* This class contains all contact related functions that are called using AJAX (jQuery)
*/
class CRM_Contact_Page_AJAX {
+ /**
+ * When a user chooses a username, CHECK_USERNAME_TTL
+ * is the time window in which they can check usernames
+ * (without reloading the overall form).
+ */
+ const CHECK_USERNAME_TTL = 10800; // 3hr; 3*60*60
+
+ const AUTOCOMPLETE_TTL = 21600; // 6hr; 6*60*60
+
/**
* @deprecated
*/
}
/**
- * Function to fetch PCP ID by PCP Supporter sort_name, also displays PCP title and associated Contribution Page title
+ * Fetch PCP ID by PCP Supporter sort_name, also displays PCP title and associated Contribution Page title
*/
static function getPCPList() {
$name = CRM_Utils_Array::value('s', $_GET);
}
/**
- * Function to fetch the custom field help
+ * Fetch the custom field help
*/
static function customField() {
$fieldId = CRM_Utils_Type::escape($_REQUEST['id'], 'Integer');
}
/**
- * Function to delete custom value
+ * Delete custom value
*
*/
static function deleteCustomValue() {
}
/**
- * Function to perform enable / disable actions on record.
+ * Perform enable / disable actions on record.
*
*/
static function enableDisable() {
}
/**
- *Function to check the CMS username
+ * check the CMS username
*
*/
static public function checkUserName() {
+ $signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), array('for', 'ts'));
+ if (
+ CRM_Utils_Time::getTimeRaw() > $_REQUEST['ts'] + self::CHECK_USERNAME_TTL
+ || $_REQUEST['for'] != 'civicrm/ajax/cmsuser'
+ || !$signer->validate($_REQUEST['sig'], $_REQUEST)
+ ) {
+ $user = array('name' => 'error');
+ echo json_encode($user);
+ CRM_Utils_System::civiExit();
+ }
+
$config = CRM_Core_Config::singleton();
$username = trim($_REQUEST['cms_name']);
static function getContactEmail() {
if (!empty($_REQUEST['contact_id'])) {
$contactID = CRM_Utils_Type::escape($_REQUEST['contact_id'], 'Positive');
+ if (!CRM_Contact_BAO_Contact_Permission::allow($contactID, CRM_Core_Permission::EDIT)) {
+ return;
+ }
list($displayName,
$userEmail
) = CRM_Contact_BAO_Contact_Location::getEmailDetails($contactID);
}
}
else {
- $cid = CRM_Utils_Array::value('cid', $_GET);
- if ($cid) {
+ $cid = CRM_Utils_Array::value('cid', $_GET);
+ if ($cid) {
//check cid for interger
$contIDS = explode(',', $cid);
foreach ($contIDS as $contID) {
CRM_Utils_Type::escape($contID, 'Integer');
}
$queryString = " cc.id IN ( $cid )";
- }
+ }
}
if ($queryString) {
$queryString = " ( cc.sort_name LIKE '%$name%' OR cp.phone LIKE '%$name%' ) ";
}
else {
- $cid = CRM_Utils_Array::value('cid', $_GET);
- if ($cid) {
+ $cid = CRM_Utils_Array::value('cid', $_GET);
+ if ($cid) {
//check cid for interger
$contIDS = explode(',', $cid);
foreach ($contIDS as $contID) {
}
/**
- * Function to retrieve signature based on email id
+ * Retrieve signature based on email id
*/
static function getSignature() {
$emailID = CRM_Utils_Type::escape($_REQUEST['emailID'], 'Positive');
}
/**
- * Function to process dupes.
+ * Process dupes.
*
*/
static function processDupes() {
}
/**
- * Function to retrieve a PDF Page Format for the PDF Letter form
+ * Retrieve a PDF Page Format for the PDF Letter form
*/
function pdfFormat() {
$formatId = CRM_Utils_Type::escape($_REQUEST['formatId'], 'Integer');
}
/**
- * Function to retrieve Paper Size dimensions
+ * Retrieve Paper Size dimensions
*/
static function paperSize() {
$paperSizeName = CRM_Utils_Type::escape($_REQUEST['paperSizeName'], 'String');
}
/**
- * @param $name
+ * @param string $name
*
* @return string
*/
}
/**
- * Function to retrieve contact relationships
+ * Retrieve contact relationships
*/
public static function getContactRelationships() {
$contactID = CRM_Utils_Type::escape($_GET['cid'], 'Integer');