function process_form_input()
{
log_debug("journal_process", "Executing process_form_input()");
$this->structure["action"] = @security_form_input_predefined("any", "action", 1, "");
$this->structure["type"] = @security_form_input_predefined("any", "type", 1, "");
$this->structure["title"] = @security_form_input_predefined("any", "title", 0, "");
$this->structure["content"] = @security_form_input_predefined("any", "content", 0, "");
$this->structure["customid"] = @security_form_input_predefined("int", "id_custom", 0, "");
$this->structure["id"] = @security_form_input_predefined("int", "id_journal", 0, "");
if ($this->structure["type"] == "text" && $this->structure["action"] != "delete") {
// need title field for text entries
if (!$this->structure["title"]) {
$_SESSION["error"]["message"][] = "You must provide a title";
$_SESSION["error"]["title-error"] = 1;
}
// need content field for text entries
if (!$this->structure["content"]) {
$_SESSION["error"]["message"][] = "You must provide some content";
$_SESSION["error"]["content-error"] = 1;
}
}
// file upload - get the temporary name
// we still need to security check it, otherwise someone could pull a nasty exploit using a specially name file. :-)
if ($this->structure["type"] == "file") {
// a file might not have been uploaded - we want to allow users to be able
// to change the notes on file uploads, without having to upload the file again.
if ($_FILES["upload"]["size"] < 1) {
// nothing has been uploaded
if (!$this->structure["id"]) {
// this is a new upload - a file MUST be provided for the first upload
// use the file_storage class to perform error handling.
$file_obj = new file_storage();
$file_obj->verify_upload_form("upload");
} else {
// no file has been uploaded. We better get the old title so we don't lose it
$this->structure["title"] = sql_get_singlevalue("SELECT title as value FROM journal WHERE id='" . $this->structure["id"] . "' LIMIT 1");
}
} else {
// a file has been uploaded - perform verification of the file, if there
// are any problems, the function will raise errors.
$file_obj = new file_storage();
$file_obj->verify_upload_form("upload");
// set the title of the journal entry to the filename
$this->structure["title"] = @security_script_input("/^[\\S\\s]*\$/", $_FILES["upload"]["name"]);
}
}
}
Load Data
*/
$obj_rate_table = new cdr_rate_table();
$obj_rate_table->id = @security_form_input_predefined("int", "id_rate_table", 1, "");
$cdr_import_mode = @security_form_input_predefined("any", "cdr_rate_import_mode", 1, "");
/*
Verify valid rate table
*/
if (!$obj_rate_table->verify_id()) {
log_write("error", "process", "The CDR rate table you have attempted to edit - " . $obj_rate_table->id . " - does not exist in this system.");
}
/*
Verify File Upload
*/
$file_obj = new file_storage();
$file_obj->verify_upload_form("cdr_rate_import_file", array("csv", "zip"));
/*
Handle Errors
*/
if (error_check()) {
header("Location: ../index.php?page=services/cdr-rates-import.php&id=" . $obj_rate_table->id);
exit(0);
} else {
error_clear();
/*
Load the file
*/
$rate_table = array();
switch (format_file_extension($_FILES["cdr_rate_import_file"]["name"])) {
case "zip":
/*
TODO:
* complete remaining notes
* better handling of unmatches/unprocessible rows
* further testing
* slash ALL input data to prevent exploit risk or having charactors that are not
form friendly break the processing form.
*/
// fetch type information
$import_upload_type = @security_form_input_predefined("any", "import_upload_type", 1, "");
// check type requirements
switch ($import_upload_type) {
case "file_bind_8":
// Bind 8/9 compatible zonefile
$file_obj = new file_storage();
$file_obj->verify_upload_form("import_upload_file");
break;
default:
log_write("error", "process", "An invalid import type (\"" . $import_upload_type . "\") was uploaded");
break;
}
/*
Handle Validation Errors
*/
if (error_check()) {
header("Location: ../index.php?page=domains/import.php&mode=1");
exit(0);
}
/*
Import the data
*/
access: "accounts_import_statement" group members
Validates the uploaded statement file as being a supported format
and reads in the data into session information to pass to the column assignment
and then the record matching pages.
*/
//inclues
require "../../include/config.php";
require "../../include/amberphplib/main.php";
if (user_permissions_get("accounts_import_statement")) {
/*
Process Uploaded File
*/
$file_obj = new file_storage();
$file_obj->verify_upload_form("BANK_STATEMENT", array("csv"));
$dest_account = @security_form_input_predefined("int", "dest_account", 1, "");
$employeeid = @security_form_input_predefined("any", "employeeid", 1, "");
/*
Check for obvious errors
*/
if (error_check()) {
header("Location: ../../index.php?page=accounts/import/bankstatement.php");
exit(0);
}
/*
Import File Contents
*/
// declare array
$transactions = array();
// set file type
$data["COMPANY_CONTACT_EMAIL"] = @security_form_input_predefined("email", "COMPANY_CONTACT_EMAIL", 1, "");
$data["COMPANY_CONTACT_PHONE"] = @security_form_input_predefined("any", "COMPANY_CONTACT_PHONE", 1, "");
$data["COMPANY_CONTACT_FAX"] = @security_form_input_predefined("any", "COMPANY_CONTACT_FAX", 0, "");
$data["COMPANY_ADDRESS1_STREET"] = @security_form_input_predefined("any", "COMPANY_ADDRESS1_STREET", 1, "");
$data["COMPANY_ADDRESS1_CITY"] = @security_form_input_predefined("any", "COMPANY_ADDRESS1_CITY", 1, "");
$data["COMPANY_ADDRESS1_STATE"] = @security_form_input_predefined("any", "COMPANY_ADDRESS1_STATE", 0, "");
$data["COMPANY_ADDRESS1_COUNTRY"] = @security_form_input_predefined("any", "COMPANY_ADDRESS1_COUNTRY", 1, "");
$data["COMPANY_ADDRESS1_ZIPCODE"] = @security_form_input_predefined("any", "COMPANY_ADDRESS1_ZIPCODE", 0, "");
$data["COMPANY_PAYMENT_DETAILS"] = @security_form_input_predefined("any", "COMPANY_PAYMENT_DETAILS", 1, "");
/*
Process company logo upload and verify content
if any has been supplied. Enforce png only
*/
$file_obj = new file_storage();
if ($_FILES["COMPANY_LOGO"]["size"] > 1) {
$file_obj->verify_upload_form("COMPANY_LOGO", array("png"));
}
/*
Error Handling
*/
if (error_check()) {
$_SESSION["error"]["form"]["config_company"] = "failed";
header("Location: ../index.php?page=admin/config_company.php");
exit(0);
} else {
$_SESSION["error"] = array();
/*
Start Transaction
*/
$sql_obj = new sql_query();
$sql_obj->trans_begin();
