<?php require_once 'base.php'; require_once W2P_BASE_DIR . '/includes/config.php'; require_once W2P_BASE_DIR . '/includes/main_functions.php'; require_once W2P_BASE_DIR . '/includes/db_adodb.php'; $AppUI = new w2p_Core_CAppUI(); $updatekey = w2PgetParam($_GET, 'updatekey', 0); $updatekey = preg_replace("/[^A-Za-z0-9]/", "", $updatekey); $contact_id = CContact::getContactByUpdatekey($updatekey); $company_id = intval(w2PgetParam($_REQUEST, 'company_id', 0)); $company_name = w2PgetParam($_REQUEST, 'company_name', null); // check permissions for this record if (!$contact_id) { echo $AppUI->_('You are not authorized to use this page. If you should be authorized please contact') . ' ' . $w2Pconfig['company_name'] . ' ' . $AppUI->_('to give you another valid link, thank you.'); exit; } // load the record data $msg = ''; $row = new CContact(); if (!$row->load($contact_id) && $contact_id > 0) { $AppUI->setMsg('Contact'); $AppUI->setMsg('invalidID', UI_MSG_ERROR, true); $AppUI->redirect(); } else { //TODO: replace with the proper canEdit() if ($row->contact_private && $row->contact_owner != $AppUI->user_id && $row->contact_owner && $contact_id != 0) { // check only owner can edit $AppUI->redirect(ACCESS_DENIED); } }
require_once W2P_BASE_DIR . '/includes/config.php'; if (!isset($GLOBALS['OS_WIN'])) { $GLOBALS['OS_WIN'] = stristr(PHP_OS, "WIN") !== false; } // tweak for pathname consistence on windows machines require_once W2P_BASE_DIR . '/includes/main_functions.php'; require_once W2P_BASE_DIR . '/includes/db_adodb.php'; require_once W2P_BASE_DIR . '/classes/query.class.php'; require_once W2P_BASE_DIR . '/classes/ui.class.php'; $AppUI = new CAppUI(); require_once W2P_BASE_DIR . '/classes/date.class.php'; require_once W2P_BASE_DIR . '/modules/contacts/contacts.class.php'; require_once W2P_BASE_DIR . '/classes/CustomFields.class.php'; $msg = ''; $updatekey = w2PgetParam($_POST, 'updatekey', 0); $contactkey = CContact::getContactByUpdatekey($updatekey); $contact = new CContact(); $q = new DBQuery(); $contact_id = $contactkey ? $contactkey : 0; // check permissions for this record if (!$contact_id) { echo $AppUI->_('You are not authorized to use this page. If you should be authorized please contact Bruce Bodger to give you another valid link, thank you.'); exit; } if (!$contact->bind($_POST)) { $AppUI->setMsg($contact->getError(), UI_MSG_ERROR); $AppUI->redirect(); } // prepare (and translate) the module name ready for the suffix $AppUI->setMsg('Contact'); $isNotNew = $_POST['contact_id'];