function testSignValidate()
{
$cases = array();
$cases[] = array('signParams' => array('a' => 'eh', 'b' => 'bee', 'c' => NULL), 'validateParams' => array('a' => 'eh', 'b' => 'bee', 'c' => NULL), 'isValid' => TRUE);
$cases[] = array('signParams' => array('a' => 'eh', 'b' => 'bee', 'c' => NULL), 'validateParams' => array('a' => 'eh', 'b' => 'bee', 'c' => NULL, 'irrelevant' => 'totally-irrelevant'), 'isValid' => TRUE);
$cases[] = array('signParams' => array('a' => 'eh', 'b' => 'bee', 'c' => NULL), 'validateParams' => array('a' => 'eh', 'b' => 'bee', 'c' => ''), 'isValid' => TRUE);
$cases[] = array('signParams' => array('a' => 'eh', 'b' => 'bee', 'c' => NULL), 'validateParams' => array('a' => 'eh', 'b' => 'bee', 'c' => 0), 'isValid' => FALSE);
$cases[] = array('signParams' => array('a' => 'eh', 'b' => 'bee', 'c' => 0), 'validateParams' => array('a' => 'eh', 'b' => 'bee', 'c' => NULL), 'isValid' => FALSE);
$cases[] = array('signParams' => array('a' => 'eh', 'b' => 'bee', 'c' => NULL), 'validateParams' => array('a' => 'eh', 'b' => 'bay', 'c' => NULL), 'isValid' => FALSE);
$cases[] = array('signParams' => array('a' => 'eh', 'b' => 'bee', 'c' => NULL), 'validateParams' => array('a' => 'eh', 'b' => 'bee', 'c' => FALSE), 'isValid' => FALSE);
$cases[] = array('signParams' => array('a' => 1, 'b' => 'bee'), 'validateParams' => array('a' => '1', 'b' => 'bee'), 'isValid' => TRUE);
foreach ($cases as $caseId => $case) {
require_once 'CRM/Utils/Signer.php';
$signer = new CRM_Utils_Signer('secret', array('a', 'b', 'c'));
$signature = $signer->sign($case['signParams']);
$this->assertTrue(!empty($signature) && is_string($signature));
// arbitrary
$validator = new CRM_Utils_Signer('secret', array('a', 'b', 'c'));
// same as $signer but physically separate
$isValid = $validator->validate($signature, $case['validateParams']);
if ($isValid !== $case['isValid']) {
$this->fail("Case {$caseId}: Mismatch: " . var_export($case, TRUE));
}
$this->assertTrue(TRUE, 'Validation yielded expected result');
}
}
/**
* Generate a secure signature
*
* {code}
* {crmSigner var=mySig extra=123}
* var urlParams = ts={$mySig.ts}&extra={$mySig.extra}&sig={$mySig.signature}
* {endcode}
*
* @param $params array with keys:
* - var: string, a smarty variable to generate
* - ts: int, the current time (if omitted, autogenerated)
* - any other vars are put into the signature (sorted)
*/
function smarty_function_crmSigner($params, &$smarty)
{
$var = $params['var'];
unset($params['var']);
$params['ts'] = CRM_Utils_Time::getTimeRaw();
$fields = array_keys($params);
sort($fields);
$signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), $fields);
$params['signature'] = $signer->sign($params);
$smarty->assign($var, $params);
}
/**
* @return string
*/
public static function createToken()
{
$signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), array('for', 'ts'));
$ts = CRM_Utils_Time::getTimeRaw();
return $signer->sign(array('for' => 'crmAttachment', 'ts' => $ts)) . ';;;' . $ts;
}
static function deleteURLArgs($entityTable, $entityID, $fileID)
{
$params['entityTable'] = $entityTable;
$params['entityID'] = $entityID;
$params['fileID'] = $fileID;
$signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), self::$_signableFields);
$params['_sgn'] = $signer->sign($params);
return CRM_Utils_System::makeQueryString($params);
}
/**
* @param $rows
* @param string $daoName
* @param string $idName
* @param $returnURL
* @param null $filter
*/
public static function addOrder(&$rows, $daoName, $idName, $returnURL, $filter = NULL)
{
if (empty($rows)) {
return;
}
$ids = array_keys($rows);
$numIDs = count($ids);
array_unshift($ids, 0);
$ids[] = 0;
$firstID = $ids[1];
$lastID = $ids[$numIDs];
if ($firstID == $lastID) {
$rows[$firstID]['order'] = NULL;
return;
}
$config = CRM_Core_Config::singleton();
$imageURL = $config->userFrameworkResourceURL . 'i/arrow';
$queryParams = array('reset' => 1, 'dao' => $daoName, 'idName' => $idName, 'url' => $returnURL, 'filter' => $filter);
$signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), self::$SIGNABLE_FIELDS);
$queryParams['_sgn'] = $signer->sign($queryParams);
$baseURL = CRM_Utils_System::url('civicrm/admin/weight', $queryParams);
for ($i = 1; $i <= $numIDs; $i++) {
$id = $ids[$i];
$prevID = $ids[$i - 1];
$nextID = $ids[$i + 1];
$links = array();
$url = "{$baseURL}&src={$id}";
if ($prevID != 0) {
$alt = ts('Move to top');
$links[] = "<a class=\"crm-weight-arrow\" href=\"{$url}&dst={$firstID}&dir=first\"><img src=\"{$imageURL}/first.gif\" title=\"{$alt}\" alt=\"{$alt}\" class=\"order-icon\"></a>";
$alt = ts('Move up one row');
$links[] = "<a class=\"crm-weight-arrow\" href=\"{$url}&dst={$prevID}&dir=swap\"><img src=\"{$imageURL}/up.gif\" title=\"{$alt}\" alt=\"{$alt}\" class=\"order-icon\"></a>";
} else {
$links[] = "<img src=\"{$imageURL}/spacer.gif\" class=\"order-icon\">";
$links[] = "<img src=\"{$imageURL}/spacer.gif\" class=\"order-icon\">";
}
if ($nextID != 0) {
$alt = ts('Move down one row');
$links[] = "<a class=\"crm-weight-arrow\" href=\"{$url}&dst={$nextID}&dir=swap\"><img src=\"{$imageURL}/down.gif\" title=\"{$alt}\" alt=\"{$alt}\" class=\"order-icon\"></a>";
$alt = ts('Move to bottom');
$links[] = "<a class=\"crm-weight-arrow\" href=\"{$url}&dst={$lastID}&dir=last\"><img src=\"{$imageURL}/last.gif\" title=\"{$alt}\" alt=\"{$alt}\" class=\"order-icon\"></a>";
} else {
$links[] = "<img src=\"{$imageURL}/spacer.gif\" class=\"order-icon\">";
$links[] = "<img src=\"{$imageURL}/spacer.gif\" class=\"order-icon\">";
}
$rows[$id]['weight'] = implode(' ', $links);
}
}
/**
* This function for building custom fields
*
* @param object $qf form object (reference)
* @param string $elementName name of the custom field
* @param boolean $inactiveNeeded
* @param boolean $userRequired true if required else false
* @param boolean $search true if used for search else false
* @param string $label label for custom field
*
* @access public
* @static
*/
public static function addQuickFormElement(&$qf, $elementName, $fieldId, $inactiveNeeded = FALSE, $useRequired = TRUE, $search = FALSE, $label = NULL)
{
// we use $_POST directly, since we dont want to use session memory, CRM-4677
if (isset($_POST['_qf_Relationship_refresh']) && ($_POST['_qf_Relationship_refresh'] == 'Search' || $_POST['_qf_Relationship_refresh'] == 'Search Again')) {
$useRequired = FALSE;
}
$field = self::getFieldObject($fieldId);
// Custom field HTML should indicate group+field name
$groupName = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_CustomGroup', $field->custom_group_id);
$dataCrmCustomVal = $groupName . ':' . $field->name;
$dataCrmCustomAttr = 'data-crm-custom="' . $dataCrmCustomVal . '"';
$field->attributes .= $dataCrmCustomAttr;
// Fixed for Issue CRM-2183
if ($field->html_type == 'TextArea' && $search) {
$field->html_type = 'Text';
}
if (!isset($label)) {
$label = $field->label;
}
/**
* at some point in time we might want to split the below into small functions
**/
switch ($field->html_type) {
case 'Text':
if ($field->is_search_range && $search) {
$qf->add('text', $elementName . '_from', $label . ' ' . ts('From'), $field->attributes);
$qf->add('text', $elementName . '_to', ts('To'), $field->attributes);
} else {
$element =& $qf->add(strtolower($field->html_type), $elementName, $label, $field->attributes, $useRequired && !$search);
}
break;
case 'TextArea':
$attributes = $dataCrmCustomAttr;
if ($field->note_rows) {
$attributes .= 'rows=' . $field->note_rows;
} else {
$attributes .= 'rows=4';
}
if ($field->note_columns) {
$attributes .= ' cols=' . $field->note_columns;
} else {
$attributes .= ' cols=60';
}
if ($field->text_length) {
$attributes .= ' maxlength=' . $field->text_length;
}
$element =& $qf->add(strtolower($field->html_type), $elementName, $label, $attributes, $useRequired && !$search);
break;
case 'Select Date':
if ($field->is_search_range && $search) {
$qf->addDate($elementName . '_from', $label . ' - ' . ts('From'), FALSE, array('format' => $field->date_format, 'timeFormat' => $field->time_format, 'startOffset' => $field->start_date_years, 'endOffset' => $field->end_date_years, 'data-crm-custom' => $dataCrmCustomVal));
$qf->addDate($elementName . '_to', ts('To'), FALSE, array('format' => $field->date_format, 'timeFormat' => $field->time_format, 'startOffset' => $field->start_date_years, 'endOffset' => $field->end_date_years, 'data-crm-custom' => $dataCrmCustomVal));
} else {
$required = $useRequired && !$search;
$qf->addDate($elementName, $label, $required, array('format' => $field->date_format, 'timeFormat' => $field->time_format, 'startOffset' => $field->start_date_years, 'endOffset' => $field->end_date_years, 'data-crm-custom' => $dataCrmCustomVal));
}
break;
case 'Radio':
$choice = array();
if ($field->data_type != 'Boolean') {
$customOption =& CRM_Core_BAO_CustomOption::valuesByID($field->id, $field->option_group_id);
foreach ($customOption as $v => $l) {
$choice[] = $qf->createElement('radio', NULL, '', $l, (string) $v, $field->attributes);
}
$qf->addGroup($choice, $elementName, $label);
} else {
$choice[] = $qf->createElement('radio', NULL, '', ts('Yes'), '1', $field->attributes);
$choice[] = $qf->createElement('radio', NULL, '', ts('No'), '0', $field->attributes);
$qf->addGroup($choice, $elementName, $label);
}
if ($useRequired && !$search) {
$qf->addRule($elementName, ts('%1 is a required field.', array(1 => $label)), 'required');
}
break;
case 'Select':
$selectOption =& CRM_Core_BAO_CustomOption::valuesByID($field->id, $field->option_group_id);
$qf->add('select', $elementName, $label, array('' => ts('- select -')) + $selectOption, $useRequired && !$search, $dataCrmCustomAttr);
break;
//added for select multiple
//added for select multiple
case 'AdvMulti-Select':
$selectOption =& CRM_Core_BAO_CustomOption::valuesByID($field->id, $field->option_group_id);
if ($search && count($selectOption) > 1) {
$selectOption['CiviCRM_OP_OR'] = ts('Select to match ANY; unselect to match ALL');
}
$include =& $qf->addElement('advmultiselect', $elementName, $label, $selectOption, array('size' => 5, 'style' => '', 'class' => 'advmultiselect', 'data-crm-custom' => $dataCrmCustomVal));
$include->setButtonAttributes('add', array('value' => ts('Add >>')));
$include->setButtonAttributes('remove', array('value' => ts('<< Remove')));
if ($useRequired && !$search) {
$qf->addRule($elementName, ts('%1 is a required field.', array(1 => $label)), 'required');
}
break;
case 'Multi-Select':
$selectOption =& CRM_Core_BAO_CustomOption::valuesByID($field->id, $field->option_group_id);
if ($search && count($selectOption) > 1) {
$selectOption['CiviCRM_OP_OR'] = ts('Select to match ANY; unselect to match ALL');
}
$qf->addElement('select', $elementName, $label, $selectOption, array('size' => '5', 'multiple', 'data-crm-custom' => $dataCrmCustomVal));
if ($useRequired && !$search) {
$qf->addRule($elementName, ts('%1 is a required field.', array(1 => $label)), 'required');
}
break;
case 'CheckBox':
$customOption = CRM_Core_BAO_CustomOption::valuesByID($field->id, $field->option_group_id);
$check = array();
foreach ($customOption as $v => $l) {
$check[] =& $qf->addElement('advcheckbox', $v, NULL, $l, array('data-crm-custom' => $dataCrmCustomVal));
}
if ($search && count($check) > 1) {
$check[] =& $qf->addElement('advcheckbox', 'CiviCRM_OP_OR', NULL, ts('Check to match ANY; uncheck to match ALL'), array('data-crm-custom' => $dataCrmCustomVal));
}
$qf->addGroup($check, $elementName, $label);
if ($useRequired && !$search) {
$qf->addRule($elementName, ts('%1 is a required field.', array(1 => $label)), 'required');
}
break;
case 'File':
// we should not build upload file in search mode
if ($search) {
return;
}
$qf->add(strtolower($field->html_type), $elementName, $label, $field->attributes, $useRequired && !$search);
$qf->addUploadElement($elementName);
break;
case 'Select State/Province':
//Add State
$stateOption = array('' => ts('- select -')) + CRM_Core_PseudoConstant::stateProvince();
$qf->add('select', $elementName, $label, $stateOption, $useRequired && !$search, $dataCrmCustomAttr);
break;
case 'Multi-Select State/Province':
//Add Multi-select State/Province
$stateOption = CRM_Core_PseudoConstant::stateProvince();
$qf->addElement('select', $elementName, $label, $stateOption, array('size' => '5', 'multiple', 'data-crm-custom' => $dataCrmCustomVal));
if ($useRequired && !$search) {
$qf->addRule($elementName, ts('%1 is a required field.', array(1 => $label)), 'required');
}
break;
case 'Select Country':
//Add Country
$countryOption = array('' => ts('- select -')) + CRM_Core_PseudoConstant::country();
$qf->add('select', $elementName, $label, $countryOption, $useRequired && !$search, $dataCrmCustomAttr);
break;
case 'Multi-Select Country':
//Add Country
$countryOption = CRM_Core_PseudoConstant::country();
$qf->addElement('select', $elementName, $label, $countryOption, array('size' => '5', 'multiple', 'data-crm-custom' => $dataCrmCustomVal));
if ($useRequired && !$search) {
$qf->addRule($elementName, ts('%1 is a required field.', array(1 => $label)), 'required');
}
break;
case 'RichTextEditor':
$attributes = array('rows' => $field->note_rows, 'cols' => $field->note_columns, 'data-crm-custom' => $dataCrmCustomVal);
if ($field->text_length) {
$attributes['maxlength'] = $field->text_length;
}
$qf->addWysiwyg($elementName, $label, $attributes, $search);
break;
case 'Autocomplete-Select':
$qf->add('text', $elementName, $label, $field->attributes, $useRequired && !$search);
$hiddenEleName = $elementName . '_id';
if (substr($elementName, -1) == ']') {
$hiddenEleName = substr($elementName, 0, -1) . '_id]';
}
$qf->addElement('hidden', $hiddenEleName, '', array('id' => str_replace(array(']', '['), array('', '_'), $hiddenEleName)));
static $customUrls = array();
if ($field->data_type == 'ContactReference') {
//$urlParams = "className=CRM_Contact_Page_AJAX&fnName=getContactList&json=1&reset=1&context=customfield&id={$field->id}";
$urlParams = "context=customfield&id={$field->id}";
$customUrls[$elementName] = CRM_Utils_System::url('civicrm/ajax/contactref', $urlParams, FALSE, NULL, FALSE);
$actualElementValue = $qf->getSubmitValue($hiddenEleName);
$qf->addRule($elementName, ts('Select a valid contact for %1.', array(1 => $label)), 'validContact', $actualElementValue);
} else {
$signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), array('cfid', 'ogid', 'sigts'));
$signParams = array('reset' => 1, 'sigts' => CRM_Utils_Time::getTimeRaw(), 'ogid' => $field->option_group_id, 'cfid' => $field->id);
$signParams['sig'] = $signer->sign($signParams);
$customUrls[$elementName] = CRM_Utils_System::url('civicrm/ajax/auto', $signParams, FALSE, NULL, FALSE);
$qf->addRule($elementName, ts('Select a valid value for %1.', array(1 => $label)), 'autocomplete', array('fieldID' => $field->id, 'optionGroupID' => $field->option_group_id));
}
$qf->assign('customUrls', $customUrls);
break;
}
switch ($field->data_type) {
case 'Int':
// integers will have numeric rule applied to them.
if ($field->is_search_range && $search) {
$qf->addRule($elementName . '_from', ts('%1 From must be an integer (whole number).', array(1 => $label)), 'integer');
$qf->addRule($elementName . '_to', ts('%1 To must be an integer (whole number).', array(1 => $label)), 'integer');
} else {
$qf->addRule($elementName, ts('%1 must be an integer (whole number).', array(1 => $label)), 'integer');
}
break;
case 'Float':
if ($field->is_search_range && $search) {
$qf->addRule($elementName . '_from', ts('%1 From must be a number (with or without decimal point).', array(1 => $label)), 'numeric');
$qf->addRule($elementName . '_to', ts('%1 To must be a number (with or without decimal point).', array(1 => $label)), 'numeric');
} else {
$qf->addRule($elementName, ts('%1 must be a number (with or without decimal point).', array(1 => $label)), 'numeric');
}
break;
case 'Money':
if ($field->is_search_range && $search) {
$qf->addRule($elementName . '_from', ts('%1 From must in proper money format. (decimal point/comma/space is allowed).', array(1 => $label)), 'money');
$qf->addRule($elementName . '_to', ts('%1 To must in proper money format. (decimal point/comma/space is allowed).', array(1 => $label)), 'money');
} else {
$qf->addRule($elementName, ts('%1 must be in proper money format. (decimal point/comma/space is allowed).', array(1 => $label)), 'money');
}
break;
case 'Link':
$qf->add('text', $elementName, $label, array('onfocus' => "if (!this.value) { this.value='http://';} else return false", 'onblur' => "if ( this.value == 'http://') { this.value='';} else return false", 'data-crm-custom' => $dataCrmCustomVal), $useRequired && !$search);
$qf->addRule($elementName, ts('Enter a valid Website.'), 'wikiURL');
break;
}
if ($field->is_view && !$search) {
$qf->freeze($elementName);
}
}
