hcuSecureMail.data

<?php
/*
 * File: hcuSecureMail.data
 * Purpose: Handle the CRUD portion of the Secure Messaging feature.  Return any requested data
 *            in a JSON format, for the client to display accordingly.
 *
 * Call this script with the following parameters
 *  action - what the client side is requesting.
 *
 *
 * Returns JSON OBJECT.
 */
try {
  header('Content-Type: application/json');

  // ** SET HOMECU FLAGS
  $serviceShowInfo = false;
  $serviceLoadMenu = false;
  $serviceShowMenu = false;
  $serviceAllowReadonly = true;

  // ** INCLUDE MAIN GLOBAL SCRIPT -- Handles security / global variable values
  // hcuService will be returning a status object: e.g. ["homecuErrors":{[{"message":"message1"}...{"message":"messageN"}}]
  require_once(dirname(__FILE__) . '/../library/hcuService.i');
  require_once(dirname(__FILE__) . '/../library/msgECO.i');

  $string= array("filter" => FILTER_DEFAULT);

  // ** IMPORT FORM VALUES
  $dms_ok=array( "action"=>$string, "show"=>$string, "what"=>$string, "order"=>$string, "parentid"=>$string, "subject"=>$string,  "message"=>$string);

  HCU_ImportVars($HB_ENV, "HCUPOST", $dms_ok);

  $Cu = $HB_ENV["Cu"];
  $Cn = $HB_ENV["Cn"];
  $Uid = $HB_ENV["Uid"];

  //get the database connection
  // $dbh is set up
  // ** First check the refer script -- make sure coming from right place
  $parseRefer = parse_url($_SERVER['HTTP_REFERER']);
  $referScript = basename($parseRefer['path']);
  if (!in_array($referScript, array('hcuSecureMail.prg'))) {
    // ** Wrong script calling this data routine
    $aryErrors[] = $MC->msg('Feature Unavailable', HCU_DISPLAY_AS_RAW);
    throw new Exception (HCU_JsonEncode($aryErrors));
  }

  /*
   * ** CHECK USER FEATURE PERMISSIONS **
   * NOTE: DO NOT AUTO-REDIR.  Handle perm error here
   */
  if (!PermCheckFeatureScreen($dbh, $HB_ENV, $MC, FEATURE_SECURE_MSG, '', false)) {
        throw new Exception (HCU_JsonEncode(Array($MC->msg('Rights not set', HCU_DISPLAY_AS_HTML))));
    }


    if (!$dbh) {
        // The connection was not made to the database
        // unresolved: return an error??
    }

  // initialize the error and result objects
  $aryResult = array();
  $aryErrors =  array();
  $aryInfo = array();
  $aryReply = array();

  // do the requested operation
  switch ( $HB_ENV["HCUPOST"]["action"] ) {
    case "read_messages":
      $aryReply = msgReadMessages($HB_ENV["dbh"], $HB_ENV);
      santitizeSubject($aryReply);
      break;
    case "read_thread":
      $aryReply = msgReadMessageThread($HB_ENV["dbh"], $HB_ENV);
      santitizeBody($aryReply);
      break;
    case "send_message":
      $aryReply = msgSendMessage($HB_ENV["dbh"], $HB_ENV, $HB_ENV["MC"]);
      santitizeSubject($aryReply);
      break;
    case "delete_message":
      $aryReply = msgDeleteMessageThread($HB_ENV["dbh"], $HB_ENV);
      santitizeSubject($aryReply);
      break;
    default:
      $aryErrors[] = array( "message" => "Unexpected action: {$HB_ENV["HCUPOST"]["action"]}" );
      throw new Exception (HCU_JsonEncode($aryErrors));
  }
}
catch(Exception $ex)
{
  //Return error message
    $aryReply["homecuErrors"] = HCU_JsonDecode( $ex->getMessage() );
}

print HCU_JsonEncode($aryReply);

function santitizeSubject(&$aryReply)
{
    // nl2br here so that it isn't picked up by the apps.
    for($i= 0, $count= count($aryReply["homecuData"]); $i != $count; $i++)
    {
      $subject= $aryReply["homecuData"][$i]["subject"];
      $aryReply["homecuData"][$i]["subject"]= nl2br(htmlentities($subject, ENT_QUOTES, "UTF-8", false));
    }
}

function santitizeBody(&$aryReply)
{
    // nl2br here so that it isn't picked up by the apps.
    for($i= 0, $count= count($aryReply["homecuData"]); $i != $count; $i++)
    {
      $message= $aryReply["homecuData"][$i]["message"];
      $aryReply["homecuData"][$i]["message"]= nl2br(htmlentities($message, ENT_QUOTES, "UTF-8", false));
    }
}