/**
* Saves legacy user edit display
*
* @param string $option
* @param string $task
*/
public function saveUser($option, $task = 'save')
{
global $_CB_framework, $_CB_Backend_task, $_POST, $_PLUGINS;
cbimport('language.all');
cbimport('cb.tabs');
cbimport('cb.params');
cbimport('cb.adminfilesystem');
cbimport('cb.imgtoolbox');
$userIdPosted = (int) cbGetParam($_POST, 'id', 0);
if ($userIdPosted == 0) {
$_POST['id'] = null;
}
$msg = $this->_authorizedEdit($userIdPosted);
if (!$msg) {
if ($userIdPosted != 0) {
$msg = checkCBpermissions(array($userIdPosted), 'save', true);
} else {
$msg = checkCBpermissions(null, 'save', true);
}
}
if ($userIdPosted != 0) {
$_PLUGINS->trigger('onBeforeUserProfileSaveRequest', array($userIdPosted, &$msg, 2));
}
if ($msg) {
cbRedirect($_CB_framework->backendViewUrl('showusers', false), $msg, 'error');
}
$_PLUGINS->loadPluginGroup('user');
// Get current user state:
if ($userIdPosted != 0) {
$userComplete = CBuser::getUserDataInstance($userIdPosted);
if (!($userComplete && $userComplete->id)) {
cbRedirect($_CB_framework->backendViewUrl('showusers', false), CBTxt::T('Your profile could not be updated.'), 'error');
}
} else {
$userComplete = new UserTable();
}
// Store new user state:
$saveResult = $userComplete->saveSafely($_POST, $_CB_framework->getUi(), 'edit');
if (!$saveResult) {
$regErrorMSG = $userComplete->getError();
$msg = checkCBpermissions(array((int) $userComplete->id), 'edit', true);
if ($userIdPosted != 0) {
$_PLUGINS->trigger('onBeforeUserProfileEditRequest', array((int) $userComplete->id, &$msg, 2));
}
if ($msg) {
cbRedirect($_CB_framework->backendViewUrl('showusers', false), $msg, 'error');
}
if ($userIdPosted != 0) {
$_PLUGINS->trigger('onAfterUserProfileSaveFailed', array(&$userComplete, &$regErrorMSG, 2));
} else {
$_PLUGINS->trigger('onAfterUserRegistrationSaveFailed', array(&$userComplete, &$regErrorMSG, 2));
}
$_CB_framework->enqueueMessage($regErrorMSG, 'error');
$_CB_Backend_task = 'edit';
// so the toolbar comes up...
$_PLUGINS->loadPluginGroup('user');
// resets plugin errors
$userView = _CBloadView('user');
/** @var CBController_user $userView */
$userView->edituser($userComplete, $option, $userComplete->user_id != null ? 0 : 1, $_POST);
return;
}
// Checks-in the row:
$userComplete->checkin();
if ($userIdPosted != 0) {
$_PLUGINS->trigger('onAfterUserProfileSaved', array(&$userComplete, 2));
} else {
$messagesToUser = array();
$_PLUGINS->trigger('onAfterSaveUserRegistration', array(&$userComplete, &$messagesToUser, 2));
}
if ($task == 'apply') {
cbRedirect($_CB_framework->backendViewUrl('edit', false, array('cid' => (int) $userComplete->user_id)), CBTxt::T('SUCCESSFULLY_SAVED_USER_USERNAME', 'Successfully Saved User: [username]', array('[username]' => $userComplete->username)));
} else {
cbRedirect($_CB_framework->backendViewUrl('showusers', false), CBTxt::T('SUCCESSFULLY_SAVED_USER_USERNAME', 'Successfully Saved User: [username]', array('[username]' => $userComplete->username)));
}
}
function tabClass($option, $task, $uid)
{
global $_PLUGINS, $_REQUEST, $_POST;
if ($uid) {
$cbUser =& CBuser::getInstance((int) $uid);
if ($cbUser) {
$user =& $cbUser->getUserData();
} else {
$cbUser =& CBuser::getInstance(null);
$user = null;
}
} else {
$cbUser =& CBuser::getInstance(null);
$user = null;
}
$unsecureChars = array('/', '\\', ':', ';', '{', '}', '(', ')', "\"", "'", '.', ',', "", ' ', "\t", "\n", "\r", "\v");
if ($task == 'fieldclass') {
if ($user && $user->id) {
$uid = $user->id;
} else {
$uid = 0;
}
$msg = checkCBpermissions(array($uid), "edit", true);
$_PLUGINS->trigger('onBeforeUserProfileEditRequest', array($uid, &$msg, 2));
if ($msg) {
echo $msg;
return;
}
$fieldName = trim(substr(str_replace($unsecureChars, '', urldecode(stripslashes(cbGetParam($_REQUEST, "field")))), 0, 50));
if (!$fieldName) {
echo CBTxt::T('no field');
return;
}
$pluginName = null;
$tabClassName = null;
$method = null;
} elseif ($task == 'tabclass') {
$tabClassName = urldecode(stripslashes(cbGetParam($_REQUEST, "tab")));
if (!$tabClassName) {
return;
}
$pluginName = null;
$tabClassName = substr(str_replace($unsecureChars, '', $tabClassName), 0, 32);
$method = 'getTabComponent';
$fieldName = null;
} elseif ($task == 'pluginclass') {
$pluginName = urldecode(stripslashes(cbGetParam($_REQUEST, "plugin")));
if (!$pluginName) {
return;
}
$tabClassName = 'CBplug_' . strtolower(substr(str_replace($unsecureChars, '', $pluginName), 0, 32));
$method = 'getCBpluginComponent';
$fieldName = null;
} else {
throw new LogicException('Unexpected task for CB tabClass');
}
$tabs = $cbUser->_getCbTabs(false);
if ($task == 'fieldclass') {
$result = $tabs->fieldCall($fieldName, $user, $_POST, 'edit');
} else {
$result = $tabs->tabClassPluginTabs($user, $_POST, $pluginName, $tabClassName, $method);
}
if ($result === false) {
if ($_PLUGINS->is_errors()) {
echo "<script type=\"text/javascript\">alert(\"" . $_PLUGINS->getErrorMSG() . "\"); </script>\n";
}
} elseif ($result !== null) {
echo $result;
}
}
function saveUser( $option ) {
global $_CB_framework, $_CB_database, $_POST, $_PLUGINS;
$this->_importNeeded();
$this->_importNeededSave();
if ( ! ( isset( $_POST['approved'] ) && isset( $_POST['confirmed'] ) && isset( $_POST['username'] ) ) ) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Not Authorized') ) ."'); window.history.go(-1);</script>\n";
exit;
}
// Check rights to access:
$myGid = userGID( $_CB_framework->myId() );
$userIdPosted = (int) cbGetParam($_POST, "id", 0 );
if ( $userIdPosted == 0 ) {
$_POST['id'] = null;
}
$adminGroups = $_CB_framework->acl->mapGroupNamesToValues( array( 'Administrator', 'Superadministrator' ) );
if ( $userIdPosted != 0 ) {
$msg = checkCBpermissions( array( $userIdPosted ), 'save', in_array( $myGid, $adminGroups ) );
} else {
$msg = checkCBpermissions( null, 'save', in_array( $myGid, $adminGroups ) );
}
if ($msg) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( $msg ) . "'); window.history.go(-1);</script>\n";
exit;
}
$_PLUGINS->loadPluginGroup('user');
// Get current user state:
$userComplete = new moscomprofilerUser( $_CB_database );
if ( $userIdPosted != 0 ) {
if ( ! $userComplete->load( (int) $userIdPosted ) ) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( _UE_USER_PROFILE_NOT ) . "'); window.history.go(-1);</script>\n";
return;
}
}
// Store new user state:
$saveResult = $userComplete->saveSafely( $_POST, $_CB_framework->getUi(), 'edit' );
if ( ! $saveResult ) {
$regErrorMSG = $userComplete->getError();
$msg = checkCBpermissions( array( $userComplete->id ), "edit", true );
if ($msg) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( $msg ) ."'); window.history.go(-1);</script>\n";
exit;
}
echo "<script type=\"text/javascript\">alert('" . str_replace( '\\\\n', '\\n', addslashes( strip_tags( str_replace( '<br />', '\\n', $regErrorMSG ) ) ) ) . "'); </script>\n";
global $_CB_Backend_task;
$_CB_Backend_task = 'edit'; // so the toolbar comes up...
$_PLUGINS->loadPluginGroup( 'user' ); // resets plugin errors
$usersView = _CBloadView( 'user' );
$usersView->edituser( $userComplete, $option, ( $userComplete->user_id != null ? '0' : '1' ), $_POST );
// echo "<script type=\"text/javascript\">alert('" . addslashes( str_replace( '<br />', '\n', $userComplete->getError() ) ) . "'); window.history.go(-1);</script>\n";
return;
}
// Checks-in the row:
$userComplete->checkin();
cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showusers" ), sprintf(CBTxt::T('Successfully Saved User: %s'), $userComplete->username) );
}
function tabClass( $option, $task, $uid ) {
global $_CB_framework, $_PLUGINS, $ueConfig, $_REQUEST, $_POST;
$user =& loadComprofilerUser( $uid );
$cbUser =& CBuser::getInstance( ( $user === null ? null : $user->id ) );
$unsecureChars = array( '/', '\\', ':', ';', '{', '}', '(', ')', "\"", "'", '.', ',', "\0", ' ', "\t", "\n", "\r", "\x0B" );
if ( $task == 'fieldclass' ) {
$reason = cbGetParam( $_REQUEST, 'reason' );
if ( $user && $user->id ) {
if ( $reason === 'edit' ) {
$msg = cbCheckIfUserCanPerformUserTask( $user->id, 'allowModeratorsUserEdit' );
if ( ( $uid != $_CB_framework->myId() ) && ( $msg === null ) ) {
// safeguard against missconfiguration of the above: also avoids lower-level users editing higher level ones:
$msg = checkCBpermissions( array( (int) $user->id ), 'edit', true );
}
} elseif ( ( $reason === 'profile' ) || ( $reason === 'list' ) ) {
if ( allowAccess( $ueConfig['allow_profileviewbyGID'], 'RECURSE', userGID( $_CB_framework->myId() ) ) ) {
$msg = null;
} else {
$msg = _UE_NOT_AUTHORIZED;
}
} else {
$msg = _UE_NO_INDICATION;
}
if ( $msg ) {
echo $msg;
return;
}
} elseif ( $reason == 'register' ) {
if ( $_CB_framework->myId() != 0 ) {
echo _UE_ALREADY_LOGGED_IN;
return;
}
} else {
/*
if ( ( ! ( ( ( $_CB_framework->getCfg( 'allowUserRegistration' ) == '0' )
&& ( ( ! isset($ueConfig['reg_admin_allowcbregistration']) ) || $ueConfig['reg_admin_allowcbregistration'] != '1' ) )
)
)
&&
allowAccess( $ueConfig['allow_profileviewbyGID'], 'RECURSE', $_CB_framework->acl->get_group_id('Registered','ARO') )
) {
$msg = _UE_REGISTERFORPROFILEVIEW;
echo $msg;
return;
} else {
$msg = _UE_NOT_AUTHORIZED;
echo $msg;
return;
}
*/
$msg = _UE_NOT_AUTHORIZED;
echo $msg;
return;
}
$fieldName = trim( substr( str_replace( $unsecureChars, '', urldecode( stripslashes( cbGetParam( $_REQUEST, "field" ) ) ) ), 0, 50 ) );
if ( ! $fieldName ) {
echo 'no field';
return;
}
} elseif ( $task == 'tabclass' ) {
$tabClassName = urldecode( stripslashes( cbGetParam( $_REQUEST, "tab" ) ) );
if ( ! $tabClassName ) {
return;
}
$pluginName = null;
$tabClassName = substr( str_replace( $unsecureChars, '', $tabClassName ), 0, 32 );
$method = 'getTabComponent';
} elseif ( $task == 'pluginclass' ) {
$pluginName = urldecode( stripslashes( cbGetParam( $_REQUEST, "plugin" ) ) );
if ( ! $pluginName ) {
return;
}
$tabClassName = 'CBplug_' . strtolower( substr( str_replace( $unsecureChars, '', $pluginName ), 0, 32 ) );
$method = 'getCBpluginComponent';
}
$tabs = $cbUser->_getCbTabs( false );
if ( $task == 'fieldclass' ) {
$result = $tabs->fieldCall( $fieldName, $user, $_POST, $reason );
} else {
$result = $tabs->tabClassPluginTabs( $user, $_POST, $pluginName, $tabClassName, $method );
}
if ( $result === false ) {
if( $_PLUGINS->is_errors() ) {
echo "<script type=\"text/javascript\">alert(\"" . $_PLUGINS->getErrorMSG() . "\"); </script>\n";
}
} elseif ( $result !== null ) {
echo $result;
}
}
function tabClass($option, $task, $uid)
{
global $_CB_framework, $_PLUGINS, $_REQUEST, $_POST;
$user =& loadComprofilerUser($uid);
$cbUser =& CBuser::getInstance($user === null ? null : $user->id);
$unsecureChars = array('/', '\\', ':', ';', '{', '}', '(', ')', "\"", "'", '.', ',', "", ' ', "\t", "\n", "\r", "\v");
$appendClass = false;
if ($task == 'fieldclass') {
$reason = cbGetParam($_REQUEST, 'reason');
if ($user && $user->id) {
$_PLUGINS->loadPluginGroup('user');
if ($reason === 'edit') {
$msg = cbCheckIfUserCanPerformUserTask($user->id, 'allowModeratorsUserEdit');
if ($uid != $_CB_framework->myId() && $msg === null) {
// safeguard against missconfiguration of the above: also avoids lower-level users editing higher level ones:
$msg = checkCBpermissions(array((int) $user->id), 'edit', true);
}
$_PLUGINS->trigger('onBeforeUserProfileEditRequest', array($user->id, &$msg, 1));
} elseif ($reason === 'profile' || $reason === 'list') {
if (CBuser::getMyInstance()->authoriseView('profile', $user->id)) {
$msg = null;
} else {
$msg = CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!');
}
$_PLUGINS->trigger('onBeforeUserProfileAccess', array($user->id, &$msg, 1));
} else {
$msg = CBTxt::Th('UE_NO_INDICATION', 'No indication');
}
if ($msg) {
echo $msg;
return;
}
} elseif ($reason == 'register') {
if ($_CB_framework->myId() != 0) {
echo CBTxt::Th('UE_ALREADY_LOGGED_IN', 'You are already logged in');
return;
}
} else {
$msg = CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!');
echo $msg;
return;
}
$fieldName = trim(substr(str_replace($unsecureChars, '', urldecode(stripslashes(cbGetParam($_REQUEST, "field")))), 0, 50));
if (!$fieldName) {
echo 'no field';
return;
}
$pluginName = null;
$tabClassName = null;
$method = null;
} elseif ($task == 'tabclass') {
$tabClassName = urldecode(stripslashes(cbGetParam($_REQUEST, "tab")));
if (!$tabClassName) {
return;
}
$pluginName = null;
$tabClassName = substr(str_replace($unsecureChars, '', $tabClassName), 0, 32);
$method = 'getTabComponent';
$fieldName = null;
$reason = null;
} elseif ($task == 'pluginclass') {
$pluginName = urldecode(stripslashes(cbGetParam($_REQUEST, "plugin")));
if (!$pluginName) {
return;
}
$tabClassName = 'CBplug_' . strtolower(substr(str_replace($unsecureChars, '', $pluginName), 0, 32));
$method = 'getCBpluginComponent';
$appendClass = cbGetParam($_REQUEST, 'format') != 'raw' && cbGetParam($_REQUEST, 'format') != 'rawraw' ? true : false;
$fieldName = null;
$reason = null;
} else {
throw new LogicException('Unexpected task for CB tabClass');
}
$tabs = $cbUser->_getCbTabs(false);
if ($task == 'fieldclass') {
ob_start();
$results = $tabs->fieldCall($fieldName, $user, $_POST, $reason);
$result = ob_get_contents() . $results;
ob_end_clean();
} else {
ob_start();
$results = $tabs->tabClassPluginTabs($user, $_POST, $pluginName, $tabClassName, $method);
$result = ob_get_contents() . $results;
ob_end_clean();
}
if ($result === false) {
if ($_PLUGINS->is_errors()) {
echo "<script type=\"text/javascript\">alert(\"" . $_PLUGINS->getErrorMSG() . "\"); </script>\n";
}
} elseif ($result !== null) {
if ($appendClass) {
$pageClass = $_CB_framework->getMenuPageClass();
echo '<div class="cb_template cb_template_' . selectTemplate('dir') . ($pageClass ? ' ' . htmlspecialchars($pageClass) : null) . '">' . $result . '</div>';
$_CB_framework->setMenuMeta();
} else {
echo $result;
}
}
}
