function rejectUser($uids) {
global $_CB_framework, $_CB_database, $ueConfig, $_POST, $_PLUGINS;
$andItemid = getCBprofileItemid();
// simple spoof check security
cbSpoofCheck( 'pendingApprovalUsers' );
if($ueConfig['allowModUserApproval']==0) {
echo _UE_FUNCTIONALITY_DISABLED;
exit();
}
$isModerator=isModerator( $_CB_framework->myId() );
if (!$isModerator){
cbNotAuth();
return;
}
$cbNotification= new cbNotification();
foreach($uids AS $uid) {
$query = "SELECT * FROM #__comprofiler c, #__users u WHERE c.id=u.id AND c.id = " . (int) $uid;
$_CB_database->setQuery($query);
$user = $_CB_database->loadObjectList();
$row = $user[0];
$_PLUGINS->loadPluginGroup('user');
$_PLUGINS->trigger( 'onBeforeUserApproval', array($row,false));
if($_PLUGINS->is_errors()) {
cbRedirect( cbSef("index.php?option=$option&task=pendingApprovalUser".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $_PLUGINS->getErrorMSG(), 'error' );
return;
}
$sql="UPDATE #__comprofiler SET approved=2 WHERE id=" . (int) $uid;
$_CB_database->SetQuery($sql);
$_CB_database->query();
$_PLUGINS->trigger( 'onAfterUserApproval', array($row,false,true));
$cbNotification->sendFromSystem(cbGetEscaped($uid),_UE_REG_REJECT_SUB,sprintf(_UE_USERREJECT_MSG,$_CB_framework->getCfg( 'sitename' ), stripslashes( cbGetParam( $_POST, 'comment' . $uid, '' ) ) ) );
}
cbRedirect( cbSef( 'index.php?option=com_comprofiler&task=pendingApprovalUser' . $andItemid, false ),(count($uids))?count($uids)." "._UE_USERREJECT_SUCCESSFUL:"");
}
/**
* Puts users posts into array
*
* @param moscomprofilerUser $user
* @param object $forum
* @return object
*/
function getUserPosts( $user, $forum ) {
global $_CB_database;
$categories = $this->getAllowedCategories( $user, $forum );
$pagingParams = $this->_getPaging( array(), array( 'fposts_' ) );
$postsNumber = $this->params->get( 'postsNumber', 10 );
switch ( $pagingParams['fposts_sortby'] ) {
case 'subjectASC':
$order = 'a.' . $_CB_database->NameQuote( 'subject' ) . ' ASC';
break;
case 'subjectDESC':
$order = 'a.' . $_CB_database->NameQuote( 'subject' ) . ' DESC';
break;
case 'categoryASC':
$order = 'b.' . $_CB_database->NameQuote( 'id' ) . ' ASC';
break;
case 'categoryDESC':
$order = 'b.' . $_CB_database->NameQuote( 'id' ) . ' DESC';
break;
case 'hitsASC':
$order = 'c.' . $_CB_database->NameQuote( 'hits' ) . ' ASC';
break;
case 'hitsDESC':
$order = 'c.' . $_CB_database->NameQuote( 'hits' ) . ' DESC';
break;
case 'dateASC':
$order = 'a.' . $_CB_database->NameQuote( 'time' ) . ' ASC';
break;
case 'dateDESC':
default:
$order = 'a.' . $_CB_database->NameQuote( 'time' ) . ' DESC';
break;
}
$query = 'SELECT a.*'
. ', b.' . $_CB_database->NameQuote( 'id' ) . ' AS category'
. ', b.' . $_CB_database->NameQuote( 'name' ) . ' AS catname'
. ', c.' . $_CB_database->NameQuote( 'hits' ) . ' AS threadhits'
. "\n FROM " . $_CB_database->NameQuote( '#__' . $forum->prefix . '_messages' ) . ' AS a'
. ', ' . $_CB_database->NameQuote( '#__' . $forum->prefix . '_categories' ) . ' AS b'
. ', ' . $_CB_database->NameQuote( '#__' . $forum->prefix . '_messages' ) . ' AS c'
. ', ' . $_CB_database->NameQuote( '#__' . $forum->prefix . '_messages_text' ) . ' AS d'
. "\n WHERE a." . $_CB_database->NameQuote( 'catid' ) . ' = b.' . $_CB_database->NameQuote( 'id' )
. "\n AND a." . $_CB_database->NameQuote( 'thread' ) . ' = c.' . $_CB_database->NameQuote( 'id' )
. "\n AND a." . $_CB_database->NameQuote( 'id' ) . ' = d.' . $_CB_database->NameQuote( 'mesid' )
. "\n AND a." . $_CB_database->NameQuote( 'hold' ) . ' = 0'
. "\n AND b." . $_CB_database->NameQuote( 'published' ) . ' = 1'
. "\n AND a." . $_CB_database->NameQuote( 'userid' ) . ' = ' . (int) $user->id
. ( $categories != null ? "\n AND b." . $_CB_database->NameQuote( 'id' ) . " IN ( " . $categories . " )" : null )
. ( $pagingParams['fposts_search'] ? "\n AND ( a." . $_CB_database->NameQuote( 'subject' ) . " LIKE '%" . cbEscapeSQLsearch( cbGetEscaped( $pagingParams['fposts_search'] ) ) . "%' OR d." . $_CB_database->NameQuote( 'message' ) . " LIKE '%" . cbEscapeSQLsearch( $pagingParams['fposts_search'] ) . "%' )" : null )
. "\n ORDER BY " . $order
;
$_CB_database->setQuery( $query, (int) ( $pagingParams['fposts_limitstart'] ? $pagingParams['fposts_limitstart'] : 0 ), (int) $postsNumber );
$posts = $_CB_database->loadObjectList();
return ( $posts ? $posts : null );
}
function saveField($option, $task)
{
global $_CB_database, $_CB_framework, $_POST, $_PLUGINS;
if ($task == 'showField' || !(isset($_POST['oldtabid']) && isset($_POST['fieldid']))) {
cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task={$task}"));
return;
}
$this->_importNeeded();
$this->_importNeededSave();
$fieldOldTab = new moscomprofilerTabs($_CB_database);
if (isset($_POST['oldtabid']) && $_POST['oldtabid']) {
$fieldOldTab->load((int) $_POST['oldtabid']);
// Check if user is a super user:
if (!$_CB_framework->acl->amIaSuperAdmin()) {
// Check if user belongs to useraccessgroupid:
if (!in_array($fieldOldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
// Check if user belongs to viewaccesslevel:
if (!in_array($fieldOldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
}
}
$fid = (int) $_POST['fieldid'];
$row = new moscomprofilerFields($_CB_database);
if ($fid) {
// load the row from the db table
if (!$row->load((int) $fid)) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Innexistant field')) . "'); window.history.go(-1);</script>\n";
exit;
}
$fieldTab = new moscomprofilerTabs($_CB_database);
// load the row from the db table
$fieldTab->load((int) $row->tabid);
// Check if user is a super user:
if (!$_CB_framework->acl->amIaSuperAdmin()) {
// Check if user belongs to useraccessgroupid:
if (!in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
// Check if user belongs to viewaccesslevel:
if (!in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
}
}
$oldrow = new moscomprofilerFields($_CB_database);
foreach (array_keys(get_object_vars($row)) as $k) {
if (substr($k, 0, 1) != '_') {
$oldrow->{$k} = $row->{$k};
}
}
$_PLUGINS->loadPluginGroup('user');
if (!$this->_prov_bind_CB_field($row, $fid)) {
echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
// Set defaults if nothing is found
// Also check if oldrow value to use its current value or default otherwise
// This prevents a tab from storing to database with null values when some inputs are set disabled:
if ($row->tabid == '') {
$row->tabid = $oldrow->tabid != '' ? $oldrow->tabid : 11;
}
if ($row->profile == '') {
$row->profile = $oldrow->profile != '' ? $oldrow->profile : 1;
}
if ($row->registration == '') {
$row->registration = $oldrow->registration != '' ? $oldrow->registration : 1;
}
if ($row->published == '') {
$row->published = $oldrow->published != '' ? $oldrow->published : 1;
}
if ($row->required == '') {
$row->required = $oldrow->required != '' ? $oldrow->required : 0;
}
if ($row->readonly == '') {
$row->readonly = $oldrow->readonly != '' ? $oldrow->readonly : 0;
}
if ($row->tablecolumns != '' && !in_array($row->type, array('password', 'userparams'))) {
$searchable_default = 1;
} else {
$searchable_default = 0;
}
if ($row->searchable == '') {
$row->searchable = $oldrow->searchable != '' ? $oldrow->searchable : $searchable_default;
}
// If the input is disabled we need to apply the default if the tabid isn't in POST:
if (!isset($_POST['tabid'])) {
$_POST['tabid'] = $row->tabid;
}
// Moved above check here just encase it ends up being empty:
if ($task == 'showField' || !isset($_POST['tabid'])) {
cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task={$task}"));
return;
}
// in case the above changed perms.... really ?
$fieldTab = new moscomprofilerTabs($_CB_database);
$fieldTab->load((int) $row->tabid);
// Check if user is a super user:
if (!$_CB_framework->acl->amIaSuperAdmin()) {
// Check if user belongs to useraccessgroupid:
if (!in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
// Check if user belongs to viewaccesslevel:
if (!in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
}
if ($row->type == 'webaddress') {
$row->rows = $_POST['webaddresstypes'];
if (!($row->rows == 0 || $row->rows == 2)) {
$row->rows = 0;
}
}
if ($_POST['oldtabid'] != $_POST['tabid']) {
if ($_POST['oldtabid'] !== '') {
//Re-order old tab
$sql = "UPDATE #__comprofiler_fields SET ordering = ordering-1 WHERE ordering > " . (int) $_POST['ordering'] . " AND tabid = " . (int) $_POST['oldtabid'];
$_CB_database->setQuery($sql);
$_CB_database->query();
}
//Select Last Order in New Tab
$sql = "SELECT MAX(ordering) FROM #__comprofiler_fields WHERE tabid=" . (int) $_POST['tabid'];
$_CB_database->SetQuery($sql);
$max = $_CB_database->LoadResult();
$row->ordering = max($max + 1, 1);
}
if (cbStartOfStringMatch($row->name, 'cb_')) {
$row->name = str_replace(" ", "", strtolower($row->name));
}
if (!$row->check()) {
echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
exit;
}
// Check if user is a super user:
if (!$_CB_framework->acl->amIaSuperAdmin()) {
$canEditState = CBuser::getMyInstance()->authoriseAction('core.edit.state');
// Check if user belongs to useraccessgroupid
if ($fieldTab->useraccessgroupid != '' && !in_array($fieldTab->useraccessgroupid, $_CB_framework->acl->get_groups_below_me(null, true))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
// Check if user belongs to viewaccesslevel
if ($fieldTab->viewaccesslevel != '' && !in_array($fieldTab->viewaccesslevel, CBuser::getMyInstance()->getAuthorisedViewLevelsIds(false))) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
// Check if user can edit status (and if not, that status are as expected):
if (!$canEditState) {
$failed = false;
// Check if row exists and if tabid is different from existing row
// Check if row doesn't exist and if tabid is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->tabid != '' && $oldrow->tabid != $row->tabid) || !$oldrow->fieldid && ($row->tabid != '' && $row->tabid != 11)) {
$failed = true;
}
// Check if row exists and if profile is different from existing row
// Check if row doesn't exist and if profile is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->profile != '' && $oldrow->profile != $row->profile) || !$oldrow->fieldid && ($row->profile != '' && $row->profile != 1)) {
$failed = true;
}
// Check if row exists and if registration is different from existing row
// Check if row doesn't exist and if registration is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->registration != '' && $oldrow->registration != $row->registration) || !$oldrow->fieldid && ($row->registration != '' && $row->registration != 1)) {
$failed = true;
}
// Check if row exists and if published is different from existing row
// Check if row doesn't exist and if published is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->published != '' && $oldrow->published != $row->published) || !$oldrow->fieldid && ($row->published != '' && $row->published != 1)) {
$failed = true;
}
// Check if row exists and if required is different from existing row
// Check if row doesn't exist and if required is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->required != '' && $oldrow->required != $row->required) || !$oldrow->fieldid && ($row->required != '' && $row->required != 0)) {
$failed = true;
}
// Check if row exists and if readonly is different from existing row
// Check if row doesn't exist and if readonly is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->readonly != '' && $oldrow->readonly != $row->readonly) || !$oldrow->fieldid && ($row->readonly != '' && $row->readonly != 0)) {
$failed = true;
}
// Check if row exists and if searchable is different from existing row
// Check if row doesn't exist and if searchable is different from default
// Check if user can edit status:
if ($oldrow->fieldid && ($row->searchable != '' && $oldrow->searchable != $row->searchable) || !$oldrow->fieldid && ($row->searchable != '' && $row->searchable != $searchable_default)) {
$failed = true;
}
if ($failed) {
echo "<script type=\"text/javascript\"> alert('" . addslashes(CBTxt::T('Unauthorized Access')) . "'); window.history.go(-1);</script>\n";
exit;
}
}
}
if (!$row->store((int) $fid)) {
echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
exit;
}
$fieldNames = $_POST['vNames'];
$j = 1;
if ($row->fieldid > 0) {
$_CB_database->setQuery("DELETE FROM #__comprofiler_field_values" . " WHERE fieldid = " . (int) $row->fieldid);
if ($_CB_database->query() === false) {
echo $_CB_database->getErrorMsg();
}
} else {
$_CB_database->setQuery("SELECT MAX(fieldid) FROM #__comprofiler_fields");
$maxID = $_CB_database->loadResult();
$row->fieldid = $maxID;
echo $_CB_database->getErrorMsg();
}
//for($i=0, $n=count( $fieldNames ); $i < $n; $i++) {
foreach ($fieldNames as $fieldName) {
if (trim($fieldName) != null || trim($fieldName) != '') {
$_CB_database->setQuery("INSERT INTO #__comprofiler_field_values (fieldid,fieldtitle,ordering)" . " VALUES( " . (int) $row->fieldid . ",'" . cbGetEscaped(trim($fieldName)) . "', " . (int) $j . ")");
if ($_CB_database->query() === false) {
echo $_CB_database->getErrorMsg();
}
$j++;
}
}
switch ($task) {
case 'applyField':
$msg = CBTxt::T('Successfully Saved changes to Field') . ': ' . $row->name;
cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=editField&cid={$row->fieldid}"), $msg);
break;
case 'saveField':
default:
$msg = CBTxt::T('Successfully Saved Field') . ': ' . $row->name;
cbRedirect($_CB_framework->backendUrl("index.php?option={$option}&task=showField"), $msg);
break;
}
}
/**
* Puts users posts into array
*
* @param moscomprofilerUser $user
* @param object $forum
* @return object
*/
function getUserPosts($user, $forum)
{
global $_CB_framework, $_CB_database;
$categories = $this->getAllowedCategories(null, $forum);
$pagingParams = $this->_getPaging(array(), array('fposts_'));
$postsNumber = $this->params->get('postsNumber', 10);
if ($forum->prefix != 'kunena' || $forum->prefix == 'kunena' && !class_exists('KunenaForum')) {
switch ($pagingParams['fposts_sortby']) {
case 'subjectASC':
$order = 'a.' . $_CB_database->NameQuote('subject') . ' ASC';
break;
case 'subjectDESC':
$order = 'a.' . $_CB_database->NameQuote('subject') . ' DESC';
break;
case 'categoryASC':
$order = 'b.' . $_CB_database->NameQuote('id') . ' ASC';
break;
case 'categoryDESC':
$order = 'b.' . $_CB_database->NameQuote('id') . ' DESC';
break;
case 'hitsASC':
$order = 'c.' . $_CB_database->NameQuote('hits') . ' ASC';
break;
case 'hitsDESC':
$order = 'c.' . $_CB_database->NameQuote('hits') . ' DESC';
break;
case 'dateASC':
$order = 'a.' . $_CB_database->NameQuote('time') . ' ASC';
break;
case 'dateDESC':
default:
$order = 'a.' . $_CB_database->NameQuote('time') . ' DESC';
break;
}
if (strcasecmp(substr($forum->version, 0, 3), '1.7') >= 0) {
$cbUser =& CBuser::getInstance((int) $user->id);
if (!$cbUser) {
$cbUser =& CBuser::getInstance(null);
}
$access = "\n AND ( ( b." . $_CB_database->NameQuote('access') . " IN ( " . implode(',', $cbUser->getAuthorisedViewLevelsIds(false)) . " )" . ' AND b.' . $_CB_database->NameQuote('accesstype') . ' = ' . $_CB_database->Quote('joomla.level') . ' )' . "\n OR ( b." . $_CB_database->NameQuote('pub_access') . " IN ( " . implode(',', $_CB_framework->acl->get_groups_below_me((int) $user->id, true)) . " )" . ' AND b.' . $_CB_database->NameQuote('accesstype') . ' = ' . $_CB_database->Quote('none') . ' )';
} else {
$access = "\n AND ( b." . $_CB_database->NameQuote('pub_access') . " IN ( " . implode(',', $_CB_framework->acl->get_groups_below_me((int) $user->id, true)) . " )";
}
$access .= $categories ? "\n OR b." . $_CB_database->NameQuote('id') . " IN ( " . implode(',', $categories) . " ) )" : ' )';
$query = 'SELECT a.*' . ', b.' . $_CB_database->NameQuote('id') . ' AS category' . ', b.' . $_CB_database->NameQuote('name') . ' AS catname' . ', c.' . $_CB_database->NameQuote('hits') . ' AS threadhits' . "\n FROM " . $_CB_database->NameQuote('#__' . $forum->prefix . '_messages') . " AS a" . "\n LEFT JOIN " . $_CB_database->NameQuote('#__' . $forum->prefix . '_categories') . " AS b" . ' ON a.' . $_CB_database->NameQuote('catid') . ' = b.' . $_CB_database->NameQuote('id') . "\n LEFT JOIN " . $_CB_database->NameQuote('#__' . $forum->prefix . '_messages') . " AS c" . ' ON a.' . $_CB_database->NameQuote('thread') . ' = c.' . $_CB_database->NameQuote('id') . "\n LEFT JOIN " . $_CB_database->NameQuote('#__' . $forum->prefix . '_messages_text') . " AS d" . ' ON a.' . $_CB_database->NameQuote('id') . ' = d.' . $_CB_database->NameQuote('mesid') . "\n WHERE a." . $_CB_database->NameQuote('hold') . " = 0" . "\n AND b." . $_CB_database->NameQuote('published') . " = 1" . "\n AND a." . $_CB_database->NameQuote('userid') . " = " . (int) $user->id . $access . ($pagingParams['fposts_search'] ? "\n AND ( a." . $_CB_database->NameQuote('subject') . " LIKE '%" . cbEscapeSQLsearch(cbGetEscaped($pagingParams['fposts_search'])) . "%' OR d." . $_CB_database->NameQuote('message') . " LIKE '%" . cbEscapeSQLsearch($pagingParams['fposts_search']) . "%' )" : null) . "\n ORDER BY " . $order;
$_CB_database->setQuery($query, (int) ($pagingParams['fposts_limitstart'] ? $pagingParams['fposts_limitstart'] : 0), (int) $postsNumber);
$posts = $_CB_database->loadObjectList();
} elseif (class_exists('KunenaForumMessageHelper')) {
$where = array();
if (isset($pagingParams['fposts_search']) && $pagingParams['fposts_search'] != '') {
$where[] = '( m.' . $_CB_database->NameQuote('subject') . ' LIKE ' . $_CB_database->Quote('%' . $_CB_database->getEscaped($pagingParams['fposts_search'], true) . '%', false) . ' OR t.' . $_CB_database->NameQuote('message') . ' LIKE ' . $_CB_database->Quote('%' . $_CB_database->getEscaped($pagingParams['fposts_search'], true) . '%', false) . ' )';
}
switch ($pagingParams['fposts_sortby']) {
case 'subjectASC':
$order = 'm.' . $_CB_database->NameQuote('subject') . ' ASC';
break;
case 'subjectDESC':
$order = 'm.' . $_CB_database->NameQuote('subject') . ' DESC';
break;
case 'categoryASC':
$order = 'm.' . $_CB_database->NameQuote('catid') . ' ASC';
break;
case 'categoryDESC':
$order = 'm.' . $_CB_database->NameQuote('catid') . ' DESC';
break;
case 'hitsASC':
$order = 'm.' . $_CB_database->NameQuote('hits') . ' ASC';
break;
case 'hitsDESC':
$order = 'm.' . $_CB_database->NameQuote('hits') . ' DESC';
break;
case 'dateASC':
$order = 'm.' . $_CB_database->NameQuote('time') . ' ASC';
break;
case 'dateDESC':
default:
$order = 'm.' . $_CB_database->NameQuote('time') . ' DESC';
break;
}
$params = array('user' => (int) $user->id, 'starttime' => -1, 'where' => count($where) ? implode(' AND ', $where) : null, 'orderby' => $order);
$posts = array_pop(KunenaForumMessageHelper::getLatestMessages(false, (int) ($pagingParams['fposts_limitstart'] ? $pagingParams['fposts_limitstart'] : 0), (int) $postsNumber, $params));
if ($posts) {
foreach ($posts as $k => $post) {
$posts[$k]->set('category', $post->getCategory()->id);
$posts[$k]->set('catname', $post->getCategory()->name);
$posts[$k]->set('threadhits', $post->getTopic()->hits);
}
}
} else {
$posts = null;
}
return $posts;
}
function saveConnection($connectionid, $desc = null, $contype = null)
{
global $_CB_database;
$sql = "UPDATE #__comprofiler_members SET description='" . htmlspecialchars(cbGetEscaped($desc)) . "', type='" . htmlspecialchars(cbGetEscaped($contype)) . "' WHERE referenceid=" . (int) $this->referenceid . " AND memberid=" . (int) $connectionid;
$_CB_database->SetQuery($sql);
if (!$_CB_database->query()) {
$this->_setErrorMSG("SQL error" . $_CB_database->stderr(true));
return 0;
}
return 1;
}
function viewPlugins($option)
{
global $_CB_database, $_CB_framework;
$limit = (int) $_CB_framework->getCfg('list_limit');
if ($limit == 0) {
$limit = 10;
}
$limit = $_CB_framework->getUserStateFromRequest("viewlistlimit", 'limit', $limit);
$lastCBlist = $_CB_framework->getUserState("view{$option}lastCBlist", null);
if ($lastCBlist == 'showplugins') {
$limitstart = $_CB_framework->getUserStateFromRequest("view{$option}limitstart", 'limitstart', 0);
$lastSearch = $_CB_framework->getUserState("search{$option}", null);
$search = $_CB_framework->getUserStateFromRequest("search{$option}", 'search', '');
if ($lastSearch != $search) {
$limitstart = 0;
$_CB_framework->setUserState("view{$option}limitstart", $limitstart);
}
$search = trim(strtolower($search));
$filter_type = $_CB_framework->getUserStateFromRequest("filter_type{$option}", 'filter_type', "0");
} else {
clearSearchBox();
$search = "";
$limitstart = 0;
$_CB_framework->setUserState("view{$option}limitstart", $limitstart);
$_CB_framework->setUserState("view{$option}lastCBlist", "showplugins");
$filter_type = "0";
$_CB_framework->setUserState("filter_type{$option}", $filter_type);
}
$where = array();
// used by filter
if ($filter_type) {
$where[] = "m.type = '{$filter_type}'";
}
if ($search) {
$search = cbEscapeSQLsearch(trim(strtolower(cbGetEscaped($search))));
$where[] = "LOWER( m.name ) LIKE '%{$search}%'";
}
if (!$_CB_framework->acl->amIaSuperAdmin()) {
$viewAccessLevels = CBuser::getMyInstance()->getAuthorisedViewLevelsIds(true);
$viewAccessLevelsCleaned = implode(',', cbArrayToInts($viewAccessLevels));
$where[] = 'm.access IN (' . $viewAccessLevelsCleaned . ')';
}
// get the total number of records
$query = "SELECT COUNT(*) FROM #__comprofiler_plugin AS m " . (count($where) ? "\n WHERE " . implode(' AND ', $where) : '');
$_CB_database->setQuery($query);
$total = $_CB_database->loadResult();
if ($total <= $limitstart) {
$limitstart = 0;
}
cbimport('cb.pagination');
$pageNav = new cbPageNav($total, $limitstart, $limit);
if (checkJversion() == 2) {
$title = 'title';
} else {
$title = 'name';
}
$query = "SELECT m.*, u.name AS editor, g.{$title} AS groupname" . "\n FROM #__comprofiler_plugin AS m" . "\n LEFT JOIN #__users AS u ON u.id = m.checked_out";
if (checkJversion() == 2) {
$query .= "\n LEFT JOIN #__viewlevels AS g ON g.id = m.access + IF(m.access <= 2, 1, 0)";
// fix J1.6's wrong access levels, same as g.id = IF( m.access = 0, 1, IF( m.access = 1, 2, IF( m.access = 2, 3, m.access ) ) )
} else {
$query .= "\n LEFT JOIN #__groups AS g ON g.id = m.access";
}
$query .= (count($where) ? "\n WHERE " . implode(' AND ', $where) : '') . "\n GROUP BY m.id" . "\n ORDER BY m.type ASC, m.ordering ASC, m.name ASC";
$_CB_database->setQuery($query, (int) $pageNav->limitstart, (int) $pageNav->limit);
$rows = $_CB_database->loadObjectList();
if ($_CB_database->getErrorNum()) {
echo $_CB_database->stderr();
return false;
}
// get list of Positions for dropdown filter
$query = "SELECT type AS value, type AS text" . "\n FROM #__comprofiler_plugin" . "\n GROUP BY type" . "\n ORDER BY type";
$types[] = moscomprofilerHTML::makeOption('0', !defined('_SEL_TYPE') ? '- ' . CBTxt::T('Select Type') . ' -' : _SEL_TYPE);
// Mambo 4.5.1 Compatibility
$_CB_database->setQuery($query);
$types = array_merge($types, $_CB_database->loadObjectList());
$lists['type'] = moscomprofilerHTML::selectList($types, 'filter_type', 'class="inputbox" size="1" onchange="document.adminForm.submit( );"', 'value', 'text', $filter_type, 2);
$canAdmin = CBuser::getMyInstance()->authoriseAction('core.admin');
$canEdit = CBuser::getMyInstance()->authoriseAction('core.edit');
$canEditState = CBuser::getMyInstance()->authoriseAction('core.edit.state');
HTML_comprofiler::showPlugins($rows, $pageNav, $option, $lists, $search, $canAdmin, $canEdit, $canEditState);
return true;
}
function saveField( $option, $task ) {
global $_CB_database, $_CB_framework, $_POST, $_PLUGINS;
if ( ( $task == 'showField' ) || ! ( isset( $_POST['oldtabid'] ) && isset( $_POST['tabid'] ) && isset( $_POST['fieldid'] ) ) ) {
cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=$task" ) );
return;
}
$this->_importNeeded();
$this->_importNeededSave();
$fid = (int) $_POST['fieldid'];
$row = new moscomprofilerFields( $_CB_database );
if ( $fid ) {
// load the row from the db table
if ( ! $row->load( (int) $fid ) ) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Innexistant field') ) . "'); window.history.go(-1);</script>\n";
exit;
}
$fieldTab = new moscomprofilerTabs( $_CB_database );
// load the row from the db table
$fieldTab->load( (int) $row->tabid );
if ( ! in_array( $fieldTab->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) ."'); window.history.go(-1);</script>\n";
exit;
}
}
$_PLUGINS->loadPluginGroup( 'user' );
if ( ! $this->_prov_bind_CB_field( $row, $fid ) ) {
echo "<script type=\"text/javascript\"> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit();
}
// in case the above changed perms.... really ?
$fieldTab = new moscomprofilerTabs( $_CB_database );
$fieldTab->load( (int) $row->tabid );
if ( ! in_array( $fieldTab->useraccessgroupid, getChildGIDS( userGID( $_CB_framework->myId() ) ) ) ) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Unauthorized Access') ) . "'); window.history.go(-1);</script>\n";
exit;
}
if ($row->type == 'webaddress') {
$row->rows = $_POST['webaddresstypes'];
if ( !(($row->rows == 0) || ($row->rows == 2)) ) {
$row->rows = 0;
}
}
if ( $_POST['oldtabid'] != $_POST['tabid'] ) {
if ( $_POST['oldtabid'] !== '' ) {
//Re-order old tab
$sql = "UPDATE #__comprofiler_fields SET ordering = ordering-1 WHERE ordering > ".(int) $_POST['ordering']." AND tabid = ".(int) $_POST['oldtabid'];
$_CB_database->setQuery($sql);
$_CB_database->query();
}
//Select Last Order in New Tab
$sql = "SELECT MAX(ordering) FROM #__comprofiler_fields WHERE tabid=".(int) $_POST['tabid'];
$_CB_database->SetQuery($sql);
$max = $_CB_database->LoadResult();
$row->ordering = max( $max + 1, 1 );
}
if ( cbStartOfStringMatch( $row->name, 'cb_' ) ) {
$row->name = str_replace(" ", "", strtolower($row->name));
}
if ( ! $row->check() ) {
echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n";
exit();
}
if ( ! $row->store( (int) $fid ) ) {
echo "<script type=\"text/javascript\"> alert('".$row->getError()."'); window.history.go(-2); </script>\n";
exit();
}
$fieldNames = $_POST['vNames'];
$j = 1;
if( $row->fieldid > 0 ) {
$_CB_database->setQuery( "DELETE FROM #__comprofiler_field_values"
. " WHERE fieldid = " . (int) $row->fieldid );
if( $_CB_database->query() === false ) {
echo $_CB_database->getErrorMsg();
}
} else {
$_CB_database->setQuery( "SELECT MAX(fieldid) FROM #__comprofiler_fields");
$maxID = $_CB_database->loadResult();
$row->fieldid = $maxID;
echo $_CB_database->getErrorMsg();
}
//for($i=0, $n=count( $fieldNames ); $i < $n; $i++) {
foreach ($fieldNames as $fieldName) {
if(trim($fieldName)!=null || trim($fieldName)!='') {
$_CB_database->setQuery( "INSERT INTO #__comprofiler_field_values (fieldid,fieldtitle,ordering)"
. " VALUES( " . (int) $row->fieldid . ",'".cbGetEscaped(trim($fieldName))."', " . (int) $j . ")"
);
if ( $_CB_database->query() === false ) {
echo $_CB_database->getErrorMsg();
}
$j++;
}
}
switch ( $task ) {
case 'applyField':
$msg = CBTxt::T('Successfully Saved changes to Field') . ': '. $row->name;
cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=editField&cid=$row->fieldid" ), $msg );
break;
case 'saveField':
default:
$msg = CBTxt::T('Successfully Saved Field') . ': '. $row->name;
cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showField" ), $msg );
break;
}
}
