public static function executeActions($account, $mailDetail, $folder, $params = false)
{
$log = LoggerManager::getInstance();
$log->debug('Start execute actions: ' . $account['username']);
global $who_trigger;
$actions = $return = [];
if ($params && array_key_exists('actions', $params)) {
$actions = $params['actions'];
} elseif (strpos($account['actions'], ',')) {
$actions = explode(',', $account['actions']);
} else {
$actions[] = $account['actions'];
}
$self = Vtiger_Record_Model::getCleanInstance('OSSMailScanner');
$EmailActionsList = $self->getEmailActionsList();
$EmailActionsListName = $self->getEmailActionsListName($EmailActionsList);
foreach ($EmailActionsListName as $action) {
foreach ($actions as $user_action) {
if ($action[0] == $user_action) {
$url = str_replace('|', '/', $action[1]);
$scannerModuleModel = Vtiger_Module_Model::getCleanInstance('OSSMailScanner');
$action_adress = $scannerModuleModel->ActionsDirector . '/' . $url . '.php';
if (file_exists($action_adress)) {
require_once $action_adress;
$fn_name = '_' . $action[0];
$log->debug('Start action: ' . $fn_name);
$return[$user_action] = $fn_name($account['user_id'], $mailDetail, $folder, $return);
$log->debug('End action: ' . $fn_name);
}
}
}
}
$log->debug('End execute actions');
return $return;
}
/** Function to check the file deletion within the deletable (safe) directories */
static function checkFileAccessForDeletion($filepath)
{
// Set the base directory to compare with
$use_root_directory = AppConfig::main('root_directory');
if (empty($use_root_directory)) {
$use_root_directory = realpath(dirname(__FILE__) . '/../../.');
}
$safeDirectories = array('storage', 'cache', 'test');
$realfilepath = realpath($filepath);
/** Replace all \\ with \ first */
$realfilepath = str_replace('\\\\', '\\', $realfilepath);
$rootdirpath = str_replace('\\\\', '\\', $use_root_directory);
/** Replace all \ with / now */
$realfilepath = str_replace('\\', '/', $realfilepath);
$rootdirpath = str_replace('\\', '/', $rootdirpath);
$relativeFilePath = str_replace($rootdirpath, '', $realfilepath);
$filePathParts = explode('/', $relativeFilePath);
if (stripos($realfilepath, $rootdirpath) !== 0 || !in_array($filePathParts[0], $safeDirectories)) {
$log = LoggerManager::getInstance();
$log->error(__CLASS__ . ':' . __FUNCTION__ . '(' . $filepath . ') - Sorry! Attempt to access restricted file. realfilepath: ' . print_r($realfilepath, true));
throw new AppException('Sorry! Attempt to access restricted file.');
}
}
/**
* This function returns no value but handles the delete functionality of each entity.
* Input Parameter are $module - module name, $return_module - return module name, $focus - module object, $record - entity id, $return_id - return entity id.
*/
function DeleteEntity($destinationModule, $sourceModule, $focus, $destinationRecordId, $sourceRecordId)
{
$adb = PearDatabase::getInstance();
$log = LoggerManager::getInstance();
$log->debug("Entering DeleteEntity method ({$destinationModule}, {$sourceModule}, {$destinationRecordId}, {$sourceRecordId})");
require_once 'include/events/include.inc';
if ($destinationModule != $sourceModule && !empty($sourceModule) && !empty($sourceRecordId)) {
$em = new VTEventsManager($adb);
$em->initTriggerCache();
$data = [];
$data['CRMEntity'] = $focus;
$data['entityData'] = VTEntityData::fromEntityId($adb, $destinationRecordId);
$data['sourceModule'] = $sourceModule;
$data['sourceRecordId'] = $sourceRecordId;
$data['destinationModule'] = $destinationModule;
$data['destinationRecordId'] = $destinationRecordId;
$em->triggerEvent('vtiger.entity.unlink.before', $data);
$focus->unlinkRelationship($destinationRecordId, $sourceModule, $sourceRecordId);
$focus->trackUnLinkedInfo($sourceModule, $sourceRecordId, $destinationModule, $destinationRecordId);
if ($em) {
$entityData = VTEntityData::fromEntityId($adb, $destinationRecordId);
$em->triggerEvent('vtiger.entity.unlink.after', $data);
}
} else {
$currentUserPrivilegesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
if (!$currentUserPrivilegesModel->isPermitted($module, 'Delete', $destinationRecordId)) {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
}
$focus->trash($module, $destinationRecordId);
}
$log->debug('Exiting DeleteEntity method ...');
}
/**
* Function to check the file access is made within web root directory.
* @param String File path to check
* @param Boolean False to avoid die() if check fails
*/
static function checkFileAccess($filepath, $dieOnFail = true)
{
// Set the base directory to compare with
$use_root_directory = AppConfig::main('root_directory');
if (empty($use_root_directory)) {
$use_root_directory = realpath(dirname(__FILE__) . '/../../.');
}
$realfilepath = realpath($filepath);
/** Replace all \\ with \ first */
$realfilepath = str_replace('\\\\', '\\', $realfilepath);
$rootdirpath = str_replace('\\\\', '\\', $use_root_directory);
/** Replace all \ with / now */
$realfilepath = str_replace('\\', '/', $realfilepath);
$rootdirpath = str_replace('\\', '/', $rootdirpath);
if (stripos($realfilepath, $rootdirpath) !== 0) {
if ($dieOnFail) {
$log = LoggerManager::getInstance();
$log->error(__CLASS__ . ':' . __FUNCTION__ . '(' . $filepath . ') - Sorry! Attempt to access restricted file. realfilepath: ' . print_r($realfilepath, true));
throw new AppException('Sorry! Attempt to access restricted file.');
}
return false;
}
return true;
}
/**
* @param string $user name - Must be non null and at least 1 character.
* @param string $userPassword - Must be non null and at least 1 character.
* @param string $newPassword - Must be non null and at least 1 character.
* @return boolean - If passwords pass verification and query succeeds, return true, else return false.
* @desc Verify that the current password is correct and write the new password to the DB.
* Portions created by SugarCRM are Copyright (C) SugarCRM, Inc..
* All Rights Reserved..
* Contributor(s): ______________________________________..
*/
function change_password($userPassword, $newPassword, $dieOnError = true)
{
$db = PearDatabase::getInstance();
$log = LoggerManager::getInstance();
$usr_name = $this->column_fields['user_name'];
$current_user = vglobal('current_user');
$log->debug('Starting password change for ' . $usr_name);
if (!isset($newPassword) || $newPassword == "") {
$this->error_string = vtranslate('ERR_PASSWORD_CHANGE_FAILED_1') . $user_name . vtranslate('ERR_PASSWORD_CHANGE_FAILED_2');
return false;
}
if (!is_admin($current_user)) {
if (!$this->verifyPassword($userPassword)) {
$log->warn('Incorrect old password for ' . $usr_name);
$this->error_string = vtranslate('ERR_PASSWORD_INCORRECT_OLD');
return false;
}
}
$userHash = $this->get_user_hash($newPassword);
//set new password
$crypt_type = $this->DEFAULT_PASSWORD_CRYPT_TYPE;
$encryptedNewPassword = $this->encrypt_password($newPassword, $crypt_type);
$db->startTransaction();
$db->update($this->table_name, ['user_password' => $encryptedNewPassword, 'confirm_password' => $encryptedNewPassword, 'user_hash' => $userHash, 'crypt_type' => $crypt_type], 'id = ?', [$this->id]);
// Fill up the post-save state of the instance.
if (empty($this->column_fields['user_hash'])) {
$this->column_fields['user_hash'] = $userHash;
}
$this->column_fields['user_password'] = $encryptedNewPassword;
$this->column_fields['confirm_password'] = $encryptedNewPassword;
$this->triggerAfterSaveEventHandlers();
$db->completeTransaction();
$log->debug('Ending password change for ' . $usr_name);
return true;
}
/**
* Move the related records of the specified list of id's to the given record.
* @param String This module name
* @param Array List of Entity Id's from which related records need to be transfered
* @param Integer Id of the the Record to which the related records are to be moved
*/
function transferRelatedRecords($module, $transferEntityIds, $entityId)
{
$adb = PearDatabase::getInstance();
$log = LoggerManager::getInstance();
$log->debug("Entering function transferRelatedRecords ({$module}, {$transferEntityIds}, {$entityId})");
foreach ($transferEntityIds as $transferId) {
// Pick the records related to the entity to be transfered, but do not pick the once which are already related to the current entity.
$relatedRecords = $adb->pquery("SELECT relcrmid, relmodule FROM vtiger_crmentityrel WHERE crmid=? AND module=?" . " AND relcrmid NOT IN (SELECT relcrmid FROM vtiger_crmentityrel WHERE crmid=? AND module=?)", array($transferId, $module, $entityId, $module));
$numOfRecords = $adb->num_rows($relatedRecords);
for ($i = 0; $i < $numOfRecords; $i++) {
$relcrmid = $adb->query_result($relatedRecords, $i, 'relcrmid');
$relmodule = $adb->query_result($relatedRecords, $i, 'relmodule');
$where = 'relcrmid = ? AND relmodule = ? AND crmid = ? AND module = ?';
$params = [$relcrmid, $relmodule, $transferId, $module];
$adb->update('vtiger_crmentityrel', ['crmid' => $entityId], $where, $params);
}
// Pick the records to which the entity to be transfered is related, but do not pick the once to which current entity is already related.
$parentRecords = $adb->pquery("SELECT crmid, module FROM vtiger_crmentityrel WHERE relcrmid=? AND relmodule=?" . " AND crmid NOT IN (SELECT crmid FROM vtiger_crmentityrel WHERE relcrmid=? AND relmodule=?)", array($transferId, $module, $entityId, $module));
$numOfRecords = $adb->num_rows($parentRecords);
for ($i = 0; $i < $numOfRecords; $i++) {
$parcrmid = $adb->query_result($parentRecords, $i, 'crmid');
$parmodule = $adb->query_result($parentRecords, $i, 'module');
$where = 'crmid = ? AND module = ? AND relcrmid = ? AND relmodule = ?';
$params = [$parcrmid, $parmodule, $transferId, $module];
$adb->update('vtiger_crmentityrel', ['relcrmid' => $entityId], $where, $params);
}
$adb->update('vtiger_modcomments', ['related_to' => $entityId], 'related_to = ?', [$transferId]);
}
$log->debug("Exiting transferRelatedRecords...");
}
/**
* Retrieve a logger.
* If a name is not specified, the default logger is returned.
*
* @param string A logger name.
* @return Logger A Logger instance, if the given Logger exists, otherwise NULL.
*/
function &getLogger($name = "default")
{
$instance =& LoggerManager::getInstance();
if (isset($instance->loggers[$name])) {
return $instance->loggers[$name];
}
return NULL;
}
