function process(Vtiger_Request $request)
{
$username = $request->get('username');
$password = $request->get('password');
$user = CRMEntity::getInstance('Users');
$user->column_fields['user_name'] = $username;
if ($user->doLogin($password)) {
$userid = $user->retrieve_user_id($username);
Vtiger_Session::set('AUTHUSERID', $userid);
// For Backward compatability
// TODO Remove when switch-to-old look is not needed
$_SESSION['authenticated_user_id'] = $userid;
$_SESSION['app_unique_key'] = vglobal('application_unique_key');
$_SESSION['authenticated_user_language'] = vglobal('default_language');
//Enabled session variable for KCFINDER
$_SESSION['KCFINDER'] = array();
$_SESSION['KCFINDER']['disabled'] = false;
$_SESSION['KCFINDER']['uploadURL'] = "test/upload";
$_SESSION['KCFINDER']['uploadDir'] = "test/upload";
$deniedExts = implode(" ", vglobal('upload_badext'));
$_SESSION['KCFINDER']['deniedExts'] = $deniedExts;
// End
//Track the login History
$moduleModel = Users_Module_Model::getInstance('Users');
$moduleModel->saveLoginHistory($user->column_fields['user_name']);
//End
header('Location: index.php?module=Users&parent=Settings&view=SystemSetup');
exit;
} else {
header('Location: index.php?module=Users&parent=Settings&view=Login&error=1');
exit;
}
}
function process(Vtiger_Request $request)
{
$currentUserModel = Users_Record_Model::getCurrentUserModel();
$baseUserId = $currentUserModel->getId();
$userId = $request->get('id');
$user = new Users();
$currentUser = $user->retrieveCurrentUserInfoFromFile($userId);
$name = $currentUserModel->getName();
$userName = $currentUser->column_fields['user_name'];
Vtiger_Session::set('AUTHUSERID', $userId);
Vtiger_Session::set('authenticated_user_id', $userId);
Vtiger_Session::set('user_name', $userName);
Vtiger_Session::set('full_user_name', $name);
$status = 'Switched';
if (Vtiger_Session::get('baseUserId') == '') {
Vtiger_Session::set('baseUserId', $baseUserId);
$status = 'Signed in';
} elseif ($userId == Vtiger_Session::get('baseUserId')) {
$baseUserId = $userId;
Vtiger_Session::set('baseUserId', '');
$status = 'Signed out';
} else {
$baseUserId = Vtiger_Session::get('baseUserId');
}
$dbLog = PearDatabase::getInstance('log');
$dbLog->insert('l_yf_switch_users', ['baseid' => $baseUserId, 'destid' => $userId, 'busername' => $currentUserModel->getName(), 'dusername' => $name, 'date' => date('Y-m-d H:i:s'), 'ip' => Vtiger_Functions::getRemoteIP(), 'agent' => $_SERVER['HTTP_USER_AGENT'], 'status' => $status]);
header('Location: index.php');
}
public static function getActiveLayout()
{
$layout = Vtiger_Session::get('layout');
if (!empty($layout)) {
return $layout;
}
return vglobal('defaultLayout');
}
public static function getActiveLayout()
{
$layout = Vtiger_Session::get('layout');
if (!empty($layout)) {
return $layout;
}
return AppConfig::main('defaultLayout');
}
public function __construct($message = null, $code = 0)
{
parent::__construct($message, $code);
Vtiger_Session::init();
$request = new Vtiger_Request($_REQUEST);
$dbLog = PearDatabase::getInstance('log');
$userName = Vtiger_Session::get('full_user_name');
$dbLog->insert('o_yf_access_for_api', ['username' => empty($userName) ? '-' : $userName, 'date' => date('Y-m-d H:i:s'), 'ip' => Vtiger_Functions::getRemoteIP(), 'url' => Vtiger_Functions::getBrowserInfo()->url, 'agent' => $_SERVER['HTTP_USER_AGENT'], 'request' => json_encode($_REQUEST)]);
}
function process(Vtiger_Request $request)
{
$username = $request->get('username');
$password = $request->get('password');
if ($request->get('mode') == 'install') {
error_reporting(0);
$dirPath = 'install';
foreach (new RecursiveIteratorIterator(new RecursiveDirectoryIterator($dirPath, FilesystemIterator::SKIP_DOTS), RecursiveIteratorIterator::CHILD_FIRST) as $path) {
$path->isDir() ? rmdir($path->getPathname()) : unlink($path->getPathname());
}
rmdir($dirPath);
}
$checkBlocked = Settings_BruteForce_Module_Model::checkBlocked();
$bruteForceSettings = Settings_BruteForce_Module_Model::getBruteForceSettings();
if ($checkBlocked && $bruteForceSettings['active']) {
Settings_BruteForce_Module_Model::sendNotificationEmail();
header('Location: index.php?module=Users&parent=Settings&view=Login&error=2');
exit;
}
$user = CRMEntity::getInstance('Users');
$user->column_fields['user_name'] = $username;
$moduleModel = Users_Module_Model::getInstance('Users');
if ($user->doLogin($password)) {
if (vglobal('session_regenerate_id')) {
session_regenerate_id(true);
}
// to overcome session id reuse.
$userid = $user->retrieve_user_id($username);
Vtiger_Session::set('AUTHUSERID', $userid);
// For Backward compatability
// TODO Remove when switch-to-old look is not needed
$_SESSION['authenticated_user_id'] = $userid;
$_SESSION['app_unique_key'] = vglobal('application_unique_key');
$_SESSION['authenticated_user_language'] = vglobal('default_language');
$_SESSION['user_name'] = $username;
$_SESSION['full_user_name'] = Vtiger_Functions::getUserRecordLabel($userid);
//Enabled session variable for KCFINDER
$_SESSION['KCFINDER'] = array();
$_SESSION['KCFINDER']['disabled'] = false;
$_SESSION['KCFINDER']['uploadURL'] = "cache/upload";
$_SESSION['KCFINDER']['uploadDir'] = "../../cache/upload";
$deniedExts = implode(" ", vglobal('upload_badext'));
$_SESSION['KCFINDER']['deniedExts'] = $deniedExts;
// End
//Track the login History
$moduleModel->saveLoginHistory($user->column_fields['user_name']);
//End
header('Location: index.php');
exit;
} else {
//Track the login History
$browser = Settings_BruteForce_Module_Model::browserDetect();
$moduleModel->saveLoginHistory($username, 'Failed login', $browser);
header('Location: index.php?module=Users&parent=Settings&view=Login&error=1');
exit;
}
}
function process(Vtiger_Request $request)
{
Vtiger_Session::destroy();
//Track the logout History
$moduleName = $request->getModule();
$moduleModel = Users_Module_Model::getInstance($moduleName);
$moduleModel->saveLogoutHistory();
//End
header('Location: index.php');
}
/**
* Function to get the list of Header Links
* @return <Array> - List of Vtiger_Link_Model instances
*/
function getHeaderLinks()
{
$userModel = Users_Record_Model::getCurrentUserModel();
$headerLinks = [];
$userPersonalSettingsLinks = ['linktype' => 'HEADERLINK', 'linklabel' => $userModel->getDisplayName(), 'linkurl' => '', 'linkicon' => ''];
if (SysSecurity::getBoolean('SHOW_MY_PREFERENCES')) {
$userPersonalSettingsLinks['childlinks'][] = ['linktype' => 'HEADERLINK', 'linklabel' => 'LBL_MY_PREFERENCES', 'linkurl' => $userModel->getPreferenceDetailViewUrl(), 'linkicon' => ''];
}
$userPersonalSettingsLinks['childlinks'][] = ['linktype' => 'HEADERLINK', 'linklabel' => 'LBL_SIGN_OUT', 'linkurl' => '?module=Users&parent=Settings&action=Logout', 'linkicon' => ''];
array_push($headerLinks, $userPersonalSettingsLinks);
if ($userModel->isAdminUser()) {
$crmSettingsLink = array('linktype' => 'HEADERLINK', 'linklabel' => 'LBL_SYSTEM_SETTINGS', 'linkurl' => '', 'linkicon' => 'setting.png', 'nocaret' => true, 'childlinks' => array(array('linktype' => 'HEADERLINK', 'linklabel' => 'LBL_SYSTEM_SETTINGS', 'linkurl' => '?module=Vtiger&parent=Settings&view=Index', 'linkicon' => ''), array('linktype' => 'HEADERLINK', 'linklabel' => 'LBL_MANAGE_USERS', 'linkurl' => '?module=Users&parent=Settings&view=List', 'linkicon' => '')));
array_push($headerLinks, $crmSettingsLink);
}
require 'user_privileges/switchUsers.php';
$baseUserId = $userModel->getId();
if (Vtiger_Session::has('baseUserId') && Vtiger_Session::get('baseUserId') != '') {
$baseUserId = Vtiger_Session::get('baseUserId');
}
if (key_exists($baseUserId, $switchUsers)) {
$childlinks = [];
if (Vtiger_Session::has('baseUserId') && Vtiger_Session::get('baseUserId') != '') {
$user = new Users();
$currentUser = $user->retrieveCurrentUserInfoFromFile($baseUserId);
$userName = $currentUser->column_fields['first_name'] . ' ' . $currentUser->column_fields['last_name'];
$childlinks[] = ['linktype' => 'HEADERLINK', 'linklabel' => $userName, 'linkurl' => '?module=Users&action=SwitchUsers&id=' . $baseUserId, 'linkicon' => ''];
$childlinks[] = ['linktype' => 'HEADERLINK', 'linklabel' => NULL];
}
foreach ($switchUsers[$baseUserId] as $userid => $userName) {
if ($userid != $baseUserId) {
$childlinks[] = ['linktype' => 'HEADERLINK', 'linklabel' => $userName, 'linkurl' => '?module=Users&action=SwitchUsers&id=' . $userid, 'linkicon' => ''];
}
}
$customHeaderLinks = ['linktype' => 'HEADERLINK', 'linklabel' => 'SwitchUsers', 'linkurl' => '', 'linkicon' => 'glyphicon glyphicon-transfer', 'nocaret' => true, 'childlinks' => $childlinks];
array_push($headerLinks, $customHeaderLinks);
}
$headerLinkInstances = [];
$index = 0;
foreach ($headerLinks as $headerLink) {
$headerLinkInstance = Vtiger_Link_Model::getInstanceFromValues($headerLink);
if (isset($headerLink['childlinks'])) {
foreach ($headerLink['childlinks'] as $childLink) {
$headerLinkInstance->addChildLink(Vtiger_Link_Model::getInstanceFromValues($childLink));
}
}
$headerLinkInstances[$index++] = $headerLinkInstance;
}
$headerLinks = Vtiger_Link_Model::getAllByType(Vtiger_Link::IGNORE_MODULE, ['HEADERLINK']);
foreach ($headerLinks as $headerType => $headerLinks) {
foreach ($headerLinks as $headerLink) {
$headerLinkInstances[$index++] = Vtiger_Link_Model::getInstanceFromLinkObject($headerLink);
}
}
return $headerLinkInstances;
}
function process(Vtiger_Request $request)
{
session_regenerate_id(true);
// to overcome session id reuse.
Vtiger_Session::destroy();
//Track the logout History
$moduleName = $request->getModule();
$moduleModel = Users_Module_Model::getInstance($moduleName);
$moduleModel->saveLogoutHistory();
//End
header('Location: index.php');
}
function process(Vtiger_Request $request)
{
vimport('~include/events/include.inc');
$db = PearDatabase::getInstance();
$em = new VTEventsManager($db);
$em->initTriggerCache();
$em->triggerEvent('user.logout.before', []);
Vtiger_Session::regenerateId(true);
// to overcome session id reuse.
Vtiger_Session::destroy();
//Track the logout History
$moduleName = $request->getModule();
$moduleModel = Users_Module_Model::getInstance($moduleName);
$moduleModel->saveLogoutHistory();
//End
header('Location: index.php');
}
public function transferRecordsOwnership($module, $transferOwnerId, $relatedModuleRecordIds)
{
$currentUser = vglobal('current_user');
$db = PearDatabase::getInstance();
$db->update('vtiger_crmentity', ['smownerid' => $transferOwnerId, 'modifiedby' => $currentUser->id, 'modifiedtime' => date('Y-m-d H:i:s')], 'crmid IN (' . implode(',', $relatedModuleRecordIds) . ')');
vimport('~modules/ModTracker/ModTracker.php');
$flag = ModTracker::isTrackingEnabledForModule($module);
if ($flag) {
foreach ($relatedModuleRecordIds as $record) {
$id = $db->getUniqueID('vtiger_modtracker_basic');
$query = 'INSERT INTO vtiger_modtracker_basic ( id, whodid, whodidsu, changedon, crmid, module ) SELECT ? , ? , ?, ?, crmid, setype FROM vtiger_crmentity WHERE crmid = ?';
$db->pquery($query, [$id, $currentUser->id, Vtiger_Session::get('baseUserId'), date('Y-m-d H:i:s', time()), $record]);
$query = 'INSERT INTO vtiger_modtracker_detail ( id, fieldname, postvalue , prevalue ) SELECT ? , ? ,? , smownerid FROM vtiger_crmentity WHERE crmid = ?';
$db->pquery($query, [$id, 'assigned_user_id', $currentUser->id, $record]);
}
}
}
public function process(Vtiger_Request $request)
{
$moduleName = $request->getModule();
$users = Users_Module_Model::getSwitchUsers();
$userId = $request->get('id');
$baseUserId = $userId;
if (Vtiger_Session::has('baseUserId') && Vtiger_Session::get('baseUserId') != '') {
$baseUserId = Vtiger_Session::get('baseUserId');
}
unset($users[$baseUserId]);
unset($users[$userId]);
$viewer = $this->getViewer($request);
$viewer->assign('SWITCH_USERS', $users);
$viewer->assign('MODULE_NAME', $moduleName);
$viewer->assign('BASE_USER_ID', $baseUserId);
$this->preProcess($request);
$viewer->view('SwitchUsers.tpl', $moduleName);
$this->postProcess($request);
}
static function trackRelation($sourceModule, $sourceId, $targetModule, $targetId, $type)
{
$adb = PearDatabase::getInstance();
$current_user = vglobal('current_user');
$currentTime = date('Y-m-d H:i:s');
$id = $adb->getUniqueId('vtiger_modtracker_basic');
$adb->insert('vtiger_modtracker_basic', ['id' => $id, 'crmid' => $sourceId, 'module' => $sourceModule, 'whodid' => $current_user->id, 'changedon' => $currentTime, 'status' => $type, 'whodidsu' => Vtiger_Session::get('baseUserId')]);
$adb->insert('vtiger_modtracker_relations', ['id' => $id, 'targetmodule' => $targetModule, 'targetid' => $targetId, 'changedon' => $currentTime]);
$isMyRecord = $adb->pquery('SELECT crmid FROM vtiger_crmentity WHERE smownerid <> ? AND crmid = ?', array($current_user->id, $sourceId));
if ($adb->num_rows($isMyRecord) > 0) {
$adb->pquery("UPDATE vtiger_crmentity SET was_read = 0 WHERE crmid = ?;", array($sourceId));
}
}
public static function getSwitchUsers()
{
$userModel = Users_Record_Model::getCurrentUserModel();
require 'user_privileges/switchUsers.php';
$baseUserId = $userModel->getId();
if (Vtiger_Session::has('baseUserId') && Vtiger_Session::get('baseUserId') != '') {
$baseUserId = Vtiger_Session::get('baseUserId');
}
$users = [];
if (array_key_exists($baseUserId, $switchUsers)) {
foreach ($switchUsers[$baseUserId] as $userid => $userName) {
$users[$userid] = $userName;
}
if (count($users) > 1) {
return $users;
}
}
return [];
}
<?php
chdir(dirname(__FILE__) . '/../');
// Adjust error_reporting favourable to deployment.
include_once 'include/RequirementsValidation.php';
require_once 'include/main/WebUI.php';
session_save_path('cache/session/');
require_once 'libraries/csrf-magic/csrf-magic.php';
require_once 'config/csrf_config.php';
require_once 'install/views/Index.php';
require_once 'install/models/Utils.php';
require_once 'install/models/ConfigFileUtils.php';
require_once 'install/models/InitSchema.php';
$log = LoggerManager::getLogger('INSTALL');
vglobal('log', $log);
Vtiger_Session::init();
$request = new Vtiger_Request($_REQUEST);
$install = new Install_Index_view();
$install->preProcess($request);
$install->process($request);
$install->postProcess($request);
/**
* Function to get the list of Header Links
* @return <Array> - List of Vtiger_Link_Model instances
*/
public function getHeaderLinks(Vtiger_Request $request)
{
$userModel = Users_Record_Model::getCurrentUserModel();
$headerLinks = [];
if ($userModel->isAdminUser()) {
if ($request->get('parent') != 'Settings') {
$headerLinks[] = ['linktype' => 'HEADERLINK', 'linklabel' => 'LBL_SYSTEM_SETTINGS', 'linkurl' => 'index.php?module=Vtiger&parent=Settings&view=Index', 'glyphicon' => 'glyphicon glyphicon-cog'];
} else {
$headerLinks[] = ['linktype' => 'HEADERLINK', 'linklabel' => 'LBL_USER_PANEL', 'linkurl' => 'index.php', 'glyphicon' => 'glyphicon glyphicon-user'];
}
}
//TODO To remove in the future
if (SysSecurity::getBoolean('SHOW_MY_PREFERENCES')) {
$headerLinks[] = ['linktype' => 'HEADERLINK', 'linklabel' => 'LBL_MY_PREFERENCES', 'linkurl' => $userModel->getPreferenceDetailViewUrl(), 'glyphicon' => 'glyphicon glyphicon-tasks'];
}
$headerLinks[] = ['linktype' => 'HEADERLINK', 'linklabel' => 'LBL_SIGN_OUT', 'linkurl' => 'index.php?module=Users&parent=Settings&action=Logout', 'glyphicon' => 'glyphicon glyphicon-off'];
require 'user_privileges/switchUsers.php';
$baseUserId = $userModel->getId();
if (Vtiger_Session::has('baseUserId') && Vtiger_Session::get('baseUserId') != '') {
$baseUserId = Vtiger_Session::get('baseUserId');
}
if (key_exists($baseUserId, $switchUsers)) {
$childlinks = [];
if (Vtiger_Session::has('baseUserId') && Vtiger_Session::get('baseUserId') != '') {
$entityData = Vtiger_Functions::getEntityModuleInfo('Users');
$user = new Users();
$currentUser = $user->retrieveCurrentUserInfoFromFile($baseUserId);
$colums = [];
foreach (explode(',', $entityData['fieldname']) as $fieldname) {
$colums[] = $currentUser->column_fields[$fieldname];
}
$userName = implode(' ', $colums);
$childlinks[] = ['linktype' => 'HEADERLINK', 'linklabel' => $userName, 'linkurl' => '?module=Users&action=SwitchUsers&id=' . $baseUserId, 'linkicon' => ''];
$childlinks[] = ['linktype' => 'HEADERLINK', 'linklabel' => NULL];
}
foreach ($switchUsers[$baseUserId] as $userid => $userName) {
if ($userid != $baseUserId) {
$childlinks[] = ['linktype' => 'HEADERLINK', 'linklabel' => $userName, 'linkurl' => '?module=Users&action=SwitchUsers&id=' . $userid, 'linkicon' => ''];
}
}
$customHeaderLinks = ['linktype' => 'HEADERLINK', 'linklabel' => 'SwitchUsers', 'linkurl' => '', 'glyphicon' => 'glyphicon glyphicon-transfer', 'nocaret' => true, 'childlinks' => $childlinks];
if (count($childlinks)) {
array_push($headerLinks, $customHeaderLinks);
}
}
$headerLinkInstances = [];
foreach ($headerLinks as $headerLink) {
$headerLinkInstance = Vtiger_Link_Model::getInstanceFromValues($headerLink);
if (isset($headerLink['childlinks'])) {
foreach ($headerLink['childlinks'] as $childLink) {
$headerLinkInstance->addChildLink(Vtiger_Link_Model::getInstanceFromValues($childLink));
}
}
$headerLinkInstances[] = $headerLinkInstance;
}
$headerLinks = Vtiger_Link_Model::getAllByType(Vtiger_Link::IGNORE_MODULE, ['HEADERLINK']);
foreach ($headerLinks as $headerType => $headerLinks) {
foreach ($headerLinks as $headerLink) {
$headerLinkInstances[] = Vtiger_Link_Model::getInstanceFromLinkObject($headerLink);
}
}
return $headerLinkInstances;
}
public static function addConvertToAccountRelation($sourceModule, $sourceId, $current_user)
{
$adb = PearDatabase::getInstance();
$adb->insert('vtiger_modtracker_basic', [
'id' => $adb->getUniqueId('vtiger_modtracker_basic'),
'crmid' => $sourceId,
'module' => $sourceModule,
'whodid' => $current_user,
'changedon' => date('Y-m-d H:i:s'),
'status' => 6,
'whodidsu' => Vtiger_Session::get('baseUserId'),
]);
}
* The Original Code is: vtiger CRM Open Source
* The Initial Developer of the Original Code is vtiger.
* Portions created by vtiger are Copyright (C) vtiger.
* All Rights Reserved.
* ****************************************************************************** */
chdir(dirname(__FILE__) . '/../');
/**
* Start the cron services configured.
*/
include_once 'include/Webservices/Relation.php';
include_once 'include/main/WebUI.php';
require_once 'vtlib/Vtiger/Cron.php';
require_once 'modules/Emails/mail.php';
Vtiger_Session::init();
$authenticatedUserId = Vtiger_Session::get('authenticated_user_id');
$appUniqueKey = Vtiger_Session::get('app_unique_key');
if (PHP_SAPI === 'cli' || PHP_SAPI === 'cgi-fcgi' || !empty($authenticatedUserId) && !empty($appUniqueKey) && $appUniqueKey == vglobal('application_unique_key')) {
$log = LoggerManager::getLogger('CRON');
vglobal('log', $log);
$cronTasks = false;
if (isset($_REQUEST['service'])) {
// Run specific service
$cronTasks = [Vtiger_Cron::getInstance($_REQUEST['service'])];
} else {
// Run all service
$cronTasks = Vtiger_Cron::listAllActiveInstances();
}
$cronStarts = date('Y-m-d H:i:s');
//set global current user permissions
$current_user = vglobal('current_user');
$current_user = Users::getActiveAdminUser();
function process(Vtiger_Request $request)
{
Vtiger_Session::init();
// Better place this here as session get initiated
//skipping the csrf checking for the forgot(reset) password
if ($request->get('mode') != 'reset' && $request->get('action') != 'Login') {
require_once 'libraries/csrf-magic/csrf-magic.php';
}
// TODO - Get rid of global variable $current_user
// common utils api called, depend on this variable right now
$currentUser = $this->getLogin();
vglobal('current_user', $currentUser);
global $default_language;
vglobal('default_language', $default_language);
$currentLanguage = Vtiger_Language_Handler::getLanguage();
vglobal('current_language', $currentLanguage);
$module = $request->getModule();
$qualifiedModuleName = $request->getModule(false);
if ($currentUser && $qualifiedModuleName) {
$moduleLanguageStrings = Vtiger_Language_Handler::getModuleStringsFromFile($currentLanguage, $qualifiedModuleName);
vglobal('mod_strings', $moduleLanguageStrings['languageStrings']);
}
if ($currentUser) {
$moduleLanguageStrings = Vtiger_Language_Handler::getModuleStringsFromFile($currentLanguage);
vglobal('app_strings', $moduleLanguageStrings['languageStrings']);
}
$view = $request->get('view');
$action = $request->get('action');
$response = false;
try {
if ($this->isInstalled() === false && $module != 'Install') {
header('Location:index.php?module=Install&view=Index');
exit;
}
if (empty($module)) {
if ($this->hasLogin()) {
$defaultModule = vglobal('default_module');
if (!empty($defaultModule) && $defaultModule != 'Home') {
$module = $defaultModule;
$qualifiedModuleName = $defaultModule;
$view = 'List';
if ($module == 'Calendar') {
// To load MyCalendar instead of list view for calendar
//TODO: see if it has to enhanced and get the default view from module model
$view = 'Calendar';
}
} else {
$module = 'Home';
$qualifiedModuleName = 'Home';
$view = 'DashBoard';
}
} else {
$module = 'Users';
$qualifiedModuleName = 'Settings:Users';
$view = 'Login';
}
$request->set('module', $module);
$request->set('view', $view);
}
if (!empty($action)) {
$componentType = 'Action';
$componentName = $action;
} else {
$componentType = 'View';
if (empty($view)) {
$view = 'Index';
}
$componentName = $view;
}
$handlerClass = Vtiger_Loader::getComponentClassName($componentType, $componentName, $qualifiedModuleName);
$handler = new $handlerClass();
if ($handler) {
vglobal('currentModule', $module);
// Ensure handler validates the request
$handler->validateRequest($request);
if ($handler->loginRequired()) {
$this->checkLogin($request);
}
//TODO : Need to review the design as there can potential security threat
$skipList = array('Users', 'Home', 'CustomView', 'Import', 'Export', 'Inventory', 'Vtiger', 'PriceBooks', 'Migration', 'Install');
if (!in_array($module, $skipList) && stripos($qualifiedModuleName, 'Settings') === false) {
$this->triggerCheckPermission($handler, $request);
}
// Every settings page handler should implement this method
if (stripos($qualifiedModuleName, 'Settings') === 0 || $module == 'Users') {
$handler->checkPermission($request);
}
$notPermittedModules = array('ModComments', 'Integration', 'DashBoard');
if (in_array($module, $notPermittedModules) && $view == 'List') {
header('Location:index.php?module=Home&view=DashBoard');
}
$this->triggerPreProcess($handler, $request);
/** EventHandler START */
list($handler, $request) = EventHandler_Module_Model::do_filter(array("vtiger.filter.process." . strtolower($module . '.' . $componentName . "." . $componentType) . ".before", "vtiger.filter.process." . strtolower($componentName . "." . $componentType) . ".before"), array($handler, $request));
/** EventHandler ENDE */
$response = $handler->process($request);
/** EventHandler START */
list($handler, $request) = EventHandler_Module_Model::do_filter(array("vtiger.filter.process." . strtolower($module . '.' . $componentName . "." . $componentType) . ".after", "vtiger.filter.process." . strtolower($componentName . "." . $componentType) . ".after"), array($handler, $request));
/** EventHandler ENDE */
$this->triggerPostProcess($handler, $request);
} else {
throw new AppException(vtranslate('LBL_HANDLER_NOT_FOUND'));
}
} catch (Exception $e) {
if ($view) {
// Log for developement.
error_log($e->getTraceAsString(), E_NOTICE);
$viewer = new Vtiger_Viewer();
$viewer->assign('MESSAGE', $e->getMessage());
$viewer->view('OperationNotPermitted.tpl', 'Vtiger');
} else {
$response = new Vtiger_Response();
$response->setEmitType(Vtiger_Response::$EMIT_JSON);
$response->setError($e->getMessage());
}
}
/** EventHandler START */
EventHandler_Module_Model::do_action("vtiger.process.finish", array($module, $componentName, $componentType));
EventHandler_Module_Model::do_action("vtiger.process." . strtolower($module . '.' . $componentName . "." . $componentType) . ".finish", array($module, $componentName, $componentType));
/** EventHandler ENDE */
if ($response) {
$response->emit();
}
}
* ("License"); You may not use this file except in compliance with the License
* The Original Code is: vtiger CRM Open Source
* The Initial Developer of the Original Code is vtiger.
* Portions created by vtiger are Copyright (C) vtiger.
* All Rights Reserved.
* ****************************************************************************** */
chdir(dirname(__FILE__) . '/../');
/**
* Start the cron services configured.
*/
include_once 'include/Webservices/Relation.php';
include_once 'include/main/WebUI.php';
require_once 'vtlib/Vtiger/Cron.php';
require_once 'modules/Emails/mail.php';
Vtiger_Session::init();
if (PHP_SAPI === 'cli' || PHP_SAPI === 'cgi-fcgi' || !empty(Vtiger_Session::get('authenticated_user_id')) && !empty(Vtiger_Session::get('app_unique_key')) && Vtiger_Session::get('app_unique_key') == vglobal('application_unique_key')) {
$log = LoggerManager::getLogger('CRON');
vglobal('log', $log);
$cronTasks = false;
if (isset($_REQUEST['service'])) {
// Run specific service
$cronTasks = [Vtiger_Cron::getInstance($_REQUEST['service'])];
} else {
// Run all service
$cronTasks = Vtiger_Cron::listAllActiveInstances();
}
$cronStarts = date('Y-m-d H:i:s');
//set global current user permissions
$current_user = vglobal('current_user');
$current_user = Users::getActiveAdminUser();
echo sprintf('--------------- %s | Start CRON ----------', date('Y-m-d H:i:s')) . PHP_EOL;
function process(Vtiger_Request $request)
{
$username = $request->get('username');
$password = $request->get('password');
if ($request->get('mode') == 'install') {
$dirPath = 'install';
Users_Module_Model::deleteLangFiles();
$configTemplate = "config/config.template.php";
if (file_exists($configTemplate)) {
unlink($configTemplate);
}
Vtiger_Functions::recurseDelete($dirPath);
}
$checkBlocked = Settings_BruteForce_Module_Model::checkBlocked();
$bruteForceSettings = Settings_BruteForce_Module_Model::getBruteForceSettings();
if ($checkBlocked && $bruteForceSettings['active']) {
Settings_BruteForce_Module_Model::sendNotificationEmail();
header('Location: index.php?module=Users&parent=Settings&view=Login&error=2');
exit;
}
$user = CRMEntity::getInstance('Users');
$user->column_fields['user_name'] = $username;
$moduleModel = Users_Module_Model::getInstance('Users');
if ($user->doLogin($password)) {
if (vglobal('session_regenerate_id')) {
Vtiger_Session::regenerateId(true);
}
// to overcome session id reuse.
$userid = $user->retrieve_user_id($username);
Vtiger_Session::set('AUTHUSERID', $userid);
// For Backward compatability
// TODO Remove when switch-to-old look is not needed
Vtiger_Session::set('authenticated_user_id', $userid);
Vtiger_Session::set('app_unique_key', vglobal('application_unique_key'));
Vtiger_Session::set('authenticated_user_language', vglobal('default_language'));
Vtiger_Session::set('user_name', $username);
Vtiger_Session::set('full_user_name', Vtiger_Functions::getUserRecordLabel($userid));
if ($request->has('language') && vglobal('langInLoginView')) {
Vtiger_Session::set('language', $request->get('language'));
}
if ($request->has('layout')) {
Vtiger_Session::set('layout', $request->get('layout'));
}
//Enabled session variable for KCFINDER
$_SESSION['KCFINDER'] = array();
$_SESSION['KCFINDER']['disabled'] = false;
$_SESSION['KCFINDER']['uploadURL'] = "cache/upload";
$_SESSION['KCFINDER']['uploadDir'] = "../../cache/upload";
$deniedExts = implode(" ", vglobal('upload_badext'));
$_SESSION['KCFINDER']['deniedExts'] = $deniedExts;
// End
//Track the login History
$moduleModel->saveLoginHistory($user->column_fields['user_name']);
//End
if (isset($_SESSION['return_params'])) {
$return_params = urldecode($_SESSION['return_params']);
header("Location: index.php?{$return_params}");
exit;
} else {
header('Location: index.php');
exit;
}
} else {
//Track the login History
$browser = Settings_BruteForce_Module_Model::browserDetect();
$moduleModel->saveLoginHistory($username, 'Failed login', $browser);
header('Location: index.php?module=Users&parent=Settings&view=Login&error=1');
exit;
}
}
function handleEvent($eventName, $data)
{
$adb = PearDatabase::getInstance();
$current_user = vglobal('current_user');
$log = vglobal('log');
$current_module = vglobal('current_module');
if (!is_object($data)) {
$extendedData = $data;
$data = $extendedData['entityData'];
}
$moduleName = $data->getModuleName();
$flag = ModTracker::isTrackingEnabledForModule($moduleName);
if ($flag) {
if ($eventName == 'vtiger.entity.aftersave.final') {
$recordId = $data->getId();
$columnFields = $data->getData();
$vtEntityDelta = new VTEntityDelta();
$delta = $vtEntityDelta->getEntityDelta($moduleName, $recordId, true);
$newerEntity = $vtEntityDelta->getNewEntity($moduleName, $recordId);
$newerColumnFields = $newerEntity->getData();
$newerColumnFields = array_change_key_case($newerColumnFields, CASE_LOWER);
$delta = array_change_key_case($delta, CASE_LOWER);
if (is_array($delta)) {
$inserted = false;
foreach ($delta as $fieldName => $values) {
if ($fieldName != 'modifiedtime') {
if (!$inserted) {
$checkRecordPresentResult = $adb->pquery('SELECT * FROM vtiger_modtracker_basic WHERE crmid = ?', array($recordId));
if (!$adb->num_rows($checkRecordPresentResult) && $data->isNew()) {
$status = ModTracker::$CREATED;
} else {
$status = ModTracker::$UPDATED;
}
$this->id = $adb->getUniqueId('vtiger_modtracker_basic');
$adb->insert('vtiger_modtracker_basic', ['id' => $this->id, 'crmid' => $recordId, 'module' => $moduleName, 'whodid' => $current_user->id, 'changedon' => $newerColumnFields['modifiedtime'], 'status' => $status, 'whodidsu' => Vtiger_Session::get('baseUserId')]);
$inserted = true;
}
$adb->pquery('INSERT INTO vtiger_modtracker_detail(id,fieldname,prevalue,postvalue) VALUES(?,?,?,?)', array($this->id, $fieldName, $values['oldValue'], $values['currentValue']));
}
}
}
$isMyRecord = $adb->pquery('SELECT crmid FROM vtiger_crmentity WHERE smownerid <> ? AND crmid = ?', array($current_user->id, $recordId));
if ($adb->num_rows($isMyRecord) > 0) {
$adb->pquery("UPDATE vtiger_crmentity SET was_read = 0 WHERE crmid = ?;", array($recordId));
}
}
if ($eventName == 'vtiger.entity.beforedelete') {
$recordId = $data->getId();
$columnFields = $data->getData();
$id = $adb->getUniqueId('vtiger_modtracker_basic');
$adb->insert('vtiger_modtracker_basic', ['id' => $id, 'crmid' => $recordId, 'module' => $moduleName, 'whodid' => $current_user->id, 'changedon' => date('Y-m-d H:i:s', time()), 'status' => ModTracker::$DELETED, 'whodidsu' => Vtiger_Session::get('baseUserId')]);
$isMyRecord = $adb->pquery('SELECT crmid FROM vtiger_crmentity WHERE smownerid <> ? AND crmid = ?', array($current_user->id, $recordId));
if ($adb->num_rows($isMyRecord) > 0) {
$adb->pquery("UPDATE vtiger_crmentity SET was_read = 0 WHERE crmid = ?;", array($recordId));
}
}
if ($eventName == 'vtiger.entity.afterrestore') {
$recordId = $data->getId();
$columnFields = $data->getData();
$id = $adb->getUniqueId('vtiger_modtracker_basic');
$adb->insert('vtiger_modtracker_basic', ['id' => $id, 'crmid' => $recordId, 'module' => $moduleName, 'whodid' => $current_user->id, 'changedon' => date('Y-m-d H:i:s', time()), 'status' => ModTracker::$RESTORED, 'whodidsu' => Vtiger_Session::get('baseUserId')]);
$isMyRecord = $adb->pquery('SELECT crmid FROM vtiger_crmentity WHERE smownerid <> ? AND crmid = ?', array($current_user->id, $recordId));
if ($adb->num_rows($isMyRecord) > 0) {
$adb->pquery("UPDATE vtiger_crmentity SET was_read = 0 WHERE crmid = ?;", array($recordId));
}
}
if ($eventName == 'vtiger.entity.link.after') {
ModTracker::linkRelation($extendedData['sourceModule'], $extendedData['sourceRecordId'], $extendedData['destinationModule'], $extendedData['destinationRecordId']);
}
if ($eventName == 'vtiger.entity.unlink.after') {
ModTracker::unLinkRelation($extendedData['sourceModule'], $extendedData['sourceRecordId'], $extendedData['destinationModule'], $extendedData['destinationRecordId']);
}
}
}
/**
* Function that returns current language
* @return <String> -
*/
public static function getLanguage()
{
if (vglobal('translated_language')) {
$language = vglobal('translated_language');
} elseif (Vtiger_Session::get('language') != '') {
$language = Vtiger_Session::get('language');
} else {
$language = Users_Record_Model::getCurrentUserModel()->get('language');
}
$language = empty($language) ? vglobal('default_language') : $language;
return $language;
}
function process(Vtiger_Request $request)
{
vglobal('log', LoggerManager::getLogger('System'));
Vtiger_Session::init();
$forceSSL = vglobal('forceSSL');
if ($forceSSL && !Vtiger_Functions::getBrowserInfo()->https) {
header("Location: https://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}");
}
// Better place this here as session get initiated
//skipping the csrf checking for the forgot(reset) password
$csrfProtection = vglobal('csrfProtection');
if ($csrfProtection) {
if ($request->get('mode') != 'reset' && $request->get('action') != 'Login') {
require_once 'libraries/csrf-magic/csrf-magic.php';
}
require_once 'config/csrf_config.php';
}
// TODO - Get rid of global variable $current_user
// common utils api called, depend on this variable right now
$currentUser = $this->getLogin();
vglobal('current_user', $currentUser);
$currentLanguage = Vtiger_Language_Handler::getLanguage();
vglobal('current_language', $currentLanguage);
$module = $request->getModule();
$qualifiedModuleName = $request->getModule(false);
if ($currentUser && $qualifiedModuleName) {
$moduleLanguageStrings = Vtiger_Language_Handler::getModuleStringsFromFile($currentLanguage, $qualifiedModuleName);
vglobal('mod_strings', $moduleLanguageStrings['languageStrings']);
}
if ($currentUser) {
$moduleLanguageStrings = Vtiger_Language_Handler::getModuleStringsFromFile($currentLanguage);
vglobal('app_strings', $moduleLanguageStrings['languageStrings']);
}
$view = $request->get('view');
$action = $request->get('action');
$response = false;
try {
if ($this->isInstalled() === false && $module != 'Install') {
header('Location:install/Install.php');
exit;
}
if (empty($module)) {
if ($this->hasLogin()) {
$defaultModule = vglobal('default_module');
if (!empty($defaultModule) && $defaultModule != 'Home') {
$module = $defaultModule;
$qualifiedModuleName = $defaultModule;
$view = 'List';
if ($module == 'Calendar') {
// To load MyCalendar instead of list view for calendar
//TODO: see if it has to enhanced and get the default view from module model
$view = 'Calendar';
}
} else {
$module = 'Home';
$qualifiedModuleName = 'Home';
$view = 'DashBoard';
}
} else {
$module = 'Users';
$qualifiedModuleName = 'Settings:Users';
$view = 'Login';
}
$request->set('module', $module);
$request->set('view', $view);
}
if (!empty($action)) {
$componentType = 'Action';
$componentName = $action;
} else {
$componentType = 'View';
if (empty($view)) {
$view = 'Index';
}
$componentName = $view;
}
$handlerClass = Vtiger_Loader::getComponentClassName($componentType, $componentName, $qualifiedModuleName);
$handler = new $handlerClass();
if ($handler) {
vglobal('currentModule', $module);
$csrfProtection = vglobal('csrfProtection');
if ($csrfProtection) {
// Ensure handler validates the request
$handler->validateRequest($request);
}
if ($handler->loginRequired()) {
$this->checkLogin($request);
}
//TODO : Need to review the design as there can potential security threat
$skipList = array('Users', 'Home', 'CustomView', 'Import', 'Export', 'Inventory', 'Vtiger', 'PriceBooks', 'Migration', 'Install');
if (!in_array($module, $skipList) && stripos($qualifiedModuleName, 'Settings') === false) {
$this->triggerCheckPermission($handler, $request);
}
// Every settings page handler should implement this method
if (stripos($qualifiedModuleName, 'Settings') === 0 || $module == 'Users') {
$handler->checkPermission($request);
}
$notPermittedModules = array('ModComments', 'Integration', 'DashBoard');
if (in_array($module, $notPermittedModules) && $view == 'List') {
header('Location:index.php?module=Home&view=DashBoard');
}
$this->triggerPreProcess($handler, $request);
$response = $handler->process($request);
$this->triggerPostProcess($handler, $request);
} else {
throw new AppException(vtranslate('LBL_HANDLER_NOT_FOUND'));
}
} catch (Exception $e) {
if ($view) {
// Log for developement.
error_log($e->getTraceAsString(), E_NOTICE);
Vtiger_Functions::throwNewException($e->getMessage());
} else {
$response = new Vtiger_Response();
$response->setEmitType(Vtiger_Response::$EMIT_JSON);
$response->setError($e->getMessage());
//Vtiger_Functions::throwNewException($e->getMessage());
}
}
if ($response) {
$response->emit();
}
}
public static function setSessionQuery($currentModule, $query, $viewid)
{
if (Vtiger_Session::has($currentModule . '_listquery')) {
if (Vtiger_Session::get($currentModule . '_listquery') != $query) {
Vtiger_Session::remove($currentModule . '_DetailView_Navigation' . $viewid);
}
}
Vtiger_Session::set($currentModule . '_listquery', $query);
}