/**
* @param array $cxn
* @param string $entity
* @param string $action
* @param array $params
* @return mixed
*/
public static function route($cxn, $entity, $action, $params)
{
$SUPER_PERM = array('administer CiviCRM');
require_once 'api/v3/utils.php';
// FIXME: Shouldn't the X-Forwarded-Proto check be part of CRM_Utils_System::isSSL()?
if (CRM_Core_BAO_Setting::getItem(CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME, 'enableSSL') && !CRM_Utils_System::isSSL() && strtolower(CRM_Utils_Array::value('X_FORWARDED_PROTO', CRM_Utils_System::getRequestHeaders())) != 'https') {
return civicrm_api3_create_error('System policy requires HTTPS.');
}
// Note: $cxn and cxnId are authenticated before router is called.
$dao = new CRM_Cxn_DAO_Cxn();
$dao->cxn_id = $cxn['cxnId'];
if (empty($cxn['cxnId']) || !$dao->find(TRUE) || !$dao->cxn_id) {
return civicrm_api3_create_error('Failed to lookup connection authorizations.');
}
if (!$dao->is_active) {
return civicrm_api3_create_error('Connection is inactive.');
}
if (!is_string($entity) || !is_string($action) || !is_array($params)) {
return civicrm_api3_create_error('API parameters are malformed.');
}
if (empty($cxn['perm']['api']) || !is_array($cxn['perm']['api']) || empty($cxn['perm']['grant']) || !(is_array($cxn['perm']['grant']) || is_string($cxn['perm']['grant']))) {
return civicrm_api3_create_error('Connection has no permissions.');
}
$whitelist = \Civi\API\WhitelistRule::createAll($cxn['perm']['api']);
\Civi::service('dispatcher')->addSubscriber(new \Civi\API\Subscriber\WhitelistSubscriber($whitelist));
CRM_Core_Config::singleton()->userPermissionTemp = new CRM_Core_Permission_Temp();
if ($cxn['perm']['grant'] === '*') {
CRM_Core_Config::singleton()->userPermissionTemp->grant($SUPER_PERM);
} else {
CRM_Core_Config::singleton()->userPermissionTemp->grant($cxn['perm']['grant']);
}
$params['check_permissions'] = 'whitelist';
return civicrm_api($entity, $action, $params);
}
/**
* Add element to form
*
*/
function add(&$form)
{
$error = NULL;
$config = CRM_Core_Config::singleton();
$useSSL = FALSE;
require_once 'packages/recaptcha/recaptchalib.php';
// See if we are using SSL
if (CRM_Utils_System::isSSL()) {
$useSSL = TRUE;
}
$html = recaptcha_get_html($config->recaptchaPublicKey, $error, $useSSL);
$form->assign('recaptchaHTML', $html);
$form->assign('recaptchaOptions', $config->recaptchaOptions);
$form->add('text', 'recaptcha_challenge_field', NULL, NULL, TRUE);
$form->add('hidden', 'recaptcha_response_field', 'manual_challenge');
$form->registerRule('recaptcha', 'callback', 'validate', 'CRM_Utils_ReCAPTCHA');
$form->addRule('recaptcha_challenge_field', ts('Input text must match the phrase in the image. Please review the image and re-enter matching text.'), 'recaptcha', $form);
}
/**
* Add element to form.
*
* @param CRM_Core_Form $form
*/
public static function add(&$form)
{
$error = NULL;
$config = CRM_Core_Config::singleton();
$useSSL = FALSE;
if (!function_exists('recaptcha_get_html')) {
require_once 'packages/recaptcha/recaptchalib.php';
}
// See if we are using SSL
if (CRM_Utils_System::isSSL()) {
$useSSL = TRUE;
}
$html = recaptcha_get_html($config->recaptchaPublicKey, $error, $useSSL);
$form->assign('recaptchaHTML', $html);
$form->assign('recaptchaOptions', $config->recaptchaOptions);
$form->add('text', 'g-recaptcha-response', 'reCaptcha', NULL, TRUE);
$form->registerRule('recaptcha', 'callback', 'validate', 'CRM_Utils_ReCAPTCHA');
if ($form->isSubmitted() && empty($form->_submitValues['g-recaptcha-response'])) {
$form->setElementError('g-recaptcha-response', ts('Input text must match the phrase in the image. Please review the image and re-enter matching text.'));
}
}
/**
* Format the url as per language Negotiation.
*
* @param string $url
*
* @return string $url, formatted url.
* @static
*/
function languageNegotiationURL($url, $addLanguagePart = TRUE, $removeLanguagePart = FALSE)
{
if (empty($url)) {
return $url;
}
//CRM-7803 -from d7 onward.
$config = CRM_Core_Config::singleton();
if (function_exists('variable_get') && module_exists('locale') && function_exists('language_negotiation_get')) {
global $language;
//does user configuration allow language
//support from the URL (Path prefix or domain)
if (language_negotiation_get('language') == 'locale-url') {
$urlType = variable_get('locale_language_negotiation_url_part');
//url prefix
if ($urlType == LOCALE_LANGUAGE_NEGOTIATION_URL_PREFIX) {
if (isset($language->prefix) && $language->prefix) {
if ($addLanguagePart) {
$url .= $language->prefix . '/';
}
if ($removeLanguagePart) {
$url = str_replace("/{$language->prefix}/", '/', $url);
}
}
}
//domain
if ($urlType == LOCALE_LANGUAGE_NEGOTIATION_URL_DOMAIN) {
if (isset($language->domain) && $language->domain) {
if ($addLanguagePart) {
$url = (CRM_Utils_System::isSSL() ? 'https' : 'http') . '://' . $language->domain . base_path();
}
if ($removeLanguagePart && defined('CIVICRM_UF_BASEURL')) {
$url = str_replace('\\', '/', $url);
$parseUrl = parse_url($url);
//kinda hackish but not sure how to do it right
//hope http_build_url() will help at some point.
if (is_array($parseUrl) && !empty($parseUrl)) {
$urlParts = explode('/', $url);
$hostKey = array_search($parseUrl['host'], $urlParts);
$ufUrlParts = parse_url(CIVICRM_UF_BASEURL);
$urlParts[$hostKey] = $ufUrlParts['host'];
$url = implode('/', $urlParts);
}
}
}
}
}
}
return $url;
}
/**
* Determine the location of the CiviCRM source tree.
*
* @return array
* - url: string. ex: "http://example.com/sites/all/modules/civicrm"
* - path: string. ex: "/var/www/sites/all/modules/civicrm"
*/
public function getCiviSourceStorage()
{
global $civicrm_root;
// Don't use $config->userFrameworkBaseURL; it has garbage on it.
// More generally, we shouldn't be using $config here.
if (!defined('CIVICRM_UF_BASEURL')) {
throw new RuntimeException('Undefined constant: CIVICRM_UF_BASEURL');
}
$cmsPath = $this->cmsRootPath();
// $config = CRM_Core_Config::singleton();
// overkill? // $cmsUrl = CRM_Utils_System::languageNegotiationURL($config->userFrameworkBaseURL, FALSE, TRUE);
$cmsUrl = CIVICRM_UF_BASEURL;
if (CRM_Utils_System::isSSL()) {
$cmsUrl = str_replace('http://', 'https://', $cmsUrl);
}
$civiRelPath = CRM_Utils_File::relativize($civicrm_root, $cmsPath);
$civiUrl = rtrim($cmsUrl, '/') . '/' . ltrim($civiRelPath, ' /');
return array('url' => CRM_Utils_File::addTrailingSlash($civiUrl, '/'), 'path' => CRM_Utils_File::addTrailingSlash($civicrm_root));
}
/**
* @inheritDoc
*/
public function languageNegotiationURL($url, $addLanguagePart = TRUE, $removeLanguagePart = FALSE)
{
if (empty($url)) {
return $url;
}
if (function_exists('config_get') && module_exists('locale') && function_exists('language_negotiation_get')) {
global $language;
// Check if language support from the URL (Path prefix or domain) is set.
if (language_negotiation_get('language') == 'locale-url') {
$urlType = config_get('locale.settings', 'locale_language_negotiation_url_part');
// URL prefix negotiation.
if ($urlType == LANGUAGE_NEGOTIATION_URL_PREFIX) {
if (isset($language->prefix) && $language->prefix) {
if ($addLanguagePart) {
$url .= $language->prefix . '/';
}
if ($removeLanguagePart) {
$url = str_replace("/{$language->prefix}/", '/', $url);
}
}
}
// Domain negotiation.
if ($urlType == LANGUAGE_NEGOTIATION_URL_DOMAIN) {
if (isset($language->domain) && $language->domain) {
if ($addLanguagePart) {
$cleanedUrl = preg_replace('#^https?://#', '', $language->domain);
// Backdrop function base_path() adds a "/" to the beginning and
// end of the returned path.
if (substr($cleanedUrl, -1) == '/') {
$cleanedUrl = substr($cleanedUrl, 0, -1);
}
$url = (CRM_Utils_System::isSSL() ? 'https' : 'http') . '://' . $cleanedUrl . base_path();
}
if ($removeLanguagePart && defined('CIVICRM_UF_BASEURL')) {
$url = str_replace('\\', '/', $url);
$parseUrl = parse_url($url);
//kinda hackish but not sure how to do it right
//hope http_build_url() will help at some point.
if (is_array($parseUrl) && !empty($parseUrl)) {
$urlParts = explode('/', $url);
$hostKey = array_search($parseUrl['host'], $urlParts);
$ufUrlParts = parse_url(CIVICRM_UF_BASEURL);
$urlParts[$hostKey] = $ufUrlParts['host'];
$url = implode('/', $urlParts);
}
}
}
}
}
}
return $url;
}
/**
* Determine the location of the CiviCRM source tree.
*
* FIXME:
* 1. This was pulled out from a bigger function. It should be split
* into even smaller pieces and marked abstract.
* 2. This would be easier to compute by a calling a CMS API, but
* for whatever reason we take the hard way.
*
* @return array
* - url: string. ex: "http://example.com/sites/all/modules/civicrm"
* - path: string. ex: "/var/www/sites/all/modules/civicrm"
*/
public function getCiviSourceStorage()
{
global $civicrm_root;
$config = CRM_Core_Config::singleton();
// Don't use $config->userFrameworkBaseURL; it has garbage on it.
// More generally, w shouldn't be using $config here.
if (!defined('CIVICRM_UF_BASEURL')) {
throw new RuntimeException('Undefined constant: CIVICRM_UF_BASEURL');
}
$baseURL = CRM_Utils_File::addTrailingSlash(CIVICRM_UF_BASEURL, '/');
if (CRM_Utils_System::isSSL()) {
$baseURL = str_replace('http://', 'https://', $baseURL);
}
if ($config->userFramework == 'Joomla') {
$userFrameworkResourceURL = $baseURL . "components/com_civicrm/civicrm/";
} elseif ($config->userFramework == 'WordPress') {
$userFrameworkResourceURL = CIVICRM_PLUGIN_URL . "civicrm/";
} elseif ($this->is_drupal) {
// Drupal setting
// check and see if we are installed in sites/all (for D5 and above)
// we dont use checkURL since drupal generates an error page and throws
// the system for a loop on lobo's macosx box
// or in modules
$cmsPath = $config->userSystem->cmsRootPath();
$userFrameworkResourceURL = $baseURL . str_replace("{$cmsPath}/", '', str_replace('\\', '/', $civicrm_root));
$siteName = $config->userSystem->parseDrupalSiteName($civicrm_root);
if ($siteName) {
$civicrmDirName = trim(basename($civicrm_root));
$userFrameworkResourceURL = $baseURL . "sites/{$siteName}/modules/{$civicrmDirName}/";
}
} else {
$userFrameworkResourceURL = NULL;
}
return array('url' => CRM_Utils_File::addTrailingSlash($userFrameworkResourceURL), 'path' => CRM_Utils_File::addTrailingSlash($civicrm_root));
}
/**
* @param int $activity_id
* @param int $contact_id
* @param int $petition_id
*
* @return bool
*/
public function confirmSignature($activity_id, $contact_id, $petition_id)
{
// change activity status to completed (status_id = 2)
// I wonder why do we need contact_id when we have activity_id anyway? [chastell]
$sql = 'UPDATE civicrm_activity SET status_id = 2 WHERE id = %1';
$activityContacts = CRM_Core_OptionGroup::values('activity_contacts', FALSE, FALSE, FALSE, NULL, 'name');
$sourceID = CRM_Utils_Array::key('Activity Source', $activityContacts);
$params = array(1 => array($activity_id, 'Integer'), 2 => array($contact_id, 'Integer'), 3 => array($sourceID, 'Integer'));
CRM_Core_DAO::executeQuery($sql, $params);
$sql = 'UPDATE civicrm_activity_contact SET contact_id = %2 WHERE activity_id = %1 AND record_type_id = %3';
CRM_Core_DAO::executeQuery($sql, $params);
// remove 'Unconfirmed' tag for this contact
$tag_name = Civi::settings()->get('tag_unconfirmed');
$sql = "\nDELETE FROM civicrm_entity_tag\nWHERE entity_table = 'civicrm_contact'\nAND entity_id = %1\nAND tag_id = ( SELECT id FROM civicrm_tag WHERE name = %2 )";
$params = array(1 => array($contact_id, 'Integer'), 2 => array($tag_name, 'String'));
CRM_Core_DAO::executeQuery($sql, $params);
// validate arguments to setcookie are numeric to prevent header manipulation
if (isset($petition_id) && is_numeric($petition_id) && isset($activity_id) && is_numeric($activity_id)) {
// set permanent cookie to indicate this users email address now confirmed
$config = CRM_Core_Config::singleton();
$url_parts = parse_url($config->userFrameworkBaseURL);
setcookie("confirmed_{$petition_id}", $activity_id, time() + $this->cookieExpire, $url_parts['path'], $url_parts['host'], CRM_Utils_System::isSSL());
return TRUE;
} else {
CRM_Core_Error::fatal(ts('Petition Id and/or Activity Id is not of the type Positive.'));
return FALSE;
}
}
/**
* Initialize the config variables.
*
* @return void
*/
private function _initVariables()
{
// retrieve serialised settings
$variables = array();
CRM_Core_BAO_ConfigSetting::retrieve($variables);
// if settings are not available, go down the full path
if (empty($variables)) {
// Step 1. get system variables with their hardcoded defaults
$variables = get_object_vars($this);
// Step 2. get default values (with settings file overrides if
// available - handled in CRM_Core_Config_Defaults)
CRM_Core_Config_Defaults::setValues($variables);
// retrieve directory and url preferences also
CRM_Core_BAO_Setting::retrieveDirectoryAndURLPreferences($variables);
// add component specific settings
$this->componentRegistry->addConfig($this);
// serialise settings
$settings = $variables;
CRM_Core_BAO_ConfigSetting::add($settings);
}
$urlArray = array('userFrameworkResourceURL', 'imageUploadURL');
$dirArray = array('uploadDir', 'customFileUploadDir');
foreach ($variables as $key => $value) {
if (in_array($key, $urlArray)) {
$value = CRM_Utils_File::addTrailingSlash($value, '/');
} elseif (in_array($key, $dirArray)) {
if ($value) {
$value = CRM_Utils_File::addTrailingSlash($value);
}
if (empty($value) || CRM_Utils_File::createDir($value, FALSE) === FALSE) {
// seems like we could not create the directories
// settings might have changed, lets suppress a message for now
// so we can make some more progress and let the user fix their settings
// for now we assign it to a know value
// CRM-4949
$value = $this->templateCompileDir;
$url = CRM_Utils_System::url('civicrm/admin/setting/path', 'reset=1');
CRM_Core_Session::setStatus(ts('%1 has an incorrect directory path. Please go to the <a href="%2">path setting page</a> and correct it.', array(1 => $key, 2 => $url)), ts('Check Settings'), 'alert');
}
} elseif ($key == 'lcMessages') {
// reset the templateCompileDir to locale-specific and make sure it exists
if (substr($this->templateCompileDir, -1 * strlen($value) - 1, -1) != $value) {
$this->templateCompileDir .= CRM_Utils_File::addTrailingSlash($value);
CRM_Utils_File::createDir($this->templateCompileDir);
CRM_Utils_File::restrictAccess($this->templateCompileDir);
}
}
$this->{$key} = $value;
}
if ($this->userFrameworkResourceURL) {
// we need to do this here so all blocks also load from an ssl server
if (CRM_Utils_System::isSSL()) {
CRM_Utils_System::mapConfigToSSL();
}
$rrb = parse_url($this->userFrameworkResourceURL);
// don't use absolute path if resources are stored on a different server
// CRM-4642
$this->resourceBase = $this->userFrameworkResourceURL;
if (isset($_SERVER['HTTP_HOST']) && isset($rrb['host'])) {
$this->resourceBase = $rrb['host'] == $_SERVER['HTTP_HOST'] ? $rrb['path'] : $this->userFrameworkResourceURL;
}
}
if (!$this->customFileUploadDir) {
$this->customFileUploadDir = $this->uploadDir;
}
if ($this->geoProvider) {
$this->geocodeMethod = 'CRM_Utils_Geocode_' . $this->geoProvider;
} elseif ($this->mapProvider) {
$this->geocodeMethod = 'CRM_Utils_Geocode_' . $this->mapProvider;
}
require_once str_replace('_', DIRECTORY_SEPARATOR, $this->userFrameworkClass) . '.php';
$class = $this->userFrameworkClass;
// redundant with _setUserFrameworkConfig
$this->userSystem = new $class();
}
/**
* Determine the URL to a file.
*
* @param string $value
* The file path. The path may begin with a variable, e.g. "[civicrm.files]/upload".
* @param string $preferFormat
* The preferred format ('absolute', 'relative').
* The result data may not meet the preference -- if the setting
* refers to an external domain, then the result will be
* absolute (regardless of preference).
* @param bool|NULL $ssl
* NULL to autodetect. TRUE to force to SSL.
* @return mixed|string
*/
public function getUrl($value, $preferFormat = 'relative', $ssl = NULL)
{
$defaultContainer = self::DEFAULT_URL;
if ($value && $value[0] == '[' && preg_match(';^\\[([a-zA-Z0-9\\._]+)\\](/(.*))$;', $value, $matches)) {
$defaultContainer = $matches[1];
$value = empty($matches[3]) ? '.' : $matches[3];
}
if (empty($value)) {
return FALSE;
}
if ($value === '.') {
$value = '';
}
if (substr($value, 0, 4) == 'http') {
return $value;
}
$value = $this->getVariable($defaultContainer, 'url') . $value;
if ($preferFormat === 'relative') {
$parsed = parse_url($value);
if (isset($_SERVER['HTTP_HOST']) && isset($parsed['host']) && $_SERVER['HTTP_HOST'] == $parsed['host']) {
$value = $parsed['path'];
}
}
if ($ssl || $ssl === NULL && \CRM_Utils_System::isSSL()) {
$value = str_replace('http://', 'https://', $value);
}
return $value;
}