/** * save invite * * @param int $id * @param UserTable $user */ private function saveInviteEdit( $id, $user ) { global $_CB_framework, $_CB_database, $_PLUGINS; $row = new InviteTable(); $row->load( (int) $id ); $isModerator = CBGroupJive::isModerator( $user->get( 'id' ) ); $groupId = $this->input( 'group', null, GetterInterface::INT ); if ( $groupId === null ) { $group = $row->group(); } else { $group = CBGroupJive::getGroup( $groupId ); } $returnUrl = $_CB_framework->pluginClassUrl( $this->element, false, array( 'action' => 'groups', 'func' => 'show', 'id' => (int) $group->get( 'id' ) ) ); if ( ! CBGroupJive::canAccessGroup( $group, $user ) ) { cbRedirect( $returnUrl, CBTxt::T( 'Group does not exist.' ), 'error' ); } elseif ( $row->get( 'id' ) && ( $user->get( 'id' ) != $row->get( 'user_id' ) ) ) { cbRedirect( $returnUrl, CBTxt::T( 'You do not have sufficient permissions to edit this invite.' ), 'error' ); } elseif ( ! $isModerator ) { if ( ( $group->get( 'published' ) == -1 ) || ( ( ! $this->params->get( 'groups_invites_display', 1 ) ) && ( $group->get( 'type' ) != 3 ) ) ) { cbRedirect( $returnUrl, CBTxt::T( 'You do not have access to invites in this group.' ), 'error' ); } elseif ( ( ! $row->get( 'id' ) ) && ( ! CBGroupJive::canCreateGroupContent( $user, $group, 'invites' ) ) ) { cbRedirect( $returnUrl, CBTxt::T( 'You do not have sufficient permissions to create an invite in this group.' ), 'error' ); } } $skipCaptcha = false; $row->set( 'message', $this->input( 'post/message', $row->get( 'message' ), GetterInterface::STRING ) ); if ( ! $row->get( 'id' ) ) { $row->set( 'user_id', (int) $row->get( 'user_id', $user->get( 'id' ) ) ); $row->set( 'group', (int) $group->get( 'id' ) ); $to = $this->input( 'post/to', null, GetterInterface::STRING ); $selected = (int) $this->input( 'post/selected', 0, GetterInterface::INT ); if ( $selected ) { $token = $this->input( 'post/token', null, GetterInterface::STRING ); if ( $token ) { if ( $token == md5( $row->get( 'user_id' ) . $to . $row->get( 'group' ) . $row->get( 'message' ) . $_CB_framework->getCfg( 'secret' ) ) ) { $skipCaptcha = true; $row->set( 'user', (int) $selected ); } } elseif ( $this->params->get( 'groups_invites_list', 0 ) ) { $connections = array(); $cbConnection = new cbConnection( (int) $user->get( 'id' ) ); foreach( $cbConnection->getConnectedToMe( (int) $user->get( 'id' ) ) as $connection ) { $connections[] = (int) $connection->id; } if ( in_array( $selected, $connections ) ) { $row->set( 'user', (int) $selected ); } } } else { $inviteByLimit = explode( '|*|', $this->params->get( 'groups_invites_by', '1|*|2|*|3|*|4' ) ); if ( ! $inviteByLimit ) { $inviteByLimit = array( 1, 2, 3, 4 ); } $recipient = new UserTable(); if ( in_array( 1, $inviteByLimit ) && $recipient->load( (int) $to ) ) { $row->set( 'user', (int) $recipient->get( 'id' ) ); } elseif ( in_array( 4, $inviteByLimit ) && cbIsValidEmail( $to ) ) { if ( $recipient->load( array( 'email' => $to ) ) ) { $row->set( 'user', (int) $recipient->get( 'id' ) ); } else { $row->set( 'email', $to ); } } elseif ( in_array( 2, $inviteByLimit ) && $recipient->load( array( 'username' => $to ) ) ) { $row->set( 'user', (int) $recipient->get( 'id' ) ); } elseif ( in_array( 3, $inviteByLimit ) ) { $query = 'SELECT cb.' . $_CB_database->NameQuote( 'id' ) . "\n FROM " . $_CB_database->NameQuote( '#__comprofiler' ) . " AS cb" . "\n LEFT JOIN " . $_CB_database->NameQuote( '#__users' ) . " AS j" . ' ON j.' . $_CB_database->NameQuote( 'id' ) . ' = cb.' . $_CB_database->NameQuote( 'id' ) . "\n LEFT JOIN " . $_CB_database->NameQuote( '#__groupjive_users' ) . " AS u" . ' ON u.' . $_CB_database->NameQuote( 'user_id' ) . ' = cb.' . $_CB_database->NameQuote( 'id' ) . ' AND u.' . $_CB_database->NameQuote( 'group' ) . ' = ' . (int) $group->get( 'id' ) . "\n LEFT JOIN " . $_CB_database->NameQuote( '#__groupjive_invites' ) . " AS i" . ' ON i.' . $_CB_database->NameQuote( 'group' ) . ' = ' . (int) $group->get( 'id' ) . ' AND i.' . $_CB_database->NameQuote( 'user' ) . ' = cb.' . $_CB_database->NameQuote( 'id' ) . "\n WHERE j." . $_CB_database->NameQuote( 'name' ) . " LIKE " . $_CB_database->Quote( '%' . $_CB_database->getEscaped( $to, true ) . '%', false ) . "\n AND cb." . $_CB_database->NameQuote( 'approved' ) . " = 1" . "\n AND cb." . $_CB_database->NameQuote( 'confirmed' ) . " = 1" . "\n AND j." . $_CB_database->NameQuote( 'block' ) . " = 0" . "\n AND u." . $_CB_database->NameQuote( 'id' ) . " IS NULL" . "\n AND i." . $_CB_database->NameQuote( 'id' ) . " IS NULL" . "\n ORDER BY j." . $_CB_database->NameQuote( 'registerDate' ) . " DESC"; $_CB_database->setQuery( $query, 0, 15 ); $users = $_CB_database->loadResultArray(); if ( $users ) { if ( count( $users ) > 1 ) { CBGroupJive::getTemplate( 'invite_list' ); CBuser::advanceNoticeOfUsersNeeded( $users ); HTML_groupjiveInviteList::showInviteList( $to, $users, $row, $group, $user, $this ); return; } else { $row->set( 'user', (int) $users[0] ); } } } } } if ( ( ! $isModerator ) && $this->params->get( 'groups_create_captcha', 0 ) && ( ! $skipCaptcha ) ) { $_PLUGINS->loadPluginGroup( 'user' ); $_PLUGINS->trigger( 'onCheckCaptchaHtmlElements', array() ); if ( $_PLUGINS->is_errors() ) { $row->setError( $_PLUGINS->getErrorMSG() ); } } $new = ( $row->get( 'id' ) ? false : true ); if ( $row->getError() || ( ! $row->check() ) ) { $_CB_framework->enqueueMessage( CBTxt::T( 'GROUP_INVITE_FAILED_TO_SAVE', 'Invite failed to save! Error: [error]', array( '[error]' => $row->getError() ) ), 'error' ); $this->showInviteEdit( $id, $user ); return; } if ( $row->getError() || ( ! $row->store() ) ) { $_CB_framework->enqueueMessage( CBTxt::T( 'GROUP_INVITE_FAILED_TO_SAVE', 'Invite failed to save! Error: [error]', array( '[error]' => $row->getError() ) ), 'error' ); $this->showInviteEdit( $id, $user ); return; } if ( $new ) { cbRedirect( $returnUrl, CBTxt::T( 'Invite created successfully!' ) ); } else { cbRedirect( $returnUrl, CBTxt::T( 'Invite saved successfully!' ) ); } }
/** * Deletes a user without any check or warning, and related reports, sessions * * @deprecated 2.0 Use UserTable()->load( $condition or $id )->delete( null, $cbUserOnly ) * * @param int $id User id * @param string $condition ONLY allowed string: "return (\$user->block == 1);" (CBSubs 3.0.0) php condition string on $user e.g. "return (\$user->block == 1);" * @param boolean $inComprofilerOnly deletes user only in CB, not in Mambo/Joomla * @return null|boolean|string '' if user deleted and found ok, NULL if user not found, FALSE if condition was not met, STRING error in case of error raised by plugin */ function cbDeleteUser($id, $condition = null, $inComprofilerOnly = false) { if (!$id) { return null; } $user = new UserTable(); if ($inComprofilerOnly) { $user->load(array('user_id' => (int) $id)); } else { $user->load((int) $id); } if (!$user->id) { return null; } if ($condition == null || eval($condition)) { if (!$user->delete((int) $id, $inComprofilerOnly)) { return $user->getError(); } return ''; } return false; }
/** * Notifies connection changes * * @param int $userId * @param int $connectionId * @param string $msg * @param string $subject * @param string $messageHTML * @param string $messageText * @param string $userMessage * @return boolean */ protected function _notifyConnectionChange( $userId, $connectionId, $msg, $subject, $messageHTML, $messageText, $userMessage = null ) { global $_CB_framework, $ueConfig; $rowFrom = new UserTable(); $rowFrom->load( (int) $userId ); $fromName = getNameFormat( $rowFrom->name, $rowFrom->username, $ueConfig['name_format'] ); $fromURL = 'index.php?option=com_comprofiler&view=userprofile&user='******'&tab=1' . getCBprofileItemid(true); $fromURL = cbSef( $fromURL ); if ( strncasecmp( 'http', $fromURL, 4 ) != 0 ) { $fromURL = $_CB_framework->getCfg( 'live_site' ) . '/' . $fromURL; } $subject = sprintf( $subject, $fromName ); if ( $userMessage != null ) { $messageHTML .= sprintf( str_replace( "\n", "\n<br />", CBTxt::T( 'UE_CONNECTIONMSGPREFIX', " %s included the following personal message:\n\n%s" ) ), htmlspecialchars( $fromName ), '<strong>' . htmlspecialchars( $userMessage ) . '</strong>' ); $messageText .= sprintf( str_replace( "\n", "\r\n", CBTxt::T( 'UE_CONNECTIONMSGPREFIX', " %s included the following personal message:\n\n%s" ) ), $fromName, $userMessage ); } $notificationMsgHTML = sprintf( $messageHTML, '<strong><a href="' . $fromURL . '">' . htmlspecialchars( $fromName ) . '</a></strong>' ); $notificationMsgText = sprintf( $messageText, $fromName ); $manageURL = 'index.php?option=com_comprofiler&view=manageconnections' . getCBprofileItemid( true ); $manageURL = cbSef( $manageURL ); if ( strncasecmp( 'http', $manageURL, 4 ) != 0 ) { $manageURL = $_CB_framework->getCfg( 'live_site' ) . '/' . $manageURL; } $notificationMsgHTML = $notificationMsgHTML . "\n<br /><br /><a href=\"" . $manageURL . '">' . CBTxt::T( 'UE_MANAGECONNECTIONS_LINK UE_MANAGECONNECTIONS', 'Manage Connections' ) . "</a>\n"; $notificationMsgText = $notificationMsgText . "\r\n\r\n\r\n" . $fromName . ' ' . CBTxt::T( 'CONNECTION_PROFILE UE_PROFILE', 'Profile' ) . ': ' . cbUnHtmlspecialchars( $fromURL ); $notificationMsgText = $notificationMsgText . "\r\n\r\n" . CBTxt::T( 'UE_MANAGECONNECTIONS_URL_LABEL UE_MANAGECONNECTIONS', 'Manage Connections' ) . ': ' . cbUnHtmlspecialchars( $manageURL ) . "\r\n"; $notificationMsgHTML = '<div style="padding: 4px; margin: 4px 3px 6px 0px; background: #C44; font-weight: bold;" class="cbNotice">' . CBTxt::T( 'UE_SENDPMSNOTICE', 'NOTE: This is a message generated automatically by the Connections system. It has the connecting user\'s address, so you can conveniently reply if you wish to.' ) . "</div>\n\n" . $notificationMsgHTML; $cbNotification = new cbNotification(); $cbNotification->sendFromUser( $connectionId, $userId, $subject, $notificationMsgHTML, $notificationMsgText ); $this->_setUserMSG( $msg ); return true; }
/** * Loads from database a new user of $cbUserId * * @param int $cbUserId User id * @return boolean True: loaded ok, False:load failed */ function load($cbUserId) { $this->_cbuser = new UserTable($this->_db); return $this->_cbuser->load($cbUserId); }
/** * @deprecated 2.0 No use anymore for such functionality, since we have Permissions for that and we should not be depending on groups * * @param array $user_ids * @param string $action * @param boolean $allow_myself * @return null|string */ public function get_users_permission($user_ids, $action, $allow_myself = false) { global $_CB_framework, $_PLUGINS; $msg = null; if (is_array($user_ids) && count($user_ids)) { $obj = new UserTable($this->_db); foreach ($user_ids as $user_id) { if ($user_id != 0) { if ($obj->load((int) $user_id)) { /** @noinspection PhpDeprecationInspection */ $groups = $this->get_object_groups($user_id); if (isset($groups[0])) { $this_group = strtolower(Application::CmsPermissions()->getGroupName($groups[0])); } else { $this_group = 'Registered'; } } else { $msg .= 'User not found. '; $this_group = null; } } else { $this_group = 'Registered'; } if ($user_id == $_CB_framework->myId()) { if (!$allow_myself) { $msg .= "You cannot {$action} Yourself! "; } } else { if (!Application::MyUser()->isSuperAdmin()) { /** @noinspection PhpDeprecationInspection */ $userGroups = $this->get_object_groups($user_id); /** @noinspection PhpDeprecationInspection */ $myGroups = $this->get_object_groups($_CB_framework->myId()); $iAmAdmin = Application::MyUser()->isAuthorizedToPerformActionOnAsset('core.manage', 'com_users') && Application::MyUser()->isAuthorizedToPerformActionOnAsset('core.edit', 'com_users'); $exactGids = !$iAmAdmin; /** @noinspection PhpDeprecationInspection */ $myGidsTree = $this->get_groups_below_me($_CB_framework->myId(), true, $exactGids); $isHeSAdmin = Application::User((int) $user_id)->isSuperAdmin(); if (array_values($userGroups) == array_values($myGroups) && !$iAmAdmin || $user_id && $userGroups && !array_intersect($userGroups, $myGidsTree) || $isHeSAdmin) { $msg .= "You cannot {$action} a `{$this_group}`. Only higher-level users have this power. "; } } } } } else { if ($user_ids == $_CB_framework->myId()) { if (!$allow_myself) { $msg .= "You cannot {$action} Yourself! "; } } else { if (!Application::MyUser()->isSuperAdmin()) { /** @noinspection PhpDeprecationInspection */ $userGroups = $this->get_object_groups($user_ids); /** @noinspection PhpDeprecationInspection */ $myGroups = $this->get_object_groups($_CB_framework->myId()); $iAmAdmin = Application::MyUser()->isAuthorizedToPerformActionOnAsset('core.manage', 'com_users') && Application::MyUser()->isAuthorizedToPerformActionOnAsset('core.edit', 'com_users'); $exactGids = !$iAmAdmin; /** @noinspection PhpDeprecationInspection */ $myGidsTree = $this->get_groups_below_me($_CB_framework->myId(), true, $exactGids); $isHeSAdmin = Application::User((int) $user_ids)->isSuperAdmin(); if (array_values($userGroups) == array_values($myGroups) && !$iAmAdmin || $user_ids && $userGroups && !array_intersect($userGroups, $myGidsTree) || $isHeSAdmin) { $msg .= "You cannot {$action} a user. Only higher-level users have this power. "; } } } } if ($_PLUGINS) { $_PLUGINS->trigger('onUsersPermission', array($user_ids, $action, $allow_myself, &$msg)); } return $msg; }
/** * Replaces @MENTION with profile urls * * @return string */ public function profiles() { global $_CB_database, $_CB_framework; /** @var UserTable[] $users */ static $users = array(); foreach ( $this->words as $k => $word ) { if ( preg_match( $this->regexp['profile'], $word, $match ) ) { $cleanWord = Get::clean( $match[1], GetterInterface::STRING ); if ( ! isset( $users[$cleanWord] ) ) { $user = new UserTable(); if ( is_numeric( $match[1] ) ) { $user->load( (int) $match[1] ); } if ( ! $user->get( 'id' ) ) { $wordNext2 = ( isset( $this->words[$k+1] ) && ( ! preg_match( $this->regexp['profile'], $this->words[$k+1] ) ) ? $cleanWord . ' ' . Get::clean( $this->words[$k+1], GetterInterface::STRING ) : null ); $wordNext3 = ( $wordNext2 && isset( $this->words[$k+2] ) && ( ! preg_match( $this->regexp['profile'], $this->words[$k+2] ) ) ? $wordNext2 . ' ' . Get::clean( $this->words[$k+2], GetterInterface::STRING ) : null ); $wordNext4 = ( $wordNext3 && isset( $this->words[$k+3] ) && ( ! preg_match( $this->regexp['profile'], $this->words[$k+3] ) ) ? $wordNext3 . ' ' . Get::clean( $this->words[$k+3], GetterInterface::STRING ) : null ); $wordNext5 = ( $wordNext4 && isset( $this->words[$k+4] ) && ( ! preg_match( $this->regexp['profile'], $this->words[$k+4] ) ) ? $wordNext4 . ' ' . Get::clean( $this->words[$k+4], GetterInterface::STRING ) : null ); $wordNext6 = ( $wordNext5 && isset( $this->words[$k+5] ) && ( ! preg_match( $this->regexp['profile'], $this->words[$k+5] ) ) ? $wordNext5 . ' ' . Get::clean( $this->words[$k+5], GetterInterface::STRING ) : null ); $query = 'SELECT c.*, u.*' . "\n FROM " . $_CB_database->NameQuote( '#__users' ) . " AS u" . "\n LEFT JOIN " . $_CB_database->NameQuote( '#__comprofiler' ) . " AS c" . ' ON c.' . $_CB_database->NameQuote( 'id' ) . ' = u.' . $_CB_database->NameQuote( 'id' ) . "\n WHERE ( u." . $_CB_database->NameQuote( 'username' ) . ' = ' . $_CB_database->Quote( $cleanWord ) // Match username exactly . ' OR u.' . $_CB_database->NameQuote( 'name' ) . ' = ' . $_CB_database->Quote( $cleanWord ); // Match name exactly if ( $wordNext2 ) { // 2 Words $query .= ' OR u.' . $_CB_database->NameQuote( 'username' ) . ' = ' . $_CB_database->Quote( $wordNext2 ) // Match username +1 word exactly . ' OR u.' . $_CB_database->NameQuote( 'name' ) . ' = ' . $_CB_database->Quote( $wordNext2 ); // Match name +1 word exactly } if ( $wordNext3 ) { // 3 Words $query .= ' OR u.' . $_CB_database->NameQuote( 'username' ) . ' = ' . $_CB_database->Quote( $wordNext3 ) // Match username +2 words exactly . ' OR u.' . $_CB_database->NameQuote( 'name' ) . ' = ' . $_CB_database->Quote( $wordNext3 ); // Match name +2 words exactly } if ( $wordNext4 ) { // 4 Words $query .= ' OR u.' . $_CB_database->NameQuote( 'username' ) . ' = ' . $_CB_database->Quote( $wordNext4 ) // Match username +3 words exactly . ' OR u.' . $_CB_database->NameQuote( 'name' ) . ' = ' . $_CB_database->Quote( $wordNext4 ); // Match name +3 words exactly } if ( $wordNext5 ) { // 5 Words $query .= ' OR u.' . $_CB_database->NameQuote( 'username' ) . ' = ' . $_CB_database->Quote( $wordNext5 ) // Match username +4 words exactly . ' OR u.' . $_CB_database->NameQuote( 'name' ) . ' = ' . $_CB_database->Quote( $wordNext5 ); // Match name +4 words exactly } if ( $wordNext6 ) { // 6 Words $query .= ' OR u.' . $_CB_database->NameQuote( 'username' ) . ' = ' . $_CB_database->Quote( $wordNext6 ) // Match username +5 words exactly . ' OR u.' . $_CB_database->NameQuote( 'name' ) . ' = ' . $_CB_database->Quote( $wordNext6 ); // Match name +5 words exactly } $query .= ' )' . "\n ORDER BY u." . $_CB_database->NameQuote( 'username' ) . ", u." . $_CB_database->NameQuote( 'name' ); $_CB_database->setQuery( $query ); $_CB_database->loadObject( $user ); } $users[$cleanWord] = $user; } $user = $users[$cleanWord]; if ( $user->get( 'id' ) ) { $this->parsed = preg_replace( '/@' . (int) $user->get( 'id' ) . '\b|@' . preg_quote( $user->get( 'name' ), '/' ) . '\b|@' . preg_quote( $user->get( 'username' ), '/' ) . '\b|' . preg_quote( $word, '/' ) . '\b/i', '<a href="' . $_CB_framework->userProfileUrl( (int) $user->get( 'id' ) ) . '" rel="nofollow">@' . htmlspecialchars( getNameFormat( $user->get( 'name' ), $user->get( 'username' ), Application::Config()->get( 'name_format' ) ) ) . '</a>', $this->parsed ); } } } return $this->parsed; }
/** * Updates payment status of basket and of corresponding subscriptions if there is a change in status * * @param cbpaidPaymentBasket $paymentBasket Basket * @param string $eventType type of event (paypal type): 'web_accept', 'subscr_payment', 'subscr_signup', 'subscr_modify', 'subscr_eot', 'subscr_cancel', 'subscr_failed' * @param string $paymentStatus new status (Completed, RegistrationCancelled) * @param cbpaidPaymentNotification $notification notification object of the payment * @param int $occurrences renewal occurrences * @param int $autorecurring_type 0: not auto-recurring, 1: auto-recurring without payment processor notifications, 2: auto-renewing with processor notifications updating $expiry_date * @param int $autorenew_type 0: not auto-renewing (manual renewals), 1: asked for by user, 2: mandatory by configuration * @param boolean|string $txnIdMultiplePaymentDates FALSE: unique txn_id for each payment, TRUE: same txn_id can have multiple payment dates, additionally: 'SINGLEPAYMENT' will not look at txn_id at all * @param boolean $storePaymentRecord TRUE: normal case, create payment record if needed. FALSE: offline case where pending payment should not create a payment record. * @return void */ public function updatePaymentStatus($paymentBasket, $eventType, $paymentStatus, &$notification, $occurrences, $autorecurring_type, $autorenew_type, $txnIdMultiplePaymentDates, $storePaymentRecord = true) { global $_CB_framework, $_PLUGINS; $pluginsLoaded = false; $basketUpdateNulls = false; $previousUnifiedStatus = $this->mapPaymentStatus($paymentBasket->payment_status); $unifiedStatus = $this->mapPaymentStatus($paymentStatus); // get all related subscriptions being paid by this basket: $subscriptions = $paymentBasket->getSubscriptions(); $thisIsReferencePayment = false; $user = CBuser::getUserDataInstance((int) $paymentBasket->user_id); if ($paymentBasket->payment_status != $paymentStatus || $unifiedStatus == 'Partially-Refunded' || $autorecurring_type) { if ($paymentStatus && (in_array($eventType, array('web_accept', 'subscr_payment', 'subscr_signup')) || in_array($unifiedStatus, array('Reversed', 'Refunded', 'Partially-Refunded')))) { $paymentBasket->payment_status = $paymentStatus; } if (in_array($eventType, array('subscr_payment', 'subscr_signup'))) { $paymentBasket->recurring = 1; } if ($autorecurring_type == 0 && in_array($unifiedStatus, array('Completed', 'Processed', 'FreeTrial'))) { $paymentBasket->mc_amount1 = null; $paymentBasket->mc_amount3 = null; $paymentBasket->period1 = null; $paymentBasket->period3 = null; $basketUpdateNulls = true; } // if (count($subscriptions) >= 1) { $now = $_CB_framework->now(); $completed = false; $thisIsReferencePayment = false; $reason = null; switch ($unifiedStatus) { case 'FreeTrial': case 'Completed': case 'Processed': // this includes Canceled_Reversal !!! : if ($unifiedStatus == 'FreeTrial') { $paymentBasket->payment_status = 'Completed'; } if ($unifiedStatus == 'FreeTrial' || $unifiedStatus == 'Completed') { if ($notification->payment_date) { $time_completed = cbpaidTimes::getInstance()->gmStrToTime($notification->payment_date); } else { $time_completed = $now; } $paymentBasket->time_completed = Application::Database()->getUtcDateTime($time_completed); $completed = true; } if ($paymentStatus == 'Canceled_Reversal') { $paymentBasket->payment_status = 'Completed'; } if (is_object($notification) && isset($notification->txn_id)) { // real payment with transaction id: store as reference payment if not already stored: $thisIsReferencePayment = $this->_storePaymentOnce($paymentBasket, $notification, $now, $txnIdMultiplePaymentDates, 'Updating payment record because of new status of payment basket: ' . $unifiedStatus . ($paymentStatus != $unifiedStatus ? ' (new gateway-status: ' . $paymentStatus . ')' : '') . ' because of event received: ' . $eventType . '. Previous status was: ' . $previousUnifiedStatus); } else { // Free trials don't have a notification: $thisIsReferencePayment = true; } if ($thisIsReferencePayment) { // payment not yet processed: $autorenewed = $paymentBasket->recurring == 1 && $unifiedStatus == 'Completed' && $previousUnifiedStatus == 'Completed'; for ($i = 0, $n = count($subscriptions); $i < $n; $i++) { $reason = $autorenewed ? 'R' : $subscriptions[$i]->_reason; $subscriptions[$i]->activate($user, $now, $completed, $reason, $occurrences, $autorecurring_type, $autorenew_type, $autorenewed ? 1 : 0); } } break; case 'RegistrationCancelled': case 'Reversed': case 'Refunded': case 'Unsubscribed': if ($unifiedStatus == 'RegistrationCancelled') { if (!($previousUnifiedStatus == 'NotInitiated' || $previousUnifiedStatus === 'Pending' && $paymentBasket->payment_method === 'offline')) { return; } } for ($i = 0, $n = count($subscriptions); $i < $n; $i++) { $reason = $subscriptions[$i]->_reason; if ($reason != 'R' || in_array($unifiedStatus, array('Reversed', 'Refunded'))) { // Expired and Cancelled as well as Partially-Refunded are not reverted ! //TBD: really revert on refund everything ? a plan param would be nice here if (!in_array($previousUnifiedStatus, array('Pending', 'In-Progress', 'Denied', 'Reversed', 'Refunded')) && in_array($subscriptions[$i]->status, array('A', 'R', 'I')) && !$subscriptions[$i]->hasPendingPayment($paymentBasket->id)) { // not a cancelled or denied renewal: $subscriptions[$i]->revert($user, $unifiedStatus); } } } if ($unifiedStatus == 'RegistrationCancelled') { $paymentBasket->historySetMessage('Payment basket deleted because the subscriptions and payment got cancelled'); $paymentBasket->delete(); // deletes also payment_Items } $paidUserExtension = cbpaidUserExtension::getInstance($paymentBasket->user_id); $subscriptionsAnyAtAll = $paidUserExtension->getUserSubscriptions(''); $params = cbpaidApp::settingsParams(); $createAlsoFreeSubscriptions = $params->get('createAlsoFreeSubscriptions', 0); if (count($subscriptionsAnyAtAll) == 0 && !$createAlsoFreeSubscriptions) { $user = new UserTable(); $id = (int) cbGetParam($_GET, 'user'); $user->load((int) $id); if ($user->id && $user->block == 1) { $user->delete(null); } } break; case 'Denied': case 'Pending': if ($unifiedStatus == 'Denied') { // In fact when denied, it's the case as if the user attempted payment but failed it: He should be able to re-try: So just store the payment as denied for the records. if ($eventType == 'subscr_failed' || $eventType == 'subscr_cancel' && $autorecurring_type != 2) { // special case of a failed attempt: // or this is the final failed attempt of a basket with notifications: break; } } if ($previousUnifiedStatus == 'Completed') { return; // do not change a Completed payment as it cannot become Pending again. If we get "Pending" after "Completed", it is a messages chronological order mistake. } break; case 'In-Progress': case 'Partially-Refunded': default: break; } if ($eventType == 'subscr_cancel') { if (!in_array($unifiedStatus, array('Denied', 'Reversed', 'Refunded', 'Unsubscribed'))) { for ($i = 0, $n = count($subscriptions); $i < $n; $i++) { $subscriptions[$i]->autorecurring_cancelled($user, $unifiedStatus, $eventType); } } } for ($i = 0, $n = count($subscriptions); $i < $n; $i++) { $subscriptions[$i]->notifyPaymentStatus($unifiedStatus, $previousUnifiedStatus, $paymentBasket, $notification, $now, $user, $eventType, $paymentStatus, $occurrences, $autorecurring_type, $autorenew_type); } if (in_array($unifiedStatus, array('Denied', 'Reversed', 'Refunded', 'Partially-Refunded', 'Pending', 'In-Progress'))) { $thisIsReferencePayment = $this->_storePaymentOnce($paymentBasket, $notification, $now, $txnIdMultiplePaymentDates, 'Updating payment record because of new status of payment basket: ' . $unifiedStatus . ($paymentStatus != $unifiedStatus ? ' (new gateway-status: ' . $paymentStatus . ')' : '') . ' because of event received: ' . $eventType . '. Previous status was: ' . $previousUnifiedStatus); } // } foreach ($paymentBasket->loadPaymentTotalizers() as $totalizer) { $totalizer->notifyPaymentStatus($thisIsReferencePayment, $unifiedStatus, $previousUnifiedStatus, $paymentBasket, $notification, $now, $user, $eventType, $paymentStatus, $occurrences, $autorecurring_type, $autorenew_type, $txnIdMultiplePaymentDates); } if (!in_array($unifiedStatus, array('RegistrationCancelled'))) { if ($thisIsReferencePayment && in_array($unifiedStatus, array('Completed', 'Processed'))) { $paymentBasket->setPaidInvoiceNumber($reason); } $paymentBasket->historySetMessage('Updating payment basket ' . ($paymentStatus !== null ? 'status: ' . $unifiedStatus . ($paymentStatus != $unifiedStatus ? ' (new gateway-status: ' . $paymentStatus . ')' : '') : '') . ' because of event received: ' . $eventType . ($paymentStatus !== null ? '. Previous status was: ' . $previousUnifiedStatus : '')); $paymentBasket->store($basketUpdateNulls); } else { //TDB ? : $paymentBasket->delete(); in case of RegistrationCancelled done above, but should be done in case of FreeTrial ? (could be a param in future) } if (!in_array($unifiedStatus, array('Completed', 'Processed')) || $thisIsReferencePayment) { $_PLUGINS->loadPluginGroup('user', 'cbsubs.'); $_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin'); $pluginsLoaded = true; $_PLUGINS->trigger('onCPayAfterPaymentStatusChange', array(&$user, &$paymentBasket, &$subscriptions, $unifiedStatus, $previousUnifiedStatus, $occurrences, $autorecurring_type, $autorenew_type)); } } if (!in_array($unifiedStatus, array('Completed', 'Processed')) || $thisIsReferencePayment) { if (!$pluginsLoaded) { $_PLUGINS->loadPluginGroup('user', 'cbsubs.'); $_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin'); } $_PLUGINS->trigger('onCPayAfterPaymentStatusUpdateEvent', array(&$user, &$paymentBasket, &$subscriptions, $unifiedStatus, $previousUnifiedStatus, $eventType, &$notification)); } }
/** * Logins on host CMS using any allowed authentication methods * * @param string $username The username * @param string|boolean $password Well, The password OR strictly boolean false for login without password * @param boolean $rememberMe If login should be remembered in a cookie to be sent back to user's browser * @param boolean $message If an alert message should be prepared on successful login * @param string $return IN & OUT: IN: return URL NOT SEFED for normal login completition (unless an event says different), OUT: redirection url (no htmlspecialchars) NOT SEFED * @param array $messagesToUser OUT: messages to display to user (html) * @param array $alertMessages OUT: messages to alert to user (text) * @param int $loginType 0: username, 1: email, 2: username or email, 3: username, email or CMS authentication * @param string $secretKey secretKey used for two step authentication * @return string Error message if error */ public function login($username, $password, $rememberMe, $message, &$return, &$messagesToUser, &$alertMessages, $loginType = 0, $secretKey = null) { global $_CB_framework, $ueConfig, $_PLUGINS; $returnURL = null; $loggedIn = false; if (!$username || !$password && $password !== false) { $resultError = CBTxt::T('LOGIN_INCOMPLETE', 'Please complete the username and password fields.'); } else { $_PLUGINS->loadPluginGroup('user'); $_PLUGINS->trigger('onBeforeLogin', array(&$username, &$password, &$secretKey)); $resultError = null; $showSysMessage = true; $stopLogin = false; $firstLogin = false; $row = new UserTable(); if ($_PLUGINS->is_errors()) { $resultError = $_PLUGINS->getErrorMSG(); } else { $foundUser = false; // Try login by CB authentication trigger: $_PLUGINS->trigger('onLoginAuthentication', array(&$username, &$password, &$row, $loginType, &$foundUser, &$stopLogin, &$resultError, &$messagesToUser, &$alertMessages, &$return, &$secretKey)); if (!$foundUser) { if ($loginType != 2) { // login by username: $foundUser = $row->loadByUsername($username) && ($password === false || $row->verifyPassword($password)); } if (!$foundUser && $loginType >= 1) { // login by email: $foundUser = $row->loadByEmail($username) && ($password === false || $row->verifyPassword($password)); if ($foundUser) { $username = $row->username; } } if (!$foundUser && $loginType > 2) { // If no result, try login by CMS authentication: if ($_CB_framework->login($username, $password, $rememberMe, null, $secretKey)) { $foundUser = $row->load((int) $_CB_framework->myId()); // core user might not have username set, so we use id (bug #3303 fix) $this->cbSplitSingleName($row); $row->confirmed = 1; $row->approved = 1; $row->store(); // synchronizes with comprofiler table $loggedIn = true; } } } if ($foundUser) { $returnPluginsOverrides = null; $pluginResults = $_PLUGINS->trigger('onDuringLogin', array(&$row, 1, &$returnPluginsOverrides)); if ($returnPluginsOverrides) { $return = $returnPluginsOverrides; } if (is_array($pluginResults) && count($pluginResults)) { foreach ($pluginResults as $res) { if (is_array($res)) { if (isset($res['messagesToUser'])) { $messagesToUser[] = $res['messagesToUser']; } if (isset($res['alertMessage'])) { $alertMessages[] = $res['alertMessage']; } if (isset($res['showSysMessage'])) { $showSysMessage = $showSysMessage && $res['showSysMessage']; } if (isset($res['stopLogin'])) { $stopLogin = $stopLogin || $res['stopLogin']; } } } } if ($_PLUGINS->is_errors()) { $resultError = $_PLUGINS->getErrorMSG(); } elseif ($stopLogin) { // login stopped: don't even check for errors... } elseif ($row->approved == 2) { $resultError = CBTxt::T('LOGIN_REJECTED', 'Your sign up request was rejected!'); } elseif ($row->confirmed != 1) { if ($row->cbactivation == '') { $row->store(); // just in case the activation code was missing } $cbNotification = new cbNotification(); $cbNotification->sendFromSystem($row->id, CBTxt::T(stripslashes($ueConfig['reg_pend_appr_sub'])), CBTxt::T(stripslashes($ueConfig['reg_pend_appr_msg'])), true, isset($ueConfig['reg_email_html']) ? (int) $ueConfig['reg_email_html'] : 0); $resultError = CBTxt::T('LOGIN_NOT_CONFIRMED', 'Your sign up process is not yet complete! Please check again your email for further instructions that have just been resent. If you don\'t find the email, check your spam-box. Make sure that your email account options are not set to immediately delete spam. If that was the case, just try logging in again to receive a new instructions email.'); } elseif ($row->approved == 0) { $resultError = CBTxt::T('LOGIN_NOT_APPROVED', 'Your account has not yet been approved!'); } elseif ($row->block == 1) { $resultError = CBTxt::T('LOGIN_BLOCKED', 'Your login is blocked.'); } elseif ($row->lastvisitDate == '0000-00-00 00:00:00') { $firstLogin = true; if (isset($ueConfig['reg_first_visit_url']) and $ueConfig['reg_first_visit_url'] != "") { $return = $ueConfig['reg_first_visit_url']; } else { if ($returnPluginsOverrides) { $return = $returnPluginsOverrides; // by default return to homepage on first login (or on page overridden by plugin). } } $_PLUGINS->trigger('onBeforeFirstLogin', array(&$row, $username, $password, &$return, $secretKey)); if ($_PLUGINS->is_errors()) { $resultError = $_PLUGINS->getErrorMSG("<br />"); } } } else { if ($loginType < 2) { $resultError = CBTxt::T('LOGIN_INCORRECT_USER_NOT_FOUND LOGIN_INCORRECT', 'Incorrect username or password. Please try again.'); } else { $resultError = CBTxt::T('UE_INCORRECT_EMAIL_OR_PASSWORD', 'Incorrect email or password. Please try again.'); } } } if ($resultError) { if ($showSysMessage) { $alertMessages[] = $resultError; } } elseif (!$stopLogin) { if (!$loggedIn) { $_PLUGINS->trigger('onDoLoginNow', array($username, $password, $rememberMe, &$row, &$loggedIn, &$resultError, &$messagesToUser, &$alertMessages, &$return, $secretKey)); } if (!$loggedIn) { $_CB_framework->login($username, $password, $rememberMe, null, $secretKey); $loggedIn = true; } if ($firstLogin) { $_PLUGINS->trigger('onAfterFirstLogin', array(&$row, $loggedIn)); } $_PLUGINS->trigger('onAfterLogin', array(&$row, $loggedIn)); if ($loggedIn && $message && $showSysMessage) { $alertMessages[] = CBTxt::T('LOGIN_SUCCESS', 'You have successfully logged in'); } if (!$loggedIn) { $resultError = CBTxt::T('LOGIN_INCORRECT_USER_AUTHENTICATION_FAILED LOGIN_INCORRECT', 'Incorrect username or password. Please try again.'); } // changing com_comprofiler to comprofiler is a quick-fix for SEF ON on return path... if ($return && !(strpos($return, 'comprofiler') && (strpos($return, 'login') || strpos($return, 'logout') || strpos($return, 'registers') || strpos(strtolower($return), 'lostpassword')))) { // checks for the presence of a return url // and ensures that this url is not the registration or login pages $returnURL = $return; } elseif (!$returnURL) { $returnURL = 'index.php'; } } } if (!$loggedIn) { $_PLUGINS->trigger('onLoginFailed', array(&$resultError, &$returnURL)); } $return = $returnURL; return $resultError; }
function userSave($option, $uid) { global $_CB_framework, $_POST, $_PLUGINS; // simple spoof check security cbSpoofCheck('userEdit'); // check rights to access: if ($uid == null) { $msg = CBTxt::Th('UE_USER_PROFILE_NOT', 'Your profile could not be updated.'); } else { $msg = cbCheckIfUserCanPerformUserTask($uid, 'allowModeratorsUserEdit'); } $_PLUGINS->loadPluginGroup('user'); $_PLUGINS->trigger('onBeforeUserProfileSaveRequest', array($uid, &$msg, 1)); if ($msg) { $_CB_framework->enqueueMessage($msg, 'error'); return; } // Get current user state: $userComplete = new UserTable(); if (!$userComplete->load((int) $uid)) { $_CB_framework->enqueueMessage(CBTxt::Th('UE_USER_PROFILE_NOT', 'Your profile could not be updated.'), 'error'); return; } // Update lastupdatedate of profile by user: if ($_CB_framework->myId() == $uid) { $userComplete->lastupdatedate = $_CB_framework->dateDbOfNow(); } // Store new user state: $saveResult = $userComplete->saveSafely($_POST, $_CB_framework->getUi(), 'edit'); if (!$saveResult) { $regErrorMSG = $userComplete->getError(); $_PLUGINS->trigger('onAfterUserProfileSaveFailed', array(&$userComplete, &$regErrorMSG, 1)); HTML_comprofiler::userEdit($userComplete, $option, CBTxt::T('UE_UPDATE', 'Update'), $regErrorMSG); return; } $_PLUGINS->trigger('onAfterUserProfileSaved', array(&$userComplete, 1)); cbRedirectToProfile($uid, CBTxt::Th('USER_DETAILS_SAVE', 'Your settings have been saved.')); }