/**
* Display notes for a user
*
* @return void
*/
public function modalTask()
{
Request::setVar('hidemainmenu', 1);
$user = Member::oneOrFail(Request::getInt('id', 0));
$rows = Note::all()->including(['category', function ($category) {
$category->select('id')->select('title');
}])->whereEquals('user_id', (int) $user->get('id'))->ordered()->rows();
// Output the HTML
$this->view->set('user', $user)->set('rows', $rows)->setErrors($this->getErrors())->display();
}
/**
* Display a form for updating profile info
*
* @return void
*/
public function updateTask()
{
// Check if the user is logged in
if (User::isGuest()) {
return App::abort(500, Lang::txt('COM_MEMBERS_REGISTER_ERROR_SESSION_EXPIRED'));
}
$force = false;
$updateEmail = false;
// Set the pathway
$this->_buildPathway();
// Set the page title
$this->_buildTitle();
// Instantiate a new registration object
$xregistration = new \Components\Members\Models\Registration();
$xprofile = Member::oneOrFail(User::get('id'));
$hzal = \Hubzero\Auth\Link::find_by_id(User::get('auth_link_id'));
// Get users component config options, specifically whether or not 'simple' registration is enabled
$method = Request::getMethod();
$usersConfig = Component::params('com_members');
$simpleRegistration = $usersConfig->get('simple_registration', false);
if ($method == 'POST') {
// Load POSTed data
$xregistration->loadPOST();
} else {
// Load data from the user object
$xregistration->loadProfile($xprofile);
$username = User::get('username');
$email = User::get('email');
if ($username[0] == '-' && is_object($hzal)) {
$sub_email = explode('@', (string) $hzal->email, 2);
$tmp_username = Session::get('auth_link.tmp_username', $sub_email[0]);
$xregistration->set('login', $tmp_username);
$xregistration->set('orcid', Session::get('auth_link.tmp_orcid', ''));
$xregistration->set('email', $hzal->email);
$xregistration->set('confirmEmail', $hzal->email);
if ($simpleRegistration) {
$force = false;
$method = 'POST';
} else {
$force = true;
}
}
}
$check = $xregistration->check('update');
if (!$force && $check && $method == 'GET') {
Session::set('registration.incomplete', false);
if ($_SERVER['REQUEST_URI'] == rtrim(Request::base(true), '/') . '/register/update' || $_SERVER['REQUEST_URI'] == rtrim(Request::base(true), '/') . '/members/register/update') {
App::redirect(rtrim(Request::base(true), '/') . '/');
} else {
App::redirect($_SERVER['REQUEST_URI']);
}
return true;
}
if (!$force && $check && $method == 'POST') {
// Before going any further, we need to do a sanity check to make sure username isn't being changed.
// This really only happens on a race condition where someone is creating the same account
// using a 3rd party auth service in two different browsers. Yes, it's crazy!
if ($xregistration->get('login') && substr(User::get('username'), 0, 1) == '-') {
// Make sure the username hasn't since been set in the database
if (substr(User::getInstance(User::get('id'))->get('username'), 0, 1) != '-') {
App::redirect(Route::url('index.php?option=com_users&view=logout'), Lang::txt('This account appears to already exist. Please try logging in again.'), 'warning');
return;
}
}
$hubHomeDir = rtrim($this->config->get('homedir'), DS);
$updateEmail = false;
if ($xprofile->get('homeDirectory') == '') {
$xprofile->set('homeDirectory', $hubHomeDir . DS . $xprofile->get('username'));
}
if ($xprofile->get('registerIP') == '') {
$xprofile->set('registerIP', Request::getVar('REMOTE_ADDR', '', 'server'));
}
if ($xprofile->get('registerDate') == '') {
$xprofile->set('registerDate', Date::toSql());
}
if ($xregistration->get('email') != $xprofile->get('email')) {
if (is_object($hzal) && $xregistration->get('email') == $hzal->email) {
$xprofile->set('activation', 3);
} else {
$code = \Components\Members\Helpers\Utility::genemailconfirm();
$xprofile->set('activation', $code);
$updateEmail = true;
}
}
if ($xregistration->get('login') != $xprofile->get('username')) {
$xprofile->set('homeDirectory', $hubHomeDir . DS . $xregistration->get('login'));
}
$keys = array('email', 'name', 'surname', 'givenName', 'middleName', 'usageAgreement', 'sendEmail', 'password');
foreach ($keys as $key) {
if ($xregistration->get($key) !== null) {
$xprofile->set($key, $xregistration->get($key));
}
}
$xprofile->set('username', $xregistration->get('login'));
$xprofile->save();
// Update current session if appropriate
// TODO: update all session of this user
// TODO: only update if changed
if ($xprofile->get('id') == User::get('id')) {
$suser = Session::get('user');
$suser->set('username', $xprofile->get('username'));
$suser->set('email', $xprofile->get('email'));
$suser->set('name', $xprofile->get('name'));
Session::set('user', $suser);
// Get the session object
$table = \JTable::getInstance('session');
$table->load(Session::getId());
$table->username = $xprofile->get('username');
$table->update();
}
Session::set('registration.incomplete', false);
// Notify the user
if ($updateEmail) {
\Components\Members\Helpers\Utility::sendConfirmEmail($xprofile, $xregistration);
}
// Notify administration
if ($method == 'POST') {
$subject = Config::get('sitename') . ' ' . Lang::txt('COM_MEMBERS_REGISTER_EMAIL_ACCOUNT_UPDATE');
$eaview = new \Hubzero\Component\View(array('name' => 'emails', 'layout' => 'adminupdate'));
$eaview->option = $this->_option;
$eaview->controller = $this->_controller;
$eaview->sitename = Config::get('sitename');
$eaview->xprofile = $xprofile;
$eaview->baseURL = $this->baseURL;
$message = $eaview->loadTemplate();
$message = str_replace("\n", "\r\n", $message);
}
if (!$updateEmail) {
$suri = Request::getVar('REQUEST_URI', '/', 'server');
if ($suri == '/register/update' || $suri == '/members/update' || $suri == '/members/register/update') {
$suri = Route::url('index.php?option=' . $this->_option . '&task=myaccount');
}
App::redirect($suri);
return;
} else {
// Instantiate a new view
$this->view->set('title', Lang::txt('COM_MEMBERS_REGISTER_UPDATE'))->set('sitename', Config::get('sitename'))->set('xprofile', $xprofile)->set('isSelf', true)->set('updateEmail', $updateEmail)->setErrors($this->getErrors())->display();
}
return true;
}
return $this->_show_registration_form($xregistration, 'update');
}
/**
* Display host entries for a member
*
* @param object $profile
* @return void
*/
public function displayTask($profile = null)
{
// Incoming
if (!$profile) {
$id = Request::getInt('id', 0);
$profile = Member::oneOrFail($id);
}
// Output the HTML
$this->view->set('id', $profile->get('id'))->set('rows', $profile->purgeCache()->hosts)->setErrors($this->getErrors())->setLayout('display')->display();
}
/**
* Get user profile info
*
* @apiMethod GET
* @apiUri /members/{id}
* @apiParameter {
* "name": "id",
* "description": "Member identifier",
* "type": "integer",
* "required": true,
* "default": null
* }
* @return void
*/
public function readTask()
{
$userid = Request::getInt('id', 0);
$result = Member::oneOrFail($userid);
if (!$result || !$result->get('id')) {
throw new Exception(Lang::txt('COM_MEMBERS_ERROR_USER_NOT_FOUND'), 404);
}
// Get any request vars
$base = rtrim(Request::base(), '/');
$profile = array('id' => $result->get('id'), 'username' => $result->get('username'), 'name' => $result->get('name'), 'first_name' => $result->get('givenName'), 'middle_name' => $result->get('middleName'), 'last_name' => $result->get('surname'), 'email' => $result->get('email'), 'member_since' => $result->get('registerDate'), 'picture' => array('thumb' => $result->picture(0, true), 'full' => $result->picture(0, false)), 'interests' => array(), 'url' => str_replace('/api', '', $base . '/' . ltrim(Route::url($result->link()), '/')));
// Get custom fields
$attribs = Field::all()->ordered()->rows();
foreach ($attribs as $attrib) {
$key = $attrib->get('name');
if ($attrib->get('type') == 'tags') {
$val = $result->tags('string');
} else {
$val = $result->get($key);
}
if (is_array($val)) {
$val = implode(';', $val);
}
$profile[$key] = $val;
}
require_once dirname(dirname(__DIR__)) . DS . 'models' . DS . 'tags.php';
$cloud = new \Components\Members\Models\Tags($userid);
foreach ($cloud->tags('list') as $i => $tag) {
$obj = new stdClass();
$obj->id = $tag->get('id');
$obj->raw_tag = $tag->get('raw_tag');
$obj->tag = $tag->get('tag');
$obj->uri = str_replace('/api', '', $base . '/' . ltrim(Route::url($tag->link()), '/'));
$obj->substitutes_count = $tag->get('substitutes');
$obj->objects_count = $tag->get('total');
$profile['interests'][] = $obj;
}
// Corrects image path, API application breaks Route::url() in the Helper::getMemberPhoto() method.
$profile['picture']['thumb'] = str_replace('/api', '', $base . '/' . $profile['picture']['thumb']);
$profile['picture']['full'] = str_replace('/api', '', $base . '/' . $profile['picture']['full']);
// Encode and return result
$object = new stdClass();
$object->profile = $profile;
$this->send($object);
}
/**
* Debug user permissions
*
* @return void
*/
public function debuguserTask()
{
include_once dirname(dirname(__DIR__)) . DS . 'helpers' . DS . 'debug.php';
// Get filters
$filters = array('search' => urldecode(Request::getState($this->_option . '.' . $this->_controller . '.search', 'search', '')), 'sort' => Request::getState($this->_option . '.' . $this->_controller . '.sort', 'filter_order', 'lft'), 'sort_Dir' => Request::getState($this->_option . '.' . $this->_controller . '.sortdir', 'filter_order_Dir', 'ASC'), 'level_start' => Request::getState($this->_option . '.' . $this->_controller . '.filter_level_start', 'filter_level_start', 0, 'int'), 'level_end' => Request::getState($this->_option . '.' . $this->_controller . '.filter_level_end', 'filter_level_end', 0, 'int'), 'component' => Request::getState($this->_option . '.' . $this->_controller . '.filter_component', 'filter_component', ''));
if ($filters['level_end'] > 0 && $filters['level_end'] < $filters['level_start']) {
$filters['level_end'] = $filters['level_start'];
}
$id = Request::getInt('id', 0);
// Load member
$member = Member::oneOrFail($id);
// Select the required fields from the table.
$entries = \Hubzero\Access\Asset::all();
if ($filters['search']) {
$entries->whereLike('name', $filters['search'], 1)->orWhereLike('title', $filters['search'], 1)->resetDepth();
}
if ($filters['level_start'] > 0) {
$entries->where('level', '>=', $filters['level_start']);
}
if ($filters['level_end'] > 0) {
$entries->where('level', '<=', $filters['level_end']);
}
// Filter the items over the component if set.
if ($filters['component']) {
$entries->whereEquals('name', $filters['component'], 1)->orWhereLike('name', $filters['component'], 1)->resetDepth();
}
$assets = $entries->order($filters['sort'], $filters['sort_Dir'])->paginated()->rows();
$actions = \Components\Members\Helpers\Debug::getActions($filters['component']);
$data = $assets->raw();
$assets->clear();
foreach ($data as $key => $asset) {
$checks = array();
foreach ($actions as $action) {
$name = $action[0];
$level = $action[1];
// Check that we check this action for the level of the asset.
if ($action[1] === null || $action[1] >= $asset->get('level')) {
// We need to test this action.
$checks[$name] = \JAccess::check($id, $action[0], $asset->get('name'));
} else {
// We ignore this action.
$checks[$name] = 'skip';
}
}
$asset->set('checks', $checks);
$assets->push($asset);
}
$levels = \Components\Members\Helpers\Debug::getLevelsOptions();
$components = \Components\Members\Helpers\Debug::getComponents();
// Output the HTML
$this->view->set('user', $member)->set('filters', $filters)->set('assets', $assets)->set('actions', $actions)->set('levels', $levels)->set('components', $components)->display();
}
/**
* Save changes to a profile
* Outputs JSON when called via AJAX, redirects to profile otherwise
*
* @return string JSON
*/
public function saveTask()
{
// Check if they are logged in
if (User::isGuest()) {
return false;
}
Request::checkToken(array('get', 'post'));
$no_html = Request::getVar('no_html', 0);
// Incoming user ID
$id = Request::getInt('id', 0, 'post');
// Do we have an ID?
if (!$id) {
App::abort(404, Lang::txt('COM_MEMBERS_NO_ID'));
}
// Load the profile
$member = Member::oneOrFail($id);
// Name changed?
$name = Request::getVar('name', array(), 'post');
if ($name && !empty($name)) {
$member->set('givenName', trim($name['first']));
$member->set('middleName', trim($name['middle']));
$member->set('surname', trim($name['last']));
$name = implode(' ', $name);
$name = preg_replace('/\\s+/', ' ', $name);
$member->set('name', $name);
}
// Set profile access
$visibility = Request::getVar('profileaccess', null, 'post');
if (!is_null($visibility)) {
$member->set('access', $visibility);
}
// Check email
$oldemail = $member->get('email');
$email = Request::getVar('email', null, 'post');
if (!is_null($email)) {
$member->set('email', (string) $email);
// Unconfirm if the email address changed
if ($oldemail != $email) {
// Get a new confirmation code
$confirm = \Components\Members\Helpers\Utility::genemailconfirm();
$member->set('activation', $confirm);
}
}
// Receieve email updates?
$sendEmail = Request::getVar('sendEmail', null, 'post');
if (!is_null($sendEmail)) {
$member->set('sendEmail', $sendEmail);
}
// Usage agreement
$usageAgreement = Request::getVar('usageAgreement', null, 'post');
if (!is_null($usageAgreement)) {
$member->set('usageAgreement', (int) $usageAgreement);
}
// Are we declining the terms of use?
// If yes we want to set the usage agreement to 0 and profile to private
$declineTOU = Request::getVar('declinetou', 0);
if ($declineTOU) {
$member->set('access', 0);
$member->set('usageAgreement', 0);
}
// Save the changes
if (!$member->save()) {
$this->setError($member->getError());
if ($no_html) {
echo json_encode($this->getErrors());
exit;
}
return $this->editTask($member);
}
// Incoming profile edits
$profile = Request::getVar('profile', array(), 'post', 'none', 2);
$access = Request::getVar('access', array(), 'post');
$field_to_check = Request::getVar('field_to_check', array());
$old = Profile::collect($member->profiles);
$profile = array_merge($old, $profile);
// Compile profile data
foreach ($profile as $key => $data) {
if (isset($profile[$key]) && is_array($profile[$key])) {
$profile[$key] = array_filter($profile[$key]);
}
if (isset($profile[$key . '_other']) && trim($profile[$key . '_other'])) {
if (is_array($profile[$key])) {
$profile[$key][] = $profile[$key . '_other'];
} else {
$profile[$key] = $profile[$key . '_other'];
}
unset($profile[$key . '_other']);
}
}
// Validate profile data
$fields = Field::all()->including(['options', function ($option) {
$option->select('*');
}])->where('action_edit', '!=', Field::STATE_HIDDEN)->ordered()->rows();
$form = new \Hubzero\Form\Form('profile', array('control' => 'profile'));
$form->load(Field::toXml($fields, 'edit', $profile));
$form->bind(new \Hubzero\Config\Registry($profile));
$errors = array('_missing' => array(), '_invalid' => array());
if (!$form->validate($profile)) {
foreach ($form->getErrors() as $key => $error) {
// Filter out fields
if (!empty($field_to_check) && !in_array($key, $field_to_check)) {
continue;
}
if ($error instanceof \Hubzero\Form\Exception\MissingData) {
$errors['_missing'][$key] = (string) $error;
}
$errors['_invalid'][$key] = (string) $error;
$this->setError((string) $error);
}
}
if ($this->getError()) {
if ($no_html) {
echo json_encode($errors);
exit;
}
return $this->editTask($member);
}
// Save profile data
if (!$member->saveProfile($profile, $access)) {
$this->setError($member->getError());
if ($no_html) {
echo json_encode($this->getErrors());
exit;
}
return $this->editTask($member);
}
$email = $member->get('email');
// Make sure certain changes make it back to the user table
if ($member->get('id') == User::get('id')) {
$user = App::get('session')->get('user');
if ($member->get('name') != $user->get('name')) {
$user->set('name', $member->get('name'));
}
// Update session if email is changing
if ($member->get('email') != $user->get('email')) {
$user->set('email', $member->get('email'));
// Add item to session to mark that the user changed emails
// this way we can serve profile images for these users but not all
// unconfirmed users
App::get('session')->set('userchangedemail', 1);
}
App::get('session')->set('user', $user);
}
// Send a new confirmation code AFTER we've successfully saved the changes to the e-mail address
if ($email != $oldemail) {
$this->_sendConfirmationCode($member->get('username'), $email, $confirm);
}
// If were declinging the terms we want to logout user and tell the javascript
if ($declineTOU) {
App::get('auth')->logout();
echo json_encode(array('loggedout' => true));
return;
}
if ($no_html) {
// Output JSON
echo json_encode(array('success' => true));
exit;
}
// Redirect
App::redirect(Route::url('index.php?option=' . $this->_option . ($id ? '&id=' . $id . '&active=profile' : '')));
}
/**
* Save an ORCID to a profile
*
* @param string $orcid
* @return boolean
*/
private function _save($orcid)
{
// Instantiate a new profile object
$profile = Member::oneOrFail(User::get('id'));
if ($profile) {
$profile->set('orcid', $orcid);
return $profile->save();
}
return false;
}
/**
* Download a file
*
* @return void
*/
public function downloadTask()
{
//get vars
$id = Request::getInt('id', 0);
//check to make sure we have an id
if (!$id || $id == 0) {
return;
}
//Load member profile
$member = Member::oneOrFail($id);
// check to make sure we have member profile
if (!$member) {
return;
}
//get the file name
// make sure to leave out any query params (ex. ?v={timestamp})
$uri = Request::getVar('SCRIPT_URL', '', 'server');
if (strstr($uri, 'Image:')) {
$file = str_replace('Image:', '', strstr($uri, 'Image:'));
} elseif (strstr($uri, 'File:')) {
$file = str_replace('File:', '', strstr($uri, 'File:'));
}
//decode file name
$file = urldecode($file);
// build base path
$base_path = $this->filespace() . DS . \Hubzero\Utility\String::pad($member->get('id'), 5);
//if we are on the blog
if (Request::getVar('active', 'profile') == 'blog') {
// @FIXME Check still needs to occur for non-public entries
//authorize checks
/*if ($this->_authorize() != 'admin')
{
if (User::get('id') != $member->get('id'))
{
App::abort(403, Lang::txt('You are not authorized to download the file: ') . ' ' . $file);
}
}*/
//get the params from the members blog plugin
$blog_params = Plugin::params('members', 'blog');
//build the base path to file based of upload path param
$base_path = str_replace('{{uid}}', \Hubzero\Utility\String::pad($member->get('id'), 5), $blog_params->get('uploadpath'));
}
//build file path
$file_path = $base_path . DS . $file;
// Ensure the file exist
if (!file_exists(PATH_APP . DS . $file_path)) {
App::abort(404, Lang::txt('The requested file could not be found: ') . ' ' . $file);
return;
}
// Serve up the image
$xserver = new \Hubzero\Content\Server();
$xserver->filename(PATH_APP . DS . $file_path);
$xserver->disposition('attachment');
$xserver->acceptranges(false);
// @TODO fix byte range support
//serve up file
if (!$xserver->serve()) {
// Should only get here on error
App::abort(404, Lang::txt('An error occured while trying to output the file'));
}
exit;
}
