/**
* Update an existing handler
*
* @param int $id the handler ID
* @param string $email the email address
* @param string $handler the handler for messages to the email address
*/
function update_handler($id, $email, $handler, $active)
{
$id = (int) $id;
$email = $this->db->db_addslashes($email);
$handler = $this->db->db_addslashes($handler);
$active = (int) $active;
$lastmod = time();
$sql = 'UPDATE phpgw_mail_handler' . " SET target_email = '{$email}', handler = '{$handler}', is_active = {$active}, lastmod = {$lastmod}, lastmod_user = {$GLOBALS['phpgw_info']['user']['account_id']}" . " WHERE handler_id = {$id}";
$this->db->query($sql, __LINE__, __FILE__);
}
/**
* Find locations within an application
*
* @param bool $grant Used for finding locations where users can grant rights to others
* @param string $appname Name of application in question
* @param bool $allow_c_attrib Used for finding locations where custom attributes can be applied
* @param bool $have_categories for finding locations which have categories
*
* @return array Array locations
*/
public function get_locations($grant = false, $appname = '', $allow_c_attrib = false, $c_function = false, $have_categories = false)
{
if (!$appname) {
$appname = $GLOBALS['phpgw_info']['flags']['currentapp'];
}
$appname = $this->_db->db_addslashes($appname);
$filter = " WHERE app_name='{$appname}' AND phpgw_locations.name != 'run'";
$join_categories = '';
if ($have_categories) {
$join_categories = "{$this->_join} phpgw_categories ON phpgw_locations.location_id = phpgw_categories.location_id";
}
if ($allow_c_attrib) {
$filter .= ' AND allow_c_attrib = 1';
}
if ($grant) {
$filter .= ' AND allow_grant = 1';
}
if ($c_function) {
$filter .= ' AND allow_c_function = 1';
}
$sql = "SELECT phpgw_locations.location_id, phpgw_locations.name, phpgw_locations.descr FROM phpgw_locations" . " {$this->_join} phpgw_applications ON phpgw_locations.app_id = phpgw_applications.app_id" . " {$join_categories}" . " {$filter} ORDER BY phpgw_locations.name";
$this->_db->query($sql, __LINE__, __FILE__);
$locations = array();
while ($this->_db->next_record()) {
$locations[$this->_db->f('name')] = $this->_db->f('descr', true);
}
return $locations;
}
/**
* Get standard valueset for atttibutes and location
*
* @param array $data the data to organize
*
* @return array $value_set to either insert or edit
*/
protected function _get_value_set($data)
{
$value_set = array();
if (isset($data['location']) && is_array($data['location'])) {
foreach ($data['location'] as $input_name => $value) {
if (isset($value) && $value) {
$value_set[$input_name] = $value;
}
}
$value_set['location_code'] = implode('-', $data['location']);
}
if (isset($data['extra']) && is_array($data['extra'])) {
foreach ($data['extra'] as $input_name => $value) {
if (isset($value) && $value) {
$value_set[$input_name] = $value;
}
}
if ($data['extra']['p_num'] && $data['extra']['p_entity_id'] && $data['extra']['p_cat_id']) {
$entity = CreateObject('property.soadmin_entity');
$entity_category = $entity->read_single_category($data['extra']['p_entity_id'], $data['extra']['p_cat_id']);
}
}
if (isset($data['attributes']) && is_array($data['attributes'])) {
$data_attribute = $this->custom->prepare_for_db($table, $data['attributes']);
if (isset($data_attribute['value_set'])) {
foreach ($data_attribute['value_set'] as $input_name => $value) {
if (isset($value) && $value) {
$value_set[$input_name] = $value;
}
}
}
}
$_address = array();
if (isset($data['street_name']) && $data['street_name']) {
$_address[] = "{$data['street_name']} {$data['street_number']}";
}
if (isset($data['location_name']) && $data['location_name']) {
$_address[] = ucfirst(strtolower($data['location_name']));
}
if (isset($data['additional_info']) && $data['additional_info']) {
foreach ($data['additional_info'] as $key => $value) {
if ($value) {
$_address[] = "{$key}|{$value}";
}
}
}
if (isset($entity_category) && $entity_category) {
$_address[] = "{$entity_category['name']}::{$data['extra']['p_num']}";
}
$address = $this->_db->db_addslashes(implode('::', $_address));
$value_set['address'] = $address;
return $value_set;
}
/**
* Fetch a single custom function record from the database
*
* @param string $appname the module the function belongs to
* @param string $location the location the function is used
* @param integer $id the ID for the function
*
* @return array the function values - null if not found
*/
public function get($appname, $location, $id)
{
$appname = $this->_db->db_addslashes($appname);
$location = $this->_db->db_addslashes($location);
$id = (int) $id;
$sql = 'SELECT phpgw_cust_function.* FROM phpgw_cust_function ' . " {$this->_join} phpgw_locations ON phpgw_cust_function.location_id = phpgw_locations.location_id" . " {$this->_join} phpgw_applications ON phpgw_applications.app_id = phpgw_locations.app_id" . " WHERE phpgw_applications.app_name = '{$appname}'" . " AND phpgw_locations.name = '{$location}'" . " AND phpgw_cust_function.id = {$id}";
$this->_db->query($sql, __LINE__, __FILE__);
if (!$this->_db->next_record()) {
return null;
}
return array('id' => (int) $this->_db->f('id'), 'descr' => $this->_db->f('descr', true), 'custom_function_file' => $this->_db->f('file_name'), 'active' => !!$this->_db->f('active'), 'pre_commit' => !!$this->_db->f('pre_commit'), 'client_side' => !!$this->_db->f('client_side'));
}
/**
* Store the current configuration
*/
public function save_repository()
{
$config_data = $this->config_data;
if (is_array($config_data) && count($config_data)) {
$this->db->transaction_begin();
$this->delete_repository();
foreach ($config_data as $name => $value) {
if (is_array($value)) {
$value = serialize($value);
}
$name = $this->db->db_addslashes($name);
$value = $this->db->db_addslashes($value);
$query = "INSERT INTO phpgw_config (config_app,config_name,config_value) " . "VALUES ('{$this->module}', '{$name}', '{$value}')";
$this->db->query($query, __LINE__, __FILE__);
}
$this->db->transaction_commit();
}
}
/**
* Protect against brute force attacks, block login if too many unsuccessful login attmepts
*
* @param string $login account_lid (evtl. with domain)
* @param string $ip the ip that made the request
*
* @return boolean login blocked?
*/
protected function _login_blocked($login, $ip)
{
$blocked = false;
$block_time = time() - $GLOBALS['phpgw_info']['server']['block_time'] * 60;
$ip = $this->_db->db_addslashes($ip);
if (isset($GLOBALS['phpgw_info']['server']['sessions_checkip']) && $GLOBALS['phpgw_info']['server']['sessions_checkip']) {
$sql = 'SELECT COUNT(*) AS cnt FROM phpgw_access_log' . " WHERE account_id = 0 AND ip = '{$ip}' AND li > {$block_time}";
$this->_db->query($sql, __LINE__, __FILE__);
$this->_db->next_record();
$false_ip = $this->_db->f('cnt');
if ($false_ip > $GLOBALS['phpgw_info']['server']['num_unsuccessful_ip']) {
$blocked = true;
}
}
$login = $this->_db->db_addslashes($login);
$sql = 'SELECT COUNT(*) AS cnt FROM phpgw_access_log' . " WHERE account_id = 0 AND (loginid='{$login}' OR loginid LIKE '{$login}#%')" . " AND li > {$block_time}";
$this->_db->query($sql, __LINE__, __FILE__);
$this->_db->next_record();
$false_id = $this->_db->f('cnt');
if ($false_id > $GLOBALS['phpgw_info']['server']['num_unsuccessful_id']) {
$blocked = true;
}
if ($blocked && isset($GLOBALS['phpgw_info']['server']['admin_mails']) && $GLOBALS['phpgw_info']['server']['admin_mails'] && $GLOBALS['phpgw_info']['server']['login_blocked_mail_time'] < (time() - 5) * 60) {
// notify admin(s) via email
$from = 'phpGroupWare@' . $GLOBALS['phpgw_info']['server']['mail_suffix'];
$subject = lang("phpGroupWare: login blocked for user '%1', IP: %2", $login, $ip);
$body = lang('Too many unsuccessful attempts to login: '******'%2', %3 for the IP %4", $false_id, $login, $false_ip, $ip);
if (!is_object($GLOBALS['phpgw']->send)) {
$GLOBALS['phpgw']->send = createObject('phpgwapi.send');
}
$subject = $GLOBALS['phpgw']->send->encode_subject($subject);
$admin_mails = explode(',', $GLOBALS['phpgw_info']['server']['admin_mails']);
foreach ($admin_mails as $to) {
$GLOBALS['phpgw']->send->msg('email', $to, $subject, $body, '', '', '', $from, $from);
}
// save time of mail, to not send to many mails
$config = createObject('phpgwapi.config', 'phpgwapi');
$config->read_repository();
$config->value('login_blocked_mail_time', time());
$config->save_repository();
}
return $blocked;
}
/**
* List available links
*
* @param string $app the module to link to
* @param string $loc the location to link to
* @param int $id the id to link to
* @return array list of links in the following format - ['link_id'] = array('app' => 'string', 'summary' => 'string', 'account_id' => int, 'view' => 'string', 'edit' => 'string')
*/
public function list_links($app, $loc, $id)
{
$app = $this->db->db_addslashes($app);
$loc = (int) $loc;
$id = (int) $id;
$owner = (int) $GLOBALS['phpgw_info']['user']['account_id'];
$sql = 'SELECT interlink_id, app1_name, app1_loc, app1_id, app2_name, app2_loc, app2_id, is_private, account_id' . ' FROM phpgw_interlink' . " WHERE (app1_name = '{$app}' AND app1_loc = '{$loc}' AND app1_id = '{$id}')" . " OR (app2_name = '{$app}' AND app2_loc = '{$loc}' AND app2_id = '{$id}')" . " AND ( is_private = 0 OR (is_private = 1 AND account_id = {$owner}) )" . ' AND is_active = 1 AND active_from >= ' . time();
$recs = array();
while ($this->db->next_record()) {
if ($this->db->f('app1_name') == $app) {
$recs[] = array('interlink_id' => $this->db->f('interlink_id'), 'app2_name' => $this->db->f('app2_name'), 'app2_loc' => $this->db->f('app2_loc'), 'app2_id' => $this->db->f('app2_id'), 'is_private' => !!$this->db->f('is_private'), 'account_id' => $this->db->f('account_id'));
} else {
$recs[] = array('interlink_id' => $this->db->f('interlink_id'), 'app1_name' => $this->db->f('app1_name'), 'app1_loc' => $this->db->f('app1_loc'), 'app1_id' => $this->db->f('app1_id'), 'is_private' => !!$this->db->f('is_private'), 'account_id' => $this->db->f('account_id'));
}
}
foreach ($recs as &$rec) {
$rec['summary'] = $this->get_summary($rec);
$rec['owner'] = $GLOBALS['phpgw']->accounts->id2name($rec['account_id']);
}
return $recs;
}
/**
* Finds the next ID for a record at a table
*
* @param string $table tablename in question
* @param array $key conditions for finding the next id
*
* @return int the next id
*/
protected function _next_id($table = null, $key = null)
{
if (!$table) {
return 0;
}
$next_id = 0;
$where = '';
if (is_array($key)) {
foreach ($key as $col => $val) {
if ($val) {
$val = $this->_db->db_addslashes($val);
$condition[] = "{$col} = '{$val}";
}
}
$where = 'WHERE ' . implode("' AND ", $condition) . "'";
}
$sql = "SELECT max(id) as maximum FROM {$table} {$where}";
$this->_db->query($sql, __LINE__, __FILE__);
if ($this->_db->next_record()) {
$next_id = $this->_db->f('maximum');
}
++$next_id;
return $next_id;
}
/**
* Reads ACL accounts from database and return array with accounts that have certain rights for a given location
*
* @param integer $required Required access rights in bitmap form
* @param string $location location within Application name
* @param string $appname Application name
* if empty string the value of $GLOBALS['phpgw_info']['flags']['currentapp'] is used
*
* @return array Array with accounts
*/
public function get_user_list_right($required, $location, $appname = '')
{
$myaccounts =& $GLOBALS['phpgw']->accounts;
$active_accounts = array();
$accounts = array();
$users = array();
if (!$appname) {
$appname = $GLOBALS['phpgw_info']['flags']['currentapp'];
}
$appname = $this->_db->db_addslashes($appname);
$location = $this->_db->db_addslashes($location);
if ($GLOBALS['phpgw_info']['server']['account_repository'] == 'ldap') {
$account_objects = $GLOBALS['phpgw']->accounts->get_list('both', -1, 'ASC', 'account_lastname', $query = '', -1);
// maybe $query could be used for filtering on active accounts?
$active_accounts = array();
foreach ($account_objects as $account_object) {
$active_accounts[] = array('account_id' => $account_object->id, 'account_type' => $account_object->type);
}
} else {
$sql = "SELECT account_id, account_type FROM phpgw_accounts" . " {$this->_join} phpgw_acl on phpgw_accounts.account_id = phpgw_acl.acl_account" . " {$this->_join} phpgw_locations on phpgw_acl.location_id = phpgw_locations.location_id" . " WHERE account_status = 'A' AND phpgw_locations.name = '{$location}'" . " ORDER BY account_lastname ASC";
$this->_db->query($sql, __LINE__, __FILE__);
while ($this->_db->next_record()) {
$active_accounts[] = array('account_id' => $this->_db->f('account_id'), 'account_type' => $this->_db->f('account_type'));
}
}
foreach ($active_accounts as $entry) {
$this->_account_id = $entry['account_id'];
if ($this->check($location, $required, $appname)) {
if ($entry['account_type'] == 'g') {
$members = $myaccounts->member($entry['account_id'], true);
if (isset($members) and is_array($members)) {
foreach ($members as $user) {
$accounts[$user['account_id']] = $user['account_id'];
}
unset($members);
}
} else {
$accounts[$entry['account_id']] = $entry['account_id'];
}
}
}
unset($active_accounts);
unset($myaccounts);
$sql = "SELECT account_id FROM phpgw_accounts WHERE account_status = 'I'";
$this->_db->query($sql, __LINE__, __FILE__);
while ($this->_db->next_record()) {
unset($accounts[$this->_db->f('account_id')]);
}
if (isset($accounts) and is_array($accounts)) {
foreach ($accounts as $account_id) {
$this->_account_id = $account_id;
if (!$this->check($location, $required, $appname)) {
unset($accounts[$account_id]);
}
}
}
$accounts = array_keys($accounts);
if (isset($accounts) && count($accounts) > 0) {
$sql = 'SELECT * FROM phpgw_accounts where account_id in (' . implode(',', $accounts) . ') ORDER BY account_lastname';
$this->_db->query($sql, __LINE__, __FILE__);
while ($this->_db->next_record()) {
$users[] = array('account_id' => $this->_db->f('account_id'), 'account_lid' => $this->_db->f('account_lid'), 'account_type' => $this->_db->f('account_type'), 'account_firstname' => $this->_db->f('account_firstname'), 'account_lastname' => $this->_db->f('account_lastname'), 'account_status' => $this->_db->f('account_status'), 'account_expires' => $this->_db->f('account_expires'));
}
}
return $users;
}
