function get_user_info_by_id($uid)
{
    $sql_pre = "SELECT `username` ,`password` FROM `user` WHERE `id` = ?i AND username = ?s LIMIT 1 ";
    $array = array('1', "haixiao");
    $sql = prepare($sql_pre, $array);
    return get_line($sql);
}
Beispiel #2
0
function get_master_info($username)
{
    $sql_pre = "SELECT `username`  , `password` FROM `yxy_master` WHERE `username` = ?s";
    $array = array($username);
    $sql = prepare($sql_pre, $array);
    return get_line($sql);
}
Beispiel #3
0
function freemed_basic_auth()
{
    //----- Check for authentication
    $headers = getallheaders();
    $authed = false;
    if (preg_match('/Basic/', $headers['Authorization'])) {
        // Parse headers
        $tmp = $headers['Authorization'];
        $tmp = preg_replace('/ /', '', $tmp);
        $tmp = preg_replace('/Basic/', '', $tmp);
        $auth = base64_decode(trim($tmp));
        list($user, $pass) = explode(':', $auth);
        // Check for username/password
        $query = "SELECT username, userpassword, userrealphy, id FROM user " . "WHERE username='******' AND " . "userpassword=MD5('" . addslashes($pass) . "')";
        $r = $GLOBALS['sql']->queryRow($query);
        if ($r['id']) {
            $authed = true;
            $GLOBALS['__freemed']['basic_auth_id'] = $r['id'];
            $GLOBALS['__freemed']['basic_auth_phy'] = $r['userrealphy'];
        } else {
            // Clear basic auth id
            $authed = false;
            $GLOBALS['__freemed']['basic_auth_id'] = 0;
            $GLOBALS['__freemed']['basic_auth_phy'] = 0;
        }
    } else {
        // Otherwise return fault for no authorization
        Header("WWW-Authenticate: Basic realm=\"" . prepare(PACKAGENAME . " v" . VERSION . " vCalendar") . "\"");
        Header("HTTP/1.0 401 Unauthorized");
        die;
    }
    return $authed;
}
Beispiel #4
0
 /**
  * Retrieve all replies to a given thread
  */
 private function fetchReplies($board, $thread_id)
 {
     $query = prepare("SELECT * FROM ``posts_{$board}`` WHERE `thread` = :id");
     $query->bindValue(':id', $thread_id, PDO::PARAM_INT);
     $query->execute() or error(db_error($query));
     return $query->fetchAll(PDO::FETCH_ASSOC);
 }
Beispiel #5
0
 /**
  * 过滤条件
  *
  * @author boxcore
  * @date   2014-10-23
  * @param  array     $configs 过滤条件
  * @return string
  */
 private function __getWhere($configs)
 {
     $where = 'WHERE TRUE ';
     if (isset($configs['need_push'])) {
         $where .= prepare('AND `need_push` = ?s ', array($configs['need_push']));
     }
     if (isset($configs['url'])) {
         $where .= prepare('AND `url` = ?s ', array($configs['url']));
     }
     if (isset($configs['task_list_id'])) {
         $where .= prepare('AND `task_list_id` = ?i ', array($configs['task_list_id']));
     }
     if (isset($configs['type'])) {
         $where .= prepare('AND `type` = ?i ', array($configs['type']));
     }
     if (isset($configs['start_goods_id'])) {
         $where .= prepare('AND `goods_id` >= ?i ', array($configs['start_goods_id']));
     }
     if (isset($configs['price'])) {
         if ($configs['price']) {
             $where .= 'AND `price` > 0 ';
         } else {
             $where .= 'AND `price` = 0 ';
         }
     }
     if (isset($configs['date'])) {
         $where .= prepare('AND `created_time` >= ?s AND `created_time` <= ?s ', array($configs['date'] . " 00:00:00", $configs['date'] . " 23:59:59"));
     }
     return $where;
 }
Beispiel #6
0
 function assignments()
 {
     prepare();
     $request = new AssignmentsRequest(ActionType::GET);
     $response = $this->roots->assignments($request);
     return $response;
 }
function get_filecatname($catid)
{
    $sql_pre = "SELECT `catname` FROM `yxy_filecat` WHERE `id` = ?i";
    $array = array($catid);
    $sql = prepare($sql_pre, $array);
    return get_var($sql);
}
Beispiel #8
0
function show_timeSheetItems($template_name)
{
    global $date_to_view;
    $current_user =& singleton("current_user");
    global $TPL;
    $query = prepare("SELECT * \n                      FROM timeSheetItem \n                           LEFT JOIN timeSheet ON timeSheetItem.timeSheetID = timeSheet.timeSheetID\n                           LEFT JOIN project ON timeSheet.projectID = project.projectID\n                      WHERE dateTimeSheetItem='%s'\n                            AND timeSheet.personID=%d", date("Y-m-d", $date_to_view), $current_user->get_id());
    $db = new db_alloc();
    $db->query($query);
    while ($db->next_record()) {
        $timeSheetItem = new timeSheetItem();
        $timeSheetItem->read_db_record($db);
        $timeSheetItem->set_values();
        if ($timeSheetItem->get_value("unit") == "Hour") {
            $TPL["daily_hours_total"] += $timeSheetItem->get_value("timeSheetItemDuration");
        }
        $project = new project();
        $project->read_db_record($db);
        $project->set_values();
        if ($project->get_value("projectShortName")) {
            $TPL["item_description"] = $project->get_value("projectShortName");
        } else {
            $TPL["item_description"] = $project->get_value("projectName");
        }
        include_template($template_name);
    }
}
 function choose()
 {
     while (list($k, $v) = each($GLOBALS)) {
         global ${$k};
     }
     $collectorid = getcollectorid("advalvas");
     $query = "DELETE FROM station " . "WHERE collectorid='" . addslashes($collectorid) . "'";
     $sql->query($query);
     $query = "DELETE FROM program";
     $sql->query($query);
     print_header_open();
     print_title("Choose Stations for " . $this->MODULE_NAME);
     print_header_close();
     print "\n                        <FORM ACTION=\"" . page_name() . "\" METHOD=POST>\n                        <INPUT TYPE=HIDDEN NAME=\"module\" VALUE=\"" . prepare($module) . "\">\n                        <TABLE BORDER=0 CELLSPACING=0 CELLPADDING=2>\n                        <TR BGCOLOR=\"#ccccff\">\n                                <TD><B>Original Name</B></TD>\n                                <TD><B>xawtv Name</B></TD>\n                                <TD><B>Channel</B></TD>\n                        </TR>\n                ";
     while (list($name, $value) = each($HTTP_POST_VARS)) {
         if ($value == 1) {
             $suburl = "?NL&" . $name;
             $channel_name = preg_replace("/_/", " ", $name);
             $channel_name = preg_replace("/\\|/", "+", $channel_name);
             $query = $sql->insert_query("station", array("sname" => $this->transformName($channel_name), "collectorid" => $collectorid, "suburl" => $suburl, "rname" => $this->transformName($channel_name), "channel" => "0"));
             $result = $sql->query($query);
             $sid = $sql->last_record($result);
             print "\n\t\t\t\t<TR>\n\t\t\t\t\t\t<TD>" . prepare($channel_name) . "</TD>\n\t\t\t\t\t\t<TD>\n\t\t\t\t\t\t\t\t<INPUT TYPE=TEXT NAME=\"T" . htmlentities($sid) . "\"\n\t\t\t\t\t\t\t\tVALUE=\"" . prepare($channel_name) . "\">\n\t\t\t\t\t\t</TD>\n\t\t\t\t\t\t<TD>" . html_form::text_widget("C" . htmlentities($sid)) . "</TD>\n\t\t\t\t</TR>\n\t\t\t\t";
         }
     }
     print "</TABLE>\n";
     print "<P><INPUT TYPE=SUBMIT NAME=SUBMIT VALUE=\"Update\"></P>\n";
     print "</FORM>\n";
     print_page_close();
     exit;
 }
Beispiel #10
0
 function get_rate($projectID, $personID)
 {
     // Try to get the person's rate from the following sources:
     // project.defaultTimeSheetRate
     // person.defaultTimeSheetRate
     // config.name == defaultTimeSheetRate
     // First check the project for a rate
     $project = new project($projectID);
     $row = array('rate' => $project->get_value("defaultTimeSheetRate"), 'unit' => $project->get_value("defaultTimeSheetRateUnitID"));
     if (imp($row['rate']) && $row['unit']) {
         return $row;
     }
     // Next check person, which is in global currency rather than project currency - conversion required
     $db = new db_alloc();
     $q = prepare("SELECT defaultTimeSheetRate as rate, defaultTimeSheetRateUnitID as unit FROM person WHERE personID = %d", $personID);
     $db->query($q);
     $row = $db->row();
     if (imp($row['rate']) && $row['unit']) {
         if ($project->get_value("currencyTypeID") != config::get_config_item("currency")) {
             $row['rate'] = exchangeRate::convert(config::get_config_item("currency"), $row["rate"], $project->get_value("currencyTypeID"));
         }
         return $row;
     }
     // Lowest priority: global
     $rate = config::get_config_item("defaultTimeSheetRate");
     $unit = config::get_config_item("defaultTimeSheetUnit");
     if (imp($rate) && $unit) {
         if (config::get_config_item("currency") && $project->get_value("currencyTypeID")) {
             $rate = exchangeRate::convert(config::get_config_item("currency"), $rate, $project->get_value("currencyTypeID"));
         }
         return array('rate' => $rate, 'unit' => $unit);
     }
 }
Beispiel #11
0
function show_overdue($template_name)
{
    global $db;
    global $TPL;
    $current_user =& singleton("current_user");
    $db = new db_alloc();
    $temp = mktime(0, 0, 0, date("m"), date("d"), date("Y"));
    $today = date("Y", $temp) . "-" . date("m", $temp) . "-" . date("d", $temp);
    $q = prepare("SELECT itemName,itemType,item.itemID,dateBorrowed,dateToBeReturned,loan.personID \n                  FROM loan,item \n                 WHERE dateToBeReturned < '%s' \n\t\t\t\t\t         AND dateReturned = '0000-00-00' \n\t\t\t\t\t         AND item.itemID = loan.itemID\n               ", $today);
    if (!have_entity_perm("loan", PERM_READ, $current_user, false)) {
        $q .= prepare("AND loan.personID = %d", $current_user->get_id());
    }
    $db->query($q);
    while ($db->next_record()) {
        $i++;
        $item = new item();
        $loan = new loan();
        $item->read_db_record($db);
        $loan->read_db_record($db);
        $item->set_values();
        $loan->set_values();
        $person = new person();
        $person->set_id($loan->get_value("personID"));
        $person->select();
        $TPL["person"] = $person->get_name();
        $TPL["overdue"] = "<a href=\"" . $TPL["url_alloc_item"] . "itemID=" . $item->get_id() . "&return=true\">Overdue!</a>";
        include_template($template_name);
    }
}
Beispiel #12
0
 public static function get_config_item_id($name = '')
 {
     $db = new db_alloc();
     $db->query(prepare("SELECT configID FROM config WHERE name = '%s'", $name));
     $db->next_record();
     return $db->f('configID');
 }
function show_expenseFormList($template_name)
{
    global $db;
    global $TPL;
    global $transactionRepeat;
    $current_user =& singleton("current_user");
    $db = new db_alloc();
    $transactionRepeat = new transactionRepeat();
    if (!$_GET["tfID"] && !$current_user->have_role("admin")) {
        $tfIDs = $current_user->get_tfIDs();
        $tfIDs and $sql = prepare("WHERE tfID in (%s)", $tfIDs);
    } else {
        if ($_GET["tfID"]) {
            $sql = prepare("WHERE tfID = %d", $_GET["tfID"]);
        }
    }
    $db->query("select * FROM transactionRepeat " . $sql);
    while ($db->next_record()) {
        $i++;
        $transactionRepeat->read_db_record($db);
        $transactionRepeat->set_values();
        $TPL["tfName"] = tf::get_name($transactionRepeat->get_value("tfID"));
        $TPL["fromTfName"] = tf::get_name($transactionRepeat->get_value("fromTfID"));
        include_template($template_name);
    }
    $TPL["tfID"] = $tfID;
}
Beispiel #14
0
function unban($id)
{
    $query = prepare("DELETE FROM `bans` WHERE `id` = :id");
    $query->bindValue(':id', $id);
    $query->execute() or error(db_error($query));
    modLog("Removed ban #{$id}");
}
Beispiel #15
0
 public function action()
 {
     global $board;
     switch ($this->action) {
         case 'reject':
             error(isset($this->message) ? $this->message : 'Posting throttled by flood filter.');
         case 'ban':
             if (!isset($this->reason)) {
                 error('The ban action requires a reason.');
             }
             $reason = $this->reason;
             if (isset($this->expires)) {
                 $expires = time() + $this->expires;
             } else {
                 $expires = 0;
             }
             // Ban indefinitely
             if (isset($this->reject)) {
                 $reject = $this->reject;
             } else {
                 $reject = true;
             }
             if (isset($this->all_boards)) {
                 $all_boards = $this->all_boards;
             } else {
                 $all_boards = false;
             }
             $query = prepare("INSERT INTO `bans` VALUES (NULL, :ip, :mod, :set, :expires, :reason, :board)");
             $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
             $query->bindValue(':mod', -1);
             $query->bindValue(':set', time());
             if ($expires) {
                 $query->bindValue(':expires', $expires);
             } else {
                 $query->bindValue(':expires', null, PDO::PARAM_NULL);
             }
             if ($reason) {
                 $query->bindValue(':reason', $reason);
             } else {
                 $query->bindValue(':reason', null, PDO::PARAM_NULL);
             }
             if ($all_boards) {
                 $query->bindValue(':board', null, PDO::PARAM_NULL);
             } else {
                 $query->bindValue(':board', $board['uri']);
             }
             $query->execute() or error(db_error($query));
             if ($reject) {
                 if (isset($this->message)) {
                     error($message);
                 }
                 checkBan($board['uri']);
                 exit;
             }
             break;
         default:
             error('Unknown filter action: ' . $this->action);
     }
 }
Beispiel #16
0
 public function nextId($entidade)
 {
     $query = "SELECT max(id) FROM ? ";
     $stmt = prepare($query);
     $reg = mysql_fetch_array($this->doSQL($query));
     $sequencial = $reg[$max] + 1;
     return $sequencial;
 }
Beispiel #17
0
 function recipients_to_text($recip)
 {
     $query = "SELECT * FROM user WHERE " . "FIND_IN_SET(id, '" . addslashes($recip) . "')";
     $res = $GLOBALS['sql']->queryAll($query);
     $a = array();
     foreach ($res as $r) {
         $a[] = prepare($r['userdescrip']);
     }
     return join(', ', $a);
 }
Beispiel #18
0
 protected function _getWhere($configs)
 {
     $where = 'WHERE TRUE ';
     if (!empty($configs['cid'])) {
         $where .= prepare('AND `list_id` = ?i ', array($configs['cid']));
     }
     if (!empty($configs['date'])) {
         $where .= prepare('AND `created_time` >= ?s AND `created_time` <= ?s ', array($configs['date'] . ' 00:00:00', $configs['date'] . ' 23:59:59'));
     }
     return $where;
 }
Beispiel #19
0
 function get_roles_array($level = "person")
 {
     $rows = array();
     $db = new db_alloc();
     $q = prepare("SELECT * FROM role WHERE roleLevel = '%s' ORDER BY roleSequence", $level);
     $db->query($q);
     while ($row = $db->row()) {
         $rows[$row["roleHandle"]] = $row["roleName"];
     }
     return $rows;
 }
Beispiel #20
0
function sb_thread($b, $thread, $slugcheck = false)
{
    global $config;
    $thread = (int) $thread;
    if ($thread < 1) {
        return false;
    }
    if (!preg_match('/^' . $config['board_regex'] . '$/u', $b)) {
        return false;
    }
    if (Cache::get("thread_exists_" . $b . "_" . $thread) == "no") {
        return false;
    }
    $query = prepare(sprintf("SELECT MAX(`id`) AS `max` FROM ``posts_%s``", $b));
    if (!$query->execute()) {
        return false;
    }
    $s = $query->fetch(PDO::FETCH_ASSOC);
    $max = $s['max'];
    if ($thread > $max) {
        return false;
    }
    $query = prepare(sprintf("SELECT `id` FROM ``posts_%s`` WHERE `id` = :id AND `thread` IS NULL", $b));
    $query->bindValue(':id', $thread);
    if (!$query->execute() || !$query->fetch(PDO::FETCH_ASSOC)) {
        Cache::set("thread_exists_" . $b . "_" . $thread, "no");
        return false;
    }
    if ($slugcheck && $config['slugify']) {
        global $request;
        $link = link_for(array("id" => $thread), $slugcheck === 50, array("uri" => $b));
        $link = "/" . $b . "/" . $config['dir']['res'] . $link;
        if ($link != $request) {
            header("Location: {$link}", true, 301);
            die;
        }
    }
    if ($slugcheck == 50) {
        // Should we really generate +50 page? Maybe there are not enough posts anyway
        global $request;
        $r = str_replace("+50", "", $request);
        $r = substr($r, 1);
        // Cut the slash
        if (file_exists($r)) {
            return false;
        }
    }
    if (!openBoard($b)) {
        return false;
    }
    buildThread($thread);
    return true;
}
Beispiel #21
0
function apply_patch($f)
{
    global $TPL;
    static $files;
    // Should never attempt to apply the same patch twice.. in case
    // there are function declarations in the .php patches.
    if ($files[$f]) {
        return;
    }
    $files[$f] = true;
    $db = new db_alloc();
    $file = basename($f);
    $failed = false;
    $comments = array();
    // This is an important patch that converts money from 120.34 to 12034.
    // We MUST ensure that the user has a currency set before applying this patch.
    if ($file == "patch-00188-alla.sql") {
        if (!config::get_config_item('currency')) {
            alloc_error("No default currency is set! Login to alloc (ignore any errors, you may need to manually change the url to config/config.php after logging in) go to Setup -> Finance and select a Main Currency. And then click the 'Update Transactions That Have No Currency' button. Then return here and apply this patch (patch-188). IT IS REALLY IMPORTANT THAT YOU FOLLOW THESE INSTRUCTIONS as the storage format for monetary amounts has changed.", true);
        }
    }
    // Try for sql file
    if (strtolower(substr($file, -4)) == ".sql") {
        list($sql, $comments) = parse_sql_file($f);
        foreach ($sql as $query) {
            if (!$db->query($query)) {
                #$TPL["message"][] = "<b style=\"color:red\">Error:</b> ".$f."<br>".$db->get_error();
                $failed = true;
                alloc_error("<b style=\"color:red\">Error:</b> " . $f . "<br>" . $db->get_error());
            }
        }
        if (!$failed) {
            $TPL["message_good"][] = "Successfully Applied: " . $f;
        }
        // Try for php file
    } else {
        if (strtolower(substr($file, -4)) == ".php") {
            $str = execute_php_file("../patches/" . $file);
            if ($str && !defined("FORCE_PATCH_SUCCEED_" . $file)) {
                #$TPL["message"][] = "<b style=\"color:red\">Error:</b> ".$f."<br>".$str;
                $failed = true;
                ob_end_clean();
                alloc_error("<b style=\"color:red\">Error:</b> " . $f . "<br>" . $str);
            } else {
                $TPL["message_good"][] = "Successfully Applied: " . $f;
            }
        }
    }
    if (!$failed) {
        $q = prepare("INSERT INTO patchLog (patchName, patchDesc, patchDate) \n                  VALUES ('%s','%s','%s')", $file, implode(" ", $comments), date("Y-m-d H:i:s"));
        $db->query($q);
    }
}
Beispiel #22
0
function fix_this_comment($r, $num, $from, $messageid)
{
    global $db;
    global $alloc_from_addresses2;
    if ($r["commentEmailUIDORIG"] != $num) {
        unset($projectID);
        if ($r["commentMaster"] == "task" && $r["commentMasterID"]) {
            $q = prepare("select projectID from task where taskID = %d", $r["commentMasterID"]);
            $db->query($q);
            $task_row = $db->row();
            $projectID = $task_row["projectID"];
        }
        // Try figure out and populate the commentCreatedUser/commentCreatedUserClientContactID fields
        list($from_address, $from_name) = parse_email_address($from);
        $person = new person();
        $personID = $person->find_by_email($from_address);
        $personID or $personID = $person->find_by_name($from_name);
        $sql = array();
        $sql[] = prepare("commentEmailUID = '%s'", trim($num));
        if ($personID) {
            $sql[] = prepare("commentCreatedUser = %d", $personID);
            $sql[] = "commentCreatedUserClientContactID = NULL";
        } else {
            $sql[] = "commentCreatedUser = NULL";
            $cc = new clientContact();
            $clientContactID = $cc->find_by_email($from_address, $projectID);
            $clientContactID or $clientContactID = $cc->find_by_name($from_name, $projectID);
            $clientContactID and $sql[] = prepare("commentCreatedUserClientContactID = %d", $clientContactID);
        }
        $sql[] = prepare("commentCreatedUserText = '%s'", trim($from));
        $sql[] = prepare("commentEmailMessageID = '%s'", trim($messageid));
        if (!in_array($from_address, $alloc_from_addresses2)) {
            // don't update items that are from alloc
            $q = prepare("UPDATE comment SET " . implode(",", $sql) . " WHERE commentID = %d", $r["commentID"]);
            $db->query($q);
            printorlog("FIXED: " . $q . " (old uid: " . $r["commentEmailUIDORIG"] . ")", "blue");
        }
    } else {
        // Try figure out and populate the commentCreatedUser/commentCreatedUserClientContactID fields
        list($from_address, $from_name) = parse_email_address($from);
        if (!in_array($from_address, $alloc_from_addresses2)) {
            // don't update items that are from alloc
            $sql = array();
            $sql[] = prepare("commentEmailUID = '%s'", trim($num));
            $sql[] = prepare("commentEmailMessageID = '%s'", trim($messageid));
            $q = prepare("UPDATE comment SET " . implode(",", $sql) . " WHERE commentID = %d", $r["commentID"]);
            $db->query($q);
            printorlog("GOOD: " . $q, "green");
        }
    }
}
Beispiel #23
0
 /**
  * 获取组装条件
  *
  * @author boxcore
  * @date   2014-06-02
  * @param  array      $configs [description]
  * @return [type]              [description]
  */
 private function __getWhere($configs = array())
 {
     $where = ' WHERE 1=1 ';
     if (isset($configs['task_id']) && !empty($configs['task_id'])) {
         $where .= " AND `id`={$configs['task_id']} ";
     }
     if (isset($configs['task_ids']) && !empty($configs['task_ids'])) {
         $where .= " AND `id` IN( {$configs['task_ids']} ) ";
     }
     if (isset($configs['cat_id']) && !empty($configs['cat_id'])) {
         $where .= prepare(' AND `cat_id` = ?i ', array($configs['cat_id']));
     }
     return $where;
 }
Beispiel #24
0
function get_parent_taskIDs($taskID)
{
    $q = prepare("SELECT taskID,taskName,parentTaskID \n                    FROM task \n                   WHERE taskID = %d \n                     AND (taskID != parentTaskID OR parentTaskID IS NULL)", $taskID);
    $db = new db_alloc();
    $db->query($q);
    while ($db->next_record()) {
        $rtn[$db->f("taskName")] = $db->f("taskID");
        $arr = get_parent_taskIDs($db->f("parentTaskID"));
        if (is_array($arr)) {
            $rtn = array_merge($rtn, $arr);
        }
    }
    return $rtn;
}
function max_posts_per_hour($post)
{
    global $config, $board;
    if (!$config['hour_max_threads']) {
        return false;
    }
    if ($post['op']) {
        $query = prepare(sprintf('SELECT COUNT(*) AS `count` FROM ``posts_%s`` WHERE `thread` IS NULL AND FROM_UNIXTIME(`time`) > DATE_SUB(NOW(), INTERVAL 1 HOUR);', $board['uri']));
        $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
        $query->execute() or error(db_error($query));
        $r = $query->fetch(PDO::FETCH_ASSOC);
        return $r['count'] > $config['hour_max_threads'];
    }
}
Beispiel #26
0
 function get_buy_cost($id = false)
 {
     $id or $id = $this->get_id();
     $db = new db_alloc();
     $q = prepare("SELECT amount, currencyTypeID, tax\n                    FROM productCost\n                   WHERE isPercentage != 1\n                     AND productID = %d\n                     AND productCostActive = true\n                 ", $id);
     $db->query($q);
     while ($row = $db->row()) {
         if ($row["tax"]) {
             list($amount_minus_tax, $amount_of_tax) = tax($row["amount"]);
             $row["amount"] = $amount_minus_tax;
         }
         $amount += exchangeRate::convert($row["currencyTypeID"], $row["amount"]);
     }
     return $amount;
 }
Beispiel #27
0
function hash_to_entity($hash = "")
{
    global $db;
    if ($hash) {
        $q = prepare("select * from token WHERE tokenHash = '%s'", $hash);
        $row = $db->qr($q);
        if ($row["tokenEntity"] == "comment") {
            $q = prepare("SELECT commentMaster,commentMasterID FROM comment WHERE commentID = %d", $row["tokenEntityID"]);
            $r = $db->qr($q);
            return $r["commentMaster"] . $r["commentMasterID"];
        } else {
            return $row["tokenEntity"] . $row["tokenEntityID"];
        }
    }
}
 function show_tasks()
 {
     $current_user =& singleton("current_user");
     global $tasks_date;
     list($ts_open, $ts_pending, $ts_closed) = task::get_task_status_in_set_sql();
     $q = prepare("SELECT * \n                  FROM task \n                  WHERE (task.taskStatus NOT IN (" . $ts_closed . ") AND task.taskTypeID = 'Message') \n                  AND (personID = %d) \n                  ORDER BY priority\n                 ", $current_user->get_id());
     $db = new db_alloc();
     $db->query($q);
     while ($db->next_record()) {
         $task = new task();
         $task->read_db_record($db);
         echo $br . $task->get_task_image() . $task->get_task_link(array("return" => "html"));
         $br = "<br>";
     }
 }
 function save()
 {
     // Just ensure multiple 0 entries cannot be saved.
     if ($this->get_value("commissionPercent") == 0) {
         $q = prepare("SELECT * FROM projectCommissionPerson WHERE projectID = %d AND commissionPercent = 0 AND projectCommissionPersonID != %d", $this->get_value("projectID"), $this->get_id());
         $db = new db_alloc();
         $db->query($q);
         if ($db->next_record()) {
             $fail = true;
             alloc_error("Only one Time Sheet Commission is allowed to be set to 0%");
         }
     }
     if (!$fail) {
         parent::save();
     }
 }
Beispiel #30
0
 function get_skills()
 {
     global $TPL;
     global $skill_class;
     $skills = array("" => "Any Skill");
     $query = "SELECT * FROM skill";
     if ($skill_class != "") {
         $query .= prepare(" WHERE skillClass='%s'", $skill_class);
     }
     $query .= " ORDER BY skillClass,skillName";
     $db = new db_alloc();
     $db->query($query);
     while ($db->next_record()) {
         $skill = new skill();
         $skill->read_db_record($db);
         $skills[$skill->get_id()] = sprintf("%s - %s", $skill->get_value('skillClass'), $skill->get_value('skillName'));
     }
     return $skills;
 }