public function __construct($message = null, $code = 0)
{
parent::__construct($message, $code);
Vtiger_Session::init();
$request = new Vtiger_Request($_REQUEST);
$dbLog = PearDatabase::getInstance('log');
$userName = Vtiger_Session::get('full_user_name');
$dbLog->insert('o_yf_access_for_api', ['username' => empty($userName) ? '-' : $userName, 'date' => date('Y-m-d H:i:s'), 'ip' => Vtiger_Functions::getRemoteIP(), 'url' => Vtiger_Functions::getBrowserInfo()->url, 'agent' => $_SERVER['HTTP_USER_AGENT'], 'request' => json_encode($_REQUEST)]);
}
function setHeaders()
{
$browser = Vtiger_Functions::getBrowserInfo();
header("Expires: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
if ($browser->ie && $browser->https) {
header('Pragma: private');
header("Cache-Control: private, must-revalidate");
} else {
header("Cache-Control: private, no-cache, no-store, must-revalidate, post-check=0, pre-check=0");
header("Pragma: no-cache");
}
}
function process(Vtiger_Request $request)
{
vglobal('log', LoggerManager::getLogger('System'));
Vtiger_Session::init();
$forceSSL = vglobal('forceSSL');
if ($forceSSL && !Vtiger_Functions::getBrowserInfo()->https) {
header("Location: https://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}");
}
// Better place this here as session get initiated
//skipping the csrf checking for the forgot(reset) password
$csrfProtection = vglobal('csrfProtection');
if ($csrfProtection) {
if ($request->get('mode') != 'reset' && $request->get('action') != 'Login') {
require_once 'libraries/csrf-magic/csrf-magic.php';
}
require_once 'config/csrf_config.php';
}
// TODO - Get rid of global variable $current_user
// common utils api called, depend on this variable right now
$currentUser = $this->getLogin();
vglobal('current_user', $currentUser);
$currentLanguage = Vtiger_Language_Handler::getLanguage();
vglobal('current_language', $currentLanguage);
$module = $request->getModule();
$qualifiedModuleName = $request->getModule(false);
if ($currentUser && $qualifiedModuleName) {
$moduleLanguageStrings = Vtiger_Language_Handler::getModuleStringsFromFile($currentLanguage, $qualifiedModuleName);
vglobal('mod_strings', $moduleLanguageStrings['languageStrings']);
}
if ($currentUser) {
$moduleLanguageStrings = Vtiger_Language_Handler::getModuleStringsFromFile($currentLanguage);
vglobal('app_strings', $moduleLanguageStrings['languageStrings']);
}
$view = $request->get('view');
$action = $request->get('action');
$response = false;
try {
if ($this->isInstalled() === false && $module != 'Install') {
header('Location:install/Install.php');
exit;
}
if (empty($module)) {
if ($this->hasLogin()) {
$defaultModule = vglobal('default_module');
if (!empty($defaultModule) && $defaultModule != 'Home') {
$module = $defaultModule;
$qualifiedModuleName = $defaultModule;
$view = 'List';
if ($module == 'Calendar') {
// To load MyCalendar instead of list view for calendar
//TODO: see if it has to enhanced and get the default view from module model
$view = 'Calendar';
}
} else {
$module = 'Home';
$qualifiedModuleName = 'Home';
$view = 'DashBoard';
}
} else {
$module = 'Users';
$qualifiedModuleName = 'Settings:Users';
$view = 'Login';
}
$request->set('module', $module);
$request->set('view', $view);
}
if (!empty($action)) {
$componentType = 'Action';
$componentName = $action;
} else {
$componentType = 'View';
if (empty($view)) {
$view = 'Index';
}
$componentName = $view;
}
$handlerClass = Vtiger_Loader::getComponentClassName($componentType, $componentName, $qualifiedModuleName);
$handler = new $handlerClass();
if ($handler) {
vglobal('currentModule', $module);
$csrfProtection = vglobal('csrfProtection');
if ($csrfProtection) {
// Ensure handler validates the request
$handler->validateRequest($request);
}
if ($handler->loginRequired()) {
$this->checkLogin($request);
}
//TODO : Need to review the design as there can potential security threat
$skipList = array('Users', 'Home', 'CustomView', 'Import', 'Export', 'Inventory', 'Vtiger', 'PriceBooks', 'Migration', 'Install');
if (!in_array($module, $skipList) && stripos($qualifiedModuleName, 'Settings') === false) {
$this->triggerCheckPermission($handler, $request);
}
// Every settings page handler should implement this method
if (stripos($qualifiedModuleName, 'Settings') === 0 || $module == 'Users') {
$handler->checkPermission($request);
}
$notPermittedModules = array('ModComments', 'Integration', 'DashBoard');
if (in_array($module, $notPermittedModules) && $view == 'List') {
header('Location:index.php?module=Home&view=DashBoard');
}
$this->triggerPreProcess($handler, $request);
$response = $handler->process($request);
$this->triggerPostProcess($handler, $request);
} else {
throw new AppException(vtranslate('LBL_HANDLER_NOT_FOUND'));
}
} catch (Exception $e) {
if ($view) {
// Log for developement.
error_log($e->getTraceAsString(), E_NOTICE);
Vtiger_Functions::throwNewException($e->getMessage());
} else {
$response = new Vtiger_Response();
$response->setEmitType(Vtiger_Response::$EMIT_JSON);
$response->setError($e->getMessage());
//Vtiger_Functions::throwNewException($e->getMessage());
}
}
if ($response) {
$response->emit();
}
}
public static function throwNoPermittedException($message, $die = true)
{
$request = new Vtiger_Request($_REQUEST);
$db = PearDatabase::getInstance();
$currentUser = Users_Record_Model::getCurrentUserModel();
$db->insert('s_yf_accesstorecord', ['username' => $currentUser->getDisplayName(), 'date' => date('Y-m-d H:i:s'), 'ip' => self::getRemoteIP(), 'record' => $request->get('record'), 'module' => $request->get('module'), 'url' => Vtiger_Functions::getBrowserInfo()->url, 'description' => '', 'agent' => $_SERVER['HTTP_USER_AGENT']]);
if ($request->isAjax()) {
$response = new Vtiger_Response();
$response->setEmitType(Vtiger_Response::$EMIT_JSON);
$response->setError($message);
$response->emit();
} else {
$viewer = new Vtiger_Viewer();
$viewer->assign('MESSAGE', $message);
$viewer->view('NoPermissionsForRecord.tpl', 'Vtiger');
}
if ($die) {
exit;
}
}
