function set_usage_record($collector, $id_service_customer, $date, $usage1, $usage2 = NULL)
{
log_debug("services_usage", "Executing set_usage_record");
if (user_permissions_get("services_write_usage")) {
// sanitise input
$data["collector"] = @security_script_input_predefined("any", $collector);
$data["id_service_customer"] = @security_script_input_predefined("int", $id_service_customer);
$data["date"] = @security_script_input_predefined("date", $date);
$data["usage1"] = @security_script_input_predefined("int", $usage1);
$data["usage2"] = @security_script_input_predefined("int", $usage2);
foreach (array_keys($data) as $key) {
if ($data[$key] == "error") {
throw new SoapFault("Sender", "INVALID_INPUT");
}
}
/*
Verify that id_service_customer exists - this may seem unnessacary, but should be done
to prevent data being inserted to IDs that don't yet belong - but may do in future.
Would be nasty to have a lot of data sitting in the table waiting for a new customer to
appear whom the ID matches too.
Of course, this check does nothing to prevent data for one customer being accidently filed
against another customer due to an incorrect ID.
*/
$sql_obj = new sql_query();
$sql_obj->string = "SELECT id FROM services_customers WHERE id='" . $data["id_service_customer"] . "' LIMIT 1";
$sql_obj->execute();
if (!$sql_obj->num_rows()) {
throw new SoapFault("Sender", "INVALID_SERVICES_CUSTOMERS_ID");
}
unset($sql_obj);
// add new row to DB
$sql_obj = new sql_query();
$sql_obj->string = "INSERT INTO service_usage_records (" . "id_service_customer, " . "date, " . "usage1, " . "usage2" . ") VALUES (" . "'" . $data["id_service_customer"] . "', " . "'" . $data["date"] . "', " . "'" . $data["usage1"] . "', " . "'" . $data["usage2"] . "'" . ")";
if (!$sql_obj->execute()) {
throw new SoapFault("Sender", "UNEXPECTED_DB_ERROR");
}
return 1;
} else {
throw new SoapFault("Sender", "ACCESS_DENIED");
}
}
function page_output()
{
// get selected employee
$this->employeeid = @security_script_input('/^[0-9]*$/', $_GET["employeeid"]);
if ($this->employeeid) {
// save to session vars
$_SESSION["form"]["timereg"]["employeeid"] = $this->employeeid;
} else {
// load from session vars
if (isset($_SESSION["form"]["timereg"]["employeeid"])) {
$this->employeeid = $_SESSION["form"]["timereg"]["employeeid"];
}
}
// get selected date
$this->date = @security_script_input('/^\\S*$/', $_GET["date"]);
if (!$this->date) {
// try alternative input syntax
$this->date = @security_script_input_predefined("date", $_GET["date_yyyy"] . "-" . $_GET["date_mm"] . "-" . $_GET["date_dd"]);
if ($this->date == "error") {
$this->date = NULL;
}
}
if ($this->date) {
// save to session vars
$_SESSION["timereg"]["date"] = $this->date;
} else {
if ($_SESSION["timereg"]["date"]) {
// load from session vars
$this->date = $_SESSION["timereg"]["date"];
} else {
// use today's date
$this->date = date("Y-m-d");
}
}
$this->date_split = explode("-", $this->date);
// define the navigiation menu
$this->obj_menu_nav = new menu_nav();
$this->obj_menu_nav->add_item("Weekview", "page=timekeeping/timereg.php&year=" . time_calculate_yearnum($this->date) . "&weekofyear=" . time_calculate_weeknum($this->date) . "");
$this->obj_menu_nav->add_item("Day View", "page=timekeeping/timereg-day.php&date=" . $this->date . "", TRUE);
// get future booking config option
$this->config_timesheet_booktofuture = sql_get_singlevalue("SELECT value FROM config WHERE name='TIMESHEET_BOOKTOFUTURE'");
}
function login($account, $username, $password)
{
log_debug("authenticate", "Executing login({$account}, {$username}, {$password})");
// sanitise input
$account = @security_script_input_predefined("any", $account);
$username = @security_script_input_predefined("any", $username);
$password = @security_script_input_predefined("any", $password);
// $account is only used by Amberdms's hosted billing system - for single instance configurations
// it is unused, and simply exists to ensure a standard API across all product versions
$result = user_login($account, $username, $password);
switch ($result) {
case "-5":
throw new SoapFault("Sender", "DATABASE_VERSION_MISMATCH");
break;
case "-4":
throw new SoapFault("Sender", "USER_DISABLED");
break;
case "-3":
throw new SoapFault("Sender", "INVALID_AUTHDETAILS");
break;
case "-2":
throw new SoapFault("Sender", "USER_DISABLED");
break;
case "-1":
throw new SoapFault("Sender", "BLACKLISTED");
break;
case "0":
default:
throw new SoapFault("Sender", "INVALID_AUTHDETAILS");
break;
case "1":
// successful authentication
$sid = session_name() . "=" . session_id();
return $sid;
break;
}
}
function validate_custom_records($data_orig = array())
{
log_debug("domain", "Executing validate_custom_records(array_data)");
if (!isset($this->data)) {
// we need the domain details if we don't already have them
$this->load_data();
}
$data = array();
$data_tmp = array();
if (!empty($data_orig)) {
/*
Supplied Array Data - this data has some amount of pre-processing
done, having already run through the javascript validation.
*/
log_debug("domain", "Using supplied array data in \$data_orig");
/*
Fetch Data
*/
$data["custom"]["num_records"] = count(array_keys($data_orig));
for ($i = 0; $i < $data["custom"]["num_records"]; $i++) {
$data_tmp[$i]["id"] = @security_script_input_predefined("int", $data_orig[$i]["id"], 1);
$data_tmp[$i]["type"] = @security_script_input_predefined("any", $data_orig[$i]["type"], 1);
$data_tmp[$i]["ttl"] = @security_script_input_predefined("int", $data_orig[$i]["ttl"], 1);
$data_tmp[$i]["name"] = @security_script_input_predefined("any", $data_orig[$i]["name"], 1);
$data_tmp[$i]["prio"] = @security_script_input_predefined("int", $data_orig[$i]["prio"], 0);
$data_tmp[$i]["content"] = @security_script_input_predefined("any", $data_orig[$i]["content"], 1);
$data_tmp[$i]["reverse_ptr"] = @security_script_input_predefined("checkbox", $data_orig[$i]["reverse_ptr"], 1);
$data_tmp[$i]["reverse_ptr_orig"] = @security_script_input_predefined("checkbox", $data_orig[$i]["reverse_ptr_orig"], 1);
$data_tmp[$i]["delete_undo"] = @security_script_input_predefined("any", $data_orig[$i]["delete_undo"], 1);
if (empty($data_tmp[$i]["mode"]) || $data_tmp[$i]["mode"] != "delete" && $data_tmp[$i]["mode"] != "update") {
// mode undetermined, run check
if ($data_tmp[$i]["id"] && $data_tmp[$i]["delete_undo"] == "true") {
$data_tmp[$i]["mode"] = "delete";
} else {
if (!empty($data_tmp[$i]["content"]) && $data_tmp[$i]["delete_undo"] == "false") {
$data_tmp[$i]["mode"] = "update";
}
}
}
}
} elseif (isset($_POST['record_custom_page'])) {
/*
Fetch data from POST - easiest way, since we can take advantage of smart
error handling functions built in.
*/
// fetch number of records
$data["custom"]["num_records"] = @security_form_input_predefined("int", "num_records_custom", 0, "");
for ($i = 0; $i < $data["custom"]["num_records"]; $i++) {
/*
Fetch Data
*/
$data_tmp[$i]["id"] = @security_form_input_predefined("int", "record_custom_" . $i . "_id", 0, "");
$data_tmp[$i]["type"] = @security_form_input_predefined("any", "record_custom_" . $i . "_type", 0, "");
$data_tmp[$i]["ttl"] = @security_form_input_predefined("int", "record_custom_" . $i . "_ttl", 0, "");
$data_tmp[$i]["name"] = @security_form_input_predefined("any", "record_custom_" . $i . "_name", 0, "");
$data_tmp[$i]["content"] = @security_form_input_predefined("any", "record_custom_" . $i . "_content", 0, "");
$data_tmp[$i]["reverse_ptr"] = @security_form_input_predefined("checkbox", "record_custom_" . $i . "_reverse_ptr", 0, "");
$data_tmp[$i]["reverse_ptr_orig"] = @security_form_input_predefined("checkbox", "record_custom_" . $i . "_reverse_ptr_orig", 0, "");
$data_tmp[$i]["delete_undo"] = @security_form_input_predefined("any", "record_custom_" . $i . "_delete_undo", 0, "");
/*
Process Raw Data
*/
if ($data_tmp[$i]["id"] && $data_tmp[$i]["delete_undo"] == "true") {
$data_tmp[$i]["mode"] = "delete";
} else {
if (!empty($data_tmp[$i]["content"]) && $data_tmp[$i]["delete_undo"] == "false") {
$data_tmp[$i]["mode"] = "update";
}
}
}
}
/*
Process Validated Inputs
*/
if (!empty($data_tmp)) {
log_write("debug", "domains", "Record values obtained, running detailed check");
for ($i = 0; $i < $data["custom"]["num_records"]; $i++) {
/*
Error Handling
*/
// verify name syntax
if ($data_tmp[$i]["name"] == "*" || preg_match("/^\\*\\.[A-Za-z0-9\\p{L}:._-]+\$/", $data_tmp[$i]["name"])) {
// wildcard records are annoying - wildcards must be standalone, and can't be part of a sring
// OK -> *
// OK -> *.example.com
// BAD -> abc*.example.com
// BAD -> std*abc.example.com
// nothing todo
} elseif ($data_tmp[$i]["name"] != "@" && !preg_match("/^[A-Za-z0-9\\p{L}:._-]*\$/", $data_tmp[$i]["name"])) {
// all other record types
log_write("error", "process", "Sorry, the value you have entered for record " . $data_tmp[$i]["name"] . " contains invalid charactors");
error_flag_field("record_custom_" . $i . "");
}
// validate content and name formatting per domain type
if ($data_tmp[$i]["name"] != "") {
switch ($data_tmp[$i]["type"]) {
case "A":
// validate IPv4
if (!preg_match("/^(?:25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]\\d|\\d)(?:[.](?:25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]\\d|\\d)){3}\$/", $data_tmp[$i]["content"])) {
// invalid IP address
log_write("error", "process", "A record for " . $data_tmp[$i]["name"] . " did not validate as an IPv4 address");
error_flag_field("record_custom_" . $i . "");
}
break;
case "AAAA":
// validate IPv6
if (filter_var($data_tmp[$i]["content"], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) == FALSE) {
// invalid IP address
log_write("error", "process", "AAAA record for " . $data_tmp[$i]["name"] . " did not validate as an IPv6 address");
error_flag_field("record_custom_" . $i . "");
}
break;
case "CNAME":
// validate CNAME
if ($data_tmp[$i]["content"] != "@" && !preg_match("/^[A-Za-z0-9\\p{L}._-]*\$/", $data_tmp[$i]["content"])) {
// invalid CNAME
log_write("error", "process", "CNAME record for " . $data_tmp[$i]["name"] . " contains invalid characters.");
error_flag_field("record_custom_" . $i . "");
}
// make sure it's not an IP
if (filter_var($data_tmp[$i]["content"], FILTER_VALIDATE_IP) == $data_tmp[$i]["content"]) {
// CNAME is pointing at an IP
log_write("error", "process", "CNAME record for " . $data_tmp[$i]["name"] . " is incorrectly referencing an IP address.");
error_flag_field("record_custom_" . $i . "");
}
break;
case "SRV":
// validate SRV name (_service._proto.name OR _service._proto))
if (!preg_match("/^_[A-Za-z0-9\\p{L}.-]*\\._[A-Za-z\\p{L}]*\\.[A-Za-z0-9\\p{L}.-]*\$/", $data_tmp[$i]["name"]) && !preg_match("/^_[A-Za-z0-9\\p{L}.-]*\\._[A-Za-z\\p{L}]*\$/", $data_tmp[$i]["name"])) {
log_write("error", "process", "SRV record for " . $data_tmp[$i]["name"] . " is not correctly formatted - name must be: _service._proto.name");
error_flag_field("record_custom_" . $i . "");
}
// validate SRV content (priority, weight, port, target/host)
if (!preg_match("/^[0-9]*\\s[0-9]*\\s[0-9]*\\s[A-Za-z0-9\\p{L}.-]*\$/", $data_tmp[$i]["content"])) {
log_write("error", "process", "SRV record for " . $data_tmp[$i]["name"] . " is not correctly formatted - content must be: priority weight port target/hostname");
error_flag_field("record_custom_" . $i . "");
}
break;
case "SPF":
case "TXT":
// TXT string could be almost anything, just make sure it's quoted.
$data_tmp[$i]["content"] = str_replace("'", "", $data_tmp[$i]["content"]);
$data_tmp[$i]["content"] = str_replace('"', "", $data_tmp[$i]["content"]);
$data_tmp[$i]["content"] = '"' . $data_tmp[$i]["content"] . '"';
break;
case "PTR":
if (strpos($this->data["domain_name"], "in-addr.arpa")) {
// IPv4 PTR Record
// We only pass through the 4th octet to the end user.
if (!preg_match("/^[0-9]*\$/", $data_tmp[$i]["name"])) {
log_write("error", "process", "PTR reverse record for " . $data_tmp[$i]["content"] . " should be a single octet.");
error_flag_field("record_custom_" . $i . "");
}
if (!preg_match("/^[A-Za-z0-9\\p{L}.-]*\$/", $data_tmp[$i]["content"])) {
log_write("error", "process", "PTR reverse record for " . $data_tmp[$i]["name"] . " is not correctly formatted.");
error_flag_field("record_custom_" . $i . "");
}
} elseif (strpos($this->data["domain_name"], "ip6.arpa")) {
// IPv6 PTR Record
// If the record is already in reverse ARPA format, we should convert it first
if (strpos($data_tmp[$i]["name"], "ip6.arpa")) {
$data_tmp[$i]["name"] = ipv6_convert_fromarpa($data_tmp[$i]["name"]);
}
// We pass through a full IPv6 address and maybe a CIDR value - if provided,
// we should strip off the CIDR and then validate the address and process.
$data_tmp[$i]["name"] = preg_replace("/\\/[0-9]*\$/", '', $data_tmp[$i]["name"]);
if (!filter_var($data_tmp[$i]["name"], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
log_write("error", "process", "Provided PTR IPv6 address for " . $data_tmp[$i]["name"] . " is not a valid IPv6 address.");
error_flag_field("record_custom_" . $i . "");
}
if (!preg_match("/^[A-Za-z0-9\\p{L}.-]*\$/", $data_tmp[$i]["content"])) {
log_write("error", "process", "Provided PTR IPv6 reverse record for " . $data_tmp[$i]["name"] . " is not correctly formatted.");
error_flag_field("record_custom_" . $i . "");
}
// convert the record into PTR formatted value
$data_tmp[$i]["name"] = ipv6_convert_arpa($data_tmp[$i]["name"]);
}
break;
case "SSHFP":
// validate SSHFP content (algorithm, type, key/fingerprint)
if (!preg_match("/^[1-4] [1-2] [a-fA-F0-9]+\$/", $data_tmp[$i]["content"])) {
log_write("error", "process", "SSHFP record for " . $data_tmp[$i]["name"] . " is not correctly formatted - content must be: algorithm(1-4) type(1-2) <key/fingerprint>");
error_flag_field("record_custom_" . $i . "");
}
break;
case "LOC":
// validate SSHFP content (algorithm, type, key/fingerprint)
if (!preg_match("/^[0-9]+( [0-9]+( [0-9]+\\.[0-9]+)?)? N|S [0-9]+( [0-9]+( [0-9]+\\.[0-9]+)?)? E|W \\-?[0-9]+\\.[0-9]+m?( [0-9]+\\.[0-9]+m?)?( [0-9]+\\.[0-9]+m?)?/", $data_tmp[$i]["content"])) {
log_write("error", "process", "LOC record for " . $data_tmp[$i]["name"] . " is not correctly formatted - content must follow RFC 1876");
error_flag_field("record_custom_" . $i . "");
}
break;
case "NS":
case "MX":
case "HINFO":
// nothing todo.
break;
default:
log_write("error", "process", "Unknown record type " . $data_tmp[$i]["type"] . "");
break;
}
// remove excess "." which might have been added
$data_tmp[$i]["name"] = rtrim($data_tmp[$i]["name"], ".");
$data_tmp[$i]["content"] = rtrim($data_tmp[$i]["content"], ".");
// verify reverse PTR options
if ($data_tmp[$i]["reverse_ptr"]) {
if ($data_tmp[$i]["type"] == "A" || $data_tmp[$i]["type"] == "AAAA") {
// check if the appropiate reverse DNS domain exists
$obj_record = new domain_records();
if (!$obj_record->find_reverse_domain($data_tmp[$i]["content"])) {
// no match
log_write("error", "process", "Sorry, we can't set a reverse PTR for " . $data_tmp[$i]["content"] . " --> " . $data_tmp[$i]["name"] . ", since there is no reverse domain record for that IP address");
error_flag_field("record_custom_" . $i . "");
} else {
// match, record the domain ID and record ID to save a lookup
$data_tmp[$i]["reverse_ptr_id_domain"] = $obj_record->id;
$data_tmp[$i]["reverse_ptr_id_record"] = $obj_record->id_record;
}
// add to the reverse domain list - we use this list to avoid reloading for every record
if (@(!in_array($obj_record->id, $data["reverse"]))) {
$data["reverse"][] = $obj_record->id;
}
unset($obj_record);
} else {
log_write("error", "process", "A reverse PTR record is only valid for an A or AAAA record");
error_flag_field("record_custom_" . $i . "");
}
}
// add to processing array
$data["records"][] = $data_tmp[$i];
} else {
/*
No record name exists - this is only valid if no content is also supplied
*/
if (!empty($data_tmp[$i]['content'])) {
log_write("error", "process", "Name cannot be empty for IP address: " . $data_tmp[$i]['content']);
error_flag_field("record_custom_" . $i . "");
}
}
}
// end of loop through records
} else {
log_write("debug", "domains", "No records provided, no validation performed");
}
// return structured array
return $data;
}
Deletes a call rate override.
*/
// includes
require "../include/config.php";
require "../include/amberphplib/main.php";
require "../include/services/inc_services.php";
require "../include/services/inc_services_cdr.php";
if (user_permissions_get('services_write')) {
/*
Load Data
*/
$obj_service = new service();
$obj_service->id = @security_script_input_predefined("int", $_GET["id_service"]);
$obj_rate_table = new cdr_rate_table_rates_override();
$obj_rate_table->id_rate_override = @security_script_input_predefined("int", $_GET["id_rate_override"]);
$obj_rate_table->option_type = "service";
$obj_rate_table->option_type_id = $obj_service->id;
/*
Verify Data
*/
// make sure a valid service ID has been supplied
if (!$obj_service->verify_id()) {
log_write("error", "process", "The service you have requested - " . $obj_service->id . " - does not exist in this system");
}
// check the option id values
if (!$obj_rate_table->verify_id_override()) {
// TODO: seriously need a better error message here, this means almost nothing to me and I wrote it....
log_write("error", "process", "The service and rate ids do not correct match any known override");
}
// verify that the prefix is unique
Deletes the selected credit refund from the customer
*/
// includes
require "../include/config.php";
require "../include/amberphplib/main.php";
require "../include/accounts/inc_credits.php";
require "../include/customers/inc_customers.php";
if (user_permissions_get('customers_credit')) {
/*
Load Data
*/
$obj_customer = new customer_credits();
$obj_customer->id = @security_script_input_predefined("int", $_GET["id_customer"]);
$obj_refund = new credit_refund();
$obj_refund->type = "customer";
$obj_refund->id = @security_script_input_predefined("int", $_GET["id_refund"]);
/*
Verify Data
*/
// check that the specified customer actually exists
if (!$obj_customer->verify_id()) {
log_write("error", "process", "The customer you have attempted to edit - " . $obj_customer->id . " - does not exist in this system.");
} else {
if ($obj_refund->id) {
// are we editing an existing refund? make sure it exists and belongs to this customer
if (!$obj_refund->verify_id()) {
log_write("error", "process", "The refund you have attempted to edit - " . $obj_refund->id . " - does not exist in this system.");
} else {
$obj_refund->load_data();
}
}
<?php
require "../../include/config.php";
require "../../include/amberphplib/main.php";
if (user_permissions_get('customers_write')) {
$attr_id = @security_script_input_predefined("int", $_GET['id']);
$group_id = @security_script_input_predefined("int", $_GET['group_id']);
$sql_obj = new sql_query();
$sql_obj->string = "SELECT * FROM attributes_group WHERE id != " . $group_id;
$sql_obj->execute();
$html_string = "";
if ($sql_obj->num_rows()) {
$html_string .= "<select id=\"select_group_attr_" . $attr_id . "\"><option value=\"\">-- select --</option>";
$sql_obj->fetch_array();
foreach ($sql_obj->data as $data_row) {
$html_string .= "<option value=\"" . $data_row['id'] . "\">" . $data_row['group_name'] . "</option>";
}
$html_string .= "</select>";
echo $html_string;
} else {
echo "no groups";
}
}
exit(0);
function customer_portal_auth($id_customer, $code_customer, $password_plaintext)
{
log_debug("customers", "Executing customer_portal_auth({$id_customer}, {$code_customer}, *plaintextpassword*)");
if (user_permissions_get("customers_portal_auth")) {
$obj_customer = new customer_portal();
/*
Load SOAP Data
*/
$data["id"] = @security_script_input_predefined("int", $id_customer);
$data["code_customer"] = @security_script_input_predefined("any", $code_customer);
$data["password_plaintext"] = @security_script_input_predefined("any", $password_plaintext);
foreach (array_keys($data) as $key) {
if ($data[$key] == "error" && $data[$key] != 0) {
throw new SoapFault("Sender", "INVALID_INPUT ");
}
}
/*
Fetch & verify ID
*/
if (!$data["id"]) {
// verify the supplied customer code and fetch the ID from it
$sql_obj = new sql_query();
$sql_obj->string = "SELECT id FROM customers WHERE code_customer='" . $data["code_customer"] . "' LIMIT 1";
$sql_obj->execute();
if ($sql_obj->num_rows()) {
$sql_obj->fetch_array();
$obj_customer->id = $sql_obj->data[0]["id"];
} else {
throw new SoapFault("Sender", "INVALID_AUTHDETAILS");
}
} else {
// use supplied ID
$obj_customer->id = $data["id"];
// verify valid ID
if (!$obj_customer->verify_id()) {
throw new SoapFault("Sender", "INVALID_AUTHDETAILS");
}
}
/*
Verify Password
*/
if ($obj_customer->auth_login($data["password_plaintext"])) {
return $obj_customer->id;
} else {
throw new SoapFault("Sender", "INVALID_AUTHDETAILS");
}
} else {
throw new SoapFault("Sender", "ACCESS DENIED");
}
}
function delete_employee($id)
{
log_debug("hr_staff_manager", "Executing delete_employee_details({$id}, values...)");
if (user_permissions_get("staff_write")) {
$obj_employee = new hr_staff();
/*
Load POST Data
*/
$obj_employee->id = @security_script_input_predefined("int", $id);
if (!$obj_employee || $obj_employee == "error") {
throw new SoapFault("Sender", "INVALID_INPUT");
}
/*
Error Handling
*/
// verify employee ID (if editing an existing employee)
if (!$obj_employee->verify_id()) {
throw new SoapFault("Sender", "INVALID_ID");
}
// make sure employee is not locked
if ($obj_employee->check_lock()) {
throw new SoapFault("Sender", "LOCKED");
}
/*
Perform Changes
*/
if ($obj_employee->action_delete()) {
return 1;
} else {
throw new SoapFault("Sender", "UNEXPECTED_ACTION_ERROR");
}
} else {
throw new SoapFault("Sender", "ACCESS DENIED");
}
}
require "../include/amberphplib/main.php";
require "../include/customers/inc_customers.php";
require "../include/services/inc_services.php";
require "../include/services/inc_services_traffic.php";
if (user_permissions_get('customers_write')) {
/*
Init
*/
$obj_customer = new customer_services();
$obj_ipv4 = new traffic_customer_service_ipv4();
/*
Load Data
*/
$obj_customer->id = @security_script_input_predefined("int", $_GET["id_customer"], 1, "");
$obj_customer->id_service_customer = @security_script_input_predefined("int", $_GET["id_service_customer"], 0, "");
$obj_ipv4->id = @security_script_input_predefined("int", $_GET["id_ipv4"], 0, "");
$obj_ipv4->id_customer = $obj_customer->id;
$obj_ipv4->id_service_customer = $obj_customer->id_service_customer;
/*
Verify Data
*/
// check that the specified customer actually exists
if (!$obj_customer->verify_id()) {
log_write("error", "process", "The customer you have attempted to edit - " . $obj_customer->id . " - does not exist in this system.");
} else {
// make sure the service exists and is assigned to the customer
if (!$obj_customer->verify_id_service_customer()) {
log_write("error", "process", "The service you have attempted to edit - " . $obj_customer->id_service_customer . " - does not exist in this system.");
} else {
$obj_customer->load_data();
$obj_customer->load_data_service();
<?php
/*
timekeeping/ajax/populate_projects_dropdown.php
Updates the projects dropdown - called after we AJAX add projects.
*/
require "../../include/config.php";
require "../../include/amberphplib/main.php";
if (user_permissions_get('timekeeping')) {
$selected_project = @security_script_input_predefined("int", $_GET['selected_project']);
$sql_obj = new sql_query();
$sql_obj->string = "SELECT id, code_project, name_project FROM projects ORDER BY name_project";
$sql_obj->execute();
if ($sql_obj->num_rows()) {
$sql_obj->fetch_array();
foreach ($sql_obj->data as $data_row) {
$option_string .= "<option value=\"" . $data_row['id'] . "\"";
if ($data_row['id'] == $selected_project) {
$option_string .= " selected=\"selected\"";
}
$option_string .= ">" . $data_row['code_project'] . " -- " . $data_row['name_project'] . "</option>";
}
} else {
$option_string .= "<option value=\"\"> -- no projects found -- </option>";
}
unset($sql_obj);
echo $option_string . $selected_project;
exit(0);
}
require "../include/amberphplib/main.php";
require "../include/customers/inc_customers.php";
require "../include/services/inc_services.php";
require "../include/services/inc_services_cdr.php";
if (user_permissions_get('customers_write')) {
/*
Init
*/
$obj_customer = new customer_services();
$obj_ddi = new cdr_customer_service_ddi();
/*
Load Data
*/
$obj_customer->id = @security_script_input_predefined("int", $_GET["id_customer"], 1, "");
$obj_customer->id_service_customer = @security_script_input_predefined("int", $_GET["id_service_customer"], 0, "");
$obj_ddi->id = @security_script_input_predefined("int", $_GET["id_ddi"], 0, "");
$obj_ddi->id_customer = $obj_customer->id;
$obj_ddi->id_service_customer = $obj_customer->id_service_customer;
/*
Verify Data
*/
// check that the specified customer actually exists
if (!$obj_customer->verify_id()) {
log_write("error", "process", "The customer you have attempted to edit - " . $obj_customer->id . " - does not exist in this system.");
} else {
// make sure the service exists and is assigned to the customer
if (!$obj_customer->verify_id_service_customer()) {
log_write("error", "process", "The service you have attempted to edit - " . $obj_customer->id_service_customer . " - does not exist in this system.");
} else {
$obj_customer->load_data();
$obj_customer->load_data_service();
<?php
require "../../include/config.php";
require "../../include/amberphplib/main.php";
if (user_permissions_get("namedadmins")) {
$highest_id = @security_script_input_predefined("int", $_GET['highest_id']);
$sql_obj = new sql_query();
$sql_obj->string = "SELECT logs.id, logs.timestamp, name_servers.server_name, dns_domains.domain_name, logs.username, logs.log_type, logs.log_contents\n\t\t\t\t\tFROM logs LEFT JOIN name_servers ON name_servers.id = logs.id_server\n\t\t\t\t\t\tLEFT JOIN dns_domains ON dns_domains.id = logs.id_domain\n\t\t\t\t\tWHERE logs.id > " . $highest_id;
$sql_obj->execute();
$new_highest_id = $highest_id;
$data["new_highest_id"] = $new_highest_id;
if ($sql_obj->num_rows()) {
$sql_obj->fetch_array();
$data = array();
foreach ($sql_obj->data as $record) {
$id = $record["id"];
$data[$id]["timestamp"] = time_format_humandate(date("Y-m-d", $record["timestamp"])) . " " . date("H:i:s", $record["timestamp"]);
$data[$id]["server_name"] = $record["server_name"];
$data[$id]["domain_name"] = $record["domain_name"];
$data[$id]["username"] = $record["username"];
$data[$id]["log_type"] = $record["log_type"];
$data[$id]["log_contents"] = $record["log_contents"];
if ($id > $new_highest_id) {
$new_highest_id = $id;
$data["new_highest_id"] = $new_highest_id;
}
}
}
echo json_encode($data);
} else {
log_write("error", "message", "(AJAX) Invalid product requested");
customers_view
or
accounts_ar_view [used by credit and invoicing pages]
Fields
[GET] id_customer
[GET] id_selected
Returns
<option value="INVOICE_ID">INVOICE_CODE</option>
*/
require "../../include/config.php";
require "../../include/amberphplib/main.php";
if (user_permissions_get('customers_view') || user_permissions_get('accounts_ar_view')) {
$id_customer = @security_script_input_predefined("int", $_GET['id_customer']);
$id_selected = @security_script_input_predefined("int", $_GET['id_selected']);
$sql_obj = new sql_query();
$sql_obj->string = "SELECT id, code_invoice FROM account_ar WHERE customerid=" . $id_customer . "";
$sql_obj->execute();
if ($sql_obj->num_rows()) {
$sql_obj->fetch_array();
$option_string = "<option value=\"0\"> -- select -- </option>";
foreach ($sql_obj->data as $data_row) {
$option_string .= "<option value=\"" . $data_row['id'] . "\"";
if ($data_row['id'] == $id_selected) {
$option_string .= " selected=\"selected\"";
}
$option_string .= ">" . $data_row['code_invoice'] . "</option>";
}
} else {
$option_string .= "<option value=\"\"> -- there are no invoices associated with this customer -- </option>";
<?php
/*
customers/ajax/change_group_name.php
access: customers_write
Changes the name of a group in the database
*/
require "../../include/config.php";
require "../../include/amberphplib/main.php";
if (user_permissions_get('customers_write')) {
//get data
$id = @security_script_input_predefined("any", $_GET['id']);
$name = @security_script_input_predefined("any", $_GET['name']);
//Update name
$sql_obj = new sql_query();
$sql_obj->string = "UPDATE attributes_group SET group_name = \"" . $name . "\" WHERE id =" . $id;
$sql_obj->execute();
}
exit(0);
language/ajax/trans_get_translation.php
Fetches the translation for the specified label. This function can
be used both by the translation tools as well as general javascript
in Amberphplib that needs to translate a string/field.
Note that no caching takes effect with this AJAX function as it's used
by some of the tools for doing translations.
This page is very minimal, all the logic is done by the framework.
TODO: Extend to be able to return multiple translations at once to
provide a more useful translation capability that doesn't require
a system reload.
*/
require "../../include/config.php";
require "../../include/amberphplib/main.php";
if (user_online()) {
$trans_label = @security_script_input_predefined("any", $_GET['trans_label']);
// select language translation
$sql_obj = new sql_query();
$sql_obj->string = "SELECT translation FROM `language` WHERE language='" . $_SESSION["user"]["lang"] . "' AND label='{$trans_label}' LIMIT 1";
$sql_obj->execute();
// return translation
if ($sql_obj->num_rows()) {
$sql_obj->fetch_array();
print $sql_obj->data[0]["translation"];
}
exit(0);
}
function execute()
{
/*
Load attribute data
*/
$this->obj_attributes->type = "customer";
$this->obj_attributes->id_owner = $this->obj_customer->id;
$this->obj_attributes->load_data_all();
/*
Define form structure
*/
$this->obj_form->formname = "attributes_customer";
$this->obj_form->language = $_SESSION["user"]["lang"];
$this->obj_form->action = "customers/attributes-process.php";
$this->obj_form->method = "post";
/*
* Create variables to track number of attributes and their groups
*/
$this->group_arrays = array();
$this->last_row_in_group = array();
$this->highest_attr_id = sql_get_singlevalue("SELECT id AS value FROM attributes ORDER BY id DESC LIMIT 1");
/*
* Assign attributes to groups by group name for sorting
*/
$group_arrays_by_name = array();
foreach ((array) $this->obj_attributes->data as $attribute) {
$group_arrays_by_name[$attribute["group_name"]][] = $attribute["id"];
$group_arrays_by_name[$attribute["group_name"]]["name"] = $attribute["group_name"];
$group_arrays_by_name[$attribute["group_name"]]["group_id"] = $attribute["id_group"];
}
// sort attribute groups by key, use strnatcasecmp as ksort is capital sensitive
uksort($group_arrays_by_name, "strnatcasecmp");
/*
* Assign attributes to correct group arrays indexed by ID after sorting.
*/
foreach ($group_arrays_by_name as $array_grouped_by_name) {
// Copy the group ID into a variable so we can unset it in the array.
$array_group_id = $array_grouped_by_name["group_id"];
unset($array_grouped_by_name["group_id"]);
// Place the attributes into the correct array by ID number
$this->group_arrays[$array_group_id] = $array_grouped_by_name;
}
/*
* Add one (empty) attribute row to each group
* Add the dynamically created attribute rows to each group
*/
foreach ($this->group_arrays as $group_id => $attributes) {
$this->highest_attr_id++;
$this->group_arrays[$group_id][] = $this->highest_attr_id;
$this->last_row_in_group[$group_id] = $this->highest_attr_id;
$new_attr_list = @security_script_input_predefined("any", $_GET["group_" . $group_id . "_new_attributes"]);
if ($new_attr_list != "") {
$new_attr_array = explode(",", $new_attr_list);
for ($i = 0; $i < count($new_attr_array); $i++) {
if (!empty($new_attr_array[$i])) {
$this->group_arrays[$group_id][] = $new_attr_array[$i];
$this->last_row_in_group[$group_id] = $new_attr_array[$i];
}
}
}
}
/*
* Add new groups to the group array
* This ensures dynamically added groups will display when an error sends user back to the form
*/
for ($i = 0; $i < count($this->new_groups_array); $i++) {
if (!empty($this->new_groups_array[$i])) {
//get attribute list
$attr_list = @security_script_input_predefined("any", $_GET["group_" . $this->new_groups_array[$i] . "_attributes_list"]);
$attr_array = explode(",", $attr_list);
for ($j = 0; $j < count($attr_array); $j++) {
if (!empty($attr_array[$j])) {
$this->group_arrays[$this->new_groups_array[$i]][] = $attr_array[$j];
$this->last_row_in_group[$this->new_groups_array[$i]] = $attr_array[$j];
}
}
//record group name
$group_name = sql_get_singlevalue("SELECT group_name AS value FROM attributes_group WHERE id = " . $this->new_groups_array[$i]);
$this->group_arrays[$this->new_groups_array[$i]]["name"] = $group_name;
}
}
/*
* If no attributes currently exist, create a default group in the database
* Name is "Default Group [id]" so that no others are overwritten
* Id is obtained by finding highest in the DB and adding one
* This takes into account multiple customers, possibility of unchanged names, etc
*/
if (!count($this->group_arrays)) {
$this->no_attributes = "true";
$add_group = new sql_query();
$add_group->string = "INSERT INTO attributes_group(group_name) VALUES(\"Default Group\")";
$add_group->execute();
$new_group_id = $add_group->fetch_insert_id();
$this->group_arrays[$new_group_id]["name"] = "Default Group";
$this->group_arrays[$new_group_id][] = ++$this->highest_attr_id;
$this->group_arrays[$new_group_id][] = ++$this->highest_attr_id;
$this->last_row_in_group[$group_id] = $this->highest_attr_id;
}
/*
* Create a list of group ids and names
*/
$this->group_list = "";
foreach ($this->group_arrays as $group_id => $data) {
$this->group_list .= $group_id . "," . $this->group_arrays[$group_id]["name"] . ",";
}
/*
* Generate form fields
*/
foreach ($this->group_arrays as $group_id => $attributes) {
$structure = NULL;
$structure["fieldname"] = "group_" . $group_id . "_new_attributes";
$structure["type"] = "hidden";
$this->obj_form->add_input($structure);
foreach ($attributes as $key => $id) {
if ((string) $key != "name") {
$structure = NULL;
$structure["fieldname"] = "attribute_" . $id . "_id";
$structure["defaultvalue"] = $id;
$structure["type"] = "hidden";
$this->obj_form->add_input($structure);
$structure = NULL;
$structure["fieldname"] = "attribute_" . $id . "_key";
$structure["type"] = "input";
$structure["options"]["width"] = "300";
$structure["options"]["max_length"] = "80";
$structure["options"]["autocomplete"] = "sql";
$structure["options"]["autocomplete_sql"] = "SELECT DISTINCT `key` as label FROM attributes";
$structure["options"]["help"] = "Key/Label for attribute (with autocomplete)";
$this->obj_form->add_input($structure);
$structure = NULL;
$structure["fieldname"] = "attribute_" . $id . "_value";
$structure["type"] = "input";
$structure["options"]["width"] = "500";
$structure["options"]["help"] = "Text field to store any data";
$this->obj_form->add_input($structure);
$structure = NULL;
$structure["fieldname"] = "attribute_" . $id . "_delete_undo";
$structure["type"] = "hidden";
$structure["defaultvalue"] = "false";
$this->obj_form->add_input($structure);
$structure = NULL;
$structure["fieldname"] = "attribute_" . $id . "_group";
$structure["type"] = "hidden";
$structure["defaultvalue"] = $group_id;
$this->obj_form->add_input($structure);
}
}
}
foreach ($this->last_row_in_group as $groupid => $attribute) {
$this->obj_form->structure["attribute_" . $attribute . "_key"]["options"]["css_field_class"] = "last_row";
$this->obj_form->structure["attribute_" . $attribute . "_value"]["options"]["css_field_class"] = "last_row";
}
// load in what data we have
if (is_array($this->obj_attributes->data)) {
foreach ($this->obj_attributes->data as $record) {
// fetch data
$this->obj_form->structure["attribute_" . $record["id"] . "_key"]["defaultvalue"] = $record["key"];
$this->obj_form->structure["attribute_" . $record["id"] . "_value"]["defaultvalue"] = $record["value"];
}
}
// hidden fields
$structure = NULL;
$structure["fieldname"] = "id_customer";
$structure["type"] = "hidden";
$structure["defaultvalue"] = $this->obj_customer->id;
$this->obj_form->add_input($structure);
$structure = NULL;
$structure["fieldname"] = "highest_attr_id";
$structure["type"] = "hidden";
$structure["defaultvalue"] = "{$this->highest_attr_id}";
$this->obj_form->add_input($structure);
$structure = NULL;
$structure["fieldname"] = "new_groups";
$structure["type"] = "hidden";
$this->obj_form->add_input($structure);
$structure = NULL;
$structure["fieldname"] = "group_list";
$structure["defaultvalue"] = $this->group_list;
$structure["type"] = "hidden";
$this->obj_form->add_input($structure);
for ($i = 0; $i < count($this->new_groups_array); $i++) {
if (!empty($this->new_groups_array[$i])) {
$structure = NULL;
$structure["fieldname"] = "group_" . $this->new_groups_array[$i] . "_attribute_list";
$structure["type"] = "hidden";
$this->obj_form->add_input($structure);
}
}
// submit section
$structure = NULL;
$structure["fieldname"] = "submit";
$structure["type"] = "submit";
$structure["defaultvalue"] = "Save Changes";
$this->obj_form->add_input($structure);
// fetch data in event of an error
if (error_check()) {
$this->obj_form->load_data_error();
}
return 1;
}
services/bundle-service-delete-process.php
Access: services_write
Removes a service from a bundle.
*/
// includes
require "../include/config.php";
require "../include/amberphplib/main.php";
require "../include/services/inc_services.php";
if (user_permissions_get('services_write')) {
/*
Form Input
*/
$id = @security_script_input_predefined("int", $_GET["id_bundle"]);
$id_service = @security_script_input_predefined("int", $_GET["id_service"]);
/*
Init Object
*/
$obj_bundle = new service_bundle();
$obj_bundle->id = $id;
/*
Error Checking
*/
// check that service exists and is a bundle
if (!$obj_bundle->verify_is_bundle()) {
log_write("error", "process", "The service you have attempted to edit - {$id} - either does not exist or is not a bundle");
}
// check that the service we are adding exists and is not a bundle
$obj_service_tmp = new service_bundle();
$obj_service_tmp->id = $id_service;
/*
language/ajax/trans_update_translation.php
Updates the translation database for the specified label and current language.
Used by the translation tools to enable users to translate the Amberdms Billing System.
*/
require "../../include/config.php";
require "../../include/amberphplib/main.php";
if (user_permissions_get("devel_translate")) {
/*
Get Form Data
*/
$trans_label = @security_script_input_predefined("any", $_GET['trans_label']);
$trans_translation = @security_script_input_predefined("any", $_GET['trans_translation']);
/*
Validate
*/
if (!$trans_label) {
log_write("error", "process", "You must supply a valid label");
}
if (!$trans_translation) {
log_write("error", "process", "You must supply a valid translation");
}
/*
Error handle
*/
if (error_check()) {
print "failure";
/*
<?php
/*
projects/ajax/insert_new_phase.php
Insert a new phase into an existing project.
*/
require "../../include/config.php";
require "../../include/amberphplib/main.php";
if (user_permissions_get('projects_write')) {
$name_phase = @security_script_input_predefined("any", $_GET['name_phase']);
$projectid = @security_script_input_predefined("int", $_GET['projectid']);
// make sure the project actually exists
$sql_obj = new sql_query();
$sql_obj->string = "SELECT id FROM `projects` WHERE id='{$projectid}' LIMIT 1";
$sql_obj->execute();
if (!$sql_obj->num_rows()) {
log_write("error", "process", "The project you have attempted to edit - {$id} - does not exist in this system.");
exit(0);
}
// insert the new phase
$sql_obj = new sql_query();
$sql_obj->string = "INSERT INTO project_phases (name_phase, projectid) VALUES (\"" . $name_phase . "\", \"" . $projectid . "\")";
$sql_obj->execute();
$phase_id = $sql_obj->fetch_insert_id();
echo $phaseid;
exit(0);
} else {
error_render_noperms();
}
<?php
/*
projects/ajax/insert_new_project.php
Inserts a new project.
*/
require "../../include/config.php";
require "../../include/amberphplib/main.php";
if (user_permissions_get('projects_write')) {
$name_project = @security_script_input_predefined("any", $_GET['name_project']);
$code_project = config_generate_uniqueid("code_project", "SELECT id FROM projects WHERE code_project='VALUE'");
$sql_obj = new sql_query();
$sql_obj->string = "INSERT INTO projects (name_project, code_project) VALUES (\"" . $name_project . "\", \"" . $code_project . "\")";
$sql_obj->execute();
$projectid = $sql_obj->fetch_insert_id();
echo $projectid;
exit(0);
}
<?php
/*
timekeeping/ajax/populate_phases_dropdown.php
Function called by timereg-day-edit.js to generate phases dropdown via ajax
*/
require "../../include/config.php";
require "../../include/amberphplib/main.php";
if (user_permissions_get('timekeeping')) {
$product_id = @security_script_input_predefined("int", $_GET['project_id']);
$timereg_id = @security_script_input_predefined("int", $_GET['timereg_id']);
$selected = @security_script_input_predefined("any", $_GET['selected']);
$edit = @security_script_input_predefined("any", $_GET['edit']);
$option_string = "";
$phase_id = sql_get_singlevalue("SELECT phaseid AS value FROM timereg WHERE id='" . $timereg_id . "' LIMIT 1");
if ($edit == "true") {
$option_string .= "<option>" . $edit . " " . $selected . " </option>";
$selected = $phase_id;
}
$sql_obj = new sql_query();
$sql_obj->string = "SELECT id, name_phase FROM project_phases WHERE projectid =" . $product_id . " ORDER BY name_phase";
$sql_obj->execute();
if ($sql_obj->num_rows()) {
$sql_obj->fetch_array();
foreach ($sql_obj->data as $data_row) {
$option_string .= "<option value=\"" . $data_row['id'] . "\"";
if ($data_row['id'] == $selected) {
$option_string .= " selected=\"selected\"";
}
$option_string .= ">" . $data_row['name_phase'] . "</option>";
function get_credit_pdf($id, $credittype)
{
log_debug('invoices_manage_soap', "Executing get_creditnote_pdf({$id}, {$credittype})");
// check the credit type
if ($credittype != 'ar' && $credittype != 'ap') {
throw new SoapFault('Sender', 'INVALID_CREDIT_TYPE');
}
if (user_permissions_get('accounts_' . $credittype . '_view')) {
$obj_credit = new credit();
$obj_credit->type = $credittype;
// sanitise input
$obj_credit->id = @security_script_input_predefined('int', $id);
if (!$obj_credit->id || $obj_credit->id == 'error') {
throw new SoapFault('Sender', 'INVALID_INPUT');
}
// load data from DB for this credit note
if (!$obj_credit->load_data()) {
throw new SoapFault('Sender', 'UNEXPECTED_ACTION_ERROR');
}
// generate PDF
$obj_credit->generate_pdf();
// return data
return base64_encode($obj_credit->obj_pdf->output);
} else {
throw new SoapFault('Sender', 'ACCESS_DENIED');
}
}
function delete_tax($id)
{
log_debug("taxes", "Executing delete_tax_details({$id}, values...)");
if (user_permissions_get("accounts_taxes_write")) {
$obj_tax = new tax();
/*
Load SOAP Data
*/
$obj_tax->id = @security_script_input_predefined("int", $id);
if (!$obj_tax->id || $obj_tax->id == "error") {
throw new SoapFault("Sender", "INVALID_INPUT");
}
/*
Error Handling
*/
// verify tax ID
if (!$obj_tax->verify_id()) {
throw new SoapFault("Sender", "INVALID_ID");
}
// check that the tax can be safely deleted
if ($obj_tax->check_delete_lock()) {
throw new SoapFault("Sender", "LOCKED");
}
/*
Perform Changes
*/
if ($obj_tax->action_delete()) {
return 1;
} else {
throw new SoapFault("Sender", "UNEXPECTED_ACTION_ERROR");
}
} else {
throw new SoapFault("Sender", "ACCESS DENIED");
}
}
function fetch_records($id_domain)
{
log_write("debug", "api_namedmanager", "Executing fetch_records()");
if ($this->auth_online) {
// verify input
$id_domain = @security_script_input_predefined("int", $id_domain);
if (!$id_domain || $id_domain == "error") {
throw new SoapFault("Sender", "INVALID_INPUT");
}
// verify domain
$obj_domain = new domain();
$obj_domain->id = $id_domain;
if (!$obj_domain->verify_id()) {
throw new SoapFault("Sender", "INVALID_INPUT");
}
// if querying for a name server, we filter the NS records
// to only members of that name server group.
if ($this->auth_group) {
$group_nameservers = array();
$obj_ns_sql = new sql_query();
$obj_ns_sql->string = "SELECT server_name FROM name_servers WHERE id_group='" . $this->auth_group . "' AND server_record='1'";
$obj_ns_sql->execute();
$obj_ns_sql->fetch_array();
foreach ($obj_ns_sql->data as $data_ns) {
$group_nameservers[] = $data_ns["server_name"];
}
unset($obj_ns_sql);
}
// fetch domain records
$obj_domain->load_data_record_all();
if ($obj_domain->data["records"]) {
foreach ($obj_domain->data["records"] as $data_record) {
// filter to NS records that apply for the selected domain group only
if ($this->auth_group) {
if ($data_record["type"] == "NS") {
if (!in_array($data_record["content"], $group_nameservers)) {
// Current NS record isn't in the domain group list. If the nameserver exists in
// other domain groups, we should exclude it to avoid contaminating across groups.
//
// However if the nameserver does *not* exist in NamedManager, then it must be an
// NS record for an external domain, so we should include it, so that external
// delegation works correcty.
$obj_ns_sql = new sql_query();
$obj_ns_sql->string = "SELECT id FROM name_servers WHERE server_name='" . $data_record["content"] . "' LIMIT 1";
$obj_ns_sql->execute();
if ($obj_ns_sql->num_rows()) {
// nameserver exists in other groups, we should exclude this NS record.
continue;
}
}
}
}
// add record to return array
$return_tmp = array();
$return_tmp["id_record"] = $data_record["id_record"];
$return_tmp["record_name"] = $data_record["name"];
$return_tmp["record_type"] = $data_record["type"];
$return_tmp["record_content"] = $data_record["content"];
$return_tmp["record_ttl"] = $data_record["ttl"];
$return_tmp["record_prio"] = $data_record["prio"];
$return[] = $return_tmp;
}
return $return;
}
return 0;
} else {
throw new SoapFault("Sender", "ACCESS_DENIED");
}
}
