/**
* @param cbautoactionsActionTable $trigger
* @param UserTable $user
*/
public function execute( $trigger, $user )
{
$params = $trigger->getParams()->subTree( 'loginlogout' );
cbimport( 'cb.authentication' );
$cbAuthenticate = new CBAuthentication();
$isHttps = ( isset( $_SERVER['HTTPS'] ) && ( ! empty( $_SERVER['HTTPS'] ) ) && ( $_SERVER['HTTPS'] != 'off' ) );
$returnUrl = 'http' . ( $isHttps ? 's' : '' ) . '://' . $_SERVER['HTTP_HOST'];
if ( ( ! empty( $_SERVER['PHP_SELF'] ) ) && ( ! empty( $_SERVER['REQUEST_URI'] ) ) ) {
$returnUrl .= $_SERVER['REQUEST_URI'];
} else {
$returnUrl .= $_SERVER['SCRIPT_NAME'];
if ( isset( $_SERVER['QUERY_STRING'] ) && ( ! empty( $_SERVER['QUERY_STRING'] ) ) ) {
$returnUrl .= '?' . $_SERVER['QUERY_STRING'];
}
}
$returnUrl = cbUnHtmlspecialchars( preg_replace( '/[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']/', '""', preg_replace( '/eval\((.*)\)/', '', htmlspecialchars( urldecode( $returnUrl ) ) ) ) );
if ( preg_match( '/index.php\?option=com_comprofiler&task=confirm&confirmCode=|index.php\?option=com_comprofiler&view=confirm&confirmCode=|index.php\?option=com_comprofiler&task=login|index.php\?option=com_comprofiler&view=login/', $returnUrl ) ) {
$returnUrl = 'index.php';
}
$redirect = $trigger->getSubstituteString( $params->get( 'redirect', null, GetterInterface::STRING ), array( 'cbautoactionsClass', 'escapeURL' ) );
if ( $redirect ) {
$returnUrl = $redirect;
}
$message = $trigger->getSubstituteString( CBTxt::T( $params->get( 'message', null, GetterInterface::RAW ) ), false );
if ( $params->get( 'mode', 1, GetterInterface::BOOLEAN ) ) {
$messagesToUser = array();
$alertMessages = array();
if ( $params->get( 'method', 1, GetterInterface::BOOLEAN ) ) {
$credentials = $trigger->getSubstituteString( $params->get( 'username', null, GetterInterface::STRING ) );
$method = 0;
} else {
$credentials = $trigger->getSubstituteString( $params->get( 'email', null, GetterInterface::STRING ) );
$method = 1;
}
$resultError = $cbAuthenticate->login( $credentials, false, 0, 1, $returnUrl, $messagesToUser, $alertMessages, $method );
if ( $redirect ) {
cbRedirect( $redirect, ( $resultError ? $resultError : ( $message ? $message : ( $alertMessages ? stripslashes( implode( '<br />', $alertMessages ) ) : null ) ) ), ( $resultError ? 'error' : 'message' ) );
}
} else {
$resultError = $cbAuthenticate->logout( $returnUrl );
if ( $redirect ) {
cbRedirect( $redirect, ( $resultError ? $resultError : ( $message ? $message : CBTxt::T( 'LOGOUT_SUCCESS', 'You have successfully logged out' ) ) ), ( $resultError ? 'error' : 'message' ) );
}
}
}
/**
* Outputs legacy user edit display
*
* @deprecated 2.0
*
* @param UserTable $user
* @param string $option
* @param int $newCBuser
* @param array $postdata
*/
public function edituser($user, $option, $newCBuser, &$postdata)
{
global $_CB_framework, $_CB_Backend_Title, $_PLUGINS;
$results = $_PLUGINS->trigger('onBeforeUserProfileEditDisplay', array(&$user, 2));
if ($_PLUGINS->is_errors()) {
cbRedirect($_CB_framework->backendViewUrl('showusers'), $_PLUGINS->getErrorMSG(), 'error');
}
_CBsecureAboveForm('edituser');
cbimport('cb.validator');
outputCbTemplate(2);
initToolTip(2);
outputCbJs(2);
$tabs = new cbTabs($_CB_framework->getUi() == 2 && !isset($_REQUEST['tab']) ? 1 : 0, 2);
// use cookies in backend to remember selected tab.
$tabcontent = $tabs->getEditTabs($user, $postdata, 'htmledit', 'divs');
$_CB_Backend_Title = array(0 => array('fa fa-user', $user->id ? CBTxt::T('COMMUNITY_BUILDER_EDIT_USER_USERNAME', 'Community Builder: Edit User [[username]]', array('[username]' => $user->username)) : CBTxt::T('Community Builder: New User')));
cbValidator::loadValidation();
if (is_array($results)) {
echo implode('', $results);
}
$return = '<form action="' . $_CB_framework->backendUrl('index.php') . '" method="post" name="adminForm" id="cbcheckedadminForm" enctype="multipart/form-data" autocomplete="off" class="cb_form form-auto cbValidation">' . $tabcontent . '<input type="hidden" name="id" value="' . (int) $user->id . '" />' . '<input type="hidden" name="newCBuser" value="' . (int) $newCBuser . '" />' . '<input type="hidden" name="option" value="com_comprofiler" />' . '<input type="hidden" name="view" value="save" />' . cbGetSpoofInputTag('user') . '<div class="cbIconsBottom">' . getFieldIcons(2, true, true, '', '', true) . '</div>' . '</form>';
echo $return;
}
/**
* Redirects to the return url if available otherwise to the url specified
*
* @param string $url
* @param null|string $message
* @param string $messageType
*/
static public function returnRedirect( $url, $message = null, $messageType = 'message' )
{
$returnUrl = self::getReturn( true, true );
cbRedirect( ( $returnUrl ? $returnUrl : $url ), $message, $messageType );
}
/**
* Saves the CB plugin view after an edit view form submit
*
* @param array $options
* @param array $actionPath
* @param array $keyValues
* @param array $parametersValues
* @param SimpleXMLElement $viewModel
* @param TableInterface $data
* @param RegistryEditController $params
* @param string $mode
* @param string $dataModelType
* @param PluginTable $plugin
* @param SimpleXMLElement $dataModel
* @param RegistryInterface $pluginParams
* @param string $cbprevstate
* @param int $ui
* @return null|string NULL: ok, STRING: error
*/
protected function savePluginView($options, $actionPath, $keyValues, $parametersValues, $viewModel, $data, $params, &$mode, $dataModelType, $plugin, $dataModel, $pluginParams, $cbprevstate, $ui)
{
global $_CB_framework;
new cbTabs(false, 2, -1, false);
// prevents output of CB tabs js code until we are done with drawing (or redirecting)
$resultingMsg = null;
cbSpoofCheck('plugin');
$postArray = $this->input->getNamespaceRegistry('post')->asArray();
// List of variables to exclude from the $postArray:
$exclude = array('option', 'cid', 'cbprevstate', cbSpoofField());
foreach ($actionPath as $k => $v) {
$exclude[] = $k;
}
// Remove the exclude variables from the $postArray before being used in the below cases:
foreach ($exclude as $v) {
if (isset($postArray[$v])) {
unset($postArray[$v]);
}
}
// Fix multi-selects and multi-checkboxes arrays to |*|-delimited strings:
$postArray = $this->recursiveMultiSelectFix($postArray);
foreach ($postArray as $key => $value) {
if (property_exists($data, $key)) {
$postArray[$key] = is_array($value) ? json_encode($value) : $value;
}
}
$errorMsg = null;
switch ($dataModelType) {
case 'sql:row':
if ($ui == 2) {
if (true !== ($error = RegistryEditView::validateAndBindPost($params, $postArray))) {
$errorMsg = $error;
break;
}
if (!$data->bind($postArray)) {
$errorMsg = $data->getError();
break;
}
} else {
RegistryEditView::setFieldsListArrayValues(true);
$fields = $params->draw(null, null, null, null, null, null, false, 'param', 'fieldsListArray');
// New CB2.0 way for bind():
foreach ($fields as $key => $value) {
if (property_exists($data, $key)) {
$data->{$key} = is_array($value) ? json_encode($value) : $value;
}
}
}
if (!$data->check()) {
$errorMsg = $data->getError();
break;
}
$dataModelKey = $data->getKeyName();
$dataModelValueOld = $data->{$dataModelKey};
if ($mode == 'savecopy') {
if (!$data->canCopy($data)) {
$errorMsg = $data->getError();
break;
}
if (!$data->copy($data)) {
$errorMsg = $data->getError();
break;
}
} else {
if (!$data->store()) {
$errorMsg = $data->getError();
break;
}
}
$dataModelValue = $data->{$dataModelKey};
// Id changed; be sure to update the url encase of redirect:
if (count($keyValues) == 1) {
$urlKeys = array_keys($keyValues);
$urlDataKey = $urlKeys[0];
if ($mode == 'savenew') {
unset($actionPath[$urlDataKey]);
} elseif ($dataModelValue != $dataModelValueOld) {
$actionPath[$urlDataKey] = $dataModelValue;
}
}
if ($data->hasFeature('checkout')) {
/** @var \CBLib\Database\Table\CheckedOrderedTable $data */
$data->checkin();
}
$this->savePluginViewOrder($data, $viewModel);
$resultingMsg = $data->cbResultOfStore();
break;
case 'sql:field':
// <data name="params" type="sql:field" table="#__cbsubs_config" class="cbpaidConfig" key="id" value="1" valuetype="sql:int" />
$dataModelName = $dataModel->attributes('name');
$dataModelKey = $dataModel->attributes('key');
$dataModelValue = $dataModel->attributes('value');
if ($ui == 2) {
if (true !== ($error = RegistryEditView::validateAndBindPost($params, $postArray))) {
$errorMsg = $error;
break;
}
}
$rawParams = array();
$rawParams[$dataModelName] = json_encode($postArray);
$xmlsql = new XmlQuery($this->db, null, $pluginParams);
$xmlsql->process_data($dataModel);
if ($dataModelValue) {
$result = $xmlsql->queryUpdate($rawParams);
} else {
$result = $xmlsql->queryInsert($rawParams, $dataModelKey);
}
if (!$result) {
$errorMsg = $xmlsql->getErrorMsg();
}
break;
case 'parameters':
if ($ui == 2) {
if (true !== ($error = RegistryEditView::validateAndBindPost($params, $postArray))) {
$errorMsg = $error;
break;
}
}
$rawParams = array();
$rawParams['params'] = json_encode($postArray);
// $plugin = new PluginTable( $this->_db );
// $plugin->load( $pluginId );
if (!$plugin->bind($rawParams)) {
$errorMsg = $plugin->getError();
break;
}
if (!$plugin->check()) {
$errorMsg = $plugin->getError();
break;
}
if (!$plugin->store()) {
$errorMsg = $plugin->getError();
break;
}
$plugin->checkin();
$plugin->updateOrder("type='" . $plugin->getDbo()->getEscaped($plugin->type) . "' AND ordering > -10000 AND ordering < 10000 ");
$resultingMsg = $plugin->cbResultOfStore();
break;
case 'class':
if ($ui == 2) {
if (true !== ($error = RegistryEditView::validateAndBindPost($params, $postArray))) {
$errorMsg = $error;
break;
}
}
if (!$data->bind($postArray)) {
$errorMsg = $data->getError();
break;
}
if (!$data->check()) {
$errorMsg = $data->getError();
break;
}
if (!$data->store()) {
$errorMsg = $data->getError();
break;
}
if ($data->hasFeature('checkout')) {
/** @var \CBLib\Database\Table\CheckedOrderedTable $data */
$data->checkin();
}
$this->savePluginViewOrder($data, $viewModel);
$resultingMsg = $data->cbResultOfStore();
break;
case 'sql:multiplerows':
default:
echo 'Save error: showview data type: ' . $dataModelType . ' not implemented !';
exit;
break;
}
if ($ui == 2) {
$url = 'index.php?option=' . $options['option'] . '&view=' . $options['view'];
if ($options['view'] == 'editPlugin') {
$url .= '&cid=' . $options['pluginid'];
}
$url = $_CB_framework->backendUrl($url);
} else {
$url = 'index.php';
if (count($options) > 0) {
$fixOptions = array();
foreach ($options as $k => $v) {
$fixOptions[$k] = $k . '=' . urlencode($v);
}
$url .= '?' . implode('&', $fixOptions);
}
}
if (isset($data->title)) {
$dataItem = CBTxt::T($data->title);
} elseif (isset($data->name)) {
$dataItem = CBTxt::T($data->name);
} else {
$dataItem = null;
}
if ($errorMsg) {
if (in_array($mode, array('save', 'savenew', 'savecopy'))) {
$mode = 'apply';
}
$msg = CBTxt::T('FAILED_TO_SAVE_LABEL_ITEM_BECAUSE_ERROR', 'Failed to save [label] [item] because: [error]', array('[label]' => $viewModel->attributes('label'), '[item]' => $dataItem, '[error]' => $errorMsg));
$msgType = 'error';
} else {
$msg = CBTxt::T('SUCCESSFULLY_SAVED_LABEL_ITEM', 'Successfully saved [label] [item]', array('[label]' => $viewModel->attributes('label'), '[item]' => $dataItem));
$msgType = 'message';
}
switch ($mode) {
case 'apply':
case 'savenew':
case 'savecopy':
unset($actionPath['view']);
foreach ($actionPath as $k => $v) {
if ($v !== '') {
$url .= '&' . $k . '=' . $v;
}
}
foreach ($parametersValues as $k => $v) {
$url .= '&' . $k . '=' . $v;
}
if ($cbprevstate) {
$url .= '&cbprevstate=' . $cbprevstate;
}
break;
case 'save':
if ($cbprevstate) {
$prevUrl = base64_decode($cbprevstate);
// $parametersValues[] = "'" . base64_encode( implode( '&', $cbprevstate ) ) . "'";
if (!preg_match('$[:/]$', $prevUrl)) {
$prevUrl = str_replace('&pluginid=', '&cid=', $prevUrl);
if ($ui == 2) {
$url = $_CB_framework->backendUrl('index.php?' . $prevUrl);
} else {
$url = 'index.php?' . $prevUrl;
}
}
}
break;
}
if ($resultingMsg) {
if ($ui != 2) {
return $resultingMsg;
// in frontend, for now, don't redirect here: think this is right !
} else {
// If not an apply then change it to an apply so we can redisplay the view with the resulting message above it:
if (in_array($mode, array('save', 'savenew', 'savecopy'))) {
$mode = 'apply';
}
echo $resultingMsg;
}
} else {
if ($ui != 2) {
return null;
// in frontend, for now, don't redirect here: think this is right !
// $url = cbUnHtmlspecialchars( cbSef( $url ) );
}
if ($mode == 'apply' && $errorMsg) {
$_CB_framework->enqueueMessage($msg, $msgType);
} else {
cbRedirect($ui == 2 ? $url : cbSef(htmlspecialchars($url), false), $msg, $msgType);
}
}
return null;
}
/**
* unattend event
*
* @param int $id
* @param UserTable $user
*/
private function unattendEvent( $id, $user )
{
global $_CB_framework;
$event = CBGroupJiveEvents::getEvent( (int) $id );
$returnUrl = $_CB_framework->pluginClassUrl( $this->_gjPlugin->element, false, array( 'action' => 'groups', 'func' => 'show', 'id' => (int) $event->get( 'group' ) ) );
if ( $event->get( 'id' ) ) {
if ( ! CBGroupJive::canAccessGroup( $event->group(), $user ) ) {
cbRedirect( $returnUrl, CBTxt::T( 'Group does not exist.' ), 'error' );
} elseif ( ! CBGroupJive::isModerator( $user->get( 'id' ) ) ) {
if ( ( $event->get( 'published' ) != 1 ) && ( CBGroupJive::getGroupStatus( $user, $event->group() ) < 2 ) ) {
cbRedirect( $returnUrl, CBTxt::T( 'You do not have access to this event.' ), 'error' );
} elseif ( CBGroupJive::getGroupStatus( $user, $event->group() ) < 1 ) {
cbRedirect( $returnUrl, CBTxt::T( 'You do not have sufficient permissions to unattend this event.' ), 'error' );
} elseif ( $event->status() == 1 ) {
cbRedirect( $returnUrl, CBTxt::T( 'You can not unattend an expired event.' ), 'error' );
}
}
} else {
cbRedirect( $returnUrl, CBTxt::T( 'Event does not exist.' ), 'error' );
}
$row = new AttendanceTable();
$row->load( array( 'user_id' => (int) $user->get( 'id' ), 'event' => (int) $event->get( 'id' ) ) );
if ( ! $row->get( 'id' ) ) {
cbRedirect( $returnUrl, CBTxt::T( 'You can not unattend an event you are not attending.' ), 'error' );
}
if ( ! $row->canDelete() ) {
cbRedirect( $returnUrl, CBTxt::T( 'GROUP_EVENT_FAILED_TO_UNATTEND', 'Event failed to unattend. Error: [error]', array( '[error]' => $row->getError() ) ), 'error' );
}
if ( ! $row->delete() ) {
cbRedirect( $returnUrl, CBTxt::T( 'GROUP_EVENT_FAILED_TO_UNATTEND', 'Event failed to unattend. Error: [error]', array( '[error]' => $row->getError() ) ), 'error' );
}
$extras = array( 'event_title' => htmlspecialchars( $event->get( 'title' ) ),
'event' => '<a href="' . $_CB_framework->pluginClassUrl( $this->_gjPlugin->element, false, array( 'action' => 'groups', 'func' => 'show', 'id' => (int) $event->get( 'group' ), 'tab' => 'grouptabevents' ) ) . '">' . htmlspecialchars( CBTxt::T( $event->get( 'title' ) ) ) . '</a>' );
CBGroupJive::sendNotifications( 'event_unattend', CBTxt::T( 'User unattended your group event' ), CBTxt::T( '[user] will no longer be attending your event [event] in the group [group]!' ), $event->group(), $user, (int) $event->get( 'user_id' ), array(), 1, $extras );
cbRedirect( $returnUrl, CBTxt::T( 'Event unattended successfully!' ) );
}
/**
* save notifications
*
* @param int $id
* @param UserTable $user
*/
private function saveNotifications( $id, $user )
{
global $_CB_framework;
$row = new NotificationTable();
$isModerator = CBGroupJive::isModerator( $user->get( 'id' ) );
$group = CBGroupJive::getGroup( $id );
$row->load( array( 'user_id' => (int) $user->get( 'id' ), 'group' => (int) $group->get( 'id' ) ) );
$returnUrl = $_CB_framework->pluginClassUrl( $this->element, false, array( 'action' => 'groups', 'func' => 'show', 'id' => (int) $group->get( 'id' ) ) );
if ( ! CBGroupJive::canAccessGroup( $group, $user ) ) {
cbRedirect( $returnUrl, CBTxt::T( 'Group does not exist.' ), 'error' );
} elseif ( ! $this->params->get( 'notifications', 1 ) ) {
cbRedirect( $returnUrl, CBTxt::T( 'You do not have access to notifications in this group.' ), 'error' );
} elseif ( $row->get( 'id' ) && ( $user->get( 'id' ) != $row->get( 'user_id' ) ) ) {
cbRedirect( $returnUrl, CBTxt::T( 'You do not have sufficient permissions to edit this users notifications.' ), 'error' );
} elseif ( ! $isModerator ) {
if ( ! CBGroupJive::canCreateGroupContent( $user, $group ) ) {
cbRedirect( $returnUrl, CBTxt::T( 'You do not have sufficient permissions to notifications in this group.' ), 'error' );
}
}
$row->set( 'user_id', $row->get( 'user_id', (int) $user->get( 'id' ) ) );
$row->set( 'group', $row->get( 'group', (int) $group->get( 'id' ) ) );
foreach ( $this->getInput()->subTree( 'params' ) as $k => $v ) {
if ( is_array( $v ) || is_object( $v ) ) {
continue;
}
$k = Get::clean( $k, GetterInterface::COMMAND );
if ( $k ) {
if ( is_numeric( $v ) ) {
$v = (int) $this->input( 'post/params.' . $k, null, GetterInterface::INT );
} else {
$v = $this->input( 'post/params.' . $k, null, GetterInterface::STRING );
}
$row->params()->set( $k, $v );
}
}
$row->set( 'params', $row->params()->asJson() );
if ( $row->getError() || ( ! $row->check() ) ) {
$_CB_framework->enqueueMessage( CBTxt::T( 'GROUP_NOTIFICATIONS_FAILED_TO_SAVE', 'Notifications failed to save! Error: [error]', array( '[error]' => $row->getError() ) ), 'error' );
$this->showGroupNotifications( $id, $user );
return;
}
if ( $row->getError() || ( ! $row->store() ) ) {
$_CB_framework->enqueueMessage( CBTxt::T( 'GROUP_NOTIFICATIONS_FAILED_TO_SAVE', 'Notifications failed to save! Error: [error]', array( '[error]' => $row->getError() ) ), 'error' );
$this->showGroupNotifications( $id, $user );
return;
}
cbRedirect( $returnUrl, CBTxt::T( 'Notifications saved successfully!' ) );
}
/**
* redirects a user to a/his profile or a given task with a given tab
* @param null|int $uid
* @param null|string $message
* @param null|string $task
* @param null|string $tab
*/
function cbRedirectToProfile($uid, $message, $task = null, $tab = null)
{
global $_CB_framework;
if (!$task) {
$task = 'userprofile';
}
$redirectURL = 'index.php?option=com_comprofiler&view=' . urlencode($task);
if ($_CB_framework->myId() != $uid) {
$redirectURL .= '&user='******'&tab=' . urlencode($tab);
}
$redirectURL .= getCBprofileItemid(false, $task);
cbRedirect(cbSef($redirectURL, false), $message);
}
/**
* delete wall
*
* @param int $id
* @param UserTable $user
*/
private function deleteWall( $id, $user )
{
global $_CB_framework;
$row = CBGroupJiveWall::getPost( (int) $id );
$returnUrl = $_CB_framework->pluginClassUrl( $this->_gjPlugin->element, false, array( 'action' => 'groups', 'func' => 'show', 'id' => (int) $row->get( 'group' ) ) );
if ( $row->get( 'id' ) ) {
if ( ! CBGroupJive::canAccessGroup( $row->group(), $user ) ) {
cbRedirect( $returnUrl, CBTxt::T( 'Group does not exist.' ), 'error' );
} elseif ( ! CBGroupJive::isModerator( $user->get( 'id' ) ) ) {
if ( ( $user->get( 'id' ) != $row->get( 'user_id' ) ) && ( CBGroupJive::getGroupStatus( $user, $row->group() ) < 2 ) ) {
cbRedirect( $returnUrl, CBTxt::T( 'You do not have sufficient permissions to delete this post.' ), 'error' );
}
}
} else {
cbRedirect( $returnUrl, CBTxt::T( 'Post does not exist.' ), 'error' );
}
if ( ! $row->canDelete() ) {
cbRedirect( $returnUrl, CBTxt::T( 'GROUP_POST_FAILED_TO_DELETE', 'Post failed to delete. Error: [error]', array( '[error]' => $row->getError() ) ), 'error' );
}
if ( ! $row->delete() ) {
cbRedirect( $returnUrl, CBTxt::T( 'GROUP_POST_FAILED_TO_DELETE', 'Post failed to delete. Error: [error]', array( '[error]' => $row->getError() ) ), 'error' );
}
cbRedirect( $returnUrl, CBTxt::T( 'Post deleted successfully!' ) );
}
/**
* WARNING: UNCHECKED ACCESS! On purpose unchecked access for M2M operations
* Generates the HTML to display for a specific component-like page for the tab. WARNING: unchecked access !
* @param null $tab
* @param UserTable $user the user being displayed
* @param int $ui 1 for front-end, 2 for back-end
* @param array $postdata _POST data for saving edited tab content as generated with getEditTab
* @return mixed either string HTML for tab content, or false if ErrorMSG generated
*/
public function getCBpluginComponent($tab, &$user, $ui, &$postdata)
{
global $_CB_framework, $ueConfig, $_GET;
cbpaidErrorHandler::on();
$result = null;
$do = cbGetParam($_GET, 'do');
switch ($do) {
case null:
$return = $this->getTabComponent($tab, $user, $ui, $postdata);
cbpaidErrorHandler::keepTurnedOn();
break;
case 'display_subscriptions':
if ($user && $user->id && $_CB_framework->myId()) {
$regTitle = strip_tags(CBPTXT::T($this->params->get('regTitle', "Subscriptions")));
outputCbTemplate();
$_CB_framework->setPageTitle($regTitle);
$_CB_framework->appendPathWay($regTitle);
$pre = '<div class="cbPageOuter"><div class="cbPageInner">';
$post = '</div></div><div class="cbClr"> </div>';
$return = $pre . $this->displayUserTab($user) . $post;
} else {
if ($_CB_framework->getCfg('allowUserRegistration') == '0' && (!isset($ueConfig['reg_admin_allowcbregistration']) || $ueConfig['reg_admin_allowcbregistration'] != '1')) {
$return = _UE_NOT_AUTHORIZED . '<br />' . _UE_DO_LOGIN;
} else {
/*
$registrationUrl = cbSef( 'index.php?option=com_comprofiler&task=registers' );
$registrationLink = '<a href="' . $registrationUrl . '">' . _UE_REGISTER . '</a>';
$loginRegisterText = sprintf( CBPTXT::Th("Please login or %s"), $registrationLink );
$return = _UE_NOT_AUTHORIZED . '<br /><br />' . $loginRegisterText;
*/
$accessPlans = null;
$return = cbpaidControllerOffer::displaySpecificPlans($accessPlans, null, $user, '');
}
}
break;
case 'accessdenied':
$params = cbpaidApp::settingsParams();
$accessRedirectLink = $params->get('subscriptionNeededRedirectLink');
if ($accessRedirectLink) {
$textMessage = $params->get('subscriptionNeededText', "A membership is needed for access.");
$return = null;
cbRedirect(cbSef($accessRedirectLink, false), CBPTXT::T($textMessage), 'warning');
} else {
/** @noinspection PhpIncludeInspection */
include_once cbpaidApp::getAbsoluteFilePath('plugin/cbsubscontent/cbsubs.content_deniedview.php');
$accessDeniedView = new cbpaidContentAccessDeniedView();
$return = $accessDeniedView->display($user, $this);
}
break;
case 'displayplans':
$plansParam = cbGetParam($_GET, 'plans');
$plans = null;
$preselect = null;
if ($plansParam) {
$plansParam = explode('-', $plansParam);
foreach ($plansParam as $p) {
$pN = (int) $p;
if ($pN) {
$plans[] = $pN;
if (substr($p, -1) == 's') {
$preselect[] = $pN;
}
}
}
}
if ($user === null || $user->id == $_CB_framework->myId()) {
$introText = CBPTXT::Th($this->params->get('plansDisplayIntroText', "We suggest subscribing to following subscriptions:"));
$return = cbpaidControllerOffer::displaySpecificPlans($plans, $preselect, $user, $introText);
} else {
$return = _UE_NOT_AUTHORIZED;
}
break;
case 'massexpire':
// cron
$params = cbpaidApp::settingsParams();
$key = cbGetParam($_GET, 'key');
if ($key && $key == md5($params->get('license_number')) && $params->get('massexpirymethod', 0) >= 2) {
$limit = $params->get('massexpirynumber', 100);
// mass-expire 100 subscriptions at a time on the way if not exipring a particular user:
$plansMgr = cbpaidPlansMgr::getInstance();
$plansMgr->checkAllSubscriptions((int) $limit);
$return = null;
} else {
$return = CBPTXT::Th("Invalid mass-expiry link: link is in global CBSubs settings.");
}
break;
case 'autopayments':
// cron
$params = cbpaidApp::settingsParams();
$key = cbGetParam($_GET, 'key');
if ($key && $key == md5($params->get('license_number'))) {
$limit = $params->get('massautorenewalsnumber', 100);
// mass-autorenew 100 subscriptions at a time:
$results = cbpaidOrdersMgr::getInstance()->triggerScheduledAutoRecurringPayments((int) $limit);
$return = implode("\r\n\r\n", $results);
$massrenewalemail = trim($params->get('massrenewalemail', ''));
if ($massrenewalemail) {
cbimport('cb.notification');
$recipients = explode(',', $massrenewalemail);
if ($return) {
$body = CBPTXT::T("CBSubs has just processed auto-recurring payments as follows:") . "\r\n\r\n" . $return . "\r\n\r\n" . CBPTXT::T("This is an automated email, do not reply.") . "\r\n\r\n";
comprofilerMail('', '', $recipients, CBPTXT::T("CBSubs has processed auto-recurring payments"), $body);
}
}
if ($params->get('massrenewaloutputincron', 1) != 1) {
// silence output to Cron:
$return = null;
}
} else {
$return = CBPTXT::Th("Invalid auto-renewals link: link is in global CBSubs settings.");
}
break;
default:
$return = sprintf(CBPTXT::Th("No valid %s action chosen"), '"do"') . '.';
break;
}
cbpaidErrorHandler::off();
return $return;
}
/**
* display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present:
*
* @param UserTable $user
* @param cbpaidPaymentBasket $paymentBasket
* @param string $introText
* @param boolean $ajax TRUE if AJAX refresh inside #cbregPayMethodsChoice, FALSE: wraps in <div id="cbregPayMethodsChoice">
* @return string HTML (or DOES REDIRECT if $redirectNow = ! ( ( $nbClasses != 1 ) || $introText ) == TRUE)
*/
public function getPaymentBasketPaymentForm( &$user, &$paymentBasket, $introText, $ajax = false ) {
global $_PLUGINS;
$result = null;
$params = cbpaidApp::settingsParams();
$invoicingAddressQuery = $params->get( 'invoicing_address_query' );
$basket_requiredterms = $params->get( 'basket_requiredterms' );
$basket_requiredtermserror = $params->get( 'basket_requiredtermserror' );
$payment_method_selection_type = $params->get( 'payment_method_selection_type', 'buttons' );
$allow_select_currency = $params->get( 'allow_select_currency', '0' );
$redirectNow = null;
$payChoicesArray = $this->getPaymentMethodsParams( $user, $paymentBasket, $introText, $redirectNow );
$chosenPaymentMethod = $paymentBasket->gateway_account ? $paymentBasket->gateway_account . '-' . $paymentBasket->payment_type : ''; // cbGetParam( $_POST, 'payment_method' );
$payChoicesHtmlRadiosArray = array();
$chosenPaymentSelector = null;
$payChoicesHtmlBottomArray = $this->_renderPayChoicesArray( $payChoicesArray, $paymentBasket, $redirectNow, $chosenPaymentMethod, $payChoicesHtmlRadiosArray, $chosenPaymentSelector );
if ( $redirectNow == 'redirect' && is_string( $payChoicesHtmlBottomArray ) ) {
cbRedirect( $payChoicesHtmlBottomArray );
}
$subscriptionsGUI = new cbpaidControllerUI();
$subscriptionsGUI->addcbpaidjsplugin();
if ( ( $payment_method_selection_type == 'radios') && ( $chosenPaymentMethod != '' ) && $chosenPaymentSelector ) {
// Select button to draw:
$payChoicePayButton = $this->getPayMethodButton( $user, $paymentBasket, $paymentBasket->gateway_account, $paymentBasket->payment_type, $chosenPaymentSelector );
/** @var $chosenPaymentSelector cbpaidGatewaySelector */
$this->modifyAspectPayMethodButton( $payChoicePayButton, $chosenPaymentSelector->paymentType );
$dummy = null;
$payChoicePayButtonHtmlArray = $this->_renderPayChoicesArray( array( $payChoicePayButton ), $paymentBasket, 'buttons', $chosenPaymentMethod, $payChoicesHtmlRadiosArray, $dummy );
$payChoicesHtmlBottomArray = array_merge( $payChoicesHtmlBottomArray, $payChoicePayButtonHtmlArray );
}
if ( true ) {
// always add cancel link
cbpaidApp::import( 'processors.cancelpay.cancelpay' );
$cancelmethod = new cbpaidGatewayAccountcancelpay();
$payClass = $cancelmethod->getPayMean();
$payChoicesHtmlBottomArray[] = $payClass->getPaymentBasketProcess( $user, $paymentBasket, 'buttons' ); // never redirectNow a cancel link :D !
}
$basketHtml = $paymentBasket->displayBasket();
if ( $allow_select_currency == 2 ) {
$currencySelector = $this->displayCurrencySelector( $paymentBasket );
} else {
$currencySelector = null;
}
$txtConclusion = $params->get('conclusion_text');
$txtFinal = $params->get('final_text');
$txtTerms = null;
if ( $basket_requiredterms == 1 ) {
global $_CB_database, $_CB_framework;
$query = 'SELECT ' . $_CB_database->NameQuote( 'params' )
. "\n FROM " . $_CB_database->NameQuote( '#__comprofiler_fields' )
. "\n WHERE " . $_CB_database->NameQuote( 'name' ) . " = " . $_CB_database->Quote( 'acceptedterms' );
$_CB_database->setQuery( $query );
$tcParams = new Registry( $_CB_database->loadResult() );
$termsOutput = $tcParams->get( 'terms_output', 'url' );
$termsDisplay = $tcParams->get( 'terms_display', 'modal' );
$termsURL = $tcParams->get( 'terms_url', null );
$termsText = $tcParams->get( 'terms_text', null );
$termsWidth = (int) $tcParams->get( 'terms_width', 400 );
$termsHeight = (int) $tcParams->get( 'terms_height', 200 );
if ( ! $termsHeight ) {
$termsHeight = 200;
}
if ( ( ( $termsOutput == 'url' ) && $termsURL ) || ( ( $termsOutput == 'text' ) && $termsText ) ) {
if ( $termsDisplay == 'iframe' ) {
if ( $termsOutput == 'url' ) {
$txtTerms .= '<iframe class="cbTermsFrameURL" height="' . $termsHeight . '" width="' . ( $termsWidth ? $termsWidth : '100%' ) . '" src="' . htmlspecialchars( $termsURL ) . '"></iframe>';
} else {
$txtTerms .= '<div class="cbTermsFrameText" style="height:' . $termsHeight . 'px;width:' . ( $termsWidth ? $termsWidth . 'px' : '100%' ) . ';overflow:auto;">' . CBPTXT::T( $termsText ) . '</div>';
}
}
if ( $termsDisplay != 'iframe' ) {
$attributes = ' class="cbTermsLink"';
if ( ( $termsOutput == 'text' ) && ( $termsDisplay == 'window' ) ) {
$termsDisplay = 'modal';
}
if ( $termsDisplay == 'modal' ) {
if ( ! $termsWidth ) {
$termsWidth = 400;
}
if ( $termsOutput == 'url' ) {
$tooltip = '<iframe class="cbTermsModalURL" height="' . $termsHeight . '" width="' . $termsWidth . '" src="' . htmlspecialchars( $termsURL ) . '"></iframe>';
} else {
$tooltip = '<div class="cbTermsModalText" style="height:' . $termsHeight . 'px;width:' . $termsWidth . 'px;overflow:auto;">' . CBPTXT::T( $termsText ) . '</div>';
}
$url = 'javascript:void(0);';
$attributes .= ' ' . cbTooltip( $_CB_framework->getUi(), $tooltip, CBPTXT::T( 'Terms and Conditions' ), 'auto', null, null, null, 'data-cbtooltip="true" data-modal="true"' );
} else {
$url = htmlspecialchars( $termsURL );
$attributes .= ' target="_blank"';
}
$txtTerms .= CBPTXT::P( 'I have read and approve the <a href="[url]"[attributes]>Terms and Conditions</a>', array( '[url]' => $url, '[attributes]' => $attributes ) );
} else {
$txtTerms .= CBPTXT::T( 'I have read and approve the above Terms and Conditions.' );
}
}
} elseif ( $basket_requiredterms == 2 ) {
$txtTerms = $params->get( 'basket_termsandconditions' );
}
if ($introText) {
$result .= '<div class="cbregIntro">' . CBPTXT::Th( $introText ) . "</div>\n";
}
$result .= $basketHtml;
if ( $allow_select_currency == 2 ) {
$result .= $currencySelector;
}
if ( $invoicingAddressQuery > 0 ) {
$errorMsg = $paymentBasket->checkAddressComplete();
if ( $errorMsg && ( $invoicingAddressQuery == 2 ) ) {
$result = '';
$introAddrNeeded = $params->get('invoicing_address_required_into_text');
if ($introAddrNeeded) {
$result .= '<div class="cbregIntro">' . CBPTXT::Th( $introAddrNeeded ) . "</div>\n";
}
$result .= $paymentBasket->renderInvoicingAddressForm( $user ); // $xmlController->handleAction( 'action', 'editinvoiceaddress' );
return $result;
} else {
if ( $errorMsg ) {
cbpaidApp::getBaseClass()->_setErrorMSG( $errorMsg );
}
$result .= '<div class="cbregInvoicingAddress">'
. $paymentBasket->renderInvoicingAddressFieldset()
. '</div>';
}
// display current invoicing address with a link to change/edit it with a back link to the payment basket id
// if the address is not mandatory.
// If it is mandatory, check that it is complete (and later also screened),
// if not display instead of this the invoicing address edit page !
}
$integrationsResults = $_PLUGINS->trigger( 'onCbSubsAfterPaymentBasket', array( $paymentBasket, &$result, &$txtTerms ) );
foreach ( $integrationsResults as $intRes ) {
if ( is_string( $intRes ) ) {
$result .= $intRes;
}
}
if ( $txtConclusion ) {
$result .= '<div class="cbregConcl">' . CBPTXT::Th( $txtConclusion ) . "</div>\n";
}
if ( count( $payChoicesHtmlRadiosArray ) > 0 ) {
$radios_intro_html = CBPTXT::Th( $params->get( 'radios_intro_html' ) );
$radios_conclusion_html = CBPTXT::Th( $params->get( ( $chosenPaymentMethod != null ) ? 'radios_selected_conclusion_html' : 'radios_unselected_conclusion_html' ) );
$htmlList = '<ul class="cbregPaymentMethodChoiceList">' . "\n";
foreach ( $payChoicesHtmlRadiosArray as $selHtmlArr ) {
if ( $selHtmlArr[0] ) {
$htmlList .= '<li class="cbregCCradioLi cbregCCradioSelected">';
} else {
$htmlList .= '<li class="cbregCCradioLi">'; //LATER: class="cbpaidCCradio cbpaidRadio_<?php echo htmlspecialchars( $this->payNameForCssClass ); " id="<?php echo htmlspecialchars( $this->butId );
}
$htmlList .= '<div class="cbregCCradioLiBg"></div>' // This allows to use the CSS trick for highlighting as explained here: http://www.commentcamarche.net/forum/affich-3898635-transparance-du-fond-uniquement
. $selHtmlArr[1]
. "</li>\n";
}
$htmlList .= "</ul>\n";
$methodsHTML = '<div class="cbregPaymentMethodChoice ' . ( ( $chosenPaymentMethod != null ) ? 'cbregPMselected' : 'cbregPMunselected' ) . '">'
. ( $radios_intro_html ? '<h2 class="contentheading cbregPaymenMethodChoiceIntro">' . $radios_intro_html . '</h2>' : '' )
. $htmlList
. '<span class="cb_button_wrapper">'
. '<button type="submit" id="cbregSelectPayment">' . CBPTXT::Th("Change Payment Method") . '</button>'
. '</span>'
. ( $radios_conclusion_html ? '<div class="cbregPaymenMethodChoiceConclusion">' . $radios_conclusion_html . '</div>' : '' )
. "</div>\n"
;
$getParams = $paymentBasket->getSetBasketPaymentMethodUrl( $user );
$ajaxGetParams = cbUnHtmlspecialchars( $paymentBasket->getSetBasketPaymentMethodUrl( $user, 'raw' ) );
$formHiddens = array( cbpaidApp::getBaseClass()->_getPagingParamName('act') => 'setbsktpmtmeth',
'ajaxurl' => bin2hex( $ajaxGetParams ) );
$result .= '<div class="cbregPaymentMethodsSelect">' . $subscriptionsGUI->drawForm( $methodsHTML, null, $formHiddens, $getParams ) . "</div>\n";
$termsCanBeDisplayed = ( $payment_method_selection_type != 'radios' ) || ( $chosenPaymentMethod != null );
} else {
$termsCanBeDisplayed = true;
}
if ( $txtTerms ) {
if ( $termsCanBeDisplayed ) {
$accepted = ( cbGetParam( $_POST, 'terms_accepted', 0 ) == 1 );
$settings = '<div class="cbregTermsAccept"><input type="checkbox" class="required" name="terms_accepted" id="terms_accepted" value="1"'
. ( $accepted ? ' checked="checked" disabled="disabled" ' : '' )
. '/> '
. '<label for="terms_accepted">'
. $txtTerms
. '</label></div>'
;
if ( ! $accepted ) {
$settings .= '<span class="cb_button_wrapper">'
. '<button type="submit" id="cbTermsAccept" title="' . htmlspecialchars( CBPTXT::T( $basket_requiredtermserror ) ) . '">' . CBPTXT::Th("Accept Terms") . '</button>'
. '</span>'
;
}
$getParams = $accepted ? '#' : $paymentBasket->getShowBasketUrl( false );
$formHiddens = $accepted ? array( 'terms_accepted' => 1 ) : array();
$result .= '<div class="cbregTerms">' . $subscriptionsGUI->drawForm( $settings, null, $formHiddens, $getParams ) . "</div>\n";
} else {
$accepted = false;
}
} else {
$accepted = true;
}
$result .= '<div class="cbpayChoices cbclearboth"'
. ( $termsCanBeDisplayed && $txtTerms && ! $accepted ? ' style="display:none;"' : '' )
. ">\n "
. implode ( "\n ", $payChoicesHtmlBottomArray )
. "\n</div>\n";
if ( $txtFinal ) {
$result .= '<div class="cbregFinalText">' . CBPTXT::Th( $txtFinal ) . "</div>\n";
}
$result = '<div class="cbpayBasketView">' . $result . '</div>';
if ( ! $ajax ) {
$result = '<div id="cbpayOrderContainer">' // Needed for Javascript delegated binding
. $result
. '</div>';
}
return $result;
}
function processConnectionActions($connectionids) {
global $_CB_framework, $ueConfig, $_POST;
// simple spoof check security
cbSpoofCheck( 'manageConnections' );
if(!$ueConfig['allowConnections']) {
echo _UE_FUNCTIONALITY_DISABLED;
return;
}
if ( ! ( $_CB_framework->myId() > 0 ) ) {
cbNotAuth();
return;
}
$cbCon = new cbConnection( $_CB_framework->myId() );
if (is_array($connectionids)) {
foreach($connectionids AS $cid) {
$action = cbGetParam( $_POST, $cid . 'action' );
if ( $action== 'd' ) {
$cbCon->denyConnection( $_CB_framework->myId(), $cid );
} elseif ( $action == 'a' ) {
$cbCon->acceptConnection( $_CB_framework->myId(), $cid );
}
}
}
$error = $cbCon->getErrorMSG();
if ( $error ) {
cbRedirect( cbSef( 'index.php?option=com_comprofiler&task=manageConnections' . getCBprofileItemid(), false ), $error, 'error' );
} else {
cbRedirect( cbSef( 'index.php?option=com_comprofiler&task=manageConnections' . getCBprofileItemid(), false ),
( is_array($connectionids) ) ? _UE_CONNECTIONACTIONSSUCCESSFULL : null );
}
return;
}
/**
* Performs a table action on a click in table
*
* @return void
* @throws \Exception
*/
protected function _performTableActions()
{
global $_CB_framework;
if (!isset($_REQUEST[$this->name])) {
return;
}
$subtask = cbGetParam($_REQUEST[$this->name], 'subtask', '');
if (!$subtask) {
return;
}
$task_parsed = explode('/', $subtask);
$cid = cbGetParam($_REQUEST[$this->name], 'idcid', array());
if (!is_array($cid)) {
$ocid = $cid;
$cid = array();
$cid[] = $ocid;
}
switch ($task_parsed[0]) {
case 'orderup':
case 'orderdown':
case 'saveorder':
if ($this->listFieldsRows) {
if (isset($task_parsed[1])) {
$field = $task_parsed[1];
$fieldNode = $this->listFieldsRows->getChildByNameAttr('field', 'name', $field);
if (!$fieldNode) {
$fieldNode = $this->listFieldsRows->getChildByNameAttr('param', 'name', $field);
}
} else {
$field = null;
$fieldNode = false;
}
if (!$fieldNode || $fieldNode->attributes('type') !== 'ordering' || !Access::authorised($fieldNode)) {
$_CB_framework->enqueueMessage(CBTxt::T('This field can not ordered'), 'error');
return;
}
$dataModelClass = $this->class;
if ($task_parsed[0] != 'saveorder') {
$dataModelValue = $cid[0];
} else {
$dataModelValue = null;
}
$row = $this->createLoadClass($dataModelClass, $dataModelValue);
if (!$row) {
$_CB_framework->enqueueMessage(CBTxt::T('No row data found'), 'error');
return;
}
if ($task_parsed[0] == 'saveorder') {
$order = cbGetParam($_REQUEST[$this->name], $field, array(0));
}
$where = '';
$orderinggroups = $fieldNode->getElementByPath('orderinggroups');
/** @var $orderinggroups SimpleXMLElement|null */
if ($orderinggroups) {
foreach ($orderinggroups->children() as $group) {
/** @var $group SimpleXMLElement */
$orderingFieldName = $group->attributes('name');
if ($group->getName() == 'ordering' && $orderingFieldName && array_key_exists($orderingFieldName, get_object_vars($row))) {
if ($task_parsed[0] != 'saveorder') {
$where .= $this->_db->NameQuote($orderingFieldName) . ' = ' . XmlTypeCleanQuote::sqlCleanQuote($row->{$orderingFieldName}, $group->attributes('type'), $this->_pluginParams, $this->_db) . ' AND ';
} else {
$where .= $orderingFieldName . "='\$row->" . $orderingFieldName . "' AND ";
}
}
}
}
if ($task_parsed[0] != 'saveorder') {
$inc = $task_parsed[0] == 'orderup' ? -1 : 1;
/** @var OrderedTable $row */
$row->move($inc, $where . $field . " > -10000 AND " . $field . " < 10000 ", $field);
} else {
$this->saveOrder($cid, $row, $order, "\$condition = \"" . $where . $field . " > -10000 AND " . $field . " < 10000 \";", $field);
}
$_CB_framework->enqueueMessage(CBTxt::T('ROW_COUNT_ORDER_SUCCESS', 'Row ordered successfully!|%%COUNT%% rows ordered successfully!', array('%%COUNT%%' => count($cid))));
}
break;
case 'publish':
case 'unpublish':
case 'enable':
case 'disable':
case 'setfield':
case 'doaction':
if ($this->listFieldsRows) {
$field = null;
switch ($task_parsed[0]) {
case 'publish':
case 'unpublish':
$value = $task_parsed[0] == 'publish' ? 1 : 0;
$field = 'published';
break;
case 'enable':
case 'disable':
$value = $task_parsed[0] == 'enable' ? 1 : 0;
$field = 'enabled';
break;
case 'setfield':
$value = $task_parsed[2];
break;
case 'doaction':
$value = null;
break;
default:
throw new \Exception(__FUNCTION__ . ': Impossible value');
}
if (isset($task_parsed[1])) {
$field = $task_parsed[1];
}
/** @var SimpleXMLElement $fieldNode */
$fieldNode = $this->listFieldsRows->xpath('(//field[@name="' . $field . '"][@onclick="toggle"])[last()]');
if (!$fieldNode) {
$fieldNode = $this->listFieldsRows->xpath('(//param[@name="' . $field . '"][@onclick="toggle"])[last()]');
}
if (!$fieldNode) {
// We're not a field toggle so lets check if we're a menu item for permission/usage checks:
$fieldNode = $this->toolbarmenu->xpath('(//menu[@name="' . $field . '"])[last()]');
}
if (!$fieldNode || !Access::authorised($fieldNode[0])) {
$_CB_framework->enqueueMessage(CBTxt::T('THIS_FIELD_CAN_NOT_TOGGLE_TASK', 'This field can not toggle: [task]', array('[task]' => $task_parsed[0])), 'error');
return;
}
$fieldNode = $fieldNode[0];
$taskName = CBTxt::T($fieldNode->attributes('label'));
if ($task_parsed[0] == 'setfield') {
// Check field value if allowed:
$this->registryEditVew->resolveXmlParamType($fieldNode);
if ($fieldNode->getChildByNameAttributes('option')) {
$valueNode = $fieldNode->getAnyChildByNameAttr('option', 'index', $value);
if (!$valueNode) {
$valueNode = $fieldNode->getAnyChildByNameAttr('option', 'value', $value);
}
if ($valueNode) {
$valueLabel = CBTxt::T($valueNode->data());
if ($valueLabel) {
$taskName = $valueLabel;
}
} else {
$_CB_framework->enqueueMessage(CBTxt::T('This field can not be set to that value'), 'error');
return;
}
}
}
if (!$taskName) {
$taskName = $task_parsed[0];
}
if (count($cid) < 1) {
$_CB_framework->enqueueMessage(CBTxt::T('SELECT_A_ROW_TO_TASK', 'Select a row to [task]', array('[task]' => strtolower($taskName))), 'error');
return;
}
$dataModelClass = $this->class;
foreach ($cid as $c) {
$dataModelValue = $c;
$row = $this->createLoadClass($dataModelClass, $dataModelValue);
if (!$row) {
$_CB_framework->enqueueMessage(CBTxt::T('No row data found'), 'error');
return;
}
if ($task_parsed[0] == 'doaction') {
$this->registryEditVew->pushModelOfData($row);
$toggle = $this->registryEditVew->_form_private($field, $value, $fieldNode, null);
$this->registryEditVew->popModelOfData();
if (!$toggle) {
$_CB_framework->enqueueMessage(CBTxt::T('CANNOT_TASK_ROW_ID_ID_BECAUSE_ERROR', 'Cannot [task] row id [id] because: [error]', array('[id]' => $dataModelValue, '[task]' => strtolower($taskName), '[error]' => $row->getError())), 'error');
return;
}
} elseif ($row->{$field} != $value) {
if (is_callable(array($row, 'historySetMessage'))) {
$row->historySetMessage(ucfirst($task_parsed[0]) . ' ' . $field . ' from administration backend');
}
if ($fieldNode->attributes('class') && $fieldNode->attributes('method')) {
$this->registryEditVew->pushModelOfData($row);
$toggle = $this->registryEditVew->_form_private($field, $value, $fieldNode, null);
$this->registryEditVew->popModelOfData();
if (!$toggle) {
$_CB_framework->enqueueMessage(CBTxt::T('CANNOT_TASK_ROW_ID_ID_BECAUSE_ERROR', 'Cannot [task] row id [id] because: [error]', array('[id]' => $dataModelValue, '[task]' => strtolower($taskName), '[error]' => $row->getError())), 'error');
return;
}
} elseif ($row->hasFeature('checkout')) {
/** @var CheckedOrderedTable $row */
if (!$row->isCheckedOut($_CB_framework->myId())) {
$row->{$field} = $value;
if ($row->check()) {
if (!$row->store()) {
$_CB_framework->enqueueMessage(CBTxt::T('CANNOT_TASK_ROW_ID_ID_BECAUSE_ERROR', 'Cannot [task] row id [id] because: [error]', array('[id]' => $dataModelValue, '[task]' => strtolower($taskName), '[error]' => $row->getError())), 'error');
return;
}
} else {
$_CB_framework->enqueueMessage(CBTxt::T('CANNOT_TASK_ROW_ID_ID_BECAUSE_ERROR', 'Cannot [task] row id [id] because: [error]', array('[id]' => $dataModelValue, '[task]' => strtolower($taskName), '[error]' => $row->getError())), 'error');
return;
}
$row->checkin();
}
} else {
$row->{$field} = $value;
if ($row->check()) {
if (!$row->store()) {
$_CB_framework->enqueueMessage(CBTxt::T('CANNOT_TASK_ROW_ID_ID_BECAUSE_ERROR', 'Cannot [task] row id [id] because: [error]', array('[id]' => $dataModelValue, '[task]' => strtolower($taskName), '[error]' => $row->getError())), 'error');
return;
}
} else {
$_CB_framework->enqueueMessage(CBTxt::T('CANNOT_TASK_ROW_ID_ID_BECAUSE_ERROR', 'Cannot [task] row id [id] because: [error]', array('[id]' => $dataModelValue, '[task]' => strtolower($taskName), '[error]' => $row->getError())), 'error');
return;
}
}
}
}
$_CB_framework->enqueueMessage(CBTxt::T('ROW_COUNT_TASK_SUCCESS', '{1} Row [task] successfully!|%%COUNT%% rows [task] successfully!', array('%%COUNT%%' => count($cid), '[task]' => strtolower($taskName))));
}
break;
case 'editrows':
if ($this->listFieldsRows) {
if (count($cid) != 1) {
$_CB_framework->enqueueMessage(CBTxt::T('SELECT_A_ROW_TO_TASK', 'Select a row to [task]', array('[task]' => 'edit')), 'error');
return;
}
if (isset($task_parsed[1])) {
$field = $task_parsed[1];
} else {
$field = 'tid';
}
if ($this->_options['view'] == 'editPlugin') {
$task = $this->_options['view'];
} else {
$task = 'editrow';
}
$baseUrl = 'index.php?option=' . $this->_options['option'] . '&view=' . $task;
if (isset($this->_options['pluginid'])) {
$baseUrl .= '&cid=' . $this->_options['pluginid'];
}
$url = $baseUrl . '&table=' . $this->_tableBrowserModel->attributes('name') . '&action=editrow&' . urlencode($field) . '=' . urlencode($cid[0]);
cbRedirect($url);
}
break;
case 'deleterows':
if ($this->listFieldsRows) {
if (count($cid) < 1) {
$_CB_framework->enqueueMessage(CBTxt::T('SELECT_A_ROW_TO_TASK', 'Select a row to [task]', array('[task]' => 'delete')), 'error');
return;
}
$dataModelClass = $this->class;
foreach ($cid as $id) {
$dataModelValue = $id;
$row = $this->createLoadClass($dataModelClass, $dataModelValue);
if (!$row) {
$_CB_framework->enqueueMessage(CBTxt::T('No row data found'), 'error');
return;
}
if ($row->canDelete($dataModelValue)) {
if (!$row->delete($dataModelValue)) {
$_CB_framework->enqueueMessage(CBTxt::T('CANNOT_DELETE_ROW_ID_BECAUSE_ERROR', 'Cannot delete row id [id] because: [error]', array('[id]' => $dataModelValue, '[error]' => $row->getError())), 'error');
return;
}
} else {
$_CB_framework->enqueueMessage(CBTxt::T('CANNOT_DELETE_ROW_ID_BECAUSE_ERROR', 'Cannot delete row id [id] because: [error]', array('[id]' => $dataModelValue, '[error]' => $row->getError())), 'error');
return;
}
}
$_CB_framework->enqueueMessage(CBTxt::T('ROW_COUNT_DELETED_SUCCESS', 'Row deleted successfully!|%%COUNT%% rows deleted successfully!', array('%%COUNT%%' => count($cid))));
}
break;
case 'batchrows':
if ($this->listFieldsRows) {
if (count($cid) < 1) {
$_CB_framework->enqueueMessage(CBTxt::T('SELECT_A_ROW_TO_TASK', 'Select a row to [task]', array('[task]' => 'batch')), 'error');
return;
}
$postData = array();
foreach ($this->_batchPossibilitesArray as $key => $value) {
// <batchprocess><batch>
if (!$this->isValueEmpty($value['internalvalue'])) {
$field = $value['valuefield'];
$postData[$field] = $value['internalvalue'];
}
// Reset back to null as we don't want the values reselected on display:
$this->_batchPossibilitesArray[$key]['value'] = null;
$this->_batchPossibilitesArray[$key]['internalvalue'] = $value['value'];
}
if (count($postData) < 1) {
$_CB_framework->enqueueMessage(CBTxt::T('Nothing to process'), 'error');
return;
}
$dataModelClass = $this->class;
foreach ($cid as $id) {
$dataModelValue = $id;
/** @var $row TableInterface */
$row = $this->createLoadClass($dataModelClass, $dataModelValue);
if (!$row) {
$_CB_framework->enqueueMessage(CBTxt::T('No row data found'), 'error');
return;
}
$rowPost = array();
foreach ($postData as $key => $value) {
if (property_exists($row, $key)) {
$rowPost[$key] = is_array($value) ? json_encode($value) : $value;
}
}
if (count($rowPost) < 1) {
$_CB_framework->enqueueMessage(CBTxt::T('Nothing to process'), 'error');
return;
}
if (!$row->bind($rowPost)) {
$_CB_framework->enqueueMessage(CBTxt::T('CANNOT_BATCH_PROCESS_ROW_ID_ID_BECAUSE_ERROR', 'Cannot batch process row id [id] because: [error]', array('[id]' => $dataModelValue, '[error]' => $row->getError())), 'error');
return;
}
if (!$row->check()) {
$_CB_framework->enqueueMessage(CBTxt::T('CANNOT_BATCH_PROCESS_ROW_ID_ID_BECAUSE_ERROR', 'Cannot batch process row id [id] because: [error]', array('[id]' => $dataModelValue, '[error]' => $row->getError())), 'error');
return;
}
if (!$row->store()) {
$_CB_framework->enqueueMessage(CBTxt::T('CANNOT_BATCH_PROCESS_ROW_ID_ID_BECAUSE_ERROR', 'Cannot batch process row id [id] because: [error]', array('[id]' => $dataModelValue, '[error]' => $row->getError())), 'error');
return;
}
}
$_CB_framework->enqueueMessage(CBTxt::T('ROW_COUNT_SAVED_SUCCESS', 'Row saved successfully!|%%COUNT%% rows saved successfully!', array('%%COUNT%%' => count($cid))));
}
break;
case 'copyrows':
if ($this->listFieldsRows) {
if (count($cid) < 1) {
$_CB_framework->enqueueMessage(CBTxt::T('SELECT_A_ROW_TO_TASK', 'Select a row to [task]', array('[task]' => 'copy')), 'error');
return;
}
$dataModelClass = $this->class;
foreach ($cid as $id) {
$dataModelValue = $id;
/** @var $row TableInterface */
$row = $this->createLoadClass($dataModelClass, $dataModelValue);
if (!$row) {
$_CB_framework->enqueueMessage(CBTxt::T('No row data found'), 'error');
return;
}
if ($row->canCopy()) {
if (!$row->copy()) {
$_CB_framework->enqueueMessage(CBTxt::T('CANNOT_COPY_ROW_ID_ID_BECAUSE_ERROR', 'Cannot copy row id [id] because: [error]', array('[id]' => $dataModelValue, '[error]' => $row->getError())), 'error');
return;
}
} else {
$_CB_framework->enqueueMessage(CBTxt::T('CANNOT_COPY_ROW_ID_ID_BECAUSE_ERROR', 'Cannot copy row id [id] because: [error]', array('[id]' => $dataModelValue, '[error]' => $row->getError())), 'error');
return;
}
}
$_CB_framework->enqueueMessage(CBTxt::T('ROW_COUNT_COPIED_SUCCESS', 'Row copied successfully!|%%COUNT%% rows copied successfully!', array('%%COUNT%%' => count($cid))));
}
break;
case 'action':
if ($this->listFieldsRows) {
if (count($cid) != 1) {
$_CB_framework->enqueueMessage(CBTxt::T('SELECT_A_ROW_TO_TASK', 'Select a row to [task]', array('[task]' => isset($task_parsed[1]) ? $task_parsed[1] : 'action')), 'error');
return;
}
if (isset($task_parsed[1])) {
if (isset($task_parsed[2])) {
$field = $task_parsed[2];
} else {
$field = 'tid';
}
$baseUrl = 'index.php?option=' . $this->_options['option'] . '&view=' . $this->_options['view'];
if (isset($this->_options['pluginid'])) {
$baseUrl .= '&cid=' . $this->_options['pluginid'];
}
$url = $baseUrl . '&table=' . $this->_tableBrowserModel->attributes('name') . '&action=' . urlencode($task_parsed[1]) . '&' . urlencode($field) . '=' . urlencode($cid[0]);
cbRedirect($url);
}
}
break;
default:
break;
}
//TBD cbRedirect( $_CB_framework->backendUrl( 'index.php?option=com_comprofiler&task=showPlugins', $msg ) );
}
/**
* @param int $userId
* @param UserTable $user
* @return mixed
*/
public function deleteUser( $userId, $user )
{
global $_CB_framework, $_PLUGINS;
if ( ! $userId ) {
$userId = $user->get( 'id' );
}
$profileUrl = $_CB_framework->userProfileUrl( $userId, false );
if ( ! $userId ) {
$profileUrl = 'index.php';
}
if ( $this->getDeleteField( $userId, $user ) ) {
$cbUser = CBuser::getInstance( $userId, false );
$deleteUser = $cbUser->getUserData();
$_PLUGINS->trigger( 'privacy_onBeforeAccountDelete', array( &$deleteUser, $user ) );
if ( $deleteUser->delete( $userId ) ) {
$closed = new cbprivacyClosedTable();
$closed->set( 'user_id', (int) $deleteUser->get( 'id' ) );
$closed->set( 'username', $deleteUser->get( 'username' ) );
$closed->set( 'name', $deleteUser->get( 'name' ) );
$closed->set( 'email', $deleteUser->get( 'email' ) );
$closed->set( 'type', 'delete' );
$closed->set( 'date', $_CB_framework->getUTCDate() );
$closed->set( 'reason', $this->input( 'reason', null, GetterInterface::STRING ) );
$closed->store();
$notification = new cbNotification();
$extra = array( 'ip_address' => cbGetIPlist(),
'reason' => $closed->get( 'reason' ),
'date' => $closed->get( 'date' )
);
$subject = $cbUser->replaceUserVars( CBTxt::T( 'User Account Deleted' ), true, false, $extra, false );
$body = $cbUser->replaceUserVars( CBTxt::T( 'Name: [name]<br />Username: [username]<br />Email: [email]<br />IP Address: [ip_address]<br />Date: [date]<br /><br />[reason]<br /><br />' ), false, false, $extra, false );
if ( $subject && $body ) {
$notification->sendToModerators( $subject, $body, false, 1 );
}
$subject = CBTxt::T( 'Your Account has been Deleted' );
$body = CBTxt::T( 'This is a notice that your account [username] on [siteurl] has been deleted.' );
if ( $subject && $body ) {
$notification->sendFromSystem( $deleteUser, $subject, $body, true, 1, null, null, null, $extra );
}
$_PLUGINS->trigger( 'privacy_onAfterAccountDelete', array( $deleteUser, $user ) );
cbRedirect( 'index.php', CBTxt::T( 'Account deleted successfully!' ) );
} else {
cbRedirect( $profileUrl, CBTxt::T( 'ACCOUNT_FAILED_TO_DELETE', 'Account failed to delete! Error: [error]', array( '[error]' => $deleteUser->getError() ) ), 'error' );
}
}
cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' );
}
function saveField($option, $task)
{
global $_CB_database, $_CB_framework, $_POST, $_PLUGINS;
if ($task == 'showField' || !(isset($_POST['oldtabid']) && isset($_POST['fieldid']))) {
cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task={$task}"));
return;
}
$this->_importNeeded();
$this->_importNeededSave();
$fieldOldTab = new moscomprofilerTabs($_CB_database);
if (isset($_POST['oldtabid']) && $_POST['oldtabid']) {
$fieldOldTab->load((int) $_POST['oldtabid']);
// Check if user is a super user:
if (!$_CB_framework->acl->amIaSuperAdmin()) {
// Check if user belongs to useraccessgroupid:
if (!in_array($fieldOldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
// Check if user belongs to viewaccesslevel:
if (!in_array($fieldOldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
}
}
$fid = (int) $_POST['fieldid'];
$row = new moscomprofilerFields($_CB_database);
if ($fid) {
// load the row from the db table
if (!$row->load((int) $fid)) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Innexistant field')) . "'); window.history.go(-1);</script>\n";
exit;
}
$fieldTab = new moscomprofilerTabs($_CB_database);
// load the row from the db table
$fieldTab->load((int) $row->tabid);
// Check if user is a super user:
if (!$_CB_framework->acl->amIaSuperAdmin()) {
// Check if user belongs to useraccessgroupid:
if (!in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
// Check if user belongs to viewaccesslevel:
if (!in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
}
}
$oldrow = new moscomprofilerFields($_CB_database);
foreach (array_keys(get_object_vars($row)) as $k) {
if (substr($k, 0, 1) != '_') {
$oldrow->{$k} = $row->{$k};
}
}
$_PLUGINS->loadPluginGroup('user');
if (!$this->_prov_bind_CB_field($row, $fid)) {
echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
// Set defaults if nothing is found
// Also check if oldrow value to use its current value or default otherwise
// This prevents a tab from storing to database with null values when some inputs are set disabled:
if ($row->tabid == '') {
$row->tabid = $oldrow->tabid != '' ? $oldrow->tabid : 11;
}
if ($row->profile == '') {
$row->profile = $oldrow->profile != '' ? $oldrow->profile : 1;
}
if ($row->registration == '') {
$row->registration = $oldrow->registration != '' ? $oldrow->registration : 1;
}
if ($row->published == '') {
$row->published = $oldrow->published != '' ? $oldrow->published : 1;
}
if ($row->required == '') {
$row->required = $oldrow->required != '' ? $oldrow->required : 0;
}
if ($row->readonly == '') {
$row->readonly = $oldrow->readonly != '' ? $oldrow->readonly : 0;
}
if ($row->tablecolumns != '' && !in_array($row->type, array('password', 'userparams'))) {
$searchable_default = 1;
} else {
$searchable_default = 0;
}
if ($row->searchable == '') {
$row->searchable = $oldrow->searchable != '' ? $oldrow->searchable : $searchable_default;
}
// If the input is disabled we need to apply the default if the tabid isn't in POST:
if (!isset($_POST['tabid'])) {
$_POST['tabid'] = $row->tabid;
}
// Moved above check here just encase it ends up being empty:
if ($task == 'showField' || !isset($_POST['tabid'])) {
cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task={$task}"));
return;
}
// in case the above changed perms.... really ?
$fieldTab = new moscomprofilerTabs($_CB_database);
$fieldTab->load((int) $row->tabid);
// Check if user is a super user:
if (!$_CB_framework->acl->amIaSuperAdmin()) {
// Check if user belongs to useraccessgroupid:
if (!in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
// Check if user belongs to viewaccesslevel:
if (!in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
}
if ($row->type == 'webaddress') {
$row->rows = $_POST['webaddresstypes'];
if (!($row->rows == 0 || $row->rows == 2)) {
$row->rows = 0;
}
}
if ($_POST['oldtabid'] != $_POST['tabid']) {
if ($_POST['oldtabid'] !== '') {
//Re-order old tab
$sql = "UPDATE #__comprofiler_fields SET ordering = ordering-1 WHERE ordering > " . (int) $_POST['ordering'] . " AND tabid = " . (int) $_POST['oldtabid'];
$_CB_database->setQuery($sql);
$_CB_database->query();
}
//Select Last Order in New Tab
$sql = "SELECT MAX(ordering) FROM #__comprofiler_fields WHERE tabid=" . (int) $_POST['tabid'];
$_CB_database->SetQuery($sql);
$max = $_CB_database->LoadResult();
$row->ordering = max($max + 1, 1);
}
if (cbStartOfStringMatch($row->name, 'cb_')) {
$row->name = str_replace(" ", "", strtolower($row->name));
}
if (!$row->check()) {
echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
exit;
}
// Check if user is a super user:
if (!$_CB_framework->acl->amIaSuperAdmin()) {
$canEditState = CBuser::getMyInstance()->authoriseAction('core.edit.state');
// Check if user belongs to useraccessgroupid
if ($fieldTab->useraccessgroupid != '' && !in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
// Check if user belongs to viewaccesslevel
if ($fieldTab->viewaccesslevel != '' && !in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
// Check if user can edit status (and if not, that status are as expected):
if (!$canEditState) {
$failed = false;
// Check if row exists and if tabid is different from existing row
// Check if row doesn't exist and if tabid is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->tabid != '' && $oldrow->tabid != $row->tabid) || !$oldrow->fieldid && ($row->tabid != '' && $row->tabid != 11)) {
$failed = true;
}
// Check if row exists and if profile is different from existing row
// Check if row doesn't exist and if profile is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->profile != '' && $oldrow->profile != $row->profile) || !$oldrow->fieldid && ($row->profile != '' && $row->profile != 1)) {
$failed = true;
}
// Check if row exists and if registration is different from existing row
// Check if row doesn't exist and if registration is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->registration != '' && $oldrow->registration != $row->registration) || !$oldrow->fieldid && ($row->registration != '' && $row->registration != 1)) {
$failed = true;
}
// Check if row exists and if published is different from existing row
// Check if row doesn't exist and if published is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->published != '' && $oldrow->published != $row->published) || !$oldrow->fieldid && ($row->published != '' && $row->published != 1)) {
$failed = true;
}
// Check if row exists and if required is different from existing row
// Check if row doesn't exist and if required is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->required != '' && $oldrow->required != $row->required) || !$oldrow->fieldid && ($row->required != '' && $row->required != 0)) {
$failed = true;
}
// Check if row exists and if readonly is different from existing row
// Check if row doesn't exist and if readonly is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->readonly != '' && $oldrow->readonly != $row->readonly) || !$oldrow->fieldid && ($row->readonly != '' && $row->readonly != 0)) {
$failed = true;
}
// Check if row exists and if searchable is different from existing row
// Check if row doesn't exist and if searchable is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->searchable != '' && $oldrow->searchable != $row->searchable) || !$oldrow->fieldid && ($row->searchable != '' && $row->searchable != $searchable_default)) {
$failed = true;
}
if ($failed) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
}
}
if (!$row->store((int) $fid)) {
echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
exit;
}
$fieldNames = $_POST['vNames'];
$j = 1;
if ($row->fieldid > 0) {
$_CB_database->setQuery("DELETE FROM #__comprofiler_field_values" . " WHERE fieldid = " . (int) $row->fieldid);
if ($_CB_database->query() === false) {
echo $_CB_database->getErrorMsg();
}
} else {
$_CB_database->setQuery("SELECT MAX(fieldid) FROM #__comprofiler_fields");
$maxID = $_CB_database->loadResult();
$row->fieldid = $maxID;
echo $_CB_database->getErrorMsg();
}
//for($i=0, $n=count( $fieldNames ); $i < $n; $i++) {
foreach ($fieldNames as $fieldName) {
if (trim($fieldName) != null || trim($fieldName) != '') {
$_CB_database->setQuery("INSERT INTO #__comprofiler_field_values (fieldid,fieldtitle,ordering)" . " VALUES( " . (int) $row->fieldid . ",'" . cbGetEscaped(trim($fieldName)) . "', " . (int) $j . ")");
if ($_CB_database->query() === false) {
echo $_CB_database->getErrorMsg();
}
$j++;
}
}
switch ($task) {
case 'applyField':
$msg = CBTxt::T('Successfully Saved changes to Field') . ': ' . $row->name;
cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=editField&cid={$row->fieldid}"), $msg);
break;
case 'saveField':
default:
$msg = CBTxt::T('Successfully Saved Field') . ': ' . $row->name;
cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=showField"), $msg);
break;
}
}
/**
* Generates the HTML to display the user profile tab
*
* @param TabTable $tab The tab database entry
* @param UserTable $user The user being displayed
* @param int $ui 1 for front-end, 2 for back-end
* @return string|boolean Either string HTML for tab content, or false if ErrorMSG generated
*/
public function getDisplayTab($tab, $user, $ui)
{
global $_CB_framework;
$model = cbforumsClass::getModel();
if (!$model->file) {
return CBTxt::T('No supported forum model found!');
}
outputCbJs(1);
outputCbTemplate(1);
$plugin = cbforumsClass::getPlugin();
$viewer =& CBuser::getUserDataInstance($_CB_framework->myId());
$message = null;
cbforumsClass::getTemplate('tab');
if ($user->get('id') == $_CB_framework->myId()) {
$profileUrl = cbSef('index.php?option=com_comprofiler&tab=' . (int) $tab->tabid, false);
if ($this->params->get('tab_favs_display', 1)) {
$unfavorite = cbGetParam($_REQUEST, 'forums_unfav', null);
if ($unfavorite) {
if (cbforumsModel::unFavorite($unfavorite, $user, $plugin)) {
cbRedirect($profileUrl, CBTxt::T('Favorite deleted successfully!'));
} else {
cbRedirect($profileUrl, CBTxt::T('Favorite failed to delete.'), 'error');
}
}
}
if ($this->params->get('tab_subs_display', 1)) {
$unsubscribePost = cbGetParam($_REQUEST, 'forums_unsub', null);
if ($unsubscribePost) {
if (cbforumsModel::unSubscribe($unsubscribePost, $user, $plugin)) {
cbRedirect($profileUrl, CBTxt::T('Subscription deleted successfully!'));
} else {
cbRedirect($profileUrl, CBTxt::T('Subscription failed to delete.'), 'error');
}
}
$unsubscribeCat = cbGetParam($_REQUEST, 'forums_unsubcat', null);
if ($unsubscribeCat) {
if (cbforumsModel::unSubscribeCategory($unsubscribeCat, $user, $plugin)) {
cbRedirect($profileUrl, CBTxt::T('Category subscription deleted successfully!'));
} else {
cbRedirect($profileUrl, CBTxt::T('Category subscription failed to delete.'), 'error');
}
}
}
}
$tab->params = $this->params;
$class = $plugin->params->get('general_class', null);
$return = '<div id="cbForums" class="cbForums' . ($class ? ' ' . htmlspecialchars($class) : null) . '">' . '<div id="cbForumsInner" class="cbForumsInner">' . HTML_cbforumsTab::showTab($viewer, $user, $tab, $plugin) . '</div>' . '</div>';
return $return;
}
/**
* @param int $id
* @param UserTable $user
*/
private function deleteMedizd( $id, $user )
{
global $_CB_framework;
$cbModerator = Application::User( (int) $user->get( 'id' ) )->isGlobalModerator();
$row = new cbmedizdProductTable();
$row->load( (int) $id );
$canAccess = false;
if ( $row->get( 'id' ) && ( $cbModerator || ( $row->get( 'user_id' ) == $user->get( 'id' ) ) ) ) {
$canAccess = true;
}
$profileUrl = $_CB_framework->userProfileUrl( $row->get( 'user_id', $user->get( 'id' ) ), false, 'cbmedizdTab' );
if ( $canAccess ) {
if ( ! $row->delete() ) {
cbRedirect( $profileUrl, CBTxt::T( 'FAILED_DELETE_ERROR', 'Failed to delete! Error: [error]', array( '[error]' => $row->getError() ) ), 'error' );
}
cbRedirect( $profileUrl, CBTxt::T( 'MEDPR_PROD_DELSUCC' ) );
} else {
cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' );
}
}
/**
* @param cbautoactionsActionTable $trigger
* @param UserTable $user
*/
public function execute( $trigger, $user )
{
global $_CB_framework;
$params = $trigger->getParams()->subTree( 'redirect' );
$redirect = $trigger->getSubstituteString( $params->get( 'url', null, GetterInterface::STRING ), array( 'cbautoactionsClass', 'escapeURL' ) );
if ( ! $redirect ) {
if ( $trigger->getParams()->get( 'debug', false, GetterInterface::BOOLEAN ) ) {
var_dump( CBTxt::T( 'AUTO_ACTION_REDIRECT_NO_URL', ':: Action [action] :: Redirect skipped due to missing url', array( '[action]' => (int) $trigger->get( 'id' ) ) ) );
}
return;
}
$message = $trigger->getSubstituteString( CBTxt::T( $params->get( 'message', null, GetterInterface::RAW ) ), false );
$messageType = $params->get( 'type', 'message', GetterInterface::STRING );
if ( $messageType == 'custom' ) {
$messageType = $trigger->getSubstituteString( $params->get( 'custom_type', null, GetterInterface::STRING ) );
}
if ( substr( strtolower( $redirect ), 0, 6 ) == 'goback' ) {
$back = (int) substr( strtolower( $redirect ), 6 );
if ( $message ) {
$_CB_framework->enqueueMessage( $message, ( $messageType ? $messageType : null ) );
}
$_CB_framework->document->addHeadScriptDeclaration( ( $back && ( $back > 0 ) ? "window.history.go( -$back );" : "window.history.back();" ) );
} elseif ( strtolower( $redirect ) == 'reload' ) {
if ( $message ) {
$_CB_framework->enqueueMessage( $message, ( $messageType ? $messageType : null ) );
}
$_CB_framework->document->addHeadScriptDeclaration( "window.location.reload();" );
} else {
if ( strtolower( $redirect ) == 'return' ) {
$isHttps = ( isset( $_SERVER['HTTPS'] ) && ( ! empty( $_SERVER['HTTPS'] ) ) && ( $_SERVER['HTTPS'] != 'off' ) );
$redirect = 'http' . ( $isHttps ? 's' : '' ) . '://' . $_SERVER['HTTP_HOST'];
if ( ( ! empty( $_SERVER['PHP_SELF'] ) ) && ( ! empty( $_SERVER['REQUEST_URI'] ) ) ) {
$redirect .= $_SERVER['REQUEST_URI'];
} else {
$redirect .= $_SERVER['SCRIPT_NAME'];
if ( isset( $_SERVER['QUERY_STRING'] ) && ( ! empty( $_SERVER['QUERY_STRING'] ) ) ) {
$redirect .= '?' . $_SERVER['QUERY_STRING'];
}
}
$redirect = cbUnHtmlspecialchars( preg_replace( '/[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']/', '""', preg_replace( '/eval\((.*)\)/', '', htmlspecialchars( urldecode( $redirect ) ) ) ) );
if ( preg_match( '/index.php\?option=com_comprofiler&task=confirm&confirmCode=|index.php\?option=com_comprofiler&view=confirm&confirmCode=|index.php\?option=com_comprofiler&task=login|index.php\?option=com_comprofiler&view=login/', $redirect ) ) {
$redirect = 'index.php';
}
}
cbRedirect( $redirect, $message, ( $message ? ( $messageType ? $messageType : null ) : null ) );
}
}
/**
* @global string
*/
global $_CB_adminpath;
$_CB_adminpath = JPATH_ADMINISTRATOR . '/components/com_comprofiler';
/** @noinspection PhpIncludeInspection */
include_once $_CB_adminpath . '/plugin.foundation.php';
if ($_CB_framework->getCfg('debug')) {
ini_set('display_errors', true);
error_reporting(E_ALL);
// | E_STRICT );
}
cbimport('language.all');
cbimport('cb.tabs');
if (!Application::MyUser()->isAuthorizedToPerformActionOnAsset('core.manage', 'com_comprofiler')) {
cbRedirect($_CB_framework->backendUrl('index.php'), CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!'), 'error');
}
// We don't use view so lets map it to task before we grab task:
cbMapViewToTask();
/** Backend menu: 'show' : only displays close button, 'edit' : special close button
* @global stdClass $_CB_Backend_Menu */
global $_CB_Backend_Menu;
$_CB_Backend_Menu = new stdClass();
$option = $_CB_framework->getRequestVar('option');
$task = $_CB_framework->getRequestVar('view');
$cid = cbGetParam($_REQUEST, 'cid', array(0));
if (!is_array($cid)) {
$cid = array((int) $cid);
}
global $_CB_Backend_Title, $_CB_Backend_task;
$_CB_Backend_Title = array();
function saveTab( $option ) {
global $_CB_database, $_CB_framework, $_POST;
$this->_importNeeded();
$this->_importNeededSave();
if ( isset( $_POST['params'] ) ) {
$_POST['params'] = cbParamsEditorController::getRawParamsMagicgpcEscaped( $_POST['params'] );
} else {
$_POST['params'] = '';
}
if ( ! isset( $_POST['tabid'] ) || ( count( $_POST ) == 0 ) ) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Missing post values') ) . "'); window.history.go(-2); </script>\n";
exit();
}
if ( $_POST['tabid'] ) {
$oldrow = new moscomprofilerTabs( $_CB_database );
if ( $oldrow->load( (int) $_POST['tabid'] )
&& ( ! in_array( $oldrow->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) ) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) . "'); window.history.go(-1);</script>\n";
exit;
}
}
$row = new moscomprofilerTabs( $_CB_database );
if (!$row->bind( $_POST )) {
echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-1); </script>\n";
exit();
}
if ( ! $row->ordering_register ) {
$row->ordering_register = 10;
}
$row->description = cleanEditorsTranslationJunk( trim( $row->description ) );
if (!$row->check()) {
echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n";
exit();
}
$row->tabid = (int) cbGetParam( $_POST, 'tabid', 0 );
if ( ! $row->store() ) {
echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n";
exit();
}
$row->checkin();
cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showTab" ), CBTxt::T('Successfully Saved Tab') . ": ". $row->title );
}
/**
* Outputs item to header
*
* @param bool $inline
* @param bool $thumbnail
* @return bool
*/
private function output( $inline = false, $thumbnail = false )
{
if ( ! $this->get( 'id' ) ) {
header( 'HTTP/1.0 404 Not Found' );
exit();
}
if ( $this->getLinkDomain() || ( ! $this->checkExists( $thumbnail ) ) ) {
cbRedirect( $this->getFilePath( $thumbnail ) );
}
if ( ! $this->checkExists( $thumbnail ) ) {
header( 'HTTP/1.0 404 Not Found' );
exit();
}
$fileExtension = $this->getExtension();
if ( ! $fileExtension ) {
header( 'HTTP/1.0 406 Not Acceptable' );
exit();
}
$fileName = $this->getFileName();
if ( ! $fileName ) {
header( 'HTTP/1.0 404 Not Found' );
exit();
}
$fileMime = $this->getMimeType();
if ( $fileMime == 'application/octet-stream' ) {
header( 'HTTP/1.0 406 Not Acceptable' );
exit();
}
$fileSize = $this->getFileSize( true, $thumbnail );
$fileModifed = date( 'r', filemtime( $this->getFilePath( $thumbnail ) ) );
while ( @ob_end_clean() );
if ( ini_get( 'zlib.output_compression' ) ) {
ini_set( 'zlib.output_compression', 'Off' );
}
if ( function_exists( 'apache_setenv' ) ) {
apache_setenv( 'no-gzip', '1' );
}
header( "Content-Type: $fileMime" );
header( 'Content-Disposition: ' . ( $inline ? 'inline' : 'attachment' ) . '; filename="' . $fileName . '"; modification-date="' . $fileModifed . '"; size=' . $fileSize . ';' );
header( "Content-Transfer-Encoding: binary" );
header( "Expires: 0" );
header( "Cache-Control: must-revalidate, post-check=0, pre-check=0" );
header( "Pragma: public" );
header( "Accept-Ranges: bytes" );
$offset = 0;
$length = $fileSize;
if ( isset( $_SERVER['HTTP_RANGE'] ) ) {
if ( ! preg_match( '/^bytes=\d*-\d*(,\d*-\d*)*$/i', $_SERVER['HTTP_RANGE'] ) ) {
header( "HTTP/1.1 416 Requested Range Not Satisfiable" );
header( "Content-Range: bytes */$fileSize" );
exit();
}
$ranges = explode( ',', substr( $_SERVER['HTTP_RANGE'], 6 ) );
foreach ( $ranges as $range ) {
$parts = explode( '-', $range );
$offset = (int) $parts[0];
$length = (int) $parts[1];
}
if ( ! $length ) {
$length = ( $fileSize - 1 );
}
if ( $offset > $length ) {
header( "HTTP/1.1 416 Requested Range Not Satisfiable" );
header( "Content-Range: bytes */$fileSize" );
exit();
}
header( "HTTP/1.1 206 Partial Content" );
header( "Content-Range: bytes $offset-$length/$fileSize" );
header( "Content-Length: " . ( ( $length - $offset ) + 1 ) );
} else {
header( "HTTP/1.0 200 OK" );
header( "Content-Length: $fileSize" );
}
if ( ! ini_get( 'safe_mode' ) ) {
@set_time_limit( 0 );
}
$file = fopen( $this->getFilePath( $thumbnail ), 'rb' );
if ( $file === false ) {
header( 'HTTP/1.0 404 Not Found' );
exit();
}
fseek( $file, $offset );
$buffer = ( 1024 * 8 );
while ( ( ! feof( $file ) ) && ( ( $pos = ftell( $file ) ) <= $length ) ) {
if ( ( $pos + $buffer ) > $length ) {
$buffer = ( ( $length - $pos ) + 1 );
}
echo fread( $file, $buffer );
@ob_flush();
flush();
}
fclose( $file );
exit();
}
function cancelPluginAction($option)
{
global $_CB_framework, $_POST;
$pluginId = (int) cbGetParam($_POST, 'cid');
if ($pluginId) {
cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&view=editPlugin&cid={$pluginId}"));
} else {
cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&view=showPlugins"));
}
}
/**
* Redirects user to a/his profile or a given task.
*
* @param unknown_type $uid
* @param unknown_type $message
* @param unknown_type $task
*/
function cbRedirectToProfile($uid, $message, $task = null)
{
global $_CB_framework;
$redirectURL = "index.php?option=com_comprofiler";
if ($_CB_framework->myId() != $uid) {
$redirectURL .= "&user="******"&task=" . $task;
}
$redirectURL .= getCBprofileItemid();
cbRedirect(cbSef($redirectURL, false), $message);
}
/**
* @param null $tab
* @param UserTable $user
* @param int $ui
* @param array $postdata
*/
public function getCBpluginComponent($tab, $user, $ui, $postdata)
{
global $_CB_framework, $_PLUGINS, $_CB_PMS;
cbSpoofCheck('plugin');
$id = $this->input('id', null, GetterInterface::INT);
$user = CBuser::getMyUserDataInstance();
if (!$id) {
cbRedirect($_CB_framework->userProfileUrl($user->get('id'), false, 'getmypmsproTab'), CBTxt::T('SEND_PMS_MISSING_TO_USER', 'Private message failed to send! Error: Missing to user'), 'error');
}
$profileUrl = $_CB_framework->userProfileUrl($id, false, 'getmypmsproTab');
if (!$user->get('id')) {
cbRedirect($profileUrl, CBTxt::T('Not authorized.'), 'error');
}
if ($id == $user->get('id')) {
cbRedirect($profileUrl, CBTxt::T('SEND_PMS_ERROR_SELF', 'Private message failed to send! Error: You can not send a private message to your self'), 'error');
}
$tab = new TabTable();
$tab->load(array('pluginclass' => 'getmypmsproTab'));
if (!($tab->enabled && Application::MyUser()->canViewAccessLevel($tab->viewaccesslevel))) {
cbRedirect($profileUrl, CBTxt::T('Not authorized.'), 'error');
}
$subject = $this->input('subject', null, GetterInterface::STRING);
$message = $this->input('message', null, GetterInterface::STRING);
$send = $_CB_PMS->sendPMSMSG($id, $user->get('id'), $subject, $message, false);
if (is_array($send) && count($send) > 0) {
$result = $send[0];
} else {
$result = false;
}
if ($result) {
cbRedirect($profileUrl, CBTxt::T('SEND_PMS_SUCCESS', 'Private message sent successfully!'));
} else {
cbRedirect($profileUrl, $_PLUGINS->getErrorMSG(), 'error');
}
}
/**
* @param int $id
* @param UserTable $user
* @param stdClass $model
* @param PluginTable $plugin
*/
private function deleteBlog( $id, $user, /** @noinspection PhpUnusedParameterInspection */ $model, /** @noinspection PhpUnusedParameterInspection */ $plugin )
{
global $_CB_framework;
$row = new cbblogsBlogTable();
$canAccess = false;
if ( $row->load( (int) $id ) ) {
if ( $row->get( 'id' ) && ( ( $row->get( 'user' ) == $user->get( 'id' ) ) || Application::User( (int) $user->get( 'id' ) )->isGlobalModerator() ) ) {
$canAccess = true;
}
}
$profileUrl = $_CB_framework->userProfileUrl( $row->get( 'user', $user->get( 'id' ) ), false, 'cbblogsTab' );
if ( $canAccess ) {
if ( ! $row->canDelete() ) {
cbRedirect( $profileUrl, CBTxt::T( 'BLOG_FAILED_TO_DELETE_ERROR_ERROR', 'Blog failed to delete! Error: [error]', array( '[error]' => $row->getError() ) ), 'error' );
}
if ( ! $row->delete( (int) $id ) ) {
cbRedirect( $profileUrl, CBTxt::T( 'BLOG_FAILED_TO_DELETE_ERROR_ERROR', 'Blog failed to delete! Error: [error]', array( '[error]' => $row->getError() ) ), 'error' );
}
cbRedirect( $profileUrl, CBTxt::T( 'Blog deleted successfully!' ) );
} else {
cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' );
}
}
/**
* @param int $id
* @param UserTable $user
*/
private function deletePreparaty( $id, $user )
{
global $_CB_framework;
$db = JFactory::getDBO();
require_once ( $_CB_framework->getCfg( 'absolute_path' ) . '/components/com_flexicontent/classes/flexicontent.helper.php' );
//require_once (JPATH_COMPONENT_SITE.DS.'classes'.DS.'flexicontent.helper.php');
$state = -2;
$app = JFactory::getApplication();
$user = JFactory::getUser();
$dispatcher = JDispatcher::getInstance();
JRequest::setVar("isflexicontent", "yes");
static $event_failed_notice_added = false;
$query = 'SELECT id FROM #__content'
. ' WHERE id = '.(int)$id.
" AND created_by = " . (int) $user->get( 'id' );
$db->setQuery( $query );
if(!$db->loadResult()){
$profileUrl = $_CB_framework->userProfileUrl( $user->get( 'id' ) , false, '' );
cbRedirect( $profileUrl, CBTxt::T( 'You can\'t deleted this drug!' ) );
}
if ( $id )
{
$v = FLEXIUtilities::getCurrentVersions((int)$id);
$query = 'UPDATE #__content'
. ' SET state = ' . (int)$state
. ' WHERE id = '.(int)$id
//. ' AND ( checked_out = 0 OR ( checked_out = ' . (int) $user->get('id'). ' ) )'
;
$db->setQuery( $query );
$db->query();
if ( $db->getErrorNum() ) if (FLEXI_J16GE) throw new Exception($db->getErrorMsg(), 500); else JError::raiseError(500, $db->getErrorMsg());
$query = 'UPDATE #__flexicontent_items_tmp'
. ' SET state = ' . (int)$state
. ' WHERE id = '.(int)$id
//. ' AND ( checked_out = 0 OR ( checked_out = ' . (int) $user->get('id'). ' ) )'
;
$db->setQuery( $query );
$db->query();
if ( $db->getErrorNum() ) if (FLEXI_J16GE) throw new Exception($db->getErrorMsg(), 500); else JError::raiseError(500, $db->getErrorMsg());
$query = 'UPDATE #__flexicontent_items_versions'
. ' SET value = ' . (int)$state
. ' WHERE item_id = '.(int)$id
. ' AND valueorder = 1'
. ' AND field_id = 10'
. ' AND version = ' .(int)$v['version']
;
$db->setQuery( $query );
$db->query();
if ( $db->getErrorNum() ) if (FLEXI_J16GE) throw new Exception($db->getErrorMsg(), 500); else JError::raiseError(500, $db->getErrorMsg());
}
// ****************************************************************
// Trigger Event 'onContentChangeState' of Joomla's Content plugins
// ****************************************************************
if (FLEXI_J16GE) {
// Make sure we import flexicontent AND content plugins since we will be triggering their events
JPluginHelper::importPlugin('content');
// PREPARE FOR TRIGGERING content events
// We need to fake joomla's states ... when triggering events
$fc_state = $state;
if ( in_array($fc_state, array(1,-5)) ) $jm_state = 1; // published states
else if ( in_array($fc_state, array(0,-3,-4)) ) $jm_state = 0; // unpublished states
else $jm_state = $fc_state; // trashed & archive states
$fc_itemview = $app->isSite() ? FLEXI_ITEMVIEW : 'item';
$item = new stdClass();
// Compatibility steps (including Joomla compatible state),
// so that 3rd party plugins using the change state event work properly
JRequest::setVar('view', 'article'); JRequest::setVar('option', 'com_content');
$item->state = $jm_state;
$result = $dispatcher->trigger($this->event_change_state, array('com_content.article', (array) $id, $jm_state));
// Revert compatibilty steps ... the $item->state is not used further regardless if it was changed,
// besides the event_change_state using plugin should have updated DB state value anyway
JRequest::setVar('view', $fc_itemview); JRequest::setVar('option', 'com_flexicontent');
if ($item->state == $jm_state) $item->state = $fc_state; // this check is redundant, item->state is not used further ...
if (in_array(false, $result, true) && !$event_failed_notice_added) {
JError::raiseNotice(10, JText::_('One of plugin event handler for onContentChangeState failed') );
$event_failed_notice_added = true;
return false;
}
}
$profileUrl = $_CB_framework->userProfileUrl( $user->get( 'id' ) , false, '' );
cbRedirect( $profileUrl, CBTxt::T( 'Drug deleted successfully!' ) );
}
/**
* Logs in a user
*
* @param UserTable $user
*/
private function login( $user )
{
$cbAuthenticate = new CBAuthentication();
$messagesToUser = array();
$alertMessages = array();
$redirectUrl = null;
$resultError = $cbAuthenticate->login( $user->get( 'username' ), false, 0, 1, $redirectUrl, $messagesToUser, $alertMessages, 1 );
if ( $resultError || ( count( $messagesToUser ) > 0 ) ) {
$error = null;
if ( $resultError ) {
$error .= $resultError;
}
if ( count( $messagesToUser ) > 0 ) {
if ( $resultError ) {
$error .= '<br />';
}
$error .= stripslashes( implode( '<br />', $messagesToUser ) );
}
cbRedirect( $this->_returnUrl, CBTxt::T( 'FAILED_TO_LOGIN_PROVIDER_ACCOUNT', 'Failed to login with [provider] account. Error: [error]', array( '[provider]' => $this->_providerName, '[error]' => $error ) ), 'error' );
return;
} else {
$redirect = null;
if ( ( ! $user->get( 'lastvisitDate' ) ) || ( $user->get( 'lastvisitDate' ) == '0000-00-00 00:00:00' ) ) {
$redirect = $this->params->get( $this->_provider . '_firstlogin', true, GetterInterface::STRING );
}
if ( ! $redirect ) {
$redirect = $this->params->get( $this->_provider . '_login', true, GetterInterface::STRING );
}
if ( ! $redirect ) {
$redirect = $this->_returnUrl;
}
$message = ( count( $alertMessages ) > 0 ? stripslashes( implode( '<br />', $alertMessages ) ) : null );
cbRedirect( $redirect, $message, 'message' );
}
}
/**
* Redirects expired user to the re-subscription screen.
* @access private
* @param int $userId
*/
protected function _redirectExpiredMembership($userId)
{
global $_CB_framework;
$params = cbpaidApp::settingsParams();
$paidUserExtension = cbpaidUserExtension::getInstance($userId);
$expiredSubscriptions = $paidUserExtension->getUserSubscriptions('X');
// check if there is any expired extensions for the text
if (count($expiredSubscriptions) > 0) {
$textMessage = $params->get('subscriptionExpiredText', "Your membership has expired.");
$expiredRedirectLink = $params->get('subscriptionExpiredRedirectLink');
} else {
$textMessage = $params->get('subscriptionNeededText', "A membership is needed for access.");
$expiredRedirectLink = $params->get('subscriptionNeededRedirectLink');
}
if (!$expiredRedirectLink) {
$baseClass = cbpaidApp::getBaseClass();
if ($baseClass) {
$expiredRedirectLink = $baseClass->_getAbsURLwithParam(array('Itemid' => 0, 'account' => 'expired', 'user' => (int) $userId), 'pluginclass', false);
} else {
// without baseClass, as baseClass is not loaded in case of cbpaidsubsbot:
$cbpPrefix = 'cbp';
$expiredRedirectLink = 'index.php?option=com_comprofiler&task=pluginclass&plugin=cbpaidsubscriptions&' . $cbpPrefix . 'account=expired&user='******'index.php?option=com_comprofiler&task=pluginclass&plugin=cbpaidsubscriptions&do=display_subscriptions'; // &Itemid= ???
}
if ($userId) {
$_SESSION['cbsubs']['expireduser'] = $userId;
}
}
if ($_CB_framework->getRequestVar('option') != 'com_comprofiler' || $_CB_framework->getRequestVar('task') != 'pluginclass' || $_CB_framework->getRequestVar('plugin') != 'cbpaidsubscriptions') {
cbRedirect(cbSef($expiredRedirectLink, false), CBPTXT::T($textMessage), 'warning');
}
}
/**
* @param int $id
* @param UserTable $user
*/
private function deleteInvite( $id, $user )
{
global $_CB_framework;
$cbModerator = Application::User( (int) $user->get( 'id' ) )->isGlobalModerator();
$row = new cbinvitesInviteTable();
$row->load( (int) $id );
$canAccess = false;
if ( $row->get( 'id' ) && ( $cbModerator || ( $row->get( 'user_id' ) == $user->get( 'id' ) ) ) ) {
$canAccess = true;
}
$profileUrl = $_CB_framework->userProfileUrl( $row->get( 'user_id', $user->get( 'id' ) ), false, 'cbinvitesTab' );
if ( $canAccess ) {
if ( $row->isAccepted() ) {
cbRedirect( $profileUrl, CBTxt::T( 'Invite already accepted and can not be deleted.' ), 'error' );
}
if ( ! $row->delete() ) {
cbRedirect( $profileUrl, CBTxt::T( 'INVITE_FAILED_DELETE_ERROR', 'Invite failed to delete! Error: [error]', array( '[error]' => $row->getError() ) ), 'error' );
}
cbRedirect( $profileUrl, CBTxt::T( 'Invite deleted successfully!' ) );
} else {
cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' );
}
}
/**
* Saves legacy user edit display
*
* @param string $option
* @param string $task
*/
public function saveUser($option, $task = 'save')
{
global $_CB_framework, $_CB_Backend_task, $_POST, $_PLUGINS;
cbimport('language.all');
cbimport('cb.tabs');
cbimport('cb.params');
cbimport('cb.adminfilesystem');
cbimport('cb.imgtoolbox');
$userIdPosted = (int) cbGetParam($_POST, 'id', 0);
if ($userIdPosted == 0) {
$_POST['id'] = null;
}
$msg = $this->_authorizedEdit($userIdPosted);
if (!$msg) {
if ($userIdPosted != 0) {
$msg = checkCBpermissions(array($userIdPosted), 'save', true);
} else {
$msg = checkCBpermissions(null, 'save', true);
}
}
if ($userIdPosted != 0) {
$_PLUGINS->trigger('onBeforeUserProfileSaveRequest', array($userIdPosted, &$msg, 2));
}
if ($msg) {
cbRedirect($_CB_framework->backendViewUrl('showusers', false), $msg, 'error');
}
$_PLUGINS->loadPluginGroup('user');
// Get current user state:
if ($userIdPosted != 0) {
$userComplete = CBuser::getUserDataInstance($userIdPosted);
if (!($userComplete && $userComplete->id)) {
cbRedirect($_CB_framework->backendViewUrl('showusers', false), CBTxt::T('Your profile could not be updated.'), 'error');
}
} else {
$userComplete = new UserTable();
}
// Store new user state:
$saveResult = $userComplete->saveSafely($_POST, $_CB_framework->getUi(), 'edit');
if (!$saveResult) {
$regErrorMSG = $userComplete->getError();
$msg = checkCBpermissions(array((int) $userComplete->id), 'edit', true);
if ($userIdPosted != 0) {
$_PLUGINS->trigger('onBeforeUserProfileEditRequest', array((int) $userComplete->id, &$msg, 2));
}
if ($msg) {
cbRedirect($_CB_framework->backendViewUrl('showusers', false), $msg, 'error');
}
if ($userIdPosted != 0) {
$_PLUGINS->trigger('onAfterUserProfileSaveFailed', array(&$userComplete, &$regErrorMSG, 2));
} else {
$_PLUGINS->trigger('onAfterUserRegistrationSaveFailed', array(&$userComplete, &$regErrorMSG, 2));
}
$_CB_framework->enqueueMessage($regErrorMSG, 'error');
$_CB_Backend_task = 'edit';
// so the toolbar comes up...
$_PLUGINS->loadPluginGroup('user');
// resets plugin errors
$userView = _CBloadView('user');
/** @var CBController_user $userView */
$userView->edituser($userComplete, $option, $userComplete->user_id != null ? 0 : 1, $_POST);
return;
}
// Checks-in the row:
$userComplete->checkin();
if ($userIdPosted != 0) {
$_PLUGINS->trigger('onAfterUserProfileSaved', array(&$userComplete, 2));
} else {
$messagesToUser = array();
$_PLUGINS->trigger('onAfterSaveUserRegistration', array(&$userComplete, &$messagesToUser, 2));
}
if ($task == 'apply') {
cbRedirect($_CB_framework->backendViewUrl('edit', false, array('cid' => (int) $userComplete->user_id)), CBTxt::T('SUCCESSFULLY_SAVED_USER_USERNAME', 'Successfully Saved User: [username]', array('[username]' => $userComplete->username)));
} else {
cbRedirect($_CB_framework->backendViewUrl('showusers', false), CBTxt::T('SUCCESSFULLY_SAVED_USER_USERNAME', 'Successfully Saved User: [username]', array('[username]' => $userComplete->username)));
}
}
/**
* Direct access to field for custom operations, like for Ajax
*
* WARNING: direct unchecked access, except if $user is set, then check
* that the logged-in user has rights to edit that $user.
*
* @param FieldTable $field
* @param UserTable $user
* @param array $postdata
* @param string $reason 'profile' for user profile view, 'edit' for profile edit, 'register' for registration, 'search' for searches
* @return string Expected output.
*/
public function fieldClass(&$field, &$user, &$postdata, $reason)
{
global $_CB_framework;
if (cbGetParam($_GET, 'function', null) == 'download') {
$col = $field->name;
$file = $user->{$col};
if ($file != null) {
if ($reason == 'edit') {
$redirect_url = $_CB_framework->userProfileEditUrl($user->id, false);
} elseif ($reason == 'list') {
$redirect_url = $_CB_framework->userProfilesListUrl(cbGetParam($_REQUEST, 'listid', 0), false);
} elseif ($reason == 'register') {
$redirect_url = $_CB_framework->viewUrl('registers', false);
} else {
$redirect_url = $_CB_framework->userProfileUrl($user->id, false);
}
$clean_file = preg_replace('/[^-a-zA-Z0-9_.]/', '', $file);
$file_path = $_CB_framework->getCfg('absolute_path') . '/images/comprofiler/plug_cbfilefield/' . (int) $user->id . '/' . $clean_file;
if (!file_exists($file_path)) {
cbRedirect($redirect_url, CBTxt::T('File failed to download! Error: File not found'), 'error');
exit;
}
$file_ext = strtolower(pathinfo($clean_file, PATHINFO_EXTENSION));
if (!$file_ext) {
cbRedirect($redirect_url, CBTxt::T('File failed to download! Error: Unknown extension'), 'error');
exit;
}
$file_name = substr(rtrim(pathinfo($clean_file, PATHINFO_BASENAME), '.' . $file_ext), 0, -14) . '.' . $file_ext;
if (!$file_name) {
cbRedirect($redirect_url, CBTxt::T('File failed to download! Error: File not found'), 'error');
exit;
}
$file_mime = cbGetMimeFromExt($file_ext);
if ($file_mime == 'application/octet-stream') {
cbRedirect($redirect_url, CBTxt::T('File failed to download! Error: Unknown MIME'), 'error');
exit;
}
$file_size = @filesize($file_path);
$file_modified = $_CB_framework->getUTCDate('r', filemtime($file_path));
while (@ob_end_clean()) {
}
if (ini_get('zlib.output_compression')) {
ini_set('zlib.output_compression', 'Off');
}
if (function_exists('apache_setenv')) {
apache_setenv('no-gzip', '1');
}
header("Content-Type: {$file_mime}");
header('Content-Disposition: ' . ($field->params->get('fieldFile_force', 0) ? 'attachment' : 'inline') . '; filename="' . $file_name . '"; modification-date="' . $file_modified . '"; size=' . $file_size . ';');
header("Content-Transfer-Encoding: binary");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Pragma: public");
header("Content-Length: {$file_size}");
if (!ini_get('safe_mode')) {
@set_time_limit(0);
}
$handle = fopen($file_path, 'rb');
if ($handle === false) {
exit;
}
$chunksize = 1 * (1024 * 1024);
while (!feof($handle)) {
$buffer = fread($handle, $chunksize);
echo $buffer;
@ob_flush();
flush();
}
fclose($handle);
exit;
}
} else {
parent::fieldClass($field, $user, $postdata, $reason);
// Performs spoof check
}
return null;
}