| [ Index ] |
|
Code source de vtiger CRM 5.0.2 |
1 <?php 2 /********************************************************************************* 3 * The contents of this file are subject to the SugarCRM Public License Version 1.1.2 4 * ("License"); You may not use this file except in compliance with the 5 * License. You may obtain a copy of the License at http://www.sugarcrm.com/SPL 6 * Software distributed under the License is distributed on an "AS IS" basis, 7 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for 8 * the specific language governing rights and limitations under the License. 9 * The Original Code is: SugarCRM Open Source 10 * The Initial Developer of the Original Code is SugarCRM, Inc. 11 * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.; 12 * All Rights Reserved. 13 * Contributor(s): ______________________________________. 14 ********************************************************************************/ 15 16 /********************************************* 17 * With modifications by 18 * Daniel Jabbour 19 * iWebPress Incorporated, www.iwebpress.com 20 * djabbour - a t - iwebpress - d o t - com 21 ********************************************/ 22 23 /********************************************************************************* 24 * $Header: /advent/projects/wesat/vtiger_crm/sugarcrm/modules/Users/User.php,v 1.10 2005/04/19 14:40:48 ray Exp $ 25 * Description: TODO: To be written. 26 * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc. 27 * All Rights Reserved. 28 * Contributor(s): ______________________________________.. 29 ********************************************************************************/ 30 31 require_once ('include/logging.php'); 32 require_once ('include/database/PearDatabase.php'); 33 require_once ('data/CRMEntity.php'); 34 require_once ('include/utils/UserInfoUtil.php'); 35 require_once ('modules/Calendar/Activity.php'); 36 require_once ('modules/Contacts/Contact.php'); 37 require_once ('data/Tracker.php'); 38 39 // User is used to store customer information. 40 /** Main class for the user module 41 * 42 */ 43 class User { 44 var $log; 45 var $db; 46 // Stored fields 47 var $id; 48 var $authenticated = false; 49 var $error_string; 50 var $is_admin; 51 var $deleted; 52 var $homeorder; 53 54 55 var $tab_name = Array('vtiger_users','vtiger_attachments','vtiger_user2role'); 56 var $tab_name_index = Array('vtiger_users'=>'id','vtiger_attachments'=>'attachmentsid','vtiger_user2role'=>'userid'); 57 var $column_fields = Array('user_name'=>'','is_admin' =>'','user_password'=>'','confirm_password'=>'', 58 'first_name' =>'', 59 'last_name' =>'', 60 'roleid' =>'', 61 'email1' =>'', 62 'status' =>'', 63 'activity_view' =>'', 64 'lead_view' =>'', 65 'currency_id' =>'', 66 'currency_name' =>'', 67 'currency_code' =>'', 68 'currency_symbol' =>'', 69 'conv_rate' =>'', 70 'hour_format' =>'', 71 'end_hour' =>'', 72 'start_hour' =>'', 73 'title' =>'', 74 'phone_work' =>'', 75 'department' =>'', 76 'phone_mobile' =>'', 77 'reports_to_id' =>'', 78 'phone_other' =>'', 79 'email2' =>'', 80 'phone_fax' =>'', 81 'yahoo_id' =>'', 82 'phone_home' =>'', 83 'imagename' =>'', 84 'date_format' =>'', 85 'signature' =>'', 86 'description' =>'', 87 'address_street' =>'', 88 'address_city' =>'', 89 'address_state' =>'', 90 'address_postalcode' =>'', 91 'address_country' =>'', 92 ); 93 var $table_name = "vtiger_users"; 94 95 // This is the list of fields that are in the lists. 96 var $list_link_field= 'last_name'; 97 98 var $list_mode; 99 var $popup_type; 100 101 var $search_fields = Array( 102 'Name'=>Array('vtiger_users'=>'last_name'), 103 'Email'=>Array('vtiger_users'=>'email1') 104 ); 105 var $search_fields_name = Array( 106 'Name'=>'last_name', 107 'Email'=>'email1' 108 ); 109 110 var $module_name = "Users"; 111 112 var $object_name = "User"; 113 var $user_preferences; 114 var $defhomeview; 115 var $homeorder_array = array('ALVT','HDB','PLVT','QLTQ','CVLVT','HLT','OLV','GRT','OLTSO','ILTI','MNL','OLTPO','LTFAQ'); 116 117 var $encodeFields = Array("first_name", "last_name", "description"); 118 119 // This is used to retrieve related fields from form posts. 120 var $additional_column_fields = Array('reports_to_name'); 121 122 var $sortby_fields = Array('status','email1','phone_work','is_admin','user_name','last_name'); 123 124 // This is the list of vtiger_fields that are in the lists. 125 var $list_fields = Array( 126 'First Name'=>Array('vtiger_users'=>'first_name'), 127 'Last Name'=>Array('vtiger_users'=>'last_name'), 128 'Role Name'=>Array('vtiger_user2role'=>'roleid'), 129 'User Name'=>Array('vtiger_users'=>'user_name'), 130 'Status'=>Array('vtiger_users'=>'status'), 131 'Email'=>Array('vtiger_users'=>'email1'), 132 'Admin'=>Array('vtiger_users'=>'is_admin'), 133 'Phone'=>Array('vtiger_users'=>'phone_work') 134 ); 135 var $list_fields_name = Array( 136 'Last Name'=>'last_name', 137 'First Name'=>'first_name', 138 'Role Name'=>'roleid', 139 'User Name'=>'user_name', 140 'Status'=>'status', 141 'Email'=>'email1', 142 'Admin'=>'is_admin', 143 'Phone'=>'phone_work' 144 ); 145 146 // This is the list of fields that are in the lists. 147 var $default_order_by = "user_name"; 148 var $default_sort_order = 'ASC'; 149 150 var $record_id; 151 var $new_schema = true; 152 153 /** constructor function for the main user class 154 instantiates the Logger class and PearDatabase Class 155 * 156 */ 157 158 function User() { 159 $this->log = LoggerManager::getLogger('user'); 160 $this->log->debug("Entering User() method ..."); 161 $this->db = new PearDatabase(); 162 $this->log->debug("Exiting User() method ..."); 163 164 } 165 166 // Mike Crowe Mod --------------------------------------------------------Default ordering for us 167 /** 168 * Function to get sort order 169 * return string $sorder - sortorder string either 'ASC' or 'DESC' 170 */ 171 function getSortOrder() 172 { 173 global $log; 174 $log->debug("Entering getSortOrder() method ..."); 175 if(isset($_REQUEST['sorder'])) 176 $sorder = $_REQUEST['sorder']; 177 else 178 $sorder = (($_SESSION['USERS_SORT_ORDER'] != '')?($_SESSION['USERS_SORT_ORDER']):($this->default_sort_order)); 179 $log->debug("Exiting getSortOrder method ..."); 180 return $sorder; 181 } 182 183 /** 184 * Function to get order by 185 * return string $order_by - fieldname(eg: 'subject') 186 */ 187 function getOrderBy() 188 { 189 global $log; 190 $log->debug("Entering getOrderBy() method ..."); 191 if (isset($_REQUEST['order_by'])) 192 $order_by = $_REQUEST['order_by']; 193 else 194 $order_by = (($_SESSION['USERS_ORDER_BY'] != '')?($_SESSION['USERS_ORDER_BY']):($this->default_order_by)); 195 $log->debug("Exiting getOrderBy method ..."); 196 return $order_by; 197 } 198 // Mike Crowe Mod -------------------------------------------------------- 199 200 /** Function to set the user preferences in the session 201 * @param $name -- name:: Type varchar 202 * @param $value -- value:: Type varchar 203 * 204 */ 205 function setPreference($name, $value){ 206 if(!isset($this->user_preferences)){ 207 if(isset($_SESSION["USER_PREFERENCES"])) 208 $this->user_preferences = $_SESSION["USER_PREFERENCES"]; 209 else 210 $this->user_preferences = array(); 211 } 212 if(!array_key_exists($name,$this->user_preferences )|| $this->user_preferences[$name] != $value){ 213 $this->log->debug("Saving To Preferences:". $name."=".$value); 214 $this->user_preferences[$name] = $value; 215 $this->savePreferecesToDB(); 216 217 } 218 $_SESSION[$name] = $value; 219 220 221 } 222 223 224 /** Function to save the user preferences to db 225 * 226 */ 227 228 function savePreferecesToDB(){ 229 $data = base64_encode(serialize($this->user_preferences)); 230 $query = "UPDATE $this->table_name SET user_preferences='$data' where id='$this->id'"; 231 $result =& $this->db->query($query); 232 $this->log->debug("SAVING: PREFERENCES SIZE ". strlen($data)."ROWS AFFECTED WHILE UPDATING USER PREFERENCES:".$this->db->getAffectedRowCount($result)); 233 $_SESSION["USER_PREFERENCES"] = $this->user_preferences; 234 } 235 236 /** Function to load the user preferences from db 237 * 238 */ 239 function loadPreferencesFromDB($value){ 240 241 if(isset($value) && !empty($value)){ 242 $this->log->debug("LOADING :PREFERENCES SIZE ". strlen($value)); 243 $this->user_preferences = unserialize(base64_decode($value)); 244 $_SESSION = array_merge($this->user_preferences, $_SESSION); 245 $this->log->debug("Finished Loading"); 246 $_SESSION["USER_PREFERENCES"] = $this->user_preferences; 247 248 249 } 250 251 } 252 253 254 /** 255 * @return string encrypted password for storage in DB and comparison against DB password. 256 * @param string $user_name - Must be non null and at least 2 characters 257 * @param string $user_password - Must be non null and at least 1 character. 258 * @desc Take an unencrypted username and password and return the encrypted password 259 * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.. 260 * All Rights Reserved.. 261 * Contributor(s): ______________________________________.. 262 */ 263 function encrypt_password($user_password) 264 { 265 // encrypt the password. 266 $salt = substr($this->column_fields["user_name"], 0, 2); 267 $encrypted_password = crypt($user_password, $salt); 268 269 return $encrypted_password; 270 271 } 272 273 274 /** Function to authenticate the current user with the given password 275 * @param $password -- password::Type varchar 276 * @returns true if authenticated or false if not authenticated 277 */ 278 function authenticate_user($password){ 279 $usr_name = $this->column_fields["user_name"]; 280 281 $query = "SELECT * from $this->table_name where user_name='$usr_name' AND user_hash='$password'"; 282 $result = $this->db->requireSingleResult($query, false); 283 284 if(empty($result)){ 285 $this->log->fatal("SECURITY: failed login by $usr_name"); 286 return false; 287 } 288 289 return true; 290 } 291 292 /** Function for validation check 293 * 294 */ 295 function validation_check($validate, $md5, $alt=''){ 296 $validate = base64_decode($validate); 297 if(file_exists($validate) && $handle = fopen($validate, 'rb', true)){ 298 $buffer = fread($handle, filesize($validate)); 299 if(md5($buffer) == $md5 || (!empty($alt) && md5($buffer) == $alt)){ 300 return 1; 301 } 302 return -1; 303 304 }else{ 305 return -1; 306 } 307 308 } 309 310 /** Function for authorization check 311 * 312 */ 313 function authorization_check($validate, $authkey, $i){ 314 $validate = base64_decode($validate); 315 $authkey = base64_decode($authkey); 316 if(file_exists($validate) && $handle = fopen($validate, 'rb', true)){ 317 $buffer = fread($handle, filesize($validate)); 318 if(substr_count($buffer, $authkey) < $i) 319 return -1; 320 }else{ 321 return -1; 322 } 323 324 } 325 /** 326 * Checks the config.php AUTHCFG value for login type and forks off to the proper module 327 * 328 * @param string $user_password - The password of the user to authenticate 329 * @return true if the user is authenticated, false otherwise 330 */ 331 function doLogin($user_password) { 332 global $AUTHCFG; 333 $usr_name = $this->column_fields["user_name"]; 334 335 switch (strtoupper($AUTHCFG['authType'])) { 336 case 'LDAP': 337 $this->log->debug("Using LDAP authentication"); 338 require_once('modules/Users/authTypes/LDAP.php'); 339 $result = ldapAuthenticate($this->column_fields["user_name"], $user_password); 340 if ($result == NULL) { 341 return false; 342 } else { 343 return true; 344 } 345 break; 346 347 case 'AD': 348 $this->log->debug("Using Active Directory authentication"); 349 require_once('modules/Users/authTypes/adLDAP.php'); 350 $adldap = new adLDAP(); 351 if ($adldap->authenticate($this->column_fields["user_name"],$user_password)) { 352 return true; 353 } else { 354 return false; 355 } 356 break; 357 358 default: 359 $this->log->debug("Using integrated/SQL authentication"); 360 $encrypted_password = $this->encrypt_password($user_password); 361 $query = "SELECT * from $this->table_name where user_name='$usr_name' AND user_password='$encrypted_password'"; 362 $result = $this->db->requireSingleResult($query, false); 363 if (empty($result)) { 364 return false; 365 } else { 366 return true; 367 } 368 break; 369 } 370 return false; 371 } 372 373 374 /** 375 * Load a user based on the user_name in $this 376 * @return -- this if load was successul and null if load failed. 377 * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.. 378 * All Rights Reserved.. 379 * Contributor(s): ______________________________________.. 380 */ 381 function load_user($user_password) 382 { 383 $usr_name = $this->column_fields["user_name"]; 384 if(isset($_SESSION['loginattempts'])){ 385 $_SESSION['loginattempts'] += 1; 386 }else{ 387 $_SESSION['loginattempts'] = 1; 388 } 389 if($_SESSION['loginattempts'] > 5){ 390 $this->log->warn("SECURITY: " . $usr_name . " has attempted to login ". $_SESSION['loginattempts'] . " times."); 391 } 392 $this->log->debug("Starting user load for $usr_name"); 393 $validation = 0; 394 unset($_SESSION['validation']); 395 if( !isset($this->column_fields["user_name"]) || $this->column_fields["user_name"] == "" || !isset($user_password) || $user_password == "") 396 return null; 397 398 if($this->validation_check('aW5jbHVkZS9pbWFnZXMvc3VnYXJzYWxlc19tZC5naWY=','1a44d4ab8f2d6e15e0ff6ac1c2c87e6f', '866bba5ae0a15180e8613d33b0acc6bd') == -1)$validation = -1; 399 //if($this->validation_check('aW5jbHVkZS9pbWFnZXMvc3VnYXJzYWxlc19tZC5naWY=','1a44d4ab8f2d6e15e0ff6ac1c2c87e6f') == -1)$validation = -1; 400 if($this->validation_check('aW5jbHVkZS9pbWFnZXMvcG93ZXJlZF9ieV9zdWdhcmNybS5naWY=' , '3d49c9768de467925daabf242fe93cce') == -1)$validation = -1; 401 if($this->authorization_check('aW5kZXgucGhw' , 'PEEgaHJlZj0naHR0cDovL3d3dy5zdWdhcmNybS5jb20nIHRhcmdldD0nX2JsYW5rJz48aW1nIGJvcmRlcj0nMCcgc3JjPSdpbmNsdWRlL2ltYWdlcy9wb3dlcmVkX2J5X3N1Z2FyY3JtLmdpZicgYWx0PSdQb3dlcmVkIEJ5IFN1Z2FyQ1JNJz48L2E+', 1) == -1)$validation = -1; 402 $encrypted_password = $this->encrypt_password($user_password); 403 404 $authCheck = false; 405 $authCheck = $this->doLogin($user_password); 406 407 if(!$authCheck) 408 { 409 $this->log->warn("User authentication for $usr_name failed"); 410 return null; 411 } 412 413 $query = "SELECT * from $this->table_name where user_name='$usr_name'"; 414 $result = $this->db->requireSingleResult($query, false); 415 416 // Get the fields for the user 417 $row = $this->db->fetchByAssoc($result); 418 $this->id = $row['id']; 419 420 $user_hash = strtolower(md5($user_password)); 421 422 423 // If there is no user_hash is not present or is out of date, then create a new one. 424 if(!isset($row['user_hash']) || $row['user_hash'] != $user_hash) 425 { 426 $query = "UPDATE $this->table_name SET user_hash='$user_hash' where id='{$row['id']}'"; 427 $this->db->query($query, true, "Error setting new hash for {$row['user_name']}: "); 428 } 429 $this->loadPreferencesFromDB($row['user_preferences']); 430 431 432 if ($row['status'] != "Inactive") $this->authenticated = true; 433 434 unset($_SESSION['loginattempts']); 435 return $this; 436 } 437 438 439 /** 440 * @param string $user name - Must be non null and at least 1 character. 441 * @param string $user_password - Must be non null and at least 1 character. 442 * @param string $new_password - Must be non null and at least 1 character. 443 * @return boolean - If passwords pass verification and query succeeds, return true, else return false. 444 * @desc Verify that the current password is correct and write the new password to the DB. 445 * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.. 446 * All Rights Reserved.. 447 * Contributor(s): ______________________________________.. 448 */ 449 function change_password($user_password, $new_password) 450 { 451 452 $usr_name = $this->column_fields["user_name"]; 453 global $mod_strings; 454 global $current_user; 455 $this->log->debug("Starting password change for $usr_name"); 456 457 if( !isset($new_password) || $new_password == "") { 458 $this->error_string = $mod_strings['ERR_PASSWORD_CHANGE_FAILED_1'].$user_name.$mod_strings['ERR_PASSWORD_CHANGE_FAILED_2']; 459 return false; 460 } 461 462 $encrypted_password = $this->encrypt_password($user_password); 463 $encrypted_new_password = $this->encrypt_password($new_password); 464 465 if (!is_admin($current_user)) { 466 //check old password first 467 $query = "SELECT user_name,user_password FROM $this->table_name WHERE id='$this->id'"; 468 $result =$this->db->query($query, true); 469 $row = $this->db->fetchByAssoc($result); 470 $this->log->debug("select old password query: $query"); 471 $this->log->debug("return result of $row"); 472 473 if($encrypted_password != $this->db->query_result($result,0,'user_password')) 474 { 475 $this->log->warn("Incorrect old password for $usr_name"); 476 $this->error_string = $mod_strings['ERR_PASSWORD_INCORRECT_OLD']; 477 return false; 478 } 479 } 480 481 482 $user_hash = strtolower(md5($new_password)); 483 484 //set new password 485 $query = "UPDATE $this->table_name SET user_password='$encrypted_new_password', user_hash='$user_hash' where id='$this->id'"; 486 $this->db->query($query, true, "Error setting new password for $usr_name: "); 487 return true; 488 } 489 490 function is_authenticated() 491 { 492 return $this->authenticated; 493 } 494 495 496 /** gives the user id for the specified user name 497 * @param $user_name -- user name:: Type varchar 498 * @returns user id 499 */ 500 501 function retrieve_user_id($user_name) 502 { 503 global $adb; 504 $query = "SELECT id from vtiger_users where user_name='$user_name' AND deleted=0"; 505 $result =$adb->query($query); 506 $userid = $adb->query_result($result,0,'id'); 507 return $userid; 508 } 509 510 /** 511 * @return -- returns a list of all users in the system. 512 * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.. 513 * All Rights Reserved.. 514 * Contributor(s): ______________________________________.. 515 */ 516 function verify_data() 517 { 518 $usr_name = $this->column_fields["user_name"]; 519 global $mod_strings; 520 521 $query = "SELECT user_name from vtiger_users where user_name='$usr_name' AND id<>'$this->id' AND deleted=0"; 522 $result =$this->db->query($query, true, "Error selecting possible duplicate users: "); 523 $dup_users = $this->db->fetchByAssoc($result); 524 525 $query = "SELECT user_name from vtiger_users where is_admin = 'on' AND deleted=0"; 526 $result =$this->db->query($query, true, "Error selecting possible duplicate vtiger_users: "); 527 $last_admin = $this->db->fetchByAssoc($result); 528 529 $this->log->debug("last admin length: ".count($last_admin)); 530 $this->log->debug($last_admin['user_name']." == ".$usr_name); 531 532 $verified = true; 533 if($dup_users != null) 534 { 535 $this->error_string .= $mod_strings['ERR_USER_NAME_EXISTS_1'].$usr_name.''.$mod_strings['ERR_USER_NAME_EXISTS_2']; 536 $verified = false; 537 } 538 if(!isset($_REQUEST['is_admin']) && 539 count($last_admin) == 1 && 540 $last_admin['user_name'] == $usr_name) { 541 $this->log->debug("last admin length: ".count($last_admin)); 542 543 $this->error_string .= $mod_strings['ERR_LAST_ADMIN_1'].$usr_name.$mod_strings['ERR_LAST_ADMIN_2']; 544 $verified = false; 545 } 546 547 return $verified; 548 } 549 550 /** Function to return the column name array 551 * 552 */ 553 554 function getColumnNames_User() 555 { 556 557 $mergeflds = array("FIRSTNAME","LASTNAME","USERNAME","YAHOOID","TITLE","OFFICEPHONE","DEPARTMENT", 558 "MOBILE","OTHERPHONE","FAX","EMAIL", 559 "HOMEPHONE","OTHEREMAIL","PRIMARYADDRESS", 560 "CITY","STATE","POSTALCODE","COUNTRY"); 561 return $mergeflds; 562 } 563 564 565 function fill_in_additional_list_fields() 566 { 567 $this->fill_in_additional_detail_fields(); 568 } 569 570 function fill_in_additional_detail_fields() 571 { 572 //$query = "SELECT u1.first_name, u1.last_name from vtiger_users as u1, vtiger_users as u2 where u1.id = u2.reports_to_id AND u2.id = '$this->id' and u1.deleted=0"; 573 $query = "SELECT u1.first_name, u1.last_name from vtiger_users u1, vtiger_users u2 where u1.id = u2.reports_to_id AND u2.id = '$this->id' and u1.deleted=0"; 574 $result =$this->db->query($query, true, "Error filling in additional detail vtiger_fields") ; 575 576 $row = $this->db->fetchByAssoc($result); 577 $this->log->debug("additional detail query results: $row"); 578 579 if($row != null) 580 { 581 $this->reports_to_name = stripslashes($row['first_name'].' '.$row['last_name']); 582 } 583 else 584 { 585 $this->reports_to_name = ''; 586 } 587 } 588 589 590 /** Function to get the current user information from the user_privileges file 591 * @param $userid -- user id:: Type integer 592 * @returns user info in $this->column_fields array:: Type array 593 * 594 */ 595 596 function retrieveCurrentUserInfoFromFile($userid) 597 { 598 require('user_privileges/user_privileges_'.$userid.'.php'); 599 foreach($this->column_fields as $field=>$value_iter) 600 { 601 if(isset($user_info[$field])) 602 { 603 $this->$field = $user_info[$field]; 604 $this->column_fields[$field] = $user_info[$field]; 605 } 606 } 607 $this->id = $userid; 608 return $this; 609 610 } 611 612 613 614 /** Function to save the user information into the database 615 * @param $module -- module name:: Type varchar 616 * 617 */ 618 function saveentity($module) 619 { 620 global $current_user;//$adb added by raju for mass mailing 621 $insertion_mode = $this->mode; 622 623 $this->db->println("TRANS saveentity starts $module"); 624 $this->db->startTransaction(); 625 foreach($this->tab_name as $table_name) 626 { 627 if($table_name == 'vtiger_attachments') 628 { 629 $this->insertIntoAttachment($this->id,$module); 630 } 631 else 632 { 633 $this->insertIntoEntityTable($table_name, $module); 634 } 635 } 636 require_once ('modules/Users/CreateUserPrivilegeFile.php'); 637 createUserPrivilegesfile($this->id); 638 $this->db->completeTransaction(); 639 $this->db->println("TRANS saveentity ends"); 640 } 641 642 /** Function to insert values in the specifed table for the specified module 643 * @param $table_name -- table name:: Type varchar 644 * @param $module -- module:: Type varchar 645 */ 646 function insertIntoEntityTable($table_name, $module) 647 { 648 global $log; 649 $log->info("function insertIntoEntityTable ".$module.' vtiger_table name ' .$table_name); 650 global $adb; 651 $insertion_mode = $this->mode; 652 653 //Checkin whether an entry is already is present in the vtiger_table to update 654 if($insertion_mode == 'edit') 655 { 656 $check_query = "select * from ".$table_name." where ".$this->tab_name_index[$table_name]."=".$this->id; 657 $check_result=$this->db->query($check_query); 658 659 $num_rows = $this->db->num_rows($check_result); 660 661 if($num_rows <= 0) 662 { 663 $insertion_mode = ''; 664 } 665 } 666 667 if($insertion_mode == 'edit') 668 { 669 $update = ''; 670 $tabid= getTabid($module); 671 $sql = "select * from vtiger_field where tabid=".$tabid." and tablename='".$table_name."' and displaytype in (1,3)"; 672 } 673 else 674 { 675 $column = $this->tab_name_index[$table_name]; 676 if($column == 'id' && $table_name == 'vtiger_users') 677 { 678 $currentuser_id = $this->db->getUniqueID("vtiger_users"); 679 $this->id = $currentuser_id; 680 } 681 $value = $this->id; 682 $tabid= getTabid($module); 683 $sql = "select * from vtiger_field where tabid=".$tabid." and tablename='".$table_name."' and displaytype in (1,3,4)"; 684 } 685 686 $result = $this->db->query($sql); 687 $noofrows = $this->db->num_rows($result); 688 for($i=0; $i<$noofrows; $i++) 689 { 690 $fieldname=$this->db->query_result($result,$i,"fieldname"); 691 $columname=$this->db->query_result($result,$i,"columnname"); 692 $uitype=$this->db->query_result($result,$i,"uitype"); 693 if(isset($this->column_fields[$fieldname])) 694 { 695 if($uitype == 56) 696 { 697 if($this->column_fields[$fieldname] == 'on' || $this->column_fields[$fieldname] == 1) 698 { 699 $fldvalue = 1; 700 } 701 else 702 { 703 $fldvalue = 0; 704 } 705 706 } 707 elseif($uitype == 33) 708 { 709 $j = 0; 710 $field_list = ''; 711 if(is_array($this->column_fields[$fieldname]) && count($this->column_fields[$fieldname]) > 0) 712 { 713 foreach($this->column_fields[$fieldname] as $key=>$multivalue) 714 { 715 if($j != 0) 716 { 717 $field_list .= ' , '; 718 } 719 $field_list .= $multivalue; 720 $j++; 721 } 722 } 723 $fldvalue = $field_list; 724 } 725 elseif($uitype == 99) 726 { 727 $fldvalue = $this->encrypt_password($this->column_fields[$fieldname]); 728 } 729 else 730 { 731 $fldvalue = $this->column_fields[$fieldname]; 732 $fldvalue = stripslashes($fldvalue); 733 } 734 $fldvalue = from_html($this->db->formatString($table_name,$columname,$fldvalue),($insertion_mode == 'edit')?true:false); 735 736 737 738 } 739 else 740 { 741 $fldvalue = ''; 742 } 743 if($fldvalue=='') $fldvalue ="NULL"; 744 if($insertion_mode == 'edit') 745 { 746 if($i == 0) 747 { 748 $update = $columname."=".$fldvalue.""; 749 } 750 else 751 { 752 $update .= ', '.$columname."=".$fldvalue.""; 753 } 754 } 755 else 756 { 757 $column .= ", ".$columname; 758 $value .= ", ".$fldvalue.""; 759 } 760 761 } 762 763 764 765 766 767 if($insertion_mode == 'edit') 768 { 769 //Check done by Don. If update is empty the the query fails 770 if(trim($update) != '') 771 { 772 $sql1 = "update ".$table_name." set ".$update." where ".$this->tab_name_index[$table_name]."=".$this->id; 773 774 $this->db->query($sql1); 775 } 776 777 } 778 else 779 { 780 $sql1 = "insert into ".$table_name." (".$column.") values(".$value.")"; 781 $this->db->query($sql1); 782 } 783 784 } 785 786 787 788 /** Function to insert values into the attachment table 789 * @param $id -- entity id:: Type integer 790 * @param $module -- module:: Type varchar 791 */ 792 function insertIntoAttachment($id,$module) 793 { 794 global $log; 795 $log->debug("Entering into insertIntoAttachment($id,$module) method."); 796 797 foreach($_FILES as $fileindex => $files) 798 { 799 if($files['name'] != '' && $files['size'] > 0) 800 { 801 $this->uploadAndSaveFile($id,$module,$files); 802 } 803 } 804 805 $log->debug("Exiting from insertIntoAttachment($id,$module) method."); 806 } 807 808 /** Function to retreive the user info of the specifed user id The user info will be available in $this->column_fields array 809 * @param $record -- record id:: Type integer 810 * @param $module -- module:: Type varchar 811 */ 812 function retrieve_entity_info($record, $module) 813 { 814 global $adb,$log; 815 $log->debug("Entering into retrieve_entity_info($record, $module) method."); 816 817 if($record == '') 818 { 819 $log->debug("record is empty. returning null"); 820 return null; 821 } 822 823 $result = Array(); 824 foreach($this->tab_name_index as $table_name=>$index) 825 { 826 $result[$table_name] = $adb->query("select * from ".$table_name." where ".$index."=".$record); 827 } 828 $tabid = getTabid($module); 829 $sql1 = "select * from vtiger_field where tabid=".$tabid; 830 $result1 = $adb->query($sql1); 831 $noofrows = $adb->num_rows($result1); 832 for($i=0; $i<$noofrows; $i++) 833 { 834 $fieldcolname = $adb->query_result($result1,$i,"columnname"); 835 $tablename = $adb->query_result($result1,$i,"tablename"); 836 $fieldname = $adb->query_result($result1,$i,"fieldname"); 837 838 $fld_value = $adb->query_result($result[$tablename],0,$fieldcolname); 839 $this->column_fields[$fieldname] = $fld_value; 840 $this->$fieldname = $fld_value; 841 842 } 843 $this->column_fields["record_id"] = $record; 844 $this->column_fields["record_module"] = $module; 845 846 $currency_query = "select * from vtiger_currency_info where id=".$this->column_fields["currency_id"]." and currency_status='Active'"; 847 $currency_result = $adb->query($currency_query); 848 if($adb->num_rows($currency_result) == 0) 849 { 850 $currency_query = "select * from vtiger_currency_info where id =1"; 851 $currency_result = $adb->query($currency_query); 852 } 853 $currency_array = array("$"=>"$","€"=>"€","£"=>"£","¥"=>"¥"); 854 $ui_curr = $currency_array[$adb->query_result($currency_result,0,"currency_symbol")]; 855 if($ui_curr == "") 856 $ui_curr = $adb->query_result($currency_result,0,"currency_symbol"); 857 $this->column_fields["currency_name"]= $this->currency_name = $adb->query_result($currency_result,0,"currency_name"); 858 $this->column_fields["currency_code"]= $this->currency_code = $adb->query_result($currency_result,0,"currency_code"); 859 $this->column_fields["currency_symbol"]= $this->currency_symbol = $ui_curr; 860 $this->column_fields["conv_rate"]= $this->conv_rate = $adb->query_result($currency_result,0,"conversion_rate"); 861 862 $this->id = $record; 863 $log->debug("Exit from retrieve_entity_info($record, $module) method."); 864 865 return $this; 866 } 867 868 869 /** Function to upload the file to the server and add the file details in the attachments table 870 * @param $id -- user id:: Type varchar 871 * @param $module -- module name:: Type varchar 872 * @param $file_details -- file details array:: Type array 873 */ 874 function uploadAndSaveFile($id,$module,$file_details) 875 { 876 global $log; 877 $log->debug("Entering into uploadAndSaveFile($id,$module,$file_details) method."); 878 879 global $current_user; 880 global $upload_badext; 881 882 $date_var = date('YmdHis'); 883 884 //to get the owner id 885 $ownerid = $this->column_fields['assigned_user_id']; 886 if(!isset($ownerid) || $ownerid=='') 887 $ownerid = $current_user->id; 888 889 890 // Arbitrary File Upload Vulnerability fix - Philip 891 $binFile = $file_details['name']; 892 $ext_pos = strrpos($binFile, "."); 893 894 $ext = substr($binFile, $ext_pos + 1); 895 896 if (in_array($ext, $upload_badext)) 897 { 898 $binFile .= ".txt"; 899 } 900 // Vulnerability fix ends 901 902 $filename = basename($binFile); 903 $filetype= $file_details['type']; 904 $filesize = $file_details['size']; 905 $filetmp_name = $file_details['tmp_name']; 906 907 $current_id = $this->db->getUniqueID("vtiger_crmentity"); 908 909 //get the file path inwhich folder we want to upload the file 910 $upload_file_path = decideFilePath(); 911 //upload the file in server 912 $upload_status = move_uploaded_file($filetmp_name,$upload_file_path.$current_id."_".$binFile); 913 914 $save_file = 'true'; 915 //only images are allowed for these modules 916 if($module == 'Users') 917 { 918 $save_file = validateImageFile(&$file_details); 919 } 920 if($save_file == 'true') 921 { 922 923 $sql1 = "insert into vtiger_crmentity (crmid,smcreatorid,smownerid,setype,description,createdtime,modifiedtime) values(".$current_id.",".$current_user->id.",".$ownerid.",'".$module." Attachment','".$this->column_fields['description']."',".$this->db->formatString("vtiger_crmentity","createdtime",$date_var).",".$this->db->formatString("vtiger_crmentity","modifiedtime",$date_var).")"; 924 $this->db->query($sql1); 925 926 $sql2="insert into vtiger_attachments(attachmentsid, name, description, type, path) values(".$current_id.",'".$filename."','".$this->column_fields['description']."','".$filetype."','".$upload_file_path."')"; 927 $result=$this->db->query($sql2); 928 929 if($id != '') 930 { 931 $delquery = 'delete from vtiger_salesmanattachmentsrel where smid = '.$id; 932 $this->db->query($delquery); 933 } 934 935 $sql3='insert into vtiger_salesmanattachmentsrel values('.$id.','.$current_id.')'; 936 $this->db->query($sql3); 937 938 //we should update the imagename in the users table 939 $this->db->query("update vtiger_users set imagename=\"$filename\" where id=$id"); 940 } 941 else 942 { 943 $log->debug("Skip the save attachment process."); 944 } 945 $log->debug("Exiting from uploadAndSaveFile($id,$module,$file_details) method."); 946 947 return; 948 } 949 950 951 /** Function to save the user information into the database 952 * @param $module -- module name:: Type varchar 953 * 954 */ 955 function save($module_name) 956 { 957 global $log; 958 $log->debug("module name is ".$module_name); 959 //GS Save entity being called with the modulename as parameter 960 $this->saveentity($module_name); 961 } 962 963 964 /** gives the order in which the modules have to be displayed in the home page for the specified user id 965 * @param $id -- user id:: Type integer 966 * @returns the home page order in $return_array 967 */ 968 function getHomeOrder($id="") 969 { 970 global $log; 971 global $adb; 972 $log->debug("Entering in function getHomeOrder($id)"); 973 if($id == '') 974 { 975 for($i = 0;$i < count($this->homeorder_array);$i++) 976 { 977 $return_array[$this->homeorder_array[$i]] = $this->homeorder_array[$i]; 978 } 979 }else 980 { 981 $query = "select homeorder from vtiger_users where id=$id"; 982 $homeorder = $adb->query_result($adb->query($query),0,'homeorder'); 983 for($i = 0;$i < count($this->homeorder_array);$i++) 984 { 985 if(!stristr($homeorder,$this->homeorder_array[$i])) 986 { 987 $return_array[$this->homeorder_array[$i]] = ''; 988 }else 989 { 990 $return_array[$this->homeorder_array[$i]] = $this->homeorder_array[$i]; 991 } 992 993 } 994 995 } 996 997 $log->debug("Exiting from function getHomeOrder($id)"); 998 return $return_array; 999 } 1000 1001 1002 /** function to save the order in which the modules have to be displayed in the home page for the specified user id 1003 * @param $id -- user id:: Type integer 1004 */ 1005 function saveHomeOrder($id) 1006 { 1007 if($id == '') 1008 return null; 1009 global $log,$adb; 1010 $log->debug("Entering in function saveHomeOrder($id)"); 1011 for($i = 0;$i < count($this->homeorder_array);$i++) 1012 { 1013 if($_REQUEST[$this->homeorder_array[$i]] != '') 1014 $save_array[] = $this->homeorder_array[$i]; 1015 } 1016 $homeorder = implode(',',$save_array); 1017 $query = "update vtiger_users set homeorder ='$homeorder' where id=$id"; 1018 $adb->query($query); 1019 $log->debug("Exiting from function saveHomeOrder($id)"); 1020 } 1021 1022 /** 1023 * Track the viewing of a detail record. This leverages get_summary_text() which is object specific 1024 * params $user_id - The user that is viewing the record. 1025 * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.. 1026 * All Rights Reserved.. 1027 * Contributor(s): ______________________________________.. 1028 */ 1029 function track_view($user_id, $current_module,$id='') 1030 { 1031 $this->log->debug("About to call vtiger_tracker (user_id, module_name, item_id)($user_id, $current_module, $this->id)"); 1032 1033 $tracker = new Tracker(); 1034 $tracker->track_view($user_id, $current_module, $id, ''); 1035 } 1036 1037 } 1038 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Feb 25 10:22:19 2007 | par Balluche grâce à PHPXref 0.7 |