Пример #1
0
 function get_users_permission($user_ids, $action, $allow_myself = false)
 {
     global $_CB_database, $_CB_framework;
     $msg = null;
     if (is_array($user_ids) && count($user_ids)) {
         $obj = new moscomprofilerUser($_CB_database);
         foreach ($user_ids as $user_id) {
             if ($user_id != 0) {
                 if ($obj->load((int) $user_id)) {
                     if (checkJversion() >= 2) {
                         $groups = $this->get_object_groups($user_id);
                     } elseif (checkJversion() == 1) {
                         $aro_id = $this->get_object_id('users', $user_id, 'ARO');
                         $groups = $this->get_object_groups($aro_id, 'ARO');
                     } else {
                         $groups = $this->get_object_groups('users', $user_id, 'ARO');
                     }
                     if (isset($groups[0])) {
                         $this_group = strtolower($this->get_group_name($groups[0], 'ARO'));
                     } else {
                         $this_group = 'Registered';
                     }
                 } else {
                     $msg .= 'User not found. ';
                 }
             } else {
                 $this_group = 'Registered';
                 $obj->gid = $this->get_group_id($this_group, 'ARO');
                 $obj->gids = $this->get_groups_below_me($user_id, true);
             }
             if ($user_id == $_CB_framework->myId()) {
                 if (!$allow_myself) {
                     $msg .= "You cannot {$action} Yourself! ";
                 }
             } else {
                 if (checkJversion() >= 2) {
                     if (!$this->amIaSuperAdmin()) {
                         $userGroups = $this->get_object_groups($user_id);
                         $myGroups = $this->get_object_groups($_CB_framework->myId());
                         $myCBuser = CBuser::getMyInstance();
                         $iAmAdmin = $myCBuser->authoriseAction('core.manage', 'com_users') && $myCBuser->authoriseAction('core.edit', 'com_users');
                         $exactGids = !$iAmAdmin;
                         $myGidsTree = $this->get_groups_below_me($_CB_framework->myId(), true, $exactGids);
                         $isHeSAdmin = $this->amIaSuperAdmin((int) $user_id);
                         if (array_values($userGroups) == array_values($myGroups) && !$iAmAdmin || $user_id && $userGroups && !array_intersect($userGroups, $myGidsTree) || $isHeSAdmin) {
                             $msg .= "You cannot {$action} a `{$this_group}`. Only higher-level users have this power. ";
                         }
                     }
                 } else {
                     $myGid = $this->get_user_group_id($_CB_framework->myId());
                     $cms_admins = $this->mapGroupNamesToValues(array('Administrator', 'Superadministrator'));
                     $cms_super_admin = $this->mapGroupNamesToValues('Superadministrator');
                     if ($myGid != $cms_super_admin) {
                         if ($obj->gid == $myGid && !in_array($myGid, $cms_admins) || $user_id && $obj->gid && !in_array($obj->gid, $this->get_group_children_ids($myGid))) {
                             $msg .= "You cannot {$action} a `{$this_group}`. Only higher-level users have this power. ";
                         }
                     }
                 }
             }
         }
     } else {
         $this_group = 'Registered';
         $gid = $this->get_group_id($this_group, 'ARO');
         if ($user_ids == $_CB_framework->myId()) {
             if (!$allow_myself) {
                 $msg .= "You cannot {$action} Yourself! ";
             }
         } else {
             if (checkJversion() >= 2) {
                 if (!$this->amIaSuperAdmin()) {
                     $userGroups = $this->get_object_groups($user_ids);
                     $myGroups = $this->get_object_groups($_CB_framework->myId());
                     $myCBuser = CBuser::getMyInstance();
                     $iAmAdmin = $myCBuser->authoriseAction('core.manage', 'com_users') && $myCBuser->authoriseAction('core.edit', 'com_users');
                     $exactGids = !$iAmAdmin;
                     $myGidsTree = $this->get_groups_below_me($_CB_framework->myId(), true, $exactGids);
                     $isHeSAdmin = $this->amIaSuperAdmin((int) $user_ids);
                     if (array_values($userGroups) == array_values($myGroups) && !$iAmAdmin || $user_ids && $userGroups && !array_intersect($userGroups, $myGidsTree) || $isHeSAdmin) {
                         $msg .= "You cannot {$action} a `{$this_group}`. Only higher-level users have this power. ";
                     }
                 }
             } else {
                 $myGid = $this->get_user_group_id($_CB_framework->myId());
                 $cms_admins = $this->mapGroupNamesToValues(array('Administrator', 'Superadministrator'));
                 $cms_super_admin = $this->mapGroupNamesToValues('Superadministrator');
                 if ($myGid != $cms_super_admin) {
                     if ($gid == $myGid && !in_array($myGid, $cms_admins) || $user_ids && $gid && !in_array($gid, $this->get_group_children_ids($myGid))) {
                         $msg .= "You cannot {$action} a `{$this_group}`. Only higher-level users have this power. ";
                     }
                 }
             }
         }
     }
     return $msg;
 }
Пример #2
0
	function get_users_permission( $user_ids, $action, $allow_myself = false ) {
		global $_CB_database, $_CB_framework;

		$msg							=	null;

		$cms_admins						=	$this->mapGroupNamesToValues( array( 'Administrator', 'Superadministrator' ) );

		if ( is_array( $user_ids ) && count( $user_ids ) ) {
			$obj						=	new moscomprofilerUser( $_CB_database );

			foreach ( $user_ids as $user_id ) {
				if ( $user_id != 0 ) {
					if ( $obj->load( (int) $user_id ) ) {
						if ( checkJversion() == 2 ) {
							$groups		=	$this->get_object_groups( $user_id );
						} elseif ( checkJversion() == 1 ) {
							$aro_id		=	$this->get_object_id( 'users', $user_id, 'ARO' );
							$groups		=	$this->get_object_groups( $aro_id, 'ARO' );
						} else {
							$groups		=	$this->get_object_groups( 'users', $user_id, 'ARO' );
						}

						if ( isset( $groups[0] ) ) {
							$this_group =	strtolower( $this->get_group_name( $groups[0], 'ARO' ) );
						} else {
							$this_group	=	'Registered';
						}
					} else {
						$msg			.=	'User not found. ';
					}
				} else {
					$this_group			=	'Registered';
					$obj->gid 			=	$this->get_group_id( $this_group, 'ARO' );
				}

				if ( ( ! $allow_myself ) && ( $user_id == $_CB_framework->myId() ) ){
	 				$msg				.=	"You cannot $action Yourself! ";
	 			} else {
	 				$myGid				=	$this->get_user_group_id( $_CB_framework->myId() );

	 				if ( ( ( $obj->gid == $myGid ) && ! in_array( $myGid, $cms_admins ) ) || ( $user_id && $obj->gid && ! in_array( $obj->gid, $this->get_group_children_ids( $myGid ) ) ) ) {
						$msg			.=	"You cannot $action a `$this_group`. Only higher-level users have this power. ";
	 				}
				}
			}
		} else {
			$this_group 				=	'Registered';
			$gid 						=	$this->get_group_id( $this_group, 'ARO' );
			$myGid						=	$this->get_user_group_id( $_CB_framework->myId() );

			if ( ( ( $gid == $myGid ) && ! in_array( $myGid, $cms_admins ) ) || ( $gid && ! in_array( $gid, $this->get_group_children_ids( $myGid ) ) ) ) {				$msg					.=	"You cannot $action a `$this_group`. Only higher-level users have this power. ";
			}
		}

		return $msg;
	}
Пример #3
0
function userAvatar( $option, $uid, $submitvalue) {
	global $_CB_database, $_CB_framework, $_REQUEST, $ueConfig, $_PLUGINS, $_FILES;

	if ( ! $uid ) {
		$uid	=	$_CB_framework->myId();
	}
	if ( ! $uid ) {
		echo _UE_NOT_AUTHORIZED;
		return;
	}
	$msg	=	cbCheckIfUserCanPerformUserTask( $uid, 'allowModeratorsUserEdit');
	if ( $msg ) {
		echo $msg;
		return;
	}
	$row = new moscomprofilerUser( $_CB_database );
	if ( ! $row->load( (int) $uid ) ) {
		echo _UE_NOSUCHPROFILE;
		return;
	}

	$do		=	cbGetParam( $_REQUEST, 'do', 'init' );
	if ( $do == 'init' ) {

		HTML_comprofiler::userAvatar( $row, $option, $submitvalue);

	} elseif ( $do == 'validate' ) {

		// simple spoof check security
		cbSpoofCheck( 'userAvatar' );

		if ( ! $ueConfig['allowAvatarUpload'] ) {
			cbNotAuth();
			return;
		}

		$isModerator=isModerator( $_CB_framework->myId() );

		if (	( ! isset( $_FILES['avatar']['tmp_name'] ) )
			||	empty( $_FILES['avatar']['tmp_name'] )
			||	( $_FILES['avatar']['error'] != 0 )
			||	( ! is_uploaded_file( $_FILES['avatar']['tmp_name'] ) )
		) {
			cbRedirectToProfile( $row->id, _UE_UPLOAD_ERROR_EMPTY, 'userAvatar' );
		}

		$_PLUGINS->loadPluginGroup( 'user' );
		$_PLUGINS->trigger( 'onBeforeUserAvatarUpdate', array( &$row, &$row, $isModerator, &$_FILES['avatar']['tmp_name'] ) );
		if ($_PLUGINS->is_errors()) {
			cbRedirectToProfile( $row->id, $_PLUGINS->getErrorMSG(), 'userAvatar' );
		}

		$imgToolBox						=	new imgToolBox();
		$imgToolBox->_conversiontype	=	$ueConfig['conversiontype'];
		$imgToolBox->_IM_path			=	$ueConfig['im_path'];
		$imgToolBox->_NETPBM_path		=	$ueConfig['netpbm_path'];
		$imgToolBox->_maxsize			=	$ueConfig['avatarSize'];
		$imgToolBox->_maxwidth			=	$ueConfig['avatarWidth'];
		$imgToolBox->_maxheight			=	$ueConfig['avatarHeight'];
		$imgToolBox->_thumbwidth		=	$ueConfig['thumbWidth'];
		$imgToolBox->_thumbheight		=	$ueConfig['thumbHeight'];
		$imgToolBox->_debug				=	0;
		$allwaysResize					=	( isset( $ueConfig['avatarResizeAlways'] ) ? $ueConfig['avatarResizeAlways'] : 1 );

		$newFileName		=	$imgToolBox->processImage( $_FILES['avatar'], uniqid($row->id."_"), $_CB_framework->getCfg('absolute_path') . '/images/comprofiler/', 0, 0, 1, $allwaysResize );
		if ( ! $newFileName ) {
			cbRedirectToProfile( $row->id, $imgToolBox->_errMSG, 'userAvatar' );
		}

		if ($row->avatar != null && $row->avatar!="") {
			deleteAvatar($row->avatar);
		}

		if ($ueConfig['avatarUploadApproval']==1 && $isModerator==0) {

			$cbNotification	=	new cbNotification();
			$cbNotification->sendToModerators(_UE_IMAGE_ADMIN_SUB,_UE_IMAGE_ADMIN_MSG);

			$_CB_database->setQuery("UPDATE #__comprofiler SET avatar='" . $_CB_database->getEscaped($newFileName) . "', avatarapproved=0 WHERE id=" . (int) $row->id);
			$redMsg			=	_UE_UPLOAD_PEND_APPROVAL;
		} else {
			$_CB_database->setQuery("UPDATE #__comprofiler SET avatar='" . $_CB_database->getEscaped($newFileName) . "', avatarapproved=1, lastupdatedate=". $_CB_database->Quote( $_CB_framework->dateDbOfNow() ) . " WHERE id=" . (int) $row->id);
			$redMsg			=	_UE_UPLOAD_SUCCESSFUL;
		}

		$_CB_database->query();

		$_PLUGINS->trigger( 'onAfterUserAvatarUpdate', array(&$row,&$row,$isModerator,$newFileName) );
		cbRedirectToProfile( $row->id, $redMsg );

	} elseif ( $do == 'fromgallery' ) {

		// simple spoof check security
		cbSpoofCheck( 'userAvatar' );

		if( ! $ueConfig['allowAvatarGallery'] ) {
			cbNotAuth();
			return;
		}

		$newAvatar = cbGetParam( $_POST, 'newavatar', null );
		if ( ( $newAvatar == '' ) || preg_match( '/[^-_a-zA-Z0-9.]/', $newAvatar ) || ( strpos( $newAvatar, '..' ) !== false ) ) {
			cbRedirectToProfile( $row->id, _UE_UPLOAD_ERROR_CHOOSE, 'userAvatar' );
		}
		$_CB_database->setQuery( "UPDATE #__comprofiler SET avatar = " . $_CB_database->Quote( 'gallery/' . $newAvatar )
								. ", avatarapproved=1, lastupdatedate = " . $_CB_database->Quote( $_CB_framework->dateDbOfNow() )
								. " WHERE id = " . (int) $row->id);
		if( ! $_CB_database->query() ) {
			$msg	=	_UE_USER_PROFILE_NOT;
		}else {
			// delete old avatar:
			deleteAvatar( $row->avatar );
			$msg	=	_UE_USER_PROFILE_UPDATED;
		}
		cbRedirectToProfile( $row->id, $msg );

	} elseif ( $do == 'deleteavatar' ) {

		if ( $row->avatar != null && $row->avatar != "" ) {
			deleteAvatar( $row->avatar );
			$_CB_database->setQuery("UPDATE  #__comprofiler SET avatar=null, avatarapproved=1, lastupdatedate=" . $_CB_database->Quote( $_CB_framework->dateDbOfNow() ) . " WHERE id=" . (int) $row->id);
			$_CB_database->query();
		}

		cbRedirectToProfile( $row->id, _USER_DETAILS_SAVE );
	}
}
 function sendUserEmail($toid, $fromid, $subject, $message, $revealEmail = false)
 {
     global $_CB_framework, $_CB_database, $ueConfig, $_SERVER;
     if (!$subject && !$message) {
         return true;
     }
     $rowFrom = new moscomprofilerUser($_CB_database);
     $rowFrom->load((int) $fromid);
     $rowTo = new moscomprofilerUser($_CB_database);
     $rowTo->load((int) $toid);
     $uname = getNameFormat($rowFrom->name, $rowFrom->username, $ueConfig['name_format']);
     if ($revealEmail) {
         if (isset($ueConfig['allow_email_replyto']) && $ueConfig['allow_email_replyto'] == 2) {
             $rowFrom->replytoEmail = $rowFrom->email;
             $rowFrom->replytoName = $uname;
             $rowFrom->email = $ueConfig['reg_email_from'];
         } else {
             // if (!isset($ueConfig['allow_email_replyto']) || $ueConfig['allow_email_replyto'] == 1)
             $rowFrom->replytoEmail = null;
             $rowFrom->replytoName = null;
             $rowFrom->email = $rowFrom->email;
         }
     } else {
         $rowFrom->replytoEmail = null;
         $rowFrom->replytoName = null;
         $rowFrom->name = _UE_NOTIFICATIONSAT . " " . cb_html_entity_decode_all($_CB_framework->getCfg('sitename'));
         $rowFrom->email = $ueConfig['reg_email_from'];
         $message .= "\n\n" . sprintf(_UE_EMAILFOOTER, cb_html_entity_decode_all($_CB_framework->getCfg('sitename')), $_CB_framework->getCfg('live_site')) . "\n";
     }
     return $this->_sendEmailMSG($rowTo, $rowFrom, $subject, $message, $revealEmail);
 }
Пример #5
0
	function drawUsersList( $uid, $listid, $searchFormValuesRAW ) {
		global $_CB_database, $_CB_framework, $ueConfig, $Itemid, $_PLUGINS;
	
		$search					=	null;
		$searchGET				=	cbGetParam( $searchFormValuesRAW, 'search' );
		$limitstart				=	(int) cbGetParam( $searchFormValuesRAW, 'limitstart', 0 );
		$searchmode				=	(int) cbGetParam( $searchFormValuesRAW, 'searchmode', 0 );
		$randomParam			=	(int) cbGetParam( $searchFormValuesRAW, 'rand', 0 );
	
		// old search on formated name:
	
	/*	if ( $searchPOST || count( $_POST ) ) {
			// simple spoof check security
			cbSpoofCheck( 'usersList' );
			if ( cbGetParam( $searchFormValuesRAW, "action" ) == "search" ) {
				$search			=	$searchPOST;
			}
		} else
			if ( isset( $searchFormValuesRAW['limitstart'] ) ) {
				$search				=	stripslashes( $searchGET );
			}
	*/
		// get my user and gets the list of user lists he is allowed to see (ACL):
	
		$myCbUser				=&	CBuser::getInstance( $uid );
		if ( $myCbUser === null ) {
			$myCbUser			=&	CBuser::getInstance( null );
		}
		$myUser					=&	$myCbUser->getUserData();
	/*
		$myUser					=	new moscomprofilerUser( $_CB_database );
		if ( $uid ) {
			$myUser->load( (int) $uid );
		}
	*/
		$useraccessgroupSQL		=	" AND useraccessgroupid IN (".implode(',',getChildGIDS(userGID($uid))).")";
		$_CB_database->setQuery( "SELECT listid, title FROM #__comprofiler_lists WHERE published=1" . $useraccessgroupSQL . " ORDER BY ordering" );
		$plists					=	$_CB_database->loadObjectList();
		$lists					=	array();
		$publishedlists			=	array();
	
		for ( $i=0, $n=count( $plists ); $i < $n; $i++ ) {
			$plist				=&	$plists[$i];
			$listTitleNoHtml	=	strip_tags( cbReplaceVars( getLangDefinition( $plist->title ), $myUser, false, false ) );
		   	$publishedlists[]	=	moscomprofilerHTML::makeOption( $plist->listid, $listTitleNoHtml );
		}
	
		// select either list selected or default list to which he has access (ACL):
	
		if ( $listid == 0 ) {
			$_CB_database->setQuery( "SELECT listid FROM #__comprofiler_lists "
			. "\n WHERE `default`=1 AND published=1" . $useraccessgroupSQL );
			$listid				=	(int) $_CB_database->loadresult();
			if ( $listid == 0 && ( count( $plists ) > 0 ) ) {
				$listid			=	(int) $plists[0]->listid;
			}
		}
		if ( ! ( $listid > 0 ) ) {
			echo _UE_NOLISTFOUND;
			return;
		}
	
		// generates the drop-down list of lists:
	
		if ( count( $plists ) > 1 ) {
			$lists['plists']	=	moscomprofilerHTML::selectList( $publishedlists, 'listid', 'class="inputbox" size="1" onchange="this.form.submit();"', 'value', 'text', $listid, 1 );
		}
	
		// loads the list record:
	
		$row					=	new moscomprofilerLists( $_CB_database );
		if ( ( ! $row->load( (int) $listid ) ) || ( $row->published != 1 ) ) {
			echo _UE_LIST_DOES_NOT_EXIST;
			return;
		}
		if ( ! allowAccess( $row->useraccessgroupid,'RECURSE', userGID($uid) ) ) {
			echo _UE_NOT_AUTHORIZED;
			return;
		}
	
		$params					=	new cbParamsBase( $row->params );
	
		$hotlink_protection		=	$params->get( 'hotlink_protection', 0 );
		if ( $hotlink_protection == 1 ) {
			if ( ( $searchGET !== null ) || $limitstart ) {
				cbSpoofCheck( 'usersList', 'GET' );
			}
		}
	
		$limit					=	(int) $params->get( 'list_limit' );
		if ( $limit == 0 ) {
			$limit				=	(int) $ueConfig['num_per_page'];
		}
	
		$showPaging				=	$params->get( 'list_paging', 1 );
		if ( $showPaging != 1 ) {
			$limitstart			=	0;
		}
	
		$isModerator			=	isModerator( $_CB_framework->myId() );
	
		$_PLUGINS->loadPluginGroup( 'user' );
		// $plugSearchFieldsArray	=	$_PLUGINS->trigger( 'onStartUsersList', array( &$listid, &$row, &$search, &$limitstart, &$limit ) );
		$_PLUGINS->trigger( 'onStartUsersList', array( &$listid, &$row, &$search, &$limitstart, &$limit ) );
	
		// handles the users allowed to be listed in the list by ACL:
	
		$allusergids			=	array();
		$usergids				=	explode( ',', $row->usergroupids );
	/*	This was a bug tending to list admins when "public backend" was checked, and all frontend users when "public backend was checked. Now just ignore them:
		foreach( $usergids AS $usergid ) {
			$allusergids[]		=	$usergid;
			if ($usergid==29 || $usergid==30) {
				$groupchildren	=	array();
				$groupchildren	=	$_CB_framework->acl->get_group_children( $usergid, 'ARO','RECURSE' );
				$allusergids	=	array_merge($allusergids,$groupchildren);
			}
		}
	*/
		$allusergids			=	array_diff( $usergids, array( 29, 30 ) );
		$usergids				=	implode( ",", $allusergids );
	
		// build SQL Select query:
	
		$random					=	0;
		if( $row->sortfields != '' ) {
			$matches			=	null;
			if ( preg_match( '/^RAND\(\)\s(ASC|DESC)$/', $row->sortfields, $matches ) ) {
				// random sorting needs to have same seed on pages > 1 to not have probability to show same users:
				if ( $limitstart ) {
					$random		=	(int) $randomParam;
				}
				if ( ! $random ) {
					$random		=	rand( 0, 32767 );
				}
				$row->sortfields =	'RAND(' . (int) $random . ') ' . $matches[1];
			}
			$orderby			=	"\n ORDER BY " . $row->sortfields;
		}
		$filterby				=	'';
		if ( $row->filterfields != '' ) {
			$filterRules		=	utf8RawUrlDecode( substr( $row->filterfields, 1 ) );
	
			if ( $_CB_framework->myId() ) {
				$user			=	new moscomprofilerUser( $_CB_database );
				if ( $user->load( (int) $_CB_framework->myId() ) ) {
					$filterRules	=	cbReplaceVars( $filterRules, $user, array( $_CB_database, 'getEscaped' ), false, array() );
				}
			}
			$filterby			=	" AND ". $filterRules;
		}
	
		// Prepare part after SELECT .... " and before "FROM" :
	
		$tableReferences		=	array( '#__comprofiler' => 'ue', '#__users' => 'u' );
	
		// Fetch all fields:
	
		$tabs					=	$myCbUser->_getCbTabs();		//	new cbTabs( 0, 1 );		//TBD: later: this private method should not be called here, but the whole users-list should go into there and be called here.
	
		$allFields				=	$tabs->_getTabFieldsDb( null, $myUser, 'list' );
		// $_CB_database->setQuery( "SELECT * FROM #__comprofiler_fields WHERE published = 1" );
		// $allFields				=	$_CB_database->loadObjectList( 'fieldid', 'moscomprofilerFields', array( &$_CB_database ) );
	
	
		//Make columns array. This array will later be constructed from the tabs table:
	
		$columns				=	array();
	
		for ( $i = 1; $i < 50; ++$i ) {
			$enabledVar			=	"col".$i."enabled";
	
			if ( ! isset( $row->$enabledVar ) ) {
				break;
			}
			$titleVar			=	"col".$i."title";
			$fieldsVar			=	"col".$i."fields";
			$captionsVar		=	"col".$i."captions";
	
			if ( $row->$enabledVar == 1 ) {
				$col			=	new stdClass();
				$col->fields	=	( $row->$fieldsVar ? explode( '|*|', $row->$fieldsVar ) : array() );
				$col->title		=	$row->$titleVar;
				$col->titleRendered		=	$myCbUser->replaceUserVars( $col->title );
				$col->captions	=	$row->$captionsVar;
				// $col->sort	=	1; //All columns can be sorted
				$columns[$i]	=	$col;
			}
		}
	
		// build fields and tables accesses, also check for searchable fields:
	
		$searchableFields		=	array();
		$fieldsSQL				=	cbUsersList::getFieldsSQL( $columns, $allFields, $tableReferences, $searchableFields, $params );
	
		$_PLUGINS->trigger( 'onAfterUsersListFieldsSql', array( &$columns, &$allFields, &$tableReferences ) );
	
		$tablesSQL				=	array();
		$joinsSQL				=	array();
		$tablesWhereSQL			=	array(	'block'		=>	'u.block = 0',
											'approved'	=>	'ue.approved = 1',
											'confirmed'	=>	'ue.confirmed = 1'
										 );
	
		if ( checkJversion() == 2 ) {
			$joinsSQL[]				=	'JOIN #__user_usergroup_map g ON g.`user_id` = u.`id`';
		}
	
		if ( ! $isModerator ) {
			$tablesWhereSQL['banned']	=	'ue.banned = 0';
		}
		if ( $usergids ) {
			if ( checkJversion() == 2 ) {
				$tablesWhereSQL['gid']	=	'g.group_id IN (' . $usergids . ')';
			} else {
				$tablesWhereSQL['gid']	=	'u.gid IN (' . $usergids . ')';
			}
		}
	
		foreach ( $tableReferences as $table => $name ) {
			$tablesSQL[]				=	$table . ' ' . $name;
			if ( $name != 'u' ) {
				$tablesWhereSQL[]		=	"u.`id` = " . $name . ".`id`";
			}
		}
	
		// handles search criterias:
	
		$list_compare_types		=	$params->get( 'list_compare_types', 0 );
		$searchVals				=	new stdClass();
		$searchesFromFields		=	$tabs->applySearchableContents( $searchableFields, $searchVals, $searchFormValuesRAW, $list_compare_types );
		$whereFields			=	$searchesFromFields->reduceSqlFormula( $tableReferences, $joinsSQL, TRUE );
		if ( $whereFields ) {
			$tablesWhereSQL[]	=	'(' . $whereFields . ')';
	/*
			if ( $search === null ) {
				$search			=	'';
			}
	*/
		}
	
		$_PLUGINS->trigger( 'onBeforeUsersListBuildQuery', array( &$tablesSQL, &$joinsSQL, &$tablesWhereSQL ) );
	
		$queryFrom				=	"FROM " . implode( ', ', $tablesSQL )
								.	( count( $joinsSQL ) ? "\n " . implode( "\n ", $joinsSQL ) : '' )
								.	"\n WHERE " . implode( "\n AND ", $tablesWhereSQL );
	
		// handles old formatted names search:
	/*
		if ( $search != '' ) {
			$searchSQL			=	cbEscapeSQLsearch( strtolower( $_CB_database->getEscaped( $search ) ) );
			$queryFrom 			.=	" AND (";
	
			$searchFields		=	array();
			if ( $ueConfig['name_format']!='3' ) {
				$searchFields[]	=	"u.name LIKE '%%s%'";
			}
			if ( $ueConfig['name_format']!='1' ) {
				$searchFields[]	=	"u.username LIKE '%%s%'";
			}
			if ( is_array( $plugSearchFieldsArray ) ) {
				foreach ( $plugSearchFieldsArray as $v ) {
					if ( is_array( $v ) ) {
						$searchFields	=	array_merge( $searchFields, $v );
					}
				}
			}
			$queryFrom			.=	str_replace( '%s', $searchSQL, implode( " OR ", $searchFields ) );
			$queryFrom			.=	")";
		}
	*/
		$queryFrom				.=	" " . $filterby;
	
		$_PLUGINS->trigger( 'onBeforeUsersListQuery', array( &$queryFrom, 1, $listid ) );	// $uid = 1
	
		$errorMsg		=	null;
	
		// counts number of users and loads the listed fields of the users if not in search-form-only mode:
	
		if ( $searchmode == 0 ) {
			if ( checkJversion() == 2 ) {
				$_CB_database->setQuery( "SELECT COUNT(DISTINCT u.id) " . $queryFrom );
			} else {
			$_CB_database->setQuery( "SELECT COUNT(*) " . $queryFrom );
			}
			$total					=	$_CB_database->loadResult();
	
			if ( ( $limit > $total ) || ( $limitstart >= $total ) ) {
				$limitstart			=	0;
			}
	
			// $query					=	"SELECT u.id, ue.banned, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby
			if ( checkJversion() == 2 ) {
				$query				=	"SELECT DISTINCT ue.*, u.*, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby;
			} else {
				$query				=	"SELECT ue.*, u.*, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby;
			}
			$_CB_database->setQuery( $query, (int) $limitstart, (int) $limit );
			$users				=	$_CB_database->loadObjectList( null, 'moscomprofilerUser', array( &$_CB_database ) );
	
			if ( ! $_CB_database->getErrorNum() ) {
				// creates the CBUsers in cache corresponding to the $users:
				foreach ( array_keys( $users ) as $k) {
					CBuser::setUserGetCBUserInstance( $users[$k] );
				}
			} else {
				$users			=	array();
				$errorMsg		=	_UE_ERROR_IN_QUERY_TURN_SITE_DEBUG_ON_TO_VIEW;
			}
	
			if ( count( get_object_vars( $searchVals ) ) > 0 ) {
				$search			=	'';
			} else {
				$search			=	null;
			}
	
		} else {
			$total				=	null;
			$users				=	array();
			if ( $search === null ) {
				$search			=	'';
			}
		}
	
		// Compute itemId of users in users-list:
	
		if ( $Itemid ) {
			$option_itemid		=	(int) $Itemid;
		} else {
			$option_itemid		=	getCBprofileItemid( 0 );
		}
		HTML_comprofiler::usersList( $row, $users, $columns, $allFields, $lists, $listid, $search, $searchmode, $option_itemid, $limitstart, $limit, $total, $myUser, $searchableFields, $searchVals, $tabs, $list_compare_types, $showPaging, $hotlink_protection, $errorMsg, $random );
	}
Пример #6
0
	function load( $cbUserId ) {
		cbimport( 'cb.tables' );

		$this->_cbuser		=	new moscomprofilerUser( $this->_db );
		return  $this->_cbuser->load( $cbUserId );
	}
Пример #7
0
 /**
  * 
  *
  * @param  moscomprofilerFields  $field
  * @param  moscomprofilerUser    $user
  * @param  string                $reason      'profile' for user profile view, 'edit' for profile edit, 'register' for registration, 'list' for user-lists
  * @param  boolean               $displayFieldIcons
  * @return string                            HTML: <tag type="$type" value="$value" xxxx="xxx" yy="y" />
  */
 function _htmlEditForm(&$field, &$user, $reason, $displayFieldIcons = true)
 {
     global $_CB_framework, $_CB_database, $ueConfig;
     if ($field->name == 'avatar' && !($ueConfig['allowAvatarUpload'] || $ueConfig['allowAvatarGallery'])) {
         return null;
     }
     $name = $field->name;
     $nameapproved = $field->name . 'approved';
     $required = $this->_isRequired($field, $user, $reason);
     $existingAvatar = false;
     if ($user && $user->id) {
         // we can not trust the following, as if another field did error out, it's wrong:
         // $existingAvatar			=	( $user->$name != null );
         // so load from database:
         $realDatabaseUser = new moscomprofilerUser($_CB_database);
         if ($realDatabaseUser->load((int) $user->id)) {
             $existingAvatar = $realDatabaseUser->{$name} != null;
         }
     }
     $html = '<div>';
     $choices = array();
     if ($reason == 'register' || $reason == 'edit' && $user->id == 0) {
         if ($required == 0) {
             $choices[] = moscomprofilerHTML::makeOption('', _UE_AVATAR_NONE);
         }
     } else {
         if ($existingAvatar || $required == 0) {
             $choices[] = moscomprofilerHTML::makeOption('', _UE_AVATAR_NO_CHANGE);
         }
     }
     if ($name != 'avatar' || $ueConfig['allowAvatarUpload']) {
         $choices[] = moscomprofilerHTML::makeOption('upload', $existingAvatar ? _UE_AVATAR_UPLOAD_NEW : _UE_AVATAR_UPLOAD);
     }
     if ($name == 'avatar' && $ueConfig['allowAvatarGallery']) {
         $choices[] = moscomprofilerHTML::makeOption('gallery', _UE_AVATAR_SELECT);
     }
     if ($_CB_framework->getUi() == 2 && $existingAvatar && $user->{$nameapproved} == 0) {
         $choices[] = moscomprofilerHTML::makeOption('approve', _UE_APPROVE_IMAGE);
     }
     if ($existingAvatar && $required == 0) {
         $choices[] = moscomprofilerHTML::makeOption('delete', _UE_DELETE_AVATAR);
     }
     $html .= '<div>';
     if ($reason != 'register' && $user->id != 0 && $existingAvatar) {
         $html .= $this->_avatarHtml($field, $user, $reason) . ' ';
     }
     if ($reason == 'edit' && $existingAvatar && $user->{$nameapproved} == 0 && isModerator($_CB_framework->myId())) {
         $html .= $this->_avatarHtml($field, $user, $reason, false, 10) . ' ';
     }
     if (count($choices) > 1) {
         $additional = ' class="inputbox"';
         if ($_CB_framework->getUi() == 1 && $reason == 'edit' && $field->readonly) {
             $additional .= ' disabled="disabled"';
         }
         $html .= moscomprofilerHTML::selectList($choices, $name . '__choice', $additional, 'value', 'text', '', $required, true, false);
         /*
         			$js							=	"	$('#cbimg_upload_" . $name . ",#cbimg_gallery_" . $name . "').hide();"
         										.	"\n	$('#" . $name . "__choice').click( function() {"
         										.	"\n		var choice = $(this).val();"
         										.	"\n		if ( choice == '' ) {"
         										.	"\n			$('#cbimg_upload_" . $name . "').slideUp('slow');"
         										.	"\n			$('#cbimg_gallery_" . $name . "').slideUp('slow');"
         										.	"\n		} else if ( choice == 'upload' ) {"
         										.	"\n			$('#cbimg_upload_" . $name . "').slideDown('slow');"
         										.	"\n			$('#cbimg_gallery_" . $name . "').slideUp('slow');"
         										.	"\n		} else if ( choice == 'gallery' ) {"
         										.	"\n			$('#cbimg_upload_" . $name . "').slideUp('slow');"
         										.	"\n			$('#cbimg_gallery_" . $name . "').slideDown('slow');"
         										.	"\n		}"
         										.	"\n	} ).click();"
         										;
         */
         static $functOut = false;
         if (!$functOut) {
             $js = "function cbslideImage(choice,uplodid,galleryid) {" . "\n\tif ( ( choice == '' ) || ( choice == 'approve' ) || ( choice == 'delete' ) ) {" . "\n\t\t\$(uplodid).slideUp('slow');" . "\n\t\t\$(galleryid).slideUp('slow');" . "\n\t} else if ( choice == 'upload' ) {" . "\n\t\t\$(uplodid).slideDown('slow');" . "\n\t\t\$(galleryid).slideUp('slow');" . "\n\t} else if ( choice == 'gallery' ) {" . "\n\t\t\$(uplodid).slideUp('slow');" . "\n\t\t\$(galleryid).slideDown('slow');" . "\n\t}" . "\n}";
             $_CB_framework->outputCbJQuery($js);
             $functOut = true;
         }
         $js = "\$('#cbimg_upload_" . $name . ",#cbimg_gallery_" . $name . "').hide();" . "\n\t{" . "\n\t  \$('#" . $name . "__choice').click( function() {" . "\n\t\tcbslideImage( \$(this).val(), '#cbimg_upload_" . $name . "', '#cbimg_gallery_" . $name . "' );" . "\n\t  } ).click();" . "\n\t  \$('#" . $name . "__choice').change( function() {" . "\n\t\tcbslideImage( \$(this).val(), '#cbimg_upload_" . $name . "', '#cbimg_gallery_" . $name . "' );" . "\n\t  } );" . "\n\t}";
         $_CB_framework->outputCbJQuery($js);
     } else {
         $html .= '<input type="hidden" name="' . $name . '__choice" value="' . $choices[0]->value . '" />';
     }
     $html .= $this->_fieldIconsHtml($field, $user, 'htmledit', $reason, 'select', '', null, '', array(), $displayFieldIcons, $required);
     $html .= '</div>';
     if ($name != 'avatar' || $ueConfig['allowAvatarUpload']) {
         $button = $reason == 'register' ? _UE_REGISTER : ($_CB_framework->getUi() == 2 ? _UE_SAVE : _UE_UPDATE);
         $saveFieldName = $field->name;
         $saveFieldRequired = $field->required;
         $field->name .= '__file';
         if ($field->required && $user && isset($user->{$saveFieldName}) && $user->{$saveFieldName}) {
             $field->required = 0;
         }
         $html .= '<div id="cbimg_upload_' . $name . '">' . '<p>' . sprintf(_UE_UPLOAD_DIMENSIONS_AVATAR, $this->_getImageFieldParam($field, 'avatarWidth'), $this->_getImageFieldParam($field, 'avatarHeight'), $this->_getImageFieldParam($field, 'avatarSize')) . '</p>' . '<div>' . _UE_UPLOAD_SELECT_FILE . ' ' . '<input type="file" name="' . $name . '__file" value="" class="inputbox" />' . '</div>' . '<p>' . ($ueConfig['reg_enable_toc'] ? sprintf(_UE_AVATAR_DISCLAIMER_TERMS, $button, "<a href='" . cbSef(htmlspecialchars($ueConfig['reg_toc_url'])) . "' target='_BLANK'> " . _UE_AVATAR_TOC_LINK . "</a>") : sprintf(_UE_AVATAR_DISCLAIMER, $button)) . '</p>' . '</div>';
         $field->name = $saveFieldName;
         $field->required = $saveFieldRequired;
     }
     if ($name == 'avatar' && $ueConfig['allowAvatarGallery']) {
         $live_site = $_CB_framework->getCfg('live_site');
         $avatar_gallery_path = $_CB_framework->getCfg('absolute_path') . '/images/comprofiler/gallery';
         $avatar_images = array();
         $avatar_images = display_avatar_gallery($avatar_gallery_path);
         $html .= '<div id="cbimg_gallery_' . $name . '">' . "\n\t<table width='100%' border='0' cellpadding='4' cellspacing='2'>" . "\n\t\t<tr align='center' valign='middle'>";
         for ($i = 0; $i < count($avatar_images); $i++) {
             $j = $i + 1;
             $avatar_name = ucfirst(str_replace('_', ' ', preg_replace('/^(.*)\\..*$/', '\\1', $avatar_images[$i])));
             $html .= "\n\t\t\t<td>" . '<input type="radio" name="' . $name . '__gallery" id="' . $name . '__gallery_' . $i . '" value="' . $avatar_images[$i] . '" />' . '<label for="' . $name . '__gallery_' . $i . '">' . '<img src="' . $live_site . '/images/comprofiler/gallery/' . $avatar_images[$i] . '" alt="' . $avatar_name . '" title="' . $avatar_name . '" />' . '</label>' . '</td>';
             if (function_exists('fmod')) {
                 if (!fmod($j, 5)) {
                     $html .= "</tr>\n\t\t<tr align=\"center\" valign=\"middle\">";
                 }
             } else {
                 if (!fmodReplace($j, 5)) {
                     // PHP < 4.2.0...
                     $html .= "</tr>\n\t\t<tr align=\"center\" valign=\"middle\">";
                 }
             }
         }
         $html .= "\n\t\t</tr>\n\t\t" . "\n\t</table>" . '</div>';
     }
     $html .= '</div>';
     return $html;
 }
Пример #8
0
	/**
	* gets PMS unread messages count
	* @param	int user id
	* @return	mixed number of messages unread by user $userid or false if ErrorMSG generated
	*/
	function getPMSunreadCount($userid) {
		global $_CB_database;

		$params = $this->params;
		$pmsType = $params->get('pmsType', '1');

		if (!$this->_checkPMSinstalled($pmsType)) {
			return false;
		}

		$user = new moscomprofilerUser( $_CB_database );
		$user->load( (int) $userid );
		
		SWITCH($pmsType) {
			case 1:
				$query_pms_count = "SELECT count(id) FROM #__pms WHERE username='******' AND readstate=0";
				$_CB_database->setQuery( $query_pms_count );
				$total_pms = $_CB_database->loadResult();
				break;
			case 2:
				$query_pms_count = "SELECT count(id) FROM #__mypms WHERE username='******' AND readstate=0";
				$_CB_database->setQuery( $query_pms_count );
				$total_pms = $_CB_database->loadResult();
				break;
			case 3:
			case 4:
				$sql="SELECT count(id) FROM #__uddeim WHERE toread<1 AND toid=".(int) $userid;
				$_CB_database->setQuery($sql);
				$total_pms = $_CB_database->loadResult();	
				break;			
			case 5:
				$query_pms_count = "SELECT count(id) FROM #__pms WHERE recip_id=" . (int) $userid ." AND readstate%2=0 AND inbox=1";
				$_CB_database->setQuery( $query_pms_count );
				$total_pms = $_CB_database->loadResult();
				break;
			case 6:
				$query_pms_count = "SELECT count(id) FROM #__jim WHERE username='******' AND readstate=0";
				$_CB_database->setQuery( $query_pms_count );
				$total_pms = $_CB_database->loadResult();
				break;
			default:
				$this->_setErrorMSG("Incorrect PMS type");
				$total_pms = false;
				break;
		}
		return $total_pms;
	}
 /**
  * Logins on host CMS using any allowed authentication methods
  *
  * @param  string          $username        The username
  * @param  string|boolean  $password        Well, The password OR strictly boolean false for login without password
  * @param  boolean         $rememberMe      If login should be remembered in a cookie to be sent back to user's browser
  * @param  boolean         $message         If an alert message should be prepared on successful login
  * @param  string          $return          IN & OUT: IN: return URL NOT SEFED for normal login completition (unless an event says different), OUT: redirection url (no htmlspecialchars) NOT SEFED
  * @param  array           $messagesToUser  OUT: messages to display to user (html)
  * @param  array           $alertmessages   OUT: messages to alert to user (text)
  * @param  int             $loginType       0: username, 1: email, 2: username or email, 3: username, email or CMS authentication
  */
 function login($username, $password, $rememberMe, $message, &$return, &$messagesToUser, &$alertmessages, $loginType = 0)
 {
     global $_CB_database, $_CB_framework, $ueConfig, $_PLUGINS;
     $returnURL = null;
     if (!$username || !$password && $password !== false) {
         $resultError = _LOGIN_INCOMPLETE;
     } else {
         $_PLUGINS->loadPluginGroup('user');
         $_PLUGINS->trigger('onBeforeLogin', array(&$username, &$password));
         $resultError = null;
         $showSysMessage = true;
         $stopLogin = false;
         $loggedIn = false;
         if ($_PLUGINS->is_errors()) {
             $resultError = $_PLUGINS->getErrorMSG();
         } else {
             $row = new moscomprofilerUser($_CB_database);
             $foundUser = false;
             // Try login by CB authentication trigger:
             $_PLUGINS->trigger('onLoginAuthentication', array(&$username, &$password, &$row, $loginType, &$foundUser, &$stopLogin, &$resultError, &$messagesToUser, &$alertmessages, &$return));
             if (!$foundUser) {
                 if ($loginType != 2) {
                     // login by username:
                     $foundUser = $row->loadByUsername($username) && ($password === false || $row->verifyPassword($password));
                 }
                 if (!$foundUser && $loginType >= 1) {
                     // login by email:
                     $foundUser = $row->loadByEmail($username) && ($password === false || $row->verifyPassword($password));
                     if ($foundUser) {
                         $username = $row->username;
                     }
                 }
                 if (!$foundUser && $loginType > 2) {
                     // If no result, try login by CMS authentication:
                     if ($_CB_framework->login($username, $password, $rememberMe)) {
                         $foundUser = $row->load((int) $_CB_framework->myId());
                         // core user might not have username set, so we use id (bug #3303 fix)
                         cbSplitSingleName($row);
                         $row->confirmed = 1;
                         $row->approved = 1;
                         $row->store();
                         // synchronizes with comprofiler table
                         $loggedIn = true;
                     }
                 }
             }
             if ($foundUser) {
                 $returnPluginsOverrides = null;
                 $pluginResults = $_PLUGINS->trigger('onDuringLogin', array(&$row, 1, &$returnPluginsOverrides));
                 if ($returnPluginsOverrides) {
                     $return = $returnPluginsOverrides;
                 }
                 if (is_array($pluginResults) && count($pluginResults)) {
                     foreach ($pluginResults as $res) {
                         if (is_array($res)) {
                             if (isset($res['messagesToUser'])) {
                                 $messagesToUser[] = $res['messagesToUser'];
                             }
                             if (isset($res['alertMessage'])) {
                                 $alertmessages[] = $res['alertMessage'];
                             }
                             if (isset($res['showSysMessage'])) {
                                 $showSysMessage = $showSysMessage && $res['showSysMessage'];
                             }
                             if (isset($res['stopLogin'])) {
                                 $stopLogin = $stopLogin || $res['stopLogin'];
                             }
                         }
                     }
                 }
                 if ($_PLUGINS->is_errors()) {
                     $resultError = $_PLUGINS->getErrorMSG();
                 } elseif ($stopLogin) {
                     // login stopped: don't even check for errors...
                 } elseif ($row->approved == 2) {
                     $resultError = _LOGIN_REJECTED;
                 } elseif ($row->confirmed != 1) {
                     if ($row->cbactivation == '') {
                         $row->store();
                         // just in case the activation code was missing
                     }
                     $cbNotification = new cbNotification();
                     $cbNotification->sendFromSystem($row->id, getLangDefinition(stripslashes($ueConfig['reg_pend_appr_sub'])), getLangDefinition(stripslashes($ueConfig['reg_pend_appr_msg'])));
                     $resultError = _LOGIN_NOT_CONFIRMED;
                 } elseif ($row->approved == 0) {
                     $resultError = _LOGIN_NOT_APPROVED;
                 } elseif ($row->block == 1) {
                     $resultError = _UE_LOGIN_BLOCKED;
                 } elseif ($row->lastvisitDate == '0000-00-00 00:00:00') {
                     if (isset($ueConfig['reg_first_visit_url']) and $ueConfig['reg_first_visit_url'] != "") {
                         $return = $ueConfig['reg_first_visit_url'];
                     } else {
                         $return = $returnPluginsOverrides;
                         // by default return to homepage on first login (or on page overridden by plugin).
                     }
                     $_PLUGINS->trigger('onBeforeFirstLogin', array(&$row, $username, $password, &$return));
                     if ($_PLUGINS->is_errors()) {
                         $resultError = $_PLUGINS->getErrorMSG("<br />");
                     }
                 }
             } else {
                 if ($loginType < 2) {
                     $resultError = _LOGIN_INCORRECT;
                 } else {
                     $resultError = _UE_INCORRECT_EMAIL_OR_PASSWORD;
                 }
             }
         }
         if ($resultError) {
             if ($showSysMessage) {
                 $alertmessages[] = $resultError;
             }
         } elseif (!$stopLogin) {
             if (!$loggedIn) {
                 $_PLUGINS->trigger('onDoLoginNow', array($username, $password, $rememberMe, &$row, &$loggedIn, &$resultError, &$messagesToUser, &$alertmessages, &$return));
             }
             if (!$loggedIn) {
                 $_CB_framework->login($username, $password, $rememberMe);
                 $loggedIn = true;
             }
             $_PLUGINS->trigger('onAfterLogin', array(&$row, $loggedIn));
             if ($loggedIn && $message && $showSysMessage) {
                 $alertmessages[] = _LOGIN_SUCCESS;
             }
             if (!$loggedIn) {
                 $resultError = _LOGIN_INCORRECT;
             }
             // changing com_comprofiler to comprofiler is a quick-fix for SEF ON on return path...
             if ($return && !(strpos($return, 'comprofiler') && (strpos($return, 'login') || strpos($return, 'logout') || strpos($return, 'registers') || strpos(strtolower($return), 'lostpassword')))) {
                 // checks for the presence of a return url
                 // and ensures that this url is not the registration or login pages
                 $returnURL = $return;
             } elseif (!$returnURL) {
                 $returnURL = 'index.php';
             }
         }
     }
     $return = $returnURL;
     return $resultError;
 }
Пример #10
0
	function saveUser( $option ) {
		global $_CB_framework, $_CB_database, $_POST, $_PLUGINS;

		$this->_importNeeded();
		$this->_importNeededSave();

		if ( ! ( isset( $_POST['approved'] ) && isset( $_POST['confirmed'] ) && isset( $_POST['username'] ) ) ) {
			echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Not Authorized') ) ."'); window.history.go(-1);</script>\n";
			exit;
		}
	
		// Check rights to access:
	
		$myGid						=	userGID( $_CB_framework->myId() );
		$userIdPosted				=	(int) cbGetParam($_POST, "id", 0 );
		if ( $userIdPosted == 0 ) {
			$_POST['id']			=	null;
		}

		$adminGroups				=	$_CB_framework->acl->mapGroupNamesToValues( array( 'Administrator', 'Superadministrator' ) );
		
		if ( $userIdPosted != 0 ) {
			$msg					=	checkCBpermissions( array( $userIdPosted ), 'save', in_array( $myGid, $adminGroups ) );
		} else {
			$msg					=	checkCBpermissions( null, 'save', in_array( $myGid, $adminGroups ) );
		}
		if ($msg) {
			echo "<script type=\"text/javascript\"> alert('" . addslashes( $msg ) . "'); window.history.go(-1);</script>\n";
			exit;
		}
	
		$_PLUGINS->loadPluginGroup('user');
	
		// Get current user state:
	
		$userComplete				=	new moscomprofilerUser( $_CB_database );
		if ( $userIdPosted != 0 ) {
			if ( ! $userComplete->load( (int) $userIdPosted ) ) {
				echo "<script type=\"text/javascript\"> alert('" . addslashes( _UE_USER_PROFILE_NOT ) . "'); window.history.go(-1);</script>\n";
				return;
			}
		}
	
		// Store new user state:
	
		$saveResult					=	$userComplete->saveSafely( $_POST, $_CB_framework->getUi(), 'edit' );
		if ( ! $saveResult ) {
			$regErrorMSG			=	$userComplete->getError();
	
			$msg					=	checkCBpermissions( array( $userComplete->id ), "edit", true );
			if ($msg) {
				echo "<script type=\"text/javascript\"> alert('" . addslashes( $msg ) ."'); window.history.go(-1);</script>\n";
				exit;
			}
	
			echo "<script type=\"text/javascript\">alert('" . str_replace( '\\\\n', '\\n', addslashes( strip_tags( str_replace( '<br />', '\\n', $regErrorMSG ) ) ) ) . "'); </script>\n";
			global $_CB_Backend_task;
			$_CB_Backend_task		=	'edit';			// so the toolbar comes up...
			$_PLUGINS->loadPluginGroup( 'user' );		// resets plugin errors
			$usersView					=	_CBloadView( 'user' );
			$usersView->edituser( $userComplete, $option, ( $userComplete->user_id != null ? '0' : '1' ), $_POST );
			// echo "<script type=\"text/javascript\">alert('" . addslashes( str_replace( '<br />', '\n', $userComplete->getError() ) ) . "'); window.history.go(-1);</script>\n";
			return;
		}
	
		// Checks-in the row:
		$userComplete->checkin();
	
		cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showusers" ), sprintf(CBTxt::T('Successfully Saved User: %s'), $userComplete->username) );
	}