function edit_POST(Web $w)
{
$p = $w->pathMatch("id");
$processor_id = $p["id"];
// Break the selected processor up into module and class
$processor_class = $w->request("processor_class");
$processor_expl = explode(".", $processor_class);
// Make sure we only have two values
if (count($processor_expl) !== 2) {
$w->error("Missing Processor values", "/channels/listprocessors");
exit;
}
// make sure the selected class exists in config
if (!in_array($processor_expl[1], $w->moduleConf($processor_expl[0], "processors"))) {
$w->error("Could not find processor in config", "/channels/listprocessors");
exit;
}
$processor_object = $processor_id ? $w->Channel->getProcessor($processor_id) : new ChannelProcessor($w);
$processor_object->fill($_POST);
$processor_object->channel_id = $w->request("channel_id");
$processor_object->module = $processor_expl[0];
$processor_object->class = $processor_expl[1];
$processor_object->insertOrUpdate();
$w->msg("Processor " . ($processor_id ? "updated" : "created"), "/channels/listprocessors");
}
/**
* updates or removes favorited item
*
* @author Steve Ryan, steve@2pisystems.com, 2015
**/
function ajaxEditFavorites_ALL(Web $w)
{
$id = $w->request("id");
$class = $w->request("class");
$user = $w->Auth->user();
$cmd = $w->request("cmd");
if (!empty($id) && !empty($class) && !empty($user) && !empty($cmd)) {
if ($cmd == "add") {
$favorite = new Favorite($w);
$favorite->object_class = $class;
$favorite->object_id = $id;
$favorite->user_id = $user->id;
$favorite->insertOrUpdate();
echo $w->Favorite->getFavoriteButton($id, $class);
} else {
if ($cmd == "remove") {
$favorite = $w->Favorite->getDataByObject($id, $class);
if (get_class($favorite) == "Favorite" && $favorite->id > 0) {
$favorite->delete();
}
echo $w->Favorite->getFavoriteButton($id, $class);
} else {
echo "Invalid request";
}
}
} else {
echo "Invalid request";
}
}
function token_GET(Web &$w)
{
$w->setLayout(null);
$username = $w->request("username");
$password = $w->request("password");
$api = $w->request("api");
$w->out($w->Rest->getTokenJson($username, $password, $api));
}
function results_GET(Web $w)
{
$response = array("success" => true, "data" => "");
$w->setLayout(null);
$q = $w->request('q');
// query
$idx = $w->request('idx');
// index
$p = $w->request('p');
// page
$ps = $w->request('ps');
// pageSize
$tr = $w->request('tr');
// total results
if ($q && strlen($q) >= 3) {
$results = $w->Search->getResults($q, $idx, $p, $ps);
if (empty($p) && empty($ps) && empty($tr)) {
$buffer = "";
if (!empty($results[0])) {
// Group results by class_name
$filter_results = array();
foreach ($results[0] as $res) {
$searchobject = $w->Search->getObject($res['class_name'], $res['object_id']);
if (!empty($searchobject)) {
$filter_results[$res['class_name']][] = $searchobject;
}
}
foreach ($filter_results as $class => $objects) {
// Transform class into readable text
$t_class = preg_replace('/(?<=\\w)(?=[A-Z])/', " \$1", $class);
$buffer .= "<div class='row search-class'><h4 style='padding-top: 10px; font-weight: lighter;'>{$t_class}</h4>";
if (!empty($objects)) {
foreach ($objects as $object) {
if ($object->canList($w->Auth->user())) {
$buffer .= '<div class="panel search-result">';
if ($object->canView($w->Auth->user())) {
$buffer .= "<a class=\"row search-title\" href=\"" . $w->localUrl($object->printSearchUrl()) . "\">{$object->printSearchTitle()}</a>" . "<div class=\"row search-listing\">{$object->printSearchListing()}</div>";
} else {
$buffer .= "<div class=\"small-12 columns search-title\">{$object->printSearchTitle()}</div><div class=\"row search-listing\">(restricted)</div>";
}
$buffer .= "</div>";
}
}
}
$buffer .= "</div>";
}
}
$response["data"] = $buffer;
}
} else {
$response["success"] = false;
$response["data"] = "Please enter at least 3 characters for searching.";
}
echo json_encode($response);
}
function ajaxSaveComment_POST(Web $w)
{
$p = $w->pathMatch('parent_id');
$comment = new Comment($w);
$comment->obj_table = "comment";
$comment->obj_id = $p['parent_id'];
$comment->comment = strip_tags($w->request('comment'));
$comment->insert();
$w->setLayout(null);
echo $w->partial("displaycomment", array("object" => $comment, 'redirect' => $w->request('redirect')), "admin");
}
function thumb_GET(Web &$w)
{
$filename = str_replace("..", "", FILE_ROOT . $w->getPath());
if (is_file($filename)) {
$width = $w->request("w", FileService::$_thumb_width);
$height = $w->request("h", FileService::$_thumb_height);
require_once 'phpthumb/ThumbLib.inc.php';
$thumb = PhpThumbFactory::create($filename);
$thumb->adaptiveResize($width, $height);
header("Content-Type: image/png");
$thumb->show();
exit;
}
}
function taskAjaxPrioritytoStatus_ALL(Web &$w)
{
$status = array();
// split query string into proirity, type, group and assignee
list($priority, $type, $group, $assignee) = preg_split('/_/', $w->request('id'));
// organise criteria
$who = $assignee != "" ? $assignee : null;
$where = "";
if ($group != "") {
$where .= "task_group_id = " . $group . " and ";
}
if ($type != "") {
$where .= "task_type = '" . $type . "' and ";
}
if ($priority != "") {
$where .= "priority = '" . $priority . "' and ";
}
$where .= "is_closed = 0";
// get statuses from available tasks
$tasks = $w->Task->getTasks($who, $where);
if ($tasks) {
foreach ($tasks as $task) {
if (!array_key_exists($task->status, $status)) {
$status[$task->status] = array($task->status, $task->status);
}
}
}
if (!$status) {
$status = array(array("No assigned Tasks", ""));
}
// load status dropdown and return
$status = Html::select("status", $status, null);
$w->setLayout(null);
$w->out(json_encode($status));
}
function taskAjaxTypetoPriority_ALL(Web &$w)
{
$priority = array();
// split the query string into type, group and assignee
list($type, $group, $assignee) = preg_split('/_/', $w->request('id'));
// organise criteria
$who = $assignee != "" ? $assignee : null;
$where = "";
if ($group != "") {
$where .= "task_group_id = " . $group . " and ";
}
if ($type != "") {
$where .= "task_type = '" . $type . "' and ";
}
$where .= "is_closed = 0";
// get priorities from available task list
$tasks = $w->Task->getTasks($who, $where);
if ($tasks) {
foreach ($tasks as $task) {
if (!array_key_exists($task->priority, $priority)) {
$priority[$task->priority] = array($task->priority, $task->priority);
}
}
}
if (!$priority) {
$priority = array(array("No assigned Tasks", ""));
}
// load priority dropdown and return
$priority = Html::select("tpriority", $priority, null);
$w->setLayout(null);
$w->out(json_encode($priority));
}
function get_GET(Web &$w)
{
$w->setLayout(null);
$p = $w->pathMatch("classname", "id");
$token = $w->request("token");
$w->out($w->Rest->getJson($p['classname'], $p['id'], $token));
}
function reportAjaxCategorytoType_ALL(Web $w)
{
$type = array();
list($category, $module) = preg_split('/_/', $w->request('id'));
// organise criteria
$who = $w->session('user_id');
$where = array();
if (!empty($module)) {
$where['report.module'] = $module;
}
if (!empty($category)) {
$where['report.category'] = $category;
}
// get report categories from available report list
$reports = $w->Report->getReportsbyUserWhere($who, $where);
if ($reports) {
foreach ($reports as $report) {
$arrtype = preg_split("/,/", $report->sqltype);
foreach ($arrtype as $rtype) {
$rtype = trim($rtype);
if (!array_key_exists(strtolower($rtype), $type)) {
$type[strtolower($rtype)] = array(strtolower($rtype), strtolower($rtype));
}
}
}
}
if (empty($type)) {
$type = array(array("No Reports", ""));
}
$w->setLayout(null);
$w->out(json_encode(Html::select("type", $type)));
}
function attachForm_POST(Web $w)
{
$p = $w->pathMatch("id");
// get relevant task
$task = $w->Task->getTask($p['id']);
// if task exists get REQUEST and FILE object for insert into attachment database against this task
if ($task) {
$description = $w->request('description');
if ($_FILES['form']['size'] > 0) {
$filename = strtolower($_FILES['form']['name']);
$parts = explode(".", $filename);
$n = count($parts) - 1;
$ext = $parts[$n];
$attach = $w->File->uploadAttachment("form", $task, null, $description);
if (!$attach) {
$message = "There was an error. The document could not be saved.";
} else {
$message = "The Document has been uploaded.";
}
}
// create comment
$comm = new TaskComment($w);
$comm->obj_table = $task->getDbTableName();
$comm->obj_id = $task->id;
$comm->comment = "File Uploaded: " . $filename;
$comm->insert();
// add to context for notifications post listener
$w->ctx("TaskComment", $comm);
$w->ctx("TaskEvent", "task_documents");
}
// return
$w->msg($message, "/task/edit/" . $task->id . "#attachments");
}
function taskAjaxGrouptoType_ALL(Web &$w)
{
$types = array();
// split query string into group and assignee
list($group, $assignee) = preg_split('/_/', $w->request('id'));
// organise criteria
$who = $assignee != "" ? $assignee : null;
$where = "";
if ($group != "") {
$where .= "task_group_id = " . $group . " and ";
}
$where .= "is_closed = 0";
// get task types from available task list
$tasks = $w->Task->getTasks($who, $where);
if ($tasks) {
foreach ($tasks as $task) {
if (!array_key_exists($task->task_type, $types)) {
$types[$task->task_type] = array($task->getTypeTitle(), $task->task_type);
}
}
}
if (!$types) {
$types = array(array("No assigned Tasks", ""));
}
// load type dropdown and return
$tasktypes = Html::select("tasktypes", $types, null);
$w->setLayout(null);
$w->out(json_encode($tasktypes));
}
function reportAjaxModuletoCategory_ALL(Web $w)
{
$category = array();
$module = $w->request('id');
// organise criteria
$who = $w->session('user_id');
$where = array();
if ($module != "") {
$where['report.module'] = $module;
}
// get report categories from available report list
$reports = $w->Report->getReportsbyUserWhere($who, $where);
if ($reports) {
foreach ($reports as $report) {
if (!array_key_exists($report->category, $category)) {
$category[$report->category] = array($report->getCategoryTitle(), $report->category);
}
}
}
if (!$category) {
$category = array(array("No Reports", ""));
}
// load Category dropdown and return
$category = Html::select("category", $category);
$w->setLayout(null);
$w->out(json_encode($category));
}
/**
* perform a signed oauth request
* @param string $url request url
* @param string $method method type
* @param array $params additional params
* @param null $type storage type [sandbox|dropbox]
* @param null $file full file pathname
* @param null $content file content
* @return bool
*/
protected function doOAuthCall($url, $method, $params = null, $type = NULL, $file = NULL, $content = NULL)
{
if (is_null($params)) {
$params = array();
}
$method = strtoupper($method);
$options = array('method' => $method);
if ($method == 'GET') {
if ($file) {
$url .= $type . '/' . $file;
}
$url .= '?' . http_build_query($this->authParams + $params);
} elseif ($method == 'POST') {
$params = $this->authParams + $params + array('root' => $type);
$options['content'] = http_build_query($params);
} elseif ($method == 'PUT') {
$url .= $type . '/' . $file . '?' . http_build_query($this->authParams + $params);
$options['content'] = $content;
$options['header'] = array('Content-Type: application/octet-stream');
} else {
trigger_error(sprintf(self::E_METHODNOTSUPPORTED, $method));
return false;
}
return $this->web->request($url, $options);
}
function ajax_getwidgetnames_GET(Web $w)
{
$module = $w->request("source");
if (!empty($module)) {
$names = $w->Widget->getWidgetNamesForModule($module);
echo json_encode($names);
}
}
function index_ALL(Web &$w)
{
// $w->out(print_r($w->Search->getIndexes(),true));
$w->ctx("indexes", $w->Search->getIndexes());
if ($w->request("isbox") !== NULL) {
$w->setLayout(null);
}
}
function edit_POST(Web $w)
{
$p = $w->pathMatch("id");
$group = !empty($p['id']) ? $w->Auth->getUser($p['group_id']) : new User($w);
$group->login = $w->request('title');
$group->is_group = 1;
$group->insertOrUpdate();
$w->msg("Group " . (!empty($p['id']) ? "updated" : "created"), "/admin-groups/show/{$group->id}");
}
function resetpassword_POST(Web $w)
{
$email = $w->request('email');
// email
$token = $w->request('token');
// token
$password = $w->request('password');
// password
$password_confirm = $w->request('password_confirm');
if ($password !== $password_confirm) {
$w->error("Passwords do not match", "/auth/resetpassword?email={$email}&token={$token}");
return;
}
$user = $w->Auth->getUserForToken($token);
//getObject("User", array("password_reset_token", $token));
$validData = false;
if (!empty($user->id)) {
// Check that the password reset hasn't expired
if (time() - strtotime($user->dt_password_reset_at) < 0) {
$w->msg("Your token has expired (max 24 hours), please submit for a new one", "/admin/forgotpassword");
return;
}
$user_contact = $user->getContact();
if (!empty($user_contact)) {
if ($user_contact->email == $email) {
$user->setPassword($password);
$user->password_reset_token = null;
$user->dt_password_reset_at = null;
$user->update(true);
// Precautionary logout
if ($w->Auth->loggedIn()) {
$w->sessionDestroy();
}
$validData = true;
}
}
}
if (!$validData) {
$w->Log->warn("Password reset attempt failed with email: {$email}, token: {$token}");
$w->out("Invalid email or token, this incident has been logged");
} else {
$w->msg("Your password has been reset", "/auth/login");
}
}
function comment_POST(Web $w)
{
$p = $w->pathMatch("comment_id", "tablename", "object_id");
$comment_id = intval($p["comment_id"]);
$comment = $comment_id > 0 ? $w->Comment->getComment($comment_id) : new Comment($w);
if ($comment === null) {
$comment = new Comment($w);
}
$comment->obj_table = $p["tablename"];
$comment->obj_id = $p["object_id"];
$comment->comment = strip_tags($w->request("comment"));
$comment->insertOrUpdate();
$redirectUrl = $w->request("redirect_url");
if (!empty($redirectUrl)) {
$w->msg("Comment saved", urldecode($redirectUrl));
} else {
$w->msg("Comment saved", $w->localUrl($_SERVER["REQUEST_URI"]));
}
}
function list_GET(Web &$w)
{
$w->setLayout(null);
$p = $w->pathMatch("classname", "where_key", "where_val");
$token = $w->request("token");
if ($p['where_key'] && $p['where_val']) {
$where = array($p['where_key'] => $p['where_val']);
} else {
$where = null;
}
$w->out($w->Rest->listJson($p['classname'], $where, $token));
}
function edit_POST(Web $w)
{
$p = $w->pathMatch("id");
$t = $p["id"] ? $w->Template->getTemplate($p['id']) : new Template($w);
$t->fill($_POST);
// Set is active if saving is originating from the first page
if (isset($_POST["title"]) && isset($_POST["module"]) && isset($_POST["category"])) {
$t->is_active = intval($w->request("is_active"));
}
$t->insertOrUpdate();
$w->msg("Template saved", "/admin-templates/edit/" . $t->id);
}
function attach_POST(Web &$w)
{
$table = $w->request('table');
$id = $w->request('id');
$title = $w->request('title');
$description = $w->request('description');
$type_code = $w->request('type_code');
$url = str_replace(" ", "/", $w->request('url'));
$object = $w->Auth->getObject($table, $id);
if (!$object) {
$w->error("Nothing to attach to.", $url);
}
$aid = $w->service("File")->uploadAttachment("file", $object, $title, $description, $type_code);
if ($aid) {
$w->ctx('attach_id', $aid);
$w->ctx('attach_table', $table);
$w->ctx('attach_table_id', $id);
$w->ctx('attach_title', $title);
$w->ctx('attach_description', $description);
$w->ctx('attach_type_code', $type_code);
$w->msg("File attached.", $url);
} else {
$w->error("There was an error. Attachment could not be saved.", $url);
}
}
function deletecomment_ALL(Web &$w)
{
$p = $w->pathMatch("id");
$comment_id = intval($p["id"]);
if (!empty($comment_id)) {
$comment = $w->Comment->getComment($comment_id);
if (!empty($comment)) {
$comment->delete();
}
}
$redirectUrl = $w->request("redirect_url");
$w->msg("Comment deleted.", !empty($redirectUrl) ? $redirectUrl : $_SERVER["REQUEST_URI"]);
}
function groupmember_POST(Web $w)
{
$p = $w->pathMatch("group_id");
$member_id = $w->request('member_id');
$group_id = $p['group_id'];
$is_owner = $w->request('is_owner');
$exceptions = array();
// store all parent groups in session
$groupUsers = $w->Auth->getUser($group_id)->isInGroups();
if ($groupUsers) {
foreach ($groupUsers as $groupUser) {
$groupUser->getParents();
}
}
// add member to the group only if it isn't already in there
// this logic should move to the model!
$existUser = $w->Auth->getUser($member_id)->isInGroups($group_id);
if (!$existUser) {
if (!$w->session('parents') || !in_array($member_id, $w->session('parents'))) {
$groupMember = new GroupUser($w);
$groupMember->group_id = $group_id;
$groupMember->user_id = $member_id;
$groupMember->role = $is_owner && $is_owner == 1 ? "owner" : "member";
$groupMember->insert();
}
if ($w->session('parents') && in_array($member_id, $w->session('parents'))) {
$exceptions[] = $w->Auth->getUser($member_id)->login;
}
} else {
$user = $existUser[0]->getUser();
$exceptions[] = $user->is_group == 1 ? $user->login : $user->getContact()->getFullName();
}
$w->sessionUnset('parents');
if (!empty($exceptions)) {
$w->error(implode(", ", $exceptions) . " can not be added!", "/admin/moreInfo/" . $group_id);
} else {
$w->msg("New members are added!", "/admin/moreInfo/" . $group_id);
}
}
function ajax_getfolderlist_ALL(Web $w)
{
$emailchannel = new EmailChannelOption($w);
$emailchannel->server = urldecode($w->request("server"));
$emailchannel->s_username = urldecode($w->request("s_username"));
$emailchannel->s_password = urldecode($w->request("s_password"));
$emailchannel->use_auth = $w->request("use_auth");
$folders = $emailchannel->getFolderList(false);
$response = array("success" => false, "response" => "");
if (!empty($folders)) {
if (is_array($folders)) {
// echo json_encode($folders);
$response["success"] = true;
$response["response"] = $folders;
} else {
if (is_string($folders)) {
$response["response"] = $folders;
} else {
$response["response"] = "Folders not found (maybe a misconfiguration?)";
}
}
}
echo json_encode($response);
}
function forgotpassword_POST(Web $w)
{
$support_email = Config::get('main.company_support_email');
if (empty($support_email)) {
$w->Log->error("Cannot send recovery email. This site has not been configured with a default email address. Th project config needs a main.company_support_email record.");
$w->error("Cannot send recovery email. This site has not been configured with a default email address", "/auth/login");
}
$login = $w->request("login");
$user = $w->Auth->getUserForLogin($login);
$responseString = "If this account exists then a password reset email has been just sent to the associated email address.";
// For someone trying to gain access to a system, this is one of the
// easiest ways to find a valid login, using the security through obscurity
// principle, we dont tell them if it was a valid user or not, and we can log if they get it wrong
// Note the previous message was "Could not find your account"
if (!$user) {
$w->msg($responseString, "/auth/login");
}
$user_contact = $user->getContact();
// Generate password reset token
// We can use the cstrong to check that a cryptographically secure token was generated
$token = sha1(openssl_random_pseudo_bytes(40, $cstrong));
$user->password_reset_token = $token;
$user->dt_password_reset_at = $user->time2Dt();
$user->update();
// Send email
$message = "Hello {$user->getFullName()},\n<br/>";
$message .= "Please go to this link to reset your password:<br/>\n";
$message .= "<a href=\"http://" . $_SERVER["HTTP_HOST"] . "/auth/resetpassword?email={$user_contact->email}&token={$token}\">http://" . $_SERVER["HTTP_HOST"] . "/auth/resetpassword?email={$user_contact->email}&token={$token}</a>\n<br/>You have 24 hours to reset your password.<br/><br/>";
$message .= "Thank you,\n<br/>cmfive support";
$result = $w->Mail->sendMail($user_contact->email, $support_email, Config::get("main.application_name") . " password reset", $message);
if ($result !== 0) {
$w->msg($responseString, "/auth/login");
} else {
$w->error("There was a problem sending an email, check your settings.", "/auth/login");
}
// explain
}
function taskAjaxAssigntoGroup_ALL(Web $w)
{
$group = array();
$assignee = $w->request('id');
// organise criteria
$who = $assignee != "" ? $assignee : null;
$where = "is_closed = 0";
// get task group titles from available task list
$tasks = $w->Task->getTasks($who, $where);
if ($tasks) {
foreach ($tasks as $task) {
if (!array_key_exists($task->task_group_id, $group)) {
$group[$task->task_group_id] = array($task->getTaskGroupTypeTitle(), $task->task_group_id);
}
}
}
if (!$group) {
$group = array(array("No assigned Tasks", ""));
}
// load Group dropdown and return
$taskgroups = Html::select("taskgroups", $group, null);
$w->setLayout(null);
$w->out(json_encode($taskgroups));
}
function api_fetch($part, $ttl = false)
{
$f3 = \Base::instance();
$url = $f3->get("_api_url");
$url = $url . "/api/" . $part;
$apiHits = $f3->get("_api_hits");
$apiHits[] = $url;
$f3->set("_api_hits", $apiHits);
$key = md5($url);
$cache = new \Cache($key);
//test_array($url);
if ($cache->exists($key) && $ttl) {
$data = json_decode($cache->get($key), true);
} else {
$web = new \Web();
$data = $web->request($url);
$data = json_decode($data['body'], true);
$ddata = json_encode($data);
$cache->set($key, $ddata, $ttl);
}
//test_array($data);
//$url = substr($url,strpos($url,"."));
return $data;
}
function send_POST(Web &$w)
{
$p = $w->pathMatch('id');
if ($p['id']) {
// For reply function
$mess = $w->Inbox->getMessage($p['id']);
$w->Inbox->addMessage($w->request("subject"), $w->request("message"), $w->request("receiver_id"), null, $p['id']);
$mess->has_parent = 1;
$mess->update();
} else {
// To generate test data cause im lazy
$receiver_id = $w->request("receiver_id");
$subject = $w->request("subject");
$message = $w->request("message");
if ($receiver_id && $subject) {
$w->Inbox->addMessage($subject, $message, $receiver_id);
}
}
$w->msg("Message Sent.", "/inbox/index");
}
function updategroupmembers_POST(Web &$w)
{
// populate input array with preliminary membership details pertaining to target task group
// these details will be the same for all new members to be added to the group
$arrdb = array();
$arrdb['task_group_id'] = $_REQUEST['task_group_id'];
$arrdb['role'] = $_REQUEST['role'];
$arrdb['priority'] = 1;
$arrdb['is_active'] = 1;
// for each selected member, complete population of input array
// foreach ($_REQUEST['member'] as $member) {
$arrdb['user_id'] = $w->request('member');
// check to see if member already exists in this group
$mem = $w->Task->getMemberGroupById($arrdb['task_group_id'], $arrdb['user_id']);
// if no membership, create it
if (!$mem) {
$mem = new TaskGroupMember($w);
$mem->fill($arrdb);
$mem->insert();
} else {
// if membership does exists, update the record - only the role will be updated
$mem->fill($arrdb);
$mem->update();
}
// prepare input array for next selected member to insert/update
unset($arrdb['user_id']);
// }
// return
$w->msg("Task Group updated", "/task-group/viewmembergroup/" . $_REQUEST['task_group_id']);
}
