function vtSortFieldsJson($request)
{
$moduleName = $request['module_name'];
checkFileAccessForInclusion("modules/{$moduleName}/{$moduleName}.php");
require_once "modules/{$moduleName}/{$moduleName}.php";
$focus = new $moduleName();
echo Zend_Json::encode($focus->sortby_fields);
}
static function getInstance($providername)
{
if (!empty($providername)) {
$providername = trim($providername);
$filepath = dirname(__FILE__) . "/providers/{$providername}.php";
checkFileAccessForInclusion($filepath);
if (!class_exists($providername)) {
include_once $filepath;
}
return new $providername();
}
return false;
}
static function getInstance($module)
{
$modName = $module;
if ($module == 'Calendar' || $module == 'Events') {
$module = 'Calendar';
$modName = 'Activity';
}
// File access security check
if (!class_exists($modName)) {
checkFileAccessForInclusion("modules/{$module}/{$modName}.php");
require_once "modules/{$module}/{$modName}.php";
}
$focus = new $modName();
return $focus;
}
static function models()
{
$adb = PearDatabase::getInstance();
$models = array();
$handlerResult = $adb->pquery("SELECT * FROM vtiger_mobile_alerts WHERE deleted = 0", array());
if ($adb->num_rows($handlerResult)) {
while ($handlerRow = $adb->fetch_array($handlerResult)) {
$handlerPath = $handlerRow['handler_path'];
if (file_exists($handlerPath)) {
checkFileAccessForInclusion($handlerPath);
include_once $handlerPath;
$alertModel = new $handlerRow['handler_class']();
$alertModel->alertid = $handlerRow['id'];
$models[] = $alertModel;
}
}
}
return $models;
}
static function handle($uid)
{
$db = PearDatabase::getInstance();
$rs = $db->pquery('SELECT * FROM vtiger_shorturls WHERE uid=?', array($uid));
if ($rs && $db->num_rows($rs)) {
$record = $db->fetch_array($rs);
$handlerPath = decode_html($record['handler_path']);
$handlerClass = decode_html($record['handler_class']);
$handlerFn = decode_html($record['handler_function']);
$handlerData = json_decode(decode_html($record['handler_data']), true);
checkFileAccessForInclusion($handlerPath);
require_once $handlerPath;
$handler = new $handlerClass();
// Delete onetime URL
if ($record['onetime']) {
$db->pquery('DELETE FROM vtiger_shorturls WHERE id=?', array($record['id']));
}
call_user_func(array($handler, $handlerFn), $handlerData);
} else {
echo '<h3>Link you have used is invalid or has expired. .</h3>';
}
}
function process(MailManager_Request $request)
{
if (!$request->has('_operation')) {
return $this->processRoot($request);
}
$operation = $request->getOperation();
$controllerInfo = self::$controllers[$operation];
// TODO Handle case when controller information is not available
$controllerFile = dirname(__FILE__) . '/' . $controllerInfo['file'];
checkFileAccessForInclusion($controllerFile);
include_once $controllerFile;
$controller = new $controllerInfo['class']();
// Making sure to close the open connection
if ($controller) {
$controller->closeConnector();
}
$response = $controller->process($request);
if ($response) {
$response->emit();
}
unset($request);
unset($response);
}
/**
* Function to include a given php file through qualified file name
* @param <String> $qualifiedName
* @param <Boolean> $supressWarning
* @return <Boolean>
*/
static function includeOnce($qualifiedName, $supressWarning = false)
{
if (isset(self::$includeCache[$qualifiedName])) {
return true;
}
$file = self::resolveNameToPath($qualifiedName);
if (!file_exists($file)) {
return false;
}
// Check file inclusion before including it
checkFileAccessForInclusion($file);
$status = -1;
if ($supressWarning) {
$status = @(include_once $file);
} else {
$status = (include_once $file);
}
$success = $status === 0 ? false : true;
if ($success) {
self::$includeCache[$qualifiedName] = $file;
}
return $success;
}
exit;
}
if (isset($_REQUEST['file']) && $_REQUEST['file'] != '' && !isset($_REQUEST['ajax'])) {
checkFileAccessForInclusion("modules/" . $_REQUEST['module'] . "/" . $_REQUEST['file'] . ".php");
require_once "modules/" . $_REQUEST['module'] . "/" . $_REQUEST['file'] . ".php";
exit;
}
$mailid = vtlib_purify($_REQUEST["mailid"]);
if (isset($_REQUEST["mailbox"]) && $_REQUEST["mailbox"] != "") {
$mailbox = vtlib_purify($_REQUEST["mailbox"]);
} else {
$mailbox = "INBOX";
}
$adb->println("Inside WebmailsAjax.php");
if (isset($_POST["file"]) && $_POST["ajax"] == "true") {
checkFileAccessForInclusion("modules/" . $_REQUEST["module"] . "/" . $_POST["file"] . ".php");
require_once "modules/" . $_REQUEST["module"] . "/" . $_POST["file"] . ".php";
}
if (isset($_REQUEST["command"]) && $_REQUEST["command"] != "") {
$command = $_REQUEST["command"];
if ($command == "expunge") {
$MailBox = new MailBox($mailbox);
imap_expunge($MailBox->mbox);
$MailBox = new MailBox($mailbox);
$elist = $MailBox->mailList;
$num_mails = $elist['count'];
$start_page = cal_start($num_mails, $MailBox->mails_per_page);
imap_close($MailBox->mbox);
echo $start_page;
flush();
exit;
/**
* Process the UI Widget requested
* @param Vtiger_Link $widgetLinkInfo
* @param Current Smarty Context $context
* @return
*/
function vtlib_process_widget($widgetLinkInfo, $context = false)
{
if (preg_match("/^block:\\/\\/(.*)/", $widgetLinkInfo->linkurl, $matches)) {
list($widgetControllerClass, $widgetControllerClassFile) = explode(':', $matches[1]);
if (!class_exists($widgetControllerClass)) {
checkFileAccessForInclusion($widgetControllerClassFile);
include_once $widgetControllerClassFile;
}
if (class_exists($widgetControllerClass)) {
$widgetControllerInstance = new $widgetControllerClass();
$widgetInstance = $widgetControllerInstance->getWidget($widgetLinkInfo->linklabel);
if ($widgetInstance) {
return $widgetInstance->process($context);
}
}
}
return "";
}
<?php
/*+********************************************************************************
* The contents of this file are subject to the vtiger CRM Public License Version 1.0
* ("License"); You may not use this file except in compliance with the License
* The Original Code is: vtiger CRM Open Source
* The Initial Developer of the Original Code is vtiger.
* Portions created by vtiger are Copyright (C) vtiger.
* All Rights Reserved.
********************************************************************************/
if (isset($_REQUEST['file']) && $_REQUEST['file'] != '') {
checkFileAccessForInclusion('modules/Settings/' . vtlib_purify($_REQUEST['file']) . '.php');
require_once 'modules/Settings/' . vtlib_purify($_REQUEST['file']) . '.php';
}
if (isset($_REQUEST['orgajax']) && $_REQUEST['orgajax'] != '') {
checkFileAccessForInclusion('modules/Settings/CreateSharingRule.php');
require_once 'modules/Settings/CreateSharingRule.php';
} elseif (isset($_REQUEST['announce_save']) && $_REQUEST['announce_save'] != '') {
$date_var = date('Y-m-d H:i:s');
$announcement = vtlib_purify(from_html($_REQUEST['announcement']));
//Change ##$## to & (reverse process has done in Smarty/templates/Settings/Announcements.tpl)
$announcement = str_replace("##\$##", "&", $announcement);
$title = vtlib_purify($_REQUEST['title_announcement']);
$sql = "select * from vtiger_announcement where creatorid=?";
$is_announce = $adb->pquery($sql, array($current_user->id));
if ($adb->num_rows($is_announce) > 0) {
$query = "update vtiger_announcement set announcement=?,time=?,title=? where creatorid=?";
$params = array($announcement, $adb->formatDate($date_var, true), 'announcement', $current_user->id);
} else {
$query = "insert into vtiger_announcement values (?,?,?,?)";
$params = array($current_user->id, $announcement, 'announcement', $adb->formatDate($date_var, true));
global $theme;
$theme_path = "themes/" . $theme . "/";
$image_path = $theme_path . "images/";
$log->info($mod_strings['LBL_MODULE_NAME'] . " Upload Step 1");
$smarty = new vtigerCRM_Smarty();
$smarty->assign("MOD", $mod_strings);
$smarty->assign("APP", $app_strings);
$smarty->assign("IMP", $import_mod_strings);
$smarty->assign("CATEGORY", htmlspecialchars($_REQUEST['parenttab'], ENT_QUOTES, $default_charset));
$import_object_array = array("Leads" => "ImportLead", "Accounts" => "ImportAccount", "Contacts" => "ImportContact", "Potentials" => "ImportOpportunity", "Products" => "ImportProduct", "HelpDesk" => "ImportTicket", "Vendors" => "ImportVendors");
if (isset($_REQUEST['module']) && $_REQUEST['module'] != '') {
$object_name = $import_object_array[$_REQUEST['module']];
// vtlib customization: Hook added to enable import for un-mapped modules
$module = $_REQUEST['module'];
if ($object_name == null) {
checkFileAccessForInclusion("modules/{$module}/{$module}.php");
require_once "modules/{$module}/{$module}.php";
$object_name = $module;
$callInitImport = true;
}
// END
$focus = new $object_name();
// vtlib customization: Call the import initializer
if ($callInitImport) {
$focus->initImport($module);
}
// END
} else {
echo "Sorry! Import Option is not provided for this module.";
exit;
}
/**
* Create query to export the records.
*/
function create_export_query($where)
{
global $current_user;
$thismodule = $_REQUEST['module'];
include "include/utils/ExportUtils.php";
//To get the Permitted fields query and the permitted fields list
$sql = getPermittedFieldsQuery($thismodule, "detail_view");
$fields_list = getFieldsListFromQuery($sql);
$query = "SELECT {$fields_list}, vtiger_users.user_name AS user_name \n\t\t\t\tFROM vtiger_crmentity INNER JOIN {$this->table_name} ON vtiger_crmentity.crmid={$this->table_name}.{$this->table_index}";
if (!empty($this->customFieldTable)) {
$query .= " INNER JOIN " . $this->customFieldTable[0] . " ON " . $this->customFieldTable[0] . '.' . $this->customFieldTable[1] . " = {$this->table_name}.{$this->table_index}";
}
$query .= " LEFT JOIN vtiger_groups ON vtiger_groups.groupid = vtiger_crmentity.smownerid";
$query .= " LEFT JOIN vtiger_users ON vtiger_crmentity.smownerid = vtiger_users.id and vtiger_users.status='Active'";
$linkedModulesQuery = $this->db->pquery("SELECT distinct fieldname, columnname, relmodule FROM vtiger_field" . " INNER JOIN vtiger_fieldmodulerel ON vtiger_fieldmodulerel.fieldid = vtiger_field.fieldid" . " WHERE uitype='10' AND vtiger_fieldmodulerel.module=?", array($thismodule));
$linkedFieldsCount = $this->db->num_rows($linkedModulesQuery);
for ($i = 0; $i < $linkedFieldsCount; $i++) {
$related_module = $this->db->query_result($linkedModulesQuery, $i, 'relmodule');
$fieldname = $this->db->query_result($linkedModulesQuery, $i, 'fieldname');
$columnname = $this->db->query_result($linkedModulesQuery, $i, 'columnname');
checkFileAccessForInclusion("modules/{$related_module}/{$related_module}.php");
require_once "modules/{$related_module}/{$related_module}.php";
$other = new $related_module();
vtlib_setup_modulevars($related_module, $other);
$query .= " LEFT JOIN {$other->table_name} ON {$other->table_name}.{$other->table_index} = {$this->table_name}.{$columnname}";
}
$where_auto = " vtiger_crmentity.deleted=0";
if ($where != '') {
$query .= " WHERE ({$where}) AND {$where_auto}";
} else {
$query .= " WHERE {$where_auto}";
}
require 'user_privileges/user_privileges_' . $current_user->id . '.php';
require 'user_privileges/sharing_privileges_' . $current_user->id . '.php';
// Security Check for Field Access
if ($is_admin == false && $profileGlobalPermission[1] == 1 && $profileGlobalPermission[2] == 1 && $defaultOrgSharingPermission[7] == 3) {
//Added security check to get the permitted records only
$query = $query . " " . getListViewSecurityParameter($thismodule);
}
return $query;
}
/** Function to insert values in the specifed table for the specified module
* @param $table_name -- table name:: Type varchar
* @param $module -- module:: Type varchar
*/
function insertIntoEntityTable($table_name, $module, $fileid = '')
{
global $log;
global $current_user, $app_strings;
$log->info("function insertIntoEntityTable " . $module . ' vtiger_table name ' . $table_name);
global $adb;
$insertion_mode = $this->mode;
//Checkin whether an entry is already is present in the vtiger_table to update
if ($insertion_mode == 'edit') {
$tablekey = $this->tab_name_index[$table_name];
// Make selection on the primary key of the module table to check.
$check_query = "select {$tablekey} from {$table_name} where {$tablekey}=?";
$check_result = $adb->pquery($check_query, array($this->id));
$num_rows = $adb->num_rows($check_result);
if ($num_rows <= 0) {
$insertion_mode = '';
}
}
$tabid = getTabid($module);
if ($module == 'Calendar' && $this->column_fields["activitytype"] != null && $this->column_fields["activitytype"] != 'Task') {
$tabid = getTabid('Events');
}
if ($insertion_mode == 'edit') {
$update = array();
$update_params = array();
checkFileAccessForInclusion('user_privileges/user_privileges_' . $current_user->id . '.php');
require 'user_privileges/user_privileges_' . $current_user->id . '.php';
if ($is_admin == true || $profileGlobalPermission[1] == 0 || $profileGlobalPermission[2] == 0) {
$sql = "select * from vtiger_field where tabid in (" . generateQuestionMarks($tabid) . ") and tablename=? and displaytype in (1,3) and presence in (0,2) group by columnname";
$params = array($tabid, $table_name);
} else {
$profileList = getCurrentUserProfileList();
if (count($profileList) > 0) {
$sql = "SELECT *\n\t\t\t \t\t\tFROM vtiger_field\n\t\t\t \t\t\tINNER JOIN vtiger_profile2field\n\t\t\t \t\t\tON vtiger_profile2field.fieldid = vtiger_field.fieldid\n\t\t\t \t\t\tINNER JOIN vtiger_def_org_field\n\t\t\t \t\t\tON vtiger_def_org_field.fieldid = vtiger_field.fieldid\n\t\t\t \t\t\tWHERE vtiger_field.tabid = ?\n\t\t\t \t\t\tAND vtiger_profile2field.visible = 0 AND vtiger_profile2field.readonly = 0\n\t\t\t \t\t\tAND vtiger_profile2field.profileid IN (" . generateQuestionMarks($profileList) . ")\n\t\t\t \t\t\tAND vtiger_def_org_field.visible = 0 and vtiger_field.tablename=? and vtiger_field.displaytype in (1,3) and vtiger_field.presence in (0,2) group by columnname";
$params = array($tabid, $profileList, $table_name);
} else {
$sql = "SELECT *\n\t\t\t \t\t\tFROM vtiger_field\n\t\t\t \t\t\tINNER JOIN vtiger_profile2field\n\t\t\t \t\t\tON vtiger_profile2field.fieldid = vtiger_field.fieldid\n\t\t\t \t\t\tINNER JOIN vtiger_def_org_field\n\t\t\t \t\t\tON vtiger_def_org_field.fieldid = vtiger_field.fieldid\n\t\t\t \t\t\tWHERE vtiger_field.tabid = ?\n\t\t\t \t\t\tAND vtiger_profile2field.visible = 0 AND vtiger_profile2field.readonly = 0\n\t\t\t \t\t\tAND vtiger_def_org_field.visible = 0 and vtiger_field.tablename=? and vtiger_field.displaytype in (1,3) and vtiger_field.presence in (0,2) group by columnname";
$params = array($tabid, $table_name);
}
}
} else {
$table_index_column = $this->tab_name_index[$table_name];
if ($table_index_column == 'id' && $table_name == 'vtiger_users') {
$currentuser_id = $adb->getUniqueID("vtiger_users");
$this->id = $currentuser_id;
}
$column = array($table_index_column);
$value = array($this->id);
$sql = "select * from vtiger_field where tabid=? and tablename=? and displaytype in (1,3,4) and vtiger_field.presence in (0,2)";
$params = array($tabid, $table_name);
}
// Attempt to re-use the quer-result to avoid reading for every save operation
// TODO Need careful analysis on impact ... MEMORY requirement might be more
static $_privatecache = array();
$cachekey = "{$insertion_mode}-" . implode(',', $params);
if (!isset($_privatecache[$cachekey])) {
$result = $adb->pquery($sql, $params);
$noofrows = $adb->num_rows($result);
if (CRMEntity::isBulkSaveMode()) {
$cacheresult = array();
for ($i = 0; $i < $noofrows; ++$i) {
$cacheresult[] = $adb->fetch_array($result);
}
$_privatecache[$cachekey] = $cacheresult;
}
} else {
// Useful when doing bulk save
$result = $_privatecache[$cachekey];
$noofrows = count($result);
}
for ($i = 0; $i < $noofrows; $i++) {
$fieldname = $this->resolve_query_result_value($result, $i, "fieldname");
$columname = $this->resolve_query_result_value($result, $i, "columnname");
$uitype = $this->resolve_query_result_value($result, $i, "uitype");
$generatedtype = $this->resolve_query_result_value($result, $i, "generatedtype");
$typeofdata = $this->resolve_query_result_value($result, $i, "typeofdata");
$typeofdata_array = explode("~", $typeofdata);
$datatype = $typeofdata_array[0];
$ajaxSave = false;
if ($_REQUEST['file'] == 'DetailViewAjax' && $_REQUEST['ajxaction'] == 'DETAILVIEW' && isset($_REQUEST["fldName"]) && $_REQUEST["fldName"] != $fieldname || $_REQUEST['action'] == 'MassEditSave' && !isset($_REQUEST[$fieldname . "_mass_edit_check"])) {
$ajaxSave = true;
}
if ($uitype == 4 && $insertion_mode != 'edit') {
$fldvalue = '';
// Bulk Save Mode: Avoid generation of module sequence number, take care later.
// SalesPlatform.ru begin: Added separate numbering for self organizations
if (!CRMEntity::isBulkSaveMode()) {
$modules = array('Invoice', 'Act', 'Consignment');
if (in_array($module, $modules) && isset($this->column_fields['spcompany'])) {
$fldvalue = $this->setModuleSeqNumber("increment", $module, '', '', $this->column_fields['spcompany']);
} else {
$fldvalue = $this->setModuleSeqNumber("increment", $module);
}
//$fldvalue = $this->setModuleSeqNumber("increment", $module);
}
// SalesPlatform.ru end
$this->column_fields[$fieldname] = $fldvalue;
}
if (isset($this->column_fields[$fieldname])) {
if ($uitype == 56) {
if ($this->column_fields[$fieldname] == 'on' || $this->column_fields[$fieldname] == 1) {
$fldvalue = '1';
} else {
$fldvalue = '0';
}
} elseif ($uitype == 15 || $uitype == 16) {
if ($this->column_fields[$fieldname] == $app_strings['LBL_NOT_ACCESSIBLE']) {
//If the value in the request is Not Accessible for a picklist, the existing value will be replaced instead of Not Accessible value.
$sql = "select {$columname} from {$table_name} where " . $this->tab_name_index[$table_name] . "=?";
$res = $adb->pquery($sql, array($this->id));
$pick_val = $adb->query_result($res, 0, $columname);
$fldvalue = $pick_val;
} else {
$fldvalue = $this->column_fields[$fieldname];
}
} elseif ($uitype == 33) {
if (is_array($this->column_fields[$fieldname])) {
$field_list = implode(' |##| ', $this->column_fields[$fieldname]);
} else {
$field_list = $this->column_fields[$fieldname];
}
if ($field_list == '') {
$fldvalue = NULL;
} else {
$fldvalue = $field_list;
}
} elseif ($uitype == 5 || $uitype == 6 || $uitype == 23) {
//Added to avoid function call getDBInsertDateValue in ajax save
if (isset($current_user->date_format) && !$ajaxSave) {
$fldvalue = getValidDBInsertDateValue($this->column_fields[$fieldname]);
} else {
$fldvalue = $this->column_fields[$fieldname];
}
} elseif ($uitype == 7) {
//strip out the spaces and commas in numbers if given ie., in amounts there may be ,
$fldvalue = str_replace(",", "", $this->column_fields[$fieldname]);
//trim($this->column_fields[$fieldname],",");
} elseif ($uitype == 26) {
if (empty($this->column_fields[$fieldname])) {
$fldvalue = 1;
//the documents will stored in default folder
} else {
$fldvalue = $this->column_fields[$fieldname];
}
} elseif ($uitype == 28) {
if ($this->column_fields[$fieldname] == null) {
$fileQuery = $adb->pquery("SELECT filename from vtiger_notes WHERE notesid = ?", array($this->id));
$fldvalue = null;
if (isset($fileQuery)) {
$rowCount = $adb->num_rows($fileQuery);
if ($rowCount > 0) {
$fldvalue = decode_html($adb->query_result($fileQuery, 0, 'filename'));
}
}
} else {
$fldvalue = decode_html($this->column_fields[$fieldname]);
}
} elseif ($uitype == 8) {
$this->column_fields[$fieldname] = rtrim($this->column_fields[$fieldname], ',');
$ids = explode(',', $this->column_fields[$fieldname]);
$json = new Zend_Json();
$fldvalue = $json->encode($ids);
} elseif ($uitype == 12) {
// Bulk Sae Mode: Consider the FROM email address as specified, if not lookup
$fldvalue = $this->column_fields[$fieldname];
if (empty($fldvalue)) {
$query = "SELECT email1 FROM vtiger_users WHERE id = ?";
$res = $adb->pquery($query, array($current_user->id));
$rows = $adb->num_rows($res);
if ($rows > 0) {
$fldvalue = $adb->query_result($res, 0, 'email1');
}
}
// END
} elseif ($uitype == 72 && !$ajaxSave) {
// Some of the currency fields like Unit Price, Totoal , Sub-total - doesn't need currency conversion during save
$fldvalue = CurrencyField::convertToDBFormat($this->column_fields[$fieldname], null, true);
} elseif ($uitype == 71 && !$ajaxSave) {
$fldvalue = CurrencyField::convertToDBFormat($this->column_fields[$fieldname]);
} else {
$fldvalue = $this->column_fields[$fieldname];
}
if ($uitype != 33 && $uitype != 8) {
$fldvalue = from_html($fldvalue, $insertion_mode == 'edit' ? true : false);
}
} else {
$fldvalue = '';
}
if ($fldvalue == '') {
$fldvalue = $this->get_column_value($columname, $fldvalue, $fieldname, $uitype, $datatype);
}
if ($insertion_mode == 'edit') {
if ($table_name != 'vtiger_ticketcomments' && $uitype != 4) {
array_push($update, $columname . "=?");
array_push($update_params, $fldvalue);
}
} else {
array_push($column, $columname);
array_push($value, $fldvalue);
}
}
if ($insertion_mode == 'edit') {
if ($module == 'Potentials') {
$dbquery = 'select sales_stage from vtiger_potential where potentialid = ?';
$sales_stage = $adb->query_result($adb->pquery($dbquery, array($this->id)), 0, 'sales_stage');
if ($sales_stage != $_REQUEST['sales_stage'] && $_REQUEST['sales_stage'] != '') {
$date_var = date("Y-m-d H:i:s");
$closingDateField = new DateTimeField($this->column_fields['closingdate']);
$closingdate = $_REQUEST['ajxaction'] == 'DETAILVIEW' ? $this->column_fields['closingdate'] : $closingDateField->getDBInsertDateValue();
$sql = "insert into vtiger_potstagehistory values(?,?,?,?,?,?,?,?)";
$params = array('', $this->id, $this->column_fields['amount'], decode_html($sales_stage), $this->column_fields['probability'], 0, $adb->formatDate($closingdate, true), $adb->formatDate($date_var, true));
$adb->pquery($sql, $params);
}
} elseif ($module == 'PurchaseOrder' || $module == 'SalesOrder' || $module == 'Quotes' || $module == 'Invoice' || $module == 'Act' || $module == 'Consignment') {
//elseif ($module == 'PurchaseOrder' || $module == 'SalesOrder' || $module == 'Quotes' || $module == 'Invoice') {
// SalesPlatform.ru end
//added to update the history for PO, SO, Quotes and Invoice
$history_field_array = array("Act" => "sp_actstatus", "Consignment" => "sp_consignmentstatus", "PurchaseOrder" => "postatus", "SalesOrder" => "sostatus", "Quotes" => "quotestage", "Invoice" => "invoicestatus");
$inventory_module = $module;
if ($_REQUEST['ajxaction'] == 'DETAILVIEW') {
//if we use ajax edit
if ($inventory_module == "PurchaseOrder") {
$relatedname = getVendorName($this->column_fields['vendor_id']);
} else {
$relatedname = getAccountName($this->column_fields['account_id']);
}
$total = $this->column_fields['hdnGrandTotal'];
} else {
//using edit button and save
if ($inventory_module == "PurchaseOrder") {
$relatedname = $_REQUEST["vendor_name"];
} else {
$relatedname = $_REQUEST["account_name"];
}
$total = $_REQUEST['total'];
}
if ($this->column_fields["{$history_field_array[$inventory_module]}"] == $app_strings['LBL_NOT_ACCESSIBLE']) {
//If the value in the request is Not Accessible for a picklist, the existing value will be replaced instead of Not Accessible value.
$his_col = $history_field_array[$inventory_module];
$his_sql = "select {$his_col} from {$this->table_name} where " . $this->table_index . "=?";
$his_res = $adb->pquery($his_sql, array($this->id));
$status_value = $adb->query_result($his_res, 0, $his_col);
$stat_value = $status_value;
} else {
$stat_value = $this->column_fields["{$history_field_array[$inventory_module]}"];
}
$oldvalue = getSingleFieldValue($this->table_name, $history_field_array[$inventory_module], $this->table_index, $this->id);
if ($this->column_fields["{$history_field_array[$inventory_module]}"] != '' && $oldvalue != $stat_value) {
addInventoryHistory($inventory_module, $this->id, $relatedname, $total, $stat_value);
}
}
//Check done by Don. If update is empty the the query fails
if (count($update) > 0) {
$sql1 = "update {$table_name} set " . implode(",", $update) . " where " . $this->tab_name_index[$table_name] . "=?";
array_push($update_params, $this->id);
$adb->pquery($sql1, $update_params);
}
} else {
$sql1 = "insert into {$table_name}(" . implode(",", $column) . ") values(" . generateQuestionMarks($value) . ")";
$adb->pquery($sql1, $value);
}
}
function get_project_components($id, $module, $customerid, $sessionid)
{
checkFileAccessForInclusion("modules/{$module}/{$module}.php");
require_once "modules/{$module}/{$module}.php";
require_once 'include/utils/UserInfoUtil.php';
$adb = PearDatabase::getInstance();
$log = vglobal('log');
$log->debug("Entering customer portal function get_project_components ..");
$check = checkModuleActive($module);
if ($check == false) {
return array("#MODULE INACTIVE#");
}
if (!validateSession($customerid, $sessionid)) {
return null;
}
$user = new Users();
$userid = getPortalUserid();
$current_user = $user->retrieveCurrentUserInfoFromFile($userid);
$focus = new $module();
$focus->filterInactiveFields($module);
$componentfieldVisibilityByColumn = array();
$fields_list = array();
foreach ($focus->list_fields as $fieldlabel => $values) {
foreach ($values as $table => $fieldname) {
$fields_list[$fieldlabel] = $fieldname;
$componentfieldVisibilityByColumn[$fieldname] = getColumnVisibilityPermission($current_user->id, $fieldname, $module);
}
}
if ($module == 'ProjectTask') {
$query = "SELECT vtiger_projecttask.*, vtiger_crmentity.smownerid\n\t\t\t\tFROM vtiger_projecttask\n\t\t\t\tINNER JOIN vtiger_project ON vtiger_project.projectid = vtiger_projecttask.projectid AND vtiger_project.projectid = ?\n\t\t\t\tINNER JOIN vtiger_crmentity ON vtiger_crmentity.crmid = vtiger_projecttask.projecttaskid AND vtiger_crmentity.deleted = 0";
} elseif ($module == 'ProjectMilestone') {
$query = "SELECT vtiger_projectmilestone.*, vtiger_crmentity.smownerid\n\t\t\t\tFROM vtiger_projectmilestone\n\t\t\t\tINNER JOIN vtiger_project ON vtiger_project.projectid = vtiger_projectmilestone.projectid AND vtiger_project.projectid = ?\n\t\t\t\tINNER JOIN vtiger_crmentity ON vtiger_crmentity.crmid = vtiger_projectmilestone.projectmilestoneid AND vtiger_crmentity.deleted = 0";
}
$res = $adb->pquery($query, array(vtlib_purify($id)));
$noofdata = $adb->num_rows($res);
for ($j = 0; $j < $noofdata; ++$j) {
$i = 0;
foreach ($fields_list as $fieldlabel => $fieldname) {
$fieldper = $componentfieldVisibilityByColumn[$fieldname];
if ($fieldper == '1') {
continue;
}
$output[0][$module]['head'][0][$i]['fielddata'] = Vtiger_Language_Handler::getTranslatedString($fieldlabel, $module, vglobal('default_language'));
$projectmilestoneid = $adb->query_result($res, $j, 'projectmilestoneid');
$fieldvalue = $adb->query_result($res, $j, $fieldname);
$projecttaskid = $adb->query_result($res, $j, 'projecttaskid');
if ($fieldname == 'projecttaskname') {
$fieldvalue = '<a href="index.php?module=ProjectTask&action=index&id=' . $projecttaskid . '">' . $fieldvalue . '</a>';
}
if ($fieldname == 'projectmilestonename') {
$fieldvalue = '<a href="index.php?module=ProjectMilestone&action=index&id=' . $projectmilestoneid . '">' . $fieldvalue . '</a>';
}
if ($fieldname == 'smownerid') {
$fieldvalue = getOwnerName($fieldvalue);
}
$output[1][$module]['data'][$j][$i]['fielddata'] = $fieldvalue;
$i++;
}
}
$log->debug("Exiting customerportal function get_project_components ..");
return $output;
}
function insertIntoEntityTable($table_name, $module, $fileid = '')
{
global $log;
global $current_user, $app_strings;
global $adb;
$log->debug("Entering PaymentManagement::insertIntoEntityTable(" . $table_name . ", " . $module . ", " . $fileid . ") method ...");
$value_table = array();
$insertion_mode = $this->mode;
//Checkin whether an entry is already is present in the vtiger_table to update
if ($insertion_mode == 'edit') {
$tablekey = $this->tab_name_index[$table_name];
// Make selection on the primary key of the module table to check.
$check_query = "select {$tablekey} from {$table_name} where {$tablekey}=?";
$check_result = $adb->pquery($check_query, array($this->id));
$num_rows = $adb->num_rows($check_result);
if ($num_rows <= 0) {
$insertion_mode = '';
}
}
$tabid = getTabid($module);
if ($insertion_mode == 'edit') {
$update = array();
$update_params = array();
checkFileAccessForInclusion('user_privileges/user_privileges_' . $current_user->id . '.php');
require 'user_privileges/user_privileges_' . $current_user->id . '.php';
if ($is_admin == true || $profileGlobalPermission[1] == 0 || $profileGlobalPermission[2] == 0) {
$sql = "select * from vtiger_field where tabid in (" . generateQuestionMarks($tabid) . ") and tablename=? and displaytype in (1,3) and presence in (0,2) group by columnname";
$params = array($tabid, $table_name);
} else {
$profileList = getCurrentUserProfileList();
if (count($profileList) > 0) {
$sql = "SELECT *\n\t\t\t \t\t\tFROM vtiger_field\n\t\t\t \t\t\tINNER JOIN vtiger_profile2field\n\t\t\t \t\t\tON vtiger_profile2field.fieldid = vtiger_field.fieldid\n\t\t\t \t\t\tINNER JOIN vtiger_def_org_field\n\t\t\t \t\t\tON vtiger_def_org_field.fieldid = vtiger_field.fieldid\n\t\t\t \t\t\tWHERE vtiger_field.tabid = ?\n\t\t\t \t\t\tAND vtiger_profile2field.visible = 0 AND vtiger_profile2field.readonly = 0\n\t\t\t \t\t\tAND vtiger_profile2field.profileid IN (" . generateQuestionMarks($profileList) . ")\n\t\t\t \t\t\tAND vtiger_def_org_field.visible = 0 and vtiger_field.tablename=? and vtiger_field.displaytype in (1,3) and vtiger_field.presence in (0,2) group by columnname";
$params = array($tabid, $profileList, $table_name);
} else {
$sql = "SELECT *\n\t\t\t \t\t\tFROM vtiger_field\n\t\t\t \t\t\tINNER JOIN vtiger_profile2field\n\t\t\t \t\t\tON vtiger_profile2field.fieldid = vtiger_field.fieldid\n\t\t\t \t\t\tINNER JOIN vtiger_def_org_field\n\t\t\t \t\t\tON vtiger_def_org_field.fieldid = vtiger_field.fieldid\n\t\t\t \t\t\tWHERE vtiger_field.tabid = ?\n\t\t\t \t\t\tAND vtiger_profile2field.visible = 0 AND vtiger_profile2field.readonly = 0\n\t\t\t \t\t\tAND vtiger_def_org_field.visible = 0 and vtiger_field.tablename=? and vtiger_field.displaytype in (1,3) and vtiger_field.presence in (0,2) group by columnname";
$params = array($tabid, $table_name);
}
}
} else {
$table_index_column = $this->tab_name_index[$table_name];
if ($table_index_column == 'id' && $table_name == 'vtiger_users') {
$currentuser_id = $adb->getUniqueID("vtiger_users");
$this->id = $currentuser_id;
}
$columname = $table_index_column;
$fldvalue = $this->id;
$column = array($table_index_column);
$value = array($this->id);
// vtiger_payment_management のインデックスを登録 (2015/11/26)
$columname = $table_index_column;
// tao
$fldvalue = $this->id;
// tao
$value_table[$columname] = $fldvalue;
// tao
$sql = "select * from vtiger_field where tabid=? and tablename=? and displaytype in (1,3,4) and vtiger_field.presence in (0,2)";
$params = array($tabid, $table_name);
}
// Attempt to re-use the quer-result to avoid reading for every save operation
// TODO Need careful analysis on impact ... MEMORY requirement might be more
static $_privatecache = array();
$cachekey = "{$insertion_mode}-" . implode(',', $params);
if (!isset($_privatecache[$cachekey])) {
$result = $adb->pquery($sql, $params);
$noofrows = $adb->num_rows($result);
if (CRMEntity::isBulkSaveMode()) {
$cacheresult = array();
for ($i = 0; $i < $noofrows; ++$i) {
$cacheresult[] = $adb->fetch_array($result);
}
$_privatecache[$cachekey] = $cacheresult;
}
} else {
// Useful when doing bulk save
$result = $_privatecache[$cachekey];
$noofrows = count($result);
}
for ($i = 0; $i < $noofrows; $i++) {
$fieldname = $this->resolve_query_result_value($result, $i, "fieldname");
$columname = $this->resolve_query_result_value($result, $i, "columnname");
$uitype = $this->resolve_query_result_value($result, $i, "uitype");
$generatedtype = $this->resolve_query_result_value($result, $i, "generatedtype");
$typeofdata = $this->resolve_query_result_value($result, $i, "typeofdata");
$typeofdata_array = explode("~", $typeofdata);
$datatype = $typeofdata_array[0];
$ajaxSave = false;
// uitype == 2
if ($_REQUEST['file'] == 'DetailViewAjax' && $_REQUEST['ajxaction'] == 'DETAILVIEW' && isset($_REQUEST["fldName"]) && $_REQUEST["fldName"] != $fieldname || $_REQUEST['action'] == 'MassEditSave' && !isset($_REQUEST[$fieldname . "_mass_edit_check"])) {
$ajaxSave = true;
}
if ($uitype == 4 && $insertion_mode != 'edit') {
$fldvalue = '';
// Bulk Save Mode: Avoid generation of module sequence number, take care later.
if (!CRMEntity::isBulkSaveMode()) {
$fldvalue = $this->setModuleSeqNumber("increment", $module);
}
$this->column_fields[$fieldname] = $fldvalue;
}
if (isset($this->column_fields[$fieldname])) {
if ($uitype == 56) {
if ($this->column_fields[$fieldname] == 'on' || $this->column_fields[$fieldname] == 1) {
$fldvalue = '1';
} else {
$fldvalue = '0';
}
} elseif ($uitype == 15 || $uitype == 16) {
if ($this->column_fields[$fieldname] == $app_strings['LBL_NOT_ACCESSIBLE']) {
//If the value in the request is Not Accessible for a picklist,
//the existing value will be replaced instead of Not Accessible value.
$sql = "select {$columname} from {$table_name} where " . $this->tab_name_index[$table_name] . "=?";
$res = $adb->pquery($sql, array($this->id));
$pick_val = $adb->query_result($res, 0, $columname);
$fldvalue = $pick_val;
} else {
$fldvalue = $this->column_fields[$fieldname];
}
} elseif ($uitype == 33) {
if (is_array($this->column_fields[$fieldname])) {
$field_list = implode(' |##| ', $this->column_fields[$fieldname]);
} else {
$field_list = $this->column_fields[$fieldname];
}
$fldvalue = $field_list;
} elseif ($uitype == 5 || $uitype == 6 || $uitype == 23) {
//Added to avoid function call getDBInsertDateValue in ajax save
if (isset($current_user->date_format) && !$ajaxSave) {
$fldvalue = getValidDBInsertDateValue($this->column_fields[$fieldname]);
} else {
$fldvalue = $this->column_fields[$fieldname];
}
} elseif ($uitype == 7) {
//strip out the spaces and commas in numbers if given ie., in amounts there may be ,
$fldvalue = str_replace(",", "", $this->column_fields[$fieldname]);
//trim($this->column_fields[$fieldname],",");
} elseif ($uitype == 26) {
if (empty($this->column_fields[$fieldname])) {
$fldvalue = 1;
//the documents will stored in default folder
} else {
$fldvalue = $this->column_fields[$fieldname];
}
} elseif ($uitype == 28) {
if ($this->column_fields[$fieldname] == null) {
$fileQuery = $adb->pquery("SELECT filename from vtiger_notes WHERE notesid = ?", array($this->id));
$fldvalue = null;
if (isset($fileQuery)) {
$rowCount = $adb->num_rows($fileQuery);
if ($rowCount > 0) {
$fldvalue = decode_html($adb->query_result($fileQuery, 0, 'filename'));
}
}
} else {
$fldvalue = decode_html($this->column_fields[$fieldname]);
}
} elseif ($uitype == 8) {
$this->column_fields[$fieldname] = rtrim($this->column_fields[$fieldname], ',');
$ids = explode(',', $this->column_fields[$fieldname]);
$json = new Zend_Json();
$fldvalue = $json->encode($ids);
} elseif ($uitype == 12) {
// Bulk Sae Mode: Consider the FROM email address as specified, if not lookup
$fldvalue = $this->column_fields[$fieldname];
if (empty($fldvalue)) {
$query = "SELECT email1 FROM vtiger_users WHERE id = ?";
$res = $adb->pquery($query, array($current_user->id));
$rows = $adb->num_rows($res);
if ($rows > 0) {
$fldvalue = $adb->query_result($res, 0, 'email1');
}
}
// END
} elseif ($uitype == 72 && !$ajaxSave) {
// Some of the currency fields like Unit Price, Totoal , Sub-total - doesn't need currency conversion during save
$fldvalue = CurrencyField::convertToDBFormat($this->column_fields[$fieldname], null, true);
} elseif ($uitype == 71 && !$ajaxSave) {
$fldvalue = CurrencyField::convertToDBFormat($this->column_fields[$fieldname]);
} else {
$fldvalue = $this->column_fields[$fieldname];
}
if ($uitype != 33 && $uitype != 8) {
$fldvalue = from_html($fldvalue, $insertion_mode == 'edit' ? true : false);
}
} else {
$fldvalue = '';
}
if ($fldvalue == '') {
$fldvalue = $this->get_column_value($columname, $fldvalue, $fieldname, $uitype, $datatype);
}
// key-value 配列にキーと値の組を登録する
$value_table[$columname] = $fldvalue;
// tao
if ($insertion_mode == 'edit') {
if ($table_name != 'vtiger_ticketcomments' && $uitype != 4) {
array_push($update, $columname . "=?");
array_push($update_params, $fldvalue);
}
} else {
array_push($column, $columname);
array_push($value, $fldvalue);
}
}
if ($insertion_mode == 'edit') {
// ADDED by tao on 15/12/04 -- begin
if ($table_name == 'vtiger_payment_management') {
// 顧客名が指定されていない場合は、カナ名から顧客名を類推する。 */
$value_table = $this->insertClientName($value_table);
$update_params = PaymentManagement::generateValues($value_table);
if ($value_table['accountname'] != '') {
$sql = 'update vtiger_crmentityrel set crmid=? where relcrmid=?';
$param = array($value_table['accountname'], $this->id);
$adb->pquery($sql, $param);
}
}
// ADDED by tao on 15/12/04 -- end
//Check done by Don. If update is empty the the query fails
if (count($update) > 0) {
$sql1 = "update {$table_name} set " . implode(",", $update) . " where " . $this->tab_name_index[$table_name] . "=?";
array_push($update_params, $this->id);
$adb->pquery($sql1, $update_params, true);
}
} else {
// Added by 田尾 (tao) on 15/11/25 -- begin
if ($module == 'PaymentManagement' && $table_name == 'vtiger_payment_management') {
$value_table = $this->insertClientName($value_table);
if ($value_table['accountname'] != '') {
$this->save_related_module('Account', $value_table['accountname'], 'PaymentManagement', $value_table['payment_management_id']);
}
}
$value = PaymentManagement::generateValues($value_table);
// Added by 田尾 (tao) on 15/11/25 -- end
$sql1 = "insert into {$table_name}(" . implode(",", $column) . ") values(" . generateQuestionMarks($value) . ")";
$adb->pquery($sql1, $value);
}
$log->debug("Exting PaymentManagement::insertIntoEntityTable(" . $table_name . ", " . $module . ", " . $fileid . ") method ...");
}
/** Returns a list of the associated emails
* Portions created by SugarCRM are Copyright (C) SugarCRM, Inc..
* All Rights Reserved..
* Contributor(s): ______________________________________..
*/
function get_emails($id, $cur_tab_id, $rel_tab_id, $actions = false)
{
global $log, $singlepane_view, $currentModule, $current_user;
$log->debug("Entering get_emails(" . $id . ") method ...");
$this_module = $currentModule;
$related_module = vtlib_getModuleNameById($rel_tab_id);
checkFileAccessForInclusion("modules/{$related_module}/{$related_module}.php");
require_once "modules/{$related_module}/{$related_module}.php";
$other = new $related_module();
vtlib_setup_modulevars($related_module, $other);
$singular_modname = vtlib_toSingular($related_module);
$parenttab = getParentTab();
if ($singlepane_view == 'true') {
$returnset = '&return_module=' . $this_module . '&return_action=DetailView&return_id=' . $id;
} else {
$returnset = '&return_module=' . $this_module . '&return_action=CallRelatedList&return_id=' . $id;
}
$button = '';
$button .= '<input type="hidden" name="email_directing_module"><input type="hidden" name="record">';
if ($actions) {
if (is_string($actions)) {
$actions = explode(',', strtoupper($actions));
}
if (in_array('ADD', $actions) && isPermitted($related_module, 1, '') == 'yes') {
$button .= "<input title='" . getTranslatedString('LBL_ADD_NEW') . " " . getTranslatedString($singular_modname) . "' accessyKey='F' class='crmbutton small create' onclick='fnvshobj(this,\"sendmail_cont\");sendmail(\"{$this_module}\",{$id});' type='button' name='button' value='" . getTranslatedString('LBL_ADD_NEW') . " " . getTranslatedString($singular_modname) . "'></td>";
}
}
$userNameSql = getSqlForNameInDisplayFormat(array('first_name' => 'vtiger_users.first_name', 'last_name' => 'vtiger_users.last_name'), 'Users');
$query = "SELECT case when (vtiger_users.user_name not like '') then {$userNameSql} else vtiger_groups.groupname end as user_name,\n\t\t\tvtiger_activity.activityid, vtiger_activity.subject,\n\t\t\tvtiger_activity.activitytype, vtiger_crmentity.modifiedtime,\n\t\t\tvtiger_crmentity.crmid, vtiger_crmentity.smownerid, vtiger_activity.date_start, vtiger_seactivityrel.crmid as parent_id\n\t\t\tFROM vtiger_activity, vtiger_seactivityrel, vtiger_vendor, vtiger_users, vtiger_crmentity\n\t\t\tLEFT JOIN vtiger_groups\n\t\t\t\tON vtiger_groups.groupid=vtiger_crmentity.smownerid\n\t\t\tWHERE vtiger_seactivityrel.activityid = vtiger_activity.activityid\n\t\t\t\tAND vtiger_vendor.vendorid = vtiger_seactivityrel.crmid\n\t\t\t\tAND vtiger_users.id=vtiger_crmentity.smownerid\n\t\t\t\tAND vtiger_crmentity.crmid = vtiger_activity.activityid\n\t\t\t\tAND vtiger_vendor.vendorid = " . $id . "\n\t\t\t\tAND vtiger_activity.activitytype='Emails'\n\t\t\t\tAND vtiger_crmentity.deleted = 0";
$return_value = GetRelatedList($this_module, $related_module, $other, $query, $button, $returnset);
if ($return_value == null) {
$return_value = array();
}
$return_value['CUSTOM_BUTTON'] = $button;
$log->debug("Exiting get_emails method ...");
return $return_value;
}
/** function used to get the Quotes/Invoice pdf
* @param int $id - id -id
* return string $output - pd link value
*/
function get_pdf($id, $block, $customerid, $sessionid)
{
global $adb;
global $current_user, $log, $default_language;
global $currentModule, $mod_strings, $app_strings, $app_list_strings;
$log->debug("Entering customer portal function get_pdf");
$isPermitted = check_permission($customerid, $block, $id);
if ($isPermitted == false) {
return array("#NOT AUTHORIZED#");
}
if (!validateSession($customerid, $sessionid)) {
return null;
}
require_once "config.inc.php";
$current_user = Users::getActiveAdminUser();
$currentModule = $block;
$current_language = $default_language;
$app_strings = return_application_language($current_language);
$app_list_strings = return_app_list_strings_language($current_language);
$mod_strings = return_module_language($current_language, $currentModule);
$_REQUEST['record'] = $id;
$_REQUEST['savemode'] = 'file';
$sequenceNo = getModuleSequenceNumber($block, $id);
$filenamewithpath = 'test/product/' . $id . '_' . $block . '_' . $sequenceNo . '.pdf';
if (file_exists($filenamewithpath) && filesize($filenamewithpath) != 0) {
unlink($filenamewithpath);
}
checkFileAccessForInclusion("modules/{$block}/CreatePDF.php");
include "modules/{$block}/CreatePDF.php";
if (file_exists($filenamewithpath) && filesize($filenamewithpath) != 0) {
//we have to pass the file content
$filecontents[] = base64_encode(file_get_contents($filenamewithpath));
unlink($filenamewithpath);
// TODO: Delete the file to avoid public access.
} else {
$filecontents = "failure";
}
$log->debug("Exiting customer portal function get_pdf");
return $filecontents;
}
/** Function to get the current user information from the user_privileges file
* @param $userid -- user id:: Type integer
* @returns user info in $this->column_fields array:: Type array
*
*/
function retrieveCurrentUserInfoFromFile($userid) {
global $WERPASCOPEUSERPRIVILEGES;
checkFileAccessForInclusion($WERPASCOPEUSERPRIVILEGES.'/user_privileges_'.$userid.'.php');
require($WERPASCOPEUSERPRIVILEGES.'/user_privileges_'.$userid.'.php');
foreach($this->column_fields as $field=>$value_iter) {
if(isset($user_info[$field])) {
$this->$field = $user_info[$field];
$this->column_fields[$field] = $user_info[$field];
}
}
$this->id = $userid;
return $this;
}
function GetPicklistValues($username, $sessionid, $tablename)
{
global $current_user, $log, $adb;
if (!validateSession($username, $sessionid)) {
return null;
}
require_once "modules/Users/Users.php";
$seed_user = new Users();
$user_id = $seed_user->retrieve_user_id($username);
$current_user = $seed_user;
$current_user->retrieve_entity_info($user_id, 'Users');
require_once "include/utils/UserInfoUtil.php";
$roleid = fetchUserRole($user_id);
checkFileAccessForInclusion('user_privileges/user_privileges_' . $current_user->id . '.php');
require 'user_privileges/user_privileges_' . $current_user->id . '.php';
if ($is_admin == true || $profileGlobalPermission[1] == 0 || $profileGlobalPermission[2] == 0) {
$query = "select " . $adb->sql_escape_string($tablename) . " from vtiger_" . $adb->sql_escape_string($tablename);
$result1 = $adb->pquery($query, array());
for ($i = 0; $i < $adb->num_rows($result1); $i++) {
$output[$i] = decode_html($adb->query_result($result1, $i, $tablename));
}
} else {
if (isPermitted("HelpDesk", "EditView") == "yes" && CheckFieldPermission($tablename, 'HelpDesk') == 'true') {
$query = "select " . $adb->sql_escape_string($tablename) . " from vtiger_" . $adb->sql_escape_string($tablename) . " inner join vtiger_role2picklist on vtiger_role2picklist.picklistvalueid = vtiger_" . $adb->sql_escape_string($tablename) . ".picklist_valueid where roleid=? and picklistid in (select picklistid from vtiger_" . $adb->sql_escape_string($tablename) . " ) order by sortid";
$result1 = $adb->pquery($query, array($roleid));
for ($i = 0; $i < $adb->num_rows($result1); $i++) {
$output[$i] = decode_html($adb->query_result($result1, $i, $tablename));
}
} else {
$output[] = 'Not Accessible';
}
}
return $output;
}
/** Function to get the current user information from the user_privileges file
* @param $userid -- user id:: Type integer
* @returns user info in $this->column_fields array:: Type array
*
*/
function retrieveCurrentUserInfoFromFile($userid)
{
checkFileAccessForInclusion('user_privileges/user_privileges_' . $userid . '.php');
require 'user_privileges/user_privileges_' . $userid . '.php';
foreach ($this->column_fields as $field => $value_iter) {
if (isset($user_info[$field])) {
$this->{$field} = $user_info[$field];
$this->column_fields[$field] = $user_info[$field];
}
}
$this->id = $userid;
return $this;
}
<?php
/*+**********************************************************************************
* The contents of this file are subject to the vtiger CRM Public License Version 1.0
* ("License"); You may not use this file except in compliance with the License
* The Original Code is: vtiger CRM Open Source
* The Initial Developer of the Original Code is vtiger.
* Portions created by vtiger are Copyright (C) vtiger.
* All Rights Reserved.
************************************************************************************/
global $current_user, $currentModule, $singlepane_view;
checkFileAccessForInclusion("modules/{$currentModule}/{$currentModule}.php");
require_once "modules/{$currentModule}/{$currentModule}.php";
$search = vtlib_purify($_REQUEST['search_url']);
$focus = new $currentModule();
setObjectValuesFromRequest($focus);
list($void, $canaddcomments) = cbEventHandler::do_filter('corebos.filter.ModComments.canAdd', array(vtlib_purify($_REQUEST['related_to']), true));
if ($canaddcomments) {
$mode = vtlib_purify($_REQUEST['mode']);
$record = vtlib_purify($_REQUEST['record']);
if ($mode) {
$focus->mode = $mode;
}
if ($record) {
$focus->id = $record;
}
if (isset($_REQUEST['inventory_currency'])) {
$focus->column_fields['currency_id'] = vtlib_purify($_REQUEST['inventory_currency']);
$cur_sym_rate = getCurrencySymbolandCRate(vtlib_purify($_REQUEST['inventory_currency']));
$focus->column_fields['conversion_rate'] = $cur_sym_rate['rate'];
}
<?php
/*+**********************************************************************************
* The contents of this file are subject to the vtiger CRM Public License Version 1.0
* ("License"); You may not use this file except in compliance with the License
* The Original Code is: vtiger CRM Open Source
* The Initial Developer of the Original Code is vtiger.
* Portions created by vtiger are Copyright (C) vtiger.
* All Rights Reserved.
************************************************************************************/
global $currentModule;
checkFileAccessForInclusion("modules/{$currentModule}/DetailView.php");
include_once "modules/{$currentModule}/DetailView.php";
/** Function to populate the read/wirte Sharing permissions related module data for the specified user into the database
* @param $userid -- user id:: Type integer
* @param $enttype -- can have the value of User or Group:: Type varchar
* @param $module -- module name:: Type varchar
* @param $relmodule -- related module name:: Type varchar
* @param $pertype -- can have the value of read or write:: Type varchar
* @param $var_name_arr - Variable to use instead of including the sharing access again
*/
function populateRelatedSharingPrivileges($enttype, $userid, $module, $relmodule, $pertype, $var_name_arr = false)
{
global $adb;
$tabid = getTabid($module);
$reltabid = getTabid($relmodule);
if (!$var_name_arr) {
checkFileAccessForInclusion('user_privileges/sharing_privileges_' . $userid . '.php');
require 'user_privileges/sharing_privileges_' . $userid . '.php';
}
if ($enttype == 'USER') {
if ($pertype == 'read') {
$table_name = 'vtiger_tmp_read_user_rel_sharing_per';
$var_name = $module . '_' . $relmodule . '_share_read_permission';
} elseif ($pertype == 'write') {
$table_name = 'vtiger_tmp_write_user_rel_sharing_per';
$var_name = $module . '_' . $relmodule . '_share_write_permission';
}
// Lookup for the variable if not set through function argument
if (!$var_name_arr) {
$var_name_arr = ${$var_name};
}
$user_arr = array();
if (sizeof($var_name_arr['ROLE']) > 0) {
foreach ($var_name_arr['ROLE'] as $roleid => $roleusers) {
foreach ($roleusers as $user_id) {
if (!in_array($user_id, $user_arr)) {
$query = "insert into " . $table_name . " values(?,?,?,?)";
$adb->pquery($query, array($userid, $tabid, $reltabid, $user_id));
$user_arr[] = $user_id;
}
}
}
}
if (sizeof($var_name_arr['GROUP']) > 0) {
foreach ($var_name_arr['GROUP'] as $grpid => $grpusers) {
foreach ($grpusers as $user_id) {
if (!in_array($user_id, $user_arr)) {
$query = "insert into " . $table_name . " values(?,?,?,?)";
$adb->pquery($query, array($userid, $tabid, $reltabid, $user_id));
$user_arr[] = $user_id;
}
}
}
}
} elseif ($enttype == 'GROUP') {
if ($pertype == 'read') {
$table_name = 'vtiger_tmp_read_group_rel_sharing_per';
$var_name = $module . '_' . $relmodule . '_share_read_permission';
} elseif ($pertype == 'write') {
$table_name = 'vtiger_tmp_write_group_rel_sharing_per';
$var_name = $module . '_' . $relmodule . '_share_write_permission';
}
// Lookup for the variable if not set through function argument
if (!$var_name_arr) {
$var_name_arr = ${$var_name};
}
$grp_arr = array();
if (sizeof($var_name_arr['GROUP']) > 0) {
foreach ($var_name_arr['GROUP'] as $grpid => $grpusers) {
if (!in_array($grpid, $grp_arr)) {
$query = "insert into " . $table_name . " values(?,?,?,?)";
$adb->pquery($query, array($userid, $tabid, $reltabid, $grpid));
$grp_arr[] = $grpid;
}
}
}
}
}
/**
* Get instance of the module class.
* @param String Module name
*/
static function getClassInstance($modulename)
{
if ($modulename == 'Calendar') {
$modulename = 'Activity';
}
$instance = false;
$filepath = "modules/{$modulename}/{$modulename}.php";
if (Vtiger_Utils::checkFileAccessForInclusion($filepath, false)) {
checkFileAccessForInclusion($filepath);
include_once $filepath;
if (class_exists($modulename)) {
$instance = new $modulename();
}
}
return $instance;
}
/** function used to get the list of pricebooks which are related to the service
* @param int $id - service id
* @return array - array which will be returned from the function GetRelatedList
*/
function get_service_pricebooks($id, $cur_tab_id, $rel_tab_id, $actions = false)
{
global $currentModule, $log, $singlepane_view, $mod_strings;
$log->debug("Entering get_service_pricebooks(" . $id . ") method ...");
$related_module = vtlib_getModuleNameById($rel_tab_id);
checkFileAccessForInclusion("modules/{$related_module}/{$related_module}.php");
require_once "modules/{$related_module}/{$related_module}.php";
$focus = new $related_module();
$singular_modname = vtlib_toSingular($related_module);
if ($singlepane_view == 'true') {
$returnset = "&return_module={$currentModule}&return_action=DetailView&return_id={$id}";
} else {
$returnset = "&return_module={$currentModule}&return_action=CallRelatedList&return_id={$id}";
}
$button = '';
if ($actions) {
if (is_string($actions)) {
$actions = explode(',', strtoupper($actions));
}
if (in_array('ADD', $actions) && isPermitted($related_module, 1, '') == 'yes' && isPermitted($currentModule, 'EditView', $id) == 'yes') {
$button .= "<input title='" . getTranslatedString('LBL_ADD_TO') . " " . getTranslatedString($related_module) . "' class='crmbutton small create'" . " onclick='this.form.action.value=\"AddServiceToPriceBooks\";this.form.module.value=\"{$currentModule}\"' type='submit' name='button'" . " value='" . getTranslatedString('LBL_ADD_TO') . " " . getTranslatedString($singular_modname) . "'> ";
}
}
$query = "SELECT vtiger_crmentity.crmid,\n\t\t\tvtiger_pricebook.*,\n\t\t\tvtiger_pricebookproductrel.productid as prodid\n\t\t\tFROM vtiger_pricebook\n\t\t\tINNER JOIN vtiger_crmentity\n\t\t\t\tON vtiger_crmentity.crmid = vtiger_pricebook.pricebookid\n\t\t\tINNER JOIN vtiger_pricebookproductrel\n\t\t\t\tON vtiger_pricebookproductrel.pricebookid = vtiger_pricebook.pricebookid\n\t\t\tWHERE vtiger_crmentity.deleted = 0\n\t\t\tAND vtiger_pricebookproductrel.productid = " . $id;
$log->debug("Exiting get_product_pricebooks method ...");
$return_value = GetRelatedList($currentModule, $related_module, $focus, $query, $button, $returnset);
if ($return_value == null) {
$return_value = array();
}
$return_value['CUSTOM_BUTTON'] = $button;
$log->debug("Exiting get_service_pricebooks method ...");
return $return_value;
}
}
$current_language = $default_language;
if (isset($_REQUEST['current_language'])) {
$current_language = $_REQUEST['current_language'];
}
// retrieve the translated strings.
$app_strings = return_application_language($current_language);
if (isset($app_strings['LBL_CHARSET'])) {
$charset = $app_strings['LBL_CHARSET'];
} else {
$charset = $default_charset;
}
$log->info("current langugage is {$current_language}");
$log->info("current module is {$current_module} ");
$log->info("including {$current_module_file}");
checkFileAccessForInclusion($current_module_file);
require_once $current_module_file;
$draw_this = new jpgraph();
if (isset($_REQUEST['graph'])) {
$graph = $_REQUEST['graph'];
} else {
$graph = 'default';
}
if (isset($_REQUEST['flat_array1'])) {
$flat_array1 = $_REQUEST['flat_array1'];
} else {
$flat_array1 = "foo,bar";
}
if (isset($_REQUEST['flat_array2'])) {
$flat_array2 = $_REQUEST['flat_array2'];
} else {
}
$sid = $sessionManager->startSession($sessionId, $adoptSession);
if (!$sessionId && !$operationManager->isPreLoginOperation()) {
writeErrorOutput($operationManager, new WebServiceException(WebServiceErrorCode::$AUTHREQUIRED, "Authentication required"));
return;
}
if (!$sid) {
writeErrorOutput($operationManager, $sessionManager->getError());
return;
}
$userid = $sessionManager->get("authenticatedUserId");
if ($userid) {
$seed_user = new Users();
$current_user = $seed_user->retrieveCurrentUserInfoFromFile($userid);
} else {
$current_user = null;
}
$operationInput = $operationManager->sanitizeOperation($input);
$includes = $operationManager->getOperationIncludes();
foreach ($includes as $ind => $path) {
checkFileAccessForInclusion($path);
require_once $path;
}
cbEventHandler::do_action('corebos.audit.action', array(isset($current_user) ? $current_user->id : 0, 'Webservice', $operation, 0, date('Y-m-d H:i:s')));
$rawOutput = $operationManager->runOperation($operationInput, $current_user);
writeOutput($operationManager, $rawOutput);
} catch (WebServiceException $e) {
writeErrorOutput($operationManager, $e);
} catch (Exception $e) {
writeErrorOutput($operationManager, new WebServiceException(WebServiceErrorCode::$INTERNALERROR, "Unknown Error while processing request"));
}
/** This function retrieves an application language file and returns the array of strings included.
* Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.
* All Rights Reserved.
* If you are using the current language, do not call this function unless you are loading it for the first time */
function return_application_language($language)
{
global $log;
$log->debug("Entering return_application_language(" . $language . ") method ...");
global $app_strings, $default_language, $log, $translation_string_prefix;
$temp_app_strings = $app_strings;
$language_used = $language;
checkFileAccessForInclusion("include/language/{$language}.lang.php");
@(include "include/language/{$language}.lang.php");
if (!isset($app_strings)) {
$log->warn("Unable to find the application language file for language: " . $language);
require "include/language/{$default_language}.lang.php";
$language_used = $default_language;
}
if (!isset($app_strings)) {
$log->fatal("Unable to load the application language file for the selected language({$language}) or the default language({$default_language})");
$log->debug("Exiting return_application_language method ...");
return null;
}
// If we are in debug mode for translating, turn on the prefix now!
if ($translation_string_prefix) {
foreach ($app_strings as $entry_key => $entry_value) {
$app_strings[$entry_key] = $language_used . ' ' . $entry_value;
}
}
$return_value = $app_strings;
$app_strings = $temp_app_strings;
$log->debug("Exiting return_application_language method ...");
return $return_value;
}
function AddLead($user_name, $first_name, $last_name, $email_address, $account_name, $salutation, $title, $phone_mobile, $reports_to, $primary_address_street, $website, $primary_address_city, $primary_address_state, $primary_address_postalcode, $primary_address_country, $alt_address_city, $alt_address_street, $alt_address_state, $alt_address_postalcode, $alt_address_country, $office_phone = "", $home_phone = "", $fax = "", $department = "", $password, $description = "")
{
if (authentication($user_name, $password)) {
global $adb;
global $current_user;
require_once 'modules/Users/Users.php';
require_once 'modules/Leads/Leads.php';
$seed_user = new Users();
$user_id = $seed_user->retrieve_user_id($user_name);
$current_user = $seed_user;
$current_user->retrieve_entity_info($user_id, "Users");
checkFileAccessForInclusion('user_privileges/user_privileges_' . $current_user->id . '.php');
require 'user_privileges/user_privileges_' . $current_user->id . '.php';
checkFileAccessForInclusion('user_privileges/sharing_privileges_' . $current_user->id . '.php');
require 'user_privileges/sharing_privileges_' . $current_user->id . '.php';
if ($is_admin == true || $profileGlobalPermission[1] == 0 || $profileGlobalPermission[2] == 0) {
$sql1 = "select fieldname,columnname from vtiger_field where tabid=7 and block <> 14 and vtiger_field.presence in (0,2)";
$params1 = array();
} else {
$profileList = getCurrentUserProfileList();
$sql1 = "select fieldname,columnname from vtiger_field inner join vtiger_profile2field on vtiger_profile2field.fieldid=vtiger_field.fieldid inner join vtiger_def_org_field on vtiger_def_org_field.fieldid=vtiger_field.fieldid where vtiger_field.tabid=7 and vtiger_field.block <> 14 and vtiger_field.displaytype in (1,2,4) and vtiger_profile2field.visible=0 and vtiger_def_org_field.visible=0 and vtiger_field.presence in (0,2)";
$params1 = array();
if (count($profileList) > 0) {
$sql1 .= " and vtiger_profile2field.profileid in (" . generateQuestionMarks($profileList) . ")";
array_push($params1, $profileList);
}
}
$result1 = $adb->pquery($sql1, $params1);
for ($i = 0; $i < $adb->num_rows($result1); $i++) {
$permitted_lists[] = $adb->query_result($result1, $i, 'fieldname');
}
$Lead = new Leads();
$Lead->column_fields[firstname] = in_array('firstname', $permitted_lists) ? $first_name : "";
$Lead->column_fields[lastname] = in_array('lastname', $permitted_lists) ? $last_name : "";
$Lead->column_fields[company] = in_array('company', $permitted_lists) ? $account_name : "";
$Lead->column_fields[email] = in_array('email', $permitted_lists) ? $email_address : "";
$Lead->column_fields[title] = in_array('title', $permitted_lists) ? $title : "";
$Lead->column_fields[designation] = in_array('designation', $permitted_lists) ? $department : "";
$Lead->column_fields[phone] = in_array('phone', $permitted_lists) ? $office_phone : "";
$Lead->column_fields[homephone] = in_array('homephone', $permitted_lists) ? $home_phone : "";
$Lead->column_fields[website] = in_array('website', $permitted_lists) ? $website : "";
$Lead->column_fields[fax] = in_array('fax', $permitted_lists) ? $fax : "";
$Lead->column_fields[mobile] = in_array('mobile', $permitted_lists) ? $phone_mobile : "";
$Lead->column_fields[mailingstreet] = in_array('mailingstreet', $permitted_lists) ? $primary_address_street : "";
$Lead->column_fields[mailingcity] = in_array('mailingcity', $permitted_lists) ? $primary_address_city : "";
$Lead->column_fields[mailingstate] = in_array('mailingstate', $permitted_lists) ? $primary_address_state : "";
$Lead->column_fields[mailingzip] = in_array('mailingzip', $permitted_lists) ? $primary_address_postalcode : "";
$Lead->column_fields[workCountry] = in_array('mailingcountry', $permitted_lists) ? $workCountry : "";
$Lead->column_fields[lane] = in_array('lane', $permitted_lists) ? $alt_address_street : "";
$Lead->column_fields[city] = in_array('city', $permitted_lists) ? $alt_address_city : "";
$Lead->column_fields[state] = in_array('state', $permitted_lists) ? $alt_address_state : "";
$Lead->column_fields[code] = in_array('code', $permitted_lists) ? $alt_address_postalcode : "";
$Lead->column_fields[country] = in_array('country', $permitted_lists) ? $alt_address_country : "";
$Lead->column_fields[assigned_user_id] = in_array('assigned_user_id', $permitted_lists) ? $user_id : "";
$Lead->column_fields[description] = "";
// $log->fatal($Lead->column_fields);
$Lead->save("Leads");
$Lead = $Lead;
return $Lead->id;
}
}
/**
* Get all the link related to module based on type
* @param Integer Module ID
* @param mixed String or List of types to select
* @param Map Key-Value pair to use for formating the link url
*/
static function getAllByType($tabid, $type = false, $parameters = false)
{
global $adb, $current_user;
self::__initSchema();
$multitype = false;
$orderby = " order by linktype,sequence";
if ($type) {
// Multiple link type selection?
if (is_array($type)) {
$multitype = true;
if ($tabid === self::IGNORE_MODULE) {
$sql = 'SELECT * FROM vtiger_links WHERE linktype IN (' . Vtiger_Utils::implodestr('?', count($type), ',') . ') ';
$params = $type;
$permittedTabIdList = getPermittedModuleIdList();
if (count($permittedTabIdList) > 0 && $current_user->is_admin !== 'on') {
$sql .= ' and tabid IN (' . Vtiger_Utils::implodestr('?', count($permittedTabIdList), ',') . ')';
$params[] = $permittedTabIdList;
}
$result = $adb->pquery($sql . $orderby, array($adb->flatten_array($params)));
} else {
$result = $adb->pquery('SELECT * FROM vtiger_links WHERE tabid=? AND linktype IN (' . Vtiger_Utils::implodestr('?', count($type), ',') . ')' . $orderby, array($tabid, $adb->flatten_array($type)));
}
} else {
// Single link type selection
if ($tabid === self::IGNORE_MODULE) {
$result = $adb->pquery('SELECT * FROM vtiger_links WHERE linktype=?' . $orderby, array($type));
} else {
$result = $adb->pquery('SELECT * FROM vtiger_links WHERE tabid=? AND linktype=?' . $orderby, array($tabid, $type));
}
}
} else {
$result = $adb->pquery('SELECT * FROM vtiger_links WHERE tabid=?' . $orderby, array($tabid));
}
$strtemplate = new Vtiger_StringTemplate();
if ($parameters) {
foreach ($parameters as $key => $value) {
$strtemplate->assign($key, $value);
}
}
$instances = array();
if ($multitype) {
foreach ($type as $t) {
$instances[$t] = array();
}
}
while ($row = $adb->fetch_array($result)) {
$instance = new self();
$instance->initialize($row);
if (!empty($row['handler_path']) && isFileAccessible($row['handler_path'])) {
checkFileAccessForInclusion($row['handler_path']);
require_once $row['handler_path'];
$linkData = new Vtiger_LinkData($instance, $current_user);
$ignore = call_user_func(array($row['handler_class'], $row['handler']), $linkData);
if (!$ignore) {
self::log("Ignoring Link ... " . var_export($row, true));
continue;
}
}
if ($parameters) {
$instance->linkurl = $strtemplate->merge($instance->linkurl);
$instance->linkicon = $strtemplate->merge($instance->linkicon);
}
if ($multitype) {
$instances[$instance->linktype][] = $instance;
} else {
$instances[] = $instance;
}
}
return $instances;
}
