| Current File : /home/pacjaorg/public_html/kmm/administrator/components/com_djclassifieds/lib/djaccess.php |
<?php
/**
* @package DJ-Classifieds
* @copyright Copyright (C) DJ-Extensions.com, All rights reserved.
* @license http://www.gnu.org/licenses GNU/GPL
* @author url: http://dj-extensions.com
* @author email contact@dj-extensions.com
*/
defined('_JEXEC') or die('Restricted access');
require_once(JPATH_ROOT.'/administrator/components/com_djclassifieds/lib/djfield.php');
require_once(JPATH_ROOT.'/administrator/components/com_djclassifieds/lib/djseo.php');
require_once(JPATH_ROOT.'/components/com_djclassifieds/model.php');
class DJClassifiedsAccess
{
static function getUserGroups($user_id = null)
{
$user = JFactory::getUser($user_id);
if($user->id){
$ug_arr = $user->groups;
}else{
$u_par = JComponentHelper::getParams('com_users');
$guest_usergroup = $u_par->get('guest_usergroup', '0');
$ug_arr = array(
'1', // public
$guest_usergroup
);
}
return $ug_arr;
}
public static function hasAccessToFormField($f, $account_type_id = null)
{
$db = JFactory::getDBO();
$has_access = false;
$group_ids = array();
if($f->group_id){
$ug_arr = self::getUserGroups();
$group_ids = explode(',', $f->group_id);
foreach($group_ids as $group_id){
$query = "SELECT * FROM #__djcf_fields_groups_usergroups WHERE group_id=".$group_id;
$db->setQuery($query);
$groups_restriction = $db->loadObjectList();
if($groups_restriction){
foreach($groups_restriction as $g){
if(in_array($g->usergroup_id, $ug_arr)){
$has_access = true;
break 2;
}
}
}else{
$has_access = true;
break;
}
}
}else{
$has_access = true;
}
if($account_type_id !== null && empty($groups_restriction)){ // if profile edit and no user groups set for field group - base access on profile field group (backward compatibility)
$has_access = $f->group_id == '0' || in_array($account_type_id, $group_ids) ? true : false;
}
return $has_access;
}
static function filterFieldsByGroupAccess(&$fields)
{
foreach($fields as $key => $f){
if($f->group_id){
$group_ids = explode(',', $f->group_id);
$match = false;
foreach($group_ids as $group_id){
$fieldgroup = DJClassifiedsField::getFieldGroup($group_id);
//if(!$fieldgroup || ($fieldgroup && in_array($fieldgroup->access, $ug_arr))){
if($fieldgroup === null || $fieldgroup){
$match = true;
break;
}
}
if(!$match){
unset($fields[$key]);
}
}
}
}
public static function hasAccessToPlan($plan)
{
$user = JFactory::getUser();
$db = JFactory::getDBO();
$query = "SELECT * FROM #__djcf_plans_groups WHERE plan_id=".$plan->id;
$db->setQuery($query);
$groups_restriction = $db->loadObjectList();
if($groups_restriction){
$ug_arr = DJClassifiedsAccess::getUserGroups($user->id);
foreach($groups_restriction as $g){
if(in_array($g->group_id, $ug_arr)){
return true;
}
}
return false;
}
return true;
}
static function canEditItem($item, $par = null, $full_check = false)
{
$app = JFactory::getApplication();
$user = JFactory::getUser();
$par = $par ? $par : JComponentHelper::getParams('com_djclassifieds');
$can_edit = false;
if($item->published != '2' && ($user->id && $item->user_id == $user->id) || (!$user->id && $par->get('guest_can_edit','1') && $item->token && $app->input->get('token') == $item->token)){
$can_edit = true;
}
if($full_check && $can_edit){
if(!self::canEditAuctionItem($item, $par)){
$can_edit = 'COM_DJCLASSIFIEDS_AUCTION_EDIT_LOCK_MESSAGE';
}
if(!self::canEditBuynowItem($item, $par)){
$can_edit = 'COM_DJCLASSIFIEDS_BUYNOW_EDIT_LOCK_MESSAGE';
}
}
if($user->id && $par->get('admin_can_edit_delete','0') && $user->authorise('core.admin', 'com_djclassifieds')){
$can_edit = true;
}
return $can_edit;
}
static function canDeleteItem($item, $par = null)
{
$app = JFactory::getApplication();
$user = JFactory::getUser();
$par = $par ? $par : JComponentHelper::getParams('com_djclassifieds');
$can_delete = false;
if(($user->id && $item->user_id == $user->id) || (!$user->id && $par->get('guest_can_delete','1') && $item->token && $app->input->get('token') == $item->token)){
$can_delete = true;
}
if($item->published == '2' && $par->get('allow_user_delete_archive','0')=='0'){
$can_delete = false;
}
if($user->id && $par->get('admin_can_edit_delete','0') && $user->authorise('core.admin', 'com_djclassifieds')){
$can_delete = true;
}
return $can_delete;
}
static function canEditAuctionItem($item, $par = null)
{
$par = $par ? $par : JComponentHelper::getParams('com_djclassifieds');
$djmodel = new DJClassifiedsModel();
$can_edit = $item->auction && $par->get('auction_edit_lock') && $djmodel->getBids($item->id) ? false : true;
return $can_edit;
}
static function canEditBuynowItem($item, $par = null)
{
$db = JFactory::getDBO();
$par = $par ? $par : JComponentHelper::getParams('com_djclassifieds');
$can_edit = true;
if($item->buynow && $par->get('buynow_edit_lock')){
$query = "SELECT count(id) FROM #__djcf_orders WHERE item_id=".$item->id;
$db->setQuery($query);
$has_orders = $db->loadResult();
if($has_orders){
$can_edit = false;
}
}
return $can_edit;
}
static function canRenewAuctionItem($item, $par = null)
{
$par = $par ? $par : JComponentHelper::getParams('com_djclassifieds');
$djmodel = new DJClassifiedsModel();
$can_renew = $item->auction && $par->get('auction_renew_lock') && $djmodel->getBids($item->id) ? false : true;
return $can_renew;
}
static function passwordRuleTest($value)
{
$params = JComponentHelper::getParams('com_users');
$minimumLengthp = $params->get('minimum_length');
$minimumIntegersp = $params->get('minimum_integers');
$minimumSymbolsp = $params->get('minimum_symbols');
$minimumUppercasep = $params->get('minimum_uppercase');
$minimumLowercasep = $params->get('minimum_lowercase');
empty($minimumLengthp) ? : $minimumLength = (int) $minimumLengthp;
empty($minimumIntegersp) ? : $minimumIntegers = (int) $minimumIntegersp;
empty($minimumSymbolsp) ? : $minimumSymbols = (int) $minimumSymbolsp;
empty($minimumUppercasep) ? : $minimumUppercase = (int) $minimumUppercasep;
empty($minimumLowercasep) ? : $minimumLowercase = (int) $minimumLowercasep;
$valueLength = strlen($value);
// Load language file of com_users component
JFactory::getLanguage()->load('com_users');
// We set a maximum length to prevent abuse since it is unfiltered.
if ($valueLength > 4096)
{
return JText::_('COM_DJCLASSIFIEDS_MSG_PASSWORD_TOO_LONG');
}
// We don't allow white space inside passwords
$valueTrim = trim($value);
if (strlen($valueTrim) !== $valueLength)
{
return JText::_('COM_DJCLASSIFIEDS_MSG_SPACES_IN_PASSWORD');
}
// Minimum number of integers required
if (!empty($minimumIntegers))
{
$nInts = preg_match_all('/[0-9]/', $value, $imatch);
if ($nInts < $minimumIntegers)
{
return JText::plural('COM_DJCLASSIFIEDS_MSG_NOT_ENOUGH_INTEGERS_N', $minimumIntegers);
}
}
// Minimum number of symbols required
if (!empty($minimumSymbols))
{
$nsymbols = preg_match_all('[\W]', $value, $smatch);
if ($nsymbols < $minimumSymbols)
{
return JText::plural('COM_DJCLASSIFIEDS_MSG_NOT_ENOUGH_SYMBOLS_N', $minimumSymbols);
}
}
// Minimum number of upper case ASCII characters required
if (!empty($minimumUppercase))
{
$nUppercase = preg_match_all('/[A-Z]/', $value, $umatch);
if ($nUppercase < $minimumUppercase)
{
return JText::plural('COM_DJCLASSIFIEDS_MSG_NOT_ENOUGH_UPPERCASE_LETTERS_N', $minimumUppercase);
}
}
// Minimum number of lower case ASCII characters required
if (!empty($minimumLowercase))
{
$nLowercase = preg_match_all('/[a-z]/', $value, $umatch);
if ($nLowercase < $minimumLowercase)
{
return JText::plural('COM_DJCLASSIFIEDS_MSG_NOT_ENOUGH_LOWERCASE_LETTERS_N', $minimumLowercase);
}
}
// Minimum length option
if (!empty($minimumLength))
{
if (strlen((string) $value) < $minimumLength)
{
return JText::plural('COM_DJCLASSIFIEDS_MSG_PASSWORD_TOO_SHORT_N', $minimumLength);
}
}
return false;
}
static function getCaptchaPlugin()
{
$par = JComponentHelper::getParams('com_djclassifieds');
return $par->get('captcha_plugin', JFactory::getConfig()->get('captcha'));
}
static function renderCaptcha()
{
$app = JFactory::getApplication();
$captcha_plugin = self::getCaptchaPlugin();
if($captcha_plugin){
JPluginHelper::importPlugin('captcha', $captcha_plugin);
$app->triggerEvent('onInit', array());
$captcha_output = '';
foreach($app->triggerEvent('onDisplay', array()) as $captcha_display){
$captcha_output .= $captcha_display;
}
return $captcha_output;
}
}
static function isCaptchaValid()
{
$captcha_plugin = self::getCaptchaPlugin();
if($captcha_plugin){
JPluginHelper::importPlugin('captcha', $captcha_plugin);
$app = JFactory::getApplication();
try {
$catpcha_test = $app->triggerEvent('onCheckAnswer', array());
} catch (Exception $e) {
$app->enqueueMessage($e->getMessage(), 'error');
return false;
}
if(!empty($catpcha_test[0]) && $catpcha_test[0] === false){
return false;
}
}
return true;
}
static function checkAskFormFiles()
{
$app = JFactory::getApplication();
$par = JComponentHelper::getParams('com_djclassifieds');
$ask_file = $_FILES['ask_file'];
if($par->get('ask_seller_file','0') == '1'){
if(!empty($ask_file['name'])){
$ask_files = array();
if(is_array($ask_file['name'])){
foreach($ask_file['name'] as $key => $val){
$ask_files[] = array('name' => $ask_file['name'][$key], 'size' => $ask_file['size'][$key]);
}
}else{
$ask_files[] = $ask_file;
}
$file_maxsize = $par->get('ask_seller_file_size','2');
if($file_maxsize > 0){
$file_maxsize = $file_maxsize * 1024 * 1024;
}
foreach($ask_files as $file){
if($file_maxsize > 0 && $file['size'] < $file_maxsize){
$file_ext = pathinfo($file['name'])['extension'];
if(!strstr(','.str_ireplace(' ', '', $par->get('ask_seller_file_types','doc,pdf,zip')).',', ','.$file_ext.',')){
$app->enqueueMessage(JText::_('COM_DJCLASSIFIEDS_ASK_FORM_FILE_WRONG_EXT'), 'warning');
return false;
}
}else{
$app->enqueueMessage(JText::_('COM_DJCLASSIFIEDS_ASK_FORM_FILE_SIZE_LIMIT_EXCEEDED'), 'warning');
return false;
}
}
}
}
return true;
}
public static function restrictionRedirect($type = '')
{
$app = JFactory::getApplication();
$db = JFactory::getDBO();
$par = JComponentHelper::getParams('com_djclassifieds');
if($type=='category'){
$message = JText::_("COM_DJCLASSIFIEDS_YOU_ARE_NOT_AUTHORIZED_TO_VIEW_THIS_CATEGORY");
}else{
$message = JText::_("COM_DJCLASSIFIEDS_YOU_ARE_NOT_AUTHORIZED_TO_VIEW_THIS_ADVERT");
}
if($par->get('acl_redirect','0')==1){
$app->enqueueMessage($message, 'warning');
$redirect = JURI::base();
}else if($par->get('acl_redirect','0')==2 && $par->get('acl_red_article_id','0')>0){
$query = "SELECT a.id, a.alias, a.catid, c.alias as c_alias "
."FROM #__content a "
."LEFT JOIN #__categories c ON c.id=a.catid "
."WHERE a.state=1 AND a.id=".$par->get('acl_red_article_id','0');
$db->setQuery($query);
$acl_article = $db->loadObject();
if($acl_article){
$content_helper_route = JPATH_ROOT.'/components/com_content/helpers/route.php';
if(file_exists($content_helper_route)){
include_once $content_helper_route;
}
$slug = $acl_article->id.':'.$acl_article->alias;
$cslug = $acl_article->catid.':'.$acl_article->c_alias;
$article_link = ContentHelperRoute::getArticleRoute($slug,$cslug);
$redirect = JRoute::_($article_link);
}else{
$redirect = JURI::base();
}
}else{
$redirect = DJClassifiedsSEO::getCategoryRoute('0:all');
}
$app->enqueueMessage($message, 'error');
$app->redirect(JRoute::_($redirect, false));
}
static function isCatLocked($item)
{
$db = JFactory::getDBO();
if($item->id){
$query = "SELECT dx.id "
."FROM #__djcf_days_xref dx "
."INNER JOIN #__djcf_days d ON dx.day_id=d.id "
."WHERE dx.cat_id=".$item->cat_id." AND d.days=".$item->exp_days." "
."ORDER BY d.id DESC LIMIT 1";
$db->setQuery($query);
$day_id = $db->loadResult();
if($day_id){
return true;
}
}
return false;
}
static function checkAdsLimits($par)
{
$app = JFactory::getApplication();
$db = JFactory::getDBO();
$user = JFactory::getUser();
$user_ip = $_SERVER['REMOTE_ADDR'];
if($par->get('advert_limit_5min',5) > 0){
$date_last5 = JFactory::getDate('now - 5 minute')->toSQL();
if($user->id){
$query = "SELECT COUNT(id) FROM #__djcf_items WHERE user_id = ".$user->id." AND date_start >= '".$date_last5."'";
}else{
$query = "SELECT COUNT(id) FROM #__djcf_items WHERE ip_address = '".$user_ip."' AND date_start >= '".$date_last5."'";
}
$db->setQuery($query);
$check = $db->loadResult();
if($check >= $par->get('advert_limit_5min',5)){
$app->enqueueMessage(JText::_('COM_DJCLASSIFIEDS_ADVERTS_LIMIT_LAST_5MIN_ALERT'), 'error');
return false;
}
}
if($par->get('advert_limit_hour',10) > 0){
$date_lasth = JFactory::getDate('now - 1 hour')->toSQL();
if($user->id){
$query = "SELECT COUNT(id) FROM #__djcf_items WHERE user_id = ".$user->id." AND date_start >= '".$date_lasth."'";
}else{
$query = "SELECT COUNT(id) FROM #__djcf_items WHERE ip_address = '".$user_ip."' AND date_start >= '".$date_lasth."'";
}
$db->setQuery($query);
$check = $db->loadResult();
if($check >= $par->get('advert_limit_hour',10)){
$app->enqueueMessage(JText::_('COM_DJCLASSIFIEDS_ADVERTS_LIMIT_LAST_HOUR_ALERT'), 'error');
return false;
}
}
if($par->get('advert_limit_day',50) > 0){
$date_lastd = JFactory::getDate('now - 1 day')->toSQL();
if($user->id){
$query = "SELECT COUNT(id) FROM #__djcf_items WHERE user_id = ".$user->id." AND date_start >= '".$date_lastd."'";
}else{
$query = "SELECT COUNT(id) FROM #__djcf_items WHERE ip_address = '".$user_ip."' AND date_start >= '".$date_lastd."'";
}
$db->setQuery($query);
$check = $db->loadResult();
if($check >= $par->get('advert_limit_day',50)){
$app->enqueueMessage(JText::_('COM_DJCLASSIFIEDS_ADVERTS_LIMIT_LAST_DAY_ALERT'), 'error');
return false;
}
}
return true;
}
static function checkCatAllowed($cats_to_check)
{
$app = JFactory::getApplication();
$djmodel = new DJClassifiedsModel();
foreach($cats_to_check as $cat_id){
$cat = $djmodel->getCategory($cat_id);
if($cat->ads_disabled){
$app->enqueueMessage(JText::sprintf('COM_DJCLASSIFIEDS_CATEGORY_POSTING_NOT_ALLOWED', JText::_($cat->name)), 'error');
return false;
}
}
return true;
}
static function checkCatAdsLimits($cats_to_check, $id = 0)
{
$app = JFactory::getApplication();
$db = JFactory::getDBO();
$user = JFactory::getUser();
$djmodel = new DJClassifiedsModel();
if($user->id){
$query = "SELECT count(*) c, cat_id "
."FROM ("
."SELECT id, cat_id, user_id, date_exp FROM #__djcf_items "
.(JPluginHelper::isEnabled('djclassifieds', 'multicategories') ? "UNION SELECT i.id, ic.cat_id, i.user_id, i.date_exp FROM #__djcf_items i INNER JOIN #__djcf_items_categories ic ON i.id=ic.item_id " : "")
.") v "
."WHERE user_id=".$user->id." AND id!=".($id ? $id : 0)." "
."AND date_exp > ".$db->q(JFactory::getDate()->toSQL())." "
."GROUP BY cat_id";
$db->setQuery($query);
$user_ad_count = $db->loadAssocList('cat_id', 'c');
if($user_ad_count){
foreach($cats_to_check as $cat_id){
$cat = $djmodel->getCategory($cat_id);
if(!empty($cat->ads_limit) && !empty($user_ad_count[$cat->id]) && $user_ad_count[$cat->id] >= $cat->ads_limit){
$app->enqueueMessage(JText::sprintf('COM_DJCLASSIFIEDS_CATEGORY_ADS_LIMIT_REACHED', JText::_($cat->name)), 'error');
return false;
}
}
}
}
return true;
}
static function isProfileVerified($user_id = null)
{
if($user_id === null){
$user_id = JFactory::getUser()->id;
}
$db = JFactory::getDBO();
$query = "SELECT verified FROM #__djcf_profiles WHERE user_id=".$user_id;
$db->setQuery($query);
$verified = $db->loadResult();
return $verified;
}
static function isUserEmailDisabled($email_id, $email)
{
$db = JFactory::getDBO();
$query = "SELECT p.disabled_emails FROM #__djcf_profiles p INNER JOIN #__users u ON p.user_id=u.id WHERE u.email=".$db->q($email);
$db->setQuery($query);
$disabled_emails = $db->loadResult();
if($disabled_emails && in_array($email_id, explode(',', $disabled_emails))){
return true;
}
}
static function hasAskFormAccess($user_id, $par)
{
$user = JFactory::getUser($user_id);
if($par->get('ask_seller_type','0')=='0' && !$user->id){
return false;
}elseif($par->get('ask_seller_type','0')=='0' && $ug_access = $par->get('ask_seller_ug_access', array())){
foreach($ug_access as $ug){
if(in_array($ug, $user->groups)){
return true;
break;
}
}
return false;
}
return true;
}
static function hasContactAccess($user_id, $par)
{
$user = JFactory::getUser($user_id);
if($par->get('show_contact_only_registered','0')=='1' && !$user->id){
return false;
}elseif($par->get('show_contact_only_registered','0')=='1' && $ug_access = $par->get('show_contact_ug_access', array())){
foreach($ug_access as $ug){
if(in_array($ug, $user->groups)){
return true;
break;
}
}
return false;
}
return true;
}
static function overrideUserAutopublish(&$par)
{
$user = JFactory::getUser();
$autopublish_ug = $par->get('autopublish_ug', array());
foreach($autopublish_ug as $ug){
if(in_array($ug, $user->groups)){
$par->set('autopublish', '1');
return;
}
}
}
}