function setDataString($field, $value) { if (!is_string($value)) { lcm_panic("Incorrect format: value is not a string."); } $this->data[$field] = $value; }
function panic_not_implemented($table1, $table2) { // [ML] Eventually we should print a more user-friendly message, // but for now, lcm_panic() is the easiest to debug. $GLOBALS['errors']['join'] = "Report not implemented: join of {$table1} and {$table2}.\n\tPlease write to legalcase-devel@lists.sf.net and explain the report you are\n\ttrying to generate. If possible, please send a sample report with fictive\n\tvalues. It is possible that either it is possible to generate this report\n\tby another way, or that it may be necessary to write a custom report."; lcm_panic($GLOBALS['errors']['join']); }
function read_author_data($id_author) { $q = "SELECT * FROM lcm_author WHERE id_author=" . $id_author; $result = lcm_query($q); if (!($usr = lcm_fetch_array($result))) { lcm_panic("The user #{$id_author} does not exist in the database."); } return $usr; }
function upgrade_db_version($version, $test = true) { if ($test) { write_meta('lcm_db_version', $version); lcm_log("Upgraded database to version: {$version}", 'upgrade'); } else { // DEPRECATED ? include_lcm('inc_lang'); lcm_panic(_T('install_warning_update_impossible', array('db_version' => $version))); exit; } }
function update_keyword($id_keyword) { $kw_title = _request('kw_title'); $kw_name = _request('kw_name'); // only for new keyword $kw_desc = _request('kw_desc'); $kw_ac_author = _request('kw_ac_author'); // show/hide keyword $kw_hasvalue = _request('kw_hasvalue'); // show field to enter text value $kw_idgroup = intval(_request('id_group')); // // Check for errors // if (!$id_keyword) { // new keyword global $system_kwg; if (!$kw_idgroup) { lcm_panic("update_keyword: missing or badly formatted id_keyword or id_group"); } $kwg_info = get_kwg_from_id($kw_idgroup); if (!$kw_name) { $_SESSION['errors']['name'] = _Ti('keywords_input_name') . _T('warning_field_mandatory'); } if (isset($system_kwg[$kwg_info['name']]['keywords'][$kw_name])) { // XXX [ML] what about user keywords? $_SESSION['errors']['name'] = _Ti('keywords_input_name') . _T('keywords_warning_kw_code_exists'); } } if (!$kw_title) { $_SESSION['errors']['title'] = _Ti('keywords_input_name') . _T('warning_field_mandatory'); } if (count($_SESSION['errors'])) { lcm_header("Location: " . $_SERVER['HTTP_REFERER']); exit; } // // Apply to database // $fl = "description = '{$kw_desc}',\n\t\t\ttitle = '{$kw_title}' "; if ($kw_ac_author == 'Y' || $kw_ac_author == 'N') { $fl .= ", ac_author = '{$kw_ac_author}'"; } if ($kw_hasvalue == 'Y' || $kw_hasvalue == 'N') { $query .= ", hasvalue = '{$kw_hasvalue}'"; } if (!$id_keyword) { // new $query = "INSERT INTO lcm_keyword\n\t\t\t\tSET id_group = {$kw_idgroup}, \n\t\t\t\t\tname = '{$kw_name}',\n\t\t\t\t\t{$fl} "; lcm_query($query); $id_keyword = lcm_insert_id('lcm_keyword', 'id_keyword'); $kw_info = get_kw_from_id($id_keyword); // for redirection later } else { // Get current info about keyword (don't trust the user) $kw_info = get_kw_from_id($id_keyword); $query = "UPDATE lcm_keyword\n\t\t\t\t\tSET {$fl}\n\t\t\t\t\tWHERE id_keyword = " . $id_keyword; lcm_query($query); } write_metas(); // update inc_meta_cache.php $tab = $kw_info['type'] == 'system' ? 'system' : 'user'; lcm_header("Location: keywords.php?tab=" . $tab . "#" . $kw_info['kwg_name']); exit; }
function install_step_3() { $db_address = _request('db_address'); $db_login = _request('db_login'); $db_password = _request('db_password'); global $lcm_db_version; $install_log = ""; $upgrade_log = ""; // Possible errors will get trapped in the output buffer and displayed later, // so that they don't mess up with headers/html. ob_start(); if (_request('db_choice') == "__manual__") { $sel_db = _request('manual_db'); } else { $sel_db = _request('db_choice'); } $link = lcm_connect_db($db_address, 0, $db_login, $db_password, $sel_db); $io_output = ob_get_contents(); ob_end_clean(); if (!$link) { install_html_start('AUTO', '', 3); lcm_panic("connection denied: " . lcm_sql_error()); } // // TEMPORARY (used by testing the installer) /* lcm_query("DROP TABLE lcm_case", true); lcm_query("DROP TABLE lcm_case_attachment", true); lcm_query("DROP TABLE lcm_stage", true); lcm_query("DROP TABLE lcm_followup", true); lcm_query("DROP TABLE lcm_author", true); lcm_query("DROP TABLE lcm_client", true); lcm_query("DROP TABLE lcm_client_attachment", true); lcm_query("DROP TABLE lcm_org", true); lcm_query("DROP TABLE lcm_org_attachment", true); lcm_query("DROP TABLE lcm_contact", true); lcm_query("DROP TABLE lcm_keyword", true); lcm_query("DROP TABLE lcm_keyword_case", true); lcm_query("DROP TABLE lcm_keyword_client", true); lcm_query("DROP TABLE lcm_keyword_org", true); lcm_query("DROP TABLE lcm_keyword_group", true); lcm_query("DROP TABLE lcm_report", true); lcm_query("DROP TABLE lcm_fields", true); lcm_query("DROP TABLE lcm_filter", true); lcm_query("DROP TABLE lcm_app", true); lcm_query("DROP TABLE lcm_app_client_org", true); lcm_query("DROP TABLE lcm_app_fu", true); lcm_query("DROP TABLE lcm_author_app", true); lcm_query("DROP TABLE lcm_case_client_org", true); lcm_query("DROP TABLE lcm_case_author", true); lcm_query("DROP TABLE lcm_client_org", true); lcm_query("DROP TABLE lcm_rep_col", true); lcm_query("DROP TABLE lcm_rep_line", true); lcm_query("DROP TABLE lcm_rep_filters", true); lcm_query("DROP TABLE lcm_filter_conds", true); lcm_query("DROP TABLE lcm_rep_filter", true); lcm_query("DROP TABLE lcm_meta", true); */ // Test if the software was already installed $result = lcm_query("SELECT * FROM lcm_meta", true); $already_installed = !lcm_sql_errno() && lcm_num_rows($result); $old_lcm_version = 'NONE'; if ($already_installed) { lcm_log("LCM already installed", 'install'); // Find the current database version $old_lcm_db_version = 0; $query = "SELECT value FROM lcm_meta WHERE name = 'lcm_db_version'"; $result = lcm_query_db($query); while ($row = lcm_fetch_array($result)) { $old_lcm_db_version = $row['value']; } lcm_log("LCM version installed is {$old_lcm_db_version}", 'install'); // Check if upgrade is needed if ($old_lcm_db_version < $lcm_db_version) { lcm_log("Calling the upgrade procedure (since < {$lcm_db_version})", 'install'); include_lcm('inc_db_upgrade'); $upgrade_log = upgrade_database($old_lcm_db_version); } else { lcm_log("Upgrade _not_ called, looks OK (= {$lcm_db_version})", 'install'); } } else { lcm_log("Creating the database from scratch", 'install'); include_lcm('inc_db_create'); $install_log .= create_database(); lcm_log("DB creation complete", 'install'); } // Create default meta + keywords include_lcm('inc_meta'); include_lcm('inc_keywords_default'); include_lcm('inc_meta_defaults'); init_default_config(); init_languages(); $skwg = get_default_keywords(); create_groups($skwg); write_metas(); // regenerate inc/data/inc_meta_cache.php // Test DB: not used for now.. include_lcm('inc_db_test'); $structure_ok = lcm_structure_test(); if (!empty($install_log)) { install_html_start('AUTO', '', 3); echo "<h3><small>" . _T('install_step_three') . "</small> " . _T('install_title_creating_database') . "</h3>\n"; echo "<div class='box_error'>\n"; echo "<p>"; echo "<b>" . _T('warning_operation_failed') . "</b> " . _T('install_database_install_failed'); echo " " . lcm_help("install_connection") . "</p>\n"; echo "</div>\n"; // Dump error listing echo put_text_in_textbox($install_log); install_html_end(); } else { if (!empty($upgrade_log)) { install_html_start('AUTO', '', 3); echo "<h3><small>" . _T('install_step_three') . "</small> " . _T('install_title_creating_database') . "</h3>\n"; echo "<div class='box_error'>\n"; echo "<p>" . _T('install_warning_update_impossible', array('old_version' => $old_lcm_version, 'version' => $lcm_version)) . "</p>\n"; echo "</div>\n"; // Dump error listing echo put_text_in_textbox($upgrade_log); install_html_end(); } else { if (!$structure_ok) { install_html_start('AUTO', '', 3); echo "<h3><small>" . _T('install_step_three') . "</small> " . _T('install_title_creating_database') . "</h3>\n"; echo "<div class='box_error'>\n"; echo "<p> STRUCTURE PROBLEM </p>\n"; // TRAD echo "</div>\n"; install_html_end(); } else { // Everything OK $conn = '<' . '?php' . "\n"; $conn .= "if (defined('_CONFIG_INC_CONNECT')) return;\n"; $conn .= "define('_CONFIG_INC_CONNECT', '1');\n"; $conn .= "\$GLOBALS['lcm_connect_version'] = 0.1;\n"; $conn .= "include_lcm('inc_db');\n"; $conn .= "@lcm_connect_db('{$db_address}','','{$db_login}','{$db_password}','{$sel_db}');\n"; $conn .= "\$GLOBALS['db_ok'] = !!@lcm_num_rows(@lcm_query_db('SELECT COUNT(*) FROM lcm_meta'));\n"; $conn .= '?' . '>'; $lcm_config_prefix = isset($_SERVER['LcmConfigDir']) ? $_SERVER['LcmConfigDir'] : 'inc/config'; $myFile = fopen($lcm_config_prefix . '/inc_connect_install.php', 'wb'); fputs($myFile, $conn); fclose($myFile); install_step_4(); } } } }
$case = intval(_request('case', 0)); $client = intval(_request('client', 0)); $org = intval(_request('org', 0)); if ($case > 0) { $type = 'case'; $id_type = $case; } else { if ($client > 0) { $type = 'client'; $id_type = $client; } else { if ($org > 0) { $type = 'org'; $id_type = $org; } else { lcm_panic("Missing object type for attachment."); } } } $_SESSION['errors'] = array(); if (isset($_POST['rem_file']) && is_array($_POST['rem_file']) && count($_POST['rem_file']) > 0) { $rem_files = join(',', $_POST['rem_file']); $result = lcm_query("UPDATE lcm_{$type}_attachment\n\t\t\t\tSET date_removed=NOW(),content=NULL\n\t\t\t\tWHERE id_{$type}={$id_type}\n\t\t\t\tAND id_attachment IN ({$rem_files})"); } if (strlen($_FILES['filename']['name']) > 0) { $_SESSION['user_file'] = $_FILES['filename']; $_SESSION['user_file']['description'] = _request('description'); $filename = $_SESSION['user_file']['tmp_name']; if (is_uploaded_file($filename) && $_SESSION['user_file']['size'] > 0) { $file = fopen($filename, "r"); $file_contents = fread($file, filesize($filename));
if ($GLOBALS['author_session']['status'] != 'admin') { lcm_panic("You don't have permission to export!"); } $item = clean_input($_REQUEST['item']); if (!empty($_REQUEST['id'])) { $id = intval($_REQUEST['id']); } $data = array(); switch ($item) { case 'case': load_case($id, $data, _LOAD_ALL); break; case 'followup': $data = load_followup($id, $data, _LOAD_ALL); break; case 'client': $data = load_client($id, $data, _LOAD_ALL); break; case 'org': $data = load_org($id, $data, _LOAD_ALL); break; default: lcm_panic("Incorrect export item type!"); exit; } // Send proper headers to browser header("Content-Type: text/xml"); header("Content-Disposition: filename={$item}_{$id}.xml"); header("Content-Description: " . "Export of {$item} ID{$id}"); echo '<?xml version="1.0"?>' . "\n"; echo xml_encode("{$item}_{$id}", $data);
function save() { $errors = $this->validate(); if (count($errors)) { return $errors; } // // Update // $fl = " date_start = '" . $this->getDataString('date_start') . "',\n\t\t\t\tdate_end = '" . $this->getDataString('date_end') . "',\n\t\t\t\ttype = '" . $this->getDataString('type') . "',\n\t\t\t\tsumbilled = " . $this->getDataFloat('sumbilled', 0.0); if ($this->getDataString('type') == 'stage_change') { // [ML] To be honest, we should "assert" most of the // following values, but "new_stage" is the most important. lcm_assert_value($this->getDataString('new_stage', '__ASSERT__')); $desc = array('description' => $this->getDataString('description'), 'result' => $this->getDataString('result'), 'conclusion' => $this->getDataString('conclusion'), 'sentence' => $this->getDataString('sentence'), 'sentence_val' => $this->getDataString('sentence_val'), 'new_stage' => $this->getDataString('new_stage')); $fl .= ", description = '" . serialize($desc) . "'"; } elseif (is_status_change($this->getDataString('type'))) { $desc = array('description' => $this->getDataString('description'), 'result' => $this->getDataString('result'), 'conclusion' => $this->getDataString('conclusion'), 'sentence' => $this->getDataString('sentence'), 'sentence_val' => $this->getDataString('sentence_val')); $fl .= ", description = '" . serialize($desc) . "'"; } else { $fl .= ", description = '" . $this->getDataString('description') . "'"; } if ($this->getDataInt('id_followup') > 0) { // Edit of existing follow-up $id_followup = $this->getDataInt('id_followup'); if (!allowed($this->getDataInt('id_case'), 'e')) { lcm_panic("You don't have permission to modify this case's information. (" . $this->getDataInt('id_case') . ")"); } // TODO: check if hiding this FU is allowed if (allowed($this->getDataInt('id_case'), 'a') && !(is_status_change($this->getDataString('type')) || $this->getDataString('type') == 'assignment' || $this->getDataString('type') == 'unassignment')) { if ($this->getDataString('delete')) { $fl .= ", hidden = 'Y'"; } else { $fl .= ", hidden = 'N'"; } } else { $fl .= ", hidden = 'N'"; } $q = "UPDATE lcm_followup SET {$fl} WHERE id_followup = {$id_followup}"; $result = lcm_query($q); // Get stage of the follow-up entry $q = "SELECT id_stage, case_stage FROM lcm_followup WHERE id_followup = {$id_followup}"; $result = lcm_query($q); if ($row = lcm_fetch_array($result)) { $case_stage = lcm_assert_value($row['case_stage']); } else { lcm_panic("There is no such follow-up (" . $id_followup . ")"); } // Update the related lcm_stage entry $q = "UPDATE lcm_stage SET\n\t\t\t\t\tdate_conclusion = '" . $this->getDataString('date_end') . "',\n\t\t\t\t\tkw_result = '" . $this->getDataString('result') . "',\n\t\t\t\t\tkw_conclusion = '" . $this->getDataString('conclusion') . "',\n\t\t\t\t\tkw_sentence = '" . $this->getDataString('sentence') . "',\n\t\t\t\t\tsentence_val = '" . $this->getDataString('sentence_val') . "',\n\t\t\t\t\tdate_agreement = '" . $this->getDataString('date_end') . "'\n\t\t\t\tWHERE id_case = " . $this->getDataInt('id_case') . "\n\t\t\t\t AND kw_case_stage = '" . $case_stage . "'"; lcm_query($q); } else { // New follow-up if (!allowed($this->getDataInt('id_case'), 'w')) { lcm_panic("You don't have permission to add information to this case. (" . $this->getDataInt('id_case') . ")"); } // Get the current case stage $q = "SELECT id_stage, stage FROM lcm_case WHERE id_case=" . $this->getDataInt('id_case', '__ASSERT__'); $result = lcm_query($q); if ($row = lcm_fetch_array($result)) { $case_stage = lcm_assert_value($row['stage']); $case_stage_id = lcm_assert_value($row['id_stage']); } else { lcm_panic("There is no such case (" . $this->getDataInt('id_case') . ")"); } // Add the new follow-up $q = "INSERT INTO lcm_followup\n\t\t\t\t\tSET id_case=" . $this->getDataInt('id_case') . ",\n\t\t\t\t\t\tid_author=" . $GLOBALS['author_session']['id_author'] . ",\n\t\t\t\t\t\t{$fl},\n\t\t\t\t\t\tid_stage = {$case_stage_id},\n\t\t\t\t\t\tcase_stage='{$case_stage}'"; lcm_query($q); $this->data['id_followup'] = lcm_insert_id('lcm_followup', 'id_followup'); // Set relation to the parent appointment, if any if ($this->getDataInt('id_app')) { $q = "INSERT INTO lcm_app_fu \n\t\t\t\t\t\tSET id_app=" . $this->getDataInt('id_app') . ",\n\t\t\t\t\t\t\tid_followup=" . $this->getDataInt('id_followup', '__ASSERT__') . ",\n\t\t\t\t\t\t\trelation='child'"; $result = lcm_query($q); } // Update case status $status = ''; $stage = ''; switch ($this->getDataString('type')) { case 'conclusion': $status = 'closed'; break; case 'suspension': $status = 'suspended'; break; case 'opening': case 'resumption': case 'reopening': $status = 'open'; break; case 'merge': $status = 'merged'; break; case 'deletion': $status = 'deleted'; break; case 'stage_change': $stage = lcm_assert_value($this->getDataString('new_stage')); break; } if ($status || $stage) { $q = "UPDATE lcm_case\n\t\t\t\t\t\tSET " . ($status ? "status='{$status}'" : '') . ($status && $stage ? ',' : '') . ($stage ? "stage='{$stage}'" : '') . "\n\t\t\t\t\t\tWHERE id_case=" . $this->getDataInt('id_case'); lcm_query($q); // Close the lcm_stage // XXX for now, date_agreement is not used if ($status == 'open') { // case is being re-opened, so erase previously entered info $q = "UPDATE lcm_stage\n\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\tdate_conclusion = '0000-00-00 00:00:00',\n\t\t\t\t\t\t\t\tid_fu_conclusion = 0,\n\t\t\t\t\t\t\t\tkw_result = '',\n\t\t\t\t\t\t\t\tkw_conclusion = '',\n\t\t\t\t\t\t\t\tkw_sentence = '',\n\t\t\t\t\t\t\t\tsentence_val = '',\n\t\t\t\t\t\t\t\tdate_agreement = '0000-00-00 00:00:0'\n\t\t\t\t\t\t\tWHERE id_case = " . $this->getDataInt('id_case') . "\n\t\t\t\t\t\t\t AND kw_case_stage = '" . $case_stage . "'"; } else { $q = "UPDATE lcm_stage\n\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\tdate_conclusion = '" . $this->getDataString('date_end') . "',\n\t\t\t\t\t\t\t\tid_fu_conclusion = " . $this->getDataInt('id_followup') . ",\n\t\t\t\t\t\t\t\tkw_result = '" . $this->getDataString('result') . "',\n\t\t\t\t\t\t\t\tkw_conclusion = '" . $this->getDataString('conclusion') . "',\n\t\t\t\t\t\t\t\tkw_sentence = '" . $this->getDataString('sentence') . "',\n\t\t\t\t\t\t\t\tsentence_val = '" . $this->getDataString('sentence_val') . "',\n\t\t\t\t\t\t\t\tdate_agreement = '" . $this->getDataString('date_end') . "'\n\t\t\t\t\t\t\tWHERE id_case = " . $this->getDataInt('id_case', '__ASSERT__') . "\n\t\t\t\t\t\t\t AND kw_case_stage = '" . $case_stage . "'"; } lcm_query($q); } // If creating a new case stage, make new lcm_stage entry if ($stage) { $q = "INSERT INTO lcm_stage SET\n\t\t\t\t\t\t\tid_case = " . $this->getDataInt('id_case', '__ASSERT__') . ",\n\t\t\t\t\t\t\tkw_case_stage = '" . lcm_assert_value($stage) . "',\n\t\t\t\t\t\t\tdate_creation = NOW(),\n\t\t\t\t\t\t\tid_fu_creation = " . $this->getDataInt('id_followup'); lcm_query($q); } } // Keywords update_keywords_request('followup', $this->getDataInt('id_followup')); return $errors; }
} show_find_box('exp', $find_exp_string); // // For "Filter expense owner" // $prefs_change = false; $types_owner = array('my' => 1, 'public' => 1); $types_period = array('m1' => 30, 'm3' => 91, 'm6' => 182, 'y1' => 365); // 30 days, 3 months, 6 months, 1 year if ($author_session['status'] == 'admin') { $types_owner['all'] = 1; } if ($v = _request('case_owner')) { if ($prefs['case_owner'] != $v) { if (!array_key_exists($v, $types_owner)) { lcm_panic("Value for case owner not permitted: " . htmlspecialchars($v)); } $prefs['case_owner'] = _request('case_owner'); $prefs_change = true; } } // always include 'my' cases [ML] $q_owner is re-used below $q_owner = " (e.id_author = " . $author_session['id_author']; if ($prefs['case_owner'] == 'public') { $q_owner .= " OR e.pub_read = 1"; } if ($author_session['status'] == 'admin' && $prefs['case_owner'] == 'all') { $q_owner .= " OR 1=1 "; } $q_owner .= " ) "; //
function getCaseIterator() { global $prefs; if ($this->getCaseDone()) { lcm_panic("LcmOrg::getCaseIterator called but getCaseDone() returned true"); } return array_shift($this->cases); }
function printList() { global $prefs; // Select cases of which the current user is author $q = "SELECT DISTINCT c.id_case, title, status, public, pub_write, date_creation\n\t\t\tFROM lcm_case as c NATURAL JOIN lcm_case_author as a "; if ($this->search) { $q .= " NATURAL LEFT JOIN lcm_keyword_case as kc "; } // // Apply filters to SELECT output // $q .= " WHERE 1=1 "; // Add search criteria, if any if ($this->search) { $q .= " AND ("; if (is_numeric($this->search)) { $q .= " (c.id_case = {$this->search}) OR "; } $q .= " (kc.value LIKE '%" . $this->search . "%') OR " . " (c.title LIKE '%" . $this->search . "%') "; $q .= " )"; } // // Case owner: may be used by listcases.php, archives.php, author_det.php, etc. // Also, it may be a user checking another user's profile (in that case, show only public cases) // or it may be an admin checking another user's profile. etc. // global $author_session; $owner_filter = $this->getDataString('owner', $prefs['case_owner']); $owner_id = $this->getDataInt('id_author', $author_session['id_author']); $q_owner = " (a.id_author = " . $owner_id; if ($owner_id == $author_session['id_author']) { // Either in listcases, or user looking at his page in author_det if ($owner_filter == 'public') { $q_owner .= " OR c.public = 1"; } if ($author_session['status'] == 'admin' && $owner_filter == 'all') { $q_owner .= " OR 1=1 "; } } else { // If not an admin, show only public cases of that user if ($author_session['status'] != 'admin') { $q_owner .= " AND c.public = 1"; } } $q_owner .= " ) "; $q .= " AND " . $q_owner; // Period (date_creation) to show if ($this->date_start || $this->date_end) { if ($this->date_start) { $q .= " AND date_creation >= '" . $this->date_start . "'"; } if ($this->date_end) { $q .= " AND date_creation <= '" . $this->date_end . "'"; } } else { if ($prefs['case_period'] < 1900) { // since X days $q .= " AND " . lcm_query_subst_time('date_creation', 'NOW()') . ' < ' . $prefs['case_period'] * 3600 * 24; } else { // for year X $q .= " AND " . lcm_query_trunc_field('date_creation', 'year') . ' = ' . $prefs['case_period']; } } // // Sort results // $sort_clauses = array(); $sort_allow = array('ASC' => 1, 'DESC' => 1); // Sort cases by creation date if ($sort_allow[_request('status_order')]) { $sort_clauses[] = "status " . _request('status_order'); } if ($sort_allow[_request('case_order')]) { $sort_clauses[] = 'date_creation ' . _request('case_order'); } elseif ($sort_allow[_request('upddate_order')]) { $sort_clauses[] = "date_update " . _request('upddate_order'); } else { $sort_clauses[] = 'date_creation DESC'; } // default $q .= " ORDER BY " . implode(', ', $sort_clauses); $result = lcm_query($q); // Check for correct start position of the list $this->number_of_rows = lcm_num_rows($result); if ($this->list_pos >= $this->number_of_rows) { $this->list_pos = 0; } // Position to the page info start if ($this->list_pos > 0) { if (!lcm_data_seek($result, $this->list_pos)) { lcm_panic("Error seeking position " . $this->list_pos . " in the result"); } } for ($i = 0; $i < $prefs['page_rows'] && ($row = lcm_fetch_array($result)); $i++) { show_listcase_item($row, $i, $this->search); } }
function export($type, $format, $search = '') { switch ($type) { case 'case': // List cases in the system + search criterion if any $q = "SELECT id_case,title,legal_reason,alledged_crime,notes,status,stage\n\t\t\t\t\tFROM lcm_case"; if (strlen($search) > 1) { // Add search criteria $q .= " WHERE ((title LIKE '%{$search}%')\n\t\t\t\t\t\tOR (status LIKE '%{$search}%')\n\t\t\t\t\t\tOR (stage LIKE '%{$search}%'))"; } break; case 'client': // List clients in the system + search criterion if any $q = "SELECT id_client,name_first,name_middle,name_last,citizen_number,civil_status,income,gender,notes\n\t\t\t\t\tFROM lcm_client"; if (strlen($search) > 1) { // Add search criteria $q .= " WHERE ((name_first LIKE '%{$search}%')\n\t\t\t\t\t\tOR (name_middle LIKE '%{$search}%')\n\t\t\t\t\t\tOR (name_last LIKE '%{$search}%'))"; } break; case 'org': // List organizations in the system + search criterion if any $q = "SELECT id_org,name,notes,court_reg,tax_number,stat_number\n\t\t\t\t\tFROM lcm_org"; if (strlen($search) > 1) { // Add search criteria $q .= " WHERE (name LIKE '%{$search}%')"; } break; default: lcm_panic("invalid type: {$type}"); return 0; } $mime_types = array('csv' => 'text/comma-separated-values', 'xml' => 'text/xml'); if (!($mime_type = $mime_types[$format])) { lcm_panic("invalid type: {$type}"); return 0; } $result = lcm_query($q); if (lcm_num_rows($result) > 0) { // Send proper headers to browser header("Content-Type: " . $mime_type); header("Content-Disposition: filename={$type}.{$format}"); header("Content-Description: " . "Export of {$type}s"); header("Content-Transfer-Encoding: binary"); // echo ( get_magic_quotes_runtime() ? stripslashes($row['content']) : $row['content'] ); // Document start switch ($format) { case 'csv': // Export columns headers break; case 'xml': echo "<document>\r\n"; break; } // Document contents while ($row = lcm_fetch_assoc($result)) { // Export row start switch ($format) { case 'csv': break; case 'xml': echo "\t<row>\r\n"; break; } // Prepare row fields $fields = array(); foreach ($row as $key => $value) { // Remove escaping if any $value = get_magic_quotes_runtime() ? stripslashes($value) : $value; switch ($format) { case 'csv': if (is_string($value)) { // Escape double quote in CVS style $value = str_replace('"', '""', $value); // Add double quotes $value = "\"{$value}\""; } break; case 'xml': $value = is_string($value) ? htmlspecialchars($value) : $value; $value = "\t\t<{$key}>{$value}</{$key}>\r\n"; break; } $fields[] = $value; } // Export row end switch ($format) { case 'csv': echo join(',', $fields) . "\r\n"; break; case 'xml': echo join('', $fields); echo "\t</row>\r\n"; break; } } // Document end switch ($format) { case 'csv': break; case 'xml': echo "</document>\r\n"; break; } } }
function update_keywords_request($type_obj, $id_obj, $id_obj_sec = 0) { // // Update existing keywords // if (isset($_REQUEST['kw_value_' . $type_obj])) { $kw_entries = $_REQUEST['kw_entry_' . $type_obj]; $kw_values = $_REQUEST['kw_value_' . $type_obj]; $kwg_ids = $_REQUEST['kwg_id_' . $type_obj]; // Check if the keywords provided are really attached to the object for ($cpt = 0; isset($kw_entries[$cpt]) && $kw_entries[$cpt]; $cpt++) { // TODO } for ($cpt = 0; isset($kw_entries[$cpt]); $cpt++) { if ($_REQUEST['kw_del_' . $type_obj . $cpt] || empty($kw_values[$cpt])) { if ($type_obj == 'stage') { // The id_case and id_stage are specified explicitely // even if redundant for security (not to delete on other // cases) and for integrety checks. $query = "DELETE FROM lcm_keyword_case\n\t\t\t\t\t\t\t\tWHERE id_case = {$id_obj}\n\t\t\t\t\t\t\t\t AND id_stage = {$id_obj_sec}\n\t\t\t\t\t\t\t\t AND id_entry = " . $kw_entries[$cpt]; } else { // The id_$type_obj (ex: case, client, org) is specified // explicitely even if redundant for security and integrity. $query = "DELETE FROM lcm_keyword_" . $type_obj . "\n\t\t\t\t\t\t\t\tWHERE id_{$type_obj} = {$id_obj}\n\t\t\t\t\t\t\t\t AND id_entry = " . $kw_entries[$cpt]; } } else { if ($kw_values[$cpt]) { if ($type_obj == 'stage') { $query = "UPDATE lcm_keyword_case\n\t\t\t\t\t\t\t\tSET id_keyword = " . $kw_values[$cpt] . ",\n\t\t\t\t\t\t\t\t\tid_stage = " . $id_obj_sec; } else { $query = "UPDATE lcm_keyword_" . $type_obj . " \n\t\t\t\t\t\t\t\tSET id_keyword = " . $kw_values[$cpt]; } if ($_REQUEST['kw_entryval_' . $type_obj . $cpt]) { $query .= ", value = '" . $_REQUEST['kw_entryval_' . $type_obj . $cpt] . "'"; } $query .= " WHERE id_entry = " . $kw_entries[$cpt]; } } lcm_query($query); } } // // New keywords // if ($id_obj && isset($_REQUEST['new_keyword_' . $type_obj . '_value'])) { $cpt = 0; $new_keywords = $_REQUEST['new_keyword_' . $type_obj . '_value']; $new_kwg_id = $_REQUEST['new_kwg_' . $type_obj . '_id']; while (isset($new_keywords[$cpt])) { // Process new keywords which have a value if ($new_keywords[$cpt]) { if (!$new_kwg_id[$cpt]) { lcm_panic("Empty kwg name"); } // optionally, we can validate whether it makes sense // to apply this kwg to this 'object' ... (TODO ?) if ($type_obj == 'stage') { $query = "INSERT INTO lcm_keyword_case\n\t\t\t\t\t\t\tSET id_keyword = " . $new_keywords[$cpt] . ",\n\t\t\t\t\t\t\t\tid_case = " . $id_obj . ",\n\t\t\t\t\t\t\t\tid_stage = " . $id_obj_sec; } else { $query = "INSERT INTO lcm_keyword_" . $type_obj . "\n\t\t\t\t\t\t\tSET id_keyword = " . $new_keywords[$cpt] . ",\n\t\t\t\t\t\t\t\tid_" . $type_obj . " = " . $id_obj; } if (isset($_REQUEST['new_kw_entryval_' . $type_obj . $cpt])) { if ($_REQUEST['new_kw_entryval_' . $type_obj . $cpt]) { $query .= ", value = '" . $_REQUEST['new_kw_entryval_' . $type_obj . $cpt] . "'"; } else { $query = ""; } } if ($query) { lcm_query($query); } } $cpt++; } } }
function lcm_query_trunc_field($date, $type) { $ret = ""; switch ($type) { case 'day': $ret = "DATE_FORMAT({$date}, '%Y-%m-%d')"; break; case 'year': $ret = "YEAR({$date})"; break; default: lcm_panic("Not supported"); } return $ret; }
} lcm_log("lcm_upgrade test: current = {$current_version}, should be = {$lcm_db_version}"); // test if upgraded necessary if ($current_version < $lcm_db_version) { include_lcm('inc_db_upgrade'); lcm_page_start(_T('title_upgrade_database')); echo "\n<!-- Upgrading from {$current_version} to {$lcm_db_version} -->\n"; $log = upgrade_database($current_version); // To be honest, in most cases, it will cause a lcm_panic() and this will // not show, altough we could (in the future) catch/interpret errors. if ($log) { echo "<div class='box_error'>\n"; echo "<p>An error occured while upgrading the database: <br/>{$log}</p>\n"; // TRAD echo "</div>\n"; lcm_panic("upgrade error ({$log})"); } else { echo "<div class='box_success'>\n"; echo '<p class="normal_text">' . _T('info_upgrade_database3') . ' <a class="content_link" href="index.php">' . _T('info_upgrade_database5') . "</a></p>\n"; echo "</div>\n"; } lcm_page_end(); } else { global $author_session; lcm_page_start("No database upgrade needed"); // TRAD // Small practical trick to refresh the report fields/filters if ($author_session['status'] == 'admin') { include_lcm('inc_db_upgrade'); include_lcm('inc_repfields_defaults'); $fields = get_default_repfields();
function getCaseIterator() { global $prefs; if ($this->getCaseDone()) { lcm_panic("LcmClient::getCaseIterator called but getCaseDone() returned true"); } $ret = array_shift($this->cases); $this->case_start_from++; if ($this->getCaseDone()) { lcm_debug('not done, reloading: ' . count($this->cases)); $this->loadCases($this->case_start_from + $prefs['page_rows']); } lcm_debug("getCaseIterator " . count($this->cases)); return $ret; }
function printEndDoc() { // TODO: show report footer? $content = '</table:table>' . '</office:spreadsheet>' . '</office:body>' . '</office:document-content>' . "\n"; fwrite($this->fcontent, $content); fclose($this->fcontent); $all_files = array($this->dir . '/content.xml', $this->dir . '/META-INF/', $this->dir . '/meta.xml', $this->dir . '/mimetype', $this->dir . '/styles.xml'); /* $params = array ( 'remove_path' => $this->dir ); $this->zipfile->create($all_files, $params); */ $this->zipfile->create($all_files, '', $this->dir); // Send it to the user for download if (!($f = fopen($this->zipname, 'r'))) { lcm_panic("Failed to open " . $this->zipname . ": " . $GLOBALS['lcm_errormsg']); } while ($data = fread($f, filesize($this->zipname))) { echo $data; } fclose($f); // TODO: Delete temporary files unlink($this->dir . '/content.xml'); unlink($this->dir . '/styles.xml'); unlink($this->dir . '/meta.xml'); unlink($this->dir . '/mimetype'); unlink($this->dir . '/META-INF/manifest.xml'); rmdir($this->dir . '/META-INF/'); rmdir($this->dir); }
function printList() { global $prefs; // Select cases of which the current user is author $q = "SELECT e.id_expense, e.id_case, e.id_author, e.status, e.type, \n\t\t\t\te.description, e.date_creation, e.date_update, e.pub_read,\n\t\t\t\te.pub_write, a.name_first, a.name_middle, a.name_last,\n\t\t\t\tcount(ec.id_expense) as nb_comments, c.title as case_title\n\t\t\tFROM lcm_expense as e\n\t\t\tLEFT JOIN lcm_expense_comment as ec ON (ec.id_expense = e.id_expense)\n\t\t\tLEFT JOIN lcm_author as a ON (a.id_author = e.id_author) \n\t\t\tLEFT JOIN lcm_case as c ON (c.id_case = e.id_case) "; $q .= " WHERE (1=1 "; if ($this->search) { $q .= " AND ("; if (is_numeric($this->search)) { $q .= " e.id_expense = " . $this->search . " OR "; } $q .= " e.description LIKE '%" . $this->search . "%' "; $q .= " )"; } if ($this->id_case) { $q .= " AND e.id_case = " . $this->id_case; } $q .= ")"; // // Apply filters to SQL // // Case owner TODO // $q .= " AND " . $q_owner; // Period (date_creation) to show if ($prefs['case_period'] < 1900) { // since X days // $q .= " AND TO_DAYS(NOW()) - TO_DAYS(date_creation) < " . $prefs['case_period']; $q .= " AND " . lcm_query_subst_time('e.date_creation', 'NOW()') . ' < ' . $prefs['case_period'] * 3600 * 24; } else { // for year X $q .= " AND " . lcm_query_trunc_field('e.date_creation', 'year') . ' = ' . $prefs['case_period']; } $q .= " GROUP BY e.id_expense, e.id_case, e.id_author, e.status, e.type, e.description, e.date_creation, e.date_update, e.pub_read, e.pub_write, a.name_first, a.name_middle, a.name_last, c.title "; // // Sort // $sort_clauses = array(); $sort_allow = array('ASC' => 1, 'DESC' => 1); // Sort by request type if ($sort_allow[_request('type_order')]) { $sort_clauses[] = "type " . _request('type_order'); } if ($sort_allow[_request('status_order')]) { $sort_clauses[] = "status " . _request('status_order'); } // Sort cases by creation or update date if ($sort_allow[_request('date_order')]) { $sort_clauses[] = "date_creation " . _request('date_order'); } elseif ($sort_allow[_request('upddate_order')]) { $sort_clauses[] = "date_update " . _request('upddate_order'); } if (count($sort_clauses)) { $q .= " ORDER BY " . implode(', ', $sort_clauses); } else { $q .= " ORDER BY date_creation DESC"; } // default sort $result = lcm_query($q); // Check for correct start position of the list $this->number_of_rows = lcm_num_rows($result); if ($this->list_pos >= $this->number_of_rows) { $this->list_pos = 0; } // Position to the page info start if ($this->list_pos > 0) { if (!lcm_data_seek($result, $this->list_pos)) { lcm_panic("Error seeking position " . $this->list_pos . " in the result"); } } for ($i = 0; $i < $prefs['page_rows'] && ($row = lcm_fetch_array($result)); $i++) { $css = $i % 2 ? "dark" : "light"; echo "<tr>\n"; // Expense ID echo "<td class='tbl_cont_" . $css . "'>"; echo highlight_matches($row['id_expense'], $this->search); echo "</td>\n"; // Author echo "<td class='tbl_cont_" . $css . "'>"; echo get_person_initials($row); echo "</td>\n"; // Attached to case.. echo "<td class='tbl_cont_" . $css . "'>"; if ($row['id_case']) { echo '<abbr title="' . $row['case_title'] . '">' . $row['id_case'] . '</a>'; } echo "</td>\n"; // Date creation echo "<td class='tbl_cont_" . $css . "'>"; echo format_date($row['date_creation'], 'short'); echo "</td>\n"; // Type echo "<td class='tbl_cont_" . $css . "'>"; echo _Tkw('_exptypes', $row['type']); echo "</td>\n"; // Description global $fu_desc_len; // configure via my_options.php with $GLOBALS['fu_desc_len'] = NNN; $more_desc = _request('more_desc', 0); $desc_length = isset($fu_desc_len) && $fu_desc_len > 0 ? $fu_desc_len : 256; $description = $row['description']; if ($more_desc || strlen(lcm_utf8_decode($row['description'])) < $desc_length) { $description = $row['description']; } else { $description = substr($row['description'], 0, $desc_length) . '...'; } echo "<td class='tbl_cont_" . $css . "'>"; echo '<a class="content_link" href="exp_det.php?expense=' . $row['id_expense'] . '">'; echo nl2br(highlight_matches($description, $this->search)); echo "</a>"; echo "</td>\n"; // # Comments echo "<td class='tbl_cont_" . $css . "'>"; echo $row['nb_comments']; echo "</td>\n"; // Date update echo "<td class='tbl_cont_" . $css . "'>"; if ($row['date_update'] != $row['date_creation']) { echo format_date($row['date_update'], 'short'); } echo "</td>\n"; // Status echo "<td class='tbl_cont_" . $css . "'>"; echo _T('expense_status_option_' . $row['status']); echo "</td>\n"; echo "</tr>\n"; } }
function send_registration_by_email() { global $lcm_lang_left; $_SESSION['form_data'] = array(); $_SESSION['errors'] = array(); $kwg_email = get_kwg_from_name('+email_main'); $form_items = array('name_first' => 'person_input_name_first', 'name_last' => 'person_input_name_last', 'email' => 'input_email', 'username' => 'authoredit_input_username'); foreach ($form_items as $field => $trad) { $_SESSION['form_data'][$field] = _request($field); if (!_session($field)) { $_SESSION['errors'][$field] = _Ti($trad) . _T('warning_field_mandatory'); } } if (count($_SESSION['errors'])) { lcm_header("Location: lcm_pass.php?register=yes"); exit; } install_html_start(_T('pass_title_register'), 'login'); // There is a risk that an author changes his e-mail after his account // is created, to the e-mail of another person, and therefore block the // other person from registering. But then.. this would allow the other // person to hijack the account, so it would be a stupid DoS. $query = "SELECT id_of_person, status FROM lcm_contact as c, lcm_author as a\n\t\tWHERE c.id_of_person = a.id_author\n\t\tAND value = '" . _session('email') . "'\n\t\tAND type_person = 'author'\n\t\tAND type_contact = " . $kwg_email['id_group']; $result = lcm_query($query); // Test if the user already exists if ($row = lcm_fetch_array($result)) { $id_author = $row['id_of_person']; $status = $row['status']; // TODO: if status = 'pending for validation by admin', show message if ($status == 'trash') { echo "<br />\n"; echo "<div class='box_error'>" . _T('pass_registration_denied') . "</div>\n"; } else { echo "<br />\n"; echo "<div class=\"box_error\" align=\"{$lcm_lang_left}\">" . _T('pass_warning_already_registered') . "</div>\n"; return; } } // // Send identifiers by e-mail // include_lcm('inc_access'); include_lcm('inc_mail'); $username = get_unique_username(_session('username')); $pass = create_random_password(8, $username); $mdpass = md5($pass); $open_subscription = read_meta("site_open_subscription"); if (!($open_subscription == 'yes' || $open_subscription == 'moderated')) { lcm_panic("Subscriptions not permitted."); } $status = 'waiting'; if ($open_subscription == 'yes') { $status = 'normal'; } lcm_query("INSERT INTO lcm_author (name_first, name_last, username, password, status, date_creation, date_update) " . "VALUES ('" . _session('name_first') . "', '" . _session('name_last') . "', '{$username}', '{$mdpass}', 'normal', NOW(), NOW())"); $id_author = lcm_insert_id('lcm_author', 'id_author'); // Add e-mail to lcm_contact lcm_query("INSERT INTO lcm_contact (type_person, type_contact, id_of_person, value)\n\t\t\tVALUES ('author', " . $kwg_email['id_group'] . ", {$id_author}, '" . _session('email') . "')"); // Prepare the e-mail to send to the user $site_name = _T(read_meta('site_name')); $site_address = read_meta('site_address'); $message = _T('info_greetings') . ",\n\n"; $message .= _T('pass_info_here_info', array('site_name' => $site_name, 'site_address' => $site_address)) . "\n\n"; $message .= "- " . _Ti('login_login') . " {$username}\n"; $message .= "- " . _Ti('login_password') . " {$pass}\n\n"; if ($open_subscription == 'moderated') { $message .= _T('pass_info_moderated') . "\n\n"; } $message .= _T('pass_info_automated_msg') . "\n\n"; if (send_email(_session('email'), "[{$site_name}] " . _T('pass_title_personal_identifier'), $message)) { echo "<p>" . _T('pass_info_identifier_mail') . "</p>\n"; } else { $email_admin = read_meta('email_sysadmin'); echo "<div class=\"box_error\"><p>" . _T('pass_warning_mail_failure', array('email_admin' => $email_admin)) . "</p></div>\n"; } // If moderated, send copy to site admin if ($open_subscription == 'moderated') { $email_admin = read_meta('email_sysadmin'); send_email($email_admin, "[{$site_name}] " . _T('pass_title_personal_identifier'), $message); } }
function lcm_assert_value($value, $allow_zero = false) { if (is_numeric($value) && $value == 0 && !$allow_zero) { lcm_panic("Value is 0, but allow_zero is false"); } if (!isset($value) || !$value) { lcm_panic("Missing value (unset or non-true)"); } return $value; }
$stage_info = get_kw_from_name('stage', $_REQUEST['new_stage']); $id_stage = $stage_info['id_keyword']; update_keywords_request('stage', $_SESSION['form_data']['id_case'], $id_stage); } // // Update lcm_case.date_update (if fu.date_start > c.date_update) // $q = "SELECT date_update FROM lcm_case WHERE id_case = " . $fu->getDataInt('id_case', '__ASSERT__'); $result = lcm_query($q); if ($row = lcm_fetch_array($result)) { if ($fu->getDataString('date_start', '__ASSERT__') > $row['date_update']) { $q = "UPDATE lcm_case\n\t\t\t\tSET date_update = '" . $fu->getDatastring('date_start') . "'\n\t\t\t\tWHERE id_case = " . $fu->getDataInt('id_case', '__ASSERT__'); lcm_query($q); } } else { lcm_panic("Query returned no results."); } /////////////////////////////////////////////////////////////////////// // Consequent appointment information update /////////////////////////////////////////////////////////////////////// if (isset($_SESSION['form_data']['add_appointment'])) { // No errors, proceed with database update $fl = "\ttype\t\t= '" . clean_input($_SESSION['form_data']['app_type']) . "',\n\t\ttitle\t\t= '" . clean_input($_SESSION['form_data']['app_title']) . "',\n\t\tdescription\t= '" . clean_input($_SESSION['form_data']['app_description']) . "',\n\t\tstart_time\t= '" . $_SESSION['form_data']['app_start_time'] . "',\n\t\tend_time\t= '" . $_SESSION['form_data']['app_end_time'] . "',\n\t\treminder\t= '" . $_SESSION['form_data']['app_reminder'] . "'\n\t\t"; // Add the new appointment $q = "INSERT INTO lcm_app SET "; // Add case ID $q .= 'id_case = ' . $_SESSION['form_data']['id_case'] . ','; // Add ID of the creator $q .= 'id_author = ' . $GLOBALS['author_session']['id_author'] . ','; // Add the rest of the fields $q .= "{$fl}, date_creation = NOW()";
$q .= " name " . $order_name; $result = lcm_query($q); $number_of_rows = lcm_num_rows($result); // Check for correct start position of the list if (isset($_REQUEST['list_pos'])) { $list_pos = $_REQUEST['list_pos']; } else { $list_pos = 0; } if ($list_pos >= $number_of_rows) { $list_pos = 0; } // Position to the page info start if ($list_pos > 0) { if (!lcm_data_seek($result, $list_pos)) { lcm_panic("Error seeking position {$list_pos} in the result"); } } // Output table tags // Not worth creating show_listorgs_*() for now $cpt = 0; $headers = array(); $headers[0]['title'] = "#"; $headers[0]['order'] = 'order_id'; $headers[0]['default'] = ''; $headers[1]['title'] = _Th('org_input_name'); $headers[1]['order'] = 'order_name'; $headers[1]['default'] = 'ASC'; $headers[1]['width'] = '99%'; show_list_start($headers); for ($i = 0; $i < $prefs['page_rows'] && ($row = lcm_fetch_array($result)); $i++) {
function getSpecial($number) { if ($number > $this->special_count) { lcm_panic("requested special is > " . $this->special_count); } if (!isset($this->specials[$number])) { lcm_panic("special # {$number} does not exist"); } return $this->specials[$number]; }
// // Check for access rights // // TODO $edit = 1; $write = 1; if (!($admin || $write)) { lcm_panic("You don't have permission to add follow-ups to this case"); } // // Start page // if (_request('c')) { // comment if (!_request('expense')) { lcm_panic("Missing expense ID"); } lcm_page_start(_T('title_expense_comment'), '', '', 'expenses'); } elseif (_request('expense')) { if (_request('submit') == 'set_exp_status') { lcm_page_start(_T('title_expense_comment'), '', '', 'expenses'); } else { lcm_page_start(_T('title_expense_comment'), '', '', 'expenses'); } } else { lcm_page_start(_T('title_expense_new'), '', '', 'expenses'); } /* TODO show_context_start(); show_context_case_title($case, 'followups'); show_context_case_involving($case);
function lcm_query_trunc_field($date, $type) { $ret = ""; switch ($type) { case 'day': case 'year': $ret = "date_trunc('{$type}', {$date})"; break; default: lcm_panic("Not supported"); } return $ret; }
function show_report_filters($id_report, $is_runtime = false) { // Get general report info $q = "SELECT * FROM lcm_report WHERE id_report = " . intval($id_report); $res = lcm_query($q); $rep_info = lcm_fetch_array($res); if (!$rep_info) { lcm_panic("Report does not exist: {$id_report}"); } // List filters attached to this report $query = "SELECT *\n\t\tFROM lcm_rep_filter as v, lcm_fields as f\n\t\tWHERE id_report = " . $id_report . "\n\t\tAND f.id_field = v.id_field"; // If generating the report (as opposed to editing), show filters // who have a filter type (eq, neq, in, ..), but no value. if ($is_runtime) { $query .= " AND v.type != '' AND v.value = '' "; } $result = lcm_query($query); if (lcm_num_rows($result)) { if ($is_runtime) { // submit all at once (else submit on a per-filter basis) echo '<form action="run_rep.php" name="frm_filters" method="get">' . "\n"; echo '<input name="rep" value="' . $id_report . '" type="hidden" />' . "\n"; if (isset($_REQUEST['export'])) { echo '<input name="export" value="' . $_REQUEST['export'] . '" type="hidden" />' . "\n"; } } echo "<table border='0' class='tbl_usr_dtl' width='99%'>\n"; while ($filter = lcm_fetch_array($result)) { if (!$is_runtime) { echo "<form action='upd_rep_field.php' name='frm_line_additem' method='get'>\n"; echo "<input name='update' value='filter' type='hidden' />\n"; echo "<input name='rep' value='{$id_report}' type='hidden' />\n"; echo "<input name='id_filter' value='" . $filter['id_filter'] . "' type='hidden' />\n"; } echo "<tr>\n"; echo "<td>" . _Th($filter['description']) . "</td>\n"; // Type of filter echo "<td>"; $all_filters = array('number' => array('none', 'num_eq', 'num_neq', 'num_lt', 'num_le', 'num_gt', 'num_ge'), 'date' => array('none', 'date_eq', 'date_in', 'date_lt', 'date_le', 'date_gt', 'date_ge'), 'text' => array('none', 'text_eq', 'text_neq')); if ($all_filters[$filter['filter']]) { // At runtime, if a filter has been selected, do not allow select if ($filter['type'] && $is_runtime) { echo _T('rep_filter_' . $filter['type']); } else { echo "<select name='filter_type'>\n"; echo "<option value=''>...</option>\n"; foreach ($all_filters[$filter['filter']] as $f) { $sel = $filter['type'] == $f ? ' selected="selected"' : ''; echo "<option value='" . $f . "'" . $sel . ">" . _T('rep_filter_' . $f) . "</option>\n"; } echo "</select>\n"; } } else { // XXX Should happen only if a filter was removed in a future version, e.g. rarely // or between development releases. echo "Unknown filter"; } echo "</td>\n"; // Value for filter echo "<td>"; switch ($filter['type']) { case 'num_eq': case 'num_neq': if ($filter['field_name'] == 'id_author') { $name = $is_runtime ? "filter_val" . $filter['id_filter'] : 'filter_value'; // XXX make this a function $q = "SELECT * FROM lcm_author WHERE status IN ('admin', 'normal', 'external')"; $result_author = lcm_query($q); echo "<select name='{$name}'>\n"; echo "<option value=''>...</option>\n"; // TRAD while ($author = lcm_fetch_array($result_author)) { // Check for already submitted value $sel = $filter['value'] == $author['id_author'] || $_REQUEST['filter_val' . $filter['id_filter']] == $author['id_author'] ? ' selected="selected"' : ''; echo "<option value='" . $author['id_author'] . "'" . $sel . ">" . $author['id_author'] . " : " . get_person_name($author) . "</option>\n"; } echo "</select>\n"; break; } case 'num_lt': case 'num_gt': $name = $is_runtime ? "filter_val" . $filter['id_filter'] : 'filter_value'; echo '<input style="width: 99%;" type="text" name="' . $name . '" value="' . $filter['value'] . '" />'; break; case 'date_eq': case 'date_lt': case 'date_le': case 'date_gt': case 'date_ge': $name = $is_runtime ? "filter_val" . $filter['id_filter'] : 'date'; echo get_date_inputs($name, $filter['value']); // FIXME break; case 'date_in': // date_in has two values, stored ex: 2005-01-01 00:00:00;2006-02-02 00:00:00 $name = $is_runtime ? "filter_val" . $filter['id_filter'] : 'date'; $values = split(";", $filter['value']); echo get_date_inputs($name . '_start', $values[0]); echo "<br />\n"; echo get_date_inputs($name . '_end', $values[1]); break; case 'text_eq': case 'text_neq': $name = $is_runtime ? "filter_val" . $filter['id_filter'] : 'filter_value'; if ($filter['enum_type']) { $enum = explode(":", $filter['enum_type']); if ($enum[0] == 'keyword') { if ($enum[1] == 'system_kwg') { $all_kw = get_keywords_in_group_name($enum[2]); echo '<select name="' . $name . '">' . "\n"; echo '<option value="">' . "..." . "</option>\n"; // TRAD foreach ($all_kw as $kw) { $sel = $filter['value'] == $kw['name'] || $_REQUEST['filter_val' . $filter['id_filter']] == $kw['name'] ? ' selected="selected" ' : ''; echo '<option value="' . $kw['name'] . '"' . $sel . '>' . _Tkw($enum[2], $kw['name']) . "</option>\n"; } echo "</select>\n"; } } elseif ($enum[0] == 'list') { $items = split(",", $enum[1]); echo '<select name="' . $name . '">' . "\n"; echo '<option value="">' . "..." . "</option>\n"; // TRAD foreach ($items as $i) { $tmp = $i; if ($enum[2]) { $tmp = _T($enum[2] . $tmp); } $sel = $filter['value'] == $i || $_REQUEST['filter_val' . $filter['id_filter']] == $i ? ' selected="selected" ' : ''; echo '<option value="' . $i . '"' . $sel . '>' . $tmp . "</option>\n"; } echo "</select>\n"; } } else { echo '<input style="width: 99%;" type="text" name="' . $name . '" value="' . $filter['value'] . '" />'; } break; default: echo "<!-- no type -->\n"; } echo "</td>\n"; if (!$is_runtime) { // Button to validate echo "<td>"; echo "<button class='simple_form_btn' name='validate_filter_addfield'>" . _T('button_validate') . "</button>\n"; echo "</td>\n"; // Link for "Remove" echo "<td><a class='content_link' href='upd_rep_field.php?rep=" . $id_report . "&" . "remove=filter" . "&" . "id_filter=" . $filter['id_filter'] . "'>" . "X" . "</a></td>\n"; } echo "</tr>\n"; if (!$is_runtime) { echo "</form>\n"; } } echo "</table>\n"; } if ($is_runtime) { echo "<p><button class='simple_form_btn' name='validate_filter_addfield'>" . _T('button_validate') . "</button></p>\n"; echo "</form>\n"; return; } // List all available fields in selected tables for report $query = "SELECT *\n\t\tFROM lcm_fields\n\t\tWHERE "; $sources = array(); if ($rep_info['line_src_name']) { array_push($sources, "'lcm_" . $rep_info['line_src_name'] . "'"); } // Fetch all tables available as rep colums // (this is not like rep line, because the source is not always in // lcm_report, but this should be 'fixed') $q_tmp = "SELECT DISTINCT table_name \n\t\t\t\tFROM lcm_rep_col as rp, lcm_fields as f\n\t\t\t\tWHERE rp.id_field = f.id_field\n\t\t\t\t AND rp.id_report = " . $id_report; $result_tmp = lcm_query($q_tmp); while ($row = lcm_fetch_array($result_tmp)) { array_push($sources, "'" . $row['table_name'] . "'"); } // Fetch all keyword sources if ($rep_info['col_src_type'] == 'keyword' && $rep_info['col_src_name']) { $kwg = get_kwg_from_name($rep_info['col_src_name']); if ($kwg['type'] == 'system') { switch ($kwg['name']) { } } else { if ($kwg['type'] == 'client_org') { array_push($sources, "'lcm_client'"); array_push($sources, "'lcm_org'"); } else { array_push($sources, "'lcm_" . $kwg['type'] . "'"); } } } // If lcm_case in there, also add lcm_stage $tmp = ''; foreach ($sources as $s) { if ($s == "'lcm_case'") { $tmp = "lcm_stage"; } } if ($tmp) { array_push($sources, "'lcm_stage'"); } // List only filters if table were selected as sources (line/col) if (count($sources)) { $query .= " table_name IN ( " . implode(" , ", $sources) . " ) AND "; $query .= " filter != 'none'"; $query .= " ORDER BY table_name "; echo "<!-- QUERY: {$query} -->\n"; $result = lcm_query($query); if (lcm_num_rows($result)) { echo "<form action='upd_rep_field.php' name='frm_line_additem' method='get'>\n"; echo "<input name='rep' value='" . $rep_info['id_report'] . "' type='hidden' />\n"; echo "<input name='add' value='filter' type='hidden' />\n"; echo "<p class='normal_text'>" . _Ti('rep_input_filter_add'); echo "<select name='id_field'>\n"; echo "<option value=''>...</option>\n"; while ($row = lcm_fetch_array($result)) { echo "<option value='" . $row['id_field'] . "'>" . _Ti('rep_info_table_' . $row['table_name']) . _Th($row['description']) . "</option>\n"; } echo "</select>\n"; echo "<button class='simple_form_btn' name='validate_filter_addfield'>" . _T('button_validate') . "</button>\n"; echo "</p>\n"; echo "</form>\n"; } } else { echo '<p class="normal_text">' . _T('rep_info_select_source_first') . "</p>\n"; } }
function update_contacts_request($type_person, $id_of_person) { // This will be useful later, to check mandatory/optional contacts $all_contact_kwg = get_kwg_all('contact'); // // Update existing contacts // if (isset($_REQUEST['contact_value'])) { $contacts = $_REQUEST['contact_value']; $c_ids = $_REQUEST['contact_id']; $c_types = $_REQUEST['contact_type']; // // Check if the contacts provided are really attached to the person // or else the user can provide a form with false contacts. // $all_contacts = get_contacts($type_person, $id_of_person); for ($cpt = 0; isset($c_ids[$cpt]) && $c_ids[$cpt]; $cpt++) { $valid = false; foreach ($all_contacts as $c) { if ($c['id_contact'] == $c_ids[$cpt]) { $valid = true; } } if (!$valid) { lcm_panic("Invalid modification of existing contact detected."); } } for ($cpt = 0; isset($c_ids[$cpt]); $cpt++) { // Check first to see if the contact is mandatory $kwg = get_kwg_from_id($c_types[$cpt]); $delete_allowed = true; if ($kwg['policy'] == 'mandatory') { // XXX Having policy == 'mandatory' but quantity = many // really makes a mess, and is not handled. $delete_allowed = false; } if (_request('del_contact_' . $c_ids[$cpt])) { if ($delete_allowed) { lcm_debug("Contact DEL: {$type_person}, {$id_of_person}, " . $c_ids[$cpt], 1); delete_contact($c_ids[$cpt]); } else { $_SESSION['errors']['upd_contact_' . $cpt] = _T('warning_field_mandatory'); } } else { if (!$delete_allowed && !$contacts[$cpt]) { $_SESSION['errors']['upd_contact_' . $cpt] = _T('warning_field_mandatory'); } else { lcm_debug("Contact UPD: {$type_person}, {$id_of_person}, " . $c_ids[$cpt] . ' = ' . $contacts[$cpt], 1); $err = update_contact($c_ids[$cpt], $contacts[$cpt]); if ($err) { $_SESSION['errors']['upd_contact_' . $cpt] = $err; } } } } } // // New contacts // if (isset($_REQUEST['new_contact_value'])) { $cpt = 0; $new_contacts = $_REQUEST['new_contact_value']; $c_type_names = $_REQUEST['new_contact_type_name']; while (isset($new_contacts[$cpt])) { // Process only new contacts which have a value if ($new_contacts[$cpt]) { // And make sure that they have a "type of contact" if ($c_type_names[$cpt]) { lcm_debug("Contact NEW: {$type_person}, {$id_of_person}, Name = " . $c_type_names[$cpt] . ', ' . $new_contacts[$cpt], 1); $err = add_contact($type_person, $id_of_person, $c_type_names[$cpt], $new_contacts[$cpt]); if ($err) { $_SESSION['errors']['new_contact_' . $cpt] = $err; } } else { $_SESSION['errors']['new_contact_' . $cpt] = "Please specify the type of contact."; // TRAD } } $cpt++; } } // // Check if all mandatory contacts were provided // $all_contacts = get_contacts($type_person, $id_of_person); foreach ($all_contact_kwg as $c) { if ($c['policy'] == 'mandatory') { $found = false; foreach ($all_contacts as $a) { if ($a['name'] == $c['name'] && trim($a['value'])) { $found = true; } } if (!$found) { $_SESSION['errors']['contact_' . $c['name']] = _Ti($c['title']) . _T('warning_field_mandatory'); } } } }
$_SESSION['form_data']['date_start'] = $row['start_time']; $_SESSION['form_data']['date_end'] = $row['end_time']; $_SESSION['form_data']['description'] = str_replace(' ', ' ', $_SESSION['form_data']['description']); } } } // // Check for access rights // $edit = allowed($_SESSION['form_data']['id_case'], 'e'); $write = allowed($_SESSION['form_data']['id_case'], 'w'); if (!($admin || $write)) { lcm_panic("You don't have permission to add follow-ups to this case"); } if (isset($_SESSION['followup']) && !$edit) { lcm_panic("You do not have the permission to edit existing follow-ups"); } // // Change status/stage: check for if case status/stage is different than current // $statuses = get_possible_case_statuses(); // yes, stupid patch because of annoying PHP warnings // the whole code needs a rewrite anyway.. too much spagetti! if (!isset($_REQUEST['submit'])) { $_REQUEST['submit'] = ''; } if ($_REQUEST['submit'] == 'set_status') { // Get case status $result = lcm_query("SELECT status FROM lcm_case WHERE id_case = " . $case); $row = lcm_fetch_array($result); if ($statuses[$_REQUEST['type']] == $row['status']) {
function format_money_india($money, $two_cents = true, $show_currency_sign = false) { // See format_money() above. // This version formats money for indian standards. // ex: 100000 is 1,00,000.00 -- not 100,000.00 if (is_string($money)) { $money = trim($money); } if (!$money) { $money = 0.0; } if (!($money === 0.0 || is_numeric($money))) { lcm_panic("parameter is not a valid number: " . $money); } $seperator_cents = _T('currency_format_seperator_cents'); $seperator_hundreds = _T('currency_format_seperator_hundreds'); $hundreds = (int) $money; $cents = round(($money - $hundreds) * 100); // only two last digits // format as text if ($two_cents) { // i.e. "is money" $str_cents = sprintf('%02u', $cents); } else { // i.e. "not money" (ex: file size) $str_cents = preg_replace("/0+\$/", "", $cents); } // Start with the first 3 digits if ($hundreds >= 1000) { $str_hundreds = sprintf('%03u', $hundreds % 1000); } else { $str_hundreds = $hundreds; } // not clean hack because it will go into the loop below $hundreds /= 10; $hundreds = intval($hundreds); while ($hundreds > 99) { $hundreds /= 100; if ($hundreds >= 100) { $str_hundreds = sprintf('%02u', $hundreds % 100) . $seperator_hundreds . $str_hundreds; } else { $str_hundreds = $hundreds % 100 . $seperator_hundreds . $str_hundreds; } } $str_final = $str_hundreds; if ($str_cents) { $str_final .= $seperator_cents . $str_cents; } if ($show_currency_sign) { $str_final = _T('currency_format_placement', array('currency' => htmlspecialchars(read_meta('currency')), 'money' => $str_final)); } return $str_final; }