function get_users_permission($user_ids, $action, $allow_myself = false)
{
global $_CB_database, $_CB_framework;
$msg = null;
if (is_array($user_ids) && count($user_ids)) {
$obj = new moscomprofilerUser($_CB_database);
foreach ($user_ids as $user_id) {
if ($user_id != 0) {
if ($obj->load((int) $user_id)) {
if (checkJversion() >= 2) {
$groups = $this->get_object_groups($user_id);
} elseif (checkJversion() == 1) {
$aro_id = $this->get_object_id('users', $user_id, 'ARO');
$groups = $this->get_object_groups($aro_id, 'ARO');
} else {
$groups = $this->get_object_groups('users', $user_id, 'ARO');
}
if (isset($groups[0])) {
$this_group = strtolower($this->get_group_name($groups[0], 'ARO'));
} else {
$this_group = 'Registered';
}
} else {
$msg .= 'User not found. ';
}
} else {
$this_group = 'Registered';
$obj->gid = $this->get_group_id($this_group, 'ARO');
$obj->gids = $this->get_groups_below_me($user_id, true);
}
if ($user_id == $_CB_framework->myId()) {
if (!$allow_myself) {
$msg .= "You cannot {$action} Yourself! ";
}
} else {
if (checkJversion() >= 2) {
if (!$this->amIaSuperAdmin()) {
$userGroups = $this->get_object_groups($user_id);
$myGroups = $this->get_object_groups($_CB_framework->myId());
$myCBuser = CBuser::getMyInstance();
$iAmAdmin = $myCBuser->authoriseAction('core.manage', 'com_users') && $myCBuser->authoriseAction('core.edit', 'com_users');
$exactGids = !$iAmAdmin;
$myGidsTree = $this->get_groups_below_me($_CB_framework->myId(), true, $exactGids);
$isHeSAdmin = $this->amIaSuperAdmin((int) $user_id);
if (array_values($userGroups) == array_values($myGroups) && !$iAmAdmin || $user_id && $userGroups && !array_intersect($userGroups, $myGidsTree) || $isHeSAdmin) {
$msg .= "You cannot {$action} a `{$this_group}`. Only higher-level users have this power. ";
}
}
} else {
$myGid = $this->get_user_group_id($_CB_framework->myId());
$cms_admins = $this->mapGroupNamesToValues(array('Administrator', 'Superadministrator'));
$cms_super_admin = $this->mapGroupNamesToValues('Superadministrator');
if ($myGid != $cms_super_admin) {
if ($obj->gid == $myGid && !in_array($myGid, $cms_admins) || $user_id && $obj->gid && !in_array($obj->gid, $this->get_group_children_ids($myGid))) {
$msg .= "You cannot {$action} a `{$this_group}`. Only higher-level users have this power. ";
}
}
}
}
}
} else {
$this_group = 'Registered';
$gid = $this->get_group_id($this_group, 'ARO');
if ($user_ids == $_CB_framework->myId()) {
if (!$allow_myself) {
$msg .= "You cannot {$action} Yourself! ";
}
} else {
if (checkJversion() >= 2) {
if (!$this->amIaSuperAdmin()) {
$userGroups = $this->get_object_groups($user_ids);
$myGroups = $this->get_object_groups($_CB_framework->myId());
$myCBuser = CBuser::getMyInstance();
$iAmAdmin = $myCBuser->authoriseAction('core.manage', 'com_users') && $myCBuser->authoriseAction('core.edit', 'com_users');
$exactGids = !$iAmAdmin;
$myGidsTree = $this->get_groups_below_me($_CB_framework->myId(), true, $exactGids);
$isHeSAdmin = $this->amIaSuperAdmin((int) $user_ids);
if (array_values($userGroups) == array_values($myGroups) && !$iAmAdmin || $user_ids && $userGroups && !array_intersect($userGroups, $myGidsTree) || $isHeSAdmin) {
$msg .= "You cannot {$action} a `{$this_group}`. Only higher-level users have this power. ";
}
}
} else {
$myGid = $this->get_user_group_id($_CB_framework->myId());
$cms_admins = $this->mapGroupNamesToValues(array('Administrator', 'Superadministrator'));
$cms_super_admin = $this->mapGroupNamesToValues('Superadministrator');
if ($myGid != $cms_super_admin) {
if ($gid == $myGid && !in_array($myGid, $cms_admins) || $user_ids && $gid && !in_array($gid, $this->get_group_children_ids($myGid))) {
$msg .= "You cannot {$action} a `{$this_group}`. Only higher-level users have this power. ";
}
}
}
}
}
return $msg;
}
function get_users_permission( $user_ids, $action, $allow_myself = false ) {
global $_CB_database, $_CB_framework;
$msg = null;
$cms_admins = $this->mapGroupNamesToValues( array( 'Administrator', 'Superadministrator' ) );
if ( is_array( $user_ids ) && count( $user_ids ) ) {
$obj = new moscomprofilerUser( $_CB_database );
foreach ( $user_ids as $user_id ) {
if ( $user_id != 0 ) {
if ( $obj->load( (int) $user_id ) ) {
if ( checkJversion() == 2 ) {
$groups = $this->get_object_groups( $user_id );
} elseif ( checkJversion() == 1 ) {
$aro_id = $this->get_object_id( 'users', $user_id, 'ARO' );
$groups = $this->get_object_groups( $aro_id, 'ARO' );
} else {
$groups = $this->get_object_groups( 'users', $user_id, 'ARO' );
}
if ( isset( $groups[0] ) ) {
$this_group = strtolower( $this->get_group_name( $groups[0], 'ARO' ) );
} else {
$this_group = 'Registered';
}
} else {
$msg .= 'User not found. ';
}
} else {
$this_group = 'Registered';
$obj->gid = $this->get_group_id( $this_group, 'ARO' );
}
if ( ( ! $allow_myself ) && ( $user_id == $_CB_framework->myId() ) ){
$msg .= "You cannot $action Yourself! ";
} else {
$myGid = $this->get_user_group_id( $_CB_framework->myId() );
if ( ( ( $obj->gid == $myGid ) && ! in_array( $myGid, $cms_admins ) ) || ( $user_id && $obj->gid && ! in_array( $obj->gid, $this->get_group_children_ids( $myGid ) ) ) ) {
$msg .= "You cannot $action a `$this_group`. Only higher-level users have this power. ";
}
}
}
} else {
$this_group = 'Registered';
$gid = $this->get_group_id( $this_group, 'ARO' );
$myGid = $this->get_user_group_id( $_CB_framework->myId() );
if ( ( ( $gid == $myGid ) && ! in_array( $myGid, $cms_admins ) ) || ( $gid && ! in_array( $gid, $this->get_group_children_ids( $myGid ) ) ) ) { $msg .= "You cannot $action a `$this_group`. Only higher-level users have this power. ";
}
}
return $msg;
}
function userAvatar( $option, $uid, $submitvalue) {
global $_CB_database, $_CB_framework, $_REQUEST, $ueConfig, $_PLUGINS, $_FILES;
if ( ! $uid ) {
$uid = $_CB_framework->myId();
}
if ( ! $uid ) {
echo _UE_NOT_AUTHORIZED;
return;
}
$msg = cbCheckIfUserCanPerformUserTask( $uid, 'allowModeratorsUserEdit');
if ( $msg ) {
echo $msg;
return;
}
$row = new moscomprofilerUser( $_CB_database );
if ( ! $row->load( (int) $uid ) ) {
echo _UE_NOSUCHPROFILE;
return;
}
$do = cbGetParam( $_REQUEST, 'do', 'init' );
if ( $do == 'init' ) {
HTML_comprofiler::userAvatar( $row, $option, $submitvalue);
} elseif ( $do == 'validate' ) {
// simple spoof check security
cbSpoofCheck( 'userAvatar' );
if ( ! $ueConfig['allowAvatarUpload'] ) {
cbNotAuth();
return;
}
$isModerator=isModerator( $_CB_framework->myId() );
if ( ( ! isset( $_FILES['avatar']['tmp_name'] ) )
|| empty( $_FILES['avatar']['tmp_name'] )
|| ( $_FILES['avatar']['error'] != 0 )
|| ( ! is_uploaded_file( $_FILES['avatar']['tmp_name'] ) )
) {
cbRedirectToProfile( $row->id, _UE_UPLOAD_ERROR_EMPTY, 'userAvatar' );
}
$_PLUGINS->loadPluginGroup( 'user' );
$_PLUGINS->trigger( 'onBeforeUserAvatarUpdate', array( &$row, &$row, $isModerator, &$_FILES['avatar']['tmp_name'] ) );
if ($_PLUGINS->is_errors()) {
cbRedirectToProfile( $row->id, $_PLUGINS->getErrorMSG(), 'userAvatar' );
}
$imgToolBox = new imgToolBox();
$imgToolBox->_conversiontype = $ueConfig['conversiontype'];
$imgToolBox->_IM_path = $ueConfig['im_path'];
$imgToolBox->_NETPBM_path = $ueConfig['netpbm_path'];
$imgToolBox->_maxsize = $ueConfig['avatarSize'];
$imgToolBox->_maxwidth = $ueConfig['avatarWidth'];
$imgToolBox->_maxheight = $ueConfig['avatarHeight'];
$imgToolBox->_thumbwidth = $ueConfig['thumbWidth'];
$imgToolBox->_thumbheight = $ueConfig['thumbHeight'];
$imgToolBox->_debug = 0;
$allwaysResize = ( isset( $ueConfig['avatarResizeAlways'] ) ? $ueConfig['avatarResizeAlways'] : 1 );
$newFileName = $imgToolBox->processImage( $_FILES['avatar'], uniqid($row->id."_"), $_CB_framework->getCfg('absolute_path') . '/images/comprofiler/', 0, 0, 1, $allwaysResize );
if ( ! $newFileName ) {
cbRedirectToProfile( $row->id, $imgToolBox->_errMSG, 'userAvatar' );
}
if ($row->avatar != null && $row->avatar!="") {
deleteAvatar($row->avatar);
}
if ($ueConfig['avatarUploadApproval']==1 && $isModerator==0) {
$cbNotification = new cbNotification();
$cbNotification->sendToModerators(_UE_IMAGE_ADMIN_SUB,_UE_IMAGE_ADMIN_MSG);
$_CB_database->setQuery("UPDATE #__comprofiler SET avatar='" . $_CB_database->getEscaped($newFileName) . "', avatarapproved=0 WHERE id=" . (int) $row->id);
$redMsg = _UE_UPLOAD_PEND_APPROVAL;
} else {
$_CB_database->setQuery("UPDATE #__comprofiler SET avatar='" . $_CB_database->getEscaped($newFileName) . "', avatarapproved=1, lastupdatedate=". $_CB_database->Quote( $_CB_framework->dateDbOfNow() ) . " WHERE id=" . (int) $row->id);
$redMsg = _UE_UPLOAD_SUCCESSFUL;
}
$_CB_database->query();
$_PLUGINS->trigger( 'onAfterUserAvatarUpdate', array(&$row,&$row,$isModerator,$newFileName) );
cbRedirectToProfile( $row->id, $redMsg );
} elseif ( $do == 'fromgallery' ) {
// simple spoof check security
cbSpoofCheck( 'userAvatar' );
if( ! $ueConfig['allowAvatarGallery'] ) {
cbNotAuth();
return;
}
$newAvatar = cbGetParam( $_POST, 'newavatar', null );
if ( ( $newAvatar == '' ) || preg_match( '/[^-_a-zA-Z0-9.]/', $newAvatar ) || ( strpos( $newAvatar, '..' ) !== false ) ) {
cbRedirectToProfile( $row->id, _UE_UPLOAD_ERROR_CHOOSE, 'userAvatar' );
}
$_CB_database->setQuery( "UPDATE #__comprofiler SET avatar = " . $_CB_database->Quote( 'gallery/' . $newAvatar )
. ", avatarapproved=1, lastupdatedate = " . $_CB_database->Quote( $_CB_framework->dateDbOfNow() )
. " WHERE id = " . (int) $row->id);
if( ! $_CB_database->query() ) {
$msg = _UE_USER_PROFILE_NOT;
}else {
// delete old avatar:
deleteAvatar( $row->avatar );
$msg = _UE_USER_PROFILE_UPDATED;
}
cbRedirectToProfile( $row->id, $msg );
} elseif ( $do == 'deleteavatar' ) {
if ( $row->avatar != null && $row->avatar != "" ) {
deleteAvatar( $row->avatar );
$_CB_database->setQuery("UPDATE #__comprofiler SET avatar=null, avatarapproved=1, lastupdatedate=" . $_CB_database->Quote( $_CB_framework->dateDbOfNow() ) . " WHERE id=" . (int) $row->id);
$_CB_database->query();
}
cbRedirectToProfile( $row->id, _USER_DETAILS_SAVE );
}
}
function sendUserEmail($toid, $fromid, $subject, $message, $revealEmail = false)
{
global $_CB_framework, $_CB_database, $ueConfig, $_SERVER;
if (!$subject && !$message) {
return true;
}
$rowFrom = new moscomprofilerUser($_CB_database);
$rowFrom->load((int) $fromid);
$rowTo = new moscomprofilerUser($_CB_database);
$rowTo->load((int) $toid);
$uname = getNameFormat($rowFrom->name, $rowFrom->username, $ueConfig['name_format']);
if ($revealEmail) {
if (isset($ueConfig['allow_email_replyto']) && $ueConfig['allow_email_replyto'] == 2) {
$rowFrom->replytoEmail = $rowFrom->email;
$rowFrom->replytoName = $uname;
$rowFrom->email = $ueConfig['reg_email_from'];
} else {
// if (!isset($ueConfig['allow_email_replyto']) || $ueConfig['allow_email_replyto'] == 1)
$rowFrom->replytoEmail = null;
$rowFrom->replytoName = null;
$rowFrom->email = $rowFrom->email;
}
} else {
$rowFrom->replytoEmail = null;
$rowFrom->replytoName = null;
$rowFrom->name = _UE_NOTIFICATIONSAT . " " . cb_html_entity_decode_all($_CB_framework->getCfg('sitename'));
$rowFrom->email = $ueConfig['reg_email_from'];
$message .= "\n\n" . sprintf(_UE_EMAILFOOTER, cb_html_entity_decode_all($_CB_framework->getCfg('sitename')), $_CB_framework->getCfg('live_site')) . "\n";
}
return $this->_sendEmailMSG($rowTo, $rowFrom, $subject, $message, $revealEmail);
}
function drawUsersList( $uid, $listid, $searchFormValuesRAW ) {
global $_CB_database, $_CB_framework, $ueConfig, $Itemid, $_PLUGINS;
$search = null;
$searchGET = cbGetParam( $searchFormValuesRAW, 'search' );
$limitstart = (int) cbGetParam( $searchFormValuesRAW, 'limitstart', 0 );
$searchmode = (int) cbGetParam( $searchFormValuesRAW, 'searchmode', 0 );
$randomParam = (int) cbGetParam( $searchFormValuesRAW, 'rand', 0 );
// old search on formated name:
/* if ( $searchPOST || count( $_POST ) ) {
// simple spoof check security
cbSpoofCheck( 'usersList' );
if ( cbGetParam( $searchFormValuesRAW, "action" ) == "search" ) {
$search = $searchPOST;
}
} else
if ( isset( $searchFormValuesRAW['limitstart'] ) ) {
$search = stripslashes( $searchGET );
}
*/
// get my user and gets the list of user lists he is allowed to see (ACL):
$myCbUser =& CBuser::getInstance( $uid );
if ( $myCbUser === null ) {
$myCbUser =& CBuser::getInstance( null );
}
$myUser =& $myCbUser->getUserData();
/*
$myUser = new moscomprofilerUser( $_CB_database );
if ( $uid ) {
$myUser->load( (int) $uid );
}
*/
$useraccessgroupSQL = " AND useraccessgroupid IN (".implode(',',getChildGIDS(userGID($uid))).")";
$_CB_database->setQuery( "SELECT listid, title FROM #__comprofiler_lists WHERE published=1" . $useraccessgroupSQL . " ORDER BY ordering" );
$plists = $_CB_database->loadObjectList();
$lists = array();
$publishedlists = array();
for ( $i=0, $n=count( $plists ); $i < $n; $i++ ) {
$plist =& $plists[$i];
$listTitleNoHtml = strip_tags( cbReplaceVars( getLangDefinition( $plist->title ), $myUser, false, false ) );
$publishedlists[] = moscomprofilerHTML::makeOption( $plist->listid, $listTitleNoHtml );
}
// select either list selected or default list to which he has access (ACL):
if ( $listid == 0 ) {
$_CB_database->setQuery( "SELECT listid FROM #__comprofiler_lists "
. "\n WHERE `default`=1 AND published=1" . $useraccessgroupSQL );
$listid = (int) $_CB_database->loadresult();
if ( $listid == 0 && ( count( $plists ) > 0 ) ) {
$listid = (int) $plists[0]->listid;
}
}
if ( ! ( $listid > 0 ) ) {
echo _UE_NOLISTFOUND;
return;
}
// generates the drop-down list of lists:
if ( count( $plists ) > 1 ) {
$lists['plists'] = moscomprofilerHTML::selectList( $publishedlists, 'listid', 'class="inputbox" size="1" onchange="this.form.submit();"', 'value', 'text', $listid, 1 );
}
// loads the list record:
$row = new moscomprofilerLists( $_CB_database );
if ( ( ! $row->load( (int) $listid ) ) || ( $row->published != 1 ) ) {
echo _UE_LIST_DOES_NOT_EXIST;
return;
}
if ( ! allowAccess( $row->useraccessgroupid,'RECURSE', userGID($uid) ) ) {
echo _UE_NOT_AUTHORIZED;
return;
}
$params = new cbParamsBase( $row->params );
$hotlink_protection = $params->get( 'hotlink_protection', 0 );
if ( $hotlink_protection == 1 ) {
if ( ( $searchGET !== null ) || $limitstart ) {
cbSpoofCheck( 'usersList', 'GET' );
}
}
$limit = (int) $params->get( 'list_limit' );
if ( $limit == 0 ) {
$limit = (int) $ueConfig['num_per_page'];
}
$showPaging = $params->get( 'list_paging', 1 );
if ( $showPaging != 1 ) {
$limitstart = 0;
}
$isModerator = isModerator( $_CB_framework->myId() );
$_PLUGINS->loadPluginGroup( 'user' );
// $plugSearchFieldsArray = $_PLUGINS->trigger( 'onStartUsersList', array( &$listid, &$row, &$search, &$limitstart, &$limit ) );
$_PLUGINS->trigger( 'onStartUsersList', array( &$listid, &$row, &$search, &$limitstart, &$limit ) );
// handles the users allowed to be listed in the list by ACL:
$allusergids = array();
$usergids = explode( ',', $row->usergroupids );
/* This was a bug tending to list admins when "public backend" was checked, and all frontend users when "public backend was checked. Now just ignore them:
foreach( $usergids AS $usergid ) {
$allusergids[] = $usergid;
if ($usergid==29 || $usergid==30) {
$groupchildren = array();
$groupchildren = $_CB_framework->acl->get_group_children( $usergid, 'ARO','RECURSE' );
$allusergids = array_merge($allusergids,$groupchildren);
}
}
*/
$allusergids = array_diff( $usergids, array( 29, 30 ) );
$usergids = implode( ",", $allusergids );
// build SQL Select query:
$random = 0;
if( $row->sortfields != '' ) {
$matches = null;
if ( preg_match( '/^RAND\(\)\s(ASC|DESC)$/', $row->sortfields, $matches ) ) {
// random sorting needs to have same seed on pages > 1 to not have probability to show same users:
if ( $limitstart ) {
$random = (int) $randomParam;
}
if ( ! $random ) {
$random = rand( 0, 32767 );
}
$row->sortfields = 'RAND(' . (int) $random . ') ' . $matches[1];
}
$orderby = "\n ORDER BY " . $row->sortfields;
}
$filterby = '';
if ( $row->filterfields != '' ) {
$filterRules = utf8RawUrlDecode( substr( $row->filterfields, 1 ) );
if ( $_CB_framework->myId() ) {
$user = new moscomprofilerUser( $_CB_database );
if ( $user->load( (int) $_CB_framework->myId() ) ) {
$filterRules = cbReplaceVars( $filterRules, $user, array( $_CB_database, 'getEscaped' ), false, array() );
}
}
$filterby = " AND ". $filterRules;
}
// Prepare part after SELECT .... " and before "FROM" :
$tableReferences = array( '#__comprofiler' => 'ue', '#__users' => 'u' );
// Fetch all fields:
$tabs = $myCbUser->_getCbTabs(); // new cbTabs( 0, 1 ); //TBD: later: this private method should not be called here, but the whole users-list should go into there and be called here.
$allFields = $tabs->_getTabFieldsDb( null, $myUser, 'list' );
// $_CB_database->setQuery( "SELECT * FROM #__comprofiler_fields WHERE published = 1" );
// $allFields = $_CB_database->loadObjectList( 'fieldid', 'moscomprofilerFields', array( &$_CB_database ) );
//Make columns array. This array will later be constructed from the tabs table:
$columns = array();
for ( $i = 1; $i < 50; ++$i ) {
$enabledVar = "col".$i."enabled";
if ( ! isset( $row->$enabledVar ) ) {
break;
}
$titleVar = "col".$i."title";
$fieldsVar = "col".$i."fields";
$captionsVar = "col".$i."captions";
if ( $row->$enabledVar == 1 ) {
$col = new stdClass();
$col->fields = ( $row->$fieldsVar ? explode( '|*|', $row->$fieldsVar ) : array() );
$col->title = $row->$titleVar;
$col->titleRendered = $myCbUser->replaceUserVars( $col->title );
$col->captions = $row->$captionsVar;
// $col->sort = 1; //All columns can be sorted
$columns[$i] = $col;
}
}
// build fields and tables accesses, also check for searchable fields:
$searchableFields = array();
$fieldsSQL = cbUsersList::getFieldsSQL( $columns, $allFields, $tableReferences, $searchableFields, $params );
$_PLUGINS->trigger( 'onAfterUsersListFieldsSql', array( &$columns, &$allFields, &$tableReferences ) );
$tablesSQL = array();
$joinsSQL = array();
$tablesWhereSQL = array( 'block' => 'u.block = 0',
'approved' => 'ue.approved = 1',
'confirmed' => 'ue.confirmed = 1'
);
if ( checkJversion() == 2 ) {
$joinsSQL[] = 'JOIN #__user_usergroup_map g ON g.`user_id` = u.`id`';
}
if ( ! $isModerator ) {
$tablesWhereSQL['banned'] = 'ue.banned = 0';
}
if ( $usergids ) {
if ( checkJversion() == 2 ) {
$tablesWhereSQL['gid'] = 'g.group_id IN (' . $usergids . ')';
} else {
$tablesWhereSQL['gid'] = 'u.gid IN (' . $usergids . ')';
}
}
foreach ( $tableReferences as $table => $name ) {
$tablesSQL[] = $table . ' ' . $name;
if ( $name != 'u' ) {
$tablesWhereSQL[] = "u.`id` = " . $name . ".`id`";
}
}
// handles search criterias:
$list_compare_types = $params->get( 'list_compare_types', 0 );
$searchVals = new stdClass();
$searchesFromFields = $tabs->applySearchableContents( $searchableFields, $searchVals, $searchFormValuesRAW, $list_compare_types );
$whereFields = $searchesFromFields->reduceSqlFormula( $tableReferences, $joinsSQL, TRUE );
if ( $whereFields ) {
$tablesWhereSQL[] = '(' . $whereFields . ')';
/*
if ( $search === null ) {
$search = '';
}
*/
}
$_PLUGINS->trigger( 'onBeforeUsersListBuildQuery', array( &$tablesSQL, &$joinsSQL, &$tablesWhereSQL ) );
$queryFrom = "FROM " . implode( ', ', $tablesSQL )
. ( count( $joinsSQL ) ? "\n " . implode( "\n ", $joinsSQL ) : '' )
. "\n WHERE " . implode( "\n AND ", $tablesWhereSQL );
// handles old formatted names search:
/*
if ( $search != '' ) {
$searchSQL = cbEscapeSQLsearch( strtolower( $_CB_database->getEscaped( $search ) ) );
$queryFrom .= " AND (";
$searchFields = array();
if ( $ueConfig['name_format']!='3' ) {
$searchFields[] = "u.name LIKE '%%s%'";
}
if ( $ueConfig['name_format']!='1' ) {
$searchFields[] = "u.username LIKE '%%s%'";
}
if ( is_array( $plugSearchFieldsArray ) ) {
foreach ( $plugSearchFieldsArray as $v ) {
if ( is_array( $v ) ) {
$searchFields = array_merge( $searchFields, $v );
}
}
}
$queryFrom .= str_replace( '%s', $searchSQL, implode( " OR ", $searchFields ) );
$queryFrom .= ")";
}
*/
$queryFrom .= " " . $filterby;
$_PLUGINS->trigger( 'onBeforeUsersListQuery', array( &$queryFrom, 1, $listid ) ); // $uid = 1
$errorMsg = null;
// counts number of users and loads the listed fields of the users if not in search-form-only mode:
if ( $searchmode == 0 ) {
if ( checkJversion() == 2 ) {
$_CB_database->setQuery( "SELECT COUNT(DISTINCT u.id) " . $queryFrom );
} else {
$_CB_database->setQuery( "SELECT COUNT(*) " . $queryFrom );
}
$total = $_CB_database->loadResult();
if ( ( $limit > $total ) || ( $limitstart >= $total ) ) {
$limitstart = 0;
}
// $query = "SELECT u.id, ue.banned, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby
if ( checkJversion() == 2 ) {
$query = "SELECT DISTINCT ue.*, u.*, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby;
} else {
$query = "SELECT ue.*, u.*, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby;
}
$_CB_database->setQuery( $query, (int) $limitstart, (int) $limit );
$users = $_CB_database->loadObjectList( null, 'moscomprofilerUser', array( &$_CB_database ) );
if ( ! $_CB_database->getErrorNum() ) {
// creates the CBUsers in cache corresponding to the $users:
foreach ( array_keys( $users ) as $k) {
CBuser::setUserGetCBUserInstance( $users[$k] );
}
} else {
$users = array();
$errorMsg = _UE_ERROR_IN_QUERY_TURN_SITE_DEBUG_ON_TO_VIEW;
}
if ( count( get_object_vars( $searchVals ) ) > 0 ) {
$search = '';
} else {
$search = null;
}
} else {
$total = null;
$users = array();
if ( $search === null ) {
$search = '';
}
}
// Compute itemId of users in users-list:
if ( $Itemid ) {
$option_itemid = (int) $Itemid;
} else {
$option_itemid = getCBprofileItemid( 0 );
}
HTML_comprofiler::usersList( $row, $users, $columns, $allFields, $lists, $listid, $search, $searchmode, $option_itemid, $limitstart, $limit, $total, $myUser, $searchableFields, $searchVals, $tabs, $list_compare_types, $showPaging, $hotlink_protection, $errorMsg, $random );
}
function load( $cbUserId ) {
cbimport( 'cb.tables' );
$this->_cbuser = new moscomprofilerUser( $this->_db );
return $this->_cbuser->load( $cbUserId );
}
/**
*
*
* @param moscomprofilerFields $field
* @param moscomprofilerUser $user
* @param string $reason 'profile' for user profile view, 'edit' for profile edit, 'register' for registration, 'list' for user-lists
* @param boolean $displayFieldIcons
* @return string HTML: <tag type="$type" value="$value" xxxx="xxx" yy="y" />
*/
function _htmlEditForm(&$field, &$user, $reason, $displayFieldIcons = true)
{
global $_CB_framework, $_CB_database, $ueConfig;
if ($field->name == 'avatar' && !($ueConfig['allowAvatarUpload'] || $ueConfig['allowAvatarGallery'])) {
return null;
}
$name = $field->name;
$nameapproved = $field->name . 'approved';
$required = $this->_isRequired($field, $user, $reason);
$existingAvatar = false;
if ($user && $user->id) {
// we can not trust the following, as if another field did error out, it's wrong:
// $existingAvatar = ( $user->$name != null );
// so load from database:
$realDatabaseUser = new moscomprofilerUser($_CB_database);
if ($realDatabaseUser->load((int) $user->id)) {
$existingAvatar = $realDatabaseUser->{$name} != null;
}
}
$html = '<div>';
$choices = array();
if ($reason == 'register' || $reason == 'edit' && $user->id == 0) {
if ($required == 0) {
$choices[] = moscomprofilerHTML::makeOption('', _UE_AVATAR_NONE);
}
} else {
if ($existingAvatar || $required == 0) {
$choices[] = moscomprofilerHTML::makeOption('', _UE_AVATAR_NO_CHANGE);
}
}
if ($name != 'avatar' || $ueConfig['allowAvatarUpload']) {
$choices[] = moscomprofilerHTML::makeOption('upload', $existingAvatar ? _UE_AVATAR_UPLOAD_NEW : _UE_AVATAR_UPLOAD);
}
if ($name == 'avatar' && $ueConfig['allowAvatarGallery']) {
$choices[] = moscomprofilerHTML::makeOption('gallery', _UE_AVATAR_SELECT);
}
if ($_CB_framework->getUi() == 2 && $existingAvatar && $user->{$nameapproved} == 0) {
$choices[] = moscomprofilerHTML::makeOption('approve', _UE_APPROVE_IMAGE);
}
if ($existingAvatar && $required == 0) {
$choices[] = moscomprofilerHTML::makeOption('delete', _UE_DELETE_AVATAR);
}
$html .= '<div>';
if ($reason != 'register' && $user->id != 0 && $existingAvatar) {
$html .= $this->_avatarHtml($field, $user, $reason) . ' ';
}
if ($reason == 'edit' && $existingAvatar && $user->{$nameapproved} == 0 && isModerator($_CB_framework->myId())) {
$html .= $this->_avatarHtml($field, $user, $reason, false, 10) . ' ';
}
if (count($choices) > 1) {
$additional = ' class="inputbox"';
if ($_CB_framework->getUi() == 1 && $reason == 'edit' && $field->readonly) {
$additional .= ' disabled="disabled"';
}
$html .= moscomprofilerHTML::selectList($choices, $name . '__choice', $additional, 'value', 'text', '', $required, true, false);
/*
$js = " $('#cbimg_upload_" . $name . ",#cbimg_gallery_" . $name . "').hide();"
. "\n $('#" . $name . "__choice').click( function() {"
. "\n var choice = $(this).val();"
. "\n if ( choice == '' ) {"
. "\n $('#cbimg_upload_" . $name . "').slideUp('slow');"
. "\n $('#cbimg_gallery_" . $name . "').slideUp('slow');"
. "\n } else if ( choice == 'upload' ) {"
. "\n $('#cbimg_upload_" . $name . "').slideDown('slow');"
. "\n $('#cbimg_gallery_" . $name . "').slideUp('slow');"
. "\n } else if ( choice == 'gallery' ) {"
. "\n $('#cbimg_upload_" . $name . "').slideUp('slow');"
. "\n $('#cbimg_gallery_" . $name . "').slideDown('slow');"
. "\n }"
. "\n } ).click();"
;
*/
static $functOut = false;
if (!$functOut) {
$js = "function cbslideImage(choice,uplodid,galleryid) {" . "\n\tif ( ( choice == '' ) || ( choice == 'approve' ) || ( choice == 'delete' ) ) {" . "\n\t\t\$(uplodid).slideUp('slow');" . "\n\t\t\$(galleryid).slideUp('slow');" . "\n\t} else if ( choice == 'upload' ) {" . "\n\t\t\$(uplodid).slideDown('slow');" . "\n\t\t\$(galleryid).slideUp('slow');" . "\n\t} else if ( choice == 'gallery' ) {" . "\n\t\t\$(uplodid).slideUp('slow');" . "\n\t\t\$(galleryid).slideDown('slow');" . "\n\t}" . "\n}";
$_CB_framework->outputCbJQuery($js);
$functOut = true;
}
$js = "\$('#cbimg_upload_" . $name . ",#cbimg_gallery_" . $name . "').hide();" . "\n\t{" . "\n\t \$('#" . $name . "__choice').click( function() {" . "\n\t\tcbslideImage( \$(this).val(), '#cbimg_upload_" . $name . "', '#cbimg_gallery_" . $name . "' );" . "\n\t } ).click();" . "\n\t \$('#" . $name . "__choice').change( function() {" . "\n\t\tcbslideImage( \$(this).val(), '#cbimg_upload_" . $name . "', '#cbimg_gallery_" . $name . "' );" . "\n\t } );" . "\n\t}";
$_CB_framework->outputCbJQuery($js);
} else {
$html .= '<input type="hidden" name="' . $name . '__choice" value="' . $choices[0]->value . '" />';
}
$html .= $this->_fieldIconsHtml($field, $user, 'htmledit', $reason, 'select', '', null, '', array(), $displayFieldIcons, $required);
$html .= '</div>';
if ($name != 'avatar' || $ueConfig['allowAvatarUpload']) {
$button = $reason == 'register' ? _UE_REGISTER : ($_CB_framework->getUi() == 2 ? _UE_SAVE : _UE_UPDATE);
$saveFieldName = $field->name;
$saveFieldRequired = $field->required;
$field->name .= '__file';
if ($field->required && $user && isset($user->{$saveFieldName}) && $user->{$saveFieldName}) {
$field->required = 0;
}
$html .= '<div id="cbimg_upload_' . $name . '">' . '<p>' . sprintf(_UE_UPLOAD_DIMENSIONS_AVATAR, $this->_getImageFieldParam($field, 'avatarWidth'), $this->_getImageFieldParam($field, 'avatarHeight'), $this->_getImageFieldParam($field, 'avatarSize')) . '</p>' . '<div>' . _UE_UPLOAD_SELECT_FILE . ' ' . '<input type="file" name="' . $name . '__file" value="" class="inputbox" />' . '</div>' . '<p>' . ($ueConfig['reg_enable_toc'] ? sprintf(_UE_AVATAR_DISCLAIMER_TERMS, $button, "<a href='" . cbSef(htmlspecialchars($ueConfig['reg_toc_url'])) . "' target='_BLANK'> " . _UE_AVATAR_TOC_LINK . "</a>") : sprintf(_UE_AVATAR_DISCLAIMER, $button)) . '</p>' . '</div>';
$field->name = $saveFieldName;
$field->required = $saveFieldRequired;
}
if ($name == 'avatar' && $ueConfig['allowAvatarGallery']) {
$live_site = $_CB_framework->getCfg('live_site');
$avatar_gallery_path = $_CB_framework->getCfg('absolute_path') . '/images/comprofiler/gallery';
$avatar_images = array();
$avatar_images = display_avatar_gallery($avatar_gallery_path);
$html .= '<div id="cbimg_gallery_' . $name . '">' . "\n\t<table width='100%' border='0' cellpadding='4' cellspacing='2'>" . "\n\t\t<tr align='center' valign='middle'>";
for ($i = 0; $i < count($avatar_images); $i++) {
$j = $i + 1;
$avatar_name = ucfirst(str_replace('_', ' ', preg_replace('/^(.*)\\..*$/', '\\1', $avatar_images[$i])));
$html .= "\n\t\t\t<td>" . '<input type="radio" name="' . $name . '__gallery" id="' . $name . '__gallery_' . $i . '" value="' . $avatar_images[$i] . '" />' . '<label for="' . $name . '__gallery_' . $i . '">' . '<img src="' . $live_site . '/images/comprofiler/gallery/' . $avatar_images[$i] . '" alt="' . $avatar_name . '" title="' . $avatar_name . '" />' . '</label>' . '</td>';
if (function_exists('fmod')) {
if (!fmod($j, 5)) {
$html .= "</tr>\n\t\t<tr align=\"center\" valign=\"middle\">";
}
} else {
if (!fmodReplace($j, 5)) {
// PHP < 4.2.0...
$html .= "</tr>\n\t\t<tr align=\"center\" valign=\"middle\">";
}
}
}
$html .= "\n\t\t</tr>\n\t\t" . "\n\t</table>" . '</div>';
}
$html .= '</div>';
return $html;
}
/**
* gets PMS unread messages count
* @param int user id
* @return mixed number of messages unread by user $userid or false if ErrorMSG generated
*/
function getPMSunreadCount($userid) {
global $_CB_database;
$params = $this->params;
$pmsType = $params->get('pmsType', '1');
if (!$this->_checkPMSinstalled($pmsType)) {
return false;
}
$user = new moscomprofilerUser( $_CB_database );
$user->load( (int) $userid );
SWITCH($pmsType) {
case 1:
$query_pms_count = "SELECT count(id) FROM #__pms WHERE username='******' AND readstate=0";
$_CB_database->setQuery( $query_pms_count );
$total_pms = $_CB_database->loadResult();
break;
case 2:
$query_pms_count = "SELECT count(id) FROM #__mypms WHERE username='******' AND readstate=0";
$_CB_database->setQuery( $query_pms_count );
$total_pms = $_CB_database->loadResult();
break;
case 3:
case 4:
$sql="SELECT count(id) FROM #__uddeim WHERE toread<1 AND toid=".(int) $userid;
$_CB_database->setQuery($sql);
$total_pms = $_CB_database->loadResult();
break;
case 5:
$query_pms_count = "SELECT count(id) FROM #__pms WHERE recip_id=" . (int) $userid ." AND readstate%2=0 AND inbox=1";
$_CB_database->setQuery( $query_pms_count );
$total_pms = $_CB_database->loadResult();
break;
case 6:
$query_pms_count = "SELECT count(id) FROM #__jim WHERE username='******' AND readstate=0";
$_CB_database->setQuery( $query_pms_count );
$total_pms = $_CB_database->loadResult();
break;
default:
$this->_setErrorMSG("Incorrect PMS type");
$total_pms = false;
break;
}
return $total_pms;
}
/**
* Logins on host CMS using any allowed authentication methods
*
* @param string $username The username
* @param string|boolean $password Well, The password OR strictly boolean false for login without password
* @param boolean $rememberMe If login should be remembered in a cookie to be sent back to user's browser
* @param boolean $message If an alert message should be prepared on successful login
* @param string $return IN & OUT: IN: return URL NOT SEFED for normal login completition (unless an event says different), OUT: redirection url (no htmlspecialchars) NOT SEFED
* @param array $messagesToUser OUT: messages to display to user (html)
* @param array $alertmessages OUT: messages to alert to user (text)
* @param int $loginType 0: username, 1: email, 2: username or email, 3: username, email or CMS authentication
*/
function login($username, $password, $rememberMe, $message, &$return, &$messagesToUser, &$alertmessages, $loginType = 0)
{
global $_CB_database, $_CB_framework, $ueConfig, $_PLUGINS;
$returnURL = null;
if (!$username || !$password && $password !== false) {
$resultError = _LOGIN_INCOMPLETE;
} else {
$_PLUGINS->loadPluginGroup('user');
$_PLUGINS->trigger('onBeforeLogin', array(&$username, &$password));
$resultError = null;
$showSysMessage = true;
$stopLogin = false;
$loggedIn = false;
if ($_PLUGINS->is_errors()) {
$resultError = $_PLUGINS->getErrorMSG();
} else {
$row = new moscomprofilerUser($_CB_database);
$foundUser = false;
// Try login by CB authentication trigger:
$_PLUGINS->trigger('onLoginAuthentication', array(&$username, &$password, &$row, $loginType, &$foundUser, &$stopLogin, &$resultError, &$messagesToUser, &$alertmessages, &$return));
if (!$foundUser) {
if ($loginType != 2) {
// login by username:
$foundUser = $row->loadByUsername($username) && ($password === false || $row->verifyPassword($password));
}
if (!$foundUser && $loginType >= 1) {
// login by email:
$foundUser = $row->loadByEmail($username) && ($password === false || $row->verifyPassword($password));
if ($foundUser) {
$username = $row->username;
}
}
if (!$foundUser && $loginType > 2) {
// If no result, try login by CMS authentication:
if ($_CB_framework->login($username, $password, $rememberMe)) {
$foundUser = $row->load((int) $_CB_framework->myId());
// core user might not have username set, so we use id (bug #3303 fix)
cbSplitSingleName($row);
$row->confirmed = 1;
$row->approved = 1;
$row->store();
// synchronizes with comprofiler table
$loggedIn = true;
}
}
}
if ($foundUser) {
$returnPluginsOverrides = null;
$pluginResults = $_PLUGINS->trigger('onDuringLogin', array(&$row, 1, &$returnPluginsOverrides));
if ($returnPluginsOverrides) {
$return = $returnPluginsOverrides;
}
if (is_array($pluginResults) && count($pluginResults)) {
foreach ($pluginResults as $res) {
if (is_array($res)) {
if (isset($res['messagesToUser'])) {
$messagesToUser[] = $res['messagesToUser'];
}
if (isset($res['alertMessage'])) {
$alertmessages[] = $res['alertMessage'];
}
if (isset($res['showSysMessage'])) {
$showSysMessage = $showSysMessage && $res['showSysMessage'];
}
if (isset($res['stopLogin'])) {
$stopLogin = $stopLogin || $res['stopLogin'];
}
}
}
}
if ($_PLUGINS->is_errors()) {
$resultError = $_PLUGINS->getErrorMSG();
} elseif ($stopLogin) {
// login stopped: don't even check for errors...
} elseif ($row->approved == 2) {
$resultError = _LOGIN_REJECTED;
} elseif ($row->confirmed != 1) {
if ($row->cbactivation == '') {
$row->store();
// just in case the activation code was missing
}
$cbNotification = new cbNotification();
$cbNotification->sendFromSystem($row->id, getLangDefinition(stripslashes($ueConfig['reg_pend_appr_sub'])), getLangDefinition(stripslashes($ueConfig['reg_pend_appr_msg'])));
$resultError = _LOGIN_NOT_CONFIRMED;
} elseif ($row->approved == 0) {
$resultError = _LOGIN_NOT_APPROVED;
} elseif ($row->block == 1) {
$resultError = _UE_LOGIN_BLOCKED;
} elseif ($row->lastvisitDate == '0000-00-00 00:00:00') {
if (isset($ueConfig['reg_first_visit_url']) and $ueConfig['reg_first_visit_url'] != "") {
$return = $ueConfig['reg_first_visit_url'];
} else {
$return = $returnPluginsOverrides;
// by default return to homepage on first login (or on page overridden by plugin).
}
$_PLUGINS->trigger('onBeforeFirstLogin', array(&$row, $username, $password, &$return));
if ($_PLUGINS->is_errors()) {
$resultError = $_PLUGINS->getErrorMSG("<br />");
}
}
} else {
if ($loginType < 2) {
$resultError = _LOGIN_INCORRECT;
} else {
$resultError = _UE_INCORRECT_EMAIL_OR_PASSWORD;
}
}
}
if ($resultError) {
if ($showSysMessage) {
$alertmessages[] = $resultError;
}
} elseif (!$stopLogin) {
if (!$loggedIn) {
$_PLUGINS->trigger('onDoLoginNow', array($username, $password, $rememberMe, &$row, &$loggedIn, &$resultError, &$messagesToUser, &$alertmessages, &$return));
}
if (!$loggedIn) {
$_CB_framework->login($username, $password, $rememberMe);
$loggedIn = true;
}
$_PLUGINS->trigger('onAfterLogin', array(&$row, $loggedIn));
if ($loggedIn && $message && $showSysMessage) {
$alertmessages[] = _LOGIN_SUCCESS;
}
if (!$loggedIn) {
$resultError = _LOGIN_INCORRECT;
}
// changing com_comprofiler to comprofiler is a quick-fix for SEF ON on return path...
if ($return && !(strpos($return, 'comprofiler') && (strpos($return, 'login') || strpos($return, 'logout') || strpos($return, 'registers') || strpos(strtolower($return), 'lostpassword')))) {
// checks for the presence of a return url
// and ensures that this url is not the registration or login pages
$returnURL = $return;
} elseif (!$returnURL) {
$returnURL = 'index.php';
}
}
}
$return = $returnURL;
return $resultError;
}
function saveUser( $option ) {
global $_CB_framework, $_CB_database, $_POST, $_PLUGINS;
$this->_importNeeded();
$this->_importNeededSave();
if ( ! ( isset( $_POST['approved'] ) && isset( $_POST['confirmed'] ) && isset( $_POST['username'] ) ) ) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Not Authorized') ) ."'); window.history.go(-1);</script>\n";
exit;
}
// Check rights to access:
$myGid = userGID( $_CB_framework->myId() );
$userIdPosted = (int) cbGetParam($_POST, "id", 0 );
if ( $userIdPosted == 0 ) {
$_POST['id'] = null;
}
$adminGroups = $_CB_framework->acl->mapGroupNamesToValues( array( 'Administrator', 'Superadministrator' ) );
if ( $userIdPosted != 0 ) {
$msg = checkCBpermissions( array( $userIdPosted ), 'save', in_array( $myGid, $adminGroups ) );
} else {
$msg = checkCBpermissions( null, 'save', in_array( $myGid, $adminGroups ) );
}
if ($msg) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( $msg ) . "'); window.history.go(-1);</script>\n";
exit;
}
$_PLUGINS->loadPluginGroup('user');
// Get current user state:
$userComplete = new moscomprofilerUser( $_CB_database );
if ( $userIdPosted != 0 ) {
if ( ! $userComplete->load( (int) $userIdPosted ) ) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( _UE_USER_PROFILE_NOT ) . "'); window.history.go(-1);</script>\n";
return;
}
}
// Store new user state:
$saveResult = $userComplete->saveSafely( $_POST, $_CB_framework->getUi(), 'edit' );
if ( ! $saveResult ) {
$regErrorMSG = $userComplete->getError();
$msg = checkCBpermissions( array( $userComplete->id ), "edit", true );
if ($msg) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( $msg ) ."'); window.history.go(-1);</script>\n";
exit;
}
echo "<script type=\"text/javascript\">alert('" . str_replace( '\\\\n', '\\n', addslashes( strip_tags( str_replace( '<br />', '\\n', $regErrorMSG ) ) ) ) . "'); </script>\n";
global $_CB_Backend_task;
$_CB_Backend_task = 'edit'; // so the toolbar comes up...
$_PLUGINS->loadPluginGroup( 'user' ); // resets plugin errors
$usersView = _CBloadView( 'user' );
$usersView->edituser( $userComplete, $option, ( $userComplete->user_id != null ? '0' : '1' ), $_POST );
// echo "<script type=\"text/javascript\">alert('" . addslashes( str_replace( '<br />', '\n', $userComplete->getError() ) ) . "'); window.history.go(-1);</script>\n";
return;
}
// Checks-in the row:
$userComplete->checkin();
cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showusers" ), sprintf(CBTxt::T('Successfully Saved User: %s'), $userComplete->username) );
}