function email_invoice($email_sender, $email_to, $email_cc, $email_bcc, $email_subject, $email_message)
{
log_debug("invoice", "Executing email_invoice([options])");
// external dependency of Mail_Mime
if (!@(include_once 'Mail.php')) {
log_write("error", "invoice", "Unable to find Mail module required for sending email");
return 0;
}
if (!@(include_once 'Mail/mime.php')) {
log_write("error", "invoice", "Unable to find Mail::Mime module required for sending email");
return 0;
}
// track attachment files to tidy up
$file_attachments = array();
/*
Prepare Email Mime Data & Headers
*/
// fetch sender address
//
// users have the choice of sending as the company or as their own staff email address & name.
//
if ($email_sender == "user") {
// send as the user
$email_sender = "\"" . user_information("realname") . "\" <" . user_information("contact_email") . ">";
} else {
// send as the system
$email_sender = "\"" . sql_get_singlevalue("SELECT value FROM config WHERE name='COMPANY_NAME'") . "\" <" . sql_get_singlevalue("SELECT value FROM config WHERE name='COMPANY_CONTACT_EMAIL'") . ">";
}
// prepare headers
$mail_headers = array('From' => $email_sender, 'Subject' => $email_subject, 'Cc' => $email_cc, 'Bcc' => $email_bcc);
$mail_mime = new Mail_mime("\n");
$mail_mime->setTXTBody($email_message);
/*
Generate a PDF of the invoice and save to tmp file
*/
log_debug("invoice", "Generating invoice PDF for emailing");
// generate PDF
$this->generate_pdf();
if (error_check()) {
return 0;
}
// save to a temporary file
if ($this->type == "ar") {
$tmp_file_invoice = file_generate_name($GLOBALS["config"]["PATH_TMPDIR"] . "/invoice_" . $this->data["code_invoice"] . "", "pdf");
} else {
$tmp_file_invoice = file_generate_name($GLOBALS["config"]["PATH_TMPDIR"] . "/quote_" . $this->data["code_quote"] . "", "pdf");
//$email_template = sql_get_singlevalue("SELECT value FROM config WHERE name IN('TEMPLATE_QUOTE_EMAIL') LIMIT 1");
}
if (!($fhandle = fopen($tmp_file_invoice, "w"))) {
log_write("error", "invoice", "A fatal error occured whilst writing invoice PDF to file {$tmp_file_invoice}, unable to send email");
return 0;
}
fwrite($fhandle, $this->obj_pdf->output);
fclose($fhandle);
// attach
$mail_mime->addAttachment($tmp_file_invoice, 'application/pdf');
$file_attachments[] = $tmp_file_invoice;
/*
Fetch Extra Attachments
Certain billing processes may add file attachments to the journal that should be sent along with the invoice
when an email is generated.
Here we grab those file attachments and send each one.
*/
$obj_sql_journal = new sql_query();
$obj_sql_journal->string = "SELECT id FROM journal WHERE journalname='account_ar' AND customid='" . $this->id . "' AND title LIKE 'SERVICE:%'";
$obj_sql_journal->execute();
if ($obj_sql_journal->num_rows()) {
$obj_sql_journal->fetch_array();
foreach ($obj_sql_journal->data as $data_journal) {
// there are journaled attachments to send
//
// we don't care about any of the journal data, we just need to pull the file attachment from
// storage, write to disk and then attach to the email
//
// fetch file object
$file_obj = new file_storage();
$file_obj->data["type"] = "journal";
$file_obj->data["customid"] = $data_journal["id"];
if (!$file_obj->load_data_bytype()) {
log_write("error", "inc_invoices", "Unable to load file from journal to attach to invoice email - possible file storage issue?");
return 0;
}
$file_extension = format_file_extension($file_obj->data["file_name"]);
$file_name = format_file_noextension($file_obj->data["file_name"]);
$file_ctype = format_file_contenttype($file_extension);
// we have to write the file to disk before attaching it
$tmp_file_attach = file_generate_name($GLOBALS["config"]["PATH_TMPDIR"] . "/" . $file_name, $file_extension);
if (!$file_obj->filedata_write($tmp_file_attach)) {
log_write("error", "inc_invoices", "Unable to write file attachments from journal to tmp space");
return 0;
}
// add to the invoice
$mail_mime->addAttachment($tmp_file_attach, $file_ctype);
$file_attachments[] = $tmp_file_attach;
// cleanup - tmp file will be removed ;ater
unset($file_obj);
}
// end of for each journal item
}
// end if sendable journal items
unset($obj_sql_journal);
/*
Email the invoice
*/
log_write("debug", "invoice", "Sending generated email....");
$mail_body = $mail_mime->get();
$mail_headers = $mail_mime->headers($mail_headers);
$mail =& Mail::factory('mail', "-f " . $GLOBALS["config"]["COMPANY_CONTACT_EMAIL"]);
$status = $mail->send($email_to, $mail_headers, $mail_body);
if (PEAR::isError($status)) {
log_write("error", "inc_invoice", "An error occured whilst attempting to send the email: " . $status->getMessage() . "");
} else {
log_write("debug", "inc_invoice", "Successfully sent email invoice");
/*
Start SQL Transaction to post email to journal
*/
$sql_obj = new sql_query();
$sql_obj->trans_begin();
/*
Mark the invoice as having been sent
*/
$sql_obj = new sql_query();
$sql_obj->string = "UPDATE account_" . $this->type . " SET date_sent='" . date("Y-m-d") . "', sentmethod='email' WHERE id='" . $this->id . "'";
$sql_obj->execute();
/*
Add the email information to the journal, including attaching a copy
of the generated PDF
*/
log_write("debug", "inc_invoice", "Uploading PDF and email details to journal...");
// create journal entry
$journal = new journal_process();
$journal->prepare_set_journalname("account_" . $this->type);
$journal->prepare_set_customid($this->id);
$journal->prepare_set_type("file");
$journal->prepare_set_title("EMAIL: {$email_subject}");
$data["content"] = NULL;
$data["content"] .= "To:\t" . $email_to . "\n";
$data["content"] .= "Cc:\t" . $email_cc . "\n";
$data["content"] .= "Bcc:\t" . $email_bcc . "\n";
$data["content"] .= "From:\t" . $email_sender . "\n";
$data["content"] .= "\n";
$data["content"] .= $email_message;
$data["content"] .= "\n";
$journal->prepare_set_content($data["content"]);
$journal->action_update();
// create journal entry
$journal->action_lock();
// lock it to prevent any changes to historical record of delivered email
// upload PDF file as an attachement
$file_obj = new file_storage();
$file_obj->data["type"] = "journal";
$file_obj->data["customid"] = $journal->structure["id"];
if (!$file_obj->action_update_file($tmp_file_invoice)) {
log_write("error", "inc_invoice", "Unable to upload emailed PDF to journal entry");
}
/*
Commit
*/
if (error_check()) {
$sql_obj->trans_rollback();
} else {
$sql_obj->trans_commit();
}
}
// end if successful send
// cleanup - remove the temporary files
log_debug("inc_invoice", "Performing cleanup, removing temporary files used for emails");
foreach ($file_attachments as $filename) {
log_debug("inc_invoice", "Removing tmp file {$filename}");
unlink($filename);
}
// return
if (error_check()) {
return 0;
} else {
return 1;
}
}
*/
$file_obj = new file_storage();
$file_obj->verify_upload_form("cdr_rate_import_file", array("csv", "zip"));
/*
Handle Errors
*/
if (error_check()) {
header("Location: ../index.php?page=services/cdr-rates-import.php&id=" . $obj_rate_table->id);
exit(0);
} else {
error_clear();
/*
Load the file
*/
$rate_table = array();
switch (format_file_extension($_FILES["cdr_rate_import_file"]["name"])) {
case "zip":
/*
ZIP files can be uploaded containing multiple CSV files for import and processing.
PHP makes this easy, by allowing us to open the temporary uploaded ZIP file
and then reading each file out of the ZIP without needing for first uncompress onto the filesystem.
In *theory* this should offer protection against ZIP bombs, since files aren't being written to disk - if a
malicious user uploads a huge file, it will simply consume RAM for the PHP process until the process hits server
limits and terminates.
Worst case, the user could DOS the server by repeatadly uploading ZIP files to impact on performance but this is
nowhere near as useful an attack as consuming all available disk space.
*/
function filedata_render()
{
log_write("debug", "file_storage", "Executing filedata_render()");
// the metadata is vital, so die if we don't have it
if (!$this->id || !$this->data["file_size"] || !$this->data["file_name"] || !$this->data["file_location"]) {
die("load_data or load_data_bytype must be called before executing filedata_render!");
}
/*
Setup HTTP headers we need
*/
// required for IE, otherwise Content-disposition is ignored
if (ini_get('zlib.output_compression')) {
ini_set('zlib.output_compression', 'Off');
}
// set the relevant content type
$file_extension = format_file_extension($this->data["file_name"]);
$ctype = format_file_contenttype($file_extension);
header("Pragma: public");
// required
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private", false);
// required for certain browsers
header("Content-Type: {$ctype}");
header("Content-Disposition: attachment; filename=\"" . basename($this->data["file_name"]) . "\";");
header("Content-Transfer-Encoding: binary");
// tell the browser how big the file is (in bytes)
// most browers seem to ignore this, but it's vital in order to make IE 7 work.
header("Content-Length: " . $this->data["file_size"] . "");
/*
Output File Data
Each file in the DB has a field to show where the file is located, so if a user
has some files on disk and some in the DB, we can handle it accordingly.
*/
log_write("debug", "file_storage", "Fetching file " . $this->id . " from location " . $this->data["file_location"] . "");
if ($this->data["file_location"] == "db") {
/*
Fetch file data from database
*/
// fetch a list of all the rows with file data from the file_upload_data directory
$sql_obj = new sql_query();
$sql_obj->string = "SELECT id FROM file_upload_data WHERE fileid='" . $this->id . "' ORDER BY id";
$sql_obj->execute();
if (!$sql_obj->num_rows()) {
die("No data found for file" . $this->id . "");
}
$sql_obj->fetch_array();
// create an array of all the IDs
$file_data_ids = array();
foreach ($sql_obj->data as $data_sql) {
$file_data_ids[] = $data_sql["id"];
}
// fetch the data for each ID
foreach ($file_data_ids as $id) {
$sql_obj = new sql_query();
$sql_obj->string = "SELECT data FROM file_upload_data WHERE id='{$id}' LIMIT 1";
$sql_obj->execute();
$sql_obj->fetch_array();
print $sql_obj->data[0]["data"];
}
} else {
/*
Output data from filesystem
*/
$file_path = $this->config["data_storage_location"] . "/" . $this->id;
if (file_exists($file_path)) {
readfile($file_path);
} else {
die("FATAL ERROR: File " . $this->id . " {$file_path} is missing or inaccessible.");
}
}
return 1;
}
$dest_account = @security_form_input_predefined("int", "dest_account", 1, "");
$employeeid = @security_form_input_predefined("any", "employeeid", 1, "");
/*
Check for obvious errors
*/
if (error_check()) {
header("Location: ../../index.php?page=accounts/import/bankstatement.php");
exit(0);
}
/*
Import File Contents
*/
// declare array
$transactions = array();
// set file type
$filetype = format_file_extension($_FILES["BANK_STATEMENT"]["name"]);
// process CSV file
if ($filetype == "csv") {
// check that file can be opened
if ($handle = fopen($_FILES["BANK_STATEMENT"]["tmp_name"], "r")) {
$i = 0;
while ($data = fgetcsv($handle, 1000, ",")) {
// count the number of entries in the row
$num_entries = count($data);
for ($j = 0; $j < $num_entries; $j++) {
// place the information into a 2 dimensional array
$transactions[$i][$j] = $data[$j];
}
$i++;
}
// end of loop
*/
$data["domain_type"] == "domain_standard";
if (strpos($data["domain_name"], "in-addr.arpa")) {
$data["domain_type"] = "domain_reverse_ipv4";
}
if (strpos($data["domain_name"], "ip6.arpa")) {
$data["domain_type"] = "domain_reverse_ipv6";
}
/*
If no domain name could be determined (this can happen with some
zonefiles depending on the way origin has been setup) we should
query the filename to determine the needs.
*/
if (empty($data["domain_name"])) {
// strip the filename, minus extensions
$extension = format_file_extension($_FILES["import_upload_file"]["name"]);
if ($extension == "zone" || $extension == "rev") {
$data["domain_name"] = $_FILES["import_upload_file"]["name"];
$data["domain_name"] = str_replace(".{$extension}", "", $data["domain_name"]);
} else {
$data["domain_name"] = $_FILES["import_upload_file"]["name"];
}
}
/*
Handle reverse domains network range determination
We can take the domain name and take the IPv4 information from it if possible.
*/
if ($data["domain_type"] == "domain_reverse_ipv4") {
if (preg_match("/in-addr.arpa/", $data["domain_name"])) {
// in-addr.apra domains have the IP address in reverse, we need to flip.
