Пример #1
0
function reportUser($option,$form=1,$uid=0) {
	global $_CB_framework, $_CB_database, $ueConfig, $Itemid, $_POST;

	if($ueConfig['allowUserReports']==0) {
			echo _UE_FUNCTIONALITY_DISABLED;
			exit();
	}
	if (!allowAccess( $ueConfig['allow_profileviewbyGID'],'RECURSE', userGID( $_CB_framework->myId() ))) {
		echo _UE_NOT_AUTHORIZED;
		return;
	}
	if($form==1) {
		HTML_comprofiler::reportUserForm($option,$uid);
	} else {
		// simple spoof check security
		cbSpoofCheck( 'reportUserForm' );

		$row = new moscomprofilerUserReport( $_CB_database );

		if (!$row->bind( $_POST )) {
			cbRedirect( cbSef("index.php?option=$option&task=reportUser".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $row->getError(), 'error' );
			return;
		}

		_cbMakeHtmlSafe($row);			//TBD: remove this: not urgent but isn't right

		$row->reportedondate = date("Y-m-d H:i:s");

		if (!$row->check()) {
			cbRedirect( cbSef("index.php?option=$option&task=reportUser".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $row->getError(), 'error' );
			return;
		}

		if (!$row->store()) {
			cbRedirect( cbSef("index.php?option=$option&task=reportUser".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $row->getError(), 'error' );
			return;
		}
		if($ueConfig['moderatorEmail']==1) {
			$cbNotification = new cbNotification();
			$cbNotification->sendToModerators(_UE_USERREPORT_SUB,_UE_USERREPORT_MSG);
		}
		echo _UE_USERREPORT_SUCCESSFUL;
	}
}
 function bindSafely(&$array, $ui, $reason, &$oldUserComplete)
 {
     global $_CB_framework, $ueConfig, $_PLUGINS;
     // Some basic sanitizations and securitizations: usertype will be re-computed based on gid in store()
     $this->id = (int) $this->id;
     if (checkJversion() == 2) {
         $this->gids = is_array($this->gids) ? $this->gids : array($this->gid);
         $this->gid = (int) $_CB_framework->acl->getBackwardsCompatibleGid($this->gids);
     } else {
         $this->gid = (int) $this->gid;
         $this->gids = array($this->gid);
     }
     if (!$this->gid) {
         $this->gid = null;
     }
     if ($ui == 1) {
         if ($this->id) {
             // Front-end edit user: no changes in gid/usertype and confirmed/approved states
             $this->gid = (int) $oldUserComplete->gid;
             $this->gids = $oldUserComplete->gids;
             $this->usertype = $oldUserComplete->usertype;
             $this->block = (int) $oldUserComplete->block;
             $this->sendEmail = (int) $oldUserComplete->sendEmail;
             $this->confirmed = (int) $oldUserComplete->confirmed;
             $this->approved = (int) $oldUserComplete->approved;
         } else {
             // Front-end user registration: handle this here, so it is available to all plugins:
             $this->usertype = $_CB_framework->getCfg('new_usertype');
             $this->gid = (int) $_CB_framework->acl->get_group_id($this->usertype, 'ARO');
             $this->gids = array($this->gid);
             if ($ueConfig['reg_admin_approval'] == 0) {
                 $this->approved = 1;
             } else {
                 $this->approved = 0;
                 $this->block = 1;
             }
             if ($ueConfig['reg_confirmation'] == 0) {
                 $this->confirmed = 1;
             } else {
                 $this->confirmed = 0;
                 $this->block = 1;
             }
             if ($this->confirmed == 1 && $this->approved == 1) {
                 $this->block = 0;
             } else {
                 $this->block = 1;
             }
             $this->sendEmail = 0;
         }
         // Nb.: Backend user edit and new user are handled in core plugin CBfield_userparams field handler class
     }
     // By default, don't touch the hashed password, unless a new password is set by the saveTabsContents binding:
     $this->password = null;
     $this->_original_email = $this->email;
     // needed for checkSafely()
     // Process the fields in form by CB field plugins:
     $_PLUGINS->loadPluginGroup('user');
     $this->_cbTabs = new cbTabs(0, $ui, null, false);
     $this->_cbTabs->saveTabsContents($this, $array, $reason);
     $errors = $_PLUGINS->getErrorMSG(false);
     if (count($errors) > 0) {
         $this->_error = $errors;
         return false;
     }
     // Now do CMS-specific stuff, specially bugs-workarounds:
     $postCopy = array();
     if ($ui == 1) {
         $vars = $this->_frontendNonComprofilerVars;
     } else {
         $vars = $this->_nonComprofilerVars;
     }
     foreach ($vars as $k) {
         if (isset($this->{$k})) {
             $postCopy[$k] = $this->{$k};
         }
     }
     if (isset($postCopy['password'])) {
         $postCopy['verifyPass'] = $postCopy['password'];
         // Mambo and Joomla 1.0 has it in password2 and checks it in bind() !
         $postCopy['password2'] = $postCopy['password'];
         // Joomla 1.5 has it in password2 and checks it in bind() !
     }
     $this->_mapUsers();
     $row =& $this->_cmsUser;
     $pwd = $this->password;
     // maybe cleartext at that stage.
     if ($pwd == '') {
         $pwd = null;
         // empty: don't update/change
         $this->password = null;
     }
     $rowBindResult = $row->bind($postCopy);
     // in Joomla 1.5, this modifies $postCopy and hashes password !
     if (!$rowBindResult) {
         if (checkJversion() == 1) {
             $this->_error = $row->getErrors();
             foreach (array_keys($this->_error) as $ek) {
                 $this->_error[$ek] = stripslashes($this->_error[$ek]);
             }
         } else {
             $this->_error = array(stripslashes($row->getError()));
         }
         return false;
     }
     // Finally, emulate a pre-joomla 1.0.11 bug where jos_users was wtih htmlspecialchars ! :
     if (checkJversion() == 0) {
         if (checkJversion('dev_level') < 11) {
             _cbMakeHtmlSafe($row);
         }
     }
     $row->password = $pwd;
     // J1.0: no htmlspecialchars on password, J1.5: restore cleartext password at this stage.
     return true;
 }