function service_form_plan_process()
{
log_debug("inc_services_process", "Executing service_form_plan_process()");
/*
Fetch all form data
*/
$id = @security_form_input_predefined("int", "id_service", 1, "");
// general details
$data["price"] = @security_form_input_predefined("money", "price", 0, "");
$data["price_setup"] = @security_form_input_predefined("money", "price_setup", 0, "");
$data["discount"] = @security_form_input_predefined("float", "discount", 0, "");
$data["billing_cycle"] = @security_form_input_predefined("int", "billing_cycle", 1, "");
$data["billing_mode"] = @security_form_input_predefined("int", "billing_mode", 1, "");
// needed to handle errors, but not used
$data["name_service"] = @security_form_input_predefined("any", "name_service", 0, "");
// make sure that the service actually exists
$sql_plan_obj = new sql_query();
$sql_plan_obj->string = "SELECT services.typeid, service_types.name FROM services LEFT JOIN service_types ON service_types.id = services.typeid WHERE services.id='{$id}' LIMIT 1";
$sql_plan_obj->execute();
if (!$sql_plan_obj->num_rows()) {
$_SESSION["error"]["message"][] = "The service you have attempted to edit - {$id} - does not exist in this system.";
} else {
$sql_plan_obj->fetch_array();
}
// fetch fields depending on the service type
switch ($sql_plan_obj->data[0]["name"]) {
case "generic_with_usage":
$data["units"] = @security_form_input_predefined("any", "units", 1, "");
$data["included_units"] = @security_form_input_predefined("int", "included_units", 0, "");
$data["price_extraunits"] = @security_form_input_predefined("money", "price_extraunits", 0, "");
$data["usage_mode"] = @security_form_input_predefined("int", "usage_mode", 1, "");
$data["alert_80pc"] = @security_form_input_predefined("any", "alert_80pc", 0, "");
$data["alert_100pc"] = @security_form_input_predefined("any", "alert_100pc", 0, "");
$data["alert_extraunits"] = @security_form_input_predefined("any", "alert_extraunits", 0, "");
break;
case "licenses":
$data["units"] = @security_form_input_predefined("any", "units", 1, "");
$data["included_units"] = @security_form_input_predefined("int", "included_units", 0, "");
$data["price_extraunits"] = @security_form_input_predefined("money", "price_extraunits", 0, "");
break;
case "time":
$data["units"] = @security_form_input_predefined("int", "units", 1, "");
$data["included_units"] = @security_form_input_predefined("int", "included_units", 0, "");
$data["price_extraunits"] = @security_form_input_predefined("money", "price_extraunits", 0, "");
// force data usage/time to be incrementing
$data["usage_mode"] = sql_get_singlevalue("SELECT id as value FROM service_usage_modes WHERE name='incrementing' LIMIT 1");
$data["alert_80pc"] = @security_form_input_predefined("any", "alert_80pc", 0, "");
$data["alert_100pc"] = @security_form_input_predefined("any", "alert_100pc", 0, "");
$data["alert_extraunits"] = @security_form_input_predefined("any", "alert_extraunits", 0, "");
break;
case "data_traffic":
// general data traffic options
$data["units"] = @security_form_input_predefined("int", "units", 1, "");
// force data usage/time to be incrementing
$data["usage_mode"] = sql_get_singlevalue("SELECT id as value FROM service_usage_modes WHERE name='incrementing' LIMIT 1");
// loop through all the traffic types
$data["data_traffic_caps"] = array();
$obj_sql_traffic_types = new sql_query();
$obj_sql_traffic_types->string = "SELECT id FROM traffic_types";
$obj_sql_traffic_types->execute();
$obj_sql_traffic_types->num_rows();
// will always be at least one, need for loop
for ($i = 0; $i < $obj_sql_traffic_types->data_num_rows; $i++) {
$cap = array();
if (@security_form_input_predefined("checkbox", "traffic_cap_" . $i . "_active", 0, "") || $_POST["traffic_cap_" . $i . "_id"] == "1") {
// fetch traffic cap details
$cap["id_traffic_type"] = @security_form_input_predefined("int", "traffic_cap_" . $i . "_id", 1, "");
$cap["name"] = @security_form_input_predefined("any", "traffic_cap_" . $i . "_name", 0, "");
$cap["mode"] = @security_form_input_predefined("any", "traffic_cap_" . $i . "_mode", 0, "");
$cap["units_included"] = @security_form_input_predefined("int", "traffic_cap_" . $i . "_units_included", 0, "");
$cap["units_price"] = @security_form_input_predefined("money", "traffic_cap_" . $i . "_units_price", 0, "");
// additional checks
if ($cap["mode"] != "unlimited" && $cap["mode"] != "capped") {
log_write("error", "inc_services_process", "A data type must either be disabled or marked as capped vs unlimited");
error_flag_field("traffic_cap_" . $i);
}
$data["data_traffic_caps"][] = $cap;
}
}
unset($obj_sql_traffic_types);
// alert configuration
$data["alert_80pc"] = @security_form_input_predefined("any", "alert_80pc", 0, "");
$data["alert_100pc"] = @security_form_input_predefined("any", "alert_100pc", 0, "");
$data["alert_extraunits"] = @security_form_input_predefined("any", "alert_extraunits", 0, "");
break;
case "phone_single":
$data["id_rate_table"] = @security_form_input_predefined("int", "id_rate_table", 1, "");
break;
case "phone_tollfree":
$data["id_rate_table"] = @security_form_input_predefined("int", "id_rate_table", 1, "");
$data["phone_trunk_included_units"] = @security_form_input_predefined("int", "phone_trunk_included_units", 1, "");
$data["phone_trunk_price_extra_units"] = @security_form_input_predefined("money", "phone_trunk_price_extra_units", 0, "");
break;
case "phone_trunk":
$data["id_rate_table"] = @security_form_input_predefined("int", "id_rate_table", 1, "");
$data["phone_ddi_included_units"] = @security_form_input_predefined("int", "phone_ddi_included_units", 1, "");
$data["phone_ddi_price_extra_units"] = @security_form_input_predefined("money", "phone_ddi_price_extra_units", 0, "");
$data["phone_trunk_included_units"] = @security_form_input_predefined("int", "phone_trunk_included_units", 1, "");
$data["phone_trunk_price_extra_units"] = @security_form_input_predefined("money", "phone_trunk_price_extra_units", 0, "");
break;
}
// convert checkbox input
if ($data["alert_80pc"]) {
$data["alert_80pc"] = 1;
}
if ($data["alert_100pc"]) {
$data["alert_100pc"] = 1;
}
//// ERROR CHECKING ///////////////////////
/// if there was an error, go back to the entry page
if ($_SESSION["error"]["message"]) {
$_SESSION["error"]["form"]["service_plan"] = "failed";
header("Location: ../index.php?page=services/plan.php&id={$id}");
exit(0);
} else {
/*
Begin Transaction
*/
$sql_obj = new sql_query();
$sql_obj->trans_begin();
/*
Update plan details
*/
$sql_obj = new sql_query();
switch ($sql_plan_obj->data[0]["name"]) {
case "time":
$sql_obj->string = "UPDATE services SET " . "active='1', " . "price='" . $data["price"] . "', " . "price_setup='" . $data["price_setup"] . "', " . "discount='" . $data["discount"] . "', " . "units='" . $data["units"] . "', " . "price_extraunits='" . $data["price_extraunits"] . "', " . "included_units='" . $data["included_units"] . "', " . "billing_cycle='" . $data["billing_cycle"] . "', " . "billing_mode='" . $data["billing_mode"] . "', " . "usage_mode='" . $data["usage_mode"] . "', " . "alert_80pc='" . $data["alert_80pc"] . "', " . "alert_100pc='" . $data["alert_100pc"] . "', " . "alert_extraunits='" . $data["alert_extraunits"] . "' " . "WHERE id='{$id}'";
$sql_obj->execute();
break;
case "data_traffic":
// update service plan
$sql_obj->string = "UPDATE services SET " . "active='1', " . "price='" . $data["price"] . "', " . "price_setup='" . $data["price_setup"] . "', " . "discount='" . $data["discount"] . "', " . "units='" . $data["units"] . "', " . "billing_cycle='" . $data["billing_cycle"] . "', " . "billing_mode='" . $data["billing_mode"] . "', " . "usage_mode='" . $data["usage_mode"] . "', " . "alert_80pc='" . $data["alert_80pc"] . "', " . "alert_100pc='" . $data["alert_100pc"] . "', " . "alert_extraunits='" . $data["alert_extraunits"] . "' " . "WHERE id='{$id}'";
$sql_obj->execute();
// delete existing service traffic caps
$sql_obj->string = "DELETE FROM traffic_caps WHERE id_service='{$id}'";
$sql_obj->execute();
// update service traffic caps
foreach ($data["data_traffic_caps"] as $cap) {
// add each traffic cap
$sql_obj->string = "INSERT INTO traffic_caps (id_service, id_traffic_type, mode, units_price, units_included) VALUES ('{$id}', '" . $cap["id_traffic_type"] . "', '" . $cap["mode"] . "', '" . $cap["units_price"] . "', '" . $cap["units_included"] . "')";
$sql_obj->execute();
}
break;
case "generic_with_usage":
$sql_obj->string = "UPDATE services SET " . "active='1', " . "price='" . $data["price"] . "', " . "price_setup='" . $data["price_setup"] . "', " . "discount='" . $data["discount"] . "', " . "units='" . $data["units"] . "', " . "price_extraunits='" . $data["price_extraunits"] . "', " . "included_units='" . $data["included_units"] . "', " . "billing_cycle='" . $data["billing_cycle"] . "', " . "billing_mode='" . $data["billing_mode"] . "', " . "usage_mode='" . $data["usage_mode"] . "', " . "alert_80pc='" . $data["alert_80pc"] . "', " . "alert_100pc='" . $data["alert_100pc"] . "', " . "alert_extraunits='" . $data["alert_extraunits"] . "' " . "WHERE id='{$id}'";
$sql_obj->execute();
break;
case "licenses":
$sql_obj->string = "UPDATE services SET " . "active='1', " . "price='" . $data["price"] . "', " . "price_setup='" . $data["price_setup"] . "', " . "discount='" . $data["discount"] . "', " . "units='" . $data["units"] . "', " . "price_extraunits='" . $data["price_extraunits"] . "', " . "included_units='" . $data["included_units"] . "', " . "billing_cycle='" . $data["billing_cycle"] . "', " . "billing_mode='" . $data["billing_mode"] . "' " . "WHERE id='{$id}'";
$sql_obj->execute();
break;
case "phone_single":
$sql_obj->string = "UPDATE services SET " . "active='1', " . "price='" . $data["price"] . "', " . "price_setup='" . $data["price_setup"] . "', " . "discount='" . $data["discount"] . "', " . "billing_cycle='" . $data["billing_cycle"] . "', " . "billing_mode='" . $data["billing_mode"] . "', " . "id_rate_table='" . $data["id_rate_table"] . "' " . "WHERE id='{$id}'";
$sql_obj->execute();
break;
case "phone_trunk":
// update basic details
$sql_obj->string = "UPDATE services SET " . "active='1', " . "price='" . $data["price"] . "', " . "price_setup='" . $data["price_setup"] . "', " . "discount='" . $data["discount"] . "', " . "billing_cycle='" . $data["billing_cycle"] . "', " . "billing_mode='" . $data["billing_mode"] . "', " . "id_rate_table='" . $data["id_rate_table"] . "' " . "WHERE id='{$id}'";
$sql_obj->execute();
// delete old options (if any)
$sql_obj->string = "DELETE FROM services_options\n\t\t\t\t\t\t\t\tWHERE option_type='service' \n\t\t\t\t\t\t\t\tAND option_type_id='" . $id . "' \n\t\t\t\t\t\t\t\tAND option_name IN ('phone_ddi_included_units',\n\t\t\t\t\t\t\t\t\t\t\t'phone_ddi_price_extra_units',\n\t\t\t\t\t\t\t\t\t\t\t'phone_trunk_included_units',\n\t\t\t\t\t\t\t\t\t\t\t'phone_trunk_price_extra_units')";
$sql_obj->execute();
// apply new options
$sql_obj->string = "INSERT INTO services_options (option_type, option_type_id, option_name, option_value) VALUES ('service', '" . $id . "', 'phone_ddi_included_units', '" . $data["phone_ddi_included_units"] . "')";
$sql_obj->execute();
$sql_obj->string = "INSERT INTO services_options (option_type, option_type_id, option_name, option_value) VALUES ('service', '" . $id . "', 'phone_ddi_price_extra_units', '" . $data["phone_ddi_price_extra_units"] . "')";
$sql_obj->execute();
$sql_obj->string = "INSERT INTO services_options (option_type, option_type_id, option_name, option_value) VALUES ('service', '" . $id . "', 'phone_trunk_included_units', '" . $data["phone_trunk_included_units"] . "')";
$sql_obj->execute();
$sql_obj->string = "INSERT INTO services_options (option_type, option_type_id, option_name, option_value) VALUES ('service', '" . $id . "', 'phone_trunk_price_extra_units', '" . $data["phone_trunk_price_extra_units"] . "')";
$sql_obj->execute();
break;
case "phone_tollfree":
// update basic details
$sql_obj->string = "UPDATE services SET " . "active='1', " . "price='" . $data["price"] . "', " . "price_setup='" . $data["price_setup"] . "', " . "discount='" . $data["discount"] . "', " . "billing_cycle='" . $data["billing_cycle"] . "', " . "billing_mode='" . $data["billing_mode"] . "', " . "id_rate_table='" . $data["id_rate_table"] . "' " . "WHERE id='{$id}'";
$sql_obj->execute();
// delete old options (if any)
$sql_obj->string = "DELETE FROM services_options\n\t\t\t\t\t\t\t\tWHERE option_type='service' \n\t\t\t\t\t\t\t\tAND option_type_id='" . $id . "' \n\t\t\t\t\t\t\t\tAND option_name IN ('phone_trunk_included_units',\n\t\t\t\t\t\t\t\t\t\t\t'phone_trunk_price_extra_units')";
$sql_obj->execute();
// apply new options
$sql_obj->string = "INSERT INTO services_options (option_type, option_type_id, option_name, option_value) VALUES ('service', '" . $id . "', 'phone_trunk_included_units', '" . $data["phone_trunk_included_units"] . "')";
$sql_obj->execute();
$sql_obj->string = "INSERT INTO services_options (option_type, option_type_id, option_name, option_value) VALUES ('service', '" . $id . "', 'phone_trunk_price_extra_units', '" . $data["phone_trunk_price_extra_units"] . "')";
$sql_obj->execute();
break;
case "generic_no_usage":
case "bundle":
default:
$sql_obj->string = "UPDATE services SET " . "active='1', " . "price='" . $data["price"] . "', " . "price_setup='" . $data["price_setup"] . "', " . "discount='" . $data["discount"] . "', " . "billing_cycle='" . $data["billing_cycle"] . "', " . "billing_mode='" . $data["billing_mode"] . "' " . "WHERE id='{$id}'";
$sql_obj->execute();
break;
}
/*
Update the Journal
*/
journal_quickadd_event("services", $id, "Service plan configuration changed");
/*
Commit
*/
if (error_check()) {
$sql_obj->trans_rollback();
log_write("error", "process", "An error occured whilst attempting to update service plan information. No changes have been made.");
} else {
$sql_obj->trans_commit();
log_write("notification", "process", "Service successfully updated.");
}
// display updated details
header("Location: ../index.php?page=services/plan.php&id={$id}");
exit(0);
}
// end if passed tests
}
$values_require_one = array("amount", "amount_credit", "amount_debit");
$values_acceptable = array("transaction_type", "other_party", "amount", "amount_credit", "amount_debit", "date", "code", "reference", "particulars");
$values_paired = array("amount_credit" => "amount_debit");
$new_input_structure = array();
$selected_field = array();
for ($i = 1; $i <= $num_cols; $i++) {
if (!empty($data["column{$i}"])) {
if (in_array($data["column{$i}"], $values_required)) {
$values_count++;
} else {
if (in_array($data["column{$i}"], $values_require_one)) {
$value_multi_requirement++;
} else {
if (!in_array($data["column{$i}"], $values_acceptable)) {
log_write("error", "page_output", "The option " . $data["column{$i}"] . " is not a valid column type");
error_flag_field("column{$i}");
}
}
}
$new_input_structure[$i]['field_src'] = $i;
$new_input_structure[$i]['field_dest'] = $data["column{$i}"];
$new_input_structure[$i]['data_format'] = $data["format{$i}"];
$selected_fields[$i] = $data["column{$i}"];
}
}
if (in_array("amount", $selected_fields)) {
$paired_value_state = true;
} else {
$paired_value_count = 0;
foreach ($values_paired as $value_pair_key => $value_pair_value) {
if (in_array($value_pair_key, $selected_fields) && in_array($value_pair_value, $selected_fields)) {
$data["THEME_DEFAULT"] = @security_form_input_predefined("any", "THEME_DEFAULT", 1, "");
$data["TABLE_LIMIT"] = @security_form_input_predefined("int", "TABLE_LIMIT", 1, "");
$data["LANGUAGE_DEFAULT"] = @security_form_input_predefined("any", "LANGUAGE_DEFAULT", 1, "");
$data["DATEFORMAT"] = @security_form_input_predefined("any", "DATEFORMAT", 1, "");
$data["TIMEZONE_DEFAULT"] = @security_form_input_predefined("any", "TIMEZONE_DEFAULT", 1, "");
$data["CURRENCY_DEFAULT_NAME"] = @security_form_input_predefined("any", "CURRENCY_DEFAULT_NAME", 1, "");
$data["CURRENCY_DEFAULT_SYMBOL"] = @security_form_input_predefined("any", "CURRENCY_DEFAULT_SYMBOL", 1, "");
$data["CURRENCY_DEFAULT_SYMBOL_POSITION"] = @security_form_input_predefined("any", "CURRENCY_DEFAULT_SYMBOL_POSITION", 1, "");
$data["CURRENCY_DEFAULT_THOUSANDS_SEPARATOR"] = @security_form_input_predefined("any", "CURRENCY_DEFAULT_THOUSANDS_SEPARATOR", 1, "");
$data["CURRENCY_DEFAULT_DECIMAL_SEPARATOR"] = @security_form_input_predefined("any", "CURRENCY_DEFAULT_DECIMAL_SEPARATOR", 1, "");
/*
Check that decimal and thousands separators are different
*/
if ($data["CURRENCY_DEFAULT_THOUSANDS_SEPARATOR"] == $data["CURRENCY_DEFAULT_DECIMAL_SEPARATOR"]) {
error_flag_field("CURRENCY_DEFAULT_THOUSANDS_SEPARATOR");
error_flag_field("CURRENCY_DEFAULT_DECIMAL_SEPARATOR");
log_write("error", "page_output", "Thousands and decimal separators must be different.");
}
/*
Process Errors
*/
if (error_check()) {
$_SESSION["error"]["form"]["config_locale"] = "failed";
header("Location: ../index.php?page=admin/config_locale.php");
exit(0);
} else {
$_SESSION["error"] = array();
/*
Start Transaction
*/
$sql_obj = new sql_query();
}
//make sure each contact has a name
for ($i = 0; $i < $num_contacts; $i++) {
if (!$obj_customer->verify_name_contact($i)) {
log_write("error", "process", "Each contact must be given a name - please ensure each contact has been assigned a unique name");
error_flag_field("contact_" . $i);
log_debug("edit-process", "NO NAME ERROR FLAG: contact_" . $i);
}
}
//make sure each contact name is unique
for ($i = 0; $i < $num_contacts; $i++) {
$uniqueness = $obj_customer->verify_uniqueness_contact($i);
if ($uniqueness != "unique") {
log_write("error", "process", "You have assigned the same name to two or more contacts - please choose unique names");
error_flag_field("contact_" . $i);
error_flag_field("contact_" . $uniqueness);
}
}
// return to input page if any errors occurred
if ($_SESSION["error"]["message"]) {
if ($obj_customer->id) {
$_SESSION["error"]["form"]["customer_view"] = "failed";
header("Location: ../index.php?page=customers/view.php&id=" . $obj_customer->id . "");
exit(0);
} else {
$_SESSION["error"]["form"]["customer_add"] = "failed";
header("Location: ../index.php?page=customers/add.php");
exit(0);
}
}
/*
if ($obj_customer->obj_service->data["typeid_string"] != "phone_trunk") {
log_write("error", "page_output", "The requested service is not a phone_trunk service.");
return 0;
}
// verify that the DDI value is correct (if one has been supplied)
if ($obj_ddi->id) {
if (!$obj_ddi->verify_id()) {
log_write("error", "page_output", "The supplied DDI ID is not valid");
return 0;
}
}
// ensure the DDI range is valid
if ($obj_ddi->data["ddi_start"] > $obj_ddi->data["ddi_finish"]) {
log_write("error", "process", "The supplied DDI range is invalid, the finish DDI must be the same or higher than the start DDI");
error_flag_field("ddi_start");
error_flag_field("ddi_finish");
}
/*
Check for any errors
*/
if (error_check()) {
$_SESSION["error"]["form"]["service_ddi_edit"] = "failed";
header("Location: ../index.php?page=customers/service-ddi-edit.php&id_customer=" . $obj_customer->id . "&id_service_customer=" . $obj_customer->id_service_customer . "&id_ddi=" . $obj_ddi->id);
exit(0);
} else {
/*
Update/Create DDI entry
*/
$obj_ddi->action_update();
/*
Complete
}
if (!$count) {
error_flag_field("domain_message");
log_write("error", "process", "You must select at least one name server group for the domain to belong to.");
}
}
/*
Verify Data
*/
if (!$obj_domain->verify_domain_name()) {
if (isset($obj_domain->data["ipv4_network"])) {
log_write("error", "process", "The requested IP range already has reverse DNS entries!");
error_flag_field("ipv4_network");
} else {
log_write("error", "process", "The requested domain you are trying to add already exists!");
error_flag_field("domain_name");
}
}
/*
Process Data
*/
if (error_check()) {
if ($obj_domain->id) {
$_SESSION["error"]["form"]["domain_edit"] = "failed";
header("Location: ../index.php?page=domains/view.php&id=" . $obj_domain->id . "");
} else {
$_SESSION["error"]["form"]["domain_add"] = "failed";
header("Location: ../index.php?page=domains/add.php");
}
exit(0);
} else {
$data["quantity"] = 1;
}
// all products must have at least 1
break;
case "service":
$data["customid"] = @security_form_input_predefined("int", "serviceid", 1, "");
$data["description"] = @security_form_input_predefined("any", "description", 0, "");
$data["price"] = @security_form_input_predefined("money", "price", 0, "");
$data["discount"] = @security_form_input_predefined("float", "discount", 0, "");
$data["quantity"] = 1;
// all services must have at least 1
break;
default:
// unknown type
log_write("error", "process", "An unexpected error occured, type value of " . $data["type"] . " is invalid");
error_flag_field("type");
break;
}
/*
Verify Data
*/
// check that the specified customer actually exists
if (!$obj_customer->verify_id()) {
log_write("error", "process", "The customer you have attempted to edit - " . $obj_customer->id . " - does not exist in this system.");
} else {
if ($obj_customer->id_order) {
// are we editing an existing order? make sure it exists and belongs to this customer
if (!$obj_customer->verify_id_order()) {
log_write("error", "process", "The order you have attempted to edit - " . $obj_customer->id_order . " - does not exist in this system.");
} else {
$obj_customer->load_data();
function validate_custom_records($data_orig = array())
{
log_debug("domain", "Executing validate_custom_records(array_data)");
if (!isset($this->data)) {
// we need the domain details if we don't already have them
$this->load_data();
}
$data = array();
$data_tmp = array();
if (!empty($data_orig)) {
/*
Supplied Array Data - this data has some amount of pre-processing
done, having already run through the javascript validation.
*/
log_debug("domain", "Using supplied array data in \$data_orig");
/*
Fetch Data
*/
$data["custom"]["num_records"] = count(array_keys($data_orig));
for ($i = 0; $i < $data["custom"]["num_records"]; $i++) {
$data_tmp[$i]["id"] = @security_script_input_predefined("int", $data_orig[$i]["id"], 1);
$data_tmp[$i]["type"] = @security_script_input_predefined("any", $data_orig[$i]["type"], 1);
$data_tmp[$i]["ttl"] = @security_script_input_predefined("int", $data_orig[$i]["ttl"], 1);
$data_tmp[$i]["name"] = @security_script_input_predefined("any", $data_orig[$i]["name"], 1);
$data_tmp[$i]["prio"] = @security_script_input_predefined("int", $data_orig[$i]["prio"], 0);
$data_tmp[$i]["content"] = @security_script_input_predefined("any", $data_orig[$i]["content"], 1);
$data_tmp[$i]["reverse_ptr"] = @security_script_input_predefined("checkbox", $data_orig[$i]["reverse_ptr"], 1);
$data_tmp[$i]["reverse_ptr_orig"] = @security_script_input_predefined("checkbox", $data_orig[$i]["reverse_ptr_orig"], 1);
$data_tmp[$i]["delete_undo"] = @security_script_input_predefined("any", $data_orig[$i]["delete_undo"], 1);
if (empty($data_tmp[$i]["mode"]) || $data_tmp[$i]["mode"] != "delete" && $data_tmp[$i]["mode"] != "update") {
// mode undetermined, run check
if ($data_tmp[$i]["id"] && $data_tmp[$i]["delete_undo"] == "true") {
$data_tmp[$i]["mode"] = "delete";
} else {
if (!empty($data_tmp[$i]["content"]) && $data_tmp[$i]["delete_undo"] == "false") {
$data_tmp[$i]["mode"] = "update";
}
}
}
}
} elseif (isset($_POST['record_custom_page'])) {
/*
Fetch data from POST - easiest way, since we can take advantage of smart
error handling functions built in.
*/
// fetch number of records
$data["custom"]["num_records"] = @security_form_input_predefined("int", "num_records_custom", 0, "");
for ($i = 0; $i < $data["custom"]["num_records"]; $i++) {
/*
Fetch Data
*/
$data_tmp[$i]["id"] = @security_form_input_predefined("int", "record_custom_" . $i . "_id", 0, "");
$data_tmp[$i]["type"] = @security_form_input_predefined("any", "record_custom_" . $i . "_type", 0, "");
$data_tmp[$i]["ttl"] = @security_form_input_predefined("int", "record_custom_" . $i . "_ttl", 0, "");
$data_tmp[$i]["name"] = @security_form_input_predefined("any", "record_custom_" . $i . "_name", 0, "");
$data_tmp[$i]["content"] = @security_form_input_predefined("any", "record_custom_" . $i . "_content", 0, "");
$data_tmp[$i]["reverse_ptr"] = @security_form_input_predefined("checkbox", "record_custom_" . $i . "_reverse_ptr", 0, "");
$data_tmp[$i]["reverse_ptr_orig"] = @security_form_input_predefined("checkbox", "record_custom_" . $i . "_reverse_ptr_orig", 0, "");
$data_tmp[$i]["delete_undo"] = @security_form_input_predefined("any", "record_custom_" . $i . "_delete_undo", 0, "");
/*
Process Raw Data
*/
if ($data_tmp[$i]["id"] && $data_tmp[$i]["delete_undo"] == "true") {
$data_tmp[$i]["mode"] = "delete";
} else {
if (!empty($data_tmp[$i]["content"]) && $data_tmp[$i]["delete_undo"] == "false") {
$data_tmp[$i]["mode"] = "update";
}
}
}
}
/*
Process Validated Inputs
*/
if (!empty($data_tmp)) {
log_write("debug", "domains", "Record values obtained, running detailed check");
for ($i = 0; $i < $data["custom"]["num_records"]; $i++) {
/*
Error Handling
*/
// verify name syntax
if ($data_tmp[$i]["name"] == "*" || preg_match("/^\\*\\.[A-Za-z0-9\\p{L}:._-]+\$/", $data_tmp[$i]["name"])) {
// wildcard records are annoying - wildcards must be standalone, and can't be part of a sring
// OK -> *
// OK -> *.example.com
// BAD -> abc*.example.com
// BAD -> std*abc.example.com
// nothing todo
} elseif ($data_tmp[$i]["name"] != "@" && !preg_match("/^[A-Za-z0-9\\p{L}:._-]*\$/", $data_tmp[$i]["name"])) {
// all other record types
log_write("error", "process", "Sorry, the value you have entered for record " . $data_tmp[$i]["name"] . " contains invalid charactors");
error_flag_field("record_custom_" . $i . "");
}
// validate content and name formatting per domain type
if ($data_tmp[$i]["name"] != "") {
switch ($data_tmp[$i]["type"]) {
case "A":
// validate IPv4
if (!preg_match("/^(?:25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]\\d|\\d)(?:[.](?:25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]\\d|\\d)){3}\$/", $data_tmp[$i]["content"])) {
// invalid IP address
log_write("error", "process", "A record for " . $data_tmp[$i]["name"] . " did not validate as an IPv4 address");
error_flag_field("record_custom_" . $i . "");
}
break;
case "AAAA":
// validate IPv6
if (filter_var($data_tmp[$i]["content"], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) == FALSE) {
// invalid IP address
log_write("error", "process", "AAAA record for " . $data_tmp[$i]["name"] . " did not validate as an IPv6 address");
error_flag_field("record_custom_" . $i . "");
}
break;
case "CNAME":
// validate CNAME
if ($data_tmp[$i]["content"] != "@" && !preg_match("/^[A-Za-z0-9\\p{L}._-]*\$/", $data_tmp[$i]["content"])) {
// invalid CNAME
log_write("error", "process", "CNAME record for " . $data_tmp[$i]["name"] . " contains invalid characters.");
error_flag_field("record_custom_" . $i . "");
}
// make sure it's not an IP
if (filter_var($data_tmp[$i]["content"], FILTER_VALIDATE_IP) == $data_tmp[$i]["content"]) {
// CNAME is pointing at an IP
log_write("error", "process", "CNAME record for " . $data_tmp[$i]["name"] . " is incorrectly referencing an IP address.");
error_flag_field("record_custom_" . $i . "");
}
break;
case "SRV":
// validate SRV name (_service._proto.name OR _service._proto))
if (!preg_match("/^_[A-Za-z0-9\\p{L}.-]*\\._[A-Za-z\\p{L}]*\\.[A-Za-z0-9\\p{L}.-]*\$/", $data_tmp[$i]["name"]) && !preg_match("/^_[A-Za-z0-9\\p{L}.-]*\\._[A-Za-z\\p{L}]*\$/", $data_tmp[$i]["name"])) {
log_write("error", "process", "SRV record for " . $data_tmp[$i]["name"] . " is not correctly formatted - name must be: _service._proto.name");
error_flag_field("record_custom_" . $i . "");
}
// validate SRV content (priority, weight, port, target/host)
if (!preg_match("/^[0-9]*\\s[0-9]*\\s[0-9]*\\s[A-Za-z0-9\\p{L}.-]*\$/", $data_tmp[$i]["content"])) {
log_write("error", "process", "SRV record for " . $data_tmp[$i]["name"] . " is not correctly formatted - content must be: priority weight port target/hostname");
error_flag_field("record_custom_" . $i . "");
}
break;
case "SPF":
case "TXT":
// TXT string could be almost anything, just make sure it's quoted.
$data_tmp[$i]["content"] = str_replace("'", "", $data_tmp[$i]["content"]);
$data_tmp[$i]["content"] = str_replace('"', "", $data_tmp[$i]["content"]);
$data_tmp[$i]["content"] = '"' . $data_tmp[$i]["content"] . '"';
break;
case "PTR":
if (strpos($this->data["domain_name"], "in-addr.arpa")) {
// IPv4 PTR Record
// We only pass through the 4th octet to the end user.
if (!preg_match("/^[0-9]*\$/", $data_tmp[$i]["name"])) {
log_write("error", "process", "PTR reverse record for " . $data_tmp[$i]["content"] . " should be a single octet.");
error_flag_field("record_custom_" . $i . "");
}
if (!preg_match("/^[A-Za-z0-9\\p{L}.-]*\$/", $data_tmp[$i]["content"])) {
log_write("error", "process", "PTR reverse record for " . $data_tmp[$i]["name"] . " is not correctly formatted.");
error_flag_field("record_custom_" . $i . "");
}
} elseif (strpos($this->data["domain_name"], "ip6.arpa")) {
// IPv6 PTR Record
// If the record is already in reverse ARPA format, we should convert it first
if (strpos($data_tmp[$i]["name"], "ip6.arpa")) {
$data_tmp[$i]["name"] = ipv6_convert_fromarpa($data_tmp[$i]["name"]);
}
// We pass through a full IPv6 address and maybe a CIDR value - if provided,
// we should strip off the CIDR and then validate the address and process.
$data_tmp[$i]["name"] = preg_replace("/\\/[0-9]*\$/", '', $data_tmp[$i]["name"]);
if (!filter_var($data_tmp[$i]["name"], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
log_write("error", "process", "Provided PTR IPv6 address for " . $data_tmp[$i]["name"] . " is not a valid IPv6 address.");
error_flag_field("record_custom_" . $i . "");
}
if (!preg_match("/^[A-Za-z0-9\\p{L}.-]*\$/", $data_tmp[$i]["content"])) {
log_write("error", "process", "Provided PTR IPv6 reverse record for " . $data_tmp[$i]["name"] . " is not correctly formatted.");
error_flag_field("record_custom_" . $i . "");
}
// convert the record into PTR formatted value
$data_tmp[$i]["name"] = ipv6_convert_arpa($data_tmp[$i]["name"]);
}
break;
case "SSHFP":
// validate SSHFP content (algorithm, type, key/fingerprint)
if (!preg_match("/^[1-4] [1-2] [a-fA-F0-9]+\$/", $data_tmp[$i]["content"])) {
log_write("error", "process", "SSHFP record for " . $data_tmp[$i]["name"] . " is not correctly formatted - content must be: algorithm(1-4) type(1-2) <key/fingerprint>");
error_flag_field("record_custom_" . $i . "");
}
break;
case "LOC":
// validate SSHFP content (algorithm, type, key/fingerprint)
if (!preg_match("/^[0-9]+( [0-9]+( [0-9]+\\.[0-9]+)?)? N|S [0-9]+( [0-9]+( [0-9]+\\.[0-9]+)?)? E|W \\-?[0-9]+\\.[0-9]+m?( [0-9]+\\.[0-9]+m?)?( [0-9]+\\.[0-9]+m?)?/", $data_tmp[$i]["content"])) {
log_write("error", "process", "LOC record for " . $data_tmp[$i]["name"] . " is not correctly formatted - content must follow RFC 1876");
error_flag_field("record_custom_" . $i . "");
}
break;
case "NS":
case "MX":
case "HINFO":
// nothing todo.
break;
default:
log_write("error", "process", "Unknown record type " . $data_tmp[$i]["type"] . "");
break;
}
// remove excess "." which might have been added
$data_tmp[$i]["name"] = rtrim($data_tmp[$i]["name"], ".");
$data_tmp[$i]["content"] = rtrim($data_tmp[$i]["content"], ".");
// verify reverse PTR options
if ($data_tmp[$i]["reverse_ptr"]) {
if ($data_tmp[$i]["type"] == "A" || $data_tmp[$i]["type"] == "AAAA") {
// check if the appropiate reverse DNS domain exists
$obj_record = new domain_records();
if (!$obj_record->find_reverse_domain($data_tmp[$i]["content"])) {
// no match
log_write("error", "process", "Sorry, we can't set a reverse PTR for " . $data_tmp[$i]["content"] . " --> " . $data_tmp[$i]["name"] . ", since there is no reverse domain record for that IP address");
error_flag_field("record_custom_" . $i . "");
} else {
// match, record the domain ID and record ID to save a lookup
$data_tmp[$i]["reverse_ptr_id_domain"] = $obj_record->id;
$data_tmp[$i]["reverse_ptr_id_record"] = $obj_record->id_record;
}
// add to the reverse domain list - we use this list to avoid reloading for every record
if (@(!in_array($obj_record->id, $data["reverse"]))) {
$data["reverse"][] = $obj_record->id;
}
unset($obj_record);
} else {
log_write("error", "process", "A reverse PTR record is only valid for an A or AAAA record");
error_flag_field("record_custom_" . $i . "");
}
}
// add to processing array
$data["records"][] = $data_tmp[$i];
} else {
/*
No record name exists - this is only valid if no content is also supplied
*/
if (!empty($data_tmp[$i]['content'])) {
log_write("error", "process", "Name cannot be empty for IP address: " . $data_tmp[$i]['content']);
error_flag_field("record_custom_" . $i . "");
}
}
}
// end of loop through records
} else {
log_write("debug", "domains", "No records provided, no validation performed");
}
// return structured array
return $data;
}
/*
Verify Data
*/
// make sure a valid service ID has been supplied
if (!$obj_service->verify_id()) {
log_write("error", "process", "The service you have requested - " . $obj_service->id . " - does not exist in this system");
}
// check the option id values
if (!$obj_rate_table->verify_id_override()) {
// TODO: seriously need a better error message here, this means almost nothing to me and I wrote it....
log_write("error", "process", "The service and rate ids do not correct match any known override");
}
// verify that the prefix is unique
if (!$obj_rate_table->verify_rate_prefix_override()) {
log_write("error", "process", "Another rate override already exists with the supplied prefix - unable to add another one with the same prefix");
error_flag_field("rate_prefix");
}
/*
Check for any errors
*/
if (error_check()) {
header("Location: ../index.php?page=services/cdr-override.php&id_service=" . $obj_service->id);
exit(0);
} else {
/*
Delete Rate Override
*/
$obj_rate_table->action_rate_delete_override();
/*
Complete
*/
log_write("error", "process", "The name server group you have attempted to edit - " . $obj_name_server_group->id . " - does not exist in this system.");
} else {
// load existing data
$obj_name_server_group->load_data();
}
}
// basic fields
$obj_name_server_group->data["group_name"] = security_form_input("/^\\w*\$/", "group_name", 1, "Group name must be a alpha numeric word with optional underscores - no spaces or other symbols.");
$obj_name_server_group->data["group_description"] = security_form_input_predefined("any", "group_description", 0, "");
/*
Verify Data
*/
// ensure the group name is unique
if (!$obj_name_server_group->verify_group_name()) {
log_write("error", "process", "The requested group name already exists, have you checked that the group you're trying to add doesn't already exist?");
error_flag_field("group_name");
}
/*
Process Data
*/
if (error_check()) {
if ($obj_name_server_group->id) {
$_SESSION["error"]["form"]["name_server_group_edit"] = "failed";
header("Location: ../index.php?page=servers/group-view.php&id=" . $obj_name_server_group->id . "");
} else {
$_SESSION["error"]["form"]["name_server_group_edit"] = "failed";
header("Location: ../index.php?page=servers/group-add.php");
}
exit(0);
} else {
// clear error data
} else {
log_write("notification", "sql_query", "Tested successful connection to traffic usage database");
$obj_sql->session_terminate();
}
}
/*
Test CDR Database
*/
if ($data["SERVICE_CDR_DB_TYPE"] == "mysql_cdr_daily") {
$obj_sql = new sql_query();
if (!$obj_sql->session_init("mysql", $data["SERVICE_CDR_DB_HOST"], $data["SERVICE_CDR_DB_NAME"], $data["SERVICE_CDR_DB_USERNAME"], $data["SERVICE_CDR_DB_PASSWORD"])) {
log_write("error", "sql_query", "Unable to connect to CDR service usage database!");
error_flag_field("SERVICE_CDR_DB_HOST");
error_flag_field("SERVICE_CDR_DB_NAME");
error_flag_field("SERVICE_CDR_DB_USERNAME");
error_flag_field("SERVICE_CDR_DB_PASSWORD");
} else {
log_write("notification", "sql_query", "Tested successful connection to CDR usage database");
$obj_sql->session_terminate();
}
}
/*
Process Errors
*/
if (error_check()) {
$_SESSION["error"]["form"]["config_services"] = "failed";
header("Location: ../index.php?page=admin/config_services.php");
exit(0);
} else {
$_SESSION["error"] = array();
/*
function verify_fields()
{
log_debug("traffic_types", "Executing verify_fields()");
if (!empty($this->data["type_name"])) {
$sql_obj = new sql_query();
$sql_obj->string = "SELECT id FROM traffic_types WHERE type_name='" . $this->data["type_name"] . "' AND id!='" . $this->id . "' LIMIT 1";
$sql_obj->execute();
if ($sql_obj->num_rows()) {
log_write("error", "traffic_types", "This name is already in use, please select another");
error_flag_field("type_name");
return 0;
}
}
if (!empty($this->data["type_label"])) {
$sql_obj = new sql_query();
$sql_obj->string = "SELECT id FROM traffic_types WHERE type_label='" . $this->data["type_label"] . "' AND id!='" . $this->id . "' LIMIT 1";
$sql_obj->execute();
if ($sql_obj->num_rows()) {
log_write("error", "traffic_types", "This label is already in use, please select another");
error_flag_field("type_label");
return 0;
}
}
if ($this->data["type_name"] == "any" || $this->data["type_name"] == "Any") {
log_write("error", "traffic_types", "Any is a reserved cap name for catchall caps.");
error_flag_field("type_name");
return 0;
}
if ($this->data["type_label"] == "*" || $this->data["type_label"] == "any" || $this->data["type_label"] == "Any") {
log_write("error", "traffic_types", "Any/* is a reserved label type for catchall caps.");
error_flag_field("type_label");
return 0;
}
return 1;
}
error_flag_field("id_group");
error_flag_field("server_record");
}
/*
Optional: Verify Amazon AWS Route53 Hosted DNS Provider
*/
if (!empty($obj_name_server->data["route53_access_key"])) {
// verify the credentials are correct
try {
$route53 = Aws\Route53\Route53Client::factory(array('key' => $obj_name_server->data["route53_access_key"], 'secret' => $obj_name_server->data["route53_secret_key"]));
$query = $route53->listHostedZones();
} catch (Aws\Route53\Exception\Route53Exception $e) {
log_write("error", "process", "Unable to connect to Route53 with provided credentials");
log_write("error", "process", "Failure returned: " . $e->getExceptionCode() . "");
error_flag_field("route53_access_key");
error_flag_field("route53_secret_key");
}
}
/*
Process Data
*/
if (error_check()) {
if ($obj_name_server->id) {
$_SESSION["error"]["form"]["name_server_edit"] = "failed";
header("Location: ../index.php?page=servers/view.php&id=" . $obj_name_server->id . "");
} else {
$_SESSION["error"]["form"]["name_server_edit"] = "failed";
header("Location: ../index.php?page=servers/add.php");
}
exit(0);
} else {
if ($raw_string == "" && $translation == "") {
//if both are blank, continue to next as this row was not filled in
continue;
} else {
//if one field or the other is blank, give error
if ($raw_string == "" || $translation == "") {
error_flag_field($row);
log_write("error", "page_output", "Both the untranslated phrase and the translation must be provided.");
break;
} else {
//if label already exists in DB, check user has permission to edit
$sql_obj->string = "SELECT id FROM language WHERE label='{$raw_string}' AND language='{$language}'";
$sql_obj->execute();
if ($sql_obj->num_rows()) {
if (!user_permissions_get("translation_edit")) {
error_flag_field($row);
log_write("error", "page_output", "You do not have permission to edit previously provided translations.");
break;
} else {
$sql_obj->string = "UPDATE language SET translation = '{$translation}' WHERE label='{$raw_string}' AND language = '{$language}'";
$sql_obj->execute();
}
} else {
$sql_obj->string = "INSERT INTO language (language, label, translation) VALUES ('{$language}', '{$raw_string}', '{$translation}')";
$sql_obj->execute();
}
}
}
}
if (error_check()) {
$_SESSION["error"]["form"]["translation_form"] = "failed";
$groups_array[] = $data_tmp["id_group"];
}
/*
* Verify data
* Check for delete requests
* Check for errors
*/
//if data, do nothing
if (empty($data_tmp["key"]) && empty($data_tmp["value"])) {
continue;
} elseif ($data_tmp["delete_undo"] == "true") {
$data_tmp["mode"] = "delete";
$data["attributes"][] = $data_tmp;
} elseif (empty($data_tmp["key"]) || empty($data_tmp["value"])) {
error_flag_field("attribute_" . $data_tmp["id"] . "_key");
error_flag_field("attribute_" . $data_tmp["id"] . "_value");
log_write("error", "page_output", "Both the key and value fields must be completed");
} else {
$data["attributes"][] = $data_tmp;
}
}
//check for new attribute rows
$new_attributes = array();
for ($i = 0; $i < count($groups_array); $i++) {
$new_attributes[$groups_array[$i]] = @security_form_input_predefined("any", "group_" . $groups_array[$i] . "_new_attributes", 0, "");
}
// verify customer
if (!$obj_customer->verify_id()) {
log_write("error", "process", "The supplied customer ID of " . $obj_customer->id . " is not valid");
}
// return to input page in event of an error
