function handleJSON_changeImageProfile($smarty, $module_name)
{
global $arrConf;
Header('Content-Type: application/json');
$arrCredentials = getUserCredentials($_SESSION['elastix_user']);
$pDB = new paloDB($arrConf['elastix_dsn']["elastix"]);
$pACL = new paloACL($pDB);
$jsonObject = new PaloSantoJSON();
$idUser = $arrCredentials['idUser'];
foreach ($_FILES['picture']['error'] as $key => $error) {
if ($error == UPLOAD_ERR_OK) {
$pictureUpload = $_FILES['picture']['name'][$key];
if (!preg_match("/^(\\w|-|\\.|\\(|\\)|\\s)+\\.(png|PNG|JPG|jpg|JPEG|jpeg)\$/", $pictureUpload)) {
$jsonObject->set_error(_tr("Invalid file extension.- It must be png or jpg or jpeg"));
return $jsonObject->createJSON();
} elseif (preg_match("/(\\.php)/", $pictureUpload)) {
$jsonObject->set_error(_tr("Possible file upload attack."));
return $jsonObject->createJSON();
} else {
if (is_uploaded_file($_FILES['picture']['tmp_name'][$key])) {
$ancho = 159;
$alto = 159;
redimensionarImagen($_FILES['picture']['tmp_name'][$key], $_FILES['picture']['tmp_name'][$key], $ancho, $alto);
$picture_type = $_FILES['picture']['type'][$key];
$picture_content = file_get_contents($_FILES['picture']['tmp_name'][$key]);
$Exito = $pACL->setUserPicture($idUser, $picture_type, $picture_content);
if ($Exito === false) {
$jsonObject->set_error(_tr("Image couldn't be upload."));
return $jsonObject->createJSON();
}
} else {
$jsonObject->set_error(_tr("Possible file upload attack. Filename") . " : " . $pictureUpload);
return $jsonObject->createJSON();
}
}
$url = "index.php?menu=_elastixutils&action=getImage&ID={$idUser}&rawmode=yes";
$jsonObject->set_message($url);
return $jsonObject->createJSON();
}
}
return $jsonObject->createJSON();
}
function save_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk, $update = FALSE)
{
$arrForm = createFieldForm($arrLang);
$oForm = new paloForm($smarty, $arrForm);
$pACL = new paloACL($pDB_2);
$id_user = $pACL->getIdUser($_SESSION["elastix_user"]);
$bandera = true;
if (!$oForm->validateForm($_POST)) {
// Falla la validación básica del formulario
$smarty->assign("mb_title", $arrLang["Validation Error"]);
$arrErrores = $oForm->arrErroresValidacion;
$strErrorMsg = "<b>{$arrLang['The following fields contain errors']}:</b><br/>";
if (is_array($arrErrores) && count($arrErrores) > 0) {
foreach ($arrErrores as $k => $v) {
$strErrorMsg .= "{$k}, ";
}
}
$smarty->assign("mb_message", $strErrorMsg);
$smarty->assign("REQUIRED_FIELD", $arrLang["Required field"]);
$smarty->assign("SAVE", $arrLang["Save"]);
$smarty->assign("CANCEL", $arrLang["Cancel"]);
$smarty->assign("title", $arrLang["Address Book"]);
$smarty->assign("new_contact", $arrLang["New Contact"]);
$smarty->assign("address_from_csv", $arrLang["Address Book from CSV"]);
$smarty->assign("private_contact", $arrLang["Private Contact"]);
$smarty->assign("public_contact", $arrLang["Public Contact"]);
if (isset($_POST['address_book_options']) && $_POST['address_book_options'] == 'address_from_csv') {
$smarty->assign("check_csv", "checked");
} else {
$smarty->assign("check_new_contact", "checked");
}
if (isset($_POST['address_book_status']) && $_POST['address_book_status'] == 'isPrivate') {
$smarty->assign("check_isPrivate", "checked");
} else {
$smarty->assign("check_isPublic", "checked");
}
$smarty->assign("SAVE", $arrLang["Save"]);
$smarty->assign("CANCEL", $arrLang["Cancel"]);
$smarty->assign("REQUIRED_FIELD", $arrLang["Required field"]);
$smarty->assign("label_file", $arrLang["File"]);
$smarty->assign("DOWNLOAD", $arrLang["Download Address Book"]);
$smarty->assign("HeaderFile", $arrLang["Header File Address Book"]);
$smarty->assign("AboutContacts", $arrLang["About Address Book"]);
if ($update) {
$_POST["edit"] = 'edit';
return view_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk);
} else {
$smarty->assign("Show", 1);
$smarty->assign("ShowImg", 1);
$htmlForm = $oForm->fetchForm("{$local_templates_dir}/new_adress_book.tpl", $arrLang["Address Book"], $_POST);
$contenidoModulo = "<form method='POST' enctype='multipart/form-data' style='margin-bottom:0;' action='?menu={$module_name}'>" . $htmlForm . "</form>";
return $contenidoModulo;
}
} else {
$pictureUpload = $_FILES['picture']['name'];
$file_upload = "";
$ruta_destino = "/var/www/address_book_images";
$idPost = $_POST['id'];
$data = array();
$padress_book = new paloAdressBook($pDB);
$contactData = $padress_book->contactData($idPost, $id_user);
$lastId = 0;
if ($update) {
$idImg = $contactData['id'];
} else {
$idImg = date("Ymdhis");
}
//valido el tipo de archivo
if (isset($pictureUpload) && $pictureUpload != "") {
// \w cualquier caracter, letra o guion bajo
// \s cualquier espacio en blanco
if (!preg_match("/^(\\w|-|\\.|\\(|\\)|\\s)+\\.(png|PNG|JPG|jpg|JPEG|jpeg)\$/", $pictureUpload)) {
$smarty->assign("mb_title", $arrLang["Validation Error"]);
$smarty->assign("mb_message", $arrLang["Invalid file extension.- It must be png or jpg or jpeg"]);
if ($update) {
return view_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk, TRUE);
} else {
return new_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk);
}
} else {
if (is_uploaded_file($_FILES['picture']['tmp_name'])) {
$file_upload = basename($_FILES['picture']['tmp_name']);
// verificando que solo tenga la ruta al archivo
$file_name = basename("/tmp/" . $_FILES['picture']['name']);
$ruta_archivo = "/tmp/{$file_upload}";
$arrIm = explode(".", $pictureUpload);
$renameFile = "{$ruta_destino}/{$idImg}." . $arrIm[count($arrIm) - 1];
$file_upload = $idImg . "." . $arrIm[count($arrIm) - 1];
$filesize = $_FILES['picture']['size'];
$filetype = $_FILES['picture']['type'];
$sizeImgUp = getimagesize($ruta_archivo);
if (!$sizeImgUp) {
$smarty->assign("mb_title", $arrLang["ERROR"]);
$smarty->assign("mb_message", $arrLang["Possible file upload attack. Filename"] . " : " . $pictureUpload);
if ($update) {
return view_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk, TRUE);
} else {
return new_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk);
}
}
//realizar acciones
if (!rename($ruta_archivo, $renameFile)) {
$smarty->assign("mb_title", $arrLang["ERROR"]);
$smarty->assign("mb_message", $arrLang["Error to Upload"] . " : " . $pictureUpload);
if ($update) {
return view_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk, TRUE);
} else {
return new_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk);
}
} else {
//redimensiono la imagen
$ancho_thumbnail = 48;
$alto_thumbnail = 48;
$thumbnail_path = $ruta_destino . "/{$idImg}" . "_Thumbnail." . $arrIm[count($arrIm) - 1];
if (is_file($renameFile)) {
if (!redimensionarImagen($renameFile, $thumbnail_path, $ancho_thumbnail, $alto_thumbnail)) {
$smarty->assign("mb_title", $arrLang["ERROR"]);
$smarty->assign("mb_message", $arrLang["Possible file upload attack. Filename"] . " : " . $pictureUpload);
if ($update) {
return view_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk, TRUE);
} else {
return new_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk);
}
}
}
$ancho = 280;
$alto = 200;
if (is_file($renameFile)) {
if (!redimensionarImagen($renameFile, $renameFile, $ancho, $alto)) {
$smarty->assign("mb_title", $arrLang["ERROR"]);
$smarty->assign("mb_message", $arrLang["Possible file upload attack. Filename"] . " : " . $pictureUpload);
if ($update) {
return view_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk, TRUE);
} else {
return new_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk);
}
}
}
}
} else {
$smarty->assign("mb_title", $arrLang["ERROR"]);
$smarty->assign("mb_message", $arrLang["Possible file upload attack. Filename"] . " : " . $pictureUpload);
if ($update) {
return view_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk, TRUE);
} else {
return new_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk);
}
}
}
}
$namedb = isset($_POST['name']) ? $_POST['name'] : "";
$last_namedb = isset($_POST['last_name']) ? $_POST['last_name'] : "";
$telefonodb = isset($_POST['telefono']) ? $_POST['telefono'] : "";
//$extensiondb = isset($_POST['extension'])?$_POST['extension']:"";
$emaildb = isset($_POST['email']) ? $_POST['email'] : "";
$iduserdb = isset($id_user) ? "{$id_user}" : "";
$picturedb = isset($file_upload) ? "{$file_upload}" : "";
$addressdb = isset($_POST['address']) ? $_POST['address'] : "";
$companydb = isset($_POST['company']) ? $_POST['company'] : "";
$notesdb = isset($_POST['notes']) ? $_POST['notes'] : "";
$statusdb = isset($_POST['address_book_status']) ? $_POST['address_book_status'] : "";
$data = array($namedb, $last_namedb, $telefonodb, $emaildb, $iduserdb, $picturedb, $addressdb, $companydb, $notesdb, $statusdb);
if ($update) {
// actualizacion del contacto
if ($contactData) {
if ($file_upload == "") {
$data[5] = $contactData['picture'];
}
$result = $padress_book->updateContact($data, $_POST['id']);
if (!$result) {
$smarty->assign("mb_title", $arrLang["Validation Error"]);
$smarty->assign("mb_message", $arrLang["Internal Error"]);
return report_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk);
}
} else {
$smarty->assign("mb_title", $arrLang["Validation Error"]);
$smarty->assign("mb_message", $arrLang["Internal Error"]);
return report_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk);
}
} else {
//// creacion de contacto
$result = $padress_book->addContact($data);
if (!$result) {
$smarty->assign("mb_title", $arrLang["Validation Error"]);
$smarty->assign("mb_message", $arrLang["Internal Error"]);
return new_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk);
}
$lastId = $pDB->getLastInsertId();
$contactData2 = $padress_book->contactData($lastId, $id_user);
if ($contactData2['picture'] != "" && isset($contactData2['picture'])) {
$arrIm = explode(".", $contactData2['picture']);
$renameFile = "{$ruta_destino}/" . $lastId . "." . $arrIm[count($arrIm) - 1];
$file_upload = $lastId . "." . $arrIm[count($arrIm) - 1];
rename($ruta_destino . "/" . $contactData2['picture'], $renameFile);
rename($ruta_destino . "/" . $idImg . "_Thumbnail." . $arrIm[count($arrIm) - 1], $ruta_destino . "/" . $lastId . "_Thumbnail." . $arrIm[count($arrIm) - 1]);
$data[5] = $file_upload;
$padress_book->updateContact($data, $lastId);
}
}
if (!$result) {
return $pDB->errMsg;
}
//'?menu=$module_name&action=show&id=".$adress_book['id']."'
if ($_POST['id']) {
header("Location: ?menu={$module_name}&action=show&id=" . $_POST['id']);
} else {
header("Location: ?menu={$module_name}");
}
}
}
function uploadImage($idUser, $pDB, &$error)
{
$pACL = new paloACL($pDB);
$pictureUpload = $_FILES['picture']['name'];
$Exito = false;
//valido el tipo de archivo
// \w cualquier caracter, letra o guion bajo
// \s cualquier espacio en blanco
if (!preg_match("/^(\\w|-|\\.|\\(|\\)|\\s)+\\.(png|PNG|JPG|jpg|JPEG|jpeg)\$/", $pictureUpload)) {
$error = _tr("Invalid file extension.- It must be png or jpg or jpeg");
} elseif (preg_match("/(\\.php)/", $pictureUpload)) {
$error = _tr("Possible file upload attack.");
} else {
if (is_uploaded_file($_FILES['picture']['tmp_name'])) {
$ancho = 240;
$alto = 200;
redimensionarImagen($_FILES['picture']['tmp_name'], $_FILES['picture']['tmp_name'], $ancho, $alto);
$picture_type = $_FILES['picture']['type'];
$picture_content = file_get_contents($_FILES['picture']['tmp_name']);
$Exito = $pACL->setUserPicture($idUser, $picture_type, $picture_content);
if ($Exito === false) {
$error = "Image couldn't be upload";
}
} else {
$error = _tr("Possible file upload attack. Filename") . " : " . $pictureUpload;
}
}
return $Exito;
}