/** * Displays the "Content Access Denied View * * @param UserTable $user * @param CBplug_cbpaidsubscriptions $baseClass * @return string */ public function display( & $user, /** @noinspection PhpUnusedParameterInspection */ &$baseClass ) { global $_CB_framework; if ( ! is_callable( array( 'cbpaidBot', 'getInstance' ) ) ) { return CBPTXT::T("CBSubs CbpaidSubsBot is not installed, enabled and running or CBSubs Content integration plugin is not up to date. Please ask site administrator to do so."); } $cbpaidBot = cbpaidBot::getInstance(); $userId = $_CB_framework->myId(); $accesstype = cbGetParam( $_GET, 'accesstype' ); $accessvalue = cbGetParam( $_GET, 'accessvalue' ); $accessurl = cbGetParam( $_GET, 'accessurl' ); switch ( $accesstype ) { case 'components': $option = $accessvalue; $accessPlans = $cbpaidBot->checkAccess( $userId, $option, 'cpaycontent_components', null, true ); if ( is_array( $accessPlans ) ) { $result = array( 'can', CBPTXT::T("component") ); // CBPTXT::T("You can access to this component with following plans: "); // . implode( ', ', $accessPlans ); $access = false; } elseif ( $accessPlans === true ) { $result = array( 'have', CBPTXT::T("component") ); // CBPTXT::T("You have access now to this component !"); $access = true; } else { $result = array( 'unknown', CBPTXT::T("component"), $accessPlans ); // 'Unknown component access result: ' . var_export( $accessPlans, true ); $access = false; } break; case 'menus': $itemid = (int) $accessvalue; $accessPlans = $cbpaidBot->checkAccess( $userId, $itemid, 'cpaycontent_menus' , null, true ); if ( is_array( $accessPlans ) ) { $result = array( 'can', CBPTXT::T("menu") ); // CBPTXT::T("You can access to this menu with following plans: "); // . implode( ', ', $accessPlans ); $access = false; } elseif ( $accessPlans === true ) { $result = array( 'have', CBPTXT::T("menu") ); // CBPTXT::T("You have access now to this menu !"); $access = true; } else { $result = array( 'unknown', CBPTXT::T("menu"), $accessPlans ); // 'Unknown menu access result: ' . var_export( $accessPlans, true ); $access = false; } break; case 'urls': $getPostArray = $this->_decodeArrayUrl( $accessurl ); $postsMissingInGetToFindPlans = array(); $accessPlans = $cbpaidBot->checkAccessUrl( $userId, $getPostArray, $getPostArray, $postsMissingInGetToFindPlans, 'cpaycontent_urls', true ); if ( is_array( $accessPlans ) ) { $result = array( 'can', CBPTXT::T("location") ); // CBPTXT::T("You can access to this location with following plans: "); // . implode( ', ', $accessPlans ); $access = false; } elseif ( $accessPlans === true ) { $result = array( 'have', CBPTXT::T("location") ); // CBPTXT::T("You have access now to this location !"); $access = true; } else { $result = array( 'unknown', CBPTXT::T("location"), $accessPlans ); // 'Unknown location access result: ' . var_export( $accessPlans, true ); $access = false; } break; case 'sections': // section list: $sectionId = (int) $accessvalue; $accessPlans = $cbpaidBot->checkAccess( $userId, $sectionId, 'cpaycontent_sections', 'cpaycontent_sections_list', true ); if ( is_array( $accessPlans ) ) { $result = array( 'can', CBPTXT::T("content section") ); // CBPTXT::T("You can access to this content section with following plans: "); // . implode( ', ', $accessPlans ); $access = false; } elseif ( $accessPlans === true ) { $result = array( 'have', CBPTXT::T("content section") ); // CBPTXT::T("You have access now to this content section !"); $access = true; } else { $result = array( 'unknown', CBPTXT::T("content section"), $accessPlans ); // 'Unknown content section access result: ' . var_export( $accessPlans, true ); $access = false; } break; case 'categories': $categoryId = (int) $accessvalue; $accessPlans = $cbpaidBot->checkAccess( $userId, $categoryId, 'cpaycontent_categories', 'cpaycontent_categories_list', true ); $sectionId = $cbpaidBot->getSectionOfCategory( $categoryId ); if ( $sectionId ) { $accessPlansSection = $cbpaidBot->checkAccess( $userId, $sectionId, 'cpaycontent_sections', 'cpaycontent_sections_list', true ); } else { $accessPlansSection = array(); } if ( is_array( $accessPlans ) ) { if ( is_array( $accessPlansSection ) ) { $result = array( 'can', CBPTXT::T("content category") . ' ' . CBPTXT::T("or"). ' ' . CBPTXT::T("content section in which this content category is located") ); // CBPTXT::T("You can access to this content category with following plans: ") // . implode( ', ', $accessPlans ) //. CBPTXT::T("You can access to the whole content section enclosing this content category with following plans: "); // . implode( ', ', $accessPlansSection ); $access = false; } elseif ( $accessPlansSection === null ) { $result = array( 'can', CBPTXT::T("content category") ); // CBPTXT::T("You can access to this content category with following plans: "); // . implode( ', ', $accessPlans ); $access = false; } elseif ( $accessPlansSection === true ) { $result = array( 'have', CBPTXT::T("content section in which this content category is located") ); // CBPTXT::T("You have access now to the whole content section in which this content category is located !"); $access = true; } else { $result = array( 'unknown', CBPTXT::T("content section"), $accessPlansSection ); // 'Unknown content section access result: ' . var_export( $accessPlans, true ); $access = false; } } elseif ( $accessPlans === null ) { if ( is_array( $accessPlansSection ) ) { $result = array( 'can', CBPTXT::T("content section in which this content category is located") ); //CBPTXT::T("You can access to the whole content section enclosing this content category with following plans: "); // . implode( ', ', $accessPlansSection ); $access = false; } elseif ( $accessPlansSection === null ) { $result = CBPTXT::T("These content categories are not under category or section access control"); $access = true; } elseif ( $accessPlansSection === true ) { $result = array( 'have', CBPTXT::T("content section in which this content category is located") ); //CBPTXT::T("You have access now to the whole content section in which this content category is located !"); $access = true; } else { $result = array( 'unknown', CBPTXT::T("content section"), $accessPlansSection ); // 'Unknown content section access result: ' . var_export( $accessPlans, true ); $access = false; } } elseif ( $accessPlans === true ) { $result = array( 'have', CBPTXT::T("content category") ); // CBPTXT::T("You have access now to this content categories !"); $access = true; } else { $result = array( 'unknown', CBPTXT::T("content category"), $accessPlans ); // 'Unknown content categories access result: ' . var_export( $accessPlans, true ); $access = false; } break; case 'contentdisplay': $contentId = (int) $accessvalue; global $_CB_database; $row = null; $sql = 'SELECT * FROM #__content WHERE id = ' . (int) $contentId; $_CB_database->setQuery( $sql ); $contentExists = $_CB_database->loadObject( $row ); if ( $contentExists ) { /** @var StdClass $row */ $_cbACL =& cbpaidBotAclApi::getInstance(); $accessPlans = $_cbACL->_cb_checkMultiAcl_Ok_or_Plans( $_CB_framework->myId(), $row->id, isset( $row->catid ) ? $row->catid : null, isset( $row->sectionid ) ? $row->sectionid : null, -1 ); if ( is_array( $accessPlans ) ) { $accessPlansWrite = $_cbACL->_cb_checkMultiAcl( $_CB_framework->myId(), $row->id, isset( $row->catid ) ? $row->catid : null, isset( $row->sectionid ) ? $row->sectionid : null, count( $_cbACL->cbContentAclRights ) -1 ); if ( $accessPlansWrite === true ) { $result = CBPTXT::T("You have access to this content item"); $access = true; } elseif ( is_array( $accessPlansWrite ) && ( count( $accessPlansWrite ) > 0 ) ) { $result = array( 'can', CBPTXT::T("content item") ); // CBPTXT::T("You can access to this article with following plans: ") // . implode( ', ', $accessPlans ) //. CBPTXT::T("You can access with write access to this article with following plans: "); // . implode( ', ', $accessPlansWrite ); $access = false; } else { $result = array( 'can', CBPTXT::T("content item") ); // CBPTXT::T("You can access to this article with following plans: "); // . implode( ', ', $accessPlans ); $access = false; } } elseif ( $accessPlans === true ) { $result = array( 'have', CBPTXT::T("content item") ); // CBPTXT::T("You have access now to this article !"); $access = true; } else { $result = array( 'unknown', CBPTXT::T("content item"), $accessPlans ); // 'Unknown access result: ' . var_export( $accessPlans, true ); $access = false; } } else { $result = CBPTXT::T("This content item does not exist"); $access = true; $accessPlans = array(); } break; default: // Hacking or PCI-DSS intrusion trial: $result = CBPTXT::T("This redirection URL is invalid."); $access = true; $accessPlans = array(); break; } if ( $access ) { if ( is_array( $result ) ) { switch ( $result[0] ) { case 'have': $return = sprintf( CBPTXT::Th("You have now access to this %s"), $result[1] ); //TBD later in a safe way (FS#259): or with $_SESSION // $realUrl = base64_decode( $accessurl ); // $return .= '<a href="' . $_CB_framework->getCfg( 'live_site' ) . '/index.php?' . htmlspecialchars( $realUrl ) . '">Click here to access</a>'; break; default: $return = "Unknown access allowed result: " . var_export( $result, true ); break; } } else { $return = $result; } } else { if ( is_array( $result ) ) { switch ( $result[0] ) { case 'can': if ( count( $accessPlans ) > 0 ) { $params =& cbpaidApp::settingsParams(); $subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) ); $result = sprintf( CBPTXT::Th("You can access this %s with following %s plans:"), $result[1], $subTxt ); // CB login return-to after login URL: if ( $accessurl ) { global $cbSpecialReturnAfterLogin; $url = base64_decode( $accessurl ); if ( ! preg_match( '#https?://#i', $url ) ) { $cbSpecialReturnAfterLogin = '******' . $url; } } // We need to also display child plans of the $accessPlans as some might be needed (mandatory): $plans = cbpaidSubscriptionsMgr::getInstance()->getUpgradablePlansWithChildrensForPlans( $accessPlans, $user ); $return = cbpaidControllerOffer::displaySpecificPlans( $plans, null, $user, $result ); } else { $return = sprintf( CBPTXT::Th("You can not access this %s") . '.', $result[1] ); } break; case 'unknown': $return = sprintf( CBPTXT::Th("Unknown %s access result: %s") . '.', $result[1], var_export( $result[2], true ) ); break; default: $return = "Unknown access allowed result" . ': ' . var_export( $result, true ); break; } } else { $return = $result; } } return $return; }
/** * Checks ACL based on $_REQUEST * * @param string $aco_section_value * @param string $aco_value * @param string $aro_section_value * @param string $aro_value * @param string|null $axo_section_value * @param string|null $axo_value * @return int */ public function acl_check( $aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value = null, $axo_value = null ) { global $_CB_framework, $_REQUEST, $_POST; $parentAcl = parent::acl_check( $aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value, $axo_value ); if ( $parentAcl == 1 ) { return $parentAcl; } if ( cbpaidBot::getInstance()->paidsubsManager === null ) { return 0; } $action = $this->_cb_decodeAclAction( array( $aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value, $axo_value ) ); $contentAclLevel = array_search( $action, $this->cbContentAclRights ); if ( ( $contentAclLevel !== false ) /* if ( ( $aco_section_value == 'action' ) && ( ( $aco_value == 'edit' ) || ( $aco_value == 'publish' ) ) && ( $aro_section_value == 'users' ) && ( $axo_section_value == 'content' ) */ /* && ( isset( $_REQUEST['task'] ) ) */ ) { $sectionId = null; $categoryId = null; $articleId = null; switch ( cbGetParam( $_REQUEST, 'task', '' ) ) { case '': case 'view': case 'edit': //BB1.5??? if ( cbGetParam( $_REQUEST, 'view', '' ) == 'category' ) { //FIXME ??? //BB1.5??? $categoryId = (int) cbGetParam( $_REQUEST, 'id', 0 ); //BB1.5??? } else { $articleId = (int) cbGetParam( $_REQUEST, 'id', 0 ); //BB1.5??? } $sectionId = 0; break; case 'section': $sectionId = (int) cbGetParam( $_REQUEST, 'id', 0 ); break; case 'category': $categoryId = (int) cbGetParam( $_REQUEST, 'id', 0 ); $sectionId = (int) cbGetParam( $_REQUEST, 'sectionid', 0 ); break; case 'new': $sectionId = (int) cbGetParam( $_REQUEST, 'sectionid', 0 ); break; case 'save': case 'apply': case 'apply_new': $sectionId = (int) cbGetParam( $_POST, 'sectionid', 0 ); $categoryId = (int) cbGetParam( $_POST, 'catid', 0 ); $articleId = (int) cbGetParam( $_POST, 'id', 0 ); break; case 'cancel': case 'blogsection': case 'blogcategorymulti': case 'blogcategory': case 'archivesection': case 'archivecategory': case 'emailform': case 'emailsend': case 'vote': default: break; } if ( $sectionId !== null ) { if ( $this->_cb_checkMultiAcl( $_CB_framework->myId(), $articleId, $categoryId, $sectionId, $contentAclLevel ) ) { return 1; } } } return 0; // parent::acl_check( $aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value, $axo_value ); }