diff --git a/framework/src/Maveriks/Util/Common.php b/framework/src/Maveriks/Util/Common.php index 2ccbd9c28..afe8a6b75 100644 --- a/framework/src/Maveriks/Util/Common.php +++ b/framework/src/Maveriks/Util/Common.php @@ -52,58 +52,43 @@ class Common } $files = glob("$path/$singlePattern", $flags); - $dirs = glob("$path/*", GLOB_MARK|GLOB_ONLYDIR|GLOB_NOSORT); + $dirs = glob("$path/*", GLOB_MARK | GLOB_ONLYDIR | GLOB_NOSORT); - if(is_array($dirs)){ + if (is_array($dirs)) { foreach ($dirs as $dir) { $files = array_merge($files, self::rglob("$dir/$singlePattern", $flags)); } } if ($onlyFiles) { - $files = array_filter($files, function($v) { return is_dir($v) ? false : true;}); + $files = array_filter($files, function ($v) { + return is_dir($v) ? false : true; + }); } return $files; } /** - * Returns the last version given a pattern of file name - * - * @param string $pattern a valid pattern for glob(...) native function - * @param int $flag php flags for glob(...) native function - * @return int|string - * - * Example: - * - Given the following files inside a directory: - * /example/path/myApplication-v1.tar - * /example/path/myApplication-v2.tar - * /example/path/myApplication-v3.tar - * /example/path/myApplication-v5.tar - * /example/path/myApplication-v7.tar - * - * $lastVer = ProcessMaker\Util\Common::getLastVersion("/example/path/myApplication-*.tar"); - * - * It will returns: 7 + * This method get the last version of file when exists a special characters + * @param $pattern + * @param $extension + * @param int $flag + * @return int */ - public static function getLastVersion($pattern, $flag = 0) + public static function getLastVersionSpecialCharacters($dir, $pattern, $extension, $flag = 0) { - $files = glob($pattern, $flag); + $files = glob($dir . quotemeta($pattern) . "-*." . $extension, $flag); $maxVersion = 0; - - $pattern = str_replace("*", '([0-9\.]+)', basename($pattern)); - + $pattern = preg_quote(basename($pattern)) . '-([0-9\.]+)pmx'; foreach ($files as $file) { $filename = basename($file); - - if (preg_match('/'.$pattern.'/', $filename, $match)) { - + if (preg_match('/' . $pattern . '/', $filename, $match)) { if ($maxVersion < $match[1]) { $maxVersion = $match[1]; } } } - return $maxVersion; } @@ -141,8 +126,8 @@ class Common } while ($parent_folder_path = array_pop($folder_path)) { - if (! @is_dir($parent_folder_path)) { - if (! @mkdir($parent_folder_path, $rights)) { + if (!@is_dir($parent_folder_path)) { + if (!@mkdir($parent_folder_path, $rights)) { umask($oldumask); } } diff --git a/gulliver/bin/gulliver.php b/gulliver/bin/gulliver.php index 99a5443c9..8ed17edf8 100644 --- a/gulliver/bin/gulliver.php +++ b/gulliver/bin/gulliver.php @@ -35,6 +35,8 @@ /** * require_once pakeFunction.php */ + require_once( PATH_THIRDPARTY . 'pake' . PATH_SEP . 'pakeFunction.php'); + require_once( PATH_THIRDPARTY . 'pake' . PATH_SEP . 'pakeGetopt.class.php'); require_once( PATH_CORE . 'config' . PATH_SEP . 'environments.php'); // trap -V before pake diff --git a/gulliver/bin/tasks/pakeGulliver.php b/gulliver/bin/tasks/pakeGulliver.php index 745dbbe22..2e8d88562 100644 --- a/gulliver/bin/tasks/pakeGulliver.php +++ b/gulliver/bin/tasks/pakeGulliver.php @@ -1503,7 +1503,7 @@ function get_infoOnPM($workspace) { $dbNetView = new NET(DB_HOST); $dbNetView->loginDbServer(DB_USER, DB_PASS); - $dbConns = new dbConnections(''); + $dbConns = new DbConnections(''); $availdb = ''; foreach( $dbConns->getDbServicesAvailables() as $key => $val ) { if( $availdb != '' ) diff --git a/gulliver/system/class.bootstrap.php b/gulliver/system/class.bootstrap.php index 267c84725..b70b2bcef 100644 --- a/gulliver/system/class.bootstrap.php +++ b/gulliver/system/class.bootstrap.php @@ -14,6 +14,27 @@ class Bootstrap //below here only approved methods + /** + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager + */ + public static function autoloadClass($class) + { + } + + /** + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager + */ + public static function registerClass($className, $includePath) + { + } + + /** + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager + */ + public static function registerDir($name, $dir) + { + } + /* * these functions still under revision */ @@ -22,6 +43,12 @@ class Bootstrap { return PmSystem::getSystemConfiguration($globalIniFile, $wsIniFile, $wsName); } + /** + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager + */ + public static function registerSystemClasses() + { + } //below this line, still not approved methods @@ -122,6 +149,13 @@ class Bootstrap $smarty->display($template); } + /** + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager + */ + public static function LoadSystem($strClass) + { + } + /** * Get the temporal directory path on differents O.S. * i.e. /temp -> linux, C:/Temp -> win @@ -411,6 +445,19 @@ class Bootstrap return $content; } + /** + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager + */ + public static function LoadClass($strClass) + { + } + + /** + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager + */ + public static function LoadThirdParty($sPath, $sFile) + { + } /** * Function LoadTranslationObject @@ -1948,6 +1995,13 @@ class Bootstrap return $result; } + /** + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager + */ + public function getModel($model) + { + } + /** * Create an encrypted unique identifier based on $id and the selected scope id. * @@ -2427,6 +2481,13 @@ class Bootstrap return strtoupper(PHP_OS) == "LINUX"; } + /** + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager + */ + public static function initVendors() + { + } + public static function parseIniFile($filename) { $data = @parse_ini_file($filename, true); diff --git a/gulliver/system/class.dynaformhandler.php b/gulliver/system/class.dynaformhandler.php index 559e1b094..d8b6a2479 100644 --- a/gulliver/system/class.dynaformhandler.php +++ b/gulliver/system/class.dynaformhandler.php @@ -31,7 +31,7 @@ * @description This class is a Dynaform handler for modify directly into file * @package gulliver.system */ -class dynaFormHandler +class DynaformHandler { private $xmlfile; diff --git a/gulliver/system/class.g.php b/gulliver/system/class.g.php index ebe424741..692d2274e 100644 --- a/gulliver/system/class.g.php +++ b/gulliver/system/class.g.php @@ -44,11 +44,7 @@ class G public static $httpHost; /** - * Load Gulliver Classes - * @access public - * @param string $strClass - * @return void - * @deprecated 08-04-2017 + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager */ public static function LoadSystem($strClass) { @@ -56,11 +52,7 @@ class G } /** - * Load System Classes - * @access public - * @param string $strClass - * @return void - * @deprecated 08-04-2017 + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager */ public function LoadSystemExist($strClass) { @@ -68,11 +60,7 @@ class G } /** - * Include javascript files - * @access public - * @param string $strClass - * @return void - * @deprecated 08-04-2017 + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager */ public function LoadInclude($strClass) { @@ -80,11 +68,7 @@ class G } /** - * public function LoadClassRBAC - * @access public - * @param string $strClass - * @return void - * @deprecated 08-04-2017 + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager */ public function LoadClassRBAC($strClass) { @@ -92,12 +76,7 @@ class G } /** - * If the class is not defined by the aplication, it - * attempt to load the class from gulliver.system - * @access public - * @param string $strClass - * @return void - * @deprecated 08-04-2017 + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager */ public static function LoadClass($strClass) { @@ -105,12 +84,7 @@ class G } /** - * public function LoadThirdParty - * @access public - * @param string $sPath - * @param string $sFile - * @return void - * @deprecated 08-04-2017 + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager */ public static function LoadThirdParty($sPath, $sFile) { @@ -638,7 +612,7 @@ class G * @param string $strSkin * @return void */ - public function RenderPage ($strTemplate = "default", $strSkin = SYS_SKIN, $objContent = null, $layout = '') + public static function RenderPage ($strTemplate = "default", $strSkin = SYS_SKIN, $objContent = null, $layout = '') { global $G_CONTENT; global $G_TEMPLATE; @@ -1989,7 +1963,7 @@ class G * * @return void */ - public function SendTemporalMessage ($msgID, $strType, $sType = 'LABEL', $time = null, $width = null, $customLabels = null) + public static function SendTemporalMessage ($msgID, $strType, $sType = 'LABEL', $time = null, $width = null, $customLabels = null) { if (isset( $width )) { $_SESSION['G_MESSAGE_WIDTH'] = $width; @@ -3238,20 +3212,34 @@ class G * @param (array) additional characteres map * */ - public function inflect ($string, $replacement = '_', $map = array()) + public function inflect($string, $replacement = '_', $map = array()) { - if (is_array( $replacement )) { + if (is_array($replacement)) { $map = $replacement; $replacement = '_'; } - $quotedReplacement = preg_quote( $replacement, '/' ); + $quotedReplacement = preg_quote($replacement, '/'); - $default = array ('/à|á|å|â/' => 'a','/è|é|ê|ẽ|ë/' => 'e','/ì|í|î/' => 'i','/ò|ó|ô|ø/' => 'o','/ù|ú|ů|û/' => 'u','/ç/' => 'c','/ñ/' => 'n','/ä|æ/' => 'ae','/ö/' => 'oe','/ü/' => 'ue','/Ä/' => 'Ae','/Ü/' => 'Ue','/Ö/' => 'Oe','/ß/' => 'ss','/\.|\,|\:|\-|\\|\//' => " ",'/\\s+/' => $replacement - ); + $default = array('/à|á|å|â/' => 'a', + '/è|é|ê|ẽ|ë/' => 'e', + '/ì|í|î/' => 'i', + '/ò|ó|ô|ø/' => 'o', + '/ù|ú|ů|û/' => 'u', + '/ç/' => 'c', + '/ñ/' => 'n', + '/ä|æ/' => 'ae', + '/ö/' => 'oe', + '/ü/' => 'ue', + '/Ä/' => 'Ae', + '/Ü/' => 'Ue', + '/Ö/' => 'Oe', + '/ß/' => 'ss', + '/[\.|\,|\+|\"|\:|\;|\-|\\|\/]/' => " ", + '/\\s+/' => $replacement); - $map = array_merge( $default, $map ); - return preg_replace( array_keys( $map ), array_values( $map ), $string ); + $map = array_merge($default, $map); + return preg_replace(array_keys($map), array_values($map), $string); } /** @@ -5736,7 +5724,7 @@ class G * * @return showRes($string) */ - public function outRes ($sInfVar) + public static function outRes ($sInfVar) { echo $sInfVar; } diff --git a/gulliver/system/class.pmException.php b/gulliver/system/class.pmException.php index 273529b47..e428cec9f 100644 --- a/gulliver/system/class.pmException.php +++ b/gulliver/system/class.pmException.php @@ -20,7 +20,7 @@ class PMException extends Exception return __CLASS__ . ": [{$this->code}]: {$this->message}\n"; } - public function registerErrorLog($error, $token){ + public static function registerErrorLog($error, $token){ $ws = (defined("SYS_SYS"))? SYS_SYS : "Wokspace Undefined"; Bootstrap::registerMonolog('ExceptionCron', 400, $error->getMessage(), array('token'=>$token), $ws, 'processmaker.log'); } diff --git a/gulliver/system/class.rbac.php b/gulliver/system/class.rbac.php index f5da6a354..253ff34b8 100644 --- a/gulliver/system/class.rbac.php +++ b/gulliver/system/class.rbac.php @@ -25,6 +25,9 @@ * Coral Gables, FL, 33134, USA, or email info@colosa.com. * */ + +use ProcessMaker\Exception\RBACException; + /** * File: $Id$ * @@ -148,8 +151,28 @@ class RBAC ), 'newSite.php' => array( 'newSite.php' => array('PM_SETUP_ADVANCE') + ), + 'emailsAjax.php' => array( + 'MessageList' => array('PM_SETUP', 'PM_SETUP_LOGS'), + 'updateStatusMessage' => array('PM_SETUP', 'PM_SETUP_LOGS'), + ), + 'processCategory_Ajax.php' => array( + 'processCategoryList' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'), + 'updatePageSize' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'), + 'checkCategoryName' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'), + 'saveNewCategory' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'), + 'checkEditCategoryName' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'), + 'updateCategory' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'), + 'canDeleteCategory' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'), + 'deleteCategory' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES') + ), + 'emailServerAjax.php' => array( + 'INS' => array('PM_SETUP'), + 'UPD' => array('PM_SETUP'), + 'DEL' => array('PM_SETUP'), + 'LST' => array('PM_SETUP'), + 'TEST' => array('PM_SETUP') ) - ); } @@ -1546,8 +1569,7 @@ class RBAC } if (!$access) { - G::header('Location: /errors/error403.php'); - die(); + throw new RBACException('ID_ACCESS_DENIED', 403); } } } diff --git a/rbac/engine/classes/model/RbacUsers.php b/rbac/engine/classes/model/RbacUsers.php index 760a9c9b2..f3d0c13fe 100644 --- a/rbac/engine/classes/model/RbacUsers.php +++ b/rbac/engine/classes/model/RbacUsers.php @@ -75,12 +75,13 @@ class RbacUsers extends BaseRbacUsers try { $c = new Criteria('rbac'); $c->add(RbacUsersPeer::USR_USERNAME, $sUsername); + /* @var $rs RbacUsers[] */ $rs = RbacUsersPeer::doSelect($c, Propel::getDbConnection('rbac_ro')); if (is_array($rs) && isset($rs[0]) && is_object($rs[0]) && get_class($rs[0]) == 'RbacUsers') { $aFields = $rs[0]->toArray(BasePeer::TYPE_FIELDNAME); //verify password with md5, and md5 format if (mb_strtoupper($sUsername, 'utf-8') === mb_strtoupper($aFields['USR_USERNAME'], 'utf-8')) { - if( Bootstrap::verifyHashPassword($sPassword, $aFields['USR_PASSWORD']) ) { + if( Bootstrap::verifyHashPassword($sPassword, $rs[0]->getUsrPassword()) ) { if ($aFields['USR_DUE_DATE'] < date('Y-m-d')) { return -4; } @@ -317,6 +318,25 @@ class RbacUsers extends BaseRbacUsers throw($oError); } } + + /** + * {@inheritdoc} except USR_PASSWORD, for security reasons. + * + * @param string $keyType One of the class type constants TYPE_PHPNAME, + * TYPE_COLNAME, TYPE_FIELDNAME, TYPE_NUM + * @return an associative array containing the field names (as keys) and field values + */ + public function toArray($keyType = BasePeer::TYPE_PHPNAME) + { + $key = RbacUsersPeer::translateFieldName( + RbacUsersPeer::USR_PASSWORD, + BasePeer::TYPE_COLNAME, + $keyType + ); + $array = parent::toArray($keyType); + unset($array[$key]); + return $array; + } } // Users diff --git a/thirdparty/propel/Propel.php b/thirdparty/propel/Propel.php index 842f6f086..f8400cdb9 100644 --- a/thirdparty/propel/Propel.php +++ b/thirdparty/propel/Propel.php @@ -488,7 +488,7 @@ class Propel { * @date: 27-05-08 11:48 * * @Description: this was added for the additional database connections * ***********************************************************************/ - $oDbConnections = new dbConnections($_SESSION['PROCESS']); + $oDbConnections = new DbConnections($_SESSION['PROCESS']); $oDbConnections->loadAdditionalConnections(); $dsn = isset(self::$configuration['datasources'][$name]['connection']) ? self::$configuration['datasources'][$name]['connection'] : null; } else { diff --git a/workflow/engine/bin/cron_single.php b/workflow/engine/bin/cron_single.php index 407db80b6..1aa83d9cd 100644 --- a/workflow/engine/bin/cron_single.php +++ b/workflow/engine/bin/cron_single.php @@ -110,7 +110,7 @@ try { Bootstrap::registerClass('Entity_Base', PATH_HOME . 'engine/classes/entities/Base.php'); Bootstrap::registerClass('Entity_AppSolrQueue', PATH_HOME . 'engine/classes/entities/AppSolrQueue.php'); Bootstrap::registerClass('XMLDB', PATH_HOME . 'engine/classes/class.xmlDb.php'); - Bootstrap::registerClass('dynaFormHandler', PATH_GULLIVER . 'class.dynaformhandler.php'); + Bootstrap::registerClass('DynaformHandler', PATH_GULLIVER . 'class.dynaformhandler.php'); Bootstrap::registerClass('DynaFormField', PATH_HOME . 'engine/classes/class.dynaFormField.php'); Bootstrap::registerClass('SolrRequestData', PATH_HOME . 'engine/classes/entities/SolrRequestData.php'); Bootstrap::registerClass('SolrUpdateDocument', PATH_HOME . 'engine/classes/entities/SolrUpdateDocument.php'); diff --git a/workflow/engine/classes/class.AppSolr.php b/workflow/engine/classes/class.AppSolr.php index dd095bc49..66c8f9f4c 100644 --- a/workflow/engine/classes/class.AppSolr.php +++ b/workflow/engine/classes/class.AppSolr.php @@ -2365,7 +2365,7 @@ class AppSolr foreach ($dynaformFileNames as $dynaformFileName) { if (is_file(PATH_DYNAFORM . $dynaformFileName ['DYN_FILENAME'] . '.xml') && filesize(PATH_DYNAFORM . $dynaformFileName ['DYN_FILENAME'] . '.xml') >0 ) { - $dyn = new dynaFormHandler (PATH_DYNAFORM . $dynaformFileName ['DYN_FILENAME'] . '.xml'); + $dyn = new DynaformHandler (PATH_DYNAFORM . $dynaformFileName ['DYN_FILENAME'] . '.xml'); $dynaformFields [] = $dyn->getFields (); } if (is_file(PATH_DYNAFORM . $dynaformFileName ['DYN_FILENAME'] . '.xml') && diff --git a/workflow/engine/classes/class.dbConnections.php b/workflow/engine/classes/class.dbConnections.php index 17641b478..3eb1929c1 100644 --- a/workflow/engine/classes/class.dbConnections.php +++ b/workflow/engine/classes/class.dbConnections.php @@ -21,7 +21,7 @@ require_once 'model/Content.php'; * @package workflow.engine.classes * */ -class dbConnections +class DbConnections { private $PRO_UID; public $connections; diff --git a/workflow/engine/classes/class.dynaFormField.php b/workflow/engine/classes/class.dynaFormField.php index 1869e548a..8ceb4c01c 100644 --- a/workflow/engine/classes/class.dynaFormField.php +++ b/workflow/engine/classes/class.dynaFormField.php @@ -179,7 +179,7 @@ class DynaFormField extends DBTable public function saveField($Fields, $attributes = array(), $options = array()) { - $dynaform = new dynaFormHandler($this->getFileName()); + $dynaform = new DynaformHandler($this->getFileName()); if ($Fields['TYPE'] === 'javascript') { $Fields['XMLNODE_VALUE'] = $Fields['CODE']; unset($Fields['CODE']); diff --git a/workflow/engine/classes/class.dynaformEditor.php b/workflow/engine/classes/class.dynaformEditor.php index 27108fdce..7f402904b 100644 --- a/workflow/engine/classes/class.dynaformEditor.php +++ b/workflow/engine/classes/class.dynaformEditor.php @@ -664,7 +664,7 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax $pathFile = $filter->xssFilterHard(PATH_DYNAFORM . "{$file}.xml", 'path'); - $dynaform = new dynaFormHandler($pathFile); + $dynaform = new DynaformHandler($pathFile); $dynaform->replace($fieldName, $fieldName, Array('type' => 'javascript', 'meta' => $meta, '#cdata' => $sCode )); @@ -734,7 +734,7 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax self::_setTmpData($tmp); } $pathFile = $filter->xssFilterHard(PATH_DYNAFORM . "{$file}.xml", 'path'); - $dynaform = new dynaFormHandler($pathFile); + $dynaform = new DynaformHandler($pathFile); $dbc2 = new DBConnection($pathFile, '', '', '', 'myxml'); $ses2 = new DBSession($dbc2); //if (!isset($Fields['ENABLETEMPLATE'])) $Fields['ENABLETEMPLATE'] ="0"; @@ -804,7 +804,7 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax // $ses2 = new DBSession( $dbc2 ); // $ses2->execute( "UPDATE . SET ENABLETEMPLATE = '$value'" ); $pathFile = $filter->xssFilterHard(PATH_DYNAFORM . "{$file}.xml", 'path'); - $dynaform = new dynaFormHandler($pathFile); + $dynaform = new DynaformHandler($pathFile); $dynaform->modifyHeaderAttribute('enabletemplate', $value); return $value; diff --git a/workflow/engine/classes/class.pmFunctions.php b/workflow/engine/classes/class.pmFunctions.php index e06e49940..7fbdbb69f 100644 --- a/workflow/engine/classes/class.pmFunctions.php +++ b/workflow/engine/classes/class.pmFunctions.php @@ -3917,3 +3917,287 @@ function PMFSendMessageToGroup( //Return return 1; } + +//Start - Private functions + + +/** + * Convert to string + * + * @param variant $vValue + * @return string + */ +function pmToString($vValue) +{ + return (string)$vValue; +} + +/** + * Convert to integer + * + * @param variant $vValue + * @return integer + */ +function pmToInteger($vValue) +{ + return (int)$vValue; +} + +/** + * Convert to float + * + * @param variant $vValue + * @return float + */ +function pmToFloat($vValue) +{ + return (float)$vValue; +} + +/** + * Convert to Url + * + * @param variant $vValue + * @return url + */ +function pmToUrl($vValue) +{ + return urlencode($vValue); +} + +/** + * Convert to data base escaped string + * + * @param variant $vValue + * @return string + */ +function pmSqlEscape($vValue) +{ + return G::sqlEscape($vValue); +} + +//End - Private functions + + +/* * ************************************************************************* + * Error handler + * author: Julio Cesar Laura Avenda�o + * date: 2009-10-01 + * ************************************************************************* */ +/** + * @param $errno + * @param $errstr + * @param $errfile + * @param $errline + */ +function handleErrors($errno, $errstr, $errfile, $errline) +{ + if ($errno != 2048 && isset($_SESSION['_DATA_TRIGGER_']['_EXECUTION_TIME_'])) { + G::logTriggerExecution($_SESSION, $errstr, '', round(microtime(true) - + $_SESSION['_DATA_TRIGGER_']['_EXECUTION_TIME_'], 5)); + } + + if ($errno != '' && ($errno != 8) && ($errno != 2048)) { + if (isset($_SESSION['_CODE_'])) { + $sCode = $_SESSION['_CODE_']; + unset($_SESSION['_CODE_']); + global $oPMScript; + if (isset($oPMScript) && isset($_SESSION['APPLICATION'])) { + $oCase = new Cases(); + $oPMScript->aFields['__ERROR__'] = $errstr; + $oCase->updateCase($_SESSION['APPLICATION'], array('APP_DATA' => $oPMScript->aFields)); + } + registerError(1, $errstr, $errline - 1, $sCode); + } + } +} + +/* + * Handle Fatal Errors + * @param variant $buffer + * @return buffer + */ + +function handleFatalErrors($buffer) +{ + if (!empty($buffer)) { + G::logTriggerExecution($_SESSION, $buffer, 'FATAL_ERROR'); + } + + if (preg_match('/(error<\/b>:)(.+)(/', '', $regs[2]); + $aAux = explode(' in ', $err); + $sCode = isset($_SESSION['_CODE_']) ? $_SESSION['_CODE_'] : null; + unset($_SESSION['_CODE_']); + registerError(2, $aAux[0], 0, $sCode); + if (strpos($_SERVER['REQUEST_URI'], '/cases/cases_Step') !== false) { + if (strpos($_SERVER['REQUEST_URI'], '&ACTION=GENERATE') !== false) { + $aNextStep = $oCase->getNextStep($_SESSION['PROCESS'], $_SESSION['APPLICATION'], $_SESSION['INDEX'], $_SESSION['STEP_POSITION']); + if ($_SESSION['TRIGGER_DEBUG']['ISSET']) { + $_SESSION['TRIGGER_DEBUG']['TIME'] = G::toUpper(G::loadTranslation('ID_AFTER')); + $_SESSION['TRIGGER_DEBUG']['BREAKPAGE'] = $aNextStep['PAGE']; + $aNextStep['PAGE'] = $aNextStep['PAGE'] . '&breakpoint=triggerdebug'; + } + global $oPMScript; + if (isset($oPMScript) && isset($_SESSION['APPLICATION'])) { + $oPMScript->aFields['__ERROR__'] = $aAux[0]; + $oCase->updateCase($_SESSION['APPLICATION'], array('APP_DATA' => $oPMScript->aFields)); + } + G::header('Location: ' . $aNextStep['PAGE']); + die(); + } + $_SESSION['_NO_EXECUTE_TRIGGERS_'] = 1; + global $oPMScript; + if (isset($oPMScript) && isset($_SESSION['APPLICATION'])) { + $oPMScript->aFields['__ERROR__'] = $aAux[0]; + $oCase->updateCase($_SESSION['APPLICATION'], array('APP_DATA' => $oPMScript->aFields)); + } + G::header('Location: ' . $_SERVER['REQUEST_URI']); + die(); + } else { + $aNextStep = $oCase->getNextStep($_SESSION['PROCESS'], $_SESSION['APPLICATION'], $_SESSION['INDEX'], $_SESSION['STEP_POSITION']); + if (isset($_SESSION['TRIGGER_DEBUG']['ISSET']) && $_SESSION['TRIGGER_DEBUG']['ISSET']) { + $_SESSION['TRIGGER_DEBUG']['TIME'] = G::toUpper(G::loadTranslation('ID_AFTER')); + $_SESSION['TRIGGER_DEBUG']['BREAKPAGE'] = $aNextStep['PAGE']; + $aNextStep['PAGE'] = $aNextStep['PAGE'] . '&breakpoint=triggerdebug'; + } + if (strpos($aNextStep['PAGE'], 'TYPE=ASSIGN_TASK&UID=-1') !== false) { + G::SendMessageText('Fatal error in trigger', 'error'); + } + global $oPMScript; + if (isset($oPMScript) && isset($_SESSION['APPLICATION'])) { + $oPMScript->aFields['__ERROR__'] = $aAux[0]; + $oCase->updateCase($_SESSION['APPLICATION'], array('APP_DATA' => $oPMScript->aFields)); + } + G::header('Location: ' . $aNextStep['PAGE']); + die(); + } + } + return $buffer; +} + +/* + * Register Error + * @param string $iType + * @param string $sError + * @param string $iLine + * @param string $sCode + * @return void + */ + +function registerError($iType, $sError, $iLine, $sCode) +{ + $sType = ($iType == 1 ? 'ERROR' : 'FATAL'); + $_SESSION['TRIGGER_DEBUG']['ERRORS'][][$sType] = $sError . ($iLine > 0 ? ' (line ' . $iLine . ')' : '') . ':

' . $sCode; +} + +/** + * Obtain engine Data Base name + * + * @param type $connection + * @return type + */ +function getEngineDataBaseName($connection) +{ + $aDNS = $connection->getDSN(); + return $aDNS["phptype"]; +} + +/** + * Execute Queries for Oracle Database + * + * @param type $sql + * @param type $connection + */ +function executeQueryOci($sql, $connection, $aParameter = array(), $dbsEncode = "") +{ + $aDNS = $connection->getDSN(); + + $sUsername = $aDNS["username"]; + $sPassword = $aDNS["password"]; + $sHostspec = $aDNS["hostspec"]; + $sDatabse = $aDNS["database"]; + $sPort = $aDNS["port"]; + + if ($sPort != "1521") { + $flagTns = ($sDatabse == "" && ($sPort . "" == "" || $sPort . "" == "0")) ? 1 : 0; + + if ($flagTns == 0) { + // if not default port + $conn = oci_connect($sUsername, $sPassword, $sHostspec . ":" . $sPort . "/" . $sDatabse, $dbsEncode); + } else { + $conn = oci_connect($sUsername, $sPassword, $sHostspec, $dbsEncode); + } + } else { + $conn = oci_connect($sUsername, $sPassword, $sHostspec . "/" . $sDatabse, $dbsEncode); + } + + if (!$conn) { + $e = oci_error(); + trigger_error(htmlentities($e['message'], ENT_QUOTES), E_USER_ERROR); + return $e; + } + + switch (true) { + case preg_match("/^(SELECT|SHOW|DESCRIBE|DESC|WITH)\s/i", $sql): + $stid = oci_parse($conn, $sql); + + if (count($aParameter) > 0) { + foreach ($aParameter as $key => $val) { + oci_bind_by_name($stid, $key, $val); + } + } + oci_execute($stid, OCI_DEFAULT); + + $result = Array(); + $i = 1; + while ($row = oci_fetch_array($stid, OCI_ASSOC + OCI_RETURN_NULLS)) { + $result[$i++] = $row; + } + oci_free_statement($stid); + oci_close($conn); + return $result; + break; + case preg_match("/^(INSERT|UPDATE|DELETE)\s/i", $sql): + $stid = oci_parse($conn, $sql); + $isValid = true; + if (count($aParameter) > 0) { + foreach ($aParameter as $key => $val) { + oci_bind_by_name($stid, $key, $val); + } + } + $objExecute = oci_execute($stid, OCI_DEFAULT); + $result = oci_num_rows($stid); + if ($objExecute) { + oci_commit($conn); + } else { + oci_rollback($conn); + $isValid = false; + } + oci_free_statement($stid); + oci_close($conn); + if ($isValid) { + return $result; + } else { + return oci_error(); + } + break; + default: + // Stored procedures + $stid = oci_parse($conn, $sql); + $aParameterRet = array(); + if (count($aParameter) > 0) { + foreach ($aParameter as $key => $val) { + $aParameterRet[$key] = $val; + // The third parameter ($aParameterRet[$key]) returned a value by reference. + oci_bind_by_name($stid, $key, $aParameterRet[$key]); + } + } + $objExecute = oci_execute($stid, OCI_DEFAULT); + oci_free_statement($stid); + oci_close($conn); + return $aParameterRet; + break; + } +} diff --git a/workflow/engine/classes/class.pmScript.php b/workflow/engine/classes/class.pmScript.php index 2d9f2811e..742a84d31 100644 --- a/workflow/engine/classes/class.pmScript.php +++ b/workflow/engine/classes/class.pmScript.php @@ -639,288 +639,4 @@ class PMScript } } } -} - -//Start - Private functions - - -/** - * Convert to string - * - * @param variant $vValue - * @return string - */ -function pmToString ($vValue) -{ - return (string) $vValue; -} - -/** - * Convert to integer - * - * @param variant $vValue - * @return integer - */ -function pmToInteger ($vValue) -{ - return (int) $vValue; -} - -/** - * Convert to float - * - * @param variant $vValue - * @return float - */ -function pmToFloat ($vValue) -{ - return (float) $vValue; -} - -/** - * Convert to Url - * - * @param variant $vValue - * @return url - */ -function pmToUrl ($vValue) -{ - return urlencode( $vValue ); -} - -/** - * Convert to data base escaped string - * - * @param variant $vValue - * @return string - */ -function pmSqlEscape ($vValue) -{ - return G::sqlEscape( $vValue ); -} - -//End - Private functions - - -/* * ************************************************************************* - * Error handler - * author: Julio Cesar Laura Avenda�o - * date: 2009-10-01 - * ************************************************************************* */ -/** - * @param $errno - * @param $errstr - * @param $errfile - * @param $errline - */ -function handleErrors($errno, $errstr, $errfile, $errline) -{ - if ($errno != 2048 && isset($_SESSION['_DATA_TRIGGER_']['_EXECUTION_TIME_'])) { - G::logTriggerExecution($_SESSION, $errstr, '', round(microtime(true) - - $_SESSION['_DATA_TRIGGER_']['_EXECUTION_TIME_'], 5)); - } - - if ($errno != '' && ($errno != 8) && ($errno != 2048)) { - if (isset( $_SESSION['_CODE_'] )) { - $sCode = $_SESSION['_CODE_']; - unset( $_SESSION['_CODE_'] ); - global $oPMScript; - if (isset($oPMScript) && isset($_SESSION['APPLICATION'])) { - $oCase = new Cases(); - $oPMScript->aFields['__ERROR__'] = $errstr; - $oCase->updateCase($_SESSION['APPLICATION'], array('APP_DATA' => $oPMScript->aFields)); - } - registerError( 1, $errstr, $errline - 1, $sCode ); - } - } -} - -/* - * Handle Fatal Errors - * @param variant $buffer - * @return buffer - */ - -function handleFatalErrors ($buffer) -{ - if (!empty($buffer)) { - G::logTriggerExecution($_SESSION, $buffer, 'FATAL_ERROR'); - } - - if (preg_match( '/(error<\/b>:)(.+)(/', '', $regs[2] ); - $aAux = explode( ' in ', $err ); - $sCode = isset($_SESSION['_CODE_']) ? $_SESSION['_CODE_'] : null; - unset( $_SESSION['_CODE_'] ); - registerError( 2, $aAux[0], 0, $sCode ); - if (strpos( $_SERVER['REQUEST_URI'], '/cases/cases_Step' ) !== false) { - if (strpos( $_SERVER['REQUEST_URI'], '&ACTION=GENERATE' ) !== false) { - $aNextStep = $oCase->getNextStep( $_SESSION['PROCESS'], $_SESSION['APPLICATION'], $_SESSION['INDEX'], $_SESSION['STEP_POSITION'] ); - if ($_SESSION['TRIGGER_DEBUG']['ISSET']) { - $_SESSION['TRIGGER_DEBUG']['TIME'] = G::toUpper(G::loadTranslation('ID_AFTER')); - $_SESSION['TRIGGER_DEBUG']['BREAKPAGE'] = $aNextStep['PAGE']; - $aNextStep['PAGE'] = $aNextStep['PAGE'] . '&breakpoint=triggerdebug'; - } - global $oPMScript; - if (isset($oPMScript) && isset($_SESSION['APPLICATION'])) { - $oPMScript->aFields['__ERROR__'] = $aAux[0]; - $oCase->updateCase($_SESSION['APPLICATION'], array('APP_DATA' => $oPMScript->aFields)); - } - G::header( 'Location: ' . $aNextStep['PAGE'] ); - die(); - } - $_SESSION['_NO_EXECUTE_TRIGGERS_'] = 1; - global $oPMScript; - if (isset($oPMScript) && isset($_SESSION['APPLICATION'])) { - $oPMScript->aFields['__ERROR__'] = $aAux[0]; - $oCase->updateCase($_SESSION['APPLICATION'], array('APP_DATA' => $oPMScript->aFields)); - } - G::header( 'Location: ' . $_SERVER['REQUEST_URI'] ); - die(); - } else { - $aNextStep = $oCase->getNextStep( $_SESSION['PROCESS'], $_SESSION['APPLICATION'], $_SESSION['INDEX'], $_SESSION['STEP_POSITION'] ); - if (isset($_SESSION['TRIGGER_DEBUG']['ISSET']) && $_SESSION['TRIGGER_DEBUG']['ISSET']) { - $_SESSION['TRIGGER_DEBUG']['TIME'] = G::toUpper(G::loadTranslation('ID_AFTER')); - $_SESSION['TRIGGER_DEBUG']['BREAKPAGE'] = $aNextStep['PAGE']; - $aNextStep['PAGE'] = $aNextStep['PAGE'] . '&breakpoint=triggerdebug'; - } - if (strpos( $aNextStep['PAGE'], 'TYPE=ASSIGN_TASK&UID=-1' ) !== false) { - G::SendMessageText( 'Fatal error in trigger', 'error' ); - } - global $oPMScript; - if (isset($oPMScript) && isset($_SESSION['APPLICATION'])) { - $oPMScript->aFields['__ERROR__'] = $aAux[0]; - $oCase->updateCase($_SESSION['APPLICATION'], array('APP_DATA' => $oPMScript->aFields)); - } - G::header( 'Location: ' . $aNextStep['PAGE'] ); - die(); - } - } - return $buffer; -} - -/* - * Register Error - * @param string $iType - * @param string $sError - * @param string $iLine - * @param string $sCode - * @return void - */ - -function registerError ($iType, $sError, $iLine, $sCode) -{ - $sType = ($iType == 1 ? 'ERROR' : 'FATAL'); - $_SESSION['TRIGGER_DEBUG']['ERRORS'][][$sType] = $sError . ($iLine > 0 ? ' (line ' . $iLine . ')' : '') . ':

' . $sCode; -} - -/** - * Obtain engine Data Base name - * - * @param type $connection - * @return type - */ -function getEngineDataBaseName ($connection) -{ - $aDNS = $connection->getDSN(); - return $aDNS["phptype"]; -} - -/** - * Execute Queries for Oracle Database - * - * @param type $sql - * @param type $connection - */ -function executeQueryOci ($sql, $connection, $aParameter = array(), $dbsEncode = "") -{ - $aDNS = $connection->getDSN(); - - $sUsername = $aDNS["username"]; - $sPassword = $aDNS["password"]; - $sHostspec = $aDNS["hostspec"]; - $sDatabse = $aDNS["database"]; - $sPort = $aDNS["port"]; - - if ($sPort != "1521") { - $flagTns = ($sDatabse == "" && ($sPort . "" == "" || $sPort . "" == "0"))? 1 : 0; - - if ($flagTns == 0) { - // if not default port - $conn = oci_connect($sUsername, $sPassword, $sHostspec . ":" . $sPort . "/" . $sDatabse, $dbsEncode); - } else { - $conn = oci_connect($sUsername, $sPassword, $sHostspec, $dbsEncode); - } - } else { - $conn = oci_connect( $sUsername, $sPassword, $sHostspec . "/" . $sDatabse, $dbsEncode); - } - - if (! $conn) { - $e = oci_error(); - trigger_error( htmlentities( $e['message'], ENT_QUOTES ), E_USER_ERROR ); - return $e; - } - - switch (true) { - case preg_match( "/^(SELECT|SHOW|DESCRIBE|DESC|WITH)\s/i", $sql ): - $stid = oci_parse( $conn, $sql ); - - if (count( $aParameter ) > 0) { - foreach ($aParameter as $key => $val) { - oci_bind_by_name( $stid, $key, $val ); - } - } - oci_execute( $stid, OCI_DEFAULT ); - - $result = Array (); - $i = 1; - while ($row = oci_fetch_array( $stid, OCI_ASSOC + OCI_RETURN_NULLS )) { - $result[$i ++] = $row; - } - oci_free_statement( $stid ); - oci_close( $conn ); - return $result; - break; - case preg_match( "/^(INSERT|UPDATE|DELETE)\s/i", $sql ): - $stid = oci_parse( $conn, $sql ); - $isValid = true; - if (count( $aParameter ) > 0) { - foreach ($aParameter as $key => $val) { - oci_bind_by_name( $stid, $key, $val ); - } - } - $objExecute = oci_execute( $stid, OCI_DEFAULT ); - $result = oci_num_rows ($stid); - if ($objExecute) { - oci_commit( $conn ); - } else { - oci_rollback( $conn ); - $isValid = false; - } - oci_free_statement( $stid ); - oci_close( $conn ); - if ($isValid) { - return $result; - } else { - return oci_error(); - } - break; - default: - // Stored procedures - $stid = oci_parse( $conn, $sql ); - $aParameterRet = array (); - if (count( $aParameter ) > 0) { - foreach ($aParameter as $key => $val) { - $aParameterRet[$key] = $val; - // The third parameter ($aParameterRet[$key]) returned a value by reference. - oci_bind_by_name( $stid, $key, $aParameterRet[$key] ); - } - } - $objExecute = oci_execute( $stid, OCI_DEFAULT ); - oci_free_statement( $stid ); - oci_close( $conn ); - return $aParameterRet; - break; - } -} +} \ No newline at end of file diff --git a/workflow/engine/classes/class.serverConfiguration.php b/workflow/engine/classes/class.serverConfiguration.php index 758748ed8..947c83a96 100644 --- a/workflow/engine/classes/class.serverConfiguration.php +++ b/workflow/engine/classes/class.serverConfiguration.php @@ -349,7 +349,7 @@ class serverConf $dbNetView = new NET(DB_HOST); $dbNetView->loginDbServer(DB_USER, DB_PASS); - $dbConns = new dbConnections(''); + $dbConns = new DbConnections(''); $availdb = ''; foreach ($dbConns->getDbServicesAvailables() as $key => $val) { if ($availdb != '') { diff --git a/workflow/engine/classes/class.xmlfield_InputPM.php b/workflow/engine/classes/class.xmlfield_InputPM.php index 64ba47382..5bd2d3814 100644 --- a/workflow/engine/classes/class.xmlfield_InputPM.php +++ b/workflow/engine/classes/class.xmlfield_InputPM.php @@ -531,7 +531,7 @@ function getVarsGrid ($proUid, $dynUid) $dynaformFields = array (); if (is_file( PATH_DATA . '/sites/'. SYS_SYS .'/xmlForms/'. $proUid .'/'.$dynUid. '.xml' ) && filesize( PATH_DATA . '/sites/'. SYS_SYS .'/xmlForms/'. $proUid .'/'. $dynUid .'.xml' ) > 0) { - $dyn = new dynaFormHandler( PATH_DATA . '/sites/'. SYS_SYS .'/xmlForms/' .$proUid. '/' . $dynUid .'.xml' ); + $dyn = new DynaformHandler( PATH_DATA . '/sites/'. SYS_SYS .'/xmlForms/' .$proUid. '/' . $dynUid .'.xml' ); $dynaformFields[] = $dyn->getFields(); } diff --git a/workflow/engine/classes/model/FieldCondition.php b/workflow/engine/classes/model/FieldCondition.php index 4cbb86a98..f6738be38 100644 --- a/workflow/engine/classes/model/FieldCondition.php +++ b/workflow/engine/classes/model/FieldCondition.php @@ -137,7 +137,7 @@ class FieldCondition extends BaseFieldCondition $oDynaform = DynaformPeer::retrieveByPk( $DYN_UID ); $PRO_UID = $oDynaform->getProUid(); - $this->oDynaformHandler = new dynaFormHandler( PATH_DYNAFORM . "$PRO_UID/$DYN_UID" . '.xml' ); + $this->oDynaformHandler = new DynaformHandler( PATH_DYNAFORM . "$PRO_UID/$DYN_UID" . '.xml' ); $aDynaformFields = $this->oDynaformHandler->getFieldNames(); for ($i = 0; $i < count( $aDynaformFields ); $i ++) { $aDynaformFields[$i] = "'$aDynaformFields[$i]'"; diff --git a/workflow/engine/classes/model/Language.php b/workflow/engine/classes/model/Language.php index 481ca6b16..ceed78a4b 100644 --- a/workflow/engine/classes/model/Language.php +++ b/workflow/engine/classes/model/Language.php @@ -247,7 +247,7 @@ class Language extends BaseLanguage } - $dynaform = new dynaFormHandler( PATH_XMLFORM . $xmlForm ); + $dynaform = new DynaformHandler( PATH_XMLFORM . $xmlForm ); $fieldName = $match[2]; $codes = explode( '-', $reference ); @@ -460,7 +460,7 @@ class Language extends BaseLanguage $xmlFormFile = str_replace( chr( 92 ), '/', $xmlFormPath ); $xmlFormFile = str_replace( PATH_XMLFORM, '', $xmlFormPath ); - $dynaForm = new dynaFormHandler( $xmlFormPath ); + $dynaForm = new DynaformHandler( $xmlFormPath ); $dynaNodes = $dynaForm->getFields(); @@ -635,7 +635,7 @@ class Language extends BaseLanguage } - $dynaform = new dynaFormHandler( PATH_PLUGINS . $plugin . PATH_SEP . $xmlForm ); + $dynaform = new DynaformHandler( PATH_PLUGINS . $plugin . PATH_SEP . $xmlForm ); $fieldName = $match[2]; $codes = explode( '-', $reference ); @@ -753,7 +753,7 @@ class Language extends BaseLanguage foreach ($aXMLForms as $xmlFormPath) { $xmlFormFile = str_replace( chr( 92 ), '/', $xmlFormPath ); $xmlFormFile = str_replace( PATH_PLUGINS . $plugin . PATH_SEP , '', $xmlFormPath ); - $dynaForm = new dynaFormHandler( $xmlFormPath ); + $dynaForm = new DynaformHandler( $xmlFormPath ); $dynaNodes = $dynaForm->getFields(); //get all fields of each xmlform foreach ($dynaNodes as $oNode) { diff --git a/workflow/engine/classes/model/ListParticipatedLast.php b/workflow/engine/classes/model/ListParticipatedLast.php index ce7321e43..487ade2ad 100644 --- a/workflow/engine/classes/model/ListParticipatedLast.php +++ b/workflow/engine/classes/model/ListParticipatedLast.php @@ -49,19 +49,24 @@ class ListParticipatedLast extends BaseListParticipatedLast $data['DEL_CURRENT_USR_FIRSTNAME'] = $aRow['USR_FIRSTNAME']; $data['DEL_CURRENT_USR_LASTNAME'] = $aRow['USR_LASTNAME']; $data['DEL_CURRENT_TAS_TITLE'] = $data['APP_TAS_TITLE']; + $currentInformation = array( + 'DEL_CURRENT_USR_USERNAME' => $data['DEL_CURRENT_USR_USERNAME'], + 'DEL_CURRENT_USR_FIRSTNAME' => $data['DEL_CURRENT_USR_FIRSTNAME'], + 'DEL_CURRENT_USR_LASTNAME' => $data['DEL_CURRENT_USR_LASTNAME'], + 'DEL_CURRENT_TAS_TITLE' => $data['APP_TAS_TITLE'] + ); } } else { $getData['USR_UID'] = $data['USR_UID_CURRENT']; $getData['APP_UID'] = $data['APP_UID']; $row = $this->getRowFromList($getData); if (is_array($row) && sizeof($row)) { - $set = array( + $currentInformation = array( 'DEL_CURRENT_USR_USERNAME' => '', 'DEL_CURRENT_USR_FIRSTNAME' => '', 'DEL_CURRENT_USR_LASTNAME' => '', - 'APP_TAS_TITLE' => $data['APP_TAS_TITLE'], - 'DEL_CURRENT_TAS_TITLE' => $data['APP_TAS_TITLE'], ); - $this->updateCurrentUser($row, $set); + 'DEL_CURRENT_TAS_TITLE' => $data['APP_TAS_TITLE'] + ); } } @@ -84,6 +89,9 @@ class ListParticipatedLast extends BaseListParticipatedLast if (!empty($data['APP_STATUS'])) { $data['APP_STATUS_ID'] = Application::$app_status_values[$data['APP_STATUS']]; } + //We will update the current information + $this->updateCurrentInfoByAppUid($data['APP_UID'], $currentInformation); + $con = Propel::getConnection(ListParticipatedLastPeer::DATABASE_NAME); try { $this->fromArray($data, BasePeer::TYPE_FIELDNAME); @@ -103,6 +111,27 @@ class ListParticipatedLast extends BaseListParticipatedLast } } + /** + * This function update the row related to the appUid with the current information + * @param string $appUid + * @param array $currentInformation + * @return void + */ + private function updateCurrentInfoByAppUid($appUid, $currentInformation) + { + //Update - WHERE + $criteriaWhere = new Criteria('workflow'); + $criteriaWhere->add(ListParticipatedLastPeer::APP_UID, $appUid, Criteria::EQUAL); + //Update - SET + $criteriaSet = new Criteria('workflow'); + $criteriaSet->add(ListParticipatedLastPeer::DEL_CURRENT_USR_USERNAME, $currentInformation['DEL_CURRENT_USR_USERNAME']); + $criteriaSet->add(ListParticipatedLastPeer::DEL_CURRENT_USR_FIRSTNAME, $currentInformation['DEL_CURRENT_USR_FIRSTNAME']); + $criteriaSet->add(ListParticipatedLastPeer::DEL_CURRENT_USR_LASTNAME, $currentInformation['DEL_CURRENT_USR_LASTNAME']); + $criteriaSet->add(ListParticipatedLastPeer::DEL_CURRENT_TAS_TITLE, $currentInformation['DEL_CURRENT_TAS_TITLE']); + + BasePeer::doUpdate($criteriaWhere, $criteriaSet, Propel::getConnection('workflow')); + } + /** * Update List Participated History Table. * @@ -448,22 +477,6 @@ class ListParticipatedLast extends BaseListParticipatedLast return false; } - public function updateCurrentUser($where, $set) - { - $con = Propel::getConnection('workflow'); - //Update - WHERE - $criteriaWhere = new Criteria('workflow'); - $criteriaWhere->add(ListParticipatedLastPeer::APP_UID, $where['APP_UID'], Criteria::EQUAL); - $criteriaWhere->add(ListParticipatedLastPeer::USR_UID, $where['USR_UID'], Criteria::EQUAL); - $criteriaWhere->add(ListParticipatedLastPeer::DEL_INDEX, $where['DEL_INDEX'], Criteria::EQUAL); - //Update - SET - $criteriaSet = new Criteria('workflow'); - foreach ($set as $k => $v) { - eval('$criteriaSet->add( ListParticipatedLastPeer::'.$k.',$v, Criteria::EQUAL);'); - } - BasePeer::doUpdate($criteriaWhere, $criteriaSet, $con); - } - /** * Returns the number of cases of a user. * diff --git a/workflow/engine/classes/model/Step.php b/workflow/engine/classes/model/Step.php index 3edaba75f..b8932d45e 100644 --- a/workflow/engine/classes/model/Step.php +++ b/workflow/engine/classes/model/Step.php @@ -374,7 +374,7 @@ class Step extends BaseStep while ($oDataset->next()) { $aRow1 = $oDataset->getRow(); //print_r($aRow1); - $dynHandler = new dynaFormHandler(PATH_DYNAFORM . $sproUid . PATH_SEP . $aRow1["DYN_UID"] . ".xml"); + $dynHandler = new DynaformHandler(PATH_DYNAFORM . $sproUid . PATH_SEP . $aRow1["DYN_UID"] . ".xml"); $dynFields = $dynHandler->getFields(); $sxmlgrid = ''; $sType = ''; @@ -477,7 +477,7 @@ class Step extends BaseStep $oDataset->next(); while ($aRow = $oDataset->getRow()) { if ($aRow['DYN_TYPE'] == 'xmlform') { - $dynHandler = new dynaFormHandler( PATH_DYNAFORM . $aRow['DYN_FILENAME'] . ".xml" ); + $dynHandler = new DynaformHandler( PATH_DYNAFORM . $aRow['DYN_FILENAME'] . ".xml" ); $dynFields = $dynHandler->getFields(); $sxmlgrid = ''; $sType = ''; @@ -547,7 +547,7 @@ class Step extends BaseStep while ($oDataset->next()) { $aRow1 = $oDataset->getRow(); - $dynHandler = new dynaFormHandler( PATH_DYNAFORM . $sproUid . "/" . $sObjUID . ".xml" ); + $dynHandler = new DynaformHandler( PATH_DYNAFORM . $sproUid . "/" . $sObjUID . ".xml" ); $dynFields = $dynHandler->getFields(); $sxmlgrid = ''; $sType = ''; diff --git a/workflow/engine/classes/model/Users.php b/workflow/engine/classes/model/Users.php index b2b6e261c..eb92a080f 100644 --- a/workflow/engine/classes/model/Users.php +++ b/workflow/engine/classes/model/Users.php @@ -490,4 +490,23 @@ class Users extends BaseUsers $criteria->add(UsersPeer::USR_ID, $id); return UsersPeer::doSelect($criteria)[0]; } + + /** + * {@inheritdoc} except USR_PASSWORD, for security reasons. + * + * @param string $keyType One of the class type constants TYPE_PHPNAME, + * TYPE_COLNAME, TYPE_FIELDNAME, TYPE_NUM + * @return an associative array containing the field names (as keys) and field values + */ + public function toArray($keyType = BasePeer::TYPE_PHPNAME) + { + $key = UsersPeer::translateFieldName( + UsersPeer::USR_PASSWORD, + BasePeer::TYPE_COLNAME, + $keyType + ); + $array = parent::toArray($keyType); + unset($array[$key]); + return $array; + } } diff --git a/workflow/engine/controllers/admin.php b/workflow/engine/controllers/admin.php index f743e064a..bba49987b 100644 --- a/workflow/engine/controllers/admin.php +++ b/workflow/engine/controllers/admin.php @@ -233,7 +233,7 @@ class Admin extends Controller $dbNetView = new NET( DB_HOST ); $dbNetView->loginDbServer( DB_USER, DB_PASS ); - $dbConns = new dbConnections( '' ); + $dbConns = new DbConnections( '' ); $availdb = ''; foreach ($dbConns->getDbServicesAvailables() as $key => $val) { if ($availdb != '') { diff --git a/workflow/engine/controllers/main.php b/workflow/engine/controllers/main.php index 82baf7927..2aa238393 100644 --- a/workflow/engine/controllers/main.php +++ b/workflow/engine/controllers/main.php @@ -696,7 +696,7 @@ class Main extends Controller $dbNetView = new NET( DB_HOST ); $dbNetView->loginDbServer( DB_USER, DB_PASS ); - $dbConns = new dbConnections( '' ); + $dbConns = new DbConnections( '' ); $availdb = ''; foreach ($dbConns->getDbServicesAvailables() as $key => $val) { if ($availdb != '') { diff --git a/workflow/engine/controllers/pmTables.php b/workflow/engine/controllers/pmTables.php index 4d1099d80..5ed01b43d 100644 --- a/workflow/engine/controllers/pmTables.php +++ b/workflow/engine/controllers/pmTables.php @@ -152,6 +152,11 @@ class pmTables extends Controller $sFileName = $httpData->f; $realPath = $PUBLIC_ROOT_PATH . $sFileName; + + if ($this->isValidFileToBeStreamed($sFileName) === false) { + throw new Exception("You are trying to access an unauthorized resource."); + } + G::streamFile( $realPath, true ); unlink( $realPath ); } @@ -206,5 +211,32 @@ class pmTables extends Controller $tableSize = $tableSize - 8; // Prefix PMT_ return $tableSize; } + + /** + * Validates if the file with the $fileName is a valid one, + * that is, it must be a file without relative references that + * can open a door to get some unauthorized system file and + * must have one of the valid file extensions. + * + * @param $fileName, emporal file name that will be streamed + * @return bool + */ + private function isValidFileToBeStreamed($fileName) + { + $result = true; + $validExtensionsForExporting = ['csv', 'pmt']; + + $pathInfo = pathinfo($fileName); + + if ($pathInfo['dirname'] !== '.') { + $result = false; + } + + if (!in_array($pathInfo['extension'], $validExtensionsForExporting)) { + $result = false; + } + + return $result; + } } diff --git a/workflow/engine/controllers/pmTablesProxy.php b/workflow/engine/controllers/pmTablesProxy.php index 88e1da2b3..cf0002ec1 100644 --- a/workflow/engine/controllers/pmTablesProxy.php +++ b/workflow/engine/controllers/pmTablesProxy.php @@ -1269,7 +1269,7 @@ class pmTablesProxy extends HttpProxyController while ($aRow = $oDataset->getRow()) { if (file_exists( PATH_DYNAFORM . PATH_SEP . $aRow['DYN_FILENAME'] . '.xml' )) { - $dynaformHandler = new dynaformHandler( PATH_DYNAFORM . $aRow['DYN_FILENAME'] . '.xml' ); + $dynaformHandler = new DynaformHandler( PATH_DYNAFORM . $aRow['DYN_FILENAME'] . '.xml' ); $nodeFieldsList = $dynaformHandler->getFields(); foreach ($nodeFieldsList as $node) { @@ -1579,7 +1579,7 @@ class pmTablesProxy extends HttpProxyController } } } else { - $dynaformHandler = new dynaformHandler(PATH_DYNAFORM . $record['DYN_FILENAME'] . '.xml'); + $dynaformHandler = new DynaformHandler(PATH_DYNAFORM . $record['DYN_FILENAME'] . '.xml'); $nodeFieldsList = $dynaformHandler->getFields(); foreach ($nodeFieldsList as $node) { diff --git a/workflow/engine/methods/cases/cases_Step.php b/workflow/engine/methods/cases/cases_Step.php index 03e9226cb..e441a828e 100644 --- a/workflow/engine/methods/cases/cases_Step.php +++ b/workflow/engine/methods/cases/cases_Step.php @@ -325,7 +325,7 @@ try { * Added By erik 16-05-08 * Description: this was added for the additional database connections */ - $oDbConnections = new dbConnections( $_SESSION['PROCESS'] ); + $oDbConnections = new DbConnections( $_SESSION['PROCESS'] ); $oDbConnections->loadAdditionalConnections(); $_SESSION['CURRENT_DYN_UID'] = $_GET['UID']; @@ -1146,7 +1146,7 @@ try { * Description: this was added for the additional database connections */ - $oDbConnections = new dbConnections( $_SESSION['PROCESS'] ); + $oDbConnections = new DbConnections( $_SESSION['PROCESS'] ); $oDbConnections->loadAdditionalConnections(); $stepFilename = "$sNamespace/$sStepName"; G::evalJScript( " diff --git a/workflow/engine/methods/cases/cases_StepToRevise.php b/workflow/engine/methods/cases/cases_StepToRevise.php index 7e413838d..4c94f1672 100644 --- a/workflow/engine/methods/cases/cases_StepToRevise.php +++ b/workflow/engine/methods/cases/cases_StepToRevise.php @@ -139,7 +139,7 @@ if (! isset( $_GET['ex'] )) { $_GET['ex'] = $_GET['position']; } -$oDbConnections = new dbConnections( $_SESSION['PROCESS'] ); +$oDbConnections = new DbConnections( $_SESSION['PROCESS'] ); $oDbConnections->loadAdditionalConnections(); $G_PUBLISH = new Publisher(); diff --git a/workflow/engine/methods/cases/summary.php b/workflow/engine/methods/cases/summary.php index 7209117a5..9e2a1ba43 100644 --- a/workflow/engine/methods/cases/summary.php +++ b/workflow/engine/methods/cases/summary.php @@ -75,7 +75,7 @@ try { } if (file_exists( PATH_DYNAFORM . $applicationFields['PRO_UID'] . PATH_SEP . $_REQUEST['DYN_UID'] . '.xml' )) { $_SESSION['PROCESS'] = $applicationFields['PRO_UID']; - $dbConnections = new dbConnections( $_SESSION['PROCESS'] ); + $dbConnections = new DbConnections( $_SESSION['PROCESS'] ); $dbConnections->loadAdditionalConnections(); $_SESSION['CURRENT_DYN_UID'] = $_REQUEST['DYN_UID']; diff --git a/workflow/engine/methods/dbConnections/dbConnectionsAjax.php b/workflow/engine/methods/dbConnections/dbConnectionsAjax.php index 41e23c236..44b1dbc84 100644 --- a/workflow/engine/methods/dbConnections/dbConnectionsAjax.php +++ b/workflow/engine/methods/dbConnections/dbConnectionsAjax.php @@ -93,7 +93,7 @@ switch ($action) { G::RenderPage( 'publish', 'raw' ); break; case 'newDdConnection': - $dbs = new dbConnections( $_SESSION['PROCESS'] ); + $dbs = new DbConnections( $_SESSION['PROCESS'] ); $dbServices = $dbs->getDbServicesAvailables(); $dbService = $dbs->getEncondeList(); @@ -115,7 +115,7 @@ switch ($action) { G::RenderPage( 'publish', 'raw' ); break; case 'editDdConnection': - $dbs = new dbConnections( $_SESSION['PROCESS'] ); + $dbs = new DbConnections( $_SESSION['PROCESS'] ); $dbServices = $dbs->getDbServicesAvailables(); $rows[] = array ('uid' => 'char','name' => 'char' @@ -343,7 +343,7 @@ switch ($action) { $engine = $_POST['engine']; if ($engine != "0") { - $dbs = new dbConnections(); + $dbs = new DbConnections(); $var = Bootstrap::json_encode($dbs->getEncondeList($filter->xssFilterHard($engine))); G::outRes($var); diff --git a/workflow/engine/methods/dbConnections/genericDbConnections.php b/workflow/engine/methods/dbConnections/genericDbConnections.php index fff0c3a66..eb85b848d 100644 --- a/workflow/engine/methods/dbConnections/genericDbConnections.php +++ b/workflow/engine/methods/dbConnections/genericDbConnections.php @@ -9,7 +9,7 @@ if (isset( $_SESSION['PROCESS'] )) { $pro = include (PATH_CORE . "config/databases.php"); - $oDbConnections = new dbConnections( $_SESSION['PROCESS'] ); + $oDbConnections = new DbConnections( $_SESSION['PROCESS'] ); foreach ($oDbConnections->connections as $db) { $db['DBS_PASSWORD'] = $oDbConnections->getPassWithoutEncrypt( $db ); diff --git a/workflow/engine/methods/dynaforms/conditionalShowHide_Ajax.php b/workflow/engine/methods/dynaforms/conditionalShowHide_Ajax.php index f1578448e..1653d5c5b 100644 --- a/workflow/engine/methods/dynaforms/conditionalShowHide_Ajax.php +++ b/workflow/engine/methods/dynaforms/conditionalShowHide_Ajax.php @@ -54,7 +54,7 @@ try { $sFilter = isset( $_POST['filter'] ) ? $_POST['filter'] : ''; //$oJSON = new Services_JSON(); - $oDynaformHandler = new dynaFormHandler( PATH_DYNAFORM . $_DYN_FILENAME . '.xml' ); + $oDynaformHandler = new DynaformHandler( PATH_DYNAFORM . $_DYN_FILENAME . '.xml' ); $aFilter = explode( ',', $sFilter ); @@ -68,7 +68,7 @@ try { $_DYN_FILENAME = $_SESSION['Current_Dynafom']['Parameters']['FILE']; $sFilter = isset( $_POST['filter'] ) ? $_POST['filter'] : ''; - $oDynaformHandler = new dynaFormHandler( PATH_DYNAFORM . $_DYN_FILENAME . '.xml' ); + $oDynaformHandler = new DynaformHandler( PATH_DYNAFORM . $_DYN_FILENAME . '.xml' ); $aFilter = explode( ',', $sFilter ); $aAvailableFields = $oDynaformHandler->getFieldNames( $aFilter ); diff --git a/workflow/engine/methods/dynaforms/fieldsHandlerAjax.php b/workflow/engine/methods/dynaforms/fieldsHandlerAjax.php index afb15fdd5..1da0a13d5 100644 --- a/workflow/engine/methods/dynaforms/fieldsHandlerAjax.php +++ b/workflow/engine/methods/dynaforms/fieldsHandlerAjax.php @@ -38,7 +38,7 @@ switch ($request) { $tmpfilename = $filter->xssFilterHard($tmpfilename); - $o = new dynaFormHandler( PATH_DYNAFORM . "{$tmpfilename}.xml" ); + $o = new DynaformHandler( PATH_DYNAFORM . "{$tmpfilename}.xml" ); $list_elements = explode( ',', $items ); @@ -59,7 +59,7 @@ switch ($request) { $tmpfilename = $_SESSION['Current_Dynafom']['Parameters']['FILE']; $tmpfilename = $filter->xssFilterHard($tmpfilename); - $o = new dynaFormHandler( PATH_DYNAFORM . "{$tmpfilename}.xml" ); + $o = new DynaformHandler( PATH_DYNAFORM . "{$tmpfilename}.xml" ); $hidden_items = Array (); $has_hidden_items = false; diff --git a/workflow/engine/methods/emailServer/emailServerAjax.php b/workflow/engine/methods/emailServer/emailServerAjax.php index 78dc6c652..6f3c246e3 100644 --- a/workflow/engine/methods/emailServer/emailServerAjax.php +++ b/workflow/engine/methods/emailServer/emailServerAjax.php @@ -1,8 +1,8 @@ allows(basename(__FILE__), $option); switch ($option) { case "INS": $arrayData = array(); diff --git a/workflow/engine/methods/login/login.php b/workflow/engine/methods/login/login.php index d06ec840e..80e7e6efb 100644 --- a/workflow/engine/methods/login/login.php +++ b/workflow/engine/methods/login/login.php @@ -33,10 +33,23 @@ if ($browserSupported==false){ /*----------------------------------********---------------------------------*/ $aFields = array(); -if (!isset($_GET['u'])) { - $aFields['URL'] = ''; -} else { - $aFields['URL'] = htmlspecialchars(addslashes(stripslashes(strip_tags(trim(urldecode($_GET['u'])))))); +//Validated redirect url +$aFields['URL'] = ''; +if (!empty($_GET['u'])) { + //clean url with protocols + $flagUrl = true; + //Most used protocols + $protocols = ['https://', 'http://', 'ftp://', 'sftp://','smb://', 'file:', 'mailto:']; + foreach ($protocols as $protocol) { + if (strpos($_GET['u'], $protocol) !== false) { + $_GET['u'] = ''; + $flagUrl = false; + break; + } + } + if ($flagUrl) { + $aFields['URL'] = htmlspecialchars(addslashes(stripslashes(strip_tags(trim(urldecode($_GET['u'])))))); + } } if (!isset($_SESSION['G_MESSAGE'])) { diff --git a/workflow/engine/methods/mails/emailsAjax.php b/workflow/engine/methods/mails/emailsAjax.php index fc8a1fde1..5b88d963b 100644 --- a/workflow/engine/methods/mails/emailsAjax.php +++ b/workflow/engine/methods/mails/emailsAjax.php @@ -1,23 +1,33 @@ userCanAccess('PM_LOGIN')) { + case -2: + throw new RBACException('ID_USER_HAVENT_RIGHTS_SYSTEM', -2); + break; + case -1: + throw new RBACException('ID_USER_HAVENT_RIGHTS_PAGE', -1); + break; +} +$RBAC->allows(basename(__FILE__), $req); + +switch ($req) { case 'MessageList': - $start = (isset($_REQUEST['start']))? $_REQUEST['start'] : '0'; - $limit = (isset($_REQUEST['limit']))? $_REQUEST['limit'] : '25'; - $proUid = (isset($_REQUEST['process']))? $_REQUEST['process'] : ''; - $eventype = (isset($_REQUEST['type']))? $_REQUEST['type'] : ''; - $emailStatus = (isset($_REQUEST['status']))? $_REQUEST['status'] : ''; - $sort = isset($_REQUEST['sort']) ? $_REQUEST['sort'] : ''; - $dir = isset($_REQUEST['dir']) ? $_REQUEST['dir'] : 'ASC'; - $dateFrom = isset( $_POST["dateFrom"] ) ? substr( $_POST["dateFrom"], 0, 10 ) : ""; - $dateTo = isset( $_POST["dateTo"] ) ? substr( $_POST["dateTo"], 0, 10 ) : ""; - $filterBy = (isset($_REQUEST['filterBy']))? $_REQUEST['filterBy'] : 'ALL'; + $start = (isset($_REQUEST['start'])) ? $_REQUEST['start'] : '0'; + $limit = (isset($_REQUEST['limit'])) ? $_REQUEST['limit'] : '25'; + $proUid = (isset($_REQUEST['process'])) ? $_REQUEST['process'] : ''; + $eventype = (isset($_REQUEST['type'])) ? $_REQUEST['type'] : ''; + $emailStatus = (isset($_REQUEST['status'])) ? $_REQUEST['status'] : ''; + $sort = isset($_REQUEST['sort']) ? $_REQUEST['sort'] : ''; + $dir = isset($_REQUEST['dir']) ? $_REQUEST['dir'] : 'ASC'; + $dateFrom = isset($_POST["dateFrom"]) ? substr($_POST["dateFrom"], 0, 10) : ""; + $dateTo = isset($_POST["dateTo"]) ? substr($_POST["dateTo"], 0, 10) : ""; + $filterBy = (isset($_REQUEST['filterBy'])) ? $_REQUEST['filterBy'] : 'ALL'; $response = new stdclass(); $response->status = 'OK'; @@ -28,10 +38,10 @@ switch($req){ $criteria->addJoin(AppMessagePeer::APP_UID, ApplicationPeer::APP_UID, Criteria::LEFT_JOIN); if ($emailStatus != '') { - $criteria->add( AppMessagePeer::APP_MSG_STATUS, $emailStatus); + $criteria->add(AppMessagePeer::APP_MSG_STATUS, $emailStatus); } if ($proUid != '') { - $criteria->add( ApplicationPeer::PRO_UID, $proUid); + $criteria->add(ApplicationPeer::PRO_UID, $proUid); } $arrayType = []; @@ -39,7 +49,7 @@ switch($req){ $pluginRegistry = PMPluginRegistry::getSingleton(); $statusEr = $pluginRegistry->getStatusPlugin('externalRegistration'); - $flagEr = (preg_match('/^enabled$/', $statusEr))? 1 : 0; + $flagEr = (preg_match('/^enabled$/', $statusEr)) ? 1 : 0; if ($flagEr == 0) { $arrayType[] = 'EXTERNAL_REGISTRATION'; @@ -73,14 +83,14 @@ switch($req){ $dateTo = $dateTo . " 23:59:59"; } - $criteria->add( $criteria->getNewCriterion( AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL )->addAnd( $criteria->getNewCriterion( AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL ) ) ); + $criteria->add($criteria->getNewCriterion(AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL)->addAnd($criteria->getNewCriterion(AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL))); } else { $dateFrom = $dateFrom . " 00:00:00"; - $criteria->add( AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL ); + $criteria->add(AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL); } } elseif ($dateTo != "") { $dateTo = $dateTo . " 23:59:59"; - $criteria->add( AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL ); + $criteria->add(AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL); } //Number records total @@ -118,10 +128,10 @@ switch($req){ $criteria->addSelectColumn(ProcessPeer::PRO_TITLE); if ($emailStatus != '') { - $criteria->add( AppMessagePeer::APP_MSG_STATUS, $emailStatus); + $criteria->add(AppMessagePeer::APP_MSG_STATUS, $emailStatus); } if ($proUid != '') { - $criteria->add( ApplicationPeer::PRO_UID, $proUid); + $criteria->add(ApplicationPeer::PRO_UID, $proUid); } switch ($filterBy) { @@ -152,24 +162,27 @@ switch($req){ $dateTo = $dateTo . " 23:59:59"; } - $criteria->add( $criteria->getNewCriterion( AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL )->addAnd( $criteria->getNewCriterion( AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL ) ) ); + $criteria->add($criteria->getNewCriterion(AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL)->addAnd($criteria->getNewCriterion(AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL))); } else { $dateFrom = $dateFrom . " 00:00:00"; - $criteria->add( AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL ); + $criteria->add(AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL); } } elseif ($dateTo != "") { $dateTo = $dateTo . " 23:59:59"; - $criteria->add( AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL ); + $criteria->add(AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL); } if ($sort != '') { + if (!in_array($sort, AppMessagePeer::getFieldNames(BasePeer::TYPE_FIELDNAME))) { + throw new Exception(G::LoadTranslation('ID_INVALID_VALUE_FOR', array('$sort'))); + } if ($dir == 'ASC') { $criteria->addAscendingOrderByColumn($sort); } else { $criteria->addDescendingOrderByColumn($sort); } } else { - $oCriteria->addDescendingOrderByColumn(AppMessagePeer::APP_MSG_SEND_DATE ); + $oCriteria->addDescendingOrderByColumn(AppMessagePeer::APP_MSG_SEND_DATE); } if ($limit != '') { $criteria->setLimit($limit); @@ -187,60 +200,60 @@ switch($req){ $index = 1; $content = new Content(); $tasTitleDefault = G::LoadTranslation('ID_TASK_NOT_RELATED'); - while ( $result->next() ) { + while ($result->next()) { $row = $result->getRow(); - $row['APP_MSG_FROM'] =htmlentities($row['APP_MSG_FROM'], ENT_QUOTES, "UTF-8"); - $row['APP_MSG_STATUS'] = ucfirst ( $row['APP_MSG_STATUS']); + $row['APP_MSG_FROM'] = htmlentities($row['APP_MSG_FROM'], ENT_QUOTES, "UTF-8"); + $row['APP_MSG_STATUS'] = ucfirst($row['APP_MSG_STATUS']); switch ($filterBy) { - case 'CASES': - if ($row['DEL_INDEX'] != 0) { - $index = $row['DEL_INDEX']; - } + case 'CASES': + if ($row['DEL_INDEX'] != 0) { + $index = $row['DEL_INDEX']; + } - $criteria = new Criteria(); + $criteria = new Criteria(); - $criteria->addSelectColumn(AppCacheViewPeer::APP_TITLE); - $criteria->addSelectColumn(AppCacheViewPeer::APP_TAS_TITLE); - $criteria->add(AppCacheViewPeer::APP_UID, $row['APP_UID'], Criteria::EQUAL); - $criteria->add(AppCacheViewPeer::DEL_INDEX, $index, Criteria::EQUAL); + $criteria->addSelectColumn(AppCacheViewPeer::APP_TITLE); + $criteria->addSelectColumn(AppCacheViewPeer::APP_TAS_TITLE); + $criteria->add(AppCacheViewPeer::APP_UID, $row['APP_UID'], Criteria::EQUAL); + $criteria->add(AppCacheViewPeer::DEL_INDEX, $index, Criteria::EQUAL); - $resultCacheView = AppCacheViewPeer::doSelectRS($criteria); - $resultCacheView->setFetchmode(ResultSet::FETCHMODE_ASSOC); + $resultCacheView = AppCacheViewPeer::doSelectRS($criteria); + $resultCacheView->setFetchmode(ResultSet::FETCHMODE_ASSOC); - $row['APP_TITLE'] = '-'; + $row['APP_TITLE'] = '-'; - while ($resultCacheView->next()) { - $rowCacheView = $resultCacheView->getRow(); - $row['APP_TITLE'] = $rowCacheView['APP_TITLE']; - $row['TAS_TITLE'] = $rowCacheView['APP_TAS_TITLE']; - } + while ($resultCacheView->next()) { + $rowCacheView = $resultCacheView->getRow(); + $row['APP_TITLE'] = $rowCacheView['APP_TITLE']; + $row['TAS_TITLE'] = $rowCacheView['APP_TAS_TITLE']; + } - if ($row['DEL_INDEX'] == 0) { - $row['TAS_TITLE'] = $tasTitleDefault; - } - break; - case 'TEST': - $row['PRO_UID'] = ''; - $row['APP_NUMBER'] = ''; - $row['PRO_TITLE'] = ''; - $row['APP_TITLE'] = ''; - $row['TAS_TITLE'] = ''; - break; - case 'EXTERNAL-REGISTRATION': - $row['PRO_UID'] = ''; - $row['APP_NUMBER'] = ''; - $row['PRO_TITLE'] = ''; - $row['APP_TITLE'] = ''; - $row['TAS_TITLE'] = ''; - break; + if ($row['DEL_INDEX'] == 0) { + $row['TAS_TITLE'] = $tasTitleDefault; + } + break; + case 'TEST': + $row['PRO_UID'] = ''; + $row['APP_NUMBER'] = ''; + $row['PRO_TITLE'] = ''; + $row['APP_TITLE'] = ''; + $row['TAS_TITLE'] = ''; + break; + case 'EXTERNAL-REGISTRATION': + $row['PRO_UID'] = ''; + $row['APP_NUMBER'] = ''; + $row['PRO_TITLE'] = ''; + $row['APP_TITLE'] = ''; + $row['TAS_TITLE'] = ''; + break; } $data[] = $row; } $response = array(); $response['totalCount'] = $totalCount; - $response['data'] = $data; + $response['data'] = $data; die(G::json_encode($response)); break; case 'updateStatusMessage': diff --git a/workflow/engine/methods/processCategory/processCategoryList.php b/workflow/engine/methods/processCategory/processCategoryList.php index 3c819b354..496f1ca21 100644 --- a/workflow/engine/methods/processCategory/processCategoryList.php +++ b/workflow/engine/methods/processCategory/processCategoryList.php @@ -21,14 +21,18 @@ * For more information, contact Colosa Inc, 2566 Le Jeune Rd., * Coral Gables, FL, 33134, USA, or email info@colosa.com. */ -if ($RBAC->userCanAccess( 'PM_SETUP' ) != 1 && $RBAC->userCanAccess( 'PM_SETUP_ADVANCE' ) != 1) { - G::SendTemporalMessage( 'krlos', 'error', 'labels' ); - die(); + +use ProcessMaker\Exception\RBACException; + +/** @var RBAC $RBAC */ +global $RBAC; +if ($RBAC->userCanAccess('PM_SETUP') != 1 && $RBAC->userCanAccess('PM_SETUP_PROCESS_CATEGORIES') != 1) { + throw new RBACException('ID_USER_HAVENT_RIGHTS_PAGE', -1); } $c = new Configurations(); -$configPage = $c->getConfiguration( 'processCategoryList', 'pageSize', '', $_SESSION['USER_LOGGED'] ); -$Config['pageSize'] = isset( $configPage['pageSize'] ) ? $configPage['pageSize'] : 20; +$configPage = $c->getConfiguration('processCategoryList', 'pageSize', '', $_SESSION['USER_LOGGED']); +$Config['pageSize'] = isset($configPage['pageSize']) ? $configPage['pageSize'] : 20; $G_MAIN_MENU = 'workflow'; $G_SUB_MENU = 'processCategory'; @@ -37,9 +41,9 @@ $G_ID_SUB_MENU_SELECTED = ''; $G_PUBLISH = new Publisher(); -$oHeadPublisher = & headPublisher::getSingleton(); -$oHeadPublisher->addExtJsScript( 'processCategory/processCategoryList', false ); //adding a javascript file .js -$oHeadPublisher->addContent( 'processCategory/processCategoryList' ); //adding a html file .html. -$oHeadPublisher->assign( 'FORMATS', $c->getFormats() ); -$oHeadPublisher->assign( 'CONFIG', $Config ); -G::RenderPage( 'publish', 'extJs' ); \ No newline at end of file +$oHeadPublisher = &headPublisher::getSingleton(); +$oHeadPublisher->addExtJsScript('processCategory/processCategoryList', false); //adding a javascript file .js +$oHeadPublisher->addContent('processCategory/processCategoryList'); //adding a html file .html. +$oHeadPublisher->assign('FORMATS', $c->getFormats()); +$oHeadPublisher->assign('CONFIG', $Config); +G::RenderPage('publish', 'extJs'); \ No newline at end of file diff --git a/workflow/engine/methods/processCategory/processCategory_Ajax.php b/workflow/engine/methods/processCategory/processCategory_Ajax.php index 74d529ede..398cd036a 100644 --- a/workflow/engine/methods/processCategory/processCategory_Ajax.php +++ b/workflow/engine/methods/processCategory/processCategory_Ajax.php @@ -22,158 +22,171 @@ * Coral Gables, FL, 33134, USA, or email info@colosa.com. */ -if (isset( $_REQUEST['action'] )) { +use ProcessMaker\Exception\RBACException; + +/** @var RBAC $RBAC */ +global $RBAC; +switch ($RBAC->userCanAccess('PM_LOGIN')) { + case -2: + throw new RBACException('ID_USER_HAVENT_RIGHTS_SYSTEM', -2); + break; + case -1: + throw new RBACException('ID_USER_HAVENT_RIGHTS_PAGE', -1); + break; +} +$RBAC->allows(basename(__FILE__), $_REQUEST['action']); + +if (isset($_REQUEST['action'])) { switch ($_REQUEST['action']) { case 'processCategoryList': $co = new Configurations(); - $config = $co->getConfiguration( 'processCategoryList', 'pageSize', '', $_SESSION['USER_LOGGED'] ); - $limit_size = isset( $config['pageSize'] ) ? $config['pageSize'] : 20; + $config = $co->getConfiguration('processCategoryList', 'pageSize', '', $_SESSION['USER_LOGGED']); + $limit_size = isset($config['pageSize']) ? $config['pageSize'] : 20; - $start = isset( $_POST['start'] ) ? $_POST['start'] : 0; - $limit = isset( $_POST['limit'] ) ? $_POST['limit'] : $limit_size; - $filter = isset( $_REQUEST['textFilter'] ) ? $_REQUEST['textFilter'] : ''; - $dir = isset( $_POST['dir'] ) ? $_POST['dir'] : 'ASC'; - $sort = isset( $_POST['sort'] ) ? $_POST['sort'] : 'CATEGORY_NAME'; + $start = isset($_POST['start']) ? $_POST['start'] : 0; + $limit = isset($_POST['limit']) ? $_POST['limit'] : $limit_size; + $filter = isset($_REQUEST['textFilter']) ? $_REQUEST['textFilter'] : ''; + $dir = isset($_POST['dir']) ? $_POST['dir'] : 'ASC'; + $sort = isset($_POST['sort']) ? $_POST['sort'] : 'CATEGORY_NAME'; - $oCriteria = new Criteria( 'workflow' ); - $oCriteria->addSelectColumn( 'COUNT(*) AS CNT' ); - $oCriteria->add( ProcessCategoryPeer::CATEGORY_UID, '', Criteria::NOT_EQUAL ); + $oCriteria = new Criteria('workflow'); + $oCriteria->addSelectColumn('COUNT(*) AS CNT'); + $oCriteria->add(ProcessCategoryPeer::CATEGORY_UID, '', Criteria::NOT_EQUAL); if ($filter != '') { - $oCriteria->add( ProcessCategoryPeer::CATEGORY_NAME, '%' . $filter . '%', Criteria::LIKE ); + $oCriteria->add(ProcessCategoryPeer::CATEGORY_NAME, '%' . $filter . '%', Criteria::LIKE); } - $oDat = ProcessCategoryPeer::doSelectRS( $oCriteria ); - $oDat->setFetchmode( ResultSet::FETCHMODE_ASSOC ); + $oDat = ProcessCategoryPeer::doSelectRS($oCriteria); + $oDat->setFetchmode(ResultSet::FETCHMODE_ASSOC); $oDat->next(); $row = $oDat->getRow(); $total_categories = $row['CNT']; $oCriteria->clear(); - $oCriteria->addSelectColumn( ProcessCategoryPeer::CATEGORY_UID ); - $oCriteria->addSelectColumn( ProcessCategoryPeer::CATEGORY_NAME ); - $oCriteria->add( ProcessCategoryPeer::CATEGORY_UID, '', Criteria::NOT_EQUAL ); + $oCriteria->addSelectColumn(ProcessCategoryPeer::CATEGORY_UID); + $oCriteria->addSelectColumn(ProcessCategoryPeer::CATEGORY_NAME); + $oCriteria->add(ProcessCategoryPeer::CATEGORY_UID, '', Criteria::NOT_EQUAL); if ($filter != '') { - $oCriteria->add( ProcessCategoryPeer::CATEGORY_NAME, '%' . $filter . '%', Criteria::LIKE ); + $oCriteria->add(ProcessCategoryPeer::CATEGORY_NAME, '%' . $filter . '%', Criteria::LIKE); } - + + //SQL Injection via 'sort' parameter + if (!in_array($sort, array_merge(ProcessCategoryPeer::getFieldNames(BasePeer::TYPE_FIELDNAME), ['TOTAL_PROCESSES']))) { + throw new Exception(G::LoadTranslation('ID_INVALID_VALUE_FOR', array('$sort'))); + } + if ($dir == "DESC") { $oCriteria->addDescendingOrderByColumn($sort); } else { $oCriteria->addAscendingOrderByColumn($sort); } - $oCriteria->setLimit( $limit ); - $oCriteria->setOffset( $start ); - $oDataset = ProcessCategoryPeer::doSelectRS( $oCriteria ); - $oDataset->setFetchmode( ResultSet::FETCHMODE_ASSOC ); + $oCriteria->setLimit($limit); + $oCriteria->setOffset($start); + $oDataset = ProcessCategoryPeer::doSelectRS($oCriteria); + $oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); $proc = new Process(); $aProcess = $proc->getAllProcessesByCategory(); - $result = ""; - $aCat = array (); + $result = []; + $aCat = array(); while ($oDataset->next()) { $aCat[] = $oDataset->getRow(); - $index = sizeof( $aCat ) - 1; - $aCat[$index]['TOTAL_PROCESSES'] = isset( $aProcess[$aCat[$index]['CATEGORY_UID']] ) ? $aProcess[$aCat[$index]['CATEGORY_UID']] : 0; + $index = sizeof($aCat) - 1; + $aCat[$index]['TOTAL_PROCESSES'] = isset($aProcess[$aCat[$index]['CATEGORY_UID']]) ? $aProcess[$aCat[$index]['CATEGORY_UID']] : 0; } $result['data'] = $aCat; $result['totalCount'] = $total_categories; - echo G::json_encode( $result ); + echo G::json_encode($result); break; case 'updatePageSize': $c = new Configurations(); $arr['pageSize'] = $_REQUEST['size']; - $arr['dateSave'] = date( 'Y-m-d H:i:s' ); - $config = Array (); + $arr['dateSave'] = date('Y-m-d H:i:s'); + $config = Array(); $config[] = $arr; $c->aConfig = $config; - $c->saveConfig( 'processCategoryList', 'pageSize', '', $_SESSION['USER_LOGGED'] ); + $c->saveConfig('processCategoryList', 'pageSize', '', $_SESSION['USER_LOGGED']); echo '{success: true}'; break; case 'checkCategoryName': - require_once 'classes/model/ProcessCategory.php'; $catName = $_REQUEST['cat_name']; - $oCriteria = new Criteria( 'workflow' ); - $oCriteria->addSelectColumn( ProcessCategoryPeer::CATEGORY_NAME ); - $oCriteria->add( ProcessCategoryPeer::CATEGORY_NAME, $catName ); - $oDataset = ProcessCategoryPeer::doSelectRS( $oCriteria ); - $oDataset->setFetchmode( ResultSet::FETCHMODE_ASSOC ); + $oCriteria = new Criteria('workflow'); + $oCriteria->addSelectColumn(ProcessCategoryPeer::CATEGORY_NAME); + $oCriteria->add(ProcessCategoryPeer::CATEGORY_NAME, $catName); + $oDataset = ProcessCategoryPeer::doSelectRS($oCriteria); + $oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); $oDataset->next(); $row = $oDataset->getRow(); - $response = isset( $row['CATEGORY_NAME'] ) ? 'false' : 'true'; + $response = isset($row['CATEGORY_NAME']) ? 'false' : 'true'; echo $response; break; case 'saveNewCategory': try { - require_once 'classes/model/ProcessCategory.php'; - $catName = trim( $_REQUEST['category'] ); + $catName = trim($_REQUEST['category']); $pcat = new ProcessCategory(); - $pcat->setNew( true ); - $pcat->setCategoryUid( G::GenerateUniqueID() ); - $pcat->setCategoryName( $catName ); + $pcat->setNew(true); + $pcat->setCategoryUid(G::GenerateUniqueID()); + $pcat->setCategoryName($catName); $pcat->save(); - G::auditLog("CreateCategory", "Category Name: ".$catName); + G::auditLog("CreateCategory", "Category Name: " . $catName); echo '{success: true}'; } catch (Exception $ex) { $varEcho = '{success: false, error: ' . $ex->getMessage() . '}'; - G::outRes( $varEcho ); + G::outRes($varEcho); } break; case 'checkEditCategoryName': - require_once 'classes/model/ProcessCategory.php'; $catUID = $_REQUEST['cat_uid']; $catName = $_REQUEST['cat_name']; - $oCriteria = new Criteria( 'workflow' ); - $oCriteria->addSelectColumn( ProcessCategoryPeer::CATEGORY_NAME ); - $oCriteria->add( ProcessCategoryPeer::CATEGORY_NAME, $catName ); - $oCriteria->add( ProcessCategoryPeer::CATEGORY_UID, $catUID, Criteria::NOT_EQUAL ); - $oDataset = ProcessCategoryPeer::doSelectRS( $oCriteria ); - $oDataset->setFetchmode( ResultSet::FETCHMODE_ASSOC ); + $oCriteria = new Criteria('workflow'); + $oCriteria->addSelectColumn(ProcessCategoryPeer::CATEGORY_NAME); + $oCriteria->add(ProcessCategoryPeer::CATEGORY_NAME, $catName); + $oCriteria->add(ProcessCategoryPeer::CATEGORY_UID, $catUID, Criteria::NOT_EQUAL); + $oDataset = ProcessCategoryPeer::doSelectRS($oCriteria); + $oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); $oDataset->next(); $row = $oDataset->getRow(); - $response = isset( $row['CATEGORY_NAME'] ) ? 'false' : 'true'; + $response = isset($row['CATEGORY_NAME']) ? 'false' : 'true'; echo $response; break; case 'updateCategory': try { - require_once 'classes/model/ProcessCategory.php'; $catUID = $_REQUEST['cat_uid']; - $catName = trim( $_REQUEST['category'] ); + $catName = trim($_REQUEST['category']); $pcat = new ProcessCategory(); - $pcat->setNew( false ); - $pcat->setCategoryUid( $catUID ); - $pcat->setCategoryName( $catName ); + $pcat->setNew(false); + $pcat->setCategoryUid($catUID); + $pcat->setCategoryName($catName); $pcat->save(); - g::auditLog("UpdateCategory", "Category Name: ".$catName." Category ID: (".$catUID.") "); + g::auditLog("UpdateCategory", "Category Name: " . $catName . " Category ID: (" . $catUID . ") "); echo '{success: true}'; } catch (Exception $ex) { $varEcho = '{success: false, error: ' . $ex->getMessage() . '}'; - G::outRes( $varEcho ); + G::outRes($varEcho); } break; case 'canDeleteCategory': - require_once 'classes/model/Process.php'; $proc = new Process(); $aProcess = $proc->getAllProcessesByCategory(); $catUID = $_REQUEST['CAT_UID']; - $response = isset( $aProcess[$catUID] ) ? 'false' : 'true'; + $response = isset($aProcess[$catUID]) ? 'false' : 'true'; echo $response; break; case 'deleteCategory': try { - require_once 'classes/model/ProcessCategory.php'; $catUID = $_REQUEST['cat_uid']; $cat = new ProcessCategory(); - $cat->setCategoryUid( $catUID ); - $catName = $cat->loadByCategoryId( $catUID ); + $cat->setCategoryUid($catUID); + $catName = $cat->loadByCategoryId($catUID); $cat->delete(); - G::auditLog("DeleteCategory", "Category Name: ".$catName." Category ID: (".$catUID.") "); + G::auditLog("DeleteCategory", "Category Name: " . $catName . " Category ID: (" . $catUID . ") "); $varEcho = '{success: true}'; - G::outRes( $varEcho ); + G::outRes($varEcho); } catch (Exception $ex) { $token = strtotime("now"); PMException::registerErrorLog($ex, $token); $resJson = '{success: false, error: ' . G::LoadTranslation("ID_EXCEPTION_LOG_INTERFAZ", array($token)) . '}'; - G::outRes( $resJson ); + G::outRes($resJson); } break; default: diff --git a/workflow/engine/methods/processes/processes_Ajax.php b/workflow/engine/methods/processes/processes_Ajax.php index d0774867f..d7bb2c1ef 100644 --- a/workflow/engine/methods/processes/processes_Ajax.php +++ b/workflow/engine/methods/processes/processes_Ajax.php @@ -901,7 +901,7 @@ try { $proUid = isset($_REQUEST['PRO_UID']) ? $_REQUEST['PRO_UID'] : ''; $dynUid = isset($_REQUEST['DYN_UID']) ? $_REQUEST['DYN_UID'] : ''; if (is_file(PATH_DATA . '/sites/' . SYS_SYS . '/xmlForms/' . $proUid . '/' . $dynUid . '.xml') && filesize(PATH_DATA . '/sites/' . SYS_SYS . '/xmlForms/' . $proUid . '/' . $dynUid . '.xml') > 0) { - $dyn = new dynaFormHandler(PATH_DATA . '/sites/' . SYS_SYS . '/xmlForms/' . $proUid . '/' . $dynUid . '.xml'); + $dyn = new DynaformHandler(PATH_DATA . '/sites/' . SYS_SYS . '/xmlForms/' . $proUid . '/' . $dynUid . '.xml'); $dynaformFields[] = $dyn->getFields(); } foreach ($dynaformFields as $aDynFormFields) { diff --git a/workflow/engine/methods/processes/processes_Export.php b/workflow/engine/methods/processes/processes_Export.php index 524bbe49a..99c248bfc 100644 --- a/workflow/engine/methods/processes/processes_Export.php +++ b/workflow/engine/methods/processes/processes_Export.php @@ -21,6 +21,7 @@ * For more information, contact Colosa Inc, 2566 Le Jeune Rd., * Coral Gables, FL, 33134, USA, or email info@colosa.com. */ +use ProcessMaker\Util\Common; $response = new StdClass(); $outputDir = PATH_DATA . "sites" . PATH_SEP . SYS_SYS . PATH_SEP . "files" . PATH_SEP . "output" . PATH_SEP; @@ -42,7 +43,7 @@ try { $projectName = $exporter->getProjectName(); $getProjectName = $exporter->truncateName($projectName, false); - $version = ProcessMaker\Util\Common::getLastVersion($outputDir . $getProjectName . "-*.pmx") + 1; + $version = Common::getLastVersionSpecialCharacters($outputDir, $getProjectName, "pmx") + 1; $outputFilename = sprintf("%s-%s.%s", str_replace(" ", "_", $getProjectName), $version, "pmx"); $outputFilename = $exporter->saveExport($outputDir . $outputFilename); /*----------------------------------********---------------------------------*/ diff --git a/workflow/engine/methods/roles/roles_Ajax.php b/workflow/engine/methods/roles/roles_Ajax.php index b13937140..d3ad0ab43 100644 --- a/workflow/engine/methods/roles/roles_Ajax.php +++ b/workflow/engine/methods/roles/roles_Ajax.php @@ -21,6 +21,18 @@ * For more information, contact Colosa Inc, 2566 Le Jeune Rd., * Coral Gables, FL, 33134, USA, or email info@colosa.com. */ +use ProcessMaker\Exception\RBACException; + +global $RBAC; +switch ($RBAC->userCanAccess('PM_USERS')) { + case -2: + throw new RBACException('ID_USER_HAVENT_RIGHTS_SYSTEM', -2); + break; + case -1: + case -3: + throw new RBACException('ID_USER_HAVENT_RIGHTS_PAGE', -1); + break; +} $REQUEST = (isset( $_GET['request'] )) ? $_GET['request'] : $_POST['request']; diff --git a/workflow/engine/methods/users/usersAjax.php b/workflow/engine/methods/users/usersAjax.php index 4172aea74..9c97c46ca 100644 --- a/workflow/engine/methods/users/usersAjax.php +++ b/workflow/engine/methods/users/usersAjax.php @@ -318,7 +318,7 @@ switch ($_POST['action']) { require_once 'classes/model/UsersProperties.php'; $oUserProperty = new UsersProperties(); - $aUserProperty = $oUserProperty->loadOrCreateIfNotExists($aFields['USR_UID'], array('USR_PASSWORD_HISTORY' => serialize(array($aFields['USR_PASSWORD'])))); + $aUserProperty = $oUserProperty->loadOrCreateIfNotExists($aFields['USR_UID'], array('USR_PASSWORD_HISTORY' => serialize(array($oUser->getUsrPassword())))); $aFields['USR_LOGGED_NEXT_TIME'] = $aUserProperty['USR_LOGGED_NEXT_TIME']; if (array_key_exists('USR_PASSWORD', $aFields)) { diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/DataBaseConnection.php b/workflow/engine/src/ProcessMaker/BusinessModel/DataBaseConnection.php index f9baea3fc..12dfb0afd 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/DataBaseConnection.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/DataBaseConnection.php @@ -1,9 +1,9 @@ validateDbsUid($dbs_uid, $pro_uid); } - $dbs = new dbConnections($pro_uid); + $dbs = new DbConnections($pro_uid); $oDBConnection = new DbSource(); $aFields = $oDBConnection->load($dbs_uid, $pro_uid); if ($aFields['DBS_PORT'] == '0') { @@ -162,7 +162,7 @@ class DataBaseConnection if (isset($dataDBConnection['DBS_ENCODE'])) { $encodesExists = array(); - $dbs = new dbConnections(); + $dbs = new DbConnections(); $dbEncodes = $dbs->getEncondeList($dataDBConnection['DBS_TYPE']); foreach ($dbEncodes as $value) { $encodesExists[] = $value['0']; @@ -423,7 +423,7 @@ class DataBaseConnection */ public function getDbEngines () { - $dbs = new dbConnections(); + $dbs = new DbConnections(); $dbServices = $dbs->getDbServicesAvailables(); return $dbServices; } diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/DynaForm.php b/workflow/engine/src/ProcessMaker/BusinessModel/DynaForm.php index 5aaeb6acb..fea7bf37e 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/DynaForm.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/DynaForm.php @@ -1,5 +1,6 @@ next()) { $dataForms = $oDataset->getRow(); - $dynHandler = new \dynaFormHandler(PATH_DYNAFORM . $proUid . PATH_SEP . $dataForms["DYN_UID"] . ".xml"); + $dynHandler = new DynaformHandler(PATH_DYNAFORM . $proUid . PATH_SEP . $dataForms["DYN_UID"] . ".xml"); $dynFields = $dynHandler->getFields(); foreach ($dynFields as $field) { $sType = \Step::getAttribute( $field, 'type' ); diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/EmailServer.php b/workflow/engine/src/ProcessMaker/BusinessModel/EmailServer.php index b3e6d261b..0946e163d 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/EmailServer.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/EmailServer.php @@ -1,5 +1,8 @@ array("type" => "int", "required" => false, "empty" => false, "defaultValues" => array(0, 1), "fieldNameAux" => "emailServerDefault") ); + private $contextLog = array(); + private $formatFieldNameInUppercase = true; private $arrayFieldNameForException = array( @@ -37,17 +42,51 @@ class EmailServer foreach ($this->arrayFieldDefinition as $key => $value) { $this->arrayFieldNameForException[$value["fieldNameAux"]] = $key; } - } catch (\Exception $e) { + + //Define the variables for the logging + global $RBAC; + $currentUser = $RBAC->aUserInfo['USER_INFO']; + $info = array( + 'ip' => G::getIpAddress(), + 'workspace' => (defined("SYS_SYS"))? SYS_SYS : "Workspace undefined", + 'usrUid' => $currentUser['USR_UID'] + ); + $this->setContextLog($info); + + + } catch (Exception $e) { throw $e; } } + /** + * Get the $contextLog value. + * + * @return string + */ + public function getContextLog() + { + return $this->contextLog; + } + + /** + * Set the value of $contextLog. + * + * @param array $k + * @return void + */ + public function setContextLog($k) + { + $this->contextLog = array_merge($this->contextLog, $k); + } + /** * Set the format of the fields name (uppercase, lowercase) * * @param bool $flag Value that set the format * - * return void + * @return void + * @throws Exception */ public function setFormatFieldNameInUppercase($flag) { @@ -55,7 +94,7 @@ class EmailServer $this->formatFieldNameInUppercase = $flag; $this->setArrayFieldNameForException($this->arrayFieldNameForException); - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -65,7 +104,8 @@ class EmailServer * * @param array $arrayData Data with the fields * - * return void + * @return void + * @throws Exception */ public function setArrayFieldNameForException(array $arrayData) { @@ -73,7 +113,7 @@ class EmailServer foreach ($arrayData as $key => $value) { $this->arrayFieldNameForException[$key] = $this->getFieldNameByFormatFieldName($value); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -83,13 +123,14 @@ class EmailServer * * @param string $fieldName Field name * - * return string Return the field name according the format + * @return string, return the field name according the format + * @throws Exception */ public function getFieldNameByFormatFieldName($fieldName) { try { return ($this->formatFieldNameInUppercase)? strtoupper($fieldName) : strtolower($fieldName); - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -99,7 +140,8 @@ class EmailServer * * @param array $arrayData Data * - * return array Return array with result of send test mail + * @return array, return array with result of send test mail + * @throws Exception */ public function sendTestMail(array $arrayData) { @@ -117,20 +159,20 @@ class EmailServer "SMTPSecure" => (isset($arrayData["SMTPSecure"]))? $arrayData["SMTPSecure"] : "none" ); - $sFrom = \G::buildFrom($aConfiguration); + $sFrom = G::buildFrom($aConfiguration); - $sSubject = \G::LoadTranslation("ID_MESS_TEST_SUBJECT"); - $msg = \G::LoadTranslation("ID_MESS_TEST_BODY"); + $sSubject = G::LoadTranslation("ID_MESS_TEST_SUBJECT"); + $msg = G::LoadTranslation("ID_MESS_TEST_BODY"); switch ($arrayData["MESS_ENGINE"]) { case "MAIL": - $engine = \G::LoadTranslation("ID_MESS_ENGINE_TYPE_1"); + $engine = G::LoadTranslation("ID_MESS_ENGINE_TYPE_1"); break; case "PHPMAILER": - $engine = \G::LoadTranslation("ID_MESS_ENGINE_TYPE_2"); + $engine = G::LoadTranslation("ID_MESS_ENGINE_TYPE_2"); break; case "OPENMAIL": - $engine = \G::LoadTranslation("ID_MESS_ENGINE_TYPE_3"); + $engine = G::LoadTranslation("ID_MESS_ENGINE_TYPE_3"); break; } @@ -175,7 +217,7 @@ class EmailServer if ($oSpool->status == "sent") { $arrayTestMailResult["status"] = true; $arrayTestMailResult["success"] = true; - $arrayTestMailResult["msg"] = \G::LoadTranslation("ID_MAIL_TEST_SUCCESS"); + $arrayTestMailResult["msg"] = G::LoadTranslation("ID_MAIL_TEST_SUCCESS"); } else { $arrayTestMailResult["status"] = false; $arrayTestMailResult["success"] = false; @@ -183,7 +225,7 @@ class EmailServer } return $arrayTestMailResult; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -194,7 +236,8 @@ class EmailServer * @param array $arrayData Data * @param int $step Step * - * return array Return array with result of test connection by step + * @return array, return array with result of test connection by step + * @throws Exception */ public function testConnectionByStep(array $arrayData, $step = 0) { @@ -208,7 +251,7 @@ class EmailServer $eregMail = "/^[0-9a-zA-Z]+(?:[._][0-9a-zA-Z]+)*@[0-9a-zA-Z]+(?:[._-][0-9a-zA-Z]+)*\.[0-9a-zA-Z]{2,3}$/"; $arrayDataMail["FROM_EMAIL"] = ($arrayData["MESS_FROM_MAIL"] != "" && preg_match($eregMail, $arrayData["MESS_FROM_MAIL"]))? $arrayData["MESS_FROM_MAIL"] : ""; - $arrayDataMail["FROM_NAME"] = ($arrayData["MESS_FROM_NAME"] != "")? $arrayData["MESS_FROM_NAME"] : \G::LoadTranslation("ID_MESS_TEST_BODY"); + $arrayDataMail["FROM_NAME"] = ($arrayData["MESS_FROM_NAME"] != "")? $arrayData["MESS_FROM_NAME"] : G::LoadTranslation("ID_MESS_TEST_BODY"); $arrayDataMail["MESS_ENGINE"] = "MAIL"; $arrayDataMail["MESS_SERVER"] = "localhost"; $arrayDataMail["MESS_PORT"] = 25; @@ -233,7 +276,7 @@ class EmailServer ); if ($arrayTestMailResult["status"] == false) { - $arrayResult["message"] = \G::LoadTranslation("ID_SENDMAIL_NOT_INSTALLED"); + $arrayResult["message"] = G::LoadTranslation("ID_SENDMAIL_NOT_INSTALLED"); } //Return @@ -252,7 +295,7 @@ class EmailServer $passwdHide = ""; } - $passwdDec = \G::decrypt($passwd,"EMAILENCRYPT"); + $passwdDec = G::decrypt($passwd,"EMAILENCRYPT"); $auxPass = explode("hash:", $passwdDec); if (count($auxPass) > 1) { @@ -378,7 +421,7 @@ class EmailServer $eregMail = "/^[0-9a-zA-Z]+(?:[._][0-9a-zA-Z]+)*@[0-9a-zA-Z]+(?:[._-][0-9a-zA-Z]+)*\.[0-9a-zA-Z]{2,3}$/"; $arrayDataPhpMailer["FROM_EMAIL"] = ($fromMail != "" && preg_match($eregMail, $fromMail))? $fromMail : ""; - $arrayDataPhpMailer["FROM_NAME"] = $arrayData["MESS_FROM_NAME"] != "" ? $arrayData["MESS_FROM_NAME"] : \G::LoadTranslation("ID_MESS_TEST_BODY"); + $arrayDataPhpMailer["FROM_NAME"] = $arrayData["MESS_FROM_NAME"] != "" ? $arrayData["MESS_FROM_NAME"] : G::LoadTranslation("ID_MESS_TEST_BODY"); $arrayDataPhpMailer["MESS_ENGINE"] = "PHPMAILER"; $arrayDataPhpMailer["MESS_SERVER"] = $server; $arrayDataPhpMailer["MESS_PORT"] = $port; @@ -421,7 +464,7 @@ class EmailServer //Return return $arrayResult; - } catch (\Exception $e) { + } catch (Exception $e) { $arrayResult = array(); $arrayResult["result"] = false; @@ -437,7 +480,8 @@ class EmailServer * * @param array $arrayData Data * - * return array Return array with result of test connection + * @return array, return array with result of test connection + * @throws Exception */ public function testConnection(array $arrayData) { @@ -467,11 +511,11 @@ class EmailServer $arrayDataAux["MAIL_TO"] = "admin@processmaker.com"; $arrayResult[$arrayMailTestName[1]] = $this->testConnectionByStep($arrayDataAux); - $arrayResult[$arrayMailTestName[1]]["title"] = \G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_VERIFYING_MAIL"); + $arrayResult[$arrayMailTestName[1]]["title"] = G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_VERIFYING_MAIL"); if ((int)($arrayData["MESS_TRY_SEND_INMEDIATLY"]) == 1 && $arrayData['MAIL_TO'] != '') { $arrayResult[$arrayMailTestName[2]] = $this->testConnectionByStep($arrayData); - $arrayResult[$arrayMailTestName[2]]["title"] = \G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_SENDING_EMAIL", array($arrayData["MAIL_TO"])); + $arrayResult[$arrayMailTestName[2]]["title"] = G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_SENDING_EMAIL", array($arrayData["MAIL_TO"])); } break; case "PHPMAILER": @@ -482,19 +526,19 @@ class EmailServer switch ($step) { case 1: - $arrayResult[$arrayPhpMailerTestName[$step]]["title"] = \G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_RESOLVING_NAME", array($arrayData["MESS_SERVER"])); + $arrayResult[$arrayPhpMailerTestName[$step]]["title"] = G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_RESOLVING_NAME", array($arrayData["MESS_SERVER"])); break; case 2: - $arrayResult[$arrayPhpMailerTestName[$step]]["title"] = \G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_CHECK_PORT", array($arrayData["MESS_PORT"])); + $arrayResult[$arrayPhpMailerTestName[$step]]["title"] = G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_CHECK_PORT", array($arrayData["MESS_PORT"])); break; case 3: - $arrayResult[$arrayPhpMailerTestName[$step]]["title"] = \G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_ESTABLISHING_CON_HOST", array($arrayData["MESS_SERVER"] . ":" . $arrayData["MESS_PORT"])); + $arrayResult[$arrayPhpMailerTestName[$step]]["title"] = G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_ESTABLISHING_CON_HOST", array($arrayData["MESS_SERVER"] . ":" . $arrayData["MESS_PORT"])); break; case 4: - $arrayResult[$arrayPhpMailerTestName[$step]]["title"] = \G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_LOGIN", array($arrayData["MESS_ACCOUNT"], $arrayData["MESS_SERVER"])); + $arrayResult[$arrayPhpMailerTestName[$step]]["title"] = G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_LOGIN", array($arrayData["MESS_ACCOUNT"], $arrayData["MESS_SERVER"])); break; case 5: - $arrayResult[$arrayPhpMailerTestName[$step]]["title"] = \G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_SENDING_EMAIL", array($arrayData["MAIL_TO"])); + $arrayResult[$arrayPhpMailerTestName[$step]]["title"] = G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_SENDING_EMAIL", array($arrayData["MAIL_TO"])); break; } } @@ -503,7 +547,7 @@ class EmailServer //Result return $arrayResult; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -513,7 +557,8 @@ class EmailServer * * @param string $emailServerUid Unique id of Email Server * - * return bool Return true if is default Email Server, false otherwise + * @return bool, return true if is default Email Server, false otherwise + * @throws Exception */ public function checkIfIsDefault($emailServerUid) { @@ -530,7 +575,7 @@ class EmailServer } else { return false; } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -541,7 +586,8 @@ class EmailServer * @param string $emailServerUid Unique id of Email Server * @param array $arrayData Data * - * return void Throw exception if data has an invalid value + * @return void Throw exception if data has an invalid value + * @throws Exception */ public function throwExceptionIfDataIsInvalid($emailServerUid, array $arrayData) { @@ -609,10 +655,10 @@ class EmailServer } if ($msg != "") { - throw new \Exception($msg); + throw new Exception($msg); } } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -623,7 +669,8 @@ class EmailServer * @param string $emailServerUid Unique id of Email Server * @param string $fieldNameForException Field name for the exception * - * return void Throw exception if does not exist the Email Server in table EMAIL_SERVER + * @return void Throw exception if does not exist the Email Server in table EMAIL_SERVER + * @throws Exception */ public function throwExceptionIfNotExistsEmailServer($emailServerUid, $fieldNameForException) { @@ -631,9 +678,9 @@ class EmailServer $obj = \EmailServerPeer::retrieveByPK($emailServerUid); if (is_null($obj)) { - throw new \Exception(\G::LoadTranslation("ID_EMAIL_SERVER_DOES_NOT_EXIST", array($fieldNameForException, $emailServerUid))); + throw new Exception(G::LoadTranslation("ID_EMAIL_SERVER_DOES_NOT_EXIST", array($fieldNameForException, $emailServerUid))); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -644,15 +691,16 @@ class EmailServer * @param string $emailServerUid Unique id of Email Server * @param string $fieldNameForException Field name for the exception * - * return void Throw exception if is default Email Server + * @return void Throw exception if is default Email Server + * @throws Exception */ public function throwExceptionIfIsDefault($emailServerUid, $fieldNameForException) { try { if ($this->checkIfIsDefault($emailServerUid)) { - throw new \Exception(\G::LoadTranslation("ID_EMAIL_SERVER_IS_DEFAULT", array($fieldNameForException, $emailServerUid))); + throw new Exception(G::LoadTranslation("ID_EMAIL_SERVER_IS_DEFAULT", array($fieldNameForException, $emailServerUid))); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -662,7 +710,8 @@ class EmailServer * * @param string $emailServerUid Unique id of Email Server * - * return void + * @return void + * @throws Exception */ public function setEmailServerDefaultByUid($emailServerUid) { @@ -703,7 +752,8 @@ class EmailServer * * @param array $arrayData Data * - * return array Return data of the new Email Server created + * @return array, data of the new Email Server created + * @throws Exception */ public function create(array $arrayData) { @@ -729,7 +779,7 @@ class EmailServer $emailServer = new \EmailServer(); $passwd = $arrayData["MESS_PASSWORD"]; - $passwdDec = \G::decrypt($passwd, "EMAILENCRYPT"); + $passwdDec = G::decrypt($passwd, "EMAILENCRYPT"); $auxPass = explode("hash:", $passwdDec); if (count($auxPass) > 1) { @@ -745,7 +795,7 @@ class EmailServer if ($arrayData["MESS_PASSWORD"] != "") { $arrayData["MESS_PASSWORD"] = "hash:" . $arrayData["MESS_PASSWORD"]; - $arrayData["MESS_PASSWORD"] = \G::encrypt($arrayData["MESS_PASSWORD"], "EMAILENCRYPT"); + $arrayData["MESS_PASSWORD"] = G::encrypt($arrayData["MESS_PASSWORD"], "EMAILENCRYPT"); } $emailServer->fromArray($arrayData, \BasePeer::TYPE_FIELDNAME); @@ -765,7 +815,28 @@ class EmailServer $this->setEmailServerDefaultByUid($emailServerUid); } - //Return + //Logging the create action + $info = array( + 'action' => 'Create email server', + 'messUid'=> $emailServerUid, + 'engine'=> $arrayData["MESS_ENGINE"], + 'server' => $arrayData["MESS_SERVER"], + 'port' => $arrayData["MESS_PORT"], + 'requireAuthentication' => $arrayData["MESS_RAUTH"], + 'account' => $arrayData["MESS_ACCOUNT"], + 'senderEmail' => $arrayData["MESS_FROM_MAIL"], + 'senderName' => $arrayData["MESS_FROM_NAME"], + 'useSecureConnection' => $arrayData["SMTPSECURE"], + 'sendTestEmail' => $arrayData["MESS_TRY_SEND_INMEDIATLY"], + 'setAsDefaultConfiguration' => $arrayData["MESS_DEFAULT"] + ); + $this->setContextLog($info); + $this->syslog( + 'CreateEmailServer', + 200, + 'New email server was created', + $this->getContextLog() + ); return $this->getEmailServer($emailServerUid); } else { $msg = ""; @@ -774,14 +845,14 @@ class EmailServer $msg = $msg . (($msg != "")? "\n" : "") . $validationFailure->getMessage(); } - throw new \Exception(\G::LoadTranslation("ID_RECORD_CANNOT_BE_CREATED") . (($msg != "")? "\n" . $msg : "")); + throw new Exception(G::LoadTranslation("ID_RECORD_CANNOT_BE_CREATED") . (($msg != "")? "\n" . $msg : "")); } - } catch (\Exception $e) { + } catch (Exception $e) { $cnn->rollback(); throw $e; } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -791,7 +862,8 @@ class EmailServer * * @param array $arrayData Data * - * return array Return data of the new Email Server created + * @return array, return data of the new Email Server created + * @throws Exception */ public function create2(array $arrayData) { @@ -828,14 +900,14 @@ class EmailServer $msg = $msg . (($msg != "")? "\n" : "") . $validationFailure->getMessage(); } - throw new \Exception(\G::LoadTranslation("ID_RECORD_CANNOT_BE_CREATED") . (($msg != "")? "\n" . $msg : "")); + throw new Exception(G::LoadTranslation("ID_RECORD_CANNOT_BE_CREATED") . (($msg != "")? "\n" . $msg : "")); } - } catch (\Exception $e) { + } catch (Exception $e) { $cnn->rollback(); throw $e; } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -846,7 +918,8 @@ class EmailServer * @param string $emailServerUid Unique id of Group * @param array $arrayData Data * - * return array Return data of the Email Server updated + * @return array Return data of the Email Server updated + * @throws Exception */ public function update($emailServerUid, $arrayData) { @@ -874,7 +947,7 @@ class EmailServer if (isset($arrayData['MESS_PASSWORD'])) { $passwd = $arrayData['MESS_PASSWORD']; - $passwdDec = \G::decrypt($passwd, 'EMAILENCRYPT'); + $passwdDec = G::decrypt($passwd, 'EMAILENCRYPT'); $auxPass = explode('hash:', $passwdDec); if (count($auxPass) > 1) { @@ -890,7 +963,7 @@ class EmailServer if ($arrayData['MESS_PASSWORD'] != '') { $arrayData['MESS_PASSWORD'] = 'hash:' . $arrayData['MESS_PASSWORD']; - $arrayData['MESS_PASSWORD'] = \G::encrypt($arrayData['MESS_PASSWORD'], 'EMAILENCRYPT'); + $arrayData['MESS_PASSWORD'] = G::encrypt($arrayData['MESS_PASSWORD'], 'EMAILENCRYPT'); } } @@ -912,6 +985,29 @@ class EmailServer $arrayData = array_change_key_case($arrayData, CASE_LOWER); } + //Logging the update action + $info = array( + 'action' => 'Update email server', + 'messUid' => $emailServerUid, + 'engine' => $arrayData["MESS_ENGINE"], + 'server' => $arrayData["MESS_SERVER"], + 'port' => $arrayData["MESS_PORT"], + 'requireAuthentication' => $arrayData["MESS_RAUTH"], + 'account' => $arrayData["MESS_ACCOUNT"], + 'senderEmail' => $arrayData["MESS_FROM_MAIL"], + 'senderName' => $arrayData["MESS_FROM_NAME"], + 'useSecureConnection' => $arrayData["SMTPSECURE"], + 'sendTestEmail' => $arrayData["MESS_TRY_SEND_INMEDIATLY"], + 'setAsDefaultConfiguration' => $arrayData["MESS_DEFAULT"] + ); + $this->setContextLog($info); + $this->syslog( + 'UpdateEmailServer', + 200, + 'The email server was updated', + $this->getContextLog() + ); + return $arrayData; } else { $msg = ""; @@ -920,14 +1016,14 @@ class EmailServer $msg = $msg . (($msg != "")? "\n" : "") . $validationFailure->getMessage(); } - throw new \Exception(\G::LoadTranslation("ID_RECORD_CANNOT_BE_CREATED") . (($msg != "")? "\n" . $msg : "")); + throw new Exception(G::LoadTranslation("ID_RECORD_CANNOT_BE_CREATED") . (($msg != "")? "\n" . $msg : "")); } - } catch (\Exception $e) { + } catch (Exception $e) { $cnn->rollback(); throw $e; } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -937,22 +1033,32 @@ class EmailServer * * @param string $emailServerUid Unique id of Email Server * - * return void + * @return void + * @throws Exception */ public function delete($emailServerUid) { try { //Verify data $this->throwExceptionIfNotExistsEmailServer($emailServerUid, $this->arrayFieldNameForException["emailServerUid"]); - $this->throwExceptionIfIsDefault($emailServerUid, $this->arrayFieldNameForException["emailServerUid"]); - $criteria = $this->getEmailServerCriteria(); - $criteria->add(\EmailServerPeer::MESS_UID, $emailServerUid, \Criteria::EQUAL); - \EmailServerPeer::doDelete($criteria); - } catch (\Exception $e) { + + //Logging the delete action + $info = array( + 'action' => 'Delete email server', + 'messUid' => $emailServerUid + ); + $this->setContextLog($info); + $this->syslog( + 'DeleteEmailServer', + 200, + 'The email server was deleted', + $this->getContextLog() + ); + } catch (Exception $e) { throw $e; } } @@ -982,7 +1088,7 @@ class EmailServer $criteria->addSelectColumn(\EmailServerPeer::MESS_DEFAULT); return $criteria; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -992,7 +1098,8 @@ class EmailServer * * @param array $record Record * - * return array Return an array with data Email Server + * @return array, return an array with data Email Server + * @throws Exception */ public function getEmailServerDataFromRecord(array $record) { @@ -1016,7 +1123,7 @@ class EmailServer $this->getFieldNameByFormatFieldName("MESS_EXECUTE_EVERY") => '', $this->getFieldNameByFormatFieldName("MESS_SEND_MAX") => '' ); - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -1064,7 +1171,7 @@ class EmailServer //Return return $arrayData; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -1078,7 +1185,8 @@ class EmailServer * @param int $start Start * @param int $limit Limit * - * return array Return an array with all Email Servers + * @return array, return an array with all Email Servers + * @throws Exception */ public function getEmailServers($arrayFilterData = null, $sortField = null, $sortDir = null, $start = null, $limit = null) { @@ -1101,10 +1209,10 @@ class EmailServer if (!is_null($arrayFilterData) && is_array($arrayFilterData) && isset($arrayFilterData["filter"]) && trim($arrayFilterData["filter"]) != "") { $criteria->add( $criteria->getNewCriterion(\EmailServerPeer::MESS_ENGINE, "%" . $arrayFilterData["filter"] . "%", \Criteria::LIKE)->addOr( - $criteria->getNewCriterion(\EmailServerPeer::MESS_SERVER, "%" . $arrayFilterData["filter"] . "%", \Criteria::LIKE))->addOr( - $criteria->getNewCriterion(\EmailServerPeer::MESS_ACCOUNT, "%" . $arrayFilterData["filter"] . "%", \Criteria::LIKE))->addOr( - $criteria->getNewCriterion(\EmailServerPeer::MESS_FROM_NAME, "%" . $arrayFilterData["filter"] . "%", \Criteria::LIKE))->addOr( - $criteria->getNewCriterion(\EmailServerPeer::SMTPSECURE, "%" . $arrayFilterData["filter"] . "%", \Criteria::LIKE)) + $criteria->getNewCriterion(\EmailServerPeer::MESS_SERVER, "%" . $arrayFilterData["filter"] . "%", \Criteria::LIKE))->addOr( + $criteria->getNewCriterion(\EmailServerPeer::MESS_ACCOUNT, "%" . $arrayFilterData["filter"] . "%", \Criteria::LIKE))->addOr( + $criteria->getNewCriterion(\EmailServerPeer::MESS_FROM_NAME, "%" . $arrayFilterData["filter"] . "%", \Criteria::LIKE))->addOr( + $criteria->getNewCriterion(\EmailServerPeer::SMTPSECURE, "%" . $arrayFilterData["filter"] . "%", \Criteria::LIKE)) ); } @@ -1156,7 +1264,7 @@ class EmailServer $row = $rsCriteria->getRow(); $passwd = $row["MESS_PASSWORD"]; - $passwdDec = \G::decrypt($passwd, "EMAILENCRYPT"); + $passwdDec = G::decrypt($passwd, "EMAILENCRYPT"); $auxPass = explode("hash:", $passwdDec); if (count($auxPass) > 1) { @@ -1181,7 +1289,7 @@ class EmailServer "filter" => (!is_null($arrayFilterData) && is_array($arrayFilterData) && isset($arrayFilterData["filter"]))? $arrayFilterData["filter"] : "", "data" => $arrayEmailServer ); - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -1192,7 +1300,8 @@ class EmailServer * @param string $emailServerUid Unique id of Email Server * @param bool $flagGetRecord Value that set the getting * - * return array Return an array with data of a Email Server + * @return array, return an array with data of a Email Server + * @throws Exception */ public function getEmailServer($emailServerUid, $flagGetRecord = false) { @@ -1224,7 +1333,7 @@ class EmailServer //Return return (!$flagGetRecord)? $this->getEmailServerDataFromRecord($row) : $row; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -1246,5 +1355,31 @@ class EmailServer $rsCriteria->next(); return $rsCriteria->getRow(); } + + /** + * Logging information related to the email server + * When the user create, update, delete the email server + * + * @param string $channel + * @param string $level + * @param string $message + * @param array $context + * + * @return void + * @throws Exception + */ + private function syslog( + $channel, + $level, + $message, + $context = array() + ) + { + try { + Bootstrap::registerMonolog($channel, $level, $message, $context, $context['workspace'], 'processmaker.log'); + } catch (Exception $e) { + throw $e; + } + } } diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Migrator/GranularExporter.php b/workflow/engine/src/ProcessMaker/BusinessModel/Migrator/GranularExporter.php index 461f17e3d..09b5308f1 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Migrator/GranularExporter.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Migrator/GranularExporter.php @@ -3,6 +3,7 @@ namespace ProcessMaker\BusinessModel\Migrator; use ProcessMaker\Project; +use ProcessMaker\Util\Common; class GranularExporter { @@ -64,7 +65,7 @@ class GranularExporter $this->prjName = $projectData['PRJ_NAME']; $getProjectName = $this->publisher->truncateName($projectData['PRJ_NAME'], false); $outputDir = PATH_DATA . "sites" . PATH_SEP . SYS_SYS . PATH_SEP . "files" . PATH_SEP . "output" . PATH_SEP; - $version = \ProcessMaker\Util\Common::getLastVersion($outputDir . $getProjectName . "-*.pmx2") + 1; + $version = Common::getLastVersionSpecialCharacters($outputDir, $getProjectName, "pmx2") + 1; $outputFilename = $outputDir . sprintf("%s-%s.%s", str_replace(" ", "_", $getProjectName), $version, "pmx2"); $bpnmDefinition = array( diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Process.php b/workflow/engine/src/ProcessMaker/BusinessModel/Process.php index f903725ca..f8cb963e6 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Process.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Process.php @@ -3,6 +3,7 @@ namespace ProcessMaker\BusinessModel; use G; use Criteria; +use DynaformHandler; class Process { @@ -1686,7 +1687,7 @@ class Process while ($aRow = $oDataset->getRow()) { if (is_file(PATH_DYNAFORM . $aRow['DYN_FILENAME'] . ".xml")) { - $dyn = new \dynaFormHandler(PATH_DYNAFORM . $aRow['DYN_FILENAME'] . ".xml"); + $dyn = new DynaformHandler(PATH_DYNAFORM . $aRow['DYN_FILENAME'] . ".xml"); if ($dyn->getHeaderAttribute("type") !== "xmlform" && $dyn->getHeaderAttribute("type") !== "") { // skip it, if that is not a xmlform @@ -1739,7 +1740,7 @@ class Process $oDataset->next(); while ($aRow = $oDataset->getRow()) { if (is_file(PATH_DYNAFORM . $aRow['DYN_FILENAME'] . ".xml")) { - $dyn = new \dynaFormHandler(PATH_DYNAFORM . $aRow['DYN_FILENAME'] . ".xml"); + $dyn = new DynaformHandler(PATH_DYNAFORM . $aRow['DYN_FILENAME'] . ".xml"); if ($dyn->getHeaderAttribute("type") === "xmlform") { // skip it, if that is not a xmlform @@ -1785,7 +1786,7 @@ class Process $aMultipleSelectionFields = array("listbox", "checkgroup", "grid"); if (is_file( PATH_DATA . '/sites/'. SYS_SYS .'/xmlForms/'. $proUid .'/'.$dynUid. '.xml' ) && filesize( PATH_DATA . '/sites/'. SYS_SYS .'/xmlForms/'. $proUid .'/'. $dynUid .'.xml' ) > 0) { - $dyn = new \dynaFormHandler( PATH_DATA . '/sites/'. SYS_SYS .'/xmlForms/' .$proUid. '/' . $dynUid .'.xml' ); + $dyn = new DynaformHandler( PATH_DATA . '/sites/'. SYS_SYS .'/xmlForms/' .$proUid. '/' . $dynUid .'.xml' ); $dynaformFields[] = $dyn->getFields(); $fields = $dyn->getFields(); diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Table.php b/workflow/engine/src/ProcessMaker/BusinessModel/Table.php index 82c054225..5b40de2cf 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Table.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Table.php @@ -1,9 +1,10 @@ next()) { $aRow = $oDataset->getRow(); if (file_exists( PATH_DYNAFORM . PATH_SEP . $aRow['DYN_FILENAME'] . '.xml' )) { - $dynaformHandler = new \dynaformHandler( PATH_DYNAFORM . $aRow['DYN_FILENAME'] . '.xml' ); + $dynaformHandler = new DynaformHandler( PATH_DYNAFORM . $aRow['DYN_FILENAME'] . '.xml' ); $nodeFieldsList = $dynaformHandler->getFields(); foreach ($nodeFieldsList as $node) { @@ -1052,7 +1053,7 @@ class Table while ($oDataset->next()) { $aRow = $oDataset->getRow(); - $dynaformHandler = new \dynaformHandler( PATH_DYNAFORM . $aRow['DYN_FILENAME'] . '.xml' ); + $dynaformHandler = new DynaformHandler( PATH_DYNAFORM . $aRow['DYN_FILENAME'] . '.xml' ); $nodeFieldsList = $dynaformHandler->getFields(); foreach ($nodeFieldsList as $node) { $arrayNode = $dynaformHandler->getArray( $node ); diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Task.php b/workflow/engine/src/ProcessMaker/BusinessModel/Task.php index 1dd0e9c11..10bb88b1b 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Task.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Task.php @@ -1894,7 +1894,12 @@ class Task } } - public function getValidateSelfService($data) + /** + * This method verify if an activity has cases + * @param $data + * @return \stdclass + */ + public function hasPendingCases($data) { $paused = false; $data = array_change_key_case($data, CASE_LOWER); diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/User.php b/workflow/engine/src/ProcessMaker/BusinessModel/User.php index 3a117fbf0..fc321d74b 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/User.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/User.php @@ -1,48 +1,86 @@ array("type" => "string", "required" => false, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrUid"), - "USR_FIRSTNAME" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrFirstname"), - "USR_LASTNAME" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrLastname"), - "USR_USERNAME" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrUsername"), - "USR_EMAIL" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrEmail"), - "USR_ADDRESS" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrAddress"), - "USR_ZIP_CODE" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrZipCode"), - "USR_COUNTRY" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrCountry"), - "USR_CITY" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrCity"), - "USR_LOCATION" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrLocation"), - "USR_PHONE" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrPhone"), - "USR_POSITION" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrPosition"), - "USR_REPLACED_BY" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrReplacedBy"), - "USR_DUE_DATE" => array("type" => "date", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrDueDate"), - "USR_CALENDAR" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrCalendar"), - "USR_STATUS" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array("ACTIVE", "INACTIVE", "VACATION"), "fieldNameAux" => "usrStatus"), - "USR_ROLE" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrRole"), - "USR_NEW_PASS" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrNewPass"), - "USR_UX" => array("type" => "string", "required" => false, "empty" => false, "defaultValues" => array("NORMAL", "SIMPLIFIED", "SWITCHABLE", "SINGLE"), "fieldNameAux" => "usrUx"), - "DEP_UID" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "depUid"), - "USR_BIRTHDAY" => array("type" => "date", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrBirthday"), - "USR_FAX" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrFax"), - "USR_CELLULAR" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrCellular"), + "USR_UID" => array("type" => "string", "required" => false, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrUid"), + "USR_FIRSTNAME" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrFirstname"), + "USR_LASTNAME" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrLastname"), + "USR_USERNAME" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrUsername"), + "USR_EMAIL" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrEmail"), + "USR_ADDRESS" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrAddress"), + "USR_ZIP_CODE" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrZipCode"), + "USR_COUNTRY" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrCountry"), + "USR_CITY" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrCity"), + "USR_LOCATION" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrLocation"), + "USR_PHONE" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrPhone"), + "USR_POSITION" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrPosition"), + "USR_REPLACED_BY" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrReplacedBy"), + "USR_DUE_DATE" => array("type" => "date", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrDueDate"), + "USR_CALENDAR" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrCalendar"), + "USR_STATUS" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array("ACTIVE", "INACTIVE", "VACATION"), "fieldNameAux" => "usrStatus"), + "USR_ROLE" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrRole"), + "USR_NEW_PASS" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrNewPass"), + "USR_UX" => array("type" => "string", "required" => false, "empty" => false, "defaultValues" => array("NORMAL", "SIMPLIFIED", "SWITCHABLE", "SINGLE"), "fieldNameAux" => "usrUx"), + "DEP_UID" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "depUid"), + "USR_BIRTHDAY" => array("type" => "date", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrBirthday"), + "USR_FAX" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrFax"), + "USR_CELLULAR" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrCellular"), /*----------------------------------********---------------------------------*/ - "USR_COST_BY_HOUR" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrCostByHour"), - "USR_UNIT_COST" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrUnitCost"), + "USR_COST_BY_HOUR" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrCostByHour"), + "USR_UNIT_COST" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrUnitCost"), /*----------------------------------********---------------------------------*/ - 'USR_LOGGED_NEXT_TIME' => ['type' => 'int', 'required' => false, 'empty' => false, 'defaultValues' => [0, 1], 'fieldNameAux' => 'usrLoggedNextTime'], - 'USR_TIME_ZONE' => ['type' => 'string', 'required' => false, 'empty' => true, 'defaultValues' => [], 'fieldNameAux' => 'usrTimeZone'] + 'USR_LOGGED_NEXT_TIME' => ['type' => 'int', 'required' => false, 'empty' => false, 'defaultValues' => [0, 1], 'fieldNameAux' => 'usrLoggedNextTime'], + 'USR_TIME_ZONE' => ['type' => 'string', 'required' => false, 'empty' => true, 'defaultValues' => [], 'fieldNameAux' => 'usrTimeZone'] ); private $formatFieldNameInUppercase = true; private $arrayFieldNameForException = array( - "usrPhoto" => "USR_PHOTO" + "usrPhoto" => "USR_PHOTO" ); - private $arrayPermissionsForEditUser = array ( + private $arrayPermissionsForEditUser = array( 'USR_FIRSTNAME' => 'PM_EDIT_USER_PROFILE_FIRST_NAME', 'USR_LASTNAME' => 'PM_EDIT_USER_PROFILE_LAST_NAME', 'USR_USERNAME' => 'PM_EDIT_USER_PROFILE_USERNAME', @@ -74,8 +112,6 @@ class User /** * Constructor of the class - * - * return void */ public function __construct() { @@ -83,7 +119,7 @@ class User foreach ($this->arrayFieldDefinition as $key => $value) { $this->arrayFieldNameForException[$value["fieldNameAux"]] = $key; } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -91,16 +127,15 @@ class User /** * @return array */ - public function getPermissionsForEdit(){ + public function getPermissionsForEdit() + { return $this->arrayPermissionsForEditUser; } /** * Set the format of the fields name (uppercase, lowercase) - * * @param bool $flag Value that set the format - * - * return void + * @throws Exception */ public function setFormatFieldNameInUppercase($flag) { @@ -108,17 +143,15 @@ class User $this->formatFieldNameInUppercase = $flag; $this->setArrayFieldNameForException($this->arrayFieldNameForException); - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Set exception users for fields - * * @param array $arrayData Data with the fields - * - * return void + * @throws Exception */ public function setArrayFieldNameForException(array $arrayData) { @@ -126,82 +159,77 @@ class User foreach ($arrayData as $key => $value) { $this->arrayFieldNameForException[$key] = $this->getFieldNameByFormatFieldName($value); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Get the name of the field according to the format - * * @param string $fieldName Field name - * - * return string Return the field name according the format + * @return string Return the field name according the format + * @throws Exception */ public function getFieldNameByFormatFieldName($fieldName) { try { - return ($this->formatFieldNameInUppercase)? strtoupper($fieldName) : strtolower($fieldName); - } catch (\Exception $e) { + return ($this->formatFieldNameInUppercase) ? strtoupper($fieldName) : strtolower($fieldName); + } catch (Exception $e) { throw $e; } } /** * Verify if exists the Name of a User - * - * @param string $userName Name + * @param string $userName Name * @param string $userUidToExclude Unique id of User to exclude - * - * return bool Return true if exists the Name of a User, false otherwise + * @return bool Return true if exists the Name of a User, false otherwise + * @throws Exception */ public function existsName($userName, $userUidToExclude = "") { try { + /** @var Criteria $criteria */ $criteria = $this->getUserCriteria(); if ($userUidToExclude != "") { - $criteria->add(\UsersPeer::USR_UID, $userUidToExclude, \Criteria::NOT_EQUAL); + $criteria->add(UsersPeer::USR_UID, $userUidToExclude, Criteria::NOT_EQUAL); } - $criteria->add(\UsersPeer::USR_USERNAME, $userName, \Criteria::EQUAL); + $criteria->add(UsersPeer::USR_USERNAME, $userName, Criteria::EQUAL); //QUERY - $rsCriteria = \UsersPeer::doSelectRS($criteria); + $rsCriteria = UsersPeer::doSelectRS($criteria); - return ($rsCriteria->next())? true : false; - } catch (\Exception $e) { + return ($rsCriteria->next()) ? true : false; + } catch (Exception $e) { throw $e; } } /** * Verify if exists the Name of a User - * - * @param string $userName Name + * @param string $userName Name * @param string $fieldNameForException Field name for the exception - * @param string $userUidToExclude Unique id of User to exclude - * - * return void Throw exception if exists the title of a User + * @param string $userUidToExclude Unique id of User to exclude + * @throws Exception if exists the title of a User */ public function throwExceptionIfExistsName($userName, $fieldNameForException, $userUidToExclude = "") { try { if ($this->existsName($userName, $userUidToExclude)) { - throw new \Exception(\G::LoadTranslation("ID_USER_NAME_ALREADY_EXISTS", array($fieldNameForException, $userName))); + throw new Exception(G::LoadTranslation("ID_USER_NAME_ALREADY_EXISTS", array($fieldNameForException, $userName))); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Verify password - * - * @param string $userPassword Password + * @param string $userPassword Password * @param string $fieldNameForException Field name for the exception - * - * return void Throw exception if password is invalid + * @throws Exception if password is invalid */ public function throwExceptionIfPasswordIsInvalid($userPassword, $fieldNameForException) { @@ -209,32 +237,30 @@ class User $result = $this->testPassword($userPassword); if (!$result["STATUS"]) { - throw new \Exception($fieldNameForException . ": " . $result["DESCRIPTION"]); + throw new Exception($fieldNameForException . ": " . $result["DESCRIPTION"]); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Validate the data if they are invalid (INSERT and UPDATE) - * - * @param string $userUid Unique id of User - * @param array $arrayData Data - * - * return void Throw exception if data has an invalid value + * @param string $userUid Unique id of User + * @param array $arrayData Data + * @throws Exception if data has an invalid value */ public function throwExceptionIfDataIsInvalid($userUid, array $arrayData) { try { //Set variables - $arrayUserData = ($userUid == "")? array() : $this->getUser($userUid, true); - $flagInsert = ($userUid == "")? true : false; + $arrayUserData = ($userUid == "") ? array() : $this->getUser($userUid, true); + $flagInsert = ($userUid == "") ? true : false; $arrayFinalData = array_merge($arrayUserData, $arrayData); //Verify data - Field definition. - $process = new \ProcessMaker\BusinessModel\Process(); + $process = new Process(); $process->throwExceptionIfDataNotMetFieldDefinition($arrayData, $this->arrayFieldDefinition, $this->arrayFieldNameForException, $flagInsert); @@ -245,7 +271,7 @@ class User if (isset($arrayData["USR_EMAIL"])) { if (!filter_var($arrayData["USR_EMAIL"], FILTER_VALIDATE_EMAIL)) { - throw new \Exception($this->arrayFieldNameForException["usrEmail"] . ": " . \G::LoadTranslation("ID_INCORRECT_EMAIL")); + throw new Exception($this->arrayFieldNameForException["usrEmail"] . ": " . G::LoadTranslation("ID_INCORRECT_EMAIL")); } } @@ -254,10 +280,10 @@ class User } if (isset($arrayData["USR_REPLACED_BY"]) && $arrayData["USR_REPLACED_BY"] != "") { - $obj = \UsersPeer::retrieveByPK($arrayData["USR_REPLACED_BY"]); + $obj = UsersPeer::retrieveByPK($arrayData["USR_REPLACED_BY"]); if (is_null($obj)) { - throw new \Exception(\G::LoadTranslation("ID_USER_DOES_NOT_EXIST", array($this->arrayFieldNameForException["usrReplacedBy"], $arrayData["USR_REPLACED_BY"]))); + throw new Exception(G::LoadTranslation("ID_USER_DOES_NOT_EXIST", array($this->arrayFieldNameForException["usrReplacedBy"], $arrayData["USR_REPLACED_BY"]))); } } @@ -266,124 +292,122 @@ class User if (ctype_digit($arrayUserDueDate[0])) { if (!checkdate($arrayUserDueDate[1], $arrayUserDueDate[2], $arrayUserDueDate[0])) { - throw new \Exception($this->arrayFieldNameForException["usrDueDate"] . ": " . \G::LoadTranslation("ID_MSG_ERROR_DUE_DATE")); + throw new Exception($this->arrayFieldNameForException["usrDueDate"] . ": " . G::LoadTranslation("ID_MSG_ERROR_DUE_DATE")); } } else { - throw new \Exception($this->arrayFieldNameForException["usrDueDate"] . ": " . \G::LoadTranslation("ID_MSG_ERROR_DUE_DATE")); + throw new Exception($this->arrayFieldNameForException["usrDueDate"] . ": " . G::LoadTranslation("ID_MSG_ERROR_DUE_DATE")); } } if (isset($arrayData["USR_ROLE"])) { - require_once (PATH_RBAC_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "Roles.php"); + require_once(PATH_RBAC_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "Roles.php"); - $criteria = new \Criteria("rbac"); + $criteria = new Criteria("rbac"); - $criteria->add(\RolesPeer::ROL_CODE, $arrayData["USR_ROLE"]); - $rsCriteria = \RolesPeer::doSelectRS($criteria); + $criteria->add(RolesPeer::ROL_CODE, $arrayData["USR_ROLE"]); + $rsCriteria = RolesPeer::doSelectRS($criteria); if (!$rsCriteria->next()) { - throw new \Exception(\G::LoadTranslation("ID_INVALID_VALUE_FOR", array($this->arrayFieldNameForException["usrRole"]))); + throw new Exception(G::LoadTranslation("ID_INVALID_VALUE_FOR", array($this->arrayFieldNameForException["usrRole"]))); } } if (isset($arrayData["USR_COUNTRY"]) && $arrayData["USR_COUNTRY"] != "") { - $obj = \IsoCountryPeer::retrieveByPK($arrayData["USR_COUNTRY"]); + $obj = IsoCountryPeer::retrieveByPK($arrayData["USR_COUNTRY"]); if (is_null($obj)) { - throw new \Exception(\G::LoadTranslation("ID_INVALID_VALUE_FOR", array($this->arrayFieldNameForException["usrCountry"]))); + throw new Exception(G::LoadTranslation("ID_INVALID_VALUE_FOR", array($this->arrayFieldNameForException["usrCountry"]))); } } if (isset($arrayData["USR_CITY"]) && $arrayData["USR_CITY"] != "") { if (!isset($arrayFinalData["USR_COUNTRY"]) || $arrayFinalData["USR_COUNTRY"] == "") { - throw new \Exception(\G::LoadTranslation("ID_INVALID_VALUE_FOR", array($this->arrayFieldNameForException["usrCountry"]))); + throw new Exception(G::LoadTranslation("ID_INVALID_VALUE_FOR", array($this->arrayFieldNameForException["usrCountry"]))); } - $obj = \IsoSubdivisionPeer::retrieveByPK($arrayFinalData["USR_COUNTRY"], $arrayData["USR_CITY"]); + $obj = IsoSubdivisionPeer::retrieveByPK($arrayFinalData["USR_COUNTRY"], $arrayData["USR_CITY"]); if (is_null($obj)) { - throw new \Exception(\G::LoadTranslation("ID_INVALID_VALUE_FOR", array($this->arrayFieldNameForException["usrCity"]))); + throw new Exception(G::LoadTranslation("ID_INVALID_VALUE_FOR", array($this->arrayFieldNameForException["usrCity"]))); } } if (isset($arrayData["USR_LOCATION"]) && $arrayData["USR_LOCATION"] != "") { if (!isset($arrayFinalData["USR_COUNTRY"]) || $arrayFinalData["USR_COUNTRY"] == "") { - throw new \Exception(\G::LoadTranslation("ID_INVALID_VALUE_FOR", array($this->arrayFieldNameForException["usrCountry"]))); + throw new Exception(G::LoadTranslation("ID_INVALID_VALUE_FOR", array($this->arrayFieldNameForException["usrCountry"]))); } - $obj = \IsoLocationPeer::retrieveByPK($arrayFinalData["USR_COUNTRY"], $arrayData["USR_LOCATION"]); + $obj = IsoLocationPeer::retrieveByPK($arrayFinalData["USR_COUNTRY"], $arrayData["USR_LOCATION"]); if (is_null($obj)) { - throw new \Exception(\G::LoadTranslation("ID_INVALID_VALUE_FOR", array($this->arrayFieldNameForException["usrLocation"]))); + throw new Exception(G::LoadTranslation("ID_INVALID_VALUE_FOR", array($this->arrayFieldNameForException["usrLocation"]))); } } if (isset($arrayData["USR_CALENDAR"]) && $arrayData["USR_CALENDAR"] != "") { - $obj = \CalendarDefinitionPeer::retrieveByPK($arrayData["USR_CALENDAR"]); + $obj = CalendarDefinitionPeer::retrieveByPK($arrayData["USR_CALENDAR"]); if (is_null($obj)) { - throw new \Exception(\G::LoadTranslation("ID_CALENDAR_DOES_NOT_EXIST", array($this->arrayFieldNameForException["usrCalendar"], $arrayData["USR_CALENDAR"]))); + throw new Exception(G::LoadTranslation("ID_CALENDAR_DOES_NOT_EXIST", array($this->arrayFieldNameForException["usrCalendar"], $arrayData["USR_CALENDAR"]))); } } if (isset($arrayData["DEP_UID"]) && $arrayData["DEP_UID"] != "") { - $department = new \Department(); + $department = new Department(); if (!$department->existsDepartment($arrayData["DEP_UID"])) { - throw new \Exception(\G::LoadTranslation("ID_DEPARTMENT_NOT_EXIST", array($this->arrayFieldNameForException["depUid"], $arrayData["DEP_UID"]))); + throw new Exception(G::LoadTranslation("ID_DEPARTMENT_NOT_EXIST", array($this->arrayFieldNameForException["depUid"], $arrayData["DEP_UID"]))); } } if (isset($arrayData['USR_TIME_ZONE']) && $arrayData['USR_TIME_ZONE'] != '') { - if (!in_array($arrayData['USR_TIME_ZONE'], \DateTimeZone::listIdentifiers())) { - throw new \Exception(\G::LoadTranslation('ID_TIME_ZONE_DOES_NOT_EXIST', [$this->arrayFieldNameForException['usrTimeZone'], $arrayData['USR_TIME_ZONE']])); + if (!in_array($arrayData['USR_TIME_ZONE'], DateTimeZone::listIdentifiers())) { + throw new Exception(G::LoadTranslation('ID_TIME_ZONE_DOES_NOT_EXIST', [$this->arrayFieldNameForException['usrTimeZone'], $arrayData['USR_TIME_ZONE']])); } } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Verify if does not exist the User in table USERS - * - * @param string $userUid Unique id of Email Server + * @param string $userUid Unique id of Email Server * @param string $fieldNameForException Field name for the exception - * - * return void Throw exception if does not exist the User in table USERS + * @throws Exception if does not exist the User in table USERS */ public function throwExceptionIfNotExistsUser($userUid, $fieldNameForException) { try { - $obj = \UsersPeer::retrieveByPK($userUid); + $obj = UsersPeer::retrieveByPK($userUid); if (is_null($obj) || $obj->getUsrUsername() == "") { - throw new \Exception(\G::LoadTranslation("ID_USER_DOES_NOT_EXIST", array($fieldNameForException, $userUid))); + throw new Exception(G::LoadTranslation("ID_USER_DOES_NOT_EXIST", array($fieldNameForException, $userUid))); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Get User record - * - * @param string $userUid Unique id of User - * @param array $arrayVariableNameForException Variable name for exception - * @param bool $throwException Flag to throw the exception if the main parameters are invalid or do not exist + * @param string $userUid Unique id of User + * @param array $arrayVariableNameForException Variable name for exception + * @param bool $throwException Flag to throw the exception if the main parameters are invalid or do not exist * (TRUE: throw the exception; FALSE: returns FALSE) - * - * @return array Returns an array with User record, ThrowTheException/FALSE otherwise + * @return array|bool Returns an array with User record, ThrowTheException/FALSE otherwise + * @throws Exception */ public function getUserRecordByPk($userUid, array $arrayVariableNameForException, $throwException = true) { try { - $obj = \UsersPeer::retrieveByPK($userUid); + $obj = UsersPeer::retrieveByPK($userUid); if (is_null($obj)) { if ($throwException) { - throw new \Exception(\G::LoadTranslation( - 'ID_USER_DOES_NOT_EXIST', [$arrayVariableNameForException['$userUid'], $userUid] + throw new Exception(G::LoadTranslation( + 'ID_USER_DOES_NOT_EXIST', + [$arrayVariableNameForException['$userUid'], $userUid] )); } else { return false; @@ -391,135 +415,133 @@ class User } //Return - return $obj->toArray(\BasePeer::TYPE_FIELDNAME); - } catch (\Exception $e) { + return $obj->toArray(BasePeer::TYPE_FIELDNAME); + } catch (Exception $e) { throw $e; } } /** * Get custom record - * * @param array $record Record - * * @return array Return an array with custom record + * @throws Exception */ private function __getUserCustomRecordFromRecord(array $record) { try { //Get Calendar - $calendar = new \Calendar(); - $calendarInfo = $calendar->getCalendarFor( $record["USR_UID"], "", "" ); + $calendar = new Calendar(); + $calendarInfo = $calendar->getCalendarFor($record["USR_UID"], "", ""); $aFields["USR_CALENDAR_UID"] = ($calendarInfo["CALENDAR_APPLIED"] != "DEFAULT") ? $calendarInfo["CALENDAR_UID"] : ""; - $aFields["USR_CALENDAR"] = ($aFields["USR_CALENDAR_UID"] != "") ? $calendar->calendarName( $aFields["USR_CALENDAR_UID"] ) : $aFields["USR_CALENDAR_UID"]; + $aFields["USR_CALENDAR"] = ($aFields["USR_CALENDAR_UID"] != "") ? $calendar->calendarName($aFields["USR_CALENDAR_UID"]) : $aFields["USR_CALENDAR_UID"]; //Get photo $pathPhotoUser = PATH_IMAGES_ENVIRONMENT_USERS . $record["USR_UID"] . ".gif"; - if (! file_exists( $pathPhotoUser )) { + if (!file_exists($pathPhotoUser)) { $pathPhotoUser = PATH_HOME . "public_html" . PATH_SEP . "images" . PATH_SEP . "user.gif"; } $arrayResult = []; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_UID')] = $record['USR_UID']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_USERNAME')] = $record['USR_USERNAME']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_UID')] = $record['USR_UID']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_USERNAME')] = $record['USR_USERNAME']; //$arrayResult[$this->getFieldNameByFormatFieldName('USR_PASSWORD')] = $record['USR_PASSWORD']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_FIRSTNAME')] = $record['USR_FIRSTNAME']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_LASTNAME')] = $record['USR_LASTNAME']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_EMAIL')] = $record['USR_EMAIL']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_DUE_DATE')] = $record['USR_DUE_DATE']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_CREATE_DATE')] = $record['USR_CREATE_DATE']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_UPDATE_DATE')] = $record['USR_UPDATE_DATE']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_STATUS')] = $record['USR_STATUS']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_COUNTRY')] = $record['USR_COUNTRY']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_CITY')] = $record['USR_CITY']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_LOCATION')] = $record['USR_LOCATION']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_ADDRESS')] = $record['USR_ADDRESS']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_PHONE')] = $record['USR_PHONE']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_FAX')] = $record['USR_FAX']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_CELLULAR')] = $record['USR_CELLULAR']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_ZIP_CODE')] = $record['USR_ZIP_CODE']; - $arrayResult[$this->getFieldNameByFormatFieldName('DEP_UID')] = $record['DEP_UID']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_POSITION')] = $record['USR_POSITION']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_RESUME')] = $record['USR_RESUME']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_BIRTHDAY')] = $record['USR_BIRTHDAY']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_ROLE')] = $record['USR_ROLE']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_REPORTS_TO')] = $record['USR_REPORTS_TO']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_REPLACED_BY')] = $record['USR_REPLACED_BY']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_CALENDAR_UID')] = $aFields['USR_CALENDAR_UID']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_CALENDAR_NAME')] = $aFields['USR_CALENDAR']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_UX')] = $record['USR_UX']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_FIRSTNAME')] = $record['USR_FIRSTNAME']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_LASTNAME')] = $record['USR_LASTNAME']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_EMAIL')] = $record['USR_EMAIL']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_DUE_DATE')] = $record['USR_DUE_DATE']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_CREATE_DATE')] = $record['USR_CREATE_DATE']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_UPDATE_DATE')] = $record['USR_UPDATE_DATE']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_STATUS')] = $record['USR_STATUS']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_COUNTRY')] = $record['USR_COUNTRY']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_CITY')] = $record['USR_CITY']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_LOCATION')] = $record['USR_LOCATION']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_ADDRESS')] = $record['USR_ADDRESS']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_PHONE')] = $record['USR_PHONE']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_FAX')] = $record['USR_FAX']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_CELLULAR')] = $record['USR_CELLULAR']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_ZIP_CODE')] = $record['USR_ZIP_CODE']; + $arrayResult[$this->getFieldNameByFormatFieldName('DEP_UID')] = $record['DEP_UID']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_POSITION')] = $record['USR_POSITION']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_RESUME')] = $record['USR_RESUME']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_BIRTHDAY')] = $record['USR_BIRTHDAY']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_ROLE')] = $record['USR_ROLE']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_REPORTS_TO')] = $record['USR_REPORTS_TO']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_REPLACED_BY')] = $record['USR_REPLACED_BY']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_CALENDAR_UID')] = $aFields['USR_CALENDAR_UID']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_CALENDAR_NAME')] = $aFields['USR_CALENDAR']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_UX')] = $record['USR_UX']; /*----------------------------------********---------------------------------*/ - $arrayResult[$this->getFieldNameByFormatFieldName('USR_COST_BY_HOUR')] = $record['USR_COST_BY_HOUR']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_UNIT_COST')] = $record['USR_UNIT_COST']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_COST_BY_HOUR')] = $record['USR_COST_BY_HOUR']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_UNIT_COST')] = $record['USR_UNIT_COST']; /*----------------------------------********---------------------------------*/ - $arrayResult[$this->getFieldNameByFormatFieldName('USR_PHOTO_PATH')] = $pathPhotoUser; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_PHOTO_PATH')] = $pathPhotoUser; if (isset($_SESSION['__SYSTEM_UTC_TIME_ZONE__']) && $_SESSION['__SYSTEM_UTC_TIME_ZONE__']) { - $arrayResult[$this->getFieldNameByFormatFieldName('USR_TIME_ZONE')] = (trim($record['USR_TIME_ZONE']) != '')? trim($record['USR_TIME_ZONE']) : \ProcessMaker\Util\System::getTimeZone(); + $arrayResult[$this->getFieldNameByFormatFieldName('USR_TIME_ZONE')] = (trim($record['USR_TIME_ZONE']) != '') ? trim($record['USR_TIME_ZONE']) : System::getTimeZone(); } //Return return $arrayResult; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Get criteria for User - * - * return object + * @return object + * @throws Exception */ public function getUserCriteria() { try { - $criteria = new \Criteria("workflow"); + $criteria = new Criteria("workflow"); - $criteria->addSelectColumn(\UsersPeer::USR_UID); - $criteria->addSelectColumn(\UsersPeer::USR_USERNAME); - $criteria->addSelectColumn(\UsersPeer::USR_PASSWORD); - $criteria->addSelectColumn(\UsersPeer::USR_FIRSTNAME); - $criteria->addSelectColumn(\UsersPeer::USR_LASTNAME); - $criteria->addSelectColumn(\UsersPeer::USR_EMAIL); - $criteria->addSelectColumn(\UsersPeer::USR_DUE_DATE); - $criteria->addSelectColumn(\UsersPeer::USR_CREATE_DATE); - $criteria->addSelectColumn(\UsersPeer::USR_UPDATE_DATE); - $criteria->addSelectColumn(\UsersPeer::USR_STATUS); - $criteria->addSelectColumn(\UsersPeer::USR_COUNTRY); - $criteria->addSelectColumn(\UsersPeer::USR_CITY); - $criteria->addSelectColumn(\UsersPeer::USR_LOCATION); - $criteria->addSelectColumn(\UsersPeer::USR_ADDRESS); - $criteria->addSelectColumn(\UsersPeer::USR_PHONE); - $criteria->addSelectColumn(\UsersPeer::USR_FAX); - $criteria->addSelectColumn(\UsersPeer::USR_CELLULAR); - $criteria->addSelectColumn(\UsersPeer::USR_ZIP_CODE); - $criteria->addSelectColumn(\UsersPeer::DEP_UID); - $criteria->addSelectColumn(\UsersPeer::USR_POSITION); - $criteria->addSelectColumn(\UsersPeer::USR_RESUME); - $criteria->addSelectColumn(\UsersPeer::USR_BIRTHDAY); - $criteria->addSelectColumn(\UsersPeer::USR_ROLE); - $criteria->addSelectColumn(\UsersPeer::USR_REPORTS_TO); - $criteria->addSelectColumn(\UsersPeer::USR_REPLACED_BY); - $criteria->addSelectColumn(\UsersPeer::USR_UX); + $criteria->addSelectColumn(UsersPeer::USR_UID); + $criteria->addSelectColumn(UsersPeer::USR_USERNAME); + $criteria->addSelectColumn(UsersPeer::USR_PASSWORD); + $criteria->addSelectColumn(UsersPeer::USR_FIRSTNAME); + $criteria->addSelectColumn(UsersPeer::USR_LASTNAME); + $criteria->addSelectColumn(UsersPeer::USR_EMAIL); + $criteria->addSelectColumn(UsersPeer::USR_DUE_DATE); + $criteria->addSelectColumn(UsersPeer::USR_CREATE_DATE); + $criteria->addSelectColumn(UsersPeer::USR_UPDATE_DATE); + $criteria->addSelectColumn(UsersPeer::USR_STATUS); + $criteria->addSelectColumn(UsersPeer::USR_COUNTRY); + $criteria->addSelectColumn(UsersPeer::USR_CITY); + $criteria->addSelectColumn(UsersPeer::USR_LOCATION); + $criteria->addSelectColumn(UsersPeer::USR_ADDRESS); + $criteria->addSelectColumn(UsersPeer::USR_PHONE); + $criteria->addSelectColumn(UsersPeer::USR_FAX); + $criteria->addSelectColumn(UsersPeer::USR_CELLULAR); + $criteria->addSelectColumn(UsersPeer::USR_ZIP_CODE); + $criteria->addSelectColumn(UsersPeer::DEP_UID); + $criteria->addSelectColumn(UsersPeer::USR_POSITION); + $criteria->addSelectColumn(UsersPeer::USR_RESUME); + $criteria->addSelectColumn(UsersPeer::USR_BIRTHDAY); + $criteria->addSelectColumn(UsersPeer::USR_ROLE); + $criteria->addSelectColumn(UsersPeer::USR_REPORTS_TO); + $criteria->addSelectColumn(UsersPeer::USR_REPLACED_BY); + $criteria->addSelectColumn(UsersPeer::USR_UX); /*----------------------------------********---------------------------------*/ - $criteria->addSelectColumn(\UsersPeer::USR_COST_BY_HOUR); - $criteria->addSelectColumn(\UsersPeer::USR_UNIT_COST); + $criteria->addSelectColumn(UsersPeer::USR_COST_BY_HOUR); + $criteria->addSelectColumn(UsersPeer::USR_UNIT_COST); /*----------------------------------********---------------------------------*/ - $criteria->addSelectColumn(\UsersPeer::USR_TIME_ZONE); + $criteria->addSelectColumn(UsersPeer::USR_TIME_ZONE); //Return return $criteria; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Create User - * * @param array $arrayData Data - * - * return array Return data of the new User created + * @return array Return data of the new User created + * @throws Exception */ public function create(array $arrayData) { @@ -527,7 +549,7 @@ class User //Verify data - $validator = new \ProcessMaker\BusinessModel\Validator(); + $validator = new Validator(); $validator->throwExceptionIfDataIsNotArray($arrayData, "\$arrayData"); $validator->throwExceptionIfDataIsEmpty($arrayData, "\$arrayData"); @@ -555,39 +577,20 @@ class User $this->throwExceptionIfDataIsInvalid("", $arrayData); //Create - $cnn = \Propel::getConnection("workflow"); + $cnn = Propel::getConnection("workflow"); try { - $rbac = new \RBAC(); - $user = new \Users(); + $rbac = new RBAC(); + $user = new Users(); $rbac->initRBAC(); - $arrayData["USR_PASSWORD"] = \Bootstrap::hashPassword($arrayData["USR_NEW_PASS"]); + $arrayData["USR_PASSWORD"] = Bootstrap::hashPassword($arrayData["USR_NEW_PASS"]); - $arrayData["USR_BIRTHDAY"] = (isset($arrayData["USR_BIRTHDAY"]))? $arrayData["USR_BIRTHDAY"] : date("Y-m-d"); - $arrayData["USR_LOGGED_NEXT_TIME"] = (isset($arrayData["USR_LOGGED_NEXT_TIME"]))? $arrayData["USR_LOGGED_NEXT_TIME"] : 0; - $arrayData["USR_CREATE_DATE"] = date("Y-m-d H:i:s"); - $arrayData["USR_UPDATE_DATE"] = date("Y-m-d H:i:s"); - - //Create in rbac - //$userStatus = $arrayData["USR_STATUS"]; - // - //if ($arrayData["USR_STATUS"] == "ACTIVE") { - // $arrayData["USR_STATUS"] = 1; - //} - // - //if ($arrayData["USR_STATUS"] == "INACTIVE") { - // $arrayData["USR_STATUS"] = 0; - //} - // - //$userUid = $this->createUser($arrayData); - // - //if ($arrayData["USR_ROLE"] != "") { - // $this->assignRoleToUser($userUid, $arrayData["USR_ROLE"]); - //} - // - //$arrayData["USR_STATUS"] = $userStatus; + $arrayData["USR_BIRTHDAY"] = (isset($arrayData["USR_BIRTHDAY"])) ? $arrayData["USR_BIRTHDAY"] : date("Y-m-d"); + $arrayData["USR_LOGGED_NEXT_TIME"] = (isset($arrayData["USR_LOGGED_NEXT_TIME"])) ? $arrayData["USR_LOGGED_NEXT_TIME"] : 0; + $arrayData["USR_CREATE_DATE"] = date("Y-m-d H:i:s"); + $arrayData["USR_UPDATE_DATE"] = date("Y-m-d H:i:s"); $userUid = $rbac->createUser($arrayData, $arrayData["USR_ROLE"]); @@ -598,9 +601,9 @@ class User $result = $user->create($arrayData); //User Properties - $userProperty = new \UsersProperties(); + $userProperty = new UsersProperties(); - $aUserProperty = $userProperty->loadOrCreateIfNotExists($arrayData["USR_UID"], array("USR_PASSWORD_HISTORY" => serialize(array(\Bootstrap::hashPassword($arrayData["USR_PASSWORD"]))))); + $aUserProperty = $userProperty->loadOrCreateIfNotExists($arrayData["USR_UID"], array("USR_PASSWORD_HISTORY" => serialize(array(Bootstrap::hashPassword($arrayData["USR_PASSWORD"]))))); $aUserProperty["USR_LOGGED_NEXT_TIME"] = $arrayData["USR_LOGGED_NEXT_TIME"]; $userProperty->update($aUserProperty); @@ -609,30 +612,29 @@ class User if (isset($arrayData["USR_CALENDAR"])) { //Save Calendar ID for this user - $calendar = new \Calendar(); + $calendar = new Calendar(); $calendar->assignCalendarTo($arrayData["USR_UID"], $arrayData["USR_CALENDAR"], "USER"); } //Return return $this->getUser($userUid); - } catch (\Exception $e) { + } catch (Exception $e) { $cnn->rollback(); throw $e; } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Update User - * - * @param string $userUid Unique id of User - * @param array $arrayData Data + * @param string $userUid Unique id of User + * @param array $arrayData Data * @param string $userUidLogged Unique id of User logged - * - * return array Return data of the User updated + * @return array data of the User updated + * @throws Exception */ public function update($userUid, array $arrayData, $userUidLogged) { @@ -640,7 +642,7 @@ class User //Verify data - $validator = new \ProcessMaker\BusinessModel\Validator(); + $validator = new Validator(); $validator->throwExceptionIfDataIsNotArray($arrayData, "\$arrayData"); $validator->throwExceptionIfDataIsEmpty($arrayData, "\$arrayData"); @@ -683,29 +685,29 @@ class User } if ($countPermission == 0) { - throw new \Exception(\G::LoadTranslation("ID_USER_CAN_NOT_UPDATE", array($userUidLogged))); + throw new Exception(G::LoadTranslation("ID_USER_CAN_NOT_UPDATE", array($userUidLogged))); } //Update - $cnn = \Propel::getConnection("workflow"); + $cnn = Propel::getConnection("workflow"); try { - $rbac = new \RBAC(); - $user = new \Users(); + $rbac = new RBAC(); + $user = new Users(); $rbac->initRBAC(); if (isset($arrayData['USR_PASSWORD'])) { - $arrayData['USR_PASSWORD'] = \Bootstrap::hashPassword($arrayData['USR_PASSWORD']); + $arrayData['USR_PASSWORD'] = Bootstrap::hashPassword($arrayData['USR_PASSWORD']); } else { if (isset($arrayData['USR_NEW_PASS'])) { - $arrayData['USR_PASSWORD'] = \Bootstrap::hashPassword($arrayData['USR_NEW_PASS']); + $arrayData['USR_PASSWORD'] = Bootstrap::hashPassword($arrayData['USR_NEW_PASS']); } } - $arrayData["USR_UID"] = $userUid; - $arrayData["USR_LOGGED_NEXT_TIME"] = (isset($arrayData["USR_LOGGED_NEXT_TIME"]))? $arrayData["USR_LOGGED_NEXT_TIME"] : 0; - $arrayData["USR_UPDATE_DATE"] = date("Y-m-d H:i:s"); + $arrayData["USR_UID"] = $userUid; + $arrayData["USR_LOGGED_NEXT_TIME"] = (isset($arrayData["USR_LOGGED_NEXT_TIME"])) ? $arrayData["USR_LOGGED_NEXT_TIME"] : 0; + $arrayData["USR_UPDATE_DATE"] = date("Y-m-d H:i:s"); $flagUserLoggedNextTime = false; @@ -713,15 +715,15 @@ class User if ($arrayData["USR_PASSWORD"] != "") { //require_once 'classes/model/UsersProperties.php'; - $userProperty = new \UsersProperties(); - $aUserProperty = $userProperty->loadOrCreateIfNotExists($userUid, array("USR_PASSWORD_HISTORY" => serialize(array(\Bootstrap::hashPassword($arrayData["USR_PASSWORD"]))))); + $userProperty = new UsersProperties(); + $aUserProperty = $userProperty->loadOrCreateIfNotExists($userUid, array("USR_PASSWORD_HISTORY" => serialize(array(Bootstrap::hashPassword($arrayData["USR_PASSWORD"]))))); $memKey = "rbacSession" . session_id(); - $memcache = & \PMmemcached::getSingleton(defined("SYS_SYS")? SYS_SYS : ""); + $memcache = &PMmemcached::getSingleton(defined("SYS_SYS") ? SYS_SYS : ""); if (($rbac->aUserInfo = $memcache->get($memKey)) == false) { $rbac->loadUserRolePermission("PROCESSMAKER", $userUidLogged); - $memcache->set($memKey, $rbac->aUserInfo, \PMmemcached::EIGHT_HOURS); + $memcache->set($memKey, $rbac->aUserInfo, PMmemcached::EIGHT_HOURS); } if ($rbac->aUserInfo["PROCESSMAKER"]["ROLE"]["ROL_CODE"] == "PROCESSMAKER_ADMIN") { @@ -758,7 +760,7 @@ class User $sDescription = $sDescription . " - " . G::LoadTranslation("PASSWORD_HISTORY") . ": " . PPP_PASSWORD_HISTORY . "\n"; $sDescription = $sDescription . "\n" . G::LoadTranslation("ID_PLEASE_CHANGE_PASSWORD_POLICY") . ""; - throw new \Exception($this->arrayFieldNameForException["usrNewPass"] . ": " . $sDescription); + throw new Exception($this->arrayFieldNameForException["usrNewPass"] . ": " . $sDescription); } if (count($aHistory) >= PPP_PASSWORD_HISTORY) { @@ -780,12 +782,10 @@ class User } if ($flagUserLoggedNextTime) { - //require_once "classes/model/Users.php"; - $oUser = new \Users(); + $oUser = new Users(); $aUser = $oUser->load($userUid); - //require_once "classes/model/UsersProperties.php"; - $oUserProperty = new \UsersProperties(); - $aUserProperty = $oUserProperty->loadOrCreateIfNotExists($userUid, array("USR_PASSWORD_HISTORY" => serialize(array($aUser["USR_PASSWORD"])))); + $oUserProperty = new UsersProperties(); + $aUserProperty = $oUserProperty->loadOrCreateIfNotExists($userUid, array("USR_PASSWORD_HISTORY" => serialize(array($oUser->getUsrPassword())))); $aUserProperty["USR_LOGGED_NEXT_TIME"] = $arrayData["USR_LOGGED_NEXT_TIME"]; $oUserProperty->update($aUserProperty); } @@ -804,7 +804,7 @@ class User if (isset($arrayData["USR_CALENDAR"])) { //Save Calendar ID for this user - $calendar = new \Calendar(); + $calendar = new Calendar(); $calendar->assignCalendarTo($userUid, $arrayData["USR_CALENDAR"], "USER"); } @@ -816,23 +816,22 @@ class User } return $arrayData; - } catch (\Exception $e) { + } catch (Exception $e) { $cnn->rollback(); throw $e; } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Get data of a User - * - * @param string $userUid Unique id of User - * @param bool $flagGetRecord Value that set the getting - * - * return array Return an array with data of a User + * @param string $userUid Unique id of User + * @param bool $flagGetRecord Value that set the getting + * @return array Return an array with data of a User + * @throws Exception */ public function getUser($userUid, $flagGetRecord = false) { @@ -842,37 +841,36 @@ class User //Get data //SQL + /** @var Criteria $criteria */ $criteria = $this->getUserCriteria(); - $criteria->add(\UsersPeer::USR_UID, $userUid, \Criteria::EQUAL); + $criteria->add(UsersPeer::USR_UID, $userUid, Criteria::EQUAL); - $rsCriteria = \UsersPeer::doSelectRS($criteria); - $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + $rsCriteria = UsersPeer::doSelectRS($criteria); + $rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC); $result = $rsCriteria->next(); $row = $rsCriteria->getRow(); //Return - return (!$flagGetRecord)? $this->__getUserCustomRecordFromRecord($row) : $row; - } catch (\Exception $e) { + return (!$flagGetRecord) ? $this->__getUserCustomRecordFromRecord($row) : $row; + } catch (Exception $e) { throw $e; } } /** * Create User Uid - * - * @param array $arrayUserData Data - * - * return id + * @param array $userData Data + * @return int + * @throws Exception */ public function createUser($userData) { - require_once (PATH_RBAC_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "RbacUsers.php"); - $this->userObj = new \RbacUsers(); + $this->userObj = new RbacUsers(); if (class_exists('PMPluginRegistry')) { - $pluginRegistry = & \PMPluginRegistry::getSingleton(); + $pluginRegistry = &PMPluginRegistry::getSingleton(); if ($pluginRegistry->existsTrigger(PM_BEFORE_CREATE_USER)) { try { $pluginRegistry->executeTriggers(PM_BEFORE_CREATE_USER, null); @@ -881,13 +879,13 @@ class User } } } - $oConnection = \Propel::getConnection(\RbacUsersPeer::DATABASE_NAME); + $oConnection = Propel::getConnection(RbacUsersPeer::DATABASE_NAME); try { - $oRBACUsers = new \RbacUsers(); + $oRBACUsers = new RbacUsers(); do { - $userData['USR_UID'] = \G::generateUniqueID(); + $userData['USR_UID'] = G::generateUniqueID(); } while ($oRBACUsers->load($userData['USR_UID'])); - $oRBACUsers->fromArray($userData, \BasePeer::TYPE_FIELDNAME); + $oRBACUsers->fromArray($userData, BasePeer::TYPE_FIELDNAME); $iResult = $oRBACUsers->save(); return $userData['USR_UID']; } catch (Exception $oError) { @@ -904,14 +902,12 @@ class User * @param string $sRolCode * @return void */ - public function assignRoleToUser ($sUserUID = '', $sRolCode = '') + public function assignRoleToUser($sUserUID = '', $sRolCode = '') { - require_once (PATH_RBAC_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "Roles.php"); - require_once (PATH_RBAC_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "UsersRoles.php"); - $this->usersRolesObj = new \UsersRoles(); - $this->rolesObj = new \Roles(); - $aRol = $this->rolesObj->loadByCode( $sRolCode ); - $this->usersRolesObj->create( $sUserUID, $aRol['ROL_UID'] ); + $this->usersRolesObj = new UsersRoles(); + $this->rolesObj = new Roles(); + $aRol = $this->rolesObj->loadByCode($sRolCode); + $this->usersRolesObj->create($sUserUID, $aRol['ROL_UID']); } /** @@ -921,10 +917,9 @@ class User * @param string $sPassword * @return array */ - public function testPassword ($sPassword = '') + public function testPassword($sPassword = '') { - require_once (PATH_TRUNK . "workflow" . PATH_SEP . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "UsersProperties.php"); - $oUserProperty = new \UsersProperties(); + $oUserProperty = new UsersProperties(); $aFields = array(); $dateNow = date('Y-m-d H:i:s'); $aErrors = $oUserProperty->validatePassword($sPassword, $dateNow, 0); @@ -933,31 +928,31 @@ class User define('NO_DISPLAY_USERNAME', 1); } $aFields = array(); - $aFields['DESCRIPTION'] = \G::LoadTranslation('ID_POLICY_ALERT'); + $aFields['DESCRIPTION'] = G::LoadTranslation('ID_POLICY_ALERT'); foreach ($aErrors as $sError) { switch ($sError) { case 'ID_PPP_MINIMUM_LENGTH': - $aFields['DESCRIPTION'] .= ' - ' . \G::LoadTranslation($sError) . ': ' . PPP_MINIMUM_LENGTH .'. '; + $aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError) . ': ' . PPP_MINIMUM_LENGTH . '. '; $aFields[substr($sError, 3)] = PPP_MINIMUM_LENGTH; break; case 'ID_PPP_MAXIMUM_LENGTH': - $aFields['DESCRIPTION'] .= ' - ' . \G::LoadTranslation($sError) . ': ' . PPP_MAXIMUM_LENGTH .'. '; + $aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError) . ': ' . PPP_MAXIMUM_LENGTH . '. '; $aFields[substr($sError, 3)] = PPP_MAXIMUM_LENGTH; break; case 'ID_PPP_EXPIRATION_IN': - $aFields['DESCRIPTION'] .= ' - ' . \G::LoadTranslation($sError) . ' ' . PPP_EXPIRATION_IN . ' ' . \G::LoadTranslation('ID_DAYS') .'. '; + $aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError) . ' ' . PPP_EXPIRATION_IN . ' ' . G::LoadTranslation('ID_DAYS') . '. '; $aFields[substr($sError, 3)] = PPP_EXPIRATION_IN; break; default: - $aFields['DESCRIPTION'] .= ' - ' . \G::LoadTranslation($sError); + $aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError); $aFields[substr($sError, 3)] = 1; break; } } - $aFields['DESCRIPTION'] .= \G::LoadTranslation('ID_PLEASE_CHANGE_PASSWORD_POLICY'); + $aFields['DESCRIPTION'] .= G::LoadTranslation('ID_PLEASE_CHANGE_PASSWORD_POLICY'); $aFields['STATUS'] = false; } else { - $aFields['DESCRIPTION'] = \G::LoadTranslation('ID_PASSWORD_COMPLIES_POLICIES'); + $aFields['DESCRIPTION'] = G::LoadTranslation('ID_PASSWORD_COMPLIES_POLICIES'); $aFields['STATUS'] = true; } return $aFields; @@ -965,35 +960,33 @@ class User /** * change status of an user - * * @access public - * @param array $sUserUID - * @return void + * @param string $sUserUID + * @param string $sStatus */ - public function changeUserStatus ($sUserUID = '', $sStatus = 'ACTIVE') + public function changeUserStatus($sUserUID = '', $sStatus = 'ACTIVE') { - require_once (PATH_RBAC_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "RbacUsers.php"); - $this->userObj = new \RbacUsers(); + $this->userObj = new RbacUsers(); if ($sStatus === 'ACTIVE') { $sStatus = 1; } - $aFields = $this->userObj->load( $sUserUID ); + $aFields = $this->userObj->load($sUserUID); $aFields['USR_STATUS'] = $sStatus; - $this->userObj->update( $aFields ); + $this->userObj->update($aFields); } /** * remove a role from an user * * @access public - * @param array $sUserUID + * @param string $sUserUID * @return void */ - public function removeRolesFromUser ($sUserUID = '') + public function removeRolesFromUser($sUserUID = '') { - $oCriteria = new \Criteria( 'rbac' ); - $oCriteria->add( \UsersRolesPeer::USR_UID, $sUserUID ); - \UsersRolesPeer::doDelete( $oCriteria ); + $oCriteria = new Criteria('rbac'); + $oCriteria->add(UsersRolesPeer::USR_UID, $sUserUID); + UsersRolesPeer::doDelete($oCriteria); } /** @@ -1004,19 +997,18 @@ class User * @param string $sRolCode * @return void */ - public function updateUser ($userData = array(), $sRolCode = '') + public function updateUser($userData = array(), $sRolCode = '') { - require_once (PATH_RBAC_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "RbacUsers.php"); - $this->userObj = new \RbacUsers(); - if (isset( $userData['USR_STATUS'] )) { + $this->userObj = new RbacUsers(); + if (isset($userData['USR_STATUS'])) { if ($userData['USR_STATUS'] == 'ACTIVE') { $userData['USR_STATUS'] = 1; } } - $this->userObj->update( $userData ); + $this->userObj->update($userData); if ($sRolCode != '') { - $this->removeRolesFromUser( $userData['USR_UID'] ); - $this->assignRoleToUser( $userData['USR_UID'], $sRolCode ); + $this->removeRolesFromUser($userData['USR_UID']); + $this->assignRoleToUser($userData['USR_UID'], $sRolCode); } } @@ -1032,22 +1024,18 @@ class User * @param string $sUser the user * @return $this->aUserInfo[ $sSystem ] */ - public function loadUserRolePermission ($sSystem, $sUser) + public function loadUserRolePermission($sSystem, $sUser) { //in previous versions we provided a path data and session we will cache the session Info for this user //now this is deprecated, and all the aUserInfo is in the memcache - require_once (PATH_RBAC_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "UsersRoles.php"); - require_once (PATH_RBAC_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "Systems.php"); - require_once (PATH_RBAC_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "RbacUsers.php"); - require_once (PATH_RBAC_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "RolesPeer.php"); $this->sSystem = $sSystem; - $this->usersRolesObj = new \UsersRoles(); - $this->systemObj = new \Systems(); - $fieldsSystem = $this->systemObj->loadByCode( $sSystem ); - $fieldsRoles = $this->usersRolesObj->getRolesBySystem( $fieldsSystem['SYS_UID'], $sUser ); - $fieldsPermissions = $this->usersRolesObj->getAllPermissions( $fieldsRoles['ROL_UID'], $sUser ); - $this->userObj = new \RbacUsers(); - $this->aUserInfo['USER_INFO'] = $this->userObj->load( $sUser ); + $this->usersRolesObj = new UsersRoles(); + $this->systemObj = new Systems(); + $fieldsSystem = $this->systemObj->loadByCode($sSystem); + $fieldsRoles = $this->usersRolesObj->getRolesBySystem($fieldsSystem['SYS_UID'], $sUser); + $fieldsPermissions = $this->usersRolesObj->getAllPermissions($fieldsRoles['ROL_UID'], $sUser); + $this->userObj = new RbacUsers(); + $this->aUserInfo['USER_INFO'] = $this->userObj->load($sUser); $this->aUserInfo[$sSystem]['SYS_UID'] = $fieldsSystem['SYS_UID']; $this->aUserInfo[$sSystem]['ROLE'] = $fieldsRoles; $this->aUserInfo[$sSystem]['PERMISSIONS'] = $fieldsPermissions; @@ -1056,26 +1044,21 @@ class User /** * Authenticate User - * - * @param array $arrayUserData Data - * - * return array Return data of the User updated + * @param array $arrayUserData Data + * @throws Exception */ public function authenticate($arrayUserData) { try { - - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Delete User - * * @param string $usrUid Unique id of User - * - * return void + * @throws Exception */ public function delete($usrUid) { @@ -1083,61 +1066,60 @@ class User //Verify data $this->throwExceptionIfNotExistsUser($usrUid, $this->arrayFieldNameForException["usrUid"]); - $oProcessMap = new \Cases(); + $oProcessMap = new Cases(); $USR_UID = $usrUid; $total = 0; $history = 0; $c = $oProcessMap->getCriteriaUsersCases('TO_DO', $USR_UID); - $total += \ApplicationPeer::doCount($c); + $total += ApplicationPeer::doCount($c); $c = $oProcessMap->getCriteriaUsersCases('DRAFT', $USR_UID); - $total += \ApplicationPeer::doCount($c); + $total += ApplicationPeer::doCount($c); $c = $oProcessMap->getCriteriaUsersCases('COMPLETED', $USR_UID); - $history += \ApplicationPeer::doCount($c); + $history += ApplicationPeer::doCount($c); $c = $oProcessMap->getCriteriaUsersCases('CANCELLED', $USR_UID); - $history += \ApplicationPeer::doCount($c); + $history += ApplicationPeer::doCount($c); if ($total > 0) { - throw new \Exception(\G::LoadTranslation("ID_USER_CAN_NOT_BE_DELETED", array($USR_UID))); + throw new Exception(G::LoadTranslation("ID_USER_CAN_NOT_BE_DELETED", array($USR_UID))); } else { $UID = $usrUid; - $oTasks = new \Tasks(); + $oTasks = new Tasks(); $oTasks->ofToAssignUserOfAllTasks($UID); - $oGroups = new \Groups(); + $oGroups = new Groups(); $oGroups->removeUserOfAllGroups($UID); $this->changeUserStatus($UID, 'CLOSED'); $_GET['USR_USERNAME'] = ''; $this->updateUser(array('USR_UID' => $UID, 'USR_USERNAME' => $_GET['USR_USERNAME']), ''); - require_once (PATH_TRUNK . "workflow" . PATH_SEP . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "Users.php"); - $oUser = new \Users(); + require_once(PATH_TRUNK . "workflow" . PATH_SEP . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "Users.php"); + $oUser = new Users(); $aFields = $oUser->load($UID); $aFields['USR_STATUS'] = 'CLOSED'; $aFields['USR_USERNAME'] = ''; $oUser->update($aFields); //Delete Dashboard - require_once (PATH_TRUNK . "workflow" . PATH_SEP . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "DashletInstance.php"); - $criteria = new \Criteria( 'workflow' ); - $criteria->add( \DashletInstancePeer::DAS_INS_OWNER_UID, $UID ); - $criteria->add( \DashletInstancePeer::DAS_INS_OWNER_TYPE , 'USER'); - \DashletInstancePeer::doDelete( $criteria ); + require_once(PATH_TRUNK . "workflow" . PATH_SEP . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "DashletInstance.php"); + $criteria = new Criteria('workflow'); + $criteria->add(DashletInstancePeer::DAS_INS_OWNER_UID, $UID); + $criteria->add(DashletInstancePeer::DAS_INS_OWNER_TYPE, 'USER'); + DashletInstancePeer::doDelete($criteria); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Get all Users - * - * @param array $arrayWhere Where (Condition and filters) - * @param string $sortField Field name to sort - * @param string $sortDir Direction of sorting (ASC, DESC) - * @param int $start Start - * @param int $limit Limit - * @param bool $flagRecord Flag that set the "getting" of record - * @param bool $throwException Flag to throw the exception (This only if the parameters are invalid) + * @param array $arrayWhere Where (Condition and filters) + * @param string $sortField Field name to sort + * @param string $sortDir Direction of sorting (ASC, DESC) + * @param int $start Start + * @param int $limit Limit + * @param bool $flagRecord Flag that set the "getting" of record + * @param bool $throwException Flag to throw the exception (This only if the parameters are invalid) * (TRUE: throw the exception; FALSE: returns FALSE) - * @param string $status The user's status, which can be "ACTIVE", "INACTIVE" or "VACATION" - * + * @param string $status The user's status, which can be "ACTIVE", "INACTIVE" or "VACATION" * @return array Return an array with all Users, ThrowTheException/FALSE otherwise + * @throws Exception */ public function getUsers( array $arrayWhere = null, @@ -1157,16 +1139,16 @@ class User //Verify data and Set variables $flag = !is_null($arrayWhere) && is_array($arrayWhere); $flagCondition = $flag && isset($arrayWhere['condition']); - $flagFilter = $flag && isset($arrayWhere['filter']); + $flagFilter = $flag && isset($arrayWhere['filter']); - $result = \ProcessMaker\BusinessModel\Validator::validatePagerDataByPagerDefinition( + $result = Validator::validatePagerDataByPagerDefinition( ['$start' => $start, '$limit' => $limit], ['$start' => '$start', '$limit' => '$limit'] ); if ($result !== true) { if ($throwException) { - throw new \Exception($result); + throw new Exception($result); } else { return false; } @@ -1177,25 +1159,23 @@ class User if ($flagFilter) { $arrayAux = array( - "" => "filter", - "LEFT" => "lfilter", + "" => "filter", + "LEFT" => "lfilter", "RIGHT" => "rfilter" ); - $filterName = $arrayAux[ - (isset($arrayWhere['filterOption']))? $arrayWhere['filterOption'] : '' - ]; + $filterName = $arrayAux[(isset($arrayWhere['filterOption'])) ? $arrayWhere['filterOption'] : '']; } //Get data if (!is_null($limit) && (string)($limit) == '0') { //Return return array( - "total" => $numRecTotal, - "start" => (int)((!is_null($start))? $start : 0), - "limit" => (int)((!is_null($limit))? $limit : 0), - $filterName => ($flagFilter)? $arrayWhere['filter'] : '', - "data" => $arrayUser + "total" => $numRecTotal, + "start" => (int)((!is_null($start)) ? $start : 0), + "limit" => (int)((!is_null($limit)) ? $limit : 0), + $filterName => ($flagFilter) ? $arrayWhere['filter'] : '', + "data" => $arrayUser ); } @@ -1208,40 +1188,44 @@ class User } } else { if (!is_null($status)) { - $criteria->add(\UsersPeer::USR_STATUS, strtoupper($status), \Criteria::EQUAL); + $criteria->add(UsersPeer::USR_STATUS, strtoupper($status), Criteria::EQUAL); } } if ($flagFilter && trim($arrayWhere['filter']) != '') { $arraySearch = [ - '' => '%' . $arrayWhere['filter'] . '%', - 'LEFT' => $arrayWhere['filter'] . '%', + '' => '%' . $arrayWhere['filter'] . '%', + 'LEFT' => $arrayWhere['filter'] . '%', 'RIGHT' => '%' . $arrayWhere['filter'] ]; - $search = $arraySearch[ - (isset($arrayWhere['filterOption']))? $arrayWhere['filterOption'] : '' - ]; + $search = $arraySearch[(isset($arrayWhere['filterOption'])) ? $arrayWhere['filterOption'] : '']; $criteria->add( - $criteria->getNewCriterion(\UsersPeer::USR_USERNAME, $search, \Criteria::LIKE)->addOr( - $criteria->getNewCriterion(\UsersPeer::USR_FIRSTNAME, $search, \Criteria::LIKE))->addOr( - $criteria->getNewCriterion(\UsersPeer::USR_LASTNAME, $search, \Criteria::LIKE)) + $criteria->getNewCriterion(UsersPeer::USR_USERNAME, $search, Criteria::LIKE)->addOr( + $criteria->getNewCriterion(UsersPeer::USR_FIRSTNAME, $search, Criteria::LIKE) + )->addOr( + $criteria->getNewCriterion(UsersPeer::USR_LASTNAME, $search, Criteria::LIKE) + ) ); } //Number records total - $numRecTotal = \UsersPeer::doCount($criteria); + $numRecTotal = UsersPeer::doCount($criteria); //Query - $conf = new \Configurations(); - $sortFieldDefault = \UsersPeer::TABLE_NAME . '.' . $conf->userNameFormatGetFirstFieldByUsersTable(); + $conf = new Configurations(); + $sortFieldDefault = UsersPeer::TABLE_NAME . '.' . $conf->userNameFormatGetFirstFieldByUsersTable(); if (!is_null($sortField) && trim($sortField) != "") { + //SQL Injection via 'sortField' parameter + if (!in_array($sortField, UsersPeer::getFieldNames(BasePeer::TYPE_FIELDNAME))) { + throw new Exception(G::LoadTranslation('ID_INVALID_VALUE_FOR', array('$sortField'))); + } $sortField = strtoupper($sortField); - if (in_array(\UsersPeer::TABLE_NAME . "." . $sortField, $criteria->getSelectColumns())) { - $sortField = \UsersPeer::TABLE_NAME . "." . $sortField; + if (in_array(UsersPeer::TABLE_NAME . "." . $sortField, $criteria->getSelectColumns())) { + $sortField = UsersPeer::TABLE_NAME . "." . $sortField; } else { $sortField = $sortFieldDefault; } @@ -1263,33 +1247,32 @@ class User $criteria->setLimit((int)($limit)); } - $rsCriteria = \UsersPeer::doSelectRS($criteria); - $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + $rsCriteria = UsersPeer::doSelectRS($criteria); + $rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC); while ($rsCriteria->next()) { $record = $rsCriteria->getRow(); - $arrayUser[] = ($flagRecord)? $record : $this->__getUserCustomRecordFromRecord($record); + $arrayUser[] = ($flagRecord) ? $record : $this->__getUserCustomRecordFromRecord($record); } //Return return array( - "total" => $numRecTotal, - "start" => (int)((!is_null($start))? $start : 0), - "limit" => (int)((!is_null($limit))? $limit : 0), - $filterName => ($flagFilter)? $arrayWhere['filter'] : '', - "data" => $arrayUser + "total" => $numRecTotal, + "start" => (int)((!is_null($start)) ? $start : 0), + "limit" => (int)((!is_null($limit)) ? $limit : 0), + $filterName => ($flagFilter) ? $arrayWhere['filter'] : '', + "data" => $arrayUser ); - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Upload image User - * * @param string $userUid Unique id of User - * + * @throws Exception */ public function uploadImage($userUid) { @@ -1298,23 +1281,23 @@ class User $this->throwExceptionIfNotExistsUser($userUid, $this->arrayFieldNameForException["usrUid"]); if (!$_FILES) { - throw new \Exception(\G::LoadTranslation("ID_UPLOAD_ERR_NO_FILE")); + throw new Exception(G::LoadTranslation("ID_UPLOAD_ERR_NO_FILE")); } if (!isset($_FILES["USR_PHOTO"])) { - throw new \Exception(\G::LoadTranslation("ID_UNDEFINED_VALUE_IS_REQUIRED", array($this->arrayFieldNameForException["usrPhoto"]))); + throw new Exception(G::LoadTranslation("ID_UNDEFINED_VALUE_IS_REQUIRED", array($this->arrayFieldNameForException["usrPhoto"]))); } if ($_FILES['USR_PHOTO']['error'] != 1) { if ($_FILES['USR_PHOTO']['tmp_name'] != '') { $aAux = explode('.', $_FILES['USR_PHOTO']['name']); - \G::uploadFile($_FILES['USR_PHOTO']['tmp_name'], PATH_IMAGES_ENVIRONMENT_USERS, $userUid . '.' . $aAux[1]); - \G::resizeImage(PATH_IMAGES_ENVIRONMENT_USERS . $userUid . '.' . $aAux[1], 96, 96, PATH_IMAGES_ENVIRONMENT_USERS . $userUid . '.gif'); + G::uploadFile($_FILES['USR_PHOTO']['tmp_name'], PATH_IMAGES_ENVIRONMENT_USERS, $userUid . '.' . $aAux[1]); + G::resizeImage(PATH_IMAGES_ENVIRONMENT_USERS . $userUid . '.' . $aAux[1], 96, 96, PATH_IMAGES_ENVIRONMENT_USERS . $userUid . '.gif'); } } else { - throw new \Exception(\G::LoadTranslation('ID_ERROR') . ' ' . $_FILES['USR_PHOTO']['error']); + throw new Exception(G::LoadTranslation('ID_ERROR') . ' ' . $_FILES['USR_PHOTO']['error']); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -1330,7 +1313,7 @@ class User */ public function updateBookmark($userUID, $tasUid, $type) { - $this->userObj = new \Users(); + $this->userObj = new Users(); $fields = $this->userObj->load($userUID); $bookmark = empty($fields['USR_BOOKMARK_START_CASES']) ? array() : unserialize($fields['USR_BOOKMARK_START_CASES']); $position = array_search($tasUid, $bookmark); @@ -1348,19 +1331,19 @@ class User * @param $userUid * @param array $arrayPermission * @return User - * @throws \Exception + * @throws Exception */ public function checkPermissionForEdit($userUid, $arrayPermission = array(), $form) { try { foreach ($arrayPermission as $key => $value) { $flagPermission = $this->checkPermission($userUid, $value); - if (!$flagPermission){ + if (!$flagPermission) { unset($form[$key]); } } return $form; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -1368,7 +1351,7 @@ class User /** * @param $aFields * @return array - * @throws \Exception + * @throws Exception */ public function loadDetailedPermissions($aFields) { @@ -1384,20 +1367,19 @@ class User return $resultPermissionsForUser; } else { $lang = defined('SYS_LANG') ? SYS_LANG : 'en'; - throw (new \Exception(G::LoadTranslation("ID_USER_UID_DOESNT_EXIST", $lang, array("USR_UID" => $aFields['USR_UID'])))); + throw (new Exception(G::LoadTranslation("ID_USER_UID_DOESNT_EXIST", $lang, array("USR_UID" => $aFields['USR_UID'])))); } - } catch (\Exception $oError) { + } catch (Exception $oError) { throw ($oError); } } /** * Check permission - * - * @param string $userUid Unique uid of User + * @param string $userUid Unique uid of User * @param string $permissionCode Permission code - * - * return bool + * @return bool + * @throws Exception */ public function checkPermission($userUid, $permissionCode) { @@ -1415,15 +1397,15 @@ class User //Return return $flagPermission; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Get User-Logged Time Zone - * * @return string Return the User-Logged Time Zone; Time Zone system settings otherwise + * @throws Exception */ public static function getUserLoggedTimeZone() { @@ -1433,24 +1415,23 @@ class User if (isset($_SESSION['USR_TIME_ZONE'])) { $tz = trim($_SESSION['USR_TIME_ZONE']); - $timeZone = ($tz != '')? $tz : $timeZone; + $timeZone = ($tz != '') ? $tz : $timeZone; } //Return return $timeZone; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Get the User's Manager - * - * @param string $userUid Unique id of User - * @param bool $throwException Flag to throw the exception if the main parameters are invalid or do not exist + * @param string $userUid Unique id of User + * @param bool $throwException Flag to throw the exception if the main parameters are invalid or do not exist * (TRUE: throw the exception; FALSE: returns FALSE) - * * @return string Returns an string with Unique id of User (Manager), ThrowTheException/FALSE otherwise + * @throws Exception */ public function getUsersManager($userUid, $throwException = true) { @@ -1476,7 +1457,9 @@ class User $flagd = false; $arrayDepartmentData = $department->getDepartmentRecordByPk( - $departmentUid, ['$departmentUid' => '$departmentUid'], $throwException + $departmentUid, + ['$departmentUid' => '$departmentUid'], + $throwException ); if ($arrayDepartmentData === false) { @@ -1502,54 +1485,52 @@ class User } else { return $arrayUserData['USR_REPORTS_TO']; } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * AuditLog - * - * @param string $option Option - * @param array $arrayData Data - * - * @return void + * @param string $option Option + * @param array $arrayData Data + * @throws Exception */ public function auditLog($option, array $arrayData) { try { - $firstName = (array_key_exists('USR_FIRSTNAME', $arrayData))? ' - First Name: ' . $arrayData['USR_FIRSTNAME'] : ''; - $lastName = (array_key_exists('USR_LASTNAME', $arrayData))? ' - Last Name: ' . $arrayData['USR_LASTNAME'] : ''; - $email = (array_key_exists('USR_EMAIL', $arrayData))? ' - Email: ' . $arrayData['USR_EMAIL'] : ''; - $dueDate = (array_key_exists('USR_DUE_DATE', $arrayData))? ' - Due Date: ' . $arrayData['USR_DUE_DATE'] : ''; - $status = (array_key_exists('USR_STATUS', $arrayData))? ' - Status: ' . $arrayData['USR_STATUS'] : ''; - $address = (array_key_exists('USR_ADDRESS', $arrayData))? ' - Address: ' . $arrayData['USR_ADDRESS'] : ''; - $phone = (array_key_exists('USR_PHONE', $arrayData))? ' - Phone: ' . $arrayData['USR_PHONE'] : ''; - $zipCode = (array_key_exists('USR_ZIP_CODE', $arrayData))? ' - Zip Code: ' . $arrayData['USR_ZIP_CODE'] : ''; - $position = (array_key_exists('USR_POSITION', $arrayData))? ' - Position: ' . $arrayData['USR_POSITION'] : ''; - $role = (array_key_exists('USR_ROLE', $arrayData))? ' - Role: ' . $arrayData['USR_ROLE'] : ''; - $languageDef = (array_key_exists('USR_DEFAULT_LANG', $arrayData))? ' - Default Language: ' . $arrayData['USR_DEFAULT_LANG'] : ''; - $timeZone = (array_key_exists('USR_TIME_ZONE', $arrayData))? ' - Time Zone: ' . $arrayData['USR_TIME_ZONE'] : ''; + $firstName = (array_key_exists('USR_FIRSTNAME', $arrayData)) ? ' - First Name: ' . $arrayData['USR_FIRSTNAME'] : ''; + $lastName = (array_key_exists('USR_LASTNAME', $arrayData)) ? ' - Last Name: ' . $arrayData['USR_LASTNAME'] : ''; + $email = (array_key_exists('USR_EMAIL', $arrayData)) ? ' - Email: ' . $arrayData['USR_EMAIL'] : ''; + $dueDate = (array_key_exists('USR_DUE_DATE', $arrayData)) ? ' - Due Date: ' . $arrayData['USR_DUE_DATE'] : ''; + $status = (array_key_exists('USR_STATUS', $arrayData)) ? ' - Status: ' . $arrayData['USR_STATUS'] : ''; + $address = (array_key_exists('USR_ADDRESS', $arrayData)) ? ' - Address: ' . $arrayData['USR_ADDRESS'] : ''; + $phone = (array_key_exists('USR_PHONE', $arrayData)) ? ' - Phone: ' . $arrayData['USR_PHONE'] : ''; + $zipCode = (array_key_exists('USR_ZIP_CODE', $arrayData)) ? ' - Zip Code: ' . $arrayData['USR_ZIP_CODE'] : ''; + $position = (array_key_exists('USR_POSITION', $arrayData)) ? ' - Position: ' . $arrayData['USR_POSITION'] : ''; + $role = (array_key_exists('USR_ROLE', $arrayData)) ? ' - Role: ' . $arrayData['USR_ROLE'] : ''; + $languageDef = (array_key_exists('USR_DEFAULT_LANG', $arrayData)) ? ' - Default Language: ' . $arrayData['USR_DEFAULT_LANG'] : ''; + $timeZone = (array_key_exists('USR_TIME_ZONE', $arrayData)) ? ' - Time Zone: ' . $arrayData['USR_TIME_ZONE'] : ''; $str = 'User Name: ' . $arrayData['USR_USERNAME'] . ' - User ID: (' . $arrayData['USR_UID'] . ')' . $firstName . $lastName . $email . $dueDate . $status . $address . $phone . $zipCode . $position . $role . $timeZone . $languageDef; - \G::auditLog(($option == 'INS')? 'CreateUser' : 'UpdateUser', $str); - } catch (\Exception $e) { + G::auditLog(($option == 'INS') ? 'CreateUser' : 'UpdateUser', $str); + } catch (Exception $e) { throw $e; } } + /** * This function get the list of users - * - * @param string $authSource, authentication source + * @param string $authSource , authentication source * @param string $filter * @param string $sort - * @param integer $start - * @param integer $limit + * @param int $start + * @param int $limit * @param string $dir related to order the column - * - * @return void + * @return array + * @throws Exception */ public function getAllUsersWithAuthSource( $authSource = '', @@ -1558,64 +1539,67 @@ class User $start = 0, $limit = 20, $dir = 'ASC' - ) - { + ) { global $RBAC; $aUsers = array(); if ($authSource != '') { $aUsers = $RBAC->getListUsersByAuthSource($authSource); } - $oCriteria = new \Criteria('workflow'); + $oCriteria = new Criteria('workflow'); $oCriteria->addSelectColumn('COUNT(*) AS CNT'); if ($filter != '') { - $cc = $oCriteria->getNewCriterion(\UsersPeer::USR_USERNAME, '%' . $filter . '%', \Criteria::LIKE) - ->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_FIRSTNAME, '%' . $filter . '%', \Criteria::LIKE) - ->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_LASTNAME, '%' . $filter . '%', \Criteria::LIKE) - ->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_EMAIL, '%' . $filter . '%', \Criteria::LIKE)))); + $cc = $oCriteria->getNewCriterion(UsersPeer::USR_USERNAME, '%' . $filter . '%', Criteria::LIKE) + ->addOr($oCriteria->getNewCriterion(UsersPeer::USR_FIRSTNAME, '%' . $filter . '%', Criteria::LIKE) + ->addOr($oCriteria->getNewCriterion(UsersPeer::USR_LASTNAME, '%' . $filter . '%', Criteria::LIKE) + ->addOr($oCriteria->getNewCriterion(UsersPeer::USR_EMAIL, '%' . $filter . '%', Criteria::LIKE)))); $oCriteria->add($cc); } - $oCriteria->add(\UsersPeer::USR_STATUS, array('CLOSED'), \Criteria::NOT_IN); + $oCriteria->add(UsersPeer::USR_STATUS, array('CLOSED'), Criteria::NOT_IN); if ($authSource != '') { $totalRows = sizeof($aUsers); } else { - $oDataset = \UsersPeer::DoSelectRs($oCriteria); - $oDataset->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + $oDataset = UsersPeer::DoSelectRs($oCriteria); + $oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); $oDataset->next(); $row = $oDataset->getRow(); $totalRows = $row['CNT']; } $oCriteria->clearSelectColumns(); - $oCriteria->addSelectColumn(\UsersPeer::USR_UID); - $oCriteria->addSelectColumn(\UsersPeer::USR_USERNAME); - $oCriteria->addSelectColumn(\UsersPeer::USR_FIRSTNAME); - $oCriteria->addSelectColumn(\UsersPeer::USR_LASTNAME); - $oCriteria->addSelectColumn(\UsersPeer::USR_EMAIL); - $oCriteria->addSelectColumn(\UsersPeer::USR_ROLE); - $oCriteria->addSelectColumn(\UsersPeer::USR_DUE_DATE); - $oCriteria->addSelectColumn(\UsersPeer::USR_STATUS); - $oCriteria->addSelectColumn(\UsersPeer::USR_UX); - $oCriteria->addSelectColumn(\UsersPeer::DEP_UID); - $oCriteria->addSelectColumn(\UsersPeer::USR_LAST_LOGIN); + $oCriteria->addSelectColumn(UsersPeer::USR_UID); + $oCriteria->addSelectColumn(UsersPeer::USR_USERNAME); + $oCriteria->addSelectColumn(UsersPeer::USR_FIRSTNAME); + $oCriteria->addSelectColumn(UsersPeer::USR_LASTNAME); + $oCriteria->addSelectColumn(UsersPeer::USR_EMAIL); + $oCriteria->addSelectColumn(UsersPeer::USR_ROLE); + $oCriteria->addSelectColumn(UsersPeer::USR_DUE_DATE); + $oCriteria->addSelectColumn(UsersPeer::USR_STATUS); + $oCriteria->addSelectColumn(UsersPeer::USR_UX); + $oCriteria->addSelectColumn(UsersPeer::DEP_UID); + $oCriteria->addSelectColumn(UsersPeer::USR_LAST_LOGIN); $oCriteria->addAsColumn('LAST_LOGIN', 0); $oCriteria->addAsColumn('DEP_TITLE', 0); $oCriteria->addAsColumn('TOTAL_CASES', 0); $oCriteria->addAsColumn('DUE_DATE_OK', 1); $sep = "'"; - $oCriteria->add(\UsersPeer::USR_STATUS, array('CLOSED'), \Criteria::NOT_IN); + $oCriteria->add(UsersPeer::USR_STATUS, array('CLOSED'), Criteria::NOT_IN); if ($filter != '') { - $cc = $oCriteria->getNewCriterion(\UsersPeer::USR_USERNAME, '%' . $filter . '%', \Criteria::LIKE) - ->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_FIRSTNAME, '%' . $filter . '%', \Criteria::LIKE) - ->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_LASTNAME, '%' . $filter . '%', \Criteria::LIKE) - ->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_EMAIL, '%' . $filter . '%', \Criteria::LIKE)))); + $cc = $oCriteria->getNewCriterion(UsersPeer::USR_USERNAME, '%' . $filter . '%', Criteria::LIKE) + ->addOr($oCriteria->getNewCriterion(UsersPeer::USR_FIRSTNAME, '%' . $filter . '%', Criteria::LIKE) + ->addOr($oCriteria->getNewCriterion(UsersPeer::USR_LASTNAME, '%' . $filter . '%', Criteria::LIKE) + ->addOr($oCriteria->getNewCriterion(UsersPeer::USR_EMAIL, '%' . $filter . '%', Criteria::LIKE)))); $oCriteria->add($cc); } if (sizeof($aUsers) > 0) { - $oCriteria->add(\UsersPeer::USR_UID, $aUsers, \Criteria::IN); + $oCriteria->add(UsersPeer::USR_UID, $aUsers, Criteria::IN); } elseif ($totalRows == 0 && $authSource != '') { - $oCriteria->add(\UsersPeer::USR_UID, '', \Criteria::IN); + $oCriteria->add(UsersPeer::USR_UID, '', Criteria::IN); } if ($sort != '') { + //SQL Injection via 'sort' parameter + if (!in_array($sort, UsersPeer::getFieldNames(BasePeer::TYPE_FIELDNAME))) { + throw new Exception(G::LoadTranslation('ID_INVALID_VALUE_FOR', array('$sort'))); + } if ($dir == 'ASC') { $oCriteria->addAscendingOrderByColumn($sort); } else { @@ -1624,15 +1608,16 @@ class User } $oCriteria->setOffset($start); $oCriteria->setLimit($limit); - $oDataset = \UsersPeer::DoSelectRs($oCriteria); - $oDataset->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + $oDataset = UsersPeer::DoSelectRs($oCriteria); + $oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); return array("data" => $oDataset, "totalRows" => $totalRows); } + /** * This function get additional information related to the user * Information about the department, rol, cases, authentication * - * @param criteria $oDatasetUsers, criteria for search users + * @param criteria $oDatasetUsers , criteria for search users * * @return array $dataUsers array of users with the additional information */ @@ -1640,18 +1625,18 @@ class User { global $RBAC; //Get the information about the department - $Department = new \Department(); + $Department = new Department(); $aDepart = $Department->getAllDepartmentsByUser(); //Get the authentication sources $aAuthSources = $RBAC->getAllAuthSourcesByUser(); //Get roles - $oRoles = new \Roles(); + $oRoles = new Roles(); //Get cases - $oParticipated = new \ListParticipatedLast(); - $oAppCache = new \AppCacheView(); + $oParticipated = new ListParticipatedLast(); + $oAppCache = new AppCacheView(); $rows = array(); $uRole = array(); @@ -1664,7 +1649,7 @@ class User //Add the role information related to the user try { $uRole = $oRoles->loadByCode($row['USR_ROLE']); - } catch (\exception $oError) { + } catch (exception $oError) { $uRole['ROL_NAME'] = G::loadTranslation('ID_DELETED'); } $row['USR_ROLE_ID'] = $row['USR_ROLE']; @@ -1674,15 +1659,15 @@ class User if (true) { $total = $oParticipated->getCountList($row['USR_UID']); } else { - /*----------------------------------********---------------------------------*/ + /*----------------------------------********---------------------------------*/ $total = $oAppCache->getListCounters('sent', $row['USR_UID'], false); - /*----------------------------------********---------------------------------*/ + /*----------------------------------********---------------------------------*/ } /*----------------------------------********---------------------------------*/ $row['TOTAL_CASES'] = $total; $row['DUE_DATE_OK'] = (date('Y-m-d') > date('Y-m-d', strtotime($row['USR_DUE_DATE']))) ? 0 : 1; - $row['LAST_LOGIN'] = isset($row['USR_LAST_LOGIN']) ? \ProcessMaker\Util\DateTime::convertUtcToTimeZone($row['USR_LAST_LOGIN']) : ''; + $row['LAST_LOGIN'] = isset($row['USR_LAST_LOGIN']) ? DateTime::convertUtcToTimeZone($row['USR_LAST_LOGIN']) : ''; //Add the department information related to the user $row['DEP_TITLE'] = isset($aDepart[$row['USR_UID']]) ? $aDepart[$row['USR_UID']] : ''; //Add the authentication information related to the user @@ -1695,6 +1680,4 @@ class User return $dataUsers; } - } - diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/WebEntry.php b/workflow/engine/src/ProcessMaker/BusinessModel/WebEntry.php index 2f9a1c405..f72fc9f90 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/WebEntry.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/WebEntry.php @@ -382,7 +382,7 @@ class WebEntry $arrayUserData = $user->load($arrayWebEntryData["USR_UID"]); $usrUsername = $arrayUserData["USR_USERNAME"]; - $usrPassword = $arrayUserData["USR_PASSWORD"]; + $usrPassword = $user->getUsrPassword(); $dynaForm = new \Dynaform(); diff --git a/workflow/engine/src/ProcessMaker/Exception/ProjectNotFound.php b/workflow/engine/src/ProcessMaker/Exception/ProjectNotFound.php index 5e017eb67..73b4957bd 100644 --- a/workflow/engine/src/ProcessMaker/Exception/ProjectNotFound.php +++ b/workflow/engine/src/ProcessMaker/Exception/ProjectNotFound.php @@ -5,7 +5,7 @@ use ProcessMaker\Project; class ProjectNotFound extends \RuntimeException { - const EXCEPTION_CODE = 20; + const EXCEPTION_CODE = 400; public function __construct(Project\Handler $obj, $uid, $message = "", \Exception $previous = null) { $message = empty($message) ? sprintf("Project \"%s\" with UID: %s, does not exist.", get_class($obj), $uid) : $message; diff --git a/workflow/engine/src/ProcessMaker/Exception/RBACException.php b/workflow/engine/src/ProcessMaker/Exception/RBACException.php new file mode 100644 index 000000000..f10e881e4 --- /dev/null +++ b/workflow/engine/src/ProcessMaker/Exception/RBACException.php @@ -0,0 +1,59 @@ +getCode()) { + case -1: + G::SendTemporalMessage($this->getMessage(), 'error', 'labels'); + $message = self::PM_LOGIN; + break; + case -2: + G::SendTemporalMessage($this->getMessage(), 'error', 'labels'); + $message = self::PM_LOGIN; + break; + case 403: + $message = self::PM_403; + break; + default: + $message = self::PM_LOGIN; + break; + } + return $message; + } + + /** + * Returns the path to which to redirect + * @return $this + */ + public function getPath() + { + return $this; + } +} diff --git a/workflow/engine/src/ProcessMaker/Importer/Importer.php b/workflow/engine/src/ProcessMaker/Importer/Importer.php index 1e89f110f..fecb7e164 100644 --- a/workflow/engine/src/ProcessMaker/Importer/Importer.php +++ b/workflow/engine/src/ProcessMaker/Importer/Importer.php @@ -6,6 +6,7 @@ use ProcessMaker\Project; use ProcessMaker\Project\Adapter; use ProcessMaker\BusinessModel\Migrator; use ProcessMaker\BusinessModel\Migrator\ImportException; +use ProcessMaker\Util\Common; abstract class Importer { @@ -771,7 +772,7 @@ abstract class Importer $getProjectName = $exporter->truncateName($exporter->getProjectName(), false); $outputDir = PATH_DATA . "sites" . PATH_SEP . SYS_SYS . PATH_SEP . "files" . PATH_SEP . "output" . PATH_SEP; - $version = \ProcessMaker\Util\Common::getLastVersion($outputDir . $getProjectName . "-*.pmx") + 1; + $version = Common::getLastVersionSpecialCharacters($outputDir, $getProjectName, "pmx") + 1; $outputFilename = $outputDir . sprintf("%s-%s.%s", str_replace(" ", "_", $getProjectName), $version, "pmx"); $exporter->setMetadata("export_version", $version); diff --git a/workflow/engine/src/ProcessMaker/Project/Bpmn.php b/workflow/engine/src/ProcessMaker/Project/Bpmn.php index 3db94b13a..3ebb318b1 100644 --- a/workflow/engine/src/ProcessMaker/Project/Bpmn.php +++ b/workflow/engine/src/ProcessMaker/Project/Bpmn.php @@ -1,39 +1,36 @@ delete(); - //TODO if the activity was removed, the related flows to that activity must be removed - + if (isset($activity)) { + $activity->delete(); + Flow::removeAllRelated($actUid); + } else { + throw new Exception(G::LoadTranslation("ID_ACTIVITY_DOES_NOT_EXIST", array("act_uid", $actUid))); + } self::log("Remove Activity Success!"); } catch (\Exception $e) { self::log("Exception: ", $e->getMessage(), "Trace: ", $e->getTraceAsString()); diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Project.php b/workflow/engine/src/ProcessMaker/Services/Api/Project.php index 0496db5b0..cc38f31a2 100644 --- a/workflow/engine/src/ProcessMaker/Services/Api/Project.php +++ b/workflow/engine/src/ProcessMaker/Services/Api/Project.php @@ -10,6 +10,7 @@ use \ProcessMaker\BusinessModel\Validator; use \ProcessMaker\BusinessModel\Migrator\GranularExporter; use \ProcessMaker\BusinessModel\Migrator\ExportObjects; use \ProcessMaker\Util\IO\HttpStream; +use \ProcessMaker\Util\Common; /** * Class Project @@ -182,7 +183,7 @@ class Project extends Api $getProjectName = $exporter->truncateName($exporter->getProjectName(), false); $outputDir = PATH_DATA . "sites" . PATH_SEP . SYS_SYS . PATH_SEP . "files" . PATH_SEP . "output" . PATH_SEP; - $version = \ProcessMaker\Util\Common::getLastVersion($outputDir . $getProjectName . "-*.pmx") + 1; + $version = Common::getLastVersionSpecialCharacters($outputDir, $getProjectName, "pmx") + 1; $outputFilename = $outputDir . sprintf("%s-%s.%s", str_replace(" ", "_", $getProjectName), $version, "pmx"); $exporter->setMetadata("export_version", $version); diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Project/Activity.php b/workflow/engine/src/ProcessMaker/Services/Api/Project/Activity.php index e55585094..d95f3f47b 100644 --- a/workflow/engine/src/ProcessMaker/Services/Api/Project/Activity.php +++ b/workflow/engine/src/ProcessMaker/Services/Api/Project/Activity.php @@ -1,8 +1,11 @@ - * @copyright Colosa - Bolivia * @return array - * + * @access protected + * @class AccessControl {@permission PM_FACTORY} * @url DELETE /:prj_uid/activity/:act_uid */ public function doDeleteProjectActivity($prj_uid, $act_uid) { try { - $task = new \ProcessMaker\BusinessModel\Task(); - $task->deleteTask($prj_uid, $act_uid); - } catch (\Exception $e) { - throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage()); + $task = new Task(); + $task->setFormatFieldNameInUppercase(false); + $task->setArrayParamException(array("taskUid" => "act_uid")); + + $response = $task->hasPendingCases(array("act_uid" => $act_uid, "case_type" => "assigned")); + if ($response->result !== false) { + $project = new BpmnWorkflow(); + $prj = $project->load($prj_uid); + $prj->removeActivity($act_uid); + } else { + throw new RestException(403, $response->message); + } + } catch (Exception $e) { + $resCode = $e->getCode() == 0 ? Api::STAT_APP_EXCEPTION : $e->getCode(); + throw new RestException($resCode, $e->getMessage()); } } @@ -215,7 +228,7 @@ class Activity extends Api $task->setFormatFieldNameInUppercase(false); $task->setArrayParamException(array("taskUid" => "act_uid")); - $response = $task->getValidateSelfService($request_data); + $response = $task->hasPendingCases($request_data); return $response; } catch (\Exception $e) { diff --git a/workflow/public_html/app.php b/workflow/public_html/app.php index 7fe4195d1..0c8506882 100644 --- a/workflow/public_html/app.php +++ b/workflow/public_html/app.php @@ -53,6 +53,8 @@ try { break; } +} catch (ProcessMaker\Exception\RBACException $e) { + G::header('location: ' . $e->getPath()); } catch (Exception $e) { $view = new Maveriks\Pattern\Mvc\PhtmlView($rootDir . "framework/src/templates/Exception.phtml"); $view->set("message", $e->getMessage());