1, $listid ) ); // $uid = 1 $errorMsg = null; // counts number of users and loads the listed fields of the users if not in search-form-only mode: if ( $searchmode == 0 ) { if ( checkJversion() == 2 ) { $_CB_database->setQuery( "SELECT COUNT(DISTINCT u.id) " . $queryFrom ); } else { $_CB_database->setQuery( "SELECT COUNT(*) " . $queryFrom ); } $total = $_CB_database->loadResult(); if ( ( $limit > $total ) || ( $limitstart >= $total ) ) { $limitstart = 0; } // $query = "SELECT u.id, ue.banned, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby if ( checkJversion() == 2 ) { $query = "SELECT DISTINCT ue.*, u.*, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby; } else { $query = "SELECT ue.*, u.*, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby; } $_CB_database->setQuery( $query, (int) $limitstart, (int) $limit ); $users = $_CB_database->loadObjectList( null, 'moscomprofilerUser', array( &$_CB_database ) ); if ( ! $_CB_database->getErrorNum() ) { // creates the CBUsers in cache corresponding to the $users: foreach ( array_keys( $users ) as $k) { CBuser::setUserGetCBUserInstance( $users[$k] ); } } else { $users = array(); $errorMsg = _UE_ERROR_IN_QUERY_TURN_SITE_DEBUG_ON_TO_VIEW; } if ( count( get_object_vars( $searchVals ) ) > 0 ) { $search = ''; } else { $search = null; } } else { $total = null; $users = array(); if ( $search === null ) { $search = ''; } } // Compute itemId of users in users-list: if ( $Itemid ) { $option_itemid = (int) $Itemid; } else { $option_itemid = getCBprofileItemid( 0 ); } HTML_comprofiler::usersList( $row, $users, $columns, $allFields, $lists, $listid, $search, $searchmode, $option_itemid, $limitstart, $limit, $total, $myUser, $searchableFields, $searchVals, $tabs, $list_compare_types, $showPaging, $hotlink_protection, $errorMsg, $random ); }
static function usersList(&$row, &$users, &$columns, &$allFields, &$lists, $listid, $search, $searchmode, $option_itemid, $limitstart, $limit, $total, &$myUser, &$searchableFields, &$searchVals, &$tabs, $list_compare_types, $showPaging, $hotlink_protection, $errorMsg, $random) { global $_CB_framework, $ueConfig, $_PLUGINS, $_POST, $_GET, $_REQUEST; $results = $_PLUGINS->trigger('onBeforeDisplayUsersList', array(&$row, &$users, &$columns, &$allFields, &$lists, $listid, &$search, &$option_itemid, 1)); // $uid = 1 $cbTemplate = HTML_comprofiler::_cbTemplateLoad(); // regroup parts of the different plugins: $pluginAdditions = array('search', 'header', 'footer'); $pluginAdditions['search'] = array(); $pluginAdditions['header'] = array(); $pluginAdditions['footer'] = array(); if (is_array($results) && count($results) > 0) { foreach ($results as $res) { if (is_array($res)) { foreach ($res as $k => $v) { $pluginAdditions[$k][] = $v; } } } } $listTitleHtml = cbReplaceVars(getLangDefinition($row->title), $myUser); $listTitleNoHtml = strip_tags(cbReplaceVars(getLangDefinition($row->title), $myUser, false, false)); $listDescription = cbReplaceVars(getLangDefinition($row->description), $myUser); $_CB_framework->setPageTitle($listTitleNoHtml); $_CB_framework->appendPathWay($listTitleHtml); $cbSpoofField = cbSpoofField(); $cbSpoofString = cbSpoofString(null, 'usersList'); if ($hotlink_protection == 1) { $spoofAmp = "&" . $cbSpoofField . '=' . urlencode($cbSpoofString); } else { $spoofAmp = null; } // Base URL string: $ue_base_url = 'index.php?option=com_comprofiler&task=usersList&listid=' . (int) $listid . '&Itemid=' . (int) $option_itemid; $ue_base_url_non_sef = $_CB_framework->getCfg('live_site') . '/' . $ue_base_url; // $adminimagesdir = "components/com_comprofiler/images/"; $searchTabContent = $tabs->getSearchablesContents($searchableFields, $myUser, $searchVals, $list_compare_types); // table content: $tableContent =& HTML_comprofiler::_getListTableContent($users, $columns, $allFields); outputCbTemplate(1); //no need for now: initToolTip(1); // paginator addition: $pagingSearch = ''; foreach (get_object_vars($searchVals) as $k => $v) { if (is_array($v)) { $pArr = '&' . urlencode($k); foreach ($v as $kk => $vv) { $pagingSearch .= $pArr . '[' . urlencode($kk) . ']=' . urlencode($vv); } } else { $pagingSearch .= '&' . urlencode($k) . '=' . urlencode($v); } } if ($random) { $pagingSearch .= '&rand=' . (int) $random; } // Add Javascript to click tr: $jsClickTr = " {" . "\n\t\tvar cbUserURLs = new Array("; if (is_array($users) && $ueConfig['allow_profilelink'] == 1) { foreach ($users as $user) { $jsClickTr .= "'" . cbSef('index.php?option=com_comprofiler&task=userProfile&user='******',"; } } $jsClickTr .= "'');" . "\n\t\t\$('#cbUserTable > tbody > tr').click( function(e) {" . "\n\t\t\tif ( ! ( \$(e.target).is('a') || ( \$(e.target).is('img') && \$(e.target).parent().is('a') ) || \$(e.target).hasClass('cbClicksInside') || ( \$(e.target).parents('.cbClicksInside').length > 0 ) || ( \$(this).attr('id') == '' ) ) ) {" . ($ueConfig['allow_profilelink'] == 1 ? "\n\t\t\t\twindow.location = cbUserURLs[this.id.substr(3)];" : '') . "\n\t\t\t\treturn false;" . "\n\t\t\t}" . "\n\t\t} );" . "\n\t}"; $_CB_framework->outputCbJQuery($jsClickTr); /* // Add Javascript to pagination of list $jsPagination = " $('#cbUserList a.pagenav').click( function() {" // Get the href of the pagination link: . "\n var href = $(this).attr('href');" // Get the page limitstart value: . "\n var matches = /limitstart=(\\d*)/.exec(href);" . "\n if ( matches && matches.length == 2 ) {" // Set limitstart input: . "\n $('input#cbListlimitstart').val( matches[1] );" // Submit the form, so the values are taken: . "\n $('form#adminForm').submit();" // And avoid the <a> link being followed: . "\n return false;" . "\n }" // Link doesn't match, simply follow link: . "\n return true;" . "\n } );" ; $_CB_framework->outputCbJQuery( $jsPagination ); */ if (count($searchableFields) > 0) { cbUsersList::outputAdvancedSearchJs($search); } // list title: ?> <div class="cbUsersList"><div id="cbUsersListInner"> <?php if ($errorMsg) { echo '<div class="error">' . $errorMsg . '</div>'; } ?> <form class="cb_form" name="adminForm" id="adminForm" method="get" action="<?php echo $ue_base_url_non_sef . "&action=search"; // on purpose without SEF, as joomla 1.0/mambo 4.5.5 core sef doesn't work with this. ?> " > <input type="hidden" name="option" value="com_comprofiler" /> <input type="hidden" name="task" value="usersList" /> <input type="hidden" name="Itemid" value="<?php echo $option_itemid; ?> " /> <input type="hidden" name="limitstart" id="cbListlimitstart" value="0" /> <input type="hidden" name="search" value="" /> <?php /* old method, replaced by hidden search field above: <div class="cbUserListSearchBox"> <div> <input type="text" name="search" class="inputbox" size="15" maxlength="100" value="<?php echo htmlspecialchars( $search ); ?>" /> <input type="image" src="<?php echo $adminimagesdir; ?>search.gif" alt="<?php echo _UE_SEARCH; ?>" align="top" style="border: 0px;" /> </div> </div> <div class="cbClr"></div> */ echo cbGetSpoofInputTag(null, $cbSpoofString); // Render search-area header: if (count($pluginAdditions['search'])) { $searchTabContent .= '<div class="cbClr"></div><div id="cbUserListSearchPlugins"><div>' . implode('</div><div>', $pluginAdditions['search']) . '</div></div>'; } $totalIsAllUsers = !($search !== null || $row->filterfields != ''); $searchResultDisplaying = $search !== null; $searchCriteriaTitleHtml = cbReplaceVars(_UE_SEARCH_CRITERIA, $myUser); if ($searchmode == 0) { $searchResultsTitleHtml = cbReplaceVars(_UE_SEARCH_RESULTS, $myUser); } else { $searchResultsTitleHtml = null; } echo HTML_comprofiler::_cbTemplateRender($cbTemplate, $myUser, 'List', 'drawListHead', array(&$lists, $listid, $total, $totalIsAllUsers, $searchTabContent, $searchResultDisplaying, $ue_base_url_non_sef, $listTitleHtml, $listDescription, $searchCriteriaTitleHtml, $searchResultsTitleHtml)); ?> </form> <?php if ($searchmode == 0) { if (count($pluginAdditions['header'])) { echo '<div id="cbUserListHeader"><div>' . implode('</div><div>', $pluginAdditions['header']) . '</div></div>'; } if ($showPaging && ($limitstart != 0 || $limit <= $total)) { // top page links: ?> <div class="cbUserListPagination cbUserListPaginationTop" style="width:100%;text-align:center;"><?php echo writePagesLinks($limitstart, $limit, $total, $ue_base_url . $pagingSearch . $spoofAmp, $search); ?> </div> <?php } // Render the list itself: echo HTML_comprofiler::_cbTemplateRender($cbTemplate, $myUser, 'List', 'drawListBody', array(&$users, &$columns, &$tableContent, $listid, $ueConfig['allow_profilelink'])); if ($showPaging && ($limitstart != 0 || $limit <= $total)) { // bottom page links: ?> <div class="cbUserListPagination cbUserListPaginationBottom" style="width:100%;text-align:center;"><?php echo writePagesLinks($limitstart, $limit, $total, $ue_base_url . $pagingSearch . $spoofAmp, $search); ?> </div> <?php } if (count($pluginAdditions['footer'])) { echo '<div id="cbUserListFooter"><div>' . implode('</div><div>', $pluginAdditions['footer']) . '</div></div>'; } } // end of if ( $searchmode == 0 ) ?> </div><div class="cbClr"> </div></div><div class="cbClr"> </div> <?php }
/** * @param ListTable $row * @param UserTable[] $users * @param array $columns * @param FieldTable[] $fields * @param array $input * @param string|null $search * @param int $searchmode * @param cbPageNav $pageNav * @param UserTable $myUser * @param FieldTable[] $searchableFields * @param stdClass $searchValues * @param cbTabs $tabs * @param string|null $errorMsg * @param bool $listAll * @param int $random */ static function usersList(&$row, &$users, &$columns, &$fields, &$input, $search, $searchmode, $pageNav, &$myUser, &$searchableFields, &$searchValues, &$tabs, $errorMsg, $listAll = true, $random = 0) { global $_CB_framework, $_PLUGINS, $_POST, $_GET, $_REQUEST; $params = new Registry($row->params); // The Itemid for this userlist; kept for trigger B/C: $Itemid = getCBprofileItemid(null, 'userslist', '&listid=' . (int) $row->listid); $results = $_PLUGINS->trigger('onBeforeDisplayUsersList', array(&$row, &$users, &$columns, &$fields, &$input, $row->listid, &$search, &$Itemid, 1)); // $uid = 1 // Plugin content divided by location: $pluginAdditions = array('search', 'header', 'footer'); $pluginAdditions['search'] = array(); $pluginAdditions['header'] = array(); $pluginAdditions['footer'] = array(); if (is_array($results) && count($results) > 0) { foreach ($results as $res) { if (is_array($res)) { foreach ($res as $k => $v) { $pluginAdditions[$k][] = $v; } } } } outputCbTemplate(1); outputCbJs(); cbValidator::loadValidation(); $cbTemplate = HTML_comprofiler::_cbTemplateLoad(); if ($errorMsg) { $_CB_framework->enqueueMessage($errorMsg, 'error'); } // Page title and pathway: $listTitleHtml = cbReplaceVars($row->title, $myUser); $listTitleNoHtml = strip_tags(cbReplaceVars($row->title, $myUser, false, false)); $listDescription = cbReplaceVars($row->description, $myUser); $_CB_framework->setPageTitle($listTitleNoHtml); $_CB_framework->appendPathWay($listTitleHtml); // Add row click JS: if ($params->get('allow_profilelink', 1)) { $allowProfileLink = true; } else { $allowProfileLink = false; } $js = "var cbUserURLs = [];"; if (is_array($users) && $allowProfileLink) { // Ensures the jQuery array index matches the same as HTML ID index (e.g. cbU0, cbU1): $index = 0; foreach ($users as $user) { $js .= "cbUserURLs[{$index}] = '" . addslashes($_CB_framework->userProfileUrl((int) $user->id, false)) . "';"; $index++; } } $js .= "\$( '.cbUserListRow' ).click( function( e ) {" . "if ( ! ( \$( e.target ).is( 'a' ) || ( \$( e.target ).is( 'img' ) && \$( e.target ).parent().is( 'a' ) ) || \$( e.target ).hasClass( 'cbClicksInside' ) || ( \$( e.target ).parents( '.cbClicksInside' ).length > 0 ) || ( \$( this ).attr( 'id' ) == '' ) ) ) {" . "var index = \$( this ).prop( 'id' ).substr( 3 );"; if ($allowProfileLink) { $js .= "window.location = cbUserURLs[index];"; } $js .= "return false;" . "}" . "});"; $_CB_framework->outputCbJQuery($js); // Search JS: $isSearching = $search !== null; if ($isSearching && $params->get('list_search_collapse', 0) && !in_array($searchmode, array(1, 2))) { $isCollapsed = true; } else { $isCollapsed = false; } if (count($searchableFields) > 0) { cbUsersList::outputAdvancedSearchJs($isCollapsed ? null : $search); } // Base form URL: $baseUrl = $_CB_framework->rawViewUrl('userslist', true, array('listid' => (int) $row->listid, 'searchmode' => 0), 'html', 0, '&listid=' . (int) $row->listid); // Searching attributes: $showAll = $search === null; $criteriaTitle = cbReplaceVars(CBTxt::Th('UE_SEARCH_CRITERIA', 'Search criteria'), $myUser); if ($searchmode == 0 || $searchmode == 1 && count(get_object_vars($searchValues)) || $searchmode == 2) { $resultsTitle = cbReplaceVars(CBTxt::Th('UE_SEARCH_RESULTS', 'Search results'), $myUser); } else { $resultsTitle = null; } // Search content: $searchTabContent = $tabs->getSearchableContents($searchableFields, $myUser, $searchValues, $params->get('list_compare_types', 0)); if (count($pluginAdditions['search'])) { $searchTabContent .= '<div class="cbUserListSearchPlugins">' . '<div>' . implode('</div><div>', $pluginAdditions['search']) . '</div>' . '</div>'; } // User row content: $tableContent =& HTML_comprofiler::_getListTableContent($users, $columns, $fields); if ($params->get('list_grid_layout', 0)) { $layout = 'grid'; } else { $layout = 'list'; } $gridHeight = (int) $params->get('list_grid_height', 200); $gridWidth = (int) $params->get('list_grid_width', 200); if ($params->get('list_show_selector', 1)) { $listSelector = true; } else { $listSelector = false; } $pageClass = $_CB_framework->getMenuPageClass(); $return = '<div class="cbUsersList cb_template cb_template_' . selectTemplate('dir') . ($pageClass ? ' ' . htmlspecialchars($pageClass) : null) . '">' . '<form action="' . $_CB_framework->rawViewUrl('userslist', true, array('listid' => (int) $row->listid), 'html', 0, '&listid=' . (int) $row->listid) . '" method="get" id="adminForm" name="adminForm" class="cb_form form-auto cbValidation">' . '<input type="hidden" name="option" value="com_comprofiler" />' . '<input type="hidden" name="view" value="userslist" />' . (!$listSelector ? '<input type="hidden" name="listid" value="' . (int) $row->listid . '" />' : null) . '<input type="hidden" name="Itemid" value="' . (int) $Itemid . '" />' . '<input type="hidden" name="limitstart" value="0" />' . '<input type="hidden" name="searchmode" value="' . (int) $searchmode . '" />' . '<input type="hidden" name="search" value="" />' . ($random ? '<input type="hidden" name="rand" value="' . (int) $random . '" />' : null) . cbGetSpoofInputTag('userslist') . $_PLUGINS->callTemplate($cbTemplate, 'List', 'drawListHead', array(&$input, $row->listid, $pageNav->total, $showAll, $searchTabContent, $isSearching, $baseUrl, $listTitleHtml, $listDescription, $criteriaTitle, $resultsTitle, $listAll, $listSelector, $isCollapsed, $searchmode), 'html'); if ($searchmode == 0 || $searchmode == 1 && count(get_object_vars($searchValues)) || $searchmode == 2) { $canPage = $params->get('list_paging', 1) && ($pageNav->limitstart != 0 || $pageNav->limit <= $pageNav->total); if (count($pluginAdditions['header'])) { $return .= '<div class="cbUserListHeader">' . '<div>' . implode('</div><div>', $pluginAdditions['header']) . '</div>' . '</div>'; } $return .= $_PLUGINS->callTemplate($cbTemplate, 'List', 'drawListBody', array(&$users, &$columns, &$tableContent, $row->listid, $allowProfileLink, $layout, $gridHeight, $gridWidth, $searchmode), 'html'); if ($canPage) { $return .= '<div class="cbUserListPagination cbUserListPaginationBottom text-center">' . $pageNav->getListLinks() . '</div>'; } if (count($pluginAdditions['footer'])) { $return .= '<div class="cbUserListFooter">' . '<div>' . implode('</div><div>', $pluginAdditions['footer']) . '</div>' . '</div>'; } } $return .= '</form>' . '</div>' . cbPoweredBy(); echo $return; $_CB_framework->setMenuMeta(); }
function usersList($uid) { global $_POST, $_REQUEST; cbimport('cb.lists'); if (isset($_POST['listid'])) { $listid = (int) cbGetParam($_POST, 'listid', 0); } else { $listid = (int) cbGetParam($_GET, 'listid', 0); } $searchFormValuesRAW = $_GET; $cbList = new cbUsersList(); $cbList->drawUsersList($uid, $listid, $searchFormValuesRAW); }
/** * Draws Users list (ECHO) * * @param int $userId * @param int $listId * @param array $postData * @return void */ public function drawUsersList($userId, $listId, $postData) { global $_CB_database, $_PLUGINS; $_PLUGINS->loadPluginGroup('user'); $searchData = cbGetParam($postData, 'search'); $limitstart = (int) cbGetParam($postData, 'limitstart'); $searchMode = (int) cbGetParam($postData, 'searchmode', 0); $random = (int) cbGetParam($postData, 'rand', 0); $cbUser = CBuser::getInstance((int) $userId, false); $user = $cbUser->getUserData(); $search = null; $input = array(); $publishedLists = array(); $query = 'SELECT *' . "\n FROM " . $_CB_database->NameQuote('#__comprofiler_lists') . "\n WHERE " . $_CB_database->NameQuote('published') . " = 1" . "\n AND " . $_CB_database->NameQuote('viewaccesslevel') . " IN " . $_CB_database->safeArrayOfIntegers(Application::MyUser()->getAuthorisedViewLevels()) . "\n ORDER BY " . $_CB_database->NameQuote('ordering'); $_CB_database->setQuery($query); /** @var ListTable[] $userLists */ $userLists = $_CB_database->loadObjectList(null, '\\CB\\Database\\Table\\ListTable', array($_CB_database)); if ($userLists) { foreach ($userLists as $userList) { $publishedLists[] = moscomprofilerHTML::makeOption((int) $userList->listid, strip_tags($cbUser->replaceUserVars($userList->title, false, false))); if (!$listId && $userList->default) { $listId = (int) $userList->listid; } } if (!$listId) { $listId = (int) $userLists[0]->listid; } } if (!$listId) { echo CBTxt::Th('UE_NOLISTFOUND', 'There are no published user lists!'); return; } if ($userLists) { $input['plists'] = moscomprofilerHTML::selectList($publishedLists, 'listid', 'class="form-control input-block" onchange="this.form.submit();"', 'value', 'text', (int) $listId, 1); } $row = self::getInstance((int) $listId); if (!$row) { echo CBTxt::Th('UE_LIST_DOES_NOT_EXIST', 'This list does not exist'); return; } if (!$cbUser->authoriseView('userslist', $row->listid)) { echo CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!'); return; } $params = new Registry($row->params); if ($params->get('hotlink_protection', 0) == 1) { if ($searchData !== null || $limitstart) { cbSpoofCheck('userslist', 'GET'); } } $limit = (int) $params->get('list_limit', 30); if (!$limit) { $limit = 30; } if ($params->get('list_paging', 1) != 1) { $limitstart = 0; } $isModerator = Application::MyUser()->isGlobalModerator(); $_PLUGINS->trigger('onStartUsersList', array(&$listId, &$row, &$search, &$limitstart, &$limit)); // Prepare query variables: $userGroupIds = explode('|*|', $row->usergroupids); $orderBy = self::getSorting($listId, $userId, $random); $filterBy = self::getFiltering($listId, $userId); $columns = self::getColumns($listId, $userId); // Grab all the fields the $user can access: $tabs = new cbTabs(0, 1); $fields = $tabs->_getTabFieldsDb(null, $user, 'list'); // Build the field SQL: $tableReferences = array('#__comprofiler' => 'ue', '#__users' => 'u'); $searchableFields = array(); $fieldsSQL = cbUsersList::getFieldsSQL($columns, $fields, $tableReferences, $searchableFields, $params); $_PLUGINS->trigger('onAfterUsersListFieldsSql', array(&$columns, &$fields, &$tableReferences)); // Build the internal joins and where statements best off list parameters: $tablesSQL = array(); $joinsSQL = array(); $tablesWhereSQL = array(); if ($isModerator) { if (!$params->get('list_show_blocked', 0)) { $tablesWhereSQL['block'] = 'u.block = 0'; } if (!$params->get('list_show_banned', 1)) { $tablesWhereSQL['banned'] = 'ue.banned = 0'; } if (!$params->get('list_show_unapproved', 0)) { $tablesWhereSQL['approved'] = 'ue.approved = 1'; } if (!$params->get('list_show_unconfirmed', 0)) { $tablesWhereSQL['confirmed'] = 'ue.confirmed = 1'; } } else { $tablesWhereSQL = array('block' => 'u.block = 0', 'approved' => 'ue.approved = 1', 'confirmed' => 'ue.confirmed = 1', 'banned' => 'ue.banned = 0'); } $joinsSQL[] = 'JOIN #__user_usergroup_map g ON g.`user_id` = u.`id`'; if ($userGroupIds) { $tablesWhereSQL['gid'] = 'g.group_id IN ' . $_CB_database->safeArrayOfIntegers($userGroupIds); } foreach ($tableReferences as $table => $name) { if ($name == 'u') { $tablesSQL[] = $table . ' ' . $name; } else { $joinsSQL[] = 'JOIN ' . $table . ' ' . $name . ' ON ' . $name . '.`id` = u.`id`'; } } // Build the search criteria: $searchValues = new stdClass(); $searchesFromFields = $tabs->applySearchableContents($searchableFields, $searchValues, $postData, $params->get('list_compare_types', 0)); $whereFields = $searchesFromFields->reduceSqlFormula($tableReferences, $joinsSQL, true); if ($whereFields) { $tablesWhereSQL[] = '(' . $whereFields . ')'; } $_PLUGINS->trigger('onBeforeUsersListBuildQuery', array(&$tablesSQL, &$joinsSQL, &$tablesWhereSQL)); // Construct the FROM and WHERE for the userlist query: $queryFrom = "FROM " . implode(', ', $tablesSQL) . (count($joinsSQL) ? "\n " . implode("\n ", $joinsSQL) : '') . "\n WHERE " . implode("\n AND ", $tablesWhereSQL) . " " . $filterBy; $_PLUGINS->trigger('onBeforeUsersListQuery', array(&$queryFrom, 1, $listId)); // $ui = 1 (frontend) $errorMsg = null; // Checks if the list is being actively searched and it allows searching; otherwise reset back to normal: $searchCount = count(get_object_vars($searchValues)); if ($params->get('list_search', 1) > 0 && $params->get('list_search_empty', 0) && !$searchCount) { $searchMode = 1; $listAll = false; } else { $listAll = $searchCount ? true : false; } if ($searchMode == 0 || $searchMode == 1 && $searchCount || $searchMode == 2) { // Prepare the userlist count query for pagination: $_CB_database->setQuery("SELECT COUNT( DISTINCT u.id ) " . $queryFrom); $total = $_CB_database->loadResult(); if ($limit > $total || $limitstart >= $total) { $limitstart = 0; } // Prepare the actual userlist query to build a list of users: $query = "SELECT DISTINCT ue.*, u.*, '' AS 'NA' " . ($fieldsSQL ? ", " . $fieldsSQL . " " : '') . $queryFrom . " " . $orderBy; $_CB_database->setQuery($query, (int) $limitstart, (int) $limit); /** @var UserTable[] $users */ $users = $_CB_database->loadObjectList(null, '\\CB\\Database\\Table\\UserTable', array($_CB_database)); if (!$_CB_database->getErrorNum()) { $profileLink = $params->get('allow_profilelink', 1); // If users exist lets cache them and disable profile linking if necessary: if ($users) { foreach (array_keys($users) as $k) { // Add this user to cache: CBuser::setUserGetCBUserInstance($users[$k]); if (!$profileLink) { $users[$k]->set('_allowProfileLink', 0); } } } } else { $errorMsg = CBTxt::T('UE_ERROR_IN_QUERY_TURN_SITE_DEBUG_ON_TO_VIEW', 'There is an error in the database query. Site admin can turn site debug to on to view and fix the query.'); } if ($searchCount) { $search = ''; } else { $search = null; } if ($search === null && ($searchMode == 1 && $searchCount || $searchMode == 2)) { $search = ''; } } else { $total = 0; $users = array(); if ($search === null) { $search = ''; } } $pageNav = new cbPageNav($total, $limitstart, $limit); HTML_comprofiler::usersList($row, $users, $columns, $fields, $input, $search, $searchMode, $pageNav, $user, $searchableFields, $searchValues, $tabs, $errorMsg, $listAll, $random); }