[Vtigercrm-commits] [vtiger-commits] r5236 - /vtigercrm/trunk/modules/Leads/ConvertLead.php

vtigercrm-commits at vtiger.fosslabs.com vtigercrm-commits at vtiger.fosslabs.com
Fri Apr 21 09:46:12 EDT 2006 

Author: saraj
Date: Fri Apr 21 07:46:08 2006
New Revision: 5236

Log:
changes made to put security check for convertlead

Modified:
    vtigercrm/trunk/modules/Leads/ConvertLead.php

Modified: vtigercrm/trunk/modules/Leads/ConvertLead.php
==============================================================================
--- vtigercrm/trunk/modules/Leads/ConvertLead.php (original)
+++ vtigercrm/trunk/modules/Leads/ConvertLead.php Fri Apr 21 07:46:08 2006
@@ -12,6 +12,7 @@
 require_once('data/Tracker.php');
 require_once('include/utils/utils.php');
 require_once('include/database/PearDatabase.php');
+require_once('include/utils/UserInfoUtil.php');
 
 global $mod_strings,$app_strings,$log,$current_user,$theme;
 
@@ -24,13 +25,8 @@
 	$id = $_REQUEST['record'];
 	$log->debug(" the id is ".$id);
 }
+
 //Retreive lead details from database
-
-$userid = $row["smownerid"];
-
-$log->debug(" the userid is ".$userid);
-$crmid = $adb->getUniqueID("crmentity");
-
 $sql = "SELECT firstname, lastname, company, smownerid from leaddetails inner join crmentity on crmentity.crmid=leaddetails.leadid where leaddetails.leadid =".$id;
 $result = $adb->query($sql);
 $row = $adb->fetch_array($result);
@@ -42,8 +38,9 @@
 $company = $row["company"];
 $log->debug(" the company is  ".$company);
 $potentialname = $row["company"] ."-";
-
 $log->debug(" the potentialname is ".$potentialname);
+$userid = $row["smownerid"];
+$log->debug(" the userid is ".$userid);
 
 //Retreiving the current user id
 $modified_user_id = $current_user->id;
@@ -76,6 +73,7 @@
 	<script type="text/javascript" src="jscalendar/lang/calendar-'.$app_strings['LBL_JSCALENDAR_LANG'].'.js"></script>
 	<script type="text/javascript" src="jscalendar/calendar-setup.js"></script>
 	<script language="JavaScript" type="text/javascript" src="include/js/dtlviewajax.js"></script>
+	<script language="JavaScript" type="text/javascript" src="Lead.js"></script>
 	<form name="ConvertLead" method="POST" action="index.php">
 	<input type="hidden" name="module" value="Leads">
 	<input type="hidden" name="record" value="'.$id.'">
@@ -101,8 +99,11 @@
 		<tr>
 			<td align="right" class="dvtCellLabel">'.$mod_strings['LBL_ACCOUNT_NAME'].'</td>
 			<td class="dvtCellInfo"><input type="text" name="account_name" class="detailedViewTextBox" value="'.$company.'"></td>
-		</tr>
-		<tr>
+		</tr>';
+
+if(isPermitted("Potentials",'EditView') == 'yes')
+{
+$convertlead .='<tr>
 			<td align="right" class="dvtCellLabel">'.$mod_strings['LBL_DO_NOT_CREATE_NEW_POTENTIAL'].'</td>
 			<td class="dvtCellInfo"><input type="checkbox" name="createpotential" onClick="fnSlide2(\'ch\',\'cc\')"></td>
 		</tr>
@@ -122,6 +123,11 @@
 								<input name="closedate" id="jscal_field" type="text" tabindex="4" size="10" maxlength="10" value="'.$focus->closedate.'">
 								<img src="'.$image_path.'calendar.gif" id="jscal_trigger">
 								<font size=1><em old="(yyyy-mm-dd)">('.$current_user->date_format.')</em></font>
+								<script type="text/javascript">
+									Calendar.setup ({
+										inputField : "jscal_field", ifFormat :"'.parse_calendardate($app_strings['NTC_DATE_FORMAT']).'", showsTime : false, button :"jscal_trigger", singleClick : true, step : 1
+									});
+								</script>
 							</td>
 						</tr>
 						<tr>
@@ -135,8 +141,9 @@
 					</table>
 				</div>
 			</td>
-		</tr>
-		<tr>
+		</tr>';
+}
+$convertlead .='<tr>
 			<td colspan="2" style="border-bottom:1px dashed #CCCCCC;">&nbsp;</td>
 		</tr>
 		<tr>
@@ -149,6 +156,4 @@
 </div></form>';
 echo $convertlead;
 
-//$xtpl->assign("CALENDAR_DATEFORMAT", parse_calendardate($app_strings['NTC_DATE_FORMAT']));
-
 ?>

More information about the vtigercrm-commits mailing list