function write_system_roles($roles, $system_id)
{
global $c, $session;
$users = "";
$role_update = "";
$system_id = intval($system_id);
foreach ($roles as $user_no => $role_code) {
if ($role_code != "") {
$user_no = intval($user_no);
$users .= ("{$users}" == "" ? "" : ",") . $user_no;
$role_update .= "SELECT set_system_role({$user_no},{$system_id}," . qpg($role_code) . ");";
}
}
if ($users == "") {
$sql = "DELETE FROM system_usr WHERE system_id = {$system_id};";
} else {
$sql = "BEGIN; DELETE FROM system_usr WHERE system_id = {$system_id} AND user_no NOT IN ( {$users} ); {$role_update} COMMIT;";
}
$q = new PgQuery($sql);
if ($q->Exec("SystemUsers::Write")) {
$c->messages[] = "System Roles updated.";
} else {
$c->messages[] = "There was a system problem writing to the database and no changes were made.";
}
}
function update_timesheet($ts_finish)
{
global $ts_no, $ts_start, $ts_description, $client_messages, $dow, $sow, $session;
$session->Dbg("TimeSheet", "Updating timesheet for {$ts_finish}");
$ts_finish = intval($ts_finish);
if ($ts_no > 0 && $ts_finish > 0) {
$session->Dbg("TimeSheet", "Write timesheet from {$ts_start} to {$ts_finish} for {$ts_no} '{$ts_description}'");
$qry = new PgQuery("SELECT request_id FROM request WHERE request_id = ?", $ts_no);
if (!$qry->Exec("TimeSheet") || $qry->rows == 0) {
$client_messages[] = "WR # {$ts_no} was not found.";
$session->Dbg("TimeSheet", "WR# {$ts_no} '{$ts_description}' was not found.");
} else {
$lt = localtime($sow, true);
$session->Dbg("TimeSheet", "Time includes DST? " . $lt['tm_isdst']);
$from = date('Y-M-d, H:i', $sow + $dow * 86400 + ($ts_start - 60 * $lt['tm_isdst']) * 60);
$duration = sprintf("%d minutes", $ts_finish - $ts_start);
$quantity = ($ts_finish - $ts_start) / 60;
$description = ereg_replace("@\\|@.*\$", "", $ts_description);
$sql = "INSERT INTO request_timesheet ( request_id, work_on, work_duration, work_quantity, work_by_id, work_description, work_units, entry_details ) ";
$sql .= "VALUES( ?, ?::timestamp without time zone, ?::interval, ?, {$session->user_no}, ?, 'hours', ";
$sql .= sprintf("'TS-%d-%d');", $session->user_no, $sow);
$qry = new PgQuery($sql, $ts_no, $from, $duration, $quantity, $description);
$qry->Exec("TimeSheet");
}
} else {
$session->Dbg("TimeSheet", "Not writing timesheet from {$ts_start} to {$ts_finish} for {$ts_no} '{$ts_description}'");
}
$ts_no = 0;
$ts_start = 0;
$ts_description = "";
return;
}
function guess_mime_type($type_code)
{
$sql = "SELECT mime_type FROM attachment_type WHERE type_code = ?; ";
$qry = new PgQuery($sql, $type_code);
if ($qry->Exec("guess-mime-type") && $qry->rows > 0) {
$row = $qry->Fetch();
return $row->mime_type;
}
return "application/octet-stream";
}
function add_system_data($sql, $column)
{
global $systems;
$qry = new PgQuery($sql);
if (!$qry->Exec("rqchange") || $qry->rows == 0) {
return;
}
while ($row = $qry->Fetch()) {
$systems[$row->key]->{$column} = $row->data;
if (isset($row->system_desc)) {
$systems[$row->key]->{'system_desc'} = $row->system_desc;
}
}
}
function get_organisation_list($current = "", $maxwidth = 50)
{
global $session;
$sql = "SELECT organisation.org_code, organisation.abbreviation || ' - ' || organisation.org_name FROM organisation ";
if (!($session->AllowedTo("Admin") || $session->AllowedTo("Support"))) {
$sql .= "JOIN org_system USING (org_code) ";
$sql .= "JOIN work_system USING (system_id) ";
$sql .= "JOIN system_usr ON (work_system.system_id = system_usr.system_id ";
$sql .= "AND system_usr.user_no = {$session->user_no} ";
$sql .= "AND system_usr.role = 'S') ";
}
$sql .= "WHERE organisation.active ORDER BY LOWER(org_name)";
$q = new PgQuery($sql);
$org_code_list = $q->BuildOptionList($current, 'GetOrgList');
return $org_code_list;
}
function Process_Brief_editable_Requests()
{
global $session, $debuggroups, $client_messages, $active_flag, $request_status;
$sql = "BEGIN; ";
foreach ($request_status as $request_id => $new_status) {
if (isset($active_flag)) {
$request_active = $active_flag[$request_id] == 'on' ? 'TRUE' : 'FALSE';
$session->Log("DBG: request_id=%d, new_status=%s, active=%s, submitted_active=%s", $request_id, $new_status, $request_active, $active_flag[$request_id]);
$sql .= "SELECT set_request_status(" . qpg($request_id) . "," . qpg($session->user_no) . "," . qpg($new_status) . ", {$request_active}); ";
} else {
// Or if we are just changing the status, and the active/inactive choice is not available to this user
$sql .= "SELECT set_request_status(" . qpg($request_id) . "," . qpg($session->user_no) . "," . qpg($new_status) . "); ";
}
}
$q = new PgQuery($sql . " COMMIT;");
$q->Exec('WRSrch::ProcBriefEditable');
}
function send_newnodes_block()
{
global $theme;
$qry = new PgQuery("SELECT * FROM wu JOIN infonode USING(node_id) JOIN usr ON ( wu_by = user_no ) ORDER BY wu_on DESC LIMIT 20;");
if (!$qry->Exec("newnodes") || $qry->rows == 0) {
return;
}
$theme->BlockOpen();
$theme->BlockTitle("New Nodes");
$i = 0;
while ($wu = $qry->Fetch()) {
if ($i++ > 0) {
echo "<br>\n";
}
echo "<a class=blockhead href=\"/wu.php?node_id={$wu->node_id}\" class=block>{$wu->nodename}</a> by {$wu->username}\n";
}
echo "<img src=\"/images/clear.gif\" width=\"155\" height=\"50\" hspace=\"0\" vspace=\"2\" border=\"0\">\n";
$theme->BlockClose();
}
$title = "Quality Assurance Documents";
// -----------------------------------------------------------------------
include_once "qams-project-defs.php";
// -----------------------------------------------------------------------------------------------
// MAIN CONTENT
$s = "";
// DOCUMENTS ASSOCIATED WITH QA STEPS
// Let's see if we can do this bit with a single query..
$q = "SELECT p.*, s.*, d.*, m.*, md.path_to_template, md.path_to_example";
$q .= " FROM qa_phase p, qa_step s, qa_document d, qa_model m, qa_model_documents md";
$q .= " WHERE s.qa_phase=p.qa_phase";
$q .= " AND md.qa_model_id=m.qa_model_id";
$q .= " AND md.qa_document_id=s.qa_document_id";
$q .= " AND d.qa_document_id=s.qa_document_id";
$q .= " ORDER BY p.qa_phase_order, s.qa_step_order, m.qa_model_order";
$qry = new PgQuery($q);
if ($qry->Exec("qams-refdoc-index.php:get documents") && $qry->rows > 0) {
while ($row = $qry->Fetch(true)) {
$phase = $row["qa_phase_desc"];
$qa_model_name = $row["qa_model_name"];
$qa_document_id = $row["qa_document_id"];
$qa_document_title = $row["qa_document_title"];
$qa_document_desc = $row["qa_document_desc"];
$template = $row["path_to_template"];
$example = $row["path_to_example"];
// Only interested if we actually have a URL..
if ($template != "" || $example != "") {
$id = "{$phase}|{$qa_document_id}";
$doc[$id] = $qa_document_title;
$docdesc[$id] = $qa_document_desc;
if ($template != "") {
$ts = $qry->Fetch();
header("HTTP/1.1 200 OK");
header("ETag: {$ts->dav_etag}");
if (isset($debug)) {
header("Content-Type: text/plain");
} else {
header("Content-Type: text/calendar");
}
if ($ts->invoiced != "") {
$ts->description .= "\n" . $ts->invoiced;
}
$vevent = new vEvent(array('uid' => $ts_id . "@" . $_SERVER['SERVER_NAME'], 'dtstart' => $ts->dtstart, 'duration' => $ts->duration, 'summary' => $ts->summary, 'location' => $ts->location, 'description' => $ts->description));
print $vevent->Render();
dbg_error_log("GET", "User: %d, ETag: %s, Path: /%s/%d.ics", $get_user_no, $ts->dav_etag, $get_user_name, $ts_id);
} else {
$qry = new PgQuery("SELECT * FROM caldav_data WHERE user_no = ? AND dav_name = ? ;", $get_user_no, $get_path);
dbg_error_log("get", "%s", $qry->querystring);
if ($qry->Exec("GET") && $qry->rows == 1) {
$event = $qry->Fetch();
header("HTTP/1.1 200 OK");
header("ETag: {$event->dav_etag}");
if (isset($debug)) {
header("Content-Type: text/plain");
} else {
header("Content-Type: text/calendar");
}
print $event->caldav_data;
dbg_error_log("GET", "User: %d, ETag: %s, Path: %s", $get_user_no, $event->dav_etag, $get_path);
} else {
if ($qry->rows != 1) {
header("HTTP/1.1 500 Internal Server Error");
if (isset($etag_match) && $etag_match != '*' && $etag_match != '' && ("/" . $session->username . "/{$ts_id}" . ".ics" == "{$delete_path}" || "/" . $session->username . "/{$ts_id}@" . $_SERVER['SERVER_NAME'] . ".ics" == "{$delete_path}")) {
$qry = new PgQuery("SELECT * FROM request_timesheet WHERE work_by_id=? AND dav_etag=? AND timesheet_id=?", $session->user_no, $etag_match, $ts_id);
if ($qry->Exec("DELETE") && $qry->rows == 1) {
$qry = new PgQuery("DELETE FROM request_timesheet WHERE work_by_id=? AND dav_etag=? AND timesheet_id=?", $session->user_no, $etag_match, $ts_id);
if ($qry->Exec("DELETE")) {
header("HTTP/1.1 200 OK");
dbg_error_log("DELETE", "DELETE: User: %d, ETag: %s, Path: %s", $session->user_no, $etag_none_match, $delete_path);
} else {
header("HTTP/1.1 500 Infernal Server Error");
dbg_error_log("DELETE", "DELETE failed: User: %d, ETag: %s, Path: %s, SQL: %s", $session->user_no, $etag_none_match, $delete_path, $qry->querystring);
}
} else {
header("HTTP/1.1 404 Not Found");
dbg_error_log("DELETE", "DELETE row not found: User: %d, ETag: %s, Path: %s", $qry->rows, $session->user_no, $etag_none_match, $delete_path);
}
} else {
$qry = new PgQuery("SELECT * FROM caldav_data WHERE user_no=? AND dav_name=?", $session->user_no, $delete_path);
if ($qry->Exec("DELETE") && $qry->rows == 1) {
$qry = new PgQuery("DELETE FROM caldav_data WHERE user_no=? AND dav_name=?", $session->user_no, $delete_path);
if ($qry->Exec("DELETE")) {
header("HTTP/1.1 200 OK");
dbg_error_log("DELETE", "DELETE: User: %d, Path: %s", $session->user_no, $delete_path);
} else {
header("HTTP/1.1 500 Infernal Server Error");
dbg_error_log("DELETE", "DELETE failed: User: %d, Path: %s, SQL: %s", $session->user_no, $delete_path, $qry->querystring);
}
} else {
header("HTTP/1.1 404 Not Found");
dbg_error_log("DELETE", "DELETE row not found: User: %d, Path: %s", $qry->rows, $session->user_no, $delete_path);
}
}
// First, save the assignment..
$qastep->responsible_usr = $new_assignment != "" ? $new_assignment : NULLVALUE;
$qastep->responsible_datetime = timestamp_to_datetime();
$qastep->save();
// Save current phase to project record..
$q = "UPDATE request_project SET";
$q .= " qa_phase='{$qastep->qa_phase}'";
$q .= " WHERE request_id={$qastep->project_id}";
$qry = new PgQuery($q);
$ok = $qry->Exec("qams-step-detail.php::assignment");
// Re-read to get new user name and email..
$qastep->get($project->request_id, $qastep->qa_step_id);
// If we are assigning someone, then let everyone know. Otherwise a null
// assignment is de-assigning somebody, which we keep quiet about..
if ($new_assignment != "") {
$qry = new PgQuery("SELECT email, fullname FROM usr WHERE user_no={$new_assignment}");
if ($qry->Exec("qams-step-detail.php::new_assignment") && $qry->rows > 0) {
$row = $qry->Fetch();
// Assignee email..
$assignee_email = $row->email;
$assignee_fullname = $row->fullname;
$subject = "QAMS Assignment: {$qastep->qa_step_desc} [{$project->system_id}/{$project->username}]";
$recipients = array($assignee_email => $assignee_fullname);
// Assemble body for assignee..
$s .= "<p>Congratulations! You have been chosen from thousands of eager applicants ";
$s .= "to take ownership of this quality assurance step, and deliver it through ";
$s .= "the approval process.</p>";
$s .= "<p>The step you are charged with getting through approval is known as '" . $qastep->qa_step_desc . "'</p>";
if ($qastep->qa_step_notes != "") {
$s .= "<p>Some notes on what reviewers will be looking for when approving this step: ";
$s .= $qastep->qa_step_notes . "</p>";
/**
* Do what must be done with time zones from on file. Attempt to turn
* them into something that PostgreSQL can understand...
*
* @deprecated This function is deprecated and will be removed eventually.
* @todo Remove this function.
*/
function DealWithTimeZones()
{
global $c;
dbg_error_log("LOG", " iCalendar: Call to deprecated method '%s'", 'DealWithTimeZones');
$tzid = $this->Get('TZID');
if (isset($c->save_time_zone_defs) && $c->save_time_zone_defs) {
$qry = new PgQuery("SELECT tz_locn FROM time_zone WHERE tz_id = ?;", $tzid);
if ($qry->Exec('iCalendar') && $qry->rows == 1) {
$row = $qry->Fetch();
$this->tz_locn = $row->tz_locn;
}
dbg_error_log("icalendar", " TZCrap2: TZID '%s', DB Rows=%d, Location '%s'", $tzid, $qry->rows, $this->tz_locn);
}
if ((!isset($this->tz_locn) || $this->tz_locn == '') && $tzid != '') {
/**
* In case there was no X-LIC-LOCATION defined, let's hope there is something in the TZID
* that we can use. We are looking for a string like "Pacific/Auckland" if possible.
*/
$tzname = preg_replace('#^(.*[^a-z])?([a-z]+/[a-z]+)$#i', '$1', $tzid);
/**
* Unfortunately this kind of thing will never work well :-(
*
if ( strstr( $tzname, ' ' ) ) {
$words = preg_split('/\s/', $tzname );
$tzabbr = '';
foreach( $words AS $i => $word ) {
$tzabbr .= substr( $word, 0, 1);
}
$this->tz_locn = $tzabbr;
}
*/
if (preg_match('#\\S+/\\S+#', $tzname)) {
$this->tz_locn = $tzname;
}
dbg_error_log("icalendar", " TZCrap3: TZID '%s', Location '%s', Perhaps: %s", $tzid, $this->tz_locn, $tzname);
}
if ($tzid != '' && isset($c->save_time_zone_defs) && $c->save_time_zone_defs && $qry->rows != 1 && isset($this->vtimezone) && $this->vtimezone != "") {
$qry2 = new PgQuery("INSERT INTO time_zone (tz_id, tz_locn, tz_spec) VALUES( ?, ?, ? );", $tzid, $this->tz_locn, $this->vtimezone);
$qry2->Exec("iCalendar");
}
if ((!isset($this->tz_locn) || $this->tz_locn == "") && isset($c->local_tzid)) {
$this->tz_locn = $c->local_tzid;
}
}
<?php
if (!is_member_of('Admin', 'Support')) {
return;
}
$qry = new PgQuery("SELECT * FROM attachment_type ORDER BY seq;");
if ($qry->Exec('Form::att_type')) {
echo "<small>" . $qry->rows . " types found";
echo "<table border=\"0\" align=\"center\">";
if ($qry->rows > 0) {
echo "<tr>\n";
echo '<th class="pcol">Code</th>';
echo '<th class="pcol">Description</th>';
echo '<th class="pcol" align="center">Seq</th>';
echo '<th class="pcol">Mime Type</th>';
echo '<th class="pcol">Pattern</th>';
echo '<th class="pcol">Mime Pattern</th>';
echo "</tr>\n";
// Build table of systems found
$i = 0;
$line_format = '<tr class="row%1d">';
$line_format .= '<td class="sml" width="5%%"><a href="attachment_type.php?type_code=%s">%s</a></td>';
$line_format .= '<td class="sml" width="23%%"><a href="attachment_type.php?type_code=%s">%s</a></td>';
$line_format .= '<td class="sml" align="right" width="3%%">%d</td>';
$line_format .= '<td class="sml" width="23%%">%s</td>';
$line_format .= '<td class="sml" width="5%%">%s</td>';
$line_format .= '<td class="sml" width="23%%">%s</td>';
$line_format .= "</tr>\n";
while ($row = $qry->Fetch()) {
printf($line_format, $i++ % 2, $row->type_code, $row->type_code, $row->type_code, $row->type_desc, $row->seq, $row->mime_type, $row->pattern, $row->mime_pattern);
}
}
if (isset($choose_columns) && $choose_columns) {
array_push($form_url_parameters, "choose_columns=1");
}
$form_url = "{$PHP_SELF}";
for ($i = 0; $i < count($form_url_parameters) && $i < 20; $i++) {
$form_url .= ($i == 0 ? '?' : '&') . $form_url_parameters[$i];
}
echo "<form name=\"search\" action=\"{$form_url}\" Method=\"POST\">";
$systems = new PgQuery(SqlSelectSystems($org_code));
$system_list = $systems->BuildOptionList($system_id, "requestlist");
echo "<table border=0 cellspacing=2 cellpadding=0 align=center class=row0 width=100% style=\"border: 1px dashed #aaaaaa;\">\n<tr>\n";
echo "<td width=100%><table border=0 cellspacing=0 cellpadding=0 width=100%><tr valign=middle>\n";
echo "<td class=smb> System:</td><td class=\"sml\"><select class=\"sml\" name=system_id><option value=\".\">--- All Systems ---</option>{$system_list}</select></td>\n";
if (is_member_of('Admin', 'Support', 'Contractor')) {
$organisations = new PgQuery(SqlSelectOrganisations($org_code));
$orglist = "<option value=\"\">--- All Organisations ---</option>\n" . $organisations->BuildOptionList("{$org_code}", "requestlist");
echo "<td class=\"smb\"> Organisation:</td><td class=\"sml\"><select class=\"sml\" name=\"org_code\">\n{$orglist}</select></td>\n";
}
echo "<td valign=middle class=smb align=center><input type=submit value=\"RUN\" alt=\"Run\" title=\"Run a query with these settings\" name=submit class=\"submit\">";
echo "</tr></table></td></tr>\n";
echo "</table></form>\n";
}
// if not plain or stripped style
/**
* Now we build the statement that will find those requests...
*/
$query = "";
$maxresults = isset($maxresults) && intval($maxresults) > 0 ? intval($maxresults) : 100;
$flipped_columns = array_flip($columns);
$query .= "SELECT request.request_id, brief, usr.fullname, usr.email, request_on, status.lookup_desc AS status_desc, last_activity, detailed ";
/**
* Save this approval record into the approval history set. If the ID
* is still zero then we assume a new record needs to be inserted, else
* we update the existing one.
* @return boolean True if the approval was safely saved.
*/
function save()
{
$ok = false;
// Fields which we want to NULL if not set, or nullstring..
$assigned_to_usr = isset($this->assigned_to_usr) && $this->assigned_to_usr != "" ? $this->assigned_to_usr : "******";
$approval_by_usr = isset($this->approval_by_usr) && $this->approval_by_usr != "" ? $this->approval_by_usr : "******";
$assigned_datetime = isset($this->assigned_datetime) && $this->assigned_datetime != "" ? "'{$this->assigned_datetime}'" : "NULL";
$approval_datetime = isset($this->approval_datetime) && $this->approval_datetime != "" ? "'{$this->approval_datetime}'" : "NULL";
$approval_status = isset($this->approval_status) && $this->approval_status != "" ? "'{$this->approval_status}'" : "NULL";
if ($this->qa_approval_id == 0) {
// New record - grab next sequence value..
$qry = new PgQuery("SELECT NEXTVAL('qa_project_approval_qa_approval_id_seq')");
if ($qry->Exec()) {
$row = $qry->Fetch(true);
$this->qa_approval_id = $row[0];
}
// Create new approval..
$q = "INSERT INTO qa_project_approval (";
$q .= " qa_approval_id, project_id, qa_step_id, qa_approval_type_id,";
$q .= " approval_status, assigned_to_usr, approval_by_usr, comment,";
$q .= " approval_datetime, assigned_datetime";
$q .= ") ";
$q .= "VALUES(";
$q .= "{$this->qa_approval_id},";
$q .= "{$this->project_id},";
$q .= "{$this->qa_step_id},";
$q .= "{$this->qa_approval_type_id},";
$q .= "{$approval_status},";
$q .= "{$assigned_to_usr},";
$q .= "{$approval_by_usr},";
$q .= "'" . addslashes($this->comment) . "',";
$q .= "{$approval_datetime},";
$q .= "{$assigned_datetime}";
$q .= ")";
$qry = new PgQuery($q);
$ok = $qry->Exec("qa_project_approval::save");
} else {
// Existing record update..
$q = "UPDATE qa_project_approval SET ";
$q .= " project_id={$this->project_id},";
$q .= " qa_step_id={$this->qa_step_id},";
$q .= " qa_approval_type_id={$this->qa_approval_type_id},";
$q .= " approval_status={$approval_status},";
$q .= " assigned_to_usr={$assigned_to_usr},";
$q .= " approval_by_usr={$approval_by_usr},";
$q .= " comment='" . addslashes($this->comment) . "',";
$q .= " approval_datetime={$approval_datetime},";
$q .= " assigned_datetime={$assigned_datetime}";
$q .= " WHERE qa_approval_id={$this->qa_approval_id}";
$qry = new PgQuery($q);
$ok = $qry->Exec("qa_project_approval::save");
}
return $ok;
}
for ($dow = 0; $dow < 7; $dow++) {
while (list($k, $v) = each($tm[$dow])) {
if ($v != "") {
list($number, $description) = split('/', $v, 2);
$number = intval($number);
if ($number > 0) {
$request_ids[$number] = $number;
}
}
}
}
// Select the user's system_role for each such system
$sql = "SELECT request.request_id, system_usr.role ";
$sql .= "FROM request LEFT OUTER JOIN system_usr ON request.system_id = system_usr.system_id AND system_usr.user_no=? ";
$sql .= "WHERE request_id IN (" . implode(",", $request_ids) . ");";
$qry = new PgQuery($sql, $session->user_no);
if ($qry->Exec("TimeSheet")) {
if ($qry->rows > 0) {
while ($row = $qry->Fetch()) {
$request_ids[$row->request_id] = $row->role;
}
foreach ($request_ids as $r_id => $role) {
if ($role == $r_id) {
$client_messages[] = "W/R {$r_id} does not exist.";
$invalid = true;
} else {
if ($role == "") {
$client_messages[] = "You may not assign time to W/R {$r_id}.";
$invalid = true;
}
}
/**
* Internal function used to get the user's system roles from the database.
*/
function GetSystemRoles()
{
$this->system_roles = array();
$this->system_codes = array();
$qry = new PgQuery('SELECT system_usr.system_id, role, system_code FROM system_usr JOIN work_system USING (system_id) WHERE user_no = ? ', $this->user_no);
if ($qry->Exec('Session::GetRoles') && $qry->rows > 0) {
while ($role = $qry->Fetch()) {
$this->system_roles[$role->system_id] = $role->role;
$this->system_codes[$role->system_id] = $role->system_code;
}
}
}
/**
* Function to output a page header
*/
function PageHeader($style = "normal")
{
global $c, $session, $tmnu;
if (!$this->panel_top) {
return;
}
echo '<div id="topbar">';
echo $this->ImgLink('pwl-logo.png', '/', 252, 60);
echo '</div>' . "\n";
if ($session->logged_in) {
echo '<div id="searchbar">';
echo '<form action="/wrsearch.php" method="post" name="search">';
echo '<span class="prompt" style="vertical-align: 0%;">Find:</span>';
echo '<span class="entry"><input class="search_for" type="text" name="search_for" value="' . $GLOBALS['search_for'] . '"/></span>';
$systems = new PgQuery(SqlSelectSystems($GLOBALS['org_code']));
$system_list = $systems->BuildOptionList($GLOBALS['system_id'], 'Config::LocPgHdr');
echo '<span class="prompt" style="vertical-align: 0%;">Systems:</span>';
echo '<span class="entry"><select name="system_id" class="search_for"><option value="">-- select --</option>' . $system_list;
echo '</select></span>';
echo '<span class="entry""><input type="submit" alt="go" class="fsubmit" value="Search" /></span>';
echo '</form>';
echo '</div>' . "\n";
}
echo '<div id="top_menu">';
if ($session->logged_in) {
echo '<span style="float:right; margin-right:3px; margin-top:3px;">';
echo $session->fullname;
echo '</span>';
}
if (isset($tmnu) && is_object($tmnu) && $tmnu->Size() > 0) {
echo $tmnu->Render();
}
echo '</div>' . "\n";
}
/**
* Function to output a page header
*/
function PageHeader($style = "normal")
{
global $c, $session, $tmnu;
if (!$this->panel_top) {
return;
}
$systems = new PgQuery(SqlSelectSystems($GLOBALS['org_code']));
$system_list = $systems->BuildOptionList($GLOBALS['system_id'], 'PageHeader');
echo <<<EOHDR
<table border="0" cellspacing="0" cellpadding="0" style="height:86px;width:100%;background:url('/images/eduforge/eduforge_paua.jpg');">
<tr>
<td width="175" nowrap="nowrap" align="center">
<a href="/"><img alt="logo" border="0" src="/images/eduforge/eduforge_logo.gif" width="145" height="62" /></a>
</td>
<td class="spaced-out">s u p p o r t <span class="spaced-out-grey">. e d u f o r g e . o r g</span></td>
EOHDR;
if ($session->logged_in) {
echo '<td valign="bottom" style="background: inherit;"><div id="searchbar" style="background: inherit;">';
echo '<form action="/requestlist.php" method="post" name="search">';
echo '<span class="prompt" style="vertical-align: 0%;">Find:</span>';
echo '<span class="entry"><input class="search_for" type="text" name="search_for" value="' . $GLOBALS['search_for'] . '"/></span>';
echo '<span class="prompt" style="vertical-align: 0%;">Systems:</span>';
echo '<span class="entry"><select name="system_code" class="search_for"><option value="">-- select --</option>' . $system_list;
echo '</select></span>';
echo '<span class="entry""><input type="submit" alt="go" class="fsubmit" value="Search" /></span>';
echo '</form>';
echo '</div></td>' . "\n";
}
echo "</tr>\n</table>\n";
echo '<div id="top_menu">';
if ($session->logged_in) {
echo '<span style="float:right; margin-right:3px; margin-top:3px;">';
echo $session->fullname;
echo '</span>';
}
if (isset($tmnu) && is_object($tmnu) && $tmnu->Size() > 0) {
echo $tmnu->Render();
}
echo '</div>' . "\n";
}
<?php
$qry = new PgQuery($search_query);
$result = $qry->Exec("SearchQuery");
if ("{$style}" != "stripped") {
if ($result && $qry->rows > 0) {
echo "\n<small>{$qry->rows} requests found";
if (isset($saved_query) && $saved_query != "") {
echo " for <b>{$saved_query}</b>";
}
echo "</small>";
} else {
echo "\n<p><small>No requests found</small></p>";
}
}
if ("{$style}" != "stripped" || "{$style}" == "stripped" && "{$format}" == "edit") {
$this_page = "{$PHP_SELF}?style=%s&format=%s";
if (isset($saved_query)) {
$usaved_query = str_replace('%', '%%', urlencode($saved_query));
}
if ("{$saved_query}" != "") {
$this_page .= "&saved_query={$usaved_query}";
}
if ("{$search_for}" != "") {
$this_page .= "&search_for=" . str_replace('%', '%%', urlencode($search_for));
}
if ($org_code > 0) {
$this_page .= "&org_code={$org_code}";
}
if ($system_id > 0) {
$this_page .= "&system_id={$system_id}";
{$tzset}
INSERT INTO request_timesheet ( timesheet_id, request_id, work_on, work_duration, work_by_id, work_description, work_units )
VALUES( {$ts_id}, ?, ?::timestamp, (?::timestamp - ?::timestamp), {$session->user_no}, ?, 'hours' );
UPDATE request_timesheet
SET work_quantity = (extract( 'hours' from work_duration)::numeric + extract( 'minutes' from work_duration )::numeric / 60::numeric),
dav_etag = md5(timesheet_id||request_id||work_on||work_duration||work_by_id||COALESCE(charged_details,'')||work_description)
WHERE timesheet_id={$ts_id};
EOSQL;
$qry = new PgQuery($sql, $request_id, $ev->Get('dtstart'), $ev->Get('dtend'), $ev->Get('dtstart'), $ev->Get('summary'));
$qry->Exec("PUT");
}
$qry = new PgQuery("SELECT dav_etag FROM request_timesheet WHERE timesheet_id = {$ts_id};");
$qry->Exec("PUT");
$row = $qry->Fetch();
$etag = $row->dav_etag;
$qry = new PgQuery("COMMIT;");
$qry->Exec("PUT");
header("HTTP/1.1 201 {$action}");
/**
* From draft 13, 5.3.4 we find:
* "In the case where the data stored by a server as a result of a PUT
* request is not equivalent by octet equality to the submitted calendar
* object resource, the behavior of the ETag response header is not
* specified here, with the exception that a strong entity tag MUST NOT be
* returned in the response. As a result, clients may need to retrieve the
* modified calendar object resource (and ETag) as a basis for further
* changes, rather than use the calendar object resource it had sent with
* the PUT request."
*
* So: since we f****d with it significantly, we don't return an etag, and the
* client (possibly) knows they will have to request it again.
/**
* Internal function used to get the user's roles from the database.
*/
function GetRoles()
{
$this->roles = array();
$qry = new PgQuery('SELECT role_name FROM role_member m join roles r ON r.role_no = m.role_no WHERE user_no = ? ', $this->user_no);
if ($qry->Exec('BasicAuthSession') && $qry->rows > 0) {
while ($role = $qry->Fetch()) {
$this->roles[$role->role_name] = true;
}
}
}
<?php
if ($logged_on) {
$sql = "SELECT * FROM saved_queries WHERE user_no={$session->user_no} AND lower(query_name)='home';";
$qry = new PgQuery($sql);
if ($qry->Exec("indexsupport") && $qry->rows > 0) {
// Can't just let anyone type in a where clause on the command line!
if (!is_member_of('Admin')) {
$where_clause = "";
}
// Internal column names (some have 'nice' alternatives defined in header_row() )
// The order of these defines the ordering when columns are chosen
$available_columns = array("request_id" => "WR #", "lby_fullname" => "Created By", "lfull" => "Request For", "request_on" => "Request On", "lbrief" => "Description", "request_type_desc" => "Type", "request_tags" => "Tags", "status_desc" => "Status", "system_code" => "System Code", "system_desc" => "System Name", "request.last_activity" => "Last Chng", "urgency" => "Urgency", "importance" => "Importance", "active" => "Active");
/**
* The hours column is not visible to clients.
*/
if ($session->AllowedTo("Support") || $session->AllowedTo("Admin")) {
$available_columns["request_hours"] = "Hours";
}
$saved_qry_row = $qry->Fetch();
$search_query = $saved_qry_row->query_sql;
// $style = 'stripped';
$query_params = unserialize($saved_qry_row->query_params);
$columns = $query_params["columns"];
if (!isset($columns) || !is_array($columns)) {
if ($format == "edit") {
$columns = array("request_id", "lfull", "request_on", "lbrief", "status_desc", "active", "request_type_desc", "request.last_activity");
} else {
$columns = array("request_id", "lfull", "request_on", "lbrief", "status_desc", "request_type_desc", "request.last_activity");
}
}
$sql .= "JOIN usr ON request.requester_id = usr.user_no ";
$sql .= "WHERE attachment_id = {$id} ";
$sql .= "AND org_code = {$session->org_code} ; ";
$qry = new PgQuery($sql);
// if ( !$qry->Exec("attachment") || $qry->rows == 0 ) {
}
$sql = "SELECT * FROM request_attachment, lookup_code ";
$sql .= "WHERE attachment_id = {$id} ";
$sql .= "AND source_table='request' ";
$sql .= "AND source_field='attach_type' ";
$sql .= "AND lookup_code = att_type ; ";
$qry = new PgQuery($sql);
if ($qry->Exec("attachment") && $qry->rows > 0) {
$attachment = $qry->Fetch();
} else {
$qry = new PgQuery("SELECT * FROM request_attachment WHERE attachment_id = {$id};");
if (!$qry->Exec("attachment") || $qry->rows == 0) {
error_log("{$sysabbr} attachment: DBG: id [{$id}] not found", 0);
echo "<html><head><title>Error - invalid attachment ID [{$id}]</title><body><h1>Invalid attachment ID [{$id}]</h1></body></html>";
exit;
}
$attachment = $qry->Fetch();
include_once "guess-file-type.php";
$attachment->lookup_code = guess_file_type($attachment->att_filename, "{$attachment_dir}/{$id}");
$attachment->lookup_misc = guess_mime_type($attachment->lookup_code);
}
if (!isset($attachment_dir)) {
$attachment_dir = "attachments";
}
header("Content-type: {$attachment->lookup_misc}");
header("Content-Disposition: filename={$attachment->att_filename}");
/**
* Get the names of the fields for a particular table
* @param string $tablename The name of the table.
* @return array of string The public fields in the table.
*/
function get_fields($tablename)
{
global $_AWL_field_cache;
if (!isset($_AWL_field_cache[$tablename])) {
dbg_error_log("DataUpdate", ":get_fields: Loaded fields for table '{$tablename}'");
$sql = "SELECT f.attname, t.typname FROM pg_attribute f ";
$sql .= "JOIN pg_class c ON ( f.attrelid = c.oid ) ";
$sql .= "JOIN pg_type t ON ( f.atttypid = t.oid ) ";
$sql .= "WHERE relname = ? AND attnum >= 0 order by f.attnum;";
$qry = new PgQuery($sql, $tablename);
$qry->Exec("DataUpdate");
$fields = array();
while ($row = $qry->Fetch()) {
$fields["{$row->attname}"] = $row->typname;
}
$_AWL_field_cache[$tablename] = $fields;
}
return $_AWL_field_cache[$tablename];
}
$prop->NewElement("calendar-data", $caldata, array("xmlns" => "urn:ietf:params:xml:ns:caldav"));
}
if (isset($report[$i]['properties']['GETETAG'])) {
$prop->NewElement("getetag", '"' . $ts->dav_etag . '"');
}
$status = new XMLElement("status", "HTTP/1.1 200 OK");
$response->NewElement("propstat", array($prop, $status));
$responses[] = $response;
dbg_error_log("REPORT", "TS Response: ETag >>%s<< >>%s<<", $ts->dav_etag, $url);
}
}
/**
* We also include _all_ caldav_data entries in there, since these
* are events which failed to parse into timesheets.
*/
$qry = new PgQuery("SELECT * FROM caldav_data WHERE user_no = ?", $report_user_no);
if ($qry->Exec() && $qry->rows > 0) {
while ($dav = $qry->Fetch()) {
$response = new XMLElement("response");
$prop = new XMLElement("prop");
$url = sprintf("http://%s:%d%s%s", $_SERVER['SERVER_NAME'], $_SERVER['SERVER_PORT'], $_SERVER['SCRIPT_NAME'], $dav->dav_name);
if (isset($report[$i]['include_href']) && $report[$i]['include_href'] > 0) {
$response->NewElement("href", $url);
}
if (isset($report[$i]['include_data']) && $report[$i]['include_data'] > 0) {
$prop->NewElement("calendar-data", $dav->caldav_data, array("xmlns" => "urn:ietf:params:xml:ns:caldav"));
}
if (isset($report[$i]['properties']['GETETAG'])) {
$prop->NewElement("getetag", '"' . $dav->dav_etag . '"');
}
$status = new XMLElement("status", "HTTP/1.1 200 OK");
function show_sidebar_menu()
{
global $PHP_SELF, $session, $c, $theme, $hurl, $lsid, $help_url, $qams_enabled;
if ($qams_enabled && strstr($PHP_SELF, "qams")) {
menu_break_line();
menu_url_line("/", "Go to the WRMS Work Request Management System", "WRMS", "head");
menu_break_line();
// QAMS MENU ITEMS..
menu_url_line("/qams-project.php?edit=1", "Create a new project", "New Project", "head");
// Not yet implemented..
//menu_url_line("/qams-project-search.php", "Search for projects", "Search Projects", "head");
if (isset($lsid)) {
menu_url_line("/?logout=1&forget=1{$hurl}", "Log me out and stop logging me in automatically", "Forget Me", "head");
} else {
menu_url_line("/?logout=1{$hurl}", "Au revoir!", "Log Off", "head");
}
menu_break_line();
echo '<form method="get" action="/qams-project.php" name="quickwr" id="quickwr" style="display:inline">';
printf(' <b>PROJ:</b><input type="text" size="7" title="%s" value="%d" name="request_id">', 'Enter a Project Number and press [Enter] to go to it directly.', $GLOBALS['request_id']);
echo "</form><br >";
menu_break_line();
menu_url_line("/qams.php?filter=my", "Show projects I am involved in", "My Projects");
menu_url_line("/qams.php?filter=recent", "Show the most recent projects", "Recent Projects");
menu_break_line();
menu_url_line("/qams-refdoc-index.php", "Quality Assurance Documents Index", "Documents");
} else {
// WRMS MENU ITEMS..
menu_url_line("/wr.php", "Enter a new work request into the system.", "New Request", "head");
$tooltip = "A comprehensive search facility for reporting on work requests.";
menu_url_line("/wrsearch.php", $tooltip, "Search Requests", "head");
if (is_member_of('Admin', 'Support', 'Contractor')) {
menu_url_line("/timesheet.php", "", "Timesheet Entry", "head");
}
if ($qams_enabled) {
menu_url_line("/qams.php", "Go to the QAMS Quality Assurance Management System", "Quality System", "head");
}
if (isset($lsid)) {
menu_url_line("/?logout=1&forget=1{$hurl}", "Log me out and stop logging me in automatically", "Forget Me", "head");
} else {
menu_url_line("/?logout=1{$hurl}", "Au revoir!", "Log Off", "head");
}
menu_break_line();
printf(<<<EOFORM
<form method="get" action="/wr.php" name="quickwr" id="quickwr" style="display:inline">
<b>W/R:</b><input type="text" size="7" title="%s" value="%d" name="request_id">
</form><br >
EOFORM
, 'Enter a W/R number and press [Enter] to go to it directly.', $GLOBALS['request_id']);
$tooltip = "Run this saved search";
$tooltip2 = "Edit this saved search";
$qry = new PgQuery("SELECT * FROM saved_queries WHERE user_no = '{$session->user_no}' AND in_menu ORDER BY query_name");
if ($qry->Exec("block-menu") && $qry->rows > 0) {
menu_break_line();
while ($thisquery = $qry->Fetch()) {
echo " <a href=\"/wrsearch.php?style=plain&saved_query=" . urlencode($thisquery->query_name) . "\" class=\"block\" title=\"{$tooltip}\" alt=\"{$tooltip}\"><b>»</b>{$thisquery->query_name}</a>";
if ($thisquery->query_params != "") {
echo " <a href=\"/wrsearch.php?saved_query=" . urlencode($thisquery->query_name) . "\" class=\"block\" title=\"{$tooltip2}\"><b>«e»</b></a>";
}
echo "<br >\n";
}
echo " <a href=\"/saved_searches.php\">...more</a><br >\n";
} else {
menu_break_line();
$tooltip = "List, run and edit all of your saved searches.";
menu_url_line("/saved_searches.php", $tooltip, "Saved Searches");
}
menu_break_line();
menu_url_line($help_url, "Help on this screen", "Help");
$tooltip = "Maintain your name, phone and e-mail details, or change your password";
menu_url_line("user.php?edit=1&user_no={$session->user_no}", $tooltip, "Edit My Info");
if (is_member_of('Admin', 'Support', 'OrgMgr')) {
// menu_break_line();
$tooltip = "Review and update details about your organisation.";
menu_url_line("/org.php?org_code={$session->org_code}", $tooltip, "My Organisation");
$tooltip = "List the WRMS users for your organisation.";
menu_url_line("/usrsearch.php?org_code={$session->org_code}", $tooltip, "Our Users");
$tooltip = "Create a new WRMS user for your organisation.";
menu_url_line("/user.php?org_code={$session->org_code}", $tooltip, "New User");
$tooltip = "List the 'Systems' your organisation may create Work Requests for.";
menu_url_line("/form.php?form=syslist&org_code={$session->org_code}", $tooltip, "Our Systems");
if (is_member_of('Admin')) {
menu_url_line("/lookups.php", "", "Lookup Codes");
menu_url_line("/form.php?form=attachment_type", "", "Attachment Types");
menu_url_line("/form.php?form=sessionlist", "", "Sessions");
}
}
if (is_member_of('Admin', 'Support')) {
menu_break_line();
menu_url_line("/form.php?f=orglist", "", "All Organisations");
menu_url_line("/form.php?f=syslist", "", "General Systems");
menu_url_line("/new_organisation.php", "Add a new organisation, with a general system and primary user", "New Organisation");
menu_url_line("/form.php?user_no={$session->user_no}&form=timelist&uncharged=1", "", "My Uncharged Work");
menu_url_line("/form.php?f=timelist&uncharged=1", "", "All Work");
menu_url_line("/form.php?f=simpletimelist", "", "Work by Person");
menu_url_line("/form.php?f=timelist&uncharged=1&charge=1", "", "Work To Charge");
$tooltip = "A report showing the activity in the WRMS.";
menu_url_line("/requestchange.php", $tooltip, "WRMS Activity");
}
if (is_member_of('Admin', 'Support') || $GLOBALS['rank_report_anyone']) {
$tooltip = "A ranked list of work requests, most important and urgent at the top";
menu_url_line("/requestrank.php?qs=complex", $tooltip, "Request Ranking");
}
}
if (is_member_of('Admin', 'Support')) {
menu_url_line("/statuspie.php", 'A pie chart of request statuses for a period / system / organisation', "Status Pie");
}
if (is_member_of('Admin', 'Accounts')) {
menu_url_line("/work_summary.php", 'Show work summary for an Organisation / System / Person etc.', "Work Summary");
}
$theme->BlockClose();
}
$query .= " AND request_timesheet.work_on::date < '{$to_date}'::date";
} else {
if (isset($from_date)) {
$query .= " AND request_timesheet.work_on::date >= '{$from_date}'::date";
}
if (isset($to_date)) {
$query .= " AND request_timesheet.work_on::date <= '{$to_date}'::date";
}
}
}
$query .= " ORDER BY {$tlsort} {$tlseq} ";
if (!isset($maxresults) || intval($maxresults) == 0) {
$maxresults = 1000;
}
$query .= " LIMIT 1000 ";
$qry = new PgQuery($query);
$result = awm_pgexec($dbconn, $query, 'simpletimelist', false, 7);
if ($qry->Exec('simpletimelist')) {
// Build up the column header cell, with %s gaps for the sort, sequence and sequence image
$header_cell = "<th class=cols><a class=cols href=\"{$PHP_SELF}?f={$form}&tlsort=%s&tlseq=%s";
if (isset($user_no)) {
$header_cell .= "&user_no={$user_no}";
}
if (isset($from_date)) {
$header_cell .= "&from_date={$from_date}";
}
if (isset($to_date)) {
$header_cell .= "&to_date={$to_date}";
}
if (isset($date_restriction)) {
$header_cell .= "&date_restriction={$date_restriction}";
/**
*
*/
function Write()
{
global $c, $session;
if (parent::Write()) {
if ($this->new_record) {
$qry = new PgQuery("SELECT currval('organisation_org_code_seq');");
$qry->Exec("OrganisationPlus::Write: Retrieve org_code");
$sequence_value = $qry->Fetch(true);
// Fetch as an array
$org_code = $sequence_value[0];
$GLOBALS['id'] = $org_code;
$c->messages[] = "Organisation, System and User records created.";
if (isset($_POST['invite']) && $_POST['invite'] == 'on') {
$username = $this->Get('username');
$fullname = $this->Get('fullname');
$invitation_template = <<<EOINVITE
Hi {$fullname},
Welcome to @@system_name@@!
Your access has now been configured by {$session->fullname} with the
following details:
Username: {$username}
Password: @@password@@
This is a temporary password which will be valid for 24 hours. To
log on, please visit:
{$c->base_dns}/
Once you have logged on, you will need to use the "Edit My Info"
option to set a permanent password.
If you have any problems, please contact {$session->fullname} or the
system administrator.
Thanks.
EOINVITE;
$session->Dbg("OrganisationPlus", "Inviting '%s' to join.", $username);
$session->EmailTemporaryPassword($username, null, $invitation_template);
$c->messages[] = "Invitation and password sent to " . $username;
} else {
$session->Dbg("OrganisationPlus", "Invite is >>%s<<", $_POST['invite']);
}
} else {
$c->messages[] = "Organisation, System and User details updated.";
}
return true;
}
return false;
// Looks like we screwed up somewhere
}
$query_is_public = $GLOBALS['query_is_public'];
$show_in_menu = $GLOBALS['show_in_menu'];
$sql = "";
foreach ($query_is_public as $k => $v) {
$k = intval($k);
if (is_array($v) && ($k == $session->user_no || $session->AllowedTo("Admin") || $session->AllowedTo("Support"))) {
foreach ($v as $k2 => $v2) {
$public = $v2 == "on" ? "TRUE" : "FALSE";
$in_menu = $show_in_menu[$k][$k2] == "on" ? "TRUE" : "FALSE";
$k2dec = urldecode($k2);
$session->Dbg("SavedSearches", "Submitted query_is_public[{$k}][{$k2dec}] is >>{$v2}<< and show_in_menu[{$k}][{$k2dec}] is >>%s<<", $show_in_menu[$k][$k2]);
$sql .= "UPDATE saved_queries SET public = {$public} , in_menu = {$in_menu} WHERE user_no = {$k} AND query_name = " . qpg($k2dec) . ";";
}
}
}
$qry = new PgQuery($sql);
$qry->Exec("SavedSearches");
}
$debuggroups["querystring"] = 1;
$browser = new Browser("Your Saved Searches");
if ($session->AllowedTo("Admin") || $session->AllowedTo("Support")) {
$browser->AddColumn('user_no', 'User#', 'center', '<a href="/user.php?user_no=##user_no##">%d</a>');
} else {
$browser->AddHidden('user_no');
}
$browser->AddColumn('query_name', 'Query Name', 'left', '<a href="/wrsearch.php?style=plain&saved_query=##URL:query_name##">%s</a>');
$browser->AddColumn('query_type', 'Type', 'center', '%s');
// $browser->AddColumn( 'query_sql', 'SQL', 'left', '%s' );
// $browser->AddColumn( 'query_params', 'Params', 'left', '%s' );
$browser->AddColumn('maxresults', 'Max#', 'left', '%s');
$browser->AddColumn('rlsort', 'SortBy', 'center', '%s');
