retrieve($_SESSION['user_id']);
$current_user->authenticated = true;
$use_current_user_login = true;
require_once('modules/Users/Authenticate.php');
}
}else{
session_start();
}
clean_incoming_data();
if (!empty($_REQUEST['cancel_redirect'])) {
if (!empty($_REQUEST['return_action'])) {
$_REQUEST['action'] = $_REQUEST['return_action'];
$_POST['action'] = $_REQUEST['return_action'];
$_GET['action'] = $_REQUEST['return_action'];
}
if (!empty($_REQUEST['return_module'])) {
$_REQUEST['module'] = $_REQUEST['return_module'];
$_POST['module'] = $_REQUEST['return_module'];
$_GET['module'] = $_REQUEST['return_module'];
}
if (!empty($_REQUEST['return_id'])) {
$_REQUEST['id'] = $_REQUEST['return_id'];
$_POST['id'] = $_REQUEST['return_id'];
$_GET['id'] = $_REQUEST['return_id'];
}
}
if(isset($_REQUEST['action']))
{
$action = $_REQUEST['action'];
}
else {
$action = "";
}
if(isset($_REQUEST['module']))
{
$module = $_REQUEST['module'];
}
else {
$module = "";
}
if(isset($_REQUEST['record']))
{
$record = $_REQUEST['record'];
}
else {
$record = "";
}
$user_unique_key = (isset($_SESSION['unique_key'])) ? $_SESSION['unique_key'] : '';
$server_unique_key = (isset($sugar_config['unique_key'])) ? $sugar_config['unique_key'] : '';
$allowed_actions = array("Authenticate", "Login"); // these are actions where the user/server keys aren't compared
if (($user_unique_key != $server_unique_key) && (!in_array($action, $allowed_actions)) && (!isset($_SESSION['login_error']))) {
session_destroy();
$post_login_nav='';
if (!empty($record) && !empty($action) && !empty($module)) {
$post_login_nav="&login_module=".$module."&login_action=".$action."&login_record=".$record;
}
header("Location: index.php?action=Login&module=Users".$post_login_nav);
exit();
}
require_once('include/modules.php');
if(isset( $sugar_config['disc_client']) && $sugar_config['disc_client']){
require_once('modules/Sync/SyncController.php');
}
if (empty($sugar_config['dbconfig']['db_host_name'])) {
header("Location: install.php");
exit();
}
require_once('modules/Users/User.php');
global $currentModule, $moduleList;
require_once('modules/Administration/Administration.php');
global $system_config;
$system_config = new Administration();
$system_config->retrieveSettings('system');
if($sugar_config['calculate_response_time']) $startTime = microtime();
if (isset($_REQUEST['PHPSESSID'])) $GLOBALS['log']->debug("****Starting for session ".$_REQUEST['PHPSESSID']);
else $GLOBALS['log']->debug("****Starting for new session");
// We use the REQUEST_URI later to construct dynamic URLs. IIS does not pass this field
// to prevent an error, if it is not set, we will assign it to ''
if(!isset($_SERVER['REQUEST_URI']))
{
$_SERVER['REQUEST_URI'] = '';
}
// Check to see if there is an authenticated user in the session.
if(isset($_SESSION["authenticated_user_id"]))
{
$GLOBALS['log']->debug("We have an authenticated user id: ".$_SESSION["authenticated_user_id"]);
}
else if(isset($action) && isset($module) && ($action=="Authenticate") && $module=="Users")
{
$GLOBALS['log']->debug("We are authenticating user now");
}
else
{
$GLOBALS['log']->debug("The current user does not have a session. Going to the login page");
$action = "Login";
$module = "Users";
$_REQUEST['action'] = $action;
$_REQUEST['module'] = $module;
}
// grab client ip address
$clientIP = query_client_ip();
$classCheck = 0;
// check to see if config entry is present, if not, verify client ip
if(!isset($sugar_config['verify_client_ip']) || $sugar_config['verify_client_ip'] == true)
{
// check to see if we've got a current ip address in $_SESSION
// and check to see if the session has been hijacked by a foreign ip
if(isset($_SESSION["ipaddress"]))
{
$session_parts = explode(".", $_SESSION["ipaddress"]);
$client_parts = explode(".", $clientIP);
// match class C IP addresses
for($i=0;$i<3;$i++)
{
if($session_parts[$i] == $client_parts[$i])
{
$classCheck = 1;
continue;
}
else
{
$classCheck = 0;
break;
}
}
// we have a different IP address
if($_SESSION["ipaddress"] != $clientIP && empty($classCheck))
{
$GLOBALS['log']->fatal("IP Address mismatch: SESSION IP: {$_SESSION['ipaddress']} CLIENT IP: {$clientIP}");
session_destroy();
die("Your session was terminated due to a significant change in your IP address. Return to Home");
}
}
else
{
$_SESSION["ipaddress"] = $clientIP;
}
}
$GLOBALS['log']->debug($_REQUEST);
$skipHeaders=false;
$skipFooters=false;
// Set the current module to be the module that was passed in
if(!empty($module))
{
$currentModule = $module;
}
// If we have an action and a module, set that action as the current.
if(!empty($action) && !empty($module))
{
$GLOBALS['log']->info("About to take action ".$action);
$GLOBALS['log']->debug("in $action");
if(ereg("^Save", $action) || ereg("^Delete", $action) || ereg("^Popup", $action) || ereg("^ChangePassword", $action) || ereg("^Authenticate", $action) || ereg("^Logout", $action) || ereg("^Export",$action))
{
$skipHeaders=true;
if(ereg("^Popup", $action) || ereg("^ChangePassword", $action) || ereg("^Export", $action))
$skipFooters=true;
}
if((isset($_REQUEST['sugar_body_only']) && $_REQUEST['sugar_body_only'])){
$skipHeaders=true;
$skipFooters=true;
}
if((isset($_REQUEST['from']) && $_REQUEST['from']=='ImportVCard') || ! empty($_REQUEST['to_pdf'] ) || ! empty($_REQUEST['to_csv'] ) ){
$skipHeaders=true;
$skipFooters=true;
}
if($action == 'BusinessCard' || $action == 'ConvertLead'|| $action == 'Save'){
header( "Expires: Mon, 20 Dec 1998 01:00:00 GMT" );
header( "Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT" );
header( "Cache-Control: no-cache, must-revalidate" );
header( "Pragma: no-cache" );
}
if ( $action == "Import" &&
isset($_REQUEST['step']) &&
$_REQUEST['step'] == '4' )
{
$skipHeaders=true;
$skipFooters=true;
}
if($action == 'Save2'){
$currentModuleFile = 'include/generic/Save2.php';
}
else if($action == 'SubPanelViewer'){
$currentModuleFile = 'include/SubPanel/SubPanelViewer.php';
}
else if($action == 'DeleteRelationship'){
$currentModuleFile = 'include/generic/DeleteRelationship.php';
}
else if($action == 'Login' && isset($_SESSION["authenticated_user_id"])){
header("Location: index.php?action=Logout&module=Users");
}
else{
$currentModuleFile = 'modules/'.$module.'/'.$action.'.php';
}
}
// If we do not have an action, but we have a module, make the index.php file the action
elseif(!empty($module))
{
$currentModuleFile = "modules/".$currentModule."/index.php";
}
// Use the system default action and module
else {
// use $sugar_config['default_module'] and $sugar_config['default_action'] as set in config.php
// Redirect to the correct module with the correct action. We need the URI to include these fields.
header("Location: index.php?action={$sugar_config['default_action']}&module={$sugar_config['default_module']}");
exit();
}
$export_module = $currentModule;
$GLOBALS['log']->info("current page is $currentModuleFile");
$GLOBALS['log']->info("current module is $currentModule ");
// for printing
$GLOBALS['request_string'] = "";
foreach ($_GET as $key => $val) {
if (is_array($val)) {
foreach ($val as $k => $v) {
$GLOBALS['request_string'] .= "{$key}[{$k}]=" . urlencode($v) . "&";
}
}
else {
$GLOBALS['request_string'] .= "{$key}=" . urlencode($val) . "&";
}
}
$GLOBALS['request_string'] .= "&print=true";
// end printing
if(!$use_current_user_login){
$current_user = new User();
if(isset($_SESSION['authenticated_user_id']))
{
$result = $current_user->retrieve($_SESSION['authenticated_user_id']);
if($result == null)
{
session_destroy();
header("Location: index.php?action=Login&module=Users");
}
$GLOBALS['log']->debug('Current user is: '.$current_user->user_name);
}
}
if(isset( $sugar_config['disc_client']) && $sugar_config['disc_client']){
//No admins for disc client
$current_user->is_admin ='off';
}
$version_query = "SELECT count(*) as the_count FROM config WHERE category='info' AND name='sugar_version'";
if( $current_user->db->dbType == "oci8" ){
$version_query .= " AND to_char(value) = '$sugar_db_version'";
}
else{
$version_query .= " AND value = '$sugar_db_version'";
}
$result = $current_user->db->query( $version_query );
$row = $current_user->db->fetchByAssoc( $result, -1, true );
$row_count = $row['the_count'];
if( $row_count == 0){
sugar_die( "Sugar CRM $sugar_version Files May Only Be Used With A Sugar CRM $sugar_db_version Database." );
}
if(isset($_SESSION['authenticated_user_theme']) && $_SESSION['authenticated_user_theme'] != '')
{
$theme = $_SESSION['authenticated_user_theme'];
}
else
{
$theme = $sugar_config['default_theme'];
}
$GLOBALS['log']->debug('Current theme is: '.$theme);
//Used for current record focus
$focus = "";
// if the language is not set yet, then set it to the default language.
if(isset($_SESSION['authenticated_user_language']) && $_SESSION['authenticated_user_language'] != '')
{
$current_language = $_SESSION['authenticated_user_language'];
}
else
{
$current_language = $sugar_config['default_language'];
}
$GLOBALS['log']->debug('current_language is: '.$current_language);
//set module and application string arrays based upon selected language
$app_strings = return_application_language($current_language);
$app_list_strings = return_app_list_strings_language($current_language);
$mod_strings = return_module_language($current_language, $currentModule);
insert_charset_header();
//TODO: Clint - this key map needs to be moved out of $app_list_strings since it never gets translated.
// best to just have an upgrade script that changes the parent_type column from Account to Accounts, etc.
$app_list_strings['record_type_module'] = array('Contact'=>'Contacts', 'Account'=>'Accounts', 'Opportunity'=>'Opportunities', 'Case'=>'Cases', 'Note'=>'Notes', 'Call'=>'Calls', 'Email'=>'Emails', 'Meeting'=>'Meetings', 'Task'=>'Tasks', 'Lead'=>'Leads','Bug'=>'Bugs',
);
if (!is_admin($current_user) && !empty($adminOnlyList[$module]) &&(!empty($adminOnlyList[$module]['all']) || !empty($adminOnlyList[$module][$action]))) sugar_die("Unauthorized access to $module:$action.");
//If DetailView, set focus to record passed in
if($action == "DetailView")
{
if(!isset($_REQUEST['record']))
die("A record number must be specified to view details.");
// If we are going to a detail form, load up the record now.
// Use the record to track the viewing.
// todo - Have a record of modules and thier primary object names.
$entity = $beanList[$currentModule];
require_once($beanFiles[$entity]);
$focus = new $entity();
$result = $focus->retrieve($_REQUEST['record']);
if($result)
{
// Only track a viewing if the record was retrieved.
$focus->track_view($current_user->id, $currentModule);
}
}
// set user, theme and language cookies so that login screen defaults to last values
if (isset($_SESSION['authenticated_user_id'])) {
$GLOBALS['log']->debug("setting cookie ck_login_id_20 to ".$_SESSION['authenticated_user_id']);
setcookie('ck_login_id_20', $_SESSION['authenticated_user_id'], time() + 86400*90);
}
if (isset($_SESSION['authenticated_user_theme'])) {
$GLOBALS['log']->debug("setting cookie ck_login_theme_20 to ".$_SESSION['authenticated_user_theme']);
setcookie('ck_login_theme_20', $_SESSION['authenticated_user_theme'], time() + 86400*90);
}
if (isset($_SESSION['authenticated_user_language'])) {
$GLOBALS['log']->debug("setting cookie ck_login_language_20 to ".$_SESSION['authenticated_user_language']);
setcookie('ck_login_language_20', $_SESSION['authenticated_user_language'], time() + 86400*90);
}
ob_start();
require_once('include/javascript/jsAlerts.php');
if (empty($_REQUEST['to_pdf']) && empty($_REQUEST['to_csv'])) {
echo '_';
echo '_';
echo '';
echo '_';
echo '_';
echo '_';
echo $timedate->get_javascript_validation();
$jsalerts = new jsAlerts();
}
//skip headers for popups, deleting, saving, importing and other actions
if(!$skipHeaders) {
$GLOBALS['log']->debug("including headers");
if (!is_file('themes/'.$theme.'/header.php')) {
$theme = $sugar_config['default_theme'];
}
if (!is_file('themes/'.$theme.'/header.php')) {
sugar_die("Invalid theme specified");
}
include('themes/'.$theme.'/header.php');
// Only print the errors for admin users.
if(is_admin($current_user))
{
if(isset($_REQUEST['show_deleted']) ){
if($_REQUEST['show_deleted']){
$_SESSION['show_deleted'] = true;
}else{
unset($_SESSION['show_deleted']);
}
}
if(!empty($dbconfig['db_host_name']) || $sugar_config['sugar_version'] != $sugar_version ){
echo '
Warning: The config.php file needs to be repaired. Please use the "Repair" link in the Admin screen to repair your config file.
Warning: Please upgrade '. $invalid['name'] .' using the upgrade in the administration panel
';
}
}
include('modules/Administration/updater_utils.php');
// TODO: resolve the re-define of 'soapclient' class problem to get automatic_version_update_check() to work (bug 1606)
automatic_version_update_check();
if (isset($_SESSION['available_version'])){
if($_SESSION['available_version'] != $sugar_version)
{
echo "
An updated version of the application is now available. ".$_SESSION['available_version']." : ".$_SESSION['available_version_description']."
";
}
}
if(isset($_SESSION['administrator_error']))
{
// Only print DB errors once otherwise they will still look broken
// after they are fixed.
echo $_SESSION['administrator_error'];
}
unset($_SESSION['administrator_error']);
}
echo "";
}
else {
$GLOBALS['log']->debug("skipping headers");
}
// added a check for security of tabs to see if a user has access to them
// this prevents passing an "unseen" tab to the query string and pulling up its contents
if(!isset($modListHeader))
{
if(isset($current_user))
{
$modListHeader = query_module_access_list($current_user);
}
}
if (array_key_exists($currentModule, $modListHeader) ||
in_array($currentModule, $modInvisList) ||
(( array_key_exists("Activities", $modListHeader) || array_key_exists("Calendar", $modListHeader))
&& in_array($currentModule, $modInvisListActivities)) ||
($currentModule == "iFrames" && isset($_REQUEST['record'])) )
{
include($currentModuleFile);
}
else
{
echo '
Warning: You do not have permission to access this module.
\n";
// End Required Image
echo "