json_server.php

   1 <?php if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
   2 /*********************************************************************************
   3  * SugarCRM Community Edition is a customer relationship management program developed by
   4  * SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.
   5  *
   6  * This program is free software; you can redistribute it and/or modify it under
   7  * the terms of the GNU Affero General Public License version 3 as published by the
   8  * Free Software Foundation with the addition of the following permission added
   9  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
  10  * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
  11  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
  12  *
  13  * This program is distributed in the hope that it will be useful, but WITHOUT
  14  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  15  * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
  16  * details.
  17  *
  18  * You should have received a copy of the GNU Affero General Public License along with
  19  * this program; if not, see http://www.gnu.org/licenses or write to the Free
  20  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  21  * 02110-1301 USA.
  22  *
  23  * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
  24  * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
  25  *
  26  * The interactive user interfaces in modified source and object code versions
  27  * of this program must display Appropriate Legal Notices, as required under
  28  * Section 5 of the GNU Affero General Public License version 3.
  29  *
  30  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
  31  * these Appropriate Legal Notices must retain the display of the "Powered by
  32  * SugarCRM" logo. If the display of the logo is not reasonably feasible for
  33  * technical reasons, the Appropriate Legal Notices must display the words
  34  * "Powered by SugarCRM".
  35  ********************************************************************************/
  36
  37
  38 require_once('soap/SoapHelperFunctions.php');
  39 $GLOBALS['log']->debug("JSON_SERVER:");
  40 $global_registry_var_name = 'GLOBAL_REGISTRY';
  41
  42 ///////////////////////////////////////////////////////////////////////////////
  43 ////    SUPPORTED METHODS
  44 /*
  45  * ADD NEW METHODS TO THIS ARRAY:
  46  * then create a function called "function json_$method($request_id, &$params)"
  47  * where $method is the method name
  48  */
  49 $SUPPORTED_METHODS = array(
  50         'retrieve',
  51         'query',
  52 );
  53
  54 /**
  55  * Generic retrieve for getting data from a sugarbean
  56  */
  57 function json_retrieve($request_id, $params) {
  58         global $current_user;
  59         global $beanFiles,$beanList;
  60     $json = getJSONobj();
  61
  62         $record = $params[0]['record'];
  63
  64         require_once($beanFiles[$beanList[$params[0]['module']]]);
  65         $focus = new $beanList[$params[0]['module']];
  66         $focus->retrieve($record);
  67
  68         // to get a simplified version of the sugarbean
  69         $module_arr = populateBean($focus);
  70
  71         $response = array();
  72         $response['id'] = $request_id;
  73         $response['result'] = array("status"=>"success","record"=>$module_arr);
  74         $json_response = $json->encode($response, true);
  75         print $json_response;
  76 }
  77
  78 function json_query($request_id, $params) {
  79         global $response, $sugar_config;
  80         global $beanFiles, $beanList;
  81         $json = getJSONobj();
  82
  83         if($sugar_config['list_max_entries_per_page'] < 31)     // override query limits
  84                 $sugar_config['list_max_entries_per_page'] = 31;
  85
  86         $args = $params[0];
  87
  88         //decode condition parameter values..
  89         if(is_array($args['conditions'])) {
  90                 foreach($args['conditions'] as $key=>$condition)        {
  91                         if(!empty($condition['value'])) {
  92                                 $where = $json->decode(utf8_encode($condition['value']));
  93                                 // cn: bug 12693 - API change due to CSRF security changes.
  94                                 $where = empty($where) ? $condition['value'] : $where;
  95                                 $args['conditions'][$key]['value'] = $where;
  96                         }
  97                 }
  98         }
  99
 100         $list_return = array();
 101
 102         if(! empty($args['module'])) {
 103                 $args['modules'] = array($args['module']);
 104         }
 105
 106         foreach($args['modules'] as $module) {
 107                 require_once($beanFiles[$beanList[$module]]);
 108                 $focus = new $beanList[$module];
 109
 110                 $query_orderby = '';
 111                 if(!empty($args['order'])) {
 112                         $query_orderby = preg_replace('/[^\w_.-]+/i', '', $args['order']['by']);
 113                         if(!empty($args['order']['desc'])) {
 114                             $query_orderby .= " DESC";
 115                         } else {
 116                             $query_orderby .= " ASC";
 117                         }
 118                 }
 119
 120                 $query_limit = '';
 121                 if(!empty($args['limit'])) {
 122                         $query_limit = (int)$args['limit'];
 123                 }
 124                 $query_where = construct_where($args, $focus->table_name,$module);
 125                 $list_arr = array();
 126                 if($focus->ACLAccess('ListView', true)) {
 127                         $focus->ungreedy_count=false;
 128                         $curlist = $focus->get_list($query_orderby, $query_where, 0, $query_limit, -1, 0);
 129                         $list_return = array_merge($list_return,$curlist['list']);
 130                 }
 131         }
 132
 133         $app_list_strings = null;
 134
 135         for($i = 0;$i < count($list_return);$i++) {
 136                 if(isset($list_return[$i]->emailAddress) && is_object($list_return[$i]->emailAddress)) {
 137                         $list_return[$i]->emailAddress->handleLegacyRetrieve($list_return[$i]);
 138                 }
 139
 140                 $list_arr[$i]= array();
 141                 $list_arr[$i]['fields']= array();
 142                 $list_arr[$i]['module']= $list_return[$i]->object_name;
 143
 144                 foreach($args['field_list'] as $field) {
 145                     if(!empty($list_return[$i]->field_name_map[$field]['sensitive'])) {
 146                         continue;
 147                     }
 148                         // handle enums
 149                         if(     (isset($list_return[$i]->field_name_map[$field]['type']) && $list_return[$i]->field_name_map[$field]['type'] == 'enum') ||
 150                                 (isset($list_return[$i]->field_name_map[$field]['custom_type']) && $list_return[$i]->field_name_map[$field]['custom_type'] == 'enum')) {
 151
 152                                 // get fields to match enum vals
 153                                 if(empty($app_list_strings)) {
 154                                         if(isset($_SESSION['authenticated_user_language']) && $_SESSION['authenticated_user_language'] != '') $current_language = $_SESSION['authenticated_user_language'];
 155                                         else $current_language = $sugar_config['default_language'];
 156                                         $app_list_strings = return_app_list_strings_language($current_language);
 157                                 }
 158
 159                                 // match enum vals to text vals in language pack for return
 160                                 if(!empty($app_list_strings[$list_return[$i]->field_name_map[$field]['options']])) {
 161                                         $list_return[$i]->$field = $app_list_strings[$list_return[$i]->field_name_map[$field]['options']][$list_return[$i]->$field];
 162                                 }
 163                         }
 164
 165                         $list_arr[$i]['fields'][$field] = $list_return[$i]->$field;
 166                 }
 167         }
 168
 169
 170         $response['id'] = $request_id;
 171         $response['result'] = array("list"=>$list_arr);
 172     $json_response = $json->encode($response, true);
 173         echo $json_response;
 174 }
 175
 176 ////    END SUPPORTED METHODS
 177 ///////////////////////////////////////////////////////////////////////////////
 178
 179 // ONLY USED FOR MEETINGS
 180 // HAS MEETING SPECIFIC CODE:
 181 function populateBean(&$focus) {
 182         $all_fields = $focus->column_fields;
 183         // MEETING SPECIFIC
 184         $all_fields = array_merge($all_fields,array('required','accept_status','name')); // need name field for contacts and users
 185         //$all_fields = array_merge($focus->column_fields,$focus->additional_column_fields);
 186
 187         $module_arr = array();
 188
 189         $module_arr['module'] = $focus->object_name;
 190
 191         $module_arr['fields'] = array();
 192
 193         foreach($all_fields as $field)
 194         {
 195                 if(isset($focus->$field) && !is_object($focus->$field))
 196                 {
 197                         $focus->$field =        from_html($focus->$field);
 198                         $focus->$field =        preg_replace("/\r\n/","<BR>",$focus->$field);
 199                         $focus->$field =        preg_replace("/\n/","<BR>",$focus->$field);
 200                         $module_arr['fields'][$field] = $focus->$field;
 201                 }
 202         }
 203         $GLOBALS['log']->debug("JSON_SERVER:populate bean:");
 204         return $module_arr;
 205 }
 206
 207 ///////////////////////////////////////////////////////////////////////////////
 208 ////    UTILS
 209 function authenticate() {
 210         global $sugar_config;
 211
 212         $user_unique_key =(isset($_SESSION['unique_key'])) ? $_SESSION['unique_key'] : "";
 213         $server_unique_key =(isset($sugar_config['unique_key'])) ? $sugar_config['unique_key'] : "";
 214
 215         if($user_unique_key != $server_unique_key) {
 216                 $GLOBALS['log']->debug("JSON_SERVER: user_unique_key:".$user_unique_key."!=".$server_unique_key);
 217                 session_destroy();
 218                 return null;
 219         }
 220
 221         if(!isset($_SESSION['authenticated_user_id'])) {
 222                 $GLOBALS['log']->debug("JSON_SERVER: authenticated_user_id NOT SET. DESTROY");
 223                 session_destroy();
 224                 return null;
 225         }
 226
 227         $current_user = new User();
 228
 229         $result = $current_user->retrieve($_SESSION['authenticated_user_id']);
 230         $GLOBALS['log']->debug("JSON_SERVER: retrieved user from SESSION");
 231
 232
 233         if($result == null) {
 234                 $GLOBALS['log']->debug("JSON_SERVER: could get a user from SESSION. DESTROY");
 235                 session_destroy();
 236                 return null;
 237         }
 238
 239         return $result;
 240 }
 241
 242 function construct_where(&$query_obj, $table='',$module=null)
 243 {
 244         if(! empty($table)) {
 245                 $table .= ".";
 246         }
 247         $cond_arr = array();
 248
 249         if(! is_array($query_obj['conditions'])) {
 250                 $query_obj['conditions'] = array();
 251         }
 252
 253         foreach($query_obj['conditions'] as $condition) {
 254         if($condition['name'] == 'user_hash') {
 255             continue;
 256         }
 257                 if ($condition['name']=='email1' or $condition['name']=='email2') {
 258
 259                         $email1_value=strtoupper($condition['value']);
 260                         $email1_condition = " {$table}id in ( SELECT  er.bean_id AS id FROM email_addr_bean_rel er, " .
 261                          "email_addresses ea WHERE ea.id = er.email_address_id " .
 262                          "AND ea.deleted = 0 AND er.deleted = 0 AND er.bean_module = '{$module}' AND email_address_caps LIKE '%{$email1_value}%' )";
 263
 264                  array_push($cond_arr,$email1_condition);
 265                 }
 266                 else {
 267                         if($condition['op'] == 'contains') {
 268                                 $cond_arr[] = $table.$GLOBALS['db']->getValidDBName($condition['name'])." like '%".$GLOBALS['db']->quote($condition['value'])."%'";
 269                         }
 270                         if($condition['op'] == 'like_custom') {
 271                                 $like = '';
 272                                 if(!empty($condition['begin'])) $like .= $GLOBALS['db']->quote($condition['begin']);
 273                                 $like .= $GLOBALS['db']->quote($condition['value']);
 274                                 if(!empty($condition['end'])) $like .= $GLOBALS['db']->quote($condition['end']);
 275                                 $cond_arr[] = $table.$GLOBALS['db']->getValidDBName($condition['name'])." like '$like'";
 276                         } else { // starts_with
 277                                 $cond_arr[] = $table.$GLOBALS['db']->getValidDBName($condition['name'])." like '".$GLOBALS['db']->quote($condition['value'])."%'";
 278                         }
 279                 }
 280         }
 281
 282         if($table == 'users.') {
 283                 $cond_arr[] = $table."status='Active'";
 284         }
 285         $group = strtolower(trim($query_obj['group']));
 286         if($group != "and" && $group != "or") {
 287             $group = "and";
 288         }
 289
 290         return implode(" $group ",$cond_arr);
 291 }
 292
 293 ////    END UTILS
 294 ///////////////////////////////////////////////////////////////////////////////
 295
 296
 297 ///////////////////////////////////////////////////////////////////////////////
 298 ////    JSON SERVER HANDLER LOGIC
 299 //ignore notices
 300 error_reporting(E_ALL & ~E_NOTICE & ~E_STRICT);
 301 ob_start();
 302 insert_charset_header();
 303 global $sugar_config;
 304 if(!empty($sugar_config['session_dir'])) {
 305         session_save_path($sugar_config['session_dir']);
 306         $GLOBALS['log']->debug("JSON_SERVER:session_save_path:".$sugar_config['session_dir']);
 307 }
 308
 309 session_start();
 310 $GLOBALS['log']->debug("JSON_SERVER:session started");
 311
 312 $current_language = 'en_us'; // defaulting - will be set by user, then sys prefs
 313
 314 // create json parser
 315 $json = getJSONobj();
 316
 317 // if the language is not set yet, then set it to the default language.
 318 if(isset($_SESSION['authenticated_user_language']) && $_SESSION['authenticated_user_language'] != '') {
 319         $current_language = $_SESSION['authenticated_user_language'];
 320 } else {
 321         $current_language = $sugar_config['default_language'];
 322 }
 323
 324 $locale = new Localization();
 325
 326 $GLOBALS['log']->debug("JSON_SERVER: current_language:".$current_language);
 327
 328 // if this is a get, than this is spitting out static javascript as if it was a file
 329 // wp: DO NOT USE THIS. Include the javascript inline using include/json_config.php
 330 // using <script src=json_server.php></script> does not cache properly on some browsers
 331 // resulting in 2 or more server hits per page load. Very bad for SSL.
 332 if(strtolower($_SERVER['REQUEST_METHOD'])== 'get') {
 333         echo "alert('DEPRECATED API\nPlease report as a bug.');";
 334 } else {
 335         // else act as a JSON-RPC server for SugarCRM
 336         // create result array
 337         $response = array();
 338         $response['result'] = null;
 339         $response['id'] = "-1";
 340
 341         // authenticate user
 342         $current_user = authenticate();
 343
 344         if(empty($current_user)) {
 345                 $response['error'] = array("error_msg"=>"not logged in");
 346                 print $json->encode($response, true);
 347                 print "not logged in";
 348         }
 349
 350         // extract request
 351         if(isset($GLOBALS['HTTP_RAW_POST_DATA']))
 352                 $request = $json->decode($GLOBALS['HTTP_RAW_POST_DATA'], true);
 353         else
 354                 $request = $json->decode(file_get_contents("php://input"), true);
 355
 356
 357         if(!is_array($request)) {
 358                 $response['error'] = array("error_msg"=>"malformed request");
 359                 print $json->encode($response, true);
 360         }
 361
 362         // make sure required RPC fields are set
 363         if(empty($request['method']) || empty($request['id'])) {
 364                 $response['error'] = array("error_msg"=>"missing parameters");
 365                 print $json->encode($response, true);
 366         }
 367
 368         $response['id'] = $request['id'];
 369
 370         if(in_array($request['method'], $SUPPORTED_METHODS)) {
 371                 call_user_func('json_'.$request['method'],$request['id'],$request['params']);
 372         } else {
 373                 $response['error'] = array("error_msg"=>"method:".$request["method"]." not supported");
 374                 print $json->encode($response, true);
 375         }
 376 }
 377
 378 ob_end_flush();
 379 sugar_cleanup();
 380 exit();