Ejemplo n.º 1
0
 function validate_custom_records($data_orig = array())
 {
     log_debug("domain", "Executing validate_custom_records(array_data)");
     if (!isset($this->data)) {
         // we need the domain details if we don't already have them
         $this->load_data();
     }
     $data = array();
     $data_tmp = array();
     if (!empty($data_orig)) {
         /*
          				Supplied Array Data - this data has some amount of pre-processing
         	done, having already run through the javascript validation.
         */
         log_debug("domain", "Using supplied array data in \$data_orig");
         /*
         	Fetch Data
         */
         $data["custom"]["num_records"] = count(array_keys($data_orig));
         for ($i = 0; $i < $data["custom"]["num_records"]; $i++) {
             $data_tmp[$i]["id"] = @security_script_input_predefined("int", $data_orig[$i]["id"], 1);
             $data_tmp[$i]["type"] = @security_script_input_predefined("any", $data_orig[$i]["type"], 1);
             $data_tmp[$i]["ttl"] = @security_script_input_predefined("int", $data_orig[$i]["ttl"], 1);
             $data_tmp[$i]["name"] = @security_script_input_predefined("any", $data_orig[$i]["name"], 1);
             $data_tmp[$i]["prio"] = @security_script_input_predefined("int", $data_orig[$i]["prio"], 0);
             $data_tmp[$i]["content"] = @security_script_input_predefined("any", $data_orig[$i]["content"], 1);
             $data_tmp[$i]["reverse_ptr"] = @security_script_input_predefined("checkbox", $data_orig[$i]["reverse_ptr"], 1);
             $data_tmp[$i]["reverse_ptr_orig"] = @security_script_input_predefined("checkbox", $data_orig[$i]["reverse_ptr_orig"], 1);
             $data_tmp[$i]["delete_undo"] = @security_script_input_predefined("any", $data_orig[$i]["delete_undo"], 1);
             if (empty($data_tmp[$i]["mode"]) || $data_tmp[$i]["mode"] != "delete" && $data_tmp[$i]["mode"] != "update") {
                 // mode undetermined, run check
                 if ($data_tmp[$i]["id"] && $data_tmp[$i]["delete_undo"] == "true") {
                     $data_tmp[$i]["mode"] = "delete";
                 } else {
                     if (!empty($data_tmp[$i]["content"]) && $data_tmp[$i]["delete_undo"] == "false") {
                         $data_tmp[$i]["mode"] = "update";
                     }
                 }
             }
         }
     } elseif (isset($_POST['record_custom_page'])) {
         /*
         	Fetch data from POST - easiest way, since we can take advantage of smart
         	error handling functions built in.
         */
         // fetch number of records
         $data["custom"]["num_records"] = @security_form_input_predefined("int", "num_records_custom", 0, "");
         for ($i = 0; $i < $data["custom"]["num_records"]; $i++) {
             /*
             	Fetch Data
             */
             $data_tmp[$i]["id"] = @security_form_input_predefined("int", "record_custom_" . $i . "_id", 0, "");
             $data_tmp[$i]["type"] = @security_form_input_predefined("any", "record_custom_" . $i . "_type", 0, "");
             $data_tmp[$i]["ttl"] = @security_form_input_predefined("int", "record_custom_" . $i . "_ttl", 0, "");
             $data_tmp[$i]["name"] = @security_form_input_predefined("any", "record_custom_" . $i . "_name", 0, "");
             $data_tmp[$i]["content"] = @security_form_input_predefined("any", "record_custom_" . $i . "_content", 0, "");
             $data_tmp[$i]["reverse_ptr"] = @security_form_input_predefined("checkbox", "record_custom_" . $i . "_reverse_ptr", 0, "");
             $data_tmp[$i]["reverse_ptr_orig"] = @security_form_input_predefined("checkbox", "record_custom_" . $i . "_reverse_ptr_orig", 0, "");
             $data_tmp[$i]["delete_undo"] = @security_form_input_predefined("any", "record_custom_" . $i . "_delete_undo", 0, "");
             /*
             	Process Raw Data
             */
             if ($data_tmp[$i]["id"] && $data_tmp[$i]["delete_undo"] == "true") {
                 $data_tmp[$i]["mode"] = "delete";
             } else {
                 if (!empty($data_tmp[$i]["content"]) && $data_tmp[$i]["delete_undo"] == "false") {
                     $data_tmp[$i]["mode"] = "update";
                 }
             }
         }
     }
     /*
     	Process Validated Inputs
     */
     if (!empty($data_tmp)) {
         log_write("debug", "domains", "Record values obtained, running detailed check");
         for ($i = 0; $i < $data["custom"]["num_records"]; $i++) {
             /*
             	Error Handling
             */
             // verify name syntax
             if ($data_tmp[$i]["name"] == "*" || preg_match("/^\\*\\.[A-Za-z0-9\\p{L}:._-]+\$/", $data_tmp[$i]["name"])) {
                 // wildcard records are annoying - wildcards must be standalone, and can't be part of a sring
                 // OK  -> *
                 // OK  -> *.example.com
                 // BAD -> abc*.example.com
                 // BAD -> std*abc.example.com
                 // nothing todo
             } elseif ($data_tmp[$i]["name"] != "@" && !preg_match("/^[A-Za-z0-9\\p{L}:._-]*\$/", $data_tmp[$i]["name"])) {
                 // all other record types
                 log_write("error", "process", "Sorry, the value you have entered for record " . $data_tmp[$i]["name"] . " contains invalid charactors");
                 error_flag_field("record_custom_" . $i . "");
             }
             // validate content and name formatting per domain type
             if ($data_tmp[$i]["name"] != "") {
                 switch ($data_tmp[$i]["type"]) {
                     case "A":
                         // validate IPv4
                         if (!preg_match("/^(?:25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]\\d|\\d)(?:[.](?:25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]\\d|\\d)){3}\$/", $data_tmp[$i]["content"])) {
                             // invalid IP address
                             log_write("error", "process", "A record for " . $data_tmp[$i]["name"] . " did not validate as an IPv4 address");
                             error_flag_field("record_custom_" . $i . "");
                         }
                         break;
                     case "AAAA":
                         // validate IPv6
                         if (filter_var($data_tmp[$i]["content"], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) == FALSE) {
                             // invalid IP address
                             log_write("error", "process", "AAAA record for " . $data_tmp[$i]["name"] . " did not validate as an IPv6 address");
                             error_flag_field("record_custom_" . $i . "");
                         }
                         break;
                     case "CNAME":
                         // validate CNAME
                         if ($data_tmp[$i]["content"] != "@" && !preg_match("/^[A-Za-z0-9\\p{L}._-]*\$/", $data_tmp[$i]["content"])) {
                             // invalid CNAME
                             log_write("error", "process", "CNAME record for " . $data_tmp[$i]["name"] . " contains invalid characters.");
                             error_flag_field("record_custom_" . $i . "");
                         }
                         // make sure it's not an IP
                         if (filter_var($data_tmp[$i]["content"], FILTER_VALIDATE_IP) == $data_tmp[$i]["content"]) {
                             // CNAME is pointing at an IP
                             log_write("error", "process", "CNAME record for " . $data_tmp[$i]["name"] . " is incorrectly referencing an IP address.");
                             error_flag_field("record_custom_" . $i . "");
                         }
                         break;
                     case "SRV":
                         // validate SRV name (_service._proto.name OR _service._proto))
                         if (!preg_match("/^_[A-Za-z0-9\\p{L}.-]*\\._[A-Za-z\\p{L}]*\\.[A-Za-z0-9\\p{L}.-]*\$/", $data_tmp[$i]["name"]) && !preg_match("/^_[A-Za-z0-9\\p{L}.-]*\\._[A-Za-z\\p{L}]*\$/", $data_tmp[$i]["name"])) {
                             log_write("error", "process", "SRV record for " . $data_tmp[$i]["name"] . " is not correctly formatted - name must be: _service._proto.name");
                             error_flag_field("record_custom_" . $i . "");
                         }
                         // validate SRV content (priority, weight, port, target/host)
                         if (!preg_match("/^[0-9]*\\s[0-9]*\\s[0-9]*\\s[A-Za-z0-9\\p{L}.-]*\$/", $data_tmp[$i]["content"])) {
                             log_write("error", "process", "SRV record for " . $data_tmp[$i]["name"] . " is not correctly formatted - content must be: priority weight port target/hostname");
                             error_flag_field("record_custom_" . $i . "");
                         }
                         break;
                     case "SPF":
                     case "TXT":
                         // TXT string could be almost anything, just make sure it's quoted.
                         $data_tmp[$i]["content"] = str_replace("'", "", $data_tmp[$i]["content"]);
                         $data_tmp[$i]["content"] = str_replace('"', "", $data_tmp[$i]["content"]);
                         $data_tmp[$i]["content"] = '"' . $data_tmp[$i]["content"] . '"';
                         break;
                     case "PTR":
                         if (strpos($this->data["domain_name"], "in-addr.arpa")) {
                             // IPv4 PTR Record
                             // We only pass through the 4th octet to the end user.
                             if (!preg_match("/^[0-9]*\$/", $data_tmp[$i]["name"])) {
                                 log_write("error", "process", "PTR reverse record for " . $data_tmp[$i]["content"] . " should be a single octet.");
                                 error_flag_field("record_custom_" . $i . "");
                             }
                             if (!preg_match("/^[A-Za-z0-9\\p{L}.-]*\$/", $data_tmp[$i]["content"])) {
                                 log_write("error", "process", "PTR reverse record for " . $data_tmp[$i]["name"] . " is not correctly formatted.");
                                 error_flag_field("record_custom_" . $i . "");
                             }
                         } elseif (strpos($this->data["domain_name"], "ip6.arpa")) {
                             // IPv6 PTR Record
                             // If the record is already in reverse ARPA format, we should convert it first
                             if (strpos($data_tmp[$i]["name"], "ip6.arpa")) {
                                 $data_tmp[$i]["name"] = ipv6_convert_fromarpa($data_tmp[$i]["name"]);
                             }
                             // We pass through a full IPv6 address and maybe a CIDR value - if provided,
                             // we should strip off the CIDR and then validate the address and process.
                             $data_tmp[$i]["name"] = preg_replace("/\\/[0-9]*\$/", '', $data_tmp[$i]["name"]);
                             if (!filter_var($data_tmp[$i]["name"], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
                                 log_write("error", "process", "Provided PTR IPv6 address for " . $data_tmp[$i]["name"] . " is not a valid IPv6 address.");
                                 error_flag_field("record_custom_" . $i . "");
                             }
                             if (!preg_match("/^[A-Za-z0-9\\p{L}.-]*\$/", $data_tmp[$i]["content"])) {
                                 log_write("error", "process", "Provided PTR IPv6 reverse record for " . $data_tmp[$i]["name"] . " is not correctly formatted.");
                                 error_flag_field("record_custom_" . $i . "");
                             }
                             // convert the record into PTR formatted value
                             $data_tmp[$i]["name"] = ipv6_convert_arpa($data_tmp[$i]["name"]);
                         }
                         break;
                     case "SSHFP":
                         // validate SSHFP content (algorithm, type, key/fingerprint)
                         if (!preg_match("/^[1-4] [1-2] [a-fA-F0-9]+\$/", $data_tmp[$i]["content"])) {
                             log_write("error", "process", "SSHFP record for " . $data_tmp[$i]["name"] . " is not correctly formatted - content must be: algorithm(1-4) type(1-2) <key/fingerprint>");
                             error_flag_field("record_custom_" . $i . "");
                         }
                         break;
                     case "LOC":
                         // validate SSHFP content (algorithm, type, key/fingerprint)
                         if (!preg_match("/^[0-9]+( [0-9]+( [0-9]+\\.[0-9]+)?)? N|S [0-9]+( [0-9]+( [0-9]+\\.[0-9]+)?)? E|W \\-?[0-9]+\\.[0-9]+m?( [0-9]+\\.[0-9]+m?)?( [0-9]+\\.[0-9]+m?)?/", $data_tmp[$i]["content"])) {
                             log_write("error", "process", "LOC record for " . $data_tmp[$i]["name"] . " is not correctly formatted - content must follow RFC 1876");
                             error_flag_field("record_custom_" . $i . "");
                         }
                         break;
                     case "NS":
                     case "MX":
                     case "HINFO":
                         // nothing todo.
                         break;
                     default:
                         log_write("error", "process", "Unknown record type " . $data_tmp[$i]["type"] . "");
                         break;
                 }
                 // remove excess "." which might have been added
                 $data_tmp[$i]["name"] = rtrim($data_tmp[$i]["name"], ".");
                 $data_tmp[$i]["content"] = rtrim($data_tmp[$i]["content"], ".");
                 // verify reverse PTR options
                 if ($data_tmp[$i]["reverse_ptr"]) {
                     if ($data_tmp[$i]["type"] == "A" || $data_tmp[$i]["type"] == "AAAA") {
                         // check if the appropiate reverse DNS domain exists
                         $obj_record = new domain_records();
                         if (!$obj_record->find_reverse_domain($data_tmp[$i]["content"])) {
                             // no match
                             log_write("error", "process", "Sorry, we can't set a reverse PTR for " . $data_tmp[$i]["content"] . " --&gt; " . $data_tmp[$i]["name"] . ", since there is no reverse domain record for that IP address");
                             error_flag_field("record_custom_" . $i . "");
                         } else {
                             // match, record the domain ID and record ID to save a lookup
                             $data_tmp[$i]["reverse_ptr_id_domain"] = $obj_record->id;
                             $data_tmp[$i]["reverse_ptr_id_record"] = $obj_record->id_record;
                         }
                         // add to the reverse domain list - we use this list to avoid reloading for every record
                         if (@(!in_array($obj_record->id, $data["reverse"]))) {
                             $data["reverse"][] = $obj_record->id;
                         }
                         unset($obj_record);
                     } else {
                         log_write("error", "process", "A reverse PTR record is only valid for an A or AAAA record");
                         error_flag_field("record_custom_" . $i . "");
                     }
                 }
                 // add to processing array
                 $data["records"][] = $data_tmp[$i];
             } else {
                 /*
                 	No record name exists - this is only valid if no content is also supplied
                 */
                 if (!empty($data_tmp[$i]['content'])) {
                     log_write("error", "process", "Name cannot be empty for IP address: " . $data_tmp[$i]['content']);
                     error_flag_field("record_custom_" . $i . "");
                 }
             }
         }
         // end of loop through records
     } else {
         log_write("debug", "domains", "No records provided, no validation performed");
     }
     // return structured array
     return $data;
 }
     foreach ((array) $input_structure_items as $input_structure_item) {
         $i = $input_structure_item['field_src'];
         $new_input_structure[$i]['field_src'] = $input_structure_item['field_src'];
         $new_input_structure[$i]['field_dest'] = $input_structure_item["field_dest"];
         $new_input_structure[$i]['data_format'] = $input_structure_item["data_format"];
     }
     unset($i);
 }
 $num_cols = @security_form_input_predefined("int", "num_cols", 1, "");
 $structure_id = @security_form_input_predefined("int", "structure_id", 0, "");
 if ($structure_id == $selected_structure || $selected_structure == 0) {
     $structure_name = @security_form_input_predefined("any", "name", 0, "");
     $structure_description = @security_form_input_predefined("any", "description", 0, "");
     for ($i = 1; $i <= $num_cols; $i++) {
         $data["column{$i}"] = @security_form_input_predefined("any", "column{$i}", 0, "");
         $data["format{$i}"] = @security_form_input_predefined("any", "format{$i}", 0, "");
     }
     /*
     	Error Handling
     */
     // verify that there is no duplicate configuration in the columns
     for ($i = 1; $i <= $num_cols; $i++) {
         $col = "column" . $i;
         for ($j = $i + 1; $j <= $num_cols; $j++) {
             $col2 = "column" . $j;
             if (!empty($data[$col2])) {
                 if ($data[$col] == $data[$col2]) {
                     error_flag_field($col);
                     error_flag_field($col2);
                     log_write("error", "page_output", "Each column must be assigned a unique role.");
                 }
Ejemplo n.º 3
0
 // account options
 $data["option_lang"] = @security_form_input_predefined("any", "option_lang", 1, "");
 $data["option_dateformat"] = @security_form_input_predefined("any", "option_dateformat", 1, "");
 $data["option_timezone"] = @security_form_input_predefined("any", "option_timezone", 1, "");
 $data["option_shrink_tableoptions"] = @security_form_input_predefined("any", "option_shrink_tableoptions", 0, "");
 $data["option_table_limit"] = @security_form_input_predefined("any", "option_table_limit", 0, "");
 $data["option_default_employeeid"] = @security_form_input_predefined("any", "option_default_employeeid", 0, "");
 $data["option_theme"] = @security_form_input_predefined("any", "option_theme", 0, "");
 $data["option_debug"] = @security_form_input_predefined("any", "option_debug", 0, "");
 $data["option_concurrent_logins"] = @security_form_input_predefined("any", "option_concurrent_logins", 0, "");
 $data["option_translation"] = @security_form_input_predefined("any", "option_translation", 0, "");
 ///// ERROR CHECKING ///////////////////////
 // check password (if the user has requested to change it)
 if ($_POST["password"] || $_POST["password_confirm"]) {
     $data["password"] = @security_form_input_predefined("any", "password", 4, "");
     $data["password_confirm"] = @security_form_input_predefined("any", "password_confirm", 4, "");
     if ($data["password"] != $data["password_confirm"]) {
         $_SESSION["error"]["message"][] = "Your passwords do not match!";
         $_SESSION["error"]["password-error"] = 1;
         $_SESSION["error"]["password_confirm-error"] = 1;
     }
 }
 //// PROCESS DATA ////////////////////////////
 if ($_SESSION["error"]["message"]) {
     $_SESSION["error"]["form"]["user_options"] = "failed";
     header("Location: ../index.php?page=user/options.php&id={$id}");
     exit(0);
 } else {
     $_SESSION["error"] = array();
     // start SQL transaction
     $sql_obj = new sql_query();
Ejemplo n.º 4
0
$_SESSION["error"] = array();
$_SESSION["user"] = array();
if (user_online()) {
    // user is already logged in!
    $_SESSION["error"]["message"][] = "You are already logged in!";
    $_SESSION["error"]["username_amberdms_bs"] = "error";
    $_SESSION["error"]["password_amberdms_bs"] = "error";
} else {
    // check & convert input
    if ($GLOBALS["config"]["instance"] == "hosted") {
        $instance = security_form_input("/^[0-9a-z]*\$/", "instance_amberdms_bs", 1, "Please provide a valid customer instance ID.");
    } else {
        $instance = NULL;
    }
    $username = @security_form_input_predefined("any", "username_amberdms_bs", 1, "Please enter a username.");
    $password = @security_form_input_predefined("any", "password_amberdms_bs", 4, "Please enter a password.");
    if ($_SESSION["error"]["message"]) {
        // errors occured
        header("Location: ../index.php?page=user/login.php");
        exit(0);
    }
    // call the user functions to authenticate the user and handle blacklisting
    $result = user_login($instance, $username, $password);
    if ($result == 1) {
        // login succeded
        // if user has been redirected to login from a previous page, lets take them to that page.
        if ($_SESSION["login"]["previouspage"]) {
            header("Location: ../index.php?" . $_SESSION["login"]["previouspage"] . "");
            $_SESSION["login"] = array();
            exit(0);
        } else {
function service_form_delete_process()
{
    log_debug("inc_services_process", "Executing service_form_delete_process()");
    /*
    	Fetch all form data
    */
    // get form data
    $id = @security_form_input_predefined("int", "id_service", 1, "");
    $data["delete_confirm"] = @security_form_input_predefined("any", "delete_confirm", 1, "You must confirm the deletion");
    //// ERROR CHECKING ///////////////////////
    // make sure the service actually exists
    $sql_obj = new sql_query();
    $sql_obj->string = "SELECT id FROM services WHERE id='{$id}' LIMIT 1";
    $sql_obj->execute();
    if (!$sql_obj->num_rows()) {
        log_write("error", "process", "The service you have attempted to edit - {$id} - does not exist in this system.");
    }
    // make sure the service is not active for any customers
    $sql_obj = new sql_query();
    $sql_obj->string = "SELECT id FROM services_customers WHERE serviceid='{$id}' LIMIT 1";
    $sql_obj->execute();
    if ($sql_obj->num_rows()) {
        log_write("error", "process", "Service is active for customers and can therefore not be deleted.");
    }
    /// if there was an error, go back to the entry page
    if ($_SESSION["error"]["message"]) {
        $_SESSION["error"]["form"]["service_delete"] = "failed";
        header("Location: ../index.php?page=services/delete.php&id={$id}");
        exit(0);
    } else {
        /*
        	Begin Transaction
        */
        $sql_obj = new sql_query();
        $sql_obj->trans_begin();
        /*
        	Delete the service data
        */
        $sql_obj->string = "DELETE FROM services WHERE id='{$id}' LIMIT 1";
        $sql_obj->execute();
        /*
        	Delete the service taxes
        */
        $sql_obj->string = "DELETE FROM services_taxes WHERE serviceid='{$id}'";
        $sql_obj->execute();
        /*
        	Delete the service bundle components (if any)
        */
        $sql_bundle_obj = new sql_query();
        $sql_bundle_obj->string = "SELECT id FROM services_bundles WHERE id_service='{$id}'";
        $sql_bundle_obj->execute();
        if ($sql_bundle_obj->num_rows()) {
            $sql_bundle_obj->fetch_array();
            foreach ($sql_bundle_obj->data as $data_bundle) {
                // delete any options for each bundle item
                $sql_obj->string = "DELETE FROM services_options WHERE option_type='service' AND option_type_id='" . $data_bundle["id"] . "'";
                $sql_obj->execute();
            }
        }
        $sql_obj->string = "DELETE FROM services_bundles WHERE id_service='{$id}'";
        $sql_obj->execute();
        /*
        	Delete the service cdr rate overrides (if any)
        */
        $sql_obj->string = "DELETE FROM cdr_rate_tables_overrides WHERE option_type='service' AND option_type_id='{$id}'";
        $sql_obj->execute();
        /*
        	Delete service journal data
        */
        journal_delete_entire("services", $id);
        /*
        	Commit
        */
        if (error_check()) {
            $sql_obj->trans_rollback();
            log_write("error", "process", "An error occured whilst attempting to delete the transaction. No changes have been made.");
            header("Location: ../index.php?page=services/view.php&id={$id}");
            exit(0);
        } else {
            $sql_obj->trans_commit();
            log_write("notification", "process", "Service successfully deleted");
            header("Location: ../index.php?page=services/services.php");
            exit(0);
        }
    }
    // end if passed tests
}
*/
// includes
include_once "../include/config.php";
include_once "../include/amberphplib/main.php";
if (user_permissions_get('admin')) {
    ////// INPUT PROCESSING ////////////////////////
    $id = @security_form_input_predefined("int", "id_user", 1, "");
    $staffid = @security_form_input_predefined("int", "id_staff", 1, "");
    // convert all the permissions input
    $permissions = array();
    $sql_perms_obj = new sql_query();
    $sql_perms_obj->string = "SELECT * FROM `permissions_staff` ORDER BY value";
    $sql_perms_obj->execute();
    $sql_perms_obj->fetch_array();
    foreach ($sql_perms_obj->data as $data_perms) {
        $permissions[$data_perms["value"]] = @security_form_input_predefined("any", $data_perms["value"], 0, "Form provided invalid input!");
    }
    ///// ERROR CHECKING ///////////////////////
    // make sure the user actually exists
    $sql_obj = new sql_query();
    $sql_obj->string = "SELECT id FROM `users` WHERE id='{$id}' LIMIT 1";
    $sql_obj->execute();
    if (!$sql_obj->num_rows()) {
        log_write("error", "process", "The user you have attempted to edit - {$id} - does not exist in this system.");
    }
    // make sure the staff member exists
    $sql_obj = new sql_query();
    $sql_obj->string = "SELECT id FROM `staff` WHERE id='{$staffid}' LIMIT 1";
    $sql_obj->execute();
    if (!$sql_obj->num_rows()) {
        log_write("error", "process", "The staff member you have attempted to set permission for - {$id} - does not exist in this system.");
             if ($data["phone_trunk_quantity"] < $data["phone_trunk_included_units"]) {
                 $data["phone_trunk_quantity"] = $data["phone_trunk_included_units"];
             }
             break;
     }
 } else {
     // standard fields
     $data["serviceid"] = @security_form_input_predefined("any", "serviceid", 1, "");
     $data["date_period_first"] = @security_form_input_predefined("date", "date_period_first", 1, "");
     $data["date_period_next"] = $data["date_period_first"];
     $data["description"] = @security_form_input_predefined("any", "description", 0, "");
     // special migration stuff
     if (sql_get_singlevalue("SELECT value FROM config WHERE name='SERVICE_MIGRATION_MODE'") == 1) {
         $data["migration_date_period_usage_override"] = @security_form_input_predefined("any", "migration_date_period_usage_override", 1, "");
         if ($data["migration_date_period_usage_override"] == "migration_use_usage_date") {
             $data["migration_date_period_usage_first"] = @security_form_input_predefined("date", "migration_date_period_usage_first", 1, "");
         }
     }
 }
 /*
 	Verify Data
 */
 // check that the specified customer actually exists
 if (!$obj_customer->verify_id()) {
     log_write("error", "process", "The customer you have attempted to edit - " . $obj_customer->id . " - does not exist in this system.");
 } else {
     if ($obj_customer->id_service_customer) {
         // are we editing an existing service? make sure it exists and belongs to this customer
         if (!$obj_customer->verify_id_service_customer()) {
             log_write("error", "process", "The service you have attempted to edit - " . $obj_customer->id_service_customer . " - does not exist in this system.");
         } else {
Ejemplo n.º 8
0
// includes
require "../include/config.php";
require "../include/amberphplib/main.php";
// custom includes
require "../include/products/inc_products.php";
if (user_permissions_get('products_write')) {
    $obj_product = new product();
    /*
    	Import POST Data
    */
    $obj_product->id = @security_form_input_predefined("int", "id_product", 0, "");
    // these exist to make error handling work right
    $obj_product->data["code_product"] = @security_form_input_predefined("any", "code_product", 0, "");
    $obj_product->data["name_product"] = @security_form_input_predefined("any", "name_product", 0, "");
    // confirm deletion
    $obj_product->data["delete_confirm"] = @security_form_input_predefined("any", "delete_confirm", 1, "You must confirm the deletion");
    /*
    	Error Handling
    */
    // check that the product exists
    if (!$obj_product->verify_id()) {
        log_write("error", "process", "The product you have attempted to edit - " . $obj_product->id . " - does not exist in this system.");
    }
    // check that the product is safe to delete
    if ($obj_product->check_delete_lock()) {
        log_write("error", "process", "This product is locked and can not be deleted.");
    }
    // if there was an error, go back to the entry page
    if ($_SESSION["error"]["message"]) {
        $_SESSION["error"]["form"]["product_delete"] = "failed";
        header("Location: ../index.php?page=products/delete.php&id=" . $obj_product->id);
 $obj_rate_table->id = @security_form_input_predefined("int", "id_rate_table", 1, "");
 $data["nad_country_prefix"] = @security_form_input_predefined("int", "nad_country_prefix", 0, "");
 $data["nad_default_destination"] = @security_form_input_predefined("any", "nad_default_destination", 0, "");
 $data["cdr_rate_import_mode"] = @security_form_input_predefined("any", "cdr_rate_import_mode", 1, "");
 $data["nad_price_cost_national"] = @security_form_input_predefined("float", "nad_price_cost_national", 0, "");
 $data["nad_price_sale_national"] = @security_form_input_predefined("float", "nad_price_sale_national", 0, "");
 $data["nad_price_cost_mobile"] = @security_form_input_predefined("float", "nad_price_cost_mobile", 0, "");
 $data["nad_price_sale_mobile"] = @security_form_input_predefined("float", "nad_price_sale_mobile", 0, "");
 $data["nad_price_cost_directory_national"] = @security_form_input_predefined("float", "nad_price_cost_directory_national", 0, "");
 $data["nad_price_sale_directory_national"] = @security_form_input_predefined("float", "nad_price_sale_directory_national", 0, "");
 $data["nad_price_cost_directory_international"] = @security_form_input_predefined("float", "nad_price_cost_directory_international", 0, "");
 $data["nad_price_sale_directory_international"] = @security_form_input_predefined("float", "nad_price_sale_directory_international", 0, "");
 $data["nad_price_cost_tollfree"] = @security_form_input_predefined("float", "nad_price_cost_tollfree", 0, "");
 $data["nad_price_sale_tollfree"] = @security_form_input_predefined("float", "nad_price_sale_tollfree", 0, "");
 $data["nad_price_cost_special"] = @security_form_input_predefined("float", "nad_price_cost_special", 0, "");
 $data["nad_price_sale_special"] = @security_form_input_predefined("float", "nad_price_sale_special", 0, "");
 /*
 	Error Handling
 */
 // verify valid rate table
 if (!$obj_rate_table->verify_id()) {
     log_write("error", "process", "The CDR rate table you have attempted to edit - " . $obj_rate_table->id . " - does not exist in this system.");
 }
 // TODO: some sort of NAD validation logic here?
 /*
 	Process Data
 */
 if (error_check()) {
     $_SESSION["error"]["form"]["cdr_import_rate_table_nad"] = "failed";
     header("Location: ../index.php?page=services/cdr-rates-import-nad.php&id=" . $obj_rate_table->id);
     exit(0);
require "../include/services/inc_services.php";
require "../include/services/inc_services_cdr.php";
if (user_permissions_get("services_write")) {
    /*
    	Fetch Form/Session Data
    */
    $obj_rate_table = new cdr_rate_table();
    $obj_rate_table->id = @security_form_input_predefined("int", "id_rate_table", 1, "");
    $data["cdr_rate_import_mode"] = @security_form_input_predefined("any", "cdr_rate_import_mode", 1, "");
    $data["rate_billgroup"] = @security_form_input_predefined("int", "rate_billgroup", 1, "");
    $data["cdr_rate_import_cost_price"] = @security_form_input_predefined("any", "cdr_rate_import_cost_price", 1, "");
    $data["cdr_rate_import_sale_price"] = @security_form_input_predefined("any", "cdr_rate_import_sale_price", 1, "");
    $data["cdr_rate_import_sale_price_margin"] = @security_form_input_predefined("float", "cdr_rate_import_sale_price_margin", 0, "");
    $num_cols = @security_form_input_predefined("int", "num_cols", 1, "");
    for ($i = 1; $i <= $num_cols; $i++) {
        $data["column{$i}"] = @security_form_input_predefined("any", "column{$i}", 0, "");
    }
    /*
    	Error Handling
    */
    // verify valid rate table
    if (!$obj_rate_table->verify_id()) {
        log_write("error", "process", "The CDR rate table you have attempted to edit - " . $obj_rate_table->id . " - does not exist in this system.");
    }
    // verify that there is no duplicate configuration in the columns
    for ($i = 1; $i <= $num_cols; $i++) {
        $col = "column" . $i;
        for ($j = $i + 1; $j <= $num_cols; $j++) {
            $col2 = "column" . $j;
            if (!empty($data[$col2])) {
                if ($data[$col] == $data[$col2]) {
/*
	admin/blacklist-enable-process.php
	
	access: admins only

	Allows the admin to enable/disable blacklisting.
*/
// includes
include_once "../include/config.php";
include_once "../include/amberphplib/main.php";
if (user_permissions_get('admin')) {
    /////////////////////////
    // convert the data given
    $data["blacklist_enable"] = @security_form_input_predefined("any", "blacklist_enable", 0, "");
    $data["blacklist_limit"] = @security_form_input_predefined("int", "blacklist_limit", 1, "");
    //// ERROR CHECKING ///////////////////////
    if ($data["blacklist_enable"] == "on") {
        $data["blacklist_enable"] = "enabled";
    } else {
        $data["blacklist_enable"] = "disabled";
    }
    // if there was an error, go back to the previous page
    if ($_SESSION["error"]["message"]) {
        $_SESSION["error"]["form"]["blacklist_control"] = "failed";
        header("Location: ../index.php?page=admin/blacklist.php");
        exit(0);
    } else {
        // enable/disable blacklisting
        $sql_obj = new sql_query();
        $sql_obj->string = "UPDATE config SET value='" . $data["blacklist_enable"] . "' WHERE name='BLACKLIST_ENABLE' LIMIT 1";
Ejemplo n.º 12
0
 $obj_tax->id = @security_form_input_predefined("int", "id_tax", 0, "");
 $obj_tax->data["name_tax"] = @security_form_input_predefined("any", "name_tax", 1, "");
 $obj_tax->data["taxrate"] = @security_form_input_predefined("any", "taxrate", 1, "");
 $obj_tax->data["chartid"] = @security_form_input_predefined("int", "chartid", 1, "");
 $obj_tax->data["taxnumber"] = @security_form_input_predefined("any", "taxnumber", 1, "");
 $obj_tax->data["description"] = @security_form_input_predefined("any", "description", 1, "");
 //default settings
 $obj_tax->data["default_customers"] = @security_form_input_predefined("checkbox", "default_customers", 0, "");
 $obj_tax->data["default_vendors"] = @security_form_input_predefined("checkbox", "default_vendors", 0, "");
 $obj_tax->data["default_services"] = @security_form_input_predefined("checkbox", "default_services", 0, "");
 $obj_tax->data["default_products"] = @security_form_input_predefined("checkbox", "default_products", 0, "");
 // only used when adding new taxes
 $obj_tax->data["autoenable_tax_customers"] = @security_form_input_predefined("checkbox", "autoenable_tax_customers", 0, "");
 $obj_tax->data["autoenable_tax_vendors"] = @security_form_input_predefined("checkbox", "autoenable_tax_vendors", 0, "");
 $obj_tax->data["autoenable_tax_services"] = @security_form_input_predefined("checkbox", "autoenable_tax_services", 0, "");
 $obj_tax->data["autoenable_tax_products"] = @security_form_input_predefined("checkbox", "autoenable_tax_products", 0, "");
 /*
 	Error Handling
 */
 if ($obj_tax->id) {
     // make sure the tax actually exists
     if (!$obj_tax->verify_id()) {
         log_write("error", "process", "The tax you have attempted to edit - " . $obj_tax->id . " - does not exist in this system.");
     }
 }
 // make sure we don't choose a tax name that is already in use
 if (!$obj_tax->verify_name_tax()) {
     log_write("error", "process", "Another tax already exists with the same name - please choose a unique name.");
     $_SESSION["error"]["name_tax-error"] = 1;
 }
 // make sure the selected chart exists
         } else {
             $obj_refund->load_data();
         }
     }
 }
 /*
 	Fetch Standard Data
 */
 $obj_refund->data["date_trans"] = @security_form_input_predefined("date", "date_trans", 1, "");
 $obj_refund->data["description"] = @security_form_input_predefined("any", "description", 0, "");
 $obj_refund->data["amount_total"] = @security_form_input_predefined("money", "amount", 1, "");
 $obj_refund->data["account_dest"] = @security_form_input_predefined("int", "account_dest", 1, "");
 $obj_refund->data["account_asset"] = @security_form_input_predefined("int", "account_asset", 1, "");
 $obj_refund->data["id_employee"] = @security_form_input_predefined("int", "id_employee", 1, "");
 $obj_refund->data["id_customer"] = $obj_customer->id;
 @security_form_input_predefined("any", "type", 0, "");
 // ignored, for error handling only
 // make sure the refund amount isn't more than the available credit
 $credit_balance = sql_get_singlevalue("SELECT SUM(amount_total) as value FROM customers_credits WHERE id_customer='" . $obj_customer->id . "' AND id!='" . $obj_refund->id . "'");
 if ($obj_refund->data["amount_total"] > $credit_balance) {
     log_write("error", "process", "Refund amount can not be more than the credit balance of " . format_money($credit_balance) . "");
 }
 /*
 	Check for any errors
 */
 if (error_check()) {
     $_SESSION["error"]["form"]["credit-refund_view"] = "failed";
     header("Location: ../index.php?page=customers/credit-refund.php&id_customer=" . $obj_customer->id . "&id_order=" . $obj_customer->id_order);
     exit(0);
 } else {
     /*
 	Load Data
 */
 $obj_customer->id = @security_form_input_predefined("int", "id_customer", 1, "");
 $obj_customer->id_service_customer = @security_form_input_predefined("int", "id_service_customer", 0, "");
 $obj_ddi->id = @security_form_input_predefined("int", "id_ddi", 0, "");
 $obj_ddi->id_customer = $obj_customer->id;
 $obj_ddi->id_service_customer = $obj_customer->id_service_customer;
 $obj_ddi->data["ddi_start"] = @security_form_input_predefined("int", "ddi_start", 1, "");
 $obj_ddi->data["ddi_finish"] = @security_form_input_predefined("int", "ddi_finish", 1, "");
 $obj_ddi->data["description"] = @security_form_input_predefined("any", "description", 0, "");
 if ($GLOBALS["config"]["SERVICE_CDR_LOCAL"] == "prefix") {
     // prefix integer based
     $obj_ddi->data["local_prefix"] = @security_form_input_predefined("any", "phone_local_prefix", 1, "");
 } else {
     // string/region/destination based
     $obj_ddi->data["local_prefix"] = @security_form_input_predefined("any", "phone_local_prefix", 1, "");
 }
 /*
 	Verify Data
 */
 // check that the specified customer actually exists
 if (!$obj_customer->verify_id()) {
     log_write("error", "process", "The customer you have attempted to edit - " . $obj_customer->id . " - does not exist in this system.");
 } else {
     // make sure the service exists and is assigned to the customer
     if (!$obj_customer->verify_id_service_customer()) {
         log_write("error", "process", "The service you have attempted to edit - " . $obj_customer->id_service_customer . " - does not exist in this system.");
     } else {
         $obj_customer->load_data();
         $obj_customer->load_data_service();
     }
Ejemplo n.º 15
0
     }
 }
 //taxes
 $obj_customer->data["tax_number"] = @security_form_input_predefined("any", "tax_number", 0, "");
 $obj_customer->data["discount"] = @security_form_input_predefined("float", "discount", 0, "");
 // get tax selection options
 $sql_taxes_obj = new sql_query();
 $sql_taxes_obj->string = "SELECT id FROM account_taxes";
 $sql_taxes_obj->execute();
 if ($sql_taxes_obj->num_rows()) {
     // only get the default tax if taxes exist
     $obj_customer->data["tax_default"] = @security_form_input_predefined("int", "tax_default", 0, "");
     // fetch all the taxes and see which ones are enabled for the customer
     $sql_taxes_obj->fetch_array();
     foreach ($sql_taxes_obj->data as $data_tax) {
         $obj_customer->data["tax_" . $data_tax["id"]] = @security_form_input_predefined("any", "tax_" . $data_tax["id"], 0, "");
     }
 }
 /*
 	Error Handling
 */
 // verify valid ID (if performing update)
 if ($obj_customer->id) {
     if (!$obj_customer->verify_id()) {
         log_write("error", "process", "The customer you have attempted to edit - " . $obj_customer->id . " - does not exist in this system.");
     }
 }
 // make sure we don't choose a customer name that has already been taken
 if (!$obj_customer->verify_name_customer()) {
     log_write("error", "process", "This customer name is already used for another customer - please choose a unique name.");
     $_SESSION["error"]["name_customer-error"] = 1;
Ejemplo n.º 16
0
     $data["FEATURE_LOGS_AUDIT"] = @security_form_input_predefined("checkbox", "FEATURE_LOGS_AUDIT", 0, "");
     $data["FEATURE_LOGS_PERIOD"] = @security_form_input_predefined("int", "FEATURE_LOGS_PERIOD", 0, "");
     $data["LOG_RETENTION_PERIOD"] = @security_form_input_predefined("int", "LOG_RETENTION_PERIOD", 0, "");
     $data["LOG_UPDATE_INTERVAL"] = @security_form_input_predefined("int", "LOG_UPDATE_INTERVAL", 1, "");
     $data["LOG_RETENTION_CHECKTIME"] = 0;
     // reset check time, so that the log retention processes run
 } else {
     $data["FEATURE_LOGS_CHECKTIME"] = 0;
     $data["FEATURE_LOGS_API"] = 0;
     $data["FEATURE_LOGS_AUDIT"] = 0;
     $data["FEATURE_LOGS_PERIOD"] = 0;
     $data["LOG_RETENTION_CHECKTIME"] = 0;
     $data["LOG_UPDATE_INTERVAL"] = "5";
 }
 $data["PAGINATION_DOMAIN_RECORDS"] = @security_form_input_predefined("int", "PAGINATION_DOMAIN_RECORDS", 1, "");
 $data["PHONE_HOME"] = @security_form_input_predefined("checkbox", "PHONE_HOME", 0, "");
 /*
 	Test Zone Database
 
 	Disabled for now, currently we only support our internal DB.
 
 if ($data["ZONE_DB_TYPE"] == "powerdns_mysql")
 {
 	$obj_sql = New sql_query;
 
 	if (!$obj_sql->session_init("mysql", $data["ZONE_DB_HOST"], $data["ZONE_DB_NAME"], $data["ZONE_DB_USERNAME"], $data["ZONE_DB_PASSWORD"]))
 	{
 		log_write("error", "process", "Unable to connect to powerdns-compliant zone database!");
 
 		error_flag_field("ZONE_DB_HOST");
 		error_flag_field("ZONE_DB_NAME");
Ejemplo n.º 17
0
 function execute()
 {
     /*
      * Validate a POST (page navigation move will prompt this)
      */
     if (isset($_POST['record_custom_page'])) {
         // fetch data from POST and validate - we then return values
         $data = stripslashes_deep($this->obj_domain->validate_custom_records());
         // validate the record_custom_page for returning the user to their page, default to page 1 if any errors in validating...
         $data['record_custom_page'] = @security_form_input_predefined("int", "record_custom_page", 1, "");
         /*
         			echo '<tr><td colspan="100%">post-validation POST data<pre>'; 
         			echo '<pre>';
         			print_R($data);
         			echo '</pre>';
         			echo '</td></tr>';
         			die("debug");
         */
         if (error_check()) {
             log_write("debug", "records-ajax", "POST records provided but error encountered, failing");
             $_SESSION["error"]["form"]["domain_records"] = "failed";
             $this->page = $data['record_custom_page'];
         } else {
             // no errors... set the records to the session
             $_SESSION['form']['domain_records'][$this->obj_domain->id][$data['record_custom_page']] = $data['records'];
         }
     }
     /*
     	Load domain data & records
     */
     $this->num_records_custom_total = $this->obj_domain->data_record_custom_count();
     $this->obj_domain->load_data();
     // if the data is present in the session then it has either changed and is awaiting submission
     // or the user has visited that page before during this edit session
     if (isset($_SESSION['form']['domain_records'][$this->obj_domain->id][$this->page]) && count($_SESSION['form']['domain_records'][$this->obj_domain->id][$this->page])) {
         log_debug("execute", 'Loading records from session as previous load or edit detected');
         $this->obj_domain->data['records'] = $_SESSION['form']['domain_records'][$this->obj_domain->id][$this->page];
         /*
         echo '<tr><td colspan="100%">from sesssion<pre>';
         print_R($this->obj_domain->data['records']);
         echo '</td></tr>';
         */
     } else {
         log_debug("execute", 'Loading records from db for page: ' . $this->page);
         $this->obj_domain->load_data_record_custom($this->offset, $GLOBALS["config"]['PAGINATION_DOMAIN_RECORDS']);
         /*
         echo '<tr><td colspan="100%">from db<pre>';
         print_R($this->obj_domain->data['records']);
         echo '</td></tr>';
         */
     }
     // work out the IP for reverse domains
     if (strpos($this->obj_domain->data["domain_name"], "in-addr.arpa")) {
         // IPv4
         $ip = explode(".", $this->obj_domain->data["domain_name"]);
         $this->obj_domain->data["domain_ip_prefix"] = $ip[2] . "." . $ip[1] . "." . $ip[0];
     } elseif (strpos($this->obj_domain->data["domain_name"], "ip6.arpa")) {
         // IPv6
         $ip_reverse = substr($this->obj_domain->data["domain_name"], 0, strlen($this->obj_domain->data["domain_name"]) - 9);
         $ip_array = array();
         $i = 0;
         foreach (array_reverse(explode(".", $ip_reverse)) as $ip) {
             $i++;
             $ip_array[] = $ip;
             if ($i == 4) {
                 $i = 0;
                 $ip_array[] = ":";
             }
         }
         $this->obj_domain->data["domain_ip_prefix"] = implode("", $ip_array);
     }
     /*
     	Define form structure
     */
     $this->obj_form = new form_input();
     $this->obj_form->formname = "domain_records";
     $this->obj_form->language = $_SESSION["user"]["lang"];
     $this->obj_form->action = "domains/records-process.php";
     $this->obj_form->method = "post";
     /*
     	General Domain Info
     */
     $structure = NULL;
     $structure["fieldname"] = "domain_name";
     $structure["type"] = "message";
     $structure["options"]["css_row_class"] = "table_highlight";
     $structure["defaultvalue"] = "<p><b>Domain " . $this->obj_domain->data["domain_name"] . " selected for adjustment</b></p>";
     $this->obj_form->add_input($structure);
     /*
     	Define stucture for all other record types
     
     	This includes A, AAAA, PTR and other record types.
     */
     // fetch all the known record types from the database
     $dns_record_types = sql_get_singlecol("SELECT type as value FROM `dns_record_types` WHERE user_selectable='1'");
     // unless there has been error data returned, fetch all the records
     // and work out the number of rows
     if (!isset($_SESSION["error"]["form"][$this->obj_form->formname])) {
         $this->num_records_custom = 1;
         foreach ($this->obj_domain->data["records"] as $record) {
             if (in_array($record["type"], $dns_record_types)) {
                 $this->num_records_custom++;
             }
         }
     } else {
         $this->num_records_custom = @security_script_input('/^[0-9]*$/', $_SESSION["error"]["num_records_custom"]);
     }
     // ensure there are at least two rows, if more are needed when entering information,
     // then the javascript functions will provide.
     if ($this->num_records_custom < 2) {
         $this->num_records_custom = 2;
     }
     // custom domain records
     for ($i = 0; $i < $this->num_records_custom; $i++) {
         // values
         $structure = NULL;
         $structure["fieldname"] = "record_custom_" . $i . "_id";
         $structure["type"] = "hidden";
         $this->obj_form->add_input($structure);
         if (strpos($this->obj_domain->data["domain_name"], "arpa")) {
             $structure = NULL;
             $structure["fieldname"] = "record_custom_" . $i . "_type";
             $structure["type"] = "text";
             $structure["defaultvalue"] = "PTR";
             $this->obj_form->add_input($structure);
         } else {
             $structure = form_helper_prepare_dropdownfromdb("record_custom_" . $i . "_type", "SELECT type as label, type as id FROM `dns_record_types` WHERE user_selectable='1' AND is_standard='1'");
             $structure["defaultvalue"] = "A";
             $structure["options"]["width"] = "100";
             $this->obj_form->add_input($structure);
         }
         $structure = NULL;
         $structure["fieldname"] = "record_custom_" . $i . "_name";
         $structure["type"] = "input";
         if (strpos($this->obj_domain->data["domain_name"], "in-addr.arpa")) {
             $structure["options"]["width"] = "50";
             $structure["options"]["max_length"] = "3";
             $structure["options"]["prelabel"] = $this->obj_domain->data["domain_ip_prefix"] . ". ";
             $structure["options"]["help"] = "?";
         } elseif (strpos($this->obj_domain->data["domain_name"], "ip6.arpa")) {
             $structure["options"]["width"] = "300";
             $structure["options"]["prelabel"] = " ";
             $structure["options"]["help"] = $this->obj_domain->data["domain_ip_prefix"] . "....";
             $structure["options"]["autofill"] = $this->obj_domain->data["domain_ip_prefix"];
         } else {
             $structure["options"]["width"] = "300";
             $structure["options"]["help"] = "Record name, eg www";
         }
         $this->obj_form->add_input($structure);
         $structure = NULL;
         $structure["fieldname"] = "record_custom_" . $i . "_content";
         $structure["type"] = "input";
         $structure["options"]["width"] = "300";
         if (strpos($this->obj_domain->data["domain_name"], "arpa")) {
             // both IPv4 and IPv6
             $structure["options"]["help"] = "Reverse record name, eg www.example.com";
         } else {
             $structure["options"]["help"] = "Target IP, eg 192.168.0.1";
         }
         $this->obj_form->add_input($structure);
         $structure = NULL;
         $structure["fieldname"] = "record_custom_" . $i . "_ttl";
         $structure["type"] = "input";
         $structure["options"]["width"] = "80";
         $structure["defaultvalue"] = $this->obj_domain->data["soa_default_ttl"];
         $this->obj_form->add_input($structure);
         $structure = NULL;
         $structure["fieldname"] = "record_custom_" . $i . "_delete_undo";
         $structure["type"] = "hidden";
         $structure["defaultvalue"] = "false";
         $this->obj_form->add_input($structure);
         if (!strpos($this->obj_domain->data["domain_name"], "arpa")) {
             $structure = NULL;
             $structure["fieldname"] = "record_custom_" . $i . "_reverse_ptr";
             $structure["type"] = "checkbox";
             $structure["options"]["label"] = "";
             $this->obj_form->add_input($structure);
             $structure = NULL;
             $structure["fieldname"] = "record_custom_" . $i . "_reverse_ptr_orig";
             $structure["type"] = "hidden";
             $this->obj_form->add_input($structure);
         }
     }
     // load in what data we have
     //disable invalid fields
     $i = 0;
     foreach ($this->obj_domain->data["records"] as $record) {
         if (in_array($record["type"], $dns_record_types)) {
             // special ID rules
             if ($record["id"]) {
                 $this->obj_form->structure["record_custom_" . $i . "_id"]["defaultvalue"] = $record["id"];
             } else {
                 $this->obj_form->structure["record_custom_" . $i . "_id"]["defaultvalue"] = $record["id_record"];
             }
             // fetch data
             $this->obj_form->structure["record_custom_" . $i . "_type"]["defaultvalue"] = $record["type"];
             $this->obj_form->structure["record_custom_" . $i . "_prio"]["defaultvalue"] = $record["prio"];
             $this->obj_form->structure["record_custom_" . $i . "_name"]["defaultvalue"] = $record["name"];
             $this->obj_form->structure["record_custom_" . $i . "_content"]["defaultvalue"] = $record["content"];
             $this->obj_form->structure["record_custom_" . $i . "_ttl"]["defaultvalue"] = $record["ttl"];
             if ($record["type"] == "CNAME") {
                 // disable inappropate values for CNAME fields
                 $this->obj_form->structure["record_custom_" . $i . "_reverse_ptr"]["options"]["disabled"] = "yes";
                 $this->obj_form->structure["record_custom_" . $i . "_reverse_ptr_orig"]["options"]["disabled"] = "yes";
             } elseif ($record["type"] == "PTR") {
                 if (strpos($this->obj_domain->data["domain_name"], "ip6.arpa")) {
                     // IPv6 PTR records are in ARPA format, we should convert it to something human readable
                     $this->obj_form->structure["record_custom_" . $i . "_name"]["defaultvalue"] = ipv6_convert_fromarpa($record["name"]);
                 }
             } elseif ($record["type"] != "PTR") {
                 if ($record["type"] == "A" || $record["type"] == "AAAA") {
                     // check if this record has a reverse PTR value
                     $obj_ptr = new domain_records();
                     $obj_ptr->find_reverse_domain($record["content"]);
                     if ($obj_ptr->id_record) {
                         $obj_ptr->load_data_record();
                         if ($record["name"] == "@" || $record["name"] == "*" || preg_match("/^\\*\\.[A-Za-z0-9:._-]+\$/", $record["name"])) {
                             $record["name"] = $this->obj_domain->data["domain_name"];
                         }
                         if ($obj_ptr->data_record["content"] == $record["name"] || $obj_ptr->data_record["content"] == $record["name"] . "." . $this->obj_domain->data["domain_name"]) {
                             $this->obj_form->structure["record_custom_" . $i . "_reverse_ptr"]["defaultvalue"] = "on";
                             $this->obj_form->structure["record_custom_" . $i . "_reverse_ptr_orig"]["defaultvalue"] = "on";
                         }
                     }
                     unset($obj_ptr);
                 } else {
                     // reverse PTR not valid for this record type
                     $this->obj_form->structure["record_custom_" . $i . "_reverse_ptr"]["options"]["disabled"] = "yes";
                 }
             }
             $i++;
         }
     }
     // hidden
     $structure = NULL;
     $structure["fieldname"] = "id_domain";
     $structure["type"] = "hidden";
     $structure["defaultvalue"] = $this->obj_domain->id;
     $this->obj_form->add_input($structure);
     $structure = NULL;
     $structure["fieldname"] = "record_custom_page";
     $structure["type"] = "hidden";
     $structure["defaultvalue"] = "{$this->page}";
     $this->obj_form->add_input($structure);
     $structure = NULL;
     $structure["fieldname"] = "num_records_custom";
     $structure["type"] = "hidden";
     $structure["defaultvalue"] = "{$this->num_records_custom}";
     $this->obj_form->add_input($structure);
     // a record that can be set to determine the form status for final submit
     $structure = NULL;
     $structure["fieldname"] = "record_custom_status";
     $structure["type"] = "hidden";
     // fetch data in event of an error
     if (error_check()) {
         $this->obj_form->load_data_error();
         $structure["defaultvalue"] = "0";
     } else {
         $structure["defaultvalue"] = "1";
     }
     $this->obj_form->add_input($structure);
 }
/*
	admin/config_integration-process.php
	
	Access: admin only

	Enables/disables/configures integration modules and features.
*/
// includes
include_once "../include/config.php";
include_once "../include/amberphplib/main.php";
if (user_permissions_get("admin")) {
    /*
    	Load Data
    */
    $data["MODULE_CUSTOMER_PORTAL"] = @security_form_input_predefined("checkbox", "MODULE_CUSTOMER_PORTAL", 0, "");
    if ($data["MODULE_CUSTOMER_PORTAL"]) {
        $data["MODULE_CUSTOMER_PORTAL"] = "enabled";
    } else {
        $data["MODULE_CUSTOMER_PORTAL"] = "disabled";
    }
    /*
    	Process Errors
    */
    if (error_check()) {
        $_SESSION["error"]["form"]["config_integration"] = "failed";
        header("Location: ../index.php?page=admin/config_integration.php");
        exit(0);
    } else {
        $_SESSION["error"] = array();
        /*
Ejemplo n.º 19
0
*/
// includes
require "../include/config.php";
require "../include/amberphplib/main.php";
require "../include/application/main.php";
if (user_permissions_get('namedadmins')) {
    /*
    	Form Input
    */
    $obj_name_server_group = new name_server_group();
    $obj_name_server_group->id = security_form_input_predefined("int", "id_name_server_group", 0, "");
    // for error return if needed
    @security_form_input_predefined("any", "group_name", 1, "");
    @security_form_input_predefined("any", "group_description", 0, "");
    // confirm deletion
    @security_form_input_predefined("any", "delete_confirm", 1, "You must confirm the deletion");
    /*
    	Verify Data
    */
    // verify the selected server exists
    if (!$obj_name_server_group->verify_id()) {
        log_write("error", "process", "The server group you have attempted to delete - " . $obj_name_server_group->id . " - does not exist in this system.");
    }
    // make sure the group is empty
    if (!$obj_name_server_group->verify_empty()) {
        log_write("error", "process", "The requested server group (" . $obj_name_server_group->id . ") is not empty, thus cannot be deleted. Make sure all members are assigned elsewhere first.");
        return 0;
    }
    /*
    	Process Data
    */
Ejemplo n.º 20
0
 $obj_domain->data["soa_serial"] = security_form_input_predefined("int", "soa_serial", 1, "");
 $obj_domain->data["soa_refresh"] = security_form_input_predefined("int", "soa_refresh", 1, "");
 $obj_domain->data["soa_retry"] = security_form_input_predefined("int", "soa_retry", 1, "");
 $obj_domain->data["soa_expire"] = security_form_input_predefined("int", "soa_expire", 1, "");
 $obj_domain->data["soa_default_ttl"] = security_form_input_predefined("int", "soa_default_ttl", 1, "");
 // domain-group selection data
 $sql_group_obj = new sql_query();
 $sql_group_obj->string = "SELECT id FROM name_servers_groups";
 $sql_group_obj->execute();
 if ($sql_group_obj->num_rows()) {
     // fetch all the name server groups and see which are selected for this domain
     $sql_group_obj->fetch_array();
     $count = 0;
     foreach ($sql_group_obj->data as $data_group) {
         // set the selection
         $obj_domain->data["name_server_group_" . $data_group["id"]] = @security_form_input_predefined("checkbox", "name_server_group_" . $data_group["id"], 0, "");
         // count selected groups
         if (!empty($obj_domain->data["name_server_group_" . $data_group["id"]])) {
             $count++;
         }
     }
     if (!$count) {
         error_flag_field("domain_message");
         log_write("error", "process", "You must select at least one name server group for the domain to belong to.");
     }
 }
 /*
 	Verify Data
 */
 if (!$obj_domain->verify_domain_name()) {
     if (isset($obj_domain->data["ipv4_network"])) {
     //determine to and from account
     $transferto = @security_form_input_predefined("int", $name . "-transferto", 1, "");
     $transferfrom = @security_form_input_predefined("int", $name . "-transferfrom", 1, "");
     $account['origin'] = $transferto;
     $account['destination'] = $transferfrom;
 } else {
     if ($type == "bank_fee") {
         //determine expense and asset account
         $bankfeeexpense = @security_form_input_predefined("int", $name . "-bankfeesexpense", 1, "");
         $bankfeeasset = @security_form_input_predefined("int", $name . "-bankfeesasset", 1, "");
         $account['origin'] = $bankfeeasset;
         $account['destination'] = $bankfeeexpense;
     } else {
         //determine asset, expense, and income account
         $interestasset = @security_form_input_predefined("int", $name . "-interestasset", 1, "");
         $interestincome = @security_form_input_predefined("int", $name . "-interestincome", 1, "");
         $account['origin'] = $interestincome;
         $account['destination'] = $interestasset;
     }
 }
 if ($amount < 0) {
     $data["amount"] = $amount * -1;
 } else {
     $data["amount"] = $amount;
 }
 if ($type == "transfer") {
     // TODO: ? Is something needed here?
 }
 $obj_gl->data["code_gl"] = "";
 $obj_gl->data["date_trans"] = $date;
 $obj_gl->data["employeeid"] = $employeeid;
include_once "../include/config.php";
include_once "../include/amberphplib/main.php";
if (user_permissions_get("admin")) {
    /*
    	Load Data
    */
    $data["THEME_DEFAULT"] = @security_form_input_predefined("any", "THEME_DEFAULT", 1, "");
    $data["TABLE_LIMIT"] = @security_form_input_predefined("int", "TABLE_LIMIT", 1, "");
    $data["LANGUAGE_DEFAULT"] = @security_form_input_predefined("any", "LANGUAGE_DEFAULT", 1, "");
    $data["DATEFORMAT"] = @security_form_input_predefined("any", "DATEFORMAT", 1, "");
    $data["TIMEZONE_DEFAULT"] = @security_form_input_predefined("any", "TIMEZONE_DEFAULT", 1, "");
    $data["CURRENCY_DEFAULT_NAME"] = @security_form_input_predefined("any", "CURRENCY_DEFAULT_NAME", 1, "");
    $data["CURRENCY_DEFAULT_SYMBOL"] = @security_form_input_predefined("any", "CURRENCY_DEFAULT_SYMBOL", 1, "");
    $data["CURRENCY_DEFAULT_SYMBOL_POSITION"] = @security_form_input_predefined("any", "CURRENCY_DEFAULT_SYMBOL_POSITION", 1, "");
    $data["CURRENCY_DEFAULT_THOUSANDS_SEPARATOR"] = @security_form_input_predefined("any", "CURRENCY_DEFAULT_THOUSANDS_SEPARATOR", 1, "");
    $data["CURRENCY_DEFAULT_DECIMAL_SEPARATOR"] = @security_form_input_predefined("any", "CURRENCY_DEFAULT_DECIMAL_SEPARATOR", 1, "");
    /*
    	Check that decimal and thousands separators are different
    */
    if ($data["CURRENCY_DEFAULT_THOUSANDS_SEPARATOR"] == $data["CURRENCY_DEFAULT_DECIMAL_SEPARATOR"]) {
        error_flag_field("CURRENCY_DEFAULT_THOUSANDS_SEPARATOR");
        error_flag_field("CURRENCY_DEFAULT_DECIMAL_SEPARATOR");
        log_write("error", "page_output", "Thousands and decimal separators must be different.");
    }
    /*
    	Process Errors
    */
    if (error_check()) {
        $_SESSION["error"]["form"]["config_locale"] = "failed";
        header("Location: ../index.php?page=admin/config_locale.php");
        exit(0);
Ejemplo n.º 23
0
include_once "../include/hr/inc_staff.php";
if (user_permissions_get('staff_write')) {
    // create object
    $obj_employee = new hr_staff();
    /*
    	Load POST data
    */
    $obj_employee->id = @security_form_input_predefined("int", "id_staff", 0, "");
    $obj_employee->data["name_staff"] = @security_form_input_predefined("any", "name_staff", 1, "");
    $obj_employee->data["staff_code"] = @security_form_input_predefined("any", "staff_code", 0, "");
    $obj_employee->data["staff_position"] = @security_form_input_predefined("any", "staff_position", 0, "");
    $obj_employee->data["contact_phone"] = @security_form_input_predefined("any", "contact_phone", 0, "");
    $obj_employee->data["contact_fax"] = @security_form_input_predefined("any", "contact_fax", 0, "");
    $obj_employee->data["contact_email"] = @security_form_input_predefined("email", "contact_email", 0, "");
    $obj_employee->data["date_start"] = @security_form_input_predefined("date", "date_start", 1, "");
    $obj_employee->data["date_end"] = @security_form_input_predefined("date", "date_end", 0, "");
    /*
    	Error Handling
    */
    // verify employee ID
    if ($obj_employee->id) {
        if (!$obj_employee->verify_id()) {
            log_write("error", "staff-edit-process", "The employee you have attempted to edit - " . $obj_employee->id . " - does not exist in this system.");
        }
    }
    // make sure we don't choose a staff name that has already been taken
    if (!$obj_employee->verify_name_staff()) {
        log_write("error", "staff-edit-process", "Another staff member already has this name - please choose a unique name.");
        $_SESSION["error"]["name_staff-error"] = 1;
    }
    if ($obj_employee->data["staff_code"]) {
Ejemplo n.º 24
0
 function process_form_input()
 {
     log_debug("journal_process", "Executing process_form_input()");
     $this->structure["action"] = @security_form_input_predefined("any", "action", 1, "");
     $this->structure["type"] = @security_form_input_predefined("any", "type", 1, "");
     $this->structure["title"] = @security_form_input_predefined("any", "title", 0, "");
     $this->structure["content"] = @security_form_input_predefined("any", "content", 0, "");
     $this->structure["customid"] = @security_form_input_predefined("int", "id_custom", 0, "");
     $this->structure["id"] = @security_form_input_predefined("int", "id_journal", 0, "");
     if ($this->structure["type"] == "text" && $this->structure["action"] != "delete") {
         // need title field for text entries
         if (!$this->structure["title"]) {
             $_SESSION["error"]["message"][] = "You must provide a title";
             $_SESSION["error"]["title-error"] = 1;
         }
         // need content field for text entries
         if (!$this->structure["content"]) {
             $_SESSION["error"]["message"][] = "You must provide some content";
             $_SESSION["error"]["content-error"] = 1;
         }
     }
     // file upload - get the temporary name
     // we still need to security check it, otherwise someone could pull a nasty exploit using a specially name file. :-)
     if ($this->structure["type"] == "file") {
         // a file might not have been uploaded - we want to allow users to be able
         // to change the notes on file uploads, without having to upload the file again.
         if ($_FILES["upload"]["size"] < 1) {
             // nothing has been uploaded
             if (!$this->structure["id"]) {
                 // this is a new upload - a file MUST be provided for the first upload
                 // use the file_storage class to perform error handling.
                 $file_obj = new file_storage();
                 $file_obj->verify_upload_form("upload");
             } else {
                 // no file has been uploaded. We better get the old title so we don't lose it
                 $this->structure["title"] = sql_get_singlevalue("SELECT title as value FROM journal WHERE id='" . $this->structure["id"] . "' LIMIT 1");
             }
         } else {
             // a file has been uploaded - perform verification of the file, if there
             // are any problems, the function will raise errors.
             $file_obj = new file_storage();
             $file_obj->verify_upload_form("upload");
             // set the title of the journal entry to the filename
             $this->structure["title"] = @security_script_input("/^[\\S\\s]*\$/", $_FILES["upload"]["name"]);
         }
     }
 }
function invoice_form_delete_process($type, $returnpage_error, $returnpage_success)
{
    log_debug("inc_invoices_forms", "Executing invoice_form_delete_process({$type}, {$mode}, {$returnpage_error}, {$returnpage_success})");
    $invoice = new invoice();
    $invoice->type = $type;
    /*
    	Import POST Data
    */
    $invoice->id = @security_form_input_predefined("int", "id_invoice", 1, "");
    $data["delete_confirm"] = @security_form_input_predefined("any", "delete_confirm", 1, "You must confirm the deletion");
    // we don't use this value (since we can't trust it) but we need to read it
    // in here to work around a limitation in the Amberphplib framework
    $data["code_invoice"] = @security_form_input_predefined("any", "code_invoice", 1, "");
    /*
    	Error Handling
    */
    // make sure the invoice actually exists
    if (!$invoice->verify_invoice()) {
        log_write("error", "process", "The invoice you have attempted to delete - " . $invoice->id . " - does not exist in this system.");
    }
    // check if invoice is locked or not
    if ($invoice->check_delete_lock()) {
        log_write("error", "process", "The invoice can not be deleted because it is locked.");
    }
    // return to input page in event of an error
    if ($_SESSION["error"]["message"]) {
        $_SESSION["error"]["form"][$type . "_invoice_delete"] = "failed";
        header("Location: ../../index.php?page={$returnpage_error}&id=" . $invoice->id);
        exit(0);
    }
    /*
    	Delete Invoice
    */
    if ($invoice->action_delete()) {
        $_SESSION["notification"]["message"] = array("Invoice has been successfully deleted.");
    } else {
        $_SESSION["error"]["message"][] = "Some problems were experienced while deleting the invoice.";
    }
    // display updated details
    header("Location: ../../index.php?page={$returnpage_success}&id={$id}");
    exit(0);
}
Ejemplo n.º 26
0
function credit_form_lock_process($type, $returnpage_error, $returnpage_success)
{
    log_debug("inc_credits_forms", "Executing credit_form_lock_process({$type}, {$mode}, {$returnpage_error}, {$returnpage_success})");
    $credit = new credit();
    $credit->type = $type;
    /*
    	Import POST Data
    */
    $credit->id = @security_form_input_predefined("int", "id_credit", 1, "");
    $data["lock_credit"] = @security_form_input_predefined("checkbox", "lock_credit", 0, "");
    /*
    	Error Handling
    */
    // make sure the credit actually exists
    if (!$credit->verify_credit()) {
        log_write("error", "process", "The credit note you have attempted to delete - " . $credit->id . " - does not exist in this system.");
    }
    // check if credit is locked or not
    if ($credit->check_lock()) {
        log_write("error", "process", "The credit note can not be locked because it is *already* locked.");
    }
    // check lock
    if (!$data["lock_credit"]) {
        log_write("error", "process", "You must check to confirm the credit note lock.");
    }
    // return to input page in event of an error
    if ($_SESSION["error"]["message"]) {
        $_SESSION["error"]["form"][$type . "_credit_lock"] = "failed";
        header("Location: ../../index.php?page={$returnpage_error}&id=" . $credit->id);
        exit(0);
    }
    /*
    	Lock Credit Note
    */
    $credit->load_data();
    if ($credit->action_lock()) {
        log_write("notification", "process", "The selected credit note has now been locked.");
    } else {
        log_write("error", "process", "An error occured whilst attempting to lock the credit note.");
    }
    // display updated details
    header("Location: ../../index.php?page={$returnpage_success}&id=" . $credit->id);
    exit(0);
}
         foreach ($invoice_data_parts['keys'] as $index => $key) {
             $invoice_data_parts['keys'][$index] = "(" . $key . ")";
         }
         foreach ($invoice_data_parts['values'] as $index => $value) {
             $invoice_data_parts['values'][$index] = trim($value);
         }
         $invoice_data_parts['keys'][] = "(days_overdue)";
         $invoice_data_parts['values'][] = trim($days_overdue);
         //create email message
         $email_message = @security_form_input_predefined("any", "email_message", 0, "");
         $email_message = str_replace($invoice_data_parts['keys'], $invoice_data_parts['values'], $email_message);
         //create subject
         $subject = @security_form_input_predefined("any", "subject", 0, "");
         $subject = str_replace($invoice_data_parts['keys'], $invoice_data_parts['values'], $subject);
         //sender
         $from = @security_form_input_predefined("any", "sender", 0, "");
         if ($from == "user") {
             $from = user_information("contact_email");
         } else {
             $from = sql_get_singlevalue("SELECT value FROM config WHERE name='COMPANY_CONTACT_EMAIL'");
         }
         log_debug("EMAIL", "avout to send" . $i);
         // send email
         $obj_invoice->email_invoice($from, $to, "", "", $subject, $email_message);
         $_SESSION["notification"]["message"][] = "Reminder email for Invoice " . $obj_sql_invoice->data[0]["code_invoice"] . " was sent successfully.";
     }
 }
 //set error messages for emails that couldn't be sent
 for ($i = 0; $i < count($error_array); $i++) {
     $_SESSION["error"]["message"][] = "Reminder for Invoice " . $error_array[$i] . " was not sent as no email is set for the customer's default account.";
 }
 $data["TIMESHEET_LOCK"] = @security_form_input_predefined("int", "TIMESHEET_LOCK", 0, "");
 $data["SESSION_TIMEOUT"] = @security_form_input_predefined("int", "SESSION_TIMEOUT", 1, "");
 $data["BLACKLIST_ENABLE"] = @security_form_input_predefined("any", "BLACKLIST_ENABLE", 0, "");
 $data["BLACKLIST_LIMIT"] = @security_form_input_predefined("int", "BLACKLIST_LIMIT", 1, "");
 $data["UPLOAD_MAXBYTES"] = @security_form_input_predefined("int", "UPLOAD_MAXBYTES", 1, "");
 $data["API_URL"] = @security_form_input_predefined("any", "API_URL", 0, "");
 $data["PHONE_HOME"] = @security_form_input_predefined("any", "PHONE_HOME", 0, "");
 // only fetch dangerous options if support for it is enabled
 if ($GLOBALS["config"]["dangerous_conf_options"] == "enabled") {
     $data["EMAIL_ENABLE"] = @security_form_input_predefined("any", "EMAIL_ENABLE", 0, "");
     $data["PATH_TMPDIR"] = @security_form_input_predefined("any", "PATH_TMPDIR", 1, "");
     $data["DATA_STORAGE_LOCATION"] = @security_form_input_predefined("any", "DATA_STORAGE_LOCATION", 1, "");
     $data["DATA_STORAGE_METHOD"] = @security_form_input_predefined("any", "DATA_STORAGE_METHOD", 1, "");
     $data["APP_PDFLATEX"] = @security_form_input_predefined("any", "APP_PDFLATEX", 1, "");
     $data["APP_WKHTMLTOPDF"] = @security_form_input_predefined("any", "APP_WKHTMLTOPDF", 1, "");
     $data["APP_MYSQL_DUMP"] = @security_form_input_predefined("any", "APP_MYSQL_DUMP", 1, "");
     if ($data["EMAIL_ENABLE"] == "on") {
         $data["EMAIL_ENABLE"] = "enabled";
     } else {
         $data["EMAIL_ENABLE"] = "disabled";
     }
 }
 // modifiy checkbox values
 if ($data["TIMESHEET_BOOKTOFUTURE"] == "on") {
     $data["TIMESHEET_BOOKTOFUTURE"] = "enabled";
 } else {
     $data["TIMESHEET_BOOKTOFUTURE"] = "disabled";
 }
 if ($data["ACCOUNTS_INVOICE_AUTOEMAIL"] == 1) {
     $data["ACCOUNTS_INVOICE_AUTOEMAIL"] = "enabled";
 } else {
Ejemplo n.º 29
0
/*
	projects/phase-edit-process.php

	access: projects_write

	Allows new phases to be added to projects, or existing phases to be modified
*/
// includes
include_once "../include/config.php";
include_once "../include/amberphplib/main.php";
if (user_permissions_get('projects_write')) {
    /////////////////////////
    $projectid = @security_form_input_predefined("int", "projectid", 1, "");
    $phaseid = @security_form_input_predefined("int", "phaseid", 0, "");
    $data["name_phase"] = @security_form_input_predefined("any", "name_phase", 1, "You must set a phase name.");
    $data["description"] = @security_form_input_predefined("any", "description", 0, "");
    //// VERIFY PROJECT/PHASE IDS /////////////
    // check that the specified project actually exists
    $sql_obj = new sql_query();
    $sql_obj->string = "SELECT id FROM `projects` WHERE id='{$projectid}' LIMIT 1";
    $sql_obj->execute();
    if (!$sql_obj->num_rows()) {
        log_write("error", "process", "The project you have attempted to edit - {$projectid} - does not exist in this system.");
    } else {
        if ($phaseid) {
            $mode = "edit";
            // are we editing an existing phase? make sure it exists and belongs to this project
            $sql_obj = new sql_query();
            $sql_obj->string = "SELECT projectid FROM `project_phases` WHERE id='{$phaseid}' LIMIT 1";
            $sql_obj->execute();
            if (!$sql_obj->num_rows()) {
Ejemplo n.º 30
0
         $data["customid"] = @security_form_input_predefined("int", "productid", 1, "");
         $data["description"] = @security_form_input_predefined("any", "description", 0, "");
         $data["price"] = @security_form_input_predefined("money", "price", 0, "");
         $data["discount"] = @security_form_input_predefined("float", "discount", 0, "");
         // options
         $data["quantity"] = @security_form_input_predefined("int", "quantity", 0, "");
         if (!$data["quantity"]) {
             $data["quantity"] = 1;
         }
         // all products must have at least 1
         break;
     case "service":
         $data["customid"] = @security_form_input_predefined("int", "serviceid", 1, "");
         $data["description"] = @security_form_input_predefined("any", "description", 0, "");
         $data["price"] = @security_form_input_predefined("money", "price", 0, "");
         $data["discount"] = @security_form_input_predefined("float", "discount", 0, "");
         $data["quantity"] = 1;
         // all services must have at least 1
         break;
     default:
         // unknown type
         log_write("error", "process", "An unexpected error occured, type value of " . $data["type"] . " is invalid");
         error_flag_field("type");
         break;
 }
 /*
 	Verify Data
 */
 // check that the specified customer actually exists
 if (!$obj_customer->verify_id()) {
     log_write("error", "process", "The customer you have attempted to edit - " . $obj_customer->id . " - does not exist in this system.");