function vtSaveWorkflowTemplate($adb, $request)
{
$util = new VTWorkflowUtils();
$module = new VTWorkflowApplication("savetemplate");
$mod = return_module_language($current_language, $module->name);
if (!$util->checkAdminAccess()) {
$errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NOT_ADMIN']);
$util->redirectTo($errorUrl, $mod['LBL_ERROR_NOT_ADMIN']);
return;
}
$title = vtlib_purifyForSql($request['title']);
$workflowId = $request['workflow_id'];
$wfs = new VTworkflowManager($adb);
$workflow = $wfs->retrieve($workflowId);
$tm = new VTWorkflowTemplateManager($adb);
$tpl = $tm->newTemplate($title, $workflow);
$tm->saveTemplate($tpl);
$returnUrl = vtlib_purify($request['return_url']);
?>
<script type="text/javascript" charset="utf-8">
window.location="<?php
echo $returnUrl;
?>
";
</script>
<a href="<?php
echo $returnUrl;
?>
">Return</a>
<?php
}
function vtSaveTask($adb, $request)
{
$util = new VTWorkflowUtils();
$module = new VTWorkflowApplication("savetask");
$mod = return_module_language($current_language, $module->name);
if (!$util->checkAdminAccess()) {
$errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NOT_ADMIN']);
$util->redirectTo($errorUrl, $mod['LBL_ERROR_NOT_ADMIN']);
return;
}
$tm = new VTTaskManager($adb);
if (isset($request["task_id"])) {
$task = $tm->retrieveTask($request["task_id"]);
} else {
$taskType = vtlib_purifyForSql($request["task_type"]);
$workflowId = $request["workflow_id"];
$task = $tm->createTask($taskType, $workflowId);
}
$task->summary = $request["summary"];
if ($request["active"] == "true") {
$task->active = true;
} else {
if ($request["active"] == "false") {
$task->active = false;
}
}
if (isset($request['check_select_date'])) {
$trigger = array('days' => ($request['select_date_direction'] == 'after' ? 1 : -1) * (int) $request['select_date_days'], 'field' => $request['select_date_field']);
$task->trigger = $trigger;
} else {
$task->trigger = null;
}
$fieldNames = $task->getFieldNames();
foreach ($fieldNames as $fieldName) {
$task->{$fieldName} = $request[$fieldName];
if ($fieldName == 'calendar_repeat_limit_date') {
$task->{$fieldName} = DateTimeField::convertToDBFormat($request[$fieldName]);
}
}
$tm->saveTask($task);
if (isset(vtlib_purify($request["return_url"]))) {
$returnUrl = vtlib_purify($request["return_url"]);
} else {
$returnUrl = $module->editTaskUrl($task->id);
}
?>
<script type="text/javascript" charset="utf-8">
window.location="<?php
echo $returnUrl;
?>
";
</script>
<a href="<?php
echo $returnUrl;
?>
">Return</a>
<?php
}
/** function used to get the picklist values
* @param array $input_array - array which contains the following values
=> int $id - customer ie., contact id
int $sessionid - session id
string $picklist_name - picklist name you want to retrieve from database
* return array $picklist_array - all values of the corresponding picklist will be returned as a array
*/
function get_picklists($input_array)
{
$adb = PearDatabase::getInstance();
$log = vglobal('log');
$log->debug("Entering customer portal function get_picklists");
$adb->println("INPUT ARRAY for the function get_picklists");
$adb->println($input_array);
//To avoid SQL injection we are type casting as well as bound the id variable
$id = (int) vtlib_purify($input_array['id']);
$sessionid = $input_array['sessionid'];
//To avoid SQL injection.
$picklist_name = vtlib_purifyForSql($input_array['picklist_name']);
if (empty($picklist_name)) {
return null;
}
if (!validateSession($id, $sessionid)) {
return null;
}
$picklist_array = array();
$admin_role = 'H2';
$userid = getPortalUserid();
$roleres = $adb->pquery("SELECT roleid from vtiger_user2role where userid = ?", array($userid));
$RowCount = $adb->num_rows($roleres);
if ($RowCount > 0) {
$admin_role = $adb->query_result($roleres, 0, 'roleid');
}
$res = $adb->pquery("select vtiger_" . $picklist_name . ".* from vtiger_" . $picklist_name . " inner join vtiger_role2picklist on vtiger_role2picklist.picklistvalueid = vtiger_" . $picklist_name . ".picklist_valueid and vtiger_role2picklist.roleid='{$admin_role}'", array());
for ($i = 0; $i < $adb->num_rows($res); $i++) {
$picklist_val = $adb->query_result($res, $i, $picklist_name);
$picklist_array[$i] = $picklist_val;
}
$adb->println($picklist_array);
$log->debug("Exiting customer portal function get_picklists({$picklist_name})");
return $picklist_array;
}
function vtTaskEdit($adb, $request, $current_language, $app_strings)
{
global $theme;
$util = new VTWorkflowUtils();
$request = vtlib_purify($request);
// this cleans all values of the array
$image_path = "themes/{$theme}/images/";
$module = new VTWorkflowApplication('edittask');
$mod = return_module_language($current_language, $module->name);
if (!$util->checkAdminAccess()) {
$errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NOT_ADMIN']);
$util->redirectTo($errorUrl, $mod['LBL_ERROR_NOT_ADMIN']);
return;
}
$smarty = new vtigerCRM_Smarty();
$tm = new VTTaskManager($adb);
$smarty->assign('edit', isset($request["task_id"]));
if (isset($request["task_id"])) {
$task = $tm->retrieveTask($request["task_id"]);
$taskClass = get_class($task);
$workflowId = $task->workflowId;
} else {
$workflowId = $request["workflow_id"];
$taskClass = vtlib_purifyForSql($request["task_type"]);
$task = $tm->createTask($taskClass, $workflowId);
}
if ($task == null) {
$errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NO_TASK']);
$util->redirectTo($errorUrl, $mod['LBL_ERROR_NO_TASK']);
return;
}
$wm = new VTWorkflowManager($adb);
$workflow = $wm->retrieve($workflowId);
if ($workflow == null) {
$errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NO_WORKFLOW']);
$util->redirectTo($errorUrl, $mod['LBL_ERROR_NO_WORKFLOW']);
return;
}
$smarty->assign("workflow", $workflow);
$smarty->assign("returnUrl", $request["return_url"]);
$smarty->assign("task", $task);
$smarty->assign("taskType", $taskClass);
$smarty->assign("saveType", $request['save_type']);
$taskTypeInstance = VTTaskType::getInstanceFromTaskType($taskClass);
$taskTemplateClass = $tm->retrieveTemplatePath($module->name, $taskTypeInstance);
$smarty->assign("taskTemplate", $taskTemplateClass);
$et = VTWSEntityType::usingGlobalCurrentUser($workflow->moduleName);
$smarty->assign("entityType", $et);
$smarty->assign('entityName', $workflow->moduleName);
$smarty->assign("fieldNames", $et->getFieldNames());
$repeat_date = $task->calendar_repeat_limit_date;
if (!empty($repeat_date)) {
$repeat_date = DateTimeField::convertToUserFormat($repeat_date);
}
$smarty->assign('REPEAT_DATE', $repeat_date);
$dateFields = array();
$fieldTypes = $et->getFieldTypes();
$fieldLabels = $et->getFieldLabels();
foreach ($fieldTypes as $name => $type) {
if ($type->type == 'Date' || $type->type == 'DateTime') {
$dateFields[$name] = $fieldLabels[$name];
}
}
$smarty->assign('dateFields', $dateFields);
if ($task->trigger != null) {
$trigger = $task->trigger;
$days = $trigger['days'];
if ($days < 0) {
$days *= -1;
$direction = 'before';
} else {
$direction = 'after';
}
$smarty->assign('trigger', array('days' => $days, 'direction' => $direction, 'field' => $trigger['field']));
}
$metaVariables = $task->getMetaVariables();
$date = new DateTimeField(null);
$time = substr($date->getDisplayTime(), 0, 5);
$smarty->assign("META_VARIABLES", $metaVariables);
$smarty->assign("SYSTEM_TIMEZONE", $db_timezone);
$smarty->assign("USER_TIME", $task->formatTimeForTimePicker($time));
$smarty->assign("USER_DATE", $date->getDisplayDate());
$smarty->assign("MOD", array_merge(return_module_language($current_language, 'Settings'), return_module_language($current_language, 'Calendar'), return_module_language($current_language, $module->name)));
$smarty->assign("APP", $app_strings);
$smarty->assign("dateFormat", parse_calendardate($app_strings['NTC_DATE_FORMAT']));
$smarty->assign("IMAGE_PATH", $image_path);
$smarty->assign("THEME", $theme);
$smarty->assign("MODULE_NAME", $module->label);
$smarty->assign("PAGE_NAME", $mod['LBL_EDIT_TASK']);
$smarty->assign("PAGE_TITLE", $mod['LBL_EDIT_TASK_TITLE']);
$users = $group = array();
$users['user'] = get_user_array();
$users['group'] = get_group_array();
$smarty->assign('ASSIGNED_TO', $users);
$smarty->assign("module", $module);
$smarty->display("{$module->name}/EditTask.tpl");
}
/**
* Function to validate the input with given pattern.
* @param <String> $string
* @param <Boolean> $skipEmpty Skip the check if string is empty.
* @return <String>
* @throws AppException
*/
public static function validateStringForSql($string, $skipEmpty=true) {
if (vtlib_purifyForSql($string, $skipEmpty)) {
return $string;
}
return false;
}
/**
* Function returns the id of the User selected by current user in the picklist of the ListView or Calendar view of Current User
* return String - Id of the user that the current user has selected
*/
function calendarview_getSelectedUserId()
{
global $current_user, $default_charset;
$only_for_user = htmlspecialchars(strip_tags(vtlib_purifyForSql($_REQUEST['onlyforuser'])), ENT_QUOTES, $default_charset);
if ($only_for_user == '') {
$only_for_user = $current_user->id;
}
return $only_for_user;
}
function AddEmailAttachment($emailid, $filedata, $filename, $filesize, $filetype, $username, $session)
{
if (!validateSession($username, $session)) {
return null;
}
if (empty($emailid)) {
return null;
}
global $adb;
require_once 'modules/Users/Users.php';
require_once 'include/utils/utils.php';
$filename = vtlib_purifyForSql(sanitizeUploadFileName(str_replace('..', '_', $filename), $upload_badext));
// Avoid relative file path attacks.
$date_var = date('Y-m-d H:i:s');
$seed_user = new Users();
$user_id = $seed_user->retrieve_user_id($username);
$crmid = $adb->getUniqueID("vtiger_crmentity");
$upload_file_path = decideFilePath();
$handle = fopen($upload_file_path . $crmid . "_" . $filename, "wb");
fwrite($handle, base64_decode($filedata), $filesize);
fclose($handle);
$sql1 = "insert into vtiger_crmentity (crmid,smcreatorid,smownerid,setype,description,createdtime,modifiedtime) values (?,?,?,?,?,?,?)";
$params1 = array($crmid, $user_id, $user_id, 'Emails Attachment', ' ', $adb->formatDate($date_var, true), $adb->formatDate($date_var, true));
$entityresult = $adb->pquery($sql1, $params1);
$filetype = "application/octet-stream";
if ($entityresult != false) {
$sql2 = "insert into vtiger_attachments(attachmentsid, name, description, type, path) values (?,?,?,?,?)";
$params2 = array($crmid, $filename, ' ', $filetype, $upload_file_path);
$result = $adb->pquery($sql2, $params2);
$sql3 = 'insert into vtiger_seattachmentsrel values(?,?)';
$adb->pquery($sql3, array($emailid, $crmid));
return $crmid;
} else {
//$server->setError("Invalid username and/or password");
return "";
}
}