/**
* @return The themed html string for user login status.
*/
function theme_login_status()
{
$output = '<div class="login-status">';
if (user_id()) {
$output .= 'Welcome, ' . theme('contact_name', user_id(), true) . '. <a href="index.php?command=logout">Log out</a>';
} else {
$output .= '<a href=' . crm_url('login') . '>Log in</a> ';
$output .= '<a href=' . crm_url('reset') . '>Reset password</a>';
}
$output .= '</div>';
return $output;
}
/**
* Process a command and redirect.
* @param $command The name of the command to process
* @return The url to redirect to.
*/
function command($command)
{
// Initialize url and parameters
$url = '';
$params = array();
// Call legacy handler if it exists
$handler = "command_{$command}";
if (function_exists($handler)) {
$res = call_user_func($handler);
// Split result into file and params
$parts = explode('?', $res);
$url = $parts[0];
if (sizeof($parts) > 0) {
$clauses = explode('&', $parts[1]);
foreach ($clauses as $clause) {
$keyvalue = explode('=', $clause);
if (sizeof($keyvalue) > 1) {
$params[$keyvalue[0]] = $keyvalue[1];
}
}
}
}
// Call the handler for each module if it exists
foreach (module_list() as $module) {
$handler = "{$module}_command";
if (function_exists($handler)) {
$handler($command, $url, $params);
}
}
// Error if the url is still empty
if (empty($url)) {
error_register('No such command: ' . $command);
$url = crm_url();
}
$url .= '?';
$parts = array();
foreach ($params as $key => $value) {
$parts[] = $key . '=' . $value;
}
return $url . implode('&', $parts);
}
/**
* Handle secret delete request.
*
* @return The url to display on completion.
*/
function command_secrets_delete()
{
global $esc_post;
// Verify permissions
if (!user_access('secrets_delete')) {
error_register('Permission denied: secrets_delete');
return crm_url('secrets');
}
secrets_delete($_POST);
return crm_url('secrets');
}
/**
* Run billings
*/
function command_billing()
{
// Get current date and last bill date
$today = date('Y-m-d');
$last_billed = variable_get('billing_last_date', '');
// Find memberships that start before today and end after the last bill date
$filter = array();
if (!empty($last_billed)) {
$filter['ends_after'] = $last_billed;
}
$membership_data = crm_get_data('member_membership', array('filter' => $filter));
// Bill each membership
foreach ($membership_data as $membership) {
if (!empty($membership['end']) && strtotime($membership['end']) < strtotime($today)) {
// Bill until end of membership
_billing_bill_membership($membership, $membership['end'], $last_billed);
} else {
// Bill until today
_billing_bill_membership($membership, $today, $last_billed);
}
}
// Set last billed date to today
variable_set('billing_last_date', $today);
$begin = empty($last_billed) ? 'the beginning of time' : $last_billed;
message_register("Billings processed from {$begin} through {$today}.");
return crm_url('payments');
}
/**
* Return a link.
* @param $text The text of the link.
* @param $path The path to link to.
* @param $opts Options array to pass to crm_url().
* @return A string containing the html link.
*/
function crm_link($text, $path, $opts = array())
{
return '<a href="' . crm_url($path, $opts) . '">' . $text . '</a>';
}
/**
* Return a table structure representing a member's past and current memberships.
*
* @param $opts Options to pass to member_membership_data().
* @return The table structure.
*/
function member_membership_table($opts = NULL)
{
// Ensure user is allowed to view members
if (!user_access('member_membership_view')) {
return NULL;
}
// Get member data
$memberships = member_membership_data($opts);
// Create table structure
$table = array('id' => '', 'class' => '', 'rows' => array());
// Add columns
$table['columns'] = array();
if (user_access('member_membership_view')) {
$table['columns'][] = array('title' => 'Start', 'class' => '');
$table['columns'][] = array('title' => 'End', 'class' => '');
$table['columns'][] = array('title' => 'Plan', 'class' => '');
$table['columns'][] = array('title' => 'Price', 'class' => '');
}
// Add ops column
if (user_access('member_membership_edit')) {
$table['columns'][] = array('title' => 'Ops', 'class' => '');
}
// Loop through membership data
foreach ($memberships as $membership) {
// Add user data
$row = array();
if (user_access('member_membership_view')) {
$row[] = $membership['start'];
$row[] = $membership['end'];
$row[] = $membership['plan']['name'];
$row[] = $membership['plan']['price'];
}
// Construct ops array
$ops = array();
// Add delete op
if (user_access('member_membership_edit')) {
$ops[] = '<a href=' . crm_url('membership&sid=' . $membership['sid'] . '&tab=edit') . '>edit</a>';
$ops[] = '<a href=' . crm_url('delete&type=member_membership&id=' . $membership['sid']) . '>delete</a>';
}
// Add ops row
if (!empty($ops)) {
$row[] = join(' ', $ops);
}
// Add row to table
$table['rows'][] = $row;
}
// Return table
return $table;
}
/**
* @param $form The form structure.
* @return The themed html string for a form.
*/
function theme_form($form)
{
// Return empty string if there is no structure
if (empty($form)) {
return '';
}
// Initialize output
$output = '';
// Determine type of form structure
switch ($form['type']) {
case 'form':
// Add form
$output .= '<form method="' . $form['method'] . '" action="';
if (!empty($form['action'])) {
$output .= $form['action'] . '"';
} else {
$output .= crm_url('') . '"';
}
if (array_key_exists('enctype', $form)) {
$output .= ' enctype="' . $form['enctype'] . '"';
}
$output .= '>';
// Add hidden values
if (!empty($form['command'])) {
$output .= '<fieldset class="hidden"><input type="hidden" name="command" value="' . $form['command'] . '" /></fieldset>';
}
if (array_key_exists('hidden', $form) && count($form['hidden']) > 0) {
foreach ($form['hidden'] as $name => $value) {
$output .= '<fieldset class="hidden"><input type="hidden" name="' . $name . '" value="' . $value . '"/></fieldset>';
}
}
// Loop through each field and add output
foreach ($form['fields'] as $field) {
if (array_key_exists('values', $form)) {
$field = form_set_value($field, $form['values']);
$field['values'] = $form['values'];
}
$output .= theme('form', $field);
}
// Add submit button
if (isset($form['submit'])) {
$submit_field = array('type' => 'submit', 'value' => $form['submit']);
$output .= theme('form', $submit_field);
}
$output .= '</form>';
break;
case 'fieldset':
$output .= '<fieldset>';
// Add legend
if (!empty($form['label'])) {
$output .= '<legend>' . $form['label'] . '</legend>';
}
// Loop through each field and add output
foreach ($form['fields'] as $field) {
if (array_key_exists('values', $form)) {
$field = form_set_value($field, $form['values']);
$field['values'] = $form['values'];
}
$output .= theme('form', $field);
}
$output .= '</fieldset>';
break;
case 'table':
$output .= theme('form_table', $form);
break;
case 'message':
$output .= theme('form_message', $form);
break;
case 'readonly':
$output .= theme('form_readonly', $form);
break;
case 'text':
$output .= theme('form_text', $form);
break;
case 'textarea':
$output .= theme('form_textarea', $form);
break;
case 'checkbox':
$output .= theme('form_checkbox', $form);
break;
case 'select':
$output .= theme('form_select', $form);
break;
case 'password':
$output .= theme('form_password', $form);
break;
case 'file':
$output .= theme('form_file', $form);
break;
case 'submit':
$output .= theme('form_submit', $form);
break;
}
return $output;
}
/**
* Handle key delete request.
*
* @return The url to display on completion.
*/
function command_key_delete()
{
global $esc_post;
// Verify permissions
if (!user_access('key_delete')) {
error_register('Permission denied: key_delete');
return crm_url('key&kid=' . $esc_post['kid']);
}
key_delete($_POST);
return crm_url('members');
}
/**
* Handle plan import request.
*
* @return The url to display on completion.
*/
function command_member_plan_import()
{
if (!user_access('member_plan_edit')) {
error_register('User does not have permission: member_plan_edit');
return crm_url('members');
}
if (!array_key_exists('plan-file', $_FILES)) {
error_register('No plan file uploaded');
return crm_url('plans&tab=import');
}
$csv = file_get_contents($_FILES['plan-file']['tmp_name']);
$data = csv_parse($csv);
foreach ($data as $row) {
// Convert row keys to lowercase and remove spaces
foreach ($row as $key => $value) {
$new_key = str_replace(' ', '', strtolower($key));
unset($row[$key]);
$row[$new_key] = $value;
}
// Add plan
$name = mysql_real_escape_string($row['planname']);
$price = mysql_real_escape_string($row['price']);
$active = mysql_real_escape_string($row['active']);
$voting = mysql_real_escape_string($row['voting']);
$sql = "\n INSERT INTO `plan`\n (`name`,`price`,`active`,`voting`)\n VALUES\n ('{$name}','{$price}','{$active}','{$voting}')";
$res = mysql_query($sql);
if (!$res) {
crm_error(mysql_error());
}
$pid = mysql_insert_id();
}
return crm_url('plans');
}
/**
* Handle mentor delete request.
*
* @return The url to display on completion.
*/
function command_mentor_delete()
{
global $esc_post;
// Verify permissions
if (!user_access('mentor_delete')) {
error_register('Permission denied: mentor_delete');
return crm_url('');
}
// Query database
$sql = "\r\n DELETE FROM `mentor`\r\n WHERE `cid`='{$esc_post['cid']}' AND `mentor_cid`='{$esc_post['mentor_cid']}'";
$res = mysql_query($sql);
if (!$res) {
die(mysql_error());
}
return crm_url('members');
}
/**
* Handle user permissions update request.
*
* @return The url to display on completion.
*/
function command_user_permissions_update()
{
global $esc_post;
// Check permissions
if (!user_access('user_edit')) {
error_register('Current user does not have permission: user_edit');
return crm_url('permissions');
}
// Check status of each permission for each role
$perms = user_permissions_list();
$roles = user_role_data();
foreach ($perms as $perm) {
$esc_perm = mysql_real_escape_string($perm);
foreach ($roles as $role) {
$key = "{$perm}-{$role['name']}";
$esc_rid = mysql_real_escape_string($role['rid']);
if ($_POST[$key]) {
// Ensure the role has this permission
$sql = "\n SELECT * FROM `role_permission`\n WHERE `rid`='{$esc_rid}' AND `permission`='{$esc_perm}'\n ";
$res = mysql_query($sql);
if (!$res) {
die(mysql_error());
}
if (mysql_numrows($res) === 0) {
$sql = "\n INSERT INTO `role_permission`\n (`rid`, `permission`)\n VALUES\n ('{$esc_rid}', '{$esc_perm}')\n ";
}
$res = mysql_query($sql);
if (!$res) {
die(mysql_error());
}
} else {
// Delete the permission for this role
$sql = "\n DELETE FROM `role_permission`\n WHERE `rid`='{$esc_rid}' AND `permission`='{$esc_perm}'\n ";
$res = mysql_query($sql);
if (!$res) {
die(mysql_error());
}
}
}
}
return crm_url('permissions');
}
/**
* Return themed html for an amazon payment button.
* @param $cid The cid to create a button for.
* @param $params Options for the button.
* @return A string containing the themed html.
*/
function theme_amazon_payment_button($cid, $params = array())
{
global $config_amazon_payment_access_key_id;
global $config_amazon_payment_secret;
global $config_host;
if (empty($config_amazon_payment_access_key_id)) {
error_register('Missing Amazon Access Key ID');
return '';
}
if (empty($config_amazon_payment_secret)) {
error_register('Missing Amazon Secret Key');
return '';
}
$defaults = array('immediateReturn' => '0', 'collectShippingAddress' => '0', 'referenceId' => 'YourReferenceId', 'amount' => 'USD 1.1', 'cobrandingStyle' => 'logo', 'description' => 'Test Widget', 'ipnUrl' => 'http://' . $config_host . base_path() . 'modules/amazon_payment/ipn.php', 'returnUrl' => 'http://' . $config_host . crm_url('contact', array('query' => array('cid' => $cid, 'tab' => 'account'))), 'processImmediate' => '1', 'cobrandingStyle' => 'logo', 'abandonUrl' => 'http://' . $config_host . crm_url('contact', array('query' => array('cid' => $cid, 'tab' => 'account'))));
// Use defaults for parameters not specified
foreach ($defaults as $key => $value) {
if (!isset($params[$key])) {
$params[$key] = $value;
}
}
// Always use AWS Signatures v2 with SHA256 HMAC
// http://docs.aws.amazon.com/general/latest/gr/signature-version-2.html
$params['accessKey'] = $config_amazon_payment_access_key_id;
$params['signatureVersion'] = '2';
$params['signatureMethod'] = 'HmacSHA256';
$host = 'authorize.payments.amazon.com';
$path = '/pba/paypipeline';
$params['signature'] = amazon_payment_signature($params, $host, $path, 'POST');
$html = <<<EOF
<form action ="https://authorize.payments.amazon.com/pba/paypipeline" method="POST"/>
<input type="image" src="https://authorize.payments.amazon.com/pba/images/SLPayNowWithLogo.png" border="0"/>
<input type="hidden" name="accessKey" value="{$params['accessKey']}"/>
<input type="hidden" name="amount" value="{$params['amount']}"/>
<input type="hidden" name="collectShippingAddress" value="{$params['collectShippingAddress']}"/>
<input type="hidden" name="description" value="{$params['description']}"/>
<input type="hidden" name="signatureMethod" value="{$params['signatureMethod']}"/>
<input type="hidden" name="referenceId" value="{$params['referenceId']}"/>
<input type="hidden" name="immediateReturn" value="{$params['immediateReturn']}"/>
<input type="hidden" name="returnUrl" value="{$params['returnUrl']}"/>
<input type="hidden" name="abandonUrl" value="{$params['abandonUrl']}"/>
<input type="hidden" name="processImmediate" value="{$params['processImmediate']}"/>
<input type="hidden" name="ipnUrl" value="{$params['ipnUrl']}"/>
<input type="hidden" name="cobrandingStyle" value="{$params['cobrandingStyle']}"/>
<input type="hidden" name="signatureVersion" value="{$params['signatureVersion']}"/>
<input type="hidden" name="signature" value="{$params['signature']}"/>
</form>
EOF;
return $html;
}
/**
* Handle upgrade request.
*
* @return The url to redirect to on completion.
*/
function command_module_upgrade()
{
global $esc_post;
// Create tables
$res = module_upgrade();
if (!$res) {
return crm_url();
}
message_register('Seltzer CRM has been upgraded.');
return crm_url();
}
/**
* Handle payment filter request.
* @return The url to display on completion.
*/
function command_payment_filter()
{
// Set filter in session
$_SESSION['payment_filter_option'] = $_GET['filter'];
// Set filter
if ($_GET['filter'] == 'all') {
$_SESSION['payment_filter'] = array();
}
if ($_GET['filter'] == 'orphaned') {
$_SESSION['payment_filter'] = array('credit_cid' => '0', 'debit_cid' => '0');
}
// Construct query string
$params = array();
foreach ($_GET as $k => $v) {
if ($k == 'command' || $k == 'filter' || $k == 'q') {
continue;
}
$params[] = urlencode($k) . '=' . urlencode($v);
}
if (!empty($params)) {
$query = '&' . implode('&', $params);
}
return crm_url('payments') . $query;
}
/**
* Return themed html for paypal admin links.
*/
function theme_paypal_payment_admin()
{
return '<p><a href=' . crm_url('paypal-admin') . '>Administer</a></p>';
}
/**
* Handle contact delete request.
*
* @return The url to display on completion.
*/
function command_contact_delete()
{
// Verify permissions
if (!user_access('contact_delete')) {
error_register('Permission denied: contact_delete');
return crm_url('contacts');
}
contact_delete($_POST['cid']);
return crm_url('contacts');
}