/** * Outputs search format including $html being html with input fields * * @param moscomprofilerFields $field * @param moscomprofilerUser $user * @param string $html * @param string $type 'text', 'choice', 'isisnot', 'none' * @param int $list_compare_types IF reason == 'search' : 0 : simple 'is' search, 1 : advanced search with modes, 2 : simple 'any' search * @param string $class Extra-class (e.g. for jQuery) * @return string */ function _fieldSearchModeHtml(&$field, &$user, $html, $type, $list_compare_types, $class = '') { switch ($list_compare_types) { case 1: // Advanced: all possibilities: $col = $field->name . '__srmch'; $selected = $user->get($col); switch ($type) { case 'text': $choices = array('is' => _UE_MATCH_IS_EXACTLY, 'phrase' => _UE_MATCH_PHRASE, 'all' => _UE_MATCH_ALL, 'any' => _UE_MATCH_ANY, '-' => _UE_MATCH_EXCLUSIONS . ':', 'isnot' => _UE_MATCH_IS_EXACTLY_NOT, 'phrasenot' => _UE_MATCH_PHRASE_NOT, 'allnot' => _UE_MATCH_ALL_NOT, 'anynot' => _UE_MATCH_ANY_NOT); break; case 'singlechoice': $choices = array('is' => _UE_MATCH_IS, 'anyis' => _UE_MATCH_IS_ONE_OF, '-' => _UE_MATCH_EXCLUSIONS . ':', 'isnot' => _UE_MATCH_IS_NOT, 'anyisnot' => _UE_MATCH_IS_NOT_ONE_OF); break; case 'multiplechoice': $choices = array('is' => _UE_MATCH_ARE_EXACTLY, 'all' => _UE_MATCH_INCLUDE_ALL_OF, 'any' => _UE_MATCH_INCLUDE_ANY_OF, '-' => _UE_MATCH_EXCLUSIONS . ':', 'isnot' => _UE_MATCH_ARE_EXACTLY_NOT, 'allnot' => _UE_MATCH_INCLUDE_ALL_OF_NOT, 'anynot' => _UE_MATCH_INCLUDE_ANY_OF_NOT); break; case 'isisnot': $choices = array('is' => _UE_MATCH_IS, '-' => _UE_MATCH_EXCLUSIONS . ':', 'isnot' => _UE_MATCH_IS_NOT); break; case 'none': default: $choices = null; break; } if ($choices !== null) { $drop = array(); $drop[] = moscomprofilerHTML::makeOption('', _UE_NO_PREFERENCE); $group = false; foreach ($choices as $k => $v) { if ($k == '-') { $drop[] = moscomprofilerHTML::makeOptGroup($v); $group = true; } else { $drop[] = moscomprofilerHTML::makeOption($k, $v); } } if ($group) { $drop[] = moscomprofilerHTML::makeOptGroup(null); } $additional = ' class="inputbox"'; $list = moscomprofilerHTML::selectList($drop, $field->name . '__srmch', $additional, 'value', 'text', $selected, 1); } else { $list = null; } $return = '<div class="cbSearchContainer cbSearchAdvanced">' . ($list ? '<div class="cbSearchKind">' . $list . '</div>' : '') . '<div class="cbSearchCriteria' . ($class ? ' ' . $class : '') . '">' . $html . '</div>' . '</div>'; break; case 2: // Simple "contains" and ranges: // Simple "contains" and ranges: case 0: default: // Simple: Only 'is' and ranges: $return = '<div class="cbSearchContainer cbSearchSimple">' . '<div class="cbSearchCriteria' . ($class ? ' ' . $class : '') . '">' . $html . '</div>' . '</div>'; break; } return $return; }
function get_users_permission($user_ids, $action, $allow_myself = false) { global $_CB_database, $_CB_framework; $msg = null; if (is_array($user_ids) && count($user_ids)) { $obj = new moscomprofilerUser($_CB_database); foreach ($user_ids as $user_id) { if ($user_id != 0) { if ($obj->load((int) $user_id)) { if (checkJversion() >= 2) { $groups = $this->get_object_groups($user_id); } elseif (checkJversion() == 1) { $aro_id = $this->get_object_id('users', $user_id, 'ARO'); $groups = $this->get_object_groups($aro_id, 'ARO'); } else { $groups = $this->get_object_groups('users', $user_id, 'ARO'); } if (isset($groups[0])) { $this_group = strtolower($this->get_group_name($groups[0], 'ARO')); } else { $this_group = 'Registered'; } } else { $msg .= 'User not found. '; } } else { $this_group = 'Registered'; $obj->gid = $this->get_group_id($this_group, 'ARO'); $obj->gids = $this->get_groups_below_me($user_id, true); } if ($user_id == $_CB_framework->myId()) { if (!$allow_myself) { $msg .= "You cannot {$action} Yourself! "; } } else { if (checkJversion() >= 2) { if (!$this->amIaSuperAdmin()) { $userGroups = $this->get_object_groups($user_id); $myGroups = $this->get_object_groups($_CB_framework->myId()); $myCBuser = CBuser::getMyInstance(); $iAmAdmin = $myCBuser->authoriseAction('core.manage', 'com_users') && $myCBuser->authoriseAction('core.edit', 'com_users'); $exactGids = !$iAmAdmin; $myGidsTree = $this->get_groups_below_me($_CB_framework->myId(), true, $exactGids); $isHeSAdmin = $this->amIaSuperAdmin((int) $user_id); if (array_values($userGroups) == array_values($myGroups) && !$iAmAdmin || $user_id && $userGroups && !array_intersect($userGroups, $myGidsTree) || $isHeSAdmin) { $msg .= "You cannot {$action} a `{$this_group}`. Only higher-level users have this power. "; } } } else { $myGid = $this->get_user_group_id($_CB_framework->myId()); $cms_admins = $this->mapGroupNamesToValues(array('Administrator', 'Superadministrator')); $cms_super_admin = $this->mapGroupNamesToValues('Superadministrator'); if ($myGid != $cms_super_admin) { if ($obj->gid == $myGid && !in_array($myGid, $cms_admins) || $user_id && $obj->gid && !in_array($obj->gid, $this->get_group_children_ids($myGid))) { $msg .= "You cannot {$action} a `{$this_group}`. Only higher-level users have this power. "; } } } } } } else { $this_group = 'Registered'; $gid = $this->get_group_id($this_group, 'ARO'); if ($user_ids == $_CB_framework->myId()) { if (!$allow_myself) { $msg .= "You cannot {$action} Yourself! "; } } else { if (checkJversion() >= 2) { if (!$this->amIaSuperAdmin()) { $userGroups = $this->get_object_groups($user_ids); $myGroups = $this->get_object_groups($_CB_framework->myId()); $myCBuser = CBuser::getMyInstance(); $iAmAdmin = $myCBuser->authoriseAction('core.manage', 'com_users') && $myCBuser->authoriseAction('core.edit', 'com_users'); $exactGids = !$iAmAdmin; $myGidsTree = $this->get_groups_below_me($_CB_framework->myId(), true, $exactGids); $isHeSAdmin = $this->amIaSuperAdmin((int) $user_ids); if (array_values($userGroups) == array_values($myGroups) && !$iAmAdmin || $user_ids && $userGroups && !array_intersect($userGroups, $myGidsTree) || $isHeSAdmin) { $msg .= "You cannot {$action} a `{$this_group}`. Only higher-level users have this power. "; } } } else { $myGid = $this->get_user_group_id($_CB_framework->myId()); $cms_admins = $this->mapGroupNamesToValues(array('Administrator', 'Superadministrator')); $cms_super_admin = $this->mapGroupNamesToValues('Superadministrator'); if ($myGid != $cms_super_admin) { if ($gid == $myGid && !in_array($myGid, $cms_admins) || $user_ids && $gid && !in_array($gid, $this->get_group_children_ids($myGid))) { $msg .= "You cannot {$action} a `{$this_group}`. Only higher-level users have this power. "; } } } } } return $msg; }
function confirm( $confirmcode ) { global $_CB_database, $_CB_framework, $ueConfig, $_PLUGINS; if( $_CB_framework->myId() < 1 ) { $unscrambledId = moscomprofilerUser::getUserIdFromActivationCode( $confirmcode ); if ( $unscrambledId ) { $cbUser = CBuser::getInstance( (int) $unscrambledId ); if ( $cbUser ) { $user = $cbUser->getUserData(); if ( $user && $user->id ) { if ( $user->confirmed == 0 ) { if ( $user->checkActivationCode( $confirmcode ) ) { // THIS is the normal case: user exists, is not yet confirmed, and confirmation code does match: $messagesToUser = null; $confirmed = $user->confirmUser( $messagesToUser ); } else { // confirmation code does not match: $messagesToUser = array( _UE_WRONG_CONFIRMATION_CODE ); $confirmed = false; } } else { // User has already confirmed: show friendly activation messages depending on his state: $messagesToUser = getActivationMessage( $user, 'UserConfirmation' ); $confirmed = true; } if ( $confirmed ) { // THIS is the normal case: user exists, is not yet confirmed, and confirmation code does match: $class = 'cbconfirmationinfo'; } else { $class = 'error'; } echo "\n" . '<div class="cbconfirming"><div class="' . $class . '">' . implode( '</div><div class="' . $class . '">', $messagesToUser ) . "</div></div>\n"; return; } } } // this is the error case where the URL is simply not right: cbNotAuth(); return; } else { // this is the case where the user is already logged in (mostly test-cases): echo '<div class="error">' . _UE_NOT_AUTHORIZED." :<br /><br />"._UE_DO_LOGOUT." !</div>"; } }
/** * @param string $option */ function saveRegistrationNOCHECKSLOL($option) { global $_CB_framework, $_CB_database, $ueConfig, $_POST, $_PLUGINS; // Check rights to access: if ($_CB_framework->getCfg('allowUserRegistration') == '0' && (!isset($ueConfig['reg_admin_allowcbregistration']) || $ueConfig['reg_admin_allowcbregistration'] != '1') || $_CB_framework->myId()) { cbNotAuth(); return; } if (!isset($ueConfig['emailpass'])) { $ueConfig['emailpass'] = '******'; } $userComplete = new moscomprofilerUser($_CB_database); // Pre-registration trigger: $_PLUGINS->loadPluginGroup('user'); $_PLUGINS->trigger('onStartSaveUserRegistration', array()); if ($_PLUGINS->is_errors()) { echo "<script type=\"text/javascript\">alert('" . addslashes($_PLUGINS->getErrorMSG()) . "'); </script>\n"; $oldUserComplete = new moscomprofilerUser($_CB_database); $userComplete->bindSafely($_POST, $_CB_framework->getUi(), 'register', $oldUserComplete); HTML_comprofiler::registerForm($option, $ueConfig['emailpass'], $userComplete, $_POST, $_PLUGINS->getErrorMSG("<br />")); return; } // Check if this user already registered with exactly this username and password: $username = cbGetParam($_POST, 'username', ''); $usernameExists = $userComplete->loadByUsername($username); if ($usernameExists) { $password = cbGetParam($_POST, 'password', '', _CB_ALLOWRAW); if ($userComplete->verifyPassword($password)) { $pwd_md5 = $userComplete->password; $userComplete->password = $password; $messagesToUser = activateUser($userComplete, 1, 'SameUserRegistrationAgain'); $userComplete->password = $pwd_md5; echo "\n<div>" . implode("</div>\n<div>", $messagesToUser) . "</div>\n"; return; } else { $msg = sprintf(_UE_USERNAME_ALREADY_EXISTS, $username); echo "<script type=\"text/javascript\">alert('" . addslashes($msg) . "'); </script>\n"; $oldUserComplete = new moscomprofilerUser($_CB_database); $userComplete->bindSafely($_POST, $_CB_framework->getUi(), 'register', $oldUserComplete); HTML_comprofiler::registerForm($option, $ueConfig['emailpass'], $userComplete, $_POST, htmlspecialchars($msg)); return; } } // Store and check terms and conditions accepted (not a field yet !!!!): if (isset($_POST['acceptedterms'])) { $userComplete->acceptedterms = (int) cbGetParam($_POST, 'acceptedterms', 0) == 1 ? 1 : 0; } else { $userComplete->acceptedterms = null; } if ($ueConfig['reg_enable_toc']) { if ($userComplete->acceptedterms != 1) { echo "<script type=\"text/javascript\">alert('" . addslashes(cbUnHtmlspecialchars(_UE_TOC_REQUIRED)) . "'); </script>\n"; $oldUserComplete = new moscomprofilerUser($_CB_database); $userComplete->bindSafely($_POST, $_CB_framework->getUi(), 'register', $oldUserComplete); HTML_comprofiler::registerForm($option, $ueConfig['emailpass'], $userComplete, $_POST, _UE_TOC_REQUIRED . '<br />'); return; } } // Set id to 0 for autoincrement and store IP address used for registration: $userComplete->id = 0; $userComplete->registeripaddr = cbGetIPlist(); // Store new user state: $saveResult = $userComplete->saveSafely($_POST, $_CB_framework->getUi(), 'register'); if ($saveResult === false) { echo "<script type=\"text/javascript\">alert('" . str_replace('\\\\n', '\\n', addslashes(strip_tags(str_replace('<br />', '\\n', $userComplete->getError())))) . "'); </script>\n"; HTML_comprofiler::registerForm($option, $ueConfig['emailpass'], $userComplete, $_POST, $userComplete->getError()); return; } if ($saveResult['ok'] === true) { $messagesToUser = activateUser($userComplete, 1, "UserRegistration"); } foreach ($saveResult['tabs'] as $res) { if ($res) { $messagesToUser[] = $res; } } if ($saveResult['ok'] === false) { echo "<script type=\"text/javascript\">alert('" . str_replace('\\\\n', '\\n', addslashes(strip_tags(str_replace('<br />', '\\n', $userComplete->getError())))) . "'); </script>\n"; HTML_comprofiler::registerForm($option, $ueConfig['emailpass'], $userComplete, $_POST, $userComplete->getError()); return; } $_PLUGINS->trigger('onAfterUserRegistrationMailsSent', array(&$userComplete, &$userComplete, &$messagesToUser, $ueConfig['reg_confirmation'], $ueConfig['reg_admin_approval'], true)); foreach ($saveResult['after'] as $res) { if ($res) { echo "\n<div>" . $res . "</div>\n"; } } if ($_PLUGINS->is_errors()) { echo $_PLUGINS->getErrorMSG(); HTML_comprofiler::registerForm($option, $ueConfig['emailpass'], $userComplete, $_POST, $_PLUGINS->getErrorMSG()); return; } echo "\n<div>" . implode("</div>\n<div>", $messagesToUser) . "</div>\n"; }
function drawUsersList( $uid, $listid, $searchFormValuesRAW ) { global $_CB_database, $_CB_framework, $ueConfig, $Itemid, $_PLUGINS; $search = null; $searchGET = cbGetParam( $searchFormValuesRAW, 'search' ); $limitstart = (int) cbGetParam( $searchFormValuesRAW, 'limitstart', 0 ); $searchmode = (int) cbGetParam( $searchFormValuesRAW, 'searchmode', 0 ); $randomParam = (int) cbGetParam( $searchFormValuesRAW, 'rand', 0 ); // old search on formated name: /* if ( $searchPOST || count( $_POST ) ) { // simple spoof check security cbSpoofCheck( 'usersList' ); if ( cbGetParam( $searchFormValuesRAW, "action" ) == "search" ) { $search = $searchPOST; } } else if ( isset( $searchFormValuesRAW['limitstart'] ) ) { $search = stripslashes( $searchGET ); } */ // get my user and gets the list of user lists he is allowed to see (ACL): $myCbUser =& CBuser::getInstance( $uid ); if ( $myCbUser === null ) { $myCbUser =& CBuser::getInstance( null ); } $myUser =& $myCbUser->getUserData(); /* $myUser = new moscomprofilerUser( $_CB_database ); if ( $uid ) { $myUser->load( (int) $uid ); } */ $useraccessgroupSQL = " AND useraccessgroupid IN (".implode(',',getChildGIDS(userGID($uid))).")"; $_CB_database->setQuery( "SELECT listid, title FROM #__comprofiler_lists WHERE published=1" . $useraccessgroupSQL . " ORDER BY ordering" ); $plists = $_CB_database->loadObjectList(); $lists = array(); $publishedlists = array(); for ( $i=0, $n=count( $plists ); $i < $n; $i++ ) { $plist =& $plists[$i]; $listTitleNoHtml = strip_tags( cbReplaceVars( getLangDefinition( $plist->title ), $myUser, false, false ) ); $publishedlists[] = moscomprofilerHTML::makeOption( $plist->listid, $listTitleNoHtml ); } // select either list selected or default list to which he has access (ACL): if ( $listid == 0 ) { $_CB_database->setQuery( "SELECT listid FROM #__comprofiler_lists " . "\n WHERE `default`=1 AND published=1" . $useraccessgroupSQL ); $listid = (int) $_CB_database->loadresult(); if ( $listid == 0 && ( count( $plists ) > 0 ) ) { $listid = (int) $plists[0]->listid; } } if ( ! ( $listid > 0 ) ) { echo _UE_NOLISTFOUND; return; } // generates the drop-down list of lists: if ( count( $plists ) > 1 ) { $lists['plists'] = moscomprofilerHTML::selectList( $publishedlists, 'listid', 'class="inputbox" size="1" onchange="this.form.submit();"', 'value', 'text', $listid, 1 ); } // loads the list record: $row = new moscomprofilerLists( $_CB_database ); if ( ( ! $row->load( (int) $listid ) ) || ( $row->published != 1 ) ) { echo _UE_LIST_DOES_NOT_EXIST; return; } if ( ! allowAccess( $row->useraccessgroupid,'RECURSE', userGID($uid) ) ) { echo _UE_NOT_AUTHORIZED; return; } $params = new cbParamsBase( $row->params ); $hotlink_protection = $params->get( 'hotlink_protection', 0 ); if ( $hotlink_protection == 1 ) { if ( ( $searchGET !== null ) || $limitstart ) { cbSpoofCheck( 'usersList', 'GET' ); } } $limit = (int) $params->get( 'list_limit' ); if ( $limit == 0 ) { $limit = (int) $ueConfig['num_per_page']; } $showPaging = $params->get( 'list_paging', 1 ); if ( $showPaging != 1 ) { $limitstart = 0; } $isModerator = isModerator( $_CB_framework->myId() ); $_PLUGINS->loadPluginGroup( 'user' ); // $plugSearchFieldsArray = $_PLUGINS->trigger( 'onStartUsersList', array( &$listid, &$row, &$search, &$limitstart, &$limit ) ); $_PLUGINS->trigger( 'onStartUsersList', array( &$listid, &$row, &$search, &$limitstart, &$limit ) ); // handles the users allowed to be listed in the list by ACL: $allusergids = array(); $usergids = explode( ',', $row->usergroupids ); /* This was a bug tending to list admins when "public backend" was checked, and all frontend users when "public backend was checked. Now just ignore them: foreach( $usergids AS $usergid ) { $allusergids[] = $usergid; if ($usergid==29 || $usergid==30) { $groupchildren = array(); $groupchildren = $_CB_framework->acl->get_group_children( $usergid, 'ARO','RECURSE' ); $allusergids = array_merge($allusergids,$groupchildren); } } */ $allusergids = array_diff( $usergids, array( 29, 30 ) ); $usergids = implode( ",", $allusergids ); // build SQL Select query: $random = 0; if( $row->sortfields != '' ) { $matches = null; if ( preg_match( '/^RAND\(\)\s(ASC|DESC)$/', $row->sortfields, $matches ) ) { // random sorting needs to have same seed on pages > 1 to not have probability to show same users: if ( $limitstart ) { $random = (int) $randomParam; } if ( ! $random ) { $random = rand( 0, 32767 ); } $row->sortfields = 'RAND(' . (int) $random . ') ' . $matches[1]; } $orderby = "\n ORDER BY " . $row->sortfields; } $filterby = ''; if ( $row->filterfields != '' ) { $filterRules = utf8RawUrlDecode( substr( $row->filterfields, 1 ) ); if ( $_CB_framework->myId() ) { $user = new moscomprofilerUser( $_CB_database ); if ( $user->load( (int) $_CB_framework->myId() ) ) { $filterRules = cbReplaceVars( $filterRules, $user, array( $_CB_database, 'getEscaped' ), false, array() ); } } $filterby = " AND ". $filterRules; } // Prepare part after SELECT .... " and before "FROM" : $tableReferences = array( '#__comprofiler' => 'ue', '#__users' => 'u' ); // Fetch all fields: $tabs = $myCbUser->_getCbTabs(); // new cbTabs( 0, 1 ); //TBD: later: this private method should not be called here, but the whole users-list should go into there and be called here. $allFields = $tabs->_getTabFieldsDb( null, $myUser, 'list' ); // $_CB_database->setQuery( "SELECT * FROM #__comprofiler_fields WHERE published = 1" ); // $allFields = $_CB_database->loadObjectList( 'fieldid', 'moscomprofilerFields', array( &$_CB_database ) ); //Make columns array. This array will later be constructed from the tabs table: $columns = array(); for ( $i = 1; $i < 50; ++$i ) { $enabledVar = "col".$i."enabled"; if ( ! isset( $row->$enabledVar ) ) { break; } $titleVar = "col".$i."title"; $fieldsVar = "col".$i."fields"; $captionsVar = "col".$i."captions"; if ( $row->$enabledVar == 1 ) { $col = new stdClass(); $col->fields = ( $row->$fieldsVar ? explode( '|*|', $row->$fieldsVar ) : array() ); $col->title = $row->$titleVar; $col->titleRendered = $myCbUser->replaceUserVars( $col->title ); $col->captions = $row->$captionsVar; // $col->sort = 1; //All columns can be sorted $columns[$i] = $col; } } // build fields and tables accesses, also check for searchable fields: $searchableFields = array(); $fieldsSQL = cbUsersList::getFieldsSQL( $columns, $allFields, $tableReferences, $searchableFields, $params ); $_PLUGINS->trigger( 'onAfterUsersListFieldsSql', array( &$columns, &$allFields, &$tableReferences ) ); $tablesSQL = array(); $joinsSQL = array(); $tablesWhereSQL = array( 'block' => 'u.block = 0', 'approved' => 'ue.approved = 1', 'confirmed' => 'ue.confirmed = 1' ); if ( checkJversion() == 2 ) { $joinsSQL[] = 'JOIN #__user_usergroup_map g ON g.`user_id` = u.`id`'; } if ( ! $isModerator ) { $tablesWhereSQL['banned'] = 'ue.banned = 0'; } if ( $usergids ) { if ( checkJversion() == 2 ) { $tablesWhereSQL['gid'] = 'g.group_id IN (' . $usergids . ')'; } else { $tablesWhereSQL['gid'] = 'u.gid IN (' . $usergids . ')'; } } foreach ( $tableReferences as $table => $name ) { $tablesSQL[] = $table . ' ' . $name; if ( $name != 'u' ) { $tablesWhereSQL[] = "u.`id` = " . $name . ".`id`"; } } // handles search criterias: $list_compare_types = $params->get( 'list_compare_types', 0 ); $searchVals = new stdClass(); $searchesFromFields = $tabs->applySearchableContents( $searchableFields, $searchVals, $searchFormValuesRAW, $list_compare_types ); $whereFields = $searchesFromFields->reduceSqlFormula( $tableReferences, $joinsSQL, TRUE ); if ( $whereFields ) { $tablesWhereSQL[] = '(' . $whereFields . ')'; /* if ( $search === null ) { $search = ''; } */ } $_PLUGINS->trigger( 'onBeforeUsersListBuildQuery', array( &$tablesSQL, &$joinsSQL, &$tablesWhereSQL ) ); $queryFrom = "FROM " . implode( ', ', $tablesSQL ) . ( count( $joinsSQL ) ? "\n " . implode( "\n ", $joinsSQL ) : '' ) . "\n WHERE " . implode( "\n AND ", $tablesWhereSQL ); // handles old formatted names search: /* if ( $search != '' ) { $searchSQL = cbEscapeSQLsearch( strtolower( $_CB_database->getEscaped( $search ) ) ); $queryFrom .= " AND ("; $searchFields = array(); if ( $ueConfig['name_format']!='3' ) { $searchFields[] = "u.name LIKE '%%s%'"; } if ( $ueConfig['name_format']!='1' ) { $searchFields[] = "u.username LIKE '%%s%'"; } if ( is_array( $plugSearchFieldsArray ) ) { foreach ( $plugSearchFieldsArray as $v ) { if ( is_array( $v ) ) { $searchFields = array_merge( $searchFields, $v ); } } } $queryFrom .= str_replace( '%s', $searchSQL, implode( " OR ", $searchFields ) ); $queryFrom .= ")"; } */ $queryFrom .= " " . $filterby; $_PLUGINS->trigger( 'onBeforeUsersListQuery', array( &$queryFrom, 1, $listid ) ); // $uid = 1 $errorMsg = null; // counts number of users and loads the listed fields of the users if not in search-form-only mode: if ( $searchmode == 0 ) { if ( checkJversion() == 2 ) { $_CB_database->setQuery( "SELECT COUNT(DISTINCT u.id) " . $queryFrom ); } else { $_CB_database->setQuery( "SELECT COUNT(*) " . $queryFrom ); } $total = $_CB_database->loadResult(); if ( ( $limit > $total ) || ( $limitstart >= $total ) ) { $limitstart = 0; } // $query = "SELECT u.id, ue.banned, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby if ( checkJversion() == 2 ) { $query = "SELECT DISTINCT ue.*, u.*, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby; } else { $query = "SELECT ue.*, u.*, '' AS 'NA' " . ( $fieldsSQL ? ", " . $fieldsSQL . " " : '' ) . $queryFrom . " " . $orderby; } $_CB_database->setQuery( $query, (int) $limitstart, (int) $limit ); $users = $_CB_database->loadObjectList( null, 'moscomprofilerUser', array( &$_CB_database ) ); if ( ! $_CB_database->getErrorNum() ) { // creates the CBUsers in cache corresponding to the $users: foreach ( array_keys( $users ) as $k) { CBuser::setUserGetCBUserInstance( $users[$k] ); } } else { $users = array(); $errorMsg = _UE_ERROR_IN_QUERY_TURN_SITE_DEBUG_ON_TO_VIEW; } if ( count( get_object_vars( $searchVals ) ) > 0 ) { $search = ''; } else { $search = null; } } else { $total = null; $users = array(); if ( $search === null ) { $search = ''; } } // Compute itemId of users in users-list: if ( $Itemid ) { $option_itemid = (int) $Itemid; } else { $option_itemid = getCBprofileItemid( 0 ); } HTML_comprofiler::usersList( $row, $users, $columns, $allFields, $lists, $listid, $search, $searchmode, $option_itemid, $limitstart, $limit, $total, $myUser, $searchableFields, $searchVals, $tabs, $list_compare_types, $showPaging, $hotlink_protection, $errorMsg, $random ); }
function get_users_permission( $user_ids, $action, $allow_myself = false ) { global $_CB_database, $_CB_framework; $msg = null; $cms_admins = $this->mapGroupNamesToValues( array( 'Administrator', 'Superadministrator' ) ); if ( is_array( $user_ids ) && count( $user_ids ) ) { $obj = new moscomprofilerUser( $_CB_database ); foreach ( $user_ids as $user_id ) { if ( $user_id != 0 ) { if ( $obj->load( (int) $user_id ) ) { if ( checkJversion() == 2 ) { $groups = $this->get_object_groups( $user_id ); } elseif ( checkJversion() == 1 ) { $aro_id = $this->get_object_id( 'users', $user_id, 'ARO' ); $groups = $this->get_object_groups( $aro_id, 'ARO' ); } else { $groups = $this->get_object_groups( 'users', $user_id, 'ARO' ); } if ( isset( $groups[0] ) ) { $this_group = strtolower( $this->get_group_name( $groups[0], 'ARO' ) ); } else { $this_group = 'Registered'; } } else { $msg .= 'User not found. '; } } else { $this_group = 'Registered'; $obj->gid = $this->get_group_id( $this_group, 'ARO' ); } if ( ( ! $allow_myself ) && ( $user_id == $_CB_framework->myId() ) ){ $msg .= "You cannot $action Yourself! "; } else { $myGid = $this->get_user_group_id( $_CB_framework->myId() ); if ( ( ( $obj->gid == $myGid ) && ! in_array( $myGid, $cms_admins ) ) || ( $user_id && $obj->gid && ! in_array( $obj->gid, $this->get_group_children_ids( $myGid ) ) ) ) { $msg .= "You cannot $action a `$this_group`. Only higher-level users have this power. "; } } } } else { $this_group = 'Registered'; $gid = $this->get_group_id( $this_group, 'ARO' ); $myGid = $this->get_user_group_id( $_CB_framework->myId() ); if ( ( ( $gid == $myGid ) && ! in_array( $myGid, $cms_admins ) ) || ( $gid && ! in_array( $gid, $this->get_group_children_ids( $myGid ) ) ) ) { $msg .= "You cannot $action a `$this_group`. Only higher-level users have this power. "; } } return $msg; }
/** * User login into CMS framework * * @param string $username The username * @param string|boolean $password if boolean FALSE: login without password if possible * @param booleean $rememberme 1 for "remember-me" cookie method * @param int $userId used for "remember-me" login function only * @return boolean Login success */ function login( $username, $password, $rememberme = 0, $userId = null ) { header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"'); // needed for IE6 to accept this anti-spam cookie in higher security setting. if ( checkJversion() >= 1 ) { // Joomla 1.5 RC and above: if ( $password !== false ) { $result = $this->_baseFramework->login( array( 'username' => $username, 'password' => $password ), array( 'remember' => $rememberme ) ); } else { // login without password: jimport( 'joomla.user.authentication' ); // load user plugins: JPluginHelper::importPlugin( 'user' ); // get JAuthentication object: $authenticate =& JAuthentication::getInstance(); $dispatcher =& JDispatcher::getInstance(); $response = new JAuthenticationResponse(); // prepare our SUCCESS login response including user data: global $_CB_database; $row = new moscomprofilerUser( $_CB_database ); $row->loadByUsername( stripslashes( $username ) ); $response->status = JAUTHENTICATE_STATUS_SUCCESS; $response->username = $username; $response->fullname = $row->name; // now we attempt user login and check results: if ( checkJversion() == 2 ) { $login = $dispatcher->trigger( 'onUserLogin', array( (array) $response, array( 'action' => 'core.login.site' ) ) ); } else { $login = $dispatcher->trigger( 'onLoginUser', array( (array) $response, array() ) ); } $result = ! in_array( false, $login, true ); } if ( $result ) { $user =& JFactory::getUser(); $this->_myId = (int) $user->id; $this->_myUsername = $user->username; $this->_myUserType = $user->usertype; $this->_myCmsGid = $user->get('aid', 0); $lang =& JFactory::getLanguage(); if ( checkJversion() == 2 ) { $this->_myLanguage = strtolower( preg_replace( '/^(\w+).*$/i', '\1', $lang->getName() ) ); } else { $this->_myLanguage = $lang->getBackwardLang(); } } } else { // Mambo 4.5.x and Joomla before 1.0.13+ (in fact RC3+) do need hashed password for login() method: if ( $password !== false ) { $hashedPwdLogin = ( ( checkJversion() == 0 ) && ! function_exists( 'josHashPassword' ) ); // more reliable version-checking than the often hacked version.php file! if ( $hashedPwdLogin ) { // Joomla 1.0.12 and below: $dummyRow = new moscomprofilerUser( $_CB_database ); $this->_baseFramework->login( $username, $dummyRow->hashAndSaltPassword( $password ), $rememberme, $userId ); } else { $this->_baseFramework->login( $username, $password, $rememberme, $userId ); } // Joomla 1.0 redirects bluntly if login fails! so we need to check by ourselves below: $result = true; } else { // login without password: //TBD MAMBO 4.6 support here ! global $_CB_database, $mainframe, $_VERSION; $row = new moscomprofilerUser( $_CB_database ); $row->loadByUsername( stripslashes( $username ) ); // prepare login session with user data: $session =& $mainframe->_session; $session->guest = 0; $session->username = $row->username; $session->userid = (int) $row->id; $session->usertype = $row->usertype; $session->gid = (int) $row->gid; // attempt to login user: if ( $session->update() ) { $result = true; } // check if site is demo or production: if ( $_VERSION->SITE ) { // site is production; remove duplicate sessions: $query = 'DELETE FROM ' . $_CB_database->NameQuote( '#__session' ) . "\n WHERE " . $_CB_database->NameQuote( 'session_id' ) . ' != ' . $_CB_database->Quote( $session->session_id ) . "\n AND " . $_CB_database->NameQuote( 'username' ) . ' = ' . $_CB_database->Quote( $row->username ) . "\n AND " . $_CB_database->NameQuote( 'userid' ) . ' = ' . (int) $row->id . "\n AND " . $_CB_database->NameQuote( 'gid' ) . ' = ' . (int) $row->gid . "\n AND " . $_CB_database->NameQuote( 'guest' ) . ' = 0'; $_CB_database->setQuery( $query ); if ( ! $_CB_database->query() ) { trigger_error( 'loginUser 1 SQL error: ' . $_CB_database->stderr( true ), E_USER_WARNING ); } } // get current datetime: $currentDate = date( 'Y-m-d H:i:s', $this->now() ); // update user last login with current datetime: $query = 'UPDATE ' . $_CB_database->NameQuote( '#__users' ) . "\n SET " . $_CB_database->NameQuote( 'lastvisitDate' ) . " = " . $_CB_database->Quote( $currentDate ) . "\n WHERE " . $_CB_database->NameQuote( 'id' ) . " = " . (int) $session->userid; $_CB_database->setQuery( $query ); if ( ! $_CB_database->query() ) { trigger_error( 'loginUser 2 SQL error: ' . $_CB_database->stderr( true ), E_USER_WARNING ); } // clean old cache: mosCache::cleanCache(); } if ( checkJversion() == 0 ) { global $mainframe; $mymy = $mainframe->getUser(); $this->_myId = (int) $mymy->id; $this->_myUsername = $mymy->username; $this->_myUserType = $mymy->usertype; $this->_myCmsGid = $mymy->gid; if ( ! $this->_myId ) { $result = false; } } //TBD MAMBO 4.6 support here ! } return $result; }
function sendUserEmail($toid, $fromid, $subject, $message, $revealEmail = false) { global $_CB_framework, $_CB_database, $ueConfig, $_SERVER; if (!$subject && !$message) { return true; } $rowFrom = new moscomprofilerUser($_CB_database); $rowFrom->load((int) $fromid); $rowTo = new moscomprofilerUser($_CB_database); $rowTo->load((int) $toid); $uname = getNameFormat($rowFrom->name, $rowFrom->username, $ueConfig['name_format']); if ($revealEmail) { if (isset($ueConfig['allow_email_replyto']) && $ueConfig['allow_email_replyto'] == 2) { $rowFrom->replytoEmail = $rowFrom->email; $rowFrom->replytoName = $uname; $rowFrom->email = $ueConfig['reg_email_from']; } else { // if (!isset($ueConfig['allow_email_replyto']) || $ueConfig['allow_email_replyto'] == 1) $rowFrom->replytoEmail = null; $rowFrom->replytoName = null; $rowFrom->email = $rowFrom->email; } } else { $rowFrom->replytoEmail = null; $rowFrom->replytoName = null; $rowFrom->name = _UE_NOTIFICATIONSAT . " " . cb_html_entity_decode_all($_CB_framework->getCfg('sitename')); $rowFrom->email = $ueConfig['reg_email_from']; $message .= "\n\n" . sprintf(_UE_EMAILFOOTER, cb_html_entity_decode_all($_CB_framework->getCfg('sitename')), $_CB_framework->getCfg('live_site')) . "\n"; } return $this->_sendEmailMSG($rowTo, $rowFrom, $subject, $message, $revealEmail); }
/** * Logins on host CMS using any allowed authentication methods * * @param string $username The username * @param string|boolean $password Well, The password OR strictly boolean false for login without password * @param boolean $rememberMe If login should be remembered in a cookie to be sent back to user's browser * @param boolean $message If an alert message should be prepared on successful login * @param string $return IN & OUT: IN: return URL NOT SEFED for normal login completition (unless an event says different), OUT: redirection url (no htmlspecialchars) NOT SEFED * @param array $messagesToUser OUT: messages to display to user (html) * @param array $alertmessages OUT: messages to alert to user (text) * @param int $loginType 0: username, 1: email, 2: username or email, 3: username, email or CMS authentication */ function login( $username, $password, $rememberMe, $message, &$return, &$messagesToUser, &$alertmessages, $loginType = 0 ) { global $_CB_database, $_CB_framework, $ueConfig, $_PLUGINS; $returnURL = null; if ( ( ! $username ) || ( ( ! $password ) && ( $password !== false ) ) ) { $resultError = _LOGIN_INCOMPLETE; } else { $_PLUGINS->loadPluginGroup('user'); $_PLUGINS->trigger( 'onBeforeLogin', array( &$username, &$password ) ); $resultError = null; $showSysMessage = true; $stopLogin = false; $loggedIn = false; if($_PLUGINS->is_errors()) { $resultError = $_PLUGINS->getErrorMSG(); } else { $row = new moscomprofilerUser( $_CB_database ); $foundUser = false; // Try login by CB authentication trigger: $_PLUGINS->trigger( 'onLoginAuthentication', array( &$username, &$password, &$row, $loginType, &$foundUser, &$stopLogin, &$resultError, &$messagesToUser, &$alertmessages, &$return ) ); if ( ! $foundUser ) { if ( $loginType != 2 ) { // login by username: $foundUser = $row->loadByUsername( stripslashes( $username ) ) && ( ( $password === false ) || $row->verifyPassword( $password ) ); } if ( ( ! $foundUser ) && ( $loginType >= 1 ) ) { // login by email: $foundUser = $row->loadByEmail( stripslashes( $username ) ) && ( ( $password === false ) || $row->verifyPassword( $password ) ); if ( $foundUser ) { $username = $row->username; } } if ( ( ! $foundUser ) && ( $loginType > 2 ) ) { // If no result, try login by CMS authentication: if ( $_CB_framework->login( $username, $password, $rememberMe ) ) { $foundUser = $row->loadByUsername( stripslashes( $username ) ); cbSplitSingleName( $row ); $row->confirmed = 1; $row->approved = 1; $row->store(); // synchronizes with comprofiler table $loggedIn = true; } } } if ( $foundUser ) { $returnPluginsOverrides = null; $pluginResults = $_PLUGINS->trigger( 'onDuringLogin', array( &$row, 1, &$returnPluginsOverrides ) ); if ( $returnPluginsOverrides ) { $return = $returnPluginsOverrides; } if ( is_array( $pluginResults ) && count( $pluginResults ) ) { foreach ( $pluginResults as $res ) { if ( is_array( $res ) ) { if ( isset( $res['messagesToUser'] ) ) { $messagesToUser[] = $res['messagesToUser']; } if ( isset( $res['alertMessage'] ) ) { $alertmessages[] = $res['alertMessage']; } if ( isset( $res['showSysMessage'] ) ) { $showSysMessage = $showSysMessage && $res['showSysMessage']; } if ( isset( $res['stopLogin'] ) ) { $stopLogin = $stopLogin || $res['stopLogin']; } } } } if($_PLUGINS->is_errors()) { $resultError = $_PLUGINS->getErrorMSG(); } elseif ( $stopLogin ) { // login stopped: don't even check for errors... } elseif ($row->approved == 2){ $resultError = _LOGIN_REJECTED; } elseif ($row->confirmed != 1){ if ( $row->cbactivation == '' ) { $row->store(); // just in case the activation code was missing } $cbNotification = new cbNotification(); $cbNotification->sendFromSystem($row->id,getLangDefinition(stripslashes($ueConfig['reg_pend_appr_sub'])),getLangDefinition(stripslashes($ueConfig['reg_pend_appr_msg']))); $resultError = _LOGIN_NOT_CONFIRMED; } elseif ($row->approved == 0){ $resultError = _LOGIN_NOT_APPROVED; } elseif ($row->block == 1) { $resultError = _UE_LOGIN_BLOCKED; } elseif ($row->lastvisitDate == '0000-00-00 00:00:00') { if (isset($ueConfig['reg_first_visit_url']) and ($ueConfig['reg_first_visit_url'] != "")) { $return = $ueConfig['reg_first_visit_url']; } else { $return = $returnPluginsOverrides; // by default return to homepage on first login (or on page overridden by plugin). } $_PLUGINS->trigger( 'onBeforeFirstLogin', array( &$row, $username, $password, &$return )); if ($_PLUGINS->is_errors()) { $resultError = $_PLUGINS->getErrorMSG( "<br />" ); } } } else { if ( $loginType < 2 ) { $resultError = _LOGIN_INCORRECT; } else { $resultError = _UE_INCORRECT_EMAIL_OR_PASSWORD; } } } if ( $resultError ) { if ( $showSysMessage ) { $alertmessages[] = $resultError; } } elseif ( ! $stopLogin ) { if ( ! $loggedIn ) { $_PLUGINS->trigger( 'onDoLoginNow', array( $username, $password, $rememberMe, &$row, &$loggedIn, &$resultError, &$messagesToUser, &$alertmessages, &$return ) ); } if ( ! $loggedIn ) { $_CB_framework->login( $username, $password, $rememberMe ); $loggedIn = true; } $_PLUGINS->trigger( 'onAfterLogin', array( &$row, $loggedIn ) ); if ( $loggedIn && $message && $showSysMessage ) { $alertmessages[] = _LOGIN_SUCCESS; } if ( ! $loggedIn ) { $resultError = _LOGIN_INCORRECT; } // changing com_comprofiler to comprofiler is a quick-fix for SEF ON on return path... if ( $return && !( strpos( $return, 'comprofiler' /* 'com_comprofiler' */ ) && ( strpos( $return, 'login') || strpos( $return, 'logout') || strpos( $return, 'registers' ) || strpos( strtolower( $return ), 'lostpassword' ) ) ) ) { // checks for the presence of a return url // and ensures that this url is not the registration or login pages $returnURL = $return; } elseif ( ! $returnURL ) { $returnURL = 'index.php'; } } } $return = $returnURL; return $resultError; }
/** * * * @param moscomprofilerFields $field * @param moscomprofilerUser $user * @param string $reason 'profile' for user profile view, 'edit' for profile edit, 'register' for registration, 'list' for user-lists * @param boolean $displayFieldIcons * @return string HTML: <tag type="$type" value="$value" xxxx="xxx" yy="y" /> */ function _htmlEditForm(&$field, &$user, $reason, $displayFieldIcons = true) { global $_CB_framework, $_CB_database, $ueConfig; if ($field->name == 'avatar' && !($ueConfig['allowAvatarUpload'] || $ueConfig['allowAvatarGallery'])) { return null; } $name = $field->name; $nameapproved = $field->name . 'approved'; $required = $this->_isRequired($field, $user, $reason); $existingAvatar = false; if ($user && $user->id) { // we can not trust the following, as if another field did error out, it's wrong: // $existingAvatar = ( $user->$name != null ); // so load from database: $realDatabaseUser = new moscomprofilerUser($_CB_database); if ($realDatabaseUser->load((int) $user->id)) { $existingAvatar = $realDatabaseUser->{$name} != null; } } $html = '<div>'; $choices = array(); if ($reason == 'register' || $reason == 'edit' && $user->id == 0) { if ($required == 0) { $choices[] = moscomprofilerHTML::makeOption('', _UE_AVATAR_NONE); } } else { if ($existingAvatar || $required == 0) { $choices[] = moscomprofilerHTML::makeOption('', _UE_AVATAR_NO_CHANGE); } } if ($name != 'avatar' || $ueConfig['allowAvatarUpload']) { $choices[] = moscomprofilerHTML::makeOption('upload', $existingAvatar ? _UE_AVATAR_UPLOAD_NEW : _UE_AVATAR_UPLOAD); } if ($name == 'avatar' && $ueConfig['allowAvatarGallery']) { $choices[] = moscomprofilerHTML::makeOption('gallery', _UE_AVATAR_SELECT); } if ($_CB_framework->getUi() == 2 && $existingAvatar && $user->{$nameapproved} == 0) { $choices[] = moscomprofilerHTML::makeOption('approve', _UE_APPROVE_IMAGE); } if ($existingAvatar && $required == 0) { $choices[] = moscomprofilerHTML::makeOption('delete', _UE_DELETE_AVATAR); } $html .= '<div>'; if ($reason != 'register' && $user->id != 0 && $existingAvatar) { $html .= $this->_avatarHtml($field, $user, $reason) . ' '; } if ($reason == 'edit' && $existingAvatar && $user->{$nameapproved} == 0 && isModerator($_CB_framework->myId())) { $html .= $this->_avatarHtml($field, $user, $reason, false, 10) . ' '; } if (count($choices) > 1) { $additional = ' class="inputbox"'; if ($_CB_framework->getUi() == 1 && $reason == 'edit' && $field->readonly) { $additional .= ' disabled="disabled"'; } $html .= moscomprofilerHTML::selectList($choices, $name . '__choice', $additional, 'value', 'text', '', $required, true, false); /* $js = " $('#cbimg_upload_" . $name . ",#cbimg_gallery_" . $name . "').hide();" . "\n $('#" . $name . "__choice').click( function() {" . "\n var choice = $(this).val();" . "\n if ( choice == '' ) {" . "\n $('#cbimg_upload_" . $name . "').slideUp('slow');" . "\n $('#cbimg_gallery_" . $name . "').slideUp('slow');" . "\n } else if ( choice == 'upload' ) {" . "\n $('#cbimg_upload_" . $name . "').slideDown('slow');" . "\n $('#cbimg_gallery_" . $name . "').slideUp('slow');" . "\n } else if ( choice == 'gallery' ) {" . "\n $('#cbimg_upload_" . $name . "').slideUp('slow');" . "\n $('#cbimg_gallery_" . $name . "').slideDown('slow');" . "\n }" . "\n } ).click();" ; */ static $functOut = false; if (!$functOut) { $js = "function cbslideImage(choice,uplodid,galleryid) {" . "\n\tif ( ( choice == '' ) || ( choice == 'approve' ) || ( choice == 'delete' ) ) {" . "\n\t\t\$(uplodid).slideUp('slow');" . "\n\t\t\$(galleryid).slideUp('slow');" . "\n\t} else if ( choice == 'upload' ) {" . "\n\t\t\$(uplodid).slideDown('slow');" . "\n\t\t\$(galleryid).slideUp('slow');" . "\n\t} else if ( choice == 'gallery' ) {" . "\n\t\t\$(uplodid).slideUp('slow');" . "\n\t\t\$(galleryid).slideDown('slow');" . "\n\t}" . "\n}"; $_CB_framework->outputCbJQuery($js); $functOut = true; } $js = "\$('#cbimg_upload_" . $name . ",#cbimg_gallery_" . $name . "').hide();" . "\n\t{" . "\n\t \$('#" . $name . "__choice').click( function() {" . "\n\t\tcbslideImage( \$(this).val(), '#cbimg_upload_" . $name . "', '#cbimg_gallery_" . $name . "' );" . "\n\t } ).click();" . "\n\t \$('#" . $name . "__choice').change( function() {" . "\n\t\tcbslideImage( \$(this).val(), '#cbimg_upload_" . $name . "', '#cbimg_gallery_" . $name . "' );" . "\n\t } );" . "\n\t}"; $_CB_framework->outputCbJQuery($js); } else { $html .= '<input type="hidden" name="' . $name . '__choice" value="' . $choices[0]->value . '" />'; } $html .= $this->_fieldIconsHtml($field, $user, 'htmledit', $reason, 'select', '', null, '', array(), $displayFieldIcons, $required); $html .= '</div>'; if ($name != 'avatar' || $ueConfig['allowAvatarUpload']) { $button = $reason == 'register' ? _UE_REGISTER : ($_CB_framework->getUi() == 2 ? _UE_SAVE : _UE_UPDATE); $saveFieldName = $field->name; $saveFieldRequired = $field->required; $field->name .= '__file'; if ($field->required && $user && isset($user->{$saveFieldName}) && $user->{$saveFieldName}) { $field->required = 0; } $html .= '<div id="cbimg_upload_' . $name . '">' . '<p>' . sprintf(_UE_UPLOAD_DIMENSIONS_AVATAR, $this->_getImageFieldParam($field, 'avatarWidth'), $this->_getImageFieldParam($field, 'avatarHeight'), $this->_getImageFieldParam($field, 'avatarSize')) . '</p>' . '<div>' . _UE_UPLOAD_SELECT_FILE . ' ' . '<input type="file" name="' . $name . '__file" value="" class="inputbox" />' . '</div>' . '<p>' . ($ueConfig['reg_enable_toc'] ? sprintf(_UE_AVATAR_DISCLAIMER_TERMS, $button, "<a href='" . cbSef(htmlspecialchars($ueConfig['reg_toc_url'])) . "' target='_BLANK'> " . _UE_AVATAR_TOC_LINK . "</a>") : sprintf(_UE_AVATAR_DISCLAIMER, $button)) . '</p>' . '</div>'; $field->name = $saveFieldName; $field->required = $saveFieldRequired; } if ($name == 'avatar' && $ueConfig['allowAvatarGallery']) { $live_site = $_CB_framework->getCfg('live_site'); $avatar_gallery_path = $_CB_framework->getCfg('absolute_path') . '/images/comprofiler/gallery'; $avatar_images = array(); $avatar_images = display_avatar_gallery($avatar_gallery_path); $html .= '<div id="cbimg_gallery_' . $name . '">' . "\n\t<table width='100%' border='0' cellpadding='4' cellspacing='2'>" . "\n\t\t<tr align='center' valign='middle'>"; for ($i = 0; $i < count($avatar_images); $i++) { $j = $i + 1; $avatar_name = ucfirst(str_replace('_', ' ', preg_replace('/^(.*)\\..*$/', '\\1', $avatar_images[$i]))); $html .= "\n\t\t\t<td>" . '<input type="radio" name="' . $name . '__gallery" id="' . $name . '__gallery_' . $i . '" value="' . $avatar_images[$i] . '" />' . '<label for="' . $name . '__gallery_' . $i . '">' . '<img src="' . $live_site . '/images/comprofiler/gallery/' . $avatar_images[$i] . '" alt="' . $avatar_name . '" title="' . $avatar_name . '" />' . '</label>' . '</td>'; if (function_exists('fmod')) { if (!fmod($j, 5)) { $html .= "</tr>\n\t\t<tr align=\"center\" valign=\"middle\">"; } } else { if (!fmodReplace($j, 5)) { // PHP < 4.2.0... $html .= "</tr>\n\t\t<tr align=\"center\" valign=\"middle\">"; } } } $html .= "\n\t\t</tr>\n\t\t" . "\n\t</table>" . '</div>'; } $html .= '</div>'; return $html; }
function storeDatabaseValue($name, $value, $triggers = true) { global $_CB_framework, $_PLUGINS; if ($this->id && isset($this->{$name})) { $ui = $_CB_framework->getUi(); $user = new moscomprofilerUser($this->_db); $oldUserComplete = new moscomprofilerUser($this->_db); foreach (array_keys(get_object_vars($this)) as $k) { if (substr($k, 0, 1) != '_') { $user->{$k} = $this->{$k}; $oldUserComplete->{$k} = $this->{$k}; } } if ($name != 'password') { $user->password = null; } // In case of Password, save cleartext value for the onAfter event: $currentvalue = $user->{$name}; if ($triggers) { if ($ui == 1) { $_PLUGINS->trigger('onBeforeUserUpdate', array(&$user, &$user, &$oldUserComplete, &$oldUserComplete)); } elseif ($ui == 2) { $_PLUGINS->trigger('onBeforeUpdateUser', array(&$user, &$user, &$oldUserComplete)); } } // In case of Password, hashed value: $user->{$name} = $value; $return = $user->store(); if ($name == 'password') { // In case of Password, cleartext value for the onAfter event: $user->{$name} = $currentvalue; } if ($triggers) { if ($return) { if ($ui == 1) { $_PLUGINS->trigger('onAfterUserUpdate', array(&$user, &$user, $oldUserComplete)); } elseif ($ui == 2) { $_PLUGINS->trigger('onAfterUpdateUser', array(&$user, &$user, $oldUserComplete)); } } } // Check if error is present in temporary user object: $error = $user->getError(); if ($error) { // Pass error to current user object so can be output properly: $this->_error = $error; } unset($user, $oldUserComplete); return $return; } return false; }
/** * gets PMS unread messages count * @param int user id * @return mixed number of messages unread by user $userid or false if ErrorMSG generated */ function getPMSunreadCount($userid) { global $_CB_database; $params = $this->params; $pmsType = $params->get('pmsType', '1'); if (!$this->_checkPMSinstalled($pmsType)) { return false; } $user = new moscomprofilerUser( $_CB_database ); $user->load( (int) $userid ); SWITCH($pmsType) { case 1: $query_pms_count = "SELECT count(id) FROM #__pms WHERE username='******' AND readstate=0"; $_CB_database->setQuery( $query_pms_count ); $total_pms = $_CB_database->loadResult(); break; case 2: $query_pms_count = "SELECT count(id) FROM #__mypms WHERE username='******' AND readstate=0"; $_CB_database->setQuery( $query_pms_count ); $total_pms = $_CB_database->loadResult(); break; case 3: case 4: $sql="SELECT count(id) FROM #__uddeim WHERE toread<1 AND toid=".(int) $userid; $_CB_database->setQuery($sql); $total_pms = $_CB_database->loadResult(); break; case 5: $query_pms_count = "SELECT count(id) FROM #__pms WHERE recip_id=" . (int) $userid ." AND readstate%2=0 AND inbox=1"; $_CB_database->setQuery( $query_pms_count ); $total_pms = $_CB_database->loadResult(); break; case 6: $query_pms_count = "SELECT count(id) FROM #__jim WHERE username='******' AND readstate=0"; $_CB_database->setQuery( $query_pms_count ); $total_pms = $_CB_database->loadResult(); break; default: $this->_setErrorMSG("Incorrect PMS type"); $total_pms = false; break; } return $total_pms; }
function saveUser( $option ) { global $_CB_framework, $_CB_database, $_POST, $_PLUGINS; $this->_importNeeded(); $this->_importNeededSave(); if ( ! ( isset( $_POST['approved'] ) && isset( $_POST['confirmed'] ) && isset( $_POST['username'] ) ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( CBTxt::T('Not Authorized') ) ."'); window.history.go(-1);</script>\n"; exit; } // Check rights to access: $myGid = userGID( $_CB_framework->myId() ); $userIdPosted = (int) cbGetParam($_POST, "id", 0 ); if ( $userIdPosted == 0 ) { $_POST['id'] = null; } $adminGroups = $_CB_framework->acl->mapGroupNamesToValues( array( 'Administrator', 'Superadministrator' ) ); if ( $userIdPosted != 0 ) { $msg = checkCBpermissions( array( $userIdPosted ), 'save', in_array( $myGid, $adminGroups ) ); } else { $msg = checkCBpermissions( null, 'save', in_array( $myGid, $adminGroups ) ); } if ($msg) { echo "<script type=\"text/javascript\"> alert('" . addslashes( $msg ) . "'); window.history.go(-1);</script>\n"; exit; } $_PLUGINS->loadPluginGroup('user'); // Get current user state: $userComplete = new moscomprofilerUser( $_CB_database ); if ( $userIdPosted != 0 ) { if ( ! $userComplete->load( (int) $userIdPosted ) ) { echo "<script type=\"text/javascript\"> alert('" . addslashes( _UE_USER_PROFILE_NOT ) . "'); window.history.go(-1);</script>\n"; return; } } // Store new user state: $saveResult = $userComplete->saveSafely( $_POST, $_CB_framework->getUi(), 'edit' ); if ( ! $saveResult ) { $regErrorMSG = $userComplete->getError(); $msg = checkCBpermissions( array( $userComplete->id ), "edit", true ); if ($msg) { echo "<script type=\"text/javascript\"> alert('" . addslashes( $msg ) ."'); window.history.go(-1);</script>\n"; exit; } echo "<script type=\"text/javascript\">alert('" . str_replace( '\\\\n', '\\n', addslashes( strip_tags( str_replace( '<br />', '\\n', $regErrorMSG ) ) ) ) . "'); </script>\n"; global $_CB_Backend_task; $_CB_Backend_task = 'edit'; // so the toolbar comes up... $_PLUGINS->loadPluginGroup( 'user' ); // resets plugin errors $usersView = _CBloadView( 'user' ); $usersView->edituser( $userComplete, $option, ( $userComplete->user_id != null ? '0' : '1' ), $_POST ); // echo "<script type=\"text/javascript\">alert('" . addslashes( str_replace( '<br />', '\n', $userComplete->getError() ) ) . "'); window.history.go(-1);</script>\n"; return; } // Checks-in the row: $userComplete->checkin(); cbRedirect( $_CB_framework->backendUrl( "index.php?option=$option&task=showusers" ), sprintf(CBTxt::T('Successfully Saved User: %s'), $userComplete->username) ); }