public function __construct($message = null, $code = 0) { parent::__construct($message, $code); Vtiger_Session::init(); $request = new Vtiger_Request($_REQUEST); $dbLog = PearDatabase::getInstance('log'); $userName = Vtiger_Session::get('full_user_name'); $dbLog->insert('o_yf_access_for_api', ['username' => empty($userName) ? '-' : $userName, 'date' => date('Y-m-d H:i:s'), 'ip' => Vtiger_Functions::getRemoteIP(), 'url' => Vtiger_Functions::getBrowserInfo()->url, 'agent' => $_SERVER['HTTP_USER_AGENT'], 'request' => json_encode($_REQUEST)]); }
function process(Vtiger_Request $request) { vglobal('log', LoggerManager::getLogger('System')); Vtiger_Session::init(); $forceSSL = vglobal('forceSSL'); if ($forceSSL && !Vtiger_Functions::getBrowserInfo()->https) { header("Location: https://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}"); } // Better place this here as session get initiated //skipping the csrf checking for the forgot(reset) password $csrfProtection = vglobal('csrfProtection'); if ($csrfProtection) { if ($request->get('mode') != 'reset' && $request->get('action') != 'Login') { require_once 'libraries/csrf-magic/csrf-magic.php'; } require_once 'config/csrf_config.php'; } // TODO - Get rid of global variable $current_user // common utils api called, depend on this variable right now $currentUser = $this->getLogin(); vglobal('current_user', $currentUser); $currentLanguage = Vtiger_Language_Handler::getLanguage(); vglobal('current_language', $currentLanguage); $module = $request->getModule(); $qualifiedModuleName = $request->getModule(false); if ($currentUser && $qualifiedModuleName) { $moduleLanguageStrings = Vtiger_Language_Handler::getModuleStringsFromFile($currentLanguage, $qualifiedModuleName); vglobal('mod_strings', $moduleLanguageStrings['languageStrings']); } if ($currentUser) { $moduleLanguageStrings = Vtiger_Language_Handler::getModuleStringsFromFile($currentLanguage); vglobal('app_strings', $moduleLanguageStrings['languageStrings']); } $view = $request->get('view'); $action = $request->get('action'); $response = false; try { if ($this->isInstalled() === false && $module != 'Install') { header('Location:install/Install.php'); exit; } if (empty($module)) { if ($this->hasLogin()) { $defaultModule = vglobal('default_module'); if (!empty($defaultModule) && $defaultModule != 'Home') { $module = $defaultModule; $qualifiedModuleName = $defaultModule; $view = 'List'; if ($module == 'Calendar') { // To load MyCalendar instead of list view for calendar //TODO: see if it has to enhanced and get the default view from module model $view = 'Calendar'; } } else { $module = 'Home'; $qualifiedModuleName = 'Home'; $view = 'DashBoard'; } } else { $module = 'Users'; $qualifiedModuleName = 'Settings:Users'; $view = 'Login'; } $request->set('module', $module); $request->set('view', $view); } if (!empty($action)) { $componentType = 'Action'; $componentName = $action; } else { $componentType = 'View'; if (empty($view)) { $view = 'Index'; } $componentName = $view; } $handlerClass = Vtiger_Loader::getComponentClassName($componentType, $componentName, $qualifiedModuleName); $handler = new $handlerClass(); if ($handler) { vglobal('currentModule', $module); $csrfProtection = vglobal('csrfProtection'); if ($csrfProtection) { // Ensure handler validates the request $handler->validateRequest($request); } if ($handler->loginRequired()) { $this->checkLogin($request); } //TODO : Need to review the design as there can potential security threat $skipList = array('Users', 'Home', 'CustomView', 'Import', 'Export', 'Inventory', 'Vtiger', 'PriceBooks', 'Migration', 'Install'); if (!in_array($module, $skipList) && stripos($qualifiedModuleName, 'Settings') === false) { $this->triggerCheckPermission($handler, $request); } // Every settings page handler should implement this method if (stripos($qualifiedModuleName, 'Settings') === 0 || $module == 'Users') { $handler->checkPermission($request); } $notPermittedModules = array('ModComments', 'Integration', 'DashBoard'); if (in_array($module, $notPermittedModules) && $view == 'List') { header('Location:index.php?module=Home&view=DashBoard'); } $this->triggerPreProcess($handler, $request); $response = $handler->process($request); $this->triggerPostProcess($handler, $request); } else { throw new AppException(vtranslate('LBL_HANDLER_NOT_FOUND')); } } catch (Exception $e) { if ($view) { // Log for developement. error_log($e->getTraceAsString(), E_NOTICE); Vtiger_Functions::throwNewException($e->getMessage()); } else { $response = new Vtiger_Response(); $response->setEmitType(Vtiger_Response::$EMIT_JSON); $response->setError($e->getMessage()); //Vtiger_Functions::throwNewException($e->getMessage()); } } if ($response) { $response->emit(); } }
* The contents of this file are subject to the vtiger CRM Public License Version 1.0 * ("License"); You may not use this file except in compliance with the License * The Original Code is: vtiger CRM Open Source * The Initial Developer of the Original Code is vtiger. * Portions created by vtiger are Copyright (C) vtiger. * All Rights Reserved. * ****************************************************************************** */ chdir(dirname(__FILE__) . '/../'); /** * Start the cron services configured. */ include_once 'include/Webservices/Relation.php'; include_once 'include/main/WebUI.php'; require_once 'vtlib/Vtiger/Cron.php'; require_once 'modules/Emails/mail.php'; Vtiger_Session::init(); if (PHP_SAPI === 'cli' || PHP_SAPI === 'cgi-fcgi' || !empty(Vtiger_Session::get('authenticated_user_id')) && !empty(Vtiger_Session::get('app_unique_key')) && Vtiger_Session::get('app_unique_key') == vglobal('application_unique_key')) { $log = LoggerManager::getLogger('CRON'); vglobal('log', $log); $cronTasks = false; if (isset($_REQUEST['service'])) { // Run specific service $cronTasks = [Vtiger_Cron::getInstance($_REQUEST['service'])]; } else { // Run all service $cronTasks = Vtiger_Cron::listAllActiveInstances(); } $cronStarts = date('Y-m-d H:i:s'); //set global current user permissions $current_user = vglobal('current_user'); $current_user = Users::getActiveAdminUser();
function process(Vtiger_Request $request) { Vtiger_Session::init(); // Better place this here as session get initiated //skipping the csrf checking for the forgot(reset) password if ($request->get('mode') != 'reset' && $request->get('action') != 'Login') { require_once 'libraries/csrf-magic/csrf-magic.php'; } // TODO - Get rid of global variable $current_user // common utils api called, depend on this variable right now $currentUser = $this->getLogin(); vglobal('current_user', $currentUser); global $default_language; vglobal('default_language', $default_language); $currentLanguage = Vtiger_Language_Handler::getLanguage(); vglobal('current_language', $currentLanguage); $module = $request->getModule(); $qualifiedModuleName = $request->getModule(false); if ($currentUser && $qualifiedModuleName) { $moduleLanguageStrings = Vtiger_Language_Handler::getModuleStringsFromFile($currentLanguage, $qualifiedModuleName); vglobal('mod_strings', $moduleLanguageStrings['languageStrings']); } if ($currentUser) { $moduleLanguageStrings = Vtiger_Language_Handler::getModuleStringsFromFile($currentLanguage); vglobal('app_strings', $moduleLanguageStrings['languageStrings']); } $view = $request->get('view'); $action = $request->get('action'); $response = false; try { if ($this->isInstalled() === false && $module != 'Install') { header('Location:index.php?module=Install&view=Index'); exit; } if (empty($module)) { if ($this->hasLogin()) { $defaultModule = vglobal('default_module'); if (!empty($defaultModule) && $defaultModule != 'Home') { $module = $defaultModule; $qualifiedModuleName = $defaultModule; $view = 'List'; if ($module == 'Calendar') { // To load MyCalendar instead of list view for calendar //TODO: see if it has to enhanced and get the default view from module model $view = 'Calendar'; } } else { $module = 'Home'; $qualifiedModuleName = 'Home'; $view = 'DashBoard'; } } else { $module = 'Users'; $qualifiedModuleName = 'Settings:Users'; $view = 'Login'; } $request->set('module', $module); $request->set('view', $view); } if (!empty($action)) { $componentType = 'Action'; $componentName = $action; } else { $componentType = 'View'; if (empty($view)) { $view = 'Index'; } $componentName = $view; } $handlerClass = Vtiger_Loader::getComponentClassName($componentType, $componentName, $qualifiedModuleName); $handler = new $handlerClass(); if ($handler) { vglobal('currentModule', $module); // Ensure handler validates the request $handler->validateRequest($request); if ($handler->loginRequired()) { $this->checkLogin($request); } //TODO : Need to review the design as there can potential security threat $skipList = array('Users', 'Home', 'CustomView', 'Import', 'Export', 'Inventory', 'Vtiger', 'PriceBooks', 'Migration', 'Install'); if (!in_array($module, $skipList) && stripos($qualifiedModuleName, 'Settings') === false) { $this->triggerCheckPermission($handler, $request); } // Every settings page handler should implement this method if (stripos($qualifiedModuleName, 'Settings') === 0 || $module == 'Users') { $handler->checkPermission($request); } $notPermittedModules = array('ModComments', 'Integration', 'DashBoard'); if (in_array($module, $notPermittedModules) && $view == 'List') { header('Location:index.php?module=Home&view=DashBoard'); } $this->triggerPreProcess($handler, $request); /** EventHandler START */ list($handler, $request) = EventHandler_Module_Model::do_filter(array("vtiger.filter.process." . strtolower($module . '.' . $componentName . "." . $componentType) . ".before", "vtiger.filter.process." . strtolower($componentName . "." . $componentType) . ".before"), array($handler, $request)); /** EventHandler ENDE */ $response = $handler->process($request); /** EventHandler START */ list($handler, $request) = EventHandler_Module_Model::do_filter(array("vtiger.filter.process." . strtolower($module . '.' . $componentName . "." . $componentType) . ".after", "vtiger.filter.process." . strtolower($componentName . "." . $componentType) . ".after"), array($handler, $request)); /** EventHandler ENDE */ $this->triggerPostProcess($handler, $request); } else { throw new AppException(vtranslate('LBL_HANDLER_NOT_FOUND')); } } catch (Exception $e) { if ($view) { // Log for developement. error_log($e->getTraceAsString(), E_NOTICE); $viewer = new Vtiger_Viewer(); $viewer->assign('MESSAGE', $e->getMessage()); $viewer->view('OperationNotPermitted.tpl', 'Vtiger'); } else { $response = new Vtiger_Response(); $response->setEmitType(Vtiger_Response::$EMIT_JSON); $response->setError($e->getMessage()); } } /** EventHandler START */ EventHandler_Module_Model::do_action("vtiger.process.finish", array($module, $componentName, $componentType)); EventHandler_Module_Model::do_action("vtiger.process." . strtolower($module . '.' . $componentName . "." . $componentType) . ".finish", array($module, $componentName, $componentType)); /** EventHandler ENDE */ if ($response) { $response->emit(); } }