function saveField($option, $task)
{
global $_CB_database, $_CB_framework, $_POST, $_PLUGINS;
if ($task == 'showField' || !(isset($_POST['oldtabid']) && isset($_POST['fieldid']))) {
cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task={$task}"));
return;
}
$this->_importNeeded();
$this->_importNeededSave();
$fieldOldTab = new moscomprofilerTabs($_CB_database);
if (isset($_POST['oldtabid']) && $_POST['oldtabid']) {
$fieldOldTab->load((int) $_POST['oldtabid']);
// Check if user is a super user:
if (!$_CB_framework->acl->amIaSuperAdmin()) {
// Check if user belongs to useraccessgroupid:
if (!in_array($fieldOldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
// Check if user belongs to viewaccesslevel:
if (!in_array($fieldOldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
}
}
$fid = (int) $_POST['fieldid'];
$row = new moscomprofilerFields($_CB_database);
if ($fid) {
// load the row from the db table
if (!$row->load((int) $fid)) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Innexistant field')) . "'); window.history.go(-1);</script>\n";
exit;
}
$fieldTab = new moscomprofilerTabs($_CB_database);
// load the row from the db table
$fieldTab->load((int) $row->tabid);
// Check if user is a super user:
if (!$_CB_framework->acl->amIaSuperAdmin()) {
// Check if user belongs to useraccessgroupid:
if (!in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
// Check if user belongs to viewaccesslevel:
if (!in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
}
}
$oldrow = new moscomprofilerFields($_CB_database);
foreach (array_keys(get_object_vars($row)) as $k) {
if (substr($k, 0, 1) != '_') {
$oldrow->{$k} = $row->{$k};
}
}
$_PLUGINS->loadPluginGroup('user');
if (!$this->_prov_bind_CB_field($row, $fid)) {
echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
// Set defaults if nothing is found
// Also check if oldrow value to use its current value or default otherwise
// This prevents a tab from storing to database with null values when some inputs are set disabled:
if ($row->tabid == '') {
$row->tabid = $oldrow->tabid != '' ? $oldrow->tabid : 11;
}
if ($row->profile == '') {
$row->profile = $oldrow->profile != '' ? $oldrow->profile : 1;
}
if ($row->registration == '') {
$row->registration = $oldrow->registration != '' ? $oldrow->registration : 1;
}
if ($row->published == '') {
$row->published = $oldrow->published != '' ? $oldrow->published : 1;
}
if ($row->required == '') {
$row->required = $oldrow->required != '' ? $oldrow->required : 0;
}
if ($row->readonly == '') {
$row->readonly = $oldrow->readonly != '' ? $oldrow->readonly : 0;
}
if ($row->tablecolumns != '' && !in_array($row->type, array('password', 'userparams'))) {
$searchable_default = 1;
} else {
$searchable_default = 0;
}
if ($row->searchable == '') {
$row->searchable = $oldrow->searchable != '' ? $oldrow->searchable : $searchable_default;
}
// If the input is disabled we need to apply the default if the tabid isn't in POST:
if (!isset($_POST['tabid'])) {
$_POST['tabid'] = $row->tabid;
}
// Moved above check here just encase it ends up being empty:
if ($task == 'showField' || !isset($_POST['tabid'])) {
cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task={$task}"));
return;
}
// in case the above changed perms.... really ?
$fieldTab = new moscomprofilerTabs($_CB_database);
$fieldTab->load((int) $row->tabid);
// Check if user is a super user:
if (!$_CB_framework->acl->amIaSuperAdmin()) {
// Check if user belongs to useraccessgroupid:
if (!in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
// Check if user belongs to viewaccesslevel:
if (!in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
}
if ($row->type == 'webaddress') {
$row->rows = $_POST['webaddresstypes'];
if (!($row->rows == 0 || $row->rows == 2)) {
$row->rows = 0;
}
}
if ($_POST['oldtabid'] != $_POST['tabid']) {
if ($_POST['oldtabid'] !== '') {
//Re-order old tab
$sql = "UPDATE #__comprofiler_fields SET ordering = ordering-1 WHERE ordering > " . (int) $_POST['ordering'] . " AND tabid = " . (int) $_POST['oldtabid'];
$_CB_database->setQuery($sql);
$_CB_database->query();
}
//Select Last Order in New Tab
$sql = "SELECT MAX(ordering) FROM #__comprofiler_fields WHERE tabid=" . (int) $_POST['tabid'];
$_CB_database->SetQuery($sql);
$max = $_CB_database->LoadResult();
$row->ordering = max($max + 1, 1);
}
if (cbStartOfStringMatch($row->name, 'cb_')) {
$row->name = str_replace(" ", "", strtolower($row->name));
}
if (!$row->check()) {
echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
exit;
}
// Check if user is a super user:
if (!$_CB_framework->acl->amIaSuperAdmin()) {
$canEditState = CBuser::getMyInstance()->authoriseAction('core.edit.state');
// Check if user belongs to useraccessgroupid
if ($fieldTab->useraccessgroupid != '' && !in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
// Check if user belongs to viewaccesslevel
if ($fieldTab->viewaccesslevel != '' && !in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
// Check if user can edit status (and if not, that status are as expected):
if (!$canEditState) {
$failed = false;
// Check if row exists and if tabid is different from existing row
// Check if row doesn't exist and if tabid is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->tabid != '' && $oldrow->tabid != $row->tabid) || !$oldrow->fieldid && ($row->tabid != '' && $row->tabid != 11)) {
$failed = true;
}
// Check if row exists and if profile is different from existing row
// Check if row doesn't exist and if profile is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->profile != '' && $oldrow->profile != $row->profile) || !$oldrow->fieldid && ($row->profile != '' && $row->profile != 1)) {
$failed = true;
}
// Check if row exists and if registration is different from existing row
// Check if row doesn't exist and if registration is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->registration != '' && $oldrow->registration != $row->registration) || !$oldrow->fieldid && ($row->registration != '' && $row->registration != 1)) {
$failed = true;
}
// Check if row exists and if published is different from existing row
// Check if row doesn't exist and if published is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->published != '' && $oldrow->published != $row->published) || !$oldrow->fieldid && ($row->published != '' && $row->published != 1)) {
$failed = true;
}
// Check if row exists and if required is different from existing row
// Check if row doesn't exist and if required is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->required != '' && $oldrow->required != $row->required) || !$oldrow->fieldid && ($row->required != '' && $row->required != 0)) {
$failed = true;
}
// Check if row exists and if readonly is different from existing row
// Check if row doesn't exist and if readonly is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->readonly != '' && $oldrow->readonly != $row->readonly) || !$oldrow->fieldid && ($row->readonly != '' && $row->readonly != 0)) {
$failed = true;
}
// Check if row exists and if searchable is different from existing row
// Check if row doesn't exist and if searchable is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->searchable != '' && $oldrow->searchable != $row->searchable) || !$oldrow->fieldid && ($row->searchable != '' && $row->searchable != $searchable_default)) {
$failed = true;
}
if ($failed) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
}
}
if (!$row->store((int) $fid)) {
echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
exit;
}
$fieldNames = $_POST['vNames'];
$j = 1;
if ($row->fieldid > 0) {
$_CB_database->setQuery("DELETE FROM #__comprofiler_field_values" . " WHERE fieldid = " . (int) $row->fieldid);
if ($_CB_database->query() === false) {
echo $_CB_database->getErrorMsg();
}
} else {
$_CB_database->setQuery("SELECT MAX(fieldid) FROM #__comprofiler_fields");
$maxID = $_CB_database->loadResult();
$row->fieldid = $maxID;
echo $_CB_database->getErrorMsg();
}
//for($i=0, $n=count( $fieldNames ); $i < $n; $i++) {
foreach ($fieldNames as $fieldName) {
if (trim($fieldName) != null || trim($fieldName) != '') {
$_CB_database->setQuery("INSERT INTO #__comprofiler_field_values (fieldid,fieldtitle,ordering)" . " VALUES( " . (int) $row->fieldid . ",'" . cbGetEscaped(trim($fieldName)) . "', " . (int) $j . ")");
if ($_CB_database->query() === false) {
echo $_CB_database->getErrorMsg();
}
$j++;
}
}
switch ($task) {
case 'applyField':
$msg = CBTxt::T('Successfully Saved changes to Field') . ': ' . $row->name;
cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=editField&cid={$row->fieldid}"), $msg);
break;
case 'saveField':
default:
$msg = CBTxt::T('Successfully Saved Field') . ': ' . $row->name;
cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=showField"), $msg);
break;
}
}
function orderFields( $fid, $inc, $option ) {
global $_CB_database, $_CB_framework;
$row = new moscomprofilerFields( $_CB_database );
$row->load( (int) $fid );
$fieldTab = new moscomprofilerTabs( $_CB_database );
$fieldTab->load( (int) $row->tabid );
if ( ! in_array( $fieldTab->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) . "'); window.history.go(-1);</script>\n";
exit;
}
$row->move( $inc , "tabid='$row->tabid'");
cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showField" ) );
}
function orderFields($fid, $inc, $option)
{
global $_CB_database, $_CB_framework;
$row = new moscomprofilerFields($_CB_database);
$row->load((int) $fid);
$fieldTab = new moscomprofilerTabs($_CB_database);
$fieldTab->load((int) $row->tabid);
if (!$_CB_framework->acl->amIaSuperAdmin()) {
if (!in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
}
$row->move($inc, "tabid='{$row->tabid}'");
cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=showField"));
}
function saveField( $option, $task ) {
global $_CB_database, $_CB_framework, $_POST, $_PLUGINS;
if ( ( $task == 'showField' ) || ! ( isset( $_POST['oldtabid'] ) && isset( $_POST['tabid'] ) && isset( $_POST['fieldid'] ) ) ) {
cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=$task" ) );
return;
}
$this->_importNeeded();
$this->_importNeededSave();
$fid = (int) $_POST['fieldid'];
$row = new moscomprofilerFields( $_CB_database );
if ( $fid ) {
// load the row from the db table
if ( ! $row->load( (int) $fid ) ) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Innexistant field') ) . "'); window.history.go(-1);</script>\n";
exit;
}
$fieldTab = new moscomprofilerTabs( $_CB_database );
// load the row from the db table
$fieldTab->load( (int) $row->tabid );
if ( ! in_array( $fieldTab->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) ."'); window.history.go(-1);</script>\n";
exit;
}
}
$_PLUGINS->loadPluginGroup( 'user' );
if ( ! $this->_prov_bind_CB_field( $row, $fid ) ) {
echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit();
}
// in case the above changed perms.... really ?
$fieldTab = new moscomprofilerTabs( $_CB_database );
$fieldTab->load( (int) $row->tabid );
if ( ! in_array( $fieldTab->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) . "'); window.history.go(-1);</script>\n";
exit;
}
if ($row->type == 'webaddress') {
$row->rows = $_POST['webaddresstypes'];
if ( !(($row->rows == 0) || ($row->rows == 2)) ) {
$row->rows = 0;
}
}
if ( $_POST['oldtabid'] != $_POST['tabid'] ) {
if ( $_POST['oldtabid'] !== '' ) {
//Re-order old tab
$sql = "UPDATE #__comprofiler_fields SET ordering = ordering-1 WHERE ordering > ".(int) $_POST['ordering']." AND tabid = ".(int) $_POST['oldtabid'];
$_CB_database->setQuery($sql);
$_CB_database->query();
}
//Select Last Order in New Tab
$sql = "SELECT MAX(ordering) FROM #__comprofiler_fields WHERE tabid=".(int) $_POST['tabid'];
$_CB_database->SetQuery($sql);
$max = $_CB_database->LoadResult();
$row->ordering = max( $max + 1, 1 );
}
if ( cbStartOfStringMatch( $row->name, 'cb_' ) ) {
$row->name = str_replace(" ", "", strtolower($row->name));
}
if ( ! $row->check() ) {
echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n";
exit();
}
if ( ! $row->store( (int) $fid ) ) {
echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n";
exit();
}
$fieldNames = $_POST['vNames'];
$j = 1;
if( $row->fieldid > 0 ) {
$_CB_database->setQuery( "DELETE FROM #__comprofiler_field_values"
. " WHERE fieldid = " . (int) $row->fieldid );
if( $_CB_database->query() === false ) {
echo $_CB_database->getErrorMsg();
}
} else {
$_CB_database->setQuery( "SELECT MAX(fieldid) FROM #__comprofiler_fields");
$maxID = $_CB_database->loadResult();
$row->fieldid = $maxID;
echo $_CB_database->getErrorMsg();
}
//for($i=0, $n=count( $fieldNames ); $i < $n; $i++) {
foreach ($fieldNames as $fieldName) {
if(trim($fieldName)!=null || trim($fieldName)!='') {
$_CB_database->setQuery( "INSERT INTO #__comprofiler_field_values (fieldid,fieldtitle,ordering)"
. " VALUES( " . (int) $row->fieldid . ",'".cbGetEscaped(trim($fieldName))."', " . (int) $j . ")"
);
if ( $_CB_database->query() === false ) {
echo $_CB_database->getErrorMsg();
}
$j++;
}
}
switch ( $task ) {
case 'applyField':
$msg = CBTxt::T('Successfully Saved changes to Field') . ': '. $row->name;
cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=editField&cid=$row->fieldid" ), $msg );
break;
case 'saveField':
default:
$msg = CBTxt::T('Successfully Saved Field') . ': '. $row->name;
cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showField" ), $msg );
break;
}
}
