# This patch file was generated by NetBeans IDE # Following Index: paths are relative to: Joomla root # This patch can be applied using context Tools: Patch action on respective folder. # It uses platform neutral UTF-8 encoding and \n newlines. # Above lines and this line are ignored by the patching process. --- components/com_comprofiler/plugin/user/plug_cbsimpleboardtab/cb.simpleboardtab.model.php +++ components/com_comprofiler/plugin/user/plug_cbsimpleboardtab/cb.simpleboardtab.model.php @@ -414,30 +414,34 @@ * @param object $forum * @return array */ - function getAllowedCategories( $user, $forum ) { + function getAllowedCategories( $user_id, $forum ) { global $_CB_framework, $_CB_database; - - $categories = null; - - if ( $_CB_framework->myId() != $user->id ) { - $query = 'SELECT ' . $_CB_database->NameQuote( 'allowed' ) - . "\n FROM " . $_CB_database->NameQuote( '#__' . $forum->prefix . '_sessions' ) - . "\n WHERE " . $_CB_database->NameQuote( 'userid' ) . ' = ' . (int) $_CB_framework->myId() - ; + + if ( $user_id === null ) { + $user_id = $_CB_framework->myId(); + } + + $cache = array(); + + if ( ! isset( $cache[$user_id] ) ) { + $query = 'SELECT ' . $_CB_database->NameQuote( 'allowed' ) + . "\n FROM " . $_CB_database->NameQuote( '#__' . $forum->prefix . '_sessions' ) + . "\n WHERE " . $_CB_database->NameQuote( 'userid' ) . ' = ' . (int) $user_id; $_CB_database->setQuery( $query, 0, 1 ); - $categories = $_CB_database->loadResult(); - if ( ! $categories ) { - $query = 'SELECT ' . $_CB_database->NameQuote( 'id' ) - . "\n FROM " . $_CB_database->NameQuote( '#__' . $forum->prefix . '_categories' ) - . "\n WHERE " . $_CB_database->NameQuote( 'published' ) . ' = 1' - . "\n AND " . $_CB_database->NameQuote( 'pub_access' ) . ' = 0' - ; - $_CB_database->setQuery( $query ); - $categories = implode( ',', $_CB_database->loadResultArray() ); + $categories = $_CB_database->loadResult(); + + if ( $categories && ( $categories != 'na' ) ) { + $allowed = explode( ',', $categories ); + + cbArrayToInts( $allowed ); + } else { + $allowed = null; } + + $cache[$user_id] = $allowed; } - - return ( $categories && ( strtolower( $categories) != 'na' ) ? $categories : null ); + + return $cache[$user_id]; } /** @@ -448,33 +452,50 @@ * @return int */ function getUserPostTotal( $user, $forum ) { - global $_CB_database; + global $_CB_framework, $_CB_database; - $cache = array(); + $cache = array(); if ( ! isset( $cache[$user->id] ) ) { - $categories = $this->getAllowedCategories( $user, $forum ); - $pagingParams = $this->_getPaging( array(), array( 'fposts_' ) ); - - $query = 'SELECT COUNT(*)' - . "\n FROM " . $_CB_database->NameQuote( '#__' . $forum->prefix . '_messages' ) . ' AS a' - . ', ' . $_CB_database->NameQuote( '#__' . $forum->prefix . '_categories' ) . ' AS b' - . ', ' . $_CB_database->NameQuote( '#__' . $forum->prefix . '_messages' ) . ' AS c' - . ', ' . $_CB_database->NameQuote( '#__' . $forum->prefix . '_messages_text' ) . ' AS d' - . "\n WHERE a." . $_CB_database->NameQuote( 'catid' ) . ' = b.' . $_CB_database->NameQuote( 'id' ) - . "\n AND a." . $_CB_database->NameQuote( 'thread' ) . ' = c.' . $_CB_database->NameQuote( 'id' ) - . "\n AND a." . $_CB_database->NameQuote( 'id' ) . ' = d.' . $_CB_database->NameQuote( 'mesid' ) - . "\n AND a." . $_CB_database->NameQuote( 'hold' ) . ' = 0' - . "\n AND b." . $_CB_database->NameQuote( 'published' ) . ' = 1' - . "\n AND a." . $_CB_database->NameQuote( 'userid' ) . ' = ' . (int) $user->id - . ( $categories != null ? "\n AND b." . $_CB_database->NameQuote( 'id' ) . " IN ( " . $categories . " )" : null ) - . ( $pagingParams['fposts_search'] ? "\n AND ( a." . $_CB_database->NameQuote( 'subject' ) . " LIKE '%" . cbEscapeSQLsearch( cbGetEscaped( $pagingParams['fposts_search'] ) ) . "%' OR d." . $_CB_database->NameQuote( 'message' ) . " LIKE '%" . cbEscapeSQLsearch( $pagingParams['fposts_search'] ) . "%' )" : null ) - ; + $categories = $this->getAllowedCategories( null, $forum ); + $pagingParams = $this->_getPaging( array(), array( 'fposts_' ) ); + + if ( strcasecmp( substr( $forum->version, 0, 3 ), '1.7' ) >= 0 ) { + $cbUser =& CBuser::getInstance( (int) $user->id ); + + if ( ! $cbUser ) { + $cbUser =& CBuser::getInstance( null ); + } + + $access = "\n AND ( ( b." . $_CB_database->NameQuote( 'access' ) . " IN ( " . implode( ',', $cbUser->getAuthorisedViewLevelsIds( false ) ) . " )" + . ' AND b.' . $_CB_database->NameQuote( 'accesstype' ) . ' = ' . $_CB_database->Quote( 'joomla.level' ) . ' )' + . "\n OR ( b." . $_CB_database->NameQuote( 'pub_access' ) . " IN ( " . implode( ',', $_CB_framework->acl->get_groups_below_me( (int) $user->id, true ) ) . " )" + . ' AND b.' . $_CB_database->NameQuote( 'accesstype' ) . ' = ' . $_CB_database->Quote( 'none' ) . ' )'; + } else { + $access = "\n AND ( b." . $_CB_database->NameQuote( 'pub_access' ) . " IN ( " . implode( ',', $_CB_framework->acl->get_groups_below_me( (int) $user->id, true ) ) . " )"; + } + + $access .= ( $categories ? "\n OR b." . $_CB_database->NameQuote( 'id' ) . " IN ( " . implode( ',', $categories ) . " ) )" : ' )' ); + + $query = 'SELECT COUNT(*)' + . "\n FROM " . $_CB_database->NameQuote( '#__' . $forum->prefix . '_messages' ) . " AS a" + . "\n LEFT JOIN " . $_CB_database->NameQuote( '#__' . $forum->prefix . '_categories' ) . " AS b" + . ' ON a.' . $_CB_database->NameQuote( 'catid' ) . ' = b.' . $_CB_database->NameQuote( 'id' ) + . "\n LEFT JOIN " . $_CB_database->NameQuote( '#__' . $forum->prefix . '_messages' ) . " AS c" + . ' ON a.' . $_CB_database->NameQuote( 'thread' ) . ' = c.' . $_CB_database->NameQuote( 'id' ) + . "\n LEFT JOIN " . $_CB_database->NameQuote( '#__' . $forum->prefix . '_messages_text' ) . " AS d" + . ' ON a.' . $_CB_database->NameQuote( 'id' ) . ' = d.' . $_CB_database->NameQuote( 'mesid' ) + . "\n WHERE a." . $_CB_database->NameQuote( 'hold' ) . " = 0" + . "\n AND b." . $_CB_database->NameQuote( 'published' ) . " = 1" + . "\n AND a." . $_CB_database->NameQuote( 'userid' ) . " = " . (int) $user->id + . $access + . ( $pagingParams['fposts_search'] ? "\n AND ( a." . $_CB_database->NameQuote( 'subject' ) . " LIKE '%" . cbEscapeSQLsearch( cbGetEscaped( $pagingParams['fposts_search'] ) ) . "%' OR d." . $_CB_database->NameQuote( 'message' ) . " LIKE '%" . cbEscapeSQLsearch( $pagingParams['fposts_search'] ) . "%' )" : null ); $_CB_database->setQuery( $query ); - $total = $_CB_database->loadResult(); - - $cache[$user->id] = ( $total && is_numeric( $total ) ? $total : null ); + $total = $_CB_database->loadResult(); + + $cache[$user->id] = (int) $total; } + return $cache[$user->id]; } @@ -486,62 +507,77 @@ * @return object */ function getUserPosts( $user, $forum ) { - global $_CB_database; - - $categories = $this->getAllowedCategories( $user, $forum ); - $pagingParams = $this->_getPaging( array(), array( 'fposts_' ) ); - $postsNumber = $this->params->get( 'postsNumber', 10 ); - + global $_CB_framework, $_CB_database; + + $categories = $this->getAllowedCategories( null, $forum ); + $pagingParams = $this->_getPaging( array(), array( 'fposts_' ) ); + switch ( $pagingParams['fposts_sortby'] ) { case 'subjectASC': - $order = 'a.' . $_CB_database->NameQuote( 'subject' ) . ' ASC'; - break; + $order = 'a.' . $_CB_database->NameQuote( 'subject' ) . ' ASC'; + break; case 'subjectDESC': - $order = 'a.' . $_CB_database->NameQuote( 'subject' ) . ' DESC'; - break; + $order = 'a.' . $_CB_database->NameQuote( 'subject' ) . ' DESC'; + break; case 'categoryASC': - $order = 'b.' . $_CB_database->NameQuote( 'id' ) . ' ASC'; - break; + $order = 'b.' . $_CB_database->NameQuote( 'id' ) . ' ASC'; + break; case 'categoryDESC': - $order = 'b.' . $_CB_database->NameQuote( 'id' ) . ' DESC'; - break; + $order = 'b.' . $_CB_database->NameQuote( 'id' ) . ' DESC'; + break; case 'hitsASC': - $order = 'c.' . $_CB_database->NameQuote( 'hits' ) . ' ASC'; - break; + $order = 'c.' . $_CB_database->NameQuote( 'hits' ) . ' ASC'; + break; case 'hitsDESC': - $order = 'c.' . $_CB_database->NameQuote( 'hits' ) . ' DESC'; + $order = 'c.' . $_CB_database->NameQuote( 'hits' ) . ' DESC'; break; - case 'dateASC': - $order = 'a.' . $_CB_database->NameQuote( 'time' ) . ' ASC'; - break; + case 'dateASC': + $order = 'a.' . $_CB_database->NameQuote( 'time' ) . ' ASC'; + break; case 'dateDESC': default: - $order = 'a.' . $_CB_database->NameQuote( 'time' ) . ' DESC'; - break; + $order = 'a.' . $_CB_database->NameQuote( 'time' ) . ' DESC'; + break; } - - $query = 'SELECT a.*' - . ', b.' . $_CB_database->NameQuote( 'id' ) . ' AS category' - . ', b.' . $_CB_database->NameQuote( 'name' ) . ' AS catname' - . ', c.' . $_CB_database->NameQuote( 'hits' ) . ' AS threadhits' - . "\n FROM " . $_CB_database->NameQuote( '#__' . $forum->prefix . '_messages' ) . ' AS a' - . ', ' . $_CB_database->NameQuote( '#__' . $forum->prefix . '_categories' ) . ' AS b' - . ', ' . $_CB_database->NameQuote( '#__' . $forum->prefix . '_messages' ) . ' AS c' - . ', ' . $_CB_database->NameQuote( '#__' . $forum->prefix . '_messages_text' ) . ' AS d' - . "\n WHERE a." . $_CB_database->NameQuote( 'catid' ) . ' = b.' . $_CB_database->NameQuote( 'id' ) - . "\n AND a." . $_CB_database->NameQuote( 'thread' ) . ' = c.' . $_CB_database->NameQuote( 'id' ) - . "\n AND a." . $_CB_database->NameQuote( 'id' ) . ' = d.' . $_CB_database->NameQuote( 'mesid' ) - . "\n AND a." . $_CB_database->NameQuote( 'hold' ) . ' = 0' - . "\n AND b." . $_CB_database->NameQuote( 'published' ) . ' = 1' - . "\n AND a." . $_CB_database->NameQuote( 'userid' ) . ' = ' . (int) $user->id - . ( $categories != null ? "\n AND b." . $_CB_database->NameQuote( 'id' ) . " IN ( " . $categories . " )" : null ) - . ( $pagingParams['fposts_search'] ? "\n AND ( a." . $_CB_database->NameQuote( 'subject' ) . " LIKE '%" . cbEscapeSQLsearch( cbGetEscaped( $pagingParams['fposts_search'] ) ) . "%' OR d." . $_CB_database->NameQuote( 'message' ) . " LIKE '%" . cbEscapeSQLsearch( $pagingParams['fposts_search'] ) . "%' )" : null ) - . "\n ORDER BY " . $order - ; - $_CB_database->setQuery( $query, (int) ( $pagingParams['fposts_limitstart'] ? $pagingParams['fposts_limitstart'] : 0 ), (int) $postsNumber ); - $posts = $_CB_database->loadObjectList(); - - return ( $posts ? $posts : null ); \ No newline at end of file + + if ( strcasecmp( substr( $forum->version, 0, 3 ), '1.7' ) >= 0 ) { + $cbUser =& CBuser::getInstance( (int) $user->id ); + + if ( ! $cbUser ) { + $cbUser =& CBuser::getInstance( null ); + } + + $access = "\n AND ( ( b." . $_CB_database->NameQuote( 'access' ) . " IN ( " . implode( ',', $cbUser->getAuthorisedViewLevelsIds( false ) ) . " )" + . ' AND b.' . $_CB_database->NameQuote( 'accesstype' ) . ' = ' . $_CB_database->Quote( 'joomla.level' ) . ' )' + . "\n OR ( b." . $_CB_database->NameQuote( 'pub_access' ) . " IN ( " . implode( ',', $_CB_framework->acl->get_groups_below_me( (int) $user->id, true ) ) . " )" + . ' AND b.' . $_CB_database->NameQuote( 'accesstype' ) . ' = ' . $_CB_database->Quote( 'none' ) . ' )'; + } else { + $access = "\n AND ( b." . $_CB_database->NameQuote( 'pub_access' ) . " IN ( " . implode( ',', $_CB_framework->acl->get_groups_below_me( (int) $user->id, true ) ) . " )"; + } + + $access .= ( $categories ? "\n OR b." . $_CB_database->NameQuote( 'id' ) . " IN ( " . implode( ',', $categories ) . " ) )" : ' )' ); + + $query = 'SELECT a.*' + . ', b.' . $_CB_database->NameQuote( 'id' ) . ' AS category' + . ', b.' . $_CB_database->NameQuote( 'name' ) . ' AS catname' + . ', c.' . $_CB_database->NameQuote( 'hits' ) . ' AS threadhits' + . "\n FROM " . $_CB_database->NameQuote( '#__' . $forum->prefix . '_messages' ) . " AS a" + . "\n LEFT JOIN " . $_CB_database->NameQuote( '#__' . $forum->prefix . '_categories' ) . " AS b" + . ' ON a.' . $_CB_database->NameQuote( 'catid' ) . ' = b.' . $_CB_database->NameQuote( 'id' ) + . "\n LEFT JOIN " . $_CB_database->NameQuote( '#__' . $forum->prefix . '_messages' ) . " AS c" + . ' ON a.' . $_CB_database->NameQuote( 'thread' ) . ' = c.' . $_CB_database->NameQuote( 'id' ) + . "\n LEFT JOIN " . $_CB_database->NameQuote( '#__' . $forum->prefix . '_messages_text' ) . " AS d" + . ' ON a.' . $_CB_database->NameQuote( 'id' ) . ' = d.' . $_CB_database->NameQuote( 'mesid' ) + . "\n WHERE a." . $_CB_database->NameQuote( 'hold' ) . " = 0" + . "\n AND b." . $_CB_database->NameQuote( 'published' ) . " = 1" + . "\n AND a." . $_CB_database->NameQuote( 'userid' ) . " = " . (int) $user->id + . $access + . ( $pagingParams['fposts_search'] ? "\n AND ( a." . $_CB_database->NameQuote( 'subject' ) . " LIKE '%" . cbEscapeSQLsearch( cbGetEscaped( $pagingParams['fposts_search'] ) ) . "%' OR d." . $_CB_database->NameQuote( 'message' ) . " LIKE '%" . cbEscapeSQLsearch( $pagingParams['fposts_search'] ) . "%' )" : null ) + . "\n ORDER BY " . $order; + $_CB_database->setQuery( $query, (int) ( $pagingParams['fposts_limitstart'] ? $pagingParams['fposts_limitstart'] : 0 ), (int) $this->params->get( 'postsNumber', 10 ) ); + $posts = $_CB_database->loadObjectList(); + + return $posts; \ No newline at end of file } /**