ajax.php security add add-user function.php 687 if(!empty($settings_extra['phone'])) { switch($settings_extra['phone'][0][0]) { case "0": $settings_extra['phone'][0] = "+6".$settings_extra['phone'][0]; break; case "6": $settings_extra['phone'][0] = "+".$settings_extra['phone'][0]; break; case "+": break; default: $settings_extra['phone'][0] = "+60".$settings_extra['phone'][0]; break; } } 749 crm_add_user($user_id, $settings, $settings_extra); 1815 $conversations = sb_db_get("SELECT user_id FROM sb_conversations WHERE id = $conversation_id", false); $user_id = $conversations[0]['user_id']; //userid become leads id crm_add_note($user_id, $message); 1825 $message = $notes[$i]['message']; $conversations = sb_db_get("SELECT user_id FROM sb_conversations WHERE id = $conversation_id", false); $user_id = $conversations[0]['user_id']; crm_delete_note($user_id, $message); 6204 function crm_add_user($user_id, $settings, $settings_extra) { $ch = curl_init(); $name = $settings["first_name"] . $settings["last_name"]; $fields = [ 'user_id' => $user_id, 'name'=>$name, 'email'=>trim($settings['email']), 'phone' =>$settings_extra['phone'][0]]; $postvars = ''; foreach($fields as $key=>$value) { $postvars .= $key . "=" . $value . "&"; } $url = "https://parlocrm.com:8022/api/syncLeads"; curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_POST, 1); //0 for a get request curl_setopt($ch,CURLOPT_POSTFIELDS,$postvars); curl_setopt($ch,CURLOPT_RETURNTRANSFER, true); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT ,3); curl_setopt($ch,CURLOPT_TIMEOUT, 20); $response = curl_exec($ch); //print "curl response is:" . $response; curl_close ($ch); } function crm_add_note($user_id, $note) { $fields = [ 'user_id' => $user_id, 'remark' => $note]; $postvars = ''; foreach($fields as $key=>$value) { $postvars .= $key . "=" . $value . "&"; } $ch = curl_init(); $url = "https://parlocrm.com/api/addRemarkToLeads"; curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_POST, 1); //0 for a get request curl_setopt($ch,CURLOPT_POSTFIELDS,$postvars); curl_setopt($ch,CURLOPT_RETURNTRANSFER, true); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT ,3); curl_setopt($ch,CURLOPT_TIMEOUT, 20); $response = curl_exec($ch); //print "curl response is:" . $response; curl_close ($ch); } function crm_delete_note($user_id, $note) { $fields = [ 'user_id' => $user_id, 'remark' => $note]; $postvars = ''; foreach($fields as $key=>$value) { $postvars .= $key . "=" . $value . "&"; } $ch = curl_init(); $url = "https://parlocrm.com/api/removeRemark"; curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_POST, 1); //0 for a get request curl_setopt($ch,CURLOPT_POSTFIELDS,$postvars); curl_setopt($ch,CURLOPT_RETURNTRANSFER, true); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT ,3); curl_setopt($ch,CURLOPT_TIMEOUT, 20); $response = curl_exec($ch); //print "curl response is:" . $response; curl_close ($ch); } admin.js 3219 //createNoteToCRM(message); 5050 case 'whatsapp': get_whatsapp_template(true, user_ids); break; 6058 //initiate_whatsapp $('.sb-initiate-whatsapp').on('click', function(){ get_whatsapp_template(); }); last line var components = []; function initiate_whatsapp(template_name, recursiveSending = false, user_ids = []) { var phones_list = [], ids_list = []; if(recursiveSending) { if(!user_ids.length) { dialog('Please Select user to initiate whatsapp!', 'info'); return; } user_ids = user_ids.length ? user_ids.join(',') : 0; SBF.ajax({ function: 'get-users-with-details', user_ids: user_ids, details: ['email', 'phone'] }, (response) => { if (response['phone'].length) { call_whatsapp_api(template_name, response['phone']); } else { admin.sbHideLightbox(); } }); } else if(!SBApps.whatsapp.activeUserPhone()) { alert("This user doesnt have a valid whatsapp number"); return; } else { call_whatsapp_api(template_name, [{ id: activeUser().id, value: `${SBApps.whatsapp.activeUserPhone()}` }]); } } function get_whatsapp_template(recursiveSending = false, user_ids = []) { $.ajax({ method: "POST", url: "initiate_whatsapp.php", dataType: "json", data: { action: "get_templates" }, success: function(data) { var DropdownOption = ""; data.data.forEach(function (data){ if(data.category != "SHIPPING_UPDATE"){ data.components.forEach(function(component){ if(component.type === "BODY") { components[data.name] = component.text; DropdownOption += ``; } }); } }); dialog(`