defVal('csvFileName', "file.csv");
defVal('status');
defVal('fields');
//joinable stuff
defVal('trackerIds');
//Order Items
defVal('itemIdFields');
defVal('sortFieldIds');
defVal('removeFieldIds');
defVal('showFieldIds');
defVal('dateFieldIds', "45,16,158,159,103");
defVal('sortFieldNames');
defVal('search');
defVal('q');
defVal('start');
defVal('end');
//TODO: integrate into tracker query lib
/**
* @param $param
*/
function splitToTracker($param)
{
if (isset($_REQUEST[$param])) {
$_REQUEST[$param] = explode("|", $_REQUEST[$param]);
foreach ($_REQUEST[$param] as $key => $field) {
$_REQUEST[$param][$key] = explode(',', $_REQUEST[$param][$key]);
}
}
}
splitToTracker('fields');
splitToTracker('search');
<?php
/* $Id: addedit.php,v 1.11 2005/04/12 06:05:39 gregorerhardt Exp $ */
$history_id = defVal(@$_GET["history_id"], 0);
/*
// check permissions
if (!$canEdit) {
$AppUI->setMsg('Access denied', UI_MSG_ERROR);
$AppUI->redirect();
}
*/
$action = @$_REQUEST["action"];
$q = new DBQuery();
if ($action) {
$history_description = dPgetParam($_POST, 'history_description', '');
$history_project = dPgetParam($_POST, 'history_project', '');
$userid = $AppUI->user_id;
if ($action == 'add') {
$q->addTable('history');
$q->addInsert('history_table', "history");
$q->addInsert('history_action', "add");
$q->addInsert('history_date', str_replace("'", '', $db->DBTimeStamp(time())));
$q->addInsert('history_description', $history_description);
$q->addInsert('history_user', $userid);
$q->addInsert('history_project', $history_project);
$okMsg = 'History added';
} else {
if ($action == 'update') {
$q->addTable('history');
$q->addUpdate('history_description', $history_description);
$q->addUpdate('history_project', $history_project);
$task_child_search->peek($ganttTaskFilter);
//$childrenlist[] = $ganttTaskFilter;
//print_r($childrenlist);
$childrenlist = $task_child_search->getDeepChildren();
//print_r($childrenlist);
$where .= ' t.task_id IN (' . $ganttTaskFilter . ', ' . implode(', ', $childrenlist) . ')';
}
//else {
// $where = '';
//}
//echo '<pre> $where = ' . $where . '</pre>';
//die;
// gantt is called now by the todo page, too. There is a different filter approach in todo
// so we have to tweak a little bit, also we do not have a special project available
if ($caller == 'todo') {
$user_id = defVal(@$_REQUEST['user_id'], 0);
$projects[$project_id]['project_name'] = $AppUI->_('Todo for') . ' ' . dPgetUsernameFromID($user_id);
$projects[$project_id]['project_color_identifier'] = 'ff6000';
$q->addTable('tasks', 't');
$q->innerJoin('projects', 'p', 'p.project_id = t.task_project');
$q->innerJoin('user_tasks', 'ut', 'ut.task_id = t.task_id AND ut.user_id = ' . $user_id);
$q->leftJoin('user_task_pin', 'tp', 'tp.task_id = t.task_id AND tp.user_id = ' . $user_id);
$q->addQuery('t.*, p.project_name, p.project_id, p.project_color_identifier, tp.task_pinned');
$q->addWhere('(t.task_percent_complete < 100 OR t.task_percent_complete IS NULL)');
$q->addWhere('t.task_status = 0');
if (!$showArcProjs) {
$q->addWhere('project_status <> 7');
}
if (!$showLowTasks) {
$q->addWhere('task_priority >= 0');
}
/**
* Alternative to protect from XSS attacks.
*/
function dPgetCleanParam(&$arr, $name, $def = null)
{
$val = defVal($arr[$name], $def);
if (empty($val)) {
return $val;
}
// Code from http://quickwired.com/kallahar/smallprojects/php_xss_filter_function.php
// remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
// this prevents some character re-spacing such as <java\0script>
// note that you have to handle splits with \n, \r, and \t later since
// they *are* allowed in some inputs
$val = preg_replace('/([\\x00-\\x08][\\x0b-\\x0c][\\x0e-\\x20])/', '', $val);
// straight replacements, the user should never need these since they're normal characters
// this prevents like <IMG SRC=@avascript:alert('XSS')>
$search = 'abcdefghijklmnopqrstuvwxyz';
$search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
$search .= '1234567890!@#$%^&*()';
$search .= '~`";:?+/={}[]-_|\'\\';
for ($i = 0; $i < mb_strlen($search); $i++) {
// ;? matches the ;, which is optional
// 0{0,7} matches any padded zeros, which are optional and go up to 8 chars
// @ @ search for the hex values
// with a ;
$val = preg_replace('/(&#[x|X]0{0,8}' . dechex(ord($search[$i])) . ';?)/i', $search[$i], $val);
// @ @ 0{0,7} matches '0' zero to seven times
// with a ;
$val = preg_replace('/(�{0,8}' . ord($search[$i]) . ';?)/', $search[$i], $val);
}
// now the only remaining whitespace attacks are \t, \n, and \r
$ra1 = array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');
$ra2 = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');
$ra = array_merge($ra1, $ra2);
$found = true;
// keep replacing as long as the previous round replaced something
while ($found == true) {
$val_before = $val;
for ($i = 0; $i < sizeof($ra); $i++) {
$pattern = '/';
for ($j = 0; $j < mb_strlen($ra[$i]); $j++) {
if ($j > 0) {
$pattern .= '(';
$pattern .= '(&#[x|X]0{0,8}([9][a][b]);?)?';
$pattern .= '|(�{0,8}([9][10][13]);?)?';
$pattern .= ')?';
}
$pattern .= $ra[$i][$j];
}
$pattern .= '/i';
// add in <> to nerf the tag
$replacement = mb_substr($ra[$i], 0, 2) . '<x>' . mb_substr($ra[$i], 2);
// filter out the hex tags
$val = in_array($arr[$name], $ra) ? preg_replace($pattern, $replacement, $val) : $val;
if ($val_before == $val) {
// no replacements were made, so exit the loop
$found = false;
}
}
}
return $val;
}
<?php
/* TASKS $Id: viewgantt.php 6149 2012-01-09 11:58:40Z ajdonnison $ */
if (!defined('DP_BASE_DIR')) {
die('You should not access this file directly.');
}
global $min_view, $m, $a, $user_id, $tab, $tasks;
$min_view = defVal(@$min_view, false);
$project_id = defVal(@$_GET['project_id'], 0);
// sdate and edate passed as unix time stamps
$sdate = dPgetCleanParam($_POST, 'sdate', 0);
$edate = dPgetCleanParam($_POST, 'edate', 0);
//if set GantChart includes user labels as captions of every GantBar
$showLabels = (int) dPgetParam($_POST, 'showLabels', '0');
$showLabels = $showLabels != '0' ? '1' : $showLabels;
$showWork = (int) dPgetParam($_POST, 'showWork', '0');
$showWork = $showWork != '0' ? '1' : $showWork;
$sortByName = (int) dPgetParam($_POST, 'sortByName', '0');
$sortByName = $sortByName != '0' ? '1' : $sortByName;
if ($a == 'todo') {
if (isset($_POST['show_form'])) {
$AppUI->setState('TaskDayShowArc', (int) dPgetParam($_POST, 'showArcProjs', 0));
$AppUI->setState('TaskDayShowLow', (int) dPgetParam($_POST, 'showLowTasks', 0));
$AppUI->setState('TaskDayShowHold', (int) dPgetParam($_POST, 'showHoldProjs', 0));
$AppUI->setState('TaskDayShowDyn', (int) dPgetParam($_POST, 'showDynTasks', 0));
$AppUI->setState('TaskDayShowPin', (int) dPgetParam($_POST, 'showPinned', 0));
}
$showArcProjs = $AppUI->getState('TaskDayShowArc', 0);
$showLowTasks = $AppUI->getState('TaskDayShowLow', 1);
$showHoldProjs = $AppUI->getState('TaskDayShowHold', 0);
$showDynTasks = $AppUI->getState('TaskDayShowDyn', 0);
<?php
/* $Id: viewgantt.php 1966 2011-07-03 22:38:52Z caseydk $ $URL: https://web2project.svn.sourceforge.net/svnroot/web2project/tags/version2.4/modules/tasks/viewgantt.php $ */
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
global $AppUI, $min_view, $m, $a, $user_id, $tab, $tasks, $cal_sdf;
global $sortByName, $project_id, $gantt_map, $currentGanttImgSource, $filter_task_list, $caller;
$AppUI->loadCalendarJS();
$base_url = w2PgetConfig('base_url');
$min_view = defVal($min_view, false);
$project_id = (int) w2PgetParam($_GET, 'project_id', 0);
// sdate and edate passed as unix time stamps
$sdate = w2PgetParam($_POST, 'project_start_date', 0);
$edate = w2PgetParam($_POST, 'project_end_date', 0);
//if set GantChart includes user labels as captions of every GantBar
$showLabels = w2PgetParam($_POST, 'showLabels', '0');
$showLabels = $showLabels != '0' ? '1' : $showLabels;
$showWork = w2PgetParam($_POST, 'showWork', '0');
$showWork = $showWork != '0' ? '1' : $showWork;
$showWork_days = w2PgetParam($_POST, 'showWork_days', '0');
$showWork_days = $showWork_days != '0' ? '1' : $showWork_days;
$printpdf = w2PgetParam($_POST, 'printpdf', '0');
$printpdf = $printpdf != '0' ? '1' : $printpdf;
$printpdfhr = w2PgetParam($_POST, 'printpdfhr', '0');
$printpdfhr = $printpdfhr != '0' ? '1' : $printpdfhr;
if ($a == 'todo') {
if (isset($_POST['show_form'])) {
$AppUI->setState('TaskDayShowArc', w2PgetParam($_POST, 'showArcProjs', 0));
$AppUI->setState('TaskDayShowLow', w2PgetParam($_POST, 'showLowTasks', 0));
$AppUI->setState('TaskDayShowHold', w2PgetParam($_POST, 'showHoldProjs', 0));
$titleBlock->addCell('<form name="searchform" action="?m=departments&search_string=' . $search_string . '" method="post" accept-charset="utf-8">
<table>
<tr>
<td>
<strong>' . $AppUI->_('Search') . '</strong>
<input class="text" type="text" name="search_string" value="' . $search_string . '" /><br />
<a href="index.php?m=departments&search_string=-1">' . $AppUI->_('Reset search') . '</a>
</td>
<td valign="top">
<strong>' . $AppUI->_('Owner filter') . '</strong> ' . $owner_combo . '
</td>
</tr>
</table>
</form>');
$titleBlock->show();
if (isset($_GET['tab'])) {
$AppUI->setState('DeptIdxTab', w2PgetParam($_GET, 'tab', null));
}
$deptsTypeTab = defVal($AppUI->getState('DeptIdxTab'), 0);
$deptsType = $deptsTypeTab;
// load the department types
$deptTypes = w2PgetSysVal('DepartmentType');
$tabBox = new CTabBox('?m=departments', W2P_BASE_DIR . '/modules/departments/', $deptsTypeTab);
if ($tabBox->isTabbed()) {
array_unshift($deptTypes, $AppUI->_('All Departments', UI_OUTPUT_RAW));
}
// tabbed information boxes
foreach ($deptTypes as $deptType) {
$tabBox->add('vw_depts', $deptType);
}
$tabBox->show();
<?php
/* TASKS $Id: viewgantt.php,v 1.7.4.8 2006/12/27 18:50:43 gregorerhardt Exp $ */
global $AppUI, $dPconfig, $company_id, $dept_ids, $department, $min_view, $m, $a, $user_id, $tab, $pstatus;
//Secho dPgetConfig( 'jpLocale' );
ini_set('memory_limit', $dPconfig['reset_memory_limit']);
$min_view = defVal(@$min_view, false);
$project_id = defVal(@$_GET['project_id'], 0);
$user_id = defVal(@$_GET['user_id'], $AppUI->user_id);
// sdate and edate passed as unix time stamps
$sdate = dPgetParam($_POST, 'sdate', 0);
$edate = dPgetParam($_POST, 'edate', 0);
$showInactive = dPgetParam($_POST, 'showInactive', '0');
$showLabels = dPgetParam($_POST, 'showLabels', '0');
$sortTasksByName = dPgetParam($_POST, 'sortTasksByName', '0');
$showAllGantt = dPgetParam($_POST, 'showAllGantt', '0');
$showTaskGantt = dPgetParam($_POST, 'showTaskGantt', '0');
$addPwOiD = dPgetParam($_POST, 'add_pwoid', 0);
//if set GantChart includes user labels as captions of every GantBar
if ($showLabels != '0') {
$showLabels = '1';
}
if ($showInactive != '0') {
$showInactive = '1';
}
if ($showAllGantt != '0') {
$showAllGantt = '1';
}
if (isset($_POST['proFilter'])) {
$AppUI->setState('ProjectIdxFilter', $_POST['proFilter']);
}
// pull valid projects and their percent complete information
$q->addTable('projects', 'pr');
$q->addQuery('project_id, project_color_identifier, project_name' . ', project_start_date, project_end_date');
$q->addJoin('tasks', 't1', 'pr.project_id = t1.task_project');
$q->addWhere('project_status != 7');
$q->addGroup('project_id');
$q->addOrder('project_name');
$project->setAllowedSQL($AppUI->user_id, $q);
$projects = $q->loadHashList('project_id');
$q->clear();
$caller = defVal(@$_REQUEST['caller'], null);
/* gantt is called now by the todo page, too. There is a different filter approach in todo
* so we have to tweak a little bit, also we do not have a special project available
*/
if ($caller == 'todo') {
$user_id = defVal(@$_REQUEST['user_id'], $AppUI->user_id);
$projects[$project_id]['project_name'] = $AppUI->_('Todo for') . ' ' . dPgetUsernameFromID($user_id);
$projects[$project_id]['project_color_identifier'] = 'ff6000';
$q->addTable('tasks', 't');
$q->innerJoin('projects', 'p', 'p.project_id = t.task_project');
$q->innerJoin('user_tasks', 'ut', 'ut.task_id = t.task_id AND ut.user_id = ' . $user_id);
$q->leftJoin('user_task_pin', 'tp', 'tp.task_id = t.task_id AND tp.user_id = ' . $user_id);
$q->addQuery('t.*, p.project_name, p.project_id, p.project_color_identifier, tp.task_pinned');
$q->addWhere('(t.task_percent_complete < 100 OR t.task_percent_complete IS NULL)');
$q->addWhere('t.task_status = 0');
if (!$showArcProjs) {
$q->addWhere('project_status <> 7');
}
if (!$showLowTasks) {
$q->addWhere('task_priority >= 0');
}
/**
* Alternative to protect from XSS attacks.
*/
function dPgetCleanParam(&$arr, $name, $def = null)
{
if (is_array($arr[$name])) {
$val = array();
foreach (array_keys($arr[$name]) as $key) {
$val[$key] = dPgetCleanParam($arr[$name], $key, $def);
}
return $val;
}
$val = defVal($arr[$name], $def);
if (empty($val)) {
return $val;
}
return filter_xss($val);
}
$q->addWhere('u.user_contact = con.contact_id');
$owner_list = array(-1 => $AppUI->_('All Users', UI_OUTPUT_RAW)) + $q->loadHashList();
//db_loadHashList($sql);
$owner_combo = arraySelect($owner_list, 'owner_filter_id', 'class="text" onchange="javascript:document.searchform.submit()"', $owner_filter_id, false, true);
// setup the title block
$titleBlock = new CTitleBlock('Companies', 'handshake.png', $m, "{$m}.{$a}");
$titleBlock->addCell('<form name="searchform" action="?m=companies&search_string=' . dPformSafe($search_string) . '" method="post">' . "\n" . '<table><tr><td><strong>' . $AppUI->_('Search') . '</strong><input class="text" type="text" name="search_string" value="' . dPformSafe($search_string) . '" /><br />' . '<a href="index.php?m=companies&search_string=-1">' . $AppUI->_('Reset search') . '</a></td><td valign="top"><strong>' . $AppUI->_('Owner filter') . '</strong> ' . $owner_combo . ' </td></tr></table></form>');
$search_string = addslashes($search_string);
if ($canEdit) {
$titleBlock->addCell('<input type="submit" class="button" value="' . $AppUI->_('new company') . '">', '', '<form action="?m=companies&a=addedit" method="post">', '</form>');
}
$titleBlock->show();
if (isset($_GET['tab'])) {
$AppUI->setState('CompaniesIdxTab', $_GET['tab']);
}
$companiesTypeTab = defVal($AppUI->getState('CompaniesIdxTab'), 0);
//$tabTypes = array(getCompanyTypeID('Client'), getCompanyTypeID('Supplier'), 0);
$companiesType = $companiesTypeTab;
$tabBox = new CTabBox('?m=companies', DP_BASE_DIR . '/modules/companies/', $companiesTypeTab);
if ($tabbed = $tabBox->isTabbed()) {
$add_na = true;
if (isset($types[0])) {
// They have a Not Applicable entry.
$add_na = false;
$types[] = $types[0];
}
$types[0] = 'All Companies';
if ($add_na) {
$types[] = 'Not Applicable';
}
}
/**
* Alternative to protect from XSS attacks.
*/
function dPgetCleanParam(&$arr, $name, $def = null)
{
if (is_array($arr[$name])) {
$val = array();
foreach (array_keys($arr[$name]) as $key) {
$val[$key] = dPgetCleanParam($arr[$name], $key, $def);
}
return $val;
}
$val = defVal($arr[$name], $def);
if (empty($val)) {
return $val;
}
return htmLawed($val, array('safe' => 1));
}
<?php
##
## holiday module - A dotProject module for keeping track of holidays
##
## Sensorlink AS (c) 2006
## Vegard Fiksdal (fiksdal@sensorlink.no)
##
$holiday_id = defVal(@$_GET["holiday_id"], 0);
$holiday_white = defVal(@$_GET["white"], -1);
// Create date objects
$log_start_date = dPgetParam($_POST, "log_start_date", 0);
$log_end_date = dPgetParam($_POST, "log_end_date", 0);
$start_date = intval($log_start_date) ? new CDate($log_start_date) : new CDate();
$end_date = intval($log_end_date) ? new CDate($log_end_date) : new CDate();
$holiday_description = dPgetParam($_POST, "holiday_description", '');
$holiday_annual = dPgetParam($_POST, "holiday_annual", 0);
$action = @$_REQUEST["action"];
if ($action) {
if ($action == "add") {
$sql = "INSERT INTO holiday (holiday_description,holiday_start_date,holiday_end_date,holiday_white,holiday_annual) ";
$sql .= "VALUES ('";
$sql .= $holiday_description;
$sql .= "','";
$sql .= $start_date->format(FMT_DATETIME_MYSQL);
$sql .= "','";
$sql .= $end_date->format(FMT_DATETIME_MYSQL);
$sql .= "','";
$sql .= $holiday_white;
$sql .= "','";
$sql .= $holiday_annual;
if ($project_id > 0) {
$criticalTasks = $project->getCriticalTasks($project_id);
$project->load($project_id);
}
// pull valid projects and their percent complete information
$q = new DBQuery();
$q->addTable('projects');
$q->addQuery('project_id, project_color_identifier, project_name' . ', project_start_date, project_end_date');
$q->addJoin('tasks', 't1', 'projects.project_id = t1.task_project');
$q->addWhere('project_status != 7');
$q->addGroup('project_id');
$q->addOrder('project_name');
$project->setAllowedSQL($AppUI->user_id, $q);
$projects = $q->loadHashList('project_id');
$q->clear();
$caller = defVal(@$_REQUEST['a'], null);
/**
* if task filtering has been requested create the list of task_ids
* which will be used to filter the query
*/
if ($ganttTaskFilter > 0) {
$task_child_search = new CTask();
$task_child_search->peek($ganttTaskFilter);
$childrenlist = $task_child_search->getDeepChildren();
$where .= ' t.task_id IN (' . $ganttTaskFilter . ', ' . implode(', ', $childrenlist) . ')';
}
// gantt is called now by the todo page, too. There is a different filter approach in todo
// so we have to tweak a little bit, also we do not have a special project available
if ($caller == 'todo') {
// $user_id = defVal( @$_REQUEST['user_id'], 0 );
$projects[$project_id]['project_name'] = $AppUI->_('Todo for') . ' ' . dPgetUsernameFromID($user_id);
<?php
/* $Id: addedit.php,v 1.1 2004/03/30 23:21:40 jcgonz Exp $ */
##
## journal module - a quick hack of the history module by HGS 3/16/2004
## (c) Copyright
## J. Christopher Pereira (kripper@imatronix.cl)
## IMATRONIX
##
$journal_id = defVal(@$_GET["journal_id"], 0);
$project_id = intval(dPgetParam($_GET, "project_id", 0));
// check permissions
if (!$canEdit) {
$AppUI->redirect("m=public&a=access_denied");
}
$action = @$_REQUEST["action"];
if ($action) {
$journal_description = $_POST["journal_description"];
$journal_project = $_POST["journal_project"];
$userid = $AppUI->user_id;
if ($action == "add") {
$sql = "INSERT INTO journal (journal_date, journal_description, journal_user, journal_project) " . "VALUES (now(), '{$journal_description}', {$userid}, {$journal_project})";
$okMsg = "journal added";
} else {
if ($action == "update") {
$sql = "UPDATE journal SET journal_description = '{$journal_description}', journal_project = '{$journal_project}' WHERE journal_id = {$journal_id}";
$okMsg = "journal updated";
} else {
if ($action == "del") {
$sql = "DELETE FROM journal WHERE journal_id = {$journal_id}";
$okMsg = "journal deleted";
<?php
/* TASKS $Id: gantt.php,v 1.47 2005/04/07 00:11:07 jcgonz Exp $ */
/*
* Gantt.php - by J. Christopher Pereira
* TASKS $Id: gantt.php,v 1.47 2005/04/07 00:11:07 jcgonz Exp $
*/
include "{$dPconfig['root_dir']}/lib/jpgraph/src/jpgraph.php";
include "{$dPconfig['root_dir']}/lib/jpgraph/src/jpgraph_gantt.php";
$project_id = defVal(@$_REQUEST['project_id'], 0);
$f = defVal(@$_REQUEST['f'], 0);
global $showLabels;
global $showWork;
global $locale_char_set;
$showLabels = dPgetParam($_REQUEST, 'showLabels', false);
// get the prefered date format
$df = $AppUI->getPref('SHDATEFORMAT');
require_once $AppUI->getModuleClass('projects');
$project =& new CProject();
$allowedProjects = $project->getAllowedRecords($AppUI->user_id, 'project_id, project_name');
$criticalTasks = $project_id > 0 ? $project->getCriticalTasks($project_id) : NULL;
// pull valid projects and their percent complete information
$psql = "\nSELECT project_id, project_color_identifier, project_name, project_start_date, project_end_date\nFROM permissions, projects\nLEFT JOIN tasks t1 ON projects.project_id = t1.task_project\nWHERE project_active <> 0\n" . (count($allowedProjects) ? "AND project_id IN (" . implode(',', array_keys($allowedProjects)) . ')' : '') . "\nGROUP BY project_id\nORDER BY project_name\n";
// echo "<pre>$psql</pre>";
$prc = db_exec($psql);
echo db_error();
$pnums = db_num_rows($prc);
$projects = array();
for ($x = 0; $x < $pnums; $x++) {
$z = db_fetch_assoc($prc);
$projects[$z["project_id"]] = $z;
