/**
* This is the main communications engine of xajax. The engine handles all
* incoming xajax requests, calls the apporiate PHP functions (or
* class/object methods) and passes the XML responses back to the
* Javascript response handler. If your RequestURI is the same as your Web
* page then this function should be called before any headers or HTML has
* been sent.
*/
public function processRequests()
{
$requestMode = -1;
$sFunctionName = "";
$bFoundFunction = true;
$bFunctionIsCatchAll = false;
$sFunctionNameForSpecial = "";
$aArgs = array();
$sPreResponse = "";
$bEndRequest = false;
$sResponse = "";
$requestMode = $this->getRequestMode();
if ($requestMode == -1) {
return;
}
if ($requestMode == XAJAX_POST) {
$sFunctionName = $_POST["xajax"];
if (!empty($_POST["xajaxargs"])) {
$aArgs = $_POST["xajaxargs"];
}
} else {
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
$sFunctionName = $_GET["xajax"];
if (!empty($_GET["xajaxargs"])) {
$aArgs = $_GET["xajaxargs"];
}
}
// Use xajax error handler if necessary
if ($this->bErrorHandler) {
$GLOBALS['xajaxErrorHandlerText'] = "";
set_error_handler("xajaxErrorHandler");
}
if ($this->sPreFunction) {
if (!$this->_isFunctionCallable($this->sPreFunction)) {
$bFoundFunction = false;
$objResponse = new XajaxResponse();
$objResponse->addAlert("Unknown Pre-Function " . $this->sPreFunction);
$sResponse = $objResponse->getXML();
}
}
//include any external dependencies associated with this function name
if (array_key_exists($sFunctionName, $this->aFunctionIncludeFiles)) {
ob_start();
include_once $this->aFunctionIncludeFiles[$sFunctionName];
ob_end_clean();
}
if ($bFoundFunction) {
$sFunctionNameForSpecial = $sFunctionName;
if (!array_key_exists($sFunctionName, $this->aFunctions)) {
if ($this->sCatchAllFunction) {
$sFunctionName = $this->sCatchAllFunction;
$bFunctionIsCatchAll = true;
} else {
$bFoundFunction = false;
$objResponse = new XajaxResponse();
$objResponse->addAlert("Unknown Function {$sFunctionName}.");
$sResponse = $objResponse->getXML();
}
} elseif ($this->aFunctionRequestTypes[$sFunctionName] != $requestMode) {
$bFoundFunction = false;
$objResponse = new XajaxResponse();
$objResponse->addAlert("Incorrect Request Type.");
$sResponse = $objResponse->getXML();
}
}
if ($bFoundFunction) {
for ($i = 0; $i < sizeof($aArgs); $i++) {
// If magic quotes is on, then we need to strip the slashes from the args
if (get_magic_quotes_gpc() == 1 && is_string($aArgs[$i])) {
$aArgs[$i] = stripslashes($aArgs[$i]);
}
if (stristr($aArgs[$i], "<xjxobj>") != false) {
$aArgs[$i] = $this->_xmlToArray("xjxobj", $aArgs[$i]);
} elseif (stristr($aArgs[$i], "<xjxquery>") != false) {
$aArgs[$i] = $this->_xmlToArray("xjxquery", $aArgs[$i]);
} elseif ($this->bDecodeUTF8Input) {
$aArgs[$i] = $this->_decodeUTF8Data($aArgs[$i]);
}
}
if ($this->sPreFunction) {
$mPreResponse = $this->_callFunction($this->sPreFunction, array($sFunctionNameForSpecial, $aArgs));
if (is_array($mPreResponse) && $mPreResponse[0] === false) {
$bEndRequest = true;
$sPreResponse = $mPreResponse[1];
} else {
$sPreResponse = $mPreResponse;
}
if (is_a($sPreResponse, "xajaxResponse")) {
$sPreResponse = $sPreResponse->getXML();
}
if ($bEndRequest) {
$sResponse = $sPreResponse;
}
}
if (!$bEndRequest) {
if (!$this->_isFunctionCallable($sFunctionName)) {
$objResponse = new XajaxResponse();
$objResponse->addAlert("The Registered Function {$sFunctionName} Could Not Be Found.");
$sResponse = $objResponse->getXML();
} else {
if ($bFunctionIsCatchAll) {
$aArgs = array($sFunctionNameForSpecial, $aArgs);
}
$sResponse = $this->_callFunction($sFunctionName, $aArgs);
}
if (is_a($sResponse, "xajaxResponse")) {
$sResponse = $sResponse->getXML();
}
if (!is_string($sResponse) || strpos($sResponse, "<xjx>") === false) {
$objResponse = new XajaxResponse();
$objResponse->addAlert("No XML Response Was Returned By Function {$sFunctionName}.");
$sResponse = $objResponse->getXML();
} elseif ($sPreResponse != "") {
$sNewResponse = new XajaxResponse($this->sEncoding, $this->bOutputEntities);
$sNewResponse->loadXML($sPreResponse);
$sNewResponse->loadXML($sResponse);
$sResponse = $sNewResponse->getXML();
}
}
}
$sContentHeader = "Content-type: text/xml;";
if ($this->sEncoding && strlen(trim($this->sEncoding)) > 0) {
$sContentHeader .= " charset=" . $this->sEncoding;
}
header($sContentHeader);
if ($this->bErrorHandler && !empty($GLOBALS['xajaxErrorHandlerText'])) {
$sErrorResponse = new XajaxResponse();
$sErrorResponse->addAlert("** PHP Error Messages: **" . $GLOBALS['xajaxErrorHandlerText']);
if ($this->sLogFile) {
$fH = @fopen($this->sLogFile, "a");
if (!$fH) {
$sErrorResponse->addAlert("** Logging Error **\n\nxajax was unable to write to the error log file:\n" . $this->sLogFile);
} else {
fwrite($fH, "** xajax Error Log - " . strftime("%b %e %Y %I:%M:%S %p") . " **" . $GLOBALS['xajaxErrorHandlerText'] . "\n\n\n");
fclose($fH);
}
}
$sErrorResponse->loadXML($sResponse);
$sResponse = $sErrorResponse->getXML();
}
if ($this->bCleanBuffer) {
while (@ob_end_clean()) {
}
}
print $sResponse;
if ($this->bErrorHandler) {
restore_error_handler();
}
if ($this->bExitAllowed) {
\Innomatic\Core\InnomaticContainer::instance('\\Innomatic\\Core\\InnomaticContainer')->halt();
}
}
function search_users($needle, $type, $relation_type)
{
global $tbl_user, $tbl_user_rel_access_url, $tbl_group_rel_user, $group_id, $_configuration;
$xajax_response = new XajaxResponse();
$return = $return_origin = $return_destination = '';
$without_user_id = $without_user_id = $condition_relation = '';
if (!empty($group_id) && !empty($relation_type)) {
$group_id = intval($group_id);
$relation_type = intval($relation_type);
// get user_id from relation type and group id
$sql = "SELECT user_id FROM {$tbl_group_rel_user}\n\t\t\t\tWHERE group_id = '{$group_id}'\n\t\t\t\tAND relation_type IN (" . GROUP_USER_PERMISSION_ADMIN . "," . GROUP_USER_PERMISSION_READER . "," . GROUP_USER_PERMISSION_PENDING_INVITATION . "," . GROUP_USER_PERMISSION_MODERATOR . ", " . GROUP_USER_PERMISSION_HRM . ") ";
$res = Database::query($sql);
$user_ids = array();
if (Database::num_rows($res) > 0) {
while ($row = Database::fetch_row($res)) {
$user_ids[] = $row[0];
}
$without_user_id = " AND user.user_id NOT IN(" . implode(',', $user_ids) . ") ";
}
if ($relation_type == GROUP_USER_PERMISSION_PENDING_INVITATION) {
$condition_relation = " AND groups.relation_type IN (" . GROUP_USER_PERMISSION_PENDING_INVITATION . "," . GROUP_USER_PERMISSION_READER . ") ";
} else {
$condition_relation = " AND groups.relation_type = '{$relation_type}' ";
}
// data for destination user list
$sql = "SELECT user.user_id, user.username, user.lastname, user.firstname\n\t\t\t\tFROM {$tbl_group_rel_user} groups\n\t\t\t\tINNER JOIN {$tbl_user} user ON user.user_id = groups.user_id\n\t\t\t\tWHERE groups.group_id = '{$group_id}' {$condition_relation} ";
$rs_destination = Database::query($sql);
if (Database::num_rows($rs_destination) > 0) {
$return_destination .= '<select id="destination_users" name="sessionUsersList[]" multiple="multiple" size="15" style="width:360px;">';
while ($row = Database::fetch_array($rs_destination)) {
$person_name = api_get_person_name($row['firstname'], $row['lastname']);
$return_destination .= '<option value="' . $row['user_id'] . '">' . $person_name . ' (' . $row['username'] . ')</option>';
}
$return_destination .= '</select>';
} else {
$return_destination .= '<select id="destination_users" name="sessionUsersList[]" multiple="multiple" size="15" style="width:360px;"></select>';
}
$xajax_response->addAssign('ajax_destination_list', 'innerHTML', api_utf8_encode($return_destination));
} else {
$return_destination .= '<select id="destination_users" name="sessionUsersList[]" multiple="multiple" size="15" style="width:360px;"></select>';
$xajax_response->addAssign('ajax_destination_list', 'innerHTML', api_utf8_encode($return_destination));
if ($type == 'single') {
$return .= '';
$xajax_response->addAssign('ajax_list_users_single', 'innerHTML', api_utf8_encode($return));
} else {
$return_origin .= '<select id="origin_users" name="nosessionUsersList[]" multiple="multiple" size="15" style="width:360px;"></select>';
$xajax_response->addAssign('ajax_origin_list_multiple', 'innerHTML', api_utf8_encode($return_origin));
}
}
if (!empty($needle) && !empty($type)) {
// xajax send utf8 datas... datas in db can be non-utf8 datas
$charset = api_get_system_encoding();
$needle = Database::escape_string($needle);
$needle = api_convert_encoding($needle, $charset, 'utf-8');
$user_anonymous = api_get_anonymous_id();
$order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname, username' : ' ORDER BY lastname, firstname, username';
if ($type == 'single') {
if (!empty($group_id) && !empty($relation_type)) {
// search users where username or firstname or lastname begins likes $needle
$sql = "SELECT user_id, username, lastname, firstname FROM {$tbl_user} user\n\t\t\t\t\t\tWHERE (username LIKE '{$needle}%' OR firstname LIKE '{$needle}%' OR lastname LIKE '{$needle}%')\n\t\t\t\t\t\tAND user_id<>'{$user_anonymous}' {$without_user_id} {$order_clause} LIMIT 11";
if ($_configuration['multiple_access_urls']) {
$access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1) {
$sql = "SELECT user.user_id, username, lastname, firstname FROM {$tbl_user} user\n\t\t\t\t\t\t\t\tINNER JOIN {$tbl_user_rel_access_url} url_user ON (url_user.user_id=user.user_id)\n\t\t\t\t\t\t\t\tWHERE access_url_id = '{$access_url_id}' AND (username LIKE '{$needle}%' OR firstname LIKE '{$needle}%' OR lastname LIKE '{$needle}%')\n\t\t\t\t\t\t\t\tAND user.user_id<>'{$user_anonymous}' {$without_user_id} {$order_clause} LIMIT 11 ";
}
}
$rs_single = Database::query($sql);
$i = 0;
while ($user = Database::fetch_array($rs_single)) {
$i++;
if ($i <= 10) {
$person_name = api_get_person_name($user['firstname'], $user['lastname']);
$return .= '<a href="javascript: void(0);" onclick="javascript: add_user(\'' . $user['user_id'] . '\',\'' . $person_name . ' (' . $user['username'] . ')' . '\')">' . $person_name . ' (' . $user['username'] . ')</a><br />';
} else {
$return .= '...<br />';
}
}
$xajax_response->addAssign('ajax_list_users_single', 'innerHTML', api_utf8_encode($return));
} else {
$xajax_response->addAlert(get_lang('YouMustChooseARelationType'));
$xajax_response->addClear('user_to_add', 'value');
}
} else {
// multiple
if (!empty($group_id) && !empty($relation_type)) {
$sql = "SELECT user_id, username, lastname, firstname FROM {$tbl_user} user\n\t\t\t\t WHERE " . (api_sort_by_first_name() ? 'firstname' : 'lastname') . " LIKE '{$needle}%' AND user_id<>'{$user_anonymous}' {$without_user_id} {$order_clause} ";
if ($_configuration['multiple_access_urls']) {
$access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1) {
$sql = "SELECT user.user_id, username, lastname, firstname FROM {$tbl_user} user\n\t\t\t\t\t\t\t\tINNER JOIN {$tbl_user_rel_access_url} url_user ON (url_user.user_id=user.user_id)\n\t\t\t\t\t\t\t\tWHERE access_url_id = '{$access_url_id}'\n\t\t\t\t\t\t\t\tAND " . (api_sort_by_first_name() ? 'firstname' : 'lastname') . " LIKE '{$needle}%'\n\t\t\t\t\t\t\t\tAND user.user_id<>'{$user_anonymous}' {$without_user_id} {$order_clause} ";
}
}
$rs_multiple = Database::query($sql);
$return_origin .= '<select id="origin_users" name="nosessionUsersList[]" multiple="multiple" size="15" style="width:360px;">';
while ($user = Database::fetch_array($rs_multiple)) {
$person_name = api_get_person_name($user['firstname'], $user['lastname']);
$return_origin .= '<option value="' . $user['user_id'] . '">' . $person_name . ' (' . $user['username'] . ')</option>';
}
$return_origin .= '</select>';
$xajax_response->addAssign('ajax_origin_list_multiple', 'innerHTML', api_utf8_encode($return_origin));
}
}
}
return $xajax_response;
}
