/**
* Direct access to field for custom operations, like for Ajax
*
* WARNING: direct unchecked access, except if $user is set, then check well for the $reason ...
*
* @param FieldTable $field
* @param UserTable $user
* @param array $postdata
* @param string $reason 'profile' for user profile view, 'edit' for profile edit, 'register' for registration, 'search' for searches
* @return string Expected output.
*/
public function fieldClass(&$field, &$user, &$postdata, $reason)
{
global $_CB_framework, $_CB_database, $_PLUGINS;
parent::fieldClass($field, $user, $postdata, $reason);
// Performs spoof check
$myId = (int) $_CB_framework->myId();
$userId = (int) $user->get('id');
$fieldId = (int) $field->get('fieldid');
$ipAddresses = cbGetIParray();
$ipAddress = trim(array_shift($ipAddresses));
$fieldName = $field->get('name');
$readOnly = $this->_isReadOnly($field, $user, $reason);
if (cbGetParam($_GET, 'function', null) == 'savevalue' && (!$readOnly && $this->getIncrementAccess($field, $user)) && $userId) {
$oldUserComplete = new UserTable($field->getDbo());
foreach (array_keys(get_object_vars($user)) as $k) {
if (substr($k, 0, 1) != '_') {
$oldUserComplete->set($k, $user->get($k));
}
}
$direction = stripslashes(cbGetParam($postdata, 'value'));
$value = (int) $user->get($fieldName);
if ($direction == 'plus') {
$increment = (int) $field->params->get('points_inc_plus', 1);
$value += $increment && $increment > 0 ? $increment : 0;
} elseif ($direction == 'minus') {
$increment = (int) $field->params->get('points_inc_minus', 1);
$value -= $increment && $increment > 0 ? $increment : 0;
$increment = $increment ? -$increment : 0;
} else {
$increment = 0;
}
$postdata[$fieldName] = $value;
if ($this->validate($field, $user, $fieldName, $value, $postdata, $reason) && $increment && (int) $user->get($fieldName) != $value) {
$query = 'INSERT INTO ' . $_CB_database->NameQuote('#__comprofiler_ratings') . "\n (" . $_CB_database->NameQuote('user_id') . ', ' . $_CB_database->NameQuote('type') . ', ' . $_CB_database->NameQuote('item') . ', ' . $_CB_database->NameQuote('target') . ', ' . $_CB_database->NameQuote('rating') . ', ' . $_CB_database->NameQuote('ip_address') . ', ' . $_CB_database->NameQuote('date') . ')' . "\n VALUES (" . $myId . ', ' . $_CB_database->Quote('field') . ', ' . $fieldId . ', ' . $userId . ', ' . (double) $increment . ', ' . $_CB_database->Quote($ipAddress) . ', ' . $_CB_database->Quote($_CB_framework->getUTCDate()) . ')';
$_CB_database->setQuery($query);
$_CB_database->query();
$user->set($fieldName, (int) $value);
$_PLUGINS->trigger('onBeforeUserUpdate', array(&$user, &$user, &$oldUserComplete, &$oldUserComplete));
$query = 'UPDATE ' . $_CB_database->NameQuote('#__comprofiler') . "\n SET " . $_CB_database->NameQuote($fieldName) . " = " . (int) $user->get($fieldName) . "\n WHERE " . $_CB_database->NameQuote('id') . " = " . $userId;
$_CB_database->setQuery($query);
if ($_CB_database->query()) {
$_PLUGINS->trigger('onAfterUserUpdate', array(&$user, &$user, $oldUserComplete));
}
}
}
return $this->getPointsHTML($field, $user, $reason, true);
}
/**
* Gets a comma-separated list of IP addresses taking in account the proxys on the way.
* An array is needed because FORWARDED_FOR can be facked as well.
*
* @return string of IP addresses, first one being host, and last one last proxy (except fackings)
*/
function cbGetIPlist()
{
return addslashes(implode(",", cbGetIParray()));
}
/**
* Handles registration blocking
*
* @param UserTable $user
* @param UserTable $userDuplicate
*/
public function onBeforeUserRegistration( &$user, &$userDuplicate )
{
global $_CB_framework, $_CB_database, $_PLUGINS;
$ipAddresses = cbGetIParray();
$ipAddress = trim( array_shift( $ipAddresses ) );
$blocked = cbantispamClass::getUserBlock( $user, $ipAddress );
if ( $blocked ) {
$this->blockRegistration( $blocked->get( 'reason' ), $blocked->get( 'duration' ), $blocked->get( 'date' ), $blocked->getExpire() );
} elseif ( ( ( ! $_PLUGINS->is_errors() ) && ( ! $user->getError() ) ) ) {
if ( $this->params->get( 'reg_duplicate', 0 ) ) {
if ( ! cbantispamClass::isUserBlockable( $user, $ipAddress ) ) {
return;
}
$timeframe = $this->params->get( 'reg_duplicate_timeframe', '-1 YEAR' );
$query = 'SELECT COUNT(*)'
. "\n FROM " . $_CB_database->NameQuote( '#__comprofiler_plugin_antispam_log' ) . " AS l"
. "\n INNER JOIN " . $_CB_database->NameQuote( '#__users' ) . " AS u"
. ' ON u.' . $_CB_database->NameQuote( 'id' ) . ' = l.' . $_CB_database->NameQuote( 'user_id' )
. "\n WHERE l." . $_CB_database->NameQuote( 'ip_address' ) . " = " . $_CB_database->Quote( $ipAddress );
if ( $timeframe ) {
$query .= "\n AND l." . $_CB_database->NameQuote( 'date' ) . " >= " . $_CB_database->Quote( $_CB_framework->getUTCDate( 'Y-m-d H:i:s', $timeframe ) );
}
$_CB_database->setQuery( $query );
$accounts = $_CB_database->loadResult();
$count = (int) $this->params->get( 'reg_duplicate_count', 1 );
if ( ! $count ) {
$count = 1;
}
if ( $accounts >= $count ) {
$method = (int) $this->params->get( 'reg_duplicate_method', 0 );
$reason = $this->params->get( 'reg_duplicate_reason', 'Already registered.' );
if ( $method == 1 ) {
$row = new cbantispamBlockTable();
$row->set( 'type', 'ip' );
$row->set( 'value', $ipAddress );
$row->set( 'date', $_CB_framework->getUTCDate() );
$row->set( 'duration', $this->params->get( 'reg_duplicate_dur', '+1 HOUR' ) );
$row->set( 'reason', $reason );
$row->store();
$this->blockRegistration( $row->get( 'reason' ), $row->get( 'duration' ), $row->get( 'date' ), $row->getExpire() );
} else {
$this->blockRegistration( $reason );
}
}
}
}
}
