function reportUser($option,$form=1,$uid=0) {
global $_CB_framework, $_CB_database, $ueConfig, $Itemid, $_POST;
if($ueConfig['allowUserReports']==0) {
echo _UE_FUNCTIONALITY_DISABLED;
exit();
}
if (!allowAccess( $ueConfig['allow_profileviewbyGID'],'RECURSE', userGID( $_CB_framework->myId() ))) {
echo _UE_NOT_AUTHORIZED;
return;
}
if($form==1) {
HTML_comprofiler::reportUserForm($option,$uid);
} else {
// simple spoof check security
cbSpoofCheck( 'reportUserForm' );
$row = new moscomprofilerUserReport( $_CB_database );
if (!$row->bind( $_POST )) {
cbRedirect( cbSef("index.php?option=$option&task=reportUser".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $row->getError(), 'error' );
return;
}
_cbMakeHtmlSafe($row); //TBD: remove this: not urgent but isn't right
$row->reportedondate = date("Y-m-d H:i:s");
if (!$row->check()) {
cbRedirect( cbSef("index.php?option=$option&task=reportUser".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $row->getError(), 'error' );
return;
}
if (!$row->store()) {
cbRedirect( cbSef("index.php?option=$option&task=reportUser".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $row->getError(), 'error' );
return;
}
if($ueConfig['moderatorEmail']==1) {
$cbNotification = new cbNotification();
$cbNotification->sendToModerators(_UE_USERREPORT_SUB,_UE_USERREPORT_MSG);
}
echo _UE_USERREPORT_SUCCESSFUL;
}
}
function bindSafely(&$array, $ui, $reason, &$oldUserComplete)
{
global $_CB_framework, $ueConfig, $_PLUGINS;
// Some basic sanitizations and securitizations: usertype will be re-computed based on gid in store()
$this->id = (int) $this->id;
if (checkJversion() == 2) {
$this->gids = is_array($this->gids) ? $this->gids : array($this->gid);
$this->gid = (int) $_CB_framework->acl->getBackwardsCompatibleGid($this->gids);
} else {
$this->gid = (int) $this->gid;
$this->gids = array($this->gid);
}
if (!$this->gid) {
$this->gid = null;
}
if ($ui == 1) {
if ($this->id) {
// Front-end edit user: no changes in gid/usertype and confirmed/approved states
$this->gid = (int) $oldUserComplete->gid;
$this->gids = $oldUserComplete->gids;
$this->usertype = $oldUserComplete->usertype;
$this->block = (int) $oldUserComplete->block;
$this->sendEmail = (int) $oldUserComplete->sendEmail;
$this->confirmed = (int) $oldUserComplete->confirmed;
$this->approved = (int) $oldUserComplete->approved;
} else {
// Front-end user registration: handle this here, so it is available to all plugins:
$this->usertype = $_CB_framework->getCfg('new_usertype');
$this->gid = (int) $_CB_framework->acl->get_group_id($this->usertype, 'ARO');
$this->gids = array($this->gid);
if ($ueConfig['reg_admin_approval'] == 0) {
$this->approved = 1;
} else {
$this->approved = 0;
$this->block = 1;
}
if ($ueConfig['reg_confirmation'] == 0) {
$this->confirmed = 1;
} else {
$this->confirmed = 0;
$this->block = 1;
}
if ($this->confirmed == 1 && $this->approved == 1) {
$this->block = 0;
} else {
$this->block = 1;
}
$this->sendEmail = 0;
}
// Nb.: Backend user edit and new user are handled in core plugin CBfield_userparams field handler class
}
// By default, don't touch the hashed password, unless a new password is set by the saveTabsContents binding:
$this->password = null;
$this->_original_email = $this->email;
// needed for checkSafely()
// Process the fields in form by CB field plugins:
$_PLUGINS->loadPluginGroup('user');
$this->_cbTabs = new cbTabs(0, $ui, null, false);
$this->_cbTabs->saveTabsContents($this, $array, $reason);
$errors = $_PLUGINS->getErrorMSG(false);
if (count($errors) > 0) {
$this->_error = $errors;
return false;
}
// Now do CMS-specific stuff, specially bugs-workarounds:
$postCopy = array();
if ($ui == 1) {
$vars = $this->_frontendNonComprofilerVars;
} else {
$vars = $this->_nonComprofilerVars;
}
foreach ($vars as $k) {
if (isset($this->{$k})) {
$postCopy[$k] = $this->{$k};
}
}
if (isset($postCopy['password'])) {
$postCopy['verifyPass'] = $postCopy['password'];
// Mambo and Joomla 1.0 has it in password2 and checks it in bind() !
$postCopy['password2'] = $postCopy['password'];
// Joomla 1.5 has it in password2 and checks it in bind() !
}
$this->_mapUsers();
$row =& $this->_cmsUser;
$pwd = $this->password;
// maybe cleartext at that stage.
if ($pwd == '') {
$pwd = null;
// empty: don't update/change
$this->password = null;
}
$rowBindResult = $row->bind($postCopy);
// in Joomla 1.5, this modifies $postCopy and hashes password !
if (!$rowBindResult) {
if (checkJversion() == 1) {
$this->_error = $row->getErrors();
foreach (array_keys($this->_error) as $ek) {
$this->_error[$ek] = stripslashes($this->_error[$ek]);
}
} else {
$this->_error = array(stripslashes($row->getError()));
}
return false;
}
// Finally, emulate a pre-joomla 1.0.11 bug where jos_users was wtih htmlspecialchars ! :
if (checkJversion() == 0) {
if (checkJversion('dev_level') < 11) {
_cbMakeHtmlSafe($row);
}
}
$row->password = $pwd;
// J1.0: no htmlspecialchars on password, J1.5: restore cleartext password at this stage.
return true;
}