/** * Generate a secure signature * * {code} * {crmSigner var=mySig extra=123} * var urlParams = ts={$mySig.ts}&extra={$mySig.extra}&sig={$mySig.signature} * {endcode} * * @param $params array with keys: * - var: string, a smarty variable to generate * - ts: int, the current time (if omitted, autogenerated) * - any other vars are put into the signature (sorted) */ function smarty_function_crmSigner($params, &$smarty) { $var = $params['var']; unset($params['var']); $params['ts'] = CRM_Utils_Time::getTimeRaw(); $fields = array_keys($params); sort($fields); $signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), $fields); $params['signature'] = $signer->sign($params); $smarty->assign($var, $params); }
/** * check the CMS username. */ public static function checkUserName() { $signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), array('for', 'ts')); $sig = CRM_Utils_Request::retrieve('sig', 'String', CRM_Core_DAO::$_nullObject); $for = CRM_Utils_Request::retrieve('for', 'String', CRM_Core_DAO::$_nullObject); if (CRM_Utils_Time::getTimeRaw() > $_REQUEST['ts'] + self::CHECK_USERNAME_TTL || $for != 'civicrm/ajax/cmsuser' || !$signer->validate($sig, $_REQUEST)) { $user = array('name' => 'error'); CRM_Utils_JSON::output($user); } $config = CRM_Core_Config::singleton(); $username = trim(CRM_Utils_Array::value('cms_name', $_REQUEST)); $params = array('name' => $username); $errors = array(); $config->userSystem->checkUserNameEmailExists($params, $errors); if (isset($errors['cms_name']) || isset($errors['name'])) { //user name is not available $user = array('name' => 'no'); CRM_Utils_JSON::output($user); } else { //user name is available $user = array('name' => 'yes'); CRM_Utils_JSON::output($user); } // Not reachable: JSON::output() above exits. CRM_Utils_System::civiExit(); }
/** * @param string $token * A token supplied by the user. * @return bool * TRUE if the token is valid for submitting attachments * @throws Exception */ public static function checkToken($token) { list($signature, $ts) = explode(';;;', $token); $signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), array('for', 'ts')); if (!is_numeric($ts) || CRM_Utils_Time::getTimeRaw() > $ts + self::ATTACHMENT_TOKEN_TTL) { return FALSE; } return $signer->validate($signature, array('for' => 'crmAttachment', 'ts' => $ts)); }
/** * function to delete a file attachment from an entity table / entity ID * * @static * @access public */ static function deleteAttachment() { $params = array(); $params['entityTable'] = CRM_Utils_Request::retrieve('entityTable', 'String', CRM_Core_DAO::$_nullObject, TRUE); $params['entityID'] = CRM_Utils_Request::retrieve('entityID', 'Positive', CRM_Core_DAO::$_nullObject, TRUE); $params['fileID'] = CRM_Utils_Request::retrieve('fileID', 'Positive', CRM_Core_DAO::$_nullObject, TRUE); $signature = CRM_Utils_Request::retrieve('_sgn', 'String', CRM_Core_DAO::$_nullObject, TRUE); $signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), self::$_signableFields); if (!$signer->validate($signature, $params)) { CRM_Core_Error::fatal('Request signature is invalid'); } CRM_Core_BAO_File::deleteEntityFile($params['entityTable'], $params['entityID'], NULL, $params['fileID']); }
public static function fixOrder() { $signature = CRM_Utils_Request::retrieve('_sgn', 'String', CRM_Core_DAO::$_nullObject); $signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), self::$SIGNABLE_FIELDS); // Validate $_GET values b/c subsequent code reads $_GET (via CRM_Utils_Request::retrieve) if (!$signer->validate($signature, $_GET)) { CRM_Core_Error::fatal('Request signature is invalid'); } // Note: Ensure this list matches self::$SIGNABLE_FIELDS $daoName = CRM_Utils_Request::retrieve('dao', 'String', CRM_Core_DAO::$_nullObject); $id = CRM_Utils_Request::retrieve('id', 'Integer', CRM_Core_DAO::$_nullObject); $idName = CRM_Utils_Request::retrieve('idName', 'String', CRM_Core_DAO::$_nullObject); $url = CRM_Utils_Request::retrieve('url', 'String', CRM_Core_DAO::$_nullObject); $filter = CRM_Utils_Request::retrieve('filter', 'String', CRM_Core_DAO::$_nullObject); $src = CRM_Utils_Request::retrieve('src', 'Integer', CRM_Core_DAO::$_nullObject); $dst = CRM_Utils_Request::retrieve('dst', 'Integer', CRM_Core_DAO::$_nullObject); $dir = CRM_Utils_Request::retrieve('dir', 'String', CRM_Core_DAO::$_nullObject); $object = new $daoName(); $srcWeight = CRM_Core_DAO::getFieldValue($daoName, $src, 'weight', $idName); $dstWeight = CRM_Core_DAO::getFieldValue($daoName, $dst, 'weight', $idName); if ($srcWeight == $dstWeight) { self::fixOrderOutput($url); } $tableName = $object->tableName(); $query = "UPDATE {$tableName} SET weight = %1 WHERE {$idName} = %2"; $params = array(1 => array($dstWeight, 'Integer'), 2 => array($src, 'Integer')); CRM_Core_DAO::executeQuery($query, $params); if ($dir == 'swap') { $params = array(1 => array($srcWeight, 'Integer'), 2 => array($dst, 'Integer')); CRM_Core_DAO::executeQuery($query, $params); } elseif ($dir == 'first') { // increment the rest by one $query = "UPDATE {$tableName} SET weight = weight + 1 WHERE {$idName} != %1 AND weight < %2"; if ($filter) { $query .= " AND {$filter}"; } $params = array(1 => array($src, 'Integer'), 2 => array($srcWeight, 'Integer')); CRM_Core_DAO::executeQuery($query, $params); } elseif ($dir == 'last') { // increment the rest by one $query = "UPDATE {$tableName} SET weight = weight - 1 WHERE {$idName} != %1 AND weight > %2"; if ($filter) { $query .= " AND {$filter}"; } $params = array(1 => array($src, 'Integer'), 2 => array($srcWeight, 'Integer')); CRM_Core_DAO::executeQuery($query, $params); } self::fixOrderOutput($url); }
/** *Function to check the CMS username * */ public static function checkUserName() { $signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), array('for', 'ts')); if (CRM_Utils_Time::getTimeRaw() > $_REQUEST['ts'] + self::CHECK_USERNAME_TTL || $_REQUEST['for'] != 'civicrm/ajax/cmsuser' || !$signer->validate($_REQUEST['sig'], $_REQUEST)) { $user = array('name' => 'error'); echo json_encode($user); CRM_Utils_System::civiExit(); } $config = CRM_Core_Config::singleton(); $username = trim($_REQUEST['cms_name']); $params = array('name' => $username); $errors = array(); $config->userSystem->checkUserNameEmailExists($params, $errors); if (isset($errors['cms_name']) || isset($errors['name'])) { //user name is not availble $user = array('name' => 'no'); echo json_encode($user); } else { //user name is available $user = array('name' => 'yes'); echo json_encode($user); } CRM_Utils_System::civiExit(); }
/** * This function for building custom fields * * @param object $qf form object (reference) * @param string $elementName name of the custom field * @param boolean $inactiveNeeded * @param boolean $userRequired true if required else false * @param boolean $search true if used for search else false * @param string $label label for custom field * * @access public * @static */ public static function addQuickFormElement(&$qf, $elementName, $fieldId, $inactiveNeeded = FALSE, $useRequired = TRUE, $search = FALSE, $label = NULL) { // we use $_POST directly, since we dont want to use session memory, CRM-4677 if (isset($_POST['_qf_Relationship_refresh']) && ($_POST['_qf_Relationship_refresh'] == 'Search' || $_POST['_qf_Relationship_refresh'] == 'Search Again')) { $useRequired = FALSE; } $field = self::getFieldObject($fieldId); // Custom field HTML should indicate group+field name $groupName = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_CustomGroup', $field->custom_group_id); $dataCrmCustomVal = $groupName . ':' . $field->name; $dataCrmCustomAttr = 'data-crm-custom="' . $dataCrmCustomVal . '"'; $field->attributes .= $dataCrmCustomAttr; // Fixed for Issue CRM-2183 if ($field->html_type == 'TextArea' && $search) { $field->html_type = 'Text'; } if (!isset($label)) { $label = $field->label; } /** * at some point in time we might want to split the below into small functions **/ switch ($field->html_type) { case 'Text': if ($field->is_search_range && $search) { $qf->add('text', $elementName . '_from', $label . ' ' . ts('From'), $field->attributes); $qf->add('text', $elementName . '_to', ts('To'), $field->attributes); } else { $element =& $qf->add(strtolower($field->html_type), $elementName, $label, $field->attributes, $useRequired && !$search); } break; case 'TextArea': $attributes = $dataCrmCustomAttr; if ($field->note_rows) { $attributes .= 'rows=' . $field->note_rows; } else { $attributes .= 'rows=4'; } if ($field->note_columns) { $attributes .= ' cols=' . $field->note_columns; } else { $attributes .= ' cols=60'; } if ($field->text_length) { $attributes .= ' maxlength=' . $field->text_length; } $element =& $qf->add(strtolower($field->html_type), $elementName, $label, $attributes, $useRequired && !$search); break; case 'Select Date': if ($field->is_search_range && $search) { $qf->addDate($elementName . '_from', $label . ' - ' . ts('From'), FALSE, array('format' => $field->date_format, 'timeFormat' => $field->time_format, 'startOffset' => $field->start_date_years, 'endOffset' => $field->end_date_years, 'data-crm-custom' => $dataCrmCustomVal)); $qf->addDate($elementName . '_to', ts('To'), FALSE, array('format' => $field->date_format, 'timeFormat' => $field->time_format, 'startOffset' => $field->start_date_years, 'endOffset' => $field->end_date_years, 'data-crm-custom' => $dataCrmCustomVal)); } else { $required = $useRequired && !$search; $qf->addDate($elementName, $label, $required, array('format' => $field->date_format, 'timeFormat' => $field->time_format, 'startOffset' => $field->start_date_years, 'endOffset' => $field->end_date_years, 'data-crm-custom' => $dataCrmCustomVal)); } break; case 'Radio': $choice = array(); if ($field->data_type != 'Boolean') { $customOption =& CRM_Core_BAO_CustomOption::valuesByID($field->id, $field->option_group_id); foreach ($customOption as $v => $l) { $choice[] = $qf->createElement('radio', NULL, '', $l, (string) $v, $field->attributes); } $qf->addGroup($choice, $elementName, $label); } else { $choice[] = $qf->createElement('radio', NULL, '', ts('Yes'), '1', $field->attributes); $choice[] = $qf->createElement('radio', NULL, '', ts('No'), '0', $field->attributes); $qf->addGroup($choice, $elementName, $label); } if ($useRequired && !$search) { $qf->addRule($elementName, ts('%1 is a required field.', array(1 => $label)), 'required'); } break; case 'Select': $selectOption =& CRM_Core_BAO_CustomOption::valuesByID($field->id, $field->option_group_id); $qf->add('select', $elementName, $label, array('' => ts('- select -')) + $selectOption, $useRequired && !$search, $dataCrmCustomAttr); break; //added for select multiple //added for select multiple case 'AdvMulti-Select': $selectOption =& CRM_Core_BAO_CustomOption::valuesByID($field->id, $field->option_group_id); if ($search && count($selectOption) > 1) { $selectOption['CiviCRM_OP_OR'] = ts('Select to match ANY; unselect to match ALL'); } $include =& $qf->addElement('advmultiselect', $elementName, $label, $selectOption, array('size' => 5, 'style' => '', 'class' => 'advmultiselect', 'data-crm-custom' => $dataCrmCustomVal)); $include->setButtonAttributes('add', array('value' => ts('Add >>'))); $include->setButtonAttributes('remove', array('value' => ts('<< Remove'))); if ($useRequired && !$search) { $qf->addRule($elementName, ts('%1 is a required field.', array(1 => $label)), 'required'); } break; case 'Multi-Select': $selectOption =& CRM_Core_BAO_CustomOption::valuesByID($field->id, $field->option_group_id); if ($search && count($selectOption) > 1) { $selectOption['CiviCRM_OP_OR'] = ts('Select to match ANY; unselect to match ALL'); } $qf->addElement('select', $elementName, $label, $selectOption, array('size' => '5', 'multiple', 'data-crm-custom' => $dataCrmCustomVal)); if ($useRequired && !$search) { $qf->addRule($elementName, ts('%1 is a required field.', array(1 => $label)), 'required'); } break; case 'CheckBox': $customOption = CRM_Core_BAO_CustomOption::valuesByID($field->id, $field->option_group_id); $check = array(); foreach ($customOption as $v => $l) { $check[] =& $qf->addElement('advcheckbox', $v, NULL, $l, array('data-crm-custom' => $dataCrmCustomVal)); } if ($search && count($check) > 1) { $check[] =& $qf->addElement('advcheckbox', 'CiviCRM_OP_OR', NULL, ts('Check to match ANY; uncheck to match ALL'), array('data-crm-custom' => $dataCrmCustomVal)); } $qf->addGroup($check, $elementName, $label); if ($useRequired && !$search) { $qf->addRule($elementName, ts('%1 is a required field.', array(1 => $label)), 'required'); } break; case 'File': // we should not build upload file in search mode if ($search) { return; } $qf->add(strtolower($field->html_type), $elementName, $label, $field->attributes, $useRequired && !$search); $qf->addUploadElement($elementName); break; case 'Select State/Province': //Add State $stateOption = array('' => ts('- select -')) + CRM_Core_PseudoConstant::stateProvince(); $qf->add('select', $elementName, $label, $stateOption, $useRequired && !$search, $dataCrmCustomAttr); break; case 'Multi-Select State/Province': //Add Multi-select State/Province $stateOption = CRM_Core_PseudoConstant::stateProvince(); $qf->addElement('select', $elementName, $label, $stateOption, array('size' => '5', 'multiple', 'data-crm-custom' => $dataCrmCustomVal)); if ($useRequired && !$search) { $qf->addRule($elementName, ts('%1 is a required field.', array(1 => $label)), 'required'); } break; case 'Select Country': //Add Country $countryOption = array('' => ts('- select -')) + CRM_Core_PseudoConstant::country(); $qf->add('select', $elementName, $label, $countryOption, $useRequired && !$search, $dataCrmCustomAttr); break; case 'Multi-Select Country': //Add Country $countryOption = CRM_Core_PseudoConstant::country(); $qf->addElement('select', $elementName, $label, $countryOption, array('size' => '5', 'multiple', 'data-crm-custom' => $dataCrmCustomVal)); if ($useRequired && !$search) { $qf->addRule($elementName, ts('%1 is a required field.', array(1 => $label)), 'required'); } break; case 'RichTextEditor': $attributes = array('rows' => $field->note_rows, 'cols' => $field->note_columns, 'data-crm-custom' => $dataCrmCustomVal); if ($field->text_length) { $attributes['maxlength'] = $field->text_length; } $qf->addWysiwyg($elementName, $label, $attributes, $search); break; case 'Autocomplete-Select': $qf->add('text', $elementName, $label, $field->attributes, $useRequired && !$search); $hiddenEleName = $elementName . '_id'; if (substr($elementName, -1) == ']') { $hiddenEleName = substr($elementName, 0, -1) . '_id]'; } $qf->addElement('hidden', $hiddenEleName, '', array('id' => str_replace(array(']', '['), array('', '_'), $hiddenEleName))); static $customUrls = array(); if ($field->data_type == 'ContactReference') { //$urlParams = "className=CRM_Contact_Page_AJAX&fnName=getContactList&json=1&reset=1&context=customfield&id={$field->id}"; $urlParams = "context=customfield&id={$field->id}"; $customUrls[$elementName] = CRM_Utils_System::url('civicrm/ajax/contactref', $urlParams, FALSE, NULL, FALSE); $actualElementValue = $qf->getSubmitValue($hiddenEleName); $qf->addRule($elementName, ts('Select a valid contact for %1.', array(1 => $label)), 'validContact', $actualElementValue); } else { $signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), array('cfid', 'ogid', 'sigts')); $signParams = array('reset' => 1, 'sigts' => CRM_Utils_Time::getTimeRaw(), 'ogid' => $field->option_group_id, 'cfid' => $field->id); $signParams['sig'] = $signer->sign($signParams); $customUrls[$elementName] = CRM_Utils_System::url('civicrm/ajax/auto', $signParams, FALSE, NULL, FALSE); $qf->addRule($elementName, ts('Select a valid value for %1.', array(1 => $label)), 'autocomplete', array('fieldID' => $field->id, 'optionGroupID' => $field->option_group_id)); } $qf->assign('customUrls', $customUrls); break; } switch ($field->data_type) { case 'Int': // integers will have numeric rule applied to them. if ($field->is_search_range && $search) { $qf->addRule($elementName . '_from', ts('%1 From must be an integer (whole number).', array(1 => $label)), 'integer'); $qf->addRule($elementName . '_to', ts('%1 To must be an integer (whole number).', array(1 => $label)), 'integer'); } else { $qf->addRule($elementName, ts('%1 must be an integer (whole number).', array(1 => $label)), 'integer'); } break; case 'Float': if ($field->is_search_range && $search) { $qf->addRule($elementName . '_from', ts('%1 From must be a number (with or without decimal point).', array(1 => $label)), 'numeric'); $qf->addRule($elementName . '_to', ts('%1 To must be a number (with or without decimal point).', array(1 => $label)), 'numeric'); } else { $qf->addRule($elementName, ts('%1 must be a number (with or without decimal point).', array(1 => $label)), 'numeric'); } break; case 'Money': if ($field->is_search_range && $search) { $qf->addRule($elementName . '_from', ts('%1 From must in proper money format. (decimal point/comma/space is allowed).', array(1 => $label)), 'money'); $qf->addRule($elementName . '_to', ts('%1 To must in proper money format. (decimal point/comma/space is allowed).', array(1 => $label)), 'money'); } else { $qf->addRule($elementName, ts('%1 must be in proper money format. (decimal point/comma/space is allowed).', array(1 => $label)), 'money'); } break; case 'Link': $qf->add('text', $elementName, $label, array('onfocus' => "if (!this.value) { this.value='http://';} else return false", 'onblur' => "if ( this.value == 'http://') { this.value='';} else return false", 'data-crm-custom' => $dataCrmCustomVal), $useRequired && !$search); $qf->addRule($elementName, ts('Enter a valid Website.'), 'wikiURL'); break; } if ($field->is_view && !$search) { $qf->freeze($elementName); } }