/**
* Outputs search format including $html being html with input fields
*
* @param moscomprofilerFields $field
* @param moscomprofilerUser $user
* @param string $html
* @param string $type 'text', 'choice', 'isisnot', 'none'
* @param int $list_compare_types IF reason == 'search' : 0 : simple 'is' search, 1 : advanced search with modes, 2 : simple 'any' search
* @param string $class Extra-class (e.g. for jQuery)
* @return string
*/
function _fieldSearchModeHtml(&$field, &$user, $html, $type, $list_compare_types, $class = '')
{
switch ($list_compare_types) {
case 1:
// Advanced: all possibilities:
$col = $field->name . '__srmch';
$selected = $user->get($col);
switch ($type) {
case 'text':
$choices = array('is' => _UE_MATCH_IS_EXACTLY, 'phrase' => _UE_MATCH_PHRASE, 'all' => _UE_MATCH_ALL, 'any' => _UE_MATCH_ANY, '-' => _UE_MATCH_EXCLUSIONS . ':', 'isnot' => _UE_MATCH_IS_EXACTLY_NOT, 'phrasenot' => _UE_MATCH_PHRASE_NOT, 'allnot' => _UE_MATCH_ALL_NOT, 'anynot' => _UE_MATCH_ANY_NOT);
break;
case 'singlechoice':
$choices = array('is' => _UE_MATCH_IS, 'anyis' => _UE_MATCH_IS_ONE_OF, '-' => _UE_MATCH_EXCLUSIONS . ':', 'isnot' => _UE_MATCH_IS_NOT, 'anyisnot' => _UE_MATCH_IS_NOT_ONE_OF);
break;
case 'multiplechoice':
$choices = array('is' => _UE_MATCH_ARE_EXACTLY, 'all' => _UE_MATCH_INCLUDE_ALL_OF, 'any' => _UE_MATCH_INCLUDE_ANY_OF, '-' => _UE_MATCH_EXCLUSIONS . ':', 'isnot' => _UE_MATCH_ARE_EXACTLY_NOT, 'allnot' => _UE_MATCH_INCLUDE_ALL_OF_NOT, 'anynot' => _UE_MATCH_INCLUDE_ANY_OF_NOT);
break;
case 'isisnot':
$choices = array('is' => _UE_MATCH_IS, '-' => _UE_MATCH_EXCLUSIONS . ':', 'isnot' => _UE_MATCH_IS_NOT);
break;
case 'none':
default:
$choices = null;
break;
}
if ($choices !== null) {
$drop = array();
$drop[] = moscomprofilerHTML::makeOption('', _UE_NO_PREFERENCE);
$group = false;
foreach ($choices as $k => $v) {
if ($k == '-') {
$drop[] = moscomprofilerHTML::makeOptGroup($v);
$group = true;
} else {
$drop[] = moscomprofilerHTML::makeOption($k, $v);
}
}
if ($group) {
$drop[] = moscomprofilerHTML::makeOptGroup(null);
}
$additional = ' class="inputbox"';
$list = moscomprofilerHTML::selectList($drop, $field->name . '__srmch', $additional, 'value', 'text', $selected, 1);
} else {
$list = null;
}
$return = '<div class="cbSearchContainer cbSearchAdvanced">' . ($list ? '<div class="cbSearchKind">' . $list . '</div>' : '') . '<div class="cbSearchCriteria' . ($class ? ' ' . $class : '') . '">' . $html . '</div>' . '</div>';
break;
case 2:
// Simple "contains" and ranges:
// Simple "contains" and ranges:
case 0:
default:
// Simple: Only 'is' and ranges:
$return = '<div class="cbSearchContainer cbSearchSimple">' . '<div class="cbSearchCriteria' . ($class ? ' ' . $class : '') . '">' . $html . '</div>' . '</div>';
break;
}
return $return;
}
function get_users_permission($user_ids, $action, $allow_myself = false)
{
global $_CB_database, $_CB_framework;
$msg = null;
if (is_array($user_ids) && count($user_ids)) {
$obj = new moscomprofilerUser($_CB_database);
foreach ($user_ids as $user_id) {
if ($user_id != 0) {
if ($obj->load((int) $user_id)) {
if (checkJversion() >= 2) {
$groups = $this->get_object_groups($user_id);
} elseif (checkJversion() == 1) {
$aro_id = $this->get_object_id('users', $user_id, 'ARO');
$groups = $this->get_object_groups($aro_id, 'ARO');
} else {
$groups = $this->get_object_groups('users', $user_id, 'ARO');
}
if (isset($groups[0])) {
$this_group = strtolower($this->get_group_name($groups[0], 'ARO'));
} else {
$this_group = 'Registered';
}
} else {
$msg .= 'User not found. ';
}
} else {
$this_group = 'Registered';
$obj->gid = $this->get_group_id($this_group, 'ARO');
$obj->gids = $this->get_groups_below_me($user_id, true);
}
if ($user_id == $_CB_framework->myId()) {
if (!$allow_myself) {
$msg .= "You cannot {$action} Yourself! ";
}
} else {
if (checkJversion() >= 2) {
if (!$this->amIaSuperAdmin()) {
$userGroups = $this->get_object_groups($user_id);
$myGroups = $this->get_object_groups($_CB_framework->myId());
$myCBuser = CBuser::getMyInstance();
$iAmAdmin = $myCBuser->authoriseAction('core.manage', 'com_users') && $myCBuser->authoriseAction('core.edit', 'com_users');
$exactGids = !$iAmAdmin;
$myGidsTree = $this->get_groups_below_me($_CB_framework->myId(), true, $exactGids);
$isHeSAdmin = $this->amIaSuperAdmin((int) $user_id);
if (array_values($userGroups) == array_values($myGroups) && !$iAmAdmin || $user_id && $userGroups && !array_intersect($userGroups, $myGidsTree) || $isHeSAdmin) {
$msg .= "You cannot {$action} a `{$this_group}`. Only higher-level users have this power. ";
}
}
} else {
$myGid = $this->get_user_group_id($_CB_framework->myId());
$cms_admins = $this->mapGroupNamesToValues(array('Administrator', 'Superadministrator'));
$cms_super_admin = $this->mapGroupNamesToValues('Superadministrator');
if ($myGid != $cms_super_admin) {
if ($obj->gid == $myGid && !in_array($myGid, $cms_admins) || $user_id && $obj->gid && !in_array($obj->gid, $this->get_group_children_ids($myGid))) {
$msg .= "You cannot {$action} a `{$this_group}`. Only higher-level users have this power. ";
}
}
}
}
}
} else {
$this_group = 'Registered';
$gid = $this->get_group_id($this_group, 'ARO');
if ($user_ids == $_CB_framework->myId()) {
if (!$allow_myself) {
$msg .= "You cannot {$action} Yourself! ";
}
} else {
if (checkJversion() >= 2) {
if (!$this->amIaSuperAdmin()) {
$userGroups = $this->get_object_groups($user_ids);
$myGroups = $this->get_object_groups($_CB_framework->myId());
$myCBuser = CBuser::getMyInstance();
$iAmAdmin = $myCBuser->authoriseAction('core.manage', 'com_users') && $myCBuser->authoriseAction('core.edit', 'com_users');
$exactGids = !$iAmAdmin;
$myGidsTree = $this->get_groups_below_me($_CB_framework->myId(), true, $exactGids);
$isHeSAdmin = $this->amIaSuperAdmin((int) $user_ids);
if (array_values($userGroups) == array_values($myGroups) && !$iAmAdmin || $user_ids && $userGroups && !array_intersect($userGroups, $myGidsTree) || $isHeSAdmin) {
$msg .= "You cannot {$action} a `{$this_group}`. Only higher-level users have this power. ";
}
}
} else {
$myGid = $this->get_user_group_id($_CB_framework->myId());
$cms_admins = $this->mapGroupNamesToValues(array('Administrator', 'Superadministrator'));
$cms_super_admin = $this->mapGroupNamesToValues('Superadministrator');
if ($myGid != $cms_super_admin) {
if ($gid == $myGid && !in_array($myGid, $cms_admins) || $user_ids && $gid && !in_array($gid, $this->get_group_children_ids($myGid))) {
$msg .= "You cannot {$action} a `{$this_group}`. Only higher-level users have this power. ";
}
}
}
}
}
return $msg;
}
function confirm( $confirmcode ) {
global $_CB_database, $_CB_framework, $ueConfig, $_PLUGINS;
if( $_CB_framework->myId() < 1 ) {
$unscrambledId = moscomprofilerUser::getUserIdFromActivationCode( $confirmcode );
if ( $unscrambledId ) {
$cbUser = CBuser::getInstance( (int) $unscrambledId );
if ( $cbUser ) {
$user = $cbUser->getUserData();
if ( $user && $user->id ) {
if ( $user->confirmed == 0 ) {
if ( $user->checkActivationCode( $confirmcode ) ) {
// THIS is the normal case: user exists, is not yet confirmed, and confirmation code does match:
$messagesToUser = null;
$confirmed = $user->confirmUser( $messagesToUser );
} else {
// confirmation code does not match:
$messagesToUser = array( _UE_WRONG_CONFIRMATION_CODE );
$confirmed = false;
}
} else {
// User has already confirmed: show friendly activation messages depending on his state:
$messagesToUser = getActivationMessage( $user, 'UserConfirmation' );
$confirmed = true;
}
if ( $confirmed ) {
// THIS is the normal case: user exists, is not yet confirmed, and confirmation code does match:
$class = 'cbconfirmationinfo';
} else {
$class = 'error';
}
echo "\n" . '<div class="cbconfirming"><div class="' . $class . '">' . implode( '</div><div class="' . $class . '">', $messagesToUser ) . "</div></div>\n";
return;
}
}
}
// this is the error case where the URL is simply not right:
cbNotAuth();
return;
} else {
// this is the case where the user is already logged in (mostly test-cases):
echo '<div class="error">' . _UE_NOT_AUTHORIZED." :<br /><br />"._UE_DO_LOGOUT." !</div>";
}
}
/**
* @param string $option
*/
function saveRegistrationNOCHECKSLOL($option)
{
global $_CB_framework, $_CB_database, $ueConfig, $_POST, $_PLUGINS;
// Check rights to access:
if ($_CB_framework->getCfg('allowUserRegistration') == '0' && (!isset($ueConfig['reg_admin_allowcbregistration']) || $ueConfig['reg_admin_allowcbregistration'] != '1') || $_CB_framework->myId()) {
cbNotAuth();
return;
}
if (!isset($ueConfig['emailpass'])) {
$ueConfig['emailpass'] = '******';
}
$userComplete = new moscomprofilerUser($_CB_database);
// Pre-registration trigger:
$_PLUGINS->loadPluginGroup('user');
$_PLUGINS->trigger('onStartSaveUserRegistration', array());
if ($_PLUGINS->is_errors()) {
echo "<script type=\"text/javascript\">alert('" . addslashes($_PLUGINS->getErrorMSG()) . "'); </script>\n";
$oldUserComplete = new moscomprofilerUser($_CB_database);
$userComplete->bindSafely($_POST, $_CB_framework->getUi(), 'register', $oldUserComplete);
HTML_comprofiler::registerForm($option, $ueConfig['emailpass'], $userComplete, $_POST, $_PLUGINS->getErrorMSG("<br />"));
return;
}
// Check if this user already registered with exactly this username and password:
$username = cbGetParam($_POST, 'username', '');
$usernameExists = $userComplete->loadByUsername($username);
if ($usernameExists) {
$password = cbGetParam($_POST, 'password', '', _CB_ALLOWRAW);
if ($userComplete->verifyPassword($password)) {
$pwd_md5 = $userComplete->password;
$userComplete->password = $password;
$messagesToUser = activateUser($userComplete, 1, 'SameUserRegistrationAgain');
$userComplete->password = $pwd_md5;
echo "\n<div>" . implode("</div>\n<div>", $messagesToUser) . "</div>\n";
return;
} else {
$msg = sprintf(_UE_USERNAME_ALREADY_EXISTS, $username);
echo "<script type=\"text/javascript\">alert('" . addslashes($msg) . "'); </script>\n";
$oldUserComplete = new moscomprofilerUser($_CB_database);
$userComplete->bindSafely($_POST, $_CB_framework->getUi(), 'register', $oldUserComplete);
HTML_comprofiler::registerForm($option, $ueConfig['emailpass'], $userComplete, $_POST, htmlspecialchars($msg));
return;
}
}
// Store and check terms and conditions accepted (not a field yet !!!!):
if (isset($_POST['acceptedterms'])) {
$userComplete->acceptedterms = (int) cbGetParam($_POST, 'acceptedterms', 0) == 1 ? 1 : 0;
} else {
$userComplete->acceptedterms = null;
}
if ($ueConfig['reg_enable_toc']) {
if ($userComplete->acceptedterms != 1) {
echo "<script type=\"text/javascript\">alert('" . addslashes(cbUnHtmlspecialchars(_UE_TOC_REQUIRED)) . "'); </script>\n";
$oldUserComplete = new moscomprofilerUser($_CB_database);
$userComplete->bindSafely($_POST, $_CB_framework->getUi(), 'register', $oldUserComplete);
HTML_comprofiler::registerForm($option, $ueConfig['emailpass'], $userComplete, $_POST, _UE_TOC_REQUIRED . '<br />');
return;
}
}
// Set id to 0 for autoincrement and store IP address used for registration:
$userComplete->id = 0;
$userComplete->registeripaddr = cbGetIPlist();
// Store new user state:
$saveResult = $userComplete->saveSafely($_POST, $_CB_framework->getUi(), 'register');
if ($saveResult === false) {
echo "<script type=\"text/javascript\">alert('" . str_replace('\\\\n', '\\n', addslashes(strip_tags(str_replace('<br />', '\\n', $userComplete->getError())))) . "'); </script>\n";
HTML_comprofiler::registerForm($option, $ueConfig['emailpass'], $userComplete, $_POST, $userComplete->getError());
return;
}
if ($saveResult['ok'] === true) {
$messagesToUser = activateUser($userComplete, 1, "UserRegistration");
}
foreach ($saveResult['tabs'] as $res) {
if ($res) {
$messagesToUser[] = $res;
}
}
if ($saveResult['ok'] === false) {
echo "<script type=\"text/javascript\">alert('" . str_replace('\\\\n', '\\n', addslashes(strip_tags(str_replace('<br />', '\\n', $userComplete->getError())))) . "'); </script>\n";
HTML_comprofiler::registerForm($option, $ueConfig['emailpass'], $userComplete, $_POST, $userComplete->getError());
return;
}
$_PLUGINS->trigger('onAfterUserRegistrationMailsSent', array(&$userComplete, &$userComplete, &$messagesToUser, $ueConfig['reg_confirmation'], $ueConfig['reg_admin_approval'], true));
foreach ($saveResult['after'] as $res) {
if ($res) {
echo "\n<div>" . $res . "</div>\n";
}
}
if ($_PLUGINS->is_errors()) {
echo $_PLUGINS->getErrorMSG();
HTML_comprofiler::registerForm($option, $ueConfig['emailpass'], $userComplete, $_POST, $_PLUGINS->getErrorMSG());
return;
}
echo "\n<div>" . implode("</div>\n<div>", $messagesToUser) . "</div>\n";
}
function drawUsersList( $uid, $listid, $searchFormValuesRAW ) {
global $_CB_database, $_CB_framework, $ueConfig, $Itemid, $_PLUGINS;
$search = null;
$searchGET = cbGetParam( $searchFormValuesRAW, 'search' );
$limitstart = (int) cbGetParam( $searchFormValuesRAW, 'limitstart', 0 );
$searchmode = (int) cbGetParam( $searchFormValuesRAW, 'searchmode', 0 );
$randomParam = (int) cbGetParam( $searchFormValuesRAW, 'rand', 0 );
// old search on formated name:
/* if ( $searchPOST || count( $_POST ) ) {
// simple spoof check security
cbSpoofCheck( 'usersList' );
if ( cbGetParam( $searchFormValuesRAW, "action" ) == "search" ) {
$search = $searchPOST;
}
} else
if ( isset( $searchFormValuesRAW['limitstart'] ) ) {
$search = stripslashes( $searchGET );
}
*/
// get my user and gets the list of user lists he is allowed to see (ACL):
$myCbUser =& CBuser::getInstance( $uid );
if ( $myCbUser === null ) {
$myCbUser =& CBuser::getInstance( null );
}
$myUser =& $myCbUser->getUserData();
/*
$myUser = new moscomprofilerUser( $_CB_database );
if ( $uid ) {
$myUser->load( (int) $uid );
}
*/
$useraccessgroupSQL = " AND useraccessgroupid IN (".implode(',',getChildGIDS(userGID($uid))).")";
$_CB_database->setQuery( "SELECT listid, title FROM #__comprofiler_lists WHERE published=1" . $useraccessgroupSQL . " ORDER BY ordering" );
$plists = $_CB_database->loadObjectList();
$lists = array();
$publishedlists = array();
for ( $i=0, $n=count( $plists ); $i < $n; $i++ ) {
$plist =& $plists[$i];
$listTitleNoHtml = strip_tags( cbReplaceVars( getLangDefinition( $plist->title ), $myUser, false, false ) );
$publishedlists[] = moscomprofilerHTML::makeOption( $plist->listid, $listTitleNoHtml );
}
// select either list selected or default list to which he has access (ACL):
if ( $listid == 0 ) {
$_CB_database->setQuery( "SELECT listid FROM #__comprofiler_lists "
. "\n WHERE `default`=1 AND published=1" . $useraccessgroupSQL );
$listid = (int) $_CB_database->loadresult();
if ( $listid == 0 && ( count( $plists ) > 0 ) ) {
$listid = (int) $plists[0]->listid;
}
}
if ( ! ( $listid > 0 ) ) {
echo _UE_NOLISTFOUND;
return;
}
// generates the drop-down list of lists:
if ( count( $plists ) > 1 ) {
$lists['plists'] = moscomprofilerHTML::selectList( $publishedlists, 'listid', 'class="inputbox" size="1" onchange="this.form.submit();"', 'value', 'text', $listid, 1 );
}
// loads the list record:
$row = new moscomprofilerLists( $_CB_database );
if ( ( ! $row->load( (int) $listid ) ) || ( $row->published != 1 ) ) {
echo _UE_LIST_DOES_NOT_EXIST;
return;
}
if ( ! allowAccess( $row->useraccessgroupid,'RECURSE', userGID($uid) ) ) {
echo _UE_NOT_AUTHORIZED;
return;
}
$params = new cbParamsBase( $row->params );
$hotlink_protection = $params->get( 'hotlink_protection', 0 );
if ( $hotlink_protection == 1 ) {
if ( ( $searchGET !== null ) || $limitstart ) {
cbSpoofCheck( 'usersList', 'GET' );
}
}
$limit = (int) $params->get( 'list_limit' );
if ( $limit == 0 ) {
$limit = (int) $ueConfig['num_per_page'];
}
$showPaging = $params->get( 'list_paging', 1 );
if ( $showPaging != 1 ) {
$limitstart = 0;
}
$isModerator = isModerator( $_CB_framework->myId() );
$_PLUGINS->loadPluginGroup( 'user' );
// $plugSearchFieldsArray = $_PLUGINS->trigger( 'onStartUsersList', array( &$listid, &$row, &$search, &$limitstart, &$limit ) );
$_PLUGINS->trigger( 'onStartUsersList', array( &$listid, &$row, &$search, &$limitstart, &$limit ) );
// handles the users allowed to be listed in the list by ACL:
$allusergids = array();
$usergids = explode( ',', $row->usergroupids );
/* This was a bug tending to list admins when "public backend" was checked, and all frontend users when "public backend was checked. Now just ignore them:
foreach( $usergids AS $usergid ) {
$allusergids[] = $usergid;
if ($usergid==29 || $usergid==30) {
$groupchildren = array();
$groupchildren = $_CB_framework->acl->get_group_children( $usergid, 'ARO','RECURSE' );
$allusergids = array_merge($allusergids,$groupchildren);
}
}
*/
$allusergids = array_diff( $usergids, array( 29, 30 ) );
$usergids = implode( ",", $allusergids );
// build SQL Select query:
$random = 0;
if( $row->sortfields != '' ) {
$matches = null;
if ( preg_match( '/^RAND\(\)\s(ASC|DESC)$/', $row->sortfields, $matches ) ) {
// random sorting needs to have same seed on pages > 1 to not have probability to show same users:
if ( $limitstart ) {
$random = (int) $randomParam;
}
if ( ! $random ) {
$random = rand( 0, 32767 );
}
$row->sortfields = 'RAND(' . (int) $random . ') ' . $matches[1];
}
$orderby = "\n ORDER BY " . $row->sortfields;
}
$filterby = '';
if ( $row->filterfields != '' ) {
$filterRules = utf8RawUrlDecode( substr( $row->filterfields, 1 ) );
if ( $_CB_framework->myId() ) {
$user = new moscomprofilerUser( $_CB_database );
if ( $user->load( (int) $_CB_framework->myId() ) ) {
$filterRules = cbReplaceVars( $filterRules, $user, array( $_CB_database, 'getEscaped' ), false, array() );
}
}
$filterby = " AND ". $filterRules;
}
// Prepare part after SELECT .... " and before "FROM" :
$tableReferences = array( '#__comprofiler' => 'ue', '#__users' => 'u' );
// Fetch all fields:
$tabs = $myCbUser->_getCbTabs(); // new cbTabs( 0, 1 ); //TBD: later: this private method should not be called here, but the whole users-list should go into there and be called here.
$allFields = $tabs->_getTabFieldsDb( null, $myUser, 'list' );
// $_CB_database->setQuery( "SELECT * FROM #__comprofiler_fields WHERE published = 1" );
// $allFields = $_CB_database->loadObjectList( 'fieldid', 'moscomprofilerFields', array( &$_CB_database ) );
//Make columns array. This array will later be constructed from the tabs table:
$columns = array();
for ( $i = 1; $i < 50; ++$i ) {
$enabledVar = "col".$i."enabled";
if ( ! isset( $row->$enabledVar ) ) {
break;
}
$titleVar = "col".$i."title";
$fieldsVar = "col".$i."fields";
$captionsVar = "col".$i."captions";
if ( $row->$enabledVar == 1 ) {
$col = new stdClass();
$col->fields = ( $row->$fieldsVar ? explode( '|*|', $row->$fieldsVar ) : array() );
$col->title = $row->$titleVar;
$col->titleRendered = $myCbUser->replaceUserVars( $col->title );
$col->captions = $row->$captionsVar;
// $col->sort = 1; //All columns can be sorted
$columns[$i] = $col;
}
}
// build fields and tables accesses, also check for searchable fields:
$searchableFields = array();
$fieldsSQL = cbUsersList::getFieldsSQL( $columns, $allFields, $tableReferences, $searchableFields, $params );
$_PLUGINS->trigger( 'onAfterUsersListFieldsSql', array( &$columns, &$allFields, &$tableReferences ) );
$tablesSQL = array();
$joinsSQL = array();
$tablesWhereSQL = array( 'block' => 'u.block = 0',
'approved' => 'ue.approved = 1',
'confirmed' => 'ue.confirmed = 1'
);
if ( checkJversion() == 2 ) {
$joinsSQL[] = 'JOIN #__user_usergroup_map g ON g.`user_id` = u.`id`';
}
if ( ! $isModerator ) {
$tablesWhereSQL['banned'] = 'ue.banned = 0';
}
if ( $usergids ) {
if ( checkJversion() == 2 ) {
$tablesWhereSQL['gid'] = 'g.group_id IN (' . $usergids . ')';
} else {
$tablesWhereSQL['gid'] = 'u.gid IN (' . $usergids . ')';
}
}
foreach ( $tableReferences as $table => $name ) {
$tablesSQL[] = $table . ' ' . $name;
if ( $name != 'u' ) {
$tablesWhereSQL[] = "u.`id` = " . $name . ".`id`";
}
}
// handles search criterias:
$list_compare_types = $params->get( 'list_compare_types', 0 );
$searchVals = new stdClass();
$searchesFromFields = $tabs->applySearchableContents( $searchableFields, $searchVals, $searchFormValuesRAW, $list_compare_types );
$whereFields = $searchesFromFields->reduceSqlFormula( $tableReferences, $joinsSQL, TRUE );
if ( $whereFields ) {
$tablesWhereSQL[] = '(' . $whereFields . ')';
/*
if ( $search === null ) {
$search = '';
}
*/
}
$_PLUGINS->trigger( 'onBeforeUsersListBuildQuery', array( &$tablesSQL, &$joinsSQL, &$tablesWhereSQL ) );
$queryFrom = "FROM " . implode( ', ', $tablesSQL )
. ( count( $joinsSQL ) ? "\n " . implode( "\n ", $joinsSQL ) : '' )
. "\n WHERE " . implode( "\n AND ", $tablesWhereSQL );
// handles old formatted names search:
/*
if ( $search != '' ) {
$searchSQL = cbEscapeSQLsearch( strtolower( $_CB_database->getEscaped( $search ) ) );
$queryFrom .= " AND (";
$searchFields = array();
if ( $ueConfig['name_format']!='3' ) {
$searchFields[] = "u.name LIKE '%%s%'";
}
if ( $ueConfig['name_format']!='1' ) {
$searchFields[] = "u.username LIKE '%%s%'";
}
if ( is_array( $plugSearchFieldsArray ) ) {
foreach ( $plugSearchFieldsArray as $v ) {
if ( is_array( $v ) ) {
$searchFields = array_merge( $searchFields, $v );
}
}
}
$queryFrom .= str_replace( '%s', $searchSQL, implode( " OR ", $searchFields ) );
$queryFrom .= ")";
}
*/
$queryFrom .= " " . $filterby;
$_PLUGINS->trigger( 'onBeforeUsersListQuery', array( &$queryFrom, 1, $listid ) ); // $uid = 1
$errorMsg = null;
// counts number of users and loads the listed fields of the users if not in search-form-only mode:
if ( $searchmode == 0 ) {
if ( checkJversion() == 2 ) {
$_CB_database->setQuery( "SELECT COUNT(DISTINCT u.id) " . $queryFrom );
} else {
$_CB_database->setQuery( "SELECT COUNT(*) " . $queryFrom );
}
$total = $_CB_database->loadResult();
if ( ( $limit > $total ) || ( $limitstart >= $total ) ) {
$limitstart = 0;
}
// $query = "SELECT u.id, ue.banned, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby
if ( checkJversion() == 2 ) {
$query = "SELECT DISTINCT ue.*, u.*, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby;
} else {
$query = "SELECT ue.*, u.*, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby;
}
$_CB_database->setQuery( $query, (int) $limitstart, (int) $limit );
$users = $_CB_database->loadObjectList( null, 'moscomprofilerUser', array( &$_CB_database ) );
if ( ! $_CB_database->getErrorNum() ) {
// creates the CBUsers in cache corresponding to the $users:
foreach ( array_keys( $users ) as $k) {
CBuser::setUserGetCBUserInstance( $users[$k] );
}
} else {
$users = array();
$errorMsg = _UE_ERROR_IN_QUERY_TURN_SITE_DEBUG_ON_TO_VIEW;
}
if ( count( get_object_vars( $searchVals ) ) > 0 ) {
$search = '';
} else {
$search = null;
}
} else {
$total = null;
$users = array();
if ( $search === null ) {
$search = '';
}
}
// Compute itemId of users in users-list:
if ( $Itemid ) {
$option_itemid = (int) $Itemid;
} else {
$option_itemid = getCBprofileItemid( 0 );
}
HTML_comprofiler::usersList( $row, $users, $columns, $allFields, $lists, $listid, $search, $searchmode, $option_itemid, $limitstart, $limit, $total, $myUser, $searchableFields, $searchVals, $tabs, $list_compare_types, $showPaging, $hotlink_protection, $errorMsg, $random );
}
function get_users_permission( $user_ids, $action, $allow_myself = false ) {
global $_CB_database, $_CB_framework;
$msg = null;
$cms_admins = $this->mapGroupNamesToValues( array( 'Administrator', 'Superadministrator' ) );
if ( is_array( $user_ids ) && count( $user_ids ) ) {
$obj = new moscomprofilerUser( $_CB_database );
foreach ( $user_ids as $user_id ) {
if ( $user_id != 0 ) {
if ( $obj->load( (int) $user_id ) ) {
if ( checkJversion() == 2 ) {
$groups = $this->get_object_groups( $user_id );
} elseif ( checkJversion() == 1 ) {
$aro_id = $this->get_object_id( 'users', $user_id, 'ARO' );
$groups = $this->get_object_groups( $aro_id, 'ARO' );
} else {
$groups = $this->get_object_groups( 'users', $user_id, 'ARO' );
}
if ( isset( $groups[0] ) ) {
$this_group = strtolower( $this->get_group_name( $groups[0], 'ARO' ) );
} else {
$this_group = 'Registered';
}
} else {
$msg .= 'User not found. ';
}
} else {
$this_group = 'Registered';
$obj->gid = $this->get_group_id( $this_group, 'ARO' );
}
if ( ( ! $allow_myself ) && ( $user_id == $_CB_framework->myId() ) ){
$msg .= "You cannot $action Yourself! ";
} else {
$myGid = $this->get_user_group_id( $_CB_framework->myId() );
if ( ( ( $obj->gid == $myGid ) && ! in_array( $myGid, $cms_admins ) ) || ( $user_id && $obj->gid && ! in_array( $obj->gid, $this->get_group_children_ids( $myGid ) ) ) ) {
$msg .= "You cannot $action a `$this_group`. Only higher-level users have this power. ";
}
}
}
} else {
$this_group = 'Registered';
$gid = $this->get_group_id( $this_group, 'ARO' );
$myGid = $this->get_user_group_id( $_CB_framework->myId() );
if ( ( ( $gid == $myGid ) && ! in_array( $myGid, $cms_admins ) ) || ( $gid && ! in_array( $gid, $this->get_group_children_ids( $myGid ) ) ) ) { $msg .= "You cannot $action a `$this_group`. Only higher-level users have this power. ";
}
}
return $msg;
}
/**
* User login into CMS framework
*
* @param string $username The username
* @param string|boolean $password if boolean FALSE: login without password if possible
* @param booleean $rememberme 1 for "remember-me" cookie method
* @param int $userId used for "remember-me" login function only
* @return boolean Login success
*/
function login( $username, $password, $rememberme = 0, $userId = null ) {
header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"'); // needed for IE6 to accept this anti-spam cookie in higher security setting.
if ( checkJversion() >= 1 ) { // Joomla 1.5 RC and above:
if ( $password !== false ) {
$result = $this->_baseFramework->login( array( 'username' => $username, 'password' => $password ), array( 'remember' => $rememberme ) );
} else {
// login without password:
jimport( 'joomla.user.authentication' );
// load user plugins:
JPluginHelper::importPlugin( 'user' );
// get JAuthentication object:
$authenticate =& JAuthentication::getInstance();
$dispatcher =& JDispatcher::getInstance();
$response = new JAuthenticationResponse();
// prepare our SUCCESS login response including user data:
global $_CB_database;
$row = new moscomprofilerUser( $_CB_database );
$row->loadByUsername( stripslashes( $username ) );
$response->status = JAUTHENTICATE_STATUS_SUCCESS;
$response->username = $username;
$response->fullname = $row->name;
// now we attempt user login and check results:
if ( checkJversion() == 2 ) {
$login = $dispatcher->trigger( 'onUserLogin', array( (array) $response, array( 'action' => 'core.login.site' ) ) );
} else {
$login = $dispatcher->trigger( 'onLoginUser', array( (array) $response, array() ) );
}
$result = ! in_array( false, $login, true );
}
if ( $result ) {
$user =& JFactory::getUser();
$this->_myId = (int) $user->id;
$this->_myUsername = $user->username;
$this->_myUserType = $user->usertype;
$this->_myCmsGid = $user->get('aid', 0);
$lang =& JFactory::getLanguage();
if ( checkJversion() == 2 ) {
$this->_myLanguage = strtolower( preg_replace( '/^(\w+).*$/i', '\1', $lang->getName() ) );
} else {
$this->_myLanguage = $lang->getBackwardLang();
}
}
} else {
// Mambo 4.5.x and Joomla before 1.0.13+ (in fact RC3+) do need hashed password for login() method:
if ( $password !== false ) {
$hashedPwdLogin = ( ( checkJversion() == 0 ) && ! function_exists( 'josHashPassword' ) ); // more reliable version-checking than the often hacked version.php file!
if ( $hashedPwdLogin ) { // Joomla 1.0.12 and below:
$dummyRow = new moscomprofilerUser( $_CB_database );
$this->_baseFramework->login( $username, $dummyRow->hashAndSaltPassword( $password ), $rememberme, $userId );
} else {
$this->_baseFramework->login( $username, $password, $rememberme, $userId );
}
// Joomla 1.0 redirects bluntly if login fails! so we need to check by ourselves below:
$result = true;
} else {
// login without password: //TBD MAMBO 4.6 support here !
global $_CB_database, $mainframe, $_VERSION;
$row = new moscomprofilerUser( $_CB_database );
$row->loadByUsername( stripslashes( $username ) );
// prepare login session with user data:
$session =& $mainframe->_session;
$session->guest = 0;
$session->username = $row->username;
$session->userid = (int) $row->id;
$session->usertype = $row->usertype;
$session->gid = (int) $row->gid;
// attempt to login user:
if ( $session->update() ) {
$result = true;
}
// check if site is demo or production:
if ( $_VERSION->SITE ) {
// site is production; remove duplicate sessions:
$query = 'DELETE FROM ' . $_CB_database->NameQuote( '#__session' )
. "\n WHERE " . $_CB_database->NameQuote( 'session_id' ) . ' != ' . $_CB_database->Quote( $session->session_id )
. "\n AND " . $_CB_database->NameQuote( 'username' ) . ' = ' . $_CB_database->Quote( $row->username )
. "\n AND " . $_CB_database->NameQuote( 'userid' ) . ' = ' . (int) $row->id
. "\n AND " . $_CB_database->NameQuote( 'gid' ) . ' = ' . (int) $row->gid
. "\n AND " . $_CB_database->NameQuote( 'guest' ) . ' = 0';
$_CB_database->setQuery( $query );
if ( ! $_CB_database->query() ) {
trigger_error( 'loginUser 1 SQL error: ' . $_CB_database->stderr( true ), E_USER_WARNING );
}
}
// get current datetime:
$currentDate = date( 'Y-m-d H:i:s', $this->now() );
// update user last login with current datetime:
$query = 'UPDATE ' . $_CB_database->NameQuote( '#__users' )
. "\n SET " . $_CB_database->NameQuote( 'lastvisitDate' ) . " = " . $_CB_database->Quote( $currentDate )
. "\n WHERE " . $_CB_database->NameQuote( 'id' ) . " = " . (int) $session->userid;
$_CB_database->setQuery( $query );
if ( ! $_CB_database->query() ) {
trigger_error( 'loginUser 2 SQL error: ' . $_CB_database->stderr( true ), E_USER_WARNING );
}
// clean old cache:
mosCache::cleanCache();
}
if ( checkJversion() == 0 ) {
global $mainframe;
$mymy = $mainframe->getUser();
$this->_myId = (int) $mymy->id;
$this->_myUsername = $mymy->username;
$this->_myUserType = $mymy->usertype;
$this->_myCmsGid = $mymy->gid;
if ( ! $this->_myId ) {
$result = false;
}
}
//TBD MAMBO 4.6 support here !
}
return $result;
}
function sendUserEmail($toid, $fromid, $subject, $message, $revealEmail = false)
{
global $_CB_framework, $_CB_database, $ueConfig, $_SERVER;
if (!$subject && !$message) {
return true;
}
$rowFrom = new moscomprofilerUser($_CB_database);
$rowFrom->load((int) $fromid);
$rowTo = new moscomprofilerUser($_CB_database);
$rowTo->load((int) $toid);
$uname = getNameFormat($rowFrom->name, $rowFrom->username, $ueConfig['name_format']);
if ($revealEmail) {
if (isset($ueConfig['allow_email_replyto']) && $ueConfig['allow_email_replyto'] == 2) {
$rowFrom->replytoEmail = $rowFrom->email;
$rowFrom->replytoName = $uname;
$rowFrom->email = $ueConfig['reg_email_from'];
} else {
// if (!isset($ueConfig['allow_email_replyto']) || $ueConfig['allow_email_replyto'] == 1)
$rowFrom->replytoEmail = null;
$rowFrom->replytoName = null;
$rowFrom->email = $rowFrom->email;
}
} else {
$rowFrom->replytoEmail = null;
$rowFrom->replytoName = null;
$rowFrom->name = _UE_NOTIFICATIONSAT . " " . cb_html_entity_decode_all($_CB_framework->getCfg('sitename'));
$rowFrom->email = $ueConfig['reg_email_from'];
$message .= "\n\n" . sprintf(_UE_EMAILFOOTER, cb_html_entity_decode_all($_CB_framework->getCfg('sitename')), $_CB_framework->getCfg('live_site')) . "\n";
}
return $this->_sendEmailMSG($rowTo, $rowFrom, $subject, $message, $revealEmail);
}
/**
* Logins on host CMS using any allowed authentication methods
*
* @param string $username The username
* @param string|boolean $password Well, The password OR strictly boolean false for login without password
* @param boolean $rememberMe If login should be remembered in a cookie to be sent back to user's browser
* @param boolean $message If an alert message should be prepared on successful login
* @param string $return IN & OUT: IN: return URL NOT SEFED for normal login completition (unless an event says different), OUT: redirection url (no htmlspecialchars) NOT SEFED
* @param array $messagesToUser OUT: messages to display to user (html)
* @param array $alertmessages OUT: messages to alert to user (text)
* @param int $loginType 0: username, 1: email, 2: username or email, 3: username, email or CMS authentication
*/
function login( $username, $password, $rememberMe, $message, &$return, &$messagesToUser, &$alertmessages, $loginType = 0 ) {
global $_CB_database, $_CB_framework, $ueConfig, $_PLUGINS;
$returnURL = null;
if ( ( ! $username ) || ( ( ! $password ) && ( $password !== false ) ) ) {
$resultError = _LOGIN_INCOMPLETE;
} else {
$_PLUGINS->loadPluginGroup('user');
$_PLUGINS->trigger( 'onBeforeLogin', array( &$username, &$password ) );
$resultError = null;
$showSysMessage = true;
$stopLogin = false;
$loggedIn = false;
if($_PLUGINS->is_errors()) {
$resultError = $_PLUGINS->getErrorMSG();
} else {
$row = new moscomprofilerUser( $_CB_database );
$foundUser = false;
// Try login by CB authentication trigger:
$_PLUGINS->trigger( 'onLoginAuthentication', array( &$username, &$password, &$row, $loginType, &$foundUser, &$stopLogin, &$resultError, &$messagesToUser, &$alertmessages, &$return ) );
if ( ! $foundUser ) {
if ( $loginType != 2 ) {
// login by username:
$foundUser = $row->loadByUsername( stripslashes( $username ) ) && ( ( $password === false ) || $row->verifyPassword( $password ) );
}
if ( ( ! $foundUser ) && ( $loginType >= 1 ) ) {
// login by email:
$foundUser = $row->loadByEmail( stripslashes( $username ) ) && ( ( $password === false ) || $row->verifyPassword( $password ) );
if ( $foundUser ) {
$username = $row->username;
}
}
if ( ( ! $foundUser ) && ( $loginType > 2 ) ) {
// If no result, try login by CMS authentication:
if ( $_CB_framework->login( $username, $password, $rememberMe ) ) {
$foundUser = $row->loadByUsername( stripslashes( $username ) );
cbSplitSingleName( $row );
$row->confirmed = 1;
$row->approved = 1;
$row->store(); // synchronizes with comprofiler table
$loggedIn = true;
}
}
}
if ( $foundUser ) {
$returnPluginsOverrides = null;
$pluginResults = $_PLUGINS->trigger( 'onDuringLogin', array( &$row, 1, &$returnPluginsOverrides ) );
if ( $returnPluginsOverrides ) {
$return = $returnPluginsOverrides;
}
if ( is_array( $pluginResults ) && count( $pluginResults ) ) {
foreach ( $pluginResults as $res ) {
if ( is_array( $res ) ) {
if ( isset( $res['messagesToUser'] ) ) {
$messagesToUser[] = $res['messagesToUser'];
}
if ( isset( $res['alertMessage'] ) ) {
$alertmessages[] = $res['alertMessage'];
}
if ( isset( $res['showSysMessage'] ) ) {
$showSysMessage = $showSysMessage && $res['showSysMessage'];
}
if ( isset( $res['stopLogin'] ) ) {
$stopLogin = $stopLogin || $res['stopLogin'];
}
}
}
}
if($_PLUGINS->is_errors()) {
$resultError = $_PLUGINS->getErrorMSG();
}
elseif ( $stopLogin ) {
// login stopped: don't even check for errors...
}
elseif ($row->approved == 2){
$resultError = _LOGIN_REJECTED;
}
elseif ($row->confirmed != 1){
if ( $row->cbactivation == '' ) {
$row->store(); // just in case the activation code was missing
}
$cbNotification = new cbNotification();
$cbNotification->sendFromSystem($row->id,getLangDefinition(stripslashes($ueConfig['reg_pend_appr_sub'])),getLangDefinition(stripslashes($ueConfig['reg_pend_appr_msg'])));
$resultError = _LOGIN_NOT_CONFIRMED;
}
elseif ($row->approved == 0){
$resultError = _LOGIN_NOT_APPROVED;
}
elseif ($row->block == 1) {
$resultError = _UE_LOGIN_BLOCKED;
}
elseif ($row->lastvisitDate == '0000-00-00 00:00:00') {
if (isset($ueConfig['reg_first_visit_url']) and ($ueConfig['reg_first_visit_url'] != "")) {
$return = $ueConfig['reg_first_visit_url'];
} else {
$return = $returnPluginsOverrides; // by default return to homepage on first login (or on page overridden by plugin).
}
$_PLUGINS->trigger( 'onBeforeFirstLogin', array( &$row, $username, $password, &$return ));
if ($_PLUGINS->is_errors()) {
$resultError = $_PLUGINS->getErrorMSG( "<br />" );
}
}
} else {
if ( $loginType < 2 ) {
$resultError = _LOGIN_INCORRECT;
} else {
$resultError = _UE_INCORRECT_EMAIL_OR_PASSWORD;
}
}
}
if ( $resultError ) {
if ( $showSysMessage ) {
$alertmessages[] = $resultError;
}
} elseif ( ! $stopLogin ) {
if ( ! $loggedIn ) {
$_PLUGINS->trigger( 'onDoLoginNow', array( $username, $password, $rememberMe, &$row, &$loggedIn, &$resultError, &$messagesToUser, &$alertmessages, &$return ) );
}
if ( ! $loggedIn ) {
$_CB_framework->login( $username, $password, $rememberMe );
$loggedIn = true;
}
$_PLUGINS->trigger( 'onAfterLogin', array( &$row, $loggedIn ) );
if ( $loggedIn && $message && $showSysMessage ) {
$alertmessages[] = _LOGIN_SUCCESS;
}
if ( ! $loggedIn ) {
$resultError = _LOGIN_INCORRECT;
}
// changing com_comprofiler to comprofiler is a quick-fix for SEF ON on return path...
if ( $return && !( strpos( $return, 'comprofiler' /* 'com_comprofiler' */ ) && ( strpos( $return, 'login') || strpos( $return, 'logout') || strpos( $return, 'registers' ) || strpos( strtolower( $return ), 'lostpassword' ) ) ) ) {
// checks for the presence of a return url
// and ensures that this url is not the registration or login pages
$returnURL = $return;
} elseif ( ! $returnURL ) {
$returnURL = 'index.php';
}
}
}
$return = $returnURL;
return $resultError;
}
/**
*
*
* @param moscomprofilerFields $field
* @param moscomprofilerUser $user
* @param string $reason 'profile' for user profile view, 'edit' for profile edit, 'register' for registration, 'list' for user-lists
* @param boolean $displayFieldIcons
* @return string HTML: <tag type="$type" value="$value" xxxx="xxx" yy="y" />
*/
function _htmlEditForm(&$field, &$user, $reason, $displayFieldIcons = true)
{
global $_CB_framework, $_CB_database, $ueConfig;
if ($field->name == 'avatar' && !($ueConfig['allowAvatarUpload'] || $ueConfig['allowAvatarGallery'])) {
return null;
}
$name = $field->name;
$nameapproved = $field->name . 'approved';
$required = $this->_isRequired($field, $user, $reason);
$existingAvatar = false;
if ($user && $user->id) {
// we can not trust the following, as if another field did error out, it's wrong:
// $existingAvatar = ( $user->$name != null );
// so load from database:
$realDatabaseUser = new moscomprofilerUser($_CB_database);
if ($realDatabaseUser->load((int) $user->id)) {
$existingAvatar = $realDatabaseUser->{$name} != null;
}
}
$html = '<div>';
$choices = array();
if ($reason == 'register' || $reason == 'edit' && $user->id == 0) {
if ($required == 0) {
$choices[] = moscomprofilerHTML::makeOption('', _UE_AVATAR_NONE);
}
} else {
if ($existingAvatar || $required == 0) {
$choices[] = moscomprofilerHTML::makeOption('', _UE_AVATAR_NO_CHANGE);
}
}
if ($name != 'avatar' || $ueConfig['allowAvatarUpload']) {
$choices[] = moscomprofilerHTML::makeOption('upload', $existingAvatar ? _UE_AVATAR_UPLOAD_NEW : _UE_AVATAR_UPLOAD);
}
if ($name == 'avatar' && $ueConfig['allowAvatarGallery']) {
$choices[] = moscomprofilerHTML::makeOption('gallery', _UE_AVATAR_SELECT);
}
if ($_CB_framework->getUi() == 2 && $existingAvatar && $user->{$nameapproved} == 0) {
$choices[] = moscomprofilerHTML::makeOption('approve', _UE_APPROVE_IMAGE);
}
if ($existingAvatar && $required == 0) {
$choices[] = moscomprofilerHTML::makeOption('delete', _UE_DELETE_AVATAR);
}
$html .= '<div>';
if ($reason != 'register' && $user->id != 0 && $existingAvatar) {
$html .= $this->_avatarHtml($field, $user, $reason) . ' ';
}
if ($reason == 'edit' && $existingAvatar && $user->{$nameapproved} == 0 && isModerator($_CB_framework->myId())) {
$html .= $this->_avatarHtml($field, $user, $reason, false, 10) . ' ';
}
if (count($choices) > 1) {
$additional = ' class="inputbox"';
if ($_CB_framework->getUi() == 1 && $reason == 'edit' && $field->readonly) {
$additional .= ' disabled="disabled"';
}
$html .= moscomprofilerHTML::selectList($choices, $name . '__choice', $additional, 'value', 'text', '', $required, true, false);
/*
$js = " $('#cbimg_upload_" . $name . ",#cbimg_gallery_" . $name . "').hide();"
. "\n $('#" . $name . "__choice').click( function() {"
. "\n var choice = $(this).val();"
. "\n if ( choice == '' ) {"
. "\n $('#cbimg_upload_" . $name . "').slideUp('slow');"
. "\n $('#cbimg_gallery_" . $name . "').slideUp('slow');"
. "\n } else if ( choice == 'upload' ) {"
. "\n $('#cbimg_upload_" . $name . "').slideDown('slow');"
. "\n $('#cbimg_gallery_" . $name . "').slideUp('slow');"
. "\n } else if ( choice == 'gallery' ) {"
. "\n $('#cbimg_upload_" . $name . "').slideUp('slow');"
. "\n $('#cbimg_gallery_" . $name . "').slideDown('slow');"
. "\n }"
. "\n } ).click();"
;
*/
static $functOut = false;
if (!$functOut) {
$js = "function cbslideImage(choice,uplodid,galleryid) {" . "\n\tif ( ( choice == '' ) || ( choice == 'approve' ) || ( choice == 'delete' ) ) {" . "\n\t\t\$(uplodid).slideUp('slow');" . "\n\t\t\$(galleryid).slideUp('slow');" . "\n\t} else if ( choice == 'upload' ) {" . "\n\t\t\$(uplodid).slideDown('slow');" . "\n\t\t\$(galleryid).slideUp('slow');" . "\n\t} else if ( choice == 'gallery' ) {" . "\n\t\t\$(uplodid).slideUp('slow');" . "\n\t\t\$(galleryid).slideDown('slow');" . "\n\t}" . "\n}";
$_CB_framework->outputCbJQuery($js);
$functOut = true;
}
$js = "\$('#cbimg_upload_" . $name . ",#cbimg_gallery_" . $name . "').hide();" . "\n\t{" . "\n\t \$('#" . $name . "__choice').click( function() {" . "\n\t\tcbslideImage( \$(this).val(), '#cbimg_upload_" . $name . "', '#cbimg_gallery_" . $name . "' );" . "\n\t } ).click();" . "\n\t \$('#" . $name . "__choice').change( function() {" . "\n\t\tcbslideImage( \$(this).val(), '#cbimg_upload_" . $name . "', '#cbimg_gallery_" . $name . "' );" . "\n\t } );" . "\n\t}";
$_CB_framework->outputCbJQuery($js);
} else {
$html .= '<input type="hidden" name="' . $name . '__choice" value="' . $choices[0]->value . '" />';
}
$html .= $this->_fieldIconsHtml($field, $user, 'htmledit', $reason, 'select', '', null, '', array(), $displayFieldIcons, $required);
$html .= '</div>';
if ($name != 'avatar' || $ueConfig['allowAvatarUpload']) {
$button = $reason == 'register' ? _UE_REGISTER : ($_CB_framework->getUi() == 2 ? _UE_SAVE : _UE_UPDATE);
$saveFieldName = $field->name;
$saveFieldRequired = $field->required;
$field->name .= '__file';
if ($field->required && $user && isset($user->{$saveFieldName}) && $user->{$saveFieldName}) {
$field->required = 0;
}
$html .= '<div id="cbimg_upload_' . $name . '">' . '<p>' . sprintf(_UE_UPLOAD_DIMENSIONS_AVATAR, $this->_getImageFieldParam($field, 'avatarWidth'), $this->_getImageFieldParam($field, 'avatarHeight'), $this->_getImageFieldParam($field, 'avatarSize')) . '</p>' . '<div>' . _UE_UPLOAD_SELECT_FILE . ' ' . '<input type="file" name="' . $name . '__file" value="" class="inputbox" />' . '</div>' . '<p>' . ($ueConfig['reg_enable_toc'] ? sprintf(_UE_AVATAR_DISCLAIMER_TERMS, $button, "<a href='" . cbSef(htmlspecialchars($ueConfig['reg_toc_url'])) . "' target='_BLANK'> " . _UE_AVATAR_TOC_LINK . "</a>") : sprintf(_UE_AVATAR_DISCLAIMER, $button)) . '</p>' . '</div>';
$field->name = $saveFieldName;
$field->required = $saveFieldRequired;
}
if ($name == 'avatar' && $ueConfig['allowAvatarGallery']) {
$live_site = $_CB_framework->getCfg('live_site');
$avatar_gallery_path = $_CB_framework->getCfg('absolute_path') . '/images/comprofiler/gallery';
$avatar_images = array();
$avatar_images = display_avatar_gallery($avatar_gallery_path);
$html .= '<div id="cbimg_gallery_' . $name . '">' . "\n\t<table width='100%' border='0' cellpadding='4' cellspacing='2'>" . "\n\t\t<tr align='center' valign='middle'>";
for ($i = 0; $i < count($avatar_images); $i++) {
$j = $i + 1;
$avatar_name = ucfirst(str_replace('_', ' ', preg_replace('/^(.*)\\..*$/', '\\1', $avatar_images[$i])));
$html .= "\n\t\t\t<td>" . '<input type="radio" name="' . $name . '__gallery" id="' . $name . '__gallery_' . $i . '" value="' . $avatar_images[$i] . '" />' . '<label for="' . $name . '__gallery_' . $i . '">' . '<img src="' . $live_site . '/images/comprofiler/gallery/' . $avatar_images[$i] . '" alt="' . $avatar_name . '" title="' . $avatar_name . '" />' . '</label>' . '</td>';
if (function_exists('fmod')) {
if (!fmod($j, 5)) {
$html .= "</tr>\n\t\t<tr align=\"center\" valign=\"middle\">";
}
} else {
if (!fmodReplace($j, 5)) {
// PHP < 4.2.0...
$html .= "</tr>\n\t\t<tr align=\"center\" valign=\"middle\">";
}
}
}
$html .= "\n\t\t</tr>\n\t\t" . "\n\t</table>" . '</div>';
}
$html .= '</div>';
return $html;
}
function storeDatabaseValue($name, $value, $triggers = true)
{
global $_CB_framework, $_PLUGINS;
if ($this->id && isset($this->{$name})) {
$ui = $_CB_framework->getUi();
$user = new moscomprofilerUser($this->_db);
$oldUserComplete = new moscomprofilerUser($this->_db);
foreach (array_keys(get_object_vars($this)) as $k) {
if (substr($k, 0, 1) != '_') {
$user->{$k} = $this->{$k};
$oldUserComplete->{$k} = $this->{$k};
}
}
if ($name != 'password') {
$user->password = null;
}
// In case of Password, save cleartext value for the onAfter event:
$currentvalue = $user->{$name};
if ($triggers) {
if ($ui == 1) {
$_PLUGINS->trigger('onBeforeUserUpdate', array(&$user, &$user, &$oldUserComplete, &$oldUserComplete));
} elseif ($ui == 2) {
$_PLUGINS->trigger('onBeforeUpdateUser', array(&$user, &$user, &$oldUserComplete));
}
}
// In case of Password, hashed value:
$user->{$name} = $value;
$return = $user->store();
if ($name == 'password') {
// In case of Password, cleartext value for the onAfter event:
$user->{$name} = $currentvalue;
}
if ($triggers) {
if ($return) {
if ($ui == 1) {
$_PLUGINS->trigger('onAfterUserUpdate', array(&$user, &$user, $oldUserComplete));
} elseif ($ui == 2) {
$_PLUGINS->trigger('onAfterUpdateUser', array(&$user, &$user, $oldUserComplete));
}
}
}
// Check if error is present in temporary user object:
$error = $user->getError();
if ($error) {
// Pass error to current user object so can be output properly:
$this->_error = $error;
}
unset($user, $oldUserComplete);
return $return;
}
return false;
}
/**
* gets PMS unread messages count
* @param int user id
* @return mixed number of messages unread by user $userid or false if ErrorMSG generated
*/
function getPMSunreadCount($userid) {
global $_CB_database;
$params = $this->params;
$pmsType = $params->get('pmsType', '1');
if (!$this->_checkPMSinstalled($pmsType)) {
return false;
}
$user = new moscomprofilerUser( $_CB_database );
$user->load( (int) $userid );
SWITCH($pmsType) {
case 1:
$query_pms_count = "SELECT count(id) FROM #__pms WHERE username='******' AND readstate=0";
$_CB_database->setQuery( $query_pms_count );
$total_pms = $_CB_database->loadResult();
break;
case 2:
$query_pms_count = "SELECT count(id) FROM #__mypms WHERE username='******' AND readstate=0";
$_CB_database->setQuery( $query_pms_count );
$total_pms = $_CB_database->loadResult();
break;
case 3:
case 4:
$sql="SELECT count(id) FROM #__uddeim WHERE toread<1 AND toid=".(int) $userid;
$_CB_database->setQuery($sql);
$total_pms = $_CB_database->loadResult();
break;
case 5:
$query_pms_count = "SELECT count(id) FROM #__pms WHERE recip_id=" . (int) $userid ." AND readstate%2=0 AND inbox=1";
$_CB_database->setQuery( $query_pms_count );
$total_pms = $_CB_database->loadResult();
break;
case 6:
$query_pms_count = "SELECT count(id) FROM #__jim WHERE username='******' AND readstate=0";
$_CB_database->setQuery( $query_pms_count );
$total_pms = $_CB_database->loadResult();
break;
default:
$this->_setErrorMSG("Incorrect PMS type");
$total_pms = false;
break;
}
return $total_pms;
}
function saveUser( $option ) {
global $_CB_framework, $_CB_database, $_POST, $_PLUGINS;
$this->_importNeeded();
$this->_importNeededSave();
if ( ! ( isset( $_POST['approved'] ) && isset( $_POST['confirmed'] ) && isset( $_POST['username'] ) ) ) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Not Authorized') ) ."'); window.history.go(-1);</script>\n";
exit;
}
// Check rights to access:
$myGid = userGID( $_CB_framework->myId() );
$userIdPosted = (int) cbGetParam($_POST, "id", 0 );
if ( $userIdPosted == 0 ) {
$_POST['id'] = null;
}
$adminGroups = $_CB_framework->acl->mapGroupNamesToValues( array( 'Administrator', 'Superadministrator' ) );
if ( $userIdPosted != 0 ) {
$msg = checkCBpermissions( array( $userIdPosted ), 'save', in_array( $myGid, $adminGroups ) );
} else {
$msg = checkCBpermissions( null, 'save', in_array( $myGid, $adminGroups ) );
}
if ($msg) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( $msg ) . "'); window.history.go(-1);</script>\n";
exit;
}
$_PLUGINS->loadPluginGroup('user');
// Get current user state:
$userComplete = new moscomprofilerUser( $_CB_database );
if ( $userIdPosted != 0 ) {
if ( ! $userComplete->load( (int) $userIdPosted ) ) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( _UE_USER_PROFILE_NOT ) . "'); window.history.go(-1);</script>\n";
return;
}
}
// Store new user state:
$saveResult = $userComplete->saveSafely( $_POST, $_CB_framework->getUi(), 'edit' );
if ( ! $saveResult ) {
$regErrorMSG = $userComplete->getError();
$msg = checkCBpermissions( array( $userComplete->id ), "edit", true );
if ($msg) {
echo "<script type=\"text/javascript\"> alert('" . addslashes( $msg ) ."'); window.history.go(-1);</script>\n";
exit;
}
echo "<script type=\"text/javascript\">alert('" . str_replace( '\\\\n', '\\n', addslashes( strip_tags( str_replace( '<br />', '\\n', $regErrorMSG ) ) ) ) . "'); </script>\n";
global $_CB_Backend_task;
$_CB_Backend_task = 'edit'; // so the toolbar comes up...
$_PLUGINS->loadPluginGroup( 'user' ); // resets plugin errors
$usersView = _CBloadView( 'user' );
$usersView->edituser( $userComplete, $option, ( $userComplete->user_id != null ? '0' : '1' ), $_POST );
// echo "<script type=\"text/javascript\">alert('" . addslashes( str_replace( '<br />', '\n', $userComplete->getError() ) ) . "'); window.history.go(-1);</script>\n";
return;
}
// Checks-in the row:
$userComplete->checkin();
cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showusers" ), sprintf(CBTxt::T('Successfully Saved User: %s'), $userComplete->username) );
}
