/** * @param TabTable $tab Current tab * @param UserTable $user Current user * @param int $ui 1 front, 2 admin UI * @param array $postdata Raw unfiltred POST data * @return string HTML */ public function getCBpluginComponent($tab, $user, $ui, $postdata) { global $_CB_framework; outputCbJs(1); outputCbTemplate(1); $plugin = cbblogsClass::getPlugin(); $model = cbblogsClass::getModel(); $action = $this->input('action', null, GetterInterface::STRING); $function = $this->input('func', null, GetterInterface::STRING); $id = $this->input('id', null, GetterInterface::INT); $user = CBuser::getUserDataInstance($_CB_framework->myId()); $tab = new TabTable(); $tab->load(array('pluginid' => (int) $plugin->id)); $profileUrl = $_CB_framework->userProfileUrl($user->get('id'), false, 'cbblogsTab'); if (!($tab->enabled && Application::MyUser()->canViewAccessLevel($tab->viewaccesslevel))) { cbRedirect($profileUrl, CBTxt::T('Not authorized.'), 'error'); } ob_start(); switch ($action) { case 'blogs': switch ($function) { case 'new': $this->showBlogEdit(null, $user, $model, $plugin); break; case 'edit': $this->showBlogEdit($id, $user, $model, $plugin); break; case 'save': cbSpoofCheck('plugin'); $this->saveBlogEdit($id, $user, $model, $plugin); break; case 'publish': $this->stateBlog(1, $id, $user, $model, $plugin); break; case 'unpublish': $this->stateBlog(0, $id, $user, $model, $plugin); break; case 'delete': $this->deleteBlog($id, $user, $model, $plugin); break; case 'show': default: if ($model->type != 2) { cbRedirect(cbblogsModel::getUrl((int) $id, false)); } else { $this->showBlog($id, $user, $model, $plugin); } break; } break; default: cbRedirect($profileUrl, CBTxt::T('Not authorized.'), 'error'); break; } $html = ob_get_contents(); ob_end_clean(); $class = $plugin->params->get('general_class', null); $return = '<div id="cbBlogs" class="cbBlogs' . ($class ? ' ' . htmlspecialchars($class) : null) . '">' . '<div id="cbBlogsInner" class="cbBlogsInner">' . $html . '</div>' . '</div>'; echo $return; }
/** * @param null $tab * @param UserTable $user * @param int $ui * @param array $postdata */ public function getCBpluginComponent($tab, $user, $ui, $postdata) { global $_CB_framework, $_PLUGINS, $_CB_PMS; cbSpoofCheck('plugin'); $id = $this->input('id', null, GetterInterface::INT); $user = CBuser::getMyUserDataInstance(); if (!$id) { cbRedirect($_CB_framework->userProfileUrl($user->get('id'), false, 'getmypmsproTab'), CBTxt::T('SEND_PMS_MISSING_TO_USER', 'Private message failed to send! Error: Missing to user'), 'error'); } $profileUrl = $_CB_framework->userProfileUrl($id, false, 'getmypmsproTab'); if (!$user->get('id')) { cbRedirect($profileUrl, CBTxt::T('Not authorized.'), 'error'); } if ($id == $user->get('id')) { cbRedirect($profileUrl, CBTxt::T('SEND_PMS_ERROR_SELF', 'Private message failed to send! Error: You can not send a private message to your self'), 'error'); } $tab = new TabTable(); $tab->load(array('pluginclass' => 'getmypmsproTab')); if (!($tab->enabled && Application::MyUser()->canViewAccessLevel($tab->viewaccesslevel))) { cbRedirect($profileUrl, CBTxt::T('Not authorized.'), 'error'); } $subject = $this->input('subject', null, GetterInterface::STRING); $message = $this->input('message', null, GetterInterface::STRING); $send = $_CB_PMS->sendPMSMSG($id, $user->get('id'), $subject, $message, false); if (is_array($send) && count($send) > 0) { $result = $send[0]; } else { $result = false; } if ($result) { cbRedirect($profileUrl, CBTxt::T('SEND_PMS_SUCCESS', 'Private message sent successfully!')); } else { cbRedirect($profileUrl, $_PLUGINS->getErrorMSG(), 'error'); } }
/** * If table key (id) is NULL : inserts a new row * otherwise updates existing row in the database table * * Can be overridden or overloaded by the child class * * @param boolean $updateNulls TRUE: null object variables are also updated, FALSE: not. * @return boolean TRUE if successful otherwise FALSE * * @throws \InvalidArgumentException * @throws \RuntimeException */ public function store($updateNulls = false) { cbimport('cb.tabs'); cbimport('cb.imgtoolbox'); cbimport('cb.adminfilesystem'); cbimport('cb.installer'); cbimport('cb.params'); cbimport('cb.pagination'); cbSpoofCheck('plugin'); checkCanAdminPlugins('core.admin'); ob_start(); switch ($this->func) { case 'installPluginUpload': $success = $this->installPluginUpload(); break; case 'installPluginDir': $success = $this->installPluginDir($this->localdirectory); break; case 'installPluginURL': $success = $this->installPluginURL($this->packageurl); break; case 'installPluginDisc': $success = $this->installPluginDisc($this->plgfile); break; default: throw new \InvalidArgumentException(CBTxt::T('INVALID_FUNCTION', 'Invalid function'), 500); } $html = ob_get_contents(); ob_end_clean(); $this->_resultMessage = $html; if (!$success) { $this->setError('Installation error'); } return $success; }
/** * @param null $tab * @param UserTable $user * @param int $ui * @param array $postdata */ public function getCBpluginComponent( $tab, $user, $ui, $postdata ) { global $_CB_framework; outputCbJs( 1 ); outputCbTemplate( 1 ); $action = $this->input( 'action', null, GetterInterface::STRING ); $function = $this->input( 'func', null, GetterInterface::STRING ); $id = $this->input( 'id', null, GetterInterface::INT ); $user = CBuser::getMyUserDataInstance(); $profileUrl = $_CB_framework->userProfileUrl( $user->get( 'id' ), false ); if ( ! $user->get( 'id' ) ) { $profileUrl = 'index.php'; } ob_start(); switch ( $action ) { case 'privacy': switch ( $function ) { case 'disable': $this->disableProfile( $id, $user ); break; case 'disableuser': cbSpoofCheck( 'plugin' ); $this->disableUser( $id, $user ); break; case 'delete': $this->deleteProfile( $id, $user ); break; case 'deleteuser': cbSpoofCheck( 'plugin' ); $this->deleteUser( $id, $user ); break; default: cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' ); break; } break; default: cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' ); break; } $html = ob_get_contents(); ob_end_clean(); $class = $this->params->get( 'general_class', null ); $return = '<div id="cbPrivacy" class="cbPrivacy' . ( $class ? ' ' . htmlspecialchars( $class ) : null ) . '">' . '<div id="cbPrivacyInner" class="cbPrivacyInner">' . $html . '</div>' . '</div>'; echo $return; }
/** * @param TabTable $tab Current tab * @param UserTable $user Current user * @param int $ui 1 front, 2 admin UI * @param array $postdata Raw unfiltred POST data * @return string HTML */ public function getCBpluginComponent( $tab, $user, $ui, $postdata ) { $format = $this->input( 'format', null, GetterInterface::STRING ); if ( $format != 'raw' ) { outputCbJs(); outputCbTemplate(); } $action = $this->input( 'action', null, GetterInterface::STRING ); $function = $this->input( 'func', null, GetterInterface::STRING ); $id = (int) $this->input( 'id', null, GetterInterface::INT ); $user = CBuser::getMyUserDataInstance(); if ( $format != 'raw' ) { ob_start(); } switch ( $action ) { case 'wall': switch ( $function ) { case 'publish': $this->stateWall( 1, $id, $user ); break; case 'unpublish': $this->stateWall( 0, $id, $user ); break; case 'delete': $this->deleteWall( $id, $user ); break; case 'new': $this->showWallEdit( null, $user ); break; case 'edit': $this->showWallEdit( $id, $user ); break; case 'save': cbSpoofCheck( 'plugin' ); $this->saveWallEdit( $id, $user ); break; } break; } if ( $format != 'raw' ) { $html = ob_get_contents(); ob_end_clean(); $class = $this->_gjParams->get( 'general_class', null ); $return = '<div class="cbGroupJive' . ( $class ? ' ' . htmlspecialchars( $class ) : null ) . '">' . '<div class="cbGroupJiveInner">' . $html . '</div>' . '</div>'; echo $return; } }
/** * Direct access to field for custom operations, like for Ajax * * WARNING: direct unchecked access, except if $user is set, then check well for the $reason ... * * @param moscomprofilerFields $field * @param moscomprofilerUser $user * @param array $postdata * @param string $reason 'profile' for user profile view, 'edit' for profile edit, 'register' for registration, 'search' for searches * @return string Expected output. */ function fieldClass(&$field, &$user, &$postdata, $reason) { global $_CB_framework; // simple spoof check security if (!cbSpoofCheck('fieldclass', 'POST', 2) || $reason == 'register' && $_CB_framework->getUi() == 1 && !cbRegAntiSpamCheck(2)) { echo '<span class="cb_result_error">' . _UE_SESSION_EXPIRED . "</span>"; exit; } return false; }
/** * @param null $tab * @param UserTable $user * @param int $ui * @param array $postdata */ public function getCBpluginComponent( $tab, $user, $ui, $postdata ) { global $_CB_framework; outputCbJs( 1 ); outputCbTemplate( 1 ); $action = $this->input( 'action', null, GetterInterface::STRING ); $function = $this->input( 'func', null, GetterInterface::STRING ); $id = $this->input( 'id', null, GetterInterface::INT ); $user = CBuser::getMyUserDataInstance(); $tab = new TabTable(); $tab->load( array( 'pluginclass' => 'cbinvitesTab' ) ); $profileUrl = $_CB_framework->userProfileUrl( $user->get( 'id' ), false, 'cbinvitesTab' ); if ( ! ( $tab->enabled && Application::MyUser()->canViewAccessLevel( $tab->viewaccesslevel ) ) ) { cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' ); } ob_start(); switch ( $action ) { case 'invites': switch ( $function ) { case 'new': $this->showInviteEdit( null, $user ); break; case 'edit': $this->showInviteEdit( $id, $user ); break; case 'save': cbSpoofCheck( 'plugin' ); $this->saveInviteEdit( $id, $user ); break; case 'send': $this->sendInvite( $id, $user ); break; case 'delete': $this->deleteInvite( $id, $user ); break; case 'show': default: cbRedirect( $profileUrl ); break; } break; default: cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' ); break; } $html = ob_get_contents(); ob_end_clean(); $class = $this->params->get( 'general_class', null ); $return = '<div id="cbInvites" class="cbInvites' . ( $class ? ' ' . htmlspecialchars( $class ) : null ) . '">' . '<div id="cbInvitesInner" class="cbInvitesInner">' . $html . '</div>' . '</div>'; echo $return; }
/** * render backend edit plugin view * * @param object $row * @param string $option * @param string $task * @param int $uid * @param string $action * @param string $element * @param int $mode * @param object $pluginParams */ public function editPluginView( $row, $option, $task, $uid, $action, $element, $mode, $pluginParams ) { global $_CB_framework, $_CB_database, $_CB_Backend_Menu, $_CB_Backend_task, $_GJ_Backend_Title, $_PLUGINS; if ( ! CBuser::getMyInstance()->authoriseAction( 'core.manage' ) ) { cbRedirect( $_CB_framework->backendUrl( 'index.php' ), _UE_NOT_AUTHORIZED, 'error' ); } outputCbJs( 2 ); outputCbTemplate( 2 ); $plugin = cbgjClass::getPlugin(); $_CB_framework->document->addHeadStyleSheet( $plugin->livePath . '/admin.' . $plugin->element . '.css' ); require_once( $plugin->absPath . '/admin.' . $plugin->element . '.html.php' ); $_CB_Backend_task = $task; $_GJ_Backend_Title = array(); $_CB_Backend_Menu->mode = $plugin->element . 'Admin'; $actions = explode( '.', $action ); $action = ( isset( $actions[0] ) ? $actions[0] : null ); $function = ( isset( $actions[1] ) ? $actions[1] : null ); $id = cbGetParam( $_REQUEST, 'id', array( 0 ) ); $order = cbGetParam( $_REQUEST, 'order', array( 0 ) ); $user =& CBuser::getUserDataInstance( $_CB_framework->myId() ); if ( ! is_array( $id ) ) { $id = array( $id ); } if ( ! $id ) { $id = array( 0 ); } if ( ! is_array( $order ) ) { $order = array( $order ); } if ( ! $order ) { $order = array( 0 ); } $save_mode = ( $mode == 'applyPlugin' ? 'apply' : $function ); ob_start(); switch ( $action ) { case 'categories': switch ( $function ) { case 'menu': $this->createCategoryMenu( $id[0], $user, $plugin ); break; case 'publish': cbSpoofCheck( 'plugin' ); $this->stateCategory( $id, 1, $user, $plugin ); break; case 'unpublish': cbSpoofCheck( 'plugin' ); $this->stateCategory( $id, 0, $user, $plugin ); break; case 'order': cbSpoofCheck( 'plugin' ); $this->orderCategory( $id, $order, $user, $plugin ); break; case 'orderup': cbSpoofCheck( 'plugin' ); $this->orderCategory( $id[0], -1, $user, $plugin ); break; case 'orderdown': cbSpoofCheck( 'plugin' ); $this->orderCategory( $id[0], 1, $user, $plugin ); break; case 'batch': $this->batchCategory( $id, $user, $plugin ); break; case 'copy': $this->copyCategory( $id, $user, $plugin ); break; case 'delete': cbSpoofCheck( 'plugin' ); $this->deleteCategory( $id, $user, $plugin ); break; case 'new': $this->showCategoryEdit( null, $user, $plugin ); break; case 'edit': $this->showCategoryEdit( $id[0], $user, $plugin ); break; case 'save': case 'apply': cbSpoofCheck( 'plugin' ); $this->saveCategoryEdit( $id[0], $save_mode, $user, $plugin ); break; case 'show': default: $this->showCategories( $user, $plugin ); break; } break; case 'groups': switch ( $function ) { case 'menu': $this->createGroupMenu( $id[0], $user, $plugin ); break; case 'publish': cbSpoofCheck( 'plugin' ); $this->stateGroup( $id, 1, $user, $plugin ); break; case 'unpublish': cbSpoofCheck( 'plugin' ); $this->stateGroup( $id, 0, $user, $plugin ); break; case 'order': cbSpoofCheck( 'plugin' ); $this->orderGroup( $id, $order, $user, $plugin ); break; case 'orderup': cbSpoofCheck( 'plugin' ); $this->orderGroup( $id[0], -1, $user, $plugin ); break; case 'orderdown': cbSpoofCheck( 'plugin' ); $this->orderGroup( $id[0], 1, $user, $plugin ); break; case 'batch': $this->batchGroup( $id, $user, $plugin ); break; case 'copy': $this->copyGroup( $id, $user, $plugin ); break; case 'delete': cbSpoofCheck( 'plugin' ); $this->deleteGroup( $id, $user, $plugin ); break; case 'new': $this->showGroupEdit( null, $user, $plugin ); break; case 'edit': $this->showGroupEdit( $id[0], $user, $plugin ); break; case 'save': case 'apply': cbSpoofCheck( 'plugin' ); $this->saveGroupEdit( $id[0], $save_mode, $user, $plugin ); break; case 'show': default: $this->showGroups( $user, $plugin ); break; } break; case 'users': switch ( $function ) { case 'ban': cbSpoofCheck( 'plugin' ); $this->statusUser( $id, -1, $user, $plugin ); break; case 'active': cbSpoofCheck( 'plugin' ); $this->statusUser( $id, 1, $user, $plugin ); break; case 'inactive': cbSpoofCheck( 'plugin' ); $this->statusUser( $id, 0, $user, $plugin ); break; case 'mod': cbSpoofCheck( 'plugin' ); $this->statusUser( $id, 2, $user, $plugin ); break; case 'admin': cbSpoofCheck( 'plugin' ); $this->statusUser( $id, 3, $user, $plugin ); break; case 'owner': cbSpoofCheck( 'plugin' ); $this->statusUser( $id, 4, $user, $plugin ); break; case 'batch': $this->batchUser( $id, $user, $plugin ); break; case 'delete': cbSpoofCheck( 'plugin' ); $this->deleteUser( $id, $user, $plugin ); break; case 'new': $this->showUserEdit( null, $user, $plugin ); break; case 'edit': $this->showUserEdit( $id[0], $user, $plugin ); break; case 'save': case 'apply': cbSpoofCheck( 'plugin' ); $this->saveUserEdit( $id[0], $save_mode, $user, $plugin ); break; case 'show': default: $this->showUsers( $user, $plugin ); break; } break; case 'invites': switch ( $function ) { case 'delete': cbSpoofCheck( 'plugin' ); $this->deleteInvite( $id, $user, $plugin ); break; case 'show': default: $this->showInvites( $user, $plugin ); break; } break; case 'config': switch ( $function ) { case 'save': cbSpoofCheck( 'plugin' ); $this->saveConfig( $_POST, $user, $plugin ); break; case 'show': default: $this->showConfig( $user, $plugin ); break; } break; case 'tools': switch ( $function ) { case 'migrate': $this->showMigrate( $user, $plugin ); break; case 'delmigrate': $this->deleteMigrate( $user, $plugin ); break; case 'show': default: $this->showTools( $user, $plugin ); break; } break; case 'fix': switch ( $function ) { case 'categories': $this->fixCategories( $id[0], $user, $plugin ); break; case 'groups': $this->fixGroups( $id[0], $user, $plugin ); break; case 'users': $this->fixUsers( $id[0], $user, $plugin ); break; default: $this->showTools( $user, $plugin ); break; } break; case 'integrations': $this->showIntegrations( $user, $plugin ); break; case 'menus': switch ( $function ) { case 'save': $this->saveMenus( $user, $plugin ); break; default: $this->showMenus( $user, $plugin ); break; } break; case 'plugin': $_PLUGINS->trigger( 'gj_onPluginBE', array( array( $function, $id, $order, $save_mode ), $user, $plugin ) ); break; default: switch ( $function ) { case 'menu': $this->createPluginMenu( $user, $plugin ); break; case 'show': default: $this->showPlugin( $user, $plugin ); break; } break; } $html = ob_get_contents(); ob_end_clean(); ob_start(); include( $_CB_framework->getCfg( 'absolute_path' ) . '/components/com_comprofiler/plugin/user/plug_cbgroupjive/toolbar.cbgroupjive.php' ); $toolbar = ob_get_contents(); ob_end_clean(); $title = ( isset( $_GJ_Backend_Title[0] ) ? $_GJ_Backend_Title[0] : null ); $class = ( isset( $_GJ_Backend_Title[1] ) ? ' ' . $_GJ_Backend_Title[1] : null ); $return = '<div style="margin:0px;border-width:0px;padding:0px;float:left;width:100%;text-align:left;" class="gjAdmin">' . '<div id="cbAdminMainWrapper" style="margin:0px;border-width:0px;padding:0px;float:none;width:auto;">' . '<div style="float:right;" class="gjAdminToolbar">' . $toolbar . '</div>' . '<div style="float:left;" class="header' . $class . '">' . $title . '</div>' . '<div style="clear:both;"></div>' . '<div style="float:left;width:100%;margin-top:10px;">' . $html . '</div>' . '<div style="clear:both;"></div>' . '</div>' . '</div>'; echo $return; }
function _cbadmin_emailUsers( &$rows, $emailSubject, $emailBody, $limitstart, $limit, $total, $simulationMode ) { global $_PLUGINS; // simple spoof check security cbSpoofCheck( 'cbadmingui' ); cbRegAntiSpamCheck(); $cbNotification = new cbNotification(); $mode = 1; // html $usernames = ''; foreach ( $rows as $row ) { $user = CBuser::getUserDataInstance( (int) $row->id ); $usernames .= ( $usernames ? ', ' : '' ) . htmlspecialchars( $user->username ); if ( $simulationMode ) { $usernames .= ' (' . htmlspecialchars( CBTxt::T('email not send: simulation mode') ) . ')'; } else { $extraStrings = array(); $_PLUGINS->trigger( 'onBeforeBackendUserEmail', array( &$user, &$emailSubject, &$emailBody, $mode, &$extraStrings, $simulationMode ) ); if ( ! $cbNotification->sendFromSystem( $user, $emailSubject, $this->_cbadmin_makeLinksAbsolute( $emailBody ), true, $mode, null, null, null, $extraStrings, false ) ) { $usernames .= ': <span class="cb_result_error">' . htmlspecialchars( CBTxt::T('Error sending email!') ) . '</span>'; } } } if ( $total < $limit ) { $limit = $total; } ob_start(); $usersView = _CBloadView( 'users' ); $usersView->ajaxResults( $usernames, $emailSubject, $this->_cbadmin_makeLinksAbsolute( $emailBody ), $limitstart, $limit, $total ); $html = ob_get_contents(); ob_end_clean(); $reply = array( 'result' => 1, 'htmlcontent' => $html ); if ( ! ( $total - ( $limitstart + $limit ) > 0 ) ) { $reply['result'] = 2; } echo json_encode( $reply ); sleep(3); }
/** * Saves the CB plugin view after an edit view form submit * * @param array $options * @param array $actionPath * @param array $keyValues * @param array $parametersValues * @param SimpleXMLElement $viewModel * @param TableInterface $data * @param RegistryEditController $params * @param string $mode * @param string $dataModelType * @param PluginTable $plugin * @param SimpleXMLElement $dataModel * @param RegistryInterface $pluginParams * @param string $cbprevstate * @param int $ui * @return null|string NULL: ok, STRING: error */ protected function savePluginView($options, $actionPath, $keyValues, $parametersValues, $viewModel, $data, $params, &$mode, $dataModelType, $plugin, $dataModel, $pluginParams, $cbprevstate, $ui) { global $_CB_framework; new cbTabs(false, 2, -1, false); // prevents output of CB tabs js code until we are done with drawing (or redirecting) $resultingMsg = null; cbSpoofCheck('plugin'); $postArray = $this->input->getNamespaceRegistry('post')->asArray(); // List of variables to exclude from the $postArray: $exclude = array('option', 'cid', 'cbprevstate', cbSpoofField()); foreach ($actionPath as $k => $v) { $exclude[] = $k; } // Remove the exclude variables from the $postArray before being used in the below cases: foreach ($exclude as $v) { if (isset($postArray[$v])) { unset($postArray[$v]); } } // Fix multi-selects and multi-checkboxes arrays to |*|-delimited strings: $postArray = $this->recursiveMultiSelectFix($postArray); foreach ($postArray as $key => $value) { if (property_exists($data, $key)) { $postArray[$key] = is_array($value) ? json_encode($value) : $value; } } $errorMsg = null; switch ($dataModelType) { case 'sql:row': if ($ui == 2) { if (true !== ($error = RegistryEditView::validateAndBindPost($params, $postArray))) { $errorMsg = $error; break; } if (!$data->bind($postArray)) { $errorMsg = $data->getError(); break; } } else { RegistryEditView::setFieldsListArrayValues(true); $fields = $params->draw(null, null, null, null, null, null, false, 'param', 'fieldsListArray'); // New CB2.0 way for bind(): foreach ($fields as $key => $value) { if (property_exists($data, $key)) { $data->{$key} = is_array($value) ? json_encode($value) : $value; } } } if (!$data->check()) { $errorMsg = $data->getError(); break; } $dataModelKey = $data->getKeyName(); $dataModelValueOld = $data->{$dataModelKey}; if ($mode == 'savecopy') { if (!$data->canCopy($data)) { $errorMsg = $data->getError(); break; } if (!$data->copy($data)) { $errorMsg = $data->getError(); break; } } else { if (!$data->store()) { $errorMsg = $data->getError(); break; } } $dataModelValue = $data->{$dataModelKey}; // Id changed; be sure to update the url encase of redirect: if (count($keyValues) == 1) { $urlKeys = array_keys($keyValues); $urlDataKey = $urlKeys[0]; if ($mode == 'savenew') { unset($actionPath[$urlDataKey]); } elseif ($dataModelValue != $dataModelValueOld) { $actionPath[$urlDataKey] = $dataModelValue; } } if ($data->hasFeature('checkout')) { /** @var \CBLib\Database\Table\CheckedOrderedTable $data */ $data->checkin(); } $this->savePluginViewOrder($data, $viewModel); $resultingMsg = $data->cbResultOfStore(); break; case 'sql:field': // <data name="params" type="sql:field" table="#__cbsubs_config" class="cbpaidConfig" key="id" value="1" valuetype="sql:int" /> $dataModelName = $dataModel->attributes('name'); $dataModelKey = $dataModel->attributes('key'); $dataModelValue = $dataModel->attributes('value'); if ($ui == 2) { if (true !== ($error = RegistryEditView::validateAndBindPost($params, $postArray))) { $errorMsg = $error; break; } } $rawParams = array(); $rawParams[$dataModelName] = json_encode($postArray); $xmlsql = new XmlQuery($this->db, null, $pluginParams); $xmlsql->process_data($dataModel); if ($dataModelValue) { $result = $xmlsql->queryUpdate($rawParams); } else { $result = $xmlsql->queryInsert($rawParams, $dataModelKey); } if (!$result) { $errorMsg = $xmlsql->getErrorMsg(); } break; case 'parameters': if ($ui == 2) { if (true !== ($error = RegistryEditView::validateAndBindPost($params, $postArray))) { $errorMsg = $error; break; } } $rawParams = array(); $rawParams['params'] = json_encode($postArray); // $plugin = new PluginTable( $this->_db ); // $plugin->load( $pluginId ); if (!$plugin->bind($rawParams)) { $errorMsg = $plugin->getError(); break; } if (!$plugin->check()) { $errorMsg = $plugin->getError(); break; } if (!$plugin->store()) { $errorMsg = $plugin->getError(); break; } $plugin->checkin(); $plugin->updateOrder("type='" . $plugin->getDbo()->getEscaped($plugin->type) . "' AND ordering > -10000 AND ordering < 10000 "); $resultingMsg = $plugin->cbResultOfStore(); break; case 'class': if ($ui == 2) { if (true !== ($error = RegistryEditView::validateAndBindPost($params, $postArray))) { $errorMsg = $error; break; } } if (!$data->bind($postArray)) { $errorMsg = $data->getError(); break; } if (!$data->check()) { $errorMsg = $data->getError(); break; } if (!$data->store()) { $errorMsg = $data->getError(); break; } if ($data->hasFeature('checkout')) { /** @var \CBLib\Database\Table\CheckedOrderedTable $data */ $data->checkin(); } $this->savePluginViewOrder($data, $viewModel); $resultingMsg = $data->cbResultOfStore(); break; case 'sql:multiplerows': default: echo 'Save error: showview data type: ' . $dataModelType . ' not implemented !'; exit; break; } if ($ui == 2) { $url = 'index.php?option=' . $options['option'] . '&view=' . $options['view']; if ($options['view'] == 'editPlugin') { $url .= '&cid=' . $options['pluginid']; } $url = $_CB_framework->backendUrl($url); } else { $url = 'index.php'; if (count($options) > 0) { $fixOptions = array(); foreach ($options as $k => $v) { $fixOptions[$k] = $k . '=' . urlencode($v); } $url .= '?' . implode('&', $fixOptions); } } if (isset($data->title)) { $dataItem = CBTxt::T($data->title); } elseif (isset($data->name)) { $dataItem = CBTxt::T($data->name); } else { $dataItem = null; } if ($errorMsg) { if (in_array($mode, array('save', 'savenew', 'savecopy'))) { $mode = 'apply'; } $msg = CBTxt::T('FAILED_TO_SAVE_LABEL_ITEM_BECAUSE_ERROR', 'Failed to save [label] [item] because: [error]', array('[label]' => $viewModel->attributes('label'), '[item]' => $dataItem, '[error]' => $errorMsg)); $msgType = 'error'; } else { $msg = CBTxt::T('SUCCESSFULLY_SAVED_LABEL_ITEM', 'Successfully saved [label] [item]', array('[label]' => $viewModel->attributes('label'), '[item]' => $dataItem)); $msgType = 'message'; } switch ($mode) { case 'apply': case 'savenew': case 'savecopy': unset($actionPath['view']); foreach ($actionPath as $k => $v) { if ($v !== '') { $url .= '&' . $k . '=' . $v; } } foreach ($parametersValues as $k => $v) { $url .= '&' . $k . '=' . $v; } if ($cbprevstate) { $url .= '&cbprevstate=' . $cbprevstate; } break; case 'save': if ($cbprevstate) { $prevUrl = base64_decode($cbprevstate); // $parametersValues[] = "'" . base64_encode( implode( '&', $cbprevstate ) ) . "'"; if (!preg_match('$[:/]$', $prevUrl)) { $prevUrl = str_replace('&pluginid=', '&cid=', $prevUrl); if ($ui == 2) { $url = $_CB_framework->backendUrl('index.php?' . $prevUrl); } else { $url = 'index.php?' . $prevUrl; } } } break; } if ($resultingMsg) { if ($ui != 2) { return $resultingMsg; // in frontend, for now, don't redirect here: think this is right ! } else { // If not an apply then change it to an apply so we can redisplay the view with the resulting message above it: if (in_array($mode, array('save', 'savenew', 'savecopy'))) { $mode = 'apply'; } echo $resultingMsg; } } else { if ($ui != 2) { return null; // in frontend, for now, don't redirect here: think this is right ! // $url = cbUnHtmlspecialchars( cbSef( $url ) ); } if ($mode == 'apply' && $errorMsg) { $_CB_framework->enqueueMessage($msg, $msgType); } else { cbRedirect($ui == 2 ? $url : cbSef(htmlspecialchars($url), false), $msg, $msgType); } } return null; }
/** * Generates the HTML to display the user profile tab * @param moscomprofilerTab $tab the tab database entry * @param moscomprofilerUser $user the user being displayed * @param int $ui 1 for front-end, 2 for back-end * @return mixed either string HTML for tab content, or false if ErrorMSG generated */ function getDisplayTab($tab,$user,$ui) { global $_CB_framework, $_POST, $_CB_OneTwoRowsStyleToggle; if ( ! $_CB_framework->myId() ) { return null; } $return = ""; $params = $this->params; $pmsType = $params->get('pmsType', '1'); $showTitle = $params->get('showTitle', "1"); $showSubject = $params->get('showSubject', "1"); $width = $params->get('width', "30"); $height = $params->get('height', "5"); $capabilities = $this->getPMScapabilites(); if (!$this->_checkPMSinstalled($pmsType) || ($capabilities === false)) { return false; } if ($_CB_framework->myId() == $user->id) { return null; } $newsub = null; $newmsg = null; // send PMS from this tab form input: if ( cbGetParam( $_POST, $this->_getPagingParamName("sndnewmsg") ) == _UE_PM_SENDMESSAGE ) { $sender = $this->_getReqParam("sender", null); $recip = $this->_getReqParam("recip", null); if ( $sender && $recip && ( $sender == $_CB_framework->myId() ) && ( $recip == $user->id ) ) { cbSpoofCheck( 'pms' ); $newsub = htmlspecialchars($this->_getReqParam("newsub", null)); //urldecode done in _getReqParam if($pmsType=='3' || $pmsType=='4') { $newmsg = $this->_getReqParam("newmsg", null); } else { $newmsg = htmlspecialchars($this->_getReqParam("newmsg", null)); //don't allow html input on user profile! } if ( ( $newsub || $newmsg ) && isset( $_POST[$this->_getPagingParamName( "protect" )] ) ) { $parts = explode( '_', $this->_getReqParam('protect', '' ) ); if ( ( count( $parts ) == 3 ) && ( $parts[0] == 'cbpms1' ) && ( strlen( $parts[2] ) == 32 ) && ( $parts[1] == md5($parts[2].$user->id.$user->lastvisitDate) ) ) { if (!$newsub && $capabilities["subject"]) $newsub = _UE_PM_PROFILEMSG; if ($this->sendUserPMS($recip, $sender, $newsub, $newmsg, $systemGenerated=false, $escaped=true)) { $return .= "\n<script type='text/javascript'>alert('"._UE_PM_SENTSUCCESS."')</script>"; $newsub = null; $newmsg = null; } else { $return .= "\n<script type='text/javascript'>alert('".$this->getErrorMSG()."')</script>"; } } else { $return .= "\n<script type='text/javascript'>alert('"._UE_SESSIONTIMEOUT." "._UE_PM_NOTSENT." "._UE_TRYAGAIN."')</script>"; } } else { $return .= "\n<script type='text/javascript'>alert('"._UE_PM_EMPTYMESSAGE." "._UE_PM_NOTSENT."')</script>"; } } } // display Quick Message tab: $return .= "\n\t<div class=\"sectiontableentry".$_CB_OneTwoRowsStyleToggle."\" style=\"padding-bottom:5px;\">\n"; $_CB_OneTwoRowsStyleToggle = ($_CB_OneTwoRowsStyleToggle == 1 ? 2 : 1); if($showTitle) $return .= "\t\t<div class=\"titleCell\" style=\"align: left; text-align:left; margin-left: 0px;\">" .cbUnHtmlspecialchars(getLangDefinition($tab->title)).(($showSubject && $capabilities["subject"])?"" : ":")."</div>\n"; $return .= $this->_writeTabDescription( $tab, $user ); $base_url = $this->_getAbsURLwithParam(array()); $return .= '<form method="post" action="'.$base_url.'">'; $return .= '<table cellspacing="0" cellpadding="5" class="contentpane" style="border:0px;align:left;width:90%;">'; if ($showSubject && $capabilities["subject"]) { $return .= '<tr><td><b>'._UE_EMAILFORMSUBJECT.'</b></td>'; $return .= '<td><input type="text" class="inputbox" name="'.$this->_getPagingParamName("newsub") .'" size="'.($width-8).'" value="'.stripslashes($newsub).'" /></td></tr>'; $return .= '<tr class="sectiontableentry1"><td colspan="2"><b>'._UE_EMAILFORMMESSAGE.'</b></td></tr>'; } $return .= '<tr><td colspan="2"><textarea name="'.$this->_getPagingParamName("newmsg") .'" class="inputbox" rows="'.$height.'" cols="'.$width.'">'.stripslashes($newmsg).'</textarea></td></tr>'; $return .= '<tr><td colspan="2"><input type="submit" class="button" name="'.$this->_getPagingParamName("sndnewmsg").'" value="'._UE_PM_SENDMESSAGE.'" /></td></tr>'; $return .= '</table>'; $return .= "<input type=\"hidden\" name=\"".$this->_getPagingParamName("sender")."\" value=\"" . $_CB_framework->myId() . "\" />"; $return .= "<input type=\"hidden\" name=\"".$this->_getPagingParamName("recip")."\" value=\"$user->id\" />"; $salt = cbMakeRandomString( 32 ); $return .= "<input type=\"hidden\" name=\"".$this->_getPagingParamName("protect")."\" value=\"" . 'cbpms1_' . md5($salt.$user->id.$user->lastvisitDate) . '_' . $salt . "\" />"; $return .= cbGetSpoofInputTag( 'pms' ); $return .= '</form>'; $return .= "</div>"; return $return; }
/** * @param TabTable $tab Current tab * @param UserTable $user Current user * @param int $ui 1 front, 2 admin UI * @param array $postdata Raw unfiltred POST data * @return string HTML */ public function getCBpluginComponent( $tab, $user, $ui, $postdata ) { global $_CB_framework; $format = $this->input( 'format', null, GetterInterface::STRING ); if ( $format != 'raw' ) { outputCbJs( 1 ); outputCbTemplate( 1 ); } $action = $this->input( 'action', null, GetterInterface::STRING ); $function = $this->input( 'func', null, GetterInterface::STRING ); $type = $this->input( 'type', null, GetterInterface::STRING ); $id = (int) $this->input( 'id', null, GetterInterface::INT ); $userId = (int) $this->input( 'user', null, GetterInterface::INT ); $tabId = (int) $this->input( 'tab', null, GetterInterface::INT ); if ( ! $tabId ) { switch( $type ) { case 'photos': $tabId = 'cbgalleryTabPhotos'; break; case 'files': $tabId = 'cbgalleryTabFiles'; break; case 'videos': $tabId = 'cbgalleryTabVideos'; break; case 'music': $tabId = 'cbgalleryTabMusic'; break; } } $viewer = CBuser::getMyUserDataInstance(); if ( $userId ) { $user = CBuser::getUserDataInstance( (int) $userId ); } else { $user = CBuser::getMyUserDataInstance(); } $profileUrl = $_CB_framework->userProfileUrl( (int) $user->get( 'id' ), false, $tabId ); if ( ! in_array( $type, array( 'photos', 'files', 'videos', 'music' ) ) ) { if ( ( $action == 'items' ) && in_array( $function, array( 'download', 'preview', 'show' ) ) ) { header( 'HTTP/1.0 401 Unauthorized' ); exit(); } else { cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' ); } } $tab = new TabTable(); $tab->load( ( is_integer( $tabId ) ? $tabId : array( 'pluginclass' => $tabId ) ) ); if ( ! ( $tab->get( 'enabled' ) && Application::User( (int) $viewer->get( 'id' ) )->canViewAccessLevel( $tab->get( 'viewaccesslevel' ) ) ) ) { if ( ( $action == 'items' ) && in_array( $function, array( 'download', 'preview', 'show' ) ) ) { header( 'HTTP/1.0 401 Unauthorized' ); exit(); } else { cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' ); } } if ( ! ( $tab->params instanceof ParamsInterface ) ) { $tab->params = new Registry( $tab->params ); } if ( $format != 'raw' ) { ob_start(); } switch ( $action ) { case 'items': switch ( $function ) { case 'download': $this->outputItem( false, false, $id, $type, $tab, $user, $viewer ); break; case 'edit': $this->showItemEdit( $id, $type, $tab, $user, $viewer ); break; case 'new': $this->showItemEdit( null, $type, $tab, $user, $viewer ); break; case 'save': cbSpoofCheck( 'plugin' ); $this->saveItemEdit( $id, $type, $tab, $user, $viewer ); break; case 'publish': $this->stateItem( 1, $id, $type, $tab, $user, $viewer ); break; case 'unpublish': $this->stateItem( 0, $id, $type, $tab, $user, $viewer ); break; case 'delete': $this->deleteItem( $id, $type, $tab, $user, $viewer ); break; case 'preview': $this->outputItem( true, true, $id, $type, $tab, $user, $viewer ); break; case 'show': default: $this->outputItem( true, false, $id, $type, $tab, $user, $viewer ); break; } break; case 'folders': if ( ! $tab->params->get( 'tab_' . $type . '_folders', 1 ) ) { cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' ); } switch ( $function ) { case 'edit': $this->showFolderEdit( $id, $type, $tab, $user, $viewer ); break; case 'new': $this->showFolderEdit( null, $type, $tab, $user, $viewer ); break; case 'save': cbSpoofCheck( 'plugin' ); $this->saveFolderEdit( $id, $type, $tab, $user, $viewer ); break; case 'publish': $this->stateFolder( 1, $id, $type, $tab, $user, $viewer ); break; case 'unpublish': $this->stateFolder( 0, $id, $type, $tab, $user, $viewer ); break; case 'delete': $this->deleteFolder( $id, $type, $tab, $user, $viewer ); break; case 'show': default: $this->showFolder( $id, $type, $tab, $user, $viewer ); break; } break; default: cbRedirect( 'index.php', CBTxt::T( 'Not authorized.' ), 'error' ); break; } if ( $format != 'raw' ) { $html = ob_get_contents(); ob_end_clean(); $class = $this->params->get( 'general_class', null ); $return = '<div id="cbGallery" class="cbGallery' . ( $class ? ' ' . htmlspecialchars( $class ) : null ) . '">' . '<div id="cbGalleryInner" class="cbGalleryInner">' . $html . '</div>' . '</div>'; echo $return; } }
/** * Outputs legacy user mass mailer and user reconfirm email display * * @param string $option * @param string $task * @param int[] $cid * @return bool * @deprecated 2.0 */ public function showUsers($option, $task, $cid) { global $_CB_framework, $_CB_database, $ueConfig, $_PLUGINS; cbimport('language.all'); cbimport('cb.tabs'); cbimport('cb.params'); cbimport('cb.pagination'); cbimport('cb.lists'); // We just need the user rows as we've already filtered down the IDs in user management: $query = 'SELECT *' . "\n FROM " . $_CB_database->NameQuote('#__comprofiler') . " AS c" . "\n INNER JOIN " . $_CB_database->NameQuote('#__users') . " AS u" . ' ON u.' . $_CB_database->NameQuote('id') . ' = c.' . $_CB_database->NameQuote('id') . "\n WHERE u." . $_CB_database->NameQuote('id') . " IN ( " . implode(', ', cbArrayToInts($cid)) . " )"; $_CB_database->setQuery($query); $rows = $_CB_database->loadObjectList(null, '\\CB\\Database\\Table\\UserTable', array($_CB_database)); $total = count($rows); if ($task == 'resendconfirmationemails') { if (!$rows) { cbRedirect($_CB_framework->backendViewUrl('showusers', false), CBTxt::T('SELECT_A_ROW_TO_TASK', 'Select a row to [task]', array('[task]' => $task)), 'error'); } $count = 0; /** @var UserTable[] $rows */ foreach ($rows as $row) { if ($row->confirmed == 0) { if ($row->cbactivation == '') { // Generate a new confirmation code if the user doesn't have one (requires email confirmation to be enabled): $row->store(); } $cbNotification = new cbNotification(); $cbNotification->sendFromSystem($row->id, CBTxt::T($ueConfig['reg_pend_appr_sub']), CBTxt::T($ueConfig['reg_pend_appr_msg']), true, isset($ueConfig['reg_email_html']) ? (int) $ueConfig['reg_email_html'] : 0); ++$count; } } cbRedirect($_CB_framework->backendViewUrl('showusers', false), CBTxt::T('SENT_CONFIRMATION_EMAILS_TO_NUM_USERS_USERS', 'Sent confirmation emails to [NUM_USERS] users', array('[NUM_USERS]' => $count))); } else { $emailSubject = stripslashes(cbGetParam($_POST, 'emailsubject', '')); $emailBody = stripslashes(rawurldecode(cbGetParam($_POST, 'emailbody', '', _CB_ALLOWRAW | _CB_NOTRIM))); $emailAttach = stripslashes(cbGetParam($_POST, 'emailattach', '')); $emailsPerBatch = stripslashes(cbGetParam($_POST, 'emailsperbatch', 50)); $emailsBatch = stripslashes(cbGetParam($_POST, 'emailsbatch', 0)); $emailFromName = stripslashes(cbGetParam($_POST, 'emailfromname', '')); $emailFromAddr = stripslashes(cbGetParam($_POST, 'emailfromaddr', '')); $emailReplyName = stripslashes(cbGetParam($_POST, 'emailreplyname', '')); $emailReplyAddr = stripslashes(cbGetParam($_POST, 'emailreplyaddr', '')); $emailPause = stripslashes(cbGetParam($_POST, 'emailpause', 30)); $simulationMode = stripslashes(cbGetParam($_POST, 'simulationmode', '')); // B/C trigger variables: if (count($cid) > 0 && count($cid) < $total) { $total = count($cid); } $pageNav = new cbPageNav($total, 0, 10); $search = ''; $lists = array(); $inputTextExtras = null; $select_tag_attribs = null; if ($task == 'emailusers') { if (!$rows) { cbRedirect($_CB_framework->backendViewUrl('showusers', false), CBTxt::T('SELECT_A_ROW_TO_TASK', 'Select a row to [task]', array('[task]' => $task)), 'error'); } $pluginRows = $_PLUGINS->trigger('onBeforeBackendUsersEmailForm', array(&$rows, &$pageNav, &$search, &$lists, &$cid, &$emailSubject, &$emailBody, &$inputTextExtras, &$select_tag_attribs, $simulationMode, $option, &$emailAttach, &$emailFromName, &$emailFromAddr, &$emailReplyName, &$emailReplyAddr)); $usersView = _CBloadView('users'); /** @var CBView_users $usersView */ $usersView->emailUsers($rows, $emailSubject, $emailBody, $emailAttach, $emailFromName, $emailFromAddr, $emailReplyName, $emailReplyAddr, $emailsPerBatch, $emailsBatch, $emailPause, $simulationMode, $pluginRows); } elseif ($task == 'startemailusers') { $pluginRows = $_PLUGINS->trigger('onBeforeBackendUsersEmailStart', array(&$rows, $total, $search, $lists, $cid, &$emailSubject, &$emailBody, &$inputTextExtras, $simulationMode, $option, &$emailAttach, &$emailFromName, &$emailFromAddr, &$emailReplyName, &$emailReplyAddr)); $usersView = _CBloadView('users'); /** @var CBView_users $usersView */ $usersView->startEmailUsers($rows, $emailSubject, $emailBody, $emailAttach, $emailFromName, $emailFromAddr, $emailReplyName, $emailReplyAddr, $emailsPerBatch, $emailsBatch, $emailPause, $simulationMode, $pluginRows); } elseif ($task == 'ajaxemailusers') { cbSpoofCheck('cbadmingui'); cbRegAntiSpamCheck(); $cbNotification = new cbNotification(); $mode = 1; // html $errors = 0; $success = array(); $failed = array(); $users = array_slice($rows, $emailsBatch, $emailsPerBatch); if ($simulationMode) { $success = array('<div class="alert alert-info">' . CBTxt::T('Emails do not send in simulation mode') . '</div>'); } else { foreach ($users as $user) { $extraStrings = array(); $_PLUGINS->trigger('onBeforeBackendUserEmail', array(&$user, &$emailSubject, &$emailBody, $mode, &$extraStrings, $simulationMode, &$emailAttach, &$emailFromName, &$emailFromAddr, &$emailReplyName, &$emailReplyAddr)); $attachments = cbReplaceVars($emailAttach, $user, $mode, true, $extraStrings); if ($attachments) { $attachments = preg_split(' *, *', $attachments); } else { $attachments = null; } if (!$cbNotification->sendFromSystem($user, $emailSubject, $this->makeLinksAbsolute($emailBody), true, $mode, null, null, $attachments, $extraStrings, false, $emailFromName, $emailFromAddr, $emailReplyName, $emailReplyAddr)) { $failed[] = '<div class="alert alert-danger">' . '<strong>' . htmlspecialchars($user->name . ' <' . $user->email . '>') . '</strong>: ' . CBTxt::Th('ERROR_SENDING_EMAIL_ERRORMSG', 'Error sending email: [ERROR_MSG]', array('[ERROR_MSG]' => $cbNotification->errorMSG)) . '</div>'; ++$errors; } else { $success[] = htmlspecialchars($user->name . ' <' . $user->email . '>'); } } } $usernames = implode(', ', $success) . implode('', $failed); if ($total < $emailsPerBatch) { $limit = $total; } else { $limit = $emailsPerBatch; } ob_start(); $usersView = _CBloadView('users'); /** @var CBView_users $usersView */ $usersView->ajaxResults($usernames, $emailSubject, $this->makeLinksAbsolute($emailBody), $emailAttach, $emailFromName, $emailFromAddr, $emailReplyName, $emailReplyAddr, $emailsBatch, $limit, $total, $errors); $html = ob_get_contents(); ob_end_clean(); $reply = array('result' => 1, 'htmlcontent' => $html); if (!($total - ((int) $emailsBatch + (int) $emailsPerBatch) > 0)) { $reply['result'] = 2; } echo json_encode($reply); } } }
function processConnectionActions($connectionids) { global $_CB_framework, $ueConfig, $_PLUGINS; // simple spoof check security cbSpoofCheck('manageconnections'); if (!$ueConfig['allowConnections']) { $msg = CBTxt::Th('UE_FUNCTIONALITY_DISABLED', 'This functionality is currently disabled.'); } elseif (!($_CB_framework->myId() > 0)) { $msg = CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!'); } else { $msg = null; } $_PLUGINS->loadPluginGroup('user'); $_PLUGINS->trigger('onBeforeProcessConnectionsRequest', array($connectionids, &$msg)); if ($msg) { $_CB_framework->enqueueMessage($msg, 'error'); return; } $cbCon = new cbConnection($_CB_framework->myId()); if (is_array($connectionids)) { foreach ($connectionids as $cid) { $action = cbGetParam($_POST, $cid . 'action'); if ($action == 'd') { $cbCon->denyConnection($_CB_framework->myId(), $cid); } elseif ($action == 'a') { $cbCon->acceptConnection($_CB_framework->myId(), $cid); } } } $error = $cbCon->getErrorMSG(); if ($error) { cbRedirect($_CB_framework->viewUrl('manageconnections', false), $error, 'error'); } else { cbRedirect($_CB_framework->viewUrl('manageconnections', false), is_array($connectionids) ? CBTxt::Th('UE_CONNECTIONACTIONSSUCCESSFULL', 'Connection actions successful!') : null); } }
$cbController->editField(0, $option, $task); break; case "editField": checkCanAdminPlugins('core.edit'); $cbController = _CBloadController('field'); $cbController->editField(intval($cid[0]), $option, $task); break; case "reloadField": checkCanAdminPlugins('core.edit'); cbSpoofCheck('field'); $cbController = _CBloadController('field'); $cbController->editField((int) cbGetParam($_POST, 'fieldid', 0), $option, $task); break; case "saveField": case "applyField": cbSpoofCheck('field'); checkCanAdminPlugins('core.edit'); $cbController = _CBloadController('field'); $cbController->saveField($option, $task); break; default: _CBloadController('default'); break; } ob_start(); include $_CB_adminpath . '/comprofiler.toolbar.php'; $toolbars = trim(ob_get_contents()); ob_end_clean(); if (checkJversion('j3.0+')) { $bar = JToolbar::getInstance('toolbar'); $bar->prependButton('Custom', $toolbars, null);
public function getPluginBE( $params, $user, $plugin ) { global $_CB_framework; if ( strstr( $params[0], 'auto' ) ) { $_CB_framework->document->addHeadStyleSheet( $plugin->livePath . '/plugins/cbgroupjiveauto/cbgroupjiveauto.css' ); switch ( $params[0] ) { case 'auto_publish': cbSpoofCheck( 'plugin' ); $this->stateAuto( $params[1], 1, $user, $plugin ); break; case 'auto_unpublish': cbSpoofCheck( 'plugin' ); $this->stateAuto( $params[1], 0, $user, $plugin ); break; case 'auto_order': cbSpoofCheck( 'plugin' ); $this->orderAuto( $params[1], $params[2], $user, $plugin ); break; case 'auto_orderup': cbSpoofCheck( 'plugin' ); $this->orderAuto( $params[1][0], -1, $user, $plugin ); break; case 'auto_orderdown': cbSpoofCheck( 'plugin' ); $this->orderAuto( $params[1][0], 1, $user, $plugin ); break; case 'auto_copy': cbSpoofCheck( 'plugin' ); $this->copyAuto( $params[1], $user, $plugin ); break; case 'auto_delete': cbSpoofCheck( 'plugin' ); $this->deleteAuto( $params[1], $user, $plugin ); break; case 'auto_new': $this->getAutoEdit( null, $user, $plugin ); break; case 'auto_edit': $this->getAutoEdit( $params[1][0], $user, $plugin ); break; case 'auto_save': case 'auto_apply': cbSpoofCheck( 'plugin' ); $this->saveAutoEdit( $params[1][0], $params[3], $user, $plugin ); break; case 'auto_show': case 'auto': default: $this->getAuto( $user, $plugin ); break; } } }
function drawUsersList( $uid, $listid, $searchFormValuesRAW ) { global $_CB_database, $_CB_framework, $ueConfig, $Itemid, $_PLUGINS; $search = null; $searchGET = cbGetParam( $searchFormValuesRAW, 'search' ); $limitstart = (int) cbGetParam( $searchFormValuesRAW, 'limitstart', 0 ); $searchmode = (int) cbGetParam( $searchFormValuesRAW, 'searchmode', 0 ); $randomParam = (int) cbGetParam( $searchFormValuesRAW, 'rand', 0 ); // old search on formated name: /* if ( $searchPOST || count( $_POST ) ) { // simple spoof check security cbSpoofCheck( 'usersList' ); if ( cbGetParam( $searchFormValuesRAW, "action" ) == "search" ) { $search = $searchPOST; } } else if ( isset( $searchFormValuesRAW['limitstart'] ) ) { $search = stripslashes( $searchGET ); } */ // get my user and gets the list of user lists he is allowed to see (ACL): $myCbUser =& CBuser::getInstance( $uid ); if ( $myCbUser === null ) { $myCbUser =& CBuser::getInstance( null ); } $myUser =& $myCbUser->getUserData(); /* $myUser = new moscomprofilerUser( $_CB_database ); if ( $uid ) { $myUser->load( (int) $uid ); } */ $useraccessgroupSQL = " AND useraccessgroupid IN (".implode(',',getChildGIDS(userGID($uid))).")"; $_CB_database->setQuery( "SELECT listid, title FROM #__comprofiler_lists WHERE published=1" . $useraccessgroupSQL . " ORDER BY ordering" ); $plists = $_CB_database->loadObjectList(); $lists = array(); $publishedlists = array(); for ( $i=0, $n=count( $plists ); $i < $n; $i++ ) { $plist =& $plists[$i]; $listTitleNoHtml = strip_tags( cbReplaceVars( getLangDefinition( $plist->title ), $myUser, false, false ) ); $publishedlists[] = moscomprofilerHTML::makeOption( $plist->listid, $listTitleNoHtml ); } // select either list selected or default list to which he has access (ACL): if ( $listid == 0 ) { $_CB_database->setQuery( "SELECT listid FROM #__comprofiler_lists " . "\n WHERE `default`=1 AND published=1" . $useraccessgroupSQL ); $listid = (int) $_CB_database->loadresult(); if ( $listid == 0 && ( count( $plists ) > 0 ) ) { $listid = (int) $plists[0]->listid; } } if ( ! ( $listid > 0 ) ) { echo _UE_NOLISTFOUND; return; } // generates the drop-down list of lists: if ( count( $plists ) > 1 ) { $lists['plists'] = moscomprofilerHTML::selectList( $publishedlists, 'listid', 'class="inputbox" size="1" onchange="this.form.submit();"', 'value', 'text', $listid, 1 ); } // loads the list record: $row = new moscomprofilerLists( $_CB_database ); if ( ( ! $row->load( (int) $listid ) ) || ( $row->published != 1 ) ) { echo _UE_LIST_DOES_NOT_EXIST; return; } if ( ! allowAccess( $row->useraccessgroupid,'RECURSE', userGID($uid) ) ) { echo _UE_NOT_AUTHORIZED; return; } $params = new cbParamsBase( $row->params ); $hotlink_protection = $params->get( 'hotlink_protection', 0 ); if ( $hotlink_protection == 1 ) { if ( ( $searchGET !== null ) || $limitstart ) { cbSpoofCheck( 'usersList', 'GET' ); } } $limit = (int) $params->get( 'list_limit' ); if ( $limit == 0 ) { $limit = (int) $ueConfig['num_per_page']; } $showPaging = $params->get( 'list_paging', 1 ); if ( $showPaging != 1 ) { $limitstart = 0; } $isModerator = isModerator( $_CB_framework->myId() ); $_PLUGINS->loadPluginGroup( 'user' ); // $plugSearchFieldsArray = $_PLUGINS->trigger( 'onStartUsersList', array( &$listid, &$row, &$search, &$limitstart, &$limit ) ); $_PLUGINS->trigger( 'onStartUsersList', array( &$listid, &$row, &$search, &$limitstart, &$limit ) ); // handles the users allowed to be listed in the list by ACL: $allusergids = array(); $usergids = explode( ',', $row->usergroupids ); /* This was a bug tending to list admins when "public backend" was checked, and all frontend users when "public backend was checked. Now just ignore them: foreach( $usergids AS $usergid ) { $allusergids[] = $usergid; if ($usergid==29 || $usergid==30) { $groupchildren = array(); $groupchildren = $_CB_framework->acl->get_group_children( $usergid, 'ARO','RECURSE' ); $allusergids = array_merge($allusergids,$groupchildren); } } */ $allusergids = array_diff( $usergids, array( 29, 30 ) ); $usergids = implode( ",", $allusergids ); // build SQL Select query: $random = 0; if( $row->sortfields != '' ) { $matches = null; if ( preg_match( '/^RAND\(\)\s(ASC|DESC)$/', $row->sortfields, $matches ) ) { // random sorting needs to have same seed on pages > 1 to not have probability to show same users: if ( $limitstart ) { $random = (int) $randomParam; } if ( ! $random ) { $random = rand( 0, 32767 ); } $row->sortfields = 'RAND(' . (int) $random . ') ' . $matches[1]; } $orderby = "\n ORDER BY " . $row->sortfields; } $filterby = ''; if ( $row->filterfields != '' ) { $filterRules = utf8RawUrlDecode( substr( $row->filterfields, 1 ) ); if ( $_CB_framework->myId() ) { $user = new moscomprofilerUser( $_CB_database ); if ( $user->load( (int) $_CB_framework->myId() ) ) { $filterRules = cbReplaceVars( $filterRules, $user, array( $_CB_database, 'getEscaped' ), false, array() ); } } $filterby = " AND ". $filterRules; } // Prepare part after SELECT .... " and before "FROM" : $tableReferences = array( '#__comprofiler' => 'ue', '#__users' => 'u' ); // Fetch all fields: $tabs = $myCbUser->_getCbTabs(); // new cbTabs( 0, 1 ); //TBD: later: this private method should not be called here, but the whole users-list should go into there and be called here. $allFields = $tabs->_getTabFieldsDb( null, $myUser, 'list' ); // $_CB_database->setQuery( "SELECT * FROM #__comprofiler_fields WHERE published = 1" ); // $allFields = $_CB_database->loadObjectList( 'fieldid', 'moscomprofilerFields', array( &$_CB_database ) ); //Make columns array. This array will later be constructed from the tabs table: $columns = array(); for ( $i = 1; $i < 50; ++$i ) { $enabledVar = "col".$i."enabled"; if ( ! isset( $row->$enabledVar ) ) { break; } $titleVar = "col".$i."title"; $fieldsVar = "col".$i."fields"; $captionsVar = "col".$i."captions"; if ( $row->$enabledVar == 1 ) { $col = new stdClass(); $col->fields = ( $row->$fieldsVar ? explode( '|*|', $row->$fieldsVar ) : array() ); $col->title = $row->$titleVar; $col->titleRendered = $myCbUser->replaceUserVars( $col->title ); $col->captions = $row->$captionsVar; // $col->sort = 1; //All columns can be sorted $columns[$i] = $col; } } // build fields and tables accesses, also check for searchable fields: $searchableFields = array(); $fieldsSQL = cbUsersList::getFieldsSQL( $columns, $allFields, $tableReferences, $searchableFields, $params ); $_PLUGINS->trigger( 'onAfterUsersListFieldsSql', array( &$columns, &$allFields, &$tableReferences ) ); $tablesSQL = array(); $joinsSQL = array(); $tablesWhereSQL = array( 'block' => 'u.block = 0', 'approved' => 'ue.approved = 1', 'confirmed' => 'ue.confirmed = 1' ); if ( checkJversion() == 2 ) { $joinsSQL[] = 'JOIN #__user_usergroup_map g ON g.`user_id` = u.`id`'; } if ( ! $isModerator ) { $tablesWhereSQL['banned'] = 'ue.banned = 0'; } if ( $usergids ) { if ( checkJversion() == 2 ) { $tablesWhereSQL['gid'] = 'g.group_id IN (' . $usergids . ')'; } else { $tablesWhereSQL['gid'] = 'u.gid IN (' . $usergids . ')'; } } foreach ( $tableReferences as $table => $name ) { $tablesSQL[] = $table . ' ' . $name; if ( $name != 'u' ) { $tablesWhereSQL[] = "u.`id` = " . $name . ".`id`"; } } // handles search criterias: $list_compare_types = $params->get( 'list_compare_types', 0 ); $searchVals = new stdClass(); $searchesFromFields = $tabs->applySearchableContents( $searchableFields, $searchVals, $searchFormValuesRAW, $list_compare_types ); $whereFields = $searchesFromFields->reduceSqlFormula( $tableReferences, $joinsSQL, TRUE ); if ( $whereFields ) { $tablesWhereSQL[] = '(' . $whereFields . ')'; /* if ( $search === null ) { $search = ''; } */ } $_PLUGINS->trigger( 'onBeforeUsersListBuildQuery', array( &$tablesSQL, &$joinsSQL, &$tablesWhereSQL ) ); $queryFrom = "FROM " . implode( ', ', $tablesSQL ) . ( count( $joinsSQL ) ? "\n " . implode( "\n ", $joinsSQL ) : '' ) . "\n WHERE " . implode( "\n AND ", $tablesWhereSQL ); // handles old formatted names search: /* if ( $search != '' ) { $searchSQL = cbEscapeSQLsearch( strtolower( $_CB_database->getEscaped( $search ) ) ); $queryFrom .= " AND ("; $searchFields = array(); if ( $ueConfig['name_format']!='3' ) { $searchFields[] = "u.name LIKE '%%s%'"; } if ( $ueConfig['name_format']!='1' ) { $searchFields[] = "u.username LIKE '%%s%'"; } if ( is_array( $plugSearchFieldsArray ) ) { foreach ( $plugSearchFieldsArray as $v ) { if ( is_array( $v ) ) { $searchFields = array_merge( $searchFields, $v ); } } } $queryFrom .= str_replace( '%s', $searchSQL, implode( " OR ", $searchFields ) ); $queryFrom .= ")"; } */ $queryFrom .= " " . $filterby; $_PLUGINS->trigger( 'onBeforeUsersListQuery', array( &$queryFrom, 1, $listid ) ); // $uid = 1 $errorMsg = null; // counts number of users and loads the listed fields of the users if not in search-form-only mode: if ( $searchmode == 0 ) { if ( checkJversion() == 2 ) { $_CB_database->setQuery( "SELECT COUNT(DISTINCT u.id) " . $queryFrom ); } else { $_CB_database->setQuery( "SELECT COUNT(*) " . $queryFrom ); } $total = $_CB_database->loadResult(); if ( ( $limit > $total ) || ( $limitstart >= $total ) ) { $limitstart = 0; } // $query = "SELECT u.id, ue.banned, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby if ( checkJversion() == 2 ) { $query = "SELECT DISTINCT ue.*, u.*, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby; } else { $query = "SELECT ue.*, u.*, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby; } $_CB_database->setQuery( $query, (int) $limitstart, (int) $limit ); $users = $_CB_database->loadObjectList( null, 'moscomprofilerUser', array( &$_CB_database ) ); if ( ! $_CB_database->getErrorNum() ) { // creates the CBUsers in cache corresponding to the $users: foreach ( array_keys( $users ) as $k) { CBuser::setUserGetCBUserInstance( $users[$k] ); } } else { $users = array(); $errorMsg = _UE_ERROR_IN_QUERY_TURN_SITE_DEBUG_ON_TO_VIEW; } if ( count( get_object_vars( $searchVals ) ) > 0 ) { $search = ''; } else { $search = null; } } else { $total = null; $users = array(); if ( $search === null ) { $search = ''; } } // Compute itemId of users in users-list: if ( $Itemid ) { $option_itemid = (int) $Itemid; } else { $option_itemid = getCBprofileItemid( 0 ); } HTML_comprofiler::usersList( $row, $users, $columns, $allFields, $lists, $listid, $search, $searchmode, $option_itemid, $limitstart, $limit, $total, $myUser, $searchableFields, $searchVals, $tabs, $list_compare_types, $showPaging, $hotlink_protection, $errorMsg, $random ); }
/** * WARNING: UNCHECKED ACCESS! On purpose unchecked access for M2M operations * Generates the HTML to display for a specific component-like page for the tab. WARNING: unchecked access ! * @param TabTable|null $tab the tab database entry * @param UserTable $user the user being displayed * @param int $ui 1 for front-end, 2 for back-end * @param array $postdata _POST data for saving edited tab content as generated with getEditTab * @return mixed either string HTML for tab content, or false if ErrorMSG generated */ public function getTabComponent( /** @noinspection PhpUnusedParameterInspection */ $tab, $user, $ui, $postdata ) { global $_CB_database, $_CB_framework, $_POST; $return = ''; $paid = false; $oldignoreuserabort = ignore_user_abort(true); $allowHumanHtmlOutput = true; // this will be reverted in case of M2M server-to-server notifications $act = $this->base->_getReqParam( 'act' ); $actPosted = isset($_POST[$this->base->_getPagingParamName('act')]); if ( $act === null ) { $act = $this->base->input( 'act', null, GetterInterface::COMMAND ); $actPosted = $this->base->input( 'post/act', null, GetterInterface::COMMAND ) !== null; } $post_user_id = (int) cbGetParam( $_GET, 'user', 0 ); if ( $actPosted && ( $post_user_id > 0 ) ) { $access = false; $myId = $_CB_framework->myId(); if ( is_object( $user ) ) { if ( $myId == 0 ) { if ( in_array( $act, array( 'saveeditinvoiceaddress', 'saveeditbasketintegration', 'showbskt' ) ) ) { $access = true; } else { $paidsubsManager =& cbpaidSubscriptionsMgr::getInstance(); if ( ! $paidsubsManager->checkExpireMe( __FUNCTION__, $user->id, false ) ) { // expired subscriptions: we will allow limited access to: if ( in_array( $act, array( 'upgrade', 'pay', 'reactivate', 'resubscribe', 'display_subscriptions' ) ) ) { $access = true; } } } } else { if ( ( $ui == 1 && ( $user->id == $myId ) ) || ( cbpaidApp::authoriseAction( 'cbsubs.usersubscriptionmanage' ) ) ) { $access = true; } } } else { $return = CBPTXT::T("User does not exist") . '.'; } if ( ! $access ) { $return .= '<br />' . CBPTXT::T("Not authorized action") . '.'; return $return; } cbSpoofCheck( 'plugin' ); // anti-spoofing check // renew or upgrade subscription payment form: $params = $this->params; $now = $_CB_framework->now(); $subscriptionsGUI = new cbpaidControllerUI(); $subscriptionIds = $subscriptionsGUI->getEditPostedBoxes( 'id' ); if ( $subscriptionIds == array( 0 ) ) { $subscriptionIds = array(); } if ( $post_user_id && ( $user->id == $post_user_id ) ) { outputCbTemplate(); $this->base->outputRegTemplate(); outputCbJs(); switch ( $act ) { case 'upgrade': // upgrade an existing subscription // display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present: $chosenPlans = $subscriptionsGUI->getAndCheckChosenUpgradePlans( $postdata, $user, $now ); if ( ( ! is_array( $chosenPlans ) ) || ( count( $chosenPlans ) == 0 ) ) { $subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) ); $return .= ( is_string( $chosenPlans ) ? $chosenPlans . '<br />' : '' ) . sprintf( CBPTXT::Th("Please press back button and select the %s plan to which you would like to upgrade."), $subTxt ); break; } $introText = CBPTXT::Th( $params->get( 'intro_text_upgrade', null ) ); //TBD: check if already exists (reload protection): $paymentBasket = cbpaidControllerOrder::createSubscriptionsAndPayment( $user, $chosenPlans, $postdata, $subscriptionIds, null, 'R', CBPTXT::T("Upgrade"), 'U' ); if ( is_object( $paymentBasket ) ) { $return = cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText ); } else { $return = $paymentBasket; // show messages as nothing to pay. } break; case 'pay': // pay for an unpaid subscription // display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present: $plan = $this->base->_getReqParam( 'plan' ); if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) { $subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) ); $return .= sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt ); break; } $plansMgr =& cbpaidPlansMgr::getInstance(); $chosenPlans = array(); $chosenPlans[(int) $plan] = $plansMgr->loadPlan( (int) $plan ); $introText = CBPTXT::Th( $params->get( 'intro_text', null ) ); $paymentStatus = null; $return = cbpaidControllerOrder::showPaymentForm( $user, $chosenPlans, $introText, $subscriptionIds, $paymentStatus ); break; case 'renew': // renew a still valid subscription case 'reactivate': // reactivate an expired subscription case 'resubscribe': // resubscribe a cancelled subscription // display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present: $plan = $this->base->_getReqParam( 'plan' ); if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) { $subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) ); $return .= sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt ); break; } $plansMgr =& cbpaidPlansMgr::getInstance(); $chosenPlans = array(); $chosenPlans[(int) $plan] = $plansMgr->loadPlan( (int) $plan ); $paidSomethingMgr =& cbpaidSomethingMgr::getInstance(); $subscription = $paidSomethingMgr->loadSomething( $subscriptionIds[$plan][0], $subscriptionIds[$plan][1] ); global $_PLUGINS; $_PLUGINS->loadPluginGroup( 'user', 'cbsubs.' ); $_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin'); $_PLUGINS->trigger( 'onCPayAfterPlanRenewalSelected', array( &$chosenPlans[(int) $plan], &$subscription, $act ) ); if ( $_PLUGINS->is_errors() ) { $return .= $_PLUGINS->getErrorMSG(); break; } $introText = CBPTXT::Th( $params->get( 'intro_text_renew', null ) ); //TBD: check if already exists (reload protection): $paymentBasket = cbpaidControllerOrder::createSubscriptionsAndPayment( $user, $chosenPlans, $postdata, $subscriptionIds, null, null, CBPTXT::T("Renew"), 'R' ); if ( is_object( $paymentBasket ) ) { $return = cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText ); } else { $return = $paymentBasket; // show messages as nothing to pay. } break; case 'unsubscribe': // request to unsubscribe an active subscription // display unsubscribe confirmation form: $plan = $this->base->_getReqParam( 'plan' ); if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) { $subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) ); $return .= sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt ); break; } $introText = CBPTXT::Th( $params->get( 'unsubscribe_intro_text' , null ) ); $return = $subscriptionsGUI->showUnsubscribeForm( $user, $introText, (int) $plan, (int) $subscriptionIds[$plan][1] ); break; case 'confirm_unsubscribe': // confirm previous request to unsubscribe an active subscription // unsubscribe confirmed: $plan = $this->base->_getReqParam( 'plan' ); if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) { $subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) ); $return .= sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt ); break; } if ( ( $plan ) && ( count( $subscriptionIds ) == 1 ) ) { $unsubscribeConfText = CBPTXT::Th( $params->get( 'unsubscribe_confirmation_text', null ) ); $return = cbpaidControllerOrder::doUnsubscribeConfirm( $user, $unsubscribeConfText, (int) $plan, (int) $subscriptionIds[$plan][1] ); } break; case 'display_subscriptions': // unsubscribe cancelled: display subscriptions: $return = $this->base->displayUserTab( $user ); break; case 'showinvoice': // shows a particular user invoice: if ( $params->get( 'show_invoices', 1 ) ) { $invoiceNo = $this->base->_getReqParam( 'invoice' ); $return = $this->showInvoice( $invoiceNo, $user ); } break; case 'saveeditinvoiceaddress': case 'editinvoiceaddress': // this is the case of reload of invoicing address $invoicingAddressQuery = $params->get( 'invoicing_address_query' ); if ( $invoicingAddressQuery > 0 ) { $basketId = $this->base->_getReqParam( 'basket', 0 ); $hashToCheck = $this->base->_getReqParam( 'bck' ); $paymentBasket = new cbpaidPaymentBasket( $_CB_database ); if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) { if ( ( $act == 'saveeditinvoiceaddress' ) && $this->base->input( 'actbutton', null, GetterInterface::COMMAND ) ) { // IE7-8 will return text instead of value and IE6 will return button all the time http://www.dev-archive.net/articles/forms/multiple-submit-buttons.html $return = $paymentBasket->saveInvoicingAddressForm( $user ); if ( $return === null ) { $paymentBasket->storeInvoicingDefaultAddress(); $introText = CBPTXT::Th( $params->get( 'intro_text', null ) ); $return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText ); } } else { // invoice has reloaded itself (e.g. for country change): $return = $paymentBasket->renderInvoicingAddressForm( $user ); } } else { $this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") ); } } else { $this->base->_setErrorMSG( CBPTXT::T("Not authorized action") ); } break; case 'saverecordpayment': case 'editrecordpayment': // this is the case of reload of the form $basketId = $this->base->_getReqParam( 'basket', 0 ); $hashToCheck = $this->base->_getReqParam( 'bck' ); $paymentBasket = new cbpaidPaymentBasket( $_CB_database ); if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status != 'Completed' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) { if ( $paymentBasket->authoriseAction( 'cbsubs.recordpayments' ) ) { if ( ( $act == 'saverecordpayment' ) && $this->base->input( 'actbutton', null, GetterInterface::COMMAND ) ) { // IE7-8 will return text instead of value and IE6 will return button all the time http://www.dev-archive.net/articles/forms/multiple-submit-buttons.html $return = cbpaidRecordBasketPayment::saveRecordPayment( $paymentBasket->id ); if ( $return === null ) { $return .= CBPTXT::T("Payment recorded.") . ' <a href="' . $_CB_framework->userProfileUrl( $paymentBasket->user_id, true ) . '">' . CBPTXT::Th("View user profile") . '</a>'; } } else { // invoice has reloaded itself (e.g. for country change): $return = cbpaidRecordBasketPayment::displayRecordPaymentForm( $paymentBasket->id ); } } else { $this->base->_setErrorMSG( CBPTXT::T("Not authorized action") ); } } else { $this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") ); } break; default: cbNotAuth(); return ''; break; } } } elseif ( $this->base->_getReqParam( 'account' ) && ( ( (int) cbGetParam( $_GET, 'user', 0 ) ) > 0 ) ) { $account = $this->base->_getReqParam( 'account' ); $post_user_id = (int) cbGetParam( $_GET, 'user', 0 ); $user = CBuser::getUserDataInstance( (int) $post_user_id ); if ( $user->id ) { if ( isset( $_SESSION['cbsubs']['expireduser'] ) && ( $_SESSION['cbsubs']['expireduser'] == $user->id ) ) { // expired subscriptions of membership: show possibilities: $subscriptionsGUI = new cbpaidControllerUI(); outputCbTemplate(); $this->base->outputRegTemplate(); outputCbJs(); switch ( $account ) { case 'expired': $paidsubsManager =& cbpaidSubscriptionsMgr::getInstance(); if ( ! $paidsubsManager->checkExpireMe( __FUNCTION__, $user->id, false ) ) { // no valid membership: $return = $subscriptionsGUI->getShowSubscriptionUpgrades( $user, true ); } break; default: break; } } else { $return = CBPTXT::Th("Browser cookies must be enabled."); } } } elseif ( in_array( $act, array( 'setbsktpmtmeth', 'setbsktcurrency' ) ) ) { cbSpoofCheck( 'plugin' ); // anti-spoofing check $params = $this->params; outputCbTemplate(); $this->base->outputRegTemplate(); outputCbJs(); $basketId = $this->base->_getReqParam( 'bskt', 0 ); $hashToCheck = $this->base->_getReqParam( 'bck' ); $paymentBasket = new cbpaidPaymentBasket( $_CB_database ); if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) { switch ( $act ) { case 'setbsktpmtmeth': if ( $params->get( 'payment_method_selection_type' ) == 'radios' ) { $chosenPaymentMethod = cbGetParam( $_POST, 'payment_method' ); $introText = CBPTXT::Th( $params->get( 'intro_text', null ) ); $return = $paymentBasket->saveBasketPaymentMethodForm( $user, $introText, $chosenPaymentMethod ); if ( $return === null ) { $return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText ); } } else { $this->base->_setErrorMSG( CBPTXT::T("Not authorized action") ); } break; case 'setbsktcurrency': if ( $params->get( 'allow_select_currency', '0' ) ) { $newCurrency = cbGetParam( $_POST, 'currency' ); if ( $newCurrency ) { if ( in_array( $newCurrency, cbpaidControllerPaychoices::getInstance()->getAllCurrencies() ) ) { $paymentBasket->changeCurrency( $newCurrency ); } else { $this->base->_setErrorMSG( CBPTXT::T("This currency is not allowed") ); } $introText = CBPTXT::Th( $params->get( 'intro_text', null ) ); $return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText ); } else { $this->base->_setErrorMSG( CBPTXT::T("Not authorized action") ); } } else { $this->base->_setErrorMSG( CBPTXT::T("Changes of currency of orders are not authorized") ); } break; default: cbNotAuth(); return ''; break; } } else { $this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") ); } } elseif ( $act == 'cbsubsclass' ) { $pluginName = $this->base->_getReqParam( 'class' ); if ( preg_match( '/^[a-z]+$/', $pluginName ) ) { $element = 'cbsubs.' . $pluginName; global $_PLUGINS; $_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin', $element ); $loadedPlugins =& $_PLUGINS->getLoadedPluginGroup( 'user/plug_cbpaidsubscriptions/plugin' ); $params = $this->params; foreach ($loadedPlugins as $p ) { if ( $p->element == $element ) { $pluginId = $p->id; $args = array( &$user, &$params, &$postdata ); /** @noinspection PhpUndefinedCallbackInspection */ $return = $_PLUGINS->call( $pluginId, 'executeTask', 'getcbsubs' . $pluginName . 'Tab', $args, null ); break; } } } } elseif ( $act && ( ! in_array( $act, array( 'showbskt', 'setbsktpmtmeth' ) ) ) && ( ( (int) cbGetParam( $_GET, 'user', 0 ) ) > 0 ) ) { if ( ! is_object( $user ) ) { return CBPTXT::T("User does not exist."); } $params = $this->params; $post_user_id = (int) cbGetParam( $_GET, 'user', 0 ); if ( $post_user_id && ( ( $user->id == $post_user_id ) || ( cbpaidApp::authoriseAction( 'cbsubs.usersubscriptionmanage' ) ) ) ) { outputCbTemplate(); $this->base->outputRegTemplate(); outputCbJs(); switch ( $act ) { case 'showinvoice': if ( $params->get( 'show_invoices', 1 ) ) { $invoiceNo = $this->base->_getReqParam( 'invoice', 0 ); // This also checks for cbpaidApp::authoriseAction on cbsubs.sales or cbsubs.financial access permissions: $return = $this->showInvoice( $invoiceNo, $user ); } else { $this->base->_setErrorMSG( CBPTXT::T("Not authorized action") ); } break; case 'showinvoiceslist': $showInvoices = $params->get( 'show_invoices', 1 ); $invoicesShowPeriod = $params->get( 'invoices_show_period', '0000-06-00 00:00:00' ); $itsmyself = ( $_CB_framework->myId() == $user->id ); if ( $showInvoices && ( $itsmyself || ( cbpaidApp::authoriseAction( 'cbsubs.sales' ) || cbpaidApp::authoriseAction( 'cbsubs.financial' ) ) ) ) { $subscriptionsGUI = new cbpaidControllerUI(); $invoices = $this->_getInvoices( $user, $invoicesShowPeriod, false ); if ( $invoicesShowPeriod && ( $invoicesShowPeriod != '0000-00-00 00:00:00' ) ) { $cbpaidTimes =& cbpaidTimes::getInstance(); $periodText = $cbpaidTimes->renderPeriod( $invoicesShowPeriod, 1, false ); } else { $periodText = ''; } $return .= $subscriptionsGUI->showInvoicesList( $invoices, $user, $itsmyself, $periodText ); } else { $this->base->_setErrorMSG( CBPTXT::T("Not authorized action") ); } break; case 'editinvoiceaddress': // this is the case of the initial edit address link if ( $params->get( 'invoicing_address_query' ) > 0 ) { $basketId = $this->base->_getReqParam( 'basket', 0 ); $hashToCheck = $this->base->_getReqParam( 'bck' ); $paymentBasket = new cbpaidPaymentBasket( $_CB_database ); if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) { $return = $paymentBasket->renderInvoicingAddressForm( $user ); } else { $this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") ); } } else { $this->base->_setErrorMSG( CBPTXT::T("Not authorized action") ); } break; case 'showrecordpayment': $paymentBasketId = $this->base->_getReqParam( 'recordpayment', 0 ); if ( $paymentBasketId ) { $paymentBasket = new cbpaidPaymentBasket(); if ( $paymentBasket->load( (int) $paymentBasketId ) && $paymentBasket->authoriseAction( 'cbsubs.recordpayments' ) ) { // Auto-loads class: and authorization is checked inside: $return = cbpaidRecordBasketPayment::displayRecordPaymentForm( $paymentBasketId ); } else { $this->base->_setErrorMSG( CBPTXT::T("Not authorized action") ); } } else { $this->base->_setErrorMSG( CBPTXT::T("Not authorized action") ); } break; default: $this->base->_setErrorMSG( CBPTXT::T("Not authorized action") ); break; } } } elseif ( $act == 'showbskt' && ( ( ( (int) cbGetParam( $_GET, 'user', 0 ) ) > 0 ) ) || ( $this->base->_getReqParam( 'bskt', 0 ) && $this->base->_getReqParam( 'bck' ) ) ) { $basketId = $this->base->_getReqParam( 'bskt', 0 ); $hashToCheck = $this->base->_getReqParam( 'bck' ); // Basket integrations saving/editing url: if ( in_array($act, array( 'saveeditbasketintegration', 'editbasketintegration' ) ) ) { // edit is the case of edit or reload of integration form $integration = $this->base->_getReqParam( 'integration' ); $paymentBasket = new cbpaidPaymentBasket( $_CB_database ); if ( preg_match( '/^[a-z]+$/', $integration ) && $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) { global $_PLUGINS; $element = 'cbsubs.' . $integration; $_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin', $element ); $results = $_PLUGINS->trigger( 'onCPayEditBasketIntegration', array( $integration, $act, &$paymentBasket ) ); $return = null; foreach ( $results as $r ) { if ( $r ) { $return .= $r; } } if ( $act == 'editbasketintegration' ) { if ( $return !== null ) { return $return; } } } else { $this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") ); } } $post_user_id = (int) cbGetParam( $_GET, 'user', 0 ); if ( $post_user_id && ! ( ( is_object( $user ) && ( $user->id == $post_user_id ) ) ) ) { return CBPTXT::T("User does not exist."); } outputCbTemplate(); $this->base->outputRegTemplate(); outputCbJs(); $params = $this->params; $paymentBasket = new cbpaidPaymentBasket( $_CB_database ); if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) ) { if ( ! $post_user_id ) { $cbUser =& CBuser::getInstance( (int) $paymentBasket->user_id ); $user =& $cbUser->getUserData(); if ( ( ! is_object( $user ) ) || ! $user->id ) { return CBPTXT::T("User does not exist."); } } if ( ( $hashToCheck && $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) || ( ( ! $hashToCheck ) && $paymentBasket->user_id && ( $paymentBasket->user_id == $_CB_framework->myId() ) ) ) { $introText = CBPTXT::Th( $params->get( 'intro_text', null ) ); $return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText ); } else { $this->base->_setErrorMSG( CBPTXT::T("Not authorized action") ); } } else { $this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") ); } // } elseif ( isset($_REQUEST['result']) && isset( $_REQUEST['user'] ) && ( $_REQUEST['user'] > 0 ) ) { } elseif ( isset($_REQUEST['result']) && ( $this->base->_getReqParam('method') || $this->base->_getReqParam('gacctno') ) ) { // don't check license here so initiated payments can complete ! $params = $this->params; $method = $this->base->_getReqParam('method'); if ( ( $method == 'freetrial' ) || ( $method == 'cancelpay' ) ) { cbpaidApp::import( 'processors.freetrial.freetrial' ); cbpaidApp::import( 'processors.cancelpay.cancelpay' ); $className = 'cbpaidGatewayAccount' . $method; $payAccount = new $className( $_CB_database ); } else { $gateAccount = $this->base->_getReqParam('gacctno'); $payAccount = cbpaidControllerPaychoices::getInstance()->getPayAccount( $gateAccount ); if ( ! $payAccount ) { return ''; } } $payClass = $payAccount->getPayMean(); $paymentBasket = new cbpaidPaymentBasket($_CB_database); if ( $payClass && ( ( $this->base->_getReqParam('method') == $payClass->getPayName() ) || ( $this->base->_getReqParam('method') == null ) ) && $payClass->hashPdtBackCheck( $this->base->_getReqParam('pdtback') ) ) { // output for resultNotification: $return and $allowHumanHtmlOutput $return = $payClass->resultNotification( $paymentBasket, $postdata, $allowHumanHtmlOutput ); } if ( ! $paymentBasket->id ) { $this->base->_setErrorMSG(CBPTXT::T("No suitable basket found.")); } else { $user =& CBuser::getUserDataInstance( (int) $paymentBasket->user_id ); if ( $paymentBasket->payment_status == 'RegistrationCancelled' ) { // registration cancelled: delete payment basket and delete user after checking that he is not yet active: if ( $paymentBasket->load( (int) $paymentBasket->id ) ) { if ( $payClass->hashPdtBackCheck( $this->base->_getReqParam('pdtback') ) && ( ( $paymentBasket->payment_status == 'NotInitiated' ) || ( ( $paymentBasket->payment_status === 'Pending' ) && ( $paymentBasket->payment_method === 'offline' ) ) ) ) { $notification = new cbpaidPaymentNotification(); $notification->initNotification( $payClass, 0, 'P', $paymentBasket->payment_status, $paymentBasket->payment_type, null, $_CB_framework->now(), $paymentBasket->charset ); $payClass->updatePaymentStatus( $paymentBasket, 'web_accept', 'RegistrationCancelled', $notification, 0, 0, 0, true ); // This is a notification or a return to site after payment, we want to log any error happening in third-party stuff in case: cbpaidErrorHandler::keepTurnedOn(); } } } if ( $allowHumanHtmlOutput ) { // If frontend, we display result, otherwise, If Server-to-server notification: do not display any additional text here ! switch ( $paymentBasket->payment_status ) { case 'Completed': // PayPal recommends including the following information with the confirmation: // - Item name // - Amount paid // - Payer email // - Shipping address $newMsg = sprintf( CBPTXT::Th("Thank you for your payment of %s for the %s %s."), $paymentBasket->renderPrice(), $paymentBasket->item_name, htmlspecialchars( $payClass->getTxtUsingAccount( $paymentBasket ) ) ) // ' using your paypal account ' . $paymentBasket->payer_email . ' ' . $payClass->getTxtNextStep( $paymentBasket ); // . "Your transaction has been completed, and a receipt for your purchase has been emailed to you by PayPal. " // . "You may log into your account at www.paypal.com to view details of this transaction.</p>\n"; if ( $params->get( 'show_invoices' ) ) { $itsmyself = ( $_CB_framework->myId() == $user->id ); $subscriptionsGUI = new cbpaidControllerUI(); $newMsg .= '<p id="cbregviewinvoicelink">' . $subscriptionsGUI->getInvoiceShowAhtml( $paymentBasket, $user, $itsmyself, CBPTXT::Th("View printable invoice") ) . '</p>' ; } $paid = true; break; case 'Pending': $newMsg = sprintf( CBPTXT::Th("Thank you for initiating the payment of %s for the %s %s."), $paymentBasket->renderPrice(), $paymentBasket->item_name, htmlspecialchars( $payClass->getTxtUsingAccount( $paymentBasket ) ) ) // ' using your paypal account ' . $paymentBasket->payer_email . ' ' . $payClass->getTxtNextStep( $paymentBasket ); // . "Your payment is currently being processed. " // . "A receipt for your purchase will be emailed to you by PayPal once processing is complete. " // . "You may log into your account at www.paypal.com to view status details of this transaction.</p>\n"; break; case 'RegistrationCancelled': $newMsg = $payClass->getTxtNextStep( $paymentBasket ); break; case 'FreeTrial': $newMsg = CBPTXT::Th("Thank you for subscribing to") . ' ' . $paymentBasket->item_name . '.' . ' ' . $payClass->getTxtNextStep( $paymentBasket ); break; case null: $newMsg = CBPTXT::T("Payment basket does not exist."); break; case 'NotInitiated': $newMsg = ''; break; case 'RedisplayOriginalBasket': if ( $paymentBasket->load( (int) $paymentBasket->id ) && ( $paymentBasket->payment_status == 'NotInitiated' ) ) { $introText = CBPTXT::Th( $params->get( 'intro_text', null ) ); $return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText ); } $newMsg = ''; break; case 'Processed': case 'Denied': case 'Reversed': case 'Refunded': case 'Partially-Refunded': default: $newMsg = $payClass->getTxtNextStep( $paymentBasket ); // "<p>Your transaction is not cleared and has currently following status: <strong>" . $paymentBasket->payment_status . ".</strong></p>" // . "<p>You may log into your account at www.paypal.com to view status details of this transaction.</p>"; break; } if ( in_array( $paymentBasket->payment_status, array( 'Completed', 'Pending' ) ) ) { $subscriptions = $paymentBasket->getSubscriptions(); $texts = array(); // avoid repeating several times identical texts: if ( is_array( $subscriptions ) ) { foreach ( $subscriptions as $sub ) { /** @var $sub cbpaidSomething */ $thankYouParam = ( $paymentBasket->payment_status == 'Completed') ? 'thankyoutextcompleted' : 'thankyoutextpending'; $thankYouText = $sub->getPersonalized( $thankYouParam, true ); if ( $thankYouText && ! in_array( $thankYouText, $texts ) ) { $texts[] = $thankYouText; if ( strpos( $thankYouText, '<' ) === false ) { $msgTag = 'p'; } else { $msgTag = 'div'; } $newMsg .= '<' . $msgTag . ' class="cbregThanks" id="cbregThanks' . $sub->plan_id . '">' . $thankYouText . '</' . $msgTag . ">\n"; } } } } if ( $newMsg ) { $return .= '<div>' . $newMsg . '</div>'; } if ( $paid && ( $_CB_framework->myId() < 1 ) && ( cbGetParam( $_REQUEST, 'user', 0 ) == $paymentBasket->user_id ) ) { $_CB_database->setQuery( "SELECT * FROM #__comprofiler c, #__users u WHERE c.id=u.id AND c.id=".(int) $paymentBasket->user_id ); if ( $_CB_database->loadObject( $user ) && ( $user->lastvisitDate == '0000-00-00 00:00:00' ) ) { $return = '<p>' . implode( '', getActivationMessage( $user, 'UserRegistration' ) ) . '</p>' . $return; } } } } } else { cbNotAuth(); return ' ' . CBPTXT::T("No result."); } if ( $allowHumanHtmlOutput ) { $allErrorMsgs = $this->base->getErrorMSG( '</div><div class="error">' ); if ( $allErrorMsgs ) { $errorMsg = '<div class="error">' . $allErrorMsgs . '</div>'; } else { $errorMsg = null; } /** @var string $return */ if ( ( $return == '' ) && ( $errorMsg ) ) { $this->base->outputRegTemplate(); $return = $errorMsg . '<br /><br />' . $return; $return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, '' ); } else { $return = $errorMsg . $return; } } if ( ! is_null( $oldignoreuserabort ) ) { ignore_user_abort($oldignoreuserabort); } return $return; }
} else { checkCanAdminPlugins('core.edit', $userIdPosted, 'com_users'); } $cbController = _CBloadController('user'); /** @var CBController_user $cbController */ $cbController->saveUser($option, $task); break; case 'editPlugin': checkCanAdminPlugins('core.edit', $pluginId); $cbController = _CBloadController('plugin'); /** @var CBController_plugin $cbController */ $cbController->editPlugin($option, $task, $pluginId); break; case 'savePlugin': case 'applyPlugin': cbSpoofCheck('plugin'); checkCanAdminPlugins('core.edit'); $cbController = _CBloadController('plugin'); /** @var CBController_plugin $cbController */ $cbController->savePlugin($option, $task); break; case 'pluginmenu': $cbController = _CBloadController('plugin'); /** @var CBController_plugin $cbController */ $cbController->pluginMenu($option, $pluginId); break; default: _CBloadController('default'); break; } ob_start();
function processConnectionActions($connectionids) { global $_CB_framework, $ueConfig, $_POST; // simple spoof check security cbSpoofCheck( 'manageConnections' ); if(!$ueConfig['allowConnections']) { echo _UE_FUNCTIONALITY_DISABLED; return; } if ( ! ( $_CB_framework->myId() > 0 ) ) { cbNotAuth(); return; } $cbCon = new cbConnection( $_CB_framework->myId() ); if (is_array($connectionids)) { foreach($connectionids AS $cid) { $action = cbGetParam( $_POST, $cid . 'action' ); if ( $action== 'd' ) { $cbCon->denyConnection( $_CB_framework->myId(), $cid ); } elseif ( $action == 'a' ) { $cbCon->acceptConnection( $_CB_framework->myId(), $cid ); } } } $error = $cbCon->getErrorMSG(); if ( $error ) { cbRedirect( cbSef( 'index.php?option=com_comprofiler&task=manageConnections' . getCBprofileItemid(), false ), $error, 'error' ); } else { cbRedirect( cbSef( 'index.php?option=com_comprofiler&task=manageConnections' . getCBprofileItemid(), false ), ( is_array($connectionids) ) ? _UE_CONNECTIONACTIONSSUCCESSFULL : null ); } return; }
/** * Direct access to field for custom operations, like for Ajax * * WARNING: direct unchecked access, except if $user is set, then check well for the $reason ... * * @param FieldTable $field * @param UserTable $user * @param array $postdata * @param string $reason 'profile' for user profile view, 'edit' for profile edit, 'register' for registration, 'search' for searches * @return string Expected output. */ public function fieldClass(&$field, &$user, &$postdata, $reason) { global $_CB_framework; // simple spoof check security if (!cbSpoofCheck('fieldclass', 'POST', 2) || $reason == 'register' && $_CB_framework->getUi() == 1 && !cbRegAntiSpamCheck(2)) { echo '<div class="alert alert-danger">' . CBTxt::Th('UE_SESSION_EXPIRED', 'Session expired or cookies are not enabled in your browser. Please press "reload page" in your browser, and enable cookies in your browser.') . "</div>"; exit; } return false; }
/** * @param TabTable $tab Current tab * @param UserTable $user Current user * @param int $ui 1 front, 2 admin UI * @param array $postdata Raw unfiltred POST data * @return string HTML */ public function getCBpluginComponent( $tab, $user, $ui, $postdata ) { $format = $this->input( 'format', null, GetterInterface::STRING ); if ( $format != 'raw' ) { outputCbJs(); outputCbTemplate(); } $action = $this->input( 'action', null, GetterInterface::STRING ); $function = $this->input( 'func', null, GetterInterface::STRING ); $id = (int) $this->input( 'id', null, GetterInterface::INT ); $user = CBuser::getMyUserDataInstance(); if ( $format != 'raw' ) { ob_start(); } // TODO: For B/C: remove $cat = (int) $this->input( 'cat', null, GetterInterface::INT ); $grp = (int) $this->input( 'grp', null, GetterInterface::INT ); switch ( $action ) { case 'overview': // TODO: For B/C: remove case 'allcategories': $action = 'categories'; $function = 'all'; break; case 'allgroups': $action = 'groups'; $function = 'all'; break; case 'panel': // TODO: For B/C: remove case 'mygroups': $action = 'groups'; $function = 'my'; break; case 'joinedgroups': $action = 'groups'; $function = 'joined'; break; case 'invitedgroups': $action = 'groups'; $function = 'invited'; break; case 'groupsapproval': $action = 'groups'; $function = 'approval'; break; case 'newgroup': $action = 'groups'; $function = 'new'; if ( $id ) { $this->getInput()->set( 'category', $id ); } break; case 'editgroup': $action = 'groups'; $function = 'edit'; break; case 'messagegroup': $action = 'groups'; $function = 'message'; break; case 'groupnotifications': $action = 'groups'; $function = 'notifications'; break; case 'categories': // TODO: For B/C: remove if ( $cat ) { $id = $cat; } break; case 'groups': // TODO: For B/C: remove if ( $cat ) { $this->getInput()->set( 'category', $cat ); } if ( $grp ) { $id = $grp; } break; default: // TODO: For B/C: remove if ( $cat ) { $this->getInput()->set( 'category', $cat ); } if ( $grp ) { $this->getInput()->set( 'group', $grp ); } break; } switch ( $action ) { case 'groups': switch ( $function ) { case 'reject': $this->rejectGroupInvites( $id, $user ); break; case 'cancel': $this->cancelGroupJoin( $id, $user ); break; case 'join': $this->joinGroup( $id, $user ); break; case 'leave': $this->leaveGroup( $id, $user ); break; case 'publish': $this->stateGroup( 1, $id, $user ); break; case 'unpublish': $this->stateGroup( 0, $id, $user ); break; case 'delete': $this->deleteGroup( $id, $user ); break; case 'new': $this->showGroupEdit( null, $user ); break; case 'edit': $this->showGroupEdit( $id, $user ); break; case 'save': cbSpoofCheck( 'plugin' ); $this->saveGroupEdit( $id, $user ); break; case 'message': $this->showGroupMessage( $id, $user ); break; case 'send': cbSpoofCheck( 'plugin' ); $this->sendMessage( $id, $user ); break; case 'notifications': $this->showGroupNotifications( $id, $user ); break; case 'all': $this->showGroups( 0, $user ); break; case 'allmy': // TODO: For B/C: remove case 'my': $this->showGroups( 1, $user ); break; case 'joined': $this->showGroups( 2, $user ); break; case 'invited': $this->showGroups( 3, $user ); break; case 'approval': $this->showGroups( 4, $user ); break; case 'show': default: $this->showGroup( $id, $user ); break; } break; case 'users': switch ( $function ) { case 'ban': $this->statusUser( -1, $id, $user ); break; case 'active': $this->statusUser( 1, $id, $user ); break; case 'moderator': $this->statusUser( 2, $id, $user ); break; case 'admin': $this->statusUser( 3, $id, $user ); break; case 'owner': $this->statusUser( 4, $id, $user ); break; case 'delete': $this->deleteUser( $id, $user ); break; } break; case 'invites': switch ( $function ) { case 'send': $this->sendInvite( $id, $user ); break; case 'new': $this->showInviteEdit( null, $user ); break; case 'edit': $this->showInviteEdit( $id, $user ); break; case 'save': cbSpoofCheck( 'plugin' ); $this->saveInviteEdit( $id, $user ); break; case 'delete': $this->deleteInvite( $id, $user ); break; } break; case 'notifications': switch ( $function ) { case 'save': cbSpoofCheck( 'plugin' ); $this->saveNotifications( $id, $user ); break; } break; case 'categories': default: switch ( $function ) { case 'all': $this->showCategories( $user ); break; case 'show': default: $this->showCategory( $id, $user ); break; } break; } if ( $format != 'raw' ) { $html = ob_get_contents(); ob_end_clean(); $class = $this->params->get( 'general_class', null ); $return = '<div class="cbGroupJive' . ( $class ? ' ' . htmlspecialchars( $class ) : null ) . '">' . '<div class="cbGroupJiveInner">' . $html . '</div>' . '</div>'; echo $return; } }
/** * @param TabTable $tab Current tab * @param UserTable $user Current user * @param int $ui 1 front, 2 admin UI * @param array $postdata Raw unfiltred POST data * @return string HTML */ public function getCBpluginComponent( $tab, $user, $ui, $postdata ) { global $_CB_framework; $format = $this->input( 'format', null, GetterInterface::STRING ); if ( $format != 'raw' ) { outputCbJs( 1 ); outputCbTemplate( 1 ); } $action = $this->input( 'action', null, GetterInterface::STRING ); $function = $this->input( 'func', null, GetterInterface::STRING ); $id = $this->input( 'id', null, GetterInterface::STRING ); $userId = (int) $this->input( 'usr', null, GetterInterface::INT ); $this->_tab = (int) $this->input( 'tab', null, GetterInterface::INT ); if ( $userId ) { $user = CBuser::getUserDataInstance( (int) $userId ); } else { $user = CBuser::getMyUserDataInstance(); } ob_start(); switch ( $action ) { case 'prune': switch ( $function ) { case 'block': case 'log': case 'attempts': $this->pruneItems( $function, false ); break; case 'all': default: $this->pruneAll( false ); break; } break; case 'captcha': switch ( $function ) { case 'question': case 'internal': case 'image': $this->captchaImage( $id, $function ); break; case 'audio': $this->captchaAudio( $id ); break; } break; case 'block': if ( ! $this->_tab ) { $this->_tab = 'cbantispamTabBlocks'; } $profileUrl = $_CB_framework->userProfileUrl( (int) $user->get( 'id' ), false, $this->_tab ); if ( ! $this->params->get( 'general_block', 1 ) ) { cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' ); } if ( ( ! Application::MyUser()->isGlobalModerator() ) || Application::User( (int) $user->get( 'id' ) )->isGlobalModerator() ) { cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' ); } switch ( $function ) { case 'user': $this->showBlock( $id, 'user', $user ); break; case 'ip': $this->showBlock( $id, 'ip', $user ); break; case 'email': $this->showBlock( $id, 'email', $user ); break; case 'domain': $this->showBlock( $id, 'domain', $user ); break; case 'edit': $this->showBlock( $id, null, $user ); break; case 'new': $this->showBlock( null, null, $user ); break; case 'save': cbSpoofCheck( 'plugin' ); $this->saveBlock( $id, $user ); break; case 'delete': $this->deleteBlock( $id, $user ); break; case 'show': default: cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' ); break; } break; case 'whitelist': if ( ! $this->_tab ) { $this->_tab = 'cbantispamTabWhitelists'; } $profileUrl = $_CB_framework->userProfileUrl( $user->get( 'id' ), false, $this->_tab ); if ( ! $this->params->get( 'general_whitelist', 1 ) ) { cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' ); } if ( ( ! Application::MyUser()->isGlobalModerator() ) || Application::User( (int) $user->get( 'id' ) )->isGlobalModerator() ) { cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' ); } switch ( $function ) { case 'user': $this->showWhitelist( $id, 'user', $user ); break; case 'ip': $this->showWhitelist( $id, 'ip', $user ); break; case 'email': $this->showWhitelist( $id, 'email', $user ); break; case 'domain': $this->showWhitelist( $id, 'domain', $user ); break; case 'edit': $this->showWhitelist( $id, null, $user ); break; case 'new': $this->showWhitelist( null, null, $user ); break; case 'save': cbSpoofCheck( 'plugin' ); $this->saveWhitelist( $id, $user ); break; case 'delete': $this->deleteWhitelist( $id, $user ); break; case 'show': default: cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' ); break; } break; case 'attempt': if ( ! $this->_tab ) { $this->_tab = 'cbantispamTabAttempts'; } $profileUrl = $_CB_framework->userProfileUrl( $user->get( 'id' ), false, $this->_tab ); if ( ! $this->params->get( 'general_attempts', 1 ) ) { cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' ); } if ( ( ! Application::MyUser()->isGlobalModerator() ) || Application::User( (int) $user->get( 'id' ) )->isGlobalModerator() ) { cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' ); } switch ( $function ) { case 'delete': $this->deleteAttempt( $id, $user ); break; case 'show': default: cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' ); break; } break; case 'log': if ( ! $this->_tab ) { $this->_tab = 'cbantispamTabLog'; } $profileUrl = $_CB_framework->userProfileUrl( $user->get( 'id' ), false, $this->_tab ); if ( ! $this->params->get( 'general_log', 1 ) ) { cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' ); } if ( ( ! Application::MyUser()->isGlobalModerator() ) || Application::User( (int) $user->get( 'id' ) )->isGlobalModerator() ) { cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' ); } switch ( $function ) { case 'delete': $this->deleteLog( $id, $user ); break; case 'show': default: cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' ); break; } break; default: cbRedirect( 'index.php', CBTxt::T( 'Not authorized.' ), 'error' ); break; } $html = ob_get_contents(); ob_end_clean(); if ( $format != 'raw' ) { $class = $this->params->get( 'general_class', null ); $return = '<div id="cbAntiSpam" class="cbAntiSpam' . ( $class ? ' ' . htmlspecialchars( $class ) : null ) . '">' . '<div id="cbAntiSpamInner" class="cbAntiSpamInner">' . $html . '</div>' . '</div>'; } else { $return = $html; } echo $return; }
/** * Draws Users list (ECHO) * * @param int $userId * @param int $listId * @param array $postData * @return void */ public function drawUsersList($userId, $listId, $postData) { global $_CB_database, $_PLUGINS; $_PLUGINS->loadPluginGroup('user'); $searchData = cbGetParam($postData, 'search'); $limitstart = (int) cbGetParam($postData, 'limitstart'); $searchMode = (int) cbGetParam($postData, 'searchmode', 0); $random = (int) cbGetParam($postData, 'rand', 0); $cbUser = CBuser::getInstance((int) $userId, false); $user = $cbUser->getUserData(); $search = null; $input = array(); $publishedLists = array(); $query = 'SELECT *' . "\n FROM " . $_CB_database->NameQuote('#__comprofiler_lists') . "\n WHERE " . $_CB_database->NameQuote('published') . " = 1" . "\n AND " . $_CB_database->NameQuote('viewaccesslevel') . " IN " . $_CB_database->safeArrayOfIntegers(Application::MyUser()->getAuthorisedViewLevels()) . "\n ORDER BY " . $_CB_database->NameQuote('ordering'); $_CB_database->setQuery($query); /** @var ListTable[] $userLists */ $userLists = $_CB_database->loadObjectList(null, '\\CB\\Database\\Table\\ListTable', array($_CB_database)); if ($userLists) { foreach ($userLists as $userList) { $publishedLists[] = moscomprofilerHTML::makeOption((int) $userList->listid, strip_tags($cbUser->replaceUserVars($userList->title, false, false))); if (!$listId && $userList->default) { $listId = (int) $userList->listid; } } if (!$listId) { $listId = (int) $userLists[0]->listid; } } if (!$listId) { echo CBTxt::Th('UE_NOLISTFOUND', 'There are no published user lists!'); return; } if ($userLists) { $input['plists'] = moscomprofilerHTML::selectList($publishedLists, 'listid', 'class="form-control input-block" onchange="this.form.submit();"', 'value', 'text', (int) $listId, 1); } $row = self::getInstance((int) $listId); if (!$row) { echo CBTxt::Th('UE_LIST_DOES_NOT_EXIST', 'This list does not exist'); return; } if (!$cbUser->authoriseView('userslist', $row->listid)) { echo CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!'); return; } $params = new Registry($row->params); if ($params->get('hotlink_protection', 0) == 1) { if ($searchData !== null || $limitstart) { cbSpoofCheck('userslist', 'GET'); } } $limit = (int) $params->get('list_limit', 30); if (!$limit) { $limit = 30; } if ($params->get('list_paging', 1) != 1) { $limitstart = 0; } $isModerator = Application::MyUser()->isGlobalModerator(); $_PLUGINS->trigger('onStartUsersList', array(&$listId, &$row, &$search, &$limitstart, &$limit)); // Prepare query variables: $userGroupIds = explode('|*|', $row->usergroupids); $orderBy = self::getSorting($listId, $userId, $random); $filterBy = self::getFiltering($listId, $userId); $columns = self::getColumns($listId, $userId); // Grab all the fields the $user can access: $tabs = new cbTabs(0, 1); $fields = $tabs->_getTabFieldsDb(null, $user, 'list'); // Build the field SQL: $tableReferences = array('#__comprofiler' => 'ue', '#__users' => 'u'); $searchableFields = array(); $fieldsSQL = cbUsersList::getFieldsSQL($columns, $fields, $tableReferences, $searchableFields, $params); $_PLUGINS->trigger('onAfterUsersListFieldsSql', array(&$columns, &$fields, &$tableReferences)); // Build the internal joins and where statements best off list parameters: $tablesSQL = array(); $joinsSQL = array(); $tablesWhereSQL = array(); if ($isModerator) { if (!$params->get('list_show_blocked', 0)) { $tablesWhereSQL['block'] = 'u.block = 0'; } if (!$params->get('list_show_banned', 1)) { $tablesWhereSQL['banned'] = 'ue.banned = 0'; } if (!$params->get('list_show_unapproved', 0)) { $tablesWhereSQL['approved'] = 'ue.approved = 1'; } if (!$params->get('list_show_unconfirmed', 0)) { $tablesWhereSQL['confirmed'] = 'ue.confirmed = 1'; } } else { $tablesWhereSQL = array('block' => 'u.block = 0', 'approved' => 'ue.approved = 1', 'confirmed' => 'ue.confirmed = 1', 'banned' => 'ue.banned = 0'); } $joinsSQL[] = 'JOIN #__user_usergroup_map g ON g.`user_id` = u.`id`'; if ($userGroupIds) { $tablesWhereSQL['gid'] = 'g.group_id IN ' . $_CB_database->safeArrayOfIntegers($userGroupIds); } foreach ($tableReferences as $table => $name) { if ($name == 'u') { $tablesSQL[] = $table . ' ' . $name; } else { $joinsSQL[] = 'JOIN ' . $table . ' ' . $name . ' ON ' . $name . '.`id` = u.`id`'; } } // Build the search criteria: $searchValues = new stdClass(); $searchesFromFields = $tabs->applySearchableContents($searchableFields, $searchValues, $postData, $params->get('list_compare_types', 0)); $whereFields = $searchesFromFields->reduceSqlFormula($tableReferences, $joinsSQL, true); if ($whereFields) { $tablesWhereSQL[] = '(' . $whereFields . ')'; } $_PLUGINS->trigger('onBeforeUsersListBuildQuery', array(&$tablesSQL, &$joinsSQL, &$tablesWhereSQL)); // Construct the FROM and WHERE for the userlist query: $queryFrom = "FROM " . implode(', ', $tablesSQL) . (count($joinsSQL) ? "\n " . implode("\n ", $joinsSQL) : '') . "\n WHERE " . implode("\n AND ", $tablesWhereSQL) . " " . $filterBy; $_PLUGINS->trigger('onBeforeUsersListQuery', array(&$queryFrom, 1, $listId)); // $ui = 1 (frontend) $errorMsg = null; // Checks if the list is being actively searched and it allows searching; otherwise reset back to normal: $searchCount = count(get_object_vars($searchValues)); if ($params->get('list_search', 1) > 0 && $params->get('list_search_empty', 0) && !$searchCount) { $searchMode = 1; $listAll = false; } else { $listAll = $searchCount ? true : false; } if ($searchMode == 0 || $searchMode == 1 && $searchCount || $searchMode == 2) { // Prepare the userlist count query for pagination: $_CB_database->setQuery("SELECT COUNT( DISTINCT u.id ) " . $queryFrom); $total = $_CB_database->loadResult(); if ($limit > $total || $limitstart >= $total) { $limitstart = 0; } // Prepare the actual userlist query to build a list of users: $query = "SELECT DISTINCT ue.*, u.*, '' AS 'NA' " . ($fieldsSQL ? ", " . $fieldsSQL . " " : '') . $queryFrom . " " . $orderBy; $_CB_database->setQuery($query, (int) $limitstart, (int) $limit); /** @var UserTable[] $users */ $users = $_CB_database->loadObjectList(null, '\\CB\\Database\\Table\\UserTable', array($_CB_database)); if (!$_CB_database->getErrorNum()) { $profileLink = $params->get('allow_profilelink', 1); // If users exist lets cache them and disable profile linking if necessary: if ($users) { foreach (array_keys($users) as $k) { // Add this user to cache: CBuser::setUserGetCBUserInstance($users[$k]); if (!$profileLink) { $users[$k]->set('_allowProfileLink', 0); } } } } else { $errorMsg = CBTxt::T('UE_ERROR_IN_QUERY_TURN_SITE_DEBUG_ON_TO_VIEW', 'There is an error in the database query. Site admin can turn site debug to on to view and fix the query.'); } if ($searchCount) { $search = ''; } else { $search = null; } if ($search === null && ($searchMode == 1 && $searchCount || $searchMode == 2)) { $search = ''; } } else { $total = 0; $users = array(); if ($search === null) { $search = ''; } } $pageNav = new cbPageNav($total, $limitstart, $limit); HTML_comprofiler::usersList($row, $users, $columns, $fields, $input, $search, $searchMode, $pageNav, $user, $searchableFields, $searchValues, $tabs, $errorMsg, $listAll, $random); }