public function process()
{
if (isset($_REQUEST['_process']) && $_REQUEST['_process'] == 'ajax_save_map_coords') {
$address_id = (int) $_REQUEST['address_id'];
if ($address_id && !empty($_REQUEST['address_hash']) && !empty($_REQUEST['lat']) && !empty($_REQUEST['lng'])) {
// existing?
$existing = get_single('map', 'address_id', $address_id);
update_insert('map_id', $existing ? $existing['map_id'] : false, 'map', array('address_hash' => $_REQUEST['address_hash'], 'address_id' => $_REQUEST['address_id'], 'lat' => $_REQUEST['lat'], 'lng' => $_REQUEST['lng']));
}
echo 'Done';
exit;
}
}
public function run_cron($debug = false)
{
// check for payments.
$sql = "SELECT * FROM `" . _DB_PREFIX . "invoice_payment` ip WHERE 1 ";
$sql .= " AND `method` = 'paynl' ";
$sql .= " AND `date_paid` = '0000-00-00' ";
$sql .= " AND `other_id` != '' ";
foreach (qa($sql) as $payment) {
// check api status:
$strUrl = 'https://*****:*****@rest-api.pay.nl/v5/Transaction/info/json?';
$arrArguments = array();
$arrArguments['transactionId'] = $payment['other_id'];
# Prepare and call API URL
$strUrl .= http_build_query($arrArguments);
if ($debug) {
echo "Checking URL {$strUrl} <br>\n";
$jsonResult = file_get_contents($strUrl);
} else {
$jsonResult = @file_get_contents($strUrl);
}
$json = @json_decode($jsonResult, true);
if ($debug) {
echo "Got result: <br>\n";
print_r($json);
}
if ($json && isset($json['paymentDetails']) && isset($json['paymentDetails']['stateName']) && isset($json['paymentDetails']['amount'])) {
module_paymethod_paynl::add_payment_data($payment['invoice_payment_id'], 'log', "PayNL Status " . $json['paymentDetails']['stateName'] . ": \n " . var_export($json, true));
switch ($json['paymentDetails']['stateName']) {
case 'PENDING':
// defauly, still waiting for payment.
break;
case 'PAID':
update_insert("invoice_payment_id", $payment['invoice_payment_id'], "invoice_payment", array('date_paid' => date('Y-m-d'), 'amount' => $json['paymentDetails']['amount'] / 100, 'other_id' => ''));
module_invoice::save_invoice($payment['invoice_id'], array());
break;
case 'CANCEL':
update_insert("invoice_payment_id", $payment['invoice_payment_id'], "invoice_payment", array('other_id' => ''));
module_invoice::save_invoice($payment['invoice_id'], array());
send_error('PayNL payment cancelled for invoice: ' . module_invoice::link_open($payment['invoice_id'], true));
break;
}
} else {
module_paymethod_paynl::add_payment_data($payment['invoice_payment_id'], 'log', "PayNL Status ERROR: \n " . $jsonResult);
}
}
}
echo $n->toHex();
echo ' <br><br> ';
*/
// are we creating a new encrypution value or trying to decrypt an existing one?
$encrypt_field_id = isset($_REQUEST['encrypt_field_id']) ? (int) $_REQUEST['encrypt_field_id'] : false;
if (!$encrypt_field_id && module_encrypt::can_i('create', 'Encrypts')) {
// are we creating a new encryption for this field??
// ooooooooooooooooo.
$encrypt_field_name = isset($_REQUEST['encrypt_field_name']) ? $_REQUEST['encrypt_field_name'] : false;
$page_name = isset($_REQUEST['page_name']) ? $_REQUEST['page_name'] : false;
if (!$encrypt_field_name || !$page_name) {
die('Unable to encrypt this field. Sorry');
}
// ready to create our field!
// for now we just create an entry in the db ready to go.
$encrypt_field_id = update_insert('encrypt_field_id', 0, 'encrypt_field', array('page_name' => $page_name, 'field_name' => $encrypt_field_name, 'encrypt_key_id' => 0));
}
if (!$encrypt_field_id) {
die('no encrypt field id');
}
$encrypt_field = module_encrypt::get_encrypt_field($encrypt_field_id);
//if(!$encrypt_field||$encrypt_field['encrypt_field_id']!=$encrypt_field_id)die('invalid field specified');
$callback_id = isset($_REQUEST['callback_id']) ? $_REQUEST['callback_id'] : '';
$encrypt_id = isset($_REQUEST['encrypt_id']) ? (int) $_REQUEST['encrypt_id'] : 0;
$existing_value = isset($_REQUEST['value']) ? html_entity_decode(@base64_decode($_REQUEST['value'])) : '';
$encrypt = module_encrypt::get_encrypt($encrypt_id);
$encryption_keys = module_encrypt::get_encrypt_keys();
if ($encrypt && $encrypt['encrypt_key_id'] && isset($encryption_keys[$encrypt['encrypt_key_id']])) {
$encryption_key = $encryption_keys[$encrypt['encrypt_key_id']];
} else {
$encryption_key = isset($encryption_keys[$encrypt_field['encrypt_key_id']]) ? $encryption_keys[$encrypt_field['encrypt_key_id']] : false;
public static function calculate_recurring_date($finance_recurring_id, $force = false, $update_db = true)
{
$recurring = self::get_recurring($finance_recurring_id);
if ($recurring['next_due_date_custom'] && !$force) {
return $recurring['next_due_date'];
}
$data = array();
$data['next_due_date'] = '';
$data['next_due_date_custom'] = '0';
// work out next due date from the start date or from last transaction date.
$last_transaction = $recurring['last_transaction_date'];
if (!$last_transaction || $last_transaction == '0000-00-00' || $last_transaction == '0000-00-00 00:00:00') {
// no last transaction date!
// use the start date?
$last_transaction = $recurring['start_date'];
if (!$last_transaction || $last_transaction == '0000-00-00') {
// default to todays date.
$last_transaction = date('Y-m-d');
}
$next_time = strtotime($last_transaction);
} else {
// check if the start date has increased past the last transaction date.
$start_time = strtotime($recurring['start_date']);
$last_transaction_time = strtotime($last_transaction);
if (isset($_REQUEST['reset_start']) && $start_time > $last_transaction_time) {
// todo - set this as a flag - a button they click to reset the counter from "this date" onwards
// without doing this then recording a paymetn early will not set the correct recurring date from that time.
$next_time = $start_time;
} else {
// there was a previous one - base our time off that.
// only if it's not a once off..
if (!$recurring['days'] && !$recurring['months'] && !$recurring['years']) {
// it's a once off..
$next_time = 9999999999;
$recurring['end_date'] = '1970-01-02';
} else {
// work out when the next one will be.
$next_time = strtotime($last_transaction);
$next_time = strtotime('+' . abs((int) $recurring['days']) . ' days', $next_time);
$next_time = strtotime('+' . abs((int) $recurring['months']) . ' months', $next_time);
$next_time = strtotime('+' . abs((int) $recurring['years']) . ' years', $next_time);
}
}
}
$end_time = $recurring['end_date'] && $recurring['end_date'] != '0000-00-00' ? strtotime($recurring['end_date']) : 0;
if ($end_time > 0 && $next_time > $end_time) {
$data['next_due_date'] = '0000-00-00';
} else {
$data['next_due_date'] = date('Y-m-d', $next_time);
}
if ($update_db) {
update_insert('finance_recurring_id', $finance_recurring_id, 'finance_recurring', $data);
}
return $data['next_due_date'];
}
public static function create_new_invoice_for_subscription_payment($invoice_id, $invoice_payment_id, $invoice_payment_subscription_id)
{
// we have an inbound subscription payment for an invoice.
// we have to generate a new invoice (or find the generated invoice if one exists)
// first we have to check if this payment is for this invoice (ie: the first subscription payment)
$invoice_data = self::get_invoice($invoice_id);
if ($invoice_data['total_amount_due'] > 0) {
// this invoice is unpaid, we apply this subscription payment against thsi invoice
return array('invoice_id' => $invoice_id, 'invoice_payment_id' => $invoice_payment_id);
}
// first we look for a generated invoice, this is easiest.
if (class_exists('module_subscription', false)) {
// check if this invoice is part of a subscription.
// if it is we hunt through the subscription history until we find a recent unpaid invoice
// THIS CODE IS SIMILAR TO module_invoice::is_automatic_paying_invoice($invoice_id)
$subscription_history_item = get_single('subscription_history', 'invoice_id', $invoice_id);
if ($subscription_history_item && $subscription_history_item['subscription_owner_id']) {
// we have an invoice that is on a subscription!
$subscription_owner = module_subscription::get_subscription_owner($subscription_history_item['subscription_owner_id']);
// check if there are unpaid invoices that were generated after this invoice.
if ($subscription_owner['subscription_owner_id'] == $subscription_history_item['subscription_owner_id']) {
$subscription_history = get_multiple('subscription_history', array('subscription_owner_id' => $subscription_owner['subscription_owner_id']));
foreach ($subscription_history as $h) {
if ($h['invoice_id'] > $invoice_id && $h['paid_date'] == '0000-00-00') {
// found an invoice for this subscription that was generated after the initial invoice that is unpaid.
// apply subscription payment to this one.
$invoice_data = module_invoice::get_invoice($h['invoice_id']);
if ($invoice_data['total_amount_due'] > 0) {
$invoice_payment_id = update_insert('invoice_payment_id', false, 'invoice_payment', array('invoice_id' => $h['invoice_id'], 'payment_type' => _INVOICE_PAYMENT_TYPE_NORMAL, 'method' => _l('Pending Subscription'), 'currency_id' => $invoice_data['currency_id'], 'invoice_payment_subscription_id' => $invoice_payment_subscription_id));
return array('invoice_id' => $h['invoice_id'], 'invoice_payment_id' => $invoice_payment_id);
}
}
}
// if we get here it means we have a subscription invoice that hasn't been renewed yet.
$subscription = module_subscription::get_subscription($subscription_owner['subscription_id']);
// we force the renewal of the next invoice in this subscription lot and mark it as paid.
$invoice_id = module_subscription::generate_subscription_invoice($subscription_owner['subscription_id'], $subscription_owner['owner_table'], $subscription_owner['owner_id'], date('Y-m-d'), $subscription['amount']);
if ($invoice_id) {
$invoice_data = module_invoice::get_invoice($invoice_id);
$invoice_payment_id = update_insert('invoice_payment_id', false, 'invoice_payment', array('invoice_id' => $invoice_id, 'payment_type' => _INVOICE_PAYMENT_TYPE_NORMAL, 'method' => _l('Pending Subscription'), 'currency_id' => $invoice_data['currency_id'], 'invoice_payment_subscription_id' => $invoice_payment_subscription_id));
if ($subscription['automatic_email'] && module_config::c('invoice_subscription_send_due_email_before_payment', 1)) {
if (module_invoice::email_invoice_to_customer($invoice_id)) {
} else {
echo " - failed to send subscription invoice " . module_invoice::link_open($invoice_id, true) . " to customer <br>\n";
}
exit;
}
return array('invoice_id' => $invoice_id, 'invoice_payment_id' => $invoice_payment_id);
}
}
}
}
}
$ip = $json_data->ip;
$datetime = $json_data->datetime;
$trackingnum = $json_data->trackingnum;
$customer_import = array('customer_name' => $callername, 'customer_extra' => array('Medium' => $referrermedium, 'Source' => $callsource, 'Campaign' => $utm_campaign, 'Content' => $utm_content, 'Term' => $utm_term, 'Query' => $keywords, 'Conversion URL' => $last_requested_url, 'IP Address' => $ip, 'Called In' => $datetime), 'address' => array('line_1' => '123 Test Street', 'line_2' => '', 'suburb' => $callercity, 'state' => $callerstate, 'post_code' => $callerzip), 'contact' => array('name' => $callername, 'last_name' => $callername, 'email' => $trackingnum, 'mobile' => $callernum));
include 'init.php';
// the UCM init code.
$customer_id = $plugins['customer']->save_customer('new', array('customer_name' => $customer_import['customer_name']));
if (!$customer_id) {
echo 'Failed to create customer';
exit;
}
if (!empty($customer_import['customer_extra'])) {
foreach ($customer_import['customer_extra'] as $extra_key => $extra_val) {
// Add the Medium extra field to that newly created customer
$extra_db = array('extra_key' => $extra_key, 'extra' => $extra_val, 'owner_table' => 'customer', 'owner_id' => $customer_id);
$extra_id = update_insert('extra_id', false, 'extra', $extra_db);
}
}
if (!empty($customer_import['address'])) {
// Save the address for the customer
$customer_import['address']['owner_id'] = $customer_id;
$customer_import['address']['owner_table'] = 'customer';
$customer_import['address']['address_type'] = 'physical';
module_address::save_address(false, $customer_import['address']);
}
if (!empty($customer_import['contact'])) {
// add the contact details to this customer record
$customer_import['contact']['customer_id'] = $customer_id;
$contact_user_id = $plugins['user']->create_user($customer_import['contact'], 'signup');
if ($contact_user_id) {
module_customer::set_primary_user_id($customer_id, $contact_user_id);
public static function hook_job_task_after($hook, $job_id, $task_id, $job_data, $task_data)
{
$comments = get_multiple('job_discussion', array('job_id' => $job_id, 'task_id' => $task_id), 'job_discussion_id', 'exact', 'job_discussion_id');
if ($job_data && isset($job_data['job_discussion']) && $job_data['job_discussion'] == 1) {
// disabled & hidden.
return;
}
if ($job_data && isset($job_data['job_discussion']) && $job_data['job_discussion'] == 2 && count($comments) == 0) {
// disabled & shown.
return;
}
if (isset($_POST['job_discussion_add_job_id']) && isset($_POST['job_discussion_add_task_id']) && $_POST['job_discussion_add_job_id'] == $job_id && $_POST['job_discussion_add_task_id'] == $task_id && isset($_POST['note']) && strlen($_POST['note'])) {
$x = 0;
while (ob_get_level() && $x++ < 10) {
ob_end_clean();
}
$current_user_id = module_security::get_loggedin_id();
$customer = module_customer::get_customer($job_data['customer_id']);
if (!$current_user_id) {
if ($job_data['customer_id'] && $customer['primary_user_id']) {
$current_user_id = $customer['primary_user_id'];
}
}
$result = array();
// adding a new note.
$job_discussion_id = update_insert('job_discussion_id', 0, 'job_discussion', array('job_id' => $job_id, 'task_id' => $task_id, 'user_id' => $current_user_id, 'note' => $_POST['note']));
$result['job_discussion_id'] = $job_discussion_id;
$result['count'] = count($comments) + 1;
$tasks = module_job::get_tasks($job_id);
$result['email_customer'] = array();
if (isset($_POST['sendemail_customer']) && is_array($_POST['sendemail_customer'])) {
//$_POST['sendemail_customer'] == 'yes' && $customer['primary_user_id']){
// send email to customer primary user id.
$customer_contacts = module_user::get_contacts(array('customer_id' => $job_data['customer_id']));
foreach ($_POST['sendemail_customer'] as $user_id) {
$user_id = (int) $user_id;
if ($user_id && isset($customer_contacts[$user_id])) {
// we can email this user.
$user = module_user::get_user($user_id, false);
if ($user && $user['user_id'] == $user_id) {
$values = array_merge($user, $job_data);
$values['job_url'] = module_job::link_public($job_id);
$values['job_url'] .= (strpos($values['job_url'], '?') === false ? '?' : '&') . 'discuss=' . $task_id . '#discuss' . $task_id;
$values['job_name'] = $job_data['name'];
$values['customer_name'] = $user['name'] . ' ' . $user['last_name'];
$values['note'] = $_POST['note'];
//todo: no order if no showning numbers
$values['task_name'] = '#' . $tasks[$task_id]['task_order'] . ': ' . $tasks[$task_id]['description'];
$template = module_template::get_template_by_key('job_discussion_email_customer');
$template->assign_values($values);
$html = $template->render('html');
$email = module_email::new_email();
$email->replace_values = $values;
$email->set_to('user', $user['user_id']);
$email->set_from('user', $current_user_id);
$email->set_subject($template->description);
// do we send images inline?
$email->set_html($html);
if ($email->send()) {
// it worked successfully!!
$result['email_customer'][] = $user['user_id'];
} else {
/// log err?
}
}
}
}
/*$user = module_user::get_user($customer['primary_user_id'],false);
if($user['user_id'] == $customer['primary_user_id']){
$values = array_merge($user,$job_data);
$values['job_url'] = module_job::link_public($job_id);
$values['job_url'] .= (strpos($values['job_url'],'?')===false ? '?' : '&').'discuss='.$task_id.'#discuss'.$task_id;
$values['job_name'] = $job_data['name'];
$values['customer_name'] = $user['name'].' '.$user['last_name'];
$values['note'] = $_POST['note'];
//todo: no order if no showning numbers
$values['task_name'] = '#'.$tasks[$task_id]['task_order'].': '.$tasks[$task_id]['description'];
$template = module_template::get_template_by_key('job_discussion_email_customer');
$template->assign_values($values);
$html = $template->render('html');
$email = module_email::new_email();
$email->replace_values = $values;
$email->set_to('user',$user['user_id']);
$email->set_from('user',$current_user_id);
$email->set_subject($template->description);
// do we send images inline?
$email->set_html($html);
if($email->send()){
// it worked successfully!!
$result['email_customer'] = 1;
}else{
/// log err?
$result['email_customer'] = 0;
}
}else{
// log error?
$result['email_customer'] = 0;
}*/
}
if (isset($_POST['sendemail_staff']) && is_array($_POST['sendemail_staff'])) {
// == 'yes' && $job_data['user_id']
// todo: handle the restul better when sending to multiple people
$result['email_staff_list'] = $_POST['sendemail_staff'];
foreach ($_POST['sendemail_staff'] as $staff_id) {
// send email to staff
$staff_id = (int) $staff_id;
if (!$staff_id) {
$result['nostaff'] = 1;
continue;
}
if (isset($task_data['user_id']) && $task_data['user_id'] == $staff_id || isset($job_data['user_id']) && $job_data['user_id'] == $staff_id) {
//$user = module_user::get_user($job_data['user_id'],false);
$user = module_user::get_user($staff_id, false);
if ($user['user_id'] == $staff_id) {
$values = array_merge($user, $job_data);
$values['job_url'] = module_job::link_public($job_id);
$values['job_url'] .= (strpos($values['job_url'], '?') === false ? '?' : '&') . 'discuss=' . $task_id . '#discuss' . $task_id;
$values['job_name'] = $job_data['name'];
$values['staff_name'] = $user['name'] . ' ' . $user['last_name'];
$values['note'] = $_POST['note'];
//todo: no order if no showning numbers
$values['task_name'] = '#' . $tasks[$task_id]['task_order'] . ': ' . $tasks[$task_id]['description'];
$template = module_template::get_template_by_key('job_discussion_email_staff');
$template->assign_values($values);
$html = $template->render('html');
$email = module_email::new_email();
$email->replace_values = $values;
$email->set_to('user', $staff_id);
$email->set_from('user', $current_user_id);
$email->set_subject($template->description);
// do we send images inline?
$email->set_html($html);
if ($email->send()) {
// it worked successfully!!
$result['email_staff'] = 1;
} else {
/// log err?
$result['email_staff'] = 0;
}
} else {
// log error?
$result['email_staff'] = 0;
}
}
}
}
$x = 0;
while ($x++ < 5 && ob_get_level()) {
ob_end_clean();
}
header("Content-type: text/javascript", true);
echo json_encode($result);
exit;
}
$label = htmlspecialchars(module_config::c('job_discussion_button_label', 'Task Comments'));
?>
<a href="<?php
echo self::link_public($job_id, $task_id);
?>
" id="discuss<?php
echo $task_id;
?>
" class="task_job_discussion <?php
echo $label ? 'with_text' : '';
?>
" title="<?php
_e('View Discussion');
?>
"><span><?php
echo count($comments) > 0 ? count($comments) : '';
?>
</span><?php
echo $label;
?>
</a>
<div class="task_job_discussion_holder"<?php
echo isset($_REQUEST['discuss']) && $_REQUEST['discuss'] == $task_id ? ' style="display:block;"' : '';
?>
>
<?php
if (isset($_REQUEST['discuss']) && $_REQUEST['discuss'] == $task_id) {
$_REQUEST['t'] = $task_id;
$_REQUEST['i'] = $job_id;
$_REQUEST['hash'] = self::link_public($job_id, $task_id, true);
self::external_hook('public');
}
?>
</div>
<?php
}
public function external_hook($hook)
{
switch ($hook) {
case 'event_ipn':
$body = @file_get_contents('php://input');
$event_json = json_decode($body);
ob_start();
echo "UCM coinbase DEBUG:<br><br>JSON: <br>\n";
print_r($event_json);
echo "<br><br>\n";
$success = false;
$bits = explode(':', isset($event_json->order->custom) ? $event_json->order->custom : '');
if (count($bits) == 4) {
// we have our custom bits, invoice_id, invoice_payment_id and hash
// check they are right
$invoice_id = (int) $bits[0];
$invoice_payment_id = (int) $bits[1];
$invoice_payment_subscription_id = (int) $bits[2];
$hash = $bits[3];
$correct_hash = self::get_payment_key($invoice_id, $invoice_payment_id, $invoice_payment_subscription_id, true);
if ($invoice_id && $invoice_payment_id && $hash == $correct_hash) {
// This will send receipts on succesful invoices
// todo - coinbase doesnt sent this callback correctly just yet
if ($event_json && isset($event_json->recurring_payment) && $invoice_payment_subscription_id) {
// status changes on a recurring payment.
$invoice_payment_subscription = get_single('invoice_payment_subscription', 'invoice_payment_subscription_id', $invoice_payment_subscription_id);
if (!$invoice_payment_subscription['date_start'] || $invoice_payment_subscription['date_start'] == '0000-00-00') {
// no start date yet, set the start date now.
if ($event_json->recurring_payment->status == 'active') {
update_insert('invoice_payment_subscription_id', $invoice_payment_subscription_id, 'invoice_payment_subscription', array('status' => _INVOICE_SUBSCRIPTION_ACTIVE, 'date_start' => date('Y-m-d')));
}
}
if ($event_json->recurring_payment->status == 'paused' || $event_json->recurring_payment->status == 'canceled') {
update_insert('invoice_payment_subscription_id', $invoice_payment_subscription_id, 'invoice_payment_subscription', array('status' => _INVOICE_SUBSCRIPTION_FAILED));
}
}
if ($event_json && isset($event_json->order->status) && $event_json->order->status == 'completed' && isset($event_json->order->total_native) && isset($event_json->order->custom)) {
// crab out the custom bits so we know what to deal with.
$invoice_payment_data = module_invoice::get_invoice_payment($invoice_payment_id);
$currency = module_config::get_currency($invoice_payment_data['currency_id']);
if ($invoice_payment_subscription_id) {
// this API result is for a subscription payment.
$invoice_payment_subscription = get_single('invoice_payment_subscription', 'invoice_payment_subscription_id', $invoice_payment_subscription_id);
if ($invoice_payment_subscription && $invoice_payment_subscription['invoice_payment_subscription_id'] == $invoice_payment_subscription_id && $currency['code'] == $event_json->order->total_native->currency_iso) {
if (!$invoice_payment_subscription['date_start'] || $invoice_payment_subscription['date_start'] == '0000-00-00') {
// no start date yet, set the start date now (this should really happen in the above callback, but coinbase isn't working right now)
update_insert('invoice_payment_subscription_id', $invoice_payment_subscription_id, 'invoice_payment_subscription', array('status' => _INVOICE_SUBSCRIPTION_ACTIVE, 'date_start' => date('Y-m-d')));
}
// we have a subscription payment. woo!
// this gets a bit tricky, we have to work out if the invoice has been generated for this subscription yet.
// if this invoice hasn't been generated yet then we have to generate it.
// pass this back to the invoice class so we can reuse this feature in the future.
$data = module_invoice::create_new_invoice_for_subscription_payment($invoice_id, $invoice_payment_id, $invoice_payment_subscription_id);
if ($data && $data['invoice_id'] && $data['invoice_payment_id']) {
$next_time = time();
$next_time = strtotime('+' . abs((int) $invoice_payment_subscription['days']) . ' days', $next_time);
$next_time = strtotime('+' . abs((int) $invoice_payment_subscription['months']) . ' months', $next_time);
$next_time = strtotime('+' . abs((int) $invoice_payment_subscription['years']) . ' years', $next_time);
update_insert('invoice_payment_subscription_id', $invoice_payment_subscription_id, 'invoice_payment_subscription', array('date_last_pay' => date('Y-m-d'), 'date_next' => date('Y-m-d', $next_time)));
update_insert("invoice_payment_id", $data['invoice_payment_id'], "invoice_payment", array('date_paid' => date('Y-m-d'), 'amount' => $event_json->order->total_native->cents / 100, 'method' => self::get_payment_method_name() . ' (Subscription)', 'invoice_payment_subscription_id' => $invoice_payment_subscription_id));
self::add_payment_data($data['invoice_payment_id'], 'log', "Invoice Payment Subscription Received!");
self::add_payment_data($data['invoice_payment_id'], 'log', "API IP is " . $_SERVER['REMOTE_ADDR']);
self::add_payment_data($data['invoice_payment_id'], 'log', "Received BTC: " . $event_json->order->total_btc->cents / 10000000);
self::add_payment_data($data['invoice_payment_id'], 'log', "Received " . $event_json->order->total_native->currency_iso . ': ' . $event_json->order->total_native->cents / 100);
self::add_payment_data($data['invoice_payment_id'], 'log', "Destination Address: " . $event_json->order->receive_address);
self::add_payment_data($data['invoice_payment_id'], 'log', "Currency code matches, marking invoice as paid.");
self::add_payment_data($data['invoice_payment_id'], 'log', "Raw Event Data: \n" . json_encode($event_json));
module_invoice::save_invoice($data['invoice_id'], array());
echo "Successful Subscription Payment!";
} else {
send_error("Coinbase Subscription Error (failed to generate new invoice!) " . var_export($data, true));
}
} else {
send_error('Currency code missmatch on coinbase subscription payment');
}
} else {
// this is a normal once off payment.
self::add_payment_data($invoice_payment_id, 'log', "API IP is " . $_SERVER['REMOTE_ADDR']);
self::add_payment_data($invoice_payment_id, 'log', "Received BTC: " . $event_json->order->total_btc->cents / 10000000);
self::add_payment_data($invoice_payment_id, 'log', "Received " . $event_json->order->total_native->currency_iso . ': ' . $event_json->order->total_native->cents / 100);
self::add_payment_data($invoice_payment_id, 'log', "Destination Address: " . $event_json->order->receive_address);
if ($currency['code'] == $event_json->order->total_native->currency_iso) {
self::add_payment_data($invoice_payment_id, 'log', "Currency code matches, marking invoice as paid.");
update_insert("invoice_payment_id", $invoice_payment_id, "invoice_payment", array('date_paid' => date('Y-m-d'), 'amount' => $event_json->order->total_native->cents / 100));
module_invoice::save_invoice($invoice_id, array());
echo "Successful Payment!";
$success = true;
} else {
self::add_payment_data($invoice_payment_id, 'log', "Currency code missmatch, please check settings!");
}
self::add_payment_data($invoice_payment_id, 'log', "Raw Event Data: \n" . json_encode($event_json));
}
}
}
}
$debug = ob_get_clean();
if (module_config::c('coinbase_payment_debug', 0)) {
send_error("Coinbase Debug: {$debug}");
}
exit;
break;
case 'pay_subscription':
$invoice_id = isset($_REQUEST['invoice_id']) ? $_REQUEST['invoice_id'] : false;
$invoice_payment_id = isset($_REQUEST['invoice_payment_id']) ? $_REQUEST['invoice_payment_id'] : false;
$invoice_payment_subscription_id = isset($_REQUEST['invoice_payment_subscription_id']) ? $_REQUEST['invoice_payment_subscription_id'] : false;
$coinbase_plan_id = isset($_REQUEST['coinbase_plan_id']) ? $_REQUEST['coinbase_plan_id'] : false;
$user_id = isset($_REQUEST['user_id']) ? $_REQUEST['user_id'] : false;
if ($invoice_id && $invoice_payment_id && $coinbase_plan_id && $invoice_payment_subscription_id && $user_id && isset($_POST['coinbaseToken'])) {
$user_data = module_user::get_user($user_id);
$email = isset($_REQUEST['coinbaseEmail']) && strlen($_REQUEST['coinbaseEmail']) ? $_REQUEST['coinbaseEmail'] : $user_data['email'];
if (!$email || !strpos($email, '@')) {
die('Please ensure your user account has a valid email address before paying with coinbase');
}
$invoice_payment = get_single('invoice_payment', 'invoice_payment_id', $invoice_payment_id);
$invoice_payment_subscription = get_single('invoice_payment_subscription', 'invoice_payment_subscription_id', $invoice_payment_subscription_id);
if (!$invoice_payment || !$invoice_payment_subscription || $invoice_payment['invoice_id'] != $invoice_id || $invoice_payment['invoice_payment_subscription_id'] != $invoice_payment_subscription_id) {
die('Invalid invoice payment subscription id');
}
$invoice_payment_data = module_invoice::get_invoice_payment($invoice_payment_id);
$invoice_data = module_invoice::get_invoice($invoice_id);
if ($invoice_payment_data && $invoice_data && $invoice_id == $invoice_data['invoice_id'] && $invoice_payment_data['invoice_id'] == $invoice_data['invoice_id']) {
$currency = module_config::get_currency($invoice_payment_data['currency_id']);
$currency_code = $currency['code'];
$description = isset($_REQUEST['description']) ? $_REQUEST['description'] : 'N/A';
$template = new module_template();
ob_start();
require_once 'includes/plugin_paymethod_coinbase/coinbase-php/lib/coinbase.php';
$coinbase = array("secret_key" => module_config::c('payment_method_coinbase_api_key'), "publishable_key" => module_config::c('payment_method_coinbase_secret_key'));
coinbase::setApiKey($coinbase['secret_key']);
try {
// todo- search for existing customer based on email address???
// todo: check if adding new plan to existing customer work??
$coinbase_customer = coinbase_Customer::create(array("card" => $_POST['coinbaseToken'], "email" => $email, 'metadata' => array('user_id' => $user_id)));
if ($coinbase_customer && $coinbase_customer->id) {
//} && $coinbase_customer->subscriptions){
$coinbase_subscription = $coinbase_customer->subscriptions->create(array('plan' => $coinbase_plan_id));
if ($coinbase_subscription && $coinbase_subscription->id) {
update_insert('invoice_payment_subscription_id', $invoice_payment_subscription_id, 'invoice_payment_subscription', array('status' => _INVOICE_SUBSCRIPTION_ACTIVE, 'date_start' => date('Y-m-d'), 'coinbase_customer' => $coinbase_customer->id, 'coinbase_subscription' => $coinbase_subscription->id));
module_paymethod_coinbase::add_payment_data($invoice_payment_id, 'log', "Started coinbase Subscription: " . var_export(array('customer.id' => $coinbase_customer->id, 'plan.id' => $coinbase_plan_id, 'subscription.id' => $coinbase_subscription->id), true));
// success!
// redirect to receipt page.
redirect_browser(module_invoice::link_public_payment_complete($invoice_id));
} else {
echo 'Failed to create subscription with coinbase';
}
}
$error = "Something went wrong during coinbase payment. Please confirm invoice payment went through: " . htmlspecialchars($description);
send_error($error);
echo $error;
} catch (coinbase_CardError $e) {
// The card has been declined
$body = $e->getJsonBody();
$err = $body['error'];
$error = "Sorry: Payment failed. <br><br>\n\n" . htmlspecialchars($description) . ". <br><br>\n\n";
$error .= $err['message'];
echo $error;
$error .= "\n\n\n" . var_export($err, true);
send_error($error);
} catch (Exception $e) {
$body = $e->getJsonBody();
$err = $body['error'];
$error = "Sorry: Payment failed. <br><br>\n\n" . htmlspecialchars($description) . ". <br><br>\n\n";
$error .= $err['message'];
echo $error;
$error .= "\n\n\n" . var_export($err, true);
send_error($error);
}
$template->content = ob_get_clean();
echo $template->render('pretty_html');
exit;
}
}
echo 'Error paying via coinbase';
exit;
}
}
function handle_paypal_ipn()
{
ob_end_clean();
if (!isset($_REQUEST['custom'])) {
return;
}
$paypal_bits = explode("|", $_REQUEST['custom']);
$user_id = (int) $paypal_bits[0];
$payment_id = (int) $paypal_bits[1];
$invoice_id = (int) $paypal_bits[2];
$invoice_payment_subscription_id = false;
if (count($paypal_bits) == 4) {
// normal IPN, single payment.
} else {
if (count($paypal_bits) == 5) {
// subscription IPN, with subscription id.
$invoice_payment_subscription_id = (int) $paypal_bits[3];
$invoice_payment_subscription = get_single('invoice_payment_subscription', 'invoice_payment_subscription_id', $invoice_payment_subscription_id);
}
}
//send_error('bad?');
if ($payment_id && $invoice_id) {
$hash = $this->paypal_custom($user_id, $payment_id, $invoice_id, $invoice_payment_subscription_id);
if ($hash != $_REQUEST['custom']) {
send_error("PayPal IPN Error (incorrect hash) it should be " . $hash);
exit;
}
/*$sql = "SELECT * FROM `"._DB_PREFIX."user` WHERE user_id = '$user_id' LIMIT 1";
$res = qa($sql);
if($res){
$user = array_shift($res);
if($user && $user['user_id'] == $user_id){*/
// check for payment exists
$payment = module_invoice::get_invoice_payment($payment_id);
$invoice = module_invoice::get_invoice($invoice_id);
if ($payment && $invoice) {
/*if(isset($_REQUEST['fakepay'])){
if($invoice_payment_subscription_id){
// we have a subscription payment. woo!
// this gets a bit tricky, we have to work out if the invoice has been generated for this subscription yet.
// if this invoice hasn't been generated yet then we have to generate it.
// pass this back to the invoice class so we can reuse this feature in the future.
$data = module_invoice::create_new_invoice_for_subscription_payment($invoice_id, $payment_id, $invoice_payment_subscription_id);
if($data && $data['invoice_id'] && $data['invoice_payment_id']){
$next_time = time();
$next_time = strtotime('+'.abs((int)$invoice_payment_subscription['days']).' days',$next_time);
$next_time = strtotime('+'.abs((int)$invoice_payment_subscription['months']).' months',$next_time);
$next_time = strtotime('+'.abs((int)$invoice_payment_subscription['years']).' years',$next_time);
update_insert('invoice_payment_subscription_id',$invoice_payment_subscription_id,'invoice_payment_subscription',array(
'date_last_pay' => date('Y-m-d'),
'date_next' => date('Y-m-d',$next_time),
));
$new_payment_details = array(
'date_paid' => date('Y-m-d'),
'amount' => $_REQUEST['mc_gross'],
'method' => 'PayPal (Subscription)',
'invoice_payment_subscription_id' => $invoice_payment_subscription_id,
);
foreach(array('fee_percent','fee_amount','fee_description','fee_total') as $fee_field){
if(isset($payment[$fee_field])) {
$new_payment_details[ $fee_field ] = $payment[ $fee_field ];
}
}
update_insert("invoice_payment_id",$data['invoice_payment_id'],"invoice_payment",$new_payment_details);
module_invoice::save_invoice($data['invoice_id'],array());
echo "Successful Subscription Payment!";
}else{
send_error("PayPal IPN Subscription Error (failed to generate new invoice!) ".var_export($result,true));
}
}else{
// mark a normal payment as paid
update_insert("invoice_payment_id",$payment_id,"invoice_payment",array(
'date_paid' => date('Y-m-d'),
'amount' => $_REQUEST['mc_gross'],
'method' => 'PayPal (IPN)',
));
module_invoice::save_invoice($invoice_id,array());
echo "Successful Payment!";
}
echo 'fakepay done';exit;
}*/
$invoice_currency = module_config::get_currency($invoice['currency_id']);
$invoice_currency_code = $invoice_currency['code'];
// check correct business
if (!$_REQUEST['business'] && $_REQUEST['receiver_email']) {
$_REQUEST['business'] = $_REQUEST['receiver_email'];
}
if ($_REQUEST['business'] != module_config::c('payment_method_paypal_email', _ERROR_EMAIL)) {
send_error('PayPal error! Paid the wrong business name. ' . $_REQUEST['business'] . ' instead of ' . module_config::c('payment_method_paypal_email', _ERROR_EMAIL));
exit;
}
// check correct currency
if ($invoice_currency_code && $_REQUEST['mc_currency'] != $invoice_currency_code) {
send_error('PayPal error! Paid the wrong currency code. ' . $_REQUEST['mc_currency'] . ' instead of ' . $invoice_currency_code);
exit;
}
switch ($_REQUEST['txn_type']) {
// handle subscriptions first.
// https://www.paypal.com/au/cgi-bin/webscr?cmd=p/acc/ipn-subscriptions-outside
case "subscr_signup":
// started! we update the start date of this one.
if ($invoice_payment_subscription_id) {
update_insert('invoice_payment_subscription_id', $invoice_payment_subscription_id, 'invoice_payment_subscription', array('status' => _INVOICE_SUBSCRIPTION_ACTIVE, 'date_start' => date('Y-m-d')));
}
break;
case "subscr_cancel":
case "subscr_failed":
case "subscr_eot":
if ($invoice_payment_subscription_id) {
update_insert('invoice_payment_subscription_id', $invoice_payment_subscription_id, 'invoice_payment_subscription', array('status' => _INVOICE_SUBSCRIPTION_FAILED));
}
break;
break;
case "subscr_payment":
case "web_accept":
if ($_REQUEST['payment_status'] == "Canceled_Reversal" || $_REQUEST['payment_status'] == "Refunded") {
// funky refund!! oh noes!!
// TODO: store this in the database as a negative payment... should be easy.
// populate $_REQUEST vars then do something like $payment_history_id = update_insert("payment_history_id","new","payment_history");
send_error("PayPal Error! The payment {$payment_id} has been refunded or reversed! BAD BAD! You have to follup up customer for money manually now.");
} else {
if ($_REQUEST['payment_status'] == "Completed") {
// payment is completed! yeye getting closer...
// running in paypal sandbox or not?
//$sandbox = (self::is_sandbox())?"sandbox.":'';
// quick check we're not getting a fake payment request.
$url = 'https://www.' . (self::is_sandbox() ? 'sandbox.' : '') . 'paypal.com/cgi-bin/webscr';
$result = self::fsockPost($url, $_POST);
//send_error('paypal sock post: '.$url."\n\n".var_export($result,true));
if (eregi("VERIFIED", $result)) {
// finally have everything.
// mark the payment as completed.
if ($invoice_payment_subscription_id) {
// we have a subscription payment. woo!
// this gets a bit tricky, we have to work out if the invoice has been generated for this subscription yet.
// if this invoice hasn't been generated yet then we have to generate it.
// pass this back to the invoice class so we can reuse this feature in the future.
$data = module_invoice::create_new_invoice_for_subscription_payment($invoice_id, $payment_id, $invoice_payment_subscription_id);
if ($data && $data['invoice_id'] && $data['invoice_payment_id']) {
$next_time = time();
$next_time = strtotime('+' . abs((int) $invoice_payment_subscription['days']) . ' days', $next_time);
$next_time = strtotime('+' . abs((int) $invoice_payment_subscription['months']) . ' months', $next_time);
$next_time = strtotime('+' . abs((int) $invoice_payment_subscription['years']) . ' years', $next_time);
update_insert('invoice_payment_subscription_id', $invoice_payment_subscription_id, 'invoice_payment_subscription', array('date_last_pay' => date('Y-m-d'), 'date_next' => date('Y-m-d', $next_time)));
$new_payment_details = array('date_paid' => date('Y-m-d'), 'amount' => $_REQUEST['mc_gross'], 'method' => 'PayPal (Subscription)', 'invoice_payment_subscription_id' => $invoice_payment_subscription_id);
foreach (array('fee_percent', 'fee_amount', 'fee_description', 'fee_total') as $fee_field) {
if (isset($payment[$fee_field])) {
$new_payment_details[$fee_field] = $payment[$fee_field];
}
}
update_insert("invoice_payment_id", $data['invoice_payment_id'], "invoice_payment", $new_payment_details);
module_invoice::save_invoice($data['invoice_id'], array());
echo "Successful Subscription Payment!";
} else {
send_error("PayPal IPN Subscription Error (failed to generate new invoice!) " . var_export($result, true));
}
} else {
// mark a normal payment as paid
update_insert("invoice_payment_id", $payment_id, "invoice_payment", array('date_paid' => date('Y-m-d'), 'amount' => $_REQUEST['mc_gross'], 'method' => 'PayPal (IPN)'));
module_invoice::save_invoice($invoice_id, array());
echo "Successful Payment!";
}
/*// send customer an email thanking them for their payment.
$sql = "SELECT * FROM "._DB_PREFIX."users WHERE user_id = '"._ADMIN_USER_ID."'";
$res = qa($sql);
$admin = array_shift($res);
$from_email = $admin['email'];
$from_name = $admin['real_name'];
$mail_content = "Dear ".$user['real_name'].", \n\n";
$mail_content .= "Your ".dollar($payment['outstanding'])." payment for '".$payment['description']."' has been processed. \n\n";
$mail_content .= "We have successfully recorded your ".dollar($_REQUEST['mc_gross'])." payment in our system.\n\n";
$mail_content .= "You will receive another email shortly from PayPal with details of the transaction.\n\n";
$mail_content .= "Kind Regards,\n\n";
$mail_content .= $from_name."\n".$from_email;
send_error("PayPal SUCCESS!! User has paid you ".$_REQUEST['mc_gross']." we have recorded this against the payment and sent them an email");
//$this->send_email( $payment_id, $user['email'], $mail_content, "Payment Successful", $from_email, $from_name );
send_email($user['email'], "Payment Successful", $mail_content, array("FROM"=>$from_email,"FROM_NAME"=>$from_name));
*/
// check if it's been paid in full..
} else {
send_error("PayPal IPN Error (paypal rejected the payment!) " . var_export($result, true));
}
} else {
send_error("PayPal info: This payment is not yet completed, this usually means it's an e-cheque, follow it up in a few days if you dont hear anything. This also means you may have to login to paypal and 'Accept' the payment. So check there first.");
}
}
break;
default:
send_error("PayPal IPN Error (unknown transaction t ype!) ");
break;
}
} else {
send_error("PayPal IPN Error (no payment found in database!)");
}
/*}else{
send_error("PayPal IPN Error (error with user that was found in database..)");
}
}else{
send_error("PayPal IPN Error (no user found in database #1)");
}*/
} else {
send_error("PayPal IPN Error (no payment or invoice id found)");
}
exit;
}
function save_profile_field($field_type, $mode = 'create')
{
global $cp, $db, $config, $user, $lang_defs;
$field_id = request_var('field_id', 0);
// Collect all informations, if something is going wrong, abort the operation
$profile_sql = $profile_lang = $empty_lang = $profile_lang_fields = array();
$default_lang_id = $lang_defs['iso'][$config['default_lang']];
if ($mode == 'create') {
$result = $db->sql_query('SELECT MAX(field_order) as max_field_order FROM ' . PROFILE_FIELDS_TABLE);
$new_field_order = (int) $db->sql_fetchfield('max_field_order', 0, $result);
$db->sql_freeresult($result);
// We do not use a stripped down field name as identifier in order to retain sql compatibility, of course it would be nice to not have to look up the identifier and instead having a descriptive name, but this would produce more errors than needed, and do you want to have a totally crypted name just because of stripped characters? ;)
$field_ident = 'field_' . ($new_field_order + 1);
}
// Save the field
$profile_fields = array('field_name' => $cp->vars['field_name'], 'field_length' => $cp->vars['field_length'], 'field_minlen' => $cp->vars['field_minlen'], 'field_maxlen' => $cp->vars['field_maxlen'], 'field_novalue' => $cp->vars['field_novalue'], 'field_default_value' => $cp->vars['field_default_value'], 'field_validation' => $cp->vars['field_validation'], 'field_required' => $cp->vars['field_required'], 'field_show_on_reg' => $cp->vars['field_show_on_reg'], 'field_hide' => $cp->vars['field_hide']);
if ($mode == 'create') {
$profile_fields += array('field_type' => $field_type, 'field_ident' => $field_ident, 'field_order' => $new_field_order + 1, 'field_active' => 1);
$db->sql_query('INSERT INTO ' . PROFILE_FIELDS_TABLE . ' ' . $db->sql_build_array('INSERT', $profile_fields));
$field_id = $db->sql_nextid();
} else {
$db->sql_query('UPDATE ' . PROFILE_FIELDS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $profile_fields) . "\r\n\t\t\tWHERE field_id = {$field_id}");
}
if ($mode == 'create') {
// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
$sql = 'ALTER TABLE ' . PROFILE_DATA_TABLE . " ADD {$field_ident} ";
switch ($field_type) {
case FIELD_STRING:
$sql .= ' VARCHAR(255) DEFAULT NULL NULL';
break;
case FIELD_DATE:
$sql .= 'VARCHAR(10) DEFAULT NULL NULL';
break;
case FIELD_TEXT:
$sql .= 'TEXT NULL';
break;
case FIELD_BOOL:
$sql .= 'TINYINT(2) DEFAULT NULL NULL';
break;
case FIELD_DROPDOWN:
$sql .= 'MEDIUMINT(8) DEFAULT NULL NULL';
break;
case FIELD_INT:
$sql .= 'BIGINT(20) DEFAULT NULL NULL';
break;
}
$profile_sql[] = $sql;
}
$sql_ary = array('lang_name' => $cp->vars['lang_name'], 'lang_explain' => $cp->vars['lang_explain'], 'lang_default_value' => $cp->vars['lang_default_value']);
if ($mode == 'create') {
$sql_ary['field_id'] = $field_id;
$sql_ary['lang_id'] = $default_lang_id;
$profile_sql[] = 'INSERT INTO ' . PROFILE_LANG_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
} else {
update_insert(PROFILE_LANG_TABLE, $sql_ary, array('field_id' => $field_id, 'lang_id' => $default_lang_id));
}
if (sizeof($cp->vars['l_lang_name'])) {
foreach ($cp->vars['l_lang_name'] as $lang_id => $data) {
if ($cp->vars['lang_name'] != '' && $cp->vars['l_lang_name'][$lang_id] == '' || $cp->vars['lang_explain'] != '' && $cp->vars['l_lang_explain'][$lang_id] == '' || $cp->vars['lang_default_value'] != '' && $cp->vars['l_lang_default_value'][$lang_id] == '') {
$empty_lang[$lang_id] = true;
break;
}
if (!isset($empty_lang[$lang_id])) {
$profile_lang[] = array('field_id' => $field_id, 'lang_id' => $lang_id, 'lang_name' => $cp->vars['l_lang_name'][$lang_id], 'lang_explain' => $cp->vars['l_lang_explain'][$lang_id], 'lang_default_value' => $cp->vars['l_lang_default_value'][$lang_id]);
}
}
}
$cp->vars['l_lang_name'] = request_var('l_lang_name', '');
$cp->vars['l_lang_explain'] = request_var('l_lang_explain', '');
$cp->vars['l_lang_default_value'] = request_var('l_lang_default_value', '');
$cp->vars['l_lang_options'] = request_var('l_lang_options', '');
if (!empty($cp->vars['lang_options'])) {
if (!is_array($cp->vars['lang_options'])) {
$cp->vars['lang_options'] = explode("\n", $cp->vars['lang_options']);
}
foreach ($cp->vars['lang_options'] as $option_id => $value) {
$sql_ary = array('field_type' => (int) $field_type, 'value' => $value);
if ($mode == 'create') {
$sql_ary['field_id'] = $field_id;
$sql_ary['lang_id'] = $default_lang_id;
$sql_ary['option_id'] = (int) $option_id;
$profile_sql[] = 'INSERT INTO ' . PROFILE_FIELDS_LANG_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
} else {
update_insert(PROFILE_FIELDS_LANG_TABLE, $sql_ary, array('field_id' => $field_id, 'lang_id' => (int) $default_lang_id, 'option_id' => (int) $option_id));
}
}
}
if (sizeof($cp->vars['l_lang_options'])) {
foreach ($cp->vars['l_lang_options'] as $lang_id => $lang_ary) {
if (!is_array($lang_ary)) {
$lang_ary = explode("\n", $lang_ary);
}
if (sizeof($lang_ary) != sizeof($cp->vars['lang_options'])) {
$empty_lang[$lang_id] = true;
}
if (!isset($empty_lang[$lang_id])) {
foreach ($lang_ary as $option_id => $value) {
$profile_lang_fields[] = array('field_id' => (int) $field_id, 'lang_id' => (int) $lang_id, 'option_id' => (int) $option_id, 'field_type' => (int) $field_type, 'value' => $value);
}
}
}
}
foreach ($profile_lang as $sql) {
if ($mode == 'create') {
$profile_sql[] = 'INSERT INTO ' . PROFILE_LANG_TABLE . ' ' . $db->sql_build_array('INSERT', $sql);
} else {
$lang_id = $sql['lang_id'];
unset($sql['lang_id'], $sql['field_id']);
update_insert(PROFILE_LANG_TABLE, $sql, array('lang_id' => (int) $lang_id, 'field_id' => $field_id));
}
}
if (sizeof($profile_lang_fields)) {
foreach ($profile_lang_fields as $sql) {
if ($mode == 'create') {
$profile_sql[] = 'INSERT INTO ' . PROFILE_FIELDS_LANG_TABLE . ' ' . $db->sql_build_array('INSERT', $sql);
} else {
$lang_id = $sql['lang_id'];
$option_id = $sql['option_id'];
unset($sql['lang_id'], $sql['field_id'], $sql['option_id']);
update_insert(PROFILE_FIELDS_LANG_TABLE, $sql, array('lang_id' => $lang_id, 'field_id' => $field_id, 'option_id' => $option_id));
}
}
}
// $db->sql_transaction();
if ($mode == 'create') {
foreach ($profile_sql as $sql) {
$db->sql_query($sql);
}
}
// $db->sql_transaction('commit');
// TODO: add_log
trigger_error($user->lang['ADDED_PROFILE_FIELD']);
}
}
if (!module_config::can_i('edit', 'Settings')) {
redirect_browser(_BASE_HREF);
}
if (isset($_REQUEST['currency_id'])) {
$currency_id = (int) $_REQUEST['currency_id'];
$currency = get_single('currency', 'currency_id', $currency_id);
if (isset($_REQUEST['butdelete_currency'])) {
if (module_form::confirm_delete('currency_id', 'Really delete currency: ' . htmlspecialchars($currency['code']))) {
delete_from_db('currency', 'currency_id', $currency_id);
set_message(_l('Currency deleted successfully'));
redirect_browser($_SERVER['REQUEST_URI'] . (strpos($_SERVER['REQUEST_URI'], '?') === false ? '?' : '&') . 'deleted=true');
}
} else {
if (isset($_REQUEST['save'])) {
update_insert('currency_id', $currency_id, 'currency', $_POST);
set_message('Currency saved successfully');
//redirect_browser('?saved=true');
redirect_browser($_SERVER['REQUEST_URI'] . (strpos($_SERVER['REQUEST_URI'], '?') === false ? '?' : '&') . 'saved=true');
}
}
$currency = get_single('currency', 'currency_id', $currency_id);
print_heading(array('title' => 'Edit Currency', 'type' => 'h2', 'main' => true));
?>
<form action="" method="post">
<input type="hidden" name="currency_id" value="<?php
echo $currency_id;
?>
">
<input type="hidden" name="save" value="true">
public function update($field, $value)
{
// what fields to we allow? or not allow?
if (in_array($field, array('social_twitter_message_id'))) {
return;
}
if ($this->social_twitter_message_id) {
$this->{$field} = $value;
update_insert('social_twitter_message_id', $this->social_twitter_message_id, 'social_twitter_message', array($field => $value));
}
}
public static function get_languages_attributes()
{
$all = array();
$language_files = glob(_UCM_FOLDER . 'includes/plugin_language/custom/*.php');
if (is_array($language_files)) {
foreach ($language_files as $language) {
$language = strtolower(str_replace('.php', '', basename($language)));
if ($language[0] == '_') {
continue;
}
$all[$language] = array('language_name' => $language, 'language_code' => $language);
}
}
$language_files = glob(_UCM_FOLDER . 'includes/plugin_language/labels/*.php');
if (is_array($language_files)) {
foreach ($language_files as $language) {
$language = strtolower(str_replace('.php', '', basename($language)));
if ($language[0] == '_') {
continue;
}
$all[$language] = array('language_name' => $language, 'language_code' => $language);
}
}
if (self::is_language_db_enabled()) {
foreach ($all as $language_code => $language) {
// does this language code exist in the database?
$language_db = get_single('language', 'language_code', $language_code);
if (!$language_db || $language_db['language_code'] != $language_code) {
update_insert('language_id', false, 'language', array('language_code' => $language['language_code'], 'language_name' => $language['language_name']));
}
}
// now we get any language attributes from the database and overwrite the old file based ones with those.
foreach (get_multiple('language', false, 'language_id', 'exact', 'language_code') as $language) {
if (isset($all[strtolower($language['language_code'])])) {
// this language exists in the old file based method.
$all[strtolower($language['language_code'])] = $language;
} else {
// this is a language that only exists in the new database translation method.
$all[strtolower($language['language_code'])] = $language;
}
// todo - well, not sure about the above. maybe we do some update here and remove the old files ??? move everything to the database or something?? meh..
}
}
return $all;
}
public static function save_groups($owner_table, $owner_key, $owner_id)
{
if (isset($_REQUEST['group_' . $owner_table . '_field']) && is_array($_REQUEST['group_' . $owner_table . '_field'])) {
$owner_id = (int) $owner_id;
if ($owner_id <= 0) {
if (isset($_REQUEST[$owner_key])) {
$owner_id = (int) $_REQUEST[$owner_key];
}
}
if ($owner_id <= 0) {
return;
}
// failed for some reason?
$existing_groups = self::get_groups(array('owner_table' => $owner_table, 'owner_id' => $owner_id));
foreach ($_REQUEST['group_' . $owner_table . '_field'] as $group_id => $group_data) {
$key = trim($group_data['key']);
if (!$key) {
unset($_REQUEST['group_' . $owner_table . '_field'][$group_id]);
continue;
}
$group_id = (int) $group_id;
$group_db = array('group_key' => $group_data['key'], 'group' => $group_data['val'], 'owner_table' => $owner_table, 'owner_id' => $owner_id);
$group_id = update_insert('group_id', $group_id, 'group', $group_db);
}
// work out which ones were not saved.
foreach ($existing_groups as $existing_group) {
if (!isset($_REQUEST['group_' . $owner_table . '_field'][$existing_group['group_id']])) {
// remove it.
$sql = "DELETE FROM " . _DB_PREFIX . "group WHERE group_id = '" . (int) $existing_group['group_id'] . "' LIMIT 1";
query($sql);
}
}
}
}
public function process()
{
if ('save_faq_product' == $_REQUEST['_process']) {
if (!module_faq::can_i('edit', 'FAQ')) {
die('No perms to save faq.');
}
if (isset($_POST['envato_item_ids'])) {
$_POST['envato_item_ids'] = implode('|', $_POST['envato_item_ids']);
}
$faq_product_id = update_insert('faq_product_id', $_REQUEST['faq_product_id'], 'faq_product', $_POST);
if (isset($_REQUEST['butt_del'])) {
// deleting ticket type all together
if (module_form::confirm_delete('customer_id', _l("Really delete FAQ Product?"), self::link_open_faq_product($_REQUEST['faq_product_id']))) {
delete_from_db('faq_product', 'faq_product_id', $_REQUEST['faq_product_id']);
set_message('FAQ Product deleted successfully.');
redirect_browser($this->link_open_faq_product(false));
}
}
set_message('FAQ Product saved successfully');
redirect_browser($this->link_open_faq_product($faq_product_id));
} else {
if ('save_faq' == $_REQUEST['_process']) {
if (!module_faq::can_i('edit', 'FAQ')) {
die('No perms to save faq.');
}
if (isset($_REQUEST['new_product_name']) && strlen(trim($_REQUEST['new_product_name']))) {
$faq_product_id = update_insert('faq_product_id', false, 'faq_product', array('name' => trim($_REQUEST['new_product_name'])));
if (!isset($_REQUEST['faq_product_ids'])) {
$_REQUEST['faq_product_ids'] = array();
}
$_REQUEST['faq_product_ids'][] = $faq_product_id;
}
$faq_id = update_insert('faq_id', $_REQUEST['faq_id'], 'faq', $_POST);
delete_from_db('faq_product_rel', 'faq_id', $faq_id);
if (isset($_REQUEST['faq_product_ids']) && is_array($_REQUEST['faq_product_ids'])) {
foreach ($_REQUEST['faq_product_ids'] as $faq_product_id) {
if ((int) $faq_product_id > 0) {
$sql = "INSERT INTO `" . _DB_PREFIX . "faq_product_rel` SET faq_id = " . (int) $faq_id . ", faq_product_id = " . (int) $faq_product_id;
query($sql);
}
}
}
if (isset($_REQUEST['butt_del'])) {
// deleting ticket type all together
if (module_form::confirm_delete('customer_id', _l("Really delete FAQ item?"), self::link_open($_REQUEST['faq_id']))) {
delete_from_db('faq', 'faq_id', $_REQUEST['faq_id']);
delete_from_db('faq_product_rel', 'faq_id', $_REQUEST['faq_id']);
set_message('FAQ deleted successfully.');
redirect_browser($this->link_open(false));
}
}
set_message('FAQ saved successfully');
redirect_browser($this->link_open($faq_id));
}
}
}
public static function save_address($address_id, $data)
{
return update_insert('address_id', $address_id, 'address', $data);
}
private function _handle_save_template()
{
// handle post back for save template template.
$template_id = (int) $_REQUEST['template_id'];
// delete.
if (isset($_REQUEST['butt_del']) && self::can_i('delete', 'Templates')) {
$template_data = self::get_template($template_id);
if (module_form::confirm_delete('template_id', _l("Really delete template: %s", $template_data['template_key']), self::link_open($template_id))) {
$this->delete($template_id);
// todo: delete company template as well if exists.
set_message("Template deleted successfully");
redirect_browser(self::link_open(false));
}
}
$data = $_POST;
$already_saved = false;
if ((int) $template_id > 0 && class_exists('module_company', false)) {
module_company::template_handle_save($template_id, $data);
// we have to redirect to a company specific version of this template
// each company template must have a matching parent template id/key. cannot change keys in company unique config.
}
// write header/footer html based on uploaded images.
// pass uploaded images to the file manager plugin.
$template_id = update_insert('template_id', $template_id, 'template', $data);
// redirect upon save.
set_message('Template saved successfully!');
if (isset($_REQUEST['return']) && $_REQUEST['return']) {
redirect_browser($_REQUEST['return']);
}
redirect_browser($this->link_open($template_id));
exit;
}
public function external_hook($hook)
{
switch ($hook) {
case 'popup':
// popup not used any more. cross domain issues.
// load up the full script to be injected into our clients website.
$website_id = isset($_REQUEST['i']) ? (int) $_REQUEST['i'] : false;
$change_request_id = $change_id = isset($_REQUEST['change_id']) ? (int) $_REQUEST['change_id'] : false;
$hash = isset($_REQUEST['hash']) ? $_REQUEST['hash'] : false;
$type = isset($_REQUEST['type']) ? $_REQUEST['type'] : false;
if ($type == 'popupjs') {
@ob_end_clean();
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Cache-Control: no-cache");
header("Pragma: no-cache");
header("Content-type: text/javascript");
}
if ($website_id && $hash && module_change_request::link_popup($website_id, true) == $hash) {
$change_history = module_change_request::get_remaining_changes($website_id);
$step = isset($_REQUEST['step']) ? (int) $_REQUEST['step'] : 0;
// get the change details out
if ($change_request_id) {
$change_request = module_change_request::get_change_request_by_website($website_id, $change_request_id);
} else {
$change_request = array();
}
if (!$change_request) {
$change_request = array('change_request_id' => 0, 'name' => '', 'request' => '', 'attachments' => array());
}
switch ($type) {
case 'save':
// saving a change.
$data = $_POST;
$data['url'] = urldecode($data['url']);
$data['website_id'] = $website_id;
$data['change_request_id'] = $change_request['change_request_id'];
if (isset($_REQUEST['completed_test'])) {
if (!isset($_REQUEST['completed']) || !$_REQUEST['completed']) {
$data['status'] = _CHANGE_REQUEST_STATUS_NEW;
// not completed.
} else {
$data['status'] = _CHANGE_REQUEST_STATUS_COMPLETE;
// completed!
}
}
if (isset($_REQUEST['delete_request'])) {
$data['status'] = _CHANGE_REQUEST_STATUS_DELETE;
// deleted
}
$change_request_id = update_insert('change_request_id', $change_request['change_request_id'], 'change_request', $data);
// redirect to send email page if we're logged in
if (module_security::is_logged_in() && isset($_REQUEST['completed_send_email']) && $_REQUEST['completed_send_email'] && self::can_i('edit', 'Change Requests')) {
// don't do the template, do the redirect to the email page (todo!)
redirect_browser(self::link_open($change_request_id));
} else {
// send email to administrator (everyone with change request edit permissions?) about this change request.
$alert_users = module_user::get_users_by_permission(array('category' => 'Change Request', 'name' => 'Change Requests', 'module' => 'change_request', 'edit' => 1));
$email_data = get_single('change_request', 'change_request_id', $change_request_id);
$customer_data = $website_data = array();
if ($website_id) {
$website_data = module_website::get_website($website_id);
$email_data['website_name'] = $website_data['name'];
$email_data['website_link'] = module_website::link_open($website_id, true);
if ($website_data && $website_data['customer_id']) {
$customer_data = module_customer::get_customer($website_data['customer_id'], true);
}
}
if (isset($email_data['request'])) {
$email_data['request'] = nl2br($email_data['request']);
// for the plain text emails.
}
foreach ($alert_users as $alert_user) {
// todo: make sure this staff member has access to this website?
// nfi how to figure this out. maybe we just look for staff members who are assigned jobs/tasks against this website?
$template = module_template::get_template_by_key('change_request_alert_email');
$template->assign_values(array_merge($customer_data, $website_data, $email_data));
$html = $template->render('html');
// send an email to this user.
$email = module_email::new_email();
$email->replace_values = array_merge($customer_data, $website_data, $email_data);
$email->set_to('user', $alert_user['user_id']);
$email->set_from('user', module_security::get_loggedin_id() ? module_security::get_loggedin_id() : isset($customer_data['primary_user_id']) ? $customer_data['primary_user_id'] : 0);
$email->set_subject($template->description);
// do we send images inline?
$email->set_html($html);
if ($email->send()) {
// it worked successfully!!
// sweet.
} else {
/// log err?
set_error(_l('Failed to send change notification email to User ID: %s Email: %s Status: %s Error: %s', $alert_user['user_id'], json_encode($email->to), $email->status, $email->error_text));
}
}
}
// display thankyou template.
module_template::init_template('change_request_submitted', '<h2>Change Request</h2>
<p>Thank you. Your change request has been submitted successfully.</p>
<p>Please <a href="{URL}">click here</a> to continue.</p>
', 'Displayed after a change request is created/updated.', 'code');
// correct!
// load up the receipt template.
$template = module_template::get_template_by_key('change_request_submitted');
$template->page_title = _l("Change Request");
foreach ($data as $key => $val) {
if (!is_array($val)) {
$data[$key] = htmlspecialchars($val);
}
}
$template->assign_values($data);
echo $template->render('pretty_html');
exit;
break;
case 'display_change':
ob_start();
?>
<div class="title">
<?php
_e('Change request');
?>
</div>
<div class="content">
<p><?php
echo nl2br(htmlspecialchars($change_request['request']));
?>
</p>
<div class="wp3changerequest_actions">
<p>
<!-- <strong><?php
_e('Attachments:');
?>
</strong>
<?php
if (!$change_request['attachments']) {
?>
- none - <?php
} else {
foreach ($change_request['attachments'] as $attachment) {
?>
<a href="#"><?php
echo htmlspecialchars($attachment->name);
?>
</a>
<?php
}
?>
<?php
}
?>
<br/>-->
<strong><?php
_e('Created by:');
?>
</strong> <?php
echo htmlspecialchars($change_request['name']);
?>
<br/>
<strong><?php
_e('Created on:');
?>
</strong> <?php
echo print_date($change_request['date_created'], true);
?>
<?php
if (isset($change_request['job_id']) && $change_request['job_id']) {
?>
<br/>
<strong><?php
_e('Converted to job:');
?>
</strong> <?php
_e('This task has been converted to a Job');
?>
<?php
}
?>
</p>
<?php
if (!isset($change_request['job_id']) || !$change_request['job_id'] || self::can_i('edit', 'Change Requests')) {
?>
<p align="center">
<input type="button" name="edit" value="<?php
_e('Edit');
?>
" class="wp3changerequest_button wp3changerequest_button_small" onclick="dtbaker_changerequest.edit(<?php
echo $change_request_id;
?>
); return false;">
</p>
<?php
}
?>
</div>
</div>
<?php
$change_request['html'] = preg_replace('/\\s+/', ' ', ob_get_clean());
// echo json_encode($change_request);
// exit;
@ob_end_clean();
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Cache-Control: no-cache");
header("Pragma: no-cache");
header("Content-type: text/javascript");
?>
var t = dtbaker_changerequest;
var change_id = <?php
echo $change_request_id;
?>
;
var msg = <?php
echo json_encode($change_request);
?>
;
jQuery('body').prepend('<div class="wp3changerequest_change" id="dtbaker_change_'+change_id+'" style="'+((!t.show_postits) ? 'display:none;':'')+'"></div>');
var box = jQuery('#dtbaker_change_'+change_id);
box.html(msg.html);
if(msg.status == 0){
box.addClass('wp3changerequest_change_pending');
}else if(msg.status == 2){
box.addClass('wp3changerequest_change_complete');
}else if(msg.status == 3){
box.addClass('wp3changerequest_change_deleted');
}
box.css('top',msg.y+'px');
box.data('window_width',msg.window_width);
box.data('left',msg.x);
t.set_left(change_id);
with({i:change_id}){
jQuery(window).resize(function () {
t.set_left(i);
});
}
box.data('original_height',box.height());
box.css('overflow','hidden');
jQuery('.title',box).slideUp();
box.stop(true, true).animate({
height: t.min_height,
width: t.min_width
},500);
box.hover(function(){
jQuery(this).addClass('wp3changerequest_change_active');
jQuery('.title',this).stop(true, true).slideDown();
jQuery(this).stop().animate({
width: t.max_width,
height: jQuery(this).data('original_height'),
opacity: 1
},500);
},function(){
jQuery('.title',this).stop(true, true).slideUp();
jQuery(this).stop().animate({
width: t.min_width,
height: t.min_height,
opacity: 0.7
},500,function(){
jQuery(this).removeClass('wp3changerequest_change_active');
});
})
<?php
break;
default:
@ob_end_clean();
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Cache-Control: no-cache");
header("Pragma: no-cache");
header("Content-type: text/javascript");
ob_start();
include 'pages/popup.php';
$html = ob_get_clean();
$html = addcslashes($html, "'");
$html = preg_replace('#\\r|\\n#', "' +\n'", $html);
// inject using javascript. fixes cross domain issues
?>
if(!jQuery('#dtbaker_changerequest_inlinewizard').length){
// fix for jQuery 1.9+
jQuery('body').append('<div id="dtbaker_changerequest_inlinewizard" style="display:none;"></div>');
}
jQuery('#dtbaker_changerequest_inlinewizard').html('<?php
echo $html;
?>
');
<?php
}
}
exit;
break;
case 'script':
// load up the full script to be injected into our clients website.
$website_id = isset($_REQUEST['i']) ? (int) $_REQUEST['i'] : false;
$hash = isset($_REQUEST['hash']) ? $_REQUEST['hash'] : false;
@ob_end_clean();
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Cache-Control: no-cache");
header("Pragma: no-cache");
header("Content-type: text/javascript");
if ($website_id && $hash && module_change_request::link_script($website_id, true) == $hash) {
include "js/client.js";
$client_url = isset($_REQUEST['url']) ? $_REQUEST['url'] : false;
if ($client_url) {
$change_requests = self::get_change_requests(array('website_id' => $website_id, 'url' => $client_url));
// todo - option this out incase url causes issues. ie: old js check method
?>
jQuery(function(){
<?php
foreach ($change_requests as $change_request) {
$displayed = false;
if ($change_request['status'] == _CHANGE_REQUEST_STATUS_NEW) {
$displayed = true;
?>
dtbaker_changerequest.display_change(<?php
echo $change_request['change_request_id'];
?>
);
<?php
}
if (isset($_SESSION['_change_request_highlight']) && $_SESSION['_change_request_highlight'] == $change_request['change_request_id']) {
?>
<?php
if (!$displayed) {
?>
dtbaker_changerequest.display_change(<?php
echo $change_request['change_request_id'];
?>
);
<?php
}
?>
dtbaker_changerequest.highlight(<?php
echo (int) $_SESSION['_change_request_highlight'];
?>
);
<?php
unset($_SESSION['_change_request_highlight']);
}
}
?>
});
<?php
} else {
// not posting the URL, some setups do not like this
// get list of active change requests
$change_requests = self::get_change_requests(array('website_id' => $website_id, 'status' => _CHANGE_REQUEST_STATUS_NEW));
// we also do completed ones because the change request highlight countbe in there
$completed_change_requests = self::get_change_requests(array('website_id' => $website_id, 'status' => _CHANGE_REQUEST_STATUS_COMPLETE));
?>
jQuery(function(){
var current_url = window.location.href;
<?php
foreach ($change_requests as $change_request) {
?>
if(current_url == '<?php
echo addcslashes(htmlspecialchars($change_request['url']), "'");
?>
'){
// todo: do this better!
dtbaker_changerequest.display_change(<?php
echo $change_request['change_request_id'];
?>
);
}
<?php
}
?>
<?php
// todo: do we display all previous change requests on the page or not?
if (isset($_SESSION['_change_request_highlight']) && $_SESSION['_change_request_highlight']) {
echo '// Checking for request: ' . (int) $_SESSION['_change_request_highlight'];
foreach ($completed_change_requests as $complete_change_request) {
if ($complete_change_request['change_request_id'] == $_SESSION['_change_request_highlight']) {
// show this completed one as well.
?>
dtbaker_changerequest.display_change(<?php
echo $complete_change_request['change_request_id'];
?>
);
<?php
}
}
?>
dtbaker_changerequest.highlight(<?php
echo (int) $_SESSION['_change_request_highlight'];
?>
);
<?php
// todo: move this unset over to the "display_change" callback so we only remove the session when we know it has been displayed.
unset($_SESSION['_change_request_highlight']);
}
?>
});
<?php
}
}
exit;
break;
case 'public':
$website_id = isset($_REQUEST['i']) ? (int) $_REQUEST['i'] : false;
$hash = isset($_REQUEST['hash']) ? $_REQUEST['hash'] : false;
if ($website_id && $hash && module_change_request::link_public($website_id, true) == $hash) {
// correct!
// redirect to website with our "change_request" url parameter, that is picked up by the included text.
$website = module_website::get_website($website_id);
$change_request_website = get_single('change_request_website', 'website_id', $website_id);
if ($change_request_website && $change_request_website['enabled']) {
$url = module_website::urlify($website['url']);
// todo - pass this to a (yet to be created) method in website that will deal with https:// or http:// based on user input. stop hardcoding http!
if (isset($_REQUEST['change_request_id'])) {
$selected_change_request = self::get_change_request_by_website($website_id, (int) $_REQUEST['change_request_id']);
if ($selected_change_request && $selected_change_request['url']) {
$url = $selected_change_request['url'];
}
//$url .= "&change_request_id=".(int)$_REQUEST['change_request_id'];
$_SESSION['_change_request_highlight'] = (int) $_REQUEST['change_request_id'];
}
$url = $url . (strpos($url, '?') === false ? '?' : '&') . 'change_request=' . self::link_script($website_id, true);
redirect_browser($url);
}
}
echo "Change request disabled.";
break;
}
}
public static function handle_import($data, $add_to_group)
{
// woo! we're doing an import.
// our first loop we go through and find matching products by their "product_name" (required field)
// and then we assign that product_id to the import data.
// our second loop through if there is a product_id we overwrite that existing product with the import data (ignoring blanks).
// if there is no product id we create a new product record :) awesome.
foreach ($data as $rowid => $row) {
if (!isset($row['name']) || !trim($row['name'])) {
unset($data[$rowid]);
continue;
}
if (!isset($row['product_id']) || !$row['product_id']) {
$data[$rowid]['product_id'] = 0;
}
}
// now save the data.
$count = 0;
foreach ($data as $rowid => $row) {
$row['product_id'] = update_insert('product_id', $row['product_id'], 'product', $row);
if ($row['product_id']) {
// is there a category?
if (isset($row['category_name']) && strlen(trim($row['category_name']))) {
// find this category, if none exists then create it.
$product_category = get_single('product_category', 'product_category_name', trim($row['category_name']));
if (!$product_category) {
$product_category = array('product_category_name' => trim($row['category_name']));
$product_category['product_category_id'] = update_insert('product_category_id', false, 'product_category', $product_category);
}
if (isset($product_category['product_category_id']) && $product_category['product_category_id']) {
$row['product_id'] = update_insert('product_id', $row['product_id'], 'product', array('product_category_id' => $product_category['product_category_id']));
}
}
$count++;
}
}
return $count;
}
private static function update_quote_completion_status($quote_id)
{
//module_cache::clear_cache();
module_cache::clear('quote');
$data = self::get_quote($quote_id);
// save our cacheable items
foreach (array('total_amount_invoicable') as $cacheable_item) {
if (isset($data[$cacheable_item])) {
// cacheable items can be the same name or prefixed with c_
update_insert('quote_id', $quote_id, 'quote', array($cacheable_item => $data[$cacheable_item], "c_{$cacheable_item}" => $data[$cacheable_item]));
}
}
$return_status = $data['status'];
module_cache::clear('quote');
return $return_status;
}
public function record_access($data_record_id)
{
update_insert('data_access_id', 'new', 'data_access', array('data_record_id' => $data_record_id));
}
private static function update_job_completion_status($job_id)
{
module_cache::clear('job');
//module_cache::clear_cache();
$data = self::save_job_cache($job_id);
$return_status = $data['status'];
$tasks = self::get_tasks($job_id);
$all_completed = count($tasks) > 0;
foreach ($tasks as $task) {
if (module_config::c('job_task_log_all_hours', 1) && $task['fully_completed'] || !module_config::c('job_task_log_all_hours', 1) && ($task['fully_completed'] || $task['hours'] > 0 && $task['completed'] >= $task['hours'] || $task['hours'] <= 0 && $task['completed'] > 0)) {
// this one is done!
} else {
$all_completed = false;
break;
}
}
if ($all_completed) {
if (!isset($data['date_completed']) || !$data['date_completed'] || $data['date_completed'] == '0000-00-00') {
// update, dont complete if no tasks.
//if(count($tasks)){
$return_status = $data['status'] == module_config::s('job_status_default', 'New') ? _l('Completed') : $data['status'];
update_insert("job_id", $job_id, "job", array('date_completed' => date('Y-m-d'), 'status' => $return_status));
//}
}
} else {
// not completed. remove compelted date and reset the job status
$return_status = $data['status'] == _l('Completed') ? module_config::s('job_status_default', 'New') : $data['status'];
update_insert("job_id", $job_id, "job", array('date_completed' => '0000-00-00', 'status' => $return_status));
}
module_cache::clear('job');
return $return_status;
}
public static function get_defaults($owner_table = false)
{
$defaults = array();
$nextorder = array();
if ($owner_table && strlen($owner_table)) {
$where = " WHERE e.owner_table = '" . mysql_real_escape_string($owner_table) . "' ";
$defaults[$owner_table] = array();
$nextorder[$owner_table] = 0;
} else {
$where = '';
}
$sql = "SELECT `extra_default_id`,`extra_key`, `order`, `display_type`, `owner_table`, `searchable`, `field_type`, `options` FROM `" . _DB_PREFIX . "extra_default` e {$where} ORDER BY e.`order` ASC";
foreach (qa($sql) as $r) {
if (!isset($defaults[$r['owner_table']])) {
$defaults[$r['owner_table']] = array();
}
if (!isset($nextorder[$r['owner_table']])) {
$nextorder[$r['owner_table']] = 0;
}
$defaults[$r['owner_table']][$r['extra_key']] = array('key' => $r['extra_key'], 'order' => $r['order'], 'extra_default_id' => $r['extra_default_id'], 'display_type' => $r['display_type'], 'searchable' => $r['searchable'], 'field_type' => $r['field_type'], 'options' => isset($r['options']) ? @json_decode($r['options'], true) : array());
$nextorder[$r['owner_table']] = max($r['order'], $nextorder[$r['owner_table']]);
}
// search database for keys.
$sql = "SELECT `extra_key`,`owner_table` FROM `" . _DB_PREFIX . "extra` e {$where} GROUP BY e.extra_key";
foreach (qa($sql) as $r) {
if (!isset($nextorder[$r['owner_table']])) {
$nextorder[$r['owner_table']] = 0;
}
if (!isset($defaults[$r['owner_table']]) || !isset($defaults[$r['owner_table']][$r['extra_key']])) {
$nextorder[$r['owner_table']]++;
$extra_default_id = update_insert('extra_default_id', false, 'extra_default', array('owner_table' => $r['owner_table'], 'extra_key' => $r['extra_key'], 'order' => $nextorder[$r['owner_table']], 'display_type' => 0));
$defaults[$r['owner_table']][$r['extra_key']] = array();
$defaults[$r['owner_table']][$r['extra_key']]['key'] = $r['extra_key'];
$defaults[$r['owner_table']][$r['extra_key']]['order'] = $nextorder[$r['owner_table']];
$defaults[$r['owner_table']][$r['extra_key']]['extra_default_id'] = $extra_default_id;
$defaults[$r['owner_table']][$r['extra_key']]['display_type'] = 0;
$defaults[$r['owner_table']][$r['extra_key']]['field_type'] = '';
$defaults[$r['owner_table']][$r['extra_key']]['options'] = array();
module_cache::clear_cache(false);
}
if (!isset($defaults[$r['owner_table']][$r['extra_key']]['order'])) {
$defaults[$r['owner_table']][$r['extra_key']]['order'] = 0;
}
/*$defaults[$r['owner_table']][$r['extra_key']] = array(
'key' => $r['extra_key'],
'order'=> isset($defaults[$r['extra_key']]) ? $defaults[$r['extra_key']]['order'] : 0,
);*/
}
if ($owner_table) {
uasort($defaults[$owner_table], 'sort_extra_defaults');
return $defaults[$owner_table];
} else {
return $defaults;
//return all for settings area
}
/* switch($owner_table){
case 'website':
$defaults = array(
array('key' => 'FTP Username',),
array('key' => 'FTP Password',),
array('key' => 'FTP Provider',),
array('key' => 'Host Username',),
array('key' => 'Host Password',),
array('key' => 'Host Provider',),
array('key' => 'WordPress User',),
array('key' => 'WordPress Pass',),
array('key' => 'Analytics Account',),
array('key' => 'Webmaster Account',),
);
break;
}*/
}
public function handle_hook($hook)
{
switch ($hook) {
case "invoice_paid":
$foo = func_get_args();
$invoice_id = (int) $foo[1];
if ($invoice_id > 0) {
// see if any subscriptions match this invoice.
//module_cache::clear_cache();
$invoice = module_invoice::get_invoice($invoice_id);
$subscription = get_single('subscription_history', 'invoice_id', $invoice_id);
if ($subscription) {
// mark subscription as paid and move onto the next date.
update_insert('subscription_history_id', $subscription['subscription_history_id'], 'subscription_history', array('paid_date' => $invoice['date_paid']));
$subscription_owner = get_single('subscription_owner', 'subscription_owner_id', $subscription['subscription_owner_id']);
$this->update_next_due_date($subscription['subscription_id'], $subscription_owner['owner_table'], $subscription_owner['owner_id']);
/*if($subscription['customer_id']){
$this->update_next_due_date($subscription['subscription_id'],$subscription['customer_id'],true);
}else{
$this->update_next_due_date($subscription['subscription_id'],$subscription['member_id'],false);
}*/
}
}
break;
case "home_alerts":
$alerts = array();
if (module_config::c('subscription_alerts', 1) && self::can_i('view', 'Subscriptions')) {
// find renewals due in a certain time.
$time = date('Y-m-d', strtotime('+' . module_config::c('alert_days_in_future', 5) . ' days'));
$key = _l('Subscription Due');
if (class_exists('module_dashboard', false)) {
module_dashboard::register_group($key, array('columns' => array('full_link' => _l('Name'), 'type' => _l('Type'), 'subscription_name' => _l('Subscription'), 'automatic_renew' => _l('Automatic Renew'), 'automatic_email' => _l('Automatic Email'), 'next_due_date' => _l('Next Due Date'), 'days' => _l('Day Count'))));
}
$db_fields = get_fields('subscription');
$sql = "SELECT s.*, so.* ";
if (isset($db_fields['invoice_prior_days'])) {
$sql .= ", DATE_SUB(so.next_due_date, INTERVAL `invoice_prior_days` DAY) AS next_generation_date ";
}
$sql .= " FROM `" . _DB_PREFIX . "subscription_owner` so ";
$sql .= " LEFT JOIN `" . _DB_PREFIX . "subscription` s USING (subscription_id)";
if (isset($db_fields['invoice_prior_days'])) {
$sql .= " WHERE DATE_SUB(so.next_due_date, INTERVAL `invoice_prior_days` DAY) <= '" . $time . "'";
} else {
$sql .= " WHERE so.next_due_date <= '" . $time . "'";
}
$sql .= " AND so.`deleted` = 0";
// echo $sql;
$items = qa($sql);
foreach ($items as $item) {
// echo '<hr>';print_r($item);echo '<hr>';
$alert_res = process_alert(isset($item['next_generation_date']) ? $item['next_generation_date'] : $item['next_due_date'], $key);
if ($alert_res) {
switch ($item['owner_table']) {
case 'member':
$permission_check = module_member::get_member($item['owner_id']);
if (!$permission_check || $permission_check['member_id'] != $item['owner_id'] || !module_member::can_i('view', 'Members')) {
continue 2;
}
$alert_res['full_link'] = module_member::link_open($item['owner_id'], true);
break;
case 'website':
$permission_check = module_website::get_website($item['owner_id']);
if (!$permission_check || $permission_check['website_id'] != $item['owner_id'] || !module_website::can_i('view', 'Websites')) {
continue 2;
}
$alert_res['full_link'] = module_website::link_open($item['owner_id'], true);
break;
case 'customer':
$permission_check = module_customer::get_customer($item['owner_id']);
if (!$permission_check || $permission_check['customer_id'] != $item['owner_id'] || !module_customer::can_i('view', 'Customers')) {
continue 2;
}
$alert_res['full_link'] = module_customer::link_open($item['owner_id'], true);
break;
}
$alert_res['name'] = $item['name'];
$alert_res['link'] = '#';
if (preg_match('@href="([^"]+)"@', $alert_res['full_link'], $link_match)) {
$alert_res['link'] = $link_match[1];
}
$alert_res['type'] = $item['owner_table'];
$alert_res['subscription_name'] = module_subscription::link_open($item['subscription_id'], true);
$alert_res['next_due_date'] = isset($item['next_generation_date']) ? print_date($item['next_generation_date']) : print_date($item['next_due_date']);
$alert_res['automatic_renew'] = $item['automatic_renew'] ? _l('Yes') : _l('No');
$alert_res['automatic_email'] = $item['automatic_email'] ? _l('Yes') : _l('No');
$alerts[] = $alert_res;
}
}
}
return $alerts;
break;
}
}
public function external_hook($hook)
{
switch ($hook) {
case 'view':
$file_id = isset($_REQUEST['i']) ? (int) $_REQUEST['i'] : false;
$hash = isset($_REQUEST['hash']) ? trim($_REQUEST['hash']) : false;
if ($file_id && $hash) {
$correct_hash = $this->link_public($file_id, true);
if ($correct_hash == $hash) {
// all good to print a receipt for this payment.
$file_data = $this->get_file($file_id, false);
if ($file_data && $file_data['file_id'] == $file_id) {
if (isset($_POST['save_file_comments'])) {
if (isset($_POST['file_approve']) && isset($_POST['file_approve_go']) && isset($_POST['file_approve_name']) && strlen($_POST['file_approve_name']) > 0) {
update_insert('file_id', $file_id, 'file', array('approved_time' => time(), 'approved_by' => $_POST['file_approve_name']));
// send email, same 'updated' email as before.
$this->send_file_changed_notice($file_id, false, true);
//redirect_browser($this->link_public($file_id));
$_REQUEST['new_comment_text'] = _l('File was approved at %s by %s', print_date(time(), true), htmlspecialchars($_POST['file_approve_name']));
}
if (isset($_POST['pointers'])) {
update_insert('file_id', $file_id, 'file', array('pointers' => $_POST['pointers']));
}
$this->save_file_comments($file_id);
redirect_browser($this->link_public($file_id));
}
module_template::init_template('file_approval_view', '<h2>File Details</h2>
File Name: <strong>{FILE_NAME}</strong> <br/>
Download: <strong><a href="{FILE_DOWNLOAD_URL}">Click Here</a></strong> <br/>
Status: <strong>{STATUS}</strong> <br/>
Customer: <strong>{CUSTOMER_NAME}</strong> <br/>
{if:JOB_NAME}Job: <strong>{JOB_NAME}</strong> <br/>{endif:JOB_NAME}
{if:FILE_APPROVAL_PENDING}
<h2>File Approval Pending</h2>
<p>If you would like to approve this file please complete the form below:</p>
<p>Your Name: <input type="text" name="file_approve_name"> </p>
<p><input type="checkbox" name="file_approve_go" value="yes"> Yes, I approve this file. </p>
<p><input type="submit" name="file_approve" value="Approve File" class="submit_button save_button"></p>
{endif:FILE_APPROVAL_PENDING}
{if:FILE_APPROVED}
<h2>File Has Been Approved</h2>
<p>Thank you, the file was approved by <strong>{APPROVED_BY}</strong> on <strong>{APPROVED_TIME}</strong>.</p>
{endif:FILE_APPROVED}
<h2>File Comments</h2>
<p>Please feel free to add comments to this file using the form below.</p>
{FILE_COMMENTS}
{if:FILE_PREVIEW}
<h2>File Preview</h2>
<div style="overflow:scroll;">{FILE_PREVIEW}</div>
{endif:FILE_PREVIEW}
', 'Used when displaying the file to a customer for approval.', 'code');
$template = module_template::get_template_by_key('file_approval_view');
// generate the html for the task output
$job_data = $file_data['job_id'] ? module_job::get_replace_fields($file_data['job_id']) : array();
if (class_exists('module_quote', false)) {
$quote_data = $file_data['quote_id'] ? module_quote::get_replace_fields($file_data['quote_id']) : array();
}
$customer_data = $file_data['customer_id'] ? module_customer::get_replace_fields($file_data['customer_id']) : array();
$file_data['file_preview'] = module_file::generate_preview($file_id, $file_data['file_name'], $file_data);
$file_data['FILE_DOWNLOAD_URL'] = module_file::link_public_view($file_id);
if (isset($file_data['approved_time'])) {
switch ($file_data['approved_time']) {
case -1:
$file_data['FILE_APPROVAL_PENDING'] = 1;
break;
case 0:
break;
default:
$file_data['FILE_APPROVED'] = 1;
$file_data['APPROVED_TIME'] = print_date($file_data['approved_time'], true);
}
}
if (class_exists('module_extra', false) && module_extra::is_plugin_enabled()) {
$all_extra_fields = module_extra::get_defaults('file');
foreach ($all_extra_fields as $e) {
$file_data[$e['key']] = _l('N/A');
}
// and find the ones with values:
$extras = module_extra::get_extras(array('owner_table' => 'file', 'owner_id' => $file_id));
foreach ($extras as $e) {
$file_data[$e['extra_key']] = $e['extra'];
}
}
ob_start();
?>
<div id="file_notes">
<div style="border-top:1px dashed #CCCCCC; padding:3px; margin:3px 0;">
<textarea name="new_comment_text" style="width:100%;" class="no_permissions"></textarea>
<div style="text-align: right;">
<input type="submit" name="butt_save_note" id="butt_save_note" value="<?php
echo _l('Add Comment');
?>
" class="submit_button no_permissions">
</div>
</div>
<?php
foreach (module_file::get_file_comments($file_id) as $item) {
$note_text = forum_text($item['comment']);
if (preg_match_all('/#(\\d+)/', $note_text, $matches)) {
//
foreach ($matches[1] as $digit) {
$note_text = preg_replace('/#' . $digit . '([^\\d]*)/', '<span node_id=' . $digit . ' class="pointer-ids pointer-id-' . $digit . '">#' . $digit . '</span>$1', $note_text);
}
}
?>
<div style="border-top:1px dashed #CCCCCC; padding:3px; margin:3px 0;">
<?php
echo $note_text;
?>
<div style="font-size:10px; text-align:right; color:#CCCCCC;">From <?php
echo $item['create_user_id'] ? module_user::link_open($item['create_user_id'], true) : _l('Customer');
?>
on <?php
echo print_date($item['date_created'], true);
?>
</div>
</div>
<?php
}
?>
</div>
<?php
$file_data['file_comments'] = ob_get_clean();
$template->assign_values($file_data);
$template->assign_values($customer_data);
$template->assign_values($job_data);
if (class_exists('module_quote', false)) {
$quote_data['quote_approved_by'] = $quote_data['approved_by'];
$quote_data['quote_date_approved'] = $quote_data['date_approved'];
unset($quote_data['approved_by']);
unset($quote_data['date_approved']);
$template->assign_values($quote_data);
}
$template->page_title = $file_data['file_name'];
$template->content = '<form action="" method="post"><input type="hidden" name="save_file_comments" value="1">' . $template->content . '</form>';
echo $template->render('pretty_html');
}
}
}
break;
case 'download_bucket':
@ob_end_clean();
$file_id = isset($_REQUEST['i']) ? (int) $_REQUEST['i'] : false;
$hash = isset($_REQUEST['hash']) ? trim($_REQUEST['hash']) : false;
if ($file_id && $hash) {
$correct_hash = $this->link_public_download_bucket($file_id, true);
if ($correct_hash == $hash) {
// all good to print a receipt for this payment.
$file_data = $this->get_file($file_id, false);
@ignore_user_abort(true);
$search = array();
$search['bucket_parent_file_id'] = $file_id;
$files = module_file::get_files($search);
//Create ZIP
$zip = new ZipArchive();
$zipName = "bucket-" . $file_id . "-" . md5($file_id . _UCM_SECRET) . ".zip";
if ($zip->open(_FILE_UPLOAD_PATH . $zipName, ZIPARCHIVE::CREATE) !== TRUE) {
echo 'Failed to create bucket zip file';
exit;
}
foreach ($files as $file) {
if (is_file($file['file_path'])) {
$zip->addFromString($file['file_name'], file_get_contents($file['file_path']));
}
}
$zip->close();
//Set headers
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-type: application/octet-stream");
//header("Content-Disposition: attachment; filename='" . $zipName . "'");
header("Content-Disposition: attachment; filename=\"" . preg_replace("#[^a-zA-Z0-9]+#", "-", $file_data['file_name']) . ".zip\";");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . filesize(_FILE_UPLOAD_PATH . $zipName));
@clearstatcache();
//Make sure the file size isn't cached
$size = @readfile(_FILE_UPLOAD_PATH . $zipName);
if (!$size) {
echo file_get_contents(_FILE_UPLOAD_PATH . $zipName);
}
@unlink(_FILE_UPLOAD_PATH . $zipName);
}
}
exit;
break;
case 'download':
@ob_end_clean();
$file_id = isset($_REQUEST['i']) ? (int) $_REQUEST['i'] : false;
$hash = isset($_REQUEST['hash']) ? trim($_REQUEST['hash']) : false;
if ($file_id && $hash) {
$correct_hash = $this->link_public_view($file_id, true);
if ($correct_hash == $hash) {
// all good to print a receipt for this payment.
$file_data = $this->get_file($file_id, false);
if (isset($file_data['file_url']) && strlen($file_data['file_url'])) {
redirect_browser($file_data['file_url']);
} else {
if (is_file($file_data['file_path'])) {
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private", false);
header("Content-type: " . dtbaker_mime_type($file_data['file_name'], $file_data['file_path']));
if (!isset($_REQUEST['embed'])) {
header("Content-Disposition: attachment; filename=\"" . $file_data['file_name'] . "\";");
header("Content-Transfer-Encoding: binary");
}
header("Content-Length: " . filesize($file_data['file_path']));
//readfile($file_data['file_path']);
$size = @readfile($file_data['file_path']);
if (!$size) {
echo file_get_contents($file_data['file_path']);
}
} else {
echo 'Not found';
}
}
}
}
exit;
break;
}
}
public function process()
{
/*if('save_data_access_popup' == $_REQUEST['_process']){
// saving data access for specieid user id.
// get user id from post.
// todo - make this secure, check current user has permissions to access security :)
// dodgy dave.
$user_id = (int)$_REQUEST['user_id'];
if($user_id && $_REQUEST['access_level']){
$sql = "UPDATE `"._DB_PREFIX."security_access` SET `access_level` = '".(int)$_REQUEST['access_level']."' WHERE user_id = '".$user_id."' LIMIT 1";
query($sql);
}
if($user_id && is_array($_REQUEST['data_access'])){
$sql = "UPDATE `"._DB_PREFIX."security_access` SET `data_access` = '".mysql_real_escape_string(serialize($_REQUEST['data_access']))."' WHERE user_id = '".$user_id."' LIMIT 1";
query($sql);
}
}else */
if ('save_security_role' == $_REQUEST['_process']) {
if (!module_config::can_i('edit', 'Settings')) {
redirect_browser(_BASE_HREF);
}
if (!module_security::can_i('edit', 'Security Roles', 'Security')) {
redirect_browser('/');
}
if (isset($_REQUEST['butt_del']) && module_security::can_i('delete', 'Security Roles', 'Security')) {
$security_role_id = (int) $_REQUEST['security_role_id'];
$role = self::get_security_role($security_role_id);
if ($role && $security_role_id == $role['security_role_id']) {
if (module_form::confirm_delete('security_role_id', "Really delete security role: " . $role['name'], self::link_open_role($security_role_id))) {
$sql = "DELETE FROM `" . _DB_PREFIX . "security_role_perm` WHERE security_role_id = '" . (int) $security_role_id . "'";
query($sql);
$sql = "DELETE FROM `" . _DB_PREFIX . "user_role` WHERE security_role_id = '" . (int) $security_role_id . "'";
query($sql);
$sql = "DELETE FROM `" . _DB_PREFIX . "security_role` WHERE security_role_id = '" . (int) $security_role_id . "'";
query($sql);
}
}
set_message('Role deleted successfully.');
redirect_browser($this->link_open_role(false));
}
$security_role_id = update_insert('security_role_id', $_REQUEST['security_role_id'], 'security_role', $_POST);
// todo - deleting.
if ($security_role_id) {
$sql = "DELETE FROM `" . _DB_PREFIX . "security_role_perm` WHERE security_role_id = '" . (int) $security_role_id . "'";
query($sql);
if (isset($_REQUEST['load_defaults']) && strlen($_REQUEST['load_defaults']) > 0 && ($defaults = json_decode($_REQUEST['load_defaults'], true))) {
//$export_json[$available_permission['category'].'|'.$available_permission['module'].'|'.$available_permission['name'].'|'.$available_permission['description']][] = $permission;
foreach ($defaults as $key => $permissions) {
list($category, $module, $name, $description) = explode('|', $key);
$existing = get_single('security_permission', array('name', 'category', 'description', 'module'), array($name, $category, $description, $module));
$security_permission_id = false;
$available_perms = array();
if ($existing) {
$security_permission_id = $existing['security_permission_id'];
$available_perms = @unserialize($existing['available_perms']);
if (!is_array($available_perms)) {
$available_perms = array();
}
}
if (!$security_permission_id) {
$security_permission_id = update_insert('security_permission_id', 'new', 'security_permission', array('name' => $name, 'category' => $category, 'module' => $module, 'description' => $description));
}
$save_perms = false;
foreach (self::$available_permissions as $permission) {
if (in_array($permission, $permissions)) {
// the script is asking for this available permission.
// check if it exists in the db as an option
if (!isset($available_perms[$permission])) {
// time to add it to the db so we can configure this in the future.
$available_perms[$permission] = true;
$save_perms = true;
}
}
}
if ($save_perms && $security_permission_id) {
update_insert('security_permission_id', $security_permission_id, 'security_permission', array('available_perms' => serialize($available_perms)));
}
if ($security_permission_id) {
$actions = array();
foreach (self::$available_permissions as $permission) {
if (in_array($permission, $permissions)) {
$actions[$permission] = 1;
}
}
if (count($actions)) {
$sql = "REPLACE INTO `" . _DB_PREFIX . "security_role_perm` SET security_role_id = '" . (int) $security_role_id . "', security_permission_id = '" . (int) $security_permission_id . "' ";
foreach ($actions as $permission => $tf) {
$sql .= ", `" . mysql_real_escape_string($permission) . "` = 1";
}
query($sql);
}
}
}
set_message('Defaults loaded successfully.');
} else {
if (isset($_REQUEST['permission']) && is_array($_REQUEST['permission'])) {
// update permissions for this role.
foreach ($_REQUEST['permission'] as $security_permission_id => $permissions) {
$actions = array();
foreach (self::$available_permissions as $permission) {
if (isset($permissions[$permission]) && $permissions[$permission]) {
$actions[$permission] = 1;
}
}
$sql = "REPLACE INTO `" . _DB_PREFIX . "security_role_perm` SET security_role_id = '" . (int) $security_role_id . "', security_permission_id = '" . (int) $security_permission_id . "' ";
foreach ($actions as $permission => $tf) {
$sql .= ", `" . mysql_real_escape_string($permission) . "` = 1";
}
query($sql);
}
}
if (isset($_REQUEST['permission_drop_down']) && is_array($_REQUEST['permission_drop_down'])) {
// update permissions for this role.
$permission = 'view';
foreach ($_REQUEST['permission_drop_down'] as $security_permission_ids => $selected_security_permission_id) {
$ids_to_clear = explode('|', $security_permission_ids);
foreach ($ids_to_clear as $id_to_clear) {
$id_to_clear = (int) $id_to_clear;
if (!$id_to_clear) {
continue;
}
$sql = "DELETE FROM `" . _DB_PREFIX . "security_role_perm` WHERE security_role_id = '" . (int) $security_role_id . "' AND security_permission_id = '" . (int) $id_to_clear . "' ";
query($sql);
}
if ((int) $selected_security_permission_id > 0) {
$sql = "REPLACE INTO `" . _DB_PREFIX . "security_role_perm` SET security_role_id = '" . (int) $security_role_id . "', security_permission_id = '" . (int) $selected_security_permission_id . "' ";
$sql .= ", `" . mysql_real_escape_string($permission) . "` = 1";
}
query($sql);
}
}
set_message('Role saved successfully.');
}
redirect_browser($this->link_open_role($security_role_id));
}
}
}
public function save_report($report_id, $data)
{
if ((int) $report_id > 0) {
$original_report_data = $this->get_report($report_id);
if (!$original_report_data || $original_report_data['report_id'] != $report_id) {
$original_report_data = array();
$report_id = false;
}
} else {
$original_report_data = array();
$report_id = false;
}
// check create permissions.
if (!$report_id && !self::can_i('create', 'reports')) {
// user not allowed to create reports.
set_error('Unable to create new reports');
redirect_browser(self::link_open(false));
}
$report_id = update_insert("report_id", $report_id, "report", $data);
module_extra::save_extras('report', 'report_id', $report_id);
return $report_id;
}
public function process()
{
if (isset($_REQUEST['butt_del']) && $_REQUEST['butt_del'] && $_REQUEST['company_id'] && self::can_i('delete', 'Company')) {
$data = self::get_company($_REQUEST['company_id']);
if ($data && $data['company_id'] == $_REQUEST['company_id'] && module_form::confirm_delete('company_id', "Really delete company: " . $data['name'], self::link_open($_REQUEST['company_id']))) {
$this->delete_company($_REQUEST['company_id']);
set_message("company deleted successfully");
redirect_browser($this->link_open(false));
}
} else {
if ('save_company' == $_REQUEST['_process'] && self::can_i('edit', 'Company')) {
$company_id = update_insert('company_id', $_REQUEST['company_id'], 'company', $_POST);
set_message('Company saved successfully');
redirect_browser($this->link_open($company_id));
}
}
}
public static function save_note($data = array())
{
//$this->note_id = isset($this->note_id) ? (int)$this->note_id : false;
$note_id = update_insert('note_id', 'new', 'note', $data);
return $note_id;
}
public static function save_encrypt_value($encrypt_key_id, $raw_value, $page_name, $field_name, $existing_encrypt_id = 0)
{
// find matching field, if none exists create it.
$encrypt_field = get_single('encrypt_field', array('page_name', 'field_name'), array($page_name, $field_name));
$encrypt_field_id = false;
if ($encrypt_field && $encrypt_field['encrypt_field_id']) {
$encrypt_field_id = $encrypt_field['encrypt_field_id'];
}
if (!$encrypt_field_id) {
$encrypt_field_id = update_insert('encrypt_field_id', 0, 'encrypt_field', array('page_name' => $page_name, 'field_name' => $field_name, 'encrypt_key_id' => $encrypt_key_id));
}
$encrypted_value = self::encrypt_value($encrypt_key_id, $raw_value);
$encrypt_id = update_insert('encrypt_id', $existing_encrypt_id, 'encrypt', array('encrypt_key_id' => $encrypt_key_id, 'data' => $encrypted_value, 'encrypt_field_id' => $encrypt_field_id));
return 'encrypt:' . $encrypt_id;
}
