/**
* Kill user session.
*
* @return void
*/
function kill_session()
{
if (isset($_GET['kill']) && $_GET['kill'] !== '' && isset($_GET['username'])) {
$username = clean_input($_GET['username']);
$sessionId = clean_input($_GET['kill']);
// Getting current session id
$currentSessionId = session_id();
// Closing current session
session_write_close();
// Switch to session to handle
session_id($sessionId);
session_start();
if (isset($_GET['logout_only'])) {
iMSCP_Authentication::getInstance()->unsetIdentity();
session_write_close();
$message = tr('User successfully disconnected.');
} else {
iMSCP_Authentication::getInstance()->unsetIdentity();
session_destroy();
$message = tr('User session successfully destroyed.');
}
// Restore session
session_id($currentSessionId);
session_start();
set_page_message($message, 'success');
write_log($_SESSION['user_logged'] . ": has disconnected {$username} or destroyed its session", E_USER_NOTICE);
} elseif (isset($_GET['own'])) {
set_page_message(tr("You are not allowed to act on your own session."), 'warning');
}
}
function exe_login($user, $pass)
{
$user = clean_input($user);
$pass = clean_input($pass);
$sql = 'SELECT `accountID`,`fullname`,`email` FROM `accounts`
WHERE `username` ="' . $user . '"
AND `password` = "' . md5($pass) . '"
';
$result = mysql_query($sql);
$row = mysql_fetch_row($result);
$uID = $row[0];
$full = $row[1];
$email = $row[2];
$count = mysql_num_rows($result);
if ($count == 1) {
$_SESSION = array();
$_SESSION['SSID'] = session_id();
$_SESSION['Full'] = $full;
$_SESSION['User'] = $user;
$_SESSION['UserID'] = $uID;
$_SESSION['Email'] = $email;
session_regenerate_id();
return true;
}
}
public function add_research()
{
$exists = $this->research_and_development->check_research_title_exist(clean_input($this->input->post('title')));
if ($exists) {
$this->session->set_flashdata('check', 'Research Title already exist.');
redirect('researches/research_form');
} else {
if ($this->input->post() != NULL) {
$data = array('research_title' => ucwords($this->cleaned_input($this->input->post('title'))), 'date' => date('Y-m-d', strtotime(str_replace('-', '/', $this->input->post('date_published')))), 'location_address' => ucwords($this->clean_input($this->input->post('address'))), 'location_city' => ucwords($this->clean_input($this->input->post('selected_city_municipality'))), 'approved_budget' => floatval($this->input->post('approved_budget')), 'duration_start' => $this->input->post('date_started'), 'duration_end' => $this->input->post('date_ended'), 'category' => ucwords($this->clean_input($this->input->post('category'))), 'status' => ucwords($this->clean_input($this->input->post('status'))), 'abstract' => $this->clean_html($this->input->post('abstract')), 'rationale' => $this->clean_html($this->input->post('rationale')), 'objectives' => $this->clean_html($this->input->post('objectives')), 'methodology' => $this->clean_html($this->input->post('methodology')), 'results_and_discussions' => $this->clean_html($this->input->post('results_and_discussions')), 'recommendation' => $this->clean_html($this->input->post('recommendation')));
$research_id = $this->research_and_development->add_research($data);
foreach ($this->input->post('selected_researchers') as $value) {
$data = array('research_id' => $research_id, 'researcher_id' => $value);
$this->research_and_development->add_study_researchers($data);
}
foreach ($this->input->post('selected_implement_agency') as $value) {
$data = array('research_id' => $research_id, 'implementing_agency_id' => $value);
$this->research_and_development->add_research_implementor($data);
}
foreach ($this->input->post('selected_fund_agency') as $value) {
$data = array('research_id' => $research_id, 'funding_agency_id' => $value);
$this->research_and_development->add_research_funder($data);
}
if ($data != NULL) {
$this->session->set_flashdata('notification', 'New Data is save!');
$this->session->set_flashdata('alert', 'success');
}
redirect('researches/research_individual/' . $research_id);
} else {
$this->research_form();
}
}
}
/**
* Activate autoresponder of the given mail account with the given autoreponder message
*
* @param int $mailAccountId Mail account id
* @param string $autoresponderMessage Auto-responder message
* @return void
*/
function client_ActivateAutoresponder($mailAccountId, $autoresponderMessage)
{
$autoresponderMessage = clean_input($autoresponderMessage);
if ($autoresponderMessage == '') {
set_page_message(tr('Auto-responder message cannot be empty.'), 'error');
redirectTo("mail_autoresponder_enable.php?mail_account_id={$mailAccountId}");
} else {
$db = iMSCP_Database::getInstance();
try {
$db->beginTransaction();
$query = "SELECT `mail_addr` FROM `mail_users` WHERE `mail_id` = ?";
$stmt = exec_query($query, $mailAccountId);
$query = '
UPDATE
`mail_users`
SET
`status` = ?, `mail_auto_respond` = ?, `mail_auto_respond_text` = ?
WHERE
`mail_id` = ?
';
exec_query($query, array('tochange', 1, $autoresponderMessage, $mailAccountId));
// Purge autoreplies log entries
delete_autoreplies_log_entries();
$db->commit();
// Ask iMSCP daemon to trigger engine dispatcher
send_request();
write_log(sprintf("%s: activated auto-responder for the '%s' mail account", $_SESSION['user_logged'], $stmt->fields['mail_addr']), E_USER_NOTICE);
set_page_message(tr('Auto-responder successfully scheduled for activation.'), 'success');
} catch (iMSCP_Exception_Database $e) {
$db->rollBack();
throw $e;
}
}
}
/**
* @todo What's about the outcommented code?
*/
function update_server_settings()
{
$sql = EasySCP_Registry::get('Db');
if (!isset($_POST['uaction']) && !isset($_POST['uaction'])) {
return;
}
/*global $data;
$match = array();
preg_match("/^(-1|0|[1-9][0-9]*)$/D", $data, $match);*/
$max_traffic = clean_input($_POST['max_traffic']);
$traffic_warning = $_POST['traffic_warning'];
if (!is_numeric($max_traffic) || !is_numeric($traffic_warning)) {
set_page_message(tr('Wrong data input!'), 'warning');
}
if ($traffic_warning > $max_traffic) {
set_page_message(tr('Warning traffic is bigger than max traffic!'), 'warning');
return;
}
if ($max_traffic < 0) {
$max_traffic = 0;
}
if ($traffic_warning < 0) {
$traffic_warning = 0;
}
$query = "\n\t\tUPDATE\n\t\t\t`straff_settings`\n\t\tSET\n\t\t\t`straff_max` = ?,\n\t\t\t`straff_warn` = ?\n\t";
exec_query($sql, $query, array($max_traffic, $traffic_warning));
set_page_message(tr('Server traffic settings updated successfully!'), 'success');
}
/**
* Get post value
*
* @param string $id Data identifier
* @param string $defaultValue Value returned in case Data has not been found in $_POST
* @return string
*/
function client_getPost($id, $defaultValue = '')
{
if (array_key_exists($id, $_POST)) {
return clean_input($_POST[$id]);
}
return $defaultValue;
}
/**
* Generates directories list.
*
* @param iMSCP_pTemplate $tpl Template engine instance
* @return void
*/
function client_generateDirectoriesList($tpl)
{
// Initialize variables
$path = isset($_GET['cur_dir']) ? clean_input($_GET['cur_dir']) : '';
$domain = $_SESSION['user_logged'];
// Create the virtual file system and open it so it can be used
$vfs = new iMSCP_VirtualFileSystem($domain);
// Get the directory listing
$list = $vfs->ls($path);
if (!$list) {
set_page_message(tr('Unable to retrieve directories list for your domain. Please contact your reseller.'), 'error');
$tpl->assign('FTP_CHOOSER', '');
return;
}
// Show parent directory link
$parent = explode('/', $path);
array_pop($parent);
$parent = implode('/', $parent);
$tpl->assign(array('ACTION_LINK' => '', 'ACTION' => '', 'ICON' => 'parent', 'DIR_NAME' => tr('Parent directory'), 'LINK' => "ftp_choose_dir.php?cur_dir={$parent}"));
$tpl->parse('DIR_ITEM', '.dir_item');
// Show directories only
foreach ($list as $entry) {
$directory = $path . '/' . $entry['file'];
if ($entry['type'] != iMSCP_VirtualFileSystem::VFS_TYPE_DIR || ($entry['file'] == '.' || $entry['file'] == '..') || !isAllowedDir(get_user_domain_id($_SESSION['user_id']), $directory)) {
continue;
}
// Create the directory link
$tpl->assign(array('DIR_NAME' => tohtml($entry['file']), 'CHOOSE_IT' => $directory, 'LINK' => 'ftp_choose_dir.php?cur_dir=' . $directory));
$tpl->parse('ACTION_LINK', 'action_link');
$tpl->parse('DIR_ITEM', '.dir_item');
}
}
/**
* Returns reseller data
*
* @return array Reference to array of data
*/
function &admin_getData()
{
static $data = null;
if (null === $data) {
$stmt = exec_query('SELECT ip_id, ip_number FROM server_ips ORDER BY ip_number');
if ($stmt->rowCount()) {
$data['server_ips'] = $stmt->fetchAll();
} else {
set_page_message(tr('Unable to get the IP address list. Please fix this problem.'), 'error');
redirectTo('manage_users.php');
}
$phpini = iMSCP_PHPini::getInstance();
foreach (array('admin_name' => '', 'password' => '', 'password_confirmation' => '', 'fname' => '', 'lname' => '', 'gender' => 'U', 'firm' => '', 'zip' => '', 'city' => '', 'state' => '', 'country' => '', 'email' => '', 'phone' => '', 'fax' => '', 'street1' => '', 'street2' => '', 'max_dmn_cnt' => '0', 'max_sub_cnt' => '0', 'max_als_cnt' => '0', 'max_mail_cnt' => '0', 'max_ftp_cnt' => '0', 'max_sql_db_cnt' => '0', 'max_sql_user_cnt' => '0', 'max_traff_amnt' => '0', 'max_disk_amnt' => '0', 'software_allowed' => 'no', 'softwaredepot_allowed' => 'no', 'websoftwaredepot_allowed' => 'no', 'support_system' => 'yes', 'customer_id' => '', 'php_ini_system' => $phpini->getResellerPermission('phpiniSystem'), 'php_ini_al_allow_url_fopen' => $phpini->getResellerPermission('phpiniAllowUrlFopen'), 'php_ini_al_display_errors' => $phpini->getResellerPermission('phpiniDisplayErrors'), 'php_ini_al_disable_functions' => $phpini->getResellerPermission('phpiniDisableFunctions'), 'php_ini_al_mail_function' => $phpini->getResellerPermission('phpiniMailFunction'), 'post_max_size' => $phpini->getResellerPermission('phpiniPostMaxSize'), 'upload_max_filesize' => $phpini->getResellerPermission('phpiniUploadMaxFileSize'), 'max_execution_time' => $phpini->getResellerPermission('phpiniMaxExecutionTime'), 'max_input_time' => $phpini->getResellerPermission('phpiniMaxInputTime'), 'memory_limit' => $phpini->getResellerPermission('phpiniMemoryLimit')) as $key => $value) {
if (isset($_POST[$key])) {
$data[$key] = clean_input($_POST[$key]);
} else {
$data[$key] = $value;
}
}
if (isset($_POST['reseller_ips']) && is_array($_POST['reseller_ips'])) {
foreach ($_POST['reseller_ips'] as $key => $value) {
$_POST['reseller_ips'][$key] = clean_input($value);
}
$data['reseller_ips'] = $_POST['reseller_ips'];
} else {
// We are safe here
$data['reseller_ips'] = array();
}
}
return $data;
}
/**
* @param $tpl
*/
function gen_page_data($tpl)
{
if (isset($_POST['uaction']) && $_POST['uaction'] === 'send_delmessage') {
$tpl->assign('DELETE_MESSAGE_TEXT', clean_input($_POST['delete_msg_text'], false));
} else {
$tpl->assign(array('DELETE_MESSAGE_TEXT' => '', 'MESSAGE' => ''));
}
}
/**
* Verify if SSL key and certificate match
* @param $key
* @param $cert
* @return bool
*/
public static function checkSSLKey($key, $cert)
{
if (openssl_x509_check_private_key(clean_input($cert), clean_input($key))) {
return true;
} else {
return false;
}
}
function LcmFollowup($id_fu = 0, $id_case = 0)
{
$id_fu = intval($id_fu);
$id_case = intval($id_case);
$this->data = array();
if ($id_fu > 0) {
$query = "SELECT fu.*, a.name_first, a.name_middle, a.name_last, " . lcm_query_subst_time('fu.date_start', 'fu.date_end') . " as length\n\t\t\t\t\tFROM lcm_followup as fu, lcm_author as a\n\t\t\t\t\tWHERE id_followup = {$id_fu}\n\t\t\t\t\t AND fu.id_author = a.id_author";
$result = lcm_query($query);
if ($row = lcm_fetch_array($result)) {
foreach ($row as $key => $val) {
$this->data[$key] = $val;
}
}
} else {
if ($id_case > 0) {
$this->data['id_case'] = $id_case;
}
// Dates
$this->data['date_start'] = date('Y-m-d H:i:s');
// '2004-09-16 16:32:37'
$this->data['date_end'] = date('Y-m-d H:i:s');
// '2004-09-16 16:32:37'
// Set appointment start/end/reminder times to current time
$this->data['app_start_time'] = date('Y-m-d H:i:s');
$this->data['app_end_time'] = date('Y-m-d H:i:s');
$this->data['app_reminder'] = date('Y-m-d H:i:s');
if (isset($_REQUEST['stage'])) {
$this->data['new_stage'] = _request('stage');
}
if (isset($_REQUEST['type'])) {
$this->data['type'] = _request('type');
}
}
// If any, populate form values submitted
foreach ($_REQUEST as $key => $value) {
$nkey = $key;
if (substr($key, 0, 3) == 'fu_') {
$nkey = substr($key, 3);
}
$this->data[$nkey] = clean_input(_request($key));
}
// If any, populate with session variables (for error reporting)
if (isset($_SESSION['form_data']) && count($_SESSION['errors'])) {
foreach ($_SESSION['form_data'] as $key => $value) {
$nkey = $key;
if (substr($key, 0, 3) == 'fu_') {
$nkey = substr($key, 3);
}
$this->data[$nkey] = clean_input(_session($key));
}
}
// date_start
if (get_datetime_from_array($_SESSION['form_data'], 'start', 'start', -1, false) != -1) {
$this->data['date_start'] = get_datetime_from_array($_SESSION['form_data'], 'start', 'start', '', false);
}
}
function clean_input(&$pArray)
{
while (list($key, $value) = each($pArray)) {
if (is_array($pArray[$key])) {
clean_input($pArray);
} else {
$pArray[$key] = preg_replace('/[<>]/', '', $value);
}
}
}
/**
* Update Ftp account
*
* @param string $userid Ftp userid
* @param string $mainDomainName Main domain name
* @return bool TRUE on success, FALSE on failure
*/
function updateFtpAccount($userid, $mainDomainName)
{
$ret = true;
if (!empty($_POST['password'])) {
if (empty($_POST['password_repeat']) || $_POST['password'] !== $_POST['password_repeat']) {
set_page_message(tr("Passwords do not match."), 'error');
$ret = false;
}
if (!checkPasswordSyntax($_POST['password'])) {
$ret = false;
}
$rawPassword = $_POST['password'];
$password = cryptPasswordWithSalt($rawPassword);
}
if (isset($_POST['home_dir'])) {
$homeDir = clean_input($_POST['home_dir']);
if ($homeDir != '/' && $homeDir != '') {
// Strip possible double-slashes
$homeDir = str_replace('//', '/', $homeDir);
// Check for updirs '..'
if (strpos($homeDir, '..') !== false) {
set_page_message(tr('Invalid home directory.'), 'error');
$ret = false;
}
if ($ret) {
$vfs = new iMSCP_VirtualFileSystem($mainDomainName);
// Check for directory existence
if (!$vfs->exists($homeDir)) {
set_page_message(tr("Home directory '%s' doesn't exist", $homeDir), 'error');
$ret = false;
}
}
}
} else {
showBadRequestErrorPage();
exit;
}
if ($ret) {
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeEditFtp, array('ftpUserId' => $userid));
/** @var $cfg iMSCP_Config_Handler_File */
$cfg = iMSCP_Registry::get('config');
$homeDir = rtrim(str_replace('//', '/', $cfg->USER_WEB_DIR . '/' . $mainDomainName . '/' . $homeDir), '/');
if (isset($rawPassword) && isset($password) && isset($homeDir)) {
$query = "UPDATE `ftp_users` SET `passwd` = ?, `rawpasswd` = ?, `homedir` = ? WHERE `userid` = ?";
exec_query($query, array($password, $rawPassword, $homeDir, $userid));
} else {
$query = "UPDATE `ftp_users` SET `homedir` = ? WHERE `userid` = ?";
exec_query($query, array($homeDir, $userid));
}
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterEditFtp, array('ftpUserId' => $userid));
write_log(sprintf("%s updated Ftp account: %s", $_SESSION['user_logged'], $userid), E_USER_NOTICE);
set_page_message(tr('FTP account successfully updated.'), 'success');
}
return $ret;
}
/**
* Generate page
*
* @param $tpl iMSCP_pTemplate
* @param iMSCP_Plugin_Manager $pluginManager
* @param int $resellerId
* @param int $customerAdminId
* @return void
*/
function ownddnsSettings($tpl, $pluginManager)
{
/** @var $cfg iMSCP_Config_Handler_File */
$cfg = iMSCP_Registry::get('config');
$htmlChecked = $cfg->HTML_CHECKED;
if (($plugin = $pluginManager->loadPlugin('OwnDDNS', false, false)) !== null) {
$pluginConfig = $plugin->getConfig();
} else {
set_page_message(tr("Can't load plugin configuration!"), 'error');
redirectTo('index.php');
}
if (isset($_REQUEST['action'])) {
$action = clean_input($_REQUEST['action']);
if ($action === 'change') {
$error = false;
$max_allowed_accounts = clean_input($_POST['max_allowed_accounts']);
$max_accounts_lenght = clean_input($_POST['max_accounts_lenght']);
$update_repeat_time = clean_input($_POST['update_repeat_time']);
$update_ttl_time = clean_input($_POST['update_ttl_time']);
$current_update_ttl_time = clean_input($_POST['current_update_ttl_time']);
$debugOwnddns = clean_input($_POST['debug']);
$use_base64_encoding = clean_input($_POST['use_base64_encoding']);
$account_name_blacklist = explode(';', clean_input($_POST['account_name_blacklist']));
$debugOwnddns = $debugOwnddns == 'yes' ? TRUE : FALSE;
$use_base64_encoding = $use_base64_encoding == 'yes' ? TRUE : FALSE;
if (!is_numeric($max_allowed_accounts) || !is_numeric($max_accounts_lenght) || !is_numeric($update_repeat_time) || !is_numeric($update_ttl_time)) {
set_page_message(tr("Wrong values in your config."), 'error');
$error = true;
}
if ($update_ttl_time < 60) {
set_page_message(tr("Value for dns TTL update time to small (min. 60)."), 'error');
$error = true;
}
if (!$error) {
$configOwnddns = array('debug' => $debugOwnddns, 'use_base64_encoding' => $use_base64_encoding, 'max_allowed_accounts' => $max_allowed_accounts, 'max_accounts_lenght' => $max_accounts_lenght, 'update_repeat_time' => $update_repeat_time, 'update_ttl_time' => $update_ttl_time, 'account_name_blacklist' => $account_name_blacklist);
exec_query('
UPDATE
`plugin` SET `plugin_config` = ?
WHERE
`plugin_name` = ?
', array(json_encode($configOwnddns), 'OwnDDNS'));
if ($update_ttl_time != $current_update_ttl_time) {
removeOwnDDNSDnsEntries();
revokeOwnDDNSDnsEntries($update_ttl_time);
}
set_page_message(tr('The OwnDDNS settings updated successfully.'), 'success');
}
redirectTo('ownddns.php');
}
}
$tpl->assign(array('OWNDDNS_DEBUG_YES' => $pluginConfig['debug'] === TRUE ? $htmlChecked : '', 'OWNDDNS_DEBUG_NO' => $pluginConfig['debug'] === FALSE ? $htmlChecked : '', 'OWNDDNS_BASE64_YES' => $pluginConfig['use_base64_encoding'] === TRUE ? $htmlChecked : '', 'OWNDDNS_BASE64_NO' => $pluginConfig['use_base64_encoding'] === FALSE ? $htmlChecked : '', 'MAX_ALLOWED_ACCOUNTS' => $pluginConfig['max_allowed_accounts'], 'MAX_ACCOUNTS_LENGHT' => $pluginConfig['max_accounts_lenght'], 'MAX_UPDATE_REPEAT_TIME' => $pluginConfig['update_repeat_time'], 'MAX_UPDATE_TTL_TIME' => $pluginConfig['update_ttl_time'], 'ACCOUNT_NAME_BLACKLIST' => implode(';', $pluginConfig['account_name_blacklist'])));
}
/**
* Check input data
*
* @return void
*/
function reseller_checkData()
{
$cfg = iMSCP_Registry::get('config');
if (!isset($_POST['dmn_name']) || $_POST['dmn_name'] === '') {
set_page_message(tr('Domain name cannot be empty.'), 'error');
return;
}
$dmnName = clean_input($_POST['dmn_name']);
global $dmnNameValidationErrMsg;
if (!isValidDomainName($dmnName)) {
set_page_message($dmnNameValidationErrMsg, 'error');
return;
}
// www is considered as an alias of the domain
while (strpos($dmnName, 'www.') !== false) {
$dmnName = substr($dmnName, 4);
}
$asciiDmnName = encode_idna($dmnName);
if (imscp_domain_exists($asciiDmnName, $_SESSION['user_id']) || $asciiDmnName == $cfg['BASE_SERVER_VHOST']) {
set_page_message(tr('Domain %s is unavailable.', "<strong>{$dmnName}</strong>"), 'error');
return;
}
if ((!isset($_POST['datepicker']) || $_POST['datepicker'] === '') && !isset($_POST['never_expire'])) {
set_page_message(tr('Domain expiration date must be filled.'), 'error');
return;
}
$dmnExpire = isset($_POST['datepicker']) ? @strtotime(clean_input($_POST['datepicker'])) : 0;
if ($dmnExpire === false) {
set_page_message('Invalid expiration date.', 'error');
return;
}
$hpId = isset($_POST['dmn_tpl']) ? clean_input($_POST['dmn_tpl']) : 0;
$customizeHp = $hpId > 0 && isset($_POST['chtpl']) ? $_POST['chtpl'] : '_no_';
if ($hpId == 0 || $customizeHp == '_yes_') {
$_SESSION['dmn_name'] = $asciiDmnName;
$_SESSION['dmn_expire'] = $dmnExpire;
$_SESSION['dmn_tpl'] = $hpId;
$_SESSION['chtpl'] = '_yes_';
$_SESSION['step_one'] = '_yes_';
redirectTo('user_add2.php');
}
if (reseller_limits_check($_SESSION['user_id'], $hpId)) {
$_SESSION['dmn_name'] = $asciiDmnName;
$_SESSION['dmn_expire'] = $dmnExpire;
$_SESSION['dmn_tpl'] = $hpId;
$_SESSION['chtpl'] = $customizeHp;
$_SESSION['step_one'] = '_yes_';
redirectTo('user_add3.php');
}
set_page_message(tr('Hosting plan limits exceed reseller limits.'), 'error');
}
function getFormInput($inputName, $sqlQueryStart, $sqlQueryEnd, $inputType)
{
$queryName = '';
if (isset($_GET[$inputName]) && $_GET[$inputName] != '' && $_GET[$inputName] != "All") {
$input = clean_input($_GET[$inputName]);
if ($inputType == "Interger") {
validateInteger($input, $inputName . "Error");
} elseif ($inputType == "String") {
validateStringLength($input, $inputName . "Error");
validateString($input, $inputName . "Error");
}
$queryName = $sqlQueryStart . $input . $sqlQueryEnd;
}
return $queryName;
}
/**
*
* @param Template $template
* @param array $to Array containing elements "email", "firstname", and "lastname"
* @param array $from Array containing elements "email", "firstname", and "lastname"
* @param string $language
* @param array $bind_array Array of template variables to be bound to the template
* @throws RuntimeException
* @return boolean
*/
public function send(Template $template, array $to, array $from, $language, array $bind_array = array())
{
$result = $template->getResult($bind_array, array("lang" => $language));
$mail = $this->_mail_handler;
$mail->clearFrom();
$mail->setFrom($from["email"], implode(" ", array($from["firstname"], $from["lastname"])));
$mail->clearSubject();
$mail->setSubject($result->subject);
$mail->setBodyText(clean_input($result->body, "emailcontent"));
$mail->clearRecipients();
$mail->addTo($to["email"], implode(" ", array($to["firstname"], $to["lastname"])));
if ($mail->send()) {
return true;
}
throw new RuntimeException("Failed to send email");
}
/**
* Update user data
*
* @param int $userId Customer unique identifier
* @return void
*/
function admin_updateUserData($userId)
{
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeEditUser, array('userId' => $userId));
$fname = isset($_POST['fname']) ? clean_input($_POST['fname']) : '';
$lname = isset($_POST['lname']) ? clean_input($_POST['lname']) : '';
$firm = isset($_POST['firm']) ? clean_input($_POST['firm']) : '';
$gender = isset($_POST['gender']) ? clean_input($_POST['gender']) : '';
$zip = isset($_POST['zip']) ? clean_input($_POST['zip']) : '';
$city = isset($_POST['city']) ? clean_input($_POST['city']) : '';
$state = isset($_POST['state']) ? clean_input($_POST['state']) : '';
$country = isset($_POST['country']) ? clean_input($_POST['country']) : '';
$email = isset($_POST['email']) ? clean_input($_POST['email']) : '';
$phone = isset($_POST['phone']) ? clean_input($_POST['phone']) : '';
$fax = isset($_POST['fax']) ? clean_input($_POST['fax']) : '';
$street1 = isset($_POST['street1']) ? clean_input($_POST['street1']) : '';
$street2 = isset($_POST['street2']) ? clean_input($_POST['street2']) : '';
$userName = get_user_name($userId);
if (empty($_POST['password'])) {
$query = "\n\t\t\tUPDATE\n\t\t\t\t`admin`\n\t\t\tSET\n\t\t\t\t`fname` = ?, `lname` = ?, `firm` = ?, `zip` = ?, `city` = ?, `state` = ?, `country` = ?, `email` = ?,\n\t\t\t\t`phone` = ?, `fax` = ?, `street1` = ?, `street2` = ?, `gender` = ?\n\t\t\tWHERE\n\t\t\t\t`admin_id` = ?\n\t\t";
exec_query($query, array($fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender, $userId));
} else {
$query = "\n\t\t\tUPDATE\n\t\t\t\t`admin`\n\t\t\tSET\n\t\t\t\t`admin_pass` = ?, `fname` = ?, `lname` = ?, `firm` = ?, `zip` = ?, `city` = ?, `state` = ?,\n\t\t\t\t`country` = ?, `email` = ?, `phone` = ?, `fax` = ?, `street1` = ?, `street2` = ?, `gender` = ?\n\t\t\tWHERE\n\t\t\t\t`admin_id` = ?\n\t\t";
exec_query($query, array(cryptPasswordWithSalt($_POST['password']), $fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender, $userId));
$query = "DELETE FROM `login` WHERE `user_name` = ?";
$stmt = exec_query($query, $userName);
if ($stmt->rowCount()) {
set_page_message(tr('User session successfully killed for password change.'), 'success');
}
}
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterEditUser, array('userId' => $userId));
if (isset($_POST['send_data']) && !empty($_POST['password'])) {
$query = 'SELECT `admin_type` FROM `admin` WHERE `admin_id` = ?';
$stmt = exec_query($query, $userId);
if ($stmt->fields['admin_type'] == 'admin') {
$admin_type = tr('Administrator');
} elseif ($stmt->fields['admin_type'] == 'reseller') {
$admin_type = tr('Reseller');
} else {
$admin_type = tr('Customer');
}
send_add_user_auto_msg($userId, $userName, $_POST['password'], $_POST['email'], $_POST['fname'], $_POST['lname'], $admin_type);
set_page_message(tr('Login data successfully sent to %s.', $userName), 'success');
}
}
public static function fromArray(array $arr, $mode = false)
{
$klass = get_called_class();
$o = new $klass();
//if the class implements the Validation interface, fetch the required fields and field rules and enforce and required fields
if ($mode != "fetch" && in_array('Validation', class_implements($o))) {
$req_fields = $o->fetchRequiredFields($mode);
$field_rules = $o->fetchFieldRules($mode);
foreach ($req_fields as $field) {
if (!isset($arr[$field]) || !trim($arr[$field])) {
if (!isset($o->{$field}) || !trim($o->{$field})) {
$field_split = explode("_", $field);
foreach ($field_split as $key => $field_segment) {
$field_split[$key] = ucwords($field_segment);
}
$field_text = implode(" ", $field_split);
add_error("<strong>" . $field_text . "</strong> is a required field. Please ensure you've provided a value.");
$o->VALID = false;
}
}
}
} else {
//if Validation not implemented, no fields are considered required and basic string cleaning will be done
$field_rules = false;
}
//Cleans and sets each field
//foreach value in the array (likely $_POST), clean using the rules for that field, or if no rules defined do string cleaning
foreach ($arr as $field => $value) {
if ($field_rules && isset($field_rules[$field])) {
/**
* @todo Determine the best way to clean AND validate
* ex: if the field is int, and 'abc' it the value, have it return an error message
* will likely need to use filter_vars in place of clean_input
*/
$cleaned = clean_input($arr[$field], $field_rules[$field]);
$o->{$field} = $cleaned;
} else {
//if no cleaning rule specified, default to basic string cleaning
$cleaned = clean_input($arr[$field], array("trim", "notags"));
$o->{$field} = $cleaned;
}
}
return $o;
}
/**
* Update SQL user password
*
* @param int $id Sql user id
* @param string $user Sql user name
* @param string $host SQL user host
* @çeturn void
*/
function client_updateSqlUserPassword($id, $user, $host)
{
if (!isset($_POST['uaction'])) {
return;
}
if (!isset($_POST['password']) || !isset($_POST['password_confirmation'])) {
showBadRequestErrorPage();
}
$password = clean_input($_POST['password']);
$passwordConf = clean_input($_POST['password_confirmation']);
if ($password === '') {
set_page_message(tr('Password cannot be empty.'), 'error');
return;
}
if ($passwordConf === '') {
set_page_message(tr('Please confirm the password.'), 'error');
return;
}
if ($password !== $passwordConf) {
set_page_message(tr('Passwords do not match.'), 'error');
return;
}
if (!checkPasswordSyntax($password)) {
return;
}
$config = iMSCP_Registry::get('config');
$mysqlConfig = new iMSCP_Config_Handler_File($config['CONF_DIR'] . '/mysql/mysql.data');
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeEditSqlUser, array('sqlUserId' => $id));
// Here we cannot use transaction due to statements that cause an implicit commit. Thus we execute
// those statements first to let the i-MSCP database in clean state if one of them fails.
// See https://dev.mysql.com/doc/refman/5.7/en/implicit-commit.html for more details
// Update SQL user password in the mysql system tables;
if (strpos('mariadb', $config['SQL_SERVER']) !== false || version_compare($mysqlConfig['SQLD_VERSION'], '5.7.6', '<')) {
exec_query('SET PASSWORD FOR ?@? = PASSWORD(?)', array($user, $host, $password));
} else {
exec_query('ALTER USER ?@? IDENTIFIED BY ? PASSWORD EXPIRE NEVER', array($user, $host, $password));
}
exec_query('UPDATE sql_user SET sqlu_pass = ? WHERE sqlu_name = ? AND sqlu_host = ?', array($password, $user, $host));
set_page_message(tr('SQL user password successfully updated.'), 'success');
write_log(sprintf('%s updated %s@%s SQL user password.', decode_idna($_SESSION['user_logged']), $user, $host), E_USER_NOTICE);
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterEditSqlUser, array('sqlUserId' => $id));
redirectTo('sql_manage.php');
}
/**
* Add SQL database
*
* @param int $userId
* @return void
*/
function client_addSqlDb($userId)
{
if (!isset($_POST['uaction'])) {
return;
}
if (!isset($_POST['db_name'])) {
showBadRequestErrorPage();
}
$dbName = clean_input($_POST['db_name']);
if ($_POST['db_name'] === '') {
set_page_message(tr('Please type database name.'), 'error');
return;
}
$mainDmnId = get_user_domain_id($userId);
if (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] === 'on') {
if (isset($_POST['id_pos']) && $_POST['id_pos'] === 'start') {
$dbName = $mainDmnId . '_' . $dbName;
} elseif (isset($_POST['id_pos']) && $_POST['id_pos'] === 'end') {
$dbName = $dbName . '_' . $mainDmnId;
}
}
if (strlen($dbName) > 64) {
set_page_message(tr('Database name is too long.'), 'error');
return;
}
if ($dbName === 'test' || client_isDatabase($dbName)) {
set_page_message(tr('Database name is unavailable.'), 'error');
return;
}
if (preg_match('/[%|\\?]+/', $dbName)) {
set_page_message(tr("Wildcards such as 's%' and 's%' are not allowed.", '%', '?'), 'error');
return;
}
$responses = iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeAddSqlDb, array('dbName' => $dbName));
if (!$responses->isStopped()) {
execute_query(sprintf('CREATE DATABASE IF NOT EXISTS %s', quoteIdentifier($dbName)));
exec_query('INSERT INTO sql_database (domain_id, sqld_name) VALUES (?, ?)', array($mainDmnId, $dbName));
set_page_message(tr('SQL database successfully created.'), 'success');
write_log(sprintf('%s added new SQL database: %s', decode_idna($_SESSION['user_logged']), $dbName), E_USER_NOTICE);
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterAddSqlDb, array('dbName' => $dbName));
}
redirectTo('sql_manage.php');
}
function padd_user($tpl, $sql, $dmn_id)
{
$cfg = EasySCP_Registry::get('Config');
if (isset($_POST['uaction']) && $_POST['uaction'] == 'add_user') {
// we have to add the user
if (isset($_POST['username']) && isset($_POST['pass']) && isset($_POST['pass_rep'])) {
if (!validates_username($_POST['username'])) {
set_page_message(tr('Wrong username!'), 'warning');
return;
}
if (!chk_password($_POST['pass'])) {
if ($cfg->PASSWD_STRONG) {
set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
} else {
set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
}
return;
}
if ($_POST['pass'] !== $_POST['pass_rep']) {
set_page_message(tr('Passwords do not match!'), 'warning');
return;
}
$status = $cfg->ITEM_ADD_STATUS;
$uname = clean_input($_POST['username']);
$upass = crypt_user_pass_with_salt($_POST['pass']);
$query = "\n\t\t\t\tSELECT\n\t\t\t\t\t`id`\n\t\t\t\tFROM\n\t\t\t\t\t`htaccess_users`\n\t\t\t\tWHERE\n\t\t\t\t\t`uname` = ?\n\t\t\t\tAND\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t";
$rs = exec_query($sql, $query, array($uname, $dmn_id));
if ($rs->recordCount() == 0) {
$query = "\n\t\t\t\t\tINSERT INTO `htaccess_users`\n\t\t\t\t\t\t(`dmn_id`, `uname`, `upass`, `status`)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t(?, ?, ?, ?)\n\t\t\t\t";
exec_query($sql, $query, array($dmn_id, $uname, $upass, $status));
send_request('110 DOMAIN htaccess ' . $dmn_id);
$admin_login = $_SESSION['user_logged'];
write_log("{$admin_login}: add user (protected areas): {$uname}");
user_goto('protected_user_manage.php');
} else {
set_page_message(tr('User already exist !'), 'error');
return;
}
}
} else {
return;
}
}
function update_ssl_data()
{
// Get a reference to the Config object
$cfg = EasySCP_Registry::get('Config');
// Gets a reference to the EasySCP_ConfigHandler_Db instance
$db_cfg = EasySCP_Registry::get('Db_Config');
$db_cfg->resetQueriesCounter('update');
$sslkey = clean_input(filter_input(INPUT_POST, 'ssl_key'));
$sslcert = clean_input(filter_input(INPUT_POST, 'ssl_cert'));
$sslcacert = clean_input(filter_input(INPUT_POST, 'ssl_cacert'));
$sslstatus = clean_input(filter_input(INPUT_POST, 'ssl_status'));
if (openssl_x509_check_private_key($sslcert, $sslkey)) {
// update the ssl related values
$db_cfg->SSL_KEY = $sslkey;
$db_cfg->SSL_CERT = $sslcert;
$db_cfg->SSL_CACERT = $sslcacert;
$db_cfg->SSL_STATUS = $sslstatus;
$cfg->replaceWith($db_cfg);
/*
$data = array (
'SSL_KEY' => $sslkey,
'SSL_CERT' => $sslcert,
'SSL_STATUS'=> $sslstatus
);
*/
$data = array('SSL_STATUS' => $sslstatus);
EasyConfig::Save($data);
write_log(get_session('user_logged') . ": Updated SSL configuration!");
// get number of updates
$update_count = $db_cfg->countQueries('update');
if ($update_count == 0) {
set_page_message(tr("SSL configuration unchanged"), 'info');
} elseif ($update_count > 0) {
set_page_message(tr('SSL configuration updated!'), 'success');
}
} else {
set_page_message(tr("SSL key/cert don't match"), 'Warning');
write_log(get_session('user_logged') . ": Update of SSL configuration failed!");
}
send_request('110 DOMAIN master');
user_goto('tools_config_ssl.php');
}
function update_admin_personal_data($sql, $user_id)
{
if (check_user_data()) {
$fname = clean_input($_POST['fname']);
$lname = clean_input($_POST['lname']);
$gender = $_POST['gender'];
$firm = clean_input($_POST['firm']);
$zip = clean_input($_POST['zip']);
$city = clean_input($_POST['city']);
$state = clean_input($_POST['state']);
$country = clean_input($_POST['country']);
$street1 = clean_input($_POST['street1']);
$street2 = clean_input($_POST['street2']);
$email = clean_input($_POST['email']);
$phone = clean_input($_POST['phone']);
$fax = clean_input($_POST['fax']);
$query = "\n\t\t\tUPDATE\n\t\t\t\t`admin`\n\t\t\tSET\n\t\t\t\t`fname` = ?,\n\t\t\t\t`lname` = ?,\n\t\t\t\t`firm` = ?,\n\t\t\t\t`zip` = ?,\n\t\t\t\t`city` = ?,\n\t\t\t\t`state` = ?,\n\t\t\t\t`country` = ?,\n\t\t\t\t`street1` = ?,\n\t\t\t\t`street2` = ?,\n\t\t\t\t`email` = ?,\n\t\t\t\t`phone` = ?,\n\t\t\t\t`fax` = ?,\n\t\t\t\t`gender` = ?\n\t\t\tWHERE\n\t\t\t\t`admin_id` = ?\n\t";
exec_query($sql, $query, array($fname, $lname, $firm, $zip, $city, $state, $country, $street1, $street2, $email, $phone, $fax, $gender, $user_id));
set_page_message(tr('Personal data updated successfully!'), 'success');
}
}
function LcmCase($id_case = 0)
{
$id_case = intval($id_case);
$this->fu_start_from = 0;
$this->LcmObject();
if ($id_case > 0) {
$query = "SELECT * FROM lcm_case WHERE id_case = {$id_case}";
$result = lcm_query($query);
if ($row = lcm_fetch_array($result)) {
foreach ($row as $key => $val) {
$this->data[$key] = $val;
}
}
// Case stage
$stage = get_kw_from_name('stage', $this->getDataString('stage'));
$this->data['id_stage'] = $stage['id_keyword'];
}
// If any, populate form values submitted
foreach ($_REQUEST as $key => $value) {
$nkey = $key;
if (substr($key, 0, 5) == 'case_') {
$nkey = substr($key, 5);
}
$this->data[$nkey] = clean_input(_request($key));
}
// If any, populate with session variables (for error reporting)
if (isset($_SESSION['form_data'])) {
foreach ($_SESSION['form_data'] as $key => $value) {
$nkey = $key;
if (substr($key, 0, 5) == 'case_') {
$nkey = substr($key, 5);
}
$this->data[$nkey] = clean_input(_session($key));
}
}
if (!$id_case || get_datetime_from_array($_SESSION['form_data'], 'assignment', 'start', -1) != -1) {
$this->data['date_assignment'] = get_datetime_from_array($_SESSION['form_data'], 'assignment', 'start', date('Y-m-d H:i:s'));
}
}
/**
* @param $user_id
*/
function update_reseller_personal_data($user_id)
{
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeEditUser, array('userId' => $user_id));
$fname = clean_input($_POST['fname']);
$lname = clean_input($_POST['lname']);
$gender = $_POST['gender'];
$firm = clean_input($_POST['firm']);
$zip = clean_input($_POST['zip']);
$city = clean_input($_POST['city']);
$state = clean_input($_POST['state']);
$country = clean_input($_POST['country']);
$street1 = clean_input($_POST['street1']);
$street2 = clean_input($_POST['street2']);
$email = clean_input($_POST['email']);
$phone = clean_input($_POST['phone']);
$fax = clean_input($_POST['fax']);
$query = "\n\t\tUPDATE\n\t\t\t`admin`\n\t\tSET\n\t\t\t`fname` = ?,\n\t\t\t`lname` = ?,\n\t\t\t`firm` = ?,\n\t\t\t`zip` = ?,\n\t\t\t`city` = ?,\n\t\t\t`state` = ?,\n\t\t\t`country` = ?,\n\t\t\t`email` = ?,\n\t\t\t`phone` = ?,\n\t\t\t`fax` = ?,\n\t\t\t`street1` = ?,\n\t\t\t`street2` = ?,\n\t\t\t`gender` = ?\n\t\tWHERE\n\t\t\t`admin_id` = ?\n\t";
exec_query($query, array($fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender, $user_id));
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterEditUser, array('userId' => $user_id));
set_page_message(tr('Personal data successfully updated.'), 'success');
redirectTo('profile.php');
}
/**
* Recursive function to clean all dimensions of the array and reorient it so that the parent for a particular item can be easily looked up.
* array is the array being cleaned, count is the count of items in all the arrays for verification, valid_ids holds the id #s that are permitted to
* appear in the data, and when that id is happened upon the value at that location in the array is replaced with that id's parent in the new ordering.
*
* @param array $array
* @param int $count
* @param boolean $valid_ids
* @param array $order
* @param int $parent_id
* @param boolean $level_url
* @return <type>
*/
function deep_clean_and_orient(&$array, &$count, &$valid_ids, &$order, $parent_id = 0, $level_url = array())
{
foreach ($array as $key => &$item) {
// Key 0 has an int item defining the parent for the next ones in the array.
if ($key == 0) {
if ($item == -1) {
if (isset($root_found) && $root_found == true) {
return false;
} else {
$root_found = true;
}
// Skip the root key as it has no meaning, parent_id will be 0.
continue;
}
if (!is_numeric($item) || !($item = clean_input($item, array('trim', 'int')))) {
return false;
}
if (isset($valid_ids[$item]) && $valid_ids[$item]['found'] === false) {
//valid id must be TRUE, not 1, for this id to be accepted
$valid_ids[$item]['found'] = true;
// set to parent so it is known no valid ids occured twice
$level_url[] = $valid_ids[$item]['old_url_suffix'];
$order[$count] = array("id" => $item, "parent" => $parent_id, "url" => $level_url);
$count++;
$parent_id = $item;
} else {
return false;
}
} else {
if (deep_clean_and_orient($item, $count, $valid_ids, $order, $parent_id, $level_url) === false) {
//recursive call to clean all levels of the array.
return false;
}
}
}
return true;
//if anything has gone wrong the function will have returned by now.
}
/**
* Add Htaccess user.
*
* @param int $domainId Domain unique identifier
* @return
*/
function client_addHtaccessUser($domainId)
{
if (isset($_POST['uaction']) && $_POST['uaction'] == 'add_user') {
// we have to add the user
if (isset($_POST['username']) && isset($_POST['pass']) && isset($_POST['pass_rep'])) {
if (!validates_username($_POST['username'])) {
set_page_message(tr('Wrong username.'), 'error');
return;
}
if (!checkPasswordSyntax($_POST['pass'])) {
return;
}
if ($_POST['pass'] !== $_POST['pass_rep']) {
set_page_message(tr("Passwords do not match."), 'error');
return;
}
$status = 'toadd';
$uname = clean_input($_POST['username']);
$upass = cryptPasswordWithSalt($_POST['pass'], generateRandomSalt(true));
$query = "\n\t\t\t\tSELECT\n\t\t\t\t\t`id`\n\t\t\t\tFROM\n\t\t\t\t\t`htaccess_users`\n\t\t\t\tWHERE\n\t\t\t\t\t`uname` = ?\n\t\t\t\tAND\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t";
$rs = exec_query($query, array($uname, $domainId));
if ($rs->rowCount() == 0) {
$query = "\n\t\t\t\t\tINSERT INTO `htaccess_users` (\n\t\t\t\t\t `dmn_id`, `uname`, `upass`, `status`\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t ?, ?, ?, ?\n\t\t\t\t\t)\n\t\t\t\t";
exec_query($query, array($domainId, $uname, $upass, $status));
send_request();
set_page_message(tr('Htaccess user successfully scheduled for addition.'), 'success');
$admin_login = $_SESSION['user_logged'];
write_log("{$admin_login}: added new htaccess user: {$uname}", E_USER_NOTICE);
redirectTo('protected_user_manage.php');
} else {
set_page_message(tr('This htaccess user already exist.'), 'error');
return;
}
}
} else {
return;
}
}
/**
* Credentials authentication handler
*
* @param iMSCP_Events_Event $event
* @return iMSCP_Authentication_Result
* @throws iMSCP_Exception_Database
*/
function login_credentials($event)
{
$username = !empty($_POST['uname']) ? encode_idna(clean_input($_POST['uname'])) : '';
$password = !empty($_POST['upass']) ? clean_input($_POST['upass']) : '';
if (empty($username) || empty($password)) {
if (empty($username)) {
$message[] = tr('The username field is empty.');
}
if (empty($password)) {
$message[] = tr('The password field is empty.');
}
}
if (!isset($message)) {
$stmt = exec_query('SELECT admin_id, admin_name, admin_pass, admin_type, email, created_by FROM admin WHERE admin_name = ?', $username);
if (!$stmt->rowCount()) {
$result = new iMSCP_Authentication_Result(iMSCP_Authentication_Result::FAILURE_IDENTITY_NOT_FOUND, null, tr('Unknown username.'));
} else {
$identity = $stmt->fetchRow(PDO::FETCH_OBJ);
$dbPassword = $identity->admin_pass;
if ($dbPassword != md5($password) && crypt($password, $dbPassword) != $dbPassword) {
$result = new iMSCP_Authentication_Result(iMSCP_Authentication_Result::FAILURE_CREDENTIAL_INVALID, null, tr('Bad password.'));
} else {
if (strpos($dbPassword, '$') !== 0) {
# Not a password encrypted with crypt(), then re-encrypt it
exec_query('UPDATE admin SET admin_pass = ? WHERE admin_id = ?', array(cryptPasswordWithSalt($password), $identity->admin_id));
write_log(sprintf('Info: Password for user %s has been re-encrypted using the best available algorithm', $identity->admin_name), E_USER_NOTICE);
}
$result = new iMSCP_Authentication_Result(iMSCP_Authentication_Result::SUCCESS, $identity);
$event->stopPropagation();
}
}
} else {
$result = new iMSCP_Authentication_Result(count($message) == 2 ? iMSCP_Authentication_Result::FAILURE_CREDENTIAL_EMPTY : iMSCP_Authentication_Result::FAILURE_CREDENTIAL_INVALID, null, $message);
}
return $result;
}
* @copyright Copyright 2011 Queen's University. All Rights Reserved.
*
*/
if (!defined("PARENT_INCLUDED") || !defined("IN_AAMC_CI")) {
exit;
} elseif (!isset($_SESSION["isAuthorized"]) || !$_SESSION["isAuthorized"]) {
header("Location: " . ENTRADA_URL);
exit;
} elseif (!$ENTRADA_ACL->amIAllowed("report", "read", false)) {
$ONLOAD[] = "setTimeout('window.location=\\'" . ENTRADA_URL . "/admin/" . $MODULE . "\\'', 15000)";
add_error("Your account does not have the permissions required to use this feature of this module.<br /><br />If you believe you are receiving this message in error please contact <a href=\"mailto:" . html_encode($AGENT_CONTACTS["administrator"]["email"]) . "\">" . html_encode($AGENT_CONTACTS["administrator"]["name"]) . "</a> for assistance.");
echo display_error();
application_log("error", "Group [" . $_SESSION["permissions"][$ENTRADA_USER->getAccessId()]["group"] . "] and role [" . $_SESSION["permissions"][$ENTRADA_USER->getAccessId()]["role"] . "] does not have access to this module [" . $MODULE . "]");
} else {
if ($router && $router->initRoute()) {
if (isset($_GET["id"]) && ($tmp_input = clean_input($_GET["id"], "int"))) {
$REPORT_ID = $tmp_input;
}
if ($REPORT_ID) {
$query = "SELECT * FROM `reports_aamc_ci` WHERE `raci_id` = " . $db->qstr($REPORT_ID) . " AND `organisation_id` = " . $db->qstr($ENTRADA_USER->getActiveOrganisation());
$REPORT = $db->GetRow($query);
if ($REPORT) {
$SHORT_REPORT_TITLE = date("Y", $REPORT["report_start"]) . "-" . date("Y", $REPORT["report_finish"]) . " Curriculum";
$BREADCRUMB[] = array("url" => ENTRADA_URL . "/admin/reports/aamc/manage?id=" . $REPORT_ID, "title" => $SHORT_REPORT_TITLE);
$sidebar_html = "<ul class=\"menu\">";
$sidebar_html .= "\t<li class=\"link\"><a href=\"" . ENTRADA_URL . "/admin/reports/aamc/manage/edit?id=" . $REPORT_ID . "\">Edit Report</a></li>\n";
$sidebar_html .= "</ul>";
new_sidebar_item($SHORT_REPORT_TITLE, $sidebar_html, "aamc-report", "open");
$module_file = $router->getRoute();
if ($module_file) {
require_once $module_file;
