function display($data) { echo '<fieldset><legend style="font-size:1.2em;">Choose the template of the project</legend>'; include $GLOBALS['Language']->getContent('project/template'); $rows = db_numrows($this->db_templates); if ($rows > 0) { //echo '<h3>From templates</h3><blockquote>'; $GLOBALS['HTML']->box1_top($GLOBALS['Language']->getText('register_template', 'choose')); print ' <TABLE width="100%">'; for ($i = 0; $i < $rows; $i++) { $this->_displayProject(db_result($this->db_templates, $i, 'group_id'), db_result($this->db_templates, $i, 'group_name'), db_result($this->db_templates, $i, 'register_time'), db_result($this->db_templates, $i, 'unix_group_name'), db_result($this->db_templates, $i, 'short_description')); } print '</TABLE>'; $GLOBALS['HTML']->box1_bottom(); //echo '</blockquote>'; } //{{{ Projects where current user is admin $result = db_query("SELECT groups.group_name AS group_name, " . "groups.group_id AS group_id, " . "groups.unix_group_name AS unix_group_name, " . "groups.register_time AS register_time, " . "groups.short_description AS short_description " . "FROM groups, user_group " . "WHERE groups.group_id = user_group.group_id " . "AND user_group.user_id = '" . user_getid() . "' " . "AND user_group.admin_flags = 'A' " . "AND groups.status='A' ORDER BY group_name"); echo db_error($result); $rows = db_numrows($result); if ($result && $rows) { include $GLOBALS['Language']->getContent('project/template_my'); echo '<br />'; $GLOBALS['HTML']->box1_top($GLOBALS['Language']->getText('register_template', 'choose_admin')); print '<TABLE width="100%">'; for ($i = 0; $i < $rows; $i++) { $this->_displayProject(db_result($result, $i, 'group_id'), db_result($result, $i, 'group_name'), db_result($result, $i, 'register_time'), db_result($result, $i, 'unix_group_name'), db_result($result, $i, 'short_description')); } print '</TABLE>'; $GLOBALS['HTML']->box1_bottom(); } //}}} echo '</fieldset>'; }
function Widget_MySurveys() { $this->Widget('mysurveys'); $no_survey = true; // Get id and title of the survey that will be promoted to user page. default = survey whose id=1 if ($GLOBALS['sys_my_page_survey']) { $developer_survey_id = $GLOBALS['sys_my_page_survey']; } else { $developer_survey_id = "1"; } $survey = SurveySingleton::instance(); $sql = "SELECT * from surveys WHERE survey_id=" . db_ei($developer_survey_id); $result = db_query($sql); $group_id = db_result($result, 0, 'group_id'); $purifier = Codendi_HTMLPurifier::instance(); $survey_title = $purifier->purify($survey->getSurveyTitle(db_result($result, 0, 'survey_title'))); // Check that the survey is active $devsurvey_is_active = db_result($result, 0, 'is_active'); if ($devsurvey_is_active == 1) { $sql = "SELECT * FROM survey_responses " . "WHERE survey_id='" . db_ei($developer_survey_id) . "' AND user_id='" . db_ei(user_getid()) . "'"; $result = db_query($sql); if (db_numrows($result) < 1) { $no_survey = false; $this->content .= '<a href="/survey/survey.php?group_id=' . $group_id . '&survey_id=' . $developer_survey_id . '">' . $survey_title . '</a>'; } } if ($no_survey) { $this->content .= $GLOBALS['Language']->getText('my_index', 'no_survey'); } }
function session_require($req) { global $Language; /* Codendi admins always return true */ if (user_is_super_user()) { return true; } if (isset($req['group']) && $req['group']) { $query = "SELECT user_id FROM user_group WHERE user_id=" . user_getid() . " AND group_id=" . db_ei($req['group']); if (isset($req['admin_flags']) && $req['admin_flags']) { $query .= " AND admin_flags = '" . db_escape_string($req['admin_flags']) . "'"; } if (db_numrows(db_query($query)) < 1 || !$req['group']) { exit_error($Language->getText('include_session', 'insufficient_g_access'), $Language->getText('include_session', 'no_perm_to_view')); } } elseif (isset($req['user']) && $req['user']) { if (user_getid() != $req['user']) { exit_error($Language->getText('include_session', 'insufficient_u_access'), $Language->getText('include_session', 'no_perm_to_view')); } } elseif (isset($req['isloggedin']) && $req['isloggedin']) { if (!user_isloggedin()) { exit_error($Language->getText('include_session', 'required_login'), $Language->getText('include_session', 'login')); } } else { exit_error($Language->getText('include_session', 'insufficient_access'), $Language->getText('include_session', 'no_access')); } }
function getContent() { $html_my_bookmarks = ''; $result = db_query("SELECT bookmark_url, bookmark_title, bookmark_id from user_bookmarks where " . "user_id='" . user_getid() . "' ORDER BY bookmark_title"); $rows = db_numrows($result); if (!$result || $rows < 1) { $html_my_bookmarks .= $GLOBALS['Language']->getText('my_index', 'no_bookmark'); $html_my_bookmarks .= db_error(); } else { $purifier = Codendi_HTMLPurifier::instance(); $html_my_bookmarks .= '<table style="width:100%">'; for ($i = 0; $i < $rows; $i++) { $bookmark_url = $purifier->purify(db_result($result, $i, 'bookmark_url'), CODENDI_PURIFIER_CONVERT_HTML); if (my_has_URL_invalid_content($bookmark_url)) { $bookmark_url = ''; } $bookmark_title = $purifier->purify(db_result($result, $i, 'bookmark_title'), CODENDI_PURIFIER_CONVERT_HTML); $html_my_bookmarks .= '<TR class="' . util_get_alt_row_color($i) . '"><TD>'; $html_my_bookmarks .= '<A HREF="' . $bookmark_url . '">' . $bookmark_title . '</A> '; $html_my_bookmarks .= '<small><A HREF="/my/bookmark_edit.php?bookmark_id=' . db_result($result, $i, 'bookmark_id') . '">[' . $GLOBALS['Language']->getText('my_index', 'edit_link') . ']</A></SMALL></TD>'; $html_my_bookmarks .= '<td style="text-align:right"><A HREF="/my/bookmark_delete.php?bookmark_id=' . db_result($result, $i, 'bookmark_id') . '">'; $html_my_bookmarks .= '<IMG SRC="' . util_get_image_theme("ic/trash.png") . '" HEIGHT="16" WIDTH="16" BORDER="0" ALT="DELETE"></A></td></tr>'; } $html_my_bookmarks .= '</table>'; } $html_my_bookmarks .= '<div style="text-align:center; font-size:0.8em;"><a href="/my/bookmark_add.php">[' . $GLOBALS['Language']->getText('my_index', 'add_bookmark') . ']</a></div>'; return $html_my_bookmarks; }
function register_valid() { if (!$GLOBALS["Update"]) { return 0; } // check against old pw $res = db_query("SELECT user_pw, status FROM users WHERE user_id=" . user_getid()); $row_pw = db_fetch_array($res); if ($row_pw[user_pw] != md5($GLOBALS[form_oldpw])) { $GLOBALS[register_error] = "Old password is incorrect."; return 0; } if ($row_pw[status] != 'A') { $GLOBALS[register_error] = "Account must be active to change password."; return 0; } if (!$GLOBALS[form_pw]) { $GLOBALS[register_error] = "You must supply a password."; return 0; } if ($GLOBALS[form_pw] != $GLOBALS[form_pw2]) { $GLOBALS[register_error] = "Passwords do not match."; return 0; } if (!account_pwvalid($GLOBALS[form_pw])) { return 0; } // if we got this far, it must be good $user =& user_get_object(user_getid()); if (!$user->setPasswd($GLOBALS['form_pw'])) { $GLOBALS['register_error'] = $user->getErrorMessage(); return 0; } return 1; }
/** * getPublicArea * * Return the link which will be displayed in public area in summary page */ function getPublicArea() { $html = ''; $html .= '<p><a href="/file/showfiles.php?group_id=' . $this->getGroupId() . '">'; $html .= $GLOBALS['Response']->getImage("ic/file.png", array('width' => '20', 'height' => '20', 'alt' => $GLOBALS['Language']->getText('include_project_home', 'files'))); $html .= ' ' . $GLOBALS['Language']->getText('include_project_home', 'file_releases') . '</a>'; $html .= ' ( ' . $GLOBALS['Language']->getText('include_project_home', 'packages', count($this->_getPackagesForUser(user_getid()))) . ' )'; $html .= '</p>'; return $html; }
function getContent() { $html_my_monitored_forums = ''; $sql = "SELECT groups.group_id, groups.group_name " . "FROM groups,forum_group_list,forum_monitored_forums " . "WHERE groups.group_id=forum_group_list.group_id " . "AND groups.status = 'A' " . "AND forum_group_list.is_public <> 9 " . "AND forum_group_list.group_forum_id=forum_monitored_forums.forum_id " . "AND forum_monitored_forums.user_id='" . user_getid() . "' "; $um =& UserManager::instance(); $current_user =& $um->getCurrentUser(); if ($current_user->isRestricted()) { $projects = $current_user->getProjects(); $sql .= "AND groups.group_id IN (" . implode(',', $projects) . ") "; } $sql .= "GROUP BY group_id ORDER BY group_id ASC LIMIT 100"; $result = db_query($sql); $rows = db_numrows($result); if (!$result || $rows < 1) { $html_my_monitored_forums .= $GLOBALS['Language']->getText('my_index', 'my_forums_msg'); } else { $request =& HTTPRequest::instance(); $html_my_monitored_forums .= '<table style="width:100%">'; for ($j = 0; $j < $rows; $j++) { $group_id = db_result($result, $j, 'group_id'); $sql2 = "SELECT forum_group_list.group_forum_id,forum_group_list.forum_name " . "FROM groups,forum_group_list,forum_monitored_forums " . "WHERE groups.group_id=forum_group_list.group_id " . "AND groups.group_id={$group_id} " . "AND forum_group_list.is_public <> 9 " . "AND forum_group_list.group_forum_id=forum_monitored_forums.forum_id " . "AND forum_monitored_forums.user_id='" . user_getid() . "' LIMIT 100"; $result2 = db_query($sql2); $rows2 = db_numrows($result2); $vItemId = new Valid_UInt('hide_item_id'); $vItemId->required(); if ($request->valid($vItemId)) { $hide_item_id = $request->get('hide_item_id'); } else { $hide_item_id = null; } $vForum = new Valid_WhiteList('hide_forum', array(0, 1)); $vForum->required(); if ($request->valid($vForum)) { $hide_forum = $request->get('hide_forum'); } else { $hide_forum = null; } list($hide_now, $count_diff, $hide_url) = my_hide_url('forum', $group_id, $hide_item_id, $rows2, $hide_forum); $html_hdr = ($j ? '<tr class="boxitem"><td colspan="2">' : '') . $hide_url . '<A HREF="/forum/?group_id=' . $group_id . '">' . db_result($result, $j, 'group_name') . '</A> '; $html = ''; $count_new = max(0, $count_diff); for ($i = 0; $i < $rows2; $i++) { if (!$hide_now) { $group_forum_id = db_result($result2, $i, 'group_forum_id'); $html .= ' <TR class="' . util_get_alt_row_color($i) . '"><TD WIDTH="99%">' . ' - <A HREF="/forum/forum.php?forum_id=' . $group_forum_id . '">' . stripslashes(db_result($result2, $i, 'forum_name')) . '</A></TD>' . '<TD ALIGN="center"><A HREF="/my/stop_monitor.php?forum_id=' . $group_forum_id . '" onClick="return confirm(\'' . $GLOBALS['Language']->getText('my_index', 'stop_forum') . '\')">' . '<IMG SRC="' . util_get_image_theme("ic/trash.png") . '" HEIGHT="16" WIDTH="16" ' . 'BORDER=0 ALT="' . $GLOBALS['Language']->getText('my_index', 'stop_monitor') . '"></A></TD></TR>'; } } $html_hdr .= my_item_count($rows2, $count_new) . '</td></tr>'; $html_my_monitored_forums .= $html_hdr . $html; } $html_my_monitored_forums .= '</table>'; } return $html_my_monitored_forums; }
function getContent() { $frsrf = new FRSReleaseFactory(); $html_my_monitored_fp = ''; $sql = "SELECT groups.group_name,groups.group_id " . "FROM groups,filemodule_monitor,frs_package " . "WHERE groups.group_id=frs_package.group_id " . "AND frs_package.status_id !=" . $frsrf->STATUS_DELETED . " " . "AND frs_package.package_id=filemodule_monitor.filemodule_id " . "AND filemodule_monitor.user_id='" . user_getid() . "' "; $um =& UserManager::instance(); $current_user =& $um->getCurrentUser(); if ($current_user->isRestricted()) { $projects = $current_user->getProjects(); $sql .= "AND groups.group_id IN (" . implode(',', $projects) . ") "; } $sql .= "GROUP BY group_id ORDER BY group_id ASC LIMIT 100"; $result = db_query($sql); $rows = db_numrows($result); if (!$result || $rows < 1) { $html_my_monitored_fp .= $GLOBALS['Language']->getText('my_index', 'my_files_msg'); } else { $html_my_monitored_fp .= '<table style="width:100%">'; $request =& HTTPRequest::instance(); for ($j = 0; $j < $rows; $j++) { $group_id = db_result($result, $j, 'group_id'); $sql2 = "SELECT frs_package.name,filemodule_monitor.filemodule_id " . "FROM groups,filemodule_monitor,frs_package " . "WHERE groups.group_id=frs_package.group_id " . "AND groups.group_id={$group_id} " . "AND frs_package.status_id !=" . $frsrf->STATUS_DELETED . " " . "AND frs_package.package_id=filemodule_monitor.filemodule_id " . "AND filemodule_monitor.user_id='" . user_getid() . "' LIMIT 100"; $result2 = db_query($sql2); $rows2 = db_numrows($result2); $vItemId = new Valid_UInt('hide_item_id'); $vItemId->required(); if ($request->valid($vItemId)) { $hide_item_id = $request->get('hide_item_id'); } else { $hide_item_id = null; } $vFrs = new Valid_WhiteList('hide_frs', array(0, 1)); $vFrs->required(); if ($request->valid($vFrs)) { $hide_frs = $request->get('hide_frs'); } else { $hide_frs = null; } list($hide_now, $count_diff, $hide_url) = my_hide_url('frs', $group_id, $hide_item_id, $rows2, $hide_frs); $html_hdr = ($j ? '<tr class="boxitem"><td colspan="2">' : '') . $hide_url . '<A HREF="/project/?group_id=' . $group_id . '">' . db_result($result, $j, 'group_name') . '</A> '; $html = ''; $count_new = max(0, $count_diff); for ($i = 0; $i < $rows2; $i++) { if (!$hide_now) { $html .= ' <TR class="' . util_get_alt_row_color($i) . '">' . '<TD WIDTH="99%"> - <A HREF="/file/showfiles.php?group_id=' . $group_id . '">' . db_result($result2, $i, 'name') . '</A></TD>' . '<TD><A HREF="/file/filemodule_monitor.php?filemodule_id=' . db_result($result2, $i, 'filemodule_id') . '&group_id=' . $group_id . '" onClick="return confirm(\'' . $GLOBALS['Language']->getText('my_index', 'stop_file') . '\')">' . '<IMG SRC="' . util_get_image_theme("ic/trash.png") . '" HEIGHT="16" WIDTH="16" ' . 'BORDER=0" ALT="' . $GLOBALS['Language']->getText('my_index', 'stop_monitor') . '"></A></TD></TR>'; } } $html_hdr .= my_item_count($rows2, $count_new) . '</td></tr>'; $html_my_monitored_fp .= $html_hdr . $html; } $html_my_monitored_fp .= '</table>'; } return $html_my_monitored_fp; }
/** * $params['isScript'] * $params['groupId'] * $params['time'] */ function logUser($params) { if (!$params['isScript']) { $uid = 0; $uid = user_getid(); $request = HTTPRequest::instance(); $cookie_manager = new CookieManager(); $userLogManager = new UserLogManager(); $userLogManager->logAccess($params['time'], $params['groupId'], $uid, $cookie_manager->getCookie('session_hash'), $request->getFromServer('HTTP_USER_AGENT'), $request->getFromServer('REQUEST_METHOD'), $request->getFromServer('REQUEST_URI'), HTTPRequest::instance()->getIPAddress(), $request->getFromServer('HTTP_REFERER')); } }
function register_valid() { if (!$GLOBALS["Update"]) { return 0; } $GLOBALS[form_authorized_keys] = trim($GLOBALS[form_authorized_keys]); $GLOBALS[form_authorized_keys] = ereg_replace("(\r\n)|(\n)", "###", $GLOBALS[form_authorized_keys]); // if we got this far, it must be good db_query("UPDATE users SET authorized_keys='{$GLOBALS['form_authorized_keys']}' WHERE user_id=" . user_getid()); return 1; }
/** * getSummaryPageContent * * Return the text to display on the summary page * @return arr[title], arr[content] */ function getSummaryPageContent() { $hp = Codendi_HTMLPurifier::instance(); $ret = array('title' => $GLOBALS['Language']->getText('include_project_home', 'latest_file_releases'), 'content' => ''); $packages = $this->_getPackagesForUser(user_getid()); if (count($packages)) { $ret['content'] .= ' <table cellspacing="1" cellpadding="5" width="100%" border="0"> <tr class="boxitem"> <td> ' . $GLOBALS['Language']->getText('include_project_home', 'package') . ' </td> <td> ' . $GLOBALS['Language']->getText('include_project_home', 'version') . ' </td> <td> ' . $GLOBALS['Language']->getText('include_project_home', 'download') . ' </td> </tr> '; require_once 'FileModuleMonitorFactory.class.php'; $fmmf = new FileModuleMonitorFactory(); foreach ($packages as $package) { // the icon is different whether the package is monitored or not if ($fmmf->isMonitoring($package['package_id'])) { $monitor_img = $GLOBALS['HTML']->getImage("ic/notification_stop.png", array('alt' => $GLOBALS['Language']->getText('include_project_home', 'stop_monitoring'), 'title' => $GLOBALS['Language']->getText('include_project_home', 'stop_monitoring'))); } else { $monitor_img = $GLOBALS['HTML']->getImage("ic/notification_start.png", array('alt' => $GLOBALS['Language']->getText('include_project_home', 'start_monitoring'), 'title' => $GLOBALS['Language']->getText('include_project_home', 'start_monitoring'))); } $ret['content'] .= ' <TR class="boxitem"> <TD> <B>' . $hp->purify(util_unconvert_htmlspecialchars($package['package_name']), CODENDI_PURIFIER_CONVERT_HTML) . '</B> <a HREF="/file/filemodule_monitor.php?filemodule_id=' . $package['package_id'] . '">' . $monitor_img . ' </a> </TD>'; // Releases to display $ret['content'] .= '<TD>' . $hp->purify($package['release_name'], CODENDI_PURIFIER_CONVERT_HTML) . ' <A href="/file/shownotes.php?group_id=' . $this->getGroupId() . '&release_id=' . $package['release_id'] . '">' . $GLOBALS['HTML']->getImage("ic/text.png", array('alt' => $GLOBALS['Language']->getText('include_project_home', 'release_notes'), 'title' => $GLOBALS['Language']->getText('include_project_home', 'release_notes'))) . ' </TD> <TD><A HREF="/file/showfiles.php?group_id=' . $this->getGroupId() . '&release_id=' . $package['release_id'] . '">' . $GLOBALS['Language']->getText('include_project_home', 'download') . '</A></TD></TR>'; } $ret['content'] .= '</table>'; } else { $ret['content'] .= '<b>' . $GLOBALS['Language']->getText('include_project_home', 'no_files_released') . '</b>'; } $ret['content'] .= ' <div align="center"> <a href="/file/showfiles.php?group_id=' . $this->getGroupId() . '">[' . $GLOBALS['Language']->getText('include_project_home', 'view_all_files') . ']</A> </div> '; return $ret; }
function User_nforge($id = '') { if ($id) { $this->setID($id); $u =& user_get_object_by_name($id); } else { $u =& user_get_object(user_getid()); if ($u and is_object($u) and !$u->isError()) { global $DBInfo; $id = $u->getUnixName(); } if (!empty($id)) { $this->setID($id); $udb = new UserDB($DBInfo); $tmp = $udb->getUser($id); // get timezone and make timezone offset $tz_offset = date('Z'); $update = 0; if ($tz_offset != $tmp->info['tz_offset']) { $update = 1; } if (!empty($DBInfo->use_homepage_url) and empty($tmp->info['home']) or $update or empty($tmp->info['nick']) or $tmp->info['nick'] != $u->data_array['realname']) { // register user $tmp->info['tz_offset'] = $tz_offset; $tmp->info['nick'] = $u->data_array['realname']; if (!empty($DBInfo->use_homepage_url)) { $tmp->info['home'] = util_make_url_u($u->getID(), true); } $udb->saveUser($tmp); } } else { $id = 'Anonymous'; $this->setID('Anonymous'); } } $this->css = isset($_COOKIE['MONI_CSS']) ? $_COOKIE['MONI_CSS'] : ''; $this->theme = isset($_COOKIE['MONI_THEME']) ? $_COOKIE['MONI_THEME'] : ''; $this->bookmark = isset($_COOKIE['MONI_BOOKMARK']) ? $_COOKIE['MONI_BOOKMARK'] : ''; $this->trail = isset($_COOKIE['MONI_TRAIL']) ? _stripslashes($_COOKIE['MONI_TRAIL']) : ''; $this->tz_offset = isset($_COOKIE['MONI_TZ']) ? _stripslashes($_COOKIE['MONI_TZ']) : ''; $this->nick = isset($_COOKIE['MONI_NICK']) ? _stripslashes($_COOKIE['MONI_NICK']) : ''; if ($this->tz_offset == '') { $this->tz_offset = date('Z'); } if (!empty($id) and $id != 'Anonymous') { global $DBInfo; $udb = new UserDB($DBInfo); if (!$udb->_exists($id)) { $dummy = $udb->saveUser($this); } } }
public function processUpload(HTTPRequest $request) { $attch = new PHPWikiAttachment(); $request_uri = preg_replace('/^\\/wiki/', PHPWIKI_PLUGIN_BASE_URL, $request->getFromServer('REQUEST_URI')); $attch->setUri($request_uri); if ($attch->exist() && $attch->isActive()) { if ($attch->isAutorized(user_getid())) { $attch->htmlDump(); } } else { exit_error($GLOBALS['Language']->getText('global', 'error'), $GLOBALS['Language']->getText('plugin_phpwiki_attachment_upload', 'err_not_exist')); } }
/** * handle the insertion of history for corresponding parameters * $args is an array containing a list of parameters to use when * the message is to be displayed by the history.php script * The array is stored as a string at the end of the field_name * with the following format: * field_name %% [arg1, arg2...] * * @param String $fieldName Event category * @param String $oldValue Event value * @param Integer $groupId Project ID * @param Array $args list of parameters used for message display * * @return DataAccessResult */ function groupAddHistory($fieldName, $oldValue, $groupId, $args = false) { if ($args) { $fieldName .= " %% " . implode("||", $args); } $userId = user_getid(); if ($userId == 0) { $userId = 100; } $sql = 'insert into ' . $this->table_name . '(group_id,field_name,old_value,mod_by,date) VALUES (' . $this->da->escapeInt($groupId) . ' , ' . $this->da->quoteSmart($fieldName) . ', ' . $this->da->quoteSmart($oldValue) . ' , ' . $this->da->escapeInt($userId) . ' , ' . $this->da->escapeInt($_SERVER['REQUEST_TIME']) . ')'; $this->retrieve($sql); }
function register_valid() { if (!$GLOBALS["Update"]) { return 0; } if (!$GLOBALS[form_shell]) { $GLOBALS[register_error] = "You must supply a new login shell."; return 0; } // if we got this far, it must be good db_query("UPDATE users SET shell='{$GLOBALS['form_shell']}' WHERE user_id=" . user_getid()); return 1; }
/** * Creates a time entry record * * NOTE: this is a real hack as it uses the existing procedural code to call on functionality. * The biggest drawback is that this method will not be able to return the Primary Key for the * time entry record because the key is a unixtimestamp (see the way the UI uses timeadd.php * to fully appreciate what I mean). * * @author Tony Bibbs <*****@*****.**> * @access public * @param int $projectTaskId The project task the user is reporting time to * @param int $week The week the time being reported was done * @param int $daysAdjust Represents the offset to add to the given week to specify the day * @param int $timeCode The type of work that was done (general categorization) * @param float $hours The actual time spent * @return int This will be the Artificat ID otherwise it will be false if an error occurred * @todo I'm quite concerned that none of the form data is being sanitized for things like * unwanted HTML, JavaSript and SQL Injection. Might be worth adding that sort of filtering * as provided by the KSES Filter (search Google). * @todo The check that looks to see if this method works is not language independent. * someone that better understands how that all works will want to remove the hardcoded * 'successfully added'. * */ function create($projectTaskId, $week, $daysAdjust, $timeCode, $hours) { $report_date = $week + $days_adjust * REPORT_DAY_SPAN + 12 * 60 * 60; $res = db_query("INSERT INTO rep_time_tracking (user_id,week,report_date,project_task_id,time_code,hours)\n VALUES ('" . user_getid() . "','{$week}','{$report_date}','{$projectTaskId}','{$timeCode}','{$hours}')"); //$res=db_query("INSERT INTO rep_time_tracking (user_id,week,report_date,project_task_id,time_code,hours) // VALUES (103,'$week','$report_date','$projectTaskId','$timeCode','$hours')"); //print_r($res); exit; if (!$res) { exit_error('Error', db_error()); } else { $feedback .= _('Successfully Added'); } return db_affected_rows($res); }
function snippet_data_can_modify_snippet_package($snippet_package_id) { if (user_is_super_user()) { return true; } else { $sql = "SELECT submitted_by FROM snippet_package_version WHERE snippet_package_id='{$snippet_package_id}'"; $result = db_query($sql); while ($resrow = db_fetch_array($result)) { if ($resrow['submitted_by'] == user_getid()) { return true; break; } } } return false; }
function register_valid() { global $Language; $request =& HTTPRequest::instance(); if (!$request->isPost() || !$request->exist('Update')) { return 0; } if (!$request->existAndNonEmpty('form_realname')) { $GLOBALS['Response']->addFeedback('error', $Language->getText('account_change_realname', 'error')); return 0; } // if we got this far, it must be good $sql = "UPDATE user SET realname='" . db_es($request->get('form_realname')) . "' WHERE user_id=" . user_getid(); db_query($sql); return 1; }
function &getArtifactQueries() { if (!is_null($this->ArtifactQueries)) { return $this->ArtifactQueries; } $this->ArtifactQueries = array(); $res = db_query("SELECT * FROM artifact_query WHERE user_id='" . user_getid() . "' " . "AND group_artifact_id='" . $this->ArtifactType->getID() . "'"); if (!$res) { $this->setError("ArtifactQueryFactory:: Database error"); } while ($data = db_fetch_array($res)) { $artifactQuery = new ArtifactQuery($this->ArtifactType, $data["artifact_query_id"]); $this->ArtifactQueries[] = $artifactQuery; } return $this->ArtifactQueries; }
public function __construct($label, $name, $value, $with_none = false, $onchange = "", $desc = "") { parent::__construct($label, $name, $value, $with_none, $onchange, $desc); require_once 'common/tracker/ArtifactFieldFactory.class.php'; require_once 'common/tracker/ArtifactType.class.php'; $at = new ArtifactType($GLOBALS['ath']->Group, $GLOBALS['ath']->getID(), false); $aff = new ArtifactFieldFactory($at); foreach ($aff->getAllUsedFields() as $field) { if ($field->userCanRead($GLOBALS['group_id'], $GLOBALS['ath']->getID(), user_getid())) { if ($field->isdateField()) { $selected = $this->value == $field->getName(); $this->addOption(new HTML_Element_Option($field->getLabel(), $field->getName(), $selected)); } } } }
/** * return a resultset of Group for the current user * * @return resultset */ function getMemberGroups() { global $Language; if (!user_isloggedin()) { $this->setError($Language->getText('include_exit', 'perm_denied')); return false; } $sql = "SELECT g.group_id,g.group_name " . "FROM groups g, user_group ug " . "WHERE g.group_id <> 100 AND g.status = 'A' AND g.group_id = ug.group_id " . "AND ug.user_id=" . user_getid() . " " . "ORDER BY g.group_name ASC"; //echo $sql; $result = db_query($sql); $rows = db_numrows($result); if (!$result || $rows < 1) { $this->setError($Language->getText('include_common_groupfactory', 'none_found', db_error())); return false; } return $result; }
/** * build burnup chart properties * * @param Burnup_Engine $engine object */ function buildProperties($engine) { parent::buildProperties($engine); $data = array(); $remaining = array(); $engine->legend = null; $result = array(); $ff = Tracker_FormElementFactory::instance(); $remaining_f = $ff->getFormElementById($this->chart->getRemainingField()); $done_f = $ff->getFormElementById($this->chart->getDoneField()); $ids = array_map(create_function('$a', 'return $a["id"];'), $this->artifacts); if ($remaining_f && $remaining_f->userCanRead(user_getid()) && $done_f && $done_f->userCanRead(user_getid())) { $sql = "SELECT c.artifact_id AS id, \n TO_DAYS(FROM_UNIXTIME(submitted_on)) - TO_DAYS(FROM_UNIXTIME(0)) as day, \n f.value as remaining,\n done_f.value as done\n FROM tracker_changeset AS c \n INNER JOIN tracker_changeset_value AS v ON(v.changeset_id = c.id)\n INNER JOIN tracker_field_int_value AS f ON(f.field_id = v.field_id and v.value_id = f.id)\n INNER JOIN tracker_changeset_value AS done_v ON(done_v.changeset_id = c.id)\n INNER JOIN tracker_field_int_value AS done_f ON(done_f.field_id = done_v.field_id and done_v.value_id = done_f.id)\n WHERE c.artifact_id IN (" . implode(',', $ids) . ")\n AND v.field_id = {$remaining_f->id}\n AND done_v.field_id = {$done_f->id}"; //syntax($sql, 'sql'); $res = db_query($sql); $data = $this->extractDataFromResult($res, $ids, 'done'); $remaining = $this->extractDataFromResult($res, $ids, 'remaining'); } $engine->data = $data; $engine->remaining = $remaining; return $data; }
function people_add_to_skill_inventory($skill_id, $skill_level_id, $skill_year_id) { global $feedback, $Language; if (user_isloggedin()) { //check if they've already added this skill $sql = "SELECT * FROM people_skill_inventory WHERE user_id='" . user_getid() . "' AND skill_id='{$skill_id}'"; $result = db_query($sql); if (!$result || db_numrows($result) < 1) { //skill not already in inventory $sql = "INSERT INTO people_skill_inventory (user_id,skill_id,skill_level_id,skill_year_id) " . "VALUES ('" . user_getid() . "','{$skill_id}','{$skill_level_id}','{$skill_year_id}')"; $result = db_query($sql); if (!$result || db_affected_rows($result) < 1) { $feedback .= ' ' . $Language->getText('people_utils', 'error_inserting') . ' '; echo db_error(); } else { $feedback .= ' ' . $Language->getText('people_utils', 'added_skill') . ' '; } } else { $feedback .= ' ' . $Language->getText('people_utils', 'error_skill_already') . ' '; } } else { echo '<H1>' . $Language->getText('people_utils', 'must_be_loggin') . '</H1>'; } }
/** * Extract References from a given text and insert extracted refs into the database * * @param String $html Text to parse * @param Integer $source_id Id of the item where the text was added * @param String $source_type Nature of the source * @param Integer $source_gid Project Id of the project the source item belongs to * @param Integer $user_id User who owns the text to parse * @param String $source_key Keyword to use for the reference (if different from the one associated to the nature) * * @retrun Boolean True if no error */ function extractCrossRef($html, $source_id, $source_type, $source_gid, $user_id = 0, $source_key = null) { if ($source_key == null) { $available_natures = $this->getAvailableNatures(); if ($source_type == self::REFERENCE_NATURE_ARTIFACT) { $source_key = $this->getArtifactKeyword($source_id, $source_gid); if (!$source_key) { $source_key = $available_natures[$source_type]['keyword']; } } else { $source_key = $available_natures[$source_type]['keyword']; } } $matches = $this->_extractAllMatches($html); foreach ($matches as $match) { // Analyse match $key = strtolower($match[1]); if ($match[2]) { // A target project name or ID was specified // remove trailing colon $target_project = substr($match[2], 0, strlen($match[2]) - 1); // id or name? if (is_numeric($target_project)) { $ref_gid = $target_project; } else { // project name instead... $this->_initGroupHash(); if (isset($this->groupIdByName[$target_project])) { $ref_gid = $this->groupIdByName[$target_project]; } else { if (isset($this->groupIdByNameLower[$target_project])) { $ref_gid = $this->groupIdByNameLower[$target_project]; } else { return null; } } } } else { if ($this->tmpGroupIdForCallbackFunction) { $ref_gid = $this->tmpGroupIdForCallbackFunction; } else { if (array_key_exists('group_id', $GLOBALS)) { $ref_gid = $GLOBALS['group_id']; // might not be set } else { $ref_gid = ''; } } } $value = $match[3]; if ($ref_gid == "") { $ref_gid = 100; } // use system references only $num_args = substr_count($value, '/') + 1; // Count number of arguments in detected reference $ref = $this->_getReferenceFromKeywordAndNumArgs($key, $ref_gid, $num_args); if ($ref) { //Cross reference $sqlkey = 'SELECT link, nature from reference r,reference_group rg where keyword="' . $match[1] . '" AND r.id = rg.reference_id AND rg.group_id=' . $source_gid; $reskey = db_query($sqlkey); if ($reskey && db_numrows($reskey) > 0) { $key_array = db_fetch_array($reskey); $target_type = $key_array['nature']; $target_id = $match[3]; $target_key = $match[1]; // keyword $target_gid = $ref_gid; if ($user_id == 0) { $user_id = user_getid(); } $cross_ref = new CrossReference($source_id, $source_gid, $source_type, $source_key, $target_id, $target_gid, $target_type, $target_key, $user_id); if (!$cross_ref->existInDb()) { $cross_ref->createDbCrossRef(); } } } } return true; }
/** * create - create a new item in the database. * * @para string Filename of the item. * @param string Item filetype. * @param string Item filesize. * @param binary Binary item data. * @param string Item description. * @return id on success / false on failure. */ function create($filename, $filetype, $filesize, $bin_data, $description = false, &$changes) { global $Language; if (!$description) { $description = $Language->getText('global', 'none'); } $old_value = $this->Artifact->getAttachedFileNames(); // Some browsers don't supply mime type if they don't know it if (!$filetype) { // Let's be on safe side? $filetype = 'application/octet-stream'; } // // data validation // if (!$filename || !$filetype || !$filesize || !$bin_data) { $GLOBALS['Response']->addFeedback('error', '<P>|' . $filename . '|' . $filetype . '|' . $filesize . '|' . $bin_data . '|'); $this->setError('ArtifactFile: ' . $Language->getText('tracker_common_file', 'name_requ')); return false; } if (user_isloggedin()) { $userid = user_getid(); } else { $userid = 100; } $res = db_query("INSERT INTO artifact_file\n\t\t\t(artifact_id,description,bin_data,filename,filesize,filetype,adddate,submitted_by)\n\t\t\tVALUES \n\t\t\t('" . db_ei($this->Artifact->getID()) . "','" . db_es($description) . "','" . db_es($bin_data) . "','" . db_es($filename) . "',\n\t\t\t'" . db_ei($filesize) . "','" . db_es($filetype) . "','" . time() . "','" . db_ei($userid) . "')"); $id = db_insertid($res, 'artifact_file', 'id'); if (!$res || !$id) { $this->setError('ArtifactFile: ' . db_error()); return false; } else { $this->clearError(); $changes['attach']['description'] = $description; $changes['attach']['name'] = $filename; $changes['attach']['size'] = $filesize; if ($old_value == '') { $new_value = $filename; } else { $new_value = $old_value . "," . $filename; } $this->Artifact->addHistory('attachment', $old_value, $new_value); $changes['attach']['href'] = get_server_url() . "/tracker/download.php?artifact_id=" . $this->Artifact->getID() . "&id={$id}"; return $id; } }
// Copyright 1999-2000 (c) The SourceForge Crew // http://sourceforge.net // // $Id: editjob.php,v 1.2 2003/11/13 11:29:25 helix Exp $ require 'pre.php'; require '../people/people_utils.php'; if ($group_id && user_ismember($group_id, 'A')) { if ($add_job) { /* create a new job */ if (!$title || !$description || $category_id == 100) { //required info exit_error('error - missing info', 'Fill in all required fields'); } $sql = "INSERT INTO people_job (group_id,created_by,title,description,date,status_id,category_id) " . "VALUES ('{$group_id}','" . user_getid() . "','{$title}','{$description}','" . time() . "','1','{$category_id}')"; $result = db_query($sql); if (!$result || db_affected_rows($result) < 1) { $feedback .= ' JOB insert FAILED '; echo db_error(); } else { $job_id = db_insertid($result, 'people_job', 'job_id'); $feedback .= ' JOB inserted successfully '; } } else { if ($update_job) { /* update the job's description, status, etc */ if (!$title || !$description || $category_id == 100 || $status_id == 100 || !$job_id) { //required info
/** * create - use this function to create a new entry in the database. * * @param string The filename of this document. Can be a URL. * @param string The filetype of this document. If filename is URL, this should be 'URL'; * @param string The contents of this document (should be addslashes()'d before entry). * @param int The doc_group id of the doc_groups table. * @param string The title of this document. * @param int The language id of the supported_languages table. * @param string The description of this document. * @return boolean success. */ function create($filename, $filetype, $data, $doc_group, $title, $language_id, $description) { if (strlen($title) < 5) { $this->setError(_('Title Must Be At Least 5 Characters')); return false; } if (strlen($description) < 10) { $this->setError(_('Document Description Must Be At Least 10 Characters')); return false; } /* $perm =& $this->Group->getPermission( session_get_user() ); if (!$perm || !is_object($perm) || !$perm->isDocEditor()) { $this->setPermissionDeniedError(); return false; } */ $user_id = session_loggedin() ? user_getid() : 100; $doc_initstatus = '3'; // If Editor - uploaded Documents are ACTIVE if (session_loggedin()) { $perm =& $this->Group->getPermission(session_get_user()); if ($perm && is_object($perm) && $perm->isDocEditor()) { $doc_initstatus = '1'; } } // If $filetype is "text/plain", $body convert UTF-8 encoding. if (strcasecmp($filetype, "text/plain") === 0 && function_exists('mb_convert_encoding') && function_exists('mb_detect_encoding')) { $data = mb_convert_encoding($data, 'UTF-8', mb_detect_encoding($data)); } $data1 = $data; // key words for in-document search $kw = new Parsedata($this->engine_path); $kwords = $kw->get_parse_data(stripslashes($data1), htmlspecialchars($title1), htmlspecialchars($description), $filetype); // $kwords = ""; $filesize = strlen($data); $sql = "INSERT INTO doc_data (group_id,title,description,createdate,doc_group,\n\t\t\tstateid,language_id,filename,filetype,filesize,data,data_words,created_by)\n\t\t\tVALUES ('" . $this->Group->getId() . "',\n\t\t\t'" . htmlspecialchars($title) . "',\n\t\t\t'" . htmlspecialchars($description) . "',\n\t\t\t'" . time() . "',\n\t\t\t'{$doc_group}',\n\t\t\t'{$doc_initstatus}',\n\t\t\t'{$language_id}',\n\t\t\t'{$filename}',\n\t\t\t'{$filetype}',\n\t\t\t'{$filesize}',\n\t\t\t'" . base64_encode(stripslashes($data)) . "',\n\t\t\t'{$kwords}',\n\t\t\t'{$user_id}')"; db_begin(); $result = db_query($sql); if (!$result) { $this->setError('Error Adding Document: ' . db_error()); db_rollback(); return false; } $docid = db_insertid($result, 'doc_data', 'docid'); if (!$this->fetchData($docid)) { db_rollback(); return false; } $this->sendNotice(true); db_commit(); return true; }
$name = db_scrub($_POST["name"]); $description = db_scrub($_POST["description"]); $submit = db_scrub($_POST["submit"]); $ok = false; if ($submit && !$just_logged_in) { if ($name == "" or $description == "") { $feedback = "Please name your policy, and give a definition."; } else { $db = new DB(); $ret = $db->query_errcheck("insert into pw_dyn_dreammp (name, user_id, description, private) values\n ('{$name}', '" . user_getid() . "', '{$description}', 2)"); if ($ret) { $new_dreamid = mysql_insert_id(); $ok = true; $feedback = "Successfully made new policy <a href=\"/policy.php?id={$new_dreamid}\">" . html_scrub($name) . "</a>. To \n select votes for your new policy, <a href=\"../search.php\">search</a> or\n <a href=\"../divisions.php\">browse</a> for divisions. On the page for\n each division you can choose how somebody supporting your policy would have voted."; if (user_getid()) { $db->query("update pw_dyn_user set active_policy_id = {$new_dreamid} where user_id = " . user_getid()); } audit_log("Added new policy '" . $name . "'"); dream_post_forum_action($db, $new_dreamid, "Created brand new policy.\n\n[b]New Policy:[/b] [url=http://www.publicwhip.org.uk/policy.php?id=" . $new_dreamid . "]" . stripslashes($name) . "[/url]\n[b]Definition:[/b] " . stripslashes($description)); } else { $feedback = "Failed to add new policy. " . mysql_error(); } } } $title = "Make a new policy"; pw_header(); if ($feedback && !$just_logged_in) { if ($ok) { echo "<p>{$feedback}</p>"; } else { echo "<div class=\"error\"><h2>Creating a new policy not complete, please try again\n </h2><p>{$feedback}</div>";
function bookmark_delete($bookmark_id) { db_query("DELETE from user_bookmarks WHERE bookmark_id='" . db_es($bookmark_id) . "' " . "and user_id='" . user_getid() . "'"); }
require_once 'include/ArtifactRulesManagerHtml.class.php'; // Check if this tracker is valid (not deleted) if (!$ath->isValid()) { exit_error($Language->getText('global', 'error'), $Language->getText('tracker_add', 'invalid')); } // Create factories $art_field_fact = new ArtifactFieldFactory($ath); // Printer version ? if (!$request->exist('pv')) { $pv = false; $ro = false; } else { $pv = $request->get('pv'); if ($pv) { $ro = true; } } $GLOBALS['HTML']->includeFooterJavascriptFile('/scripts/tiny_mce/tiny_mce.js'); $GLOBALS['HTML']->addFeed($group->getPublicName() . ' ' . $ath->getName() . ' #' . $ah->getId() . ' - ' . html_entity_decode($ah->getValue('summary'), ENT_QUOTES) . ' - ' . $Language->getText('tracker_include_artifact', 'follow_ups'), '/tracker/?func=rss&aid=' . $ah->getId() . '&atid=' . $ath->getID() . '&group_id=' . $group->getGroupId()); $params = array('title' => $group->getPublicName() . ' ' . $ath->getName() . ' #' . $ah->getID() . ' - \'' . $ah->getSummary() . '\'', 'pagename' => 'tracker', 'atid' => $ath->getID(), 'sectionvals' => array($group->getPublicName()), 'pv' => $pv, 'help' => 'ArtifactUpdate.html'); $ath->header($params); // artifact object (and field values) initialized in script above (index.php) $ah->display($ro, $pv, user_getid()); echo '<script type="text/javascript">' . "\n"; $armh = new ArtifactRulesManagerHtml($ath); $armh->displayRulesAsJavascript(); echo "Event.observe(window, 'load', function() {\n if (\$('tracker_details')) {\n new com.xerox.codendi.FieldEditor('tracker_details', {\n edit: '" . addslashes($Language->getText('tracker_fieldeditor', 'edit')) . "',\n preview: '" . addslashes($Language->getText('tracker_fieldeditor', 'preview')) . "',\n warning: '" . addslashes($Language->getText('tracker_fieldeditor', 'warning')) . "',\n group_id:" . (int) $ath->getGroupId() . "\n });\n }\n \n new Codendi_RTE_Light_Tracker_FollowUp('tracker_artifact_comment');\n});"; echo "new UserAutoCompleter('tracker_cc',\n '" . util_get_dir_image_theme() . "',\n true);\n"; echo "</script>"; // Display footer page $ath->footer($params);