public function __construct($message = null, $code = 0) { parent::__construct($message, $code); Vtiger_Session::init(); $request = new Vtiger_Request($_REQUEST); $dbLog = PearDatabase::getInstance('log'); $userName = Vtiger_Session::get('full_user_name'); $dbLog->insert('o_yf_access_for_api', ['username' => empty($userName) ? '-' : $userName, 'date' => date('Y-m-d H:i:s'), 'ip' => Vtiger_Functions::getRemoteIP(), 'url' => Vtiger_Functions::getBrowserInfo()->url, 'agent' => $_SERVER['HTTP_USER_AGENT'], 'request' => json_encode($_REQUEST)]); }
function setHeaders() { $browser = Vtiger_Functions::getBrowserInfo(); header("Expires: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); if ($browser->ie && $browser->https) { header('Pragma: private'); header("Cache-Control: private, must-revalidate"); } else { header("Cache-Control: private, no-cache, no-store, must-revalidate, post-check=0, pre-check=0"); header("Pragma: no-cache"); } }
function process(Vtiger_Request $request) { vglobal('log', LoggerManager::getLogger('System')); Vtiger_Session::init(); $forceSSL = vglobal('forceSSL'); if ($forceSSL && !Vtiger_Functions::getBrowserInfo()->https) { header("Location: https://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}"); } // Better place this here as session get initiated //skipping the csrf checking for the forgot(reset) password $csrfProtection = vglobal('csrfProtection'); if ($csrfProtection) { if ($request->get('mode') != 'reset' && $request->get('action') != 'Login') { require_once 'libraries/csrf-magic/csrf-magic.php'; } require_once 'config/csrf_config.php'; } // TODO - Get rid of global variable $current_user // common utils api called, depend on this variable right now $currentUser = $this->getLogin(); vglobal('current_user', $currentUser); $currentLanguage = Vtiger_Language_Handler::getLanguage(); vglobal('current_language', $currentLanguage); $module = $request->getModule(); $qualifiedModuleName = $request->getModule(false); if ($currentUser && $qualifiedModuleName) { $moduleLanguageStrings = Vtiger_Language_Handler::getModuleStringsFromFile($currentLanguage, $qualifiedModuleName); vglobal('mod_strings', $moduleLanguageStrings['languageStrings']); } if ($currentUser) { $moduleLanguageStrings = Vtiger_Language_Handler::getModuleStringsFromFile($currentLanguage); vglobal('app_strings', $moduleLanguageStrings['languageStrings']); } $view = $request->get('view'); $action = $request->get('action'); $response = false; try { if ($this->isInstalled() === false && $module != 'Install') { header('Location:install/Install.php'); exit; } if (empty($module)) { if ($this->hasLogin()) { $defaultModule = vglobal('default_module'); if (!empty($defaultModule) && $defaultModule != 'Home') { $module = $defaultModule; $qualifiedModuleName = $defaultModule; $view = 'List'; if ($module == 'Calendar') { // To load MyCalendar instead of list view for calendar //TODO: see if it has to enhanced and get the default view from module model $view = 'Calendar'; } } else { $module = 'Home'; $qualifiedModuleName = 'Home'; $view = 'DashBoard'; } } else { $module = 'Users'; $qualifiedModuleName = 'Settings:Users'; $view = 'Login'; } $request->set('module', $module); $request->set('view', $view); } if (!empty($action)) { $componentType = 'Action'; $componentName = $action; } else { $componentType = 'View'; if (empty($view)) { $view = 'Index'; } $componentName = $view; } $handlerClass = Vtiger_Loader::getComponentClassName($componentType, $componentName, $qualifiedModuleName); $handler = new $handlerClass(); if ($handler) { vglobal('currentModule', $module); $csrfProtection = vglobal('csrfProtection'); if ($csrfProtection) { // Ensure handler validates the request $handler->validateRequest($request); } if ($handler->loginRequired()) { $this->checkLogin($request); } //TODO : Need to review the design as there can potential security threat $skipList = array('Users', 'Home', 'CustomView', 'Import', 'Export', 'Inventory', 'Vtiger', 'PriceBooks', 'Migration', 'Install'); if (!in_array($module, $skipList) && stripos($qualifiedModuleName, 'Settings') === false) { $this->triggerCheckPermission($handler, $request); } // Every settings page handler should implement this method if (stripos($qualifiedModuleName, 'Settings') === 0 || $module == 'Users') { $handler->checkPermission($request); } $notPermittedModules = array('ModComments', 'Integration', 'DashBoard'); if (in_array($module, $notPermittedModules) && $view == 'List') { header('Location:index.php?module=Home&view=DashBoard'); } $this->triggerPreProcess($handler, $request); $response = $handler->process($request); $this->triggerPostProcess($handler, $request); } else { throw new AppException(vtranslate('LBL_HANDLER_NOT_FOUND')); } } catch (Exception $e) { if ($view) { // Log for developement. error_log($e->getTraceAsString(), E_NOTICE); Vtiger_Functions::throwNewException($e->getMessage()); } else { $response = new Vtiger_Response(); $response->setEmitType(Vtiger_Response::$EMIT_JSON); $response->setError($e->getMessage()); //Vtiger_Functions::throwNewException($e->getMessage()); } } if ($response) { $response->emit(); } }
public static function throwNoPermittedException($message, $die = true) { $request = new Vtiger_Request($_REQUEST); $db = PearDatabase::getInstance(); $currentUser = Users_Record_Model::getCurrentUserModel(); $db->insert('s_yf_accesstorecord', ['username' => $currentUser->getDisplayName(), 'date' => date('Y-m-d H:i:s'), 'ip' => self::getRemoteIP(), 'record' => $request->get('record'), 'module' => $request->get('module'), 'url' => Vtiger_Functions::getBrowserInfo()->url, 'description' => '', 'agent' => $_SERVER['HTTP_USER_AGENT']]); if ($request->isAjax()) { $response = new Vtiger_Response(); $response->setEmitType(Vtiger_Response::$EMIT_JSON); $response->setError($message); $response->emit(); } else { $viewer = new Vtiger_Viewer(); $viewer->assign('MESSAGE', $message); $viewer->view('NoPermissionsForRecord.tpl', 'Vtiger'); } if ($die) { exit; } }