public function process() { switch ($_REQUEST['_process']) { case 'quick_save_finance': if (isset($_REQUEST['link_go']) && $_REQUEST['link_go'] == 'go') { module_finance::handle_link_transactions(); } else { // check for date / name at least. $date = trim($_REQUEST['transaction_date']); $name = trim($_REQUEST['name']); if (!$date || !$name) { redirect_browser(module_finance::link_open(false)); } $credit = trim($_REQUEST['credit']); $debit = trim($_REQUEST['debit']); if ($credit > 0) { $_POST['type'] = 'i'; $_POST['amount'] = $credit; } else { $_POST['type'] = 'e'; $_POST['amount'] = $debit; } } case 'save_finance': if (isset($_REQUEST['butt_del'])) { $this->delete($_REQUEST['finance_id']); redirect_browser(self::link_open(false)); } if (isset($_REQUEST['butt_unlink'])) { // unlink this finance_id from other finance_ids. $sql = "UPDATE `" . _DB_PREFIX . "finance` SET parent_finance_id = 0 WHERE parent_finance_id = '" . (int) $_REQUEST['finance_id'] . "'"; query($sql); $sql = "UPDATE `" . _DB_PREFIX . "invoice_payment` SET parent_finance_id = 0 WHERE parent_finance_id = '" . (int) $_REQUEST['finance_id'] . "'"; query($sql); redirect_browser(self::link_open(false)); } $temp_data = $this->get_finance($_REQUEST['finance_id']); $data = $_POST + $temp_data; // save the finance categories and account. $account_id = $_REQUEST['finance_account_id']; if ((string) (int) $account_id != (string) $account_id && strlen($account_id) > 2) { // we have a new account to create. $account_id = update_insert('finance_account_id', 'new', 'finance_account', array('name' => $account_id)); } $data['finance_account_id'] = $account_id; $finance_id = update_insert('finance_id', isset($_REQUEST['finance_id']) ? $_REQUEST['finance_id'] : 'new', 'finance', $data); module_extra::save_extras('finance', 'finance_id', $finance_id); if (!isset($data['tax_ids']) && isset($data['taxes']) && is_array($data['taxes'])) { // default data when saving a new invoice payment to finance area $data['tax_ids'] = array(); $data['tax_names'] = array(); $data['tax_percents'] = array(); $data['tax_increment_checkbox'] = 0; foreach ($data['taxes'] as $tax) { $data['tax_ids'][] = false; $data['tax_names'][] = $tax['name']; $data['tax_percents'][] = $tax['percent']; $data['tax_amount'][] = $tax['amount']; if ($tax['increment']) { $data['tax_increment_checkbox'] = 1; } } } // save the finance tax rates (copied from invoice.php) if (isset($data['tax_ids']) && isset($data['tax_names']) && $data['tax_percents']) { $existing_taxes = get_multiple('finance_tax', array('finance_id' => $finance_id), 'finance_tax_id', 'exact', 'order'); $order = 1; foreach ($data['tax_ids'] as $key => $val) { if ((int) $val > 0 && isset($existing_taxes[$val])) { // this means we are trying to update an existing record on the finance_tax table, we confirm this id matches this finance. $finance_tax_id = $val; unset($existing_taxes[$finance_tax_id]); // so we know which ones to remove from the end. } else { $finance_tax_id = false; // create new record } $finance_tax_data = array('finance_id' => $finance_id, 'percent' => isset($data['tax_percents'][$key]) ? $data['tax_percents'][$key] : 0, 'amount' => isset($data['tax_amount'][$key]) ? $data['tax_amount'][$key] : 0, 'name' => isset($data['tax_names'][$key]) ? $data['tax_names'][$key] : 'TAX', 'order' => $order++, 'increment' => isset($data['tax_increment_checkbox']) && $data['tax_increment_checkbox'] ? 1 : 0); $finance_tax_id = update_insert('finance_tax_id', $finance_tax_id, 'finance_tax', $finance_tax_data); } foreach ($existing_taxes as $existing_tax) { delete_from_db('finance_tax', array('finance_id', 'finance_tax_id'), array($finance_id, $existing_tax['finance_tax_id'])); } } $category_ids = isset($_REQUEST['finance_category_id']) && is_array($_REQUEST['finance_category_id']) ? $_REQUEST['finance_category_id'] : array(); $sql = "DELETE FROM `" . _DB_PREFIX . "finance_category_rel` WHERE finance_id = {$finance_id}"; query($sql); foreach ($category_ids as $category_id) { $category_id = (int) $category_id; if ($category_id <= 0) { continue; } $sql = "REPLACE INTO `" . _DB_PREFIX . "finance_category_rel` SET finance_id = {$finance_id}, finance_category_id = {$category_id}"; query($sql); } if (isset($_REQUEST['finance_category_new']) && strlen(trim($_REQUEST['finance_category_new'])) > 0) { $category_name = trim($_REQUEST['finance_category_new']); $category_id = update_insert('finance_category_id', 'new', 'finance_category', array('name' => $category_name)); if (isset($_REQUEST['finance_category_new_checked'])) { $sql = "REPLACE INTO `" . _DB_PREFIX . "finance_category_rel` SET finance_id = {$finance_id}, finance_category_id = {$category_id}"; query($sql); } } if (isset($_REQUEST['invoice_payment_id']) && (int) $_REQUEST['invoice_payment_id'] > 0) { // link this as a child invoice payment to this one. update_insert('invoice_payment_id', $_REQUEST['invoice_payment_id'], 'invoice_payment', array('parent_finance_id' => $finance_id)); } if (isset($_REQUEST['finance_recurring_id']) && (int) $_REQUEST['finance_recurring_id'] > 0) { // if we have set a custom "next recurring date" then we don't recalculate this date unless we are saving a new finance id. $recurring = self::get_recurring($_REQUEST['finance_recurring_id']); if (!(int) $_REQUEST['finance_id'] || !$recurring['next_due_date_custom']) { self::calculate_recurring_date((int) $_REQUEST['finance_recurring_id'], true); } // we also have to adjust the starting balance of our recurring amount by this amount. // just a little helpful feature. if (!(int) $_REQUEST['finance_id']) { $balance = module_config::c('finance_recurring_start_balance', 0); if ($balance != 0) { if ($data['type'] == 'e') { $balance -= $data['amount']; } else { if ($data['type'] == 'i') { $balance += $data['amount']; } } module_config::save_config('finance_recurring_start_balance', $balance); } } // redirect back to recurring listing. set_message('Recurring transaction saved successfully'); if (isset($_REQUEST['recurring_next']) && $_REQUEST['recurring_next']) { redirect_browser($_REQUEST['recurring_next']); } redirect_browser(self::link_open_recurring(false)); } set_message(_l('Transaction saved successfully: %s', module_finance::link_open($finance_id, true))); if (isset($_REQUEST['job_id']) && (int) $_REQUEST['job_id'] > 0) { redirect_browser(module_job::link_open((int) $_REQUEST['job_id'])); } if (isset($_REQUEST['butt_save_return'])) { if (isset($_REQUEST['_redirect']) && strlen($_REQUEST['_redirect'])) { redirect_browser($_REQUEST['_redirect']); } redirect_browser(self::link_open(false, false)); } if ($_REQUEST['_process'] == 'quick_save_finance') { redirect_browser(self::link_open(false, false)); } redirect_browser(self::link_open($finance_id, false)); break; case 'save_recurring': if (isset($_REQUEST['butt_del'])) { $this->delete_recurring($_REQUEST['finance_recurring_id']); redirect_browser(self::link_open_recurring(false)); } $data = $_POST; // save the finance categories and account. $account_id = $_REQUEST['finance_account_id']; if ((string) (int) $account_id != (string) $account_id && strlen($account_id) > 2) { // we have a new account to create. $account_id = update_insert('finance_account_id', 'new', 'finance_account', array('name' => $account_id)); } if (isset($_REQUEST['finance_recurring_id']) && (int) $_REQUEST['finance_recurring_id']) { $original_finance_recurring = self::get_recurring($_REQUEST['finance_recurring_id']); } else { $original_finance_recurring = array(); } $data['finance_account_id'] = $account_id; $finance_recurring_id = update_insert('finance_recurring_id', isset($_REQUEST['finance_recurring_id']) ? $_REQUEST['finance_recurring_id'] : 'new', 'finance_recurring', $data); if ((int) $finance_recurring_id > 0) { $category_ids = isset($_REQUEST['finance_category_id']) && is_array($_REQUEST['finance_category_id']) ? $_REQUEST['finance_category_id'] : array(); $sql = "DELETE FROM `" . _DB_PREFIX . "finance_recurring_catrel` WHERE finance_recurring_id = {$finance_recurring_id}"; query($sql); foreach ($category_ids as $category_id) { $category_id = (int) $category_id; if ($category_id <= 0) { continue; } $sql = "REPLACE INTO `" . _DB_PREFIX . "finance_recurring_catrel` SET finance_recurring_id = {$finance_recurring_id}, finance_category_id = {$category_id}"; query($sql); } if (isset($_REQUEST['finance_category_new']) && strlen(trim($_REQUEST['finance_category_new'])) > 0) { $category_name = trim($_REQUEST['finance_category_new']); $category_id = update_insert('finance_category_id', 'new', 'finance_category', array('name' => $category_name)); if (isset($_REQUEST['finance_category_new_checked'])) { $sql = "REPLACE INTO `" . _DB_PREFIX . "finance_recurring_catrel` SET finance_recurring_id = {$finance_recurring_id}, finance_category_id = {$category_id}"; query($sql); } } $calculated_next_date = self::calculate_recurring_date($finance_recurring_id); if (isset($data['set_next_due_date']) && $data['set_next_due_date']) { $next_date = input_date($data['set_next_due_date']); $next_due_date_real = module_finance::calculate_recurring_date($finance_recurring_id, true, false); if ($next_date != $next_due_date_real) { // we have accustom date. update_insert('finance_recurring_id', $finance_recurring_id, 'finance_recurring', array('next_due_date' => $next_date, 'next_due_date_custom' => 1)); } else { // date is the same. not doing a custom date any more update_insert('finance_recurring_id', $finance_recurring_id, 'finance_recurring', array('next_due_date' => $next_due_date_real, 'next_due_date_custom' => 0)); } } /* $finance_recurring = self::get_recurring($finance_recurring_id); if($finance_recurring['next_due_date_custom']){ $next_due_date_real = module_finance::calculate_recurring_date($finance_recurring_id,true,false); // unset the "custom" flag if we've picked the same date as what it should be. if($next_due_date_real == $finance_recurring['next_due_date']){ module_finance::calculate_recurring_date($finance_recurring_id,true,true); } }*/ } set_message('Recurring transaction saved successfully'); //redirect_browser(self::link_open($finance_id,false)); redirect_browser(self::link_open_recurring(false, false)); break; } }
public function save_report($report_id, $data) { if ((int) $report_id > 0) { $original_report_data = $this->get_report($report_id); if (!$original_report_data || $original_report_data['report_id'] != $report_id) { $original_report_data = array(); $report_id = false; } } else { $original_report_data = array(); $report_id = false; } // check create permissions. if (!$report_id && !self::can_i('create', 'reports')) { // user not allowed to create reports. set_error('Unable to create new reports'); redirect_browser(self::link_open(false)); } $report_id = update_insert("report_id", $report_id, "report", $data); module_extra::save_extras('report', 'report_id', $report_id); return $report_id; }
public static function save_invoice($invoice_id, $data) { if (!(int) $invoice_id && isset($data['job_id']) && $data['job_id']) { $linkedjob = module_job::get_job($data['job_id']); $data['currency_id'] = $linkedjob['currency_id']; $data['customer_id'] = $linkedjob['customer_id']; } if ($invoice_id) { // used when working out the hourly rate fix below $original_invoice_data = self::get_invoice($invoice_id); } else { $original_invoice_data = 0; } $invoice_id = update_insert("invoice_id", $invoice_id, "invoice", $data); if ($invoice_id) { module_cache::clear('invoice'); // save the invoice tax rates (copied to finance.php) if (isset($data['tax_ids']) && isset($data['tax_names']) && $data['tax_percents']) { $existing_taxes = get_multiple('invoice_tax', array('invoice_id' => $invoice_id), 'invoice_tax_id', 'exact', 'order'); $order = 1; foreach ($data['tax_ids'] as $key => $val) { if (isset($data['tax_percents'][$key]) && $data['tax_percents'][$key] == 0) { // we are not saving this particular tax item because it has a 0% tax rate } else { if ((int) $val > 0 && isset($existing_taxes[$val])) { // this means we are trying to update an existing record on the invoice_tax table, we confirm this id matches this invoice. $invoice_tax_id = $val; unset($existing_taxes[$invoice_tax_id]); // so we know which ones to remove from the end. } else { $invoice_tax_id = false; // create new record } $invoice_tax_data = array('invoice_id' => $invoice_id, 'percent' => isset($data['tax_percents'][$key]) ? $data['tax_percents'][$key] : 0, 'amount' => 0, 'name' => isset($data['tax_names'][$key]) ? $data['tax_names'][$key] : 'TAX', 'order' => $order++, 'increment' => isset($data['tax_increment_checkbox']) && $data['tax_increment_checkbox'] ? 1 : 0); $invoice_tax_id = update_insert('invoice_tax_id', $invoice_tax_id, 'invoice_tax', $invoice_tax_data); } } foreach ($existing_taxes as $existing_tax) { delete_from_db('invoice_tax', array('invoice_id', 'invoice_tax_id'), array($invoice_id, $existing_tax['invoice_tax_id'])); } } $invoice_data = self::get_invoice($invoice_id); if (!$invoice_data) { set_error('No permissions to access invoice.'); return $invoice_id; } // check for new invoice_items or changed invoice_items. $invoice_items = self::get_invoice_items($invoice_id, $invoice_data); if (isset($data['invoice_invoice_item']) && is_array($data['invoice_invoice_item'])) { foreach ($data['invoice_invoice_item'] as $invoice_item_id => $invoice_item_data) { $invoice_item_id = (int) $invoice_item_id; if (!is_array($invoice_item_data)) { continue; } if ($invoice_item_id > 0 && !isset($invoice_items[$invoice_item_id])) { continue; } // wrong invoice_item save - will never happen. if (!isset($invoice_item_data['description']) || $invoice_item_data['description'] == '') { if ($invoice_item_id > 0) { // remove invoice_item. $sql = "DELETE FROM `" . _DB_PREFIX . "invoice_item` WHERE invoice_item_id = '{$invoice_item_id}' AND invoice_id = {$invoice_id} LIMIT 1"; query($sql); } continue; } // add / save this invoice_item. $invoice_item_data['invoice_id'] = $invoice_id; // what type of task is this? $invoice_task_type = isset($invoice_item_data['manual_task_type']) && $invoice_item_data['manual_task_type'] >= 0 ? $invoice_item_data['manual_task_type'] : $invoice_data['default_task_type']; $invoice_item_data['hours_mins'] = 0; if (isset($invoice_item_data['hours']) && $invoice_task_type == _TASK_TYPE_HOURS_AMOUNT) { } if (isset($invoice_item_data['hours']) && $invoice_task_type == _TASK_TYPE_HOURS_AMOUNT && function_exists('decimal_time_in')) { $invoice_item_data['hours'] = decimal_time_in($invoice_item_data['hours']); if (strpos($invoice_item_data['hours'], ':') !== false) { $invoice_item_data['hours_mins'] = str_replace(":", ".", $invoice_item_data['hours']); } } else { if (isset($invoice_item_data['hours']) && strlen($invoice_item_data['hours'])) { $invoice_item_data['hours'] = number_in($invoice_item_data['hours']); } else { $invoice_item_data['hours'] = 0; } } // number formatting //print_r($invoice_item_data); if (isset($invoice_item_data['hourly_rate']) && strlen($invoice_item_data['hourly_rate'])) { $invoice_item_data['hourly_rate'] = number_in($invoice_item_data['hourly_rate'], module_config::c('task_amount_decimal_places', -1)); } //print_r($invoice_item_data);exit; // somenew hacks here to support out new method of creating an item. // the 'amount' column is never edited any more // this column is now always automatically calculated based on // 'hours' and 'hourly_rate' if (!isset($invoice_item_data['amount'])) { if ($invoice_task_type == _TASK_TYPE_AMOUNT_ONLY) { // ignore the quantity field all together. $invoice_item_data['amount'] = $invoice_item_data['hourly_rate']; $invoice_item_data['hourly_rate'] = 0; } else { if (isset($invoice_item_data['hourly_rate']) && strlen($invoice_item_data['hourly_rate']) > 0) { // if we have inputted an hourly rate (ie: not left empty) if (isset($invoice_item_data['hours']) && strlen($invoice_item_data['hours']) == 0) { // no hours entered (eg: empty) so we treat whatever was in 'hourly_rate' as the amount $invoice_item_data['amount'] = $invoice_item_data['hourly_rate']; } else { if (isset($invoice_item_data['hours']) && strlen($invoice_item_data['hours']) > 0) { // hours inputted, along with hourly rate. work out the new amount. $invoice_item_data['amount'] = round($invoice_item_data['hours'] * $invoice_item_data['hourly_rate'], module_config::c('currency_decimal_places', 2)); } } } } } if ($invoice_task_type == _TASK_TYPE_HOURS_AMOUNT) { if ($invoice_item_data['hourly_rate'] == $invoice_data['hourly_rate'] || isset($original_invoice_data['hourly_rate']) && $invoice_item_data['hourly_rate'] == $original_invoice_data['hourly_rate']) { $invoice_item_data['hourly_rate'] = -1; } } // remove the amount of it equals the hourly rate. /*if(isset($invoice_item_data['amount']) && isset($invoice_item_data['hours']) && $invoice_item_data['amount'] > 0 && $invoice_item_data['hours'] > 0){ if($invoice_item_data['amount'] - ($invoice_item_data['hours'] * $data['hourly_rate']) == 0){ unset($invoice_item_data['amount']); } }*/ // check if we haven't unticked a non-hourly invoice_item /*if(isset($invoice_item_data['completed_t']) && $invoice_item_data['completed_t'] && !isset($invoice_item_data['completed'])){ $invoice_item_data['completed'] = 0; }*/ if (!isset($invoice_item_data['taxable_t'])) { $invoice_item_data['taxable'] = module_config::c('task_taxable_default', 1); } else { if (isset($invoice_item_data['taxable_t']) && $invoice_item_data['taxable_t'] && !isset($invoice_item_data['taxable'])) { $invoice_item_data['taxable'] = 0; } } if (!strlen($invoice_item_data['hours'])) { $invoice_item_data['hours'] = 0; } $invoice_item_data['hourly_rate'] = number_out($invoice_item_data['hourly_rate'], false, module_config::c('task_amount_decimal_places', -1)); $invoice_item_data['hours'] = number_out($invoice_item_data['hours']); $invoice_item_data['amount'] = number_out($invoice_item_data['amount']); update_insert('invoice_item_id', $invoice_item_id, 'invoice_item', $invoice_item_data); } } $last_payment_time = 0; if (isset($data['invoice_invoice_payment']) && is_array($data['invoice_invoice_payment'])) { foreach ($data['invoice_invoice_payment'] as $invoice_payment_id => $invoice_payment_data) { $invoice_payment_id = (int) $invoice_payment_id; if (!is_array($invoice_payment_data)) { continue; } if (isset($invoice_payment_data['amount'])) { $invoice_payment_data['amount'] = number_in($invoice_payment_data['amount']); // toggle between 'normal' and 'refund' payment types if (isset($invoice_payment_data['payment_type'])) { if ($invoice_payment_data['amount'] < 0 && $invoice_payment_data['payment_type'] == _INVOICE_PAYMENT_TYPE_NORMAL) { // this is a refund. $invoice_payment_data['payment_type'] = _INVOICE_PAYMENT_TYPE_REFUND; } else { if ($invoice_payment_data['payment_type'] == _INVOICE_PAYMENT_TYPE_REFUND) { $invoice_payment_data['payment_type'] = _INVOICE_PAYMENT_TYPE_NORMAL; } } } } // check this invoice payment actually matches this invoice. $invoice_payment_data_existing = false; if ($invoice_payment_id > 0) { $invoice_payment_data_existing = get_single('invoice_payment', array('invoice_payment_id', 'invoice_id'), array($invoice_payment_id, $invoice_id)); if (!$invoice_payment_data_existing || $invoice_payment_data_existing['invoice_payment_id'] != $invoice_payment_id || $invoice_payment_data_existing['invoice_id'] != $invoice_id) { $invoice_payment_id = 0; $invoice_payment_data_existing = false; } } if (!isset($invoice_payment_data['amount']) || $invoice_payment_data['amount'] == '' || $invoice_payment_data['amount'] == 0) { // || $invoice_payment_data['amount'] <= 0 if ($invoice_payment_id > 0) { // if this is a customer credit payment, return that back to the customer account. if ($invoice_payment_data_existing && $invoice_data['customer_id']) { switch ($invoice_payment_data_existing['payment_type']) { case _INVOICE_PAYMENT_TYPE_CREDIT: module_customer::add_credit($invoice_data['customer_id'], $invoice_payment_data_existing['amount'], 'Refunded credit from invoice payment'); break; } } // remove invoice_payment. $sql = "DELETE FROM `" . _DB_PREFIX . "invoice_payment` WHERE invoice_payment_id = '{$invoice_payment_id}' AND invoice_id = {$invoice_id} LIMIT 1"; query($sql); // delete any existing transactions from the system as well. hook_handle_callback('invoice_payment_deleted', $invoice_payment_id, $invoice_id); } continue; } if (!$invoice_payment_id && (!isset($_REQUEST['add_payment']) || $_REQUEST['add_payment'] != 'go')) { continue; // not saving a new one. } // add / save this invoice_payment. $invoice_payment_data['invoice_id'] = $invoice_id; // $invoice_payment_data['currency_id'] = $invoice_data['currency_id']; $last_payment_time = max($last_payment_time, strtotime(input_date($invoice_payment_data['date_paid']))); if (isset($invoice_payment_data['custom_notes'])) { $details = @unserialize($invoice_payment_data['data']); if (!is_array($details)) { $details = array(); } $details['custom_notes'] = $invoice_payment_data['custom_notes']; $invoice_payment_data['data'] = serialize($details); } $invoice_payment_data['amount'] = number_out($invoice_payment_data['amount']); update_insert('invoice_payment_id', $invoice_payment_id, 'invoice_payment', $invoice_payment_data); } } if (!$last_payment_time) { $last_payment_time = strtotime(date('Y-m-d')); } // check if the invoice has been paid module_cache::clear('invoice'); //module_cache::clear_cache(); // this helps fix the bug where part payments are not caulcated a correct paid date. $invoice_data = self::get_invoice($invoice_id); if (!$invoice_data) { set_error('No permissions to access invoice.'); return $invoice_id; } if ((!$invoice_data['date_paid'] || $invoice_data['date_paid'] == '0000-00-00') && $invoice_data['total_amount_due'] <= 0 && ($invoice_data['total_amount_paid'] > 0 || $invoice_data['discount_amount'] > 0) && (!$invoice_data['date_cancel'] || $invoice_data['date_cancel'] == '0000-00-00')) { // find the date of the last payment history. // if the sent date is null also update that. $date_sent = $invoice_data['date_sent']; if (!$date_sent || $date_sent == '0000-00-00') { $date_sent = date('Y-m-d', $last_payment_time); } update_insert("invoice_id", $invoice_id, "invoice", array('date_paid' => date('Y-m-d', $last_payment_time), 'date_sent' => $date_sent, 'status' => _l('Paid'))); // hook for our ticketing plugin to mark a priority support ticket as paid. // or anything else down the track. module_cache::clear('invoice'); handle_hook('invoice_paid', $invoice_id); if (module_config::c('invoice_automatic_receipt', 1)) { // send receipt to customer. self::email_invoice_to_customer($invoice_id); } } if ($invoice_data['total_amount_due'] > 0) { // update the status to unpaid. update_insert("invoice_id", $invoice_id, "invoice", array('date_paid' => '', 'status' => $invoice_data['status'] == _l('Paid') ? module_config::s('invoice_status_default', 'New') : $invoice_data['status'])); } if (class_exists('module_extra', false) && module_extra::is_plugin_enabled()) { module_extra::save_extras('invoice', 'invoice_id', $invoice_id); } if ($invoice_data['customer_id']) { //module_cache::clear_cache(); module_cache::clear('invoice'); module_customer::update_customer_status($invoice_data['customer_id']); } hook_handle_callback('invoice_saved', $invoice_id, $invoice_data); } module_cache::clear('invoice'); module_cache::clear('job'); return $invoice_id; }
function process() { if ('plupload' == $_REQUEST['_process']) { if (!self::can_i('edit', 'Files') && !self::can_i('create', 'Files')) { die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Permission error."}, "id" : "id"}'); } @ob_end_clean(); // HTTP headers for no cache etc header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); // Settings $targetDir = _FILE_UPLOAD_PATH . "plupload"; //$targetDir = 'uploads'; $cleanupTargetDir = true; // Remove old files $maxFileAge = 5 * 3600; // Temp file age in seconds // 5 minutes execution time @set_time_limit(5 * 60); // Uncomment this one to fake upload time // usleep(5000); // Get parameters $chunk = isset($_REQUEST["chunk"]) ? intval($_REQUEST["chunk"]) : 0; $chunks = isset($_REQUEST["chunks"]) ? intval($_REQUEST["chunks"]) : 0; $fileName = isset($_REQUEST["plupload_key"]) ? $_REQUEST["plupload_key"] : ''; $fileName .= isset($_REQUEST["fileid"]) ? '-' . $_REQUEST["fileid"] : ''; $fileName = preg_replace('/[^a-zA-Z0-9-_]+/', '', $fileName); if (!$fileName) { die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "No plupload_key defined."}, "id" : "id"}'); } // Make sure the fileName is unique but only if chunking is disabled if ($chunks < 2 && file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName)) { $ext = strrpos($fileName, '.'); $fileName_a = substr($fileName, 0, $ext); $fileName_b = substr($fileName, $ext); $count = 1; while (file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName_a . '_' . $count . $fileName_b)) { $count++; } $fileName = $fileName_a . '_' . $count . $fileName_b; } $filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName; // Create target dir if (!file_exists($targetDir)) { @mkdir($targetDir); } // Remove old temp files if ($cleanupTargetDir) { if (!is_dir($targetDir) || !($dir = opendir($targetDir))) { die('{"jsonrpc" : "2.0", "error" : {"code": 100, "message": "Failed to open temp directory."}, "id" : "id"}'); } while (($file = readdir($dir)) !== false) { $tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file; // If temp file is current file proceed to the next if ($tmpfilePath == "{$filePath}.part") { continue; } // Remove temp file if it is older than the max age and is not the current file if (preg_match('/\\.part$/', $file) && filemtime($tmpfilePath) < time() - $maxFileAge) { @unlink($tmpfilePath); } } closedir($dir); } /// Open temp file if (!($out = @fopen("{$filePath}.part", $chunks ? "ab" : "wb"))) { die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}'); } if (!empty($_FILES)) { if ($_FILES["file"]["error"] || !is_uploaded_file($_FILES["file"]["tmp_name"])) { die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}'); } // Read binary input stream and append it to temp file if (!($in = @fopen($_FILES["file"]["tmp_name"], "rb"))) { die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}'); } } else { if (!($in = @fopen("php://input", "rb"))) { die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}'); } } while ($buff = fread($in, 4096)) { fwrite($out, $buff); } @fclose($out); @fclose($in); // Check if file has been uploaded if (!$chunks || $chunk == $chunks - 1) { // Strip the temp .part suffix off rename("{$filePath}.part", $filePath); } die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}'); } else { if ('download' == $_REQUEST['_process']) { @ob_end_clean(); $file_id = (int) $_REQUEST['file_id']; $file_data = $this->get_file($file_id); if (isset($file_data['file_url']) && strlen($file_data['file_url'])) { redirect_browser($file_data['file_url']); } else { if (is_file($file_data['file_path'])) { header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: private", false); //header("Content-Type: application/pdf"); header("Content-type: " . dtbaker_mime_type($file_data['file_name'], $file_data['file_path'])); header("Content-Disposition: attachment; filename=\"" . $file_data['file_name'] . "\";"); header("Content-Transfer-Encoding: binary"); header("Content-Length: " . filesize($file_data['file_path'])); //readfile($file_data['file_path']); $size = @readfile($file_data['file_path']); if (!$size) { echo file_get_contents($file_data['file_path']); } } else { echo 'Not found'; } } exit; } else { if ('save_file_popup' == $_REQUEST['_process']) { $file_id = $_REQUEST['file_id']; $file_path = false; $file_name = false; $options = unserialize(base64_decode($_REQUEST['options'])); // have we uploaded anything if (isset($_FILES['file_upload']) && is_uploaded_file($_FILES['file_upload']['tmp_name'])) { // copy to file area. $file_name = basename($_FILES['file_upload']['name']); if ($file_name) { $file_path = _FILE_UPLOAD_PATH . md5(time() . $file_name); if (move_uploaded_file($_FILES['file_upload']['tmp_name'], $file_path)) { // it worked. umm.. do something. } else { ?> <script type="text/javascript"> alert('Unable to save file. Please check permissions.'); </script> <?php // it didnt work. todo: display error. $file_path = false; $file_name = false; //set_error('Unable to save file'); } } } if (isset($_REQUEST['file_name']) && $_REQUEST['file_name']) { $file_name = $_REQUEST['file_name']; } if (!$file_path && !$file_name) { return false; } if (!$file_id || $file_id == 'new') { $file_data = array('file_id' => $file_id, 'owner_id' => (int) $_REQUEST['owner_id'], 'owner_table' => $_REQUEST['owner_table'], 'file_time' => time(), 'file_name' => $file_name, 'file_path' => $file_path); } else { // some fields we dont want to overwrite on existing files: $file_data = array('file_id' => $file_id, 'file_path' => $file_path, 'file_name' => $file_name); } // make sure we're saving a file we have access too. module_security::sanatise_data('file', $file_data); $file_id = update_insert('file_id', $file_id, 'file', $file_data); $file_data = $this->get_file($file_id); // we've updated from a popup. // this means we have to replace an existing file id with the updated output. // or if none exists on the page, we add a new one to the holder. $layout_type = isset($_REQUEST['layout']) && $_REQUEST['layout'] ? $_REQUEST['layout'] : 'gallery'; ?> <script type="text/javascript"> // check if it exists in parent window var new_html = '<?php echo addcslashes(preg_replace('/\\s+/', ' ', $this->print_file($file_id, $layout_type, true, $options)), "'"); ?> '; parent.new_file_added<?php echo $file_data['owner_table']; ?> _<?php echo $file_data['owner_id']; ?> (<?php echo $file_id; ?> ,'<?php echo $file_data['owner_table']; ?> ',<?php echo $file_data['owner_id']; ?> ,new_html); </script> <?php exit; } else { if ('save_file' == $_REQUEST['_process']) { $file_id = (int) $_REQUEST['file_id']; $file_path = false; $file_name = false; $file_url = ''; if (isset($_REQUEST['butt_del']) && self::can_i('delete', 'Files')) { if (module_form::confirm_delete('file_id', 'Really delete this file?')) { $ucm_file = new ucm_file($file_id); $ucm_file->delete(); set_message('File removed successfully'); } redirect_browser(module_file::link_open(false)); } else { $files_to_save = array(); // pump data in to here for multiple file uploads. // todo: stop people changing the "file_id" to another file they don't own. if (self::can_i('edit', 'Files') || self::can_i('create', 'Files')) { // have we uploaded anything $file_changed = false; if (isset($_REQUEST['plupload_key']) && isset($_REQUEST['plupload_file_name']) && is_array($_REQUEST['plupload_file_name']) && strlen(preg_replace('/[^a-zA-Z0-9-_]+/', '', basename($_REQUEST['plupload_key'])))) { $plupload_key = preg_replace('/[^a-zA-Z0-9-_]+/', '', basename($_REQUEST['plupload_key'])); foreach ($_REQUEST['plupload_file_name'] as $plupload_file_name_key => $file_name) { $plupload_file_name_key = preg_replace('/[^a-zA-Z0-9-_]+/', '', basename($plupload_file_name_key)); if ($plupload_key && $plupload_file_name_key && $file_name && is_file(_FILE_UPLOAD_PATH . 'plupload' . DIRECTORY_SEPARATOR . $plupload_key . '-' . $plupload_file_name_key)) { $file_path = _FILE_UPLOAD_PATH . time() . '-' . md5(time() . $file_name); if (rename(_FILE_UPLOAD_PATH . 'plupload' . DIRECTORY_SEPARATOR . $plupload_key . '-' . $plupload_file_name_key, $file_path)) { // it worked. umm.. do something. $file_changed = true; $files_to_save[] = array('file_path' => $file_path, 'file_name' => $file_name); } else { // it didnt work. todo: display error. $file_path = false; $file_name = false; set_error('Unable to save file via plupload.'); } } } } // the old file upload method, no plupload: if (!$file_changed && isset($_FILES['file_upload']) && is_uploaded_file($_FILES['file_upload']['tmp_name'])) { // copy to file area. $file_name = basename($_FILES['file_upload']['name']); if ($file_name) { $file_path = _FILE_UPLOAD_PATH . time() . '-' . md5(time() . $file_name); if (move_uploaded_file($_FILES['file_upload']['tmp_name'], $file_path)) { // it worked. umm.. do something. $file_changed = true; $files_to_save[] = array('file_path' => $file_path, 'file_name' => $file_name); } else { // it didnt work. todo: display error. $file_path = false; $file_name = false; set_error('Unable to save file'); } } } if (!$file_path && isset($_REQUEST['file_url']) && isset($_REQUEST['file_name'])) { $files_to_save[] = array('file_path' => '', 'file_url' => $_REQUEST['file_url'], 'file_name' => $_REQUEST['file_name']); } if (!$file_path && isset($_REQUEST['bucket'])) { $files_to_save[] = array('file_name' => $_REQUEST['file_name'], 'bucket' => 1); } // make sure we have a valid customer_id and job_id selected. $possible_customers = $possible_jobs = array(); if (class_exists('module_customer', false)) { $possible_customers = module_customer::get_customers(); } if (class_exists('module_job', false)) { $possible_jobs = module_job::get_jobs(); } $original_file_data = array(); if ($file_id > 0) { $original_file_data = self::get_file($file_id); if (!$original_file_data || $original_file_data['file_id'] != $file_id) { die('No permissions to update this file'); } } $new_file = false; if (!$file_id) { $file_data = array('file_id' => $file_id, 'bucket_parent_file_id' => isset($_REQUEST['bucket_parent_file_id']) ? (int) $_REQUEST['bucket_parent_file_id'] : false, 'customer_id' => isset($_REQUEST['customer_id']) ? (int) $_REQUEST['customer_id'] : false, 'job_id' => isset($_REQUEST['job_id']) ? (int) $_REQUEST['job_id'] : false, 'quote_id' => isset($_REQUEST['quote_id']) ? (int) $_REQUEST['quote_id'] : false, 'website_id' => isset($_REQUEST['website_id']) ? (int) $_REQUEST['website_id'] : false, 'status' => isset($_REQUEST['status']) ? $_REQUEST['status'] : false, 'pointers' => isset($_REQUEST['pointers']) ? $_REQUEST['pointers'] : false, 'description' => isset($_REQUEST['description']) ? $_REQUEST['description'] : false, 'file_time' => time()); if (!isset($possible_customers[$file_data['customer_id']])) { $file_data['customer_id'] = 0; } if (!isset($possible_jobs[$file_data['job_id']])) { $file_data['job_id'] = 0; } $new_file = true; } else { // some fields we dont want to overwrite on existing files: $file_data = array('file_id' => $file_id, 'bucket_parent_file_id' => isset($_REQUEST['bucket_parent_file_id']) ? (int) $_REQUEST['bucket_parent_file_id'] : false, 'pointers' => isset($_REQUEST['pointers']) ? $_REQUEST['pointers'] : false, 'customer_id' => isset($_REQUEST['customer_id']) ? (int) $_REQUEST['customer_id'] : false, 'job_id' => isset($_REQUEST['job_id']) ? (int) $_REQUEST['job_id'] : false, 'quote_id' => isset($_REQUEST['quote_id']) ? (int) $_REQUEST['quote_id'] : false, 'website_id' => isset($_REQUEST['website_id']) ? (int) $_REQUEST['website_id'] : false, 'status' => isset($_REQUEST['status']) ? $_REQUEST['status'] : false, 'description' => isset($_REQUEST['description']) ? $_REQUEST['description'] : false); if (!isset($possible_customers[$file_data['customer_id']]) && $file_data['customer_id'] != $original_file_data['customer_id']) { $file_data['customer_id'] = $original_file_data['customer_id']; } if ($file_data['job_id'] && !isset($possible_jobs[$file_data['job_id']]) && $file_data['job_id'] != $original_file_data['job_id']) { $file_data['job_id'] = $original_file_data['job_id']; } } $sub_bucket_fields = array('customer_id', 'job_id', 'quote_id', 'website_id'); if ($file_data['bucket_parent_file_id']) { // we're saving a sub bucket file, pull in the file data from the parent file. $parent_file = new ucm_file($file_data['bucket_parent_file_id']); $parent_file_data = $parent_file->get_data(); foreach ($sub_bucket_fields as $sub_bucket_field) { $file_data[$sub_bucket_field] = $parent_file_data[$sub_bucket_field]; } } if (!count($files_to_save)) { $files_to_save[] = array(); } foreach ($files_to_save as $id => $file_to_save) { $file_data_to_save = array_merge($file_data, $file_to_save); $files_to_save[$id]['file_id'] = update_insert('file_id', $file_data['file_id'], 'file', $file_data_to_save); $file_data['file_id'] = 0; // incease we're uploading multiple files if (isset($_POST['staff_ids_save']) && (int) $files_to_save[$id]['file_id'] > 0) { delete_from_db('file_user_rel', array('file_id'), array($files_to_save[$id]['file_id'])); if (isset($_POST['staff_ids']) && is_array($_POST['staff_ids'])) { foreach ($_POST['staff_ids'] as $staff_id) { $sql = "REPLACE INTO `" . _DB_PREFIX . "file_user_rel` SET "; $sql .= " `user_id` = " . (int) $staff_id; $sql .= ", `file_id` = " . (int) $files_to_save[$id]['file_id']; query($sql); } } } if ($files_to_save[$id]['file_id'] > 0 && isset($file_data_to_save['bucket']) && $file_data_to_save['bucket']) { // update certain fields of all the child files to match the parent bucket. $search = array('bucket_parent_file_id' => $files_to_save[$id]['file_id']); $sub_files = module_file::get_files($search); $vals = array(); foreach ($sub_bucket_fields as $field) { $vals[$field] = isset($file_data_to_save[$field]) ? $file_data_to_save[$field] : false; } foreach ($sub_files as $sub_file) { update_insert('file_id', $sub_file['file_id'], 'file', $vals); // and save the staff assignment manually too if (isset($_POST['staff_ids_save']) && (int) $sub_file['file_id'] > 0) { delete_from_db('file_user_rel', array('file_id'), array($sub_file['file_id'])); if (isset($_POST['staff_ids']) && is_array($_POST['staff_ids'])) { foreach ($_POST['staff_ids'] as $staff_id) { $sql = "REPLACE INTO `" . _DB_PREFIX . "file_user_rel` SET "; $sql .= " `user_id` = " . (int) $staff_id; $sql .= ", `file_id` = " . (int) $sub_file['file_id']; query($sql); } } } } } module_extra::save_extras('file', 'file_id', $files_to_save[$id]['file_id']); if ($file_changed) { $this->send_file_changed_notice($files_to_save[$id]['file_id'], $new_file); } // file changed } } if (module_file::can_i('create', 'File Comments')) { $this->save_file_comments($file_id); } if (isset($_REQUEST['delete_file_comment_id']) && $_REQUEST['delete_file_comment_id']) { $file_comment_id = (int) $_REQUEST['delete_file_comment_id']; $comment = get_single('file_comment', 'file_comment_id', $file_comment_id); if ($comment['create_user_id'] == module_security::get_loggedin_id() || module_file::can_i('delete', 'File Comments')) { $sql = "DELETE FROM `" . _DB_PREFIX . "file_comment` WHERE file_id = '" . (int) $file_id . "' AND file_comment_id = '{$file_comment_id}' "; $sql .= " LIMIT 1"; query($sql); } } if (isset($_REQUEST['butt_email']) && $_REQUEST['butt_email'] && module_file::can_i('edit', 'File Approval')) { redirect_browser($this->link_open_email($file_id)); } if (count($files_to_save)) { if (count($files_to_save) > 1) { $file_id = false; set_message(_l('%s Files saved successfully', count($files_to_save))); } else { set_message(_l('File saved successfully')); $file_id = $files_to_save[0]['file_id']; } } redirect_browser($this->link_open($file_id)); } } else { if ('delete_file_popup' == $_REQUEST['_process']) { $file_id = (int) $_REQUEST['file_id']; if (!$file_id || $file_id == 'new') { // cant delete a new file.. do nothing. } else { $file_data = $this->get_file($file_id); if (true) { //module_security::can_access_data('file',$file_data,$file_id)){ // delete the physical file. if (is_file($file_data['file_path'])) { unlink($file_data['file_path']); } // delete the db entry. delete_from_db('file', 'file_id', $file_id); // update ui with changes. ?> <script type="text/javascript"> var new_html = ''; parent.new_file_added<?php echo $file_data['owner_table']; ?> _<?php echo $file_data['owner_id']; ?> (<?php echo $file_id; ?> ,'<?php echo $file_data['owner_table']; ?> ',<?php echo $file_data['owner_id']; ?> ,new_html); </script> <?php } } exit; } } } } } }
public function save_subscription($subscription_id, $data) { if (isset($data['settings'])) { $data['settings'] = json_encode($data['settings']); } if (isset($data['default_automatic_renew']) && !isset($data['automatic_renew'])) { $data['automatic_renew'] = 0; } if (isset($data['default_automatic_email']) && !isset($data['automatic_email'])) { $data['automatic_email'] = 0; } $subscription_id = update_insert("subscription_id", $subscription_id, "subscription", $data); module_extra::save_extras('subscription', 'subscription_id', $subscription_id); return $subscription_id; }
public function save_product($product_id, $data) { if (isset($data['default_billable']) && !isset($data['billable'])) { $data['billable'] = 0; } if (isset($data['default_taxable']) && !isset($data['taxable'])) { $data['taxable'] = 0; } $product_id = update_insert("product_id", $product_id, "product", $data); module_extra::save_extras('product', 'product_id', $product_id); return $product_id; }
public static function save_quote($quote_id, $data) { if (isset($data['customer_id']) && $data['customer_id'] > 0) { // check we have access to this customer from this quote. $customer_check = module_customer::get_customer($data['customer_id']); if (!$customer_check || $customer_check['customer_id'] != $data['customer_id']) { unset($data['customer_id']); } } if (isset($data['website_id']) && $data['website_id']) { $website = module_website::get_website($data['website_id']); if ($website && (int) $website['website_id'] > 0 && $website['website_id'] == $data['website_id']) { // website exists. // make this one match the website customer_id, or set teh website customer_id if it doesn't have any. if ((int) $website['customer_id'] > 0) { if ($data['customer_id'] > 0 && $data['customer_id'] != $website['customer_id']) { set_message('Changed this Quote to match the Website customer'); } $data['customer_id'] = $website['customer_id']; } else { if (isset($data['customer_id']) && $data['customer_id'] > 0) { // set the website customer id to this as well. update_insert('website_id', $website['website_id'], 'website', array('customer_id' => $data['customer_id'])); } } } } if ((int) $quote_id > 0) { $original_quote_data = self::get_quote($quote_id, false); if (!$original_quote_data || $original_quote_data['quote_id'] != $quote_id) { $original_quote_data = array(); $quote_id = false; } } else { $original_quote_data = array(); $quote_id = false; } // check create permissions. if (!$quote_id && !self::can_i('create', 'Quotes')) { // user not allowed to create quotes. set_error('Unable to create new Quotes'); redirect_browser(self::link_open(false)); } if (!(int) $quote_id && module_config::c('quote_name_incrementing', 0)) { // incrememnt next quote number on save. $quote_number = module_config::c('quote_name_incrementing_next', 1); module_config::save_config('quote_name_incrementing_next', $quote_number + 1); } $quote_id = update_insert("quote_id", $quote_id, "quote", $data); $return = false; if ($quote_id) { hook_handle_callback('quote_save', $quote_id); // save the quote tax rates (copied from invoice.php) if (isset($data['tax_ids']) && isset($data['tax_names']) && $data['tax_percents']) { $existing_taxes = get_multiple('quote_tax', array('quote_id' => $quote_id), 'quote_tax_id', 'exact', 'order'); $order = 1; foreach ($data['tax_ids'] as $key => $val) { if (isset($data['tax_percents'][$key]) && $data['tax_percents'][$key] == 0) { // we are not saving this particular tax item because it has a 0% tax rate } else { if ((int) $val > 0 && isset($existing_taxes[$val])) { // this means we are trying to update an existing record on the quote_tax table, we confirm this id matches this quote. $quote_tax_id = $val; unset($existing_taxes[$quote_tax_id]); // so we know which ones to remove from the end. } else { $quote_tax_id = false; // create new record } $quote_tax_data = array('quote_id' => $quote_id, 'percent' => isset($data['tax_percents'][$key]) ? $data['tax_percents'][$key] : 0, 'amount' => 0, 'name' => isset($data['tax_names'][$key]) ? $data['tax_names'][$key] : 'TAX', 'order' => $order++, 'increment' => isset($data['tax_increment_checkbox']) && $data['tax_increment_checkbox'] ? 1 : 0); $quote_tax_id = update_insert('quote_tax_id', $quote_tax_id, 'quote_tax', $quote_tax_data); } } foreach ($existing_taxes as $existing_tax) { delete_from_db('quote_tax', array('quote_id', 'quote_tax_id'), array($quote_id, $existing_tax['quote_tax_id'])); } } module_cache::clear('quote'); $return = array('quote_id' => $quote_id, 'task_result' => self::save_quote_tasks($quote_id, $data)); $check_completed = true; switch ($return['task_result']['status']) { case 'created': // we added a new task. break; case 'deleted': // we deleted a task. break; case 'edited': // we changed a task (ie: completed?); break; default: // nothing changed. // $check_completed = false; break; } if ($check_completed) { self::update_quote_completion_status($quote_id); } if ($original_quote_data) { // we check if the hourly rate has changed if (isset($data['hourly_rate']) && $data['hourly_rate'] != $original_quote_data['hourly_rate']) { // update all the task hours, but only for hourly tasks: $sql = "UPDATE `" . _DB_PREFIX . "quote_task` SET `amount` = 0 WHERE `hours` > 0 AND quote_id = " . (int) $quote_id . " AND ( manual_task_type = " . _TASK_TYPE_HOURS_AMOUNT; if ($data['default_task_type'] == _TASK_TYPE_HOURS_AMOUNT) { $sql .= " OR manual_task_type = -1 "; } $sql .= " )"; query($sql); } // check if the quote assigned user id has changed. if (module_config::c('quote_allow_staff_assignment', 1)) { if (isset($data['user_id'])) { // && $data['user_id'] != $original_quote_data['user_id']){ // user id has changed! update any that were the old user id. $sql = "UPDATE `" . _DB_PREFIX . "quote_task` SET `user_id` = " . (int) $data['user_id'] . " WHERE (`user_id` = " . (int) $original_quote_data['user_id'] . " OR user_id = 0) AND quote_id = " . (int) $quote_id; query($sql); } } // check if the quote was approved. if (!isset($original_quote_data['date_approved']) || !$original_quote_data['date_approved'] || $original_quote_data['date_approved'] == '0000-00-00') { // original quote wasn't approved. if (isset($data['date_approved']) && !empty($data['date_approved']) && $data['date_approved'] != '0000-00-00') { // quote was approved! self::quote_approved($quote_id); } } } } if (class_exists('module_extra', false) && module_extra::is_plugin_enabled()) { module_extra::save_extras('quote', 'quote_id', $quote_id); } module_cache::clear('quote'); return $return; }
public static function save_job($job_id, $data) { if (isset($data['default_renew_auto']) && !isset($data['renew_auto'])) { $data['renew_auto'] = 0; } if (isset($data['default_renew_invoice']) && !isset($data['renew_invoice'])) { $data['renew_invoice'] = 0; } if (isset($data['total_percent_complete_override']) && $data['total_percent_complete_override'] != '' && $data['total_percent_complete_override'] <= 100) { $data['total_percent_complete_manual'] = 1; $data['total_percent_complete'] = $data['total_percent_complete_override'] / 100; } else { $data['total_percent_complete_manual'] = 0; } if (isset($data['customer_id']) && $data['customer_id'] > 0) { // check we have access to this customer from this job. $customer_check = module_customer::get_customer($data['customer_id']); if (!$customer_check || $customer_check['customer_id'] != $data['customer_id']) { unset($data['customer_id']); } } if (isset($data['website_id']) && $data['website_id']) { $website = module_website::get_website($data['website_id']); if ($website && (int) $website['website_id'] > 0 && $website['website_id'] == $data['website_id']) { // website exists. // make this one match the website customer_id, or set teh website customer_id if it doesn't have any. if ((int) $website['customer_id'] > 0) { if ($data['customer_id'] > 0 && $data['customer_id'] != $website['customer_id']) { set_message('Changed this Job to match the Website customer'); } $data['customer_id'] = $website['customer_id']; } else { if (isset($data['customer_id']) && $data['customer_id'] > 0) { // set the website customer id to this as well. update_insert('website_id', $website['website_id'], 'website', array('customer_id' => $data['customer_id'])); } } } } if ((int) $job_id > 0) { $original_job_data = self::get_job($job_id, false); if (!$original_job_data || $original_job_data['job_id'] != $job_id) { $original_job_data = array(); $job_id = false; } } else { $original_job_data = array(); $job_id = false; } if (!(int) $job_id && module_config::c('job_name_incrementing', 0)) { // incrememnt next job number on save. $job_number = module_config::c('job_name_incrementing_next', 1); module_config::save_config('job_name_incrementing_next', $job_number + 1); } $job_id = update_insert("job_id", $job_id, "job", $data); if ($job_id) { // save the job tax rates (copied from invoice.php) if (isset($data['tax_ids']) && isset($data['tax_names']) && $data['tax_percents']) { $existing_taxes = get_multiple('job_tax', array('job_id' => $job_id), 'job_tax_id', 'exact', 'order'); $order = 1; foreach ($data['tax_ids'] as $key => $val) { if (isset($data['tax_percents'][$key]) && $data['tax_percents'][$key] == 0) { // we are not saving this particular tax item because it has a 0% tax rate } else { if ((int) $val > 0 && isset($existing_taxes[$val])) { // this means we are trying to update an existing record on the job_tax table, we confirm this id matches this job. $job_tax_id = $val; unset($existing_taxes[$job_tax_id]); // so we know which ones to remove from the end. } else { $job_tax_id = false; // create new record } $job_tax_data = array('job_id' => $job_id, 'percent' => isset($data['tax_percents'][$key]) ? $data['tax_percents'][$key] : 0, 'amount' => 0, 'name' => isset($data['tax_names'][$key]) ? $data['tax_names'][$key] : 'TAX', 'order' => $order++, 'increment' => isset($data['tax_increment_checkbox']) && $data['tax_increment_checkbox'] ? 1 : 0); $job_tax_id = update_insert('job_tax_id', $job_tax_id, 'job_tax', $job_tax_data); } } foreach ($existing_taxes as $existing_tax) { delete_from_db('job_tax', array('job_id', 'job_tax_id'), array($job_id, $existing_tax['job_tax_id'])); } } module_cache::clear('job'); $result = self::save_job_tasks($job_id, $data); $check_completed = true; switch ($result['status']) { case 'created': // we added a new task. break; case 'deleted': // we deleted a task. break; case 'edited': // we changed a task (ie: completed?); break; default: // nothing changed. // $check_completed = false; break; } if ($check_completed) { self::update_job_completion_status($job_id); } if ($original_job_data) { // we check if the hourly rate has changed if (isset($data['hourly_rate']) && $data['hourly_rate'] != $original_job_data['hourly_rate']) { // update all the task hours, but only for hourly tasks: $sql = "UPDATE `" . _DB_PREFIX . "task` SET `amount` = 0 WHERE `hours` > 0 AND job_id = " . (int) $job_id . " AND ( manual_task_type = " . _TASK_TYPE_HOURS_AMOUNT; if ($data['default_task_type'] == _TASK_TYPE_HOURS_AMOUNT) { $sql .= " OR manual_task_type = -1 "; } $sql .= " )"; query($sql); } // check if the job assigned user id has changed. if (module_config::c('job_allow_staff_assignment', 1)) { if (isset($data['user_id'])) { // && $data['user_id'] != $original_job_data['user_id']){ // user id has changed! update any that were the old user id. $sql = "UPDATE `" . _DB_PREFIX . "task` SET `user_id` = " . (int) $data['user_id'] . " WHERE (`user_id` = " . (int) $original_job_data['user_id'] . " OR user_id = 0) AND job_id = " . (int) $job_id; query($sql); } } // check if the due date has changed. if (isset($original_job_data['date_due']) && $original_job_data['date_due'] && isset($data['date_due']) && $data['date_due'] && $data['date_due'] != '0000-00-00' && $original_job_data['date_due'] != $data['date_due']) { // the date has changed. // update all the tasks with this new date. $tasks = self::get_tasks($job_id); foreach ($tasks as $task) { if (!$task['date_due'] || $task['date_due'] == '0000-00-00') { // no previously set task date. set it update_insert('task_id', $task['task_id'], 'task', array('date_due' => $data['date_due'])); } else { if ($task['date_due'] == $original_job_data['date_due']) { // the date was the old date. do we change it? // only change it on incompleted tasks. $percentage = self::get_percentage($task); if ($percentage < 1 || module_config::c('job_tasks_overwrite_completed_due_dates', 0) && $percentage == 1) { update_insert('task_id', $task['task_id'], 'task', array('date_due' => $data['date_due'])); } } else { // there's a new date if (module_config::c('job_tasks_overwrite_diff_due_date', 0)) { update_insert('task_id', $task['task_id'], 'task', array('date_due' => $data['date_due'])); } } } } } } } if (class_exists('module_extra', false) && module_extra::is_plugin_enabled()) { module_extra::save_extras('job', 'job_id', $job_id); } module_cache::clear('job'); return $job_id; }
public function external_hook($hook) { switch ($hook) { case 'public_signup_form': $signup_form = module_template::get_template_by_key('customer_signup_form_wrapper'); $signup_form->page_title = $signup_form->description; $signup_form->assign_values(array('signup_form' => self::get_customer_signup_form_html())); echo $signup_form->render('pretty_html'); exit; case 'public_signup': // sign out if testing. if (module_security::is_logged_in()) { set_message('Logged out due to signup'); module_security::logout(); } $result = array('messages' => array()); function customer_signup_complete($result) { if (isset($_REQUEST['via_ajax'])) { echo json_encode($result); } else { echo implode('<br/>', $result['messages']); } exit; } if (!module_config::c('customer_signup_allowed', 0)) { $result['error'] = 1; $result['messages'][] = 'Customer signup disabled'; customer_signup_complete($result); } //recaptcha on signup form. if (module_config::c('captcha_on_signup_form', 0)) { if (!module_captcha::check_captcha_form()) { $result['error'] = 1; $result['messages'][] = 'Captcha fail, please go back and enter correct captcha code.'; customer_signup_complete($result); } } $customer = isset($_POST['customer']) && is_array($_POST['customer']) ? $_POST['customer'] : array(); $contact = isset($_POST['contact']) && is_array($_POST['contact']) ? $_POST['contact'] : array(); $contact_extra = isset($contact['extra']) && is_array($contact['extra']) ? $contact['extra'] : array(); $contact_group = isset($contact['group_ids']) && is_array($contact['group_ids']) ? $contact['group_ids'] : array(); $customer_extra = isset($customer['extra']) ? $customer['extra'] : array(); $customer_group = isset($customer['group_ids']) && is_array($customer['group_ids']) ? $customer['group_ids'] : array(); $address = isset($_POST['address']) ? $_POST['address'] : array(); $website = isset($_POST['website']) ? $_POST['website'] : array(); $website_extra = isset($website['extra']) ? $website['extra'] : array(); $website_group = isset($website['group_ids']) && is_array($website['group_ids']) ? $website['group_ids'] : array(); $job = isset($_POST['job']) ? $_POST['job'] : array(); $job_extra = isset($job['extra']) ? $job['extra'] : array(); $subscription = isset($_POST['subscription']) ? $_POST['subscription'] : array(); // sanatise possibly problematic fields: // customer: $allowed = array('name', 'last_name', 'customer_name', 'email', 'phone', 'mobile', 'extra', 'type'); foreach ($customer as $key => $val) { if (!in_array($key, $allowed)) { unset($customer[$key]); } } if (isset($customer['type']) && $customer['type'] != _CUSTOMER_TYPE_NORMAL && $customer['type'] != _CUSTOMER_TYPE_LEAD) { unset($customer['type']); } // added multiple contact support in the form of arrays. $contact_fields = array('name', 'last_name', 'email', 'phone'); if (module_config::c('customer_signup_password', 0)) { $contact_fields[] = 'password'; } foreach ($contact_fields as $multi_value) { if (isset($contact[$multi_value])) { if (!is_array($contact[$multi_value])) { $contact[$multi_value] = array($contact[$multi_value]); } } else { if (isset($customer[$multi_value])) { $contact[$multi_value] = array($customer[$multi_value]); } else { $contact[$multi_value] = array(); } } } $valid_contact_email = false; $name_fallback = false; $primary_email = false; foreach ($contact['email'] as $contact_key => $email) { if (!$name_fallback && isset($contact['name'][$contact_key])) { $name_fallback = $contact['name'][$contact_key]; } $contact['email'][$contact_key] = filter_var(strtolower(trim($email)), FILTER_VALIDATE_EMAIL); if ($contact['email'][$contact_key]) { $valid_contact_email = true; if (!$primary_email) { $primary_email = $contact['email'][$contact_key]; // set the primary contact details here by adding them to the master customer array foreach ($contact_fields as $primary_contact_field) { $customer[$primary_contact_field] = isset($contact[$primary_contact_field][$contact_key]) ? $contact[$primary_contact_field][$contact_key] : ''; unset($contact[$primary_contact_field][$contact_key]); } } } } // start error checking / required fields if (!isset($customer['customer_name']) || !strlen($customer['customer_name'])) { $customer['customer_name'] = $name_fallback; } if (!strlen($customer['customer_name'])) { $result['error'] = 1; $result['messages'][] = "Failed, please go back and provide a customer name."; } if (!$valid_contact_email || !$primary_email) { $result['error'] = 1; $result['messages'][] = "Failed, please go back and provide an email address."; } // check all posted required fields. function check_required($postdata, $messages = array()) { if (is_array($postdata)) { foreach ($postdata as $key => $val) { if (strpos($key, '_required') && strlen($val)) { $required_key = str_replace('_required', '', $key); if (!isset($postdata[$required_key]) || !$postdata[$required_key]) { $messages[] = 'Required field missing: ' . htmlspecialchars($val); } } if (is_array($val)) { $messages = check_required($val, $messages); } } } return $messages; } $messages = check_required($_POST); if (count($messages)) { $result['error'] = 1; $result['messages'] = array_merge($result['messages'], $messages); } if (isset($result['error'])) { customer_signup_complete($result); } // end error checking / required fields. // check if this customer already exists in the system, based on email address $customer_id = false; $creating_new = true; $_REQUEST['user_id'] = 0; if (isset($customer['email']) && strlen($customer['email']) && !module_config::c('customer_signup_always_new', 0)) { $users = module_user::get_contacts(array('email' => $customer['email'])); foreach ($users as $user) { if (isset($user['customer_id']) && (int) $user['customer_id'] > 0) { // this user exists as a customer! yey! // add them to this listing. $customer_id = $user['customer_id']; $creating_new = false; $_REQUEST['user_id'] = $user['user_id']; // dont let signups update existing passwords. if (isset($customer['password'])) { unset($customer['password']); } if (isset($customer['new_password'])) { unset($customer['new_password']); } } } } $_REQUEST['extra_customer_field'] = array(); $_REQUEST['extra_user_field'] = array(); module_extra::$config['allow_new_keys'] = false; module_extra::$config['delete_existing_empties'] = false; // save customer extra fields. if (count($customer_extra)) { // format the address so "save_customer" handles the save for us foreach ($customer_extra as $key => $val) { $_REQUEST['extra_customer_field'][] = array('key' => $key, 'val' => $val); } } // save customer and customer contact details: $customer_id = $this->save_customer($customer_id, $customer); if (!$customer_id) { $result['error'] = 1; $result['messages'][] = 'System error: failed to create customer.'; customer_signup_complete($result); } $customer_data = module_customer::get_customer($customer_id); // todo - merge primary and secondary contact/extra/group saving into a single loop if (!$customer_data['primary_user_id']) { $result['error'] = 1; $result['messages'][] = 'System error: Failed to create customer contact.'; customer_signup_complete($result); } else { $role_id = module_config::c('customer_signup_role', 0); if ($role_id > 0) { module_user::add_user_to_role($customer_data['primary_user_id'], $role_id); } // save contact extra data (repeated below for additional contacts) if (isset($contact_extra[0]) && count($contact_extra[0])) { $_REQUEST['extra_user_field'] = array(); foreach ($contact_extra[0] as $key => $val) { $_REQUEST['extra_user_field'][] = array('key' => $key, 'val' => $val); } module_extra::save_extras('user', 'user_id', $customer_data['primary_user_id']); } // save contact groups if (isset($contact_group[0]) && count($contact_group[0])) { foreach ($contact_group[0] as $group_id => $tf) { if ($tf) { module_group::add_to_group($group_id, $customer_data['primary_user_id'], 'user'); } } } } foreach ($contact['email'] as $contact_key => $email) { // add any additional contacts to the customer. $users = module_user::get_contacts(array('email' => $email, 'customer_id' => $customer_id)); if (count($users)) { // this contact already exists for this customer, dont update/change it. continue; } $new_contact = array('customer_id' => $customer_id); foreach ($contact_fields as $primary_contact_field) { $new_contact[$primary_contact_field] = isset($contact[$primary_contact_field][$contact_key]) ? $contact[$primary_contact_field][$contact_key] : ''; } // dont let additional contacts have passwords. if (isset($new_contact['password'])) { unset($new_contact['password']); } if (isset($new_contact['new_password'])) { unset($new_contact['new_password']); } global $plugins; $contact_user_id = $plugins['user']->create_user($new_contact, 'signup'); if ($contact_user_id) { $role_id = module_config::c('customer_signup_role', 0); if ($role_id > 0) { module_user::add_user_to_role($contact_user_id, $role_id); } // save contact extra data (repeated below for primary contacts) if (isset($contact_extra[$contact_key]) && count($contact_extra[$contact_key])) { $_REQUEST['extra_user_field'] = array(); foreach ($contact_extra[$contact_key] as $key => $val) { $_REQUEST['extra_user_field'][] = array('key' => $key, 'val' => $val); } module_extra::save_extras('user', 'user_id', $contact_user_id); } // save contact groups if (isset($contact_group[$contact_key]) && count($contact_group[$contact_key])) { foreach ($contact_group[$contact_key] as $group_id => $tf) { if ($tf) { module_group::add_to_group($group_id, $contact_user_id, 'user'); } } } } } if (count($customer_group)) { // format the address so "save_customer" handles the save for us foreach ($customer_group as $group_id => $tf) { if ($tf) { module_group::add_to_group($group_id, $customer_id, 'customer'); } } } $note_keys = array('customer', 'website', 'job', 'address', 'subscription'); $note_text = _l('Customer signed up from Signup Form:'); $note_text .= "\n\n"; foreach ($note_keys as $note_key) { $note_text .= "\n" . ucwords(_l($note_key)) . "\n"; if (isset($_POST[$note_key]) && is_array($_POST[$note_key])) { foreach ($_POST[$note_key] as $post_key => $post_val) { $note_text .= "\n - " . _l($post_key) . ": "; if (is_array($post_val)) { foreach ($post_val as $p => $v) { $note_text .= "\n - - " . _l($p) . ': ' . $v; } } else { $note_text .= $post_val; } } } } $note_data = array('note_id' => false, 'owner_id' => $customer_id, 'owner_table' => 'customer', 'note_time' => time(), 'note' => $note_text, 'rel_data' => module_customer::link_open($customer_id), 'reminder' => 0, 'user_id' => 0); update_insert('note_id', false, 'note', $note_data); // save customer address fields. if (count($address)) { $address_db = module_address::get_address($customer_id, 'customer', 'physical'); $address_id = $address_db && isset($address_db['address_id']) ? (int) $address_db['address_id'] : false; $address['owner_id'] = $customer_id; $address['owner_table'] = 'customer'; $address['address_type'] = 'physical'; // we have post data to save, write it to the table!! module_address::save_address($address_id, $address); } // website: $allowed = array('url', 'name', 'extra', 'notes'); foreach ($website as $key => $val) { if (!in_array($key, $allowed)) { unset($website[$key]); } } $website['url'] = isset($website['url']) ? strtolower(trim($website['url'])) : ''; $website_id = 0; if (count($website) && class_exists('module_website', false) && module_website::is_plugin_enabled()) { if (strlen($website['url'])) { // see if website already exists, don't create or update existing one for now. $existing_websites = module_website::get_websites(array('customer_id' => $customer_id, 'url' => $website['url'])); foreach ($existing_websites as $existing_website) { $website_id = $existing_website['website_id']; } } // echo $website_id;echo $website['url']; print_r($website_extra);exit; if (!$website_id) { $website_data = module_website::get_website($website_id); $website_data['url'] = isset($website['url']) ? $website['url'] : 'N/A'; $website_data['name'] = isset($website['url']) ? $website['url'] : 'N/A'; $website_data['customer_id'] = $customer_id; $website_id = update_insert('website_id', false, 'website', $website_data); // save website extra data. if ($website_id && count($website_extra)) { $_REQUEST['extra_website_field'] = array(); foreach ($website_extra as $key => $val) { $_REQUEST['extra_website_field'][] = array('key' => $key, 'val' => $val); } module_extra::save_extras('website', 'website_id', $website_id); } if ($website_id && isset($website['notes']) && strlen($website['notes'])) { // add notes to this website. $note_data = array('note_id' => false, 'owner_id' => $website_id, 'owner_table' => 'website', 'note_time' => time(), 'note' => $website['notes'], 'rel_data' => module_website::link_open($website_id), 'reminder' => 0, 'user_id' => $customer_data['primary_user_id']); $note_id = update_insert('note_id', false, 'note', $note_data); } } if ($website_id) { if (count($website_group)) { // format the address so "save_customer" handles the save for us foreach ($website_group as $group_id => $tf) { if ($tf) { module_group::add_to_group($group_id, $website_id, 'website'); } } } } } // generate jobs for this customer. $job_created = array(); if ($job && isset($job['type']) && is_array($job['type'])) { if (module_config::c('customer_signup_any_job_type', 0)) { foreach ($job['type'] as $type_name) { // we have a match in our system. create the job. $job_data = module_job::get_job(false); $job_data['type'] = $type_name; if (!$job_data['name']) { $job_data['name'] = $type_name; } $job_data['website_id'] = $website_id; $job_data['customer_id'] = $customer_id; $job_id = update_insert('job_id', false, 'job', $job_data); // todo: add default tasks for this job type. $job_created[] = $job_id; } } else { foreach (module_job::get_types() as $type_id => $type) { foreach ($job['type'] as $type_name) { if ($type_name == $type) { // we have a match in our system. create the job. $job_data = module_job::get_job(false); $job_data['type'] = $type; if (!$job_data['name']) { $job_data['name'] = $type; } $job_data['website_id'] = $website_id; $job_data['customer_id'] = $customer_id; $job_id = update_insert('job_id', false, 'job', $job_data); // todo: add default tasks for this job type. $job_created[] = $job_id; } } } } if (count($job_created) && count($job_extra)) { // save job extra data. foreach ($job_created as $job_created_id) { if ($job_created_id && count($job_extra)) { $_REQUEST['extra_job_field'] = array(); foreach ($job_extra as $key => $val) { $_REQUEST['extra_job_field'][] = array('key' => $key, 'val' => $val); } module_extra::save_extras('job', 'job_id', $job_created_id); } } } } // save files against customer $uploaded_files = array(); if (isset($_FILES['customerfiles']) && isset($_FILES['customerfiles']['tmp_name'])) { foreach ($_FILES['customerfiles']['tmp_name'] as $file_id => $tmp_file) { if (is_uploaded_file($tmp_file)) { // save to file module for this customer $file_name = basename($_FILES['customerfiles']['name'][$file_id]); if (strlen($file_name)) { $file_path = 'includes/plugin_file/upload/' . md5(time() . $file_name); if (move_uploaded_file($tmp_file, $file_path)) { // success! write to db. $file_data = array('customer_id' => $customer_id, 'job_id' => current($job_created), 'website_id' => $website_id, 'status' => module_config::c('file_default_status', 'Uploaded'), 'pointers' => false, 'description' => "Uploaded from Customer Signup form", 'file_time' => time(), 'file_name' => $file_name, 'file_path' => $file_path, 'file_url' => false); $file_id = update_insert('file_id', false, 'file', $file_data); $uploaded_files[] = $file_id; } } } } } // we create subscriptions for this customer/website (if none already exist) $subscription['subscription_name'] = array(); $subscription['subscription_invoice'] = array(); if (class_exists('module_subscription', false) && module_subscription::is_plugin_enabled() && isset($subscription['for']) && isset($subscription['subscriptions'])) { if ($subscription['for'] == 'website' && $website_id > 0) { $owner_table = 'website'; $owner_id = $website_id; } else { $owner_table = 'customer'; $owner_id = $customer_id; } $available_subscriptions = module_subscription::get_subscriptions(); $members_subscriptions = module_subscription::get_subscriptions_by($owner_table, $owner_id); foreach ($subscription['subscriptions'] as $subscription_id => $tf) { if (isset($available_subscriptions[$subscription_id])) { if (isset($members_subscriptions[$subscription_id])) { // we don't allow a member to sign up to the same subscription twice (just yet) } else { $subscription['subscription_name'][$subscription_id] = $available_subscriptions[$subscription_id]['name']; $start_date = date('Y-m-d'); $start_modifications = module_config::c('customer_signup_subscription_start', ''); if ($start_modifications == 'hidden') { $start_modifications = isset($_REQUEST['customer_signup_subscription_start']) ? $_REQUEST['customer_signup_subscription_start'] : ''; } if (!empty($start_modifications)) { $start_date = date('Y-m-d', strtotime($start_modifications)); } $sql = "INSERT INTO `" . _DB_PREFIX . "subscription_owner` SET "; $sql .= " owner_id = '" . (int) $owner_id . "'"; $sql .= ", owner_table = '" . mysql_real_escape_string($owner_table) . "'"; $sql .= ", subscription_id = '" . (int) $subscription_id . "'"; $sql .= ", start_date = '{$start_date}'"; query($sql); module_subscription::update_next_due_date($subscription_id, $owner_table, $owner_id, true); // and the same option here to send a subscription straight away upon signup if (module_config::c('subscription_send_invoice_straight_away', 0)) { global $plugins; $plugins['subscription']->run_cron(); // check if there are any invoices for this subscription $history = module_subscription::get_subscription_history($subscription_id, $owner_table, $owner_id); if (count($history) > 0) { foreach ($history as $h) { if ($h['invoice_id']) { $invoice_data = module_invoice::get_invoice($h['invoice_id']); if ($invoice_data['date_cancel'] != '0000-00-00') { continue; } $subscription['subscription_invoice'][] = '<a href="' . module_invoice::link_public($h['invoice_id']) . '">' . _l('Invoice #%s for %s', htmlspecialchars($invoice_data['name']), dollar($invoice_data['total_amount'], true, $invoice_data['currency_id'])) . '</a>'; } } } } } } } } if (!count($subscription['subscription_name'])) { $subscription['subscription_name'][] = _l('N/A'); } if (!count($subscription['subscription_invoice'])) { $subscription['subscription_invoice'][] = _l('N/A'); } $subscription['subscription_name'] = implode(', ', $subscription['subscription_name']); $subscription['subscription_invoice'] = implode(', ', $subscription['subscription_invoice']); // email the admin when a customer signs up. $values = array_merge($customer, $customer_extra, $website, $website_extra, $address, $subscription); $values['customer_name'] = $customer['customer_name']; $values['CUSTOMER_LINK'] = module_customer::link_open($customer_id); $values['CUSTOMER_NAME_LINK'] = module_customer::link_open($customer_id, true); if ($website_id) { $values['WEBSITE_LINK'] = module_website::link_open($website_id); $values['WEBSITE_NAME_LINK'] = module_website::link_open($website_id, true); } else { $values['WEBSITE_LINK'] = _l('N/A'); $values['WEBSITE_NAME_LINK'] = _l('N/A'); } $values['JOB_LINKS'] = ''; if (count($job_created)) { $values['JOB_LINKS'] .= 'The customer created ' . count($job_created) . ' jobs in the system: <br>'; foreach ($job_created as $job_created_id) { $values['JOB_LINKS'] .= module_job::link_open($job_created_id, true) . "<br>\n"; } } else { $values['JOB_LINKS'] = _l('N/A'); } if (count($uploaded_files)) { $values['uploaded_files'] = 'The customer uploaded ' . count($uploaded_files) . " files:<br>\n"; foreach ($uploaded_files as $uploaded_file) { $values['uploaded_files'] .= module_file::link_open($uploaded_file, true) . "<br>\n"; } } else { $values['uploaded_files'] = 'No files were uploaded'; } $values['WEBSITE_NAME'] = isset($website['url']) ? $website['url'] : 'N/A'; if (!$creating_new) { $values['system_note'] = "Note: this signup updated the existing customer record in the system."; } else { $values['system_note'] = "Note: this signup created a new customer record in the system."; } $customer_signup_template = module_config::c('customer_signup_email_admin_template', 'customer_signup_email_admin'); if (isset($_REQUEST['customer_signup_email_admin_template'])) { $customer_signup_template = $_REQUEST['customer_signup_email_admin_template']; } if ($customer_signup_template) { $template = module_template::get_template_by_key($customer_signup_template); if ($template->template_id) { $template->assign_values($values); $html = $template->render('html'); $email = module_email::new_email(); $email->replace_values = $values; $email->set_subject($template->description); $email->set_to_manual(module_config::c('customer_signup_admin_email', module_config::c('admin_email_address'))); // do we send images inline? $email->set_html($html); if ($email->send()) { // it worked successfully!! } else { /// log err? } } } $customer_signup_template = module_config::c('customer_signup_email_welcome_template', 'customer_signup_email_welcome'); if (isset($_REQUEST['customer_signup_email_welcome_template'])) { $customer_signup_template = $_REQUEST['customer_signup_email_welcome_template']; } if ($customer_signup_template) { $template = module_template::get_template_by_key($customer_signup_template); if ($template->template_id) { $template->assign_values($values); $html = $template->render('html'); $email = module_email::new_email(); $email->customer_id = $customer_id; $email->replace_values = $values; $email->set_subject($template->description); $email->set_to('user', $customer_data['primary_user_id']); // do we send images inline? $email->set_html($html); if ($email->send()) { // it worked successfully!! } else { /// log err? } } } //todo: optional redirect to url if (isset($_REQUEST['via_ajax'])) { echo json_encode(array('success' => 1, 'customer_id' => $customer_id)); exit; } if (module_config::c('customer_signup_redirect', '')) { redirect_browser(module_config::c('customer_signup_redirect', '')); } // load up the thank you template. $template = module_template::get_template_by_key('customer_signup_thank_you_page'); $template->page_title = _l("Customer Signup"); foreach ($values as $key => $val) { if (!is_array($val)) { $values[$key] = htmlspecialchars($val); } } $template->assign_values($values); echo $template->render('pretty_html'); exit; break; } }
public function external_hook($hook) { switch ($hook) { case 'subscribe_form': // handle subscriptions to the member database and also the newsletter system. // todo - tie in with "subscription" module to allow users to select which subscription they want as well. // handle subscriptions to the member database and also the newsletter system. // todo - tie in with "subscription" module to allow users to select which subscription they want as well. case 'subscribe': $member = isset($_REQUEST['member']) && is_array($_REQUEST['member']) ? $_REQUEST['member'] : false; $provided_member_id = isset($_REQUEST['i']) ? (int) $_REQUEST['i'] : false; $hash = isset($_REQUEST['hash']) ? trim($_REQUEST['hash']) : false; $member_id = false; if ($member) { if (isset($member['email']) && $member['email']) { // proceed with signup $email = filter_var(strtolower(trim($member['email'])), FILTER_VALIDATE_EMAIL); if (strlen($email) > 3) { $adding_new_member = true; // are we adding a new member to the system or updating an old one if ($provided_member_id && $hash) { $real_hash = $this->link_public_details($provided_member_id, true); if ($real_hash == $hash) { $existing_member = get_single('member', 'email', $email); if ($existing_member && $existing_member['member_id'] != $provided_member_id) { // this user is trying to update their email address to a user who exists in the system already $template = module_template::get_template_by_key('member_subscription_error'); $template->page_title = htmlspecialchars(_l('Subscription')); $template->assign_values(array('message' => _l('The email address %s is already linked to another member.', htmlspecialchars($email)))); echo $template->render('pretty_html'); exit; } $adding_new_member = false; // updating details in the system. update_insert("member_id", $provided_member_id, "member", $member); $member_id = $provided_member_id; // update extra fields... } } if (!$member_id) { // add member to system. $existing_member = get_single('member', 'email', $email); if ($existing_member && $existing_member['member_id'] > 0) { // todo: give them link to change details. $template = module_template::get_template_by_key('member_subscription_error'); $template->page_title = htmlspecialchars(_l('Subscription')); $template->assign_values(array('message' => _l('The email address %s is already a member. Please click the link in our newsletter to modify your details.', htmlspecialchars($email)))); echo $template->render('pretty_html'); exit; } // todo - sanatise input here, this will allow anyone to insert member details: $member_id = update_insert("member_id", 'new', "member", $member); } if ($member_id) { // save extra fields against member. $extra_fields = module_extra::get_defaults('member'); $extra_values = array(); foreach ($extra_fields as $extra_field) { // check if this field was submitted. if (isset($member[$extra_field['key']])) { $extra_values[$extra_field['key']] = array('val' => $member[$extra_field['key']], 'key' => $extra_field['key']); } } if (count($extra_values)) { $_REQUEST['extra_member_field'] = $extra_values; module_extra::save_extras('member', 'member_id', $member_id, false); } if (class_exists('module_newsletter', false)) { $newsletter_member_id = module_newsletter::member_from_email(array('email' => $email, 'member_id' => $member_id, 'data_callback' => 'module_member::get_newsletter_recipient', 'data_args' => $member_id), true, true); module_newsletter::subscribe_member($email, $newsletter_member_id); // now add thsi member to the grups they have selected. if (isset($member['group']) && is_array($member['group'])) { $group_items = module_group::get_groups('newsletter_subscription'); $public_group_ids = array(); foreach ($group_items as $group_item) { $public_group_ids[$group_item['group_id']] = true; // remove user group all these groups. module_group::delete_member($member_id, 'newsletter_subscription'); } //print_r($member['group']);print_r($public_group_ids);exit; foreach ($member['group'] as $group_id => $tf) { if ($tf && isset($public_group_ids[$group_id])) { // add member to group - but only public group ids! module_group::add_to_group($group_id, $member_id); } } } } // is the newsletter module giving us a subscription redirection? if ($adding_new_member) { if (module_config::c('newsletter_subscribe_redirect', '')) { redirect_browser(module_config::c('newsletter_subscribe_redirect', '')); } $template = module_template::get_template_by_key('member_subscription_success'); $template->page_title = htmlspecialchars(_l('Subscription')); $template->assign_values(array('email' => $email)); echo $template->render('pretty_html'); exit; } else { if (module_config::c('newsletter_update_details_redirect', '')) { redirect_browser(module_config::c('newsletter_update_details_redirect', '')); } $template = module_template::get_template_by_key('member_update_details_success'); $template->page_title = htmlspecialchars(_l('Subscription')); $template->assign_values(array('email' => $email)); echo $template->render('pretty_html'); exit; } } else { echo 'database failure.. please try again.'; } } else { $template = module_template::get_template_by_key('member_subscription_error'); $template->page_title = htmlspecialchars(_l('Subscription')); $template->assign_values(array('message' => _l('Sorry please go back and complete all required fields (especially email address)'))); echo $template->render('pretty_html'); exit; } } else { $template = module_template::get_template_by_key('member_subscription_error'); $template->page_title = htmlspecialchars(_l('Subscription')); $template->assign_values(array('message' => _l('Sorry please go back and complete all required fields'))); echo $template->render('pretty_html'); exit; } } else { $template = module_template::get_template_by_key('member_subscription_form'); $template->page_title = htmlspecialchars(_l('Subscription')); // we also treat this as a subscription modification form. $newsletter_subscriptions = array(); $member = array('email' => '', 'first_name' => '', 'last_name' => '', 'business' => '', 'phone' => '', 'mobile' => ''); // extra fields: $extra_fields = module_extra::get_defaults('member'); foreach ($extra_fields as $extra_field) { $member[$extra_field['key']] = ''; } if ($provided_member_id && $hash) { $real_hash = $this->link_public_details($provided_member_id, true); if ($real_hash == $hash) { // we can load these details into the forum successfully. $member = array_merge($member, $this->get_member($provided_member_id)); // get their fields: $extra_fields = module_extra::get_extras(array('owner_table' => 'member', 'owner_id' => $provided_member_id)); foreach ($extra_fields as $extra_field) { $member[$extra_field['extra_key']] = $extra_field['extra']; } // find out what newsletter subscriptions this member has. if (class_exists('module_newsletter', false)) { $newsletter_member_id = module_newsletter::member_from_email($member, true, true); $newsletter_subscriptions = module_group::get_member_groups('newsletter_subscription', $provided_member_id); } } } $template->assign_values($member); if (class_exists('module_newsletter', false)) { $group_items = module_group::get_groups('newsletter_subscription'); ob_start(); foreach ($group_items as $group_item) { ?> <div class="group_select"> <input type="checkbox" name="member[group][<?php echo $group_item['group_id']; ?> ]" value="1"<?php foreach ($newsletter_subscriptions as $newsletter_subscription) { if ($newsletter_subscription['group_id'] == $group_item['group_id']) { echo ' checked'; } } ?> > <?php echo htmlspecialchars($group_item['name']); ?> </div> <?php } $template->assign_values(array('newsletter_options' => ob_get_clean())); } else { $template->assign_values(array('newsletter_options' => '')); } echo $template->render('pretty_html'); exit; } break; } }
public function save_user($user_id, $data, $from_public = false) { $use_master_key = $this->get_contact_master_key(); if ($from_public) { $user_id = 0; } else { if ($use_master_key && isset($data[$use_master_key]) && $data[$use_master_key]) { if (!module_user::can_i('edit', 'Contacts', 'Customer')) { set_error('Unable to edit contacts.'); return false; } } else { if (!self::can_i('edit', 'Users', 'Config')) { set_error('Unable to edit users.'); return false; } } $user_id = (int) $user_id; } $temp_user = array(); if ($user_id > 0) { // check permissions $temp_user = $this->get_user($user_id, true, false); if (!$temp_user || $temp_user['user_id'] != $user_id || isset($temp_user['_perms'])) { $user_id = false; } } if (!$user_id && !$from_public) { if ($use_master_key && isset($data[$use_master_key]) && $data[$use_master_key]) { if (!module_user::can_i('create', 'Contacts', 'Customer')) { set_error('Unable to create new contacts.'); return false; } } else { if (!self::can_i('create', 'Users', 'Config')) { set_error('Unable to create new users.'); return false; } } } else { if ($user_id == 1 && module_security::get_loggedin_id() != 1) { set_error('Sorry only the administrator can modify this account'); } } // check the customer id is valid assignment to someone who has these perms. if (!$from_public) { if (isset($data['customer_id']) && (int) $data['customer_id'] > 0) { $temp_customer = module_customer::get_customer($data['customer_id']); if (!$temp_customer || $temp_customer['customer_id'] != $data['customer_id']) { unset($data['customer_id']); } } if (isset($data['vendor_id']) && (int) $data['vendor_id'] > 0) { $temp_vendor = module_vendor::get_vendor($data['vendor_id']); if (!$temp_vendor || $temp_vendor['vendor_id'] != $data['vendor_id']) { unset($data['vendor_id']); } } } if (isset($data['password'])) { unset($data['password']); } // we do the password hash thing here. if (isset($data['password_new']) && strlen($data['password_new'])) { // an admin is trying to set the password for this account. // same permissions checks as on the user_admin_edit_login.php page if (!$user_id || isset($temp_user['password']) && !$temp_user['password'] || module_user::can_i('create', 'Users Passwords', 'Config') || isset($_REQUEST['reset_password']) && $_REQUEST['reset_password'] == module_security::get_auto_login_string($user_id)) { // we allow the admin to set a new password without typing in previous password. $data['password'] = $data['password_new']; } else { set_error('Sorry, no permissions to set a new password.'); } } else { if ($user_id && isset($data['password_new1']) && isset($data['password_new2']) && strlen($data['password_new1'])) { // the user is trying to change their password. // only do this if the user has edit password permissions and their password matches. if (module_user::can_i('edit', 'Users Passwords', 'Config') || $user_id == module_security::get_loggedin_id()) { if (isset($data['password_old']) && (md5($data['password_old']) == $temp_user['password'] || $data['password_old'] == $temp_user['password'])) { // correct old password // verify new password. if ($data['password_new1'] == $data['password_new2']) { $data['password'] = $data['password_new1']; } else { set_error('Verified password mismatch. Password unchanged.'); } } else { set_error('Old password does not match. Password unchanged.'); } } else { set_error('No permissions to change passwords'); } } } // and we finally hash our password if (isset($data['password']) && strlen($data['password']) > 0) { $data['password'] = md5($data['password']); // if you change md5 also change it in customer import. // todo - salt? meh. } $user_id = update_insert("user_id", $user_id, "user", $data); $use_master_key = $this->get_contact_master_key(); // this will be customer_id or supplier_id if ($use_master_key && (isset($data[$use_master_key]) && $data[$use_master_key])) { if ($user_id) { if (isset($data['customer_primary']) && $data['customer_primary']) { // update the customer/supplier to mark them as primary or not.. switch ($use_master_key) { case 'customer_id': module_customer::set_primary_user_id($data['customer_id'], $user_id); break; case 'vendor_id': module_vendor::set_primary_user_id($data['vendor_id'], $user_id); break; } } else { // check if this contact was the old customer/supplier primary and switch ($use_master_key) { case 'customer_id': $customer_data = module_customer::get_customer($data['customer_id']); if ($customer_data['primary_user_id'] == $user_id) { module_customer::set_primary_user_id($data['customer_id'], 0); } break; case 'vendor_id': $vendor_data = module_vendor::get_vendor($data['vendor_id']); if ($vendor_data['primary_user_id'] == $user_id) { module_vendor::set_primary_user_id($data['vendor_id'], 0); } break; } } } } if (!$from_public) { // hack for linked user accounts. if ($user_id && isset($data['link_customers']) && $data['link_customers'] == 'yes' && isset($data['link_user_ids']) && is_array($data['link_user_ids']) && isset($data['email']) && $data['email']) { $others = module_user::get_contacts(array('email' => $data['email'])); foreach ($data['link_user_ids'] as $link_user_id) { if (!(int) $link_user_id) { continue; } if ($link_user_id == $user_id) { continue; } // shouldnt happen foreach ($others as $other) { if ($other['user_id'] == $link_user_id) { // success! they'renot trying to hack us. $sql = "REPLACE INTO `" . _DB_PREFIX . "user_customer_rel` SET user_id = '" . (int) $link_user_id . "', customer_id = '" . (int) $other['customer_id'] . "', `primary` = " . (int) $user_id; query($sql); update_insert('user_id', $link_user_id, 'user', array('linked_parent_user_id' => $user_id)); } } } update_insert('user_id', $user_id, 'user', array('linked_parent_user_id' => $user_id)); } if ($user_id && isset($data['unlink']) && $data['unlink'] == 'yes') { $sql = "DELETE FROM `" . _DB_PREFIX . "user_customer_rel` WHERE user_id = '" . (int) $user_id . "'"; query($sql); update_insert('user_id', $user_id, 'user', array('linked_parent_user_id' => 0)); } handle_hook("address_block_save", $this, "physical", "user", "user_id", $user_id); handle_hook("address_block_save", $this, "postal", "user", "user_id", $user_id); if (class_exists('module_extra', false) && module_extra::is_plugin_enabled()) { module_extra::save_extras('user', 'user_id', $user_id); } // find current role / permissions $user_data = $this->get_user($user_id); $previous_user_roles = $user_data['roles']; $re_save_role_perms = false; // hack to support only 1 role (we may support multi-role in the future) // TODO: check we have permissions to set this role id, otherwise anyone can set their own role. if (isset($_REQUEST['role_id'])) { $sql = "DELETE FROM `" . _DB_PREFIX . "user_role` WHERE user_id = '" . (int) $user_id . "'"; query($sql); if ((int) $_REQUEST['role_id'] > 0) { if (!isset($previous_user_roles[$_REQUEST['role_id']])) { $re_save_role_perms = (int) $_REQUEST['role_id']; } $_REQUEST['role'] = array($_REQUEST['role_id'] => 1); } } // save users roles (support for multi roles in future - but probably will never happen) if (isset($_REQUEST['role']) && is_array($_REQUEST['role'])) { foreach ($_REQUEST['role'] as $role_id => $tf) { $this->add_user_to_role($user_id, $role_id); } } if ($re_save_role_perms) { // copy role permissiosn to user permissions $sql = "DELETE FROM `" . _DB_PREFIX . "user_perm` WHERE user_id = " . (int) $user_id; query($sql); // update - we are not relying on these permissions any more. // if the user has a role assigned, we use those permissions period // we ignore all permissions in the user_perm table if the user has a role. // if the user doesn't have a role, then we use these user_perm permissions. /*$security_role = module_security::get_security_role($re_save_role_perms); foreach($security_role['permissions'] as $security_permission_id => $d){ $sql = "INSERT INTO `"._DB_PREFIX."user_perm` SET user_id = ".(int)$user_id.", security_permission_id = '".(int)$security_permission_id."'"; foreach(module_security::$available_permissions as $perm){ $sql .= ", `".$perm."` = ".(int)$d[$perm]; } query($sql); }*/ } else { if (isset($_REQUEST['permission']) && is_array($_REQUEST['permission'])) { $sql = "DELETE FROM `" . _DB_PREFIX . "user_perm` WHERE user_id = '" . (int) $user_id . "'"; query($sql); // update permissions for this user. foreach ($_REQUEST['permission'] as $security_permission_id => $permissions) { $actions = array(); foreach (module_security::$available_permissions as $permission) { if (isset($permissions[$permission]) && $permissions[$permission]) { $actions[$permission] = 1; } } $sql = "REPLACE INTO `" . _DB_PREFIX . "user_perm` SET user_id = '" . (int) $user_id . "', security_permission_id = '" . (int) $security_permission_id . "' "; foreach ($actions as $permission => $tf) { $sql .= ", `" . mysql_real_escape_string($permission) . "` = 1"; } query($sql); } } } /*global $plugins; if($user_id && isset($data['user_type_id']) && $data['user_type_id'] == 1 && $data['site_id']){ // update the site. $plugins['site']->set_primary_user_id($data['site_id'],$user_id); }else{ //this use isn't (or isnt any more) the sites primary user. // unset this if he was the primary user before $site_data = $plugins['site']->get_site($data['site_id']); if(isset($site_data['primary_user_id']) && $site_data['primary_user_id'] == $user_id){ $plugins['site']->set_primary_user_id($data['site_id'],0); } }*/ // save the company information if it's available if (class_exists('module_company', false) && module_company::can_i('edit', 'Company') && module_company::is_enabled() && module_user::can_i('edit', 'User')) { if (isset($_REQUEST['available_user_company']) && is_array($_REQUEST['available_user_company'])) { $selected_companies = isset($_POST['user_company']) && is_array($_POST['user_company']) ? $_POST['user_company'] : array(); foreach ($_REQUEST['available_user_company'] as $company_id => $tf) { if (!isset($selected_companies[$company_id]) || !$selected_companies[$company_id]) { // remove user from this company module_company::delete_user($company_id, $user_id); } else { // add user to this company (if they are not already existing) module_company::add_user_to_company($company_id, $user_id); } } } } } module_cache::clear('user'); return $user_id; }
public function save_vendor($vendor_id, $data) { $vendor_id = (int) $vendor_id; $temp_vendor = false; if ($vendor_id > 0) { // check permissions $temp_vendor = $this->get_vendor($vendor_id); if (!$temp_vendor || $temp_vendor['vendor_id'] != $vendor_id) { $temp_vendor = false; $vendor_id = false; } } if (_DEMO_MODE && $vendor_id == 1) { set_error('Sorry this is a Demo Vendor. It cannot be changed.'); redirect_browser(self::link_open($vendor_id)); } if (isset($data['default_tax_system']) && $data['default_tax_system']) { $data['default_tax'] = -1; $data['default_tax_name'] = ''; } if (isset($data['primary_user_id'])) { unset($data['primary_user_id']); } // only allow this to be set through the method. $vendor_id = update_insert("vendor_id", $vendor_id, "vendor", $data); if (isset($_REQUEST['user_id'])) { $user_id = (int) $_REQUEST['user_id']; if ($user_id > 0) { // check permissions $temp_user = module_user::get_user($user_id); if (!$temp_user || $temp_user['user_id'] != $user_id) { $user_id = false; } } // assign specified user_id to this vendor. // could this be a problem? // maybe? // todo: think about security precautions here, maybe only allow admins to set primary contacts. $data['vendor_id'] = $vendor_id; if (!$user_id) { // hack to set the default role of a contact (if one is set in settings). if (!isset($data['last_name']) && isset($data['name']) && strpos($data['name'], ' ') > 0) { // todo - save from vendor import $bits = explode(' ', $data['name']); $data['last_name'] = array_pop($bits); $data['name'] = implode(' ', $bits); } $user_id = update_insert("user_id", false, "user", $data); module_cache::clear('user'); $role_id = module_config::c('contact_default_role', 0); if ($role_id > 0) { module_user::add_user_to_role($user_id, $role_id); } $this->set_primary_user_id($vendor_id, $user_id); } else { // make sure this user is part of this vendor. // wait! addition, we want to be able to move an existing vendor contact to this new vendor. $saved_user_id = false; if (isset($_REQUEST['move_user_id']) && (int) $_REQUEST['move_user_id'] && module_vendor::can_i('create', 'Companies')) { $old_user = module_user::get_user((int) $_REQUEST['move_user_id']); if ($old_user && $old_user['user_id'] == (int) $_REQUEST['move_user_id']) { $saved_user_id = $user_id = update_insert("user_id", $user_id, "user", $data); module_cache::clear('user'); hook_handle_callback('vendor_contact_moved', $user_id, $old_user['vendor_id'], $vendor_id); $this->set_primary_user_id($vendor_id, $user_id); module_cache::clear('user'); } } else { // save normally, only those linked to this account: $users = module_user::get_contacts(array('vendor_id' => $vendor_id)); foreach ($users as $user) { if ($user['user_id'] == $user_id) { $saved_user_id = $user_id = update_insert("user_id", $user_id, "user", $data); $this->set_primary_user_id($vendor_id, $user_id); module_cache::clear('user'); break; } } } if (!$saved_user_id) { $this->set_primary_user_id($vendor_id, 0); module_cache::clear('user'); } } // todo: move this functionality back into the user class. // maybe with a static save_user method ? if ($user_id > 0 && class_exists('module_extra', false) && module_extra::is_plugin_enabled()) { module_extra::save_extras('user', 'user_id', $user_id); } } handle_hook("address_block_save", $this, "physical", "vendor", "vendor_id", $vendor_id); //handle_hook("address_block_save",$this,"postal","vendor","vendor_id",$vendor_id); if (class_exists('module_extra', false) && module_extra::is_plugin_enabled()) { module_extra::save_extras('vendor', 'vendor_id', $vendor_id); } // save the company information if it's available if (class_exists('module_company', false) && module_company::can_i('view', 'Company') && module_company::is_enabled()) { if (isset($_REQUEST['available_vendor_company']) && is_array($_REQUEST['available_vendor_company'])) { $selected_companies = isset($_POST['vendor_company']) && is_array($_POST['vendor_company']) ? $_POST['vendor_company'] : array(); $company_access = module_company::get_company_data_access(); if ($company_access == _COMPANY_ACCESS_ALL && !count($selected_companies)) { // user is unassignging this vendor from all companies we have access to, dont let them do this? } foreach ($_REQUEST['available_vendor_company'] as $company_id => $tf) { if (!isset($selected_companies[$company_id]) || !$selected_companies[$company_id]) { // remove vendor from this company module_company::delete_vendor($company_id, $vendor_id); } else { // add vendor to this company (if they are not already existing) module_company::add_vendor_to_company($company_id, $vendor_id); } } } } self::update_vendor_status($vendor_id); module_cache::clear('vendor'); return $vendor_id; }
public function save_website($website_id, $data) { if ((int) $website_id > 0) { $original_website_data = $this->get_website($website_id); if (!$original_website_data || $original_website_data['website_id'] != $website_id) { $original_website_data = array(); $website_id = false; } } else { $original_website_data = array(); $website_id = false; } if (_DEMO_MODE && $website_id == 1) { set_error('This is a Demo Website. Some things cannot be changed.'); foreach (array('name', 'url', 'customer_id') as $key) { if (isset($data[$key])) { unset($data[$key]); } } } // check create permissions. if (!$website_id && !self::can_i('create', 'Websites')) { // user not allowed to create websites. set_error('Unable to create new Websites'); redirect_browser(self::link_open(false)); } $website_id = update_insert("website_id", $website_id, "website", $data); if (isset($original_website_data['customer_id']) && $original_website_data['customer_id'] && isset($data['customer_id']) && $data['customer_id'] && $original_website_data['customer_id'] != $data['customer_id']) { //module_cache::clear_cache(); // the customer id has changed. update jobs and invoices. // bad! this will swap all jobs, invoices and files from this customer to another customer. //module_job::customer_id_changed($original_website_data['customer_id'],$data['customer_id']); } module_extra::save_extras('website', 'website_id', $website_id); return $website_id; }
public function save_newsletter($newsletter_id, $data) { $newsletter_id = update_insert("newsletter_id", $newsletter_id, "newsletter", $data); module_extra::save_extras('newsletter', 'newsletter_id', $newsletter_id); return $newsletter_id; }
public function save_ticket($ticket_id, $data) { if (isset($data['website_id']) && $data['website_id']) { $website = module_website::get_website($data['website_id']); $data['customer_id'] = $website['customer_id']; } if (isset($data['user_id']) && $data['user_id']) { $user = module_user::get_user($data['user_id'], false); if (!isset($data['customer_id']) || !$data['customer_id']) { $data['customer_id'] = $user['customer_id']; } } if ((int) $ticket_id > 0) { $existing_ticket_data = $this->get_ticket($ticket_id); } else { $existing_ticket_data = array(); } if (isset($data['change_assigned_user_id']) && (int) $data['change_assigned_user_id'] > 0) { // check if we're realling changing the user. if ($ticket_id > 0) { if ($existing_ticket_data['assigned_user_id'] != $data['change_assigned_user_id']) { // they are really changing the user $data['assigned_user_id'] = $data['change_assigned_user_id']; } } else { $data['assigned_user_id'] = $data['change_assigned_user_id']; } module_cache::clear('ticket'); } $ticket_id = update_insert("ticket_id", $ticket_id, "ticket", $data); if ($ticket_id) { // save any extra data if (isset($data['ticket_extra']) && is_array($data['ticket_extra'])) { $available_extra_fields = $this->get_ticket_extras_keys(); foreach ($data['ticket_extra'] as $ticket_data_key_id => $ticket_data_key_value) { if (strlen($ticket_data_key_value) > 0 && isset($available_extra_fields[$ticket_data_key_id])) { // save this one! // hack: addition for encryption module. // bit nasty, but it works. if (class_exists('module_encrypt', false) && isset($available_extra_fields[$ticket_data_key_id]['encrypt_key_id']) && $available_extra_fields[$ticket_data_key_id]['encrypt_key_id'] && strpos($ticket_data_key_value, 'encrypt:') === false && ($available_extra_fields[$ticket_data_key_id]['type'] == 'text' || $available_extra_fields[$ticket_data_key_id]['type'] == 'textarea')) { // encrypt this value using this key. $page_name = 'ticket_extras'; // match the page_name we have in ticket_extra_sidebar.php $input_id = 'ticket_extras_' . $ticket_data_key_id; // match the input id we have in ticket_extra_sidebar.php $ticket_data_key_value = module_encrypt::save_encrypt_value($available_extra_fields[$ticket_data_key_id]['encrypt_key_id'], $ticket_data_key_value, $page_name, $input_id); } // check for existing $existing = get_single('ticket_data', array('ticket_id', 'ticket_data_key_id'), array($ticket_id, $ticket_data_key_id)); if ($existing) { update_insert('ticket_data_id', $existing['ticket_data_id'], 'ticket_data', array('value' => $ticket_data_key_value)); } else { update_insert('ticket_data_id', 'new', 'ticket_data', array('ticket_data_key_id' => $ticket_data_key_id, 'ticket_id' => $ticket_id, 'value' => $ticket_data_key_value)); } } } } $ticket_message_id = false; if (isset($data['new_ticket_message']) && strlen($data['new_ticket_message']) > 1) { // post a new reply to this message. // who are we replying to? $ticket_data = $this->get_ticket($ticket_id); if (isset($data['change_status_id']) && $data['change_status_id']) { update_insert("ticket_id", $ticket_id, "ticket", array('status_id' => $data['change_status_id'])); } else { if ($ticket_data['status_id'] == _TICKET_STATUS_RESOLVED_ID || $ticket_data['status_id'] == 7) { $data['change_status_id'] = _TICKET_STATUS_IN_PROGRESS_ID; // change to in progress. } } module_cache::clear('ticket'); // it's either a reply from the admin, or from the user via the web interface. $ticket_data = $this->get_ticket($ticket_id); $logged_in_user = isset($data['force_logged_in_user_id']) ? $data['force_logged_in_user_id'] : false; if (!$logged_in_user) { $logged_in_user = module_security::get_loggedin_id(); if (!$logged_in_user) { $logged_in_user = $ticket_data['user_id']; } } if (!$ticket_data['user_id'] && module_security::get_loggedin_id()) { update_insert('ticket_id', $ticket_id, 'ticket', array('user_id' => module_security::get_loggedin_id())); $ticket_data['user_id'] = module_security::get_loggedin_id(); } $ticket_creator = $ticket_data['user_id']; // echo "creator: $ticket_creator logged in: $logged_in_user"; print_r($ticket_data);exit; //echo "Creator: ".$ticket_data['user_id'] . " logged in ".$logged_in_user;exit; if ($ticket_creator == $logged_in_user) { // we are sending a reply back to the admin, from the end user. self::mark_as_unread($ticket_id); $ticket_message_id = $this->send_reply($ticket_id, $data['new_ticket_message'], $ticket_creator, $ticket_data['assigned_user_id'] ? $ticket_data['assigned_user_id'] : module_config::c('ticket_default_user_id', 1), 'end_user', '', array('private_message' => isset($data['private_message']) && $data['private_message'])); } else { // we are sending a reply back to the ticket user. // admin is allowed to change the status of a message. $from_user_id = $ticket_data['assigned_user_id'] ? $ticket_data['assigned_user_id'] : module_security::get_loggedin_id(); //echo "From $from_user_id to $ticket_creator ";exit; $ticket_message_id = $this->send_reply($ticket_id, $data['new_ticket_message'], $from_user_id, $ticket_creator, 'admin', '', array('private_message' => isset($data['private_message']) && $data['private_message'])); // do we add cc/bcc here? } if ($ticket_message_id && isset($data['change_status_id']) && $data['change_status_id']) { // store the ticket status change here. update_insert("ticket_message_id", $ticket_message_id, "ticket_message", array('status_id' => $data['change_status_id'])); } } if (isset($data['change_status_id']) && $data['change_status_id']) { // we only update this status if the sent reply or send reply and next buttons are clicked. if (isset($_REQUEST['newmsg']) || isset($_REQUEST['newmsg_next'])) { update_insert("ticket_id", $ticket_id, "ticket", array('status_id' => $data['change_status_id'])); } } } module_extra::save_extras('ticket', 'ticket_id', $ticket_id); // automaticall send notification email to assigned staff membeR? if (module_config::c('ticket_auto_notify_staff', 0)) { module_cache::clear('ticket'); $new_ticket_data = self::get_ticket($ticket_id); if ($new_ticket_data['assigned_user_id'] && (!$existing_ticket_data || $existing_ticket_data['assigned_user_id'] != $new_ticket_data['assigned_user_id'])) { // copied from ticket_admin_notify.php // template for sending emails. // are we sending the paid one? or the dueone. $template = module_template::get_template_by_key('ticket_email_notify'); $new_ticket_data['from_name'] = module_security::get_loggedin_name(); $new_ticket_data['ticket_url'] = module_ticket::link_open($ticket_id); $new_ticket_data['ticket_subject'] = $new_ticket_data['subject']; // sending to the staff member. $replace_fields = self::get_replace_fields($new_ticket_data['ticket_id'], $new_ticket_data); $template->assign_values($replace_fields); $template->assign_values($new_ticket_data); $html = $template->render('html'); $email = module_email::new_email(); $email->replace_values = $new_ticket_data + $replace_fields; $email->set_subject($template->description); $email->set_to('user', $new_ticket_data['assigned_user_id']); // do we send images inline? $email->set_html($html); if ($email->send()) { // it worked successfully!! } else { /// log err? } } } module_cache::clear('ticket'); return $ticket_id; }