'; $actionid = getActionid($action); //echo 'action idd isss '.$actionid; //echo '
'; $profile_id = $_SESSION['authenticated_user_profileid']; $tab_per_Data = getAllTabsPermission($profile_id); $permissionData = $_SESSION['action_permission_set']; $defSharingPermissionData = $_SESSION['defaultaction_sharing_permission_set']; $others_permission_id = $defSharingPermissionData[$tabid]; $i=0; $accessFlag = false; if(isset($_REQUEST['record']) && $_REQUEST['record'] != '' && $module != 'Notes' && $module != 'Products' && $module != 'Faq') { $rec_owner_id = getUserId($_REQUEST['record']); } if($tab_per_Data[$tabid] !=0) { echo "You are not permitted to execute this operation"; $display = "No"; } if($permissionData[$tabid][$actionid] !=0) { echo "You are not permitted to execute this operation"; $display = "No"; } elseif(isset($_REQUEST['record']) && $_REQUEST['record'] != '' && $others_permission_id != '' && $module != 'Notes' && $module != 'Products' && $module != 'Faq' && $rec_owner_id != 0) { //$rec_owner_id = getUserId($_REQUEST['record']); if($rec_owner_id != $current_user->id) { if($others_permission_id == 0) { if($action == 'EditView' || $action == 'Delete') { echo "You are not permitted to execute this operation"; $display = "No"; } else { return; } } elseif($others_permission_id == 1) { if($action == 'Delete') { echo "You are not permitted to execute this operation"; $display = "No"; } else { return; } } elseif($others_permission_id == 2) { return; } elseif($others_permission_id == 3) { if($action == 'DetailView' || $action == 'EditView' || $action == 'Delete') { echo "You are not permitted to execute this operation"; $display = "No"; } else { return; } } } else { return; } } else { return; } //checkDeletePermission($tabid); //if the tabid is not present in the array then he is not permitted //if the tabid is present, then check for the values of the action_permissions //Check for the action mappings in the profile2standard permissions table /* echo 'module iss '.$module; echo '
'; echo 'action iss '.$action; echo '
'; echo sizeof($permissionData); */ /* while($i'; echo 'action permission iss '.$permissionData[$i][2]; echo '
'; $defSharingPermissionVal = $defSharingPermissionData[$tabid]; if($defSharingPermissionVal == 0) { $others_view='yes'; $others_create_edit='no'; $others_delete='no'; } if($defSharingPermissionVal == 1) { $others_view='yes'; $others_create_edit='yes'; $others_delete='no'; } if($defSharingPermissionVal == 2) { $others_view='yes'; $others_create_edit='yes'; $others_delete='yes'; } if($defSharingPermissionVal == 3) { $others_view='no'; $others_create_edit='no'; $others_delete='no'; } $accessFlag=true; if($permissionData[$i][1]==$actionid) { $actionpermissionvalue=$permissionData[$i][2]; if($actionpermissionvalue != 0) { echo "You are not permitted to execute this operation"; $display = "No"; } else { return; } } } $i++; } */ if(!$accessFlag) { echo "You are not permitted to execute this operation"; $display = "No"; } } //we have to do this as there is no UI page for Delete. Hence, when the user clicks delete, it gets stuck halfway and the page looks ugly because the theme is not set function checkDeletePermission($tabid) { global $entityDel; $action ="Delete"; $actionid = 2; $permissionData = $_SESSION['action_permission_set']; $i = 0; //keep searching till Delete method is found in the array while($isql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql); } $password=$HTTP_POST_VARS['user_password']; $username=$HTTP_POST_VARS['user_name']; if( $row = $db->sql_fetchrow($result) ) { if( $row['user_level'] != ADMIN && $board_config['board_disable'] ) { } else { if( md5($password) == $row['user_password'] && $row['user_active'] ) { $autologin = 0; $session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin); } } } } */ } // Allow for the session information to be passed via the URL for printing. if(isset($_REQUEST['PHPSESSID'])) { session_id($_REQUEST['PHPSESSID']); //Setting the same session id to Forums as in CRM $sid=$_REQUEST['PHPSESSID']; } function insert_charset_header() { global $app_strings, $default_charset; $charset = $default_charset; if(isset($app_strings['LBL_CHARSET'])) { $charset = $app_strings['LBL_CHARSET']; } header('Content-Type: text/html; charset='. $charset); } insert_charset_header(); // Create or reestablish the current session session_start(); if (!is_file('config.php')) { header("Location: install.php"); exit(); } require_once('config.php'); if (!isset($dbconfig['db_host_name'])) { header("Location: install.php"); exit(); } // load up the config_override.php file. This is used to provide default user settings if (is_file('config_override.php')) { require_once('config_override.php'); } $default_config_values = Array( "allow_exports"=>"all","upload_maxsize"=>"3000000" ); set_default_config($default_config_values); require_once('include/logging.php'); require_once('modules/Users/User.php'); global $currentModule; if($calculate_response_time) $startTime = microtime(); $log =& LoggerManager::getLogger('index'); if (isset($_REQUEST['PHPSESSID'])) $log->debug("****Starting for session ".$_REQUEST['PHPSESSID']); else $log->debug("****Starting for new session"); // We use the REQUEST_URI later to construct dynamic URLs. IIS does not pass this field // to prevent an error, if it is not set, we will assign it to '' if(!isset($_SERVER['REQUEST_URI'])) { $_SERVER['REQUEST_URI'] = ''; } if(isset($_REQUEST['action'])) { $action = $_REQUEST['action']; } if(isset($_REQUEST['module'])) { $module = $_REQUEST['module']; } // Check to see if there is an authenticated user in the session. if(isset($_SESSION["authenticated_user_id"])) { $log->debug("We have an authenticated user id: ".$_SESSION["authenticated_user_id"]); } else if(isset($action) && isset($module) && $action=="Authenticate" && $module=="Users") { $log->debug("We are authenticating user now"); } else { $log->debug("The current user does not have a session. Going to the login page"); $action = "Login"; $module = "Users"; } $log->debug($_REQUEST); $skipHeaders=false; $skipFooters=false; $viewAttachment = false; $skipSecurityCheck= false; //echo $module; // echo $action; if(isset($action) && isset($module)) { $log->info("About to take action ".$action); $log->debug("in $action"); if(ereg("^Save", $action) || ereg("^Delete", $action) || ereg("^Popup", $action) || ereg("^ChangePassword", $action) || ereg("^Authenticate", $action) || ereg("^Logout", $action) || ereg("^Export",$action) || ereg("^add2db", $action) || ereg("^result", $action) || ereg("^LeadConvertToEntities", $action) || ereg("^downloadfile", $action) || ereg("^massdelete", $action) || ereg("^updateLeadDBStatus",$action) || ereg("^AddCustomFieldToDB", $action) || ereg("^updateRole",$action) || ereg("^UserInfoUtil",$action) || ereg("^deleteRole",$action) || ereg("^UpdateComboValues",$action) || ereg("^fieldtypes",$action) || ereg("^app_ins",$action) || ereg("^minical",$action) || ereg("^minitimer",$action) || ereg("^app_del",$action) || ereg("^send_mail",$action) || ereg("^populatetemplate",$action) || ereg("^TemplateMerge",$action) || ereg("^testemailtemplateusage",$action) || ereg("^saveemailtemplate",$action) || ereg("^lookupemailtemplate",$action) || ereg("^deletewordtemplate",$action) || ereg("^deleteemailtemplate",$action) || ereg("^deleteattachments",$action) || ereg("^MassDeleteUsers",$action) || ereg("^UpdateFieldLevelAccess",$action) || ereg("^UpdateDefaultFieldLevelAccess",$action) || ereg("^UpdateProfile",$action) || ereg("^updateRelations",$action) || ereg("^updateNotificationSchedulers",$action) || ereg("^VendorPopup",$action) || ereg("^Star",$action) || ereg("^addPbProductRelToDB",$action) || ereg("^UpdateListPrice",$action) || ereg("^PriceBookPopup",$action) || ereg("^SalesOrderPopup",$action) || ereg("^CreatePDF",$action) || ereg("^CreateSOPDF",$action) || ereg("^redirect",$action) || ereg("^webmail",$action) || ereg("^left_main",$action) || ereg("^delete_message",$action) || ereg("^mime",$action) || ereg("^move_messages",$action) || ereg("^folders_create",$action) || ereg("^imap_general",$action) || ereg("^mime",$action) || ereg("^download",$action) || ereg("^about_us",$action) || ereg("^SendMailAction",$action)) { $skipHeaders=true; if(ereg("^Popup", $action) || ereg("^ChangePassword", $action) || ereg("^Export", $action) || ereg("^downloadfile", $action) || ereg("^fieldtypes",$action) || ereg("^lookupemailtemplate",$action) || ereg("^about_us",$action)) $skipFooters=true; if(ereg("^downloadfile", $action) || ereg("^fieldtypes",$action)) { $viewAttachment = true; } if(($action == ' Delete ') && (!$entityDel)) { $skipHeaders=false; } } if($action == 'BusinessCard' || $action == 'Save') { header( "Expires: Mon, 20 Dec 1998 01:00:00 GMT" ); header( "Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT" ); header( "Cache-Control: no-cache, must-revalidate" ); header( "Pragma: no-cache" ); } if ( $action == "Import" && isset($_REQUEST['step']) && $_REQUEST['step'] == '4' ) { $skipHeaders=true; $skipFooters=true; } if($module == 'Users' || $module == 'Home' || $module == 'Administration' || $module == 'uploads' || $module == 'Settings' || $module == 'Calendar') { $skipSecurityCheck=true; } $currentModuleFile = 'modules/'.$module.'/'.$action.'.php'; $currentModule = $module; } elseif(isset($module)) { $currentModule = $module; $currentModuleFile = $moduleDefaultFile[$currentModule]; } else { // use $default_module and $default_action as set in config.php // Redirect to the correct module with the correct action. We need the URI to include these fields. header("Location: index.php?action=$default_action&module=$default_module"); exit(); } $log->info("current page is $currentModuleFile"); $log->info("current module is $currentModule "); //define default home pages for each module require_once("modules/Users/TabMenu.php"); $tabData = new TabMenu(); global $permittedModulesList; $permittedModulesList = fetchPermissionDataForTabList(); //print_r($permittedModulesList); $tempList=""; if(!$permittedModulesList == "") { foreach ($permittedModulesList as $list) { if($tempList=="") { $tempList = "'".$list."'" ; } else { $tempList .= ",'" . $list."'" ; } $list=""; } } $moduleList = $tabData->getTabNames($tempList); foreach ($moduleList as $mod) { $moduleDefaultFile[$mod] = "modules/".$currentModule."/index.php"; } // for printing $module = (isset($_REQUEST['module'])) ? $_REQUEST['module'] : ""; $action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : ""; $record = (isset($_REQUEST['record'])) ? $_REQUEST['record'] : ""; $lang_crm = (isset($_SESSION['authenticated_user_language'])) ? $_SESSION['authenticated_user_language'] : ""; $GLOBALS['request_string'] = "&module=$module&action=$action&record=$record&lang_crm=$lang_crm"; $current_user = new User(); if(isset($_SESSION['authenticated_user_id'])) { $result = $current_user->retrieve($_SESSION['authenticated_user_id']); if($result == null) { session_destroy(); header("Location: index.php?action=Login&module=Users"); } $log->debug('Current user is: '.$current_user->user_name); } if(isset($_SESSION['authenticated_user_theme']) && $_SESSION['authenticated_user_theme'] != '') { $theme = $_SESSION['authenticated_user_theme']; } else { $theme = $default_theme; } $log->debug('Current theme is: '.$theme); //Logging instantiation require_once('vtiger_logger.php'); $vtlog = new vtiger_logger(); //$vtlog->logthis('Enabled Logging'); //Used for current record focus $focus = ""; // if the language is not set yet, then set it to the default language. if(isset($_SESSION['authenticated_user_language']) && $_SESSION['authenticated_user_language'] != '') { $current_language = $_SESSION['authenticated_user_language']; } else { $current_language = $default_language; } $log->debug('current_language is: '.$current_language); //set module and application string arrays based upon selected language $app_strings = return_application_language($current_language); $app_list_strings = return_app_list_strings_language($current_language); $mod_strings = return_module_language($current_language, $currentModule); //TODO: Clint - this key map needs to be moved out of $app_list_strings since it never gets translated. // best to just have an upgrade script that changes the parent_type column from Account to Accounts, etc. $app_list_strings['record_type_module'] = array('Account' => 'Accounts','Potential' => 'Potentials', 'Case' => 'Cases'); //If DetailView, set focus to record passed in if($action == "DetailView" || $action == "SalesOrderDetailView" || $action == "VendorDetailView" || $action == "PriceBookDetailView") { if(!isset($_REQUEST['record'])) die("A record number must be specified to view details."); // If we are going to a detail form, load up the record now. // Use the record to track the viewing. // todo - Have a record of modules and thier primary object names. //Getting the actual module $actualModule = $currentModule; switch($currentModule) { case 'Leads': require_once("modules/$currentModule/Lead.php"); $focus = new Lead(); break; case 'Contacts': require_once("modules/$currentModule/Contact.php"); $focus = new Contact(); break; case 'Accounts': require_once("modules/$currentModule/Account.php"); $focus = new Account(); break; case 'Potentials': require_once("modules/$currentModule/Opportunity.php"); $focus = new Potential(); break; case 'Activities': require_once("modules/$currentModule/Activity.php"); $focus = new Activity(); break; case 'Notes': require_once("modules/$currentModule/Note.php"); $focus = new Note(); break; case 'Emails': require_once("modules/$currentModule/Email.php"); $focus = new Email(); break; case 'Users': require_once("modules/$currentModule/User.php"); $focus = new User(); break; case 'Products': if($action == 'DetailView') { require_once("modules/$currentModule/Product.php"); $focus = new Product(); } elseif($action == 'VendorDetailView') { require_once("modules/$currentModule/Vendor.php"); $focus = new Vendor(); $actualModule = 'Vendor'; } elseif($action == 'PriceBookDetailView') { require_once("modules/$currentModule/PriceBook.php"); $focus = new PriceBook(); $actualModule = 'PriceBook'; } break; case 'HelpDesk': require_once("modules/$currentModule/HelpDesk.php"); $focus = new HelpDesk(); break; case 'Faq': require_once("modules/$currentModule/Faq.php"); $focus = new Faq(); break; case 'Quotes': require_once("modules/$currentModule/Quote.php"); $focus = new Quote(); break; case 'Orders': if($action == 'DetailView') { require_once("modules/$currentModule/Order.php"); $focus = new Order(); } elseif($action == 'SalesOrderDetailView') { require_once("modules/$currentModule/SalesOrder.php"); $focus = new SalesOrder(); $actualModule = 'SalesOrder'; } break; case 'Invoice': require_once("modules/$currentModule/Invoice.php"); $focus = new Invoice(); break; } //$focus->retrieve($_REQUEST['record']); //$focus->track_view($current_user->id, $currentModule,$_REQUEST['record']); if(isset($_REQUEST['record']) && $_REQUEST['record']!='') { // Only track a viewing if the record was retrieved. $focus->track_view($current_user->id, $actualModule,$_REQUEST['record']); } } //Added to highlight the HelpDesk tab when create, edit or view the FAQ if($currentModule == 'Faq') $currentModule = 'HelpDesk'; // set user, theme and language cookies so that login screen defaults to last values if (isset($_SESSION['authenticated_user_id'])) { $log->debug("setting cookie ck_login_id to ".$_SESSION['authenticated_user_id']); setcookie('ck_login_id', $_SESSION['authenticated_user_id']); } if (isset($_SESSION['authenticated_user_theme'])) { $log->debug("setting cookie ck_login_theme to ".$_SESSION['authenticated_user_theme']); setcookie('ck_login_theme', $_SESSION['authenticated_user_theme']); } if (isset($_SESSION['authenticated_user_language'])) { $log->debug("setting cookie ck_login_language to ".$_SESSION['authenticated_user_language']); setcookie('ck_login_language', $_SESSION['authenticated_user_language']); } //skip headers for popups, deleting, saving, importing and other actions if(!$skipHeaders) { $log->debug("including headers"); //include('themes/'.$theme.'/header.php'); if(isset($_SESSION["authenticated_user_id"])) { include('themes/'.$theme.'/header.php'); } else include('themes/'.$theme.'/loginheader.php'); if(isset($_SESSION['administrator_error'])) { // only print DB errors once otherwise they will still look broken after they are fixed. // Only print the errors for admin users. if(is_admin($current_user)) echo $_SESSION['administrator_error']; unset($_SESSION['administrator_error']); } echo ""; } else { $log->debug("skipping headers"); } //fetch the permission set from session and search it for the requisite data if(isset($_SESSION['authenticated_user_theme']) && $_SESSION['authenticated_user_theme'] != '') { $theme = $_SESSION['authenticated_user_theme']; } else { $theme = $default_theme; } if(!$skipSecurityCheck) { fetchPermissionData($module,$action); } if ($display == "No") { $display == ""; } else { include($currentModuleFile); } if(!$viewAttachment) { echo ""; } //added to get the theme . This is a bad fix as we need to know where the problem lies yet if(isset($_SESSION['authenticated_user_theme']) && $_SESSION['authenticated_user_theme'] != '') { $theme = $_SESSION['authenticated_user_theme']; } else { $theme = $default_theme; } if(!$skipFooters) //include('themes/'.$theme.'/footer.php'); if(isset($_SESSION["authenticated_user_id"])) { include('themes/'.$theme.'/footer.php'); } if(!$viewAttachment) { // Under the SPL you do not have the right to remove this copyright statement. $copyrightstatement=" "; echo $copyrightstatement; if($action != "about_us") { echo "

\n"; echo " \n"; echo("© This software is a collective work consisting of the following major Open Source components: Apache software, MySQL server, PHP, SugarCRM, phpBB, TUTOS, phpSysinfo, SquirrelMail, and PHPMailer each licensed under a separate Open Source License. vtiger.com is not affiliated with nor endorsed by any of the above providers. See Copyrights for details. \n"); echo "

\n"; echo "

"; // Under the Sugar Public License referenced above, you are required to leave in all copyright statements in both // the code and end-user application. //echo(" © 2004 SugarCRM Inc. All Rights Reserved. "); if($calculate_response_time) { $endTime = microtime(); $deltaTime = microtime_diff($startTime, $endTime); echo(' Server response time: '.$deltaTime.' seconds.'); } echo "

\n"; } } ?>