function vtSortFieldsJson($request) { $moduleName = $request['module_name']; checkFileAccessForInclusion("modules/{$moduleName}/{$moduleName}.php"); require_once "modules/{$moduleName}/{$moduleName}.php"; $focus = new $moduleName(); echo Zend_Json::encode($focus->sortby_fields); }
static function getInstance($providername) { if (!empty($providername)) { $providername = trim($providername); $filepath = dirname(__FILE__) . "/providers/{$providername}.php"; checkFileAccessForInclusion($filepath); if (!class_exists($providername)) { include_once $filepath; } return new $providername(); } return false; }
static function getInstance($module) { $modName = $module; if ($module == 'Calendar' || $module == 'Events') { $module = 'Calendar'; $modName = 'Activity'; } // File access security check if (!class_exists($modName)) { checkFileAccessForInclusion("modules/{$module}/{$modName}.php"); require_once "modules/{$module}/{$modName}.php"; } $focus = new $modName(); return $focus; }
static function models() { $adb = PearDatabase::getInstance(); $models = array(); $handlerResult = $adb->pquery("SELECT * FROM vtiger_mobile_alerts WHERE deleted = 0", array()); if ($adb->num_rows($handlerResult)) { while ($handlerRow = $adb->fetch_array($handlerResult)) { $handlerPath = $handlerRow['handler_path']; if (file_exists($handlerPath)) { checkFileAccessForInclusion($handlerPath); include_once $handlerPath; $alertModel = new $handlerRow['handler_class'](); $alertModel->alertid = $handlerRow['id']; $models[] = $alertModel; } } } return $models; }
static function handle($uid) { $db = PearDatabase::getInstance(); $rs = $db->pquery('SELECT * FROM vtiger_shorturls WHERE uid=?', array($uid)); if ($rs && $db->num_rows($rs)) { $record = $db->fetch_array($rs); $handlerPath = decode_html($record['handler_path']); $handlerClass = decode_html($record['handler_class']); $handlerFn = decode_html($record['handler_function']); $handlerData = json_decode(decode_html($record['handler_data']), true); checkFileAccessForInclusion($handlerPath); require_once $handlerPath; $handler = new $handlerClass(); // Delete onetime URL if ($record['onetime']) { $db->pquery('DELETE FROM vtiger_shorturls WHERE id=?', array($record['id'])); } call_user_func(array($handler, $handlerFn), $handlerData); } else { echo '<h3>Link you have used is invalid or has expired. .</h3>'; } }
function process(MailManager_Request $request) { if (!$request->has('_operation')) { return $this->processRoot($request); } $operation = $request->getOperation(); $controllerInfo = self::$controllers[$operation]; // TODO Handle case when controller information is not available $controllerFile = dirname(__FILE__) . '/' . $controllerInfo['file']; checkFileAccessForInclusion($controllerFile); include_once $controllerFile; $controller = new $controllerInfo['class'](); // Making sure to close the open connection if ($controller) { $controller->closeConnector(); } $response = $controller->process($request); if ($response) { $response->emit(); } unset($request); unset($response); }
/** * Function to include a given php file through qualified file name * @param <String> $qualifiedName * @param <Boolean> $supressWarning * @return <Boolean> */ static function includeOnce($qualifiedName, $supressWarning = false) { if (isset(self::$includeCache[$qualifiedName])) { return true; } $file = self::resolveNameToPath($qualifiedName); if (!file_exists($file)) { return false; } // Check file inclusion before including it checkFileAccessForInclusion($file); $status = -1; if ($supressWarning) { $status = @(include_once $file); } else { $status = (include_once $file); } $success = $status === 0 ? false : true; if ($success) { self::$includeCache[$qualifiedName] = $file; } return $success; }
exit; } if (isset($_REQUEST['file']) && $_REQUEST['file'] != '' && !isset($_REQUEST['ajax'])) { checkFileAccessForInclusion("modules/" . $_REQUEST['module'] . "/" . $_REQUEST['file'] . ".php"); require_once "modules/" . $_REQUEST['module'] . "/" . $_REQUEST['file'] . ".php"; exit; } $mailid = vtlib_purify($_REQUEST["mailid"]); if (isset($_REQUEST["mailbox"]) && $_REQUEST["mailbox"] != "") { $mailbox = vtlib_purify($_REQUEST["mailbox"]); } else { $mailbox = "INBOX"; } $adb->println("Inside WebmailsAjax.php"); if (isset($_POST["file"]) && $_POST["ajax"] == "true") { checkFileAccessForInclusion("modules/" . $_REQUEST["module"] . "/" . $_POST["file"] . ".php"); require_once "modules/" . $_REQUEST["module"] . "/" . $_POST["file"] . ".php"; } if (isset($_REQUEST["command"]) && $_REQUEST["command"] != "") { $command = $_REQUEST["command"]; if ($command == "expunge") { $MailBox = new MailBox($mailbox); imap_expunge($MailBox->mbox); $MailBox = new MailBox($mailbox); $elist = $MailBox->mailList; $num_mails = $elist['count']; $start_page = cal_start($num_mails, $MailBox->mails_per_page); imap_close($MailBox->mbox); echo $start_page; flush(); exit;
/** * Process the UI Widget requested * @param Vtiger_Link $widgetLinkInfo * @param Current Smarty Context $context * @return */ function vtlib_process_widget($widgetLinkInfo, $context = false) { if (preg_match("/^block:\\/\\/(.*)/", $widgetLinkInfo->linkurl, $matches)) { list($widgetControllerClass, $widgetControllerClassFile) = explode(':', $matches[1]); if (!class_exists($widgetControllerClass)) { checkFileAccessForInclusion($widgetControllerClassFile); include_once $widgetControllerClassFile; } if (class_exists($widgetControllerClass)) { $widgetControllerInstance = new $widgetControllerClass(); $widgetInstance = $widgetControllerInstance->getWidget($widgetLinkInfo->linklabel); if ($widgetInstance) { return $widgetInstance->process($context); } } } return ""; }
<?php /*+******************************************************************************** * The contents of this file are subject to the vtiger CRM Public License Version 1.0 * ("License"); You may not use this file except in compliance with the License * The Original Code is: vtiger CRM Open Source * The Initial Developer of the Original Code is vtiger. * Portions created by vtiger are Copyright (C) vtiger. * All Rights Reserved. ********************************************************************************/ if (isset($_REQUEST['file']) && $_REQUEST['file'] != '') { checkFileAccessForInclusion('modules/Settings/' . vtlib_purify($_REQUEST['file']) . '.php'); require_once 'modules/Settings/' . vtlib_purify($_REQUEST['file']) . '.php'; } if (isset($_REQUEST['orgajax']) && $_REQUEST['orgajax'] != '') { checkFileAccessForInclusion('modules/Settings/CreateSharingRule.php'); require_once 'modules/Settings/CreateSharingRule.php'; } elseif (isset($_REQUEST['announce_save']) && $_REQUEST['announce_save'] != '') { $date_var = date('Y-m-d H:i:s'); $announcement = vtlib_purify(from_html($_REQUEST['announcement'])); //Change ##$## to & (reverse process has done in Smarty/templates/Settings/Announcements.tpl) $announcement = str_replace("##\$##", "&", $announcement); $title = vtlib_purify($_REQUEST['title_announcement']); $sql = "select * from vtiger_announcement where creatorid=?"; $is_announce = $adb->pquery($sql, array($current_user->id)); if ($adb->num_rows($is_announce) > 0) { $query = "update vtiger_announcement set announcement=?,time=?,title=? where creatorid=?"; $params = array($announcement, $adb->formatDate($date_var, true), 'announcement', $current_user->id); } else { $query = "insert into vtiger_announcement values (?,?,?,?)"; $params = array($current_user->id, $announcement, 'announcement', $adb->formatDate($date_var, true));
global $theme; $theme_path = "themes/" . $theme . "/"; $image_path = $theme_path . "images/"; $log->info($mod_strings['LBL_MODULE_NAME'] . " Upload Step 1"); $smarty = new vtigerCRM_Smarty(); $smarty->assign("MOD", $mod_strings); $smarty->assign("APP", $app_strings); $smarty->assign("IMP", $import_mod_strings); $smarty->assign("CATEGORY", htmlspecialchars($_REQUEST['parenttab'], ENT_QUOTES, $default_charset)); $import_object_array = array("Leads" => "ImportLead", "Accounts" => "ImportAccount", "Contacts" => "ImportContact", "Potentials" => "ImportOpportunity", "Products" => "ImportProduct", "HelpDesk" => "ImportTicket", "Vendors" => "ImportVendors"); if (isset($_REQUEST['module']) && $_REQUEST['module'] != '') { $object_name = $import_object_array[$_REQUEST['module']]; // vtlib customization: Hook added to enable import for un-mapped modules $module = $_REQUEST['module']; if ($object_name == null) { checkFileAccessForInclusion("modules/{$module}/{$module}.php"); require_once "modules/{$module}/{$module}.php"; $object_name = $module; $callInitImport = true; } // END $focus = new $object_name(); // vtlib customization: Call the import initializer if ($callInitImport) { $focus->initImport($module); } // END } else { echo "Sorry! Import Option is not provided for this module."; exit; }
/** * Create query to export the records. */ function create_export_query($where) { global $current_user; $thismodule = $_REQUEST['module']; include "include/utils/ExportUtils.php"; //To get the Permitted fields query and the permitted fields list $sql = getPermittedFieldsQuery($thismodule, "detail_view"); $fields_list = getFieldsListFromQuery($sql); $query = "SELECT {$fields_list}, vtiger_users.user_name AS user_name \n\t\t\t\tFROM vtiger_crmentity INNER JOIN {$this->table_name} ON vtiger_crmentity.crmid={$this->table_name}.{$this->table_index}"; if (!empty($this->customFieldTable)) { $query .= " INNER JOIN " . $this->customFieldTable[0] . " ON " . $this->customFieldTable[0] . '.' . $this->customFieldTable[1] . " = {$this->table_name}.{$this->table_index}"; } $query .= " LEFT JOIN vtiger_groups ON vtiger_groups.groupid = vtiger_crmentity.smownerid"; $query .= " LEFT JOIN vtiger_users ON vtiger_crmentity.smownerid = vtiger_users.id and vtiger_users.status='Active'"; $linkedModulesQuery = $this->db->pquery("SELECT distinct fieldname, columnname, relmodule FROM vtiger_field" . " INNER JOIN vtiger_fieldmodulerel ON vtiger_fieldmodulerel.fieldid = vtiger_field.fieldid" . " WHERE uitype='10' AND vtiger_fieldmodulerel.module=?", array($thismodule)); $linkedFieldsCount = $this->db->num_rows($linkedModulesQuery); for ($i = 0; $i < $linkedFieldsCount; $i++) { $related_module = $this->db->query_result($linkedModulesQuery, $i, 'relmodule'); $fieldname = $this->db->query_result($linkedModulesQuery, $i, 'fieldname'); $columnname = $this->db->query_result($linkedModulesQuery, $i, 'columnname'); checkFileAccessForInclusion("modules/{$related_module}/{$related_module}.php"); require_once "modules/{$related_module}/{$related_module}.php"; $other = new $related_module(); vtlib_setup_modulevars($related_module, $other); $query .= " LEFT JOIN {$other->table_name} ON {$other->table_name}.{$other->table_index} = {$this->table_name}.{$columnname}"; } $where_auto = " vtiger_crmentity.deleted=0"; if ($where != '') { $query .= " WHERE ({$where}) AND {$where_auto}"; } else { $query .= " WHERE {$where_auto}"; } require 'user_privileges/user_privileges_' . $current_user->id . '.php'; require 'user_privileges/sharing_privileges_' . $current_user->id . '.php'; // Security Check for Field Access if ($is_admin == false && $profileGlobalPermission[1] == 1 && $profileGlobalPermission[2] == 1 && $defaultOrgSharingPermission[7] == 3) { //Added security check to get the permitted records only $query = $query . " " . getListViewSecurityParameter($thismodule); } return $query; }
/** Function to insert values in the specifed table for the specified module * @param $table_name -- table name:: Type varchar * @param $module -- module:: Type varchar */ function insertIntoEntityTable($table_name, $module, $fileid = '') { global $log; global $current_user, $app_strings; $log->info("function insertIntoEntityTable " . $module . ' vtiger_table name ' . $table_name); global $adb; $insertion_mode = $this->mode; //Checkin whether an entry is already is present in the vtiger_table to update if ($insertion_mode == 'edit') { $tablekey = $this->tab_name_index[$table_name]; // Make selection on the primary key of the module table to check. $check_query = "select {$tablekey} from {$table_name} where {$tablekey}=?"; $check_result = $adb->pquery($check_query, array($this->id)); $num_rows = $adb->num_rows($check_result); if ($num_rows <= 0) { $insertion_mode = ''; } } $tabid = getTabid($module); if ($module == 'Calendar' && $this->column_fields["activitytype"] != null && $this->column_fields["activitytype"] != 'Task') { $tabid = getTabid('Events'); } if ($insertion_mode == 'edit') { $update = array(); $update_params = array(); checkFileAccessForInclusion('user_privileges/user_privileges_' . $current_user->id . '.php'); require 'user_privileges/user_privileges_' . $current_user->id . '.php'; if ($is_admin == true || $profileGlobalPermission[1] == 0 || $profileGlobalPermission[2] == 0) { $sql = "select * from vtiger_field where tabid in (" . generateQuestionMarks($tabid) . ") and tablename=? and displaytype in (1,3) and presence in (0,2) group by columnname"; $params = array($tabid, $table_name); } else { $profileList = getCurrentUserProfileList(); if (count($profileList) > 0) { $sql = "SELECT *\n\t\t\t \t\t\tFROM vtiger_field\n\t\t\t \t\t\tINNER JOIN vtiger_profile2field\n\t\t\t \t\t\tON vtiger_profile2field.fieldid = vtiger_field.fieldid\n\t\t\t \t\t\tINNER JOIN vtiger_def_org_field\n\t\t\t \t\t\tON vtiger_def_org_field.fieldid = vtiger_field.fieldid\n\t\t\t \t\t\tWHERE vtiger_field.tabid = ?\n\t\t\t \t\t\tAND vtiger_profile2field.visible = 0 AND vtiger_profile2field.readonly = 0\n\t\t\t \t\t\tAND vtiger_profile2field.profileid IN (" . generateQuestionMarks($profileList) . ")\n\t\t\t \t\t\tAND vtiger_def_org_field.visible = 0 and vtiger_field.tablename=? and vtiger_field.displaytype in (1,3) and vtiger_field.presence in (0,2) group by columnname"; $params = array($tabid, $profileList, $table_name); } else { $sql = "SELECT *\n\t\t\t \t\t\tFROM vtiger_field\n\t\t\t \t\t\tINNER JOIN vtiger_profile2field\n\t\t\t \t\t\tON vtiger_profile2field.fieldid = vtiger_field.fieldid\n\t\t\t \t\t\tINNER JOIN vtiger_def_org_field\n\t\t\t \t\t\tON vtiger_def_org_field.fieldid = vtiger_field.fieldid\n\t\t\t \t\t\tWHERE vtiger_field.tabid = ?\n\t\t\t \t\t\tAND vtiger_profile2field.visible = 0 AND vtiger_profile2field.readonly = 0\n\t\t\t \t\t\tAND vtiger_def_org_field.visible = 0 and vtiger_field.tablename=? and vtiger_field.displaytype in (1,3) and vtiger_field.presence in (0,2) group by columnname"; $params = array($tabid, $table_name); } } } else { $table_index_column = $this->tab_name_index[$table_name]; if ($table_index_column == 'id' && $table_name == 'vtiger_users') { $currentuser_id = $adb->getUniqueID("vtiger_users"); $this->id = $currentuser_id; } $column = array($table_index_column); $value = array($this->id); $sql = "select * from vtiger_field where tabid=? and tablename=? and displaytype in (1,3,4) and vtiger_field.presence in (0,2)"; $params = array($tabid, $table_name); } // Attempt to re-use the quer-result to avoid reading for every save operation // TODO Need careful analysis on impact ... MEMORY requirement might be more static $_privatecache = array(); $cachekey = "{$insertion_mode}-" . implode(',', $params); if (!isset($_privatecache[$cachekey])) { $result = $adb->pquery($sql, $params); $noofrows = $adb->num_rows($result); if (CRMEntity::isBulkSaveMode()) { $cacheresult = array(); for ($i = 0; $i < $noofrows; ++$i) { $cacheresult[] = $adb->fetch_array($result); } $_privatecache[$cachekey] = $cacheresult; } } else { // Useful when doing bulk save $result = $_privatecache[$cachekey]; $noofrows = count($result); } for ($i = 0; $i < $noofrows; $i++) { $fieldname = $this->resolve_query_result_value($result, $i, "fieldname"); $columname = $this->resolve_query_result_value($result, $i, "columnname"); $uitype = $this->resolve_query_result_value($result, $i, "uitype"); $generatedtype = $this->resolve_query_result_value($result, $i, "generatedtype"); $typeofdata = $this->resolve_query_result_value($result, $i, "typeofdata"); $typeofdata_array = explode("~", $typeofdata); $datatype = $typeofdata_array[0]; $ajaxSave = false; if ($_REQUEST['file'] == 'DetailViewAjax' && $_REQUEST['ajxaction'] == 'DETAILVIEW' && isset($_REQUEST["fldName"]) && $_REQUEST["fldName"] != $fieldname || $_REQUEST['action'] == 'MassEditSave' && !isset($_REQUEST[$fieldname . "_mass_edit_check"])) { $ajaxSave = true; } if ($uitype == 4 && $insertion_mode != 'edit') { $fldvalue = ''; // Bulk Save Mode: Avoid generation of module sequence number, take care later. // SalesPlatform.ru begin: Added separate numbering for self organizations if (!CRMEntity::isBulkSaveMode()) { $modules = array('Invoice', 'Act', 'Consignment'); if (in_array($module, $modules) && isset($this->column_fields['spcompany'])) { $fldvalue = $this->setModuleSeqNumber("increment", $module, '', '', $this->column_fields['spcompany']); } else { $fldvalue = $this->setModuleSeqNumber("increment", $module); } //$fldvalue = $this->setModuleSeqNumber("increment", $module); } // SalesPlatform.ru end $this->column_fields[$fieldname] = $fldvalue; } if (isset($this->column_fields[$fieldname])) { if ($uitype == 56) { if ($this->column_fields[$fieldname] == 'on' || $this->column_fields[$fieldname] == 1) { $fldvalue = '1'; } else { $fldvalue = '0'; } } elseif ($uitype == 15 || $uitype == 16) { if ($this->column_fields[$fieldname] == $app_strings['LBL_NOT_ACCESSIBLE']) { //If the value in the request is Not Accessible for a picklist, the existing value will be replaced instead of Not Accessible value. $sql = "select {$columname} from {$table_name} where " . $this->tab_name_index[$table_name] . "=?"; $res = $adb->pquery($sql, array($this->id)); $pick_val = $adb->query_result($res, 0, $columname); $fldvalue = $pick_val; } else { $fldvalue = $this->column_fields[$fieldname]; } } elseif ($uitype == 33) { if (is_array($this->column_fields[$fieldname])) { $field_list = implode(' |##| ', $this->column_fields[$fieldname]); } else { $field_list = $this->column_fields[$fieldname]; } if ($field_list == '') { $fldvalue = NULL; } else { $fldvalue = $field_list; } } elseif ($uitype == 5 || $uitype == 6 || $uitype == 23) { //Added to avoid function call getDBInsertDateValue in ajax save if (isset($current_user->date_format) && !$ajaxSave) { $fldvalue = getValidDBInsertDateValue($this->column_fields[$fieldname]); } else { $fldvalue = $this->column_fields[$fieldname]; } } elseif ($uitype == 7) { //strip out the spaces and commas in numbers if given ie., in amounts there may be , $fldvalue = str_replace(",", "", $this->column_fields[$fieldname]); //trim($this->column_fields[$fieldname],","); } elseif ($uitype == 26) { if (empty($this->column_fields[$fieldname])) { $fldvalue = 1; //the documents will stored in default folder } else { $fldvalue = $this->column_fields[$fieldname]; } } elseif ($uitype == 28) { if ($this->column_fields[$fieldname] == null) { $fileQuery = $adb->pquery("SELECT filename from vtiger_notes WHERE notesid = ?", array($this->id)); $fldvalue = null; if (isset($fileQuery)) { $rowCount = $adb->num_rows($fileQuery); if ($rowCount > 0) { $fldvalue = decode_html($adb->query_result($fileQuery, 0, 'filename')); } } } else { $fldvalue = decode_html($this->column_fields[$fieldname]); } } elseif ($uitype == 8) { $this->column_fields[$fieldname] = rtrim($this->column_fields[$fieldname], ','); $ids = explode(',', $this->column_fields[$fieldname]); $json = new Zend_Json(); $fldvalue = $json->encode($ids); } elseif ($uitype == 12) { // Bulk Sae Mode: Consider the FROM email address as specified, if not lookup $fldvalue = $this->column_fields[$fieldname]; if (empty($fldvalue)) { $query = "SELECT email1 FROM vtiger_users WHERE id = ?"; $res = $adb->pquery($query, array($current_user->id)); $rows = $adb->num_rows($res); if ($rows > 0) { $fldvalue = $adb->query_result($res, 0, 'email1'); } } // END } elseif ($uitype == 72 && !$ajaxSave) { // Some of the currency fields like Unit Price, Totoal , Sub-total - doesn't need currency conversion during save $fldvalue = CurrencyField::convertToDBFormat($this->column_fields[$fieldname], null, true); } elseif ($uitype == 71 && !$ajaxSave) { $fldvalue = CurrencyField::convertToDBFormat($this->column_fields[$fieldname]); } else { $fldvalue = $this->column_fields[$fieldname]; } if ($uitype != 33 && $uitype != 8) { $fldvalue = from_html($fldvalue, $insertion_mode == 'edit' ? true : false); } } else { $fldvalue = ''; } if ($fldvalue == '') { $fldvalue = $this->get_column_value($columname, $fldvalue, $fieldname, $uitype, $datatype); } if ($insertion_mode == 'edit') { if ($table_name != 'vtiger_ticketcomments' && $uitype != 4) { array_push($update, $columname . "=?"); array_push($update_params, $fldvalue); } } else { array_push($column, $columname); array_push($value, $fldvalue); } } if ($insertion_mode == 'edit') { if ($module == 'Potentials') { $dbquery = 'select sales_stage from vtiger_potential where potentialid = ?'; $sales_stage = $adb->query_result($adb->pquery($dbquery, array($this->id)), 0, 'sales_stage'); if ($sales_stage != $_REQUEST['sales_stage'] && $_REQUEST['sales_stage'] != '') { $date_var = date("Y-m-d H:i:s"); $closingDateField = new DateTimeField($this->column_fields['closingdate']); $closingdate = $_REQUEST['ajxaction'] == 'DETAILVIEW' ? $this->column_fields['closingdate'] : $closingDateField->getDBInsertDateValue(); $sql = "insert into vtiger_potstagehistory values(?,?,?,?,?,?,?,?)"; $params = array('', $this->id, $this->column_fields['amount'], decode_html($sales_stage), $this->column_fields['probability'], 0, $adb->formatDate($closingdate, true), $adb->formatDate($date_var, true)); $adb->pquery($sql, $params); } } elseif ($module == 'PurchaseOrder' || $module == 'SalesOrder' || $module == 'Quotes' || $module == 'Invoice' || $module == 'Act' || $module == 'Consignment') { //elseif ($module == 'PurchaseOrder' || $module == 'SalesOrder' || $module == 'Quotes' || $module == 'Invoice') { // SalesPlatform.ru end //added to update the history for PO, SO, Quotes and Invoice $history_field_array = array("Act" => "sp_actstatus", "Consignment" => "sp_consignmentstatus", "PurchaseOrder" => "postatus", "SalesOrder" => "sostatus", "Quotes" => "quotestage", "Invoice" => "invoicestatus"); $inventory_module = $module; if ($_REQUEST['ajxaction'] == 'DETAILVIEW') { //if we use ajax edit if ($inventory_module == "PurchaseOrder") { $relatedname = getVendorName($this->column_fields['vendor_id']); } else { $relatedname = getAccountName($this->column_fields['account_id']); } $total = $this->column_fields['hdnGrandTotal']; } else { //using edit button and save if ($inventory_module == "PurchaseOrder") { $relatedname = $_REQUEST["vendor_name"]; } else { $relatedname = $_REQUEST["account_name"]; } $total = $_REQUEST['total']; } if ($this->column_fields["{$history_field_array[$inventory_module]}"] == $app_strings['LBL_NOT_ACCESSIBLE']) { //If the value in the request is Not Accessible for a picklist, the existing value will be replaced instead of Not Accessible value. $his_col = $history_field_array[$inventory_module]; $his_sql = "select {$his_col} from {$this->table_name} where " . $this->table_index . "=?"; $his_res = $adb->pquery($his_sql, array($this->id)); $status_value = $adb->query_result($his_res, 0, $his_col); $stat_value = $status_value; } else { $stat_value = $this->column_fields["{$history_field_array[$inventory_module]}"]; } $oldvalue = getSingleFieldValue($this->table_name, $history_field_array[$inventory_module], $this->table_index, $this->id); if ($this->column_fields["{$history_field_array[$inventory_module]}"] != '' && $oldvalue != $stat_value) { addInventoryHistory($inventory_module, $this->id, $relatedname, $total, $stat_value); } } //Check done by Don. If update is empty the the query fails if (count($update) > 0) { $sql1 = "update {$table_name} set " . implode(",", $update) . " where " . $this->tab_name_index[$table_name] . "=?"; array_push($update_params, $this->id); $adb->pquery($sql1, $update_params); } } else { $sql1 = "insert into {$table_name}(" . implode(",", $column) . ") values(" . generateQuestionMarks($value) . ")"; $adb->pquery($sql1, $value); } }
function get_project_components($id, $module, $customerid, $sessionid) { checkFileAccessForInclusion("modules/{$module}/{$module}.php"); require_once "modules/{$module}/{$module}.php"; require_once 'include/utils/UserInfoUtil.php'; $adb = PearDatabase::getInstance(); $log = vglobal('log'); $log->debug("Entering customer portal function get_project_components .."); $check = checkModuleActive($module); if ($check == false) { return array("#MODULE INACTIVE#"); } if (!validateSession($customerid, $sessionid)) { return null; } $user = new Users(); $userid = getPortalUserid(); $current_user = $user->retrieveCurrentUserInfoFromFile($userid); $focus = new $module(); $focus->filterInactiveFields($module); $componentfieldVisibilityByColumn = array(); $fields_list = array(); foreach ($focus->list_fields as $fieldlabel => $values) { foreach ($values as $table => $fieldname) { $fields_list[$fieldlabel] = $fieldname; $componentfieldVisibilityByColumn[$fieldname] = getColumnVisibilityPermission($current_user->id, $fieldname, $module); } } if ($module == 'ProjectTask') { $query = "SELECT vtiger_projecttask.*, vtiger_crmentity.smownerid\n\t\t\t\tFROM vtiger_projecttask\n\t\t\t\tINNER JOIN vtiger_project ON vtiger_project.projectid = vtiger_projecttask.projectid AND vtiger_project.projectid = ?\n\t\t\t\tINNER JOIN vtiger_crmentity ON vtiger_crmentity.crmid = vtiger_projecttask.projecttaskid AND vtiger_crmentity.deleted = 0"; } elseif ($module == 'ProjectMilestone') { $query = "SELECT vtiger_projectmilestone.*, vtiger_crmentity.smownerid\n\t\t\t\tFROM vtiger_projectmilestone\n\t\t\t\tINNER JOIN vtiger_project ON vtiger_project.projectid = vtiger_projectmilestone.projectid AND vtiger_project.projectid = ?\n\t\t\t\tINNER JOIN vtiger_crmentity ON vtiger_crmentity.crmid = vtiger_projectmilestone.projectmilestoneid AND vtiger_crmentity.deleted = 0"; } $res = $adb->pquery($query, array(vtlib_purify($id))); $noofdata = $adb->num_rows($res); for ($j = 0; $j < $noofdata; ++$j) { $i = 0; foreach ($fields_list as $fieldlabel => $fieldname) { $fieldper = $componentfieldVisibilityByColumn[$fieldname]; if ($fieldper == '1') { continue; } $output[0][$module]['head'][0][$i]['fielddata'] = Vtiger_Language_Handler::getTranslatedString($fieldlabel, $module, vglobal('default_language')); $projectmilestoneid = $adb->query_result($res, $j, 'projectmilestoneid'); $fieldvalue = $adb->query_result($res, $j, $fieldname); $projecttaskid = $adb->query_result($res, $j, 'projecttaskid'); if ($fieldname == 'projecttaskname') { $fieldvalue = '<a href="index.php?module=ProjectTask&action=index&id=' . $projecttaskid . '">' . $fieldvalue . '</a>'; } if ($fieldname == 'projectmilestonename') { $fieldvalue = '<a href="index.php?module=ProjectMilestone&action=index&id=' . $projectmilestoneid . '">' . $fieldvalue . '</a>'; } if ($fieldname == 'smownerid') { $fieldvalue = getOwnerName($fieldvalue); } $output[1][$module]['data'][$j][$i]['fielddata'] = $fieldvalue; $i++; } } $log->debug("Exiting customerportal function get_project_components .."); return $output; }
function insertIntoEntityTable($table_name, $module, $fileid = '') { global $log; global $current_user, $app_strings; global $adb; $log->debug("Entering PaymentManagement::insertIntoEntityTable(" . $table_name . ", " . $module . ", " . $fileid . ") method ..."); $value_table = array(); $insertion_mode = $this->mode; //Checkin whether an entry is already is present in the vtiger_table to update if ($insertion_mode == 'edit') { $tablekey = $this->tab_name_index[$table_name]; // Make selection on the primary key of the module table to check. $check_query = "select {$tablekey} from {$table_name} where {$tablekey}=?"; $check_result = $adb->pquery($check_query, array($this->id)); $num_rows = $adb->num_rows($check_result); if ($num_rows <= 0) { $insertion_mode = ''; } } $tabid = getTabid($module); if ($insertion_mode == 'edit') { $update = array(); $update_params = array(); checkFileAccessForInclusion('user_privileges/user_privileges_' . $current_user->id . '.php'); require 'user_privileges/user_privileges_' . $current_user->id . '.php'; if ($is_admin == true || $profileGlobalPermission[1] == 0 || $profileGlobalPermission[2] == 0) { $sql = "select * from vtiger_field where tabid in (" . generateQuestionMarks($tabid) . ") and tablename=? and displaytype in (1,3) and presence in (0,2) group by columnname"; $params = array($tabid, $table_name); } else { $profileList = getCurrentUserProfileList(); if (count($profileList) > 0) { $sql = "SELECT *\n\t\t\t \t\t\tFROM vtiger_field\n\t\t\t \t\t\tINNER JOIN vtiger_profile2field\n\t\t\t \t\t\tON vtiger_profile2field.fieldid = vtiger_field.fieldid\n\t\t\t \t\t\tINNER JOIN vtiger_def_org_field\n\t\t\t \t\t\tON vtiger_def_org_field.fieldid = vtiger_field.fieldid\n\t\t\t \t\t\tWHERE vtiger_field.tabid = ?\n\t\t\t \t\t\tAND vtiger_profile2field.visible = 0 AND vtiger_profile2field.readonly = 0\n\t\t\t \t\t\tAND vtiger_profile2field.profileid IN (" . generateQuestionMarks($profileList) . ")\n\t\t\t \t\t\tAND vtiger_def_org_field.visible = 0 and vtiger_field.tablename=? and vtiger_field.displaytype in (1,3) and vtiger_field.presence in (0,2) group by columnname"; $params = array($tabid, $profileList, $table_name); } else { $sql = "SELECT *\n\t\t\t \t\t\tFROM vtiger_field\n\t\t\t \t\t\tINNER JOIN vtiger_profile2field\n\t\t\t \t\t\tON vtiger_profile2field.fieldid = vtiger_field.fieldid\n\t\t\t \t\t\tINNER JOIN vtiger_def_org_field\n\t\t\t \t\t\tON vtiger_def_org_field.fieldid = vtiger_field.fieldid\n\t\t\t \t\t\tWHERE vtiger_field.tabid = ?\n\t\t\t \t\t\tAND vtiger_profile2field.visible = 0 AND vtiger_profile2field.readonly = 0\n\t\t\t \t\t\tAND vtiger_def_org_field.visible = 0 and vtiger_field.tablename=? and vtiger_field.displaytype in (1,3) and vtiger_field.presence in (0,2) group by columnname"; $params = array($tabid, $table_name); } } } else { $table_index_column = $this->tab_name_index[$table_name]; if ($table_index_column == 'id' && $table_name == 'vtiger_users') { $currentuser_id = $adb->getUniqueID("vtiger_users"); $this->id = $currentuser_id; } $columname = $table_index_column; $fldvalue = $this->id; $column = array($table_index_column); $value = array($this->id); // vtiger_payment_management のインデックスを登録 (2015/11/26) $columname = $table_index_column; // tao $fldvalue = $this->id; // tao $value_table[$columname] = $fldvalue; // tao $sql = "select * from vtiger_field where tabid=? and tablename=? and displaytype in (1,3,4) and vtiger_field.presence in (0,2)"; $params = array($tabid, $table_name); } // Attempt to re-use the quer-result to avoid reading for every save operation // TODO Need careful analysis on impact ... MEMORY requirement might be more static $_privatecache = array(); $cachekey = "{$insertion_mode}-" . implode(',', $params); if (!isset($_privatecache[$cachekey])) { $result = $adb->pquery($sql, $params); $noofrows = $adb->num_rows($result); if (CRMEntity::isBulkSaveMode()) { $cacheresult = array(); for ($i = 0; $i < $noofrows; ++$i) { $cacheresult[] = $adb->fetch_array($result); } $_privatecache[$cachekey] = $cacheresult; } } else { // Useful when doing bulk save $result = $_privatecache[$cachekey]; $noofrows = count($result); } for ($i = 0; $i < $noofrows; $i++) { $fieldname = $this->resolve_query_result_value($result, $i, "fieldname"); $columname = $this->resolve_query_result_value($result, $i, "columnname"); $uitype = $this->resolve_query_result_value($result, $i, "uitype"); $generatedtype = $this->resolve_query_result_value($result, $i, "generatedtype"); $typeofdata = $this->resolve_query_result_value($result, $i, "typeofdata"); $typeofdata_array = explode("~", $typeofdata); $datatype = $typeofdata_array[0]; $ajaxSave = false; // uitype == 2 if ($_REQUEST['file'] == 'DetailViewAjax' && $_REQUEST['ajxaction'] == 'DETAILVIEW' && isset($_REQUEST["fldName"]) && $_REQUEST["fldName"] != $fieldname || $_REQUEST['action'] == 'MassEditSave' && !isset($_REQUEST[$fieldname . "_mass_edit_check"])) { $ajaxSave = true; } if ($uitype == 4 && $insertion_mode != 'edit') { $fldvalue = ''; // Bulk Save Mode: Avoid generation of module sequence number, take care later. if (!CRMEntity::isBulkSaveMode()) { $fldvalue = $this->setModuleSeqNumber("increment", $module); } $this->column_fields[$fieldname] = $fldvalue; } if (isset($this->column_fields[$fieldname])) { if ($uitype == 56) { if ($this->column_fields[$fieldname] == 'on' || $this->column_fields[$fieldname] == 1) { $fldvalue = '1'; } else { $fldvalue = '0'; } } elseif ($uitype == 15 || $uitype == 16) { if ($this->column_fields[$fieldname] == $app_strings['LBL_NOT_ACCESSIBLE']) { //If the value in the request is Not Accessible for a picklist, //the existing value will be replaced instead of Not Accessible value. $sql = "select {$columname} from {$table_name} where " . $this->tab_name_index[$table_name] . "=?"; $res = $adb->pquery($sql, array($this->id)); $pick_val = $adb->query_result($res, 0, $columname); $fldvalue = $pick_val; } else { $fldvalue = $this->column_fields[$fieldname]; } } elseif ($uitype == 33) { if (is_array($this->column_fields[$fieldname])) { $field_list = implode(' |##| ', $this->column_fields[$fieldname]); } else { $field_list = $this->column_fields[$fieldname]; } $fldvalue = $field_list; } elseif ($uitype == 5 || $uitype == 6 || $uitype == 23) { //Added to avoid function call getDBInsertDateValue in ajax save if (isset($current_user->date_format) && !$ajaxSave) { $fldvalue = getValidDBInsertDateValue($this->column_fields[$fieldname]); } else { $fldvalue = $this->column_fields[$fieldname]; } } elseif ($uitype == 7) { //strip out the spaces and commas in numbers if given ie., in amounts there may be , $fldvalue = str_replace(",", "", $this->column_fields[$fieldname]); //trim($this->column_fields[$fieldname],","); } elseif ($uitype == 26) { if (empty($this->column_fields[$fieldname])) { $fldvalue = 1; //the documents will stored in default folder } else { $fldvalue = $this->column_fields[$fieldname]; } } elseif ($uitype == 28) { if ($this->column_fields[$fieldname] == null) { $fileQuery = $adb->pquery("SELECT filename from vtiger_notes WHERE notesid = ?", array($this->id)); $fldvalue = null; if (isset($fileQuery)) { $rowCount = $adb->num_rows($fileQuery); if ($rowCount > 0) { $fldvalue = decode_html($adb->query_result($fileQuery, 0, 'filename')); } } } else { $fldvalue = decode_html($this->column_fields[$fieldname]); } } elseif ($uitype == 8) { $this->column_fields[$fieldname] = rtrim($this->column_fields[$fieldname], ','); $ids = explode(',', $this->column_fields[$fieldname]); $json = new Zend_Json(); $fldvalue = $json->encode($ids); } elseif ($uitype == 12) { // Bulk Sae Mode: Consider the FROM email address as specified, if not lookup $fldvalue = $this->column_fields[$fieldname]; if (empty($fldvalue)) { $query = "SELECT email1 FROM vtiger_users WHERE id = ?"; $res = $adb->pquery($query, array($current_user->id)); $rows = $adb->num_rows($res); if ($rows > 0) { $fldvalue = $adb->query_result($res, 0, 'email1'); } } // END } elseif ($uitype == 72 && !$ajaxSave) { // Some of the currency fields like Unit Price, Totoal , Sub-total - doesn't need currency conversion during save $fldvalue = CurrencyField::convertToDBFormat($this->column_fields[$fieldname], null, true); } elseif ($uitype == 71 && !$ajaxSave) { $fldvalue = CurrencyField::convertToDBFormat($this->column_fields[$fieldname]); } else { $fldvalue = $this->column_fields[$fieldname]; } if ($uitype != 33 && $uitype != 8) { $fldvalue = from_html($fldvalue, $insertion_mode == 'edit' ? true : false); } } else { $fldvalue = ''; } if ($fldvalue == '') { $fldvalue = $this->get_column_value($columname, $fldvalue, $fieldname, $uitype, $datatype); } // key-value 配列にキーと値の組を登録する $value_table[$columname] = $fldvalue; // tao if ($insertion_mode == 'edit') { if ($table_name != 'vtiger_ticketcomments' && $uitype != 4) { array_push($update, $columname . "=?"); array_push($update_params, $fldvalue); } } else { array_push($column, $columname); array_push($value, $fldvalue); } } if ($insertion_mode == 'edit') { // ADDED by tao on 15/12/04 -- begin if ($table_name == 'vtiger_payment_management') { // 顧客名が指定されていない場合は、カナ名から顧客名を類推する。 */ $value_table = $this->insertClientName($value_table); $update_params = PaymentManagement::generateValues($value_table); if ($value_table['accountname'] != '') { $sql = 'update vtiger_crmentityrel set crmid=? where relcrmid=?'; $param = array($value_table['accountname'], $this->id); $adb->pquery($sql, $param); } } // ADDED by tao on 15/12/04 -- end //Check done by Don. If update is empty the the query fails if (count($update) > 0) { $sql1 = "update {$table_name} set " . implode(",", $update) . " where " . $this->tab_name_index[$table_name] . "=?"; array_push($update_params, $this->id); $adb->pquery($sql1, $update_params, true); } } else { // Added by 田尾 (tao) on 15/11/25 -- begin if ($module == 'PaymentManagement' && $table_name == 'vtiger_payment_management') { $value_table = $this->insertClientName($value_table); if ($value_table['accountname'] != '') { $this->save_related_module('Account', $value_table['accountname'], 'PaymentManagement', $value_table['payment_management_id']); } } $value = PaymentManagement::generateValues($value_table); // Added by 田尾 (tao) on 15/11/25 -- end $sql1 = "insert into {$table_name}(" . implode(",", $column) . ") values(" . generateQuestionMarks($value) . ")"; $adb->pquery($sql1, $value); } $log->debug("Exting PaymentManagement::insertIntoEntityTable(" . $table_name . ", " . $module . ", " . $fileid . ") method ..."); }
/** Returns a list of the associated emails * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.. * All Rights Reserved.. * Contributor(s): ______________________________________.. */ function get_emails($id, $cur_tab_id, $rel_tab_id, $actions = false) { global $log, $singlepane_view, $currentModule, $current_user; $log->debug("Entering get_emails(" . $id . ") method ..."); $this_module = $currentModule; $related_module = vtlib_getModuleNameById($rel_tab_id); checkFileAccessForInclusion("modules/{$related_module}/{$related_module}.php"); require_once "modules/{$related_module}/{$related_module}.php"; $other = new $related_module(); vtlib_setup_modulevars($related_module, $other); $singular_modname = vtlib_toSingular($related_module); $parenttab = getParentTab(); if ($singlepane_view == 'true') { $returnset = '&return_module=' . $this_module . '&return_action=DetailView&return_id=' . $id; } else { $returnset = '&return_module=' . $this_module . '&return_action=CallRelatedList&return_id=' . $id; } $button = ''; $button .= '<input type="hidden" name="email_directing_module"><input type="hidden" name="record">'; if ($actions) { if (is_string($actions)) { $actions = explode(',', strtoupper($actions)); } if (in_array('ADD', $actions) && isPermitted($related_module, 1, '') == 'yes') { $button .= "<input title='" . getTranslatedString('LBL_ADD_NEW') . " " . getTranslatedString($singular_modname) . "' accessyKey='F' class='crmbutton small create' onclick='fnvshobj(this,\"sendmail_cont\");sendmail(\"{$this_module}\",{$id});' type='button' name='button' value='" . getTranslatedString('LBL_ADD_NEW') . " " . getTranslatedString($singular_modname) . "'></td>"; } } $userNameSql = getSqlForNameInDisplayFormat(array('first_name' => 'vtiger_users.first_name', 'last_name' => 'vtiger_users.last_name'), 'Users'); $query = "SELECT case when (vtiger_users.user_name not like '') then {$userNameSql} else vtiger_groups.groupname end as user_name,\n\t\t\tvtiger_activity.activityid, vtiger_activity.subject,\n\t\t\tvtiger_activity.activitytype, vtiger_crmentity.modifiedtime,\n\t\t\tvtiger_crmentity.crmid, vtiger_crmentity.smownerid, vtiger_activity.date_start, vtiger_seactivityrel.crmid as parent_id\n\t\t\tFROM vtiger_activity, vtiger_seactivityrel, vtiger_vendor, vtiger_users, vtiger_crmentity\n\t\t\tLEFT JOIN vtiger_groups\n\t\t\t\tON vtiger_groups.groupid=vtiger_crmentity.smownerid\n\t\t\tWHERE vtiger_seactivityrel.activityid = vtiger_activity.activityid\n\t\t\t\tAND vtiger_vendor.vendorid = vtiger_seactivityrel.crmid\n\t\t\t\tAND vtiger_users.id=vtiger_crmentity.smownerid\n\t\t\t\tAND vtiger_crmentity.crmid = vtiger_activity.activityid\n\t\t\t\tAND vtiger_vendor.vendorid = " . $id . "\n\t\t\t\tAND vtiger_activity.activitytype='Emails'\n\t\t\t\tAND vtiger_crmentity.deleted = 0"; $return_value = GetRelatedList($this_module, $related_module, $other, $query, $button, $returnset); if ($return_value == null) { $return_value = array(); } $return_value['CUSTOM_BUTTON'] = $button; $log->debug("Exiting get_emails method ..."); return $return_value; }
/** function used to get the Quotes/Invoice pdf * @param int $id - id -id * return string $output - pd link value */ function get_pdf($id, $block, $customerid, $sessionid) { global $adb; global $current_user, $log, $default_language; global $currentModule, $mod_strings, $app_strings, $app_list_strings; $log->debug("Entering customer portal function get_pdf"); $isPermitted = check_permission($customerid, $block, $id); if ($isPermitted == false) { return array("#NOT AUTHORIZED#"); } if (!validateSession($customerid, $sessionid)) { return null; } require_once "config.inc.php"; $current_user = Users::getActiveAdminUser(); $currentModule = $block; $current_language = $default_language; $app_strings = return_application_language($current_language); $app_list_strings = return_app_list_strings_language($current_language); $mod_strings = return_module_language($current_language, $currentModule); $_REQUEST['record'] = $id; $_REQUEST['savemode'] = 'file'; $sequenceNo = getModuleSequenceNumber($block, $id); $filenamewithpath = 'test/product/' . $id . '_' . $block . '_' . $sequenceNo . '.pdf'; if (file_exists($filenamewithpath) && filesize($filenamewithpath) != 0) { unlink($filenamewithpath); } checkFileAccessForInclusion("modules/{$block}/CreatePDF.php"); include "modules/{$block}/CreatePDF.php"; if (file_exists($filenamewithpath) && filesize($filenamewithpath) != 0) { //we have to pass the file content $filecontents[] = base64_encode(file_get_contents($filenamewithpath)); unlink($filenamewithpath); // TODO: Delete the file to avoid public access. } else { $filecontents = "failure"; } $log->debug("Exiting customer portal function get_pdf"); return $filecontents; }
/** Function to get the current user information from the user_privileges file * @param $userid -- user id:: Type integer * @returns user info in $this->column_fields array:: Type array * */ function retrieveCurrentUserInfoFromFile($userid) { global $WERPASCOPEUSERPRIVILEGES; checkFileAccessForInclusion($WERPASCOPEUSERPRIVILEGES.'/user_privileges_'.$userid.'.php'); require($WERPASCOPEUSERPRIVILEGES.'/user_privileges_'.$userid.'.php'); foreach($this->column_fields as $field=>$value_iter) { if(isset($user_info[$field])) { $this->$field = $user_info[$field]; $this->column_fields[$field] = $user_info[$field]; } } $this->id = $userid; return $this; }
function GetPicklistValues($username, $sessionid, $tablename) { global $current_user, $log, $adb; if (!validateSession($username, $sessionid)) { return null; } require_once "modules/Users/Users.php"; $seed_user = new Users(); $user_id = $seed_user->retrieve_user_id($username); $current_user = $seed_user; $current_user->retrieve_entity_info($user_id, 'Users'); require_once "include/utils/UserInfoUtil.php"; $roleid = fetchUserRole($user_id); checkFileAccessForInclusion('user_privileges/user_privileges_' . $current_user->id . '.php'); require 'user_privileges/user_privileges_' . $current_user->id . '.php'; if ($is_admin == true || $profileGlobalPermission[1] == 0 || $profileGlobalPermission[2] == 0) { $query = "select " . $adb->sql_escape_string($tablename) . " from vtiger_" . $adb->sql_escape_string($tablename); $result1 = $adb->pquery($query, array()); for ($i = 0; $i < $adb->num_rows($result1); $i++) { $output[$i] = decode_html($adb->query_result($result1, $i, $tablename)); } } else { if (isPermitted("HelpDesk", "EditView") == "yes" && CheckFieldPermission($tablename, 'HelpDesk') == 'true') { $query = "select " . $adb->sql_escape_string($tablename) . " from vtiger_" . $adb->sql_escape_string($tablename) . " inner join vtiger_role2picklist on vtiger_role2picklist.picklistvalueid = vtiger_" . $adb->sql_escape_string($tablename) . ".picklist_valueid where roleid=? and picklistid in (select picklistid from vtiger_" . $adb->sql_escape_string($tablename) . " ) order by sortid"; $result1 = $adb->pquery($query, array($roleid)); for ($i = 0; $i < $adb->num_rows($result1); $i++) { $output[$i] = decode_html($adb->query_result($result1, $i, $tablename)); } } else { $output[] = 'Not Accessible'; } } return $output; }
/** Function to get the current user information from the user_privileges file * @param $userid -- user id:: Type integer * @returns user info in $this->column_fields array:: Type array * */ function retrieveCurrentUserInfoFromFile($userid) { checkFileAccessForInclusion('user_privileges/user_privileges_' . $userid . '.php'); require 'user_privileges/user_privileges_' . $userid . '.php'; foreach ($this->column_fields as $field => $value_iter) { if (isset($user_info[$field])) { $this->{$field} = $user_info[$field]; $this->column_fields[$field] = $user_info[$field]; } } $this->id = $userid; return $this; }
<?php /*+********************************************************************************** * The contents of this file are subject to the vtiger CRM Public License Version 1.0 * ("License"); You may not use this file except in compliance with the License * The Original Code is: vtiger CRM Open Source * The Initial Developer of the Original Code is vtiger. * Portions created by vtiger are Copyright (C) vtiger. * All Rights Reserved. ************************************************************************************/ global $current_user, $currentModule, $singlepane_view; checkFileAccessForInclusion("modules/{$currentModule}/{$currentModule}.php"); require_once "modules/{$currentModule}/{$currentModule}.php"; $search = vtlib_purify($_REQUEST['search_url']); $focus = new $currentModule(); setObjectValuesFromRequest($focus); list($void, $canaddcomments) = cbEventHandler::do_filter('corebos.filter.ModComments.canAdd', array(vtlib_purify($_REQUEST['related_to']), true)); if ($canaddcomments) { $mode = vtlib_purify($_REQUEST['mode']); $record = vtlib_purify($_REQUEST['record']); if ($mode) { $focus->mode = $mode; } if ($record) { $focus->id = $record; } if (isset($_REQUEST['inventory_currency'])) { $focus->column_fields['currency_id'] = vtlib_purify($_REQUEST['inventory_currency']); $cur_sym_rate = getCurrencySymbolandCRate(vtlib_purify($_REQUEST['inventory_currency'])); $focus->column_fields['conversion_rate'] = $cur_sym_rate['rate']; }
<?php /*+********************************************************************************** * The contents of this file are subject to the vtiger CRM Public License Version 1.0 * ("License"); You may not use this file except in compliance with the License * The Original Code is: vtiger CRM Open Source * The Initial Developer of the Original Code is vtiger. * Portions created by vtiger are Copyright (C) vtiger. * All Rights Reserved. ************************************************************************************/ global $currentModule; checkFileAccessForInclusion("modules/{$currentModule}/DetailView.php"); include_once "modules/{$currentModule}/DetailView.php";
/** Function to populate the read/wirte Sharing permissions related module data for the specified user into the database * @param $userid -- user id:: Type integer * @param $enttype -- can have the value of User or Group:: Type varchar * @param $module -- module name:: Type varchar * @param $relmodule -- related module name:: Type varchar * @param $pertype -- can have the value of read or write:: Type varchar * @param $var_name_arr - Variable to use instead of including the sharing access again */ function populateRelatedSharingPrivileges($enttype, $userid, $module, $relmodule, $pertype, $var_name_arr = false) { global $adb; $tabid = getTabid($module); $reltabid = getTabid($relmodule); if (!$var_name_arr) { checkFileAccessForInclusion('user_privileges/sharing_privileges_' . $userid . '.php'); require 'user_privileges/sharing_privileges_' . $userid . '.php'; } if ($enttype == 'USER') { if ($pertype == 'read') { $table_name = 'vtiger_tmp_read_user_rel_sharing_per'; $var_name = $module . '_' . $relmodule . '_share_read_permission'; } elseif ($pertype == 'write') { $table_name = 'vtiger_tmp_write_user_rel_sharing_per'; $var_name = $module . '_' . $relmodule . '_share_write_permission'; } // Lookup for the variable if not set through function argument if (!$var_name_arr) { $var_name_arr = ${$var_name}; } $user_arr = array(); if (sizeof($var_name_arr['ROLE']) > 0) { foreach ($var_name_arr['ROLE'] as $roleid => $roleusers) { foreach ($roleusers as $user_id) { if (!in_array($user_id, $user_arr)) { $query = "insert into " . $table_name . " values(?,?,?,?)"; $adb->pquery($query, array($userid, $tabid, $reltabid, $user_id)); $user_arr[] = $user_id; } } } } if (sizeof($var_name_arr['GROUP']) > 0) { foreach ($var_name_arr['GROUP'] as $grpid => $grpusers) { foreach ($grpusers as $user_id) { if (!in_array($user_id, $user_arr)) { $query = "insert into " . $table_name . " values(?,?,?,?)"; $adb->pquery($query, array($userid, $tabid, $reltabid, $user_id)); $user_arr[] = $user_id; } } } } } elseif ($enttype == 'GROUP') { if ($pertype == 'read') { $table_name = 'vtiger_tmp_read_group_rel_sharing_per'; $var_name = $module . '_' . $relmodule . '_share_read_permission'; } elseif ($pertype == 'write') { $table_name = 'vtiger_tmp_write_group_rel_sharing_per'; $var_name = $module . '_' . $relmodule . '_share_write_permission'; } // Lookup for the variable if not set through function argument if (!$var_name_arr) { $var_name_arr = ${$var_name}; } $grp_arr = array(); if (sizeof($var_name_arr['GROUP']) > 0) { foreach ($var_name_arr['GROUP'] as $grpid => $grpusers) { if (!in_array($grpid, $grp_arr)) { $query = "insert into " . $table_name . " values(?,?,?,?)"; $adb->pquery($query, array($userid, $tabid, $reltabid, $grpid)); $grp_arr[] = $grpid; } } } } }
/** * Get instance of the module class. * @param String Module name */ static function getClassInstance($modulename) { if ($modulename == 'Calendar') { $modulename = 'Activity'; } $instance = false; $filepath = "modules/{$modulename}/{$modulename}.php"; if (Vtiger_Utils::checkFileAccessForInclusion($filepath, false)) { checkFileAccessForInclusion($filepath); include_once $filepath; if (class_exists($modulename)) { $instance = new $modulename(); } } return $instance; }
/** function used to get the list of pricebooks which are related to the service * @param int $id - service id * @return array - array which will be returned from the function GetRelatedList */ function get_service_pricebooks($id, $cur_tab_id, $rel_tab_id, $actions = false) { global $currentModule, $log, $singlepane_view, $mod_strings; $log->debug("Entering get_service_pricebooks(" . $id . ") method ..."); $related_module = vtlib_getModuleNameById($rel_tab_id); checkFileAccessForInclusion("modules/{$related_module}/{$related_module}.php"); require_once "modules/{$related_module}/{$related_module}.php"; $focus = new $related_module(); $singular_modname = vtlib_toSingular($related_module); if ($singlepane_view == 'true') { $returnset = "&return_module={$currentModule}&return_action=DetailView&return_id={$id}"; } else { $returnset = "&return_module={$currentModule}&return_action=CallRelatedList&return_id={$id}"; } $button = ''; if ($actions) { if (is_string($actions)) { $actions = explode(',', strtoupper($actions)); } if (in_array('ADD', $actions) && isPermitted($related_module, 1, '') == 'yes' && isPermitted($currentModule, 'EditView', $id) == 'yes') { $button .= "<input title='" . getTranslatedString('LBL_ADD_TO') . " " . getTranslatedString($related_module) . "' class='crmbutton small create'" . " onclick='this.form.action.value=\"AddServiceToPriceBooks\";this.form.module.value=\"{$currentModule}\"' type='submit' name='button'" . " value='" . getTranslatedString('LBL_ADD_TO') . " " . getTranslatedString($singular_modname) . "'> "; } } $query = "SELECT vtiger_crmentity.crmid,\n\t\t\tvtiger_pricebook.*,\n\t\t\tvtiger_pricebookproductrel.productid as prodid\n\t\t\tFROM vtiger_pricebook\n\t\t\tINNER JOIN vtiger_crmentity\n\t\t\t\tON vtiger_crmentity.crmid = vtiger_pricebook.pricebookid\n\t\t\tINNER JOIN vtiger_pricebookproductrel\n\t\t\t\tON vtiger_pricebookproductrel.pricebookid = vtiger_pricebook.pricebookid\n\t\t\tWHERE vtiger_crmentity.deleted = 0\n\t\t\tAND vtiger_pricebookproductrel.productid = " . $id; $log->debug("Exiting get_product_pricebooks method ..."); $return_value = GetRelatedList($currentModule, $related_module, $focus, $query, $button, $returnset); if ($return_value == null) { $return_value = array(); } $return_value['CUSTOM_BUTTON'] = $button; $log->debug("Exiting get_service_pricebooks method ..."); return $return_value; }
} $current_language = $default_language; if (isset($_REQUEST['current_language'])) { $current_language = $_REQUEST['current_language']; } // retrieve the translated strings. $app_strings = return_application_language($current_language); if (isset($app_strings['LBL_CHARSET'])) { $charset = $app_strings['LBL_CHARSET']; } else { $charset = $default_charset; } $log->info("current langugage is {$current_language}"); $log->info("current module is {$current_module} "); $log->info("including {$current_module_file}"); checkFileAccessForInclusion($current_module_file); require_once $current_module_file; $draw_this = new jpgraph(); if (isset($_REQUEST['graph'])) { $graph = $_REQUEST['graph']; } else { $graph = 'default'; } if (isset($_REQUEST['flat_array1'])) { $flat_array1 = $_REQUEST['flat_array1']; } else { $flat_array1 = "foo,bar"; } if (isset($_REQUEST['flat_array2'])) { $flat_array2 = $_REQUEST['flat_array2']; } else {
} $sid = $sessionManager->startSession($sessionId, $adoptSession); if (!$sessionId && !$operationManager->isPreLoginOperation()) { writeErrorOutput($operationManager, new WebServiceException(WebServiceErrorCode::$AUTHREQUIRED, "Authentication required")); return; } if (!$sid) { writeErrorOutput($operationManager, $sessionManager->getError()); return; } $userid = $sessionManager->get("authenticatedUserId"); if ($userid) { $seed_user = new Users(); $current_user = $seed_user->retrieveCurrentUserInfoFromFile($userid); } else { $current_user = null; } $operationInput = $operationManager->sanitizeOperation($input); $includes = $operationManager->getOperationIncludes(); foreach ($includes as $ind => $path) { checkFileAccessForInclusion($path); require_once $path; } cbEventHandler::do_action('corebos.audit.action', array(isset($current_user) ? $current_user->id : 0, 'Webservice', $operation, 0, date('Y-m-d H:i:s'))); $rawOutput = $operationManager->runOperation($operationInput, $current_user); writeOutput($operationManager, $rawOutput); } catch (WebServiceException $e) { writeErrorOutput($operationManager, $e); } catch (Exception $e) { writeErrorOutput($operationManager, new WebServiceException(WebServiceErrorCode::$INTERNALERROR, "Unknown Error while processing request")); }
/** This function retrieves an application language file and returns the array of strings included. * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc. * All Rights Reserved. * If you are using the current language, do not call this function unless you are loading it for the first time */ function return_application_language($language) { global $log; $log->debug("Entering return_application_language(" . $language . ") method ..."); global $app_strings, $default_language, $log, $translation_string_prefix; $temp_app_strings = $app_strings; $language_used = $language; checkFileAccessForInclusion("include/language/{$language}.lang.php"); @(include "include/language/{$language}.lang.php"); if (!isset($app_strings)) { $log->warn("Unable to find the application language file for language: " . $language); require "include/language/{$default_language}.lang.php"; $language_used = $default_language; } if (!isset($app_strings)) { $log->fatal("Unable to load the application language file for the selected language({$language}) or the default language({$default_language})"); $log->debug("Exiting return_application_language method ..."); return null; } // If we are in debug mode for translating, turn on the prefix now! if ($translation_string_prefix) { foreach ($app_strings as $entry_key => $entry_value) { $app_strings[$entry_key] = $language_used . ' ' . $entry_value; } } $return_value = $app_strings; $app_strings = $temp_app_strings; $log->debug("Exiting return_application_language method ..."); return $return_value; }
function AddLead($user_name, $first_name, $last_name, $email_address, $account_name, $salutation, $title, $phone_mobile, $reports_to, $primary_address_street, $website, $primary_address_city, $primary_address_state, $primary_address_postalcode, $primary_address_country, $alt_address_city, $alt_address_street, $alt_address_state, $alt_address_postalcode, $alt_address_country, $office_phone = "", $home_phone = "", $fax = "", $department = "", $password, $description = "") { if (authentication($user_name, $password)) { global $adb; global $current_user; require_once 'modules/Users/Users.php'; require_once 'modules/Leads/Leads.php'; $seed_user = new Users(); $user_id = $seed_user->retrieve_user_id($user_name); $current_user = $seed_user; $current_user->retrieve_entity_info($user_id, "Users"); checkFileAccessForInclusion('user_privileges/user_privileges_' . $current_user->id . '.php'); require 'user_privileges/user_privileges_' . $current_user->id . '.php'; checkFileAccessForInclusion('user_privileges/sharing_privileges_' . $current_user->id . '.php'); require 'user_privileges/sharing_privileges_' . $current_user->id . '.php'; if ($is_admin == true || $profileGlobalPermission[1] == 0 || $profileGlobalPermission[2] == 0) { $sql1 = "select fieldname,columnname from vtiger_field where tabid=7 and block <> 14 and vtiger_field.presence in (0,2)"; $params1 = array(); } else { $profileList = getCurrentUserProfileList(); $sql1 = "select fieldname,columnname from vtiger_field inner join vtiger_profile2field on vtiger_profile2field.fieldid=vtiger_field.fieldid inner join vtiger_def_org_field on vtiger_def_org_field.fieldid=vtiger_field.fieldid where vtiger_field.tabid=7 and vtiger_field.block <> 14 and vtiger_field.displaytype in (1,2,4) and vtiger_profile2field.visible=0 and vtiger_def_org_field.visible=0 and vtiger_field.presence in (0,2)"; $params1 = array(); if (count($profileList) > 0) { $sql1 .= " and vtiger_profile2field.profileid in (" . generateQuestionMarks($profileList) . ")"; array_push($params1, $profileList); } } $result1 = $adb->pquery($sql1, $params1); for ($i = 0; $i < $adb->num_rows($result1); $i++) { $permitted_lists[] = $adb->query_result($result1, $i, 'fieldname'); } $Lead = new Leads(); $Lead->column_fields[firstname] = in_array('firstname', $permitted_lists) ? $first_name : ""; $Lead->column_fields[lastname] = in_array('lastname', $permitted_lists) ? $last_name : ""; $Lead->column_fields[company] = in_array('company', $permitted_lists) ? $account_name : ""; $Lead->column_fields[email] = in_array('email', $permitted_lists) ? $email_address : ""; $Lead->column_fields[title] = in_array('title', $permitted_lists) ? $title : ""; $Lead->column_fields[designation] = in_array('designation', $permitted_lists) ? $department : ""; $Lead->column_fields[phone] = in_array('phone', $permitted_lists) ? $office_phone : ""; $Lead->column_fields[homephone] = in_array('homephone', $permitted_lists) ? $home_phone : ""; $Lead->column_fields[website] = in_array('website', $permitted_lists) ? $website : ""; $Lead->column_fields[fax] = in_array('fax', $permitted_lists) ? $fax : ""; $Lead->column_fields[mobile] = in_array('mobile', $permitted_lists) ? $phone_mobile : ""; $Lead->column_fields[mailingstreet] = in_array('mailingstreet', $permitted_lists) ? $primary_address_street : ""; $Lead->column_fields[mailingcity] = in_array('mailingcity', $permitted_lists) ? $primary_address_city : ""; $Lead->column_fields[mailingstate] = in_array('mailingstate', $permitted_lists) ? $primary_address_state : ""; $Lead->column_fields[mailingzip] = in_array('mailingzip', $permitted_lists) ? $primary_address_postalcode : ""; $Lead->column_fields[workCountry] = in_array('mailingcountry', $permitted_lists) ? $workCountry : ""; $Lead->column_fields[lane] = in_array('lane', $permitted_lists) ? $alt_address_street : ""; $Lead->column_fields[city] = in_array('city', $permitted_lists) ? $alt_address_city : ""; $Lead->column_fields[state] = in_array('state', $permitted_lists) ? $alt_address_state : ""; $Lead->column_fields[code] = in_array('code', $permitted_lists) ? $alt_address_postalcode : ""; $Lead->column_fields[country] = in_array('country', $permitted_lists) ? $alt_address_country : ""; $Lead->column_fields[assigned_user_id] = in_array('assigned_user_id', $permitted_lists) ? $user_id : ""; $Lead->column_fields[description] = ""; // $log->fatal($Lead->column_fields); $Lead->save("Leads"); $Lead = $Lead; return $Lead->id; } }
/** * Get all the link related to module based on type * @param Integer Module ID * @param mixed String or List of types to select * @param Map Key-Value pair to use for formating the link url */ static function getAllByType($tabid, $type = false, $parameters = false) { global $adb, $current_user; self::__initSchema(); $multitype = false; $orderby = " order by linktype,sequence"; if ($type) { // Multiple link type selection? if (is_array($type)) { $multitype = true; if ($tabid === self::IGNORE_MODULE) { $sql = 'SELECT * FROM vtiger_links WHERE linktype IN (' . Vtiger_Utils::implodestr('?', count($type), ',') . ') '; $params = $type; $permittedTabIdList = getPermittedModuleIdList(); if (count($permittedTabIdList) > 0 && $current_user->is_admin !== 'on') { $sql .= ' and tabid IN (' . Vtiger_Utils::implodestr('?', count($permittedTabIdList), ',') . ')'; $params[] = $permittedTabIdList; } $result = $adb->pquery($sql . $orderby, array($adb->flatten_array($params))); } else { $result = $adb->pquery('SELECT * FROM vtiger_links WHERE tabid=? AND linktype IN (' . Vtiger_Utils::implodestr('?', count($type), ',') . ')' . $orderby, array($tabid, $adb->flatten_array($type))); } } else { // Single link type selection if ($tabid === self::IGNORE_MODULE) { $result = $adb->pquery('SELECT * FROM vtiger_links WHERE linktype=?' . $orderby, array($type)); } else { $result = $adb->pquery('SELECT * FROM vtiger_links WHERE tabid=? AND linktype=?' . $orderby, array($tabid, $type)); } } } else { $result = $adb->pquery('SELECT * FROM vtiger_links WHERE tabid=?' . $orderby, array($tabid)); } $strtemplate = new Vtiger_StringTemplate(); if ($parameters) { foreach ($parameters as $key => $value) { $strtemplate->assign($key, $value); } } $instances = array(); if ($multitype) { foreach ($type as $t) { $instances[$t] = array(); } } while ($row = $adb->fetch_array($result)) { $instance = new self(); $instance->initialize($row); if (!empty($row['handler_path']) && isFileAccessible($row['handler_path'])) { checkFileAccessForInclusion($row['handler_path']); require_once $row['handler_path']; $linkData = new Vtiger_LinkData($instance, $current_user); $ignore = call_user_func(array($row['handler_class'], $row['handler']), $linkData); if (!$ignore) { self::log("Ignoring Link ... " . var_export($row, true)); continue; } } if ($parameters) { $instance->linkurl = $strtemplate->merge($instance->linkurl); $instance->linkicon = $strtemplate->merge($instance->linkicon); } if ($multitype) { $instances[$instance->linktype][] = $instance; } else { $instances[] = $instance; } } return $instances; }