/** * @param TabTable $tab Current tab * @param UserTable $user Current user * @param int $ui 1 front, 2 admin UI * @param array $postdata Raw unfiltred POST data * @return string HTML */ public function getCBpluginComponent($tab, $user, $ui, $postdata) { global $_CB_framework; outputCbJs(1); outputCbTemplate(1); $plugin = cbblogsClass::getPlugin(); $model = cbblogsClass::getModel(); $action = $this->input('action', null, GetterInterface::STRING); $function = $this->input('func', null, GetterInterface::STRING); $id = $this->input('id', null, GetterInterface::INT); $user = CBuser::getUserDataInstance($_CB_framework->myId()); $tab = new TabTable(); $tab->load(array('pluginid' => (int) $plugin->id)); $profileUrl = $_CB_framework->userProfileUrl($user->get('id'), false, 'cbblogsTab'); if (!($tab->enabled && Application::MyUser()->canViewAccessLevel($tab->viewaccesslevel))) { cbRedirect($profileUrl, CBTxt::T('Not authorized.'), 'error'); } ob_start(); switch ($action) { case 'blogs': switch ($function) { case 'new': $this->showBlogEdit(null, $user, $model, $plugin); break; case 'edit': $this->showBlogEdit($id, $user, $model, $plugin); break; case 'save': cbSpoofCheck('plugin'); $this->saveBlogEdit($id, $user, $model, $plugin); break; case 'publish': $this->stateBlog(1, $id, $user, $model, $plugin); break; case 'unpublish': $this->stateBlog(0, $id, $user, $model, $plugin); break; case 'delete': $this->deleteBlog($id, $user, $model, $plugin); break; case 'show': default: if ($model->type != 2) { cbRedirect(cbblogsModel::getUrl((int) $id, false)); } else { $this->showBlog($id, $user, $model, $plugin); } break; } break; default: cbRedirect($profileUrl, CBTxt::T('Not authorized.'), 'error'); break; } $html = ob_get_contents(); ob_end_clean(); $class = $plugin->params->get('general_class', null); $return = '<div id="cbBlogs" class="cbBlogs' . ($class ? ' ' . htmlspecialchars($class) : null) . '">' . '<div id="cbBlogsInner" class="cbBlogsInner">' . $html . '</div>' . '</div>'; echo $return; }
public function check() { if ($this->get('title') == '') { $this->setError(CBTxt::T('Title not specified!')); return false; } elseif (!$this->get('user')) { $this->setError(CBTxt::T('User not specified!')); return false; } elseif ($this->get('user') && !CBuser::getUserDataInstance((int) $this->get('user'))->id) { $this->setError(CBTxt::T('User specified does not exist!')); return false; } elseif ($this->get('access') === '') { $this->setError(CBTxt::T('Access not specified!')); return false; } elseif ($this->get('category') === '') { $this->setError(CBTxt::T('Category not specified!')); return false; } elseif (!in_array($this->get('category'), cbblogsModel::getCategoriesList(true))) { $this->setError(CBTxt::T('Category not allowed!')); return false; } return true; }
/** * Gets all subscriptions of $user for $plans having $statuses * $plans and $statuses can be null or empty array() meaning that condition is ignored * * @param int $userId * @param int[]|null $plans * @param string[]|null $statuses * @return cbpaidSomething[] */ private function _getUsersSubscriptions( $userId, $plans, $statuses ) { $subsOfPlansStatus = array(); if ( $userId ) { // get list of plan_id of all active and inactive subscriptions: $user = CBuser::getUserDataInstance( $userId ); $subsByPlanType = cbpaidSomethingMgr::getAllSomethingOfUser( $user, null ); foreach ( $subsByPlanType as $subs ) { foreach ( $subs as $subscription ) { // $subscription = NEW cbpaidSomething(); if ( ( ( $plans == null ) || in_array( $subscription->plan_id, $plans ) ) && ( ( $statuses == null ) || in_array( $subscription->status, $statuses ) ) ) { $subsOfPlansStatus[] = $subscription; } } } } return $subsOfPlansStatus; }
/** * Saves legacy user edit display * * @param string $option * @param string $task */ public function saveUser($option, $task = 'save') { global $_CB_framework, $_CB_Backend_task, $_POST, $_PLUGINS; cbimport('language.all'); cbimport('cb.tabs'); cbimport('cb.params'); cbimport('cb.adminfilesystem'); cbimport('cb.imgtoolbox'); $userIdPosted = (int) cbGetParam($_POST, 'id', 0); if ($userIdPosted == 0) { $_POST['id'] = null; } $msg = $this->_authorizedEdit($userIdPosted); if (!$msg) { if ($userIdPosted != 0) { $msg = checkCBpermissions(array($userIdPosted), 'save', true); } else { $msg = checkCBpermissions(null, 'save', true); } } if ($userIdPosted != 0) { $_PLUGINS->trigger('onBeforeUserProfileSaveRequest', array($userIdPosted, &$msg, 2)); } if ($msg) { cbRedirect($_CB_framework->backendViewUrl('showusers', false), $msg, 'error'); } $_PLUGINS->loadPluginGroup('user'); // Get current user state: if ($userIdPosted != 0) { $userComplete = CBuser::getUserDataInstance($userIdPosted); if (!($userComplete && $userComplete->id)) { cbRedirect($_CB_framework->backendViewUrl('showusers', false), CBTxt::T('Your profile could not be updated.'), 'error'); } } else { $userComplete = new UserTable(); } // Store new user state: $saveResult = $userComplete->saveSafely($_POST, $_CB_framework->getUi(), 'edit'); if (!$saveResult) { $regErrorMSG = $userComplete->getError(); $msg = checkCBpermissions(array((int) $userComplete->id), 'edit', true); if ($userIdPosted != 0) { $_PLUGINS->trigger('onBeforeUserProfileEditRequest', array((int) $userComplete->id, &$msg, 2)); } if ($msg) { cbRedirect($_CB_framework->backendViewUrl('showusers', false), $msg, 'error'); } if ($userIdPosted != 0) { $_PLUGINS->trigger('onAfterUserProfileSaveFailed', array(&$userComplete, &$regErrorMSG, 2)); } else { $_PLUGINS->trigger('onAfterUserRegistrationSaveFailed', array(&$userComplete, &$regErrorMSG, 2)); } $_CB_framework->enqueueMessage($regErrorMSG, 'error'); $_CB_Backend_task = 'edit'; // so the toolbar comes up... $_PLUGINS->loadPluginGroup('user'); // resets plugin errors $userView = _CBloadView('user'); /** @var CBController_user $userView */ $userView->edituser($userComplete, $option, $userComplete->user_id != null ? 0 : 1, $_POST); return; } // Checks-in the row: $userComplete->checkin(); if ($userIdPosted != 0) { $_PLUGINS->trigger('onAfterUserProfileSaved', array(&$userComplete, 2)); } else { $messagesToUser = array(); $_PLUGINS->trigger('onAfterSaveUserRegistration', array(&$userComplete, &$messagesToUser, 2)); } if ($task == 'apply') { cbRedirect($_CB_framework->backendViewUrl('edit', false, array('cid' => (int) $userComplete->user_id)), CBTxt::T('SUCCESSFULLY_SAVED_USER_USERNAME', 'Successfully Saved User: [username]', array('[username]' => $userComplete->username))); } else { cbRedirect($_CB_framework->backendViewUrl('showusers', false), CBTxt::T('SUCCESSFULLY_SAVED_USER_USERNAME', 'Successfully Saved User: [username]', array('[username]' => $userComplete->username))); } }
/** * Checks for upgrade or renewal possibilities * * @param int $ui 1=frontend, 2=backend * @param int $user_id * @param int $now system unix time * @param cbpaidUsersubscriptionRecord[] $subscriptionsReturned RETURNED: current subscriptions * with ->status = 'A' for active ones and 'X' for expired ones. 'R' unpaid, 'C' cancelled. * @param array|null $plansToShowOnly array of specific plan numbers to show (so we add these plans if allowed and not spontaneous in frontend * @param int $subsAccess 0 has only read access, 1 has user access, 2 reserved for future Super-admin access * @param boolean $plansToShowOnlyDoIncludeChildren Include children with plansToShowOnly * @return cbPaidProduct[] upgrade possibilities including _renewalDiscount in plan's currency */ public function getUpgradeAndRenewalPossibilities($ui, $user_id, $now, &$subscriptionsReturned, $plansToShowOnly = null, $subsAccess = 1, $plansToShowOnlyDoIncludeChildren = false) { global $_CB_database, $_CB_framework; if (!isset($this->_upgradesCache[$user_id])) { $quantity = 1; //TBD later ! $paidUserExtension = cbpaidUserExtension::getInstance($user_id); $subscriptions = $paidUserExtension->getUserSubscriptions(null, true); $user = CBuser::getUserDataInstance((int) $user_id); $plansMgr = cbpaidPlansMgr::getInstance(); $plans = $plansMgr->loadPublishedPlans($user, true, 'any', null); //TBD LATER: upgrades limiting owners $params = cbpaidApp::settingsParams(); $enableFreeRegisteredUser = $params->get('enableFreeRegisteredUser', 1); $createAlsoFreeSubscriptions = $params->get('createAlsoFreeSubscriptions', 0); $noValidSubscriptionFound = true; $subscriptionsUpgradePlansIdsDiscount = array(); // array: [$k][$upgrade_plan->id]=discountedPrice where $l is index in $subscriptions $activeExclusiveSubChild = array(); // array: [$parentPlanId] = true $notProposedParents = array(); foreach (array_keys($subscriptions) as $k) { // for each user subscription: // 1. check if it's plan can be shown as an extra subscription possibility and/or upgrade, $subscriptions[$k]->checkRenewalUpgrade($ui, $user, $quantity, $now, $subsAccess); // 2. don't propose subscription which can not be shown to the user if ($subscriptions[$k]->_hideItsPlan && isset($plans[$subscriptions[$k]->plan_id])) { $plans[$subscriptions[$k]->plan_id]->_drawOnlyAsContainer = true; // $notProposedParents[$subscriptions[$k]->plan_id] = true; } if (($subscriptions[$k]->_hideThisSubscription || !$subscriptions[$k]->checkIfValid($now)) && (isset($plans[$subscriptions[$k]->plan_id]) && $plans[$subscriptions[$k]->plan_id]->get('multiple') == 0)) { foreach (array_keys($plans) as $pk) { // hidden or inactive subscription: do not display any of its children plans as upgrade possibility: if ($plans[$pk]->get('parent') == $subscriptions[$k]->plan_id) { $plans[$pk]->_drawOnlyAsContainer = true; $notProposedParents[$pk] = true; } } } if ($subscriptions[$k]->_hideThisSubscription) { unset($subscriptions[$k]); } elseif ($subscriptions[$k]->checkIfValid($now)) { // 3. all upgrade possibilities of this subscription $noValidSubscriptionFound = false; $subscriptionsUpgradePlansIdsDiscount[$k] = $subscriptions[$k]->_upgradePlansIdsDiscount; if ($subscriptions[$k]->getPlanAttribute('exclusive') == 1) { $activeExclusiveSubChild[$subscriptions[$k]->getPlanAttribute('parent')] = true; } } else { } } // add to each plan the subscriptions which can be upgraded: plan, subscription and price: foreach (array_keys($plans) as $pk) { foreach ($subscriptionsUpgradePlansIdsDiscount as $k => $upgradePlansDiscount) { foreach ($upgradePlansDiscount as $planId => $discountedPrice) { if ($plans[$pk]->get('id') == $planId) { $plans[$pk]->_subscriptionToUpdate = array($subscriptions[$k]->plan_id, $subscriptions[$k]->id); $plans[$pk]->_renewalDiscount = $discountedPrice; } } } } // finally remove all plans not allowed for upgrade and // also all exclusive plans which can't be upgraded to by no subscription // (already subscribed plans have already been removed by plan's _hideItsPlan instructions): // also memorize them as removed parent, so that children are not proposed either: foreach (array_keys($plans) as $pk) { $exclPlan = $plans[$pk]->get('exclusive'); $resultTexts = array(); // remove plans not listed by default and not specifically selected: if (!$plans[$pk]->isPlanAllowingUpgradesToThis($user_id, $resultTexts) || $plans[$pk]->get('propose_upgrade') != 1 && $ui != 2 && !($plansToShowOnly && (in_array($pk, $plansToShowOnly) || $plansToShowOnlyDoIncludeChildren && in_array($plans[$pk]->get('parent'), $plansToShowOnly))) || $exclPlan == 1 && $plans[$pk]->get('multiple') == 0 && isset($activeExclusiveSubChild[$plans[$pk]->get('parent')]) && $plans[$pk]->_subscriptionToUpdate === null) { // if ( $ui == 1 ) { // when we are in frontend: if (!(isset($plans[$pk]->_drawOnlyAsContainer) && $plans[$pk]->_drawOnlyAsContainer)) { $plans[$pk]->_drawOnlyAsContainer = true; $notProposedParents[$pk] = true; } } } // very finally remove also children of non-authorized parent plans: // second case is that parent plan isn't published: foreach (array_keys($plans) as $pk) { $parentPlanId = $plans[$pk]->get('parent'); if ($parentPlanId && (isset($notProposedParents[$parentPlanId]) || !isset($plans[$parentPlanId]))) { $plans[$pk]->_drawOnlyAsContainer = true; } } // If no sbscriptions at all or no active/registered ones, and the corresponding setting allows it: // Find the first free lifetime one with Registered level: if ((count($subscriptions) == 0 || $noValidSubscriptionFound) && $enableFreeRegisteredUser && !$createAlsoFreeSubscriptions) { $firstFreePlanId = null; $registeredUserGroup = $_CB_framework->getCfg('new_usertype'); foreach ($plans as $v) { if ($v->isLifetimeValidity() && $v->isFree() && in_array($v->get('usergroup'), array($registeredUserGroup, 0))) { if ($firstFreePlanId === null) { $firstFreePlanId = $v->get('id'); } break; } } if ($firstFreePlanId) { $freeSub = new cbpaidUsersubscriptionRecord($_CB_database); $freeSub->createSubscription($user_id, $plans[$firstFreePlanId], null, null, 'A', false); array_unshift($subscriptions, $freeSub); $plans[$firstFreePlanId]->_drawOnlyAsContainer = true; } } $this->_upgradesCache[$user_id] = array('subscriptions' => &$subscriptions, 'plans' => &$plans); } $subscriptionsReturned = $this->_upgradesCache[$user_id]['subscriptions']; return $this->_upgradesCache[$user_id]['plans']; }
/** * Returns substitution strings * * @see cbpaidSomething::substitutionStringsForItemDetailed() * * @param boolean $html HTML or TEXT return * @param string $reason 'N' new subscription, 'R' renewal, 'U'=update ) * @param boolean $autorecurring TRUE: is autorecurring, no real expiration date, FALSE: is not autorecurring * @return array */ public function substitutionStringsForItemDetailed( /** @noinspection PhpUnusedParameterInspection */ $html, $reason, $autorecurring ) { global $_CB_framework; $user = CBuser::getUserDataInstance( $this->user_id ); $prefixText = ''; $params =& cbpaidApp::settingsParams(); $extraStrings = array( 'ITEM_NAME' => $this->getPlan()->getPersonalized( 'name', $this->user_id, false ), // CBPTXT::T( $this->getText( 'name' ) ), 'ITEM_ALIAS' => CBPTXT::T( $this->getText( 'alias' ) ), 'ITEM_DESCRIPTION' => $this->getPlan()->getPersonalized( 'description', $this->user_id, false ), //strip_tags( CBPTXT::T( $this->getText( 'description' ) ) ), 'SITENAME' => $_CB_framework->getCfg( 'sitename' ), 'SITEURL' => $_CB_framework->getCfg( 'live_site' ), 'PLANS_TITLE' => strip_tags( CBPTXT::T( $params->get( 'regTitle' ) ) ), 'EMAILADDRESS' => $user->email, 'PREFIX_TEXT' => $prefixText ); return $extraStrings; }
/** * store() function override, instead of storing it imports. * * @param boolean $updateNulls * @return boolean */ public function store($updateNulls = false) { $return = ''; // Check if file uploads are enabled if (!(bool) ini_get('file_uploads')) { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("The importer can't continue before file uploads are enabled in PHP settings."); return false; } if (!$this->import_type) { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("No import type selected"); return false; } $fromFile = cbStartOfStringMatch($this->import_type, 'file_'); if ($fromFile) { $userfile = $_FILES['userfile']; if (!$userfile || $userfile == null) { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("No file selected"); return false; } if (isset($userfile['error']) && $userfile['error']) { $errors_array = array(1 => CBPTXT::T("The uploaded file exceeds the upload_max_filesize directive in php.ini."), 2 => CBPTXT::T("The uploaded file exceeds the maximum size allowed by this form."), 3 => CBPTXT::T("The uploaded file was only partially uploaded."), 4 => CBPTXT::T("No file was selected and uploaded."), 6 => CBPTXT::T("Missing a temporary folder in php.ini."), 7 => CBPTXT::T("Failed to write file to disk."), 8 => CBPTXT::T("File upload stopped by extension.")); if (in_array($userfile['error'], $errors_array)) { $fileErrorTxt = $errors_array[$userfile['error']]; } else { $fileErrorTxt = CBPTXT::T("File upload error number ") . htmlspecialchars($userfile['error']); } $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . $fileErrorTxt; return false; } if (!$userfile['tmp_name'] || !is_uploaded_file($userfile['tmp_name'])) { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("No temporary file name"); return false; } if ($userfile['size'] == 0) { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("Empty file"); return false; } } else { $userfile = null; } if ($this->import_type == 'cms_acl') { if (!$this->usergroup) { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("No usergroup selected"); return false; } } if ($this->import_type == 'subscription') { if (!$this->from_plan) { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("No subscription plan selected"); return false; } if (!$this->from_sub_status) { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("No subscription status selected"); return false; } } if ($this->import_type != 'file_uid_plan_exp') { if (!$this->plan) { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("No plan selected"); return false; } if (!$this->state) { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("No subscription state selected"); return false; } if (!$this->date) { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("No subscription date selected"); return false; } } if ($fromFile) { $tmpName = $userfile['tmp_name']; $fileSize = (int) $userfile['size']; // $fileType = $userfile['type']; } else { $tmpName = null; $fileSize = null; } $planStateDate = array(); switch ($this->import_type) { case 'file_uid': $fp = fopen($tmpName, 'r'); $content = fread($fp, $fileSize); fclose($fp); unlink($tmpName); $userIdList = explode(',', trim($content)); break; case 'file_uid_plan_exp': $userIdList = array(); $fp = fopen($tmpName, 'r'); if ($fp) { $n = 0; while (!feof($fp)) { $line = trim(str_replace('"', '', fgets($fp, 256))); $n += 1; if (strlen($line) > 0) { $matches = null; if (preg_match('/([1-9][0-9]*),([1-9][0-9]*),([AXC]),([0-9]{4}-[0-9]{2}-[0-9]{2} [0-9][0-9]:[0-9][0-9]:[0-9][0-9])/', $line, $matches)) { if (!in_array((int) $matches[1], $userIdList)) { $userIdList[] = (int) $matches[1]; } $planStateDate[(int) $matches[1]][] = array('plan' => (int) $matches[2], 'status' => $matches[3], 'date' => $matches[4]); } else { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . sprintf(CBPTXT::T("Line %s does not match the format userid,planid,status,date, e.g. 63,1,A,2009-01-01 00:00:00, and is instead: %s ."), $n, htmlspecialchars($line)); fclose($fp); unlink($tmpName); return false; } } } } fclose($fp); unlink($tmpName); break; case 'cms_acl': if (checkJversion() >= 2) { $sql = 'SELECT id FROM #__users u' . ' JOIN #__user_usergroup_map m ON ( u.id = m.user_id )' . ' WHERE m.group_id = ' . (int) $this->usergroup; } else { $sql = 'SELECT id FROM #__users' . ' WHERE gid = ' . (int) $this->usergroup; } $this->_db->setQuery($sql); $userIdList = $this->_db->loadResultArray(); break; case 'subscription': $statuses = $this->from_sub_status; foreach (array_keys($statuses) as $k) { $statuses[$k] = $this->_db->Quote($statuses[$k][0]); } $sql = 'SELECT s.user_id FROM #__cbsubs_subscriptions s' . ' JOIN #__users u ON ( u.id = s.user_id AND u.block = 0 )' . ' JOIN #__comprofiler c ON ( c.id = s.user_id AND c.confirmed = 1 AND c.approved = 1 )' . ' WHERE s.plan_id = ' . (int) $this->from_plan . ' AND s.status IN (' . implode(',', $statuses) . ')'; $this->_db->setQuery($sql); $userIdList = $this->_db->loadResultArray(); break; default: $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("Import type not implemented!"); return false; break; } if (count($userIdList) == 0) { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("No user to import"); return false; } $plansMgr = cbpaidPlansMgr::getInstance(); if ($this->import_type != 'file_uid_plan_exp') { $plan = $plansMgr->loadPlan((int) $this->plan); $subscriptionTime = (int) $plan->strToTime($this->date); foreach ($userIdList as $key => $value) { if (!is_numeric($value)) { $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("non-numeric userid value: ") . str_replace("\n", ' ', htmlspecialchars($value)); return false; } $userIdList[$key] = (int) $value; } } else { $plan = null; $subscriptionTime = null; } $this->_db->setQuery("SELECT u.id, u.username FROM #__comprofiler c, #__users u WHERE c.id=u.id AND u.block = 0 AND c.approved = 1 AND c.confirmed = 1 AND c.id IN (" . implode(',', $userIdList) . ")"); $users = $this->_db->loadObjectList('id'); if (count($userIdList) != count($users)) { if (is_array($users)) { foreach ($users as $u) { $keys = array_keys($userIdList, $u->id); unset($userIdList[$keys[0]]); unset($planStateDate[(int) $u->id]); } } $idList = implode(', ', $userIdList); $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("Not all userId exist, are active (confirmed, approved and enabled) ! innexistant or inactive ids: ") . $idList; return false; } $this->_db->setQuery("SELECT DISTINCT user_id FROM #__cbsubs_subscriptions WHERE user_id IN (" . implode(',', $userIdList) . ")" . " ORDER BY user_id"); $usersSubscribed = $this->_db->loadResultArray(); $incompatibleUsersSubs = array(); if ($this->import_type != 'file_uid_plan_exp') { foreach ($users as $user) { @set_time_limit(60); $incompatible = false; if (in_array($user->id, $usersSubscribed)) { if ($plan->get('exclusive') && $plan->get('item_type') == 'usersubscription') { $paidUserExtension = cbpaidUserExtension::getInstance($user->id); $subscriptions = $paidUserExtension->getUserSubscriptions(null, false); foreach ($subscriptions as $s) { if ($s->parent_plan == $plan->get('parent') && $s->checkIfValid()) { $sPlan = $s->getPlan(); if ($sPlan->get('exclusive') && $sPlan->get('item_type') == 'usersubscription') { // check if any other exclusive subscription with same parent plan is active: $incompatible = true; break; } } } } } if (!$incompatible) { if ($plan->get('parent')) { $plansMgr = cbpaidPlansMgr::getInstance(); $parentPlan = $plansMgr->loadPlan($plan->get('parent')); $parentSub = $parentPlan->loadLatestSomethingOfUser($user->id, null); if (!$parentSub) { $incompatible = true; } } } if ($incompatible) { if (!in_array($user->id, $incompatibleUsersSubs)) { $incompatibleUsersSubs[] = $user->id; } continue; } if (!$this->dryrun) { $userFull = CBuser::getUserDataInstance($user->id); $this->createSomething($plan, $userFull, $this->state, $subscriptionTime); CBuser::unsetUsersNotNeeded(array((int) $user->id)); } } } else { $cbpaidTimes = cbpaidTimes::getInstance(); $systemTimeZone = new DateTimeZone($cbpaidTimes->systemTimeZone()); foreach ($users as $user) { @set_time_limit(60); foreach ($planStateDate[(int) $user->id] as $psd) { $plan = $plansMgr->loadPlan((int) $psd['plan']); $status = $psd['status']; if ($psd['date']) { $date = DateTime::createFromFormat('Y-m-d H:i:s', $psd['date'], $systemTimeZone); $subscriptionTime = $date->getTimestamp(); } else { $subscriptionTime = $cbpaidTimes->startTime(); } $incompatible = false; if (in_array($user->id, $usersSubscribed)) { if ($plan->get('exclusive') && $plan->get('item_type') == 'usersubscription') { $paidUserExtension = cbpaidUserExtension::getInstance($user->id); $subscriptions = $paidUserExtension->getUserSubscriptions(null, false); foreach ($subscriptions as $s) { if ($s->parent_plan == $plan->get('parent') && $s->checkIfValid()) { $sPlan = $s->getPlan(); if ($sPlan->get('exclusive') && $sPlan->get('item_type') == 'usersubscription') { // check if any other exclusive subscription with same parent plan is active: $incompatible = true; break; } } } } } if (!$incompatible) { if ($plan->get('parent')) { $plansMgr = cbpaidPlansMgr::getInstance(); $parentPlan = $plansMgr->loadPlan($plan->get('parent')); $parentSub = $parentPlan->loadLatestSomethingOfUser($user->id, null); if (!$parentSub) { $incompatible = true; } } } if ($incompatible) { if (!in_array($user->id, $incompatibleUsersSubs)) { $incompatibleUsersSubs[] = $user->id; } continue; } if (!$this->dryrun) { $userFull = CBuser::getUserDataInstance($user->id); $this->createSomething($plan, $userFull, $status, $subscriptionTime); CBuser::unsetUsersNotNeeded(array((int) $user->id)); } } } } if (count($userIdList) > 0 && count($incompatibleUsersSubs) == 0) { $resultText = CBPTXT::T("Success"); } elseif (count($userIdList) > count($incompatibleUsersSubs)) { $resultText = CBPTXT::T("Partial Success"); } elseif (count($userIdList) == count($incompatibleUsersSubs)) { $resultText = CBPTXT::T("Import failed"); } else { $resultText = CBPTXT::T("Unknown Result"); } $return .= '<h1>' . $resultText . ($this->dryrun ? ' [' . CBPTXT::T("DRY-RUN - NO REAL SUBSCRIPTION") . ']' : '') . ':</h1>'; if (count($incompatibleUsersSubs) > 0) { $idList = implode(', ', $incompatibleUsersSubs); $return .= '<p>' . CBPTXT::T("Some users have already subscriptions: user ids: ") . $idList . '</p>'; // $this->_error = CBPTXT::T("Importer") . ' - ' . CBPTXT::T("error:") . ' ' . CBPTXT::T("Some users have already subscriptions: user ids: ") . $idList; // return false; } if ($this->import_type != 'file_uid_plan_exp') { $return .= '<p>' . sprintf(CBPTXT::T("%d users subscribed to plan: %s , with state: %s"), count($userIdList) - count($incompatibleUsersSubs), $plan->get('name'), CBPTXT::T($this->_states[$this->state])) . '</p>'; if (count($userIdList) - count($incompatibleUsersSubs) > 0) { $return .= '<p>' . CBPTXT::T("Users subscribed (usernames):") . '</p>'; $return .= '<p>'; foreach ($users as $user) { if (!in_array($user->id, $incompatibleUsersSubs)) { $return .= $user->username . ' '; } } $return .= '</p>'; } } else { $return .= '<p>' . sprintf(CBPTXT::T("%d users subscribed"), count($userIdList) - count($incompatibleUsersSubs)) . '</p>'; if (count($userIdList) - count($incompatibleUsersSubs) > 0) { $return .= '<p>' . CBPTXT::T("Users subscribed (usernames):") . '</p>'; foreach ($users as $user) { if (!in_array($user->id, $incompatibleUsersSubs)) { $return .= '<p>' . $user->username . ' ' . CBPTXT::T("to") . ' '; foreach ($planStateDate[(int) $user->id] as $psd) { $plan = $plansMgr->loadPlan((int) $psd['plan']); $status = $psd['status']; $return .= sprintf(CBPTXT::T("plan: %s , with state: %s") . ' ', $plan->get('name'), CBPTXT::T($this->_states[$status])); } } } $return .= '</p>'; } } if (count($incompatibleUsersSubs) > 0) { $return .= '<p>' . CBPTXT::T("Following Users could not be subscribed (usernames) because either: (A) an exclusive active subscription exists that would conflict with the imported user subscription, or: (B) it is a children plan but the parent plan subscription does not exist:") . '</p>'; $return .= '<p>'; foreach ($incompatibleUsersSubs as $uid) { if (isset($users[$uid])) { $return .= $users[$uid]->username . ' '; } } $return .= '</p>'; } $this->_resultOfStore = $return; return true; }
public function setParams( $params, $html = true ) { global $_CB_framework, $_PLUGINS; $plugin = cbgjClass::getPlugin(); $user =& CBuser::getUserDataInstance( $_CB_framework->myId() ); $params = cbgjClass::parseParams( $params, $html, $this->getParams( $html ) ); $_PLUGINS->trigger( 'gjint_onBeforeSetAutoParams', array( &$params, &$this, $user, $plugin ) ); $this->set( 'params', trim( $params->toIniString() ) ); $_PLUGINS->trigger( 'gjint_onAfterSetAutoParams', array( $params, $this, $user, $plugin ) ); }
/** * Parses for users set to receive a notification and sends it to them * * @param string $notification The notification to send * @param string $subject * @param string $body * @param GroupTable $group Group for this notification * @param UserTable|int|null $from UserTable|int: Specific user to notify from (used for substitutions), Null: Notify from self * @param UserTable|int|null $to UserTable|int: Specific user to notify, Null: Notify everyone elegible * @param array $skip Array of user ids to skip * @param int $status Group status restriction for notifications (e.g. 2: Group Moderators and above) * @param array $extra * @return bool */ static public function sendNotifications( $notification, $subject, $body, $group, $from = null, $to = null, $skip = array(), $status = 1, $extra = array() ) { global $_CB_database, $_PLUGINS; if ( is_int( $from ) ) { $from = \CBuser::getUserDataInstance( $from ); } if ( is_int( $to ) ) { $to = \CBuser::getUserDataInstance( $to ); } $myId = Application::MyUser()->getUserId(); if ( ( ! $notification ) || ( ! $subject ) || ( ! $body ) ) { return false; } elseif ( $to && ( $to->get( 'id' ) == $myId ) ) { return false; } elseif ( $from && $to && ( $from->get( 'id' ) == $to->get( 'id' ) ) ) { return false; } elseif ( ( ! $group->get( 'id' ) ) || ( $group->get( 'published' ) != 1 ) ) { return false; } elseif ( $group->category()->get( 'id' ) && ( ! $group->category()->get( 'published' ) ) ) { return false; } static $params = null; if ( ! $params ) { $plugin = $_PLUGINS->getLoadedPlugin( 'user', 'cbgroupjive' ); $params = $_PLUGINS->getPluginParams( $plugin ); } if ( ( ! $group->category()->get( 'id' ) ) && ( ! $params->get( 'groups_uncategorized', 1 ) ) ) { return false; } elseif ( ! $params->get( 'notifications', 1 ) ) { return false; } if ( ! $status ) { $status = 1; } if ( ! is_array( $skip ) ) { $skip = array( $skip ); } if ( $from ) { $skip[] = $from->get( 'id' ); } $moderators = Application::CmsPermissions()->getGroupsOfViewAccessLevel( Application::Config()->get( 'moderator_viewaccesslevel', 3, GetterInterface::INT ), true ); $query = 'SELECT DISTINCT n.*' . ', u.' . $_CB_database->NameQuote( 'status' ) . "\n FROM " . $_CB_database->NameQuote( '#__groupjive_notifications' ) . " AS n" . "\n LEFT JOIN " . $_CB_database->NameQuote( '#__groupjive_users' ) . " AS u" . ' ON u.' . $_CB_database->NameQuote( 'user_id' ) . ' = n.' . $_CB_database->NameQuote( 'user_id' ) . ' AND u.' . $_CB_database->NameQuote( 'group' ) . ' = n.' . $_CB_database->NameQuote( 'group' ) . "\n LEFT JOIN " . $_CB_database->NameQuote( '#__comprofiler' ) . " AS cb" . ' ON cb.' . $_CB_database->NameQuote( 'id' ) . ' = u.' . $_CB_database->NameQuote( 'user_id' ) . "\n LEFT JOIN " . $_CB_database->NameQuote( '#__users' ) . " AS j" . ' ON j.' . $_CB_database->NameQuote( 'id' ) . ' = cb.' . $_CB_database->NameQuote( 'id' ) . "\n LEFT JOIN " . $_CB_database->NameQuote( '#__user_usergroup_map' ) . " AS g" . ' ON g.' . $_CB_database->NameQuote( 'user_id' ) . ' = j.' . $_CB_database->NameQuote( 'id' ) . "\n WHERE n." . $_CB_database->NameQuote( 'group' ) . " = " . (int) $group->get( 'id' ); if ( $to ) { $query .= "\n AND n." . $_CB_database->NameQuote( 'user_id' ) . " = " . (int) $to->get( 'id' ); } else { $query .= "\n AND n." . $_CB_database->NameQuote( 'user_id' ) . " != " . (int) $myId; } if ( $skip ) { $query .= "\n AND n." . $_CB_database->NameQuote( 'user_id' ) . " NOT IN " . $_CB_database->safeArrayOfIntegers( $skip ); } $query .= "\n AND cb." . $_CB_database->NameQuote( 'approved' ) . " = 1" . "\n AND cb." . $_CB_database->NameQuote( 'confirmed' ) . " = 1" . "\n AND j." . $_CB_database->NameQuote( 'block' ) . " = 0" . "\n AND ( n." . $_CB_database->NameQuote( 'user_id' ) . " = " . (int) $group->get( 'user_id' ) . ' OR u.' . $_CB_database->NameQuote( 'status' ) . " >= " . (int) $status . ' OR g.' . $_CB_database->NameQuote( 'group_id' ) . " IN " . $_CB_database->safeArrayOfIntegers( $moderators ) . ' )'; $_CB_database->setQuery( $query ); $rows = $_CB_database->loadObjectList( null, '\CB\Plugin\GroupJive\Table\NotificationTable', array( $_CB_database ) ); self::preFetchUsers( $rows ); /** @var NotificationTable[] $rows */ foreach ( $rows as $row ) { if ( ! $row->params()->get( $notification, 0 ) ) { continue; } if ( $to ) { $notifyUser = $to; } else { $notifyUser = \CBuser::getUserDataInstance( (int) $row->get( 'user_id' ) ); } $group->set( '_user_status', $row->get( 'status' ) ); if ( ! self::canAccessGroup( $group, $notifyUser ) ) { continue; } self::sendNotification( 4, $from, $notifyUser, $subject, $body, $group, $extra ); } return true; }
function sendFromSystem($toid, $sub, $message, $replaceVariables = true, $mode = 0, $cc = null, $bcc = null, $attachment = null, $extraStrings = null, $footer = true) { global $_CB_framework, $_CB_database, $ueConfig; if (!$sub && !$message) { return true; } if ($extraStrings === null) { $extraStrings = array(); } $rowFrom = new stdClass(); $rowFrom->email = $ueConfig['reg_email_from']; $rowFrom->name = stripslashes($ueConfig['reg_email_name']); $rowFrom->replytoEmail = $ueConfig['reg_email_replyto']; $rowFrom->replytoName = stripslashes($ueConfig['reg_email_name']); if (!is_object($toid)) { $rowTo = CBuser::getUserDataInstance($toid); } else { $rowTo = $toid; } if ($replaceVariables) { $sub = $this->_replaceVariables($sub, $rowTo, $mode, $extraStrings); $message = $this->_replaceVariables($message, $rowTo, $mode, $extraStrings); } if ($footer) { $message .= ($mode ? "\n<br />\n<br />" : "\n\n") . sprintf(_UE_EMAILFOOTER, cb_html_entity_decode_all($_CB_framework->getCfg('sitename')), $_CB_framework->getCfg('live_site')); } // $message = str_replace(array("\\","\"","\$"), array("\\\\","\\\"","\\\$"), $message); // eval ("\$message = \"$message\";"); $message = str_replace(array('\\n'), array("\n"), $message); // compensate for wrong language definitions (using '\n' instaed of "\n") return $this->_sendEmailMSG($rowTo, $rowFrom, cb_html_entity_decode_all($_CB_framework->getCfg('sitename')) . ' - ' . $sub, $message, false, $mode, $cc, $bcc, $attachment); }
function sendNewPass($option) { global $_CB_framework, $_CB_database, $ueConfig, $_PLUGINS, $_POST; // simple spoof check security checkCBPostIsHTTPS(); cbSpoofCheck('lostPassForm'); cbRegAntiSpamCheck(); $usernameExists = isset($ueConfig['login_type']) && $ueConfig['login_type'] != 2; // ensure no malicous sql gets past $checkusername = trim(cbGetParam($_POST, 'checkusername', '')); $confirmEmail = trim(cbGetParam($_POST, 'checkemail', '')); $Itemid = $_CB_framework->itemid(); $_PLUGINS->loadPluginGroup('user'); $_PLUGINS->trigger('onStartNewPassword', array(&$checkusername, &$confirmEmail)); if ($_PLUGINS->is_errors()) { cbRedirect(cbSef("index.php?option={$option}&task=lostPassword" . ($Itemid ? "&Itemid=" . (int) $Itemid : ""), false), $_PLUGINS->getErrorMSG(), 'error'); return; } $checkusername = stripslashes($checkusername); $confirmEmail = stripslashes($confirmEmail); // these two are used by _NEWPASS_SUB message below: $_live_site = $_CB_framework->getCfg('live_site'); $_sitename = ""; // NEEDED BY _NEWPASS_SUB for sitename already added in subject by cbNotification class. was = $_CB_framework->getCfg( 'sitename' ); if ($usernameExists && $confirmEmail != '' && !$checkusername) { $_CB_database->setQuery("SELECT id, username FROM #__users" . "\n WHERE email = " . $_CB_database->Quote($confirmEmail)); $userIdUsername = null; $result = $_CB_database->loadObjectList($userIdUsername); if ($_CB_database->getErrorNum() || count($result) == 0) { cbRedirect(cbSef('index.php?option=' . $option . '&task=lostPassword' . ($Itemid ? '&Itemid=' . (int) $Itemid : ''), false), sprintf(_UE_EMAIL_DOES_NOT_EXISTS_ON_SITE, htmlspecialchars($confirmEmail)), 'error'); } foreach ($result as $userIdUsername) { $message = str_replace('\\n', "\n", sprintf(_UE_USERNAMEREMINDER_MSG, $_CB_framework->getCfg('sitename'), $userIdUsername->username, $_live_site)); $subject = sprintf(_UE_USERNAMEREMINDER_SUB, $userIdUsername->username); $_PLUGINS->trigger('onBeforeUsernameReminder', array($userIdUsername->id, &$subject, &$message)); if ($_PLUGINS->is_errors()) { cbRedirect(cbSef("index.php?option={$option}&task=lostPassword" . ($Itemid ? "&Itemid=" . (int) $Itemid : ""), false), $_PLUGINS->getErrorMSG(), 'error'); return; } $cbNotification = new cbNotification(); $res = $cbNotification->sendFromSystem($userIdUsername->id, $subject, $message); if (!$res) { break; } } $_PLUGINS->trigger('onAfterUsernameReminder', array(&$result, &$res)); if ($res) { cbRedirect(cbSef("index.php?option={$option}&task=done" . ($Itemid ? "&Itemid=" . (int) $Itemid : ""), false), sprintf(_UE_USERNAME_REMINDER_SENT, htmlspecialchars($confirmEmail))); } else { cbRedirect(cbSef("index.php?option={$option}&task=done" . ($Itemid ? "&Itemid=" . (int) $Itemid : ""), false), _UE_EMAIL_SENDING_ERROR); } } elseif ($confirmEmail != '') { if ($usernameExists) { $_CB_database->setQuery("SELECT id FROM #__users" . "\n WHERE username = "******" AND email = " . $_CB_database->Quote($confirmEmail)); } else { $_CB_database->setQuery("SELECT id FROM #__users" . "\n WHERE email = " . $_CB_database->Quote($confirmEmail)); } $user_id = $_CB_database->loadResult(); if (!$user_id) { cbRedirect(cbSef('index.php?option=' . $option . '&task=lostPassword' . ($Itemid ? '&Itemid=' . (int) $Itemid : ''), false), _ERROR_PASS); } $newpass = cbMakeRandomString(8, true); // should be $user->setRandomPassword() but as this whole function needs to be redone to require clicking link for new password change, let's leave it for now. $message = str_replace('\\n', "\n", sprintf(_UE_NEWPASS_MSG, $checkusername, $_live_site, $newpass)); $subject = sprintf(_UE_NEWPASS_SUB, $checkusername); $_PLUGINS->trigger('onBeforeNewPassword', array($user_id, &$newpass, &$subject, &$message)); if ($_PLUGINS->is_errors()) { cbRedirect(cbSef("index.php?option={$option}&task=lostPassword" . ($Itemid ? "&Itemid=" . (int) $Itemid : ""), false), $_PLUGINS->getErrorMSG(), 'error'); return; } $_PLUGINS->trigger('onNewPassword', array($user_id, $newpass)); $user = CBuser::getUserDataInstance((int) $user_id); $user->password = $newpass; if (!$user->storePassword()) { cbRedirect(cbSef("index.php?option={$option}&task=lostPassword" . ($Itemid ? "&Itemid=" . (int) $Itemid : ""), false), $user->getError(), 'error'); return; } else { $cbNotification = new cbNotification(); $res = $cbNotification->sendFromSystem($user_id, $subject, $message); if (!$res) { cbRedirect(cbSef("index.php?option={$option}&task=done" . ($Itemid ? "&Itemid=" . (int) $Itemid : ""), false), _UE_NEWPASS_FAILED); return; } } cbRedirect(cbSef("index.php?option={$option}&task=done" . ($Itemid ? "&Itemid=" . (int) $Itemid : ""), false), sprintf(_UE_NEWPASS_SENT, htmlspecialchars($confirmEmail))); } else { cbRedirect(cbSef("index.php?option={$option}&task=done" . ($Itemid ? "&Itemid=" . (int) $Itemid : ""), false), _UE_NEWPASS_FAILED); } }
/** * Attempts to authorize and capture a credit card for a single payment of a payment basket using PSP DirectLink * * @ param array $card : $card['type'], $card['number'], $card['firstname'], $card['lastname'], $card['expmonth'], $card['expyear'], and optionally: $card['address'], $card['zip'], $card['country'] * @param cbpaidPaymentBasket $paymentBasket * @param string $returnText RETURN param * @param boolean $transientErrorDoReschedule RETURN param * @return boolean|null TRUE: succes, FALSE: failed or unknown result, NULL: not implemented */ public function processAutoRecurringPayment($paymentBasket, &$returnText, &$transientErrorDoReschedule) { // form XML request: $formvars = $this->_fillinAutoRecuringDirectLinkRequstParams($paymentBasket); $error = null; $status = null; $response = $this->_directLinkOperation($paymentBasket, 'orderdirect', $formvars, 'Autorecurring', $error, $status); if ($response === false) { $user = CBuser::getUserDataInstance($paymentBasket->user_id); $username = $user ? $user->username : '******'; $returnText = sprintf(CBPTXT::T("FAILED Auto-recurring payment of %s for basket %s Order_id %s of %s (username %s - user id %s) using %s due to error %s."), $paymentBasket->renderPrice(null, null, null, false), $paymentBasket->id, $paymentBasket->sale_id, $paymentBasket->first_name . ' ' . $paymentBasket->last_name, $username, $paymentBasket->user_id, $this->getPayName(), 'HTTP error ' . ': ' . $error . ' ' . 'Status' . ': ' . $status); $transientErrorDoReschedule = true; $return = false; } else { // clean logs for PCI compliance: $formvarsCleaned = $formvars; if (isset($formvars['CC'])) { $formvarsCleaned['CC'] = preg_replace('/^.+(.{4})$/', 'XXXX XXXX XXXX \\1', $formvars['CC']); } unset($formvarsCleaned['CVC']); unset($formvarsCleaned['Ecom_Payment_Card_Verification']); if (isset($formvars['PSWD'])) { $formvars['PSWD'] = '********'; } // Parse the response XML results: $paymentResult = $this->handleDirectLinkPaymentResult($paymentBasket, $response, 'A', array('formvars' => $formvarsCleaned, 'xmlreply' => $response)); $user = CBuser::getUserDataInstance($paymentBasket->user_id); $username = $user ? $user->username : '******'; if ($paymentResult !== false) { if ($paymentResult === true && in_array($paymentBasket->payment_status, array('Completed', 'Pending'))) { if ($paymentBasket->payment_status == 'Completed') { $returnText = sprintf(CBPTXT::T("Completed Auto-recurring payment of %s for basket %s Order_id %s of %s (username %s - user id %s) using %s with txn_id %s and auth_id %s."), $paymentBasket->renderPrice(null, null, null, false), $paymentBasket->id, $paymentBasket->sale_id, $paymentBasket->first_name . ' ' . $paymentBasket->last_name, $username, $paymentBasket->user_id, $this->getPayName(), $paymentBasket->txn_id, $paymentBasket->auth_id); } else { $returnText = sprintf(CBPTXT::T("Pending Auto-recurring payment of %s for basket %s Order_id %s of %s (username %s - user id %s) using %s with txn_id %s and auth_id %s for reason: %s."), $paymentBasket->renderPrice(null, null, null, false), $paymentBasket->id, $paymentBasket->sale_id, $paymentBasket->first_name . ' ' . $paymentBasket->last_name, $username, $paymentBasket->user_id, $this->getPayName(), $paymentBasket->txn_id, $paymentBasket->auth_id, $paymentBasket->reason_code); } $transientErrorDoReschedule = false; $return = true; } else { $returnText = sprintf(CBPTXT::T("FAILED (%s) Auto-recurring payment of %s for basket %s Order_id %s of %s (username %s - user id %s) using %s due to error %s."), $paymentBasket->payment_status, $paymentBasket->renderPrice(null, null, null, false), $paymentBasket->id, $paymentBasket->sale_id, $paymentBasket->first_name . ' ' . $paymentBasket->last_name, $username, $paymentBasket->user_id, $this->getPayName(), $paymentBasket->reason_code); $transientErrorDoReschedule = true; $return = false; } } else { $returnText = sprintf(CBPTXT::T("FAILED (Error) Auto-recurring payment of %s for basket %s Order_id %s of %s (username %s - user id %s) using %s due to error %s."), $paymentBasket->renderPrice(null, null, null, false), $paymentBasket->id, $paymentBasket->sale_id, $paymentBasket->first_name . ' ' . $paymentBasket->last_name, $username, $paymentBasket->user_id, $this->getPayName(), $paymentBasket->reason_code); $transientErrorDoReschedule = true; $return = false; } } return $return; }
/** * @param TabTable $tab Current tab * @param UserTable $user Current user * @param int $ui 1 front, 2 admin UI * @param array $postdata Raw unfiltred POST data * @return string HTML */ public function getCBpluginComponent( $tab, $user, $ui, $postdata ) { global $_CB_framework; $format = $this->input( 'format', null, GetterInterface::STRING ); if ( $format != 'raw' ) { outputCbJs( 1 ); outputCbTemplate( 1 ); } $action = $this->input( 'action', null, GetterInterface::STRING ); $function = $this->input( 'func', null, GetterInterface::STRING ); $type = $this->input( 'type', null, GetterInterface::STRING ); $id = (int) $this->input( 'id', null, GetterInterface::INT ); $userId = (int) $this->input( 'user', null, GetterInterface::INT ); $tabId = (int) $this->input( 'tab', null, GetterInterface::INT ); if ( ! $tabId ) { switch( $type ) { case 'photos': $tabId = 'cbgalleryTabPhotos'; break; case 'files': $tabId = 'cbgalleryTabFiles'; break; case 'videos': $tabId = 'cbgalleryTabVideos'; break; case 'music': $tabId = 'cbgalleryTabMusic'; break; } } $viewer = CBuser::getMyUserDataInstance(); if ( $userId ) { $user = CBuser::getUserDataInstance( (int) $userId ); } else { $user = CBuser::getMyUserDataInstance(); } $profileUrl = $_CB_framework->userProfileUrl( (int) $user->get( 'id' ), false, $tabId ); if ( ! in_array( $type, array( 'photos', 'files', 'videos', 'music' ) ) ) { if ( ( $action == 'items' ) && in_array( $function, array( 'download', 'preview', 'show' ) ) ) { header( 'HTTP/1.0 401 Unauthorized' ); exit(); } else { cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' ); } } $tab = new TabTable(); $tab->load( ( is_integer( $tabId ) ? $tabId : array( 'pluginclass' => $tabId ) ) ); if ( ! ( $tab->get( 'enabled' ) && Application::User( (int) $viewer->get( 'id' ) )->canViewAccessLevel( $tab->get( 'viewaccesslevel' ) ) ) ) { if ( ( $action == 'items' ) && in_array( $function, array( 'download', 'preview', 'show' ) ) ) { header( 'HTTP/1.0 401 Unauthorized' ); exit(); } else { cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' ); } } if ( ! ( $tab->params instanceof ParamsInterface ) ) { $tab->params = new Registry( $tab->params ); } if ( $format != 'raw' ) { ob_start(); } switch ( $action ) { case 'items': switch ( $function ) { case 'download': $this->outputItem( false, false, $id, $type, $tab, $user, $viewer ); break; case 'edit': $this->showItemEdit( $id, $type, $tab, $user, $viewer ); break; case 'new': $this->showItemEdit( null, $type, $tab, $user, $viewer ); break; case 'save': cbSpoofCheck( 'plugin' ); $this->saveItemEdit( $id, $type, $tab, $user, $viewer ); break; case 'publish': $this->stateItem( 1, $id, $type, $tab, $user, $viewer ); break; case 'unpublish': $this->stateItem( 0, $id, $type, $tab, $user, $viewer ); break; case 'delete': $this->deleteItem( $id, $type, $tab, $user, $viewer ); break; case 'preview': $this->outputItem( true, true, $id, $type, $tab, $user, $viewer ); break; case 'show': default: $this->outputItem( true, false, $id, $type, $tab, $user, $viewer ); break; } break; case 'folders': if ( ! $tab->params->get( 'tab_' . $type . '_folders', 1 ) ) { cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' ); } switch ( $function ) { case 'edit': $this->showFolderEdit( $id, $type, $tab, $user, $viewer ); break; case 'new': $this->showFolderEdit( null, $type, $tab, $user, $viewer ); break; case 'save': cbSpoofCheck( 'plugin' ); $this->saveFolderEdit( $id, $type, $tab, $user, $viewer ); break; case 'publish': $this->stateFolder( 1, $id, $type, $tab, $user, $viewer ); break; case 'unpublish': $this->stateFolder( 0, $id, $type, $tab, $user, $viewer ); break; case 'delete': $this->deleteFolder( $id, $type, $tab, $user, $viewer ); break; case 'show': default: $this->showFolder( $id, $type, $tab, $user, $viewer ); break; } break; default: cbRedirect( 'index.php', CBTxt::T( 'Not authorized.' ), 'error' ); break; } if ( $format != 'raw' ) { $html = ob_get_contents(); ob_end_clean(); $class = $this->params->get( 'general_class', null ); $return = '<div id="cbGallery" class="cbGallery' . ( $class ? ' ' . htmlspecialchars( $class ) : null ) . '">' . '<div id="cbGalleryInner" class="cbGalleryInner">' . $html . '</div>' . '</div>'; echo $return; } }
/** * Trys to load a user object from a variable * * @param object|int $userVar * @param boolean $fallback * @return UserTable */ private function prepareUser( $userVar, $fallback = true ) { if ( is_object( $userVar ) ) { if ( $userVar instanceof UserTable ) { $user = $userVar; } elseif ( isset( $userVar->user_id ) ) { $userId = (int) $userVar->user_id; } elseif ( isset( $userVar->user ) ) { $userId = (int) $userVar->user; } elseif ( isset( $userVar->id ) ) { $userId = (int) $userVar->id; } } elseif ( is_integer( $userVar ) ) { $userId = $userVar; } if ( isset( $userId ) && is_integer( $userId ) ) { $user = CBuser::getUserDataInstance( (int) $userId ); if ( ( ! $user->get( 'id' ) ) && ( ! $fallback ) ) { $user = null; } } if ( ! isset( $user ) ) { if ( $fallback ) { $user = CBuser::getUserDataInstance( null ); } else { $user = null; } } return $user; }
/** * prepare notification owner CB user * * @return moscomprofilerUser */ public function getOwner() { static $cache = array(); $id = $this->get( 'user_id' ); if ( ! isset( $cache[$id] ) ) { $cache[$id] =& CBuser::getUserDataInstance( (int) $id ); } return $cache[$id]; }
/** * Authorizes the provider, registers or links, then logs in as needed */ private function authenticate() { global $_CB_database; try { /** @var Hybrid_Provider_Adapter $adapter */ $adapter = $this->_hybridAuth->authenticate( $this->_providerId ); } catch ( Exception $e ) { cbRedirect( $this->_returnUrl, CBTxt::T( 'AUTH_TO_PROVIDER_FAILED', 'Authentication to [provider] failed. Error: [error]', array( '[provider]' => $this->_providerName, '[error]' => $e->getMessage() ) ), 'error' ); return; } if ( $adapter ) { if ( ! $this->_hybridAuth->isConnectedWith( $this->_providerId ) ) { cbRedirect( $this->_returnUrl, CBTxt::T( 'CONNECTION_TO_PROVIDER_NOT_ESTABLISHED', 'Connection to [provider] not established.', array( '[provider]' => $this->_providerName ) ), 'error' ); return; } try { /** @var Hybrid_User_Profile $profile */ /** @noinspection PhpUndefinedMethodInspection */ $profile = $adapter->getUserProfile(); $this->profile( $profile ); $myUser = CBuser::getMyUserDataInstance(); $query = 'SELECT ' . $_CB_database->NameQuote( 'id' ) . "\n FROM " . $_CB_database->NameQuote( '#__comprofiler' ) . "\n WHERE " . $_CB_database->NameQuote( $this->_providerField ) . " = " . $_CB_database->Quote( $profile->identifier ); $_CB_database->setQuery( $query ); $userId = (int) $_CB_database->loadResult(); $user = CBuser::getUserDataInstance( $userId ); if ( $myUser->get( 'id' ) ) { if ( ( ! $this->params->get( $this->_provider . '_link', true, GetterInterface::BOOLEAN ) ) && ( ! $myUser->get( $this->_providerField ) ) ) { cbRedirect( $this->_returnUrl, CBTxt::T( 'LINKING_FOR_PROVIDER_NOT_PERMITTED', 'Linking for [provider] is not permitted.', array( '[provider]' => $this->_providerName ) ), 'error' ); return; } if ( ! $myUser->get( $this->_providerField ) ) { if ( $user->get( 'id' ) && ( $myUser->get( 'id' ) != $user->get( 'id' ) ) ) { cbRedirect( $this->_returnUrl, CBTxt::T( 'PROVIDER_ALREADY_LINKED', '[provider] account already linked to another user.', array( '[provider]' => $this->_providerName ) ), 'error' ); return; } if ( ! $myUser->storeDatabaseValue( $this->_providerField, $profile->identifier ) ) { cbRedirect( $this->_returnUrl, CBTxt::T( 'PROVIDER_FAILED_TO_LINK', '[provider] account failed to link. Error: [error]', array( '[provider]' => $this->_providerName, '[error]' => $myUser->getError() ) ), 'error' ); return; } cbRedirect( $this->_returnUrl, CBTxt::T( 'PROVIDER_LINKED_SUCCESSFULLY', '[provider] account linked successfully!', array( '[provider]' => $this->_providerName ) ) ); return; } cbRedirect( $this->_returnUrl, CBTxt::T( 'ALREADY_LINKED_TO_PROVIDER', 'You are already linked to a [provider] account.', array( '[provider]' => $this->_providerName ) ), 'error' ); return; } else { if ( ( ! $this->params->get( $this->_provider . '_register', true, GetterInterface::BOOLEAN ) ) && ( ! $user->get( 'id' ) ) ) { cbRedirect( $this->_returnUrl, CBTxt::T( 'SIGN_UP_WITH_PROVIDER_NOT_PERMITTED', 'Sign up with [provider] is not permitted.', array( '[provider]' => $this->_providerName ) ), 'error' ); return; } $login = true; if ( ! $user->get( 'id' ) ) { $login = $this->register( $user, $profile ); } if ( $login ) { $this->login( $user ); } } } catch( Exception $e ) { cbRedirect( $this->_returnUrl, CBTxt::T( 'FAILED_TO_RETRIEVE_PROVIDER_PROFILE', 'Failed to retrieve [provider] profile. Error: [error]', array( '[provider]' => $this->_providerName, '[error]' => $e->getMessage() ) ), 'error' ); return; } } }
/** * @param null|int $id * @param UserTable $user */ private function saveInviteEdit( $id, $user ) { global $_CB_framework, $_CB_database, $_PLUGINS; $inviteLimit = (int) $this->params->get( 'invite_limit', null ); $cbModerator = Application::User( (int) $user->get( 'id' ) )->isGlobalModerator(); $row = new cbinvitesInviteTable(); $row->load( (int) $id ); $canAccess = false; $inviteCount = 0; if ( ! $row->get( 'id' ) ) { if ( $cbModerator ) { $canAccess = true; } elseif ( $user->get( 'id' ) && Application::MyUser()->canViewAccessLevel( $this->params->get( 'invite_create_access', 2 ) ) ) { if ( $inviteLimit ) { $query = 'SELECT COUNT(*)' . "\n FROM " . $_CB_database->NameQuote( '#__comprofiler_plugin_invites' ) . "\n WHERE " . $_CB_database->NameQuote( 'user_id' ) . " = " . (int) $user->get( 'id' ) . "\n AND ( " . $_CB_database->NameQuote( 'user' ) . " IS NULL OR " . $_CB_database->NameQuote( 'user' ) . " = " . $_CB_database->Quote( '' ) . " )"; $_CB_database->setQuery( $query ); $inviteCount = (int) $_CB_database->loadResult(); if ( $inviteCount < $inviteLimit ) { $canAccess = true; } } else { $canAccess = true; } } } elseif ( $cbModerator || ( $row->get( 'user_id' ) == $user->get( 'id' ) ) ) { $canAccess = true; } $profileUrl = $_CB_framework->userProfileUrl( $row->get( 'user_id', $user->get( 'id' ) ), false, 'cbinvitesTab' ); if ( $canAccess && ( ! $row->isAccepted() ) ) { $toArray = explode( ',', $this->input( 'post/to', null, GetterInterface::STRING ) ); if ( ( ! $this->params->get( 'invite_multiple', 1 ) ) && ( ! $cbModerator ) && ( count( $toArray ) > 1 ) ) { $this->showInviteEdit( $row->get( 'id' ), $user, CBTxt::T( 'Comma seperated lists are not supported! Please use a single To address.' ) ); return; } $sent = false; if ( ! empty( $toArray ) ) { foreach ( $toArray as $k => $to ) { if ( $k != 0 ) { $row->set( 'id', null ); $row->set( 'code', null ); } $orgTo = $row->get( 'to' ); $row->set( 'to', $to ); $row->set( 'subject', $this->input( 'post/subject', $row->get( 'subject' ), GetterInterface::STRING ) ); if ( $this->params->get( 'invite_editor', 2 ) >= 2 ) { $row->set( 'body', $this->input( 'post/body', $row->get( 'body' ), GetterInterface::HTML ) ); } else { $row->set( 'body', $this->input( 'post/body', $row->get( 'body' ), GetterInterface::STRING ) ); } $row->set( 'user_id', (int) $this->input( 'post/user_id', $row->get( 'user_id', $user->get( 'id' ) ), GetterInterface::INT ) ); if ( $cbModerator ) { $row->set( 'user', (int) $this->input( 'post/user', $row->get( 'user' ), GetterInterface::INT ) ); } if ( ! $row->get( 'code' ) ) { $row->set( 'code', md5( uniqid() ) ); } $new = ( $row->get( 'id' ) ? false : true ); if ( $new && $inviteLimit ) { $inviteCount++; if ( $inviteCount > $inviteLimit ) { cbRedirect( $profileUrl, CBTxt::T( 'Invite limit reached!' ), 'error' ); } } if ( ! $row->get( 'user' ) ) { $toUser = new UserTable(); $toUser->loadByEmail( $row->get( 'to' ) ); } else { $toUser = CBuser::getUserDataInstance( (int) $row->get( 'user' ) ); } if ( ! $row->get( 'to' ) ) { $row->setError( CBTxt::T( 'To address not specified.' ) ); } elseif ( ! cbIsValidEmail( $row->get( 'to' ) ) ) { $row->setError( CBTxt::T( 'INVITE_TO_ADDRESS_INVALID', 'To address not valid: [to_address]', array( '[to_address]' => $row->get( 'to' ) ) ) ); } elseif ( $toUser->id == $row->get( 'user_id' ) ) { $row->setError( CBTxt::T( 'You can not invite your self.' ) ); } elseif ( $toUser->id && ( $row->get( 'to' ) != $orgTo ) ) { $row->setError( CBTxt::T( 'To address is already a user.' ) ); } elseif ( ( ! $this->params->get( 'invite_duplicate', 0 ) ) && ( ! $cbModerator ) && $row->isDuplicate() ) { $row->setError( CBTxt::T( 'To address is already invited.' ) ); } elseif ( $this->params->get( 'invite_captcha', 0 ) && ( ! $row->get( 'id' ) ) && ( $k == 0 ) && ( ! $cbModerator ) ) { $_PLUGINS->loadPluginGroup( 'user' ); $_PLUGINS->trigger( 'onCheckCaptchaHtmlElements', array() ); if ( $_PLUGINS->is_errors() ) { $row->setError( CBTxt::T( $_PLUGINS->getErrorMSG() ) ); } } $_PLUGINS->trigger( 'invites_onBeforeInvite', array( &$row, $user ) ); if ( $row->getError() || ( ! $row->store() ) ) { $this->showInviteEdit( $row->get( 'id' ), $user, CBTxt::T( 'INVITE_FAILED_SAVE_ERROR', 'Invite failed to save! Error: [error]', array( '[error]' => $row->getError() ) ) ); return; } if ( ( $new || ( ! $row->isSent() ) ) && ( ! $toUser->id ) ) { if ( ! $row->send() ) { $this->showInviteEdit( $row->get( 'id' ), $user, CBTxt::T( 'INVITE_FAILED_SEND_ERROR', 'Invite failed to send! Error: [error]', array( '[error]' => $row->getError() ) ) ); return; } else { $sent = true; } } $_PLUGINS->trigger( 'invites_onAfterInvite', array( $row, $sent, $user ) ); } cbRedirect( $profileUrl, ( $sent ? CBTxt::T( 'Invite sent successfully!' ) : CBTxt::T( 'Invite saved successfully!' ) ) ); } else { $this->showInviteEdit( $row->get( 'id' ), $user, CBTxt::T( 'To address not specified.' ) ); return; } } else { cbRedirect( $profileUrl, CBTxt::T( 'Not authorized.' ), 'error' ); } }
/** * @param cbautoactionsActionTable $trigger * @param UserTable $user */ public function execute( $trigger, $user ) { global $_CB_database; if ( ! $this->installed() ) { if ( $trigger->getParams()->get( 'debug', false, GetterInterface::BOOLEAN ) ) { var_dump( CBTxt::T( 'AUTO_ACTION_INVITE_NOT_INSTALLED', ':: Action [action] :: CB Invites is not installed', array( '[action]' => (int) $trigger->get( 'id' ) ) ) ); } return; } foreach ( $trigger->getParams()->subTree( 'invite' ) as $row ) { /** @var ParamsInterface $row */ $owner = $row->get( 'owner', null, GetterInterface::STRING ); if ( ! $owner ) { $owner = (int) $user->get( 'id' ); } else { $owner = (int) $trigger->getSubstituteString( $owner ); } if ( ! $owner ) { if ( $trigger->getParams()->get( 'debug', false, GetterInterface::BOOLEAN ) ) { var_dump( CBTxt::T( 'AUTO_ACTION_INVITE_NO_OWNER', ':: Action [action] :: CB Invites skipped due to missing owner', array( '[action]' => (int) $trigger->get( 'id' ) ) ) ); } continue; } if ( $user->get( 'id' ) != $owner ) { $user = CBuser::getUserDataInstance( $owner ); } switch ( (int) cbGetParam( $params, 'invite_mode', 1 ) ) { case 1: $invite = new cbinvitesInviteTable(); $toArray = explode( ',', $trigger->getSubstituteString( $row->get( 'to', null, GetterInterface::STRING ) ) ); foreach ( $toArray as $to ) { $invite->set( 'id', null ); $invite->set( 'to', $to ); $invite->set( 'subject', $trigger->getSubstituteString( $row->get( 'subject', null, GetterInterface::STRING ) ) ); $invite->set( 'body', $trigger->getSubstituteString( $row->get( 'body', null, GetterInterface::RAW ) ) ); $invite->set( 'user_id', $owner ); $invite->set( 'code', md5( uniqid() ) ); if ( ! $invite->store() ) { if ( $trigger->getParams()->get( 'debug', false, GetterInterface::BOOLEAN ) ) { var_dump( CBTxt::T( 'AUTO_ACTION_INVITE_FAILED', ':: Action [action] :: CB Invites failed to save. Error: [error]', array( '[action]' => (int) $trigger->get( 'id' ), '[error]' => $invite->getError() ) ) ); } continue; } if ( ! $invite->send() ) { if ( $trigger->getParams()->get( 'debug', false, GetterInterface::BOOLEAN ) ) { var_dump( CBTxt::T( 'AUTO_ACTION_INVITE_SEND_FAILED', ':: Action [action] :: CB Invites failed to send. Error: [error]', array( '[action]' => (int) $trigger->get( 'id' ), '[error]' => $invite->getError() ) ) ); } continue; } } break; case 2: $query = 'SELECT *' . "\n FROM " . $_CB_database->NameQuote( '#__comprofiler_plugin_invites' ) . "\n WHERE " . $_CB_database->NameQuote( 'to' ) . " = " . $_CB_database->Quote( $user->get( 'email' ) ); $_CB_database->setQuery( $query ); $invites = $_CB_database->loadObjectList( null, 'cbinvitesInviteTable', array( $_CB_database ) ); /** @var cbinvitesInviteTable[] $invites */ foreach ( $invites as $invite ) { $invite->accept( $user ); } break; case 3: $query = 'SELECT *' . "\n FROM " . $_CB_database->NameQuote( '#__comprofiler_plugin_invites' ) . "\n WHERE ( " . $_CB_database->NameQuote( 'user_id' ) . " = " . (int) $user->get( 'id' ) . ' OR ' . $_CB_database->NameQuote( 'user' ) . ' = ' . (int) $user->get( 'id' ) . ' )'; $_CB_database->setQuery( $query ); $invites = $_CB_database->loadObjectList( null, 'cbinvitesInviteTable', array( $_CB_database ) ); /** @var cbinvitesInviteTable[] $invites */ foreach ( $invites as $invite ) { $invite->delete(); } break; } } }
/** * USED by XML interface ONLY !!! Renders invoice * * @param string $value * @param ParamsInterface $params * @return string HTML to display */ public function renderInvoice( $value, &$params ) { global $_CB_framework; if ( ( $_CB_framework->getUi() == 2 ) && ( $_CB_framework->myId() != 0 ) ) { if ( cbpaidApp::getBaseClass() === null ) { //TODO: check if this is even needed: $pseudoPlugin = new getcbpaidsubscriptionsTab(); $pseudoPlugin->params =& $params; cbpaidApp::getBaseClass( $pseudoPlugin ); } $baseClass =& cbpaidApp::getBaseClass(); $itsmyself = true; // simulate user's view of invoice. $baseClass->outputRegTemplate(); if ( strpos( cbGetParam( $_GET, 'invoice' ), ',') === false ) { if ( $this->load( (int) $value ) ) { $user = CBuser::getUserDataInstance( (int) $this->user_id ); } return $this->displayInvoice( $user, $itsmyself, true ); } else { $html = '<div class="cbregmultipage">'; foreach ( explode( ',', cbGetParam( $_GET, 'invoice' ) ) as $basketId ) { $paymentBasket = new self(); if ( $paymentBasket->load( (int) $basketId ) ) { $user = CBuser::getUserDataInstance( (int) $paymentBasket->user_id ); } $html .= $paymentBasket->displayInvoice( $user, $itsmyself, false ) . '<hr class="cbregpagebreak" />'; if ( is_callable( array( 'CBuser', 'unsetUsersNotNeeded' ) ) ) { // CB 1.8+: CBuser::unsetUsersNotNeeded( array( (int) $paymentBasket->user_id ) ); } unset( $paymentBasket, $user ); } $html .= '</div>'; } return $html; } return null; }
/** * Checks for upgrade or renewal possibilities * * @param boolean $newSubsActivation called to activate new subscriptions * @param cbpaidUsersubscriptionRecord|null $deactivatedSub just deactivated subscription before (and reason for) calling this method (or NULL) * @param string $reason checking reason: 'N'=new subscription (default), 'R'=renewal, 'U'=update * @param boolean $forceCheck * @return boolean|null TRUE: any valid subscription found, FALSE: no valid subscription, NULL: no $forceCheck and no changes */ public function checkUserSubscriptions($newSubsActivation, &$deactivatedSub, $reason, $forceCheck = false) { global $_CB_framework; $params = cbpaidApp::settingsParams(); // as this method beeing called e.g. whenever a subscription is deactivated, it's calling itself through expireIfExpired: static $recurringStopper = 0; static $justExpiredSubs = array(); $user_id = $this->id; if (!$user_id) { return null; } $user = CBuser::getUserDataInstance($user_id); if (!$user) { return null; } if ($deactivatedSub !== null) { $justExpiredSubs[$deactivatedSub->id] = $deactivatedSub; } while ($recurringStopper++ == 0) { // get all subscriptions with status 'A' Active: $subscriptions = $this->getUserSubscriptions('A'); // check for just expired subscriptions within status 'A' Active and expires them now: foreach (array_keys($subscriptions) as $k) { if (!isset($justExpiredSubs[$k])) { $exp = $subscriptions[$k]->expireIfExpired(); if ($exp) { $justExpiredSubs[$k] = $subscriptions[$k]; } } } // check if no recurring occured: if ($recurringStopper == 1) { // no recurrings, can stop at next while: $recurringStopper = -1; } else { // recurring occured, need to recheck everything: $recurringStopper = 0; } } if ($recurringStopper == 0) { if ($newSubsActivation || count($justExpiredSubs) > 0) { // some subscription(s) just expired, we now need to adapt user's ACL: $remainingSubscriptions = $this->getUserSubscriptions('A'); if (count($justExpiredSubs) > 0) { // Just expired Gids: collect Gids to remove: list(, $removeGids, $oldChldGids) = $this->_computeMaxBlockGid($user, $justExpiredSubs); } else { $removeGids = array(); $oldChldGids = array(); } // Collect current Gids (and their children Gids): list($block, $gids, $curChldGids) = $this->_computeMaxBlockGid($user, $remainingSubscriptions); // Add old children gids and current children Gids to make sure we're allowed to change gid in j 1.5- through multiple plans and usergroups: $oldChldGids = array_merge($oldChldGids, $curChldGids); // Now adjust the blocking and gids: $this->_adjustUserAclBlock($user, 'PaidSubscription', $block, $gids, $removeGids, $oldChldGids, $reason); return $block == 0; } else { if ($forceCheck) { $enableFreeRegisteredUser = $params->get('enableFreeRegisteredUser', 1); $remainingSubscriptions = $this->getUserSubscriptions('A'); $block = count($remainingSubscriptions) == 0 && !$enableFreeRegisteredUser ? 1 : 0; if ($block == 1) { list($block, $gids, ) = $this->_computeMaxBlockGid($user, $remainingSubscriptions); // Get all gids of all plans that are available to $user_id: This will allow to not change any GID of a user which is not included in those GIDS (e.g. super-admin) in j 1.5-: $oldPotentialPlansGids = $this->_allPlansGid($user); $removeGids = array(); $this->_adjustUserAclBlock($user, 'PaidSubscription', $block, $gids, $removeGids, $oldPotentialPlansGids, $reason); if (!self::_allValuesOfArrayInArray((array) $user->gids, $oldPotentialPlansGids) || in_array($_CB_framework->acl->mapGroupNamesToValues('Superadministrator'), (array) $user->gids)) { // Do not block a user that has a gid in his gids that is not controlled by a plan that was accessible to him after downgrade: // This avoids blocking e.g. super admins if there is no super-admin plan. // But also if there is a Super-admin plan by configuration error, it still should not get blocked: $block = 0; } } return $block == 0; } } } return null; }
function _cbadmin_emailUsers( &$rows, $emailSubject, $emailBody, $limitstart, $limit, $total, $simulationMode ) { global $_PLUGINS; // simple spoof check security cbSpoofCheck( 'cbadmingui' ); cbRegAntiSpamCheck(); $cbNotification = new cbNotification(); $mode = 1; // html $usernames = ''; foreach ( $rows as $row ) { $user = CBuser::getUserDataInstance( (int) $row->id ); $usernames .= ( $usernames ? ', ' : '' ) . htmlspecialchars( $user->username ); if ( $simulationMode ) { $usernames .= ' (' . htmlspecialchars( CBTxt::T('email not send: simulation mode') ) . ')'; } else { $extraStrings = array(); $_PLUGINS->trigger( 'onBeforeBackendUserEmail', array( &$user, &$emailSubject, &$emailBody, $mode, &$extraStrings, $simulationMode ) ); if ( ! $cbNotification->sendFromSystem( $user, $emailSubject, $this->_cbadmin_makeLinksAbsolute( $emailBody ), true, $mode, null, null, null, $extraStrings, false ) ) { $usernames .= ': <span class="cb_result_error">' . htmlspecialchars( CBTxt::T('Error sending email!') ) . '</span>'; } } } if ( $total < $limit ) { $limit = $total; } ob_start(); $usersView = _CBloadView( 'users' ); $usersView->ajaxResults( $usernames, $emailSubject, $this->_cbadmin_makeLinksAbsolute( $emailBody ), $limitstart, $limit, $total ); $html = ob_get_contents(); ob_end_clean(); $reply = array( 'result' => 1, 'htmlcontent' => $html ); if ( ! ( $total - ( $limitstart + $limit ) > 0 ) ) { $reply['result'] = 2; } echo json_encode( $reply ); sleep(3); }
/** * prepare frontend tab render * * @param object $tab * @param moscomprofilerUser $user * @param int $ui * @return mixed */ public function getDisplayTab( $tab, $user, $ui ) { global $_CB_framework; outputCbJs( 1 ); outputCbTemplate( 1 ); cbgjClass::getTemplate( 'tab' ); $plugin = cbgjClass::getPlugin(); $viewer =& CBuser::getUserDataInstance( $_CB_framework->myId() ); $categories = $this->getCategories( $user, $viewer, $plugin ); $groups = $this->getGroups( $user, $viewer, $plugin ); $joined = $this->getJoined( $user, $viewer, $plugin ); $invites = $this->getInvites( $user, $viewer, $plugin ); $invited = $this->getInvited( $user, $viewer, $plugin ); ob_start(); HTML_groupjiveTab::showTab( $categories, $groups, $joined, $invites, $invited, $user, $viewer, $plugin ); $html = ob_get_contents(); ob_end_clean(); $return = '<div id="cbGj" class="cbGroupJive' . htmlspecialchars( $plugin->params->get( 'general_class', null ) ) . '">' . '<div id="cbGjInner" class="cbGroupJiveInner">' . $html . '</div>' . '</div>'; return $return; }
$plugin = cbactivityClass::getPlugin(); if ( ! $plugin ) { return; } $exclude = $plugin->params->get( 'general_exclude', null ); $display = (int) $params->get( 'activity_display', 1 ); $avatar = (int) $params->get( 'activity_avatar', 0 ); $cutOff = (int) $params->get( 'activity_cut_off', 5 ); $limit = (int) $params->get( 'activity_limit', 10 ); $titleLimit = (int) $params->get( 'activity_title_length', 100 ); $descLimit = (int) $params->get( 'activity_desc_length', 100 ); $imgThumbnails = (int) $params->get( 'activity_img_thumbnails', 1 ); $user = CBuser::getUserDataInstance( $_CB_framework->myId() ); $now = $_CB_framework->getUTCNow(); outputCbJs( 1 ); outputCbTemplate( 1 ); cbactivityClass::getTemplate( array( 'module', 'jquery', 'activity' ) ); HTML_cbactivityJquery::loadJquery( 'module', $user, $plugin ); switch( $display ) { case 2: // Connections Only $where = array( 'b.referenceid', '=', (int) $user->get( 'id' ), 'b.accepted', '=', 1, 'b.pending', '=', 0 ); break; case 3: // Self Only $where = array( 'user_id', '=', (int) $user->get( 'id' ) ); break;
/** * Updates payment status of basket and of corresponding subscriptions if there is a change in status * * @param cbpaidPaymentBasket $paymentBasket Basket * @param string $eventType type of event (paypal type): 'web_accept', 'subscr_payment', 'subscr_signup', 'subscr_modify', 'subscr_eot', 'subscr_cancel', 'subscr_failed' * @param string $paymentStatus new status (Completed, RegistrationCancelled) * @param cbpaidPaymentNotification $notification notification object of the payment * @param int $occurrences renewal occurrences * @param int $autorecurring_type 0: not auto-recurring, 1: auto-recurring without payment processor notifications, 2: auto-renewing with processor notifications updating $expiry_date * @param int $autorenew_type 0: not auto-renewing (manual renewals), 1: asked for by user, 2: mandatory by configuration * @param boolean|string $txnIdMultiplePaymentDates FALSE: unique txn_id for each payment, TRUE: same txn_id can have multiple payment dates, additionally: 'SINGLEPAYMENT' will not look at txn_id at all * @param boolean $storePaymentRecord TRUE: normal case, create payment record if needed. FALSE: offline case where pending payment should not create a payment record. * @return void */ public function updatePaymentStatus($paymentBasket, $eventType, $paymentStatus, &$notification, $occurrences, $autorecurring_type, $autorenew_type, $txnIdMultiplePaymentDates, $storePaymentRecord = true) { global $_CB_framework, $_PLUGINS; $pluginsLoaded = false; $basketUpdateNulls = false; $previousUnifiedStatus = $this->mapPaymentStatus($paymentBasket->payment_status); $unifiedStatus = $this->mapPaymentStatus($paymentStatus); // get all related subscriptions being paid by this basket: $subscriptions = $paymentBasket->getSubscriptions(); $thisIsReferencePayment = false; $user = CBuser::getUserDataInstance((int) $paymentBasket->user_id); if ($paymentBasket->payment_status != $paymentStatus || $unifiedStatus == 'Partially-Refunded' || $autorecurring_type) { if ($paymentStatus && (in_array($eventType, array('web_accept', 'subscr_payment', 'subscr_signup')) || in_array($unifiedStatus, array('Reversed', 'Refunded', 'Partially-Refunded')))) { $paymentBasket->payment_status = $paymentStatus; } if (in_array($eventType, array('subscr_payment', 'subscr_signup'))) { $paymentBasket->recurring = 1; } if ($autorecurring_type == 0 && in_array($unifiedStatus, array('Completed', 'Processed', 'FreeTrial'))) { $paymentBasket->mc_amount1 = null; $paymentBasket->mc_amount3 = null; $paymentBasket->period1 = null; $paymentBasket->period3 = null; $basketUpdateNulls = true; } // if (count($subscriptions) >= 1) { $now = $_CB_framework->now(); $completed = false; $thisIsReferencePayment = false; $reason = null; switch ($unifiedStatus) { case 'FreeTrial': case 'Completed': case 'Processed': // this includes Canceled_Reversal !!! : if ($unifiedStatus == 'FreeTrial') { $paymentBasket->payment_status = 'Completed'; } if ($unifiedStatus == 'FreeTrial' || $unifiedStatus == 'Completed') { if ($notification->payment_date) { $time_completed = cbpaidTimes::getInstance()->gmStrToTime($notification->payment_date); } else { $time_completed = $now; } $paymentBasket->time_completed = Application::Database()->getUtcDateTime($time_completed); $completed = true; } if ($paymentStatus == 'Canceled_Reversal') { $paymentBasket->payment_status = 'Completed'; } if (is_object($notification) && isset($notification->txn_id)) { // real payment with transaction id: store as reference payment if not already stored: $thisIsReferencePayment = $this->_storePaymentOnce($paymentBasket, $notification, $now, $txnIdMultiplePaymentDates, 'Updating payment record because of new status of payment basket: ' . $unifiedStatus . ($paymentStatus != $unifiedStatus ? ' (new gateway-status: ' . $paymentStatus . ')' : '') . ' because of event received: ' . $eventType . '. Previous status was: ' . $previousUnifiedStatus); } else { // Free trials don't have a notification: $thisIsReferencePayment = true; } if ($thisIsReferencePayment) { // payment not yet processed: $autorenewed = $paymentBasket->recurring == 1 && $unifiedStatus == 'Completed' && $previousUnifiedStatus == 'Completed'; for ($i = 0, $n = count($subscriptions); $i < $n; $i++) { $reason = $autorenewed ? 'R' : $subscriptions[$i]->_reason; $subscriptions[$i]->activate($user, $now, $completed, $reason, $occurrences, $autorecurring_type, $autorenew_type, $autorenewed ? 1 : 0); } } break; case 'RegistrationCancelled': case 'Reversed': case 'Refunded': case 'Unsubscribed': if ($unifiedStatus == 'RegistrationCancelled') { if (!($previousUnifiedStatus == 'NotInitiated' || $previousUnifiedStatus === 'Pending' && $paymentBasket->payment_method === 'offline')) { return; } } for ($i = 0, $n = count($subscriptions); $i < $n; $i++) { $reason = $subscriptions[$i]->_reason; if ($reason != 'R' || in_array($unifiedStatus, array('Reversed', 'Refunded'))) { // Expired and Cancelled as well as Partially-Refunded are not reverted ! //TBD: really revert on refund everything ? a plan param would be nice here if (!in_array($previousUnifiedStatus, array('Pending', 'In-Progress', 'Denied', 'Reversed', 'Refunded')) && in_array($subscriptions[$i]->status, array('A', 'R', 'I')) && !$subscriptions[$i]->hasPendingPayment($paymentBasket->id)) { // not a cancelled or denied renewal: $subscriptions[$i]->revert($user, $unifiedStatus); } } } if ($unifiedStatus == 'RegistrationCancelled') { $paymentBasket->historySetMessage('Payment basket deleted because the subscriptions and payment got cancelled'); $paymentBasket->delete(); // deletes also payment_Items } $paidUserExtension = cbpaidUserExtension::getInstance($paymentBasket->user_id); $subscriptionsAnyAtAll = $paidUserExtension->getUserSubscriptions(''); $params = cbpaidApp::settingsParams(); $createAlsoFreeSubscriptions = $params->get('createAlsoFreeSubscriptions', 0); if (count($subscriptionsAnyAtAll) == 0 && !$createAlsoFreeSubscriptions) { $user = new UserTable(); $id = (int) cbGetParam($_GET, 'user'); $user->load((int) $id); if ($user->id && $user->block == 1) { $user->delete(null); } } break; case 'Denied': case 'Pending': if ($unifiedStatus == 'Denied') { // In fact when denied, it's the case as if the user attempted payment but failed it: He should be able to re-try: So just store the payment as denied for the records. if ($eventType == 'subscr_failed' || $eventType == 'subscr_cancel' && $autorecurring_type != 2) { // special case of a failed attempt: // or this is the final failed attempt of a basket with notifications: break; } } if ($previousUnifiedStatus == 'Completed') { return; // do not change a Completed payment as it cannot become Pending again. If we get "Pending" after "Completed", it is a messages chronological order mistake. } break; case 'In-Progress': case 'Partially-Refunded': default: break; } if ($eventType == 'subscr_cancel') { if (!in_array($unifiedStatus, array('Denied', 'Reversed', 'Refunded', 'Unsubscribed'))) { for ($i = 0, $n = count($subscriptions); $i < $n; $i++) { $subscriptions[$i]->autorecurring_cancelled($user, $unifiedStatus, $eventType); } } } for ($i = 0, $n = count($subscriptions); $i < $n; $i++) { $subscriptions[$i]->notifyPaymentStatus($unifiedStatus, $previousUnifiedStatus, $paymentBasket, $notification, $now, $user, $eventType, $paymentStatus, $occurrences, $autorecurring_type, $autorenew_type); } if (in_array($unifiedStatus, array('Denied', 'Reversed', 'Refunded', 'Partially-Refunded', 'Pending', 'In-Progress'))) { $thisIsReferencePayment = $this->_storePaymentOnce($paymentBasket, $notification, $now, $txnIdMultiplePaymentDates, 'Updating payment record because of new status of payment basket: ' . $unifiedStatus . ($paymentStatus != $unifiedStatus ? ' (new gateway-status: ' . $paymentStatus . ')' : '') . ' because of event received: ' . $eventType . '. Previous status was: ' . $previousUnifiedStatus); } // } foreach ($paymentBasket->loadPaymentTotalizers() as $totalizer) { $totalizer->notifyPaymentStatus($thisIsReferencePayment, $unifiedStatus, $previousUnifiedStatus, $paymentBasket, $notification, $now, $user, $eventType, $paymentStatus, $occurrences, $autorecurring_type, $autorenew_type, $txnIdMultiplePaymentDates); } if (!in_array($unifiedStatus, array('RegistrationCancelled'))) { if ($thisIsReferencePayment && in_array($unifiedStatus, array('Completed', 'Processed'))) { $paymentBasket->setPaidInvoiceNumber($reason); } $paymentBasket->historySetMessage('Updating payment basket ' . ($paymentStatus !== null ? 'status: ' . $unifiedStatus . ($paymentStatus != $unifiedStatus ? ' (new gateway-status: ' . $paymentStatus . ')' : '') : '') . ' because of event received: ' . $eventType . ($paymentStatus !== null ? '. Previous status was: ' . $previousUnifiedStatus : '')); $paymentBasket->store($basketUpdateNulls); } else { //TDB ? : $paymentBasket->delete(); in case of RegistrationCancelled done above, but should be done in case of FreeTrial ? (could be a param in future) } if (!in_array($unifiedStatus, array('Completed', 'Processed')) || $thisIsReferencePayment) { $_PLUGINS->loadPluginGroup('user', 'cbsubs.'); $_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin'); $pluginsLoaded = true; $_PLUGINS->trigger('onCPayAfterPaymentStatusChange', array(&$user, &$paymentBasket, &$subscriptions, $unifiedStatus, $previousUnifiedStatus, $occurrences, $autorecurring_type, $autorenew_type)); } } if (!in_array($unifiedStatus, array('Completed', 'Processed')) || $thisIsReferencePayment) { if (!$pluginsLoaded) { $_PLUGINS->loadPluginGroup('user', 'cbsubs.'); $_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin'); } $_PLUGINS->trigger('onCPayAfterPaymentStatusUpdateEvent', array(&$user, &$paymentBasket, &$subscriptions, $unifiedStatus, $previousUnifiedStatus, $eventType, &$notification)); } }
/** * Returns substitution strings * * @see cbpaidSomething::substitutionStringsForItemDetailed() * * @param boolean $html HTML or TEXT return * @param string $reason 'N' new subscription, 'R' renewal, 'U'=update ) * @param boolean $autorecurring TRUE: is autorecurring, no real expiration date, FALSE: is not autorecurring * @return array */ public function substitutionStringsForItemDetailed( $html, $reason, $autorecurring ) { global $_CB_framework; $params = cbpaidApp::settingsParams(); $user = CBuser::getUserDataInstance( $this->user_id ); $prefixText = ''; if ( $reason == 'R' ) { $prefixText = CBPTXT::T("Renew"); } elseif ( ( $reason == 'U' ) && $this->replaces_subscription ) { $prefixText = CBPTXT::T("Upgrade"); } $validityText = $this->getFormattedValidityIfRenewed( $reason ); $showtime = ( $params->get( 'showtime', '1' ) == '1' ); if ( $this->expiry_date && ( $this->expiry_date != '0000-00-00 00:00:00' ) ) { $expiryText = cbFormatDate( $this->expiry_date, 1, $showtime ); } elseif ( $this->isLifetimeValidity() ) { $expiryText = CBPTXT::T( $params->get( 'regtextLifetime', 'Lifetime Subscription' ) ); } else { $expiryText = ''; } $validityIfNotAutoRec = ''; $expiryTextIfNotAutoRec = ''; if ( ! $autorecurring ) { $validityIfNotAutoRec = ': ' . $validityText; if ( $expiryText ) { $expiryTextIfNotAutoRec = ' ' . sprintf( CBPTXT::T("expiring on %s"), $expiryText ); } else { $expiryTextIfNotAutoRec = ''; } } $extraStrings = array( 'ITEM_NAME' => $this->getPlan()->getPersonalized( 'name', $this->user_id, false ), // CBPTXT::T( $this->getText( 'name' ) ), 'ITEM_ALIAS' => CBPTXT::T( $this->getText( 'alias' ) ), 'ITEM_DESCRIPTION' => $this->getPlan()->getPersonalized( 'description', $this->user_id, false ), // strip_tags( CBPTXT::T( $this->getText( 'description' ) ) ), 'SITENAME' => $_CB_framework->getCfg( 'sitename' ), 'SITEURL' => $_CB_framework->getCfg( 'live_site' ), 'PLANS_TITLE' => strip_tags( CBPTXT::T( $params->get( 'regTitle' ) ) ), 'EMAILADDRESS' => $user->email, 'PREFIX_TEXT' => $prefixText, 'VALIDITY' => $validityText, 'SUBSCRIPTION_VALIDITY_PERIOD_IF_RENEWED' => $validityText, // alias of VALIDITY 'SUBSCRIPTION_EXPIRY_DATE_IF_RENEWED' => $this->getFormattedExpiryDateIfRenewed( $reason ), 'SUBSCRIPTION_VALIDITY_PERIOD_REMAINING' => $this->getFormattedValidityRemaining(), 'VALIDITY_IF_NOT_AUTORECURRING' => $validityIfNotAutoRec, 'EXPIRY' => $expiryText, 'EXPIRING_IF_NOT_AUTORECURRING' => $expiryTextIfNotAutoRec, 'SUBSCRIPTION_EXPIRY_DATE' => $expiryText, // alias of EXPIRY 'SUBSCRIPTION_SIGNUP_DATE' => ( $this->subscription_date ? cbFormatDate( $this->subscription_date, 1, $showtime ) : '' ), 'SUBSCRIPTION_LAST_RENEWAL_DATE' => ( $this->last_renewed_date ? cbFormatDate( $this->last_renewed_date, 1, $showtime ) : '' ), 'SUBSCRIPTION_RENEWAL_PRICE' => $this->displayPeriodPrice( 'R', $html ), ); return $extraStrings; }
/** * WARNING: UNCHECKED ACCESS! On purpose unchecked access for M2M operations * Generates the HTML to display for a specific component-like page for the tab. WARNING: unchecked access ! * @param TabTable|null $tab the tab database entry * @param UserTable $user the user being displayed * @param int $ui 1 for front-end, 2 for back-end * @param array $postdata _POST data for saving edited tab content as generated with getEditTab * @return mixed either string HTML for tab content, or false if ErrorMSG generated */ public function getTabComponent( /** @noinspection PhpUnusedParameterInspection */ $tab, $user, $ui, $postdata ) { global $_CB_database, $_CB_framework, $_POST; $return = ''; $paid = false; $oldignoreuserabort = ignore_user_abort(true); $allowHumanHtmlOutput = true; // this will be reverted in case of M2M server-to-server notifications $act = $this->base->_getReqParam( 'act' ); $actPosted = isset($_POST[$this->base->_getPagingParamName('act')]); if ( $act === null ) { $act = $this->base->input( 'act', null, GetterInterface::COMMAND ); $actPosted = $this->base->input( 'post/act', null, GetterInterface::COMMAND ) !== null; } $post_user_id = (int) cbGetParam( $_GET, 'user', 0 ); if ( $actPosted && ( $post_user_id > 0 ) ) { $access = false; $myId = $_CB_framework->myId(); if ( is_object( $user ) ) { if ( $myId == 0 ) { if ( in_array( $act, array( 'saveeditinvoiceaddress', 'saveeditbasketintegration', 'showbskt' ) ) ) { $access = true; } else { $paidsubsManager =& cbpaidSubscriptionsMgr::getInstance(); if ( ! $paidsubsManager->checkExpireMe( __FUNCTION__, $user->id, false ) ) { // expired subscriptions: we will allow limited access to: if ( in_array( $act, array( 'upgrade', 'pay', 'reactivate', 'resubscribe', 'display_subscriptions' ) ) ) { $access = true; } } } } else { if ( ( $ui == 1 && ( $user->id == $myId ) ) || ( cbpaidApp::authoriseAction( 'cbsubs.usersubscriptionmanage' ) ) ) { $access = true; } } } else { $return = CBPTXT::T("User does not exist") . '.'; } if ( ! $access ) { $return .= '<br />' . CBPTXT::T("Not authorized action") . '.'; return $return; } cbSpoofCheck( 'plugin' ); // anti-spoofing check // renew or upgrade subscription payment form: $params = $this->params; $now = $_CB_framework->now(); $subscriptionsGUI = new cbpaidControllerUI(); $subscriptionIds = $subscriptionsGUI->getEditPostedBoxes( 'id' ); if ( $subscriptionIds == array( 0 ) ) { $subscriptionIds = array(); } if ( $post_user_id && ( $user->id == $post_user_id ) ) { outputCbTemplate(); $this->base->outputRegTemplate(); outputCbJs(); switch ( $act ) { case 'upgrade': // upgrade an existing subscription // display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present: $chosenPlans = $subscriptionsGUI->getAndCheckChosenUpgradePlans( $postdata, $user, $now ); if ( ( ! is_array( $chosenPlans ) ) || ( count( $chosenPlans ) == 0 ) ) { $subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) ); $return .= ( is_string( $chosenPlans ) ? $chosenPlans . '<br />' : '' ) . sprintf( CBPTXT::Th("Please press back button and select the %s plan to which you would like to upgrade."), $subTxt ); break; } $introText = CBPTXT::Th( $params->get( 'intro_text_upgrade', null ) ); //TBD: check if already exists (reload protection): $paymentBasket = cbpaidControllerOrder::createSubscriptionsAndPayment( $user, $chosenPlans, $postdata, $subscriptionIds, null, 'R', CBPTXT::T("Upgrade"), 'U' ); if ( is_object( $paymentBasket ) ) { $return = cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText ); } else { $return = $paymentBasket; // show messages as nothing to pay. } break; case 'pay': // pay for an unpaid subscription // display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present: $plan = $this->base->_getReqParam( 'plan' ); if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) { $subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) ); $return .= sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt ); break; } $plansMgr =& cbpaidPlansMgr::getInstance(); $chosenPlans = array(); $chosenPlans[(int) $plan] = $plansMgr->loadPlan( (int) $plan ); $introText = CBPTXT::Th( $params->get( 'intro_text', null ) ); $paymentStatus = null; $return = cbpaidControllerOrder::showPaymentForm( $user, $chosenPlans, $introText, $subscriptionIds, $paymentStatus ); break; case 'renew': // renew a still valid subscription case 'reactivate': // reactivate an expired subscription case 'resubscribe': // resubscribe a cancelled subscription // display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present: $plan = $this->base->_getReqParam( 'plan' ); if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) { $subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) ); $return .= sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt ); break; } $plansMgr =& cbpaidPlansMgr::getInstance(); $chosenPlans = array(); $chosenPlans[(int) $plan] = $plansMgr->loadPlan( (int) $plan ); $paidSomethingMgr =& cbpaidSomethingMgr::getInstance(); $subscription = $paidSomethingMgr->loadSomething( $subscriptionIds[$plan][0], $subscriptionIds[$plan][1] ); global $_PLUGINS; $_PLUGINS->loadPluginGroup( 'user', 'cbsubs.' ); $_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin'); $_PLUGINS->trigger( 'onCPayAfterPlanRenewalSelected', array( &$chosenPlans[(int) $plan], &$subscription, $act ) ); if ( $_PLUGINS->is_errors() ) { $return .= $_PLUGINS->getErrorMSG(); break; } $introText = CBPTXT::Th( $params->get( 'intro_text_renew', null ) ); //TBD: check if already exists (reload protection): $paymentBasket = cbpaidControllerOrder::createSubscriptionsAndPayment( $user, $chosenPlans, $postdata, $subscriptionIds, null, null, CBPTXT::T("Renew"), 'R' ); if ( is_object( $paymentBasket ) ) { $return = cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText ); } else { $return = $paymentBasket; // show messages as nothing to pay. } break; case 'unsubscribe': // request to unsubscribe an active subscription // display unsubscribe confirmation form: $plan = $this->base->_getReqParam( 'plan' ); if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) { $subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) ); $return .= sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt ); break; } $introText = CBPTXT::Th( $params->get( 'unsubscribe_intro_text' , null ) ); $return = $subscriptionsGUI->showUnsubscribeForm( $user, $introText, (int) $plan, (int) $subscriptionIds[$plan][1] ); break; case 'confirm_unsubscribe': // confirm previous request to unsubscribe an active subscription // unsubscribe confirmed: $plan = $this->base->_getReqParam( 'plan' ); if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) { $subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) ); $return .= sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt ); break; } if ( ( $plan ) && ( count( $subscriptionIds ) == 1 ) ) { $unsubscribeConfText = CBPTXT::Th( $params->get( 'unsubscribe_confirmation_text', null ) ); $return = cbpaidControllerOrder::doUnsubscribeConfirm( $user, $unsubscribeConfText, (int) $plan, (int) $subscriptionIds[$plan][1] ); } break; case 'display_subscriptions': // unsubscribe cancelled: display subscriptions: $return = $this->base->displayUserTab( $user ); break; case 'showinvoice': // shows a particular user invoice: if ( $params->get( 'show_invoices', 1 ) ) { $invoiceNo = $this->base->_getReqParam( 'invoice' ); $return = $this->showInvoice( $invoiceNo, $user ); } break; case 'saveeditinvoiceaddress': case 'editinvoiceaddress': // this is the case of reload of invoicing address $invoicingAddressQuery = $params->get( 'invoicing_address_query' ); if ( $invoicingAddressQuery > 0 ) { $basketId = $this->base->_getReqParam( 'basket', 0 ); $hashToCheck = $this->base->_getReqParam( 'bck' ); $paymentBasket = new cbpaidPaymentBasket( $_CB_database ); if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) { if ( ( $act == 'saveeditinvoiceaddress' ) && $this->base->input( 'actbutton', null, GetterInterface::COMMAND ) ) { // IE7-8 will return text instead of value and IE6 will return button all the time http://www.dev-archive.net/articles/forms/multiple-submit-buttons.html $return = $paymentBasket->saveInvoicingAddressForm( $user ); if ( $return === null ) { $paymentBasket->storeInvoicingDefaultAddress(); $introText = CBPTXT::Th( $params->get( 'intro_text', null ) ); $return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText ); } } else { // invoice has reloaded itself (e.g. for country change): $return = $paymentBasket->renderInvoicingAddressForm( $user ); } } else { $this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") ); } } else { $this->base->_setErrorMSG( CBPTXT::T("Not authorized action") ); } break; case 'saverecordpayment': case 'editrecordpayment': // this is the case of reload of the form $basketId = $this->base->_getReqParam( 'basket', 0 ); $hashToCheck = $this->base->_getReqParam( 'bck' ); $paymentBasket = new cbpaidPaymentBasket( $_CB_database ); if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status != 'Completed' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) { if ( $paymentBasket->authoriseAction( 'cbsubs.recordpayments' ) ) { if ( ( $act == 'saverecordpayment' ) && $this->base->input( 'actbutton', null, GetterInterface::COMMAND ) ) { // IE7-8 will return text instead of value and IE6 will return button all the time http://www.dev-archive.net/articles/forms/multiple-submit-buttons.html $return = cbpaidRecordBasketPayment::saveRecordPayment( $paymentBasket->id ); if ( $return === null ) { $return .= CBPTXT::T("Payment recorded.") . ' <a href="' . $_CB_framework->userProfileUrl( $paymentBasket->user_id, true ) . '">' . CBPTXT::Th("View user profile") . '</a>'; } } else { // invoice has reloaded itself (e.g. for country change): $return = cbpaidRecordBasketPayment::displayRecordPaymentForm( $paymentBasket->id ); } } else { $this->base->_setErrorMSG( CBPTXT::T("Not authorized action") ); } } else { $this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") ); } break; default: cbNotAuth(); return ''; break; } } } elseif ( $this->base->_getReqParam( 'account' ) && ( ( (int) cbGetParam( $_GET, 'user', 0 ) ) > 0 ) ) { $account = $this->base->_getReqParam( 'account' ); $post_user_id = (int) cbGetParam( $_GET, 'user', 0 ); $user = CBuser::getUserDataInstance( (int) $post_user_id ); if ( $user->id ) { if ( isset( $_SESSION['cbsubs']['expireduser'] ) && ( $_SESSION['cbsubs']['expireduser'] == $user->id ) ) { // expired subscriptions of membership: show possibilities: $subscriptionsGUI = new cbpaidControllerUI(); outputCbTemplate(); $this->base->outputRegTemplate(); outputCbJs(); switch ( $account ) { case 'expired': $paidsubsManager =& cbpaidSubscriptionsMgr::getInstance(); if ( ! $paidsubsManager->checkExpireMe( __FUNCTION__, $user->id, false ) ) { // no valid membership: $return = $subscriptionsGUI->getShowSubscriptionUpgrades( $user, true ); } break; default: break; } } else { $return = CBPTXT::Th("Browser cookies must be enabled."); } } } elseif ( in_array( $act, array( 'setbsktpmtmeth', 'setbsktcurrency' ) ) ) { cbSpoofCheck( 'plugin' ); // anti-spoofing check $params = $this->params; outputCbTemplate(); $this->base->outputRegTemplate(); outputCbJs(); $basketId = $this->base->_getReqParam( 'bskt', 0 ); $hashToCheck = $this->base->_getReqParam( 'bck' ); $paymentBasket = new cbpaidPaymentBasket( $_CB_database ); if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) { switch ( $act ) { case 'setbsktpmtmeth': if ( $params->get( 'payment_method_selection_type' ) == 'radios' ) { $chosenPaymentMethod = cbGetParam( $_POST, 'payment_method' ); $introText = CBPTXT::Th( $params->get( 'intro_text', null ) ); $return = $paymentBasket->saveBasketPaymentMethodForm( $user, $introText, $chosenPaymentMethod ); if ( $return === null ) { $return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText ); } } else { $this->base->_setErrorMSG( CBPTXT::T("Not authorized action") ); } break; case 'setbsktcurrency': if ( $params->get( 'allow_select_currency', '0' ) ) { $newCurrency = cbGetParam( $_POST, 'currency' ); if ( $newCurrency ) { if ( in_array( $newCurrency, cbpaidControllerPaychoices::getInstance()->getAllCurrencies() ) ) { $paymentBasket->changeCurrency( $newCurrency ); } else { $this->base->_setErrorMSG( CBPTXT::T("This currency is not allowed") ); } $introText = CBPTXT::Th( $params->get( 'intro_text', null ) ); $return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText ); } else { $this->base->_setErrorMSG( CBPTXT::T("Not authorized action") ); } } else { $this->base->_setErrorMSG( CBPTXT::T("Changes of currency of orders are not authorized") ); } break; default: cbNotAuth(); return ''; break; } } else { $this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") ); } } elseif ( $act == 'cbsubsclass' ) { $pluginName = $this->base->_getReqParam( 'class' ); if ( preg_match( '/^[a-z]+$/', $pluginName ) ) { $element = 'cbsubs.' . $pluginName; global $_PLUGINS; $_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin', $element ); $loadedPlugins =& $_PLUGINS->getLoadedPluginGroup( 'user/plug_cbpaidsubscriptions/plugin' ); $params = $this->params; foreach ($loadedPlugins as $p ) { if ( $p->element == $element ) { $pluginId = $p->id; $args = array( &$user, &$params, &$postdata ); /** @noinspection PhpUndefinedCallbackInspection */ $return = $_PLUGINS->call( $pluginId, 'executeTask', 'getcbsubs' . $pluginName . 'Tab', $args, null ); break; } } } } elseif ( $act && ( ! in_array( $act, array( 'showbskt', 'setbsktpmtmeth' ) ) ) && ( ( (int) cbGetParam( $_GET, 'user', 0 ) ) > 0 ) ) { if ( ! is_object( $user ) ) { return CBPTXT::T("User does not exist."); } $params = $this->params; $post_user_id = (int) cbGetParam( $_GET, 'user', 0 ); if ( $post_user_id && ( ( $user->id == $post_user_id ) || ( cbpaidApp::authoriseAction( 'cbsubs.usersubscriptionmanage' ) ) ) ) { outputCbTemplate(); $this->base->outputRegTemplate(); outputCbJs(); switch ( $act ) { case 'showinvoice': if ( $params->get( 'show_invoices', 1 ) ) { $invoiceNo = $this->base->_getReqParam( 'invoice', 0 ); // This also checks for cbpaidApp::authoriseAction on cbsubs.sales or cbsubs.financial access permissions: $return = $this->showInvoice( $invoiceNo, $user ); } else { $this->base->_setErrorMSG( CBPTXT::T("Not authorized action") ); } break; case 'showinvoiceslist': $showInvoices = $params->get( 'show_invoices', 1 ); $invoicesShowPeriod = $params->get( 'invoices_show_period', '0000-06-00 00:00:00' ); $itsmyself = ( $_CB_framework->myId() == $user->id ); if ( $showInvoices && ( $itsmyself || ( cbpaidApp::authoriseAction( 'cbsubs.sales' ) || cbpaidApp::authoriseAction( 'cbsubs.financial' ) ) ) ) { $subscriptionsGUI = new cbpaidControllerUI(); $invoices = $this->_getInvoices( $user, $invoicesShowPeriod, false ); if ( $invoicesShowPeriod && ( $invoicesShowPeriod != '0000-00-00 00:00:00' ) ) { $cbpaidTimes =& cbpaidTimes::getInstance(); $periodText = $cbpaidTimes->renderPeriod( $invoicesShowPeriod, 1, false ); } else { $periodText = ''; } $return .= $subscriptionsGUI->showInvoicesList( $invoices, $user, $itsmyself, $periodText ); } else { $this->base->_setErrorMSG( CBPTXT::T("Not authorized action") ); } break; case 'editinvoiceaddress': // this is the case of the initial edit address link if ( $params->get( 'invoicing_address_query' ) > 0 ) { $basketId = $this->base->_getReqParam( 'basket', 0 ); $hashToCheck = $this->base->_getReqParam( 'bck' ); $paymentBasket = new cbpaidPaymentBasket( $_CB_database ); if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) { $return = $paymentBasket->renderInvoicingAddressForm( $user ); } else { $this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") ); } } else { $this->base->_setErrorMSG( CBPTXT::T("Not authorized action") ); } break; case 'showrecordpayment': $paymentBasketId = $this->base->_getReqParam( 'recordpayment', 0 ); if ( $paymentBasketId ) { $paymentBasket = new cbpaidPaymentBasket(); if ( $paymentBasket->load( (int) $paymentBasketId ) && $paymentBasket->authoriseAction( 'cbsubs.recordpayments' ) ) { // Auto-loads class: and authorization is checked inside: $return = cbpaidRecordBasketPayment::displayRecordPaymentForm( $paymentBasketId ); } else { $this->base->_setErrorMSG( CBPTXT::T("Not authorized action") ); } } else { $this->base->_setErrorMSG( CBPTXT::T("Not authorized action") ); } break; default: $this->base->_setErrorMSG( CBPTXT::T("Not authorized action") ); break; } } } elseif ( $act == 'showbskt' && ( ( ( (int) cbGetParam( $_GET, 'user', 0 ) ) > 0 ) ) || ( $this->base->_getReqParam( 'bskt', 0 ) && $this->base->_getReqParam( 'bck' ) ) ) { $basketId = $this->base->_getReqParam( 'bskt', 0 ); $hashToCheck = $this->base->_getReqParam( 'bck' ); // Basket integrations saving/editing url: if ( in_array($act, array( 'saveeditbasketintegration', 'editbasketintegration' ) ) ) { // edit is the case of edit or reload of integration form $integration = $this->base->_getReqParam( 'integration' ); $paymentBasket = new cbpaidPaymentBasket( $_CB_database ); if ( preg_match( '/^[a-z]+$/', $integration ) && $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) { global $_PLUGINS; $element = 'cbsubs.' . $integration; $_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin', $element ); $results = $_PLUGINS->trigger( 'onCPayEditBasketIntegration', array( $integration, $act, &$paymentBasket ) ); $return = null; foreach ( $results as $r ) { if ( $r ) { $return .= $r; } } if ( $act == 'editbasketintegration' ) { if ( $return !== null ) { return $return; } } } else { $this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") ); } } $post_user_id = (int) cbGetParam( $_GET, 'user', 0 ); if ( $post_user_id && ! ( ( is_object( $user ) && ( $user->id == $post_user_id ) ) ) ) { return CBPTXT::T("User does not exist."); } outputCbTemplate(); $this->base->outputRegTemplate(); outputCbJs(); $params = $this->params; $paymentBasket = new cbpaidPaymentBasket( $_CB_database ); if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) ) { if ( ! $post_user_id ) { $cbUser =& CBuser::getInstance( (int) $paymentBasket->user_id ); $user =& $cbUser->getUserData(); if ( ( ! is_object( $user ) ) || ! $user->id ) { return CBPTXT::T("User does not exist."); } } if ( ( $hashToCheck && $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) || ( ( ! $hashToCheck ) && $paymentBasket->user_id && ( $paymentBasket->user_id == $_CB_framework->myId() ) ) ) { $introText = CBPTXT::Th( $params->get( 'intro_text', null ) ); $return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText ); } else { $this->base->_setErrorMSG( CBPTXT::T("Not authorized action") ); } } else { $this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") ); } // } elseif ( isset($_REQUEST['result']) && isset( $_REQUEST['user'] ) && ( $_REQUEST['user'] > 0 ) ) { } elseif ( isset($_REQUEST['result']) && ( $this->base->_getReqParam('method') || $this->base->_getReqParam('gacctno') ) ) { // don't check license here so initiated payments can complete ! $params = $this->params; $method = $this->base->_getReqParam('method'); if ( ( $method == 'freetrial' ) || ( $method == 'cancelpay' ) ) { cbpaidApp::import( 'processors.freetrial.freetrial' ); cbpaidApp::import( 'processors.cancelpay.cancelpay' ); $className = 'cbpaidGatewayAccount' . $method; $payAccount = new $className( $_CB_database ); } else { $gateAccount = $this->base->_getReqParam('gacctno'); $payAccount = cbpaidControllerPaychoices::getInstance()->getPayAccount( $gateAccount ); if ( ! $payAccount ) { return ''; } } $payClass = $payAccount->getPayMean(); $paymentBasket = new cbpaidPaymentBasket($_CB_database); if ( $payClass && ( ( $this->base->_getReqParam('method') == $payClass->getPayName() ) || ( $this->base->_getReqParam('method') == null ) ) && $payClass->hashPdtBackCheck( $this->base->_getReqParam('pdtback') ) ) { // output for resultNotification: $return and $allowHumanHtmlOutput $return = $payClass->resultNotification( $paymentBasket, $postdata, $allowHumanHtmlOutput ); } if ( ! $paymentBasket->id ) { $this->base->_setErrorMSG(CBPTXT::T("No suitable basket found.")); } else { $user =& CBuser::getUserDataInstance( (int) $paymentBasket->user_id ); if ( $paymentBasket->payment_status == 'RegistrationCancelled' ) { // registration cancelled: delete payment basket and delete user after checking that he is not yet active: if ( $paymentBasket->load( (int) $paymentBasket->id ) ) { if ( $payClass->hashPdtBackCheck( $this->base->_getReqParam('pdtback') ) && ( ( $paymentBasket->payment_status == 'NotInitiated' ) || ( ( $paymentBasket->payment_status === 'Pending' ) && ( $paymentBasket->payment_method === 'offline' ) ) ) ) { $notification = new cbpaidPaymentNotification(); $notification->initNotification( $payClass, 0, 'P', $paymentBasket->payment_status, $paymentBasket->payment_type, null, $_CB_framework->now(), $paymentBasket->charset ); $payClass->updatePaymentStatus( $paymentBasket, 'web_accept', 'RegistrationCancelled', $notification, 0, 0, 0, true ); // This is a notification or a return to site after payment, we want to log any error happening in third-party stuff in case: cbpaidErrorHandler::keepTurnedOn(); } } } if ( $allowHumanHtmlOutput ) { // If frontend, we display result, otherwise, If Server-to-server notification: do not display any additional text here ! switch ( $paymentBasket->payment_status ) { case 'Completed': // PayPal recommends including the following information with the confirmation: // - Item name // - Amount paid // - Payer email // - Shipping address $newMsg = sprintf( CBPTXT::Th("Thank you for your payment of %s for the %s %s."), $paymentBasket->renderPrice(), $paymentBasket->item_name, htmlspecialchars( $payClass->getTxtUsingAccount( $paymentBasket ) ) ) // ' using your paypal account ' . $paymentBasket->payer_email . ' ' . $payClass->getTxtNextStep( $paymentBasket ); // . "Your transaction has been completed, and a receipt for your purchase has been emailed to you by PayPal. " // . "You may log into your account at www.paypal.com to view details of this transaction.</p>\n"; if ( $params->get( 'show_invoices' ) ) { $itsmyself = ( $_CB_framework->myId() == $user->id ); $subscriptionsGUI = new cbpaidControllerUI(); $newMsg .= '<p id="cbregviewinvoicelink">' . $subscriptionsGUI->getInvoiceShowAhtml( $paymentBasket, $user, $itsmyself, CBPTXT::Th("View printable invoice") ) . '</p>' ; } $paid = true; break; case 'Pending': $newMsg = sprintf( CBPTXT::Th("Thank you for initiating the payment of %s for the %s %s."), $paymentBasket->renderPrice(), $paymentBasket->item_name, htmlspecialchars( $payClass->getTxtUsingAccount( $paymentBasket ) ) ) // ' using your paypal account ' . $paymentBasket->payer_email . ' ' . $payClass->getTxtNextStep( $paymentBasket ); // . "Your payment is currently being processed. " // . "A receipt for your purchase will be emailed to you by PayPal once processing is complete. " // . "You may log into your account at www.paypal.com to view status details of this transaction.</p>\n"; break; case 'RegistrationCancelled': $newMsg = $payClass->getTxtNextStep( $paymentBasket ); break; case 'FreeTrial': $newMsg = CBPTXT::Th("Thank you for subscribing to") . ' ' . $paymentBasket->item_name . '.' . ' ' . $payClass->getTxtNextStep( $paymentBasket ); break; case null: $newMsg = CBPTXT::T("Payment basket does not exist."); break; case 'NotInitiated': $newMsg = ''; break; case 'RedisplayOriginalBasket': if ( $paymentBasket->load( (int) $paymentBasket->id ) && ( $paymentBasket->payment_status == 'NotInitiated' ) ) { $introText = CBPTXT::Th( $params->get( 'intro_text', null ) ); $return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText ); } $newMsg = ''; break; case 'Processed': case 'Denied': case 'Reversed': case 'Refunded': case 'Partially-Refunded': default: $newMsg = $payClass->getTxtNextStep( $paymentBasket ); // "<p>Your transaction is not cleared and has currently following status: <strong>" . $paymentBasket->payment_status . ".</strong></p>" // . "<p>You may log into your account at www.paypal.com to view status details of this transaction.</p>"; break; } if ( in_array( $paymentBasket->payment_status, array( 'Completed', 'Pending' ) ) ) { $subscriptions = $paymentBasket->getSubscriptions(); $texts = array(); // avoid repeating several times identical texts: if ( is_array( $subscriptions ) ) { foreach ( $subscriptions as $sub ) { /** @var $sub cbpaidSomething */ $thankYouParam = ( $paymentBasket->payment_status == 'Completed') ? 'thankyoutextcompleted' : 'thankyoutextpending'; $thankYouText = $sub->getPersonalized( $thankYouParam, true ); if ( $thankYouText && ! in_array( $thankYouText, $texts ) ) { $texts[] = $thankYouText; if ( strpos( $thankYouText, '<' ) === false ) { $msgTag = 'p'; } else { $msgTag = 'div'; } $newMsg .= '<' . $msgTag . ' class="cbregThanks" id="cbregThanks' . $sub->plan_id . '">' . $thankYouText . '</' . $msgTag . ">\n"; } } } } if ( $newMsg ) { $return .= '<div>' . $newMsg . '</div>'; } if ( $paid && ( $_CB_framework->myId() < 1 ) && ( cbGetParam( $_REQUEST, 'user', 0 ) == $paymentBasket->user_id ) ) { $_CB_database->setQuery( "SELECT * FROM #__comprofiler c, #__users u WHERE c.id=u.id AND c.id=".(int) $paymentBasket->user_id ); if ( $_CB_database->loadObject( $user ) && ( $user->lastvisitDate == '0000-00-00 00:00:00' ) ) { $return = '<p>' . implode( '', getActivationMessage( $user, 'UserRegistration' ) ) . '</p>' . $return; } } } } } else { cbNotAuth(); return ' ' . CBPTXT::T("No result."); } if ( $allowHumanHtmlOutput ) { $allErrorMsgs = $this->base->getErrorMSG( '</div><div class="error">' ); if ( $allErrorMsgs ) { $errorMsg = '<div class="error">' . $allErrorMsgs . '</div>'; } else { $errorMsg = null; } /** @var string $return */ if ( ( $return == '' ) && ( $errorMsg ) ) { $this->base->outputRegTemplate(); $return = $errorMsg . '<br /><br />' . $return; $return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, '' ); } else { $return = $errorMsg . $return; } } if ( ! is_null( $oldignoreuserabort ) ) { ignore_user_abort($oldignoreuserabort); } return $return; }
/** * CB messaging anti-spam protection for maximum messages per time-frame * * @param int $userId User id * @param boolean $count Should it increment the number of messages or just check ? * @param boolean $allowPublic Should public messaging also be allowed ? * @return null|string */ function cbSpamProtect($userId, $count, $allowPublic = false) { global $_CB_framework, $_CB_database, $ueConfig; $maxEmailsPerHr = isset($ueConfig['maxEmailsPerHr']) ? (int) $ueConfig['maxEmailsPerHr'] : 10; // mails per $maxInterval = 24 * 3600; // hours (expressed in seconds) limit $time = time(); if (!$userId && $allowPublic) { $messageNumberSent = (int) $_CB_framework->getUserState('cb_message_number_sent', 0); $messageLastSent = $_CB_framework->getUserState('cb_message_last_sent', '0000-00-00 00:00:00'); $canSendMessage = true; } else { $user = CBuser::getUserDataInstance((int) $userId); if ($user) { $messageNumberSent = (int) $user->message_number_sent; $messageLastSent = $user->message_last_sent; $canSendMessage = true; } else { $messageNumberSent = 0; $messageLastSent = '0000-00-00 00:00:00'; $canSendMessage = false; } } if ($canSendMessage) { if ($messageLastSent != '0000-00-00 00:00:00') { list($y, $c, $d, $h, $m, $s) = sscanf($messageLastSent, "%4d-%2d-%2d\t%2d:%2d:%2d"); $expiryTime = gmmktime($h, $m, $s, $c, $d, $y) + $maxInterval; if ($time < $expiryTime) { if ($messageNumberSent >= $maxEmailsPerHr) { return CBTxt::Th('UE_MAXEMAILSLIMIT', 'You exceeded the maximum limit of ||one email|%%NUMBERMAILSPERHOUR%% emails|| per hour| every %%NUMBERHOURS%% hours||. Please try again later.', array('%%NUMBERMAILSPERHOUR%%' => $maxEmailsPerHr, '%%NUMBERHOURS%%' => round($maxInterval / 3600))); } else { if ($count) { if ($userId) { $query = 'UPDATE ' . $_CB_database->NameQuote('#__comprofiler') . "\n SET " . $_CB_database->NameQuote('message_number_sent') . " = " . (int) ($messageNumberSent + 1) . "\n WHERE " . $_CB_database->NameQuote('id') . " = " . (int) $userId; $_CB_database->setQuery($query); $_CB_database->query(); } else { $_CB_framework->setUserState('cb_message_number_sent', $messageNumberSent + 1); } } } } else { if ($count) { if ($userId) { $query = 'UPDATE ' . $_CB_database->NameQuote('#__comprofiler') . "\n SET " . $_CB_database->NameQuote('message_number_sent') . " = 1" . ', ' . $_CB_database->NameQuote('message_last_sent') . ' = ' . $_CB_database->Quote($_CB_framework->getUTCDate()) . "\n WHERE " . $_CB_database->NameQuote('id') . " = " . (int) $userId; $_CB_database->setQuery($query); $_CB_database->query(); } else { $_CB_framework->setUserState('cb_message_number_sent', 1); $_CB_framework->setUserState('cb_message_last_sent', $_CB_framework->getUTCDate()); } } } } else { if ($count) { if ($userId) { $query = 'UPDATE ' . $_CB_database->NameQuote('#__comprofiler') . "\n SET " . $_CB_database->NameQuote('message_number_sent') . " = 1" . ', ' . $_CB_database->NameQuote('message_last_sent') . ' = ' . $_CB_database->Quote($_CB_framework->getUTCDate()) . "\n WHERE " . $_CB_database->NameQuote('id') . " = " . (int) $userId; $_CB_database->setQuery($query); $_CB_database->query(); } else { $_CB_framework->setUserState('cb_message_number_sent', 1); $_CB_framework->setUserState('cb_message_last_sent', $_CB_framework->getUTCDate()); } } } return null; } else { return 'Not Authorized'; } }
/** * Generates the HTML to display the user profile tab * * @param TabTable $tab The tab database entry * @param UserTable $user The user being displayed * @param int $ui 1 for front-end, 2 for back-end * @return string|boolean Either string HTML for tab content, or false if ErrorMSG generated */ public function getDisplayTab($tab, $user, $ui) { global $_CB_framework; $model = cbforumsClass::getModel(); if (!$model->file) { return CBTxt::T('No supported forum model found!'); } outputCbJs(1); outputCbTemplate(1); $plugin = cbforumsClass::getPlugin(); $viewer =& CBuser::getUserDataInstance($_CB_framework->myId()); $message = null; cbforumsClass::getTemplate('tab'); if ($user->get('id') == $_CB_framework->myId()) { $profileUrl = cbSef('index.php?option=com_comprofiler&tab=' . (int) $tab->tabid, false); if ($this->params->get('tab_favs_display', 1)) { $unfavorite = cbGetParam($_REQUEST, 'forums_unfav', null); if ($unfavorite) { if (cbforumsModel::unFavorite($unfavorite, $user, $plugin)) { cbRedirect($profileUrl, CBTxt::T('Favorite deleted successfully!')); } else { cbRedirect($profileUrl, CBTxt::T('Favorite failed to delete.'), 'error'); } } } if ($this->params->get('tab_subs_display', 1)) { $unsubscribePost = cbGetParam($_REQUEST, 'forums_unsub', null); if ($unsubscribePost) { if (cbforumsModel::unSubscribe($unsubscribePost, $user, $plugin)) { cbRedirect($profileUrl, CBTxt::T('Subscription deleted successfully!')); } else { cbRedirect($profileUrl, CBTxt::T('Subscription failed to delete.'), 'error'); } } $unsubscribeCat = cbGetParam($_REQUEST, 'forums_unsubcat', null); if ($unsubscribeCat) { if (cbforumsModel::unSubscribeCategory($unsubscribeCat, $user, $plugin)) { cbRedirect($profileUrl, CBTxt::T('Category subscription deleted successfully!')); } else { cbRedirect($profileUrl, CBTxt::T('Category subscription failed to delete.'), 'error'); } } } } $tab->params = $this->params; $class = $plugin->params->get('general_class', null); $return = '<div id="cbForums" class="cbForums' . ($class ? ' ' . htmlspecialchars($class) : null) . '">' . '<div id="cbForumsInner" class="cbForumsInner">' . HTML_cbforumsTab::showTab($viewer, $user, $tab, $plugin) . '</div>' . '</div>'; return $return; }
/** * Send email from system to a user * Replaces optionally variables * * @param int|UserTable $toUserOrUserId Receiver * @param string $subject Subject * @param string $message HTML message for PMS * @param boolean|int $replaceVariables Should we replace variables ? * @param int $mode false = plain text, true = HTML * @param null|string $cc Email CC address * @param null|string $bcc Email BCC address * @param null|string $attachment Email attachment files * @param array $extraStrings Extra replacement strings to use if $replaceVariables = true * @param boolean $footer Add footer "Automated message sent from" ? * @param null|string $fromName [optional] From name * @param null|string $fromEmail [optional] From email address * @param null|string $replyToName [optional] Reply-To name * @param null|string $replyToEmail [optional] Reply-To email address * @return boolean Result */ public function sendFromSystem($toUserOrUserId, $subject, $message, $replaceVariables = true, $mode = 0, $cc = null, $bcc = null, $attachment = null, $extraStrings = array(), $footer = true, $fromName = null, $fromEmail = null, $replyToName = null, $replyToEmail = null) { global $_CB_framework, $ueConfig; if (!$subject && !$message) { return true; } $rowFrom = new UserTable(); $rowFrom->email = $fromEmail ? $fromEmail : $ueConfig['reg_email_from']; $rowFrom->name = $fromName ? $fromName : $this->defaultFromName(); if (!$replyToEmail) { $replyToEmail = $ueConfig['reg_email_replyto']; } if (!$replyToName) { $replyToName = $this->defaultFromName(); } if (!is_object($toUserOrUserId)) { $rowTo = CBuser::getUserDataInstance((int) $toUserOrUserId); } else { if (!$toUserOrUserId instanceof UserTable) { $rowTo = CBuser::getUserDataInstance((int) $toUserOrUserId->id); } else { $rowTo = $toUserOrUserId; } } if ($replaceVariables) { $subject = $this->_replaceVariables($subject, $rowTo, $mode, $extraStrings); $message = $this->_replaceVariables($message, $rowTo, $mode, $extraStrings); } if ($footer) { $toUserLanguage = CBuser::getInstance((int) $rowTo->id)->getUserData()->getUserLanguage(); $savedLanguage = CBTxt::setLanguage($toUserLanguage); $message .= "\n\n" . $this->_replaceVariables(CBTxt::T('EMAIL_NOTE_AUTOMATIC_GENERATION', 'NOTE: This email was automatically generated from [sitename] ([siteurl]).'), $rowTo, $mode, $extraStrings); CBTxt::setLanguage($savedLanguage); } $subject = $_CB_framework->getCfg('sitename') . ' - ' . $subject; // Lets fix linebreaks encase the message was sent as a plain string: $message = str_replace(array('\\r\\n', '\\n'), array("\r\n", "\n"), $message); return $this->_sendEmailMSG($rowTo, $rowFrom, $replyToName, $replyToEmail, $subject, $message, false, $mode, $cc, $bcc, $attachment); }
/** * If table key (id) is NULL : inserts a new row * otherwise updates existing row in the database table * * Can be overridden or overloaded by the child class * * @param boolean $updateNulls TRUE: null object variables are also updated, FALSE: not. * @return boolean TRUE if successful otherwise FALSE */ public function store($updateNulls = false) { if (!cbpaidApp::authoriseAction('cbsubs.refunds')) { $this->setError(CBPTXT::T("Not authorized")); return false; } // 1) check: if (!in_array($this->payment_status, array('Completed', 'Pending', 'Partially-Refunded'))) { $this->setError(CBPTXT::T("This payment is not completed, pending or partially refunded.")); return false; } if ($this->txn_id == '') { $this->txn_id = 'None'; // needed for updatePayment to generate payment record. } $payment = new cbpaidPayment(); if (!$payment->load((int) $this->id)) { $this->setError(CBPTXT::T("This payment does not exist.")); return false; } $paymentBasket = new cbpaidPaymentBasket(); if (!$paymentBasket->load($this->payment_basket_id)) { $this->setError(CBPTXT::T("This payment has no associated payment basket and cannot be refunded from here. Maybe from your PSP online terminal ?")); return false; } if (!$this->gateway_account) { $this->setError(CBPTXT::T("This payment has no gateway associated so can not be refunded.")); return false; } $payAccount = cbpaidControllerPaychoices::getInstance()->getPayAccount($this->gateway_account); if (!$payAccount) { $this->setError(CBPTXT::T("This payment's payment basket's associated gateway account is not active, so can not be refunded from here.")); return false; } $payClass = $payAccount->getPayMean(); $returnText = null; $amount = sprintf('%.2f', (double) $this->refund_gross); if (is_callable(array($payClass, 'refundPayment'))) { $success = $payClass->refundPayment($paymentBasket, $payment, null, $this->refund_is_last, $amount, $this->refund_reason, $returnText); } else { $success = false; } $user = CBuser::getUserDataInstance($paymentBasket->user_id); $username = $user ? $user->username : '******'; $replacements = array('[REFUNDAMOUNT]' => $payment->mc_currency . ' ' . $amount, '[PAYMENTID]' => $payment->id, '[PAYMENTAMOUNT]' => $payment->mc_currency . ' ' . $payment->mc_gross, '[BASKETID]' => $paymentBasket->id, '[ORDERID]' => $paymentBasket->sale_id, '[FULLNAME]' => $paymentBasket->first_name . ' ' . $paymentBasket->last_name, '[USERNAME]' => $username, '[USERID]' => $paymentBasket->user_id, '[PAYMENTMETHOD]' => $payClass->getPayName(), '[TXNID]' => $payment->txn_id, '[AUTHID]' => $payment->auth_id, '[ERRORREASON]' => $paymentBasket->reason_code); if ($success) { // Success Message ? // $returnText = CBPTXT::P("Refunded [REFUNDAMOUNT] for payment id [PAYMENTID] of [PAYMENTAMOUNT] for basket id [BASKETID], Order id [ORDERID] of [FULLNAME] (username [USERNAME] - user id [USERID]) using [PAYMENTMETHOD] with txn_id [TXNID] and auth_id [AUTHID].", $replacements ); } else { $this->setError(CBPTXT::T($payClass->getErrorMSG()) . '. ' . CBPTXT::P("Refund request of [REFUNDAMOUNT] for payment id [PAYMENTID] of [PAYMENTAMOUNT] for basket id [BASKETID], Order id [ORDERID] of [FULLNAME] (username [USERNAME] - user id [USERID]) using [PAYMENTMETHOD] with txn_id [TXNID] and auth_id [AUTHID] failed for reason: [ERRORREASON].", $replacements)); return false; } return true; }