function rejectUser($uids) { global $_CB_framework, $_CB_database, $ueConfig, $_POST, $_PLUGINS; $andItemid = getCBprofileItemid(); // simple spoof check security cbSpoofCheck( 'pendingApprovalUsers' ); if($ueConfig['allowModUserApproval']==0) { echo _UE_FUNCTIONALITY_DISABLED; exit(); } $isModerator=isModerator( $_CB_framework->myId() ); if (!$isModerator){ cbNotAuth(); return; } $cbNotification= new cbNotification(); foreach($uids AS $uid) { $query = "SELECT * FROM #__comprofiler c, #__users u WHERE c.id=u.id AND c.id = " . (int) $uid; $_CB_database->setQuery($query); $user = $_CB_database->loadObjectList(); $row = $user[0]; $_PLUGINS->loadPluginGroup('user'); $_PLUGINS->trigger( 'onBeforeUserApproval', array($row,false)); if($_PLUGINS->is_errors()) { cbRedirect( cbSef("index.php?option=$option&task=pendingApprovalUser".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $_PLUGINS->getErrorMSG(), 'error' ); return; } $sql="UPDATE #__comprofiler SET approved=2 WHERE id=" . (int) $uid; $_CB_database->SetQuery($sql); $_CB_database->query(); $_PLUGINS->trigger( 'onAfterUserApproval', array($row,false,true)); $cbNotification->sendFromSystem(cbGetEscaped($uid),_UE_REG_REJECT_SUB,sprintf(_UE_USERREJECT_MSG,$_CB_framework->getCfg( 'sitename' ), stripslashes( cbGetParam( $_POST, 'comment' . $uid, '' ) ) ) ); } cbRedirect( cbSef( 'index.php?option=com_comprofiler&task=pendingApprovalUser' . $andItemid, false ),(count($uids))?count($uids)." "._UE_USERREJECT_SUCCESSFUL:""); }
/** * Puts users posts into array * * @param moscomprofilerUser $user * @param object $forum * @return object */ function getUserPosts( $user, $forum ) { global $_CB_database; $categories = $this->getAllowedCategories( $user, $forum ); $pagingParams = $this->_getPaging( array(), array( 'fposts_' ) ); $postsNumber = $this->params->get( 'postsNumber', 10 ); switch ( $pagingParams['fposts_sortby'] ) { case 'subjectASC': $order = 'a.' . $_CB_database->NameQuote( 'subject' ) . ' ASC'; break; case 'subjectDESC': $order = 'a.' . $_CB_database->NameQuote( 'subject' ) . ' DESC'; break; case 'categoryASC': $order = 'b.' . $_CB_database->NameQuote( 'id' ) . ' ASC'; break; case 'categoryDESC': $order = 'b.' . $_CB_database->NameQuote( 'id' ) . ' DESC'; break; case 'hitsASC': $order = 'c.' . $_CB_database->NameQuote( 'hits' ) . ' ASC'; break; case 'hitsDESC': $order = 'c.' . $_CB_database->NameQuote( 'hits' ) . ' DESC'; break; case 'dateASC': $order = 'a.' . $_CB_database->NameQuote( 'time' ) . ' ASC'; break; case 'dateDESC': default: $order = 'a.' . $_CB_database->NameQuote( 'time' ) . ' DESC'; break; } $query = 'SELECT a.*' . ', b.' . $_CB_database->NameQuote( 'id' ) . ' AS category' . ', b.' . $_CB_database->NameQuote( 'name' ) . ' AS catname' . ', c.' . $_CB_database->NameQuote( 'hits' ) . ' AS threadhits' . "\n FROM " . $_CB_database->NameQuote( '#__' . $forum->prefix . '_messages' ) . ' AS a' . ', ' . $_CB_database->NameQuote( '#__' . $forum->prefix . '_categories' ) . ' AS b' . ', ' . $_CB_database->NameQuote( '#__' . $forum->prefix . '_messages' ) . ' AS c' . ', ' . $_CB_database->NameQuote( '#__' . $forum->prefix . '_messages_text' ) . ' AS d' . "\n WHERE a." . $_CB_database->NameQuote( 'catid' ) . ' = b.' . $_CB_database->NameQuote( 'id' ) . "\n AND a." . $_CB_database->NameQuote( 'thread' ) . ' = c.' . $_CB_database->NameQuote( 'id' ) . "\n AND a." . $_CB_database->NameQuote( 'id' ) . ' = d.' . $_CB_database->NameQuote( 'mesid' ) . "\n AND a." . $_CB_database->NameQuote( 'hold' ) . ' = 0' . "\n AND b." . $_CB_database->NameQuote( 'published' ) . ' = 1' . "\n AND a." . $_CB_database->NameQuote( 'userid' ) . ' = ' . (int) $user->id . ( $categories != null ? "\n AND b." . $_CB_database->NameQuote( 'id' ) . " IN ( " . $categories . " )" : null ) . ( $pagingParams['fposts_search'] ? "\n AND ( a." . $_CB_database->NameQuote( 'subject' ) . " LIKE '%" . cbEscapeSQLsearch( cbGetEscaped( $pagingParams['fposts_search'] ) ) . "%' OR d." . $_CB_database->NameQuote( 'message' ) . " LIKE '%" . cbEscapeSQLsearch( $pagingParams['fposts_search'] ) . "%' )" : null ) . "\n ORDER BY " . $order ; $_CB_database->setQuery( $query, (int) ( $pagingParams['fposts_limitstart'] ? $pagingParams['fposts_limitstart'] : 0 ), (int) $postsNumber ); $posts = $_CB_database->loadObjectList(); return ( $posts ? $posts : null ); }
function saveField($option, $task) { global $_CB_database, $_CB_framework, $_POST, $_PLUGINS; if ($task == 'showField' || !(isset($_POST['oldtabid']) && isset($_POST['fieldid']))) { cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task={$task}")); return; } $this->_importNeeded(); $this->_importNeededSave(); $fieldOldTab = new moscomprofilerTabs($_CB_database); if (isset($_POST['oldtabid']) && $_POST['oldtabid']) { $fieldOldTab->load((int) $_POST['oldtabid']); // Check if user is a super user: if (!$_CB_framework->acl->amIaSuperAdmin()) { // Check if user belongs to useraccessgroupid: if (!in_array($fieldOldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user belongs to viewaccesslevel: if (!in_array($fieldOldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } } $fid = (int) $_POST['fieldid']; $row = new moscomprofilerFields($_CB_database); if ($fid) { // load the row from the db table if (!$row->load((int) $fid)) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Innexistant field')) . "'); window.history.go(-1);</script>\n"; exit; } $fieldTab = new moscomprofilerTabs($_CB_database); // load the row from the db table $fieldTab->load((int) $row->tabid); // Check if user is a super user: if (!$_CB_framework->acl->amIaSuperAdmin()) { // Check if user belongs to useraccessgroupid: if (!in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user belongs to viewaccesslevel: if (!in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } } $oldrow = new moscomprofilerFields($_CB_database); foreach (array_keys(get_object_vars($row)) as $k) { if (substr($k, 0, 1) != '_') { $oldrow->{$k} = $row->{$k}; } } $_PLUGINS->loadPluginGroup('user'); if (!$this->_prov_bind_CB_field($row, $fid)) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } // Set defaults if nothing is found // Also check if oldrow value to use its current value or default otherwise // This prevents a tab from storing to database with null values when some inputs are set disabled: if ($row->tabid == '') { $row->tabid = $oldrow->tabid != '' ? $oldrow->tabid : 11; } if ($row->profile == '') { $row->profile = $oldrow->profile != '' ? $oldrow->profile : 1; } if ($row->registration == '') { $row->registration = $oldrow->registration != '' ? $oldrow->registration : 1; } if ($row->published == '') { $row->published = $oldrow->published != '' ? $oldrow->published : 1; } if ($row->required == '') { $row->required = $oldrow->required != '' ? $oldrow->required : 0; } if ($row->readonly == '') { $row->readonly = $oldrow->readonly != '' ? $oldrow->readonly : 0; } if ($row->tablecolumns != '' && !in_array($row->type, array('password', 'userparams'))) { $searchable_default = 1; } else { $searchable_default = 0; } if ($row->searchable == '') { $row->searchable = $oldrow->searchable != '' ? $oldrow->searchable : $searchable_default; } // If the input is disabled we need to apply the default if the tabid isn't in POST: if (!isset($_POST['tabid'])) { $_POST['tabid'] = $row->tabid; } // Moved above check here just encase it ends up being empty: if ($task == 'showField' || !isset($_POST['tabid'])) { cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task={$task}")); return; } // in case the above changed perms.... really ? $fieldTab = new moscomprofilerTabs($_CB_database); $fieldTab->load((int) $row->tabid); // Check if user is a super user: if (!$_CB_framework->acl->amIaSuperAdmin()) { // Check if user belongs to useraccessgroupid: if (!in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user belongs to viewaccesslevel: if (!in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } if ($row->type == 'webaddress') { $row->rows = $_POST['webaddresstypes']; if (!($row->rows == 0 || $row->rows == 2)) { $row->rows = 0; } } if ($_POST['oldtabid'] != $_POST['tabid']) { if ($_POST['oldtabid'] !== '') { //Re-order old tab $sql = "UPDATE #__comprofiler_fields SET ordering = ordering-1 WHERE ordering > " . (int) $_POST['ordering'] . " AND tabid = " . (int) $_POST['oldtabid']; $_CB_database->setQuery($sql); $_CB_database->query(); } //Select Last Order in New Tab $sql = "SELECT MAX(ordering) FROM #__comprofiler_fields WHERE tabid=" . (int) $_POST['tabid']; $_CB_database->SetQuery($sql); $max = $_CB_database->LoadResult(); $row->ordering = max($max + 1, 1); } if (cbStartOfStringMatch($row->name, 'cb_')) { $row->name = str_replace(" ", "", strtolower($row->name)); } if (!$row->check()) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } // Check if user is a super user: if (!$_CB_framework->acl->amIaSuperAdmin()) { $canEditState = CBuser::getMyInstance()->authoriseAction('core.edit.state'); // Check if user belongs to useraccessgroupid if ($fieldTab->useraccessgroupid != '' && !in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user belongs to viewaccesslevel if ($fieldTab->viewaccesslevel != '' && !in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } // Check if user can edit status (and if not, that status are as expected): if (!$canEditState) { $failed = false; // Check if row exists and if tabid is different from existing row // Check if row doesn't exist and if tabid is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->tabid != '' && $oldrow->tabid != $row->tabid) || !$oldrow->fieldid && ($row->tabid != '' && $row->tabid != 11)) { $failed = true; } // Check if row exists and if profile is different from existing row // Check if row doesn't exist and if profile is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->profile != '' && $oldrow->profile != $row->profile) || !$oldrow->fieldid && ($row->profile != '' && $row->profile != 1)) { $failed = true; } // Check if row exists and if registration is different from existing row // Check if row doesn't exist and if registration is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->registration != '' && $oldrow->registration != $row->registration) || !$oldrow->fieldid && ($row->registration != '' && $row->registration != 1)) { $failed = true; } // Check if row exists and if published is different from existing row // Check if row doesn't exist and if published is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->published != '' && $oldrow->published != $row->published) || !$oldrow->fieldid && ($row->published != '' && $row->published != 1)) { $failed = true; } // Check if row exists and if required is different from existing row // Check if row doesn't exist and if required is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->required != '' && $oldrow->required != $row->required) || !$oldrow->fieldid && ($row->required != '' && $row->required != 0)) { $failed = true; } // Check if row exists and if readonly is different from existing row // Check if row doesn't exist and if readonly is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->readonly != '' && $oldrow->readonly != $row->readonly) || !$oldrow->fieldid && ($row->readonly != '' && $row->readonly != 0)) { $failed = true; } // Check if row exists and if searchable is different from existing row // Check if row doesn't exist and if searchable is different from default // Check if user can edit status: if ($oldrow->fieldid && ($row->searchable != '' && $oldrow->searchable != $row->searchable) || !$oldrow->fieldid && ($row->searchable != '' && $row->searchable != $searchable_default)) { $failed = true; } if ($failed) { echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n"; exit; } } } if (!$row->store((int) $fid)) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } $fieldNames = $_POST['vNames']; $j = 1; if ($row->fieldid > 0) { $_CB_database->setQuery("DELETE FROM #__comprofiler_field_values" . " WHERE fieldid = " . (int) $row->fieldid); if ($_CB_database->query() === false) { echo $_CB_database->getErrorMsg(); } } else { $_CB_database->setQuery("SELECT MAX(fieldid) FROM #__comprofiler_fields"); $maxID = $_CB_database->loadResult(); $row->fieldid = $maxID; echo $_CB_database->getErrorMsg(); } //for($i=0, $n=count( $fieldNames ); $i < $n; $i++) { foreach ($fieldNames as $fieldName) { if (trim($fieldName) != null || trim($fieldName) != '') { $_CB_database->setQuery("INSERT INTO #__comprofiler_field_values (fieldid,fieldtitle,ordering)" . " VALUES( " . (int) $row->fieldid . ",'" . cbGetEscaped(trim($fieldName)) . "', " . (int) $j . ")"); if ($_CB_database->query() === false) { echo $_CB_database->getErrorMsg(); } $j++; } } switch ($task) { case 'applyField': $msg = CBTxt::T('Successfully Saved changes to Field') . ': ' . $row->name; cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=editField&cid={$row->fieldid}"), $msg); break; case 'saveField': default: $msg = CBTxt::T('Successfully Saved Field') . ': ' . $row->name; cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=showField"), $msg); break; } }
/** * Puts users posts into array * * @param moscomprofilerUser $user * @param object $forum * @return object */ function getUserPosts($user, $forum) { global $_CB_framework, $_CB_database; $categories = $this->getAllowedCategories(null, $forum); $pagingParams = $this->_getPaging(array(), array('fposts_')); $postsNumber = $this->params->get('postsNumber', 10); if ($forum->prefix != 'kunena' || $forum->prefix == 'kunena' && !class_exists('KunenaForum')) { switch ($pagingParams['fposts_sortby']) { case 'subjectASC': $order = 'a.' . $_CB_database->NameQuote('subject') . ' ASC'; break; case 'subjectDESC': $order = 'a.' . $_CB_database->NameQuote('subject') . ' DESC'; break; case 'categoryASC': $order = 'b.' . $_CB_database->NameQuote('id') . ' ASC'; break; case 'categoryDESC': $order = 'b.' . $_CB_database->NameQuote('id') . ' DESC'; break; case 'hitsASC': $order = 'c.' . $_CB_database->NameQuote('hits') . ' ASC'; break; case 'hitsDESC': $order = 'c.' . $_CB_database->NameQuote('hits') . ' DESC'; break; case 'dateASC': $order = 'a.' . $_CB_database->NameQuote('time') . ' ASC'; break; case 'dateDESC': default: $order = 'a.' . $_CB_database->NameQuote('time') . ' DESC'; break; } if (strcasecmp(substr($forum->version, 0, 3), '1.7') >= 0) { $cbUser =& CBuser::getInstance((int) $user->id); if (!$cbUser) { $cbUser =& CBuser::getInstance(null); } $access = "\n AND ( ( b." . $_CB_database->NameQuote('access') . " IN ( " . implode(',', $cbUser->getAuthorisedViewLevelsIds(false)) . " )" . ' AND b.' . $_CB_database->NameQuote('accesstype') . ' = ' . $_CB_database->Quote('joomla.level') . ' )' . "\n OR ( b." . $_CB_database->NameQuote('pub_access') . " IN ( " . implode(',', $_CB_framework->acl->get_groups_below_me((int) $user->id, true)) . " )" . ' AND b.' . $_CB_database->NameQuote('accesstype') . ' = ' . $_CB_database->Quote('none') . ' )'; } else { $access = "\n AND ( b." . $_CB_database->NameQuote('pub_access') . " IN ( " . implode(',', $_CB_framework->acl->get_groups_below_me((int) $user->id, true)) . " )"; } $access .= $categories ? "\n OR b." . $_CB_database->NameQuote('id') . " IN ( " . implode(',', $categories) . " ) )" : ' )'; $query = 'SELECT a.*' . ', b.' . $_CB_database->NameQuote('id') . ' AS category' . ', b.' . $_CB_database->NameQuote('name') . ' AS catname' . ', c.' . $_CB_database->NameQuote('hits') . ' AS threadhits' . "\n FROM " . $_CB_database->NameQuote('#__' . $forum->prefix . '_messages') . " AS a" . "\n LEFT JOIN " . $_CB_database->NameQuote('#__' . $forum->prefix . '_categories') . " AS b" . ' ON a.' . $_CB_database->NameQuote('catid') . ' = b.' . $_CB_database->NameQuote('id') . "\n LEFT JOIN " . $_CB_database->NameQuote('#__' . $forum->prefix . '_messages') . " AS c" . ' ON a.' . $_CB_database->NameQuote('thread') . ' = c.' . $_CB_database->NameQuote('id') . "\n LEFT JOIN " . $_CB_database->NameQuote('#__' . $forum->prefix . '_messages_text') . " AS d" . ' ON a.' . $_CB_database->NameQuote('id') . ' = d.' . $_CB_database->NameQuote('mesid') . "\n WHERE a." . $_CB_database->NameQuote('hold') . " = 0" . "\n AND b." . $_CB_database->NameQuote('published') . " = 1" . "\n AND a." . $_CB_database->NameQuote('userid') . " = " . (int) $user->id . $access . ($pagingParams['fposts_search'] ? "\n AND ( a." . $_CB_database->NameQuote('subject') . " LIKE '%" . cbEscapeSQLsearch(cbGetEscaped($pagingParams['fposts_search'])) . "%' OR d." . $_CB_database->NameQuote('message') . " LIKE '%" . cbEscapeSQLsearch($pagingParams['fposts_search']) . "%' )" : null) . "\n ORDER BY " . $order; $_CB_database->setQuery($query, (int) ($pagingParams['fposts_limitstart'] ? $pagingParams['fposts_limitstart'] : 0), (int) $postsNumber); $posts = $_CB_database->loadObjectList(); } elseif (class_exists('KunenaForumMessageHelper')) { $where = array(); if (isset($pagingParams['fposts_search']) && $pagingParams['fposts_search'] != '') { $where[] = '( m.' . $_CB_database->NameQuote('subject') . ' LIKE ' . $_CB_database->Quote('%' . $_CB_database->getEscaped($pagingParams['fposts_search'], true) . '%', false) . ' OR t.' . $_CB_database->NameQuote('message') . ' LIKE ' . $_CB_database->Quote('%' . $_CB_database->getEscaped($pagingParams['fposts_search'], true) . '%', false) . ' )'; } switch ($pagingParams['fposts_sortby']) { case 'subjectASC': $order = 'm.' . $_CB_database->NameQuote('subject') . ' ASC'; break; case 'subjectDESC': $order = 'm.' . $_CB_database->NameQuote('subject') . ' DESC'; break; case 'categoryASC': $order = 'm.' . $_CB_database->NameQuote('catid') . ' ASC'; break; case 'categoryDESC': $order = 'm.' . $_CB_database->NameQuote('catid') . ' DESC'; break; case 'hitsASC': $order = 'm.' . $_CB_database->NameQuote('hits') . ' ASC'; break; case 'hitsDESC': $order = 'm.' . $_CB_database->NameQuote('hits') . ' DESC'; break; case 'dateASC': $order = 'm.' . $_CB_database->NameQuote('time') . ' ASC'; break; case 'dateDESC': default: $order = 'm.' . $_CB_database->NameQuote('time') . ' DESC'; break; } $params = array('user' => (int) $user->id, 'starttime' => -1, 'where' => count($where) ? implode(' AND ', $where) : null, 'orderby' => $order); $posts = array_pop(KunenaForumMessageHelper::getLatestMessages(false, (int) ($pagingParams['fposts_limitstart'] ? $pagingParams['fposts_limitstart'] : 0), (int) $postsNumber, $params)); if ($posts) { foreach ($posts as $k => $post) { $posts[$k]->set('category', $post->getCategory()->id); $posts[$k]->set('catname', $post->getCategory()->name); $posts[$k]->set('threadhits', $post->getTopic()->hits); } } } else { $posts = null; } return $posts; }
function saveConnection($connectionid, $desc = null, $contype = null) { global $_CB_database; $sql = "UPDATE #__comprofiler_members SET description='" . htmlspecialchars(cbGetEscaped($desc)) . "', type='" . htmlspecialchars(cbGetEscaped($contype)) . "' WHERE referenceid=" . (int) $this->referenceid . " AND memberid=" . (int) $connectionid; $_CB_database->SetQuery($sql); if (!$_CB_database->query()) { $this->_setErrorMSG("SQL error" . $_CB_database->stderr(true)); return 0; } return 1; }
function viewPlugins($option) { global $_CB_database, $_CB_framework; $limit = (int) $_CB_framework->getCfg('list_limit'); if ($limit == 0) { $limit = 10; } $limit = $_CB_framework->getUserStateFromRequest("viewlistlimit", 'limit', $limit); $lastCBlist = $_CB_framework->getUserState("view{$option}lastCBlist", null); if ($lastCBlist == 'showplugins') { $limitstart = $_CB_framework->getUserStateFromRequest("view{$option}limitstart", 'limitstart', 0); $lastSearch = $_CB_framework->getUserState("search{$option}", null); $search = $_CB_framework->getUserStateFromRequest("search{$option}", 'search', ''); if ($lastSearch != $search) { $limitstart = 0; $_CB_framework->setUserState("view{$option}limitstart", $limitstart); } $search = trim(strtolower($search)); $filter_type = $_CB_framework->getUserStateFromRequest("filter_type{$option}", 'filter_type', "0"); } else { clearSearchBox(); $search = ""; $limitstart = 0; $_CB_framework->setUserState("view{$option}limitstart", $limitstart); $_CB_framework->setUserState("view{$option}lastCBlist", "showplugins"); $filter_type = "0"; $_CB_framework->setUserState("filter_type{$option}", $filter_type); } $where = array(); // used by filter if ($filter_type) { $where[] = "m.type = '{$filter_type}'"; } if ($search) { $search = cbEscapeSQLsearch(trim(strtolower(cbGetEscaped($search)))); $where[] = "LOWER( m.name ) LIKE '%{$search}%'"; } if (!$_CB_framework->acl->amIaSuperAdmin()) { $viewAccessLevels = CBuser::getMyInstance()->getAuthorisedViewLevelsIds(true); $viewAccessLevelsCleaned = implode(',', cbArrayToInts($viewAccessLevels)); $where[] = 'm.access IN (' . $viewAccessLevelsCleaned . ')'; } // get the total number of records $query = "SELECT COUNT(*) FROM #__comprofiler_plugin AS m " . (count($where) ? "\n WHERE " . implode(' AND ', $where) : ''); $_CB_database->setQuery($query); $total = $_CB_database->loadResult(); if ($total <= $limitstart) { $limitstart = 0; } cbimport('cb.pagination'); $pageNav = new cbPageNav($total, $limitstart, $limit); if (checkJversion() == 2) { $title = 'title'; } else { $title = 'name'; } $query = "SELECT m.*, u.name AS editor, g.{$title} AS groupname" . "\n FROM #__comprofiler_plugin AS m" . "\n LEFT JOIN #__users AS u ON u.id = m.checked_out"; if (checkJversion() == 2) { $query .= "\n LEFT JOIN #__viewlevels AS g ON g.id = m.access + IF(m.access <= 2, 1, 0)"; // fix J1.6's wrong access levels, same as g.id = IF( m.access = 0, 1, IF( m.access = 1, 2, IF( m.access = 2, 3, m.access ) ) ) } else { $query .= "\n LEFT JOIN #__groups AS g ON g.id = m.access"; } $query .= (count($where) ? "\n WHERE " . implode(' AND ', $where) : '') . "\n GROUP BY m.id" . "\n ORDER BY m.type ASC, m.ordering ASC, m.name ASC"; $_CB_database->setQuery($query, (int) $pageNav->limitstart, (int) $pageNav->limit); $rows = $_CB_database->loadObjectList(); if ($_CB_database->getErrorNum()) { echo $_CB_database->stderr(); return false; } // get list of Positions for dropdown filter $query = "SELECT type AS value, type AS text" . "\n FROM #__comprofiler_plugin" . "\n GROUP BY type" . "\n ORDER BY type"; $types[] = moscomprofilerHTML::makeOption('0', !defined('_SEL_TYPE') ? '- ' . CBTxt::T('Select Type') . ' -' : _SEL_TYPE); // Mambo 4.5.1 Compatibility $_CB_database->setQuery($query); $types = array_merge($types, $_CB_database->loadObjectList()); $lists['type'] = moscomprofilerHTML::selectList($types, 'filter_type', 'class="inputbox" size="1" onchange="document.adminForm.submit( );"', 'value', 'text', $filter_type, 2); $canAdmin = CBuser::getMyInstance()->authoriseAction('core.admin'); $canEdit = CBuser::getMyInstance()->authoriseAction('core.edit'); $canEditState = CBuser::getMyInstance()->authoriseAction('core.edit.state'); HTML_comprofiler::showPlugins($rows, $pageNav, $option, $lists, $search, $canAdmin, $canEdit, $canEditState); return true; }
function saveField( $option, $task ) { global $_CB_database, $_CB_framework, $_POST, $_PLUGINS; if ( ( $task == 'showField' ) || ! ( isset( $_POST['oldtabid'] ) && isset( $_POST['tabid'] ) && isset( $_POST['fieldid'] ) ) ) { cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=$task" ) ); return; } $this->_importNeeded(); $this->_importNeededSave(); $fid = (int) $_POST['fieldid']; $row = new moscomprofilerFields( $_CB_database ); if ( $fid ) { // load the row from the db table if ( ! $row->load( (int) $fid ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Innexistant field') ) . "'); window.history.go(-1);</script>\n"; exit; } $fieldTab = new moscomprofilerTabs( $_CB_database ); // load the row from the db table $fieldTab->load( (int) $row->tabid ); if ( ! in_array( $fieldTab->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) ."'); window.history.go(-1);</script>\n"; exit; } } $_PLUGINS->loadPluginGroup( 'user' ); if ( ! $this->_prov_bind_CB_field( $row, $fid ) ) { echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit(); } // in case the above changed perms.... really ? $fieldTab = new moscomprofilerTabs( $_CB_database ); $fieldTab->load( (int) $row->tabid ); if ( ! in_array( $fieldTab->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) . "'); window.history.go(-1);</script>\n"; exit; } if ($row->type == 'webaddress') { $row->rows = $_POST['webaddresstypes']; if ( !(($row->rows == 0) || ($row->rows == 2)) ) { $row->rows = 0; } } if ( $_POST['oldtabid'] != $_POST['tabid'] ) { if ( $_POST['oldtabid'] !== '' ) { //Re-order old tab $sql = "UPDATE #__comprofiler_fields SET ordering = ordering-1 WHERE ordering > ".(int) $_POST['ordering']." AND tabid = ".(int) $_POST['oldtabid']; $_CB_database->setQuery($sql); $_CB_database->query(); } //Select Last Order in New Tab $sql = "SELECT MAX(ordering) FROM #__comprofiler_fields WHERE tabid=".(int) $_POST['tabid']; $_CB_database->SetQuery($sql); $max = $_CB_database->LoadResult(); $row->ordering = max( $max + 1, 1 ); } if ( cbStartOfStringMatch( $row->name, 'cb_' ) ) { $row->name = str_replace(" ", "", strtolower($row->name)); } if ( ! $row->check() ) { echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n"; exit(); } if ( ! $row->store( (int) $fid ) ) { echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n"; exit(); } $fieldNames = $_POST['vNames']; $j = 1; if( $row->fieldid > 0 ) { $_CB_database->setQuery( "DELETE FROM #__comprofiler_field_values" . " WHERE fieldid = " . (int) $row->fieldid ); if( $_CB_database->query() === false ) { echo $_CB_database->getErrorMsg(); } } else { $_CB_database->setQuery( "SELECT MAX(fieldid) FROM #__comprofiler_fields"); $maxID = $_CB_database->loadResult(); $row->fieldid = $maxID; echo $_CB_database->getErrorMsg(); } //for($i=0, $n=count( $fieldNames ); $i < $n; $i++) { foreach ($fieldNames as $fieldName) { if(trim($fieldName)!=null || trim($fieldName)!='') { $_CB_database->setQuery( "INSERT INTO #__comprofiler_field_values (fieldid,fieldtitle,ordering)" . " VALUES( " . (int) $row->fieldid . ",'".cbGetEscaped(trim($fieldName))."', " . (int) $j . ")" ); if ( $_CB_database->query() === false ) { echo $_CB_database->getErrorMsg(); } $j++; } } switch ( $task ) { case 'applyField': $msg = CBTxt::T('Successfully Saved changes to Field') . ': '. $row->name; cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=editField&cid=$row->fieldid" ), $msg ); break; case 'saveField': default: $msg = CBTxt::T('Successfully Saved Field') . ': '. $row->name; cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showField" ), $msg ); break; } }