emailService = StaticGXCoreLoader::getService('Email'); $this->emailParser = MainFactory::create('EmailParser', $this->emailService); $this->attachmentsHandler = MainFactory::create('AttachmentsHandler', DIR_FS_CATALOG . 'uploads'); $this->contentView->set_template_dir(DIR_FS_ADMIN . 'templates/'); parent::proceed($httpContext); // proceed http context from parent class } /** * Displays the administration emails page. * * The administration page contains various JavaScript controllers which will make AJAX * requests to this class in order to get/store email information. Check the JavaScript * code of the page in the "admin/javascript/engine/controllers/emails" directory. * * @return AdminPageHttpControllerResponse */ public function actionDefault() { $html = $this->_render('emails.html', array( 'pageToken' => $_SESSION['coo_page_token']->generate_token() )); $JavaScriptEngineLanguages = array( 'admin_labels', 'buttons', 'db_backup', 'emails', 'lightbox_buttons', 'messages' ); return new AdminPageHttpControllerResponse('Emails', $html, null, $JavaScriptEngineLanguages); } /** * [AJAX - GET] Server-side processing of the main emails table. * * The data returned by this method will be used by the main table of the page which * will display the emails records. DataTables will automatically make an AJAX request * and display the returned data. * * @link https://datatables.net/examples/ajax/objects.html * @link http://www.datatables.net/examples/server_side/simple.html * * @return JsonHttpControllerResponse Array that contains the table data. */ public function actionDataTable() { try { // Filter Keyword $keyword = $_REQUEST['search']['value']; // Limit Records $limit = array( 'limit' => (int)$_REQUEST['length'], 'offset' => (int)$_REQUEST['start'] ); // Order Rules $order = $this->_getTableOrder($_REQUEST['order'][0]); $emails = $this->emailService->filter($keyword, $limit, $order); if($emails === null) { $emails = array(); // No records found } // Prepare Table Data $tableData = array(); $rowCount = (int)$_REQUEST['start']; foreach($emails->getArray() as $email) { $tableData[] = array( 'DT_RowData' => $this->emailParser->encodeEmail($email), 'row_count' => ++$rowCount, 'creation_date' => $email->getCreationDate()->format('d.m.Y H:i'), 'sent_date' => ($email->getSentDate() !== null) ? $email->getSentDate() ->format('d.m.Y H:i') : '-', // XSS Protection 'sender' => htmlspecialchars((string)$email->getSender()->getEmailAddress(), ENT_QUOTES), 'recipient' => htmlspecialchars((string)$email->getRecipient()->getEmailAddress(), ENT_QUOTES), 'subject' => htmlspecialchars((string)$email->getSubject(), ENT_QUOTES), 'is_pending' => $email->isPending() ); } $response = array( 'draw' => (int)$_REQUEST['draw'], 'recordsTotal' => $this->emailService->getRecordCount(), 'recordsFiltered' => $this->emailService->getRecordCount($keyword), 'data' => $tableData ); } catch(Exception $ex) { $response = AjaxException::response($ex); } return new JsonHttpControllerResponse($response); } /** * [AJAX - POST] Sends and saves the provided email collection. * * This method expects the $_POST['collection'] array to be present, containing email * records to be send. Check the "EmailParser" class to see the expected JSON * format. * * @return JsonHttpControllerResponse Returns a success response or exception information. */ public function actionSend() { try { $this->_validatePageToken(); // CSRF Protection $postCollection = $this->_getPostData('collection'); if(!$postCollection) { throw new AjaxException('Post collection was not set as an argument for "send" method.'); } $collection = $this->emailParser->parseCollection($postCollection); $this->emailService->sendCollection($collection); $response = array( 'success' => true, 'action' => 'Send', 'emails' => $postCollection ); } catch(AttachmentNotFoundException $ex) { // Translate the error for the frontend dialog message. $lang = MainFactory::create_object('LanguageTextManager', array('emails', $_SESSION['languages_id'])); $translatedException = new Exception($lang->get_text('message_attachment_could_not_be_found') . ' ' . $ex->getAttachmentPath()); $response = AjaxException::response($translatedException); } catch(Exception $ex) { $response = AjaxException::response($ex); } return new JsonHttpControllerResponse($response); } /** * [AJAX - POST] Queue email records into the database. * * The queue operation will save the email with a pending status. Queue operation will be executed * for all the email records inside the $_POST['collection'] variable. * * @return JsonHttpControllerResponse Returns a success response or exception information. */ public function actionQueue() { try { $this->_validatePageToken(); // CSRF Protection $postCollection = $this->_getPostData('collection'); if(!$postCollection) { throw new AjaxException('Post collection was not set as an argument for "queue" method.'); } $collection = $this->emailParser->parseCollection($postCollection); $this->emailService->queueCollection($collection); $response = array( 'success' => true, 'action' => 'Queue', 'emails' => $postCollection ); } catch(Exception $ex) { $response = AjaxException::response($ex); } return new JsonHttpControllerResponse($response); } /** * [AJAX - POST] Remove email records from the database. * * Will remove all the email records inside the $_POST['collection'] variable. * * @return JsonHttpControllerResponse Returns a success response or exception information. */ public function actionDelete() { try { $this->_validatePageToken(); // CSRF Protection $postCollection = $this->_getPostData('collection'); if(!$postCollection) { throw new AjaxException('Post collection was not set as an argument for "delete" method.'); } $collection = $this->emailParser->parseCollection($postCollection); $this->emailService->deleteCollection($collection); $response = array( 'success' => true, 'action' => 'Delete', 'emails' => $postCollection ); } catch(Exception $ex) { $response = AjaxException::response($ex); } return new JsonHttpControllerResponse($response); } /** * [AJAX - POST] Get email record by ID. * * This method uses the provided $_POST['email_id'] value to fetch the data of the email and * return it to the client. It is not used by the admin/emails page but might be useful in other * pages. * * @return JsonHttpControllerResponse Returns a success response or exception information. */ public function actionGet() { try { $this->_validatePageToken(); // CSRF Protection $postEmailId = $this->_getPostData('email_id'); if(!isset($postEmailId)) { throw new AjaxException('Email ID was not set as an argument for "get" method.'); } $email = $this->emailService->getById(MainFactory::create('Id', $postEmailId)); $response = $this->emailParser->encodeEmail($email); } catch(Exception $ex) { $response = AjaxException::response($ex); } return new JsonHttpControllerResponse($response); } /** * [AJAX - POST] Upload new attachment file to server. * * The $_FILES array contains information about the file that was uploaded. When an email * file is uploaded it is stored in the "uploads/tmp" directory until the email is created * and then is is moved to its own directory. The reason for this algorithm is that we do * not want email attachments to be in one place altogether. * * @return JsonHttpControllerResponse Returns a success response or exception information. */ public function actionUploadAttachment() { try { $this->_validatePageToken(); // CSRF Protection if(!isset($_FILES) || empty($_FILES)) { throw new AjaxException('No files where provided for upload.'); } // Get the first item of $_FILES array. $file = array_shift($_FILES); $tmpAttachmentPath = MainFactory::create('AttachmentPath', $file['tmp_name']); $tmpAttachmentName = MainFactory::create('AttachmentName', $file['name']); $tmpEmailAttachment = MainFactory::create('EmailAttachment', $tmpAttachmentPath, $tmpAttachmentName); $newEmailAttachment = $this->attachmentsHandler->uploadAttachment($tmpEmailAttachment); // Return success response to client. $response = array( 'success' => true, 'action' => 'UploadAttachment', 'path' => (string)$newEmailAttachment->getPath() ); } catch(Exception $ex) { $response = AjaxException::response($ex); } return new JsonHttpControllerResponse($response); } public function actionDownloadAttachment() { // Check provided argument. if(!isset($_GET['path']) || empty($_GET['path'])) { throw new InvalidArgumentException('$_GET["path"] argument was not provided.'); } // Validate argument, the user is only able to download files from the uploads // directory. Otherwise there would be a security issue. $path = realpath($_GET['path']); $validateAttachmentsDir = basename(dirname(dirname(dirname($path)))); $validateTmpDir = basename(dirname(dirname($path))); if(file_exists($path) && is_file($path) && ($validateAttachmentsDir == 'uploads' || $validateTmpDir == 'uploads') ) { $finfo = new finfo(FILEINFO_MIME_TYPE); $basename = basename($path); $filename = (strpos($basename, 'email_id') !== false) ? substr($basename, strpos($basename, '-') + 1) : $basename; header('Cache-Control: public'); header('Content-Description: File Transfer'); header('Content-Disposition: attachment; filename="' . $filename . '"'); header('Content-Type: ' . $finfo->file($path)); header('Content-Transfer-Encoding: binary'); header('Connection: Keep-Alive'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($path)); readfile($path); return new HttpControllerResponse(''); } else { $langEmails = MainFactory::create_object('LanguageTextManager', array('emails', $_SESSION['languages_id'])); $langMessages = MainFactory::create_object('LanguageTextManager', array('messages', $_SESSION['languages_id'])); $html = '

' . $langEmails->get_text('message_download_attachment_error') . '

' . $_GET['path'] . '
'; return new AdminPageHttpControllerResponse($langMessages->get_text('error'), $html); } } /** * [AJAX - POST] Remove existing "tmp" attachment from the server. * * This method requires an array present in the $postDataArray that contain the paths * to the server "tmp" attachments to be removed. It will not remove attachments that reside * in other directories because they might be used by other email records (e.g. forward existing * email with attachments -> user might remove attachment that is used by the original email * record causing problems to the system). * * @return JsonHttpControllerResponse Returns a success response or exception information. */ public function actionDeleteAttachment() { try { $this->_validatePageToken(); // CSRF Protection $postAttachments = $this->_getPostData('attachments'); if(!isset($postAttachments)) { throw new AjaxException('No attachments where provided for removal.'); } foreach($postAttachments as $path) { if(basename(dirname($path)) === 'tmp') { $attachmentPath = MainFactory::create('AttachmentPath', $path); $emailAttachment = MainFactory::create('EmailAttachment', $attachmentPath); $this->attachmentsHandler->deleteAttachment($emailAttachment); } } $response = array( 'success' => true, 'action' => 'DeleteAttachment', 'attachments' => $postAttachments ); } catch(Exception $ex) { $response = AjaxException::response($ex); } return new JsonHttpControllerResponse($response); } /** * [AJAX - POST] Delete old attachment files from emails. * * This method will filter the emails and remove their attachments on the provided date * and before. This is necessary because the admin user needs a way to clean the old unnecessary * files from the server and free some extra space. As an extra action this method will empty the * "uploads/tmp" directory. * * @return JsonHttpControllerResponse Returns a success response or exception information. */ public function actionDeleteOldAttachments() { try { $this->_validatePageToken(); // CSRF Protection if($this->_getPostData('removalDate') === null) { throw new Exception('Removal date was not provided with the request.'); } // Add one day to the selected removal date so that it will include all the attachments // which have a creation time newer than 00:00:00 AM. $removalDate = new DateTime(); $removalDate->setTimestamp(strtotime('+1 day', strtotime($this->_getPostData('removalDate')))); // Remove old attachments. $removalInfo = $this->attachmentsHandler->deleteOldAttachments($removalDate); // Remove tmp files (if any). $this->attachmentsHandler->emptyTempDirectory(); $response = array( 'success' => true, 'action' => 'DeleteOldAttachments', 'count' => $removalInfo['count'], 'size' => array( 'bytes' => $removalInfo['size'], 'megabytes' => round($removalInfo['size'] / 1024 / 1024, 2) // convert in megabytes ) ); } catch(Exception $ex) { $response = AjaxException::response($ex); } return new JsonHttpControllerResponse($response); } /** * [AJAX] Get attachments size in MB * * @return JsonHttpControllerResponse */ public function actionGetAttachmentsSize() { try { $attachmentsSize = $this->attachmentsHandler->getAttachmentsSize(); // in bytes $response = array( 'success' => true, 'action' => 'GetAttachmentsSize', 'size' => array( 'bytes' => $attachmentsSize, 'megabytes' => round($attachmentsSize / 1024 / 1024, 2) // convert to megabytes ) ); } catch(Exception $ex) { $response = AjaxException::response($ex); } return new JsonHttpControllerResponse($response); } /** * [AJAX - GET] Get shops email settings and configure the client accordingly. * * @return JsonHttpControllerResponse */ public function actionGetEmailSettings() { try { $response = array( 'signature' => (EMAIL_SIGNATURE !== '') ? EMAIL_SIGNATURE : null, 'useHtml' => (EMAIL_USE_HTML == 'true'), 'replyAddress' => (CONTACT_US_REPLY_ADDRESS !== '') ? CONTACT_US_REPLY_ADDRESS : null, 'replyName' => (CONTACT_US_REPLY_ADDRESS !== '') ? CONTACT_US_REPLY_ADDRESS_NAME : null ); } catch(Exception $ex) { $response = AjaxException::response($ex); } return new JsonHttpControllerResponse($response); } /** * Get the table order clause in string. * * Since the EmailsController handles the page main table it needs to take care of many operations such * as filtering, limiting and ordering. This method will return the correct order string for each table, * but needs to be updated if there is a change in the column order. * * @param array $rule Contains the DataTables order data. * * @return string Returns the order by value to be used by the CI query builder. * * @link http://www.datatables.net/manual/server-side */ protected function _getTableOrder($rule) { switch($rule['column']) { case 0: case 1: case 8: // Empty $order = array(); break; case 2: // Creation Date $order = array( 'emails.creation_date' => $rule['dir'] ); break; case 3: // Sent Date $order = array( 'emails.sent_date' => $rule['dir'] ); break; case 4: // Sender $order = array( 'email_contacts.email_address' => $rule['dir'], 'email_contacts.contact_type' => 'desc' ); break; case 5: // Recipient $order = array( 'email_contacts.email_address' => $rule['dir'], 'email_contacts.contact_type' => 'asc' ); break; case 6: // Subject $order = array( 'emails.subject' => $rule['dir'], ); break; case 7: // Status $order = array( 'emails.is_pending' => $rule['dir'] ); break; default: throw new UnexpectedValueException('Provided column index is not present in the table.'); } return $order; } }