function saveField($option, $task) { global $_CB_database, $_CB_framework, $_POST, $_PLUGINS; if ($task == 'showField' || !(isset($_POST['oldtabid']) && isset($_POST['fieldid']))) { cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task={$task}")); return; } $this->_importNeeded(); $this->_importNeededSave(); $fieldOldTab = new moscomprofilerTabs($_CB_database); if (isset($_POST['oldtabid']) && $_POST['oldtabid']) { $fieldOldTab->load((int) $_POST['oldtabid']); // Check if user is a super user: if (!$_CB_framework->acl->amIaSuperAdmin()) { // Check if user belongs to useraccessgroupid: if (!in_array($fieldOldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user belongs to viewaccesslevel: if (!in_array($fieldOldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } } $fid = (int) $_POST['fieldid']; $row = new moscomprofilerFields($_CB_database); if ($fid) { // load the row from the db table if (!$row->load((int) $fid)) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Innexistant field')) . "'); window.history.go(-1);</script>\n"; exit; } $fieldTab = new moscomprofilerTabs($_CB_database); // load the row from the db table $fieldTab->load((int) $row->tabid); // Check if user is a super user: if (!$_CB_framework->acl->amIaSuperAdmin()) { // Check if user belongs to useraccessgroupid: if (!in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user belongs to viewaccesslevel: if (!in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } } $oldrow = new moscomprofilerFields($_CB_database); foreach (array_keys(get_object_vars($row)) as $k) { if (substr($k, 0, 1) != '_') { $oldrow->{$k} = $row->{$k}; } } $_PLUGINS->loadPluginGroup('user'); if (!$this->_prov_bind_CB_field($row, $fid)) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } // Set defaults if nothing is found // Also check if oldrow value to use its current value or default otherwise // This prevents a tab from storing to database with null values when some inputs are set disabled: if ($row->tabid == '') { $row->tabid = $oldrow->tabid != '' ? $oldrow->tabid : 11; } if ($row->profile == '') { $row->profile = $oldrow->profile != '' ? $oldrow->profile : 1; } if ($row->registration == '') { $row->registration = $oldrow->registration != '' ? $oldrow->registration : 1; } if ($row->published == '') { $row->published = $oldrow->published != '' ? $oldrow->published : 1; } if ($row->required == '') { $row->required = $oldrow->required != '' ? $oldrow->required : 0; } if ($row->readonly == '') { $row->readonly = $oldrow->readonly != '' ? $oldrow->readonly : 0; } if ($row->tablecolumns != '' && !in_array($row->type, array('password', 'userparams'))) { $searchable_default = 1; } else { $searchable_default = 0; } if ($row->searchable == '') { $row->searchable = $oldrow->searchable != '' ? $oldrow->searchable : $searchable_default; } // If the input is disabled we need to apply the default if the tabid isn't in POST: if (!isset($_POST['tabid'])) { $_POST['tabid'] = $row->tabid; } // Moved above check here just encase it ends up being empty: if ($task == 'showField' || !isset($_POST['tabid'])) { cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task={$task}")); return; } // in case the above changed perms.... really ? $fieldTab = new moscomprofilerTabs($_CB_database); $fieldTab->load((int) $row->tabid); // Check if user is a super user: if (!$_CB_framework->acl->amIaSuperAdmin()) { // Check if user belongs to useraccessgroupid: if (!in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user belongs to viewaccesslevel: if (!in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } if ($row->type == 'webaddress') { $row->rows = $_POST['webaddresstypes']; if (!($row->rows == 0 || $row->rows == 2)) { $row->rows = 0; } } if ($_POST['oldtabid'] != $_POST['tabid']) { if ($_POST['oldtabid'] !== '') { //Re-order old tab $sql = "UPDATE #__comprofiler_fields SET ordering = ordering-1 WHERE ordering > " . (int) $_POST['ordering'] . " AND tabid = " . (int) $_POST['oldtabid']; $_CB_database->setQuery($sql); $_CB_database->query(); } //Select Last Order in New Tab $sql = "SELECT MAX(ordering) FROM #__comprofiler_fields WHERE tabid=" . (int) $_POST['tabid']; $_CB_database->SetQuery($sql); $max = $_CB_database->LoadResult(); $row->ordering = max($max + 1, 1); } if (cbStartOfStringMatch($row->name, 'cb_')) { $row->name = str_replace(" ", "", strtolower($row->name)); } if (!$row->check()) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } // Check if user is a super user: if (!$_CB_framework->acl->amIaSuperAdmin()) { $canEditState = CBuser::getMyInstance()->authoriseAction('core.edit.state'); // Check if user belongs to useraccessgroupid if ($fieldTab->useraccessgroupid != '' && !in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user belongs to viewaccesslevel if ($fieldTab->viewaccesslevel != '' && !in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user can edit status (and if not, that status are as expected): if (!$canEditState) { $failed = false; // Check if row exists and if tabid is different from existing row // Check if row doesn't exist and if tabid is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->tabid != '' && $oldrow->tabid != $row->tabid) || !$oldrow->fieldid && ($row->tabid != '' && $row->tabid != 11)) { $failed = true; } // Check if row exists and if profile is different from existing row // Check if row doesn't exist and if profile is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->profile != '' && $oldrow->profile != $row->profile) || !$oldrow->fieldid && ($row->profile != '' && $row->profile != 1)) { $failed = true; } // Check if row exists and if registration is different from existing row // Check if row doesn't exist and if registration is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->registration != '' && $oldrow->registration != $row->registration) || !$oldrow->fieldid && ($row->registration != '' && $row->registration != 1)) { $failed = true; } // Check if row exists and if published is different from existing row // Check if row doesn't exist and if published is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->published != '' && $oldrow->published != $row->published) || !$oldrow->fieldid && ($row->published != '' && $row->published != 1)) { $failed = true; } // Check if row exists and if required is different from existing row // Check if row doesn't exist and if required is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->required != '' && $oldrow->required != $row->required) || !$oldrow->fieldid && ($row->required != '' && $row->required != 0)) { $failed = true; } // Check if row exists and if readonly is different from existing row // Check if row doesn't exist and if readonly is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->readonly != '' && $oldrow->readonly != $row->readonly) || !$oldrow->fieldid && ($row->readonly != '' && $row->readonly != 0)) { $failed = true; } // Check if row exists and if searchable is different from existing row // Check if row doesn't exist and if searchable is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->searchable != '' && $oldrow->searchable != $row->searchable) || !$oldrow->fieldid && ($row->searchable != '' && $row->searchable != $searchable_default)) { $failed = true; } if ($failed) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } } if (!$row->store((int) $fid)) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } $fieldNames = $_POST['vNames']; $j = 1; if ($row->fieldid > 0) { $_CB_database->setQuery("DELETE FROM #__comprofiler_field_values" . " WHERE fieldid = " . (int) $row->fieldid); if ($_CB_database->query() === false) { echo $_CB_database->getErrorMsg(); } } else { $_CB_database->setQuery("SELECT MAX(fieldid) FROM #__comprofiler_fields"); $maxID = $_CB_database->loadResult(); $row->fieldid = $maxID; echo $_CB_database->getErrorMsg(); } //for($i=0, $n=count( $fieldNames ); $i < $n; $i++) { foreach ($fieldNames as $fieldName) { if (trim($fieldName) != null || trim($fieldName) != '') { $_CB_database->setQuery("INSERT INTO #__comprofiler_field_values (fieldid,fieldtitle,ordering)" . " VALUES( " . (int) $row->fieldid . ",'" . cbGetEscaped(trim($fieldName)) . "', " . (int) $j . ")"); if ($_CB_database->query() === false) { echo $_CB_database->getErrorMsg(); } $j++; } } switch ($task) { case 'applyField': $msg = CBTxt::T('Successfully Saved changes to Field') . ': ' . $row->name; cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=editField&cid={$row->fieldid}"), $msg); break; case 'saveField': default: $msg = CBTxt::T('Successfully Saved Field') . ': ' . $row->name; cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=showField"), $msg); break; } }
function orderFields( $fid, $inc, $option ) { global $_CB_database, $_CB_framework; $row = new moscomprofilerFields( $_CB_database ); $row->load( (int) $fid ); $fieldTab = new moscomprofilerTabs( $_CB_database ); $fieldTab->load( (int) $row->tabid ); if ( ! in_array( $fieldTab->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) . "'); window.history.go(-1);</script>\n"; exit; } $row->move( $inc , "tabid='$row->tabid'"); cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showField" ) ); }
function orderFields($fid, $inc, $option) { global $_CB_database, $_CB_framework; $row = new moscomprofilerFields($_CB_database); $row->load((int) $fid); $fieldTab = new moscomprofilerTabs($_CB_database); $fieldTab->load((int) $row->tabid); if (!$_CB_framework->acl->amIaSuperAdmin()) { if (!in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } $row->move($inc, "tabid='{$row->tabid}'"); cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=showField")); }
function saveField( $option, $task ) { global $_CB_database, $_CB_framework, $_POST, $_PLUGINS; if ( ( $task == 'showField' ) || ! ( isset( $_POST['oldtabid'] ) && isset( $_POST['tabid'] ) && isset( $_POST['fieldid'] ) ) ) { cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=$task" ) ); return; } $this->_importNeeded(); $this->_importNeededSave(); $fid = (int) $_POST['fieldid']; $row = new moscomprofilerFields( $_CB_database ); if ( $fid ) { // load the row from the db table if ( ! $row->load( (int) $fid ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Innexistant field') ) . "'); window.history.go(-1);</script>\n"; exit; } $fieldTab = new moscomprofilerTabs( $_CB_database ); // load the row from the db table $fieldTab->load( (int) $row->tabid ); if ( ! in_array( $fieldTab->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) ."'); window.history.go(-1);</script>\n"; exit; } } $_PLUGINS->loadPluginGroup( 'user' ); if ( ! $this->_prov_bind_CB_field( $row, $fid ) ) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit(); } // in case the above changed perms.... really ? $fieldTab = new moscomprofilerTabs( $_CB_database ); $fieldTab->load( (int) $row->tabid ); if ( ! in_array( $fieldTab->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) . "'); window.history.go(-1);</script>\n"; exit; } if ($row->type == 'webaddress') { $row->rows = $_POST['webaddresstypes']; if ( !(($row->rows == 0) || ($row->rows == 2)) ) { $row->rows = 0; } } if ( $_POST['oldtabid'] != $_POST['tabid'] ) { if ( $_POST['oldtabid'] !== '' ) { //Re-order old tab $sql = "UPDATE #__comprofiler_fields SET ordering = ordering-1 WHERE ordering > ".(int) $_POST['ordering']." AND tabid = ".(int) $_POST['oldtabid']; $_CB_database->setQuery($sql); $_CB_database->query(); } //Select Last Order in New Tab $sql = "SELECT MAX(ordering) FROM #__comprofiler_fields WHERE tabid=".(int) $_POST['tabid']; $_CB_database->SetQuery($sql); $max = $_CB_database->LoadResult(); $row->ordering = max( $max + 1, 1 ); } if ( cbStartOfStringMatch( $row->name, 'cb_' ) ) { $row->name = str_replace(" ", "", strtolower($row->name)); } if ( ! $row->check() ) { echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n"; exit(); } if ( ! $row->store( (int) $fid ) ) { echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n"; exit(); } $fieldNames = $_POST['vNames']; $j = 1; if( $row->fieldid > 0 ) { $_CB_database->setQuery( "DELETE FROM #__comprofiler_field_values" . " WHERE fieldid = " . (int) $row->fieldid ); if( $_CB_database->query() === false ) { echo $_CB_database->getErrorMsg(); } } else { $_CB_database->setQuery( "SELECT MAX(fieldid) FROM #__comprofiler_fields"); $maxID = $_CB_database->loadResult(); $row->fieldid = $maxID; echo $_CB_database->getErrorMsg(); } //for($i=0, $n=count( $fieldNames ); $i < $n; $i++) { foreach ($fieldNames as $fieldName) { if(trim($fieldName)!=null || trim($fieldName)!='') { $_CB_database->setQuery( "INSERT INTO #__comprofiler_field_values (fieldid,fieldtitle,ordering)" . " VALUES( " . (int) $row->fieldid . ",'".cbGetEscaped(trim($fieldName))."', " . (int) $j . ")" ); if ( $_CB_database->query() === false ) { echo $_CB_database->getErrorMsg(); } $j++; } } switch ( $task ) { case 'applyField': $msg = CBTxt::T('Successfully Saved changes to Field') . ': '. $row->name; cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=editField&cid=$row->fieldid" ), $msg ); break; case 'saveField': default: $msg = CBTxt::T('Successfully Saved Field') . ': '. $row->name; cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showField" ), $msg ); break; } }