function service_form_plan_process() { log_debug("inc_services_process", "Executing service_form_plan_process()"); /* Fetch all form data */ $id = @security_form_input_predefined("int", "id_service", 1, ""); // general details $data["price"] = @security_form_input_predefined("money", "price", 0, ""); $data["price_setup"] = @security_form_input_predefined("money", "price_setup", 0, ""); $data["discount"] = @security_form_input_predefined("float", "discount", 0, ""); $data["billing_cycle"] = @security_form_input_predefined("int", "billing_cycle", 1, ""); $data["billing_mode"] = @security_form_input_predefined("int", "billing_mode", 1, ""); // needed to handle errors, but not used $data["name_service"] = @security_form_input_predefined("any", "name_service", 0, ""); // make sure that the service actually exists $sql_plan_obj = new sql_query(); $sql_plan_obj->string = "SELECT services.typeid, service_types.name FROM services LEFT JOIN service_types ON service_types.id = services.typeid WHERE services.id='{$id}' LIMIT 1"; $sql_plan_obj->execute(); if (!$sql_plan_obj->num_rows()) { $_SESSION["error"]["message"][] = "The service you have attempted to edit - {$id} - does not exist in this system."; } else { $sql_plan_obj->fetch_array(); } // fetch fields depending on the service type switch ($sql_plan_obj->data[0]["name"]) { case "generic_with_usage": $data["units"] = @security_form_input_predefined("any", "units", 1, ""); $data["included_units"] = @security_form_input_predefined("int", "included_units", 0, ""); $data["price_extraunits"] = @security_form_input_predefined("money", "price_extraunits", 0, ""); $data["usage_mode"] = @security_form_input_predefined("int", "usage_mode", 1, ""); $data["alert_80pc"] = @security_form_input_predefined("any", "alert_80pc", 0, ""); $data["alert_100pc"] = @security_form_input_predefined("any", "alert_100pc", 0, ""); $data["alert_extraunits"] = @security_form_input_predefined("any", "alert_extraunits", 0, ""); break; case "licenses": $data["units"] = @security_form_input_predefined("any", "units", 1, ""); $data["included_units"] = @security_form_input_predefined("int", "included_units", 0, ""); $data["price_extraunits"] = @security_form_input_predefined("money", "price_extraunits", 0, ""); break; case "time": $data["units"] = @security_form_input_predefined("int", "units", 1, ""); $data["included_units"] = @security_form_input_predefined("int", "included_units", 0, ""); $data["price_extraunits"] = @security_form_input_predefined("money", "price_extraunits", 0, ""); // force data usage/time to be incrementing $data["usage_mode"] = sql_get_singlevalue("SELECT id as value FROM service_usage_modes WHERE name='incrementing' LIMIT 1"); $data["alert_80pc"] = @security_form_input_predefined("any", "alert_80pc", 0, ""); $data["alert_100pc"] = @security_form_input_predefined("any", "alert_100pc", 0, ""); $data["alert_extraunits"] = @security_form_input_predefined("any", "alert_extraunits", 0, ""); break; case "data_traffic": // general data traffic options $data["units"] = @security_form_input_predefined("int", "units", 1, ""); // force data usage/time to be incrementing $data["usage_mode"] = sql_get_singlevalue("SELECT id as value FROM service_usage_modes WHERE name='incrementing' LIMIT 1"); // loop through all the traffic types $data["data_traffic_caps"] = array(); $obj_sql_traffic_types = new sql_query(); $obj_sql_traffic_types->string = "SELECT id FROM traffic_types"; $obj_sql_traffic_types->execute(); $obj_sql_traffic_types->num_rows(); // will always be at least one, need for loop for ($i = 0; $i < $obj_sql_traffic_types->data_num_rows; $i++) { $cap = array(); if (@security_form_input_predefined("checkbox", "traffic_cap_" . $i . "_active", 0, "") || $_POST["traffic_cap_" . $i . "_id"] == "1") { // fetch traffic cap details $cap["id_traffic_type"] = @security_form_input_predefined("int", "traffic_cap_" . $i . "_id", 1, ""); $cap["name"] = @security_form_input_predefined("any", "traffic_cap_" . $i . "_name", 0, ""); $cap["mode"] = @security_form_input_predefined("any", "traffic_cap_" . $i . "_mode", 0, ""); $cap["units_included"] = @security_form_input_predefined("int", "traffic_cap_" . $i . "_units_included", 0, ""); $cap["units_price"] = @security_form_input_predefined("money", "traffic_cap_" . $i . "_units_price", 0, ""); // additional checks if ($cap["mode"] != "unlimited" && $cap["mode"] != "capped") { log_write("error", "inc_services_process", "A data type must either be disabled or marked as capped vs unlimited"); error_flag_field("traffic_cap_" . $i); } $data["data_traffic_caps"][] = $cap; } } unset($obj_sql_traffic_types); // alert configuration $data["alert_80pc"] = @security_form_input_predefined("any", "alert_80pc", 0, ""); $data["alert_100pc"] = @security_form_input_predefined("any", "alert_100pc", 0, ""); $data["alert_extraunits"] = @security_form_input_predefined("any", "alert_extraunits", 0, ""); break; case "phone_single": $data["id_rate_table"] = @security_form_input_predefined("int", "id_rate_table", 1, ""); break; case "phone_tollfree": $data["id_rate_table"] = @security_form_input_predefined("int", "id_rate_table", 1, ""); $data["phone_trunk_included_units"] = @security_form_input_predefined("int", "phone_trunk_included_units", 1, ""); $data["phone_trunk_price_extra_units"] = @security_form_input_predefined("money", "phone_trunk_price_extra_units", 0, ""); break; case "phone_trunk": $data["id_rate_table"] = @security_form_input_predefined("int", "id_rate_table", 1, ""); $data["phone_ddi_included_units"] = @security_form_input_predefined("int", "phone_ddi_included_units", 1, ""); $data["phone_ddi_price_extra_units"] = @security_form_input_predefined("money", "phone_ddi_price_extra_units", 0, ""); $data["phone_trunk_included_units"] = @security_form_input_predefined("int", "phone_trunk_included_units", 1, ""); $data["phone_trunk_price_extra_units"] = @security_form_input_predefined("money", "phone_trunk_price_extra_units", 0, ""); break; } // convert checkbox input if ($data["alert_80pc"]) { $data["alert_80pc"] = 1; } if ($data["alert_100pc"]) { $data["alert_100pc"] = 1; } //// ERROR CHECKING /////////////////////// /// if there was an error, go back to the entry page if ($_SESSION["error"]["message"]) { $_SESSION["error"]["form"]["service_plan"] = "failed"; header("Location: ../index.php?page=services/plan.php&id={$id}"); exit(0); } else { /* Begin Transaction */ $sql_obj = new sql_query(); $sql_obj->trans_begin(); /* Update plan details */ $sql_obj = new sql_query(); switch ($sql_plan_obj->data[0]["name"]) { case "time": $sql_obj->string = "UPDATE services SET " . "active='1', " . "price='" . $data["price"] . "', " . "price_setup='" . $data["price_setup"] . "', " . "discount='" . $data["discount"] . "', " . "units='" . $data["units"] . "', " . "price_extraunits='" . $data["price_extraunits"] . "', " . "included_units='" . $data["included_units"] . "', " . "billing_cycle='" . $data["billing_cycle"] . "', " . "billing_mode='" . $data["billing_mode"] . "', " . "usage_mode='" . $data["usage_mode"] . "', " . "alert_80pc='" . $data["alert_80pc"] . "', " . "alert_100pc='" . $data["alert_100pc"] . "', " . "alert_extraunits='" . $data["alert_extraunits"] . "' " . "WHERE id='{$id}'"; $sql_obj->execute(); break; case "data_traffic": // update service plan $sql_obj->string = "UPDATE services SET " . "active='1', " . "price='" . $data["price"] . "', " . "price_setup='" . $data["price_setup"] . "', " . "discount='" . $data["discount"] . "', " . "units='" . $data["units"] . "', " . "billing_cycle='" . $data["billing_cycle"] . "', " . "billing_mode='" . $data["billing_mode"] . "', " . "usage_mode='" . $data["usage_mode"] . "', " . "alert_80pc='" . $data["alert_80pc"] . "', " . "alert_100pc='" . $data["alert_100pc"] . "', " . "alert_extraunits='" . $data["alert_extraunits"] . "' " . "WHERE id='{$id}'"; $sql_obj->execute(); // delete existing service traffic caps $sql_obj->string = "DELETE FROM traffic_caps WHERE id_service='{$id}'"; $sql_obj->execute(); // update service traffic caps foreach ($data["data_traffic_caps"] as $cap) { // add each traffic cap $sql_obj->string = "INSERT INTO traffic_caps (id_service, id_traffic_type, mode, units_price, units_included) VALUES ('{$id}', '" . $cap["id_traffic_type"] . "', '" . $cap["mode"] . "', '" . $cap["units_price"] . "', '" . $cap["units_included"] . "')"; $sql_obj->execute(); } break; case "generic_with_usage": $sql_obj->string = "UPDATE services SET " . "active='1', " . "price='" . $data["price"] . "', " . "price_setup='" . $data["price_setup"] . "', " . "discount='" . $data["discount"] . "', " . "units='" . $data["units"] . "', " . "price_extraunits='" . $data["price_extraunits"] . "', " . "included_units='" . $data["included_units"] . "', " . "billing_cycle='" . $data["billing_cycle"] . "', " . "billing_mode='" . $data["billing_mode"] . "', " . "usage_mode='" . $data["usage_mode"] . "', " . "alert_80pc='" . $data["alert_80pc"] . "', " . "alert_100pc='" . $data["alert_100pc"] . "', " . "alert_extraunits='" . $data["alert_extraunits"] . "' " . "WHERE id='{$id}'"; $sql_obj->execute(); break; case "licenses": $sql_obj->string = "UPDATE services SET " . "active='1', " . "price='" . $data["price"] . "', " . "price_setup='" . $data["price_setup"] . "', " . "discount='" . $data["discount"] . "', " . "units='" . $data["units"] . "', " . "price_extraunits='" . $data["price_extraunits"] . "', " . "included_units='" . $data["included_units"] . "', " . "billing_cycle='" . $data["billing_cycle"] . "', " . "billing_mode='" . $data["billing_mode"] . "' " . "WHERE id='{$id}'"; $sql_obj->execute(); break; case "phone_single": $sql_obj->string = "UPDATE services SET " . "active='1', " . "price='" . $data["price"] . "', " . "price_setup='" . $data["price_setup"] . "', " . "discount='" . $data["discount"] . "', " . "billing_cycle='" . $data["billing_cycle"] . "', " . "billing_mode='" . $data["billing_mode"] . "', " . "id_rate_table='" . $data["id_rate_table"] . "' " . "WHERE id='{$id}'"; $sql_obj->execute(); break; case "phone_trunk": // update basic details $sql_obj->string = "UPDATE services SET " . "active='1', " . "price='" . $data["price"] . "', " . "price_setup='" . $data["price_setup"] . "', " . "discount='" . $data["discount"] . "', " . "billing_cycle='" . $data["billing_cycle"] . "', " . "billing_mode='" . $data["billing_mode"] . "', " . "id_rate_table='" . $data["id_rate_table"] . "' " . "WHERE id='{$id}'"; $sql_obj->execute(); // delete old options (if any) $sql_obj->string = "DELETE FROM services_options\n\t\t\t\t\t\t\t\tWHERE option_type='service' \n\t\t\t\t\t\t\t\tAND option_type_id='" . $id . "' \n\t\t\t\t\t\t\t\tAND option_name IN ('phone_ddi_included_units',\n\t\t\t\t\t\t\t\t\t\t\t'phone_ddi_price_extra_units',\n\t\t\t\t\t\t\t\t\t\t\t'phone_trunk_included_units',\n\t\t\t\t\t\t\t\t\t\t\t'phone_trunk_price_extra_units')"; $sql_obj->execute(); // apply new options $sql_obj->string = "INSERT INTO services_options (option_type, option_type_id, option_name, option_value) VALUES ('service', '" . $id . "', 'phone_ddi_included_units', '" . $data["phone_ddi_included_units"] . "')"; $sql_obj->execute(); $sql_obj->string = "INSERT INTO services_options (option_type, option_type_id, option_name, option_value) VALUES ('service', '" . $id . "', 'phone_ddi_price_extra_units', '" . $data["phone_ddi_price_extra_units"] . "')"; $sql_obj->execute(); $sql_obj->string = "INSERT INTO services_options (option_type, option_type_id, option_name, option_value) VALUES ('service', '" . $id . "', 'phone_trunk_included_units', '" . $data["phone_trunk_included_units"] . "')"; $sql_obj->execute(); $sql_obj->string = "INSERT INTO services_options (option_type, option_type_id, option_name, option_value) VALUES ('service', '" . $id . "', 'phone_trunk_price_extra_units', '" . $data["phone_trunk_price_extra_units"] . "')"; $sql_obj->execute(); break; case "phone_tollfree": // update basic details $sql_obj->string = "UPDATE services SET " . "active='1', " . "price='" . $data["price"] . "', " . "price_setup='" . $data["price_setup"] . "', " . "discount='" . $data["discount"] . "', " . "billing_cycle='" . $data["billing_cycle"] . "', " . "billing_mode='" . $data["billing_mode"] . "', " . "id_rate_table='" . $data["id_rate_table"] . "' " . "WHERE id='{$id}'"; $sql_obj->execute(); // delete old options (if any) $sql_obj->string = "DELETE FROM services_options\n\t\t\t\t\t\t\t\tWHERE option_type='service' \n\t\t\t\t\t\t\t\tAND option_type_id='" . $id . "' \n\t\t\t\t\t\t\t\tAND option_name IN ('phone_trunk_included_units',\n\t\t\t\t\t\t\t\t\t\t\t'phone_trunk_price_extra_units')"; $sql_obj->execute(); // apply new options $sql_obj->string = "INSERT INTO services_options (option_type, option_type_id, option_name, option_value) VALUES ('service', '" . $id . "', 'phone_trunk_included_units', '" . $data["phone_trunk_included_units"] . "')"; $sql_obj->execute(); $sql_obj->string = "INSERT INTO services_options (option_type, option_type_id, option_name, option_value) VALUES ('service', '" . $id . "', 'phone_trunk_price_extra_units', '" . $data["phone_trunk_price_extra_units"] . "')"; $sql_obj->execute(); break; case "generic_no_usage": case "bundle": default: $sql_obj->string = "UPDATE services SET " . "active='1', " . "price='" . $data["price"] . "', " . "price_setup='" . $data["price_setup"] . "', " . "discount='" . $data["discount"] . "', " . "billing_cycle='" . $data["billing_cycle"] . "', " . "billing_mode='" . $data["billing_mode"] . "' " . "WHERE id='{$id}'"; $sql_obj->execute(); break; } /* Update the Journal */ journal_quickadd_event("services", $id, "Service plan configuration changed"); /* Commit */ if (error_check()) { $sql_obj->trans_rollback(); log_write("error", "process", "An error occured whilst attempting to update service plan information. No changes have been made."); } else { $sql_obj->trans_commit(); log_write("notification", "process", "Service successfully updated."); } // display updated details header("Location: ../index.php?page=services/plan.php&id={$id}"); exit(0); } // end if passed tests }
$values_require_one = array("amount", "amount_credit", "amount_debit"); $values_acceptable = array("transaction_type", "other_party", "amount", "amount_credit", "amount_debit", "date", "code", "reference", "particulars"); $values_paired = array("amount_credit" => "amount_debit"); $new_input_structure = array(); $selected_field = array(); for ($i = 1; $i <= $num_cols; $i++) { if (!empty($data["column{$i}"])) { if (in_array($data["column{$i}"], $values_required)) { $values_count++; } else { if (in_array($data["column{$i}"], $values_require_one)) { $value_multi_requirement++; } else { if (!in_array($data["column{$i}"], $values_acceptable)) { log_write("error", "page_output", "The option " . $data["column{$i}"] . " is not a valid column type"); error_flag_field("column{$i}"); } } } $new_input_structure[$i]['field_src'] = $i; $new_input_structure[$i]['field_dest'] = $data["column{$i}"]; $new_input_structure[$i]['data_format'] = $data["format{$i}"]; $selected_fields[$i] = $data["column{$i}"]; } } if (in_array("amount", $selected_fields)) { $paired_value_state = true; } else { $paired_value_count = 0; foreach ($values_paired as $value_pair_key => $value_pair_value) { if (in_array($value_pair_key, $selected_fields) && in_array($value_pair_value, $selected_fields)) {
$data["THEME_DEFAULT"] = @security_form_input_predefined("any", "THEME_DEFAULT", 1, ""); $data["TABLE_LIMIT"] = @security_form_input_predefined("int", "TABLE_LIMIT", 1, ""); $data["LANGUAGE_DEFAULT"] = @security_form_input_predefined("any", "LANGUAGE_DEFAULT", 1, ""); $data["DATEFORMAT"] = @security_form_input_predefined("any", "DATEFORMAT", 1, ""); $data["TIMEZONE_DEFAULT"] = @security_form_input_predefined("any", "TIMEZONE_DEFAULT", 1, ""); $data["CURRENCY_DEFAULT_NAME"] = @security_form_input_predefined("any", "CURRENCY_DEFAULT_NAME", 1, ""); $data["CURRENCY_DEFAULT_SYMBOL"] = @security_form_input_predefined("any", "CURRENCY_DEFAULT_SYMBOL", 1, ""); $data["CURRENCY_DEFAULT_SYMBOL_POSITION"] = @security_form_input_predefined("any", "CURRENCY_DEFAULT_SYMBOL_POSITION", 1, ""); $data["CURRENCY_DEFAULT_THOUSANDS_SEPARATOR"] = @security_form_input_predefined("any", "CURRENCY_DEFAULT_THOUSANDS_SEPARATOR", 1, ""); $data["CURRENCY_DEFAULT_DECIMAL_SEPARATOR"] = @security_form_input_predefined("any", "CURRENCY_DEFAULT_DECIMAL_SEPARATOR", 1, ""); /* Check that decimal and thousands separators are different */ if ($data["CURRENCY_DEFAULT_THOUSANDS_SEPARATOR"] == $data["CURRENCY_DEFAULT_DECIMAL_SEPARATOR"]) { error_flag_field("CURRENCY_DEFAULT_THOUSANDS_SEPARATOR"); error_flag_field("CURRENCY_DEFAULT_DECIMAL_SEPARATOR"); log_write("error", "page_output", "Thousands and decimal separators must be different."); } /* Process Errors */ if (error_check()) { $_SESSION["error"]["form"]["config_locale"] = "failed"; header("Location: ../index.php?page=admin/config_locale.php"); exit(0); } else { $_SESSION["error"] = array(); /* Start Transaction */ $sql_obj = new sql_query();
} //make sure each contact has a name for ($i = 0; $i < $num_contacts; $i++) { if (!$obj_customer->verify_name_contact($i)) { log_write("error", "process", "Each contact must be given a name - please ensure each contact has been assigned a unique name"); error_flag_field("contact_" . $i); log_debug("edit-process", "NO NAME ERROR FLAG: contact_" . $i); } } //make sure each contact name is unique for ($i = 0; $i < $num_contacts; $i++) { $uniqueness = $obj_customer->verify_uniqueness_contact($i); if ($uniqueness != "unique") { log_write("error", "process", "You have assigned the same name to two or more contacts - please choose unique names"); error_flag_field("contact_" . $i); error_flag_field("contact_" . $uniqueness); } } // return to input page if any errors occurred if ($_SESSION["error"]["message"]) { if ($obj_customer->id) { $_SESSION["error"]["form"]["customer_view"] = "failed"; header("Location: ../index.php?page=customers/view.php&id=" . $obj_customer->id . ""); exit(0); } else { $_SESSION["error"]["form"]["customer_add"] = "failed"; header("Location: ../index.php?page=customers/add.php"); exit(0); } } /*
if ($obj_customer->obj_service->data["typeid_string"] != "phone_trunk") { log_write("error", "page_output", "The requested service is not a phone_trunk service."); return 0; } // verify that the DDI value is correct (if one has been supplied) if ($obj_ddi->id) { if (!$obj_ddi->verify_id()) { log_write("error", "page_output", "The supplied DDI ID is not valid"); return 0; } } // ensure the DDI range is valid if ($obj_ddi->data["ddi_start"] > $obj_ddi->data["ddi_finish"]) { log_write("error", "process", "The supplied DDI range is invalid, the finish DDI must be the same or higher than the start DDI"); error_flag_field("ddi_start"); error_flag_field("ddi_finish"); } /* Check for any errors */ if (error_check()) { $_SESSION["error"]["form"]["service_ddi_edit"] = "failed"; header("Location: ../index.php?page=customers/service-ddi-edit.php&id_customer=" . $obj_customer->id . "&id_service_customer=" . $obj_customer->id_service_customer . "&id_ddi=" . $obj_ddi->id); exit(0); } else { /* Update/Create DDI entry */ $obj_ddi->action_update(); /* Complete
} if (!$count) { error_flag_field("domain_message"); log_write("error", "process", "You must select at least one name server group for the domain to belong to."); } } /* Verify Data */ if (!$obj_domain->verify_domain_name()) { if (isset($obj_domain->data["ipv4_network"])) { log_write("error", "process", "The requested IP range already has reverse DNS entries!"); error_flag_field("ipv4_network"); } else { log_write("error", "process", "The requested domain you are trying to add already exists!"); error_flag_field("domain_name"); } } /* Process Data */ if (error_check()) { if ($obj_domain->id) { $_SESSION["error"]["form"]["domain_edit"] = "failed"; header("Location: ../index.php?page=domains/view.php&id=" . $obj_domain->id . ""); } else { $_SESSION["error"]["form"]["domain_add"] = "failed"; header("Location: ../index.php?page=domains/add.php"); } exit(0); } else {
$data["quantity"] = 1; } // all products must have at least 1 break; case "service": $data["customid"] = @security_form_input_predefined("int", "serviceid", 1, ""); $data["description"] = @security_form_input_predefined("any", "description", 0, ""); $data["price"] = @security_form_input_predefined("money", "price", 0, ""); $data["discount"] = @security_form_input_predefined("float", "discount", 0, ""); $data["quantity"] = 1; // all services must have at least 1 break; default: // unknown type log_write("error", "process", "An unexpected error occured, type value of " . $data["type"] . " is invalid"); error_flag_field("type"); break; } /* Verify Data */ // check that the specified customer actually exists if (!$obj_customer->verify_id()) { log_write("error", "process", "The customer you have attempted to edit - " . $obj_customer->id . " - does not exist in this system."); } else { if ($obj_customer->id_order) { // are we editing an existing order? make sure it exists and belongs to this customer if (!$obj_customer->verify_id_order()) { log_write("error", "process", "The order you have attempted to edit - " . $obj_customer->id_order . " - does not exist in this system."); } else { $obj_customer->load_data();
function validate_custom_records($data_orig = array()) { log_debug("domain", "Executing validate_custom_records(array_data)"); if (!isset($this->data)) { // we need the domain details if we don't already have them $this->load_data(); } $data = array(); $data_tmp = array(); if (!empty($data_orig)) { /* Supplied Array Data - this data has some amount of pre-processing done, having already run through the javascript validation. */ log_debug("domain", "Using supplied array data in \$data_orig"); /* Fetch Data */ $data["custom"]["num_records"] = count(array_keys($data_orig)); for ($i = 0; $i < $data["custom"]["num_records"]; $i++) { $data_tmp[$i]["id"] = @security_script_input_predefined("int", $data_orig[$i]["id"], 1); $data_tmp[$i]["type"] = @security_script_input_predefined("any", $data_orig[$i]["type"], 1); $data_tmp[$i]["ttl"] = @security_script_input_predefined("int", $data_orig[$i]["ttl"], 1); $data_tmp[$i]["name"] = @security_script_input_predefined("any", $data_orig[$i]["name"], 1); $data_tmp[$i]["prio"] = @security_script_input_predefined("int", $data_orig[$i]["prio"], 0); $data_tmp[$i]["content"] = @security_script_input_predefined("any", $data_orig[$i]["content"], 1); $data_tmp[$i]["reverse_ptr"] = @security_script_input_predefined("checkbox", $data_orig[$i]["reverse_ptr"], 1); $data_tmp[$i]["reverse_ptr_orig"] = @security_script_input_predefined("checkbox", $data_orig[$i]["reverse_ptr_orig"], 1); $data_tmp[$i]["delete_undo"] = @security_script_input_predefined("any", $data_orig[$i]["delete_undo"], 1); if (empty($data_tmp[$i]["mode"]) || $data_tmp[$i]["mode"] != "delete" && $data_tmp[$i]["mode"] != "update") { // mode undetermined, run check if ($data_tmp[$i]["id"] && $data_tmp[$i]["delete_undo"] == "true") { $data_tmp[$i]["mode"] = "delete"; } else { if (!empty($data_tmp[$i]["content"]) && $data_tmp[$i]["delete_undo"] == "false") { $data_tmp[$i]["mode"] = "update"; } } } } } elseif (isset($_POST['record_custom_page'])) { /* Fetch data from POST - easiest way, since we can take advantage of smart error handling functions built in. */ // fetch number of records $data["custom"]["num_records"] = @security_form_input_predefined("int", "num_records_custom", 0, ""); for ($i = 0; $i < $data["custom"]["num_records"]; $i++) { /* Fetch Data */ $data_tmp[$i]["id"] = @security_form_input_predefined("int", "record_custom_" . $i . "_id", 0, ""); $data_tmp[$i]["type"] = @security_form_input_predefined("any", "record_custom_" . $i . "_type", 0, ""); $data_tmp[$i]["ttl"] = @security_form_input_predefined("int", "record_custom_" . $i . "_ttl", 0, ""); $data_tmp[$i]["name"] = @security_form_input_predefined("any", "record_custom_" . $i . "_name", 0, ""); $data_tmp[$i]["content"] = @security_form_input_predefined("any", "record_custom_" . $i . "_content", 0, ""); $data_tmp[$i]["reverse_ptr"] = @security_form_input_predefined("checkbox", "record_custom_" . $i . "_reverse_ptr", 0, ""); $data_tmp[$i]["reverse_ptr_orig"] = @security_form_input_predefined("checkbox", "record_custom_" . $i . "_reverse_ptr_orig", 0, ""); $data_tmp[$i]["delete_undo"] = @security_form_input_predefined("any", "record_custom_" . $i . "_delete_undo", 0, ""); /* Process Raw Data */ if ($data_tmp[$i]["id"] && $data_tmp[$i]["delete_undo"] == "true") { $data_tmp[$i]["mode"] = "delete"; } else { if (!empty($data_tmp[$i]["content"]) && $data_tmp[$i]["delete_undo"] == "false") { $data_tmp[$i]["mode"] = "update"; } } } } /* Process Validated Inputs */ if (!empty($data_tmp)) { log_write("debug", "domains", "Record values obtained, running detailed check"); for ($i = 0; $i < $data["custom"]["num_records"]; $i++) { /* Error Handling */ // verify name syntax if ($data_tmp[$i]["name"] == "*" || preg_match("/^\\*\\.[A-Za-z0-9\\p{L}:._-]+\$/", $data_tmp[$i]["name"])) { // wildcard records are annoying - wildcards must be standalone, and can't be part of a sring // OK -> * // OK -> *.example.com // BAD -> abc*.example.com // BAD -> std*abc.example.com // nothing todo } elseif ($data_tmp[$i]["name"] != "@" && !preg_match("/^[A-Za-z0-9\\p{L}:._-]*\$/", $data_tmp[$i]["name"])) { // all other record types log_write("error", "process", "Sorry, the value you have entered for record " . $data_tmp[$i]["name"] . " contains invalid charactors"); error_flag_field("record_custom_" . $i . ""); } // validate content and name formatting per domain type if ($data_tmp[$i]["name"] != "") { switch ($data_tmp[$i]["type"]) { case "A": // validate IPv4 if (!preg_match("/^(?:25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]\\d|\\d)(?:[.](?:25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]\\d|\\d)){3}\$/", $data_tmp[$i]["content"])) { // invalid IP address log_write("error", "process", "A record for " . $data_tmp[$i]["name"] . " did not validate as an IPv4 address"); error_flag_field("record_custom_" . $i . ""); } break; case "AAAA": // validate IPv6 if (filter_var($data_tmp[$i]["content"], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) == FALSE) { // invalid IP address log_write("error", "process", "AAAA record for " . $data_tmp[$i]["name"] . " did not validate as an IPv6 address"); error_flag_field("record_custom_" . $i . ""); } break; case "CNAME": // validate CNAME if ($data_tmp[$i]["content"] != "@" && !preg_match("/^[A-Za-z0-9\\p{L}._-]*\$/", $data_tmp[$i]["content"])) { // invalid CNAME log_write("error", "process", "CNAME record for " . $data_tmp[$i]["name"] . " contains invalid characters."); error_flag_field("record_custom_" . $i . ""); } // make sure it's not an IP if (filter_var($data_tmp[$i]["content"], FILTER_VALIDATE_IP) == $data_tmp[$i]["content"]) { // CNAME is pointing at an IP log_write("error", "process", "CNAME record for " . $data_tmp[$i]["name"] . " is incorrectly referencing an IP address."); error_flag_field("record_custom_" . $i . ""); } break; case "SRV": // validate SRV name (_service._proto.name OR _service._proto)) if (!preg_match("/^_[A-Za-z0-9\\p{L}.-]*\\._[A-Za-z\\p{L}]*\\.[A-Za-z0-9\\p{L}.-]*\$/", $data_tmp[$i]["name"]) && !preg_match("/^_[A-Za-z0-9\\p{L}.-]*\\._[A-Za-z\\p{L}]*\$/", $data_tmp[$i]["name"])) { log_write("error", "process", "SRV record for " . $data_tmp[$i]["name"] . " is not correctly formatted - name must be: _service._proto.name"); error_flag_field("record_custom_" . $i . ""); } // validate SRV content (priority, weight, port, target/host) if (!preg_match("/^[0-9]*\\s[0-9]*\\s[0-9]*\\s[A-Za-z0-9\\p{L}.-]*\$/", $data_tmp[$i]["content"])) { log_write("error", "process", "SRV record for " . $data_tmp[$i]["name"] . " is not correctly formatted - content must be: priority weight port target/hostname"); error_flag_field("record_custom_" . $i . ""); } break; case "SPF": case "TXT": // TXT string could be almost anything, just make sure it's quoted. $data_tmp[$i]["content"] = str_replace("'", "", $data_tmp[$i]["content"]); $data_tmp[$i]["content"] = str_replace('"', "", $data_tmp[$i]["content"]); $data_tmp[$i]["content"] = '"' . $data_tmp[$i]["content"] . '"'; break; case "PTR": if (strpos($this->data["domain_name"], "in-addr.arpa")) { // IPv4 PTR Record // We only pass through the 4th octet to the end user. if (!preg_match("/^[0-9]*\$/", $data_tmp[$i]["name"])) { log_write("error", "process", "PTR reverse record for " . $data_tmp[$i]["content"] . " should be a single octet."); error_flag_field("record_custom_" . $i . ""); } if (!preg_match("/^[A-Za-z0-9\\p{L}.-]*\$/", $data_tmp[$i]["content"])) { log_write("error", "process", "PTR reverse record for " . $data_tmp[$i]["name"] . " is not correctly formatted."); error_flag_field("record_custom_" . $i . ""); } } elseif (strpos($this->data["domain_name"], "ip6.arpa")) { // IPv6 PTR Record // If the record is already in reverse ARPA format, we should convert it first if (strpos($data_tmp[$i]["name"], "ip6.arpa")) { $data_tmp[$i]["name"] = ipv6_convert_fromarpa($data_tmp[$i]["name"]); } // We pass through a full IPv6 address and maybe a CIDR value - if provided, // we should strip off the CIDR and then validate the address and process. $data_tmp[$i]["name"] = preg_replace("/\\/[0-9]*\$/", '', $data_tmp[$i]["name"]); if (!filter_var($data_tmp[$i]["name"], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { log_write("error", "process", "Provided PTR IPv6 address for " . $data_tmp[$i]["name"] . " is not a valid IPv6 address."); error_flag_field("record_custom_" . $i . ""); } if (!preg_match("/^[A-Za-z0-9\\p{L}.-]*\$/", $data_tmp[$i]["content"])) { log_write("error", "process", "Provided PTR IPv6 reverse record for " . $data_tmp[$i]["name"] . " is not correctly formatted."); error_flag_field("record_custom_" . $i . ""); } // convert the record into PTR formatted value $data_tmp[$i]["name"] = ipv6_convert_arpa($data_tmp[$i]["name"]); } break; case "SSHFP": // validate SSHFP content (algorithm, type, key/fingerprint) if (!preg_match("/^[1-4] [1-2] [a-fA-F0-9]+\$/", $data_tmp[$i]["content"])) { log_write("error", "process", "SSHFP record for " . $data_tmp[$i]["name"] . " is not correctly formatted - content must be: algorithm(1-4) type(1-2) <key/fingerprint>"); error_flag_field("record_custom_" . $i . ""); } break; case "LOC": // validate SSHFP content (algorithm, type, key/fingerprint) if (!preg_match("/^[0-9]+( [0-9]+( [0-9]+\\.[0-9]+)?)? N|S [0-9]+( [0-9]+( [0-9]+\\.[0-9]+)?)? E|W \\-?[0-9]+\\.[0-9]+m?( [0-9]+\\.[0-9]+m?)?( [0-9]+\\.[0-9]+m?)?/", $data_tmp[$i]["content"])) { log_write("error", "process", "LOC record for " . $data_tmp[$i]["name"] . " is not correctly formatted - content must follow RFC 1876"); error_flag_field("record_custom_" . $i . ""); } break; case "NS": case "MX": case "HINFO": // nothing todo. break; default: log_write("error", "process", "Unknown record type " . $data_tmp[$i]["type"] . ""); break; } // remove excess "." which might have been added $data_tmp[$i]["name"] = rtrim($data_tmp[$i]["name"], "."); $data_tmp[$i]["content"] = rtrim($data_tmp[$i]["content"], "."); // verify reverse PTR options if ($data_tmp[$i]["reverse_ptr"]) { if ($data_tmp[$i]["type"] == "A" || $data_tmp[$i]["type"] == "AAAA") { // check if the appropiate reverse DNS domain exists $obj_record = new domain_records(); if (!$obj_record->find_reverse_domain($data_tmp[$i]["content"])) { // no match log_write("error", "process", "Sorry, we can't set a reverse PTR for " . $data_tmp[$i]["content"] . " --> " . $data_tmp[$i]["name"] . ", since there is no reverse domain record for that IP address"); error_flag_field("record_custom_" . $i . ""); } else { // match, record the domain ID and record ID to save a lookup $data_tmp[$i]["reverse_ptr_id_domain"] = $obj_record->id; $data_tmp[$i]["reverse_ptr_id_record"] = $obj_record->id_record; } // add to the reverse domain list - we use this list to avoid reloading for every record if (@(!in_array($obj_record->id, $data["reverse"]))) { $data["reverse"][] = $obj_record->id; } unset($obj_record); } else { log_write("error", "process", "A reverse PTR record is only valid for an A or AAAA record"); error_flag_field("record_custom_" . $i . ""); } } // add to processing array $data["records"][] = $data_tmp[$i]; } else { /* No record name exists - this is only valid if no content is also supplied */ if (!empty($data_tmp[$i]['content'])) { log_write("error", "process", "Name cannot be empty for IP address: " . $data_tmp[$i]['content']); error_flag_field("record_custom_" . $i . ""); } } } // end of loop through records } else { log_write("debug", "domains", "No records provided, no validation performed"); } // return structured array return $data; }
/* Verify Data */ // make sure a valid service ID has been supplied if (!$obj_service->verify_id()) { log_write("error", "process", "The service you have requested - " . $obj_service->id . " - does not exist in this system"); } // check the option id values if (!$obj_rate_table->verify_id_override()) { // TODO: seriously need a better error message here, this means almost nothing to me and I wrote it.... log_write("error", "process", "The service and rate ids do not correct match any known override"); } // verify that the prefix is unique if (!$obj_rate_table->verify_rate_prefix_override()) { log_write("error", "process", "Another rate override already exists with the supplied prefix - unable to add another one with the same prefix"); error_flag_field("rate_prefix"); } /* Check for any errors */ if (error_check()) { header("Location: ../index.php?page=services/cdr-override.php&id_service=" . $obj_service->id); exit(0); } else { /* Delete Rate Override */ $obj_rate_table->action_rate_delete_override(); /* Complete */
log_write("error", "process", "The name server group you have attempted to edit - " . $obj_name_server_group->id . " - does not exist in this system."); } else { // load existing data $obj_name_server_group->load_data(); } } // basic fields $obj_name_server_group->data["group_name"] = security_form_input("/^\\w*\$/", "group_name", 1, "Group name must be a alpha numeric word with optional underscores - no spaces or other symbols."); $obj_name_server_group->data["group_description"] = security_form_input_predefined("any", "group_description", 0, ""); /* Verify Data */ // ensure the group name is unique if (!$obj_name_server_group->verify_group_name()) { log_write("error", "process", "The requested group name already exists, have you checked that the group you're trying to add doesn't already exist?"); error_flag_field("group_name"); } /* Process Data */ if (error_check()) { if ($obj_name_server_group->id) { $_SESSION["error"]["form"]["name_server_group_edit"] = "failed"; header("Location: ../index.php?page=servers/group-view.php&id=" . $obj_name_server_group->id . ""); } else { $_SESSION["error"]["form"]["name_server_group_edit"] = "failed"; header("Location: ../index.php?page=servers/group-add.php"); } exit(0); } else { // clear error data
} else { log_write("notification", "sql_query", "Tested successful connection to traffic usage database"); $obj_sql->session_terminate(); } } /* Test CDR Database */ if ($data["SERVICE_CDR_DB_TYPE"] == "mysql_cdr_daily") { $obj_sql = new sql_query(); if (!$obj_sql->session_init("mysql", $data["SERVICE_CDR_DB_HOST"], $data["SERVICE_CDR_DB_NAME"], $data["SERVICE_CDR_DB_USERNAME"], $data["SERVICE_CDR_DB_PASSWORD"])) { log_write("error", "sql_query", "Unable to connect to CDR service usage database!"); error_flag_field("SERVICE_CDR_DB_HOST"); error_flag_field("SERVICE_CDR_DB_NAME"); error_flag_field("SERVICE_CDR_DB_USERNAME"); error_flag_field("SERVICE_CDR_DB_PASSWORD"); } else { log_write("notification", "sql_query", "Tested successful connection to CDR usage database"); $obj_sql->session_terminate(); } } /* Process Errors */ if (error_check()) { $_SESSION["error"]["form"]["config_services"] = "failed"; header("Location: ../index.php?page=admin/config_services.php"); exit(0); } else { $_SESSION["error"] = array(); /*
function verify_fields() { log_debug("traffic_types", "Executing verify_fields()"); if (!empty($this->data["type_name"])) { $sql_obj = new sql_query(); $sql_obj->string = "SELECT id FROM traffic_types WHERE type_name='" . $this->data["type_name"] . "' AND id!='" . $this->id . "' LIMIT 1"; $sql_obj->execute(); if ($sql_obj->num_rows()) { log_write("error", "traffic_types", "This name is already in use, please select another"); error_flag_field("type_name"); return 0; } } if (!empty($this->data["type_label"])) { $sql_obj = new sql_query(); $sql_obj->string = "SELECT id FROM traffic_types WHERE type_label='" . $this->data["type_label"] . "' AND id!='" . $this->id . "' LIMIT 1"; $sql_obj->execute(); if ($sql_obj->num_rows()) { log_write("error", "traffic_types", "This label is already in use, please select another"); error_flag_field("type_label"); return 0; } } if ($this->data["type_name"] == "any" || $this->data["type_name"] == "Any") { log_write("error", "traffic_types", "Any is a reserved cap name for catchall caps."); error_flag_field("type_name"); return 0; } if ($this->data["type_label"] == "*" || $this->data["type_label"] == "any" || $this->data["type_label"] == "Any") { log_write("error", "traffic_types", "Any/* is a reserved label type for catchall caps."); error_flag_field("type_label"); return 0; } return 1; }
error_flag_field("id_group"); error_flag_field("server_record"); } /* Optional: Verify Amazon AWS Route53 Hosted DNS Provider */ if (!empty($obj_name_server->data["route53_access_key"])) { // verify the credentials are correct try { $route53 = Aws\Route53\Route53Client::factory(array('key' => $obj_name_server->data["route53_access_key"], 'secret' => $obj_name_server->data["route53_secret_key"])); $query = $route53->listHostedZones(); } catch (Aws\Route53\Exception\Route53Exception $e) { log_write("error", "process", "Unable to connect to Route53 with provided credentials"); log_write("error", "process", "Failure returned: " . $e->getExceptionCode() . ""); error_flag_field("route53_access_key"); error_flag_field("route53_secret_key"); } } /* Process Data */ if (error_check()) { if ($obj_name_server->id) { $_SESSION["error"]["form"]["name_server_edit"] = "failed"; header("Location: ../index.php?page=servers/view.php&id=" . $obj_name_server->id . ""); } else { $_SESSION["error"]["form"]["name_server_edit"] = "failed"; header("Location: ../index.php?page=servers/add.php"); } exit(0); } else {
if ($raw_string == "" && $translation == "") { //if both are blank, continue to next as this row was not filled in continue; } else { //if one field or the other is blank, give error if ($raw_string == "" || $translation == "") { error_flag_field($row); log_write("error", "page_output", "Both the untranslated phrase and the translation must be provided."); break; } else { //if label already exists in DB, check user has permission to edit $sql_obj->string = "SELECT id FROM language WHERE label='{$raw_string}' AND language='{$language}'"; $sql_obj->execute(); if ($sql_obj->num_rows()) { if (!user_permissions_get("translation_edit")) { error_flag_field($row); log_write("error", "page_output", "You do not have permission to edit previously provided translations."); break; } else { $sql_obj->string = "UPDATE language SET translation = '{$translation}' WHERE label='{$raw_string}' AND language = '{$language}'"; $sql_obj->execute(); } } else { $sql_obj->string = "INSERT INTO language (language, label, translation) VALUES ('{$language}', '{$raw_string}', '{$translation}')"; $sql_obj->execute(); } } } } if (error_check()) { $_SESSION["error"]["form"]["translation_form"] = "failed";
$groups_array[] = $data_tmp["id_group"]; } /* * Verify data * Check for delete requests * Check for errors */ //if data, do nothing if (empty($data_tmp["key"]) && empty($data_tmp["value"])) { continue; } elseif ($data_tmp["delete_undo"] == "true") { $data_tmp["mode"] = "delete"; $data["attributes"][] = $data_tmp; } elseif (empty($data_tmp["key"]) || empty($data_tmp["value"])) { error_flag_field("attribute_" . $data_tmp["id"] . "_key"); error_flag_field("attribute_" . $data_tmp["id"] . "_value"); log_write("error", "page_output", "Both the key and value fields must be completed"); } else { $data["attributes"][] = $data_tmp; } } //check for new attribute rows $new_attributes = array(); for ($i = 0; $i < count($groups_array); $i++) { $new_attributes[$groups_array[$i]] = @security_form_input_predefined("any", "group_" . $groups_array[$i] . "_new_attributes", 0, ""); } // verify customer if (!$obj_customer->verify_id()) { log_write("error", "process", "The supplied customer ID of " . $obj_customer->id . " is not valid"); } // return to input page in event of an error