' . $errorMsg . '
';
HTML_comprofiler::emailUser( $option, $rowFrom, $rowTo, $subject, $message );
}
function emailUser($option,$uid) {
global $_CB_framework, $_CB_database, $ueConfig;
if (($_CB_framework->myId() == 0) || ($ueConfig['allow_email_display']!=1 && $ueConfig['allow_email_display']!=3)) {
cbNotAuth();
return;
}
if ( ! CBuser::getMyInstance()->authoriseView( 'profile', $uid ) ) {
cbNotAuth();
return;
}
$spamCheck = cbSpamProtect( $_CB_framework->myId(), false );
if ( $spamCheck ) {
echo $spamCheck;
return;
}
$rowFrom = new moscomprofilerUser( $_CB_database );
$rowFrom->load( $_CB_framework->myId() );
$rowTo = new moscomprofilerUser( $_CB_database );
$rowTo->load( (int) $uid );
HTML_comprofiler::emailUser($option,$rowFrom,$rowTo);
}
function userEdit( $option, $uid, $submitvalue, $regErrorMSG = null ) {
global $_CB_framework, $_POST, $_PLUGINS;
if ( $uid == 0 ) {
$uid = $_CB_framework->myId();
}
$msg = cbCheckIfUserCanPerformUserTask( $uid, 'allowModeratorsUserEdit');
if ( ( $uid != $_CB_framework->myId() ) && ( $msg === null ) ) {
// safeguard against missconfiguration of the above: also avoids lower-level users editing higher level ones:
$msg = checkCBpermissions( array( (int) $uid ), 'edit', true );
}
if ( $msg ) {
echo $msg;
return;
}
$_PLUGINS->loadPluginGroup('user');
$cbUser =& CBuser::getInstance( $uid );
if ( $cbUser !== null ) {
$user =& $cbUser->getUserData();
HTML_comprofiler::userEdit( $user, $option, $submitvalue, $regErrorMSG );
} else {
echo '' . _UE_ERROR_USER_NOT_SYNCHRONIZED . '
';
}
/*
$user = new moscomprofilerUser( $_CB_database );
if ( $user->load( (int) $uid ) ) {
HTML_comprofiler::userEdit( $user, $option, $submitvalue, $regErrorMSG );
} else {
echo '' . _UE_ERROR_USER_NOT_SYNCHRONIZED . '
';
}
*/
}
function userSave( $option, $uid ) {
global $_CB_framework, $_CB_database, $_POST, $_PLUGINS;
// simple spoof check security
cbSpoofCheck( 'userEdit' );
// check rights to access:
if ( $uid == null ) {
echo _UE_USER_PROFILE_NOT;
return;
}
$msg = cbCheckIfUserCanPerformUserTask( $uid, 'allowModeratorsUserEdit' );
if ( $msg ) {
echo $msg;
return;
}
$_PLUGINS->loadPluginGroup('user');
// Get current user state:
$userComplete = new moscomprofilerUser( $_CB_database );
if ( ! $userComplete->load( (int) $uid ) ) {
echo _UE_USER_PROFILE_NOT;
return;
}
// Update lastupdatedate of profile by user:
if ( $_CB_framework->myId() == $uid ) {
$userComplete->lastupdatedate = $_CB_framework->dateDbOfNow();
}
// Store new user state:
$saveResult = $userComplete->saveSafely( $_POST, $_CB_framework->getUi(), 'edit' );
if ( ! $saveResult ) {
$regErrorMSG = $userComplete->getError();
echo "\n";
// userEdit( $option, $uid, _UE_UPDATE, $userComplete->getError() );
HTML_comprofiler::userEdit( $userComplete, $option, _UE_UPDATE, $regErrorMSG );
return;
}
cbRedirectToProfile( $uid, _USER_DETAILS_SAVE );
}
function userAvatar( $option, $uid, $submitvalue) {
global $_CB_database, $_CB_framework, $_REQUEST, $ueConfig, $_PLUGINS, $_FILES;
if ( ! $uid ) {
$uid = $_CB_framework->myId();
}
if ( ! $uid ) {
echo _UE_NOT_AUTHORIZED;
return;
}
$msg = cbCheckIfUserCanPerformUserTask( $uid, 'allowModeratorsUserEdit');
if ( $msg ) {
echo $msg;
return;
}
$row = new moscomprofilerUser( $_CB_database );
if ( ! $row->load( (int) $uid ) ) {
echo _UE_NOSUCHPROFILE;
return;
}
$do = cbGetParam( $_REQUEST, 'do', 'init' );
if ( $do == 'init' ) {
HTML_comprofiler::userAvatar( $row, $option, $submitvalue);
} elseif ( $do == 'validate' ) {
// simple spoof check security
cbSpoofCheck( 'userAvatar' );
if ( ! $ueConfig['allowAvatarUpload'] ) {
cbNotAuth();
return;
}
$isModerator=isModerator( $_CB_framework->myId() );
if ( ( ! isset( $_FILES['avatar']['tmp_name'] ) )
|| empty( $_FILES['avatar']['tmp_name'] )
|| ( $_FILES['avatar']['error'] != 0 )
|| ( ! is_uploaded_file( $_FILES['avatar']['tmp_name'] ) )
) {
cbRedirectToProfile( $row->id, _UE_UPLOAD_ERROR_EMPTY, 'userAvatar' );
}
$_PLUGINS->loadPluginGroup( 'user' );
$_PLUGINS->trigger( 'onBeforeUserAvatarUpdate', array( &$row, &$row, $isModerator, &$_FILES['avatar']['tmp_name'] ) );
if ($_PLUGINS->is_errors()) {
cbRedirectToProfile( $row->id, $_PLUGINS->getErrorMSG(), 'userAvatar' );
}
$imgToolBox = new imgToolBox();
$imgToolBox->_conversiontype = $ueConfig['conversiontype'];
$imgToolBox->_IM_path = $ueConfig['im_path'];
$imgToolBox->_NETPBM_path = $ueConfig['netpbm_path'];
$imgToolBox->_maxsize = $ueConfig['avatarSize'];
$imgToolBox->_maxwidth = $ueConfig['avatarWidth'];
$imgToolBox->_maxheight = $ueConfig['avatarHeight'];
$imgToolBox->_thumbwidth = $ueConfig['thumbWidth'];
$imgToolBox->_thumbheight = $ueConfig['thumbHeight'];
$imgToolBox->_debug = 0;
$allwaysResize = ( isset( $ueConfig['avatarResizeAlways'] ) ? $ueConfig['avatarResizeAlways'] : 1 );
$newFileName = $imgToolBox->processImage( $_FILES['avatar'], uniqid($row->id."_"), $_CB_framework->getCfg('absolute_path') . '/images/comprofiler/', 0, 0, 1, $allwaysResize );
if ( ! $newFileName ) {
cbRedirectToProfile( $row->id, $imgToolBox->_errMSG, 'userAvatar' );
}
if ($row->avatar != null && $row->avatar!="") {
deleteAvatar($row->avatar);
}
if ($ueConfig['avatarUploadApproval']==1 && $isModerator==0) {
$cbNotification = new cbNotification();
$cbNotification->sendToModerators(_UE_IMAGE_ADMIN_SUB,_UE_IMAGE_ADMIN_MSG);
$_CB_database->setQuery("UPDATE #__comprofiler SET avatar='" . $_CB_database->getEscaped($newFileName) . "', avatarapproved=0 WHERE id=" . (int) $row->id);
$redMsg = _UE_UPLOAD_PEND_APPROVAL;
} else {
$_CB_database->setQuery("UPDATE #__comprofiler SET avatar='" . $_CB_database->getEscaped($newFileName) . "', avatarapproved=1, lastupdatedate=". $_CB_database->Quote( $_CB_framework->dateDbOfNow() ) . " WHERE id=" . (int) $row->id);
$redMsg = _UE_UPLOAD_SUCCESSFUL;
}
$_CB_database->query();
$_PLUGINS->trigger( 'onAfterUserAvatarUpdate', array(&$row,&$row,$isModerator,$newFileName) );
cbRedirectToProfile( $row->id, $redMsg );
} elseif ( $do == 'fromgallery' ) {
// simple spoof check security
cbSpoofCheck( 'userAvatar' );
if( ! $ueConfig['allowAvatarGallery'] ) {
cbNotAuth();
return;
}
$newAvatar = cbGetParam( $_POST, 'newavatar', null );
if ( ( $newAvatar == '' ) || preg_match( '/[^-_a-zA-Z0-9.]/', $newAvatar ) || ( strpos( $newAvatar, '..' ) !== false ) ) {
cbRedirectToProfile( $row->id, _UE_UPLOAD_ERROR_CHOOSE, 'userAvatar' );
}
$_CB_database->setQuery( "UPDATE #__comprofiler SET avatar = " . $_CB_database->Quote( 'gallery/' . $newAvatar )
. ", avatarapproved=1, lastupdatedate = " . $_CB_database->Quote( $_CB_framework->dateDbOfNow() )
. " WHERE id = " . (int) $row->id);
if( ! $_CB_database->query() ) {
$msg = _UE_USER_PROFILE_NOT;
}else {
// delete old avatar:
deleteAvatar( $row->avatar );
$msg = _UE_USER_PROFILE_UPDATED;
}
cbRedirectToProfile( $row->id, $msg );
} elseif ( $do == 'deleteavatar' ) {
if ( $row->avatar != null && $row->avatar != "" ) {
deleteAvatar( $row->avatar );
$_CB_database->setQuery("UPDATE #__comprofiler SET avatar=null, avatarapproved=1, lastupdatedate=" . $_CB_database->Quote( $_CB_framework->dateDbOfNow() ) . " WHERE id=" . (int) $row->id);
$_CB_database->query();
}
cbRedirectToProfile( $row->id, _USER_DETAILS_SAVE );
}
}
function & loadComprofilerUser( $uid ) {
global $_CB_framework, $_REQUEST;
if ( ! isset( $_REQUEST['user'] ) ) {
if ( ! $uid ) {
$null = null;
return $null;
}
} else {
$userReq = urldecode( stripslashes( cbGetParam( $_REQUEST, 'user' ) ) );
$len = strlen( $userReq );
if ( ( $len > 2 ) && ( $userReq[0] == "'" ) && ( $userReq[$len-1] == "'" ) ) {
$userReq = substr($userReq, 1, $len-2);
$uid = $_CB_framework->getUserIdFrom( 'username', utf8ToISO( $userReq ) );
} else {
$uid = (int) $userReq;
}
}
if ( $uid ) {
$cbUser =& CBuser::getInstance( $uid );
if ( $cbUser ) {
$user =& $cbUser->getUserData();
return $user;
}
}
/*
global $_CB_database;
$user = new moscomprofilerUser( $_CB_database );
if ( $user->load( (int) $uid ) ) {
return $user;
}
}
*/
$null = null;
return $null;
}
function userProfile( $option, $uid, $submitvalue) {
global $_REQUEST, $ueConfig, $_CB_framework, $_PLUGINS;
if ( isset( $_REQUEST['user'] ) ) {
if ( ! CBuser::getMyInstance()->authoriseView( 'profile', $uid ) ) {
if ( ( $_CB_framework->myId() < 1 )
&& ( ! ( ( ( $_CB_framework->getCfg( 'allowUserRegistration' ) == '0' )
&& ( ( ! isset($ueConfig['reg_admin_allowcbregistration']) ) || $ueConfig['reg_admin_allowcbregistration'] != '1' ) )
)
)
&&
allowAccess( $ueConfig['allow_profileviewbyGID'], 'RECURSE', $_CB_framework->acl->get_group_id('Registered','ARO') )
) {
echo _UE_REGISTERFORPROFILEVIEW;
} else {
echo _UE_NOT_AUTHORIZED;
}
return;
}
} else {
if ($uid==0) {
echo _UE_REGISTERFORPROFILE;
return;
}
}
$user =& loadComprofilerUser( $uid );
if ( $user === null ) {
echo _UE_NOSUCHPROFILE;
return;
}
if ( cbGetParam( $_GET, 'reason' ) == 'canceledit' ) {
if ( $uid == 0 ) {
$Euid = $_CB_framework->myId();
} else {
$Euid = $uid;
}
$msg = cbCheckIfUserCanPerformUserTask( $Euid, 'allowModeratorsUserEdit');
if ( ( $Euid != $_CB_framework->myId() ) && ( $msg === null ) ) {
// safeguard against missconfiguration of the above: also avoids lower-level users editing higher level ones:
$msg = checkCBpermissions( array( (int) $Euid ), 'edit', true );
}
if ( $msg ) {
echo $msg;
return;
}
$_PLUGINS->loadPluginGroup('user');
$results = $_PLUGINS->trigger( 'onAfterUserProfileEditCancel', array( &$user ) );
if ($_PLUGINS->is_errors()) {
echo "\n";
exit();
}
}
HTML_comprofiler::userProfile( $user, $option, $submitvalue);
}
// NB for now duplicated in frontend and admin backend:
function tabClass( $option, $task, $uid ) {
global $_CB_framework, $_PLUGINS, $ueConfig, $_REQUEST, $_POST;
$user =& loadComprofilerUser( $uid );
$cbUser =& CBuser::getInstance( ( $user === null ? null : $user->id ) );
$unsecureChars = array( '/', '\\', ':', ';', '{', '}', '(', ')', "\"", "'", '.', ',', "\0", ' ', "\t", "\n", "\r", "\x0B" );
if ( $task == 'fieldclass' ) {
$reason = cbGetParam( $_REQUEST, 'reason' );
if ( $user && $user->id ) {
if ( $reason === 'edit' ) {
$msg = cbCheckIfUserCanPerformUserTask( $user->id, 'allowModeratorsUserEdit' );
if ( ( $uid != $_CB_framework->myId() ) && ( $msg === null ) ) {
// safeguard against missconfiguration of the above: also avoids lower-level users editing higher level ones:
$msg = checkCBpermissions( array( (int) $user->id ), 'edit', true );
}
} elseif ( ( $reason === 'profile' ) || ( $reason === 'list' ) ) {
if ( CBuser::getMyInstance()->authoriseView( 'profile', $user->id ) ) {
$msg = null;
} else {
$msg = _UE_NOT_AUTHORIZED;
}
} else {
$msg = _UE_NO_INDICATION;
}
if ( $msg ) {
echo $msg;
return;
}
} elseif ( $reason == 'register' ) {
if ( $_CB_framework->myId() != 0 ) {
echo _UE_ALREADY_LOGGED_IN;
return;
}
} else {
$msg = _UE_NOT_AUTHORIZED;
echo $msg;
return;
}
$fieldName = trim( substr( str_replace( $unsecureChars, '', urldecode( stripslashes( cbGetParam( $_REQUEST, "field" ) ) ) ), 0, 50 ) );
if ( ! $fieldName ) {
echo 'no field';
return;
}
} elseif ( $task == 'tabclass' ) {
$tabClassName = urldecode( stripslashes( cbGetParam( $_REQUEST, "tab" ) ) );
if ( ! $tabClassName ) {
return;
}
$pluginName = null;
$tabClassName = substr( str_replace( $unsecureChars, '', $tabClassName ), 0, 32 );
$method = 'getTabComponent';
} elseif ( $task == 'pluginclass' ) {
$pluginName = urldecode( stripslashes( cbGetParam( $_REQUEST, "plugin" ) ) );
if ( ! $pluginName ) {
return;
}
$tabClassName = 'CBplug_' . strtolower( substr( str_replace( $unsecureChars, '', $pluginName ), 0, 32 ) );
$method = 'getCBpluginComponent';
}
$tabs = $cbUser->_getCbTabs( false );
if ( $task == 'fieldclass' ) {
$result = $tabs->fieldCall( $fieldName, $user, $_POST, $reason );
} else {
$result = $tabs->tabClassPluginTabs( $user, $_POST, $pluginName, $tabClassName, $method );
}
if ( $result === false ) {
if( $_PLUGINS->is_errors() ) {
echo "\n";
}
} elseif ( $result !== null ) {
echo $result;
}
}
function usersList( $uid ) {
global $_CB_database, $_CB_framework, $ueConfig, $_PLUGINS, $_POST, $_REQUEST;
cbimport( 'cb.lists' );
if ( isset( $_POST['listid'] ) ) {
$listid = (int) cbGetParam( $_POST, 'listid', 0 );
} else {
$listid = (int) cbGetParam( $_GET, 'listid', 0 );
}
$searchFormValuesRAW = $_GET;
$cbList = new cbUsersList();
$cbList->drawUsersList( $uid, $listid, $searchFormValuesRAW );
}
function lostPassForm( $option ) {
global $_CB_framework;
$_CB_framework->setPageTitle( _PROMPT_PASSWORD );
HTML_comprofiler::lostPassForm( $option );
}
function sendNewPass( $option ) {
global $_CB_framework, $_CB_database, $ueConfig, $_PLUGINS, $_POST;
// simple spoof check security
checkCBPostIsHTTPS();
cbSpoofCheck( 'lostPassForm' );
cbRegAntiSpamCheck();
$usernameExists = ( ( isset( $ueConfig['login_type'] ) ) && ( $ueConfig['login_type'] != 2 ) );
// ensure no malicous sql gets past
$checkusername = trim( cbGetParam( $_POST, 'checkusername', '' ) );
$confirmEmail = trim( cbGetParam( $_POST, 'checkemail', '' ) );
$Itemid = $_CB_framework->itemid();
$_PLUGINS->loadPluginGroup('user');
$_PLUGINS->trigger( 'onStartNewPassword', array( &$checkusername, &$confirmEmail ));
if ($_PLUGINS->is_errors()) {
cbRedirect( cbSef("index.php?option=$option&task=lostPassword".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $_PLUGINS->getErrorMSG(), 'error' );
return;
}
$checkusername = stripslashes( $checkusername );
$confirmEmail = stripslashes( $confirmEmail );
// these two are used by _NEWPASS_SUB message below:
$_live_site = $_CB_framework->getCfg( 'live_site' );
$_sitename = ""; // NEEDED BY _NEWPASS_SUB for sitename already added in subject by cbNotification class. was = $_CB_framework->getCfg( 'sitename' );
if ( $usernameExists && ( $confirmEmail != '' ) && ! $checkusername ) {
$_CB_database->setQuery( "SELECT id, username FROM #__users"
. "\n WHERE email = " . $_CB_database->Quote( $confirmEmail )
);
$userIdUsername = null;
$result = $_CB_database->loadObjectList( $userIdUsername );
if ( $_CB_database->getErrorNum() || ( count( $result ) == 0 ) ) {
cbRedirect( cbSef( 'index.php?option=' . $option . '&task=lostPassword' . ( $Itemid ? '&Itemid=' . (int) $Itemid : '' ), false ), sprintf( _UE_EMAIL_DOES_NOT_EXISTS_ON_SITE, htmlspecialchars( $confirmEmail ) ), 'error' );
}
foreach ( $result as $userIdUsername ) {
$message = str_replace( '\n', "\n", sprintf( _UE_USERNAMEREMINDER_MSG, $_CB_framework->getCfg( 'sitename' ), $userIdUsername->username, $_live_site ) );
$subject = sprintf( _UE_USERNAMEREMINDER_SUB, $userIdUsername->username );
$_PLUGINS->trigger( 'onBeforeUsernameReminder', array( $userIdUsername->id, &$subject, &$message ));
if ($_PLUGINS->is_errors()) {
cbRedirect( cbSef("index.php?option=$option&task=lostPassword".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $_PLUGINS->getErrorMSG(), 'error' );
return;
}
$cbNotification = new cbNotification();
$res = $cbNotification->sendFromSystem( $userIdUsername->id, $subject, $message );
if ( ! $res ) {
break;
}
}
$_PLUGINS->trigger( 'onAfterUsernameReminder', array( &$result, &$res ) );
if ( $res ) {
cbRedirect( cbSef("index.php?option=$option&task=done".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), sprintf( _UE_USERNAME_REMINDER_SENT, htmlspecialchars( $confirmEmail ) ) );
} else {
cbRedirect( cbSef("index.php?option=$option&task=done".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ),_UE_EMAIL_SENDING_ERROR );
}
} elseif ( $confirmEmail != '' ) {
if ( $usernameExists ) {
$_CB_database->setQuery( "SELECT id FROM #__users"
. "\n WHERE username = " . $_CB_database->Quote( $checkusername ) . " AND email = " . $_CB_database->Quote( $confirmEmail )
);
} else {
$_CB_database->setQuery( "SELECT id FROM #__users"
. "\n WHERE email = " . $_CB_database->Quote( $confirmEmail )
);
}
$user_id = $_CB_database->loadResult();
if ( ! $user_id ) {
cbRedirect( cbSef( 'index.php?option=' . $option . '&task=lostPassword' . ( $Itemid ? '&Itemid=' . (int) $Itemid : '' ), false ), _ERROR_PASS );
}
$newpass = cbMakeRandomString( 8, true ); // should be $user->setRandomPassword() but as this whole function needs to be redone to require clicking link for new password change, let's leave it for now.
$message = str_replace( '\n', "\n", sprintf( _UE_NEWPASS_MSG, $checkusername, $_live_site, $newpass ) );
$subject = sprintf( _UE_NEWPASS_SUB, $checkusername );
$_PLUGINS->trigger( 'onBeforeNewPassword', array( $user_id, &$newpass, &$subject, &$message ));
if ($_PLUGINS->is_errors()) {
cbRedirect( cbSef("index.php?option=$option&task=lostPassword".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $_PLUGINS->getErrorMSG(), 'error' );
return;
}
$cbNotification = new cbNotification();
$res = $cbNotification->sendFromSystem($user_id,$subject,$message);
if ($res) {
$_PLUGINS->trigger( 'onNewPassword', array($user_id,$newpass));
$user = CBuser::getUserDataInstance( (int) $user_id );
$user->password = $newpass;
if ( ! $user->storePassword( false ) ) {
die("SQL error" . $user->getError());
}
cbRedirect( cbSef("index.php?option=$option&task=done".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), sprintf( _UE_NEWPASS_SENT, htmlspecialchars( $confirmEmail ) ) );
} else {
cbRedirect( cbSef("index.php?option=$option&task=done".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ),_UE_NEWPASS_FAILED );
}
} else {
cbRedirect( cbSef("index.php?option=$option&task=done".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), _UE_NEWPASS_FAILED );
}
}
function registerForm( $option, $emailpass, $regErrorMSG = null ) {
global $_CB_framework, $_CB_database, $ueConfig, $_PLUGINS, $_POST;
if ( ( ( $_CB_framework->getCfg( 'allowUserRegistration' ) == '0' )
&& ( ( ! isset($ueConfig['reg_admin_allowcbregistration']) ) || $ueConfig['reg_admin_allowcbregistration'] != '1' ) ) )
{
cbNotAuth();
return;
}
if ( $_CB_framework->myId() ) {
echo '' . _UE_ALREADY_LOGGED_IN . '
';
return;
}
$fieldsQuery = null;
$_PLUGINS->loadPluginGroup('user');
$results = $_PLUGINS->trigger( 'onBeforeRegisterForm', array( $option, $emailpass, &$regErrorMSG, $fieldsQuery ) );
if($_PLUGINS->is_errors()) {
echo "\n";
echo $_PLUGINS->getErrorMSG("", $results );
echo "
" . $allResults . "
";
return;
}
$userComplete = new moscomprofilerUser( $_CB_database );
if ( $regErrorMSG !== null ) {
HTML_comprofiler::registerForm( $option, $emailpass, $userComplete, $_POST, $regErrorMSG );
} else {
$null = null;
HTML_comprofiler::registerForm( $option, $emailpass, $userComplete, $null, $regErrorMSG );
}
}
function saveRegistration( $option ) {
global $_CB_framework, $_CB_database, $ueConfig, $_POST, $_PLUGINS;
// simple spoof check security
checkCBPostIsHTTPS();
cbSpoofCheck( 'registerForm' );
cbRegAntiSpamCheck();
// Check rights to access:
if ( ( ( $_CB_framework->getCfg( 'allowUserRegistration' ) == '0' )
&& ( ( ! isset($ueConfig['reg_admin_allowcbregistration']) ) || $ueConfig['reg_admin_allowcbregistration'] != '1' ) )
|| $_CB_framework->myId() ) {
cbNotAuth();
return;
}
if ( ! isset( $ueConfig['emailpass'] ) ) {
$ueConfig['emailpass'] = '0';
}
$userComplete = new moscomprofilerUser( $_CB_database );
// Pre-registration trigger:
$_PLUGINS->loadPluginGroup('user');
$_PLUGINS->trigger( 'onStartSaveUserRegistration', array() );
if( $_PLUGINS->is_errors() ) {
echo "\n";
$oldUserComplete = new moscomprofilerUser( $_CB_database );
$userComplete->bindSafely( $_POST, $_CB_framework->getUi(), 'register', $oldUserComplete );
HTML_comprofiler::registerForm( $option, $ueConfig['emailpass'], $userComplete, $_POST, $_PLUGINS->getErrorMSG("
") );
return;
}
// Check if this user already registered with exactly this username and password:
$username = cbGetParam( $_POST, 'username', '' );
$usernameExists = $userComplete->loadByUsername( $username );
if ( $usernameExists ) {
$password = cbGetParam( $_POST, 'password', '', _CB_ALLOWRAW );
if ( $userComplete->verifyPassword( $password ) ) {
$pwd_md5 = $userComplete->password;
$userComplete->password = $password;
$messagesToUser = activateUser( $userComplete, 1, 'SameUserRegistrationAgain' );
$userComplete->password = $pwd_md5;
echo "\n
" . implode( "
\n
", $messagesToUser ) . "
\n";
return;
} else {
$msg = sprintf( _UE_USERNAME_ALREADY_EXISTS, $username );
echo "\n";
$oldUserComplete = new moscomprofilerUser( $_CB_database );
$userComplete->bindSafely( $_POST, $_CB_framework->getUi(), 'register', $oldUserComplete );
HTML_comprofiler::registerForm( $option, $ueConfig['emailpass'], $userComplete, $_POST, htmlspecialchars( $msg ) );
return;
}
}
// Store and check terms and conditions accepted (not a field yet !!!!):
if ( isset( $_POST['acceptedterms'] ) ) {
$userComplete->acceptedterms = ( (int) cbGetParam( $_POST, 'acceptedterms', 0 ) == 1 ? 1 : 0 );
} else {
$userComplete->acceptedterms = null;
}
if($ueConfig['reg_enable_toc']) {
if ( $userComplete->acceptedterms != 1 ) {
echo "\n";
$oldUserComplete = new moscomprofilerUser( $_CB_database );
$userComplete->bindSafely( $_POST, $_CB_framework->getUi(), 'register', $oldUserComplete );
HTML_comprofiler::registerForm( $option, $ueConfig['emailpass'], $userComplete, $_POST, _UE_TOC_REQUIRED . '
' );
return;
}
}
// Set id to 0 for autoincrement and store IP address used for registration:
$userComplete->id = 0;
$userComplete->registeripaddr = cbGetIPlist();
// Store new user state:
$saveResult = $userComplete->saveSafely( $_POST, $_CB_framework->getUi(), 'register' );
if ( $saveResult === false ) {
echo "\n";
HTML_comprofiler::registerForm( $option, $ueConfig['emailpass'], $userComplete, $_POST, $userComplete->getError() );
return;
}
if ( $saveResult['ok'] === true ) {
$messagesToUser = activateUser( $userComplete, 1, "UserRegistration" );
}
foreach ( $saveResult['tabs'] as $res ) {
if ($res) {
$messagesToUser[] = $res;
}
}
if ( $saveResult['ok'] === false ) {
echo "\n";
HTML_comprofiler::registerForm( $option, $ueConfig['emailpass'], $userComplete, $_POST, $userComplete->getError() );
return;
}
$_PLUGINS->trigger( 'onAfterUserRegistrationMailsSent', array( &$userComplete, &$userComplete, &$messagesToUser, $ueConfig['reg_confirmation'], $ueConfig['reg_admin_approval'], true));
foreach ( $saveResult['after'] as $res ) {
if ( $res ) {
echo "\n
" . $res . "
\n";
}
}
if ( $_PLUGINS->is_errors() ) {
echo $_PLUGINS->getErrorMSG();
HTML_comprofiler::registerForm( $option, $ueConfig['emailpass'], $userComplete, $_POST, $_PLUGINS->getErrorMSG() );
return;
}
echo "\n
" . implode( "
\n
", $messagesToUser ) . "
\n";
}
/**
* Ajax function: Checks the availability of a username for registration and echoes a text containing the result of username search.
*
* @param string $username
*/
function performCheckUsername( $username, $function ) {
global $_CB_database, $ueConfig;
if ( ( ! isset( $ueConfig['reg_username_checker'] ) ) || ( ! $ueConfig['reg_username_checker'] ) ) {
echo ISOtoUtf8( _UE_NOT_AUTHORIZED );
exit();
}
// simple spoof check security
cbSpoofCheck( 'registerForm' );
cbRegAntiSpamCheck();
$username = stripslashes( $username );
$usernameISO = utf8ToISO( $username ); // ajax sends in utf8, we need to convert back to the site's encoding.
if ( $_CB_database->isDbCollationCaseInsensitive() ) {
$query = "SELECT COUNT(*) AS result FROM #__users WHERE username = " . $_CB_database->Quote( ( trim( $usernameISO ) ) );
} else {
$query = "SELECT COUNT(*) AS result FROM #__users WHERE LOWER(username) = " . $_CB_database->Quote( ( strtolower( trim( $usernameISO ) ) ) );
}
$_CB_database->setQuery($query);
$dataObj = null;
if ( $_CB_database->loadObject( $dataObj ) ) {
if ( $dataObj->result ) {
// funily, the output does not need to be UTF8 again:
if ( $function == 'testexists' ) {
echo ( '
' . sprintf( ISOtoUtf8( _UE_USERNAME_EXISTS_ON_SITE ), htmlspecialchars( $username ) ) . '' );
} else {
echo ( '
' . sprintf( ISOtoUtf8( _UE_USERNAME_ALREADY_EXISTS ), htmlspecialchars( $username ) ) . '' );
}
} else {
if ( $function == 'testexists' ) {
echo ( '
' . sprintf( ISOtoUtf8( _UE_USERNAME_DOES_NOT_EXISTS_ON_SITE ), htmlspecialchars( $username ) ) . '' );
} else {
echo ( '
' . sprintf( ISOtoUtf8( _UE_USERNAME_DOESNT_EXISTS ), htmlspecialchars( $username ) ) . '' );
}
}
} else {
echo ( '
' . ISOtoUtf8( _UE_SEARCH_ERROR ) . ' !' . '' );
}
}
/**
* Ajax function: Checks the availability of a username for registration and echoes a text containing the result of username search.
*
* @param string $username
*/
function performCheckEmail( $email, $function ) {
global $_CB_framework, $_CB_database, $ueConfig;
if ( ( ! isset( $ueConfig['reg_email_checker'] ) ) || ( ! $ueConfig['reg_email_checker'] ) ) {
echo ISOtoUtf8( _UE_NOT_AUTHORIZED );
exit();
}
// simple spoof check security
if ( ( ! cbSpoofCheck( 'registerForm', 'POST', 2 ) ) || ( ! cbRegAntiSpamCheck( 2 ) ) ) {
echo '
' . ISOtoUtf8( _UE_SESSION_EXPIRED ) . "";
exit;
}
$email = stripslashes( $email );
$emailISO = utf8ToISO( $email ); // ajax sends in utf8, we need to convert back to the site's encoding.
if ( $ueConfig['reg_email_checker'] > 1 ) {
if ( $_CB_database->isDbCollationCaseInsensitive() ) {
$query = "SELECT COUNT(*) AS result FROM #__users WHERE email = " . $_CB_database->Quote( ( trim( $emailISO ) ) );
} else {
$query = "SELECT COUNT(*) AS result FROM #__users WHERE LOWER(email) = " . $_CB_database->Quote( ( strtolower( trim( $emailISO ) ) ) );
}
$_CB_database->setQuery($query);
$dataObj = null;
if ( $_CB_database->loadObject( $dataObj ) ) {
if ( $function == 'testexists' ) {
if ( $dataObj->result ) {
echo '
' . sprintf( ISOtoUtf8( _UE_EMAIL_EXISTS_ON_SITE ), htmlspecialchars( $email ) ) . "";
return;
} else {
echo '
' . sprintf( ISOtoUtf8( _UE_EMAIL_DOES_NOT_EXISTS_ON_SITE ), htmlspecialchars( $email ) ) . "";
return;
}
} else {
if ( $dataObj->result ) {
echo '
' . sprintf( ISOtoUtf8( _UE_EMAIL_ALREADY_REGISTERED ), htmlspecialchars( $email ) ) . "";
return;
}
}
}
}
if ( $function == 'testexists' ) {
echo ISOtoUtf8( _UE_NOT_AUTHORIZED );
return;
} else {
$checkResult = cbCheckMail( $_CB_framework->getCfg( 'mailfrom' ), $email );
}
switch ( $checkResult ) {
case -2:
echo '
' . sprintf( ISOtoUtf8( _UE_EMAIL_NOVALID ), htmlspecialchars( $email ) ) . "";
break;
case -1:
echo '
' . sprintf( ISOtoUtf8( _UE_EMAIL_COULD_NOT_CHECK ), htmlspecialchars( $email ) ) . "";
break;
case 0:
if ( $ueConfig['reg_confirmation'] == 0 ) {
echo '
' . sprintf( ISOtoUtf8( _UE_EMAIL_INCORRECT_CHECK ), htmlspecialchars( $email ) ) . "";
} else {
echo '
' . sprintf( ISOtoUtf8( _UE_EMAIL_INCORRECT_CHECK_NEEDED ), htmlspecialchars( $email ) ) . "";
}
break;
case 1:
echo '
' . sprintf( ISOtoUtf8( _UE_EMAIL_VERIFIED ), htmlspecialchars( $email ) ) . "";
break;
default:
echo '
performCheckEmail:: Unexpected cbCheckMail result.';
break;
}
}
function login( $username=null, $passwd2=null ) {
global $_POST, $_CB_framework, $ueConfig;
checkCBPostIsHTTPS();
if ( count( $_POST ) == 0 ) {
HTML_comprofiler::loginForm( 'com_comprofiler', $_POST, null );
return;
}
$spoofCheckOk = false;
if ( cbSpoofCheck( 'login', 'POST', 2 ) ) {
$spoofCheckOk = true;
} else {
if ( is_callable("josSpoofCheck") && is_callable("josSpoofValue") ) {
$validate = josSpoofValue();
if ( cbGetParam( $_POST, $validate ) ) {
josSpoofCheck(1);
$spoofCheckOk = true;
}
}
}
if ( ! $spoofCheckOk ) {
echo _UE_SESSION_EXPIRED . ' ' . _UE_PLEASE_REFRESH;
return;
}
$messagesToUser = array();
$alertmessages = array();
if ( !$username || !$passwd2 ) {
$username = trim( cbGetParam( $_POST, 'username', '' ) );
$passwd2 = trim( cbGetParam( $_POST, 'passwd', '', _CB_ALLOWRAW ) );
if ( checkJversion() >=1 ) {
$username = stripslashes( $username );
$passwd2 = stripslashes( $passwd2 );
}
}
$rememberMe = cbGetParam( $_POST, 'remember' );
$return = trim( stripslashes( cbGetParam( $_POST, 'return', null ) ) );
if ( cbStartOfStringMatch( $return, 'B:' ) ) {
$return = base64_decode( substr( $return, 2 ) );
$arrToClean = array( 'B' => get_magic_quotes_gpc() ? addslashes( $return ) : $return );
$return = cbGetParam( $arrToClean, 'B', '' );
}
if ( ! ( ( cbStartOfStringMatch( $return, $_CB_framework->getCfg( 'live_site' ) ) || cbStartOfStringMatch( $return, 'index.php' ) ) ) ) {
$return = '';
}
$message = trim( cbGetParam( $_POST, 'message', 0 ) );
$loginType = ( isset( $ueConfig['login_type'] ) ? $ueConfig['login_type'] : 0 );
// Do the login including all authentications and event firing:
cbimport( 'cb.authentication' );
$cbAuthenticate = new CBAuthentication();
$resultError = $cbAuthenticate->login( $username, $passwd2, $rememberMe, $message, $return, $messagesToUser, $alertmessages, $loginType );
if ( count( $messagesToUser ) > 0 ) {
if ( $resultError ) {
echo "
".$resultError."
";
}
echo "\n
" . stripslashes( implode( "
\n
", $messagesToUser ) ) . "
\n";
if ( in_array( cbGetParam( $_POST, 'loginfrom' ), array( 'loginform', 'regform', 'loginmodule' ) ) ) {
HTML_comprofiler::loginForm( 'com_comprofiler', $_POST, $resultError );
}
} elseif ($resultError) {
if ( in_array( cbGetParam( $_POST, 'loginfrom' ), array( 'loginform', 'regform', 'loginmodule' ) ) ) {
HTML_comprofiler::loginForm( 'com_comprofiler', $_POST, $resultError );
} else {
echo "
".$resultError."
";
}
} else {
cbRedirect( cbSef( $return, false ), ( count( $alertmessages ) > 0 ? stripslashes( implode( '\n', $alertmessages ) ) : '' ) );
}
}
function logout() {
global $_POST, $_CB_framework, $_CB_database, $_PLUGINS;
$return = trim( stripslashes( cbGetParam( $_POST, 'return', null ) ) );
if ( cbStartOfStringMatch( $return, 'B:' ) ) {
$return = base64_decode( substr( $return, 2 ) );
$arrToClean = array( 'B' => get_magic_quotes_gpc() ? addslashes( $return ) : $return );
$return = cbGetParam( $arrToClean, 'B', '' );
}
$message = trim( cbGetParam( $_POST, 'message', 0 ) );
if ($return || $message) {
$spoofCheckOk = false;
if ( cbSpoofCheck( 'logout', 'POST', 2 ) ) {
$spoofCheckOk = true;
} else {
if ( is_callable("josSpoofCheck") && is_callable("josSpoofValue") ) {
$validate = josSpoofValue();
if ( cbGetParam( $_POST, $validate ) ) {
josSpoofCheck(1);
$spoofCheckOk = true;
}
}
}
if ( ! $spoofCheckOk ) {
echo _UE_SESSION_EXPIRED . ' ' . _UE_PLEASE_REFRESH;
return;
}
}
// Do the logout including all authentications and event firing:
cbimport( 'cb.authentication' );
$cbAuthenticate = new CBAuthentication();
$resultError = $cbAuthenticate->logout( $return );
if ( $resultError ) {
echo "\n";
echo "
".$_PLUGINS->getErrorMSG()."
";;
return;
}
cbRedirect( cbSef( ( $return ? $return : 'index.php' ), false ), ( $message ? stripslashes( _LOGOUT_SUCCESS ) : '' ) );
}
function confirm( $confirmcode ) {
global $_CB_database, $_CB_framework, $ueConfig, $_PLUGINS;
if( $_CB_framework->myId() < 1 ) {
$unscrambledId = moscomprofilerUser::getUserIdFromActivationCode( $confirmcode );
if ( $unscrambledId ) {
$cbUser = CBuser::getInstance( (int) $unscrambledId );
if ( $cbUser ) {
$user = $cbUser->getUserData();
if ( $user && $user->id ) {
if ( $user->confirmed == 0 ) {
if ( $user->checkActivationCode( $confirmcode ) ) {
// THIS is the normal case: user exists, is not yet confirmed, and confirmation code does match:
$messagesToUser = null;
$confirmed = $user->confirmUser( $messagesToUser );
} else {
// confirmation code does not match:
$messagesToUser = array( _UE_WRONG_CONFIRMATION_CODE );
$confirmed = false;
}
} else {
// User has already confirmed: show friendly activation messages depending on his state:
$messagesToUser = getActivationMessage( $user, 'UserConfirmation' );
$confirmed = true;
}
if ( $confirmed ) {
// THIS is the normal case: user exists, is not yet confirmed, and confirmation code does match:
$class = 'cbconfirmationinfo';
} else {
$class = 'error';
}
echo "\n" . '
' . implode( '
', $messagesToUser ) . "
\n";
return;
}
}
}
// this is the error case where the URL is simply not right:
cbNotAuth();
return;
} else {
// this is the case where the user is already logged in (mostly test-cases):
echo '
' . _UE_NOT_AUTHORIZED." :
"._UE_DO_LOGOUT." !
";
}
}
function approveImage() {
global $_CB_database, $_POST, $_REQUEST, $_SERVER, $_CB_framework;
$andItemid = getCBprofileItemid();
// simple spoof check security for posts (menus do gets):
if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
cbSpoofCheck( 'moderateImages' );
}
$isModerator=isModerator( $_CB_framework->myId() );
if (!$isModerator) {
cbNotAuth();
return;
}
$avatars=array();
if(isset($_POST['avatar'])) $avatars=$_POST['avatar'];
else $avatars[] = $_REQUEST['avatars'];
if(isset($_POST['act'])) $act=$_POST['act'];
else $act = $_REQUEST['flag'];
$cbNotification = new cbNotification();
if($act=='1') {
foreach ($avatars AS $avatar) {
$query = "UPDATE #__comprofiler SET avatarapproved = 1, lastupdatedate=". $_CB_database->Quote( $_CB_framework->dateDbOfNow() ) ." WHERE id = " . (int) $avatar;
$_CB_database->setQuery($query);
$_CB_database->query();
$cbNotification->sendFromSystem( (int) $avatar, _UE_IMAGEAPPROVED_SUB, _UE_IMAGEAPPROVED_MSG );
}
} else {
foreach ($avatars AS $avatar) {
$query = "SELECT avatar FROM #__comprofiler WHERE id = " . (int) $avatar;
$_CB_database->setQuery($query);
$file = $_CB_database->loadResult();
if(preg_match("/gallery\\//i",$file)==false && is_file($_CB_framework->getCfg('absolute_path')."/images/comprofiler/".$file)) {
unlink($_CB_framework->getCfg('absolute_path')."/images/comprofiler/".$file);
if(is_file($_CB_framework->getCfg('absolute_path')."/images/comprofiler/tn".$file)) unlink($_CB_framework->getCfg('absolute_path')."/images/comprofiler/tn".$file);
}
$query = "UPDATE #__comprofiler SET avatarapproved = 1, avatar=null WHERE id = " . (int) $avatar;
$_CB_database->setQuery($query);
$_CB_database->query();
$cbNotification->sendFromSystem( (int) $avatar, _UE_IMAGEREJECTED_SUB, _UE_IMAGEREJECTED_MSG );
}
}
cbRedirect( cbSef( 'index.php?option=com_comprofiler&task=moderateImages' . $andItemid, false ), _UE_USERIMAGEMODERATED_SUCCESSFUL);
}
function reportUser($option,$form=1,$uid=0) {
global $_CB_framework, $_CB_database, $ueConfig, $_POST;
if($ueConfig['allowUserReports']==0) {
echo _UE_FUNCTIONALITY_DISABLED;
exit();
}
if ( ! CBuser::getMyInstance()->authoriseView( 'profile', $uid ) ) {
echo _UE_NOT_AUTHORIZED;
return;
}
if($form==1) {
HTML_comprofiler::reportUserForm($option,$uid);
} else {
// simple spoof check security
cbSpoofCheck( 'reportUserForm' );
$row = new moscomprofilerUserReport( $_CB_database );
$Itemid = $_CB_framework->itemid();
if (!$row->bind( $_POST )) {
cbRedirect( cbSef("index.php?option=$option&task=reportUser".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $row->getError(), 'error' );
return;
}
_cbMakeHtmlSafe($row); //TBD: remove this: not urgent but isn't right
$row->reportedondate = date("Y-m-d H:i:s");
if (!$row->check()) {
cbRedirect( cbSef("index.php?option=$option&task=reportUser".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $row->getError(), 'error' );
return;
}
if (!$row->store()) {
cbRedirect( cbSef("index.php?option=$option&task=reportUser".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $row->getError(), 'error' );
return;
}
if($ueConfig['moderatorEmail']==1) {
$cbNotification = new cbNotification();
$cbNotification->sendToModerators(_UE_USERREPORT_SUB,_UE_USERREPORT_MSG);
}
echo _UE_USERREPORT_SUCCESSFUL;
}
}
function banUser( $option, $uid, $form=1, $act=1 ) {
global $_CB_framework, $_CB_database, $ueConfig, $_POST;
$isModerator=isModerator( $_CB_framework->myId() );
if ( ( $_CB_framework->myId() < 1 ) || ( $uid < 1 ) ) {
cbNotAuth();
exit();
}
if ( $ueConfig['allowUserBanning'] == 0 ) {
echo _UE_FUNCTIONALITY_DISABLED;
exit();
}
if ( $form == 1 ) {
$_CB_database->setQuery( "SELECT bannedreason FROM #__comprofiler WHERE id = " . (int) $uid );
$orgbannedreason = $_CB_database->loadresult();
HTML_comprofiler::banUserForm( $option, $uid, $act, $orgbannedreason);
} else {
$now = $_CB_framework->now();
$dateStr = cbFormatDate( $now );
$cbNotification = new cbNotification();
if ( $act == 1 ) {
// Ban by moderator:
if ( ( ! $isModerator ) || ( $_CB_framework->myId() != cbGetParam( $_POST, 'bannedby', 0 ) ) ) {
cbNotAuth();
return;
}
// simple spoof check security
cbSpoofCheck( 'banUserForm' );
$bannedreason = '
' . htmlspecialchars("["._UE_MODERATORBANRESPONSE.", " . $dateStr . "]") . "\n" . htmlspecialchars( stripslashes( cbGetParam( $_POST, 'bannedreason') ) ) ."\n";
$sql="UPDATE #__comprofiler SET banned=1, bannedby=" . (int) $_CB_framework->myId() . ", banneddate='".date('Y-m-d\TH:i:s')."', bannedreason = CONCAT_WS('','" . $_CB_database->getEscaped( $bannedreason ) . "', bannedreason) WHERE id=". (int) $uid;
$_CB_database->SetQuery($sql);
$_CB_database->query();
$cbNotification->sendFromSystem($uid,_UE_BANUSER_SUB,_UE_BANUSER_MSG);
echo _UE_USERBAN_SUCCESSFUL;
} elseif ( $act == 0 ) {
// Unban by moderator:
if (!$isModerator){
cbNotAuth();
return;
}
// $mineName = getNameFormat($_CB_framework->myName(), $_CB_framework->myUsername,$ueConfig['name_format']);
// DEFINE('_UE_UNBANUSER_BY_ON','User profile unbanned by %s on %s');
// $unbannedBy = "
" . addslashes( htmlspecialchars("[".sprintf( _UE_UNBANUSER_BY_ON, $mineName, $dateStr ) ) ) . "]\n";
$unbannedBy = "
" . htmlspecialchars("[". _UE_UNBANUSER . ", " . $dateStr ) . "]\n";
$sql="UPDATE #__comprofiler SET banned=0, unbannedby=" . (int) $_CB_framework->myId() . ", bannedreason = CONCAT_WS('','" . $_CB_database->getEscaped( $unbannedBy ) . "', bannedreason), unbanneddate='".date('Y-m-d\TH:i:s')."' WHERE id=".(int) $uid; // , bannedreason=null, bannedby=null, banneddate=null
$_CB_database->SetQuery($sql);
$_CB_database->query();
$cbNotification->sendFromSystem($uid,_UE_UNBANUSER_SUB,_UE_UNBANUSER_MSG);
echo _UE_USERUNBAN_SUCCESSFUL;
} elseif ( $act == 2 ) {
// Unban request from user:
if ( $_CB_framework->myId() != $uid ) {
cbNotAuth();
return;
}
$bannedreason = "
".htmlspecialchars("["._UE_USERBANRESPONSE.", " . $dateStr . "]")."\n" . htmlspecialchars( stripslashes( cbGetParam( $_POST, 'bannedreason' ) ) ) ."\n";
$sql="UPDATE #__comprofiler SET banned=2, bannedreason = CONCAT_WS('','" . $_CB_database->getEscaped( $bannedreason) . "', bannedreason) WHERE id=" . (int) $uid;
$_CB_database->SetQuery($sql);
$_CB_database->query();
if($ueConfig['moderatorEmail']==1) {
$cbNotification->sendToModerators(_UE_UNBANUSERREQUEST_SUB,_UE_UNBANUSERREQUEST_MSG);
}
echo _UE_USERUNBANREQUEST_SUCCESSFUL;
}
}
}
function processReports(){
global $_CB_framework, $_CB_database, $_POST;
// simple spoof check security
cbSpoofCheck( 'moderateReports' );
$isModerator=isModerator( $_CB_framework->myId() );
if (!$isModerator) {
cbNotAuth();
return;
}
$reports = cbGetParam( $_POST, 'reports', array() );
foreach ($reports AS $report) {
$query = "UPDATE #__comprofiler_userreports SET reportedstatus = 1 WHERE reportid = " . (int) $report;
$_CB_database->setQuery($query);
$_CB_database->query();
}
cbRedirect( cbSef( 'index.php?option=com_comprofiler&task=moderateReports' . getCBprofileItemid(), false ), _UE_USERREPORTMODERATED_SUCCESSFUL );
}
function moderator(){
global $_CB_framework, $_CB_database;
$isModerator=isModerator( $_CB_framework->myId() );
if (!$isModerator) {
cbNotAuth();
return;
}
$query = "SELECT count(*) FROM #__comprofiler WHERE avatarapproved=0 AND approved=1 AND confirmed=1 AND banned=0";
if(!$_CB_database->setQuery($query)) print $_CB_database->getErrorMsg();
$totalimages = $_CB_database->loadResult();
$query = "SELECT count(*) FROM #__comprofiler_userreports WHERE reportedstatus=0 ";
if(!$_CB_database->setQuery($query)) print $_CB_database->getErrorMsg();
$totaluserreports = $_CB_database->loadResult();
$query = "SELECT count(*) FROM #__comprofiler WHERE banned=2 AND approved=1 AND confirmed=1";
if(!$_CB_database->setQuery($query)) print $_CB_database->getErrorMsg();
$totalunban = $_CB_database->loadResult();
if($totalunban > 0 || $totaluserreports > 0 || $totalimages > 0) {
if($totalunban > 0) echo "
".$totalunban._UE_UNBANREQUIREACTION."
";
if($totaluserreports > 0) echo "
".$totaluserreports._UE_USERREPORTSREQUIREACTION."
";
if($totalimages > 0) echo "
".$totalimages._UE_IMAGESREQUIREACTION."
";
} else {
echo _UE_NOACTIONREQUIRED;
}
}
function approveUser($uids) {
global $_CB_framework, $_CB_database, $ueConfig, $_PLUGINS;
$andItemid = getCBprofileItemid();
// simple spoof check security
cbSpoofCheck( 'pendingApprovalUsers' );
if($ueConfig['allowModUserApproval']==0) {
echo _UE_FUNCTIONALITY_DISABLED;
exit();
}
$isModerator=isModerator( $_CB_framework->myId() );
if (!$isModerator){
cbNotAuth();
return;
}
$_PLUGINS->loadPluginGroup('user');
if ( ! isset( $ueConfig['emailpass'] ) ) {
$ueConfig['emailpass'] = '0';
}
$Itemid = $_CB_framework->itemid();
foreach($uids AS $uid) {
$cbUser = CBuser::getInstance( (int) $uid );
$user = $cbUser->getUserData();
if ( $user->approved != 1 ) {
if ( $ueConfig['emailpass'] == "1" ) {
$user->setRandomPassword();
}
$_PLUGINS->trigger( 'onBeforeUserApproval', array( $user, true ) );
if($_PLUGINS->is_errors()) {
cbRedirect( cbSef("index.php?option=com_comprofiler&task=pendingApprovalUser".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $_PLUGINS->getErrorMSG(), 'error' );
return;
}
$user->approved = 1;
$user->storeApproved( false );
if ( $ueConfig['emailpass'] == "1" ) {
$user->storePassword( false );
}
$_PLUGINS->trigger( 'onAfterUserApproval', array( $user, true, true ) );
activateUser($user, 1, "UserApproval", false);
}
}
cbRedirect( cbSef( 'index.php?option=com_comprofiler&task=pendingApprovalUser' . $andItemid, false ), ( count( $uids ) ) ? count( $uids ) . ' ' . _UE_USERAPPROVAL_SUCCESSFUL : '' );
}
function rejectUser($uids) {
global $_CB_framework, $_CB_database, $ueConfig, $_POST, $_PLUGINS;
$andItemid = getCBprofileItemid();
// simple spoof check security
cbSpoofCheck( 'pendingApprovalUsers' );
if($ueConfig['allowModUserApproval']==0) {
echo _UE_FUNCTIONALITY_DISABLED;
exit();
}
$isModerator=isModerator( $_CB_framework->myId() );
if (!$isModerator){
cbNotAuth();
return;
}
$cbNotification= new cbNotification();
foreach($uids AS $uid) {
$query = "SELECT * FROM #__comprofiler c, #__users u WHERE c.id=u.id AND c.id = " . (int) $uid;
$_CB_database->setQuery($query);
$user = $_CB_database->loadObjectList();
$row = $user[0];
$_PLUGINS->loadPluginGroup('user');
$_PLUGINS->trigger( 'onBeforeUserApproval', array($row,false));
if($_PLUGINS->is_errors()) {
cbRedirect( cbSef("index.php?option=$option&task=pendingApprovalUser".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $_PLUGINS->getErrorMSG(), 'error' );
return;
}
$sql="UPDATE #__comprofiler SET approved=2 WHERE id=" . (int) $uid;
$_CB_database->SetQuery($sql);
$_CB_database->query();
$_PLUGINS->trigger( 'onAfterUserApproval', array($row,false,true));
$cbNotification->sendFromSystem(cbGetEscaped($uid),_UE_REG_REJECT_SUB,sprintf(_UE_USERREJECT_MSG,$_CB_framework->getCfg( 'sitename' ), stripslashes( cbGetParam( $_POST, 'comment' . $uid, '' ) ) ) );
}
cbRedirect( cbSef( 'index.php?option=com_comprofiler&task=pendingApprovalUser' . $andItemid, false ),(count($uids))?count($uids)." "._UE_USERREJECT_SUCCESSFUL:"");
}
function pendingApprovalUsers($option) {
global $_CB_framework, $_CB_database, $ueConfig;
$isModerator = isModerator( $_CB_framework->myId() );
if($ueConfig['allowModUserApproval']==0) {
echo _UE_FUNCTIONALITY_DISABLED;
exit();
}
if (!$isModerator){
cbNotAuth();
return;
}
$_CB_database->setQuery( "SELECT u.id, u.name, u.username, u.email, u.registerDate "
."\n FROM #__users u, #__comprofiler c "
."\n WHERE u.id=c.id AND c.approved=0 AND c.confirmed=1" );
$rows = $_CB_database->loadObjectList();
HTML_comprofiler::pendingApprovalUsers($option, $rows);
}
//Connections
function addConnection($userid,$connectionid,$umsg=null) {
global $_CB_framework, $ueConfig;
$andItemid = getCBprofileItemid(true);
if(!$ueConfig['allowConnections']) {
echo _UE_FUNCTIONALITY_DISABLED;
return;
}
if (! ($_CB_framework->myId() > 0 ) ) {
cbNotAuth();
return;
}
$cbCon=new cbConnection($userid);
$cbCon->addConnection($connectionid,stripcslashes($umsg));
$url=cbSef( "index.php?option=com_comprofiler&task=userProfile&user=" . $connectionid . $andItemid );
echo "\n";
}
function removeConnection( $userid, $connectionid ) {
global $_CB_framework, $ueConfig;
$andItemid = getCBprofileItemid(true);
if ( ! $ueConfig['allowConnections'] ) {
echo _UE_FUNCTIONALITY_DISABLED;
return;
}
if ( ! ( $_CB_framework->myId() > 0 ) ) {
cbNotAuth();
return;
}
$cbCon = new cbConnection( $userid );
if ( ! $cbCon->removeConnection( $userid, $connectionid ) ) {
$msg = $cbCon->getErrorMSG();
} else {
$msg = $cbCon->getUserMSG();
}
// $url=cbSef("index.php?option=com_comprofiler&task=manageConnections");
$url=cbSef( "index.php?option=com_comprofiler&tab=getConnectionTab" . $andItemid );
echo "\n";
}
function denyConnection( $userid, $connectionid ) {
global $_CB_framework, $ueConfig;
if(!$ueConfig['allowConnections']) {
echo _UE_FUNCTIONALITY_DISABLED;
return;
}
if (! ( $_CB_framework->myId() > 0 ) ) {
cbNotAuth();
return;
}
$cbCon = new cbConnection( $userid );
$cbCon->denyConnection( $userid, $connectionid );
echo "\n"; //TBD solve this as a redirect to ???
}
function acceptConnection($userid,$connectionid) {
global $_CB_framework, $ueConfig;
if(!$ueConfig['allowConnections']) { // do not test, needed if rules changed! || !$ueConfig['useMutualConnections']
echo _UE_FUNCTIONALITY_DISABLED;
return;
}
if (! ( $_CB_framework->myId() > 0 ) ) {
cbNotAuth();
return;
}
$cbCon=new cbConnection($userid);
$cbCon->acceptConnection($userid,$connectionid);
echo "\n"; //TBD solve this as a redirect to ???
}
function manageConnections($userid) {
global $_CB_framework, $ueConfig;
if(!$ueConfig['allowConnections']) {
echo _UE_FUNCTIONALITY_DISABLED;
return;
}
if ( $_CB_framework->myId() != $userid || $_CB_framework->myId() == 0) {
cbNotAuth();
return;
}
$cbCon = new cbConnection( $userid );
$connections = $cbCon->getActiveConnections( $userid );
$tabs = new cbTabs( 0, $_CB_framework->getUi() );
$tabs->element = '';
$pagingParams = $tabs->_getPaging( array(), array( 'connections_' ) );
$perpage = 20; //TBD unhardcode and get the code below better
$total = $cbCon->getConnectionsCount( $userid, true );
if ( $pagingParams["connections_limitstart"] === null ) {
$pagingParams["connections_limitstart"] = 0;
}
if ( $pagingParams["connections_limitstart"] > $total ) {
$pagingParams["connections_limitstart"] = 0;
}
$offset = ( $pagingParams["connections_limitstart"] ? (int) $pagingParams["connections_limitstart"] : 0 );
$connections = $cbCon->getActiveConnections( $userid, $offset, $perpage );
$actions = $cbCon->getPendingConnections( $userid );
$connecteds = $cbCon->getConnectedToMe( $userid );
HTML_comprofiler::manageConnections( $connections, $actions, $total, $tabs, $pagingParams, $perpage, $connecteds );
}
function saveConnections($connectionids) {
global $_CB_framework, $ueConfig, $_POST;
$andItemid = getCBprofileItemid();
// simple spoof check security
cbSpoofCheck( 'manageConnections' );
if(!$ueConfig['allowConnections']) {
echo _UE_FUNCTIONALITY_DISABLED;
return;
}
if ( ! ( $_CB_framework->myId() > 0 ) ) {
cbNotAuth();
return;
}
$cbCon = new cbConnection( $_CB_framework->myId() );
if (is_array($connectionids)) {
foreach($connectionids AS $cid) {
$connectionTypes = cbGetParam( $_POST, $cid.'connectiontype', array() );
$cbCon->saveConnection( $cid, stripslashes( cbGetParam( $_POST, $cid . 'description', '' ) ), implode( '|*|', $connectionTypes ) );
}
}
cbRedirect( cbSef( 'index.php?option=com_comprofiler&task=manageConnections&tab=1' . $andItemid, false ),
(is_array($connectionids)) ? _UE_CONNECTIONSUPDATEDSUCCESSFULL : null);
}
function processConnectionActions($connectionids) {
global $_CB_framework, $ueConfig, $_POST;
// simple spoof check security
cbSpoofCheck( 'manageConnections' );
if(!$ueConfig['allowConnections']) {
echo _UE_FUNCTIONALITY_DISABLED;
return;
}
if ( ! ( $_CB_framework->myId() > 0 ) ) {
cbNotAuth();
return;
}
$cbCon = new cbConnection( $_CB_framework->myId() );
if (is_array($connectionids)) {
foreach($connectionids AS $cid) {
$action = cbGetParam( $_POST, $cid . 'action' );
if ( $action== 'd' ) {
$cbCon->denyConnection( $_CB_framework->myId(), $cid );
} elseif ( $action == 'a' ) {
$cbCon->acceptConnection( $_CB_framework->myId(), $cid );
}
}
}
$error = $cbCon->getErrorMSG();
if ( $error ) {
cbRedirect( cbSef( 'index.php?option=com_comprofiler&task=manageConnections' . getCBprofileItemid(), false ), $error, 'error' );
} else {
cbRedirect( cbSef( 'index.php?option=com_comprofiler&task=manageConnections' . getCBprofileItemid(), false ),
( is_array($connectionids) ) ? _UE_CONNECTIONACTIONSSUCCESSFULL : null );
}
return;
}
/**
* Checks if a page is executed https, and if not, if it should be according to login module HTTPS posts specifications
*
* @param boolean $return [default: false] : True: returns if https switchover is needed for the POST form (if not already on HTTPS and login module asks for it). False: errors 403 if not in https and it's configured in login module.
* @return boolean True: switchover needed (returned only if $return = true)
*/
function checkCBPostIsHTTPS( $return = false ) {
global $_CB_framework, $_CB_database, $_SERVER;
$isHttps = ( isset( $_SERVER['HTTPS'] ) && ( ! empty( $_SERVER['HTTPS'] ) ) && ( $_SERVER['HTTPS'] != 'off' ) );
if ( ( ! $isHttps ) && file_exists( $_CB_framework->getCfg( 'absolute_path' ) . '/modules/' . ( checkJversion() > 0 ? 'mod_cblogin/' : null ) . 'mod_cblogin.php' ) ) {
$query = 'SELECT ' . $_CB_database->NameQuote( 'params' )
. "\n FROM " . $_CB_database->NameQuote( '#__modules' )
. "\n WHERE " . $_CB_database->NameQuote( 'module' ) . " = " . $_CB_database->Quote( 'mod_cblogin' )
. "\n ORDER BY " . $_CB_database->NameQuote( 'ordering' );
$_CB_database->setQuery( $query, 0, 1 );
$module = $_CB_database->loadResult();
if ( $module ) {
$params = new cbParamsBase( $module );
$https_post = ( $params->get( 'https_post', 0 ) != 0 );
} else {
$https_post = false;
}
} else {
$https_post = false;
}
if ( $return ) {
return $https_post;
} else {
if ( $https_post && ( ! $isHttps ) ) {
header( 'HTTP/1.0 403 Forbidden' );
exit( _UE_NOT_AUTHORIZED );
}
}
}
?>