示例#1
0
 /**
  * Disguise action
  *
  * Administrator is able to disguise (and login) as other users.
  * This method will facilitate this functionalities.
  *
  * TODO better PHPDOC
  */
 public function page_disguise()
 {
     // newUserID variable need to be passed in as a POST variable
     $reqUserID = IEM::requestGetPOST('newUserID', 0, 'intval');
     if (empty($reqUserID)) {
         IEM::redirectTo('index');
         return false;
     }
     // Attempt to login user with different ID
     if (!IEM::userLogin($reqUserID, false)) {
         IEM::redirectTo('index');
         return false;
     }
     IEM::redirectTo('index');
     return true;
 }
示例#2
0
文件: users.php 项目: hungnv0789/vhtm
	/**
	* PrintEditForm
	* Prints a form to edit a user. If you pass in a userid, it will load up that user and print their information. If you pass in the details array, it will prefill the form with that information (eg if you tried to create a user with a duplicate username). Also checks whether you are allowed to edit this user. If you are not an admin, you are only allowed to edit your own account.
	*
	* @param Int $userid Userid to load up.
	* @param Array $details Details to prefill the form with (in case there was a problem creating the user).
	*
	* @see User_API::Admin
	* @see User_API::Status
	* @see User_API::ListAdmin
	* @see User_API::EditOwnSettings
	* @see GetUser
	*
	* @return Void Returns nothing. If you don't have access to edit a particular user, it prints an error message and exits. Otherwise it prints the correct form (either edit-own or edit) and then exits.
	*/
	function PrintEditForm($userid = 0, $details = array())
	{
		$thisuser = IEM::getCurrentUser();
		if (!$thisuser->UserAdmin()) {
			if ($userid != $thisuser->userid) {
				$this->DenyAccess();
			}

			if (!$thisuser->EditOwnSettings()) {
				$this->DenyAccess();
			}
		}

		$user = $this->GetApi('User');

		$listapi = $this->GetApi('Lists');
		$all_lists = $listapi->GetLists(0, array('SortBy' => 'name', 'Direction' => 'asc'), false, 0, 0);

		$segmentapi = $this->GetApi('Segment');
		$all_segments = $segmentapi->GetSegments(array('SortBy' => 'segmentname', 'Direction' => 'asc'), false, 0, 'all');

		$templateapi = $this->GetApi('Templates');
		$all_templates = $templateapi->GetTemplates(0, array('SortBy' => 'name', 'Direction' => 'asc'), false, 0, 0);

		$all_groups = API_USERGROUPS::getRecords(false, false, 0, 0, 'groupname');

		$GLOBALS['CustomSmtpServer_Display'] = '0';

		$GLOBALS['XmlPath'] = SENDSTUDIO_APPLICATION_URL . '/xml.php';

		if ($userid > 0) {
			$user = GetUser($userid);
			if ($user->Get('userid') <= 0) {
				$GLOBALS['ErrorMessage'] = GetLang('UserDoesntExist');
				$this->DenyAccess();
				return;
			}
			$GLOBALS['UserID'] = $user->Get('userid');
			$GLOBALS['UserName'] = htmlspecialchars($user->Get('username'), ENT_QUOTES, SENDSTUDIO_CHARSET);
			$GLOBALS['FullName'] = htmlspecialchars($user->Get('fullname'), ENT_QUOTES, SENDSTUDIO_CHARSET);
			$GLOBALS['EmailAddress'] = htmlspecialchars($user->Get('emailaddress'), ENT_QUOTES, SENDSTUDIO_CHARSET);

			$activity = $user->GetEventActivityType();
			if (!is_array($activity)) {
				$activity = array();
			}
			$GLOBALS['EventActivityType'] = implode("\n", $activity);

			$GLOBALS['MaxLists'] = $user->group->limit_list;
			$GLOBALS['MaxEmails'] = $user->group->limit_totalemailslimit;
			$GLOBALS['PerMonth'] = $user->group->limit_emailspermonth;
			$GLOBALS['PerHour'] = $user->group->limit_hourlyemailsrate;


			$GLOBALS['DisplayMaxLists'] = '';
			if ($user->Get('maxlists') == 0) {
				$GLOBALS['LimitListsChecked'] = ' CHECKED';
				$GLOBALS['DisplayMaxLists'] = 'none';
			}

			$GLOBALS['DisplayEmailsPerHour'] = '';
			if ($user->Get('perhour') == 0) {
				$GLOBALS['LimitPerHourChecked'] = ' CHECKED';
				$GLOBALS['DisplayEmailsPerHour'] = 'none';
			}

			$GLOBALS['DisplayEmailsPerMonth'] = '';
			if ($user->Get('permonth') == 0) {
				$GLOBALS['LimitPerMonthChecked'] = ' CHECKED';
				$GLOBALS['DisplayEmailsPerMonth'] = 'none';
			}

			$GLOBALS['LimitMaximumEmailsChecked'] = ' CHECKED';
			$GLOBALS['DisplayEmailsMaxEmails'] = 'none';

			if (!$user->hasUnlimitedCredit()) {
				$GLOBALS['LimitMaximumEmailsChecked'] = '';
				$GLOBALS['DisplayEmailsMaxEmails'] = '';
			}

			if ($user->Get('usewysiwyg')) {
				$GLOBALS['UseWysiwyg'] = ' CHECKED';
				$GLOBALS['UseXHTMLDisplay'] = ' style="display:block;"';
			} else {
				$GLOBALS['UseXHTMLDisplay'] = ' style="display:none;"';
			}

			if ($user->Get('enableactivitylog')) {
				$GLOBALS['EnableActivityLog'] = ' CHECKED';
			} else {
				$GLOBALS['EnableActivityLog'] = '';
			}

			$GLOBALS['UseXHTMLCheckbox'] = $user->Get('usexhtml')? ' CHECKED' : '';

			$GLOBALS['Xmlapi'] = $user->Get('xmlapi')? ' CHECKED' : '';
			$GLOBALS['XMLTokenDisplay'] = ' style="display:none;"';

			if ($user->Get('xmlapi')) {
				$GLOBALS['XMLTokenDisplay'] = ' style="display:block;"';
			}
			$GLOBALS['XmlToken'] = htmlspecialchars($user->Get('xmltoken'), ENT_QUOTES, SENDSTUDIO_CHARSET);

			$GLOBALS['TextFooter'] = $user->Get('textfooter');
			$GLOBALS['HTMLFooter'] = $user->Get('htmlfooter');

			$GLOBALS['SmtpServer'] = $user->Get('smtpserver');
			$GLOBALS['SmtpUsername'] = $user->Get('smtpusername');
			$GLOBALS['SmtpPassword'] = $user->Get('smtppassword');
			$GLOBALS['SmtpPort'] = $user->Get('smtpport');

			if ($GLOBALS['SmtpServer']) {
				$GLOBALS['CustomSmtpServer_Display'] = '1';
			}

			$GLOBALS['googlecalendarusername'] = htmlspecialchars($user->Get('googlecalendarusername'), ENT_QUOTES, SENDSTUDIO_CHARSET);
			$GLOBALS['googlecalendarpassword'] = htmlspecialchars($user->Get('googlecalendarpassword'), ENT_QUOTES, SENDSTUDIO_CHARSET);

			$GLOBALS['FormAction'] = 'Action=Save&UserID=' . $user->userid;

			if (!$thisuser->UserAdmin()) {

				$smtp_access = $thisuser->HasAccess('User', 'SMTP');

				$GLOBALS['ShowSMTPInfo'] = 'none';
				$GLOBALS['DisplaySMTP'] = '0';

				if ($smtp_access) {
					$GLOBALS['ShowSMTPInfo'] = '';
				}

				if ($GLOBALS['SmtpServer']) {
					$GLOBALS['CustomSmtpServer_Display'] = '1';
					if ($smtp_access) {
						$GLOBALS['DisplaySMTP'] = '1';
					}
				}

				$this->ParseTemplate('User_Edit_Own');
				return;
			}

			$GLOBALS['StatusChecked'] = ($user->Status()) ? ' CHECKED' : '';

			$GLOBALS['ForceDoubleOptInChecked'] = ($user->Get('forcedoubleoptin')) ? ' CHECKED' : '';
			$GLOBALS['ForceSpamCheckChecked'] = ($user->Get('forcespamcheck')) ? ' CHECKED' : '';
			$GLOBALS['InfoTipsChecked'] = ($user->InfoTips()) ? ' CHECKED' : '';

			$editown = '';
			if ($user->UserAdmin()) {
				$editown = ' CHECKED';
			} else {
				if ($user->EditOwnSettings()) {
					$editown = ' CHECKED';
				}
			}
			$GLOBALS['EditOwnSettingsChecked'] = $editown;

			$timezone = $user->usertimezone;

			$GLOBALS['TimeZoneList'] = $this->TimeZoneList($timezone);

			$admintype = $user->AdminType();
			$listadmintype = $user->ListAdminType();
			$segmentadmintype = $user->SegmentAdminType();
			$templateadmintype = $user->TemplateAdminType();

			$admin = $user->Admin();
			$listadmin = $user->ListAdmin();
			$segmentadmin = $user->SegmentAdmin();
			$templateadmin = $user->TemplateAdmin();

			$permissions = $user->Get('permissions');
			$area_access = $user->Get('access');

			$GLOBALS['Heading'] = GetLang('EditUser');
			$GLOBALS['Help_Heading'] = GetLang('Help_EditUser');

			$GLOBALS['AdminNotifyEmailAddress'] = $user->Get('adminnotify_email');
			if (empty($GLOBALS['AdminNotifyEmailAddress'])) {
				$GLOBALS['AdminNotifyEmailAddress'] = constant('SENDSTUDIO_EMAIL_ADDRESS');
			}

			$GLOBALS['AdminNotifications_Send_Email'] = $user->Get('adminnotify_send_emailtext');
			if (empty($GLOBALS['AdminNotifications_Send_Email'])) {
				$GLOBALS['AdminNotifications_Send_Email'] = GetLang('AdminNotifications_Send_Email');
			}

			$GLOBALS['AdminNotifications_Import_Email'] = $user->Get('adminnotify_import_emailtext');
			if (empty($GLOBALS['AdminNotifications_Import_Email'])) {
				$GLOBALS['AdminNotifications_Import_Email'] = GetLang('AdminNotifications_Import_Email');
			}

			$GLOBALS['SendLimit'] = $user->Get('adminnotify_send_threshold');
			$GLOBALS['ImportLimit'] = $user->Get('adminnotify_import_threshold');

			if (empty($GLOBALS['SendLimit'])) {
				$GLOBALS['SendLimit'] = 1000;
			}
			if (empty($GLOBALS['ImportLimit'])) {
				$GLOBALS['ImportLimit'] = 1000;
			}

			$admin_flag = $user->Get('adminnotify_send_flag');
			if ($user->Get('adminnotify_send_flag') == 1) {
				$GLOBALS['AdminNotificationsSend'] = 'CHECKED';
				$GLOBALS['UseNotifySend'] = '';
			} else {
				$GLOBALS['UseNotifySend'] = "style=display:none;";
			}
			if ($user->Get('adminnotify_import_flag') == 1) {
				$GLOBALS['AdminNotificationsImport'] = 'CHECKED';
				$GLOBALS['UseNotifyImport'] = '';
			} else {
				$GLOBALS['UseNotifyImport'] = "style=display:none;";
			}

			$GLOBALS['SmtpPort'] = $user->Get('smtpport');


			// Log this to "User Activity Log"
			IEM::logUserActivity(IEM::urlFor('users', array('Action' => 'Edit', 'UserID' => $userid)), 'images/user.gif', $user->username);

		} else {
			$timezone = (isset($details['timezone'])) ? $details['timezone'] : SENDSTUDIO_SERVERTIMEZONE;
			$GLOBALS['TimeZoneList'] = $this->TimeZoneList($timezone);

			$activity = $thisuser->defaultEventActivityType;
			if (!is_array($activity)) {
				$activity = array();
			}
			$GLOBALS['EventActivityType'] = implode("\n", $activity);

			$GLOBALS['FormAction'] = 'Action=Create';

			if (!empty($details)) {
				foreach ($details as $area => $val) {
					$GLOBALS[$area] = $val;
				}
			}
			$GLOBALS['Heading'] = GetLang('CreateUser');
			$GLOBALS['Help_Heading'] = GetLang('Help_CreateUser');

			$listadmintype = 'c';
			$segmentadmintype = 'c';
			$admintype = 'c';
			$templateadmintype = 'c';

			$GLOBALS['DisplayMaxLists'] = 'none';
			$GLOBALS['DisplayEmailsPerHour'] = 'none';
			$GLOBALS['DisplayEmailsPerMonth'] = 'none';
			$GLOBALS['DisplayEmailsMaxEmails'] = 'none';

			$GLOBALS['MaxLists'] = '0';
			$GLOBALS['PerHour'] = '0';
			$GLOBALS['PerMonth'] = '0';
			$GLOBALS['MaxEmails'] = '0';

			$GLOBALS['StatusChecked'] = ' CHECKED';
			$GLOBALS['ForceDoubleOptInChecked'] = '';
			$GLOBALS['ForceSpamCheckChecked'] = '';
			$GLOBALS['InfoTipsChecked'] = ' CHECKED';
			$GLOBALS['EditOwnSettingsChecked'] = ' CHECKED';

			$GLOBALS['LimitListsChecked'] = ' CHECKED';
			$GLOBALS['LimitPerHourChecked'] = ' CHECKED';
			$GLOBALS['LimitPerMonthChecked'] = ' CHECKED';
			$GLOBALS['LimitMaximumEmailsChecked'] = ' CHECKED';

			$GLOBALS['UseWysiwyg'] = ' CHECKED';
			$GLOBALS['EnableLastViewed'] = '';
			$GLOBALS['UseXHTMLCheckbox'] = ' CHECKED';

			$GLOBALS['HTMLFooter'] = GetLang('Default_Global_HTML_Footer');
			$GLOBALS['TextFooter'] = GetLang('Default_Global_Text_Footer');

			$GLOBALS['EnableActivityLog'] = ' CHECKED';

			$GLOBALS['Xmlapi'] = '';
			$GLOBALS['XMLTokenDisplay'] = ' style="display:none;"';

			$admin = $listadmin = $segmentadmin = $templateadmin = false;
			$permissions = array();
			$area_access = array('lists' => array(), 'templates' => array(), 'segments' => array());

			$GLOBALS['AdminNotifyEmailAddress'] = constant('SENDSTUDIO_EMAIL_ADDRESS');
			$GLOBALS['UseNotifySend'] = "style=display:none;";
			$GLOBALS['UseNotifyImport'] = "style=display:none;";

			$GLOBALS['SendLimit'] = 1000;
			$GLOBALS['ImportLimit'] = 1000;
			$GLOBALS['AdminNotifications_Send_Email'] = GetLang('AdminNotifications_Send_Email');
			$GLOBALS['AdminNotifications_Import_Email'] = GetLang('AdminNotifications_Import_Email');

		}

		$agencyid = defined('IEM_SYSTEM_LICENSE_AGENCY') ? IEM_SYSTEM_LICENSE_AGENCY : '';
		$available_users = $user->AvailableUsers();

		$template = GetTemplateSystem();
        
		$template->Assign('UserID', $user->userid);
		$template->Assign('groupid', $user->groupid);
		$template->Assign('canChangeUserGroup', !$user->isLastAdmin());
		$template->Assign('AgencyEdition', get_agency_license_variables());
		$template->Assign('EditOwn', ($user->userid != 0 && $user->userid == $thisuser->userid));
		$template->Assign('TrialUser', $user->trialuser);
		$template->Assign('EditMode', !empty($user->userid));
		$template->Assign('AvailableNormalUsers', isset($available_users['normal']) ? $available_users['normal'] : 0);
		$template->Assign('AvailableTrialUsers', isset($available_users['trial']) ? $available_users['trial'] : 0);
		$template->Assign('AvailableGroups', $all_groups);
		$template->Assign('record_groupid', $user->groupid);
		$template->Assign('DefaultIdTab', IEM::requestGetPOST('id_tab_num', 1, 'intval'));
		$template->Assign('showSmtpInfo', (bool) $user->smtpserver);

		$template->ParseTemplate('User_Form');
	}
	/**
	* Process
	* Works out what you're trying to do and takes appropriate action.
	* Checks to make sure you have access to import subscribers before anything else.
	*
	* @param String $action Action to perform. This is usually 'step1', 'step2', 'step3' etc. This gets passed in by the Subscribers::Process function.
	*
	* @see Subscribers::Process
	* @see GetUser
	* @see User_API::HasAccess
	* @see ChooseList
	* @see ImportSubscribers_Step2
	* @see FileGetLine
	* @see ImportSubscriberLine
	* @see PrintStatusReport
	* @see LinkFields
	*
	* @return Void Prints out the step, doesn't return anything.
	*/
	function Process($action=null)
	{
		$user = GetUser();

		$this->PrintHeader(false, false, false);

		if (!is_null($action)) {
			$action = strtolower($action);
		}

		switch ($action) {
			case 'view_report':
				$importresults = IEM::sessionGet('ImportResults');

				$report_type = (isset($_GET['ReportType'])) ? strtolower($_GET['ReportType']) : null;
				switch ($report_type) {
					case 'duplicates':
						$GLOBALS['Heading'] = GetLang('ImportResults_Report_Duplicates_Heading');
						$GLOBALS['Intro'] = GetLang('ImportResults_Report_Duplicates_Intro');
						$email_list = '';
						foreach ($importresults['duplicateemails'] as $p => $email) {
							$email_list .= htmlspecialchars(trim($email), ENT_QUOTES, SENDSTUDIO_CHARSET) . "\n";
						}
						$GLOBALS['EmailList'] = $email_list;
					break;

					case 'unsubscribes':
						$GLOBALS['Heading'] = GetLang('ImportResults_Report_Unsubscribed_Heading');
						$GLOBALS['Intro'] = GetLang('ImportResults_Report_Unsubscribed_Intro');
						$email_list = '';
						foreach ($importresults['unsubscribedemails'] as $p => $email) {
							$email_list .= htmlspecialchars(trim($email), ENT_QUOTES, SENDSTUDIO_CHARSET) . "\n";
						}
						$GLOBALS['EmailList'] = $email_list;
					break;

					case 'bans':
						$GLOBALS['Heading'] = GetLang('ImportResults_Report_Banned_Heading');
						$GLOBALS['Intro'] = GetLang('ImportResults_Report_Banned_Intro');
						$email_list = '';
						foreach ($importresults['bannedemails'] as $p => $email) {
							$email_list .= htmlspecialchars(trim($email), ENT_QUOTES, SENDSTUDIO_CHARSET) . "\n";
						}
						$GLOBALS['EmailList'] = $email_list;
					break;

					case 'failures':
						$GLOBALS['Heading'] = GetLang('ImportResults_Report_Failures_Heading');
						$GLOBALS['Intro'] = GetLang('ImportResults_Report_Failures_Intro');
						$email_list = '';
						foreach ($importresults['failedemails'] as $p => $email) {
							$email_list .= htmlspecialchars(trim($email), ENT_QUOTES, SENDSTUDIO_CHARSET) . "\n";
						}
						$GLOBALS['EmailList'] = $email_list;
					break;

					case 'bads':
						$GLOBALS['Heading'] = GetLang('ImportResults_Report_Bads_Heading');
						$GLOBALS['Intro'] = GetLang('ImportResults_Report_Bads_Intro');
						$email_list = '';
						foreach ($importresults['baddata'] as $p => $badline) {
							$email_list .= htmlspecialchars($badline, ENT_QUOTES, SENDSTUDIO_CHARSET) . "\n";
						}
						$GLOBALS['EmailList'] = $email_list;
					break;

					default:
						$GLOBALS['Heading'] = GetLang('ImportResults_Report_Invalid_Heading');
						$GLOBALS['Intro'] = GetLang('ImportResults_Report_Invalid_Intro');
						$GLOBALS['EmailList'] = GetLang('InvalidReportURL');
					break;
				}
				$this->ParseTemplate('Subscribers_Import_Results_View');
			break;

			case 'step2':
				$listid = (isset($_POST['list'])) ? (int)$_POST['list'] : (int)$_GET['list'];

				/**
				 * Check if user have access to the list
				 */
					$temp = $user->GetLists();
					if (!array($temp) || empty($temp)) {
						$this->DenyAccess();
						return;
					}

					$temp = array_keys($temp);
					if (!in_array($listid, $temp)) {
						$this->DenyAccess();
						return;
					}
				/**
				 * -----
				 */

				$importinfo = array();
				$importinfo['List'] = $listid;
				IEM::sessionSet('ImportInfo', $importinfo);
				$importresults = array(
					'duplicates' => 0,
					'success' => 0,
					'updates' => 0,
					'failures' => 0,
					'unsubscribes' => 0,
					'bans' => 0,
					'bads' => 0,
					'duplicateemails' => array(),
					'unsubscribedemails' => array(),
					'failedemails' => array(),
					'bannedemails' => array(),
					'baddata' => array()
				);
				IEM::sessionSet('ImportResults', $importresults);
				$this->ImportSubscribers_Step2();
			break;

			case 'step3':
				if (empty($_POST)) {
					$this->ImportSubscribers_Step2(GetLang('FileNotUploadedSuccessfully_TooBig'));
					break;
				}

				$importinfo = IEM::sessionGet('ImportInfo');
				$importinfo['Status'] = $_POST['status'];
				$importinfo['Confirmed'] = $_POST['confirmed'];
				$importinfo['Format'] = $_POST['format'];
				$importinfo['Type'] = $_POST['importtype'];
				$importinfo['Overwrite'] = (isset($_POST['overwrite'])) ? 1 : 0;
				$importinfo['Autoresponder'] = (isset($_POST['autoresponder'])) ? 1 : 0;
				$importinfo['Headers'] = (isset($_POST['headers'])) ? 1 : 0;
				$importinfo['FieldEnclosed'] = (isset($_POST['fieldenclosed'])) ? $_POST['fieldenclosed'] : false;
				$importinfo['FieldSeparator'] = $_POST['fieldseparator'];

				IEM::sessionSet('ImportInfo', $importinfo);

				$upload_status = false;

				switch (strtolower($importinfo['Type'])) {
					case 'file':
						$upload_status = $this->HandleImportFile();
					break;
				}

				if ($upload_status) {
					$this->LinkFields();
				}
			break;

			case 'step4':
				$linkfields = IEM::requestGetPOST('LinkField', array());

				if (!in_array('E', $linkfields)) {
					$GLOBALS['Error'] = GetLang('EmailAddressNotLinked');
					$GLOBALS['Message'] = $this->ParseTemplate('ErrorMsg', true, false);
					$this->LinkFields();
					break;
				}

				$importinfo = IEM::sessionGet('ImportInfo');

				$requiredFieldNames = array();
				if (isset($importinfo['RequiredFields']) && is_array($importinfo['RequiredFields'])) {
					foreach ($importinfo['RequiredFields'] as $requiredFieldID => $requiredFieldName) {
						if (!in_array($requiredFieldID, $linkfields)) {
							$requiredFieldNames[] = $requiredFieldName;
							break;
						}
					}
				}

				if (!empty($requiredFieldNames)) {
					$GLOBALS['Error'] = sprintf(GetLang('RequireFieldNotLinked'), htmlspecialchars(implode(', ', $requiredFieldNames), ENT_QUOTES, SENDSTUDIO_CHARSET) );
					$GLOBALS['Message'] = $this->ParseTemplate('ErrorMsg', true, false);
					$this->LinkFields();
					break;
				}

				$importinfo['LinkFields'] = $linkfields;
				IEM::sessionSet('ImportInfo', $importinfo);

				$GLOBALS['ImportTotalSubscribers'] = $importinfo['TotalSubscribers'];
				$GLOBALS['ImportTotalSubscribersMessage'] = $this->PrintStatusReport(true);
				$this->ParseTemplate('Subscribers_Import_Step4');
			break;

			case 'importiframe':
				$this->PrintHeader(false, false, false);

				$importresults = IEM::sessionGet('ImportResults');
				$importinfo = IEM::sessionGet('ImportInfo');

				$report = '';
				foreach (array('success', 'updates', 'duplicates', 'failures', 'bans', 'unsubscribes', 'bads') as $pos => $key) {
					$amount = $importresults[$key];
					if ($amount == 1) {
						$report .= GetLang('ImportSubscribers_InProgress_' . $key . '_One');
					} else {
						$report .= sprintf(GetLang('ImportSubscribers_InProgress_' . $key . '_Many'), $this->FormatNumber($importresults[$key]));
					}
					$report .= '<br/>';
				}

				$GLOBALS['ProgressTitle'] = GetLang('ImportResults_InProgress');
				$GLOBALS['ProgressMessage'] = sprintf(GetLang('ImportResults_InProgress_Message'), $this->FormatNumber($importinfo['TotalSubscribers']));
				$GLOBALS['ProgressReport'] = $report;
				$GLOBALS['ProgressURLAction'] = 'index.php?Page=Subscribers&Action=Import&SubAction=Import';

				$this->ParseTemplate('ProgressReport_Popup');
				$this->PrintFooter(true);
			break;

			case 'import':
				$totalProcessed = null;
				$percentProcessed = 0;

				$importinfo = IEM::sessionGet('ImportInfo');
				$subscriber_info = false;

				switch (strtolower($importinfo['Type'])) {
					case 'file':
							$filename = array_shift($importinfo['FileList']);
							$subscriber_info = $this->FileGetLine(IEM_STORAGE_PATH . '/import' . "/{$filename}", true);

							if (is_file(IEM_STORAGE_PATH . '/import' . '/' . $filename)) {
								unlink(IEM_STORAGE_PATH . '/import' . '/' . $filename);
							}
					break;
				}

				$db = IEM::getDatabase();

				IEM::sessionSet('ImportInfo', $importinfo);

				if ($subscriber_info) {
					foreach ($subscriber_info as $pos => $details) {
						$importresults = IEM::sessionGet('ImportResults');

						// we don't want to import the headers!
						if ($importinfo['Headers'] && $details == $importinfo['ImportList']) {
							continue;
						}

						/*
						 * Checks to make sure there an equal amount of data columns to header columns.
						 * Erros are produced if not.
						 */
						if (sizeof($details) != sizeof($importinfo['ImportList'])) {
                            // to many
							if (sizeof($details) > sizeof($importinfo['ImportList'])) {
								$importresults['bads']++;
								$importresults['baddata'][] = implode($importinfo['FieldSeparator'], $details) . GetLang('InvalidSubscriberImportLine_TooMany');
                            // too little
							} else {
								$importresults['bads']++;
								$importresults['baddata'][] = implode($importinfo['FieldSeparator'], $details) . GetLang('InvalidSubscriberImportLine_NotEnough');
							}

							// actually set the errors
							IEM::sessionSet('ImportResults', $importresults);

							continue;
						}

						/*
						 * Do the importing of the details. This includes checking the validity
						 * of individual column data.
						 */
						$db->StartTransaction();
						$this->ImportSubscriberLine($details);
						$db->CommitTransaction();

						// Calculate total records processed so far
						if (is_null($totalProcessed)) {
							$totalProcessed = 0;
							
							foreach (array('success', 'updates', 'duplicates', 'failures', 'bans', 'unsubscribes', 'bads') as $key) {
								$totalProcessed += $importresults[$key];
							}
						} else {
							++$totalProcessed;
						}

						// Caclulate the percentage completed
						$percentProcessed = ceil(($totalProcessed / $importinfo['TotalSubscribers'])*100);

						// Prepare report
						$report = '<ul>';
						
						foreach (array('success', 'updates', 'duplicates', 'failures', 'bans', 'unsubscribes', 'bads') as $pos => $key) {
							$amount  = $importresults[$key];
							$report .= '<li>';
							
							if ($amount == 1) {
								$report .= GetLang('ImportSubscribers_InProgress_' . $key . '_One');
							} else {
								$report .= sprintf(GetLang('ImportSubscribers_InProgress_' . $key . '_Many'), $this->FormatNumber($importresults[$key]));
							}
							
							$report .= '</li>';
						}
						
						$report .= '</ul>';

						// Update the status
						echo "<script>\n";
						echo sprintf("self.parent.UpdateStatusReport('%s');", $report);
						echo sprintf("self.parent.UpdateStatus('%s', %d);", '', $percentProcessed);
						echo "</script>\n";
						
						flush();
					}

					?>
						<script defer>
							setTimeout('window.location="index.php?Page=Subscribers&Action=Import&SubAction=Import&x=<?php echo rand(1,50); ?>;"', 10);
						</script>
					<?php

					exit();
				}

				?>
					<script>
						self.parent.parent.location = 'index.php?Page=Subscribers&Action=Import&SubAction=PrintReport';
					</script>
				<?php

				exit();
			break;

			case 'printreport':
				$this->PrintFinalReport();
			break;

			default:
				$this->ChooseList('Import', 'Step2');
			break;
		}
	}
示例#4
0
 /**
  * saveResponseAction
  * Save the actual save response action
  *
  * @return void
  *
  */
 public function Admin_Action_SaveResponse()
 {
     $surveyId = (int) IEM::requestGetPOST('formId');
     // check permission here
     $this->_checkSurveyAccess($surveyId);
     $responseId = IEM::requestGetPOST('responseId');
     $responseNumber = IEM::requestGetPOST('responseNumber');
     $postWidgets = IEM::requestGetPOST('widget');
     $errors = 0;
     if ($postWidgets || $_FILES) {
         // If there are files, take the values and place them in the $postWidgets array so they can
         // get validated and entered into the response values in the same manner. Uploads will be
         // handled separately.
         if (isset($_FILES['widget'])) {
             foreach ($_FILES['widget']['name'] as $widgetId => $widget) {
                 foreach ($widget as $fields) {
                     foreach ($fields as $fieldId => $field) {
                         if ($field['value']) {
                             $postWidgets[$widgetId]['field'][$fieldId]['value'] = 'file_' . $field['value'];
                         }
                     }
                 }
             }
         }
         $survey_api = $this->getApi();
         $survey_api->Load($surveyId);
         $widgets = $survey_api->getWidgets();
         $widgetErrors = array();
         foreach ($widgets as $widget) {
             if (!isset($widgetErrors[$widget['id']])) {
                 $widgetErrors[$widget['id']] = array();
             }
             // validate required fields
             if ($widget['is_required']) {
                 // the widget is assumed blank until one of it's fields is found not blank
                 $isBlank = true;
                 $isOther = false;
                 // make sure the required widget was even posted
                 if (isset($postWidgets[$widget['id']])) {
                     foreach ($postWidgets[$widget['id']]['field'] as $field) {
                         if (isset($field['value'])) {
                             // get the value of an "other" field if it is one, otherwise just grab
                             // the normal value
                             if ($field['value'] == '__other__') {
                                 $isOther = true;
                                 $value = $field['other'];
                             } else {
                                 $value = $field['value'];
                             }
                             // make sure the value isn't blank
                             if (!$this->_validateIsBlank($value)) {
                                 $isBlank = false;
                             }
                         }
                     }
                 }
                 // if the widget is blank, flag an error
                 if ($isBlank) {
                     if ($isOther) {
                         $error = GetLang('Addon_Surveys_ErrorRequiredOther');
                     } else {
                         $error = GetLang('Addon_Surveys_ErrorRequired');
                     }
                     $widgetErrors[$widget['id']][] = $error;
                     $errors++;
                 }
             }
             // validate file types
             if (isset($postWidgets[$widget['id']]) && $widget['allowed_file_types']) {
                 $typeArr = preg_split('/\\s*,\\s*/', strtolower($widget['allowed_file_types']));
                 $invalidType = false;
                 // foreach of the passed fields (most likely 1) check and see if they are valid file types
                 foreach ($postWidgets[$widget->id]['field'] as $field) {
                     $parts = explode('.', $field['value']);
                     $ext = strtolower(end($parts));
                     // only if the field has a value we will test its file type
                     if (trim($field['value']) != '' && !in_array($ext, $typeArr)) {
                         $invalidType = true;
                     }
                 }
                 // if the a file is not a valid file type, then the whole widget fails validation
                 if ($invalidType) {
                     $lastFileType = '<em>.' . array_pop($typeArr) . '</em>';
                     $firstFileTypes = '<em>.' . implode('</em>, <em>.', $typeArr) . '</em>';
                     $widgetErrors[$widget->id][] = sprintf(GetLang('errorInvalidFileType'), $firstFileTypes, $lastFileType);
                     $errors++;
                 }
             }
         }
         // if there were errors, redirect back and display the errors
         if ($errors) {
             echo '<pre style="border: 1px solid red";><b style="color:RED;">YUDI_DEBUG:' . __FILE__ . ' ON LINE: ' . __LINE__ . '</b><br />';
             print_r($widgetErrors);
             echo '</pre>';
             die;
             // set the widget errors so we can retrieve them for the user
             IEM::sessionSet('survey.addon.widgetErrors', $widgetErrors);
             IEM::sessionSet('MessageText', GetLang('Addon_Surveys_saveResponseMessageError'));
             IEM::sessionSet('MessageType', MSG_ERROR);
         } else {
             // isntantiate a new response object
             $response_api = $this->getSpecificApi('responses');
             $response_api->Load($responseId);
             // delete the values in this response, since they will be added back in
             $response_api->deleteValues();
             // if the response was saved, then associate values to the response
             if ($response_api->Save()) {
                 $responseValue = $this->getSpecificApi('responsesvalue');
                 // foreach of the posted widgets, check to see if it belongs in this form and save it if it does
                 foreach ($postWidgets as $postWidgetId => $postWidget) {
                     // iterate through each field and enter it in the feedback
                     foreach ($postWidget['field'] as $field) {
                         if (!isset($field['value'])) {
                             continue;
                         }
                         // foreign key for the response id
                         $responseValue->surveys_response_id = $responseId;
                         // set the widget id foreign key; widgets can have multiple field values and
                         // should be treated as such
                         $responseValue->surveys_widgets_id = $postWidgetId;
                         // set the value of the feedback; this should be a single value since widgets
                         // can have multiple feed back values
                         if ($field['value'] == '__other__') {
                             $responseValue->value = $field['other'];
                             $responseValue->is_othervalue = 1;
                         } else {
                             $responseValue->file_value = "";
                             if (substr($field['value'], 0, 5) == "file_") {
                                 $value = str_replace("file_", "", $field['value']);
                                 $responseValue->file_value = md5($value);
                             }
                             $responseValue->value = $field['value'];
                         }
                         // save it
                         $responseValue->Save();
                     }
                 }
                 // perform file uploading
                 if (isset($_FILES['widget']['name'])) {
                     $files = $_FILES['widget']['name'];
                     foreach ($files as $widgetId => $widget) {
                         foreach ($widget as $widgetKey => $fields) {
                             foreach ($fields as $fieldId => $field) {
                                 // gather file information
                                 $name = $_FILES['widget']['name'][$widgetId]['field'][$fieldId]['value'];
                                 $type = $_FILES['widget']['type'][$widgetId]['field'][$fieldId]['value'];
                                 $tmpName = $_FILES['widget']['tmp_name'][$widgetId]['field'][$fieldId]['value'];
                                 $error = $_FILES['widget']['error'][$widgetId]['field'][$fieldId]['value'];
                                 $size = $_FILES['widget']['size'][$widgetId]['field'][$fieldId]['value'];
                                 // if the upload was successful to the temporary folder, move it
                                 if ($error == UPLOAD_ERR_OK) {
                                     $curDir = TEMP_DIRECTORY . DIRECTORY_SEPARATOR . 'surveys';
                                     $upBaseDir = $curDir . DIRECTORY_SEPARATOR . $surveyId;
                                     $upDir = $upBaseDir . DIRECTORY_SEPARATOR . $response_api->GetId();
                                     // if the main survey folder is not yet created then create it
                                     if (!is_dir($curDir)) {
                                         mkdir($curDir, 0755);
                                     }
                                     // if the base upload directory doesn't exist create it
                                     if (!is_dir($upBaseDir)) {
                                         mkdir($upBaseDir, 0755);
                                     }
                                     // if the upload directory doesn't exist create it
                                     if (!is_dir($upDir)) {
                                         mkdir($upDir, 0755);
                                     }
                                     // upload the file
                                     move_uploaded_file($tmpName, $upDir . DIRECTORY_SEPARATOR . $name);
                                 }
                             }
                         }
                     }
                 }
                 IEM::sessionSet('MessageText', GetLang('Addon_Surveys_saveResponseMessageSuccess'));
                 IEM::sessionSet('MessageType', SS_FLASH_MSG_SUCCESS);
             }
         }
     }
     // if view is set, then go to the view page for this response
     if (!$errors && IEM::requestGetPOST('view')) {
         if (IEM::requestGetPost('viewNext')) {
             $responseId = IEM::requestGetPost('viewNext');
         }
         header('Location: index.php?Page=Addons&Addon=surveys&Action=viewresponses&surveyId=' . $surveyId . '&responseId=' . $responseId);
         exit;
     }
     // redirect back to the edit page
     header('Location: index.php?Page=Addons&Addon=surveys&Action=editresponse&surveyId=' . $surveyId . '&responseId=' . $responseId);
     exit;
 }
	/**
	* Process
	* Works out what you're trying to do and takes appropriate action. Validates data where needed.
	*
	* @param String $action Action to perform. This is usually 'step1', 'step2', 'step3' etc. This gets passed in by the Subscribers::Process function.
	*
	* @see Subscribers::Process
	* @see GetApi
	* @see Subscribers_API::IsSubscriberOnList
	* @see Subscribers_API::AddToList
	* @see Subscribers_API::SaveSubscriberCustomField
	* @see Lists_API::GetCustomFields
	* @see CustomFields_API::IsRequired
	* @see CustomFields_API::ValidData
	* @see CustomFields_API::GetFieldName
	* @see AddSubscriber_Step2
	*
	* @return Void Prints out the step, doesn't return anything.
	*/
	function Process($action=null)
	{

		switch (strtolower($action)) {
			case 'step2':
				$listid = (isset($_POST['list'])) ? (int)$_POST['list'] : $_GET['list'];
				$this->AddSubscriber_Step2($listid);
			break;

			case 'saveadd':
			case 'save':
				$user = GetUser();

				$listid = (isset($_GET['list'])) ? (int)$_GET['list'] : 0;

				if (!$user->HasAccess('Subscribers', 'Add')) {
					$this->DenyAccess();
					return;
				}

				$user_lists = $user->GetLists();

				/**
				 * Check if user have access to the list
				 */
					if (!array($user_lists) || empty($user_lists)) {
						$this->DenyAccess();
						return;
					}

					$temp = array_keys($user_lists);
					if (!in_array($listid, $temp)) {
						$this->DenyAccess();
						return;
					}
				/**
				 * -----
				 */

				$subscriber = $this->GetApi('Subscribers');

				$email = IEM::requestGetPOST('emailaddress', '', 'trim');
				if (empty($email) || !$subscriber->ValidEmail($email)) {
					$GLOBALS['Error'] = sprintf(GetLang('SubscriberAddFail_InvalidEmailAddress'), htmlspecialchars($email));
					$GLOBALS['Message'] = $this->ParseTemplate('ErrorMsg', true, false);
					$this->AddSubscriber_Step2($listid);
					break;
				}

				$duplicate = $subscriber->IsSubscriberOnList($_POST['emailaddress'], $listid);

				if ($duplicate) {
					$unsubscribed_check = $subscriber->IsUnSubscriber(false, $listid, $duplicate);
					if ($unsubscribed_check) {
						$GLOBALS['Error'] = sprintf(GetLang('SubscriberAddFail_Unsubscribed'), $_POST['emailaddress']);
					} else {
						$GLOBALS['Error'] = sprintf(GetLang('SubscriberAddFail_Duplicate'), $_POST['emailaddress']);
					}
					$GLOBALS['Message'] = $this->ParseTemplate('ErrorMsg', true, false);
					$this->AddSubscriber_Step2($listid);
					break;
				}

				list($banned, $msg) = $subscriber->IsBannedSubscriber($_POST['emailaddress'], $listid, false);
				if ($banned) {
					$GLOBALS['Error'] = sprintf(GetLang('SubscriberAddFail_Banned'), $_POST['emailaddress']);
					$GLOBALS['Message'] = $this->ParseTemplate('ErrorMsg', true, false);
					$this->AddSubscriber_Step2($listid);
					break;
				}

				$ListApi = $this->GetApi('Lists');
				$ListApi->Load($listid);
				$ListCustomFields = $ListApi->GetCustomFields($listid);

				$customfield_errors = array();

				foreach (array('emailaddress', 'format', 'confirmed') as $p => $area) {
					$subscriber->Set($area, $_POST[$area]);
				}
				$CustomFieldsValid = true;
				foreach ($ListCustomFields as $pos => $data) {
					$CustomFieldApi = $this->GetApi('CustomFields');
					$fieldid = $data['fieldid'];
					$CustomFieldApi->Load($fieldid);
					$postdata = (isset($_POST['CustomFields'][$fieldid])) ? $_POST['CustomFields'][$fieldid] : '';

					if (!isset($_POST['CustomFields'][$fieldid]) && !$CustomFieldApi->IsRequired()) {
						unset($CustomFieldApi);
						continue;
					}

					if ($CustomFieldApi->IsRequired()) {
						if (!$postdata) {
							$ftype = $CustomFieldApi->Get('fieldtype');
							switch ($ftype) {
								case 'text':
								case 'number':
									$errormsg = 'SubscriberAddFail_EmptyData_EnterData';
								break;

								case 'dropdown':
								case 'radiobutton':
								case 'checkbox':
								case 'date':
									$errormsg = 'SubscriberAddFail_EmptyData_ChooseOption';
								break;
							}

							$customfield_errors[] = sprintf(GetLang($errormsg), $CustomFieldApi->GetFieldName());

							unset($CustomFieldApi);

							continue;
						}
					}

					if (!$CustomFieldApi->ValidData($postdata)) {
						$customfield_errors[] = sprintf(GetLang('SubscriberAddFail_InvalidData'), $CustomFieldApi->GetFieldName());

						unset($CustomFieldApi);
						continue;
					}
					unset($CustomFieldApi);
				}

				if (!empty($customfield_errors)) {
					$GLOBALS['Error'] = implode('<br/>', $customfield_errors);
					$GLOBALS['Message'] = $this->ParseTemplate('ErrorMsg', true, false);
					$this->AddSubscriber_Step2($listid);
					break;
				}

				$subscriberid = $subscriber->AddToList($_POST['emailaddress'], $listid);
				$GLOBALS['Message'] = $this->PrintSuccess('SubscriberAddSuccessful');
				$GLOBALS['list'] = $listid;

				// go through each custom field and save the info.
				foreach ($ListCustomFields as $pos => $data) {
					$fieldid = $data['fieldid'];
					$postdata = (isset($_POST['CustomFields'][$fieldid])) ? $_POST['CustomFields'][$fieldid] : '';
					$subscriber->SaveSubscriberCustomField($subscriberid, $fieldid, $postdata);
				}

				if ($action == 'saveadd' || sizeof($user_lists) == 1) {
					$this->AddSubscriber_Step2($listid, true);
				} else {
					IEM::sessionSet('AddSubscriberMessage', $ListApi->Get('name'));
					?>
					<script>
						window.location = 'index.php?Page=Subscribers&Action=Add';
					</script>
					<?php
					exit();
				}
			break;

			default:
				$user = GetUser();
				$lists = $user->GetLists();

				// If only one list available, go directly to step 2
				if (count($lists) == 1) {
					$listid = array_pop(array_keys($lists));
					$this->AddSubscriber_Step2($listid);
				} else {
					$this->ChooseList('add', 'step2');
				}
			break;
		}
	}
示例#6
0
	/**
	* Process
	* Does all the work.
	* Saves settings, Checks details, calls the API to save the actual settings and checks whether it worked or not.
	*
	* @see GetApi
	* @see API::Set
	* @see API::Save
	* @see GetLang
	* @see ParseTemplate
	* @see SendStudio_Functions::Process
	* @see SendTestPreview
	* @see Settings_API::CheckCron
	* @see Settings_API::UpdateCron
	*
	* @return Void Does all of the processing, doesn't return anything.
	*/
	function Process()
	{
		$action = (isset($_GET['Action'])) ? strtolower($_GET['Action']) : null;

		$user = GetUser();
		$access = $user->HasAccess('System', 'System');

		$popup = (in_array($action, $this->PopupWindows)) ? true : false;

		if (!$access) {
			$this->DenyAccess();
			return;
		}

		$LK = false;


		switch ($action) {
			case 'addons':

				// we need a subaction & addon name.
				if (!isset($_GET['SubAction'])) {
					return $this->ShowSettingsPage();
				}

				if (!isset($_GET['Addon'])) {
					return $this->ShowSettingsPage();
				}

				require_once(SENDSTUDIO_BASE_DIRECTORY . DIRECTORY_SEPARATOR . 'addons' . DIRECTORY_SEPARATOR . 'interspire_addons.php');

				$post = array();
				if (!empty($_POST)) {
					$post = $_POST;
				}

				try {
					$allowed_sub_action = array('install', 'uninstall', 'enable', 'disable', 'upgrade', 'configure', 'savesettings');
					$subaction = $this->_getGETRequest('SubAction', '');

					if (!in_array(strtolower($subaction), $allowed_sub_action)) {
						FlashMessage(GetLang('Addon_Action_NotAllowed'), SS_FLASH_MSG_ERROR, 'index.php?Page=Settings&Tab=6');
						return;
					}

					$result = Interspire_Addons::Process($_GET['Addon'], $subaction, $post);
					if ($result === true) {
						FlashMessage(GetLang('Addon_Success_' . strtolower($_GET['SubAction'])), SS_FLASH_MSG_SUCCESS, 'index.php?Page=Settings&Tab=6');
						return;
					}
					if ($result === false || $result == null) {
						FlashMessage(GetLang('Addon_Failure_' . strtolower($_GET['SubAction'])), SS_FLASH_MSG_ERROR, 'index.php?Page=Settings&Tab=6');
						return;
					}
					echo $result;
				} catch (Exception $e) {
					$error = $e->GetMessage();
					FlashMessage($error, SS_FLASH_MSG_ERROR, 'index.php?Page=Settings&Tab=6');
				}
				return;
			break;

			case 'viewdisabled':
				$this->PrintHeader(true);
				$reporttype = (isset($_GET['Report'])) ? $_GET['Report'] : null;
				switch ($reporttype) {
					case 'autoresponder':
						$GLOBALS['Heading'] = GetLang('Autoresponders_Disabled_Heading');
						$GLOBALS['Intro'] = GetLang('Autoresponders_Disabled_Heading_Intro');

						$disabled_list = IEM::sessionGet('AutorespondersDisabled');

						$disabled_report = '';
						$var = GetLang('DisabledAutoresponder_Item');
						foreach ($disabled_list as $p => $details) {
							$disabled_report .= sprintf($var, $details['autorespondername'], $details['listname']) . "\n";
						}
					break;

					case 'newsletter':
						$GLOBALS['Heading'] = GetLang('Newsletters_Disabled_Heading');
						$GLOBALS['Intro'] = GetLang('Newsletters_Disabled_Heading_Intro');

						$disabled_list = IEM::sessionGet('NewslettersDisabled');

						$disabled_report = '';
						$var = GetLang('DisabledNewsletter_Item');
						foreach ($disabled_list as $p => $details) {
							$disabled_report .= sprintf($var, $details['newslettername']) . "\n";
						}
					break;
				}
				$GLOBALS['DisabledList'] = $disabled_report;
				$this->ParseTemplate('Settings_Disabled_Report');
				$this->PrintFooter(true);
			break;

			case 'systeminfo':
				$this->PrintHeader();
				$db = IEM::getDatabase();
				$GLOBALS['DatabaseVersion'] = $db->FetchOne('SELECT version() AS version');

				$GLOBALS['ProductVersion'] = GetLang('SENDSTUDIO_VERSION');
				$GLOBALS['ShowProd'] = empty($GLOBALS['ProductEdition']) ? 'none' : '';
				$charset = (isset($SENDSTUDIO_DEFAULTCHARSET)) ? $SENDSTUDIO_DEFAULTCHARSET : SENDSTUDIO_CHARSET;
				$GLOBALS['DefaultCharset'] = $charset;
				$GLOBALS['CharsetDescription'] = GetLang($charset);
				$GLOBALS['ServerTimeZone'] = SENDSTUDIO_SERVERTIMEZONE;
				$GLOBALS['ServerTimeZoneDescription'] = GetLang(SENDSTUDIO_SERVERTIMEZONE);
				$GLOBALS['ServerTime'] = date('r');
				$GLOBALS['PHPVersion'] = phpversion();
				$GLOBALS['ServerSoftware'] = htmlspecialchars($_SERVER["SERVER_SOFTWARE"], ENT_QUOTES, SENDSTUDIO_CHARSET);

				$GLOBALS['SafeModeEnabled'] = (SENDSTUDIO_SAFE_MODE) ? GetLang('Yes') : GetLang('No');

				$GLOBALS['ImapSupportFound'] = (function_exists('imap_open')) ? GetLang('Yes') : GetLang('No');

				$GLOBALS['CurlSupportFound'] = (function_exists('curl_init')) ? GetLang('Yes') : GetLang('No');

				$php_mods = $this->ParsePHPModules();

				$GLOBALS['GDVersion'] = GetLang('GD_NotDetected');
				if (Settings_API::GDEnabled() && $php_mods !== false) {
					$GLOBALS['GDVersion'] = $php_mods['gd']['GD Version'];
				}

				$GLOBALS['ModSecurity'] = GetLang('ModSecurity_Unknown');

				if (!is_numeric(strpos(php_sapi_name(), 'cgi')) && $php_mods !== false) {
					$apache_mods = $this->ParseApacheModules($php_mods);
					if (in_array('mod_security', $apache_mods)) {
						$GLOBALS['ModSecurity'] = GetLang('Yes');
					} else {
						$GLOBALS['ModSecurity'] = GetLang('No');
					}
				}
				$this->ParseTemplate('Settings_SystemInfo');
				$this->PrintFooter();
			break;

			case 'showinfo':
				$this->PrintHeader(true);
				phpinfo();
				$this->PrintFooter(true);
			break;

			case 'sendpreviewdisplay':
				$this->PrintHeader($popup);
				$this->SendTestPreviewDisplay('index.php?Page=Settings&Action=SendPreview', 'self.parent.getPreviewParameters()');
				$this->PrintFooter($popup);
			break;

			case 'sendsmtppreviewdisplay':
				$this->PrintHeader($popup);
				$this->SendTestPreviewDisplay('index.php?Page=Settings&Action=SendPreview', 'self.parent.getSMTPPreviewParameters()');
				$this->PrintFooter($popup);
			break;

			case 'sendpreview':
				$this->SendTestPreview();
			break;

			case 'testbouncedisplay':
				$this->PrintHeader($popup);
				$this->TestBounceSettingsDisplay();
				$this->PrintFooter($popup);
			break;

			case 'testbouncesettings':
				$this->TestBounceSettings();
			break;

			case 'save':
				if (empty($_POST)) {
					$this->ShowSettingsPage();
					break;
				}
				$api = $this->GetApi();
				$result = false;

				$errors = array();

				// Make sure that Contact email is filled in
				if (!isset($_POST['email_address']) || trim($_POST['email_address']) == '') {
					array_push($errors, GetLang('ErrorAlertMessage_BlankContactEmail'));
				}

				// Make sure that license key is filled in
				if (!isset($_POST['licensekey']) || trim($_POST['licensekey']) == '') {
					array_push($errors, GetLang('ErrorAlertMessage_BlankLicenseKey'));
				}

				// Make sure that application name is filled in
				if (!isset($_POST['lng_applicationtitle']) || trim($_POST['lng_applicationtitle']) == '') {
					array_push($errors, GetLang('ErrorAlertMessage_BlankApplicationName'));
				}

				$agencyId = get_agency_license_variables();
				if(!empty($agencyId['agencyid'])) {
					$temp = IEM::requestGetPOST('lng_accountupgrademessage', '', 'trim');
					if (empty($temp)) {
						array_push($errors, GetLang('ErrorAlertMessage_BlankAccountUpgradeMessage'));
					}

					$temp = IEM::requestGetPOST('lng_freetrial_expiry_login', '', 'trim');
					if (empty($temp)) {
						array_push($errors, GetLang('ErrorAlertMessage_BlankExpiredLogin'));
					}
				}

				if ($api && count($errors) == 0) {
					do {
						$settings = array();

						// fix up the database settings first.
						$all_areas = $api->Areas;

						$LK = (isset($_POST['licensekey'])) ? $_POST['licensekey'] : false;

						if (defined('APPLICATION_SHOW_WHITELABEL_MENU') && constant('APPLICATION_SHOW_WHITELABEL_MENU')) {
							foreach ($all_areas['whitelabel'] as $area) {
								$val = IEM::requestGetPOST(strtolower($area), false);

								$temp = strtolower($area);
								switch ($temp) {
									// Special case for handling logo image
									case 'application_logo_image':
										$val = IEM::requestGetPOST('existing_app_logo_image', false);

										if (isset($_FILES['Application_Logo_Image']) && !empty($_FILES['Application_Logo_Image']['name'])) {
											if ($_FILES['Application_Logo_Image']['error'] != 0 || !@is_uploaded_file($_FILES['Application_Logo_Image']['tmp_name'])) {
												array_push($errors, GetLang('ErrorAlertMessage_ErrorApplicationLogoImage'));
												break 3;
											}

											if (!$this->IsImageFile(strtolower($_FILES['Application_Logo_Image']['name']))){
												array_push($errors, GetLang('ErrorAlertMessage_InvalidNameApplicationLogoImage'));
												break 3;
											}

											$uploadedFile = strtolower(basename($_FILES['Application_Logo_Image']['name']));
											$uploadedFile = preg_replace('/.*(\..*)$/', 'applicationlogo${1}', $uploadedFile);

											if(move_uploaded_file($_FILES['Application_Logo_Image']['tmp_name'], (TEMP_DIRECTORY . DIRECTORY_SEPARATOR . $uploadedFile))) {
												@chmod(TEMP_DIRECTORY . DIRECTORY_SEPARATOR . $uploadedFile, 0666);
												$val = 'temp/' . $uploadedFile;
											}

											if (!$this->IsValidImageFile(TEMP_DIRECTORY . DIRECTORY_SEPARATOR . $uploadedFile, $_FILES['Application_Logo_Image']['type'])){
												@unlink(TEMP_DIRECTORY . DIRECTORY_SEPARATOR . $uploadedFile);
												array_push($errors, GetLang('ErrorAlertMessage_InvalidFormatApplicationLogoImage'));
												break 3;
											}
										}
									break;

									// Special case for handling favicon
									case 'application_favicon':
										$val = IEM::requestGetPOST('existing_app_favicon', false);

										if (isset($_FILES['Application_Favicon']) && !empty($_FILES['Application_Favicon']['name'])) {
											if ($_FILES['Application_Favicon']['error'] != 0 || !@is_uploaded_file($_FILES['Application_Favicon']['tmp_name'])) {
												array_push($errors, GetLang('ErrorAlertMessage_ErrorApplicationFavicon'));
												break 3;
											}

											if (!$this->IsIconFile(strtolower($_FILES['Application_Favicon']['name']))){
												array_push($errors, GetLang('ErrorAlertMessage_InvalidNameApplicationFavicon'));
												break 3;
											}

											$uploadedFile = 'favicon.ico';

											if(move_uploaded_file($_FILES['Application_Favicon']['tmp_name'], (TEMP_DIRECTORY . DIRECTORY_SEPARATOR . $uploadedFile))) {
												@chmod(TEMP_DIRECTORY . DIRECTORY_SEPARATOR . $uploadedFile, 0666);
												$val = 'temp/' . $uploadedFile;
											}

											if (!$this->IsValidIconFile(TEMP_DIRECTORY . DIRECTORY_SEPARATOR . $uploadedFile, $_FILES['Application_Favicon']['type'])){
												@unlink(TEMP_DIRECTORY . DIRECTORY_SEPARATOR . $uploadedFile);
												array_push($errors, GetLang('ErrorAlertMessage_InvalidFormatApplicationFavicon'));
												break 3;
											}
										}
									break;
								}

								$settings[$area] = $val;
							}
						}

						foreach ($all_areas['config'] as $area) {

							if (isset($_POST[strtolower($area)])) {
								$val = $_POST[strtolower($area)];
							} else {
								$val = false;
							}

							if ($area == 'DATABASE_USER') {
								if (isset($_POST['database_u'])) {
									$val = $_POST['database_u'];
								}
							}

							if ($area == 'DATABASE_PASS') {
								if (isset($_POST['database_p'])) {
									$val = $_POST['database_p'];
								}
							}

							if ($area == 'APPLICATION_URL') {
								if (substr($val, -1) == '/') {
									$val = substr($val, 0, -1);
								}
							}
							$settings[$area] = $val;
						}

						unset($all_areas['config']);
						unset($all_areas['whitelabel']);

						// look after all of the other settings now.
						foreach ($all_areas as $p => $area) {
							if (isset($_POST[strtolower($area)])) {
								$val = $_POST[strtolower($area)];
							} else {
								$val = false;
							}

							if ($area == 'BOUNCE_AGREEDELETE' && isset($_POST['bounce_process'])) {
								$val = 1;
							}

							if ($area == 'TEXTFOOTER') {
								$val = strip_tags($val);
							}

							if ($area == 'SMTP_USERNAME') {
								if (isset($_POST['smtp_u'])) {
									$val = $_POST['smtp_u'];
								}
							}

							if ($area == 'SMTP_PASSWORD') {
								if (isset($_POST['smtp_p'])) {
									$val = $_POST['smtp_p'];
								}
								$val = base64_encode($val);
							}

							if ($area == 'BOUNCE_PASSWORD') {
								if (isset($_POST['bounce_password'])) {
									$val = $_POST['bounce_password'];
								}
								$val = base64_encode($val);
							}

							$settings[$area] = $val;
						}

						// ----- Settings that cannot be changed
							$settings['DEFAULTCHARSET'] = SENDSTUDIO_DEFAULTCHARSET;
							if (!empty($settings['DEFAULTCHARSET'])) {
								$settings['DEFAULTCHARSET'] = 'UTF-8';
							}
						// -----

						// ----- Security settings
							$settings['SECURITY_WRONG_LOGIN_WAIT'] = intval($settings['SECURITY_WRONG_LOGIN_WAIT']);
							$settings['SECURITY_WRONG_LOGIN_THRESHOLD_COUNT'] = intval($settings['SECURITY_WRONG_LOGIN_THRESHOLD_COUNT']);
							$settings['SECURITY_WRONG_LOGIN_THRESHOLD_DURATION'] = intval($settings['SECURITY_WRONG_LOGIN_THRESHOLD_DURATION']) * 60;
							$settings['SECURITY_BAN_DURATION'] = intval($settings['SECURITY_BAN_DURATION']) * 60;

							if (!isset($_POST['security_wrong_login_wait_enable'])) {
								$settings['SECURITY_WRONG_LOGIN_WAIT'] = 0;
							}

							if (!isset($_POST['security_wrong_login_threshold_enable'])) {
								$settings['SECURITY_WRONG_LOGIN_THRESHOLD_COUNT'] = 0;
							}
						// -----

						$api->Set('Settings', $settings);

						$result = $api->Save();

						// Save warnings
						if ($result) {
							$tempRequestWarningsEnabled = IEM::requestGetPOST('credit_percentage_warnings_enable', array());
							$tempRequestWarningLevels = IEM::requestGetPOST('credit_percentage_warnings_level', array());
							$tempRequestWarnigSubjects = IEM::requestGetPOST('credit_percentage_warnings_subject', array());
							$tempRequestWarningEmails = IEM::requestGetPOST('credit_percentage_warnings_text', array());

							if (!empty($tempRequestWarningsEnabled) && !empty($tempRequestWarningLevels) && !empty($tempRequestWarningEmails)) {
								$tempRecords = array();
								foreach ($tempRequestWarningLevels as $index => $level) {
									$tempRecords[] = array(
										'enabled' => in_array($index, $tempRequestWarningsEnabled),
										'creditlevel' => $level,
										'aspercentage' => '1', // FIXME at this stage, only monthly credits warnings are available
										'emailsubject' => (isset($tempRequestWarnigSubjects[$index]) ? $tempRequestWarnigSubjects[$index] : ''),
										'emailcontents' => (isset($tempRequestWarningEmails[$index]) ? $tempRequestWarningEmails[$index] : '')
									);
								}

								$result = $api->SaveCreditWarnings($tempRecords);
							} else {
								$result = $api->SaveCreditWarnings(array());
							}

							unset($tempRequestWarningsEnabled);
							unset($tempRequestWarningLevels);
							unset($tempRequestWarningEmails);
						}
					} while(false);
				}

				$tabNum = ($_POST['tab_num'] && intval($_POST['tab_num'])) ? intval($_POST['tab_num']) : 1 ;

				if ($result) {
					FlashMessage(GetLang('SettingsSaved'), SS_FLASH_MSG_SUCCESS, 'index.php?Page=Settings&Tab='.$tabNum);
				} else {
					foreach ($errors as $error) {
						FlashMessage($error, SS_FLASH_MSG_ERROR);
					}

					FlashMessage(GetLang('SettingsNotSaved'), SS_FLASH_MSG_ERROR, 'index.php?Page=Settings&Tab='.$tabNum);
				}
			break;

			default:
				$this->ShowSettingsPage();
			break;
		}
	}
示例#7
0
	/**
	* Process
	* Lets a user manage their own account - to a certain extent.
	* The API itself manages saving and updating, this just works out displaying of forms etc.
	*
	* @see PrintHeader
	* @see ParseTemplate
	* @see IEM::getDatabase()
	* @see GetUser
	* @see User_API::Set
	* @see GetLang
	* @see PrintEditForm
	* @see PrintFooter
	*
	* @return Void Doesn't return anything, hands the processing off to the appropriate subarea and lets it do the work.
	*/
	function Process()
	{
		$action = (isset($_GET['Action'])) ? strtolower($_GET['Action']) : '';

		if (!in_array($action, $this->PopupWindows)) {
			$this->PrintHeader();
		}

		$user = IEM::getCurrentUser();
		$db = IEM::getDatabase();

		switch ($action) {
		case 'save':
				if (!$user->EditOwnSettings()) {
					$this->DenyAccess();
				}

				$smtptype = 0;
				if ($user->HasAccess('User', 'SMTP')) {
					$smtptype = (isset($_POST['smtptype'])) ? $_POST['smtptype'] : 0;
				}

				// Make sure smtptype is eiter 0 or 1
				if ($smtptype != 1) {
					$smtptype = 0;
				}

				// ----- Activity type
					$activity = IEM::requestGetPOST('eventactivitytype', '', 'trim');
					if (!empty($activity)) {
						$activity_array = explode("\n", $activity);
						for ($i = 0, $j = count($activity_array); $i < $j; ++$i) {
							$activity_array[$i] = trim($activity_array[$i]);
						}
					} else {
						$activity_array = array();
					}
					$user->Set('eventactivitytype', $activity_array);
				// -----

				/**
				 * This was added, because User's API uses different names than of the HTML form names.
				 * HTML form names should stay the same to keep it consistant throught the application
				 *
				 * This will actually map HTML forms => User's API fields
				 */
					$areaMapping = array(
						'fullname' => 'fullname',
						'emailaddress' => 'emailaddress',
						'usertimezone' => 'usertimezone',
						'textfooter' => 'textfooter',
						'htmlfooter' => 'htmlfooter',
						'infotips' => 'infotips',
						'usewysiwyg' => 'usewysiwyg',
						'enableactivitylog' => 'enableactivitylog',
						'usexhtml' => 'usexhtml',
						'googlecalendarusername' => 'googlecalendarusername',
						'googlecalendarpassword' => 'googlecalendarpassword'
					);

					if ($user->HasAccess('User', 'SMTP')) {
						$areaMapping['smtp_server'] = 'smtpserver';
						$areaMapping['smtp_u'] = 'smtpusername';
						$areaMapping['smtp_p'] = 'smtppassword';
						$areaMapping['smtp_port'] = 'smtpport';
					}

					foreach ($areaMapping as $p => $area) {
						$val = (isset($_POST[$p])) ? $_POST[$p] : '';
						$user->Set($area, $val);
					}
				/**
				 * -----
				 */

				if ($user->HasAccess('User', 'SMTP')) {
					if ($smtptype == 0) {
						$user->Set('smtpserver', '');
						$user->Set('smtpusername', '');
						$user->Set('smtppassword', '');
						$user->Set('smtpport', 0);
					}
				}

				$error = false;
				$template = false;

				if (!$error) {
					if ($_POST['ss_p'] != '') {
						if ($_POST['ss_p_confirm'] != '' && $_POST['ss_p_confirm'] == $_POST['ss_p']) {
							$user->Set('password', $_POST['ss_p']);
						} else {
							$error = GetLang('PasswordsDontMatch');
						}
					}
				}

				if (!$error) {
					$result = $user->Save();
					if ($result) {
						$GLOBALS['Message'] = $this->PrintSuccess('UserUpdated') . '<br/>';
					} else {
						$GLOBALS['Error'] = GetLang('UserNotUpdated');
						$GLOBALS['Message'] = $this->ParseTemplate('ErrorMsg', true, false);
					}
				} else {
					$GLOBALS['Error'] = $error;
					$GLOBALS['Message'] = $this->ParseTemplate('ErrorMsg', true, false);
				}

				$userid = $user->Get('userid');
				$this->PrintEditForm($userid);
			break;

			case 'sendpreviewdisplay':
				$this->PrintHeader(true);
				$this->SendTestPreviewDisplay('index.php?Page=ManageAccount&Action=SendPreview', 'self.parent.getSMTPPreviewParameters()');
				$this->PrintFooter(true);
			break;

			case 'sendpreview':
				$this->SendTestPreview();
			break;

			case 'testgooglecalendar':
				$status = array(
					'status' => false,
					'message' => ''
				);
				try {
					$details = array(
						'username' => $_REQUEST['gcusername'],
						'password' => $_REQUEST['gcpassword']
					);

					$this->GoogleCalendarAdd($details, true);

					$status['status'] = true;
					$status['message'] = GetLang('GooglecalendarTestSuccess');
				} catch (Exception $e) {
					$status['message'] = GetLang('GooglecalendarTestFailure');
				}

				print GetJSON($status);
			break;

			default:
				$userid = $user->userid;
				$this->PrintEditForm($userid);
			break;
		}

		if (!in_array($action, $this->PopupWindows)) {
			$this->PrintFooter();
		}
	}
	public function page_saveRecord()
	{
		$record = IEM::requestGetPOST('record', array());

        $record['groupname'] = htmlspecialchars($record['groupname']);

		$created = ((IEM::ifsetor($record['groupid'], 0, 'intval') == 0) ? true : false);

		/*
		 * Transform the permission so that it will be recognized by the API
		 */

		$permissions = IEM::ifsetor($record['permissions'], array());


		$new_permissions = array();
		if (!is_array($permissions)) {
			$permissions = array();
		}
		if (!empty($permissions)) {
			foreach ($permissions as $each) {
				$temp = explode('.', $each);

				// This can only handle 2 level permissions,
				// ie. autoresponders.create, autoresponders.delete, autoresponders.edit
				// will become $permissions['autoresponders'] = array('create', 'delete', 'edit');
				if (count($temp) != 2) {
					continue;
				}

				if (!isset($new_permissions[$temp[0]])) {
					$new_permissions[$temp[0]] = array();
				}

				$new_permissions[$temp[0]][] = $temp[1];
			}
		}

		$record['permissions'] = $new_permissions;

		if (empty($record)) {
			return $this->page_createGroup($record);
		}

		// Check if "Request Token" matches
		// This tries to prevent CSRF
		$token = IEM::sessionGet('UsersGroups_Editor_RequestToken', false);
		if (!$token || $token != IEM::requestGetPOST('requestToken', false)) {
			return $this->page_createGroup($record);
		}

		$status = API_USERGROUPS::saveRecord($record);
		if (!$status) {
			FlashMessage(GetLang('UsersGroups_From_Error_CannotSave'), SS_FLASH_MSG_ERROR);
			return $this->printEditor($record);
		}

		$messageVariable = 'UsersGroups_From_Success_Saved';
		if ($created) {
			$messageVariable = 'UsersGroups_From_Success_Created';
		}

		FlashMessage(GetLang($messageVariable), SS_FLASH_MSG_SUCCESS, IEM::urlFor('UsersGroups'));
	}
	private function _handleSubmitAction()
	{
		// don't escape
		$template_dir = SENDSTUDIO_BASE_DIRECTORY . '/addons/surveys/templates';
		$this->_template = 	 GetTemplateSystem($template_dir);

		$this->_template->DefaultHtmlEscape = false;

		$formId      = (int) IEM::requestGetGET('formId');
		$postWidgets = IEM::requestGetPOST('widget');

		// If there are files, take the values and place them in the $postWidgets array so they can
		// get validated and entered into the response values in the same manner. Uploads will be
		// handled separately.

		if (isset($_FILES['widget'])) {
			foreach ($_FILES['widget']['name'] as $widgetId => $widget) {
				foreach ($widget as $fields) {
					foreach ($fields as $fieldId => $field) {
						$postWidgets[$widgetId]['field'][$fieldId]['value'] = 'file_' . $field['value'];
					}
				}
			}
		}

		// If the form and widgets weren't posted in the format we require then redirect back
		if (!$formId) {
			$this->redirectToReferer();
		}

		$surveyApi = $this->getApi();
		$surveyApi->Load($formId);
		$surveyData = $surveyApi->GetData();

		$errors       = 0;
		$widgets      = $surveyApi->getWidgets($formId);
		$widgetErrors = array();


		/****  START OF ERROR VALIDATION ****/

		// compile a list of widget ids so we can check the posted widgets against a list of
		// valid widget ids


		foreach ($widgets as $widgetKey => $widget) {

			if (!isset($widgetErrors[$widget['id']])) {
				$widgetErrors[$widget['id']] = array();
			}

			// validate required fields
			if ($widget['is_required']) {
				// the widget is assumed blank until one of it's fields is found not blank
				$isBlank = true;
				$isOther = false;


				// make sure the required widget was even posted

				if (isset($postWidgets[$widget['id']])) {
					foreach ($postWidgets[$widget['id']]['field'] as $field) {
						if (isset($field['value'])) {
							$values = (array) $field['value'];

							foreach ($values as $value) {

								// get the value of an "other" field if it is one, otherwise just grab
								// the normal value
								if ($value == '__other__') {
									$isOther = true;
									$value   = $field['other'];
								}

								// make sure the value isn't blank
								if ($this->_validateIsBlank($value) !== true) {
									$isBlank = false;
								}
							}
						}
					}
				}

				// if the widget is blank, flag an error
				if ($isBlank) {
					if ($isOther) {
						$error = GetLang('Addon_Surveys_ErrorRequiredOther');
					} else {
						$error = GetLang('Addon_Surveys_ErrorRequired');
					}
					$widgetErrors[$widget['id']][] = $error;
					$errors++;
				}
				
				if ($widget['type'] == 'file') {
					foreach ($postWidgets[$widget['id']]['field'] as $fieldid) {
						if (isset($fieldid['value'])) {$uploaded_file = $fieldid['value'];break;}
					}
					if (empty($uploaded_file) || $uploaded_file == "file_") {
						$error = GetLang('Addon_Surveys_ErrorRequired');
						$widgetErrors[$widget['id']][] = $error;
						$errors++;
					}					
				}
			}




			// validate file types
			if ($widget['type'] == 'file') {
				
				if (!empty($widget['allowed_file_types'])) {
					$typeArr     = preg_split('/\s*,\s*/', strtolower($widget['allowed_file_types']));
					$invalidType = false;


					// foreach of the passed fields (most likely 1) check and see if they are valid file types
					foreach ($postWidgets[$widget['id']]['field'] as $field) {
						$parts = explode('.', $field['value']);
						$ext   = strtolower(end($parts));



						// only if the field has a value we will test its file type
						if (trim($field['value']) != '' && !in_array($ext, $typeArr)) {
							$invalidType = true;
						}
					}

					// if the a file is not a valid file type, then the whole widget fails validation
					if ($invalidType) {
						$lastFileType   = '<em>.' . array_pop($typeArr) . '</em>';
						$firstFileTypes = '<em>.' . implode('</em>, <em>.', $typeArr) . '</em>';
						$widgetErrors[$widget['id']][] = sprintf(GetLang('Addon_Surveys_ErrorInvalidFileType'), $lastFileType, $firstFileTypes);
						$errors++;
					}
				}
			}

			if (isset($postWidgets[$widget['id']])) {
				// add a value to the values array so it can be passed to the email feedback template
				@$widgets[$widgetKey]['values'] = $postWidgets[$widget['id']]['field'];
			}
		}

		// if there were errors, redirect back and display the errors
		if ($errors) {
			// set a global error message to alert the user to the specific errors
			IEM::sessionSet('survey.addon.' . $formId . '.errorMessage', $surveyData['error_message']);
			// set the widget errors so we can retrieve them for the user
			IEM::sessionSet('survey.addon.' . $formId . '.widgetErrors', $widgetErrors);
			$this->redirectToReferer();
		}

		/****  END OF ERROR VALIDATION ****/

		// isntantiate a new response object
		$response = $this->getSpecificApi('responses');

		// associate the response to a particular form
		$response->surveys_id = $formId;

		// if the response was saved, then associate values to the response
		if ($response->Save()) {
			// foreach of the posted widgets, check to see if it belongs in this form and save it if it does

			foreach ($postWidgets as $postWidgetId => $postWidget) {
				// iterate through each field and enter it in the feedback

				foreach ($postWidget['field'] as $field) {
					// make sure it has a value first

					if (isset($field['value'])) {
						// since multiple values can be given, we treat them as an array
						$values = (array) $field['value'];

						foreach ($values as $value) {

							$responseValue = $this->getSpecificApi('responsesvalue');
							// foreign key for the response id
							$responseValue->surveys_response_id = $response->GetId();

							// set the widget id foreign key; widgets can have multiple field values and
							// should be treated as such
							$responseValue->surveys_widgets_id =  $postWidgetId;

							// set the value of the feedback; this should be a single value since widgets
							// can have multiple feed back values
							if ($value == '__other__') {
								$responseValue->value =  $field['other'];
								$responseValue->is_othervalue = 1;
							} else {
								// if file value exist we need to save the md5 name of the file in the database
								$responseValue->file_value = "";
								if (substr($value, 0, 5) == "file_") {
									$value = str_replace("file_", "", $value);
									$responseValue->file_value = md5($value);
								}

								$responseValue->value = $value;
								$responseValue->is_othervalue = 0;
							}

							// save it
							$responseValue->Save();
						}

					}
				}
			}

			// send an email if desired
			/**
			 *  Prepare for sending the email..
			 */

			$widget_api = $this->getSpecificApi('widgets');

			if ($surveyData['email_feedback']) {
				foreach ($widgets as &$widget) {
					$widget_api->populateFormData($widget);

					// set the values (normally 1, unless it's a list of checkboxes)
					$widget['values'] = $widget_api->getResponseValues($response->id);

					// get the other value
					$other = $widget_api->getOtherField();

					// add the full url to the file
					if ($widget['type'] == 'file') {
						$attachment_url = "admin/index.php?Page=Addons&Addon=surveys&Action=DownloadAttach&ajax=1&formId=" . $formId . "&responseId=" . $response->id . "&value=" . base64_encode($widget['values'][0]['value']);
						$attachment_tag =  SENDSTUDIO_APPLICATION_URL . "/" .  $attachment_url;
						// . "'>" . $widget['values'][0]['value'];
						$widget['values'][0]['value'] = $attachment_tag;
					}

					if ($other) {
						// the other value will be the last one
						$otherValueIndex = count($widget['values']) - 1;
						$widget['values'][$otherValueIndex]['value'] = $other['other_label_text'] . ' ' . $widget['values'][$otherValueIndex]['value'];
					}
				}


				$viewUri = SENDSTUDIO_APPLICATION_URL
					 . '/admin/index.php?Page=Addons&Addon=surveys&Action=viewresponses&surveyId='
					 . $surveyApi->id
					 . '&responseId='
					 . $response->id;
				$editUri = SENDSTUDIO_APPLICATION_URL
					 . '/admin/index.php?Page=Addons&Addon=surveys&Action=editresponse&surveyId='
					 . $surveyApi->id
					 . '&responseId='
					 . $response->id;

				$this->_template->Assign('form', $surveyApi->GetData());
				$this->_template->Assign('widgets', $widgets);
				$this->_template->Assign('emailBodyStart', sprintf(GetLang('Addon_Surveys_emailBodyStart'), $surveyApi->Get('name')));
				$this->_template->Assign('emailViewLink', sprintf(GetLang('Addon_Surveys_emailViewLink'), $viewUri));
				$this->_template->Assign('emailEditLink', sprintf(GetLang('Addon_Surveys_emailEditLink'), $editUri));

				// parse the email template for its content
				$emailTemplate = $this->_template->ParseTemplate('email', true);

				require_once(IEM_PATH . '/ext/interspire_email/email.php');
				$emailapi = new Email_API();

				$emailapi->SetSmtp(SENDSTUDIO_SMTP_SERVER, SENDSTUDIO_SMTP_USERNAME, @base64_decode(SENDSTUDIO_SMTP_PASSWORD), SENDSTUDIO_SMTP_PORT);
				//if ($this->smtpserver) {
				//	$emailapi->SetSmtp($this->smtpserver, $this->smtpusername, $this->smtppassword, $this->smtpport);
				//}

				$emailapi->ClearRecipients();
				$emailapi->ForgetEmail();
				$emailapi->Set('forcechecks', false);

				$to = ($surveyApi->Get('email'));
				$emailapi->AddRecipient($to);

				$emailapi->Set('FromAddress', (defined('SENDSTUDIO_EMAIL_ADDRESS') ? SENDSTUDIO_EMAIL_ADDRESS : $userobject->emailaddress));
				$emailapi->Set('BounceAddress', SENDSTUDIO_EMAIL_ADDRESS);
				$emailapi->Set('CharSet', SENDSTUDIO_CHARSET);

				$subject = sprintf(GetLang('Addon_Surveys_emailSubject'), $surveyApi->Get('name'));
				$emailapi->Set('Subject', $subject);


				//email body
				$emailapi->AddBody('text', $emailTemplate);
				$status = $emailapi->Send();
				if ($status['success'] != 1) {
					trigger_error(__CLASS__ . '::' . __METHOD__ . ' -- Was not able to send email: ' . serialize($status['failed']), E_USER_NOTICE);
					return false;
				}
			}

			// perform file uploading

			if (isset($_FILES['widget']['name'])) {
				$files = $_FILES['widget']['name'];

				foreach ($files as $widgetId => $widget) {
					foreach ($widget as $widgetKey => $fields) {
						foreach ($fields as $fieldId => $field) {
							// gather file information
							$name    = $_FILES['widget']['name'][$widgetId]['field'][$fieldId]['value'];
							$type    = $_FILES['widget']['type'][$widgetId]['field'][$fieldId]['value'];
							$tmpName = $_FILES['widget']['tmp_name'][$widgetId]['field'][$fieldId]['value'];
							$error   = $_FILES['widget']['error'][$widgetId]['field'][$fieldId]['value'];
							$size    = $_FILES['widget']['size'][$widgetId]['field'][$fieldId]['value'];

							// if the upload was successful to the temporary folder, move it
							if ($error == UPLOAD_ERR_OK) {
								$tempdir   = TEMP_DIRECTORY;
								$upBaseDir = $tempdir . DIRECTORY_SEPARATOR . 'surveys';
								$upSurveyDir = $upBaseDir . DIRECTORY_SEPARATOR . $formId;
								$upDir     = $upSurveyDir . DIRECTORY_SEPARATOR . $response->GetId();

								// if the base upload directory doesn't exist create it
								if (!is_dir($upBaseDir)) {
									mkdir($upBaseDir, 0755);
								}

								if (!is_dir($upSurveyDir)) {
									mkdir($upSurveyDir, 0755);
								}

								// if the upload directory doesn't exist create it
								if (!is_dir($upDir)) {
									mkdir($upDir, 0755);
								}

								// upload the file
								move_uploaded_file($tmpName, $upDir . DIRECTORY_SEPARATOR . $name);
							}
						}
					}
				}
			}
		}

		// if we are redirecting to a url, redirect them
		switch ($surveyData['after_submit']) {
			case 'show_uri':
				header('Location: ' . $surveyApi->show_uri);
				exit;
			break;

			case 'show_message':
				IEM::sessionSet('survey.addon.' . $formId . '.successMessage', $surveyApi->show_message);

			default:
				// redirect back
				$this->redirectToReferer();
		}
	}
示例#10
0
	/**
	* ShowLoginForm
	* This shows the login form.
	* If there is a template to use in the data/templates folder it will use that as the login form.
	* Otherwise it uses the default one below. If you pass in a message it will show that message above the login form.
	*
	* @param String $template Uses the template passed in for the message (eg success / error).
	* @param String $msg Prints the message passed in above the login form (eg unsuccessful attempt).
	*
	* @see FetchTemplate
	* @see PrintHeader
	* @see PrintFooter
	*
	* @return Void Doesn't return anything, just prints the login form.
	*/
	function ShowLoginForm($template=false, $msg=false)
	{
		if (!IEM::getCurrentUser()) {
			$this->GlobalAreas['InfoTips'] = '';
		}

		$this->PrintHeader(true);

		$GLOBALS['Message'] = GetLang('Help_Login');

		if ($template && $msg) {
			switch ($template) {
				case 'login_error':
					$GLOBALS['Error'] = $msg;
				break;
				case 'login_success':
					$this->GlobalAreas['Success'] = $msg;
				break;
			}
			$GLOBALS['Message'] = $this->ParseTemplate($template,true);
		}

		$username = IEM::requestGetPOST('ss_username', false);
		if ($username) {
			$GLOBALS['ss_username'] = htmlspecialchars($username, ENT_QUOTES, SENDSTUDIO_CHARSET);
 		}

		$GLOBALS['ss_takemeto'] = 'index.php';
		$loginPreference = IEM::requestGetCookie('IEM_LoginPreference', array());
		if (is_array($loginPreference) && isset($loginPreference['takemeto'])) {
			$GLOBALS['ss_takemeto'] = $loginPreference['takemeto'];
		}

		$this->GlobalAreas['SubmitAction'] = 'Login';

		$this->ParseTemplate('login');

		$this->PrintFooter(true);
	}
示例#11
0
	/**
	 * _save
	 * Save record (edit/create)
	 *
	 * @param Array $parameters Any parameters that need to be parsed to this function (OPTIONAL)
	 * @return String Returns response string that can be outputted to the browser
	 *
	 * @uses SendStudio_Functions::_getPOSTRequest()
	 * @uses SendStudio_Functions::GetApi()
	 * @uses TriggerEmails_API::Save()
	 * @uses TriggerEmails::_getEditor()
	 * @uses FlashMessage()
	 */
	private function _save($parameters = array())
	{
		if (IEM::requestGetPOST('ProcessThis', 0, 'intval') != 1) {
			return $this->_manage($parameters);
		}

		$api = $this->GetApi();
		$record = IEM::requestGetPOST('record', array());

		if (empty($record['triggeremailsid'])) {
			if (!$parameters['user']->HasAccess('triggeremails', 'create')) {
				$this->DenyAccess();
				exit();
			}
		} else {
			if (!$parameters['user']->HasAccess('triggeremails', 'edit')) {
				$this->DenyAccess();
				exit();
			}

			if (!$parameters['user']->Admin() && !$api->IsOwner($record['triggeremailsid'], $parameters['user']->userid)) {
				$this->DenyAccess();
				exit();
			}
		}

		// If triggeremailsid is specified, load the record from database,
		// if error is encountered, flash error message, and return to the editor page
		if (!empty($record['triggeremailsid'])) {
			$status = $api->Load(intval($record['triggeremailsid']));
			if (!$status) {
				FlashMessage(GetLang('TriggerEmails_Cannot_Load_Record'), SS_FLASH_MSG_ERROR);
				return $this->_getEditor($parameters, $record);
			}
		}

		// Check permission for parameters entered in
		if (!$this->_checkUserResourcePermission($record, $parameters['user'])) {
			$GLOBALS['Error'] = GetLang('TriggerEmails_Form_Save_Failed_Permission');
			$parameters['message'] .= $this->ParseTemplate('errormsg', true);
			unset($GLOBALS['Error']);

			return $this->_getEditor($parameters, $record);
		}

		// Overwrite bounce email if user can't specify their own
		if (!$parameters['user']->HasAccess('Lists', 'BounceSettings') && isset($record['triggeractions']) && isset($record['triggeractions']['send']) && isset($record['triggeractions']['send']['enabled']) && $record['triggeractions']['send']['enabled']) {
			$record['triggeractions']['send']['bounceemail'] = SENDSTUDIO_BOUNCE_ADDRESS;
		}

		// Populate the API
		foreach ($record as $property => $value) {
			if ($property != 'triggeremailsid') {
				$api->{$property} = $value;
			}
		}

		// Set up owner ID
		$api->ownerid = $parameters['user']->userid;

		// Save
		$triggerid = $api->Save();
		if ($triggerid === false) {
			$GLOBALS['Error'] = GetLang('TriggerEmails_Form_Save_Failed');
			$parameters['message'] .= $this->ParseTemplate('errormsg', true);
			unset($GLOBALS['Error']);

			return $this->_getEditor($parameters, $record);
		} else {
			FlashMessage(GetLang('TriggerEmails_Form_Save_Success'), SS_FLASH_MSG_SUCCESS, 'index.php?Page=TriggerEmails');
			return $this->_manage($parameters);
		}
	}
示例#12
0
$function_params = false;
// -----
// SimpleXML extensions needs to be loaded
if (!extension_loaded('SimpleXML')) {
    SendResponse(false, 'The XML-API requires the SimpleXML extension to be loaded.');
}

if (defined('IEM_SYSTEM_ACTIVE') && !IEM_SYSTEM_ACTIVE) {
    SendResponse(false, 'Error: Please contact your system admin!');
}



// ----- Get XML object
$tempXMLString = IEM::requestGetPOST('xml', '', 'trim');

// They do not parse the XML string into the POST parameter, so getting it from php://input stream
if (empty($tempXMLString)) {
    $tempXMLString = file_get_contents('php://input');
}

$tempXMLString = trim($tempXMLString);

// Make sure XML request is NOT empty
if (empty($tempXMLString)) {
    SendResponse(false, 'No data has been given to the XML-API.');
}

/**
 * we can't use a try/catch and a 'new SimpleXMLObject' here because php4 throws a parse error when it hits the 'try' line.