/** * Update an existing handler * * @param int $id the handler ID * @param string $email the email address * @param string $handler the handler for messages to the email address */ function update_handler($id, $email, $handler, $active) { $id = (int) $id; $email = $this->db->db_addslashes($email); $handler = $this->db->db_addslashes($handler); $active = (int) $active; $lastmod = time(); $sql = 'UPDATE phpgw_mail_handler' . " SET target_email = '{$email}', handler = '{$handler}', is_active = {$active}, lastmod = {$lastmod}, lastmod_user = {$GLOBALS['phpgw_info']['user']['account_id']}" . " WHERE handler_id = {$id}"; $this->db->query($sql, __LINE__, __FILE__); }
/** * Find locations within an application * * @param bool $grant Used for finding locations where users can grant rights to others * @param string $appname Name of application in question * @param bool $allow_c_attrib Used for finding locations where custom attributes can be applied * @param bool $have_categories for finding locations which have categories * * @return array Array locations */ public function get_locations($grant = false, $appname = '', $allow_c_attrib = false, $c_function = false, $have_categories = false) { if (!$appname) { $appname = $GLOBALS['phpgw_info']['flags']['currentapp']; } $appname = $this->_db->db_addslashes($appname); $filter = " WHERE app_name='{$appname}' AND phpgw_locations.name != 'run'"; $join_categories = ''; if ($have_categories) { $join_categories = "{$this->_join} phpgw_categories ON phpgw_locations.location_id = phpgw_categories.location_id"; } if ($allow_c_attrib) { $filter .= ' AND allow_c_attrib = 1'; } if ($grant) { $filter .= ' AND allow_grant = 1'; } if ($c_function) { $filter .= ' AND allow_c_function = 1'; } $sql = "SELECT phpgw_locations.location_id, phpgw_locations.name, phpgw_locations.descr FROM phpgw_locations" . " {$this->_join} phpgw_applications ON phpgw_locations.app_id = phpgw_applications.app_id" . " {$join_categories}" . " {$filter} ORDER BY phpgw_locations.name"; $this->_db->query($sql, __LINE__, __FILE__); $locations = array(); while ($this->_db->next_record()) { $locations[$this->_db->f('name')] = $this->_db->f('descr', true); } return $locations; }
/** * Get standard valueset for atttibutes and location * * @param array $data the data to organize * * @return array $value_set to either insert or edit */ protected function _get_value_set($data) { $value_set = array(); if (isset($data['location']) && is_array($data['location'])) { foreach ($data['location'] as $input_name => $value) { if (isset($value) && $value) { $value_set[$input_name] = $value; } } $value_set['location_code'] = implode('-', $data['location']); } if (isset($data['extra']) && is_array($data['extra'])) { foreach ($data['extra'] as $input_name => $value) { if (isset($value) && $value) { $value_set[$input_name] = $value; } } if ($data['extra']['p_num'] && $data['extra']['p_entity_id'] && $data['extra']['p_cat_id']) { $entity = CreateObject('property.soadmin_entity'); $entity_category = $entity->read_single_category($data['extra']['p_entity_id'], $data['extra']['p_cat_id']); } } if (isset($data['attributes']) && is_array($data['attributes'])) { $data_attribute = $this->custom->prepare_for_db($table, $data['attributes']); if (isset($data_attribute['value_set'])) { foreach ($data_attribute['value_set'] as $input_name => $value) { if (isset($value) && $value) { $value_set[$input_name] = $value; } } } } $_address = array(); if (isset($data['street_name']) && $data['street_name']) { $_address[] = "{$data['street_name']} {$data['street_number']}"; } if (isset($data['location_name']) && $data['location_name']) { $_address[] = ucfirst(strtolower($data['location_name'])); } if (isset($data['additional_info']) && $data['additional_info']) { foreach ($data['additional_info'] as $key => $value) { if ($value) { $_address[] = "{$key}|{$value}"; } } } if (isset($entity_category) && $entity_category) { $_address[] = "{$entity_category['name']}::{$data['extra']['p_num']}"; } $address = $this->_db->db_addslashes(implode('::', $_address)); $value_set['address'] = $address; return $value_set; }
/** * Fetch a single custom function record from the database * * @param string $appname the module the function belongs to * @param string $location the location the function is used * @param integer $id the ID for the function * * @return array the function values - null if not found */ public function get($appname, $location, $id) { $appname = $this->_db->db_addslashes($appname); $location = $this->_db->db_addslashes($location); $id = (int) $id; $sql = 'SELECT phpgw_cust_function.* FROM phpgw_cust_function ' . " {$this->_join} phpgw_locations ON phpgw_cust_function.location_id = phpgw_locations.location_id" . " {$this->_join} phpgw_applications ON phpgw_applications.app_id = phpgw_locations.app_id" . " WHERE phpgw_applications.app_name = '{$appname}'" . " AND phpgw_locations.name = '{$location}'" . " AND phpgw_cust_function.id = {$id}"; $this->_db->query($sql, __LINE__, __FILE__); if (!$this->_db->next_record()) { return null; } return array('id' => (int) $this->_db->f('id'), 'descr' => $this->_db->f('descr', true), 'custom_function_file' => $this->_db->f('file_name'), 'active' => !!$this->_db->f('active'), 'pre_commit' => !!$this->_db->f('pre_commit'), 'client_side' => !!$this->_db->f('client_side')); }
/** * Store the current configuration */ public function save_repository() { $config_data = $this->config_data; if (is_array($config_data) && count($config_data)) { $this->db->transaction_begin(); $this->delete_repository(); foreach ($config_data as $name => $value) { if (is_array($value)) { $value = serialize($value); } $name = $this->db->db_addslashes($name); $value = $this->db->db_addslashes($value); $query = "INSERT INTO phpgw_config (config_app,config_name,config_value) " . "VALUES ('{$this->module}', '{$name}', '{$value}')"; $this->db->query($query, __LINE__, __FILE__); } $this->db->transaction_commit(); } }
/** * Protect against brute force attacks, block login if too many unsuccessful login attmepts * * @param string $login account_lid (evtl. with domain) * @param string $ip the ip that made the request * * @return boolean login blocked? */ protected function _login_blocked($login, $ip) { $blocked = false; $block_time = time() - $GLOBALS['phpgw_info']['server']['block_time'] * 60; $ip = $this->_db->db_addslashes($ip); if (isset($GLOBALS['phpgw_info']['server']['sessions_checkip']) && $GLOBALS['phpgw_info']['server']['sessions_checkip']) { $sql = 'SELECT COUNT(*) AS cnt FROM phpgw_access_log' . " WHERE account_id = 0 AND ip = '{$ip}' AND li > {$block_time}"; $this->_db->query($sql, __LINE__, __FILE__); $this->_db->next_record(); $false_ip = $this->_db->f('cnt'); if ($false_ip > $GLOBALS['phpgw_info']['server']['num_unsuccessful_ip']) { $blocked = true; } } $login = $this->_db->db_addslashes($login); $sql = 'SELECT COUNT(*) AS cnt FROM phpgw_access_log' . " WHERE account_id = 0 AND (loginid='{$login}' OR loginid LIKE '{$login}#%')" . " AND li > {$block_time}"; $this->_db->query($sql, __LINE__, __FILE__); $this->_db->next_record(); $false_id = $this->_db->f('cnt'); if ($false_id > $GLOBALS['phpgw_info']['server']['num_unsuccessful_id']) { $blocked = true; } if ($blocked && isset($GLOBALS['phpgw_info']['server']['admin_mails']) && $GLOBALS['phpgw_info']['server']['admin_mails'] && $GLOBALS['phpgw_info']['server']['login_blocked_mail_time'] < (time() - 5) * 60) { // notify admin(s) via email $from = 'phpGroupWare@' . $GLOBALS['phpgw_info']['server']['mail_suffix']; $subject = lang("phpGroupWare: login blocked for user '%1', IP: %2", $login, $ip); $body = lang('Too many unsuccessful attempts to login: '******'%2', %3 for the IP %4", $false_id, $login, $false_ip, $ip); if (!is_object($GLOBALS['phpgw']->send)) { $GLOBALS['phpgw']->send = createObject('phpgwapi.send'); } $subject = $GLOBALS['phpgw']->send->encode_subject($subject); $admin_mails = explode(',', $GLOBALS['phpgw_info']['server']['admin_mails']); foreach ($admin_mails as $to) { $GLOBALS['phpgw']->send->msg('email', $to, $subject, $body, '', '', '', $from, $from); } // save time of mail, to not send to many mails $config = createObject('phpgwapi.config', 'phpgwapi'); $config->read_repository(); $config->value('login_blocked_mail_time', time()); $config->save_repository(); } return $blocked; }
/** * List available links * * @param string $app the module to link to * @param string $loc the location to link to * @param int $id the id to link to * @return array list of links in the following format - ['link_id'] = array('app' => 'string', 'summary' => 'string', 'account_id' => int, 'view' => 'string', 'edit' => 'string') */ public function list_links($app, $loc, $id) { $app = $this->db->db_addslashes($app); $loc = (int) $loc; $id = (int) $id; $owner = (int) $GLOBALS['phpgw_info']['user']['account_id']; $sql = 'SELECT interlink_id, app1_name, app1_loc, app1_id, app2_name, app2_loc, app2_id, is_private, account_id' . ' FROM phpgw_interlink' . " WHERE (app1_name = '{$app}' AND app1_loc = '{$loc}' AND app1_id = '{$id}')" . " OR (app2_name = '{$app}' AND app2_loc = '{$loc}' AND app2_id = '{$id}')" . " AND ( is_private = 0 OR (is_private = 1 AND account_id = {$owner}) )" . ' AND is_active = 1 AND active_from >= ' . time(); $recs = array(); while ($this->db->next_record()) { if ($this->db->f('app1_name') == $app) { $recs[] = array('interlink_id' => $this->db->f('interlink_id'), 'app2_name' => $this->db->f('app2_name'), 'app2_loc' => $this->db->f('app2_loc'), 'app2_id' => $this->db->f('app2_id'), 'is_private' => !!$this->db->f('is_private'), 'account_id' => $this->db->f('account_id')); } else { $recs[] = array('interlink_id' => $this->db->f('interlink_id'), 'app1_name' => $this->db->f('app1_name'), 'app1_loc' => $this->db->f('app1_loc'), 'app1_id' => $this->db->f('app1_id'), 'is_private' => !!$this->db->f('is_private'), 'account_id' => $this->db->f('account_id')); } } foreach ($recs as &$rec) { $rec['summary'] = $this->get_summary($rec); $rec['owner'] = $GLOBALS['phpgw']->accounts->id2name($rec['account_id']); } return $recs; }
/** * Finds the next ID for a record at a table * * @param string $table tablename in question * @param array $key conditions for finding the next id * * @return int the next id */ protected function _next_id($table = null, $key = null) { if (!$table) { return 0; } $next_id = 0; $where = ''; if (is_array($key)) { foreach ($key as $col => $val) { if ($val) { $val = $this->_db->db_addslashes($val); $condition[] = "{$col} = '{$val}"; } } $where = 'WHERE ' . implode("' AND ", $condition) . "'"; } $sql = "SELECT max(id) as maximum FROM {$table} {$where}"; $this->_db->query($sql, __LINE__, __FILE__); if ($this->_db->next_record()) { $next_id = $this->_db->f('maximum'); } ++$next_id; return $next_id; }
/** * Reads ACL accounts from database and return array with accounts that have certain rights for a given location * * @param integer $required Required access rights in bitmap form * @param string $location location within Application name * @param string $appname Application name * if empty string the value of $GLOBALS['phpgw_info']['flags']['currentapp'] is used * * @return array Array with accounts */ public function get_user_list_right($required, $location, $appname = '') { $myaccounts =& $GLOBALS['phpgw']->accounts; $active_accounts = array(); $accounts = array(); $users = array(); if (!$appname) { $appname = $GLOBALS['phpgw_info']['flags']['currentapp']; } $appname = $this->_db->db_addslashes($appname); $location = $this->_db->db_addslashes($location); if ($GLOBALS['phpgw_info']['server']['account_repository'] == 'ldap') { $account_objects = $GLOBALS['phpgw']->accounts->get_list('both', -1, 'ASC', 'account_lastname', $query = '', -1); // maybe $query could be used for filtering on active accounts? $active_accounts = array(); foreach ($account_objects as $account_object) { $active_accounts[] = array('account_id' => $account_object->id, 'account_type' => $account_object->type); } } else { $sql = "SELECT account_id, account_type FROM phpgw_accounts" . " {$this->_join} phpgw_acl on phpgw_accounts.account_id = phpgw_acl.acl_account" . " {$this->_join} phpgw_locations on phpgw_acl.location_id = phpgw_locations.location_id" . " WHERE account_status = 'A' AND phpgw_locations.name = '{$location}'" . " ORDER BY account_lastname ASC"; $this->_db->query($sql, __LINE__, __FILE__); while ($this->_db->next_record()) { $active_accounts[] = array('account_id' => $this->_db->f('account_id'), 'account_type' => $this->_db->f('account_type')); } } foreach ($active_accounts as $entry) { $this->_account_id = $entry['account_id']; if ($this->check($location, $required, $appname)) { if ($entry['account_type'] == 'g') { $members = $myaccounts->member($entry['account_id'], true); if (isset($members) and is_array($members)) { foreach ($members as $user) { $accounts[$user['account_id']] = $user['account_id']; } unset($members); } } else { $accounts[$entry['account_id']] = $entry['account_id']; } } } unset($active_accounts); unset($myaccounts); $sql = "SELECT account_id FROM phpgw_accounts WHERE account_status = 'I'"; $this->_db->query($sql, __LINE__, __FILE__); while ($this->_db->next_record()) { unset($accounts[$this->_db->f('account_id')]); } if (isset($accounts) and is_array($accounts)) { foreach ($accounts as $account_id) { $this->_account_id = $account_id; if (!$this->check($location, $required, $appname)) { unset($accounts[$account_id]); } } } $accounts = array_keys($accounts); if (isset($accounts) && count($accounts) > 0) { $sql = 'SELECT * FROM phpgw_accounts where account_id in (' . implode(',', $accounts) . ') ORDER BY account_lastname'; $this->_db->query($sql, __LINE__, __FILE__); while ($this->_db->next_record()) { $users[] = array('account_id' => $this->_db->f('account_id'), 'account_lid' => $this->_db->f('account_lid'), 'account_type' => $this->_db->f('account_type'), 'account_firstname' => $this->_db->f('account_firstname'), 'account_lastname' => $this->_db->f('account_lastname'), 'account_status' => $this->_db->f('account_status'), 'account_expires' => $this->_db->f('account_expires')); } } return $users; }