Hi,
I have a requirement, where I want to create a document. I have included phpword library for the same. But I can not use ‘file_exists’ method as it is blacklisted.
I have tried exempting this function from config_override.php but that did not work.
Is there any alternative to the same?
The file_exists function is not blacklisted in SuiteCRM as it is used in several parts of the package.
Can you be more precise and specific on what you are trying to do, also sharing some code where it fails.
Possibly you should check your logs (on the moment the piece of coe fails) and report any fatal or important error.
What is your SuiteCRM version?
PHP?
MySQL?
Webserver?
Operating System?
Have you set permissions correctly? Maybe file_exists is not able to access certain files or folders because it simply isn’t authorised by the operating system to do so!
Hi,
Thanks for the reply.
I thought because it is blacklisted in Sugarcrm, it is blacklisted here too. Please find the below details about system details, objective and approach.
System Details:
What is your SuiteCRM version?
v.7.10.9
PHP?
v7.2
MySQL?
mysqli v5.0.12
Webserver?
Apache
Primary Objective:
On click of a button “send letter”, it should create a word file by fetching some field’s data, and send an email to the recipient with that word file as attachment.
Approach I am working on:
I have created a button, on click of that button, one controller file (controller.php) gets called which creates a word document by fetching values from some fields and gets saved in a folder. Then, a function in file “phpWord.php” fetches that file and sends an email.
Code Snippet of controller.php:
public function action_releaseLetter(){
$employee = new nhrem_nhr_employee();
$employee->retrieve($_REQUEST['id']);
$db= DbManagerFactory::getInstance();
$q = "SELECT accounts_nhrem_nhr_employee_1accounts_ida FROM accounts_nhrem_nhr_employee_1_c where accounts_nhrem_nhr_employee_1_c.accounts_nhrem_nhr_employee_1nhrem_nhr_employee_idb = '".$_REQUEST['id']."' " ;
$res = $db->query($q);
$row = $db->fetchByAssoc($res);
$account = new Account();
$account->retrieve($row['accounts_nhrem_nhr_employee_1accounts_ida']);
$sqlEmail="SELECT `email_addresses`.`email_address` AS `email_address` FROM `email_addresses`, `email_addr_bean_rel` WHERE `email_addr_bean_rel`.`bean_id`='".$_REQUEST['id']."' AND `email_addr_bean_rel`.`bean_module`='nhrem_nhr_employee' AND `email_addr_bean_rel`.`email_address_id`=`email_addresses`.`id` AND `email_addr_bean_rel`.deleted = 0 ";
$resultEmail=$db->query($sqlEmail) ;
$rowEmail = $db->fetchByAssoc($resultEmail);
echo "em: ".$rowEmail['email_address'];
$fullname = ucwords($employee->name_as_identity);
$current_date = date('Y-m-d');
$company = $this->modifyCompanyName($account->name).", ".$employee->dpro_work_location ;
echo "full_name: ".$fullname."<br/>";
echo "Company: ".$company."<br/>";
$included_files = get_included_files();
if($employee->date_of_leaving != ''){
$lwd = $employee->date_of_leaving;
}else{
$lwd = $current_date;
}
$date1 = date_create($employee->expected_of_joining);
$date2 = date_create($lwd);
$interval = date_diff($date1,$date2);
$date_diff = $interval->format("%a");
echo "<br/>".$date_diff."<br/>";
echo "type: ".$employee->employee_type ;
$PHPWord = new PHPWord();
$document;
if($date_diff < 180){
if($employee->employee_type == 'billable'){
$document = $PHPWord->loadTemplate("Service_Certificate-External-SCE-v17.1-220217.docx");
}else{
$document = $PHPWord->loadTemplate("Service_Certificate-Internal-SCI-v17.1-220217.docx");
}
}else{
$document = $PHPWord->loadTemplate(‘Resignation_Acceptance_with_Service_Cert-RAEC-v17.1-220217.docx’);
}
$doc = PHPWord_Template();
$doc->setValue(‘fullname’, $fullname);
$document->setValue(‘pan’, $employee->identity_no);
$document->setValue(‘doj’, date(‘dS F, Y’,strtotime($employee->expected_of_joining)));
$document->setValue(‘lwd’, date(‘dS F, Y’,strtotime($lwd)));
if($employee->employee_type == ‘billable’){
$document->setValue(‘company’, $company);
}
$document->setValue(‘designation’, $employee->dpro_designation_offered);
$document->setValue(‘date_of_issue’, date(‘dS F, Y’,strtotime($current_date)));
$document->setValue(‘email’, $employee->email1);
$doc_name = ‘Service_Certificate_’.$fullname;
$document->save(‘downloadDoc/’.$doc_name.’.docx’);
$filename = $doc_name.’.docx’;
$file_ext = ‘.doc’;
$file_mime_type = ‘application/msword’;
$qId = “select UUID() as uid”;
$resId = $db->query($qId);
$rowId = $db->fetchByAssoc($resId);
$uid = $rowId[‘uid’];
$date_entered = date(‘Y-m-d:hh mm ss’);
//Move document to a different directory
//rename(‘downloadDoc/’.$filename,‘cache/upload/’.$uid);
exit;
Code from phpWord.php:
public function loadTemplate($strFilename) {
echo file_exists("Service_Certificate-External-SCE-v17.1-220217.docx");
if(file_exists($strFilename)) {
$template = new PHPWord_Template($strFilename);
return $template;
} else {
trigger_error('Template file '.$strFilename.' not found.', E_ERROR);
}
}
file_exists returns nothing, not even false.
Also, the template doc is in the same folder where the code file is.
Before looking at the code (in any case you should post it inside the code tags provided by the editor otherwise it is difficult to read and parts may get stripped), I asked you to check the logs. All available logs (SuiteCRM + webserver/php) at the moment the error occurs. Only relevant failures.
I also asked if you have correctly set file ownership/permissions at operating system level.
So the logs and ownerhip/permissions are very important to try to understand what may be going on.
With respect to ownership/permissions you should also make sure that the cron job is running under same user/group as the SuiteCRM.
PS: To my knowledge file_exists is not blacklisted in SugarCRM neither as it is widely used there too!
Hi,
Please find the details below:
System Details:
What is your SuiteCRM version?
v.7.10.9
PHP?
v7.2
MySQL?
mysqli v5.0.12
Webserver?
Apache
Operating System?
ubuntu v18.04.1
Primary Objective:
On click of a button “send letter”, it should create a word file by fetching some field’s data, and send an email to the recipient with that word file as attachment.
Approach I am working on:
I have created a button, on click of that button, one controller file (controller.php) gets called which creates a word document by fetching values from some fields and gets saved in a folder. Then, a function in file “phpWord.php” fetches that file and sends an email.
Code Snippet of controller.php:
public function action_releaseLetter(){
$employee = new nhrem_nhr_employee();
$employee->retrieve($_REQUEST);
$db= DbManagerFactory::getInstance();
$q = "SELECT accounts_nhrem_nhr_employee_1accounts_ida FROM accounts_nhrem_nhr_employee_1_c where accounts_nhrem_nhr_employee_1_c.accounts_nhrem_nhr_employee_1nhrem_nhr_employee_idb = '".$_REQUEST."' " ;
$res = $db->query($q);
$row = $db->fetchByAssoc($res);
$account = new Account();
$account->retrieve($row);
$sqlEmail="SELECT `email_addresses`.`email_address` AS `email_address` FROM `email_addresses`, `email_addr_bean_rel` WHERE `email_addr_bean_rel`.`bean_id`='".$_REQUEST."' AND `email_addr_bean_rel`.`bean_module`='nhrem_nhr_employee' AND `email_addr_bean_rel`.`email_address_id`=`email_addresses`.`id` AND `email_addr_bean_rel`.deleted = 0 ";
$resultEmail=$db->query($sqlEmail) ;
$rowEmail = $db->fetchByAssoc($resultEmail);
echo "em: ".$rowEmail;
$fullname = ucwords($employee->name_as_identity);
$current_date = date('Y-m-d');
$company = $this->modifyCompanyName($account->name).", ".$employee->dpro_work_location ;
echo "full_name: ".$fullname."<br/>";
echo "Company: ".$company."<br/>";
$included_files = get_included_files();
if($employee->date_of_leaving != ''){
$lwd = $employee->date_of_leaving;
}else{
$lwd = $current_date;
}
$date1 = date_create($employee->expected_of_joining);
$date2 = date_create($lwd);
$interval = date_diff($date1,$date2);
$date_diff = $interval->format("%a");
echo "<br/>".$date_diff."<br/>";
echo "type: ".$employee->employee_type ;
$PHPWord = new PHPWord();
$document;
if($date_diff < 180){
if($employee->employee_type == 'billable'){
$document = $PHPWord->loadTemplate("Service_Certificate-External-SCE-v17.1-220217.docx");
}else{
$document = $PHPWord->loadTemplate("Service_Certificate-Internal-SCI-v17.1-220217.docx");
}
}else{
$document = $PHPWord->loadTemplate('Resignation_Acceptance_with_Service_Cert-RAEC-v17.1-220217.docx');
}
$doc = PHPWord_Template();
$doc->setValue('fullname', $fullname);
$document->setValue('pan', $employee->identity_no);
$document->setValue('doj', date('dS F, Y',strtotime($employee->expected_of_joining)));
$document->setValue('lwd', date('dS F, Y',strtotime($lwd)));
if($employee->employee_type == 'billable'){
$document->setValue('company', $company);
}
$document->setValue('designation', $employee->dpro_designation_offered);
$document->setValue('date_of_issue', date('dS F, Y',strtotime($current_date)));
$document->setValue('email', $employee->email1);
$doc_name = 'Service_Certificate_'.$fullname;
$document->save('downloadDoc/'.$doc_name.'.docx');
$filename = $doc_name.'.docx';
$file_ext = '.doc';
$file_mime_type = 'application/msword';
$qId = "select UUID() as uid";
$resId = $db->query($qId);
$rowId = $db->fetchByAssoc($resId);
$uid = $rowId;
$date_entered = date('Y-m-d:hh mm ss');
//Move document to a different directory
//rename('downloadDoc/'.$filename,'cache/upload/'.$uid);
exit;
}
Code from phpWord.php:
public function loadTemplate($strFilename) {
echo file_exists("Service_Certificate-External-SCE-v17.1-220217.docx");
if(file_exists($strFilename)) {
$template = new PHPWord_Template($strFilename);
return $template;
} else {
trigger_error('Template file '.$strFilename.' not found.', E_ERROR);
}
}
FYI:
List of blacklisted functions in SugarCRM:
Blacklisted functions in SugarCRM
Blacklist:
That list applies only and only to SugarCRM 7.9 (which has nothing to do with SuiteCRM, which is based on 6.5.X). Additionally, in SugarCRM 7.9 it applies only if you use File Scan package in the hosted version of SugarCRM only for packages loaded via Module Loader. Please read the article you posted!
With respect to your problem:
Can you try a script with nothing in which:
Then report back
Hi,
When checked for file_exists, control always print else part. The file has all the permission and with no difference in file name.
Can you plz provide screen of you file, with explore path.
There are two different things probably getting mixed up here:
If your hosting allows SuiteCRM to use a given function. For example, many hostings don’t allow “exec”. But I’ve never seen one deny the use of file_exists (SuiteCRM would not work without it).
Whether SuiteCRM allows a given function in a module package. There are some other security checks there. I believe this is what you’re talking about. If you don’t absolutely need to package your code in a module, then just get rid of the module and deploy your code directly to “custom” dir. Then you can use all the PHP functions.
I don’t know if this helps but I think the clarification was needed…