public function process(Vtiger_Request $request)
{
$qualifiedModuleName = $request->getModule(false);
$moduleModel = Settings_Vtiger_CompanyDetails_Model::getInstance();
$status = false;
if ($request->get('organizationname')) {
$saveLogo = $status = true;
if (!empty($_FILES['logo']['name'])) {
$logoDetails = $_FILES['logo'];
$fileType = explode('/', $logoDetails['type']);
$fileType = $fileType[1];
if (!$logoDetails['size'] || !in_array($fileType, Settings_Vtiger_CompanyDetails_Model::$logoSupportedFormats)) {
$saveLogo = false;
}
//mime type check
$mimeType = vtlib_mime_content_type($logoDetails['tmp_name']);
$mimeTypeContents = explode('/', $mimeType);
if (!$logoDetails['size'] || $mimeTypeContents[0] != 'image' || !in_array($mimeTypeContents[1], Settings_Vtiger_CompanyDetails_Model::$logoSupportedFormats)) {
$saveLogo = false;
}
// Check for php code injection
$imageContents = file_get_contents($_FILES["logo"]["tmp_name"]);
if (preg_match('/(<\\?php?(.*?))/i', $imageContents) == 1) {
$saveLogo = false;
}
if ($saveLogo) {
$moduleModel->saveLogo();
}
} else {
$saveLogo = true;
}
$fields = $moduleModel->getFields();
foreach ($fields as $fieldName => $fieldType) {
$fieldValue = $request->get($fieldName);
if ($fieldName === 'logoname') {
if (!empty($logoDetails['name'])) {
$fieldValue = ltrim(basename(" " . $logoDetails['name']));
} else {
$fieldValue = $moduleModel->get($fieldName);
}
}
$moduleModel->set($fieldName, $fieldValue);
}
$moduleModel->save();
}
$reloadUrl = $moduleModel->getIndexViewUrl();
if ($saveLogo && $status) {
} else {
if (!$saveLogo) {
$reloadUrl .= '&error=LBL_INVALID_IMAGE';
} else {
$reloadUrl = $moduleModel->getEditViewUrl() . '&error=LBL_FIELDS_INFO_IS_EMPTY';
}
}
header('Location: ' . $reloadUrl);
}
/**
* This function is used to upload the attachment in the server and save that attachment information in db.
* @param int $id - entity id to which the file to be uploaded
* @param string $module - the current module name
* @param array $file_details - array which contains the file information(name, type, size, tmp_name and error)
* return void
*/
function uploadAndSaveFile($id, $module, $file_details)
{
global $log;
$log->debug("Entering into uploadAndSaveFile({$id},{$module},{$file_details}) method.");
global $adb, $current_user;
global $upload_badext;
$date_var = date("Y-m-d H:i:s");
//to get the owner id
$ownerid = $this->column_fields['assigned_user_id'];
if (!isset($ownerid) || $ownerid == '') {
$ownerid = $current_user->id;
}
if (isset($file_details['original_name']) && $file_details['original_name'] != null) {
$file_name = $file_details['original_name'];
} else {
$file_name = $file_details['name'];
}
$save_file = 'true';
//only images are allowed for Image Attachmenttype
$mimeType = vtlib_mime_content_type($file_details['tmp_name']);
$mimeTypeContents = explode('/', $mimeType);
// For contacts and products we are sending attachmentType as value
if ($attachmentType == 'Image' || $file_details['size'] && $mimeTypeContents[0] == 'image') {
$save_file = validateImageFile($file_details);
}
if ($save_file == 'false') {
return false;
}
$binFile = sanitizeUploadFileName($file_name, $upload_badext);
$current_id = $adb->getUniqueID("vtiger_crmentity");
$filename = ltrim(basename(" " . $binFile));
//allowed filename like UTF-8 characters
$filetype = $file_details['type'];
$filesize = $file_details['size'];
$filetmp_name = $file_details['tmp_name'];
//get the file path inwhich folder we want to upload the file
$upload_file_path = decideFilePath();
//upload the file in server
$upload_status = move_uploaded_file($filetmp_name, $upload_file_path . $current_id . "_" . $binFile);
$save_file = 'true';
//only images are allowed for these modules
if ($module == 'Contacts' || $module == 'Products') {
$save_file = validateImageFile($file_details);
}
if ($save_file == 'true' && $upload_status == 'true') {
//This is only to update the attached filename in the vtiger_notes vtiger_table for the Notes module
if ($module == 'Contacts' || $module == 'Products') {
$sql1 = "insert into vtiger_crmentity (crmid,smcreatorid,smownerid,setype,description,createdtime,modifiedtime) values(?, ?, ?, ?, ?, ?, ?)";
$params1 = array($current_id, $current_user->id, $ownerid, $module . " Image", $this->column_fields['description'], $adb->formatDate($date_var, true), $adb->formatDate($date_var, true));
} else {
$sql1 = "insert into vtiger_crmentity (crmid,smcreatorid,smownerid,setype,description,createdtime,modifiedtime) values(?, ?, ?, ?, ?, ?, ?)";
$params1 = array($current_id, $current_user->id, $ownerid, $module . " Attachment", $this->column_fields['description'], $adb->formatDate($date_var, true), $adb->formatDate($date_var, true));
}
$adb->pquery($sql1, $params1);
$sql2 = "insert into vtiger_attachments(attachmentsid, name, description, type, path) values(?, ?, ?, ?, ?)";
$params2 = array($current_id, $filename, $this->column_fields['description'], $filetype, $upload_file_path);
$result = $adb->pquery($sql2, $params2);
if ($_REQUEST['mode'] == 'edit') {
if ($id != '' && vtlib_purify($_REQUEST['fileid']) != '') {
$delquery = 'delete from vtiger_seattachmentsrel where crmid = ? and attachmentsid = ?';
$delparams = array($id, vtlib_purify($_REQUEST['fileid']));
$adb->pquery($delquery, $delparams);
}
}
if ($module == 'Documents') {
$query = "delete from vtiger_seattachmentsrel where crmid = ?";
$qparams = array($id);
$adb->pquery($query, $qparams);
}
if ($module == 'Contacts') {
$att_sql = "select vtiger_seattachmentsrel.attachmentsid from vtiger_seattachmentsrel inner join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_seattachmentsrel.attachmentsid where vtiger_crmentity.setype='Contacts Image' and vtiger_seattachmentsrel.crmid=?";
$res = $adb->pquery($att_sql, array($id));
$attachmentsid = $adb->query_result($res, 0, 'attachmentsid');
if ($attachmentsid != '') {
$delquery = 'delete from vtiger_seattachmentsrel where crmid=? and attachmentsid=?';
$adb->pquery($delquery, array($id, $attachmentsid));
$crm_delquery = "delete from vtiger_crmentity where crmid=?";
$adb->pquery($crm_delquery, array($attachmentsid));
$sql5 = 'insert into vtiger_seattachmentsrel values(?,?)';
$adb->pquery($sql5, array($id, $current_id));
} else {
$sql3 = 'insert into vtiger_seattachmentsrel values(?,?)';
$adb->pquery($sql3, array($id, $current_id));
}
} else {
$sql3 = 'insert into vtiger_seattachmentsrel values(?,?)';
$adb->pquery($sql3, array($id, $current_id));
}
return true;
} else {
$log->debug("Skip the save attachment process.");
return false;
}
}
