mirror of
https://github.com/VTECRM/vtenext.git
synced 2026-02-26 08:17:52 +00:00
989 lines
34 KiB
PHP
989 lines
34 KiB
PHP
<?php
|
|
/*************************************
|
|
* SPDX-FileCopyrightText: 2009-2020 Vtenext S.r.l. <info@vtenext.com>
|
|
* SPDX-License-Identifier: AGPL-3.0-only
|
|
************************************/
|
|
|
|
global $entityDel;
|
|
global $display;
|
|
global $category;
|
|
global $site_URL; //crmv@27520
|
|
|
|
if (version_compare(phpversion(), '7.0') < 0) { // crmv@180737
|
|
require_once('errorpages/phpversionfail.php'); // crmv@138188
|
|
die();
|
|
}
|
|
if (file_exists('modules/Update/free_changes/441.php')) {
|
|
header('location: modules/Update/free_changes/441.php');
|
|
}
|
|
|
|
// crmv@91979
|
|
require_once('include/MaintenanceMode.php');
|
|
if (MaintenanceMode::check()) {
|
|
MaintenanceMode::display();
|
|
die();
|
|
}
|
|
// crmv@91979e
|
|
|
|
// crmv@146653
|
|
if (PHP_MAJOR_VERSION >= 7) {
|
|
set_error_handler(function ($errno, $errstr) {
|
|
return (strpos($errstr, 'Declaration of') === 0);
|
|
}, E_WARNING);
|
|
}
|
|
// crmv@146653e
|
|
|
|
require_once('include/utils/utils.php');
|
|
|
|
RequestHandler::processCompressedRequest(); // crmv@150748
|
|
|
|
global $currentModule;
|
|
|
|
// crmv@128133 - removed code
|
|
|
|
insert_charset_header();
|
|
// Create or reestablish the current session
|
|
//crmv@27520 crmv@29377 crmv@80972
|
|
$isHttps = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off');
|
|
$cookieurl = str_replace('index.php', '', $_SERVER['SCRIPT_NAME']);
|
|
if (empty($cookieurl)) $cookieurl = '/';
|
|
|
|
VteSession::start(); // crmv@128133
|
|
|
|
$sl = $_COOKIE['savelogin'];
|
|
if (!empty($sl)) {
|
|
list($sl, $sltime) = explode(':', $sl, 2);
|
|
if (empty($sltime)) $sltime = time();
|
|
}
|
|
//crmv@167644
|
|
if (isset($_REQUEST['action']) && isset($_REQUEST['module']) && $_REQUEST['action']=="Authenticate" && $_REQUEST['module']=="Users") {
|
|
$savelogin = intval(in_array($_REQUEST['savelogin'], array(1, 'on')));
|
|
} else {
|
|
$savelogin = intval($sl == 1);
|
|
}
|
|
//crmv@167644e
|
|
$login_expire_time = 3600*24*30; // one month
|
|
if ($savelogin) {
|
|
if ($sl == 1) { // use previous cookie
|
|
$sltime = intval($sltime);
|
|
} else { // set new cookie
|
|
$sltime = time();
|
|
}
|
|
setcookie('savelogin', "1:".$sltime, $sltime+$login_expire_time, $cookieurl, "", $isHttps, true);
|
|
unset($_REQUEST['savelogin']);
|
|
} else {
|
|
setcookie('savelogin', 0, time()+$login_expire_time, $cookieurl, "", $isHttps, true);
|
|
}
|
|
//crmv@27520e crmv@29377e crmv@80972e
|
|
|
|
if (!is_file('config.inc.php')) {
|
|
header("Location: install.php");
|
|
exit();
|
|
}
|
|
|
|
require_once('config.inc.php');
|
|
if (!isset($dbconfig['db_hostname']) || $dbconfig['db_status']=='_DB_STAT_') {
|
|
header("Location: install.php");
|
|
exit();
|
|
}
|
|
|
|
// load up the config_override.php file. This is used to provide default user settings
|
|
if (is_file('config_override.php'))
|
|
{
|
|
require_once('config_override.php');
|
|
}
|
|
|
|
/**
|
|
* Check for vte installed version and codebase
|
|
*/
|
|
include('vteversion.php'); // crmv@181168
|
|
global $adb, $vte_legacy_version, $table_prefix;
|
|
if (empty($table_prefix)) {
|
|
$table_prefix = 'vte';
|
|
}
|
|
//crmv@170248
|
|
$VP = VTEProperties::getInstance();
|
|
$VP->initSCache(); // init session cache
|
|
//crmv@170248e
|
|
if(VteSession::hasKey('VTE_DB_VERSION') && VteSession::hasKey('authenticated_user_id')) {
|
|
if(version_compare(VteSession::get('VTE_DB_VERSION'), $vte_legacy_version, '!=')) {
|
|
VteSession::remove('VTE_DB_VERSION');
|
|
header("Location: install.php");
|
|
exit();
|
|
}
|
|
// crmv@138188
|
|
} elseif (!empty($dbconfig['db_hostname']) && !$adb->database->IsConnected()) {
|
|
require("errorpages/db_error.php");
|
|
exit();
|
|
// crmv@138188e
|
|
} else {
|
|
$result = $adb->query("SELECT * FROM ".$table_prefix."_version");
|
|
$dbversion = $adb->query_result($result, 0, 'current_version');
|
|
$cache = Cache::getInstance('vteCacheHV');
|
|
$tmp = $cache->get();
|
|
if ($tmp === false) $cache->set(Users::m_encryption(Users::de_cryption($adb->query_result_no_html($result, 0, 'hash_version'))));
|
|
// crmv@128133
|
|
$enterprise_project = $adb->query_result_no_html($result, 0, 'enterprise_project');
|
|
VteSession::setMulti(array(
|
|
'enterprise_project' => $enterprise_project,
|
|
'vte_hash_version_check' => false, // crmv@208111
|
|
'vte_hash_version_check_check' => true, // crmv@208111
|
|
));
|
|
// crmv@128133e
|
|
if(version_compare($dbversion, $vte_legacy_version, '=')) {
|
|
VteSession::set('VTE_DB_VERSION', $dbversion);
|
|
} else {
|
|
header("Location: install.php");
|
|
exit();
|
|
}
|
|
}
|
|
// END
|
|
|
|
SDK::getUtils(); //crmv@sdk-18503
|
|
|
|
RequestHandler::validateCSRFToken(); // crmv@171581
|
|
|
|
//crmv@23715
|
|
if (isset($_REQUEST['menubar']) && $_REQUEST['menubar'] != '') {
|
|
VteSession::set('menubar', $_REQUEST['menubar']);
|
|
}
|
|
//crmv@23715e
|
|
|
|
$default_config_values = Array( "allow_exports"=>"all","upload_maxsize"=>"3000000", "listview_max_textlength" => "40", "php_max_execution_time" => "0");
|
|
|
|
set_default_config($default_config_values);
|
|
|
|
// Set the default timezone preferred by user
|
|
global $default_timezone;
|
|
if(isset($default_timezone) && function_exists('date_default_timezone_set')) {
|
|
@date_default_timezone_set($default_timezone);
|
|
}
|
|
|
|
require_once('include/logging.php');
|
|
require_once('modules/Users/Users.php');
|
|
|
|
if($calculate_response_time) $startTime = microtime();
|
|
|
|
$log = LoggerManager::getLogger('index');
|
|
|
|
global $seclog;
|
|
$seclog = LoggerManager::getLogger('SECURITY');
|
|
|
|
// We use the REQUEST_URI later to construct dynamic URLs. IIS does not pass this field
|
|
// to prevent an error, if it is not set, we will assign it to ''
|
|
if(!isset($_SERVER['REQUEST_URI']))
|
|
{
|
|
$_SERVER['REQUEST_URI'] = '';
|
|
}
|
|
|
|
$action = '';
|
|
if(isset($_REQUEST['action']))
|
|
{
|
|
$action = $_REQUEST['action'];
|
|
}
|
|
// crmv@151308 - removed code
|
|
if($action == 'ExportAjax')
|
|
{
|
|
include ('include/utils/ExportAjax.php');
|
|
}
|
|
// crmv@37463 - removed code
|
|
// END
|
|
|
|
// crmv@43147
|
|
if (!empty($_REQUEST['sharetoken'])) {
|
|
$module = $_REQUEST['module'] = 'Utilities';
|
|
$action = $_REQUEST['action'] = 'ShareRecord';
|
|
require("modules/$module/$action.php");
|
|
return;
|
|
}
|
|
// crmv@43147e
|
|
|
|
// crmv@205220
|
|
if (!empty($_REQUEST['wsrecord'])) {
|
|
$wsRecord = vtlib_purify($_REQUEST['wsrecord']);
|
|
|
|
$obj = VtenextWebserviceObject::fromId($adb,$wsRecord);//crmv@207871
|
|
$wsIdComponents = vtws_getIdComponents($wsRecord);
|
|
|
|
$_REQUEST['module'] = $obj->getEntityName();
|
|
$_REQUEST['record'] = $wsIdComponents[1];
|
|
}
|
|
// crmv@205220e
|
|
|
|
//Code added for 'Path Traversal/File Disclosure' security fix - Philip
|
|
$is_module = false;
|
|
$is_action = false;
|
|
$in_core = false; //crmv@40799
|
|
if(isset($_REQUEST['module']))
|
|
{
|
|
$module = $_REQUEST['module'];
|
|
$dir = @scandir($root_directory.'modules');
|
|
$dir = is_array($dir) ? $dir : array();
|
|
$temp_arr = Array("CVS","Attic");
|
|
$res_arr = @array_intersect($dir,$temp_arr);
|
|
if(count($res_arr) == 0 && !preg_match("/[\/.]/",$module)) {
|
|
if(@in_array($module,$dir))
|
|
$is_module = true;
|
|
}
|
|
$in_dir = @scandir($root_directory.'modules/'.$module);
|
|
$in_dir = is_array($in_dir) ? $in_dir : array();
|
|
$res_arr = @array_intersect($in_dir,$temp_arr);
|
|
if(count($res_arr) == 0 && !preg_match("/[\/.]/",$module)) {
|
|
if(@in_array($action.".php",$in_dir))
|
|
$is_action = true;
|
|
}
|
|
//crmv@40799
|
|
if(!$is_action) {
|
|
$in_dir = @scandir($root_directory.'modules/VteCore');
|
|
$in_dir = is_array($in_dir) ? $in_dir : array();
|
|
$res_arr = @array_intersect($in_dir,$temp_arr);
|
|
if(count($res_arr) == 0 && !preg_match("/[\/.]/",'VteCore')) {
|
|
if(@in_array($action.".php",$in_dir)) {
|
|
$is_action = true;
|
|
$in_core = true;
|
|
}
|
|
}
|
|
}
|
|
//crmv@40799e
|
|
if(!$is_module)
|
|
{
|
|
die("Module name is missing. Please check the module name.");
|
|
}
|
|
if(!$is_action)
|
|
{
|
|
die("Action name is missing. Please check the action name.");
|
|
}
|
|
}
|
|
|
|
//Code added for 'Multiple SQL Injection Vulnerabilities & XSS issue' fixes - Philip
|
|
if(isset($_REQUEST['record']) && !is_numeric($_REQUEST['record']) && $_REQUEST['record']!='')
|
|
{
|
|
die("An invalid record number specified to view details.");
|
|
}
|
|
|
|
// Check to see if there is an authenticated user in the session.
|
|
//crmv@29377
|
|
$use_current_login = false;
|
|
if(VteSession::hasKey("authenticated_user_id") && (VteSession::hasKey("app_unique_key") && VteSession::get("app_unique_key") == $application_unique_key) && (VteSession::get("vte_root_directory") == $root_directory)) {
|
|
$use_current_login = true;
|
|
} elseif (!empty($_COOKIE['savelogindata'])) { //crmv@167644 relogin even if ajax
|
|
if (!preg_match("/^".$module."Ajax/",$action)) VteSession::set('lastpage', array($_SERVER['QUERY_STRING'])); //crmv@167644
|
|
require('modules/Users/Authenticate.php');
|
|
die();
|
|
}
|
|
//crmv@29377e
|
|
|
|
// Prevent loading Login again if there is an authenticated user in the session.
|
|
if (VteSession::hasKey("authenticated_user_id") && $module == 'Users' && $action == 'Login') {
|
|
header("Location: index.php?action=$default_action&module=$default_module");
|
|
}
|
|
|
|
if($use_current_login){
|
|
//getting the internal_mailer flag
|
|
if(!VteSession::hasKey('internal_mailer')){
|
|
$qry_res = $adb->pquery("select internal_mailer from ".$table_prefix."_users where id=?", array(VteSession::get("authenticated_user_id")));
|
|
VteSession::set('internal_mailer', $adb->query_result($qry_res,0,"internal_mailer"));
|
|
}
|
|
$log->debug("We have an authenticated user id: ".VteSession::get("authenticated_user_id"));
|
|
}else if(isset($action) && isset($module) && $action=="Authenticate" && $module=="Users"){
|
|
$log->debug("We are authenticating user now");
|
|
setcookie('crmvWinMaxStatus',''); //crmv@22622
|
|
}else{
|
|
if($_REQUEST['action'] != 'Logout' && $_REQUEST['action'] != 'Login' && !preg_match("/Ajax$/",$_REQUEST['action'])){ // crmv@124172
|
|
VteSession::set('lastpage', $_SERVER['argv']);
|
|
//crmv@26948
|
|
if (empty($_SERVER['argv'])) {
|
|
VteSession::set('lastpage', array($_SERVER['QUERY_STRING']));
|
|
}
|
|
//crmv@26948e
|
|
}
|
|
//crmv@offline
|
|
if ($offline_mode){
|
|
$module = 'Offline';
|
|
$skipSecurityCheck = true;
|
|
if ($dbconfig['db_name'] == 'offline'){
|
|
if (!$action || $action == 'Login')
|
|
$action="index_gooffline";
|
|
}
|
|
elseif(($action == 'OfflineAjax') /*&& vtlib_purify($_REQUEST['file']) == 'check_server')*/ || $action == 'index_goonline') {
|
|
}
|
|
else{
|
|
$action = "Login";
|
|
}
|
|
}
|
|
else{
|
|
//crmv@29399 crmv@91082
|
|
// invalid session here
|
|
$SV = SessionValidator::getInstance();
|
|
if(in_array($_REQUEST['file'], $SV->timer_files)){
|
|
echo '<script type="text/javascript">SessionValidator.check({showLogin:true});</script>'; // crmv@106590
|
|
exit();
|
|
} elseif (preg_match("/^".$module."Ajax/",$action)) {
|
|
if ($_REQUEST['file'] == 'CheckSession') {
|
|
VteSession::set('lastpage', '');
|
|
require('modules/Utilities/CheckSession.php');
|
|
} else {
|
|
echo '<script type="text/javascript">window.location.reload();</script>';
|
|
exit();
|
|
}
|
|
}
|
|
//crmv@29399e crmv@91082e
|
|
$action = "Login";
|
|
$module = "Users";
|
|
$in_core = false;
|
|
}
|
|
}
|
|
//crmv@offline end
|
|
|
|
$log->debug($_REQUEST);
|
|
$skipHeaders=false;
|
|
(isset($_REQUEST['skip_footer']) && $_REQUEST['skip_footer'] != '') ? $skipFooters=$_REQUEST['skip_footer'] : $skipFooters=false; //crmv@62447
|
|
$viewAttachment = false;
|
|
|
|
if(isset($action) && isset($module))
|
|
{
|
|
$log->info("About to take action ".$action);
|
|
$log->debug("in $action");
|
|
if(preg_match("/^Save/", $action) ||
|
|
preg_match("/^Delete/", $action) ||
|
|
preg_match("/^Choose/", $action) ||
|
|
preg_match("/^Popup/", $action) ||
|
|
preg_match("/^ChangePassword/", $action) ||
|
|
preg_match("/^Authenticate/", $action) ||
|
|
preg_match("/^Logout/", $action) ||
|
|
preg_match("/^add2db/", $action) ||
|
|
preg_match("/^result/", $action) ||
|
|
preg_match("/^LeadConvertToEntities/", $action) ||
|
|
preg_match("/^downloadfile/", $action) ||
|
|
preg_match("/^massdelete/", $action) ||
|
|
preg_match("/^updateLeadDBStatus/",$action) ||
|
|
preg_match("/^AddCustomFieldToDB/", $action) ||
|
|
preg_match("/^updateRole/",$action) ||
|
|
preg_match("/^UserInfoUtil/",$action) ||
|
|
preg_match("/^deleteRole/",$action) ||
|
|
preg_match("/^UpdateComboValues/",$action) ||
|
|
preg_match("/^fieldtypes/",$action) ||
|
|
preg_match("/^app_ins/",$action) ||
|
|
preg_match("/^minical/",$action) ||
|
|
preg_match("/^minitimer/",$action) ||
|
|
preg_match("/^app_del/",$action) ||
|
|
preg_match("/^send_mail/",$action) ||
|
|
preg_match("/^TemplateMerge/",$action) ||
|
|
preg_match("/^testemailtemplateusage/",$action) ||
|
|
preg_match("/^saveemailtemplate/",$action) ||
|
|
preg_match("/^ProcessDuplicates/", $action ) ||
|
|
preg_match("/^lastImport/", $action ) ||
|
|
preg_match("/^lookupemailtemplate/",$action) ||
|
|
preg_match("/^deleteemailtemplate/",$action) ||
|
|
preg_match("/^CurrencyDelete/",$action) ||
|
|
preg_match("/^deleteattachments/",$action) ||
|
|
preg_match("/^MassDeleteUsers/",$action) ||
|
|
preg_match("/^UpdateFieldLevelAccess/",$action) ||
|
|
preg_match("/^UpdateDefaultFieldLevelAccess/",$action) ||
|
|
preg_match("/^UpdateProfile/",$action) ||
|
|
preg_match("/^updateRelations/",$action) ||
|
|
preg_match("/^Star/",$action) ||
|
|
preg_match("/^addPbProductRelToDB/",$action) ||
|
|
preg_match("/^UpdateListPrice/",$action) ||
|
|
preg_match("/^PriceListPopup/",$action) ||
|
|
preg_match("/^SalesOrderPopup/",$action) ||
|
|
preg_match("/^CreatePDF/",$action) ||
|
|
preg_match("/^CreateSOPDF/",$action) ||
|
|
preg_match("/^redirect/",$action) ||
|
|
preg_match("/^webmail/",$action) ||
|
|
preg_match("/^left_main/",$action) ||
|
|
preg_match("/^delete_message/",$action) ||
|
|
preg_match("/^mime/",$action) ||
|
|
preg_match("/^move_messages/",$action) ||
|
|
preg_match("/^folders_create/",$action) ||
|
|
preg_match("/^imap_general/",$action) ||
|
|
preg_match("/^mime/",$action) ||
|
|
preg_match("/^download/",$action) ||
|
|
preg_match("/^about_us/",$action) ||
|
|
preg_match("/^SendMailAction/",$action) ||
|
|
preg_match("/^CreateXL/",$action) ||
|
|
preg_match("/^savetermsandconditions/",$action) ||
|
|
preg_match("/^ConvertAsFAQ/",$action) ||
|
|
preg_match("/^".$module."Ajax/",$action) ||
|
|
preg_match("/^ActivityAjax/",$action) ||
|
|
preg_match("/^chat/",$action) ||
|
|
preg_match("/^vtchat/",$action) ||
|
|
preg_match("/^updateCalendarSharing/",$action) ||
|
|
preg_match("/^disable_sharing/",$action) ||
|
|
preg_match("/^HeadLines/",$action) ||
|
|
preg_match("/^TodoSave/",$action) ||
|
|
preg_match("/^RecalculateSharingRules/",$action) ||
|
|
preg_match("/^download/",$action) ||
|
|
preg_match("/^getListOfRecords/", $action) ||
|
|
preg_match("/^AddBlockFieldToDB/", $action) ||
|
|
preg_match("/^AddBlockToDB/", $action) ||
|
|
preg_match("/^MassEditSave/", $action) ||
|
|
preg_match("/^Export$/",$action) || // crmv@151308
|
|
preg_match("/^iCalExport/",$action) ||
|
|
//crmv@project
|
|
preg_match("/^PrintProject/",$action) ||
|
|
preg_match("/^CreatePWXL/",$action) ||
|
|
//crmv@project end
|
|
($module == 'MyNotes' && in_array($action,array('SimpleView','DetailView'))) || //crmv@3083m
|
|
preg_match("/^ModuleManagerExport/",$action) // crmv@37463
|
|
)
|
|
{
|
|
$skipHeaders=true;
|
|
//skip headers for all these invocations as they are mostly popups
|
|
if(preg_match("/^Popup/", $action) ||
|
|
preg_match("/^ChangePassword/", $action) ||
|
|
//preg_match("/^Export/", $action) ||
|
|
preg_match("/^downloadfile/", $action) ||
|
|
preg_match("/^fieldtypes/",$action) ||
|
|
preg_match("/^lookupemailtemplate/",$action) ||
|
|
preg_match("/^about_us/",$action) ||
|
|
preg_match("/^".$module."Ajax/",$action) ||
|
|
preg_match("/^chat/",$action) ||
|
|
preg_match("/^vtchat/",$action) ||
|
|
preg_match("/^massdelete/", $action) ||
|
|
preg_match("/^get_img/",$action) ||
|
|
preg_match("/^download/",$action) ||
|
|
preg_match("/^ProcessDuplicates/", $action ) ||
|
|
preg_match("/^lastImport/", $action ) ||
|
|
preg_match("/^massdelete/", $action ) ||
|
|
preg_match("/^getListOfRecords/", $action) ||
|
|
preg_match("/^MassEditSave/", $action) ||
|
|
preg_match("/^Export$/",$action) || // crmv@151308
|
|
preg_match("/^iCalExport/",$action) ||
|
|
preg_match("/^CreatePWXL/",$action) ||
|
|
($module == 'MyNotes' && in_array($action,array('SimpleView','DetailView'))) || //crmv@3083m
|
|
//crmv@project
|
|
preg_match("/^PrintProject/",$action)
|
|
//crmv@project end
|
|
)
|
|
$skipFooters=true;
|
|
//skip footers for all these invocations as they are mostly popups
|
|
if(preg_match("/^downloadfile/", $action)
|
|
|| preg_match("/^fieldtypes/",$action)
|
|
|| preg_match("/^get_img/",$action)
|
|
|| preg_match("/^MergeFieldLeads/", $action)
|
|
|| preg_match("/^MergeFieldContacts/", $action )
|
|
|| preg_match("/^MergeFieldAccounts/", $action )
|
|
|| preg_match("/^MergeFieldProducts/", $action )
|
|
|| preg_match("/^MergeFieldHelpDesk/", $action )
|
|
|| preg_match("/^MergeFieldPotentials/", $action )
|
|
|| preg_match("/^MergeFieldVendors/", $action )
|
|
|| preg_match("/^dlAttachments/", $action )
|
|
|| preg_match("/^Export$/",$action) // crmv@151308
|
|
|| preg_match("/^iCalExport/", $action)
|
|
|| preg_match("/^CreatePWXL/",$action)
|
|
)
|
|
{
|
|
$viewAttachment = true;
|
|
}
|
|
if(($action == ' Delete ') && (!$entityDel))
|
|
{
|
|
$skipHeaders=false;
|
|
}
|
|
}
|
|
|
|
// crmv@65455
|
|
if ($_REQUEST['skip_vte_header'] == 'true') {
|
|
$skipHeaders = true;
|
|
}
|
|
// crmv@65455e
|
|
|
|
// crmv@140887
|
|
$fastMode = intval($_REQUEST['fastmode']);
|
|
if ($fastMode) {
|
|
$skipFooters = true;
|
|
}
|
|
// crmv@140887e
|
|
|
|
if($action == 'Save')
|
|
{
|
|
header( "Expires: Mon, 20 Dec 1998 01:00:00 GMT" );
|
|
header( "Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT" );
|
|
header( "Cache-Control: no-cache, must-revalidate" );
|
|
header( "Pragma: no-cache" );
|
|
}
|
|
//crmv@16312+16267
|
|
if(($module == 'Users' || $module == 'Home' || $module == 'uploads' || ($module == 'Settings' && $action == 'UpdatePDFSettings')) && $_REQUEST['parenttab'] != 'Settings'){
|
|
$skipSecurityCheck=true;
|
|
}
|
|
//crmv@16312+16267 end
|
|
//crmv@22613
|
|
if($module == 'Users' && $action == 'Login') {
|
|
$skipSecurityCheck=true;
|
|
}
|
|
//crmv@22613e
|
|
//crmv@sdk-25183 //crmv@25671
|
|
$sdk_action = '';
|
|
if (isModuleInstalled('SDK')) {
|
|
$sdk_action = SDK::getFile($module,$action);
|
|
}
|
|
$call_sdk = true;
|
|
if ($sdk_action == '') {
|
|
$sdk_action = $action;
|
|
$call_sdk = false;
|
|
}
|
|
if ($in_core && !$call_sdk) {
|
|
$currentModuleFile = 'modules/VteCore/'.$sdk_action.'.php';
|
|
} else {
|
|
$currentModuleFile = 'modules/'.$module.'/'.$sdk_action.'.php';
|
|
}
|
|
//crmv@sdk-25183e //crmv@25671e
|
|
$currentModule = $module;
|
|
}
|
|
elseif(isset($module))
|
|
{
|
|
$currentModule = $module;
|
|
$currentModuleFile = $moduleDefaultFile[$currentModule];
|
|
}
|
|
else {
|
|
// use $default_module and $default_action as set in config.php
|
|
// Redirect to the correct module with the correct action. We need the URI to include these fields.
|
|
//crmv@26523
|
|
$current_user = CRMEntity::getInstance('Users');
|
|
if($use_current_login) {
|
|
$current_user->retrieveCurrentUserInfoFromFile(VteSession::get('authenticated_user_id'));
|
|
if ($current_user->column_fields['default_module'] != '') {
|
|
$default_module = $current_user->column_fields['default_module'];
|
|
}
|
|
}
|
|
//crmv@26523e
|
|
if ($in_core) {
|
|
header("Location: index.php?module=VteCore&action=$default_action");
|
|
} else {
|
|
header("Location: index.php?module=$default_module&action=$default_action");
|
|
}
|
|
exit();
|
|
}
|
|
|
|
$log->info("current page is $currentModuleFile");
|
|
$log->info("current module is $currentModule ");
|
|
|
|
// for printing
|
|
$module = (isset($_REQUEST['module'])) ? vtlib_purify($_REQUEST['module']) : "";
|
|
$action = (isset($_REQUEST['action'])) ? vtlib_purify($_REQUEST['action']) : "";
|
|
$record = (isset($_REQUEST['record'])) ? vtlib_purify($_REQUEST['record']) : "";
|
|
$lang_crm = (VteSession::hasKey('authenticated_user_language')) ? VteSession::get('authenticated_user_language') : "";
|
|
$GLOBALS['request_string'] = "&module=$module&action=$action&record=$record&lang_crm=$lang_crm";
|
|
|
|
$current_user = CRMEntity::getInstance('Users');
|
|
|
|
if($use_current_login)
|
|
{
|
|
//getting the current user info from flat file
|
|
$result = $current_user->retrieveCurrentUserInfoFromFile(VteSession::get('authenticated_user_id'));
|
|
|
|
// crmv@91082
|
|
$SV = SessionValidator::getInstance();
|
|
|
|
if ($currentModule != 'Update' && $SV->isStarted()) {
|
|
if (!$SV->isValid()) {
|
|
$result = null;
|
|
$user_expelled = true;
|
|
$current_user->deleteCookieSaveLogin();
|
|
$SV->saveSessionVars($current_user->id); // crmv@101201
|
|
}
|
|
}
|
|
if(isset($_REQUEST['file']) && in_array($_REQUEST['file'], $SV->skip_files)){
|
|
// do nothing
|
|
}elseif ($currentModule == 'Update' && $action == 'DoUpdate') {
|
|
// no check during update, the table might still be old
|
|
} else {
|
|
$SV->refresh();
|
|
$SV->saveUser();
|
|
}
|
|
|
|
if ($result == null) {
|
|
|
|
// Recording Logout Info
|
|
$loghistory = LoginHistory::getInstance();
|
|
$loghistory->user_logout($current_user->user_name, null, null, 'auto', $user_expelled);
|
|
|
|
VteSession::destroy();
|
|
|
|
// if i am here, i'm not logged in and i come from CheckSession so i return NO_OK for the ajax request
|
|
if($_REQUEST['file'] == 'CheckSession'){
|
|
$output = array('success' => true, 'valid' => false, 'updated' => false);
|
|
$SV->ajaxOutput($output);
|
|
}
|
|
|
|
//crmv@104205
|
|
if ($action == $module.'Ajax') {
|
|
echo '<script type="text/javascript">SessionValidator.showLogin()</script>';
|
|
} else {
|
|
echo '<script type="text/javascript">window.location.reload();</script>';
|
|
}
|
|
exit();
|
|
//crmv@104205e
|
|
}
|
|
// crmv@91082e
|
|
|
|
//crmv@29377
|
|
if ($savelogin && $current_user) {
|
|
$cookieval = $current_user->getCookieForSavelogin();
|
|
setcookie('savelogindata', $cookieval, time()+$login_expire_time, $cookieurl, '', $isHttps, true); // crmv@80972
|
|
}
|
|
//crmv@29377e
|
|
|
|
$moduleList = getPermittedModuleNames();
|
|
|
|
foreach ($moduleList as $mod) {
|
|
if ($in_core) {
|
|
$moduleDefaultFile[$mod] = 'modules/VteCore/index.php';
|
|
} else {
|
|
$moduleDefaultFile[$mod] = "modules/".$currentModule."/index.php";
|
|
}
|
|
}
|
|
|
|
//auditing
|
|
// crmv@202301
|
|
require_once('modules/Settings/AuditTrail.php');
|
|
$AuditTrail = new AuditTrail();
|
|
$AuditTrail->processIndex($_REQUEST);
|
|
// crmv@202301e
|
|
|
|
eval(Users::m_de_cryption());
|
|
eval($hash_version[0]);
|
|
// crmv@187020 - removed code
|
|
$log->debug('Current user is: '.$current_user->user_name);
|
|
} else {
|
|
eval(Users::m_de_cryption());
|
|
eval($hash_version[1]);
|
|
}
|
|
|
|
$processMakerView = (in_array($_REQUEST['file'],array('ProcessMaker/actions/UpdateForm','ProcessMaker/actions/CreateForm')) || $_REQUEST['cycle_action'] == 'InsertTableRow'); //crmv@161211
|
|
|
|
if(VteSession::hasKey('authenticated_user_theme') && VteSession::get('authenticated_user_theme') != '')//crmv@207841
|
|
{
|
|
$theme = VteSession::get('authenticated_user_theme');//crmv@207841
|
|
}
|
|
else
|
|
{
|
|
$theme = $default_theme;
|
|
}
|
|
$log->debug('Current theme is: '.$theme);
|
|
|
|
//Used for current record focus
|
|
$focus = "";
|
|
|
|
// if the language is not set yet, then set it to the default language.
|
|
if(VteSession::hasKey('authenticated_user_language') && VteSession::get('authenticated_user_language') != '')
|
|
{
|
|
$current_language = VteSession::get('authenticated_user_language');
|
|
}
|
|
else
|
|
{
|
|
$current_language = $default_language;
|
|
}
|
|
$log->debug('current_language is: '.$current_language);
|
|
|
|
//set module and application string arrays based upon selected language
|
|
if (isModuleInstalled('SDK')) { //crmv@sdk
|
|
$app_currency_strings = return_app_currency_strings_language($current_language);
|
|
$app_strings = return_application_language($current_language);
|
|
$app_list_strings = return_app_list_strings_language($current_language);
|
|
$mod_strings = return_module_language($current_language, $currentModule);
|
|
//crmv@25671
|
|
} else {
|
|
// try to retrieve languages from language files
|
|
@include("include/language/$current_language.lang.php");
|
|
@include("modules/$currentModule/language/$current_language.lang.php");
|
|
}
|
|
//crmv@25671e
|
|
|
|
if ($use_current_login && vtlib_isModuleActive('Morphsuit') && VteSession::get('vte_hash_version_check_check') && !VteSession::get('vte_hash_version_check')) { // crmv@208111
|
|
die('Hash version not valid. Contact info@crmvillage.biz');
|
|
}
|
|
|
|
//If DetailView, set focus to record passed in
|
|
if($action == "DetailView" || $action == "EditView")
|
|
{
|
|
if($action == "DetailView" && !isset($_REQUEST['record'])) {
|
|
die("A record number must be specified to view details.");
|
|
}
|
|
|
|
if(isset($_REQUEST['record']) && $_REQUEST['record']!='' && $current_user->id != '' && !isset($_REQUEST['parent'])) // crmv@146652
|
|
{
|
|
// Only track a viewing if the record was retrieved.
|
|
$focus = CRMEntity::getInstance($currentModule);
|
|
$focus->track_view($current_user->id, $currentModule, $_REQUEST['record']);
|
|
}
|
|
}
|
|
|
|
if($_REQUEST['module'] == 'Documents' && $action == 'DownloadFile')
|
|
{
|
|
include('modules/Documents/DownloadFile.php');
|
|
exit;
|
|
}
|
|
|
|
//skip headers for popups, deleting, saving, importing and other actions
|
|
if(!$skipHeaders) {
|
|
$log->debug("including headers");
|
|
if($use_current_login)
|
|
{
|
|
if(isset($_REQUEST['category']) && $_REQUEST['category'] !='')
|
|
{
|
|
$category = vtlib_purify($_REQUEST['category']);
|
|
}
|
|
else
|
|
{
|
|
$category = getParentTabFromModule($currentModule);
|
|
}
|
|
$sdk_header_action = '';
|
|
if (isModuleInstalled('SDK')) $sdk_header_action = SDK::getFile('VteCore','header');
|
|
if (empty($sdk_header_action)) $sdk_header_action = 'header';
|
|
include("modules/VteCore/$sdk_header_action.php"); //crmv@30447
|
|
}
|
|
else
|
|
include('themes/LoginHeader.php');
|
|
|
|
if(VteSession::hasKey('administrator_error'))
|
|
{
|
|
// only print DB errors once otherwise they will still look broken after they are fixed.
|
|
// Only print the errors for admin users.
|
|
if(is_admin($current_user))
|
|
echo VteSession::get('administrator_error');
|
|
VteSession::remove('administrator_error');
|
|
}
|
|
|
|
echo "<!-- startscrmprint -->";
|
|
}
|
|
else {
|
|
$log->debug("skipping headers");
|
|
}
|
|
|
|
|
|
|
|
//fetch the permission set from session and search it for the requisite data
|
|
|
|
if(VteSession::hasKey('authenticated_user_theme') && VteSession::get('authenticated_user_theme') != '')//crmv@207841
|
|
{
|
|
$theme = VteSession::get('authenticated_user_theme');//crmv@207841
|
|
}
|
|
else
|
|
{
|
|
$theme = $default_theme;
|
|
}
|
|
|
|
|
|
//logging the security Information
|
|
$seclog->debug('######## Module --> '.$module.' :: Action --> '.$action.' :: UserID --> '.$current_user->id.' :: RecordID --> '.$record.' #######');
|
|
|
|
if (!$skipSecurityCheck) {
|
|
require_once('include/utils/UserInfoUtil.php');
|
|
if(preg_match('/Ajax/',$action)) {
|
|
if($_REQUEST['ajxaction'] == 'LOADRELATEDLIST'){
|
|
$now_action = 'DetailView';
|
|
} else {
|
|
$now_action=str_replace('..', '', vtlib_purify($_REQUEST['file'])); // crmv@37463
|
|
}
|
|
} else {
|
|
$now_action=$action;
|
|
}
|
|
|
|
//cmrv@17889 crmv@106441
|
|
$permModule = $module;
|
|
if($now_action == 'EditPDFTemplate') {
|
|
$now_action = 'EditView';
|
|
} elseif($now_action == 'DetailViewPDFTemplate') {
|
|
$now_action = 'DetailView';
|
|
} elseif($now_action == 'HistoryTab' && $_REQUEST['pmodule']) {
|
|
$now_action = 'DetailView';
|
|
$permModule = $_REQUEST['pmodule'];
|
|
} elseif($now_action == 'SavePDFTemplate') {
|
|
$now_action = 'Save';
|
|
} elseif($now_action == 'DeletePDFTemplate') {
|
|
$now_action = 'Delete';
|
|
}
|
|
//cmrv@17889e
|
|
|
|
if (isset($_REQUEST['record']) && $_REQUEST['record'] != '') {
|
|
$display = isPermitted($permModule,$now_action,$_REQUEST['record']);
|
|
} else {
|
|
$display = isPermitted($permModule,$now_action);
|
|
}
|
|
// crmv@106441e
|
|
|
|
$seclog->debug('########### Pemitted ---> '.$display.' ##############');
|
|
} else {
|
|
$seclog->debug('########### Pemitted ---> yes ##############');
|
|
}
|
|
|
|
//crmv@18857
|
|
if( (($action == 'ActivityReminderCallbackAjax' || $_REQUEST['file'] == 'ActivityReminderCallbackAjax') && $module == 'Calendar')
|
|
|| (($action == 'TraceIncomingCall' || $_REQUEST['file'] == 'TraceIncomingCall') && $module == 'PBXManager')
|
|
)
|
|
{
|
|
if (($display == "no") || !vtlib_isModuleActive($currentModule))
|
|
die('');
|
|
}
|
|
//crmv@18857e
|
|
|
|
if($display == "no")
|
|
{
|
|
//crmv@28661
|
|
if ($action == $module.'Ajax') {
|
|
die($app_strings['LBL_PERMISSION']);
|
|
}
|
|
//crmv@28661e
|
|
echo "<link rel='stylesheet' type='text/css' href='themes/$theme/style.css'>";
|
|
echo "<table border='0' cellpadding='5' cellspacing='0' width='100%' height='450px'><tr><td align='center'>";
|
|
echo "<div style='border: 3px solid rgb(153, 153, 153); background-color: rgb(255, 255, 255); width: 55%; position: relative; z-index: 10000000;'>
|
|
|
|
<table border='0' cellpadding='5' cellspacing='0' width='98%'>
|
|
<tbody><tr>
|
|
<td rowspan='2' width='11%'><img src='". resourcever('denied.gif') . "' ></td>
|
|
<td style='border-bottom: 1px solid rgb(204, 204, 204);' nowrap='nowrap' width='70%'><span class='genHeaderSmall'>$app_strings[LBL_PERMISSION]</span></td>
|
|
</tr>
|
|
<tr>
|
|
<td class='small' align='right' nowrap='nowrap'>
|
|
<a href='javascript:window.history.back();'>$app_strings[LBL_GO_BACK]</a><br> </td>
|
|
</tr>
|
|
</tbody></table>
|
|
</div>";
|
|
echo "</td></tr></table>";
|
|
}
|
|
// vtlib customization: Check if module has been de-activated
|
|
else if(!vtlib_isModuleActive($currentModule)) {
|
|
die(getTranslatedString($currentModule,$currentModule).' '.$app_strings['VTLIB_MOD_NOT_ACTIVE']); //crmv@28661
|
|
}
|
|
// END
|
|
else
|
|
{
|
|
include($currentModuleFile);
|
|
}
|
|
|
|
if((!$viewAttachment) && (!$viewAttachment && $action != $module."Ajax" && $action != "chat" && $action != 'massdelete' && $action != "body") )
|
|
{
|
|
echo "<!-- stopscrmprint -->";
|
|
}
|
|
|
|
//added to get the theme . This is a bad fix as we need to know where the problem lies yet
|
|
if(VteSession::hasKey('authenticated_user_theme') && VteSession::get('authenticated_user_theme') != '')//crmv@207841
|
|
{
|
|
$theme = VteSession::get('authenticated_user_theme');//crmv@207841
|
|
}
|
|
else
|
|
{
|
|
$theme = $default_theme;
|
|
}
|
|
$Ajx_module= $module;
|
|
if($module == 'Events')
|
|
$Ajx_module = 'Calendar';
|
|
if((!$viewAttachment) && (!$viewAttachment) && $action != $Ajx_module."Ajax" && $action != "chat" && $action != "HeadLines" && $action != 'massdelete' && $action != "DashboardAjax" && $action != "ActivityAjax")
|
|
{
|
|
|
|
if((!$skipFooters) && $action != "about_us" && $action != "vtchat" && $action != "ChangePassword" && $action != "body" && $action != $module."Ajax" && $action!='Popup' && $action != 'ImportStep3' && $action != 'ActivityAjax' && $action != 'getListOfRecords')
|
|
{
|
|
//crmv@18592
|
|
echo "<script language = 'JavaScript' type='text/javascript' src = '".resourcever('include/js/popup.js')."'></script>"; // crmv@144893
|
|
//crmv@vte10usersFix
|
|
echo "<table border=0 cellspacing=0 width=100% style='padding:0px 5px 0px 5px; clear:both; font-size:75%;' id='vte_footer'>"; //crmv@16265
|
|
echo "<tr><td align=left width=\"33%\"><span style='color: #fe0000;'>$enterprise_mode $enterprise_current_version</span></td>";
|
|
if($calculate_response_time)
|
|
{
|
|
echo "<td align=center width=\"33%\" style='color: #255a9b;'>";
|
|
$endTime = microtime();
|
|
list($usec, $sec) = explode(" ", $endTime);
|
|
$endTime = ((float)$usec + (float)$sec);
|
|
list($usec, $sec) = explode(" ", $startTime);
|
|
$startTime = ((float)$usec + (float)$sec);
|
|
$deltaTime = round($endTime - $startTime,2);
|
|
if (vtelog::getpageid() != ''){
|
|
echo(' ['.vtelog::getpageid().'] Server response time: '.$deltaTime.' seconds.');
|
|
}
|
|
else{
|
|
echo(' Server response time: '.$deltaTime.' seconds.');
|
|
}
|
|
echo "</td>";
|
|
}
|
|
$license_par = "";
|
|
if ($use_current_login) {
|
|
$license_par = "'?use_current_login=yes'";
|
|
}
|
|
echo "<td align=right width=\"33%\"><span style='color: #fe0000;'>© 2008-".date('Y')." <a href='{$enterprise_website[0]}' target='_blank'>{$enterprise_website[1]}</a></span><span style='color: #255a9b;'> | <a href=\"javascript:mypopup($license_par)\">".$app_strings['LNK_READ_LICENSE']."</a></span></td></tr></table>";
|
|
//crmv@vte10usersFix e
|
|
//crmv@18592e
|
|
//crmv@35153
|
|
if (!VteSession::isEmpty('login_alert')) {
|
|
echo "<script type='text/javascript'>
|
|
alert('".addslashes(VteSession::get('login_alert'))."');
|
|
getFile('index.php?module=Users&action=UsersAjax&file=UnsetSessionVar&var=login_alert');
|
|
</script>";
|
|
}
|
|
if (!VteSession::isEmpty('login_confirm')) {
|
|
echo "<script type='text/javascript'>
|
|
if (confirm('".addslashes(VteSession::getArray(array('login_confirm', 'text')))."')) {
|
|
getFile('index.php?module=Users&action=UsersAjax&file=UnsetSessionVar&var=login_confirm');
|
|
{VteSession::getArray(array('login_confirm', 'action'))}
|
|
} else {
|
|
getFile('index.php?module=Users&action=UsersAjax&file=UnsetSessionVar&var=login_confirm');
|
|
}
|
|
</script>";
|
|
}
|
|
//crmv@35153e
|
|
|
|
// crmv@181161
|
|
if (VteSession::get('just_authenticated') === 'web') {
|
|
VteSession::remove('just_authenticated');
|
|
$VTEM = new VTEventsManager($adb);
|
|
$VTEM->triggerEvent('user.postlogin.web', $current_user);
|
|
}
|
|
// crmv@181161e
|
|
}
|
|
|
|
// ActivityReminder Customization for callback - crmv@OPER5904
|
|
if(!$skipFooters) {
|
|
if($current_user->id!=NULL && isPermitted('Calendar','index') == 'yes' && vtlib_isModuleActive('Calendar')) {
|
|
$cur_time = time();
|
|
$interval = VteSession::get('next_reminder_interval') + (rand(0,9)-5);
|
|
$reminder_interval_reset = (VteSession::get('last_reminder_check_time') - $cur_time + $interval) * 1000;
|
|
echo "<script type='text/javascript'>
|
|
ActivityReminderCallbackInit();
|
|
if(typeof(ActivityReminderCallback) != 'undefined') ";
|
|
if(VteSession::hasKey('last_reminder_check_time') && $reminder_interval_reset > 0){
|
|
echo "
|
|
window.setTimeout(function(){
|
|
ActivityReminderCallback($interval);
|
|
},$reminder_interval_reset);";
|
|
} else {
|
|
echo "ActivityReminderCallback();";
|
|
}
|
|
echo "</script>";
|
|
}
|
|
eval($hash_version[4]);
|
|
}
|
|
// End
|
|
|
|
// crmv@140887
|
|
$fastMode = intval($_REQUEST['fastmode']);
|
|
if((!$skipFooters) && ($action != "body") && ($action != $module."Ajax") && ($action != "ActivityAjax") || $fastMode)
|
|
include('modules/VteCore/footer.php'); //crmv@30447
|
|
// crmv@140887e
|
|
}
|
|
|
|
//crmv@show_query
|
|
//crmv@170248 moved up
|
|
$showQuery = $_REQUEST['show_query'] ?? '';
|
|
$showStats = $_REQUEST['show_stats'] ?? '';
|
|
if ($VP->get('performance.show_query_stats') == 1 && $showQuery == 'true') {
|
|
$stats = '';
|
|
if ($showStats == 'true') {
|
|
$stats = "\n\nQUERY COUNT: {$adb->statistics['query_count']}\n";
|
|
$stats .= " SELECTS: {$adb->statistics['select']}\n";
|
|
$stats .= " INSERTS: {$adb->statistics['insert']}\n";
|
|
$stats .= " UPDATES: {$adb->statistics['update']}\n";
|
|
$stats .= " DELETES: {$adb->statistics['delete']}\n";
|
|
$stats .= " OTHERS: {$adb->statistics['other']}\n\n";
|
|
$stats .= " DUPLICATES: {$adb->statistics['duplicates_count']}\n";
|
|
if ($adb->statistics['duplicates_count'] > 0) {
|
|
usort($adb->statistics['duplicates'], function($a, $b) {
|
|
return $a['count'] == $b['count'] ? 0 : ($a['count'] < $b['count'] ? 1 : -1);
|
|
});
|
|
$stats .= " LIST: ".print_r(array_values($adb->statistics['duplicates']), true)."\n";
|
|
}
|
|
}
|
|
echo "<textarea>".VteSession::get('query_show').$stats."</textarea>";
|
|
VteSession::remove('query_show');
|
|
}
|
|
//crmv@show_query e
|