dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Misc: Database class integration.

This commit is contained in:
Nate 2019-08-28 17:53:34 -06:00
parent 95cf94b6d8
commit 04c2f7a132
12 changed files with 1094 additions and 1315 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
app/modules/module_edit.php
View File

@ -216,8 +216,11 @@
echo " ".$text['label-module_category']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
$table_name = 'v_modules'; $field_name = 'module_category'; $sql_where_optional = ''; $field_current_value = $module_category;
echo html_select_other($db, $table_name, $field_name, $sql_where_optional, $field_current_value);
$table_name = 'v_modules';
$field_name = 'module_category';
$sql_where_optional = '';
$field_current_value = $module_category;
echo html_select_other($table_name, $field_name, $sql_where_optional, $field_current_value);
echo "<br />\n";
echo "\n";
echo "</td>\n";

8
app/vars/var_edit.php
View File

@ -198,9 +198,11 @@
echo " ".$text['label-category']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
$table_name = 'v_vars';$field_name = 'var_category';$sql_where_optional = "";$field_current_value = $var_category;
echo html_select_other($db, $table_name, $field_name, $sql_where_optional, $field_current_value);
//echo "<br />\n";
$table_name = 'v_vars';
$field_name = 'var_category';
$sql_where_optional = "";
$field_current_value = $var_category;
echo html_select_other($table_name, $field_name, $sql_where_optional, $field_current_value);
echo $text['description-category']."\n";
echo "</td>\n";
echo "</tr>\n";

2
core/users/user_delete.php
View File

@ -61,7 +61,7 @@
}
//required to be a superadmin to delete a member of the superadmin group
$superadmin_list = superadmin_list($db);
$superadmin_list = superadmin_list();
if (if_superadmin($superadmin_list, $user_uuid)) {
if (!if_group("superadmin")) {
//access denied - do not delete the user

2
core/users/user_edit.php
View File

@ -68,7 +68,7 @@
//required to be a superadmin to update an account that is a member of the superadmin group
if (permission_exists('user_edit') && $action == 'edit') {
$superadmins = superadmin_list($db);
$superadmins = superadmin_list();
if (if_superadmin($superadmins, $user_uuid)) {
if (!if_group("superadmin")) {
echo "access denied";

85
logout.php
View File

@ -17,7 +17,7 @@
The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com>
Portions created by the Initial Developer are Copyright (C) 2008-2015
Portions created by the Initial Developer are Copyright (C) 2008-2019
the Initial Developer. All Rights Reserved.
Contributor(s):
@ -39,59 +39,60 @@
//convert to relative path
$referrer = substr($_SERVER['HTTP_REFERER'], strpos($_SERVER['HTTP_REFERER'], $_SERVER["HTTP_HOST"]) + strlen($_SERVER["HTTP_HOST"]));
//check if destination url already exists
$sql = "select count(*) as num_rows from v_user_settings ";
$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
$sql .= "and user_uuid = '".$_SESSION["user_uuid"]."' ";
$sql = "select count(*) from v_user_settings ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and user_uuid = :user_uuid ";
$sql .= "and user_setting_category = 'login' ";
$sql .= "and user_setting_subcategory = 'destination' ";
$sql .= "and user_setting_name = 'url' ";
$prep_statement = $db->prepare($sql);
if ($prep_statement) {
$prep_statement->execute();
$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
$exists = ($row['num_rows'] > 0) ? true : false;
}
unset($sql, $prep_statement, $row);
$paramters['domain_uuid'] = $_SESSION['domain_uuid'];
$paramters['user_uuid'] = $_SESSION['user_uuid'];
$database = new database;
$num_rows = $database->select($sql, $parameters, 'column');
$exists = ($num_rows > 0) ? true : false;
unset($sql, $parameters, $num_rows);
//if exists, update
if ($exists) {
$sql = "update v_user_settings set ";
$sql .= "user_setting_value = '".$referrer."', ";
$sql .= "user_setting_value = :user_setting_value ";
$sql .= "user_setting_enabled = 'true' ";
$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
$sql .= "and user_uuid = '".$_SESSION["user_uuid"]."' ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and user_uuid = :user_uuid ";
$sql .= "and user_setting_category = 'login' ";
$sql .= "and user_setting_subcategory = 'destination' ";
$sql .= "and user_setting_name = 'url' ";
$db->exec(check_sql($sql));
unset($sql);
$parameters['user_setting_value'] = $referrer;
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$parameters['user_uuid'] = $_SESSION["user_uuid"];
$database = new database;
$database->execute($sql, $parameters);
unset($sql, $parameters);
}
//otherwise, insert
else {
$sql = "insert into v_user_settings ";
$sql .= "( ";
$sql .= "user_setting_uuid, ";
$sql .= "domain_uuid, ";
$sql .= "user_uuid, ";
$sql .= "user_setting_category, ";
$sql .= "user_setting_subcategory, ";
$sql .= "user_setting_name, ";
$sql .= "user_setting_value, ";
$sql .= "user_setting_enabled ";
$sql .= ") ";
$sql .= "values ";
$sql .= "( ";
$sql .= "'".uuid()."', ";
$sql .= "'".$_SESSION['domain_uuid']."', ";
$sql .= "'".$_SESSION["user_uuid"]."', ";
$sql .= "'login', ";
$sql .= "'destination', ";
$sql .= "'url', ";
$sql .= "'".$referrer."', ";
$sql .= "'true' ";
$sql .= ") ";
$db->exec(check_sql($sql));
unset($sql);
//build insert array
$user_setting_uuid = uuid();
$array['user_settings'][0]['user_setting_uuid'] = $user_setting_uuid;
$array['user_settings'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
$array['user_settings'][0]['user_uuid'] = $_SESSION["user_uuid"];
$array['user_settings'][0]['user_setting_category'] = 'login';
$array['user_settings'][0]['user_setting_subcategory'] = 'destination';
$array['user_settings'][0]['user_setting_name'] = 'url';
$array['user_settings'][0]['user_setting_value'] = $referrer;
$array['user_settings'][0]['user_setting_enabled'] = 'true';
//grant temporary permissions
$p = new permissions;
$p->add('user_setting_add', 'temp');
//execute insert
$database = new database;
$database->app_name = 'logout';
$database->app_uuid = 'e9f24006-5da2-417f-94fb-7458348bae29';
$database->save($array);
unset($array);
//revoke temporary permissions
$p = new permissions;
$p->delete('user_setting_add', 'temp');
}
}
}
@ -99,6 +100,6 @@
//redirect the user to the index page
header("Location: ".PROJECT_PATH."/login.php");
return;
exit;
?>
?>

566
resources/functions.php
View File

@ -261,26 +261,6 @@
}
}
if (!function_exists('group_members')) {
function group_members($db, $user_uuid) {
global $domain_uuid;
$sql = "select * from v_user_groups ";
$sql .= "where domain_uuid = '$domain_uuid' ";
$sql .= "and user_uuid = '".$user_uuid."' ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
$result_count = count($result);
$group_members = "||";
foreach($result as $field) {
//get the list of groups
$group_members .= $field['group_name']."||";
}
unset($sql, $result, $row_count);
return $group_members;
}
}
if (!function_exists('if_group_member')) {
function if_group_member($group_members, $group) {
if (stripos($group_members, "||".$group."||") === false) {
@ -293,24 +273,23 @@
}
if (!function_exists('superadmin_list')) {
function superadmin_list($db) {
function superadmin_list() {
global $domain_uuid;
$sql = "select * from v_user_groups ";
$sql .= "where group_name = 'superadmin' ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
$result_count = count($result);
$database = new database;
$result = $database->select($sql, null, 'all');
$superadmin_list = "||";
foreach($result as $field) {
//get the list of superadmins
$superadmin_list .= $field['user_uuid']."||";
if (is_array($result) && @sizeof($result) != 0) {
foreach ($result as $field) {
//get the list of superadmins
$superadmin_list .= $field['user_uuid']."||";
}
}
unset($sql, $result, $row_count);
unset($sql, $result, $field);
return $superadmin_list;
}
}
//superadmin_list($db);
if (!function_exists('if_superadmin')) {
function if_superadmin($superadmin_list, $user_uuid) {
@ -324,36 +303,29 @@
}
if (!function_exists('html_select_other')) {
function html_select_other($db, $table_name, $field_name, $sql_where_optional, $field_current_value) {
//html select other : build a select box from distinct items in db with option for other
function html_select_other($table_name, $field_name, $sql_where_optional, $field_current_value) {
//html select other: build a select box from distinct items in db with option for other
global $domain_uuid;
$html = "<table border='0' cellpadding='1' cellspacing='0'>\n";
$html = "<table border='0' cellpadding='1' cellspacing='0'>\n";
$html .= "<tr>\n";
$html .= "<td id=\"cell".$field_name."1\">\n";
$html .= "\n";
$html .= "<select id=\"".$field_name."\" name=\"".$field_name."\" class='formfld' onchange=\"if (document.getElementById('".$field_name."').value == 'Other') { /*enabled*/ document.getElementById('".$field_name."_other').style.display=''; document.getElementById('".$field_name."_other').className='formfld'; document.getElementById('".$field_name."_other').focus(); } else { /*disabled*/ document.getElementById('".$field_name."_other').value = ''; document.getElementById('".$field_name."_other').style.display='none'; } \">\n";
$html .= "<option value=''></option>\n";
$sql = "SELECT distinct($field_name) as $field_name FROM $table_name $sql_where_optional ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
$result_count = count($result);
if ($result_count > 0) { //if user account exists then show login
//print_r($result);
$sql = "select distinct(".$field_name.") as ".$field_name." ";
$sql .= "from ".$table_name." ".$sql_where_optional." ";
$database = new database;
$result = $database->select($sql, null, 'all');
if (is_array($result) && @sizeof($result) != 0) {
foreach($result as $field) {
if (strlen($field[$field_name]) > 0) {
if ($field_current_value == $field[$field_name]) {
$html .= "<option value=\"".$field[$field_name]."\" selected>".$field[$field_name]."</option>\n";
}
else {
$html .= "<option value=\"".$field[$field_name]."\">".$field[$field_name]."</option>\n";
}
$html .= "<option value=\"".$field[$field_name]."\" ".($field_current_value == $field[$field_name] ? "selected='selected'" : null).">".$field[$field_name]."</option>\n";
}
}
}
unset($sql, $result, $result_count);
unset($sql, $result, $field);
$html .= "<option value='Other'>Other</option>\n";
$html .= "</select>\n";
@ -364,103 +336,41 @@
$html .= "</tr>\n";
$html .= "</table>";
return $html;
return $html;
}
}
if (!function_exists('html_select')) {
function html_select($db, $table_name, $field_name, $sql_where_optional, $field_current_value, $field_value = '', $style = '') {
//html select other : build a select box from distinct items in db with option for other
function html_select($table_name, $field_name, $sql_where_optional, $field_current_value, $field_value = '', $style = '', $onchange = '') {
//html select: build a select box from distinct items in db
global $domain_uuid;
if (strlen($field_value) > 0) {
$html .= "<select id=\"".$field_value."\" name=\"".$field_value."\" class='formfld' style='".$style."'>\n";
$html .= "<option value=\"\"></option>\n";
$sql = "SELECT distinct($field_name) as $field_name, $field_value FROM $table_name $sql_where_optional order by $field_name asc ";
$html .= "<select id=\"".$field_value."\" name=\"".$field_value."\" class='formfld' style='".$style."' ".($onchange != '' ? "onchange=\"".$onchange."\"" : null).">\n";
$html .= " <option value=\"\"></option>\n";
$sql = "select distinct(".$field_name.") as ".$field_name.", ".$field_value." from ".$table_name." ".$sql_where_optional." order by ".$field_name." asc ";
}
else {
$html .= "<select id=\"".$field_name."\" name=\"".$field_name."\" class='formfld' style='".$style."'>\n";
$html .= "<option value=\"\"></option>\n";
$sql = "SELECT distinct($field_name) as $field_name FROM $table_name $sql_where_optional ";
$html .= "<select id=\"".$field_name."\" name=\"".$field_name."\" class='formfld' style='".$style."' ".($onchange != '' ? "onchange=\"".$onchange."\"" : null).">\n";
$html .= " <option value=\"\"></option>\n";
$sql = "select distinct(".$field_name.") as ".$field_name." from ".$table_name." ".$sql_where_optional." ";
}
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
$result_count = count($result);
if ($result_count > 0) { //if user account exists then show login
$database = new database;
$result = $database->select($sql, null, 'all');
if (is_array($result) && @sizeof($result) != 0) {
foreach($result as $field) {
if (strlen($field[$field_name]) > 0) {
if ($field_current_value == $field[$field_name]) {
if (strlen($field_value) > 0) {
$html .= "<option value=\"".$field[$field_value]."\" selected>".$field[$field_name]."</option>\n";
}
else {
$html .= "<option value=\"".$field[$field_name]."\" selected>".$field[$field_name]."</option>\n";
}
}
else {
if (strlen($field_value) > 0) {
$html .= "<option value=\"".$field[$field_value]."\">".$field[$field_name]."</option>\n";
}
else {
$html .= "<option value=\"".$field[$field_name]."\">".$field[$field_name]."</option>\n";
}
}
$selected = $field_current_value == $field[$field_name] ? "selected='selected'" : null;
$array_key = strlen($field_value) > 0 ? $field_value : $field_name;
$html .= "<option value=\"".$field[$array_key]."\" ".$selected.">".$field[$field_name]."</option>\n";
}
}
}
unset($sql, $result, $result_count);
unset($sql, $result, $field);
$html .= "</select>\n";
return $html;
}
}
//$table_name = 'v_templates'; $field_name = 'templatename'; $sql_where_optional = "where domain_uuid = '$domain_uuid' "; $field_current_value = '';
//echo html_select($db, $table_name, $field_name, $sql_where_optional, $field_current_value);
if (!function_exists('html_select_on_change')) {
function html_select_on_change($db, $table_name, $field_name, $sql_where_optional, $field_current_value, $onchange, $field_value = '') {
//html select other : build a select box from distinct items in db with option for other
global $domain_uuid;
$html .= "<select id=\"".$field_name."\" name=\"".$field_name."\" class='formfld' onchange=\"".$onchange."\">\n";
$html .= "<option value=''></option>\n";
$sql = "SELECT distinct($field_name) as $field_name FROM $table_name $sql_where_optional order by $field_name asc ";
//echo $sql;
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
$result_count = count($result);
//echo $result_count;
if ($result_count > 0) { //if user account exists then show login
//print_r($result);
foreach($result as $field) {
if (strlen($field[$field_name]) > 0) {
if ($field_current_value == $field[$field_name]) {
if (strlen($field_value) > 0) {
$html .= "<option value=\"".$field[$field_value]."\" selected>".$field[$field_name]."</option>\n";
}
else {
$html .= "<option value=\"".$field[$field_name]."\" selected>".$field[$field_name]."</option>\n";
}
}
else {
if (strlen($field_value) > 0) {
$html .= "<option value=\"".$field[$field_value]."\">".$field[$field_name]."</option>\n";
}
else {
$html .= "<option value=\"".$field[$field_name]."\">".$field[$field_name]."</option>\n";
}
}
}
}
}
unset($sql, $result, $result_count);
$html .= "</select>\n";
return $html;
return $html;
}
}
@ -485,43 +395,6 @@
return $html;
}
}
////example usage
//$table_name = 'tblcontacts'; $field_name = 'contactcategory'; $sql_where_optional = "", $field_current_value ='';
//echo html_select_other($db, $table_name, $field_name, $sql_where_optional, $field_current_value);
//// On the page that recieves the POST
//if (check_str($_POST["contactcategory"]) == "Other") { //echo "found: ".$contactcategory;
// $contactcategory = check_str($_POST["contactcategoryother"]);
//}
if (!function_exists('log_add')) {
function log_add($db, $log_type, $log_status, $log_desc, $log_add_user, $log_add_user_ip) {
return; //this disables the function
global $domain_uuid;
$sql = "insert into logs ";
$sql .= "(";
$sql .= "log_type, ";
$sql .= "log_status, ";
$sql .= "log_desc, ";
$sql .= "log_add_user, ";
$sql .= "log_add_user_ip, ";
$sql .= "log_add_date ";
$sql .= ")";
$sql .= "values ";
$sql .= "(";
$sql .= "'$log_type', ";
$sql .= "'$log_status', ";
$sql .= "'$log_desc', ";
$sql .= "'$log_add_user', ";
$sql .= "'$log_add_user_ip', ";
$sql .= "now() ";
$sql .= ")";
$db->exec(check_sql($sql));
unset($sql);
}
}
//$log_type = ''; $log_status=''; $log_add_user=''; $log_desc='';
//log_add($db, $log_type, $log_status, $log_desc, $log_add_user, $_SERVER["REMOTE_ADDR"]);
if (!function_exists('get_ext')) {
function get_ext($filename) {
@ -546,108 +419,94 @@
}
if (!function_exists('file_upload')) {
function file_upload($field = '', $file_type = '', $dest_dir = '') {
function file_upload($field = '', $file_type = '', $dest_dir = '') {
$uploadtempdir = $_ENV["TEMP"]."\\";
ini_set('upload_tmp_dir', $uploadtempdir);
$uploadtempdir = $_ENV["TEMP"]."\\";
ini_set('upload_tmp_dir', $uploadtempdir);
$tmp_name = $_FILES[$field]["tmp_name"];
$file_name = $_FILES[$field]["name"];
$file_type = $_FILES[$field]["type"];
$file_size = $_FILES[$field]["size"];
$file_ext = get_ext($file_name);
$file_name_orig = $file_name;
$file_name_base = substr($file_name, 0, (strlen($file_name) - (strlen($file_ext)+1)));
//$dest_dir = '/tmp';
$tmp_name = $_FILES[$field]["tmp_name"];
$file_name = $_FILES[$field]["name"];
$file_type = $_FILES[$field]["type"];
$file_size = $_FILES[$field]["size"];
$file_ext = get_ext($file_name);
$file_name_orig = $file_name;
$file_name_base = substr($file_name, 0, (strlen($file_name) - (strlen($file_ext)+1)));
//$dest_dir = '/tmp';
if ($file_size == 0){
return;
if ($file_size == 0) {
return;
}
if (!is_dir($dest_dir)) {
echo "dest_dir not found<br />\n";
return;
}
//check if allowed file type
if ($file_type == "img") {
switch (strtolower($file_ext)) {
case "jpg":
case "png":
case "gif":
case "bmp":
case "psd":
case "tif": break;
default: return false;
}
}
if ($file_type == "file") {
switch (strtolower($file_ext)) {
case "doc":
case "pdf":
case "ppt":
case "xls":
case "zip":
case "exe": break;
default: return false;
}
}
//find unique filename: check if file exists if it does then increment the filename
$i = 1;
while( file_exists($dest_dir.'/'.$file_name)) {
if (strlen($file_ext)> 0) {
$file_name = $file_name_base . $i .'.'. $file_ext;
}
if (!is_dir($dest_dir)) {
echo "dest_dir not found<br />\n";
return;
else {
$file_name = $file_name_orig . $i;
}
$i++;
}
//check if allowed file type
if ($file_type == "img") {
switch (strtolower($file_ext)) {
case "jpg":
break;
case "png":
break;
case "gif":
break;
case "bmp":
break;
case "psd":
break;
case "tif":
break;
default:
return false;
}
}
if ($file_type == "file") {
switch (strtolower($file_ext)) {
case "doc":
break;
case "pdf":
break;
case "ppt":
break;
case "xls":
break;
case "zip":
break;
case "exe":
break;
default:
return false;
}
}
//echo "file_type: ".$file_type."<br />\n";
//echo "tmp_name: ".$tmp_name."<br />\n";
//echo "file_name: ".$file_name."<br />\n";
//echo "file_ext: ".$file_ext."<br />\n";
//echo "file_name_orig: ".$file_name_orig."<br />\n";
//echo "file_name_base: ".$file_name_base."<br />\n";
//echo "dest_dir: ".$dest_dir."<br />\n";
//find unique filename: check if file exists if it does then increment the filename
$i = 1;
while( file_exists($dest_dir.'/'.$file_name)) {
if (strlen($file_ext)> 0) {
$file_name = $file_name_base . $i .'.'. $file_ext;
}
else {
$file_name = $file_name_orig . $i;
}
$i++;
}
//move the file to upload directory
//bool move_uploaded_file ( string $filename, string $destination )
//echo "file_type: ".$file_type."<br />\n";
//echo "tmp_name: ".$tmp_name."<br />\n";
//echo "file_name: ".$file_name."<br />\n";
//echo "file_ext: ".$file_ext."<br />\n";
//echo "file_name_orig: ".$file_name_orig."<br />\n";
//echo "file_name_base: ".$file_name_base."<br />\n";
//echo "dest_dir: ".$dest_dir."<br />\n";
if (move_uploaded_file($tmp_name, $dest_dir.'/'.$file_name)) {
return $file_name;
}
else {
echo "File upload failed! Here's some debugging info:\n";
return false;
}
exit;
//move the file to upload directory
//bool move_uploaded_file ( string $filename, string $destination )
if (move_uploaded_file($tmp_name, $dest_dir.'/'.$file_name)){
return $file_name;
}
else {
echo "File upload failed! Here's some debugging info:\n";
return false;
}
exit;
} //end function
}
}
if ( !function_exists('sys_get_temp_dir')) {
if (!function_exists('sys_get_temp_dir')) {
function sys_get_temp_dir() {
if( $temp=getenv('TMP') ) return $temp;
if( $temp=getenv('TEMP') ) return $temp;
if( $temp=getenv('TMPDIR') ) return $temp;
$temp=tempnam(__FILE__,'');
if ($temp = getenv('TMP')) { return $temp; }
if ($temp = getenv('TEMP')) { return $temp; }
if ($temp = getenv('TMPDIR')) { return $temp; }
$temp = tempnam(__FILE__,'');
if (file_exists($temp)) {
unlink($temp);
return dirname($temp);
@ -657,14 +516,14 @@
}
//echo realpath(sys_get_temp_dir());
if ( !function_exists('normalize_path')) {
if (!function_exists('normalize_path')) {
//don't use DIRECTORY_SEPARATOR as it will change on a per platform basis and we need consistency
function normalize_path($path) {
return str_replace(array('/','\\'), '/', $path);
}
}
if ( !function_exists('normalize_path_to_os')) {
if (!function_exists('normalize_path_to_os')) {
function normalize_path_to_os($path) {
return str_replace(array('/','\\'), DIRECTORY_SEPARATOR, $path);
}
@ -672,125 +531,109 @@
if (!function_exists('username_exists')) {
function username_exists($username) {
global $db, $domain_uuid;
$sql = "select * from v_users ";
$sql .= "where domain_uuid = '$domain_uuid' ";
$sql .= "and username = '".$username."' ";
//$sql .= "and user_enabled = 'true' ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
$result_count = count($result);
if ($result_count > 0) {
return true;
}
else {
return false;
}
global $domain_uuid;
$sql = "select count(*) from v_users ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and username = :username ";
$parameters['domain_uuid'] = $domain_uuid;
$parameters['username'] = $username;
$database = new database;
$num_rows = $database->select($sql, $parameters, 'column');
return $num_rows > 0 ? true : false;
}
}
if (!function_exists('add_extension_user')) {
function add_extension_user($extension_uuid, $username) {
global $db, $domain_uuid;
global $domain_uuid;
//get the user_uuid by using the username
$sql = "select * from v_users ";
$sql .= "where domain_uuid = '$domain_uuid' ";
$sql .= "and username = '$username' ";
//$sql .= "and user_enabled = 'true' ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
unset($prep_statement);
foreach ($result as &$row) {
$sql = "select user_uuid from v_users ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and username = :username ";
$parameters['domain_uuid'] = $domain_uuid;
$parameters['username'] = $username;
$database = new database;
$user_uuid = $database->select($sql, $parameters, 'column');
unset($sql, $parameters);
if (is_uuid($user_uuid)) {
//check if the user_uuid exists in v_extension_users
$sql = "select * from v_extension_users ";
$sql .= "where domain_uuid = '$domain_uuid' ";
$sql .= "and user_uuid = '".$row["user_uuid"]."' ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$extension_users_result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
unset($prep_statement);
$sql = "select count(*) from v_extension_users ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and user_uuid = :user_uuid ";
$parameters['domain_uuid'] = $domain_uuid;
$parameters['user_uuid'] = $user_uuid;
$database = new database;
$num_rows = $database->select($sql, $parameters, 'column');
unset($sql, $parameters);
//assign the extension to the user
if (count($extension_users_result) == 0) {
$sql = "insert into v_extension_users ";
$sql .= "(";
$sql .= "domain_uuid, ";
$sql .= "extension_uuid, ";
$sql .= "user_uuid ";
$sql .= ") ";
$sql .= "values ";
$sql .= "(";
$sql .= "'$domain_uuid', ";
$sql .= "'$extension_uuid', ";
$sql .= "'".$row["user_uuid"]."' ";
$sql .= ")";
$db->exec(check_sql($sql));
unset($sql);
if ($num_rows == 0) {
//build insert array
$extension_user_uuid = uuid();
$array['extension_users'][$x]['extension_user_uuid'] = $extension_user_uuid;
$array['extension_users'][$x]['domain_uuid'] = $domain_uuid;
$array['extension_users'][$x]['extension_uuid'] = $extension_uuid;
$array['extension_users'][$x]['user_uuid'] = $row["user_uuid"];
//grant temporary permissions
$p = new permissions;
$p->add('extension_user_add', 'temp');
//execute insert
$database = new database;
$database->app_name = 'function-add_extension_user';
$database->app_uuid = 'e68d9689-2769-e013-28fa-6214bf47fca3';
$database->save($array);
unset($array);
//revoke temporary permissions
$p->delete('extension_user_add', 'temp');
}
}
unset ($result);
}
}
if (!function_exists('user_add')) {
function user_add($username, $password, $user_email='') {
global $db, $domain_uuid, $v_salt;
$user_uuid = uuid();
function user_add($username, $password, $user_email = '') {
global $domain_uuid;
if (strlen($username) == 0) { return false; }
if (strlen($password) == 0) { return false; }
if (!username_exists($username)) {
//salt used with the password to create a one way hash
//build user insert array
$user_uuid = uuid();
$salt = generate_password('20', '4');
//add the user account
$user_type = 'Individual';
$user_category = 'user';
$sql = "insert into v_users ";
$sql .= "(";
$sql .= "domain_uuid, ";
$sql .= "user_uuid, ";
$sql .= "username, ";
$sql .= "password, ";
$sql .= "salt, ";
if (strlen($user_email) > 0) { $sql .= "user_email, "; }
$sql .= "add_date, ";
$sql .= "add_user ";
$sql .= ")";
$sql .= "values ";
$sql .= "(";
$sql .= "'$domain_uuid', ";
$sql .= "'$user_uuid', ";
$sql .= "'$username', ";
$sql .= "'".md5($salt.$password)."', ";
$sql .= "'$salt', ";
if (strlen($user_email) > 0) { $sql .= "'$user_email', "; }
$sql .= "now(), ";
$sql .= "'".$_SESSION["username"]."' ";
$sql .= ")";
$db->exec(check_sql($sql));
unset($sql);
$array['users'][0]['user_uuid'] = $user_uuid;
$array['users'][0]['domain_uuid'] = $domain_uuid;
$array['users'][0]['username'] = $username;
$array['users'][0]['password'] = md5($salt.$password);
$array['users'][0]['salt'] = $salt;
if (valid_email($user_email)) {
$array['users'][0]['user_email'] = $user_email;
}
$array['users'][0]['add_date'] = now();
$array['users'][0]['add_user'] = $_SESSION["username"];
//add the user to the member group
$group_name = 'user';
$sql = "insert into v_user_groups ";
$sql .= "(";
$sql .= "user_group_uuid, ";
$sql .= "domain_uuid, ";
$sql .= "group_name, ";
$sql .= "user_uuid ";
$sql .= ")";
$sql .= "values ";
$sql .= "(";
$sql .= "'".uuid()."', ";
$sql .= "'$domain_uuid', ";
$sql .= "'$group_name', ";
$sql .= "'$user_uuid' ";
$sql .= ")";
$db->exec(check_sql($sql));
unset($sql);
} //end if !username_exists
} //end function definition
} //end function_exists
//build user group insert array
$user_group_uuid = uuid();
$array['user_groups'][0]['user_group_uuid'] = $user_group_uuid;
$array['user_groups'][0]['domain_uuid'] = $domain_uuid;
$array['user_groups'][0]['group_name'] = 'user';
$array['user_groups'][0]['user_uuid'] = $user_uuid;
//grant temporary permissions
$p = new permissions;
$p->add('user_add', 'temp');
$p->add('user_group_add', 'temp');
//execute insert
$database = new database;
$database->app_name = 'function-user_add';
$database->app_uuid = '15a8d74b-ac7e-4468-add4-3e6ebdcb8e22';
$database->save($array);
unset($array);
//revoke temporary permissions
$p->delete('user_add', 'temp');
$p->delete('user_group_add', 'temp');
}
}
}
function switch_module_is_running($fp, $mod) {
if (!$fp) {
@ -2002,14 +1845,13 @@ function number_pad($number,$n) {
//retrieve array of countries
if (!function_exists('get_countries')) {
function get_countries($db) {
function get_countries() {
$sql = "select * from v_countries order by country asc";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
$result_count = count($result);
return ($result_count > 0) ? $result : false;
unset ($prep_statement, $sql);
$database = new database;
$result = $database->select($sql, null, 'all');
unset($sql);
return is_array($result) && @sizeof($result) != 0 ? $result : false;
}
}

76
resources/header.php
View File

@ -69,57 +69,53 @@ require_once "resources/require.php";
}
//get the parent id
$sql = "select * from v_menu_items ";
$sql .= "where menu_uuid = '".$_SESSION['domain']['menu']['uuid']."' ";
$sql .= "and menu_item_link = '".$_SERVER["SCRIPT_NAME"]."' ";
$menu_prep_statement = $db->prepare(check_sql($sql));
$menu_prep_statement->execute();
$menu_result = $menu_prep_statement->fetchAll(PDO::FETCH_NAMED);
foreach ($menu_result as &$menu_row) {
$_SESSION["menu_item_parent_uuid"] = $menu_row["menu_item_parent_uuid"];
break;
}
unset($menu_prep_statement, $menu_result, $menu_row);
$sql = "select menu_item_parent_uuid from v_menu_items ";
$sql .= "where menu_uuid = :menu_uuid ";
$sql .= "and menu_item_link = :menu_item_link ";
$parameters['menu_uuid'] = $_SESSION['domain']['menu']['uuid'];
$parameters['menu_item_link'] = $_SERVER["SCRIPT_NAME"];
$database = new database;
$menu_item_parent_uuid = $database->select($sql, $parameters, 'column');
$_SESSION["menu_item_parent_uuid"] = $menu_item_parent_uuid;
unset($sql, $parameters, $menu_item_parent_uuid);
//get the content
if (file_exists($_SERVER["PROJECT_ROOT"]."/app/content/app_config.php")) {
$sql = "select * from v_rss ";
$sql .= "where domain_uuid =:domain_uuid ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and rss_category = 'content' ";
$sql .= "and rss_link =:content ";
$sql .= "and (length(rss_del_date) = 0 ";
$sql .= "or rss_del_date is null) ";
$sql .= "and rss_link = :content ";
$sql .= "and ( ";
$sql .= "length(rss_del_date) = 0 ";
$sql .= "or rss_del_date is null ";
$sql .= ") ";
$sql .= "order by rss_order asc ";
$content_prep_statement = $db->prepare(check_sql($sql));
$content_prep_statement->bindParam(':domain_uuid', $_SESSION['domain_uuid']);
if (strlen($content) == 0) {
$content_prep_statement->bindParam(':content', $_SERVER["PHP_SELF"]);
}
else {
$content_prep_statement->bindParam(':content', $content);
}
$content_prep_statement->execute();
$content_result = $content_prep_statement->fetchAll(PDO::FETCH_NAMED);
$page["title"] = '';
foreach($content_result as $content_row) {
$template_rss_sub_category = $content_row['rss_sub_category'];
if (strlen($content_row['rss_group']) == 0) {
//content is public
$content_from_db = &$content_row['rss_description'];
if (strlen($content_row['rss_title']) > 0) {
$page["title"] = $content_row['rss_title'];
}
}
else {
if (if_group($content_row[rss_group])) { //viewable only to designated group
$content_from_db = &$content_row[rss_description];
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$parameters['content'] = strlen($content) == 0 ? $_SERVER["PHP_SELF"] : $content;
$database = new database;
$content_result = $database->select($sql, $parameters, 'all');
$page['title'] = '';
if (is_array($content_result) && @sizeof($content_result) != 0) {
foreach($content_result as $content_row) {
$template_rss_sub_category = $content_row['rss_sub_category'];
if (strlen($content_row['rss_group']) == 0) {
//content is public
$content_from_db = &$content_row['rss_description'];
if (strlen($content_row['rss_title']) > 0) {
$page["title"] = $content_row['rss_title'];
}
}
else {
if (if_group($content_row[rss_group])) { //viewable only to designated group
$content_from_db = &$content_row[rss_description];
if (strlen($content_row['rss_title']) > 0) {
$page["title"] = $content_row['rss_title'];
}
}
}
}
} //end foreach
unset($sql, $content_result, $content_row);
}
unset($sql, $parameters, $content_result, $content_row);
}
//start the output buffer

56
resources/login.php
View File

@ -41,14 +41,14 @@
$domain_uuid = $key_part[1];
$password_submitted = $key_part[2];
//get current salt, see if same as submitted salt
$sql = "select password from v_users where domain_uuid = :domain_uuid and username = :username ";
$prep_statement = $db->prepare($sql);
$prep_statement->bindParam(':domain_uuid', $domain_uuid);
$prep_statement->bindParam(':username', $username);
$prep_statement->execute();
$result = $prep_statement->fetch(PDO::FETCH_NAMED);
$password_current = $result['password'];
unset($prep_statement, $result);
$sql = "select password from v_users ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and username = :username ";
$parameters['domain_uuid'] = $domain_uuid;
$parameters['username'] = $username;
$database = new database;
$password_current = $database->select($sql, $parameters, 'column');
unset($sql, $parameters);
//set flag
if ($username != '' && $domain_uuid == $_SESSION['domain_uuid'] && $password_submitted == $password_current) {
@ -77,12 +77,11 @@
$sql .= "and e.contact_uuid = u.contact_uuid ";
$sql .= "and u.email_address = :email ";
$sql .= "and e.domain_uuid = :domain_uuid ";
$prep_statement = $db->prepare($sql);
$prep_statement->bindParam(':domain_uuid', $_SESSION['domain_uuid']);
$prep_statement->bindParam(':email', $email);
$prep_statement->execute();
$result = $prep_statement->fetch(PDO::FETCH_NAMED);
unset($prep_statement);
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$parameters['email'] = $email;
$database = new database;
$result = $database->select($sql, $parameters, 'row');
unset($sql, $parameters);
if ($result['username'] != '') {
@ -96,18 +95,19 @@
//get email template from db
$sql = "select template_subject, template_body from v_email_templates ";
$sql .= "where template_language = '".$_SESSION['domain']['language']['code']."' ";
$sql .= "and (domain_uuid = '".$_SESSION['domain_uuid']."' or domain_uuid is null) ";
$sql .= "where template_language = :template_language ";
$sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) ";
$sql .= "and template_category = 'password_reset' ";
$sql .= "and template_subcategory = 'default' ";
$sql .= "and template_type = 'html' ";
$sql .= "and template_enabled = 'true' ";
$prep_statement = $db->prepare($sql);
$prep_statement->execute();
$row = $prep_statement->fetch(PDO::FETCH_NAMED);
$parameters['template_language'] = $_SESSION['domain']['language']['code'];
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$database = new database;
$row = $database->select($sql, $parameters, 'row');
$email_subject = $row['template_subject'];
$email_body = $row['template_body'];
unset($prep_statement, $row);
unset($sql, $parameters, $row);
//replace variables in email body
$email_body = str_replace('${reset_link}', $reset_link, $email_body);
@ -161,13 +161,13 @@
$sql .= "salt = :salt ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and username = :username ";
$prep_statement = $db->prepare($sql);
$prep_statement->bindParam(':domain_uuid', $_SESSION['domain_uuid']);
$prep_statement->bindParam(':password', md5($salt.$password_new));
$prep_statement->bindParam(':salt', $salt);
$prep_statement->bindParam(':username', $username);
$prep_statement->execute();
unset($prep_statement);
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$parameters['password'] = md5($salt.$password_new);
$parameters['salt'] = $salt;
$parameters['username'] = $username;
$database = new database;
$database->execute($sql, $parameters);
unset($sql, $parameters);
message::add($text['message-password_reset'], 'positive', 2500);
unset($_SESSION['valid_username']);
@ -403,4 +403,4 @@
$default_login = true;
include "resources/footer.php";
?>
?>

1211
resources/switch.php
View File

File diff suppressed because it is too large Load Diff

240
secure/fax_to_email.php
View File

@ -39,7 +39,7 @@ if (defined('STDIN')) {
//echo "$document_root is document_root\n";
}
if (stristr(PHP_OS, 'WIN')) { $IS_WINDOWS = true; } else { $IS_WINDOWS = false; }
$IS_WINDOWS = stristr(PHP_OS, 'WIN') ? true : false;
if (!function_exists('exec_in_dir')) {
function exec_in_dir($dir, $cmd, &$ok){
@ -119,7 +119,7 @@ if (!function_exists('tiff2pdf')) {
}
if (!file_exists($dir_fax_temp)){
echo"can not create temporary directory";
echo "can not create temporary directory";
return false; //
}
@ -127,7 +127,7 @@ if (!function_exists('tiff2pdf')) {
$ok = false;
$resp = exec_in_dir($dir_fax, $cmd, $ok);
if (!$ok){
echo"can not find fax resoulution";
echo "can not find fax resoulution";
return false; // "can not find fax resoulution"
}
@ -142,7 +142,7 @@ if (!function_exists('tiff2pdf')) {
$cmd = "tiffinfo " . $tiff_file_name . ' | grep "Image Width:"';
$resp = exec_in_dir($dir_fax, $cmd, $ok);
if (!$ok){
echo"can not find fax size";
echo "can not find fax size";
return false; // "can not find fax size"
}
@ -193,11 +193,11 @@ if (!function_exists('tiff2pdf')) {
}
if (!function_exists('fax_enqueue')) {
function fax_enqueue($fax_uuid, $fax_file, $wav_file, $reply_address, $fax_uri, $fax_dtmf, $dial_string){
global $db, $db_type;
function fax_enqueue($fax_uuid, $fax_file, $wav_file, $reply_address, $fax_uri, $fax_dtmf, $dial_string) {
global $db_type;
$fax_task_uuid = uuid();
$dial_string .= "fax_task_uuid='" . $fax_task_uuid . "',";
$dial_string .= "fax_task_uuid='".$fax_task_uuid."',";
$description = ''; //! @todo add description
if ($db_type == "pgsql") {
$date_utc_now_sql = "NOW() at time zone 'utc'";
@ -209,38 +209,64 @@ if (!function_exists('fax_enqueue')) {
$date_utc_now_sql = "datetime('now')";
}
$sql = "INSERT INTO v_fax_tasks (fax_task_uuid, fax_uuid, ";
$sql .= " task_next_time, task_lock_time, ";
$sql .= " task_fax_file, task_wav_file, task_uri, task_dial_string, task_dtmf, ";
$sql .= " task_interrupted, task_status, task_no_answer_counter, task_no_answer_retry_counter, task_retry_counter, ";
$sql .= " task_reply_address, task_description) ";
$sql .= "VALUES ( ";
$sql .= " :fax_task_uuid, :fax_uuid, ";
$sql .= " ".$date_utc_now_sql.", NULL, ";
$sql .= " :fax_file, :wav_file, :fax_uri, :dial_string, :fax_dtmf, ";
$sql .= " 'false', 0, 0, 0, 0, ";
$sql .= " :reply_address, :description, ";
$sql .= "); ";
$statement = $db->prepare($sql);
$statement->bindParam(':fax_task_uuid', $fax_task_uuid);
$statement->bindParam(':fax_uuid', $fax_uuid);
$statement->bindParam(':fax_file', $fax_file);
$statement->bindParam(':wav_file', $wav_file);
$statement->bindParam(':fax_uri', $fax_uri);
$statement->bindParam(':dial_string', $dial_string);
$statement->bindParam(':fax_dtmf', $fax_dtmf);
$statement->bindParam(':reply_address', $reply_address);
$statement->bindParam(':description', $description);
if ($statement->execute()) {
$response = 'Success';
$sql = "insert into v_fax_tasks";
$sql .= "( ";
$sql .= "fax_task_uuid, ";
$sql .= "fax_uuid, ";
$sql .= "task_next_time, ";
$sql .= "task_lock_time, ";
$sql .= "task_fax_file, ";
$sql .= "task_wav_file, ";
$sql .= "task_uri, ";
$sql .= "task_dial_string, ";
$sql .= "task_dtmf, ";
$sql .= "task_interrupted, ";
$sql .= "task_status, ";
$sql .= "task_no_answer_counter, ";
$sql .= "task_no_answer_retry_counter,";
$sql .= "task_retry_counter, ";
$sql .= "task_reply_address, ";
$sql .= "task_description ";
$sql .= ") ";
$sql .= "values ( ";
$sql .= ":fax_task_uuid, ";
$sql .= ":fax_uuid, ";
$sql .= $date_utc_now_sql.", ";
$sql .= "null, ";
$sql .= ":fax_file, ";
$sql .= ":wav_file, ";
$sql .= ":fax_uri, ";
$sql .= ":dial_string, ";
$sql .= ":fax_dtmf, ";
$sql .= "'false', ";
$sql .= "0, ";
$sql .= "0, ";
$sql .= "0, ";
$sql .= "0, ";
$sql .= ":reply_address, ";
$sql .= ":description ";
$sql .= ") ";
$parameters['fax_task_uuid'] = $fax_task_uuid;
$parameters['fax_uuid'] = $fax_uuid;
$parameters['fax_file'] = $fax_file;
$parameters['wav_file'] = $wav_file;
$parameters['fax_uri'] = $fax_uri;
$parameters['dial_string'] = $dial_string;
$parameters['fax_dtmf'] = $fax_dtmf;
$parameters['reply_address'] = $reply_address;
$parameters['description'] = $description;
$database = new database;
$database->execute($sql, $parameters);
$response = $database->message();
if ($response['message'] == 'OK' && $response['code'] == '200') {
return 'Success';
}
else{
//! @todo log error
$response = 'Failed';
var_dump($db->errorInfo());
view_array($response);
return 'Failed';
}
unset($statement);
return $response;
unset($sql, $parameters, $response);
}
}
@ -336,41 +362,44 @@ if (!function_exists('fax_split_dtmf')) {
$mailto_address = $fax_email;
//get the fax file name (only) if a full path
$fax_path = pathinfo($fax_file);
$fax_path = pathinfo($fax_file);
$fax_file_only = $fax_path['basename'];
$fax_file_name = $fax_path['filename'];
$dir_fax = $fax_path['dirname'];
$dir_fax = $fax_path['dirname'];
//get the domain_uuid from the database
$sql = "select * from v_domains ";
$sql .= "where domain_name = '".$domain_name."' ";
$prep_statement = $db->prepare($sql);
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_ASSOC);
foreach ($result as &$row) {
//set the domain variables
$domain_uuid = $row["domain_uuid"];
$_SESSION["domain_uuid"] = $row["domain_uuid"];
$_SESSION["domain_name"] = $domain_name;
//set the setting arrays
$domain = new domains();
$domain->db = $db;
$domain->set();
$sql .= "where domain_name = :domain_name ";
$parameters['domain_name'] = $domain_name;
$database = new database;
$result = $database->select($sql, $parameters, 'all');
if (is_array($result) && @sizeof($result) != 0) {
foreach ($result as &$row) {
//set the domain variables
$domain_uuid = $row["domain_uuid"];
$_SESSION["domain_uuid"] = $row["domain_uuid"];
$_SESSION["domain_name"] = $domain_name;
//set the setting arrays
$domain = new domains();
$domain->db = $db;
$domain->set();
}
}
unset ($prep_statement);
unset($sql, $parameters, $result);
//prepare smtp server settings
// load default smtp settings
$smtp['method'] = $_SESSION['email']['smtp_method']['text'];
$smtp['host'] = (strlen($_SESSION['email']['smtp_host']['text'])?$_SESSION['email']['smtp_host']['text']:'127.0.0.1');
$smtp['method'] = $_SESSION['email']['smtp_method']['text'];
$smtp['host'] = (strlen($_SESSION['email']['smtp_host']['text'])?$_SESSION['email']['smtp_host']['text']:'127.0.0.1');
if (isset($_SESSION['email']['smtp_port'])) {
$smtp['port'] = (int)$_SESSION['email']['smtp_port']['numeric'];
} else {
}
else {
$smtp['port'] = 0;
}
$smtp['secure'] = $_SESSION['email']['smtp_secure']['text'];
$smtp['auth'] = $_SESSION['email']['smtp_auth']['text'];
$smtp['secure'] = $_SESSION['email']['smtp_secure']['text'];
$smtp['auth'] = $_SESSION['email']['smtp_auth']['text'];
$smtp['username'] = $_SESSION['email']['smtp_username']['text'];
$smtp['password'] = $_SESSION['email']['smtp_password']['text'];
$smtp['from'] = $_SESSION['email']['smtp_from']['text'];
@ -384,55 +413,59 @@ if (!function_exists('fax_split_dtmf')) {
}
// overwrite with domain-specific smtp server settings, if any
if ($domain_uuid != '') {
$sql = "select domain_setting_subcategory, domain_setting_value ";
if (is_uuid($domain_uuid)) {
$sql = "select ";
$sql .= "domain_setting_subcategory, ";
$sql .= "domain_setting_value ";
$sql .= "from v_domain_settings ";
$sql .= "where domain_uuid = '".$domain_uuid."' ";
$sql .= "and (domain_setting_category = 'email' ";
$sql .= "or domain_setting_category = 'fax') ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and ( ";
$sql .= "domain_setting_category = 'email' ";
$sql .= "or domain_setting_category = 'fax' ";
$sql .= ") ";
$sql .= "and domain_setting_name = 'text' ";
$sql .= "and domain_setting_enabled = 'true' ";
$prep_statement = $db->prepare($sql);
if ($prep_statement) {
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
$parameters['domain_name'] = $domain_name;
$database = new database;
$result = $database->select($sql, $parameters, 'all');
if (is_array($result) && @sizeof($result) != 0) {
foreach ($result as $row) {
if ($row['domain_setting_value'] != '') {
$smtp[str_replace('smtp_','',$row["domain_setting_subcategory"])] = $row['domain_setting_value'];
}
}
}
unset($sql, $prep_statement);
unset($sql, $parameters, $result, $row);
}
// value adjustments
$smtp['method'] = ($smtp['method'] == '') ? 'smtp' : $smtp['method'];
$smtp['auth'] = ($smtp['auth'] == "true") ? true : false;
$smtp['password'] = ($smtp['password'] != '') ? $smtp['password'] : null;
$smtp['secure'] = ($smtp['secure'] != "none") ? $smtp['secure'] : null;
$smtp['username'] = ($smtp['username'] != '') ? $smtp['username'] : null;
$smtp['method'] = ($smtp['method'] == '') ? 'smtp' : $smtp['method'];
$smtp['auth'] = ($smtp['auth'] == "true") ? true : false;
$smtp['password'] = ($smtp['password'] != '') ? $smtp['password'] : null;
$smtp['secure'] = ($smtp['secure'] != "none") ? $smtp['secure'] : null;
$smtp['username'] = ($smtp['username'] != '') ? $smtp['username'] : null;
//get the fax details from the database
$sql = "select * from v_fax ";
$sql .= "where domain_uuid = '".$_SESSION["domain_uuid"]."' ";
$sql .= "and fax_extension = '$fax_extension' ";
$prep_statement = $db->prepare($sql);
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_ASSOC);
foreach ($result as &$row) {
//set database fields as variables
//$fax_email = $row["fax_email"];
$fax_uuid = $row["fax_uuid"];
$fax_accountcode = $row["fax_accountcode"];
$fax_prefix = $row["fax_prefix"];
$fax_pin_number = $row["fax_pin_number"];
$fax_caller_id_name = $row["fax_caller_id_name"];
$fax_caller_id_number = $row["fax_caller_id_number"];
$fax_forward_number = $row["fax_forward_number"];
$fax_description = $row["fax_description"];
$fax_email_inbound_subject_tag = $row['fax_email_inbound_subject_tag'];
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and fax_extension = :fax_extension ";
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
$parameters['fax_extension'] = $fax_extension;
$database = new database;
$row = $database->select($sql, $parameters, 'row');
if (is_array($row) && @sizeof($row) != 0) {
//$fax_email = $row["fax_email"];
$fax_uuid = $row["fax_uuid"];
$fax_accountcode = $row["fax_accountcode"];
$fax_prefix = $row["fax_prefix"];
$fax_pin_number = $row["fax_pin_number"];
$fax_caller_id_name = $row["fax_caller_id_name"];
$fax_caller_id_number = $row["fax_caller_id_number"];
$fax_forward_number = $row["fax_forward_number"];
$fax_description = $row["fax_description"];
$fax_email_inbound_subject_tag = $row['fax_email_inbound_subject_tag'];
}
unset ($prep_statement);
unset($sql, $parameters, $row);
//set the fax directory
if (!file_exists($dir_fax) || !file_exists(path_join($dir_fax, $fax_file_only))) {
@ -461,7 +494,6 @@ if (!function_exists('fax_split_dtmf')) {
$fax_file_warning = '';
}
//used for debug
echo "pdf file: $pdf_file\n";
//forward the fax
@ -495,7 +527,7 @@ if (!function_exists('fax_split_dtmf')) {
}
}
$dial_string = "absolute_codec_string='PCMU,PCMA',";
$dial_string = "absolute_codec_string='PCMU,PCMA',";
$dial_string .= "accountcode='" . $fax_accountcode . "',";
$dial_string .= "sip_h_X-accountcode='" . $fax_accountcode . "',";
$dial_string .= "domain_uuid=" . $_SESSION["domain_uuid"] . ",";
@ -517,19 +549,18 @@ if (!function_exists('fax_split_dtmf')) {
$dial_string .= "fax_verbose=true" . ",";
$dial_string .= "fax_use_ecm=off" . ",";
$dial_string .= "api_hangup_hook='lua fax_retry.lua'";
$dial_string = "{" . $dial_string . "}" . $fax_uri." &txfax('".$fax_file."')";
$dial_string = "{" . $dial_string . "}" . $fax_uri." &txfax('".$fax_file."')";
//get the event socket information
$sql = "select * from v_settings ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_ASSOC);
foreach ($result as &$row) {
$database = new database;
$row = $database->select($sql, $parameters, 'row');
if (is_array($row) && @sizeof($row) != 0) {
$event_socket_ip_address = $row["event_socket_ip_address"];
$event_socket_port = $row["event_socket_port"];
$event_socket_password = $row["event_socket_password"];
break;
}
unset($sql);
//create the event socket connection
$fp = event_socket_create($event_socket_ip_address, $event_socket_port, $event_socket_password);
@ -537,7 +568,7 @@ if (!function_exists('fax_split_dtmf')) {
//send the command with event socket
if ($fp) {
//prepare the fax originate command
$cmd = "api originate " . $dial_string;
$cmd = "api originate ".$dial_string;
//send info to the log
echo "fax forward\n";
echo $cmd."\n";
@ -683,16 +714,17 @@ if (!function_exists('fax_split_dtmf')) {
else {
$fax_to_email_queue_dir = $_SESSION['switch']['storage']['dir']."/fax";
if ($email_status == 'ok') {
// log the success
//log the success
$fp = fopen($fax_to_email_queue_dir."/emailed_faxes.log", "a");
fwrite($fp, $fax_file_name." received on ".$fax_extension." emailed to ".$fax_email." ".$fax_messages."\n");
fclose($fp);
} else {
// create an instruction log to email messages once the connection to the mail server has been restored
}
else {
//create an instruction log to email messages once the connection to the mail server has been restored
$fp = fopen($fax_to_email_queue_dir."/failed_fax_emails.log", "a");
fwrite($fp, PHP_BINDIR."/php ".$_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/secure/fax_to_email.php email='".$fax_email."' extension=".$fax_extension." name='".$fax_file."' messages='".$fax_messages."' domain=".$domain_name." caller_id_name='".$caller_id_name."' caller_id_number=".$caller_id_number." retry=true\n");
fclose($fp);
// create a script to do the delayed mailing
//create a script to do the delayed mailing
$fp = fopen($_SESSION['server']['temp']['dir']."/failed_fax_emails.sh", "w");
fwrite($fp, "rm ".$_SESSION['server']['temp']['dir']."/fax_email_retry.sh\n");
fwrite($fp, "mv ".$fax_to_email_queue_dir."/failed_fax_emails.log ".$_SESSION['server']['temp']['dir']."/fax_email_retry.sh\n");
@ -700,7 +732,7 @@ if (!function_exists('fax_split_dtmf')) {
fwrite($fp, $_SESSION['server']['temp']['dir']."/fax_email_retry.sh\n");
fclose($fp);
$tmp_response = exec("chmod 777 ".$_SESSION['server']['temp']['dir']."/failed_fax_emails.sh");
// note we use batch in order to execute when system load is low. Alternatively this could be replaced with AT.
//note we use batch in order to execute when system load is low. Alternatively this could be replaced with AT.
$tmp_response = exec("at -f ".$_SESSION['server']['temp']['dir']."/failed_fax_emails.sh now + 3 minutes");
}
}
@ -719,4 +751,4 @@ if (!function_exists('fax_split_dtmf')) {
fclose($fp);
}
?>
?>

136
secure/v_mailto.php
View File

@ -17,7 +17,7 @@
The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com>
Portions created by the Initial Developer are Copyright (C) 2008-2018
Portions created by the Initial Developer are Copyright (C) 2008-2019
the Initial Developer. All Rights Reserved.
Contributor(s):
@ -82,23 +82,23 @@
}
//parse the email message
$mime=new mime_parser_class;
$mime = new mime_parser_class;
$mime->decode_bodies = 1;
$parameters=array(
$parameters = array(
//'File'=>$message_file,
// Read a message from a string instead of a file
'Data'=>$msg,
'Data' => $msg,
// Save the message body parts to a directory
// 'SaveBody'=>'/tmp',
// 'SaveBody' => '/tmp',
// Do not retrieve or save message body parts
// 'SkipBody'=>1,
// 'SkipBody' => 1,
);
$success=$mime->Decode($parameters, $decoded);
$success = $mime->Decode($parameters, $decoded);
if(!$success) {
if (!$success) {
echo "MIME message decoding error: ".HtmlSpecialChars($mime->error)."\n";
}
else {
@ -118,7 +118,7 @@
$body = '';
$content_type = $decoded[0]['Headers']['content-type:'];
if (substr($content_type, 0, 15) == "multipart/mixed" || substr($content_type, 0, 21) == "multipart/alternative") {
foreach($decoded[0]["Parts"] as $row) {
foreach ($decoded[0]["Parts"] as $row) {
$body_content_type = $row["Headers"]["content-type:"];
if (substr($body_content_type, 0, 9) == "text/html") { $body = $row["Body"]; }
if (substr($body_content_type, 0, 10) == "text/plain") { $body_plain = $row["Body"]; $body = $body_plain; }
@ -141,7 +141,8 @@
$smtp['host'] = (strlen($_SESSION['email']['smtp_host']['text'])?$_SESSION['email']['smtp_host']['text']:'127.0.0.1');
if (isset($_SESSION['email']['smtp_port'])) {
$smtp['port'] = (int)$_SESSION['email']['smtp_port']['numeric'];
} else {
}
else {
$smtp['port'] = 0;
}
$smtp['secure'] = $_SESSION['email']['smtp_secure']['text'];
@ -162,21 +163,21 @@
if ($headers["X-FusionPBX-Domain-UUID"] != '') {
$sql = "select domain_setting_subcategory, domain_setting_value ";
$sql .= "from v_domain_settings ";
$sql .= "where domain_uuid = '".$headers["X-FusionPBX-Domain-UUID"]."' ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and (domain_setting_category = 'email' or domain_setting_category = 'voicemail') ";
$sql .= "and domain_setting_name = 'text' ";
$sql .= "and domain_setting_enabled = 'true' ";
$prep_statement = $db->prepare($sql);
if ($prep_statement) {
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
$parameters['domain_uuid'] = $headers["X-FusionPBX-Domain-UUID"];
$database = new database;
$result = $database->select($sql, $parameters, 'all');
if (is_array($result) && @sizeof($result) != 0) {
foreach ($result as $row) {
if ($row['domain_setting_value'] != '') {
$smtp[str_replace('smtp_','',$row["domain_setting_subcategory"])] = $row['domain_setting_value'];
}
}
}
unset($sql, $prep_statement);
unset($sql, $parameters, $result, $row);
}
// value adjustments
$smtp['auth'] = ($smtp['auth'] == "true") ? true : false;
@ -195,7 +196,10 @@
case 'mail': $mail->IsMail(); break;
default: $mail->IsSMTP(); break;
}
} else $mail->IsSMTP();
}
else {
$mail->IsSMTP();
}
// optional bypass TLS certificate check e.g. for self-signed certificates
if (isset($_SESSION['email']['smtp_validate_certificate'])) {
@ -257,7 +261,7 @@
$mail->AddAddress($to);
}
else {
foreach($to_array as $to_row) {
foreach ($to_array as $to_row) {
if (strlen($to_row) > 0) {
echo "Add Address: $to_row\n";
$mail->AddAddress(trim($to_row));
@ -266,7 +270,7 @@
}
//get the attachments and add to the email
if($success) {
if ($success) {
foreach ($decoded[0][Parts] as &$parts_array) {
$content_type = $parts_array["Parts"][0]["Headers"]["content-type:"];
//image/tiff;name="testfax.tif"
@ -325,7 +329,7 @@
//add the body to the email
$body_plain = remove_tags($body);
//echo "body_plain = $body_plain\n";
if ((substr($body, 0, 5) == "<html") || (substr($body, 0, 9) == "<!doctype")) {
if ((substr($body, 0, 5) == "<html") || (substr($body, 0, 9) == "<!doctype")) {
$mail->ContentType = "text/html";
$mail->Body = $body."<br><br>".nl2br($transcription);
$mail->AltBody = $body_plain."\n\n$transcription";
@ -340,40 +344,40 @@
$mail->CharSet = "utf-8";
//send the email
if(!$mail->Send()) {
if (!$mail->Send()) {
$mailer_error = $mail->ErrorInfo;
echo "Mailer Error: ".$mailer_error."\n\n";
$call_uuid = $headers["X-FusionPBX-Call-UUID"];
if ($resend == true) {
echo "Retained in v_email_logs \n";
} else {
}
else {
// log/store message in database for review
if (!isset($email_log_uuid)) {
$email_log_uuid = uuid();
$sql = "insert into v_email_logs ( ";
$sql .= "email_log_uuid, ";
if ($call_uuid) {
$sql .= "call_uuid, ";
}
$sql .= "domain_uuid, ";
$sql .= "sent_date, ";
$sql .= "type, ";
$sql .= "status, ";
$sql .= "email ";
$sql .= ") values ( ";
$sql .= "'".$email_log_uuid."', ";
if ($call_uuid) {
$sql .= "'".$call_uuid."', ";
}
$sql .= "'".$headers["X-FusionPBX-Domain-UUID"]."', ";
$sql .= "now(),";
$sql .= "'".$headers["X-FusionPBX-Email-Type"]."', ";
$sql .= "'failed', ";
$sql .= "'".str_replace("'", "''", $msg)."' ";
$sql .= ") ";
$db->exec(check_sql($sql));
unset($sql);
//build insert array
$email_log_uuid = uuid();
$array['email_logs'][0]['email_log_uuid'] = $email_log_uuid;
if (is_uuid($call_uuid)) {
$array['email_logs'][0]['call_uuid'] = $call_uuid;
}
$array['email_logs'][0]['domain_uuid'] = $headers["X-FusionPBX-Domain-UUID"];
$array['email_logs'][0]['sent_date'] = 'now()';
$array['email_logs'][0]['type'] = $headers["X-FusionPBX-Email-Type"];
$array['email_logs'][0]['status'] = 'failed';
$array['email_logs'][0]['email'] = str_replace("'", "''", $msg);
//grant temporary permissions
$p = new permissions;
$p->add('email_log_add', 'temp');
//execute insert
$database = new database;
$database->app_name = 'v_mailto';
$database->app_uuid = 'ba41954e-9d21-4b10-bbc2-fa5ceabeb184';
$database->save($array);
unset($array);
//revoke temporary permissions
$p = new permissions;
$p->delete('email_log_add', 'temp');
}
echo "Retained in v_email_logs as email_log_uuid = ".$email_log_uuid."\n";
@ -394,31 +398,25 @@
fclose($fp);
/*
// save in /tmp as eml file
//save in /tmp as eml file
$fp = fopen(sys_get_temp_dir()."/email.eml", "w");
ob_end_clean();
ob_start();
$fp = fopen(sys_get_temp_dir()."/email.eml", "w");
ob_end_clean();
ob_start();
$sql = "select email from v_email_logs where email_log_uuid = :email_log_uuid ";
$parameters['email_log_uuid'] = $email_log_uuid;
$database = new database;
$email = $database->select($sql, $parameters, 'column');
echo $email;
unset($sql, $parameters, $email);
$sql = "select email from v_email_logs where email_log_uuid = '".$email_log_uuid."'";
$prep_statement = $db->prepare($sql);
if ($prep_statement) {
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
foreach ($result as &$row) {
echo $row["email"];
break;
}
}
unset($sql, $prep_statement, $result);
$content = ob_get_contents(); //get the output from the buffer
$content = str_replace("<br />", "", $content);
$content = ob_get_contents(); //get the output from the buffer
$content = str_replace("<br />", "", $content);
ob_end_clean(); //clean the buffer
fwrite($fp, $content);
fclose($fp);
ob_end_clean(); //clean the buffer
fwrite($fp, $content);
fclose($fp);
*/
?>
?>

20
themes/default/app_defaults.php
View File

@ -17,7 +17,7 @@
The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com>
Portions created by the Initial Developer are Copyright (C) 2008-2016
Portions created by the Initial Developer are Copyright (C) 2008-2019
the Initial Developer. All Rights Reserved.
Contributor(s):
@ -59,19 +59,17 @@
$sql .= "set default_setting_value = '#fafafa' ";
$sql .= "where default_setting_subcategory = 'message_default_color' ";
$sql .= "and default_setting_value = '#ccffcc' ";
$prep_statement = $db->prepare(check_sql($sql));
if ($prep_statement) {
$prep_statement->execute();
}
$database = new database;
$database->execute($sql);
unset($sql);
$sql = "update v_default_settings ";
$sql .= "set default_setting_value = '#666' ";
$sql .= "where default_setting_subcategory = 'message_default_background_color' ";
$sql .= "and default_setting_value = '#004200' ";
$prep_statement = $db->prepare(check_sql($sql));
if ($prep_statement) {
$prep_statement->execute();
}
unset($prep_statement, $sql);
$database = new database;
$database->execute($sql);
unset($sql);
//replace glyphicon icon with fontawesome icon for default main menu items
$queries[] = "update v_menu_items set menu_item_icon = 'fa-home' where menu_item_icon = 'glyphicon-home' ";
@ -91,4 +89,4 @@
}
?>
?>