Add custom module myc customer portal

1. Generally in Vtiger 6.4 we create a module and just check / uncheck accordingly , to be able to see module in Customer Portal. sometime if module not exists in vTiger CRM and we want a custom module without creating it in Vtiger CRM.

 

2. For example let say i want to redirect a user after successful payment from getway / providers like Paypal, Neteller to Customer portal Transaction Module.Transaction module does not exits in Vtiger CRM.

 

3. Open your portal.php which will located in root directory of your MYC customer portal. there is a class class Router { and in this class there will be a function static function start() , inside this function $avmod = $GLOBALS["sclient"]->call('get_modules', $params); , $avmod array will contained all the module which are allowed from vTiger CRM. Below is code your need append , to display Transaction link in side bar of your MYC customer portal.

    $avmod = array_merge(array("Home", 'Transaction'), $avmod);

4. Generally , transaction module contained two function success and cancel , so we need to allowed these two function whenever a request come to access Transaction success and cancel functions.Below condition / Code allowed you to access these function in MYC customer portal. You need to placed these condition inside class Router {}.

 else if ($targetmodule == 'Transaction' && isset($_REQUEST['fun']) && $_REQUEST['fun'] == 'success')
       $mod->get_success();
 else if ($targetmodule == 'Transaction' && isset($_REQUEST['fun']) && $_REQUEST['fun'] == 'cancel')
     $mod->get_cancel();

5. Now create a folder customerportal\modules\Transaction and create a file index.php and place below code

class Transaction extends BaseModule {
 function get_success() {
  $root_directory = $GLOBALS['root_dir'];
  // Associated Transaction AS Deposit , Custom module Exists in vTiger CRM 6.4
  $data['module'] = ($this->module == 'Transaction') ? 'Deposit' : '';
  $data['contactid'] = $_SESSION["loggeduser"]['id'];
  $data['sessionid'] = $_SESSION["loggeduser"]['sessionid'];
  $getway_order_id = $_SESSION["getway_order_id"];
  $order_id = isset($_GET['orid']) ? $_GET['orid'] : '';
  $payment_method = isset($_GET['pm']) ? $_GET['pm'] : '';
  $sparams = array(
  'id' => $_SESSION["loggeduser"]['id'],
  'module' => ($this->module == 'Transaction') ? 'Deposit' : '',
  'sessionid' => $_SESSION["loggeduser"]['sessionid'],
  'getway_order_id' => $getway_order_id,
  'order_id' => $order_id,
  'payment_method' => $payment_method,
  'paypal_payer_id' => $payer_id
 );
 //first validate order id
 $order_info = $GLOBALS["sclient"]->call('get_order_info', array($order_id));
 if (isset($order_info) && count($order_info) > 0 && $order_info != "") {
  $result = $this->do_save_transation($payment_method, $sparams);
 }
 if (isset($uresult) && count($uresult) > 0 && $uresult != "") {
  unset($_SESSION["getway_order_id"]);
 }
 if (isset($_SESSION["getway_order_id"])) {
  unset($_SESSION["getway_order_id"]);
 }
 $redirectUrl = 'index.php?module=Deposit&action=index';
 header("Location: $redirectUrl");
 exit;
}
public function do_save_transation($payment_method, $sparams) {
 switch ($payment_method) {
  case 'Neteller':
   break;
  case 'Paypal':
   break;
  case 'Skrill':
   break;
  case 'Debit/CreditCard':
   break;
  default:
   break;
  }
  return $result;
}    
function get_cancel() {
 $data['module'] = ($this->module == 'Transaction') ? 'Deposit' : '';
 $data['contactid'] = $_SESSION["loggeduser"]['id'];
 $data['sessionid'] = $_SESSION["loggeduser"]['sessionid'];
 $getway_order_id = $_SESSION["getway_order_id"];
 $order_id = isset($_GET['orid']) ? $_GET['orid'] : '';
 $payment_method = isset($_GET['pm']) ? $_GET['pm'] : '';
 $sparams = array(
  'id' => $_SESSION["loggeduser"]['id'],
  'module' => ($this->module == 'Transaction') ? 'Deposit' : '',
  'sessionid' => $_SESSION["loggeduser"]['sessionid'],
  'getway_order_id' => $getway_order_id,
  'order_id' => $order_id,
  'payment_method' => $payment_method,
  'paypal_payer_id' => $payer_id
 );
 $result = $GLOBALS["sclient"]->call('do_cancel_transaction', array($sparams));
  if (isset($result) && count($result) > 0 && $result != "") {
  unset($_SESSION["getway_order_id"]);
 }
 if (isset($_SESSION["getway_order_id"])) {
  unset($_SESSION["getway_order_id"]);
 }
 $redirectUrl = 'index.php?module=Deposit&action=index&status=';
 header("Location: $redirectUrl");
 exit;
 }
} 

Validating api user-key vtiger customer portal

MYC Vtiger Customer Portal with vtiger 6.4 , if you put invalid api_user & api_pass , then you try to login in customer portal. You will see it will allowed you to logged in to customer portal without verifying your keys. Configuration file generated by MYC Vtiger Customer Portal is below.

 

 return array (
  'date_format' => 'd-m-Y',
  'portal_theme' => 'default',
  'admin_user' => 'admin',
  'admin_pass' => 'admin',
  'admin_email' => 'test@code2you.com',
  'vtiger_path' => $vtiger_path,
  'upload_dir' => $upload_dir,
  'default_timezone' => '',
  'default_charset' => 'UTF-8',
  'default_language' => 'en_us',
  'api_user' => 'admin',
  'api_pass' => 'KLkUoAKPbNsLEa6w',
  'google_api_key' => '',
  'hiddenmodules' => 
  );

So for fixing this type of security checked , you need to edit portal.php file which exists in root of MYC Vtiger Customer Portal installed folder. You can open file , there is a class call User::check_login() associated with static function check_login , generally Api::connect() is built in function provided by MYC customer portal , it is placed in index.php file in root folder. if some things goes wrong like api key or api password is not valid it will return constant define as NOT_CONFIGURED , API_LOGIN_FAILED. Below is the code which not only check for api_user and api_key for vtiger 6.4 , also validate username and password.

 class User {
/*****************************************************************************
 * Function: User::check_login()
 * *************************************************************************** */
public static function check_login() {
 global $opresult;
 /* Addd by code2you */
  $crm_api_status = Api::connect();
 /* End */
 //ADDED TO ENABLE THEME SWITCHING
 if (isset($_REQUEST['theme']) && $_REQUEST['theme'] != "" && is_dir("themes/" . $_REQUEST['theme']))
  $_SESSION["portal_theme"] = $_REQUEST['theme'];
  if (isset($_SESSION["portal_theme"]))
   $currtheme = $_SESSION['portal_theme'];
  else
   $currtheme = $GLOBALS["portal_theme"];
 //********************************
 if (isset($_REQUEST['logout'])) {
 session_unset();
 $_SESSION["portal_theme"] = $currtheme;
 header("Location: index.php");
 die();
}
if (!isset($_SESSION['loggeduser']) || $_SESSION["loggeduser"] == "ERROR") {
 $login = false;
 /*ORIGINAL LINES*/
 //if (isset($_REQUEST["email"]) && isset($_REQUEST["pass"]))
 //$login = User::portal_login($_REQUEST["email"], $_REQUEST["pass"]);
 /*ENDs*/
 /* Added condition for api keys issue code2you */
 if (isset($_REQUEST["email"]) && isset($_REQUEST["pass"])) {
    if ($crm_api_status == "NOT_CONFIGURED" || $crm_api_status == "API_LOGIN_FAILED") {
        $loginerror = API_LOGIN_FAILED;
    }else {
        $login = User::portal_login($_REQUEST["email"], $_REQUEST["pass"]);
    }
 }
/* End */
if (isset($_REQUEST["email"]) && isset($_REQUST["forgot"]))
    $lres = User::forgot_password($_REQUEST["email"]);
if (!$login || $login[0] == "INVALID_USERNAME_OR_PASSWORD") {
    if ($login[0] == "INVALID_USERNAME_OR_PASSWORD")
        $loginerror = $login[0];
    if (isset($lres) && $lres == "ERROR")
        $forgot_loginerror = "The Email you Request is not in our system!";
    else if (isset($lres) && $lres == "SUCCESS")
        $forgot_successmess = "We have send an email of your password at the address!";
    if (file_exists("themes/" . $currtheme . "/login.php"))
        require_once("themes/" . $currtheme . "/login.php");
    else
        require_once("themes/default/login.php");
    session_unset();
    die();
    }
} else
  User::portal_login($_SESSION['loggeduser']['user_name'], $_SESSION['loggeduser']['user_password']);
 if (isset($_SESSION['loggeduser']) && isset($_REQUEST['fun']) && $_REQUEST['fun'] == "changepassword")
  $GLOBALS["opresult"] = User::change_password();
 if (isset($_SESSION['loggeduser']) && isset($_REQUEST['fun']) && $_REQUEST['fun'] == "wevservice")
  $GLOBALS["opresult"] = User::callWebservice();
}