/**
* Generate a secure signature
*
* {code}
* {crmSigner var=mySig extra=123}
* var urlParams = ts={$mySig.ts}&extra={$mySig.extra}&sig={$mySig.signature}
* {endcode}
*
* @param $params array with keys:
* - var: string, a smarty variable to generate
* - ts: int, the current time (if omitted, autogenerated)
* - any other vars are put into the signature (sorted)
*/
function smarty_function_crmSigner($params, &$smarty)
{
$var = $params['var'];
unset($params['var']);
$params['ts'] = CRM_Utils_Time::getTimeRaw();
$fields = array_keys($params);
sort($fields);
$signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), $fields);
$params['signature'] = $signer->sign($params);
$smarty->assign($var, $params);
}
/**
* Parse the expiration time from a series of HTTP headers.
*
* @param array $headers
* @return int|NULL
* Expiration tme as seconds since epoch, or NULL if not cacheable.
*/
public static function parseExpiration($headers)
{
$headers = CRM_Utils_Array::rekey($headers, function ($k, $v) {
return strtolower($k);
});
if (!empty($headers['cache-control'])) {
$cc = self::parseCacheControl($headers['cache-control']);
if ($cc['max-age'] && is_numeric($cc['max-age'])) {
return CRM_Utils_Time::getTimeRaw() + $cc['max-age'];
}
}
return NULL;
}
/**
* Get the next item, even if there's an active lease
*
* @param $lease_time seconds
*
* @return object with key 'data' that matches the inputted data
*/
function stealItem($lease_time = 3600)
{
$sql = "\n SELECT id, queue_name, submit_time, release_time, data\n FROM civicrm_queue_item\n WHERE queue_name = %1\n ORDER BY weight ASC, release_time ASC, id ASC\n LIMIT 1\n ";
$params = array(1 => array($this->getName(), 'String'));
$dao = CRM_Core_DAO::executeQuery($sql, $params, TRUE, 'CRM_Queue_DAO_QueueItem');
if ($dao->fetch()) {
$nowEpoch = CRM_Utils_Time::getTimeRaw();
CRM_Core_DAO::executeQuery("UPDATE civicrm_queue_item SET release_time = %1 WHERE id = %2", array('1' => array(date('YmdHis', $nowEpoch + $lease_time), 'String'), '2' => array($dao->id, 'Integer')));
$dao->data = unserialize($dao->data);
return $dao;
} else {
CRM_Core_Error::debug_var('no items found');
return FALSE;
}
}
/**
* @param string $file
* Local file path.
* @param string $mimeType
* @param int $ttl
* Time to live (seconds).
*/
protected function download($file, $mimeType, $ttl)
{
if (!file_exists($file)) {
header("HTTP/1.0 404 Not Found");
return;
} elseif (!is_readable($file)) {
header('HTTP/1.0 403 Forbidden');
return;
}
CRM_Utils_System::setHttpHeader('Expires', gmdate('D, d M Y H:i:s \\G\\M\\T', CRM_Utils_Time::getTimeRaw() + $ttl));
CRM_Utils_System::setHttpHeader("Content-Type", $mimeType);
CRM_Utils_System::setHttpHeader("Content-Disposition", "inline; filename=\"" . basename($file) . "\"");
CRM_Utils_System::setHttpHeader("Cache-Control", "max-age={$ttl}, public");
CRM_Utils_System::setHttpHeader('Pragma', 'public');
readfile($file);
}
/**
* @param string $verb
* @param string $url
* @param string $blob
* @param array $headers
* Array of headers (e.g. "Content-type" => "text/plain").
* @return array
* array($headers, $blob, $code)
*/
public function send($verb, $url, $blob, $headers = array())
{
$lowVerb = strtolower($verb);
if ($lowVerb === 'get' && $this->cache) {
$cachePath = 'get/' . md5($url);
$cacheLine = $this->cache->get($cachePath);
if ($cacheLine && $cacheLine['expires'] > CRM_Utils_Time::getTimeRaw()) {
return $cacheLine['data'];
}
}
$result = parent::send($verb, $url, $blob, $headers);
if ($lowVerb === 'get' && $this->cache) {
$expires = CRM_Utils_Http::parseExpiration($result[0]);
if ($expires !== NULL) {
$cachePath = 'get/' . md5($url);
$cacheLine = array('url' => $url, 'expires' => $expires, 'data' => $result);
$this->cache->set($cachePath, $cacheLine);
}
}
return $result;
}
/**
* check the CMS username.
*/
public static function checkUserName()
{
$signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), array('for', 'ts'));
$sig = CRM_Utils_Request::retrieve('sig', 'String', CRM_Core_DAO::$_nullObject);
$for = CRM_Utils_Request::retrieve('for', 'String', CRM_Core_DAO::$_nullObject);
if (CRM_Utils_Time::getTimeRaw() > $_REQUEST['ts'] + self::CHECK_USERNAME_TTL || $for != 'civicrm/ajax/cmsuser' || !$signer->validate($sig, $_REQUEST)) {
$user = array('name' => 'error');
CRM_Utils_JSON::output($user);
}
$config = CRM_Core_Config::singleton();
$username = trim(CRM_Utils_Array::value('cms_name', $_REQUEST));
$params = array('name' => $username);
$errors = array();
$config->userSystem->checkUserNameEmailExists($params, $errors);
if (isset($errors['cms_name']) || isset($errors['name'])) {
//user name is not available
$user = array('name' => 'no');
CRM_Utils_JSON::output($user);
} else {
//user name is available
$user = array('name' => 'yes');
CRM_Utils_JSON::output($user);
}
// Not reachable: JSON::output() above exits.
CRM_Utils_System::civiExit();
}
/**
* @param string $token
* A token supplied by the user.
* @return bool
* TRUE if the token is valid for submitting attachments
* @throws Exception
*/
public static function checkToken($token)
{
list($signature, $ts) = explode(';;;', $token);
$signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), array('for', 'ts'));
if (!is_numeric($ts) || CRM_Utils_Time::getTimeRaw() > $ts + self::ATTACHMENT_TOKEN_TTL) {
return FALSE;
}
return $signer->validate($signature, array('for' => 'crmAttachment', 'ts' => $ts));
}
/**
* First download of new doc is OK.
* The update fails (due to some bad web response).
* The old data is retained in the cache.
* The failure eventually expires.
* A new update succeeds.
*
* @dataProvider badWebResponses
* @param array $badWebResponse
* Description of a web request that returns some kind of failure.
*/
public function testGetDocument_NewOK_UpdateFailure_CacheOK_UpdateOK($badWebResponse)
{
$this->assertNotEmpty($badWebResponse);
// first try, good response
CRM_Utils_Time::setTime('2013-03-01 10:00:00');
$communityMessages = new CRM_Core_CommunityMessages($this->cache, $this->expectOneHttpRequest(self::$webResponses['first-valid-response']));
$doc1 = $communityMessages->getDocument();
$this->assertEquals('<h1>First valid response</h1>', $doc1['messages'][0]['markup']);
$this->assertApproxEquals(strtotime('2013-03-01 10:10:00'), $doc1['expires'], self::APPROX_TIME_EQUALITY);
// second try, $doc1 has expired; bad response; keep old data
CRM_Utils_Time::setTime('2013-03-01 12:00:02');
// more than 2 hours later (DEFAULT_RETRY)
$communityMessages = new CRM_Core_CommunityMessages($this->cache, $this->expectOneHttpRequest($badWebResponse));
$doc2 = $communityMessages->getDocument();
$this->assertEquals('<h1>First valid response</h1>', $doc2['messages'][0]['markup']);
$this->assertTrue($doc2['expires'] > CRM_Utils_Time::getTimeRaw());
// third try, $doc2 hasn't expired yet; no request; keep old data
CRM_Utils_Time::setTime('2013-03-01 12:09:00');
$communityMessages = new CRM_Core_CommunityMessages($this->cache, $this->expectNoHttpRequest());
$doc3 = $communityMessages->getDocument();
$this->assertEquals('<h1>First valid response</h1>', $doc3['messages'][0]['markup']);
$this->assertEquals($doc2['expires'], $doc3['expires']);
// fourth try, $doc2 has expired yet; new request; replace data
CRM_Utils_Time::setTime('2013-03-01 12:10:02');
$communityMessages = new CRM_Core_CommunityMessages($this->cache, $this->expectOneHttpRequest(self::$webResponses['second-valid-response']));
$doc4 = $communityMessages->getDocument();
$this->assertEquals('<h1>Second valid response</h1>', $doc4['messages'][0]['markup']);
$this->assertApproxEquals(strtotime('2013-03-01 12:20:02'), $doc4['expires'], self::APPROX_TIME_EQUALITY);
}
/**
* Get the messages document (either from the cache or by downloading)
*
* @return NULL|array
*/
public function getDocument()
{
$isChanged = FALSE;
$document = $this->cache->get('communityMessages');
if (empty($document) || !is_array($document)) {
$document = array('messages' => array(), 'expires' => 0, 'ttl' => self::DEFAULT_RETRY, 'retry' => self::DEFAULT_RETRY);
$isChanged = TRUE;
}
if ($document['expires'] <= CRM_Utils_Time::getTimeRaw()) {
$newDocument = $this->fetchDocument();
if ($newDocument && $this->validateDocument($newDocument)) {
$document = $newDocument;
$document['expires'] = CRM_Utils_Time::getTimeRaw() + $document['ttl'];
} else {
// keep the old messages for now, try again later
$document['expires'] = CRM_Utils_Time::getTimeRaw() + $document['retry'];
}
$isChanged = TRUE;
}
if ($isChanged) {
$this->cache->set('communityMessages', $document);
}
return $document;
}
/**
*Function to check the CMS username
*
*/
public static function checkUserName()
{
$signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), array('for', 'ts'));
if (CRM_Utils_Time::getTimeRaw() > $_REQUEST['ts'] + self::CHECK_USERNAME_TTL || $_REQUEST['for'] != 'civicrm/ajax/cmsuser' || !$signer->validate($_REQUEST['sig'], $_REQUEST)) {
$user = array('name' => 'error');
echo json_encode($user);
CRM_Utils_System::civiExit();
}
$config = CRM_Core_Config::singleton();
$username = trim($_REQUEST['cms_name']);
$params = array('name' => $username);
$errors = array();
$config->userSystem->checkUserNameEmailExists($params, $errors);
if (isset($errors['cms_name']) || isset($errors['name'])) {
//user name is not availble
$user = array('name' => 'no');
echo json_encode($user);
} else {
//user name is available
$user = array('name' => 'yes');
echo json_encode($user);
}
CRM_Utils_System::civiExit();
}
/**
* Get the next item
*
* @param int|\seconds $leaseTime seconds
*
* @return object with key 'data' that matches the inputted data
*/
function stealItem($leaseTime = 3600)
{
// foreach hits the items in order -- but we short-circuit after the first
foreach ($this->items as $id => $data) {
$nowEpoch = CRM_Utils_Time::getTimeRaw();
$this->releaseTimes[$id] = $nowEpoch + $leaseTime;
$item = new stdClass();
$item->id = $id;
$item->data = unserialize($data);
return $item;
}
// nothing in queue
return FALSE;
}
/**
* This function for building custom fields
*
* @param object $qf form object (reference)
* @param string $elementName name of the custom field
* @param boolean $inactiveNeeded
* @param boolean $userRequired true if required else false
* @param boolean $search true if used for search else false
* @param string $label label for custom field
*
* @access public
* @static
*/
public static function addQuickFormElement(&$qf, $elementName, $fieldId, $inactiveNeeded = FALSE, $useRequired = TRUE, $search = FALSE, $label = NULL)
{
// we use $_POST directly, since we dont want to use session memory, CRM-4677
if (isset($_POST['_qf_Relationship_refresh']) && ($_POST['_qf_Relationship_refresh'] == 'Search' || $_POST['_qf_Relationship_refresh'] == 'Search Again')) {
$useRequired = FALSE;
}
$field = self::getFieldObject($fieldId);
// Custom field HTML should indicate group+field name
$groupName = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_CustomGroup', $field->custom_group_id);
$dataCrmCustomVal = $groupName . ':' . $field->name;
$dataCrmCustomAttr = 'data-crm-custom="' . $dataCrmCustomVal . '"';
$field->attributes .= $dataCrmCustomAttr;
// Fixed for Issue CRM-2183
if ($field->html_type == 'TextArea' && $search) {
$field->html_type = 'Text';
}
if (!isset($label)) {
$label = $field->label;
}
/**
* at some point in time we might want to split the below into small functions
**/
switch ($field->html_type) {
case 'Text':
if ($field->is_search_range && $search) {
$qf->add('text', $elementName . '_from', $label . ' ' . ts('From'), $field->attributes);
$qf->add('text', $elementName . '_to', ts('To'), $field->attributes);
} else {
$element =& $qf->add(strtolower($field->html_type), $elementName, $label, $field->attributes, $useRequired && !$search);
}
break;
case 'TextArea':
$attributes = $dataCrmCustomAttr;
if ($field->note_rows) {
$attributes .= 'rows=' . $field->note_rows;
} else {
$attributes .= 'rows=4';
}
if ($field->note_columns) {
$attributes .= ' cols=' . $field->note_columns;
} else {
$attributes .= ' cols=60';
}
if ($field->text_length) {
$attributes .= ' maxlength=' . $field->text_length;
}
$element =& $qf->add(strtolower($field->html_type), $elementName, $label, $attributes, $useRequired && !$search);
break;
case 'Select Date':
if ($field->is_search_range && $search) {
$qf->addDate($elementName . '_from', $label . ' - ' . ts('From'), FALSE, array('format' => $field->date_format, 'timeFormat' => $field->time_format, 'startOffset' => $field->start_date_years, 'endOffset' => $field->end_date_years, 'data-crm-custom' => $dataCrmCustomVal));
$qf->addDate($elementName . '_to', ts('To'), FALSE, array('format' => $field->date_format, 'timeFormat' => $field->time_format, 'startOffset' => $field->start_date_years, 'endOffset' => $field->end_date_years, 'data-crm-custom' => $dataCrmCustomVal));
} else {
$required = $useRequired && !$search;
$qf->addDate($elementName, $label, $required, array('format' => $field->date_format, 'timeFormat' => $field->time_format, 'startOffset' => $field->start_date_years, 'endOffset' => $field->end_date_years, 'data-crm-custom' => $dataCrmCustomVal));
}
break;
case 'Radio':
$choice = array();
if ($field->data_type != 'Boolean') {
$customOption =& CRM_Core_BAO_CustomOption::valuesByID($field->id, $field->option_group_id);
foreach ($customOption as $v => $l) {
$choice[] = $qf->createElement('radio', NULL, '', $l, (string) $v, $field->attributes);
}
$qf->addGroup($choice, $elementName, $label);
} else {
$choice[] = $qf->createElement('radio', NULL, '', ts('Yes'), '1', $field->attributes);
$choice[] = $qf->createElement('radio', NULL, '', ts('No'), '0', $field->attributes);
$qf->addGroup($choice, $elementName, $label);
}
if ($useRequired && !$search) {
$qf->addRule($elementName, ts('%1 is a required field.', array(1 => $label)), 'required');
}
break;
case 'Select':
$selectOption =& CRM_Core_BAO_CustomOption::valuesByID($field->id, $field->option_group_id);
$qf->add('select', $elementName, $label, array('' => ts('- select -')) + $selectOption, $useRequired && !$search, $dataCrmCustomAttr);
break;
//added for select multiple
//added for select multiple
case 'AdvMulti-Select':
$selectOption =& CRM_Core_BAO_CustomOption::valuesByID($field->id, $field->option_group_id);
if ($search && count($selectOption) > 1) {
$selectOption['CiviCRM_OP_OR'] = ts('Select to match ANY; unselect to match ALL');
}
$include =& $qf->addElement('advmultiselect', $elementName, $label, $selectOption, array('size' => 5, 'style' => '', 'class' => 'advmultiselect', 'data-crm-custom' => $dataCrmCustomVal));
$include->setButtonAttributes('add', array('value' => ts('Add >>')));
$include->setButtonAttributes('remove', array('value' => ts('<< Remove')));
if ($useRequired && !$search) {
$qf->addRule($elementName, ts('%1 is a required field.', array(1 => $label)), 'required');
}
break;
case 'Multi-Select':
$selectOption =& CRM_Core_BAO_CustomOption::valuesByID($field->id, $field->option_group_id);
if ($search && count($selectOption) > 1) {
$selectOption['CiviCRM_OP_OR'] = ts('Select to match ANY; unselect to match ALL');
}
$qf->addElement('select', $elementName, $label, $selectOption, array('size' => '5', 'multiple', 'data-crm-custom' => $dataCrmCustomVal));
if ($useRequired && !$search) {
$qf->addRule($elementName, ts('%1 is a required field.', array(1 => $label)), 'required');
}
break;
case 'CheckBox':
$customOption = CRM_Core_BAO_CustomOption::valuesByID($field->id, $field->option_group_id);
$check = array();
foreach ($customOption as $v => $l) {
$check[] =& $qf->addElement('advcheckbox', $v, NULL, $l, array('data-crm-custom' => $dataCrmCustomVal));
}
if ($search && count($check) > 1) {
$check[] =& $qf->addElement('advcheckbox', 'CiviCRM_OP_OR', NULL, ts('Check to match ANY; uncheck to match ALL'), array('data-crm-custom' => $dataCrmCustomVal));
}
$qf->addGroup($check, $elementName, $label);
if ($useRequired && !$search) {
$qf->addRule($elementName, ts('%1 is a required field.', array(1 => $label)), 'required');
}
break;
case 'File':
// we should not build upload file in search mode
if ($search) {
return;
}
$qf->add(strtolower($field->html_type), $elementName, $label, $field->attributes, $useRequired && !$search);
$qf->addUploadElement($elementName);
break;
case 'Select State/Province':
//Add State
$stateOption = array('' => ts('- select -')) + CRM_Core_PseudoConstant::stateProvince();
$qf->add('select', $elementName, $label, $stateOption, $useRequired && !$search, $dataCrmCustomAttr);
break;
case 'Multi-Select State/Province':
//Add Multi-select State/Province
$stateOption = CRM_Core_PseudoConstant::stateProvince();
$qf->addElement('select', $elementName, $label, $stateOption, array('size' => '5', 'multiple', 'data-crm-custom' => $dataCrmCustomVal));
if ($useRequired && !$search) {
$qf->addRule($elementName, ts('%1 is a required field.', array(1 => $label)), 'required');
}
break;
case 'Select Country':
//Add Country
$countryOption = array('' => ts('- select -')) + CRM_Core_PseudoConstant::country();
$qf->add('select', $elementName, $label, $countryOption, $useRequired && !$search, $dataCrmCustomAttr);
break;
case 'Multi-Select Country':
//Add Country
$countryOption = CRM_Core_PseudoConstant::country();
$qf->addElement('select', $elementName, $label, $countryOption, array('size' => '5', 'multiple', 'data-crm-custom' => $dataCrmCustomVal));
if ($useRequired && !$search) {
$qf->addRule($elementName, ts('%1 is a required field.', array(1 => $label)), 'required');
}
break;
case 'RichTextEditor':
$attributes = array('rows' => $field->note_rows, 'cols' => $field->note_columns, 'data-crm-custom' => $dataCrmCustomVal);
if ($field->text_length) {
$attributes['maxlength'] = $field->text_length;
}
$qf->addWysiwyg($elementName, $label, $attributes, $search);
break;
case 'Autocomplete-Select':
$qf->add('text', $elementName, $label, $field->attributes, $useRequired && !$search);
$hiddenEleName = $elementName . '_id';
if (substr($elementName, -1) == ']') {
$hiddenEleName = substr($elementName, 0, -1) . '_id]';
}
$qf->addElement('hidden', $hiddenEleName, '', array('id' => str_replace(array(']', '['), array('', '_'), $hiddenEleName)));
static $customUrls = array();
if ($field->data_type == 'ContactReference') {
//$urlParams = "className=CRM_Contact_Page_AJAX&fnName=getContactList&json=1&reset=1&context=customfield&id={$field->id}";
$urlParams = "context=customfield&id={$field->id}";
$customUrls[$elementName] = CRM_Utils_System::url('civicrm/ajax/contactref', $urlParams, FALSE, NULL, FALSE);
$actualElementValue = $qf->getSubmitValue($hiddenEleName);
$qf->addRule($elementName, ts('Select a valid contact for %1.', array(1 => $label)), 'validContact', $actualElementValue);
} else {
$signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), array('cfid', 'ogid', 'sigts'));
$signParams = array('reset' => 1, 'sigts' => CRM_Utils_Time::getTimeRaw(), 'ogid' => $field->option_group_id, 'cfid' => $field->id);
$signParams['sig'] = $signer->sign($signParams);
$customUrls[$elementName] = CRM_Utils_System::url('civicrm/ajax/auto', $signParams, FALSE, NULL, FALSE);
$qf->addRule($elementName, ts('Select a valid value for %1.', array(1 => $label)), 'autocomplete', array('fieldID' => $field->id, 'optionGroupID' => $field->option_group_id));
}
$qf->assign('customUrls', $customUrls);
break;
}
switch ($field->data_type) {
case 'Int':
// integers will have numeric rule applied to them.
if ($field->is_search_range && $search) {
$qf->addRule($elementName . '_from', ts('%1 From must be an integer (whole number).', array(1 => $label)), 'integer');
$qf->addRule($elementName . '_to', ts('%1 To must be an integer (whole number).', array(1 => $label)), 'integer');
} else {
$qf->addRule($elementName, ts('%1 must be an integer (whole number).', array(1 => $label)), 'integer');
}
break;
case 'Float':
if ($field->is_search_range && $search) {
$qf->addRule($elementName . '_from', ts('%1 From must be a number (with or without decimal point).', array(1 => $label)), 'numeric');
$qf->addRule($elementName . '_to', ts('%1 To must be a number (with or without decimal point).', array(1 => $label)), 'numeric');
} else {
$qf->addRule($elementName, ts('%1 must be a number (with or without decimal point).', array(1 => $label)), 'numeric');
}
break;
case 'Money':
if ($field->is_search_range && $search) {
$qf->addRule($elementName . '_from', ts('%1 From must in proper money format. (decimal point/comma/space is allowed).', array(1 => $label)), 'money');
$qf->addRule($elementName . '_to', ts('%1 To must in proper money format. (decimal point/comma/space is allowed).', array(1 => $label)), 'money');
} else {
$qf->addRule($elementName, ts('%1 must be in proper money format. (decimal point/comma/space is allowed).', array(1 => $label)), 'money');
}
break;
case 'Link':
$qf->add('text', $elementName, $label, array('onfocus' => "if (!this.value) { this.value='http://';} else return false", 'onblur' => "if ( this.value == 'http://') { this.value='';} else return false", 'data-crm-custom' => $dataCrmCustomVal), $useRequired && !$search);
$qf->addRule($elementName, ts('Enter a valid Website.'), 'wikiURL');
break;
}
if ($field->is_view && !$search) {
$qf->freeze($elementName);
}
}
