Ejemplo n.º 1
0
 public function getRequest($name, $default = null)
 {
     $return = $default;
     if (isset($_POST[$name])) {
         $return = safe_input($_POST[$name]);
     } else {
         if (isset($_GET[$name])) {
             $return = safe_input($_GET[$name]);
         }
     }
     return $return;
 }
Ejemplo n.º 2
0
/** 
 * Assign a tag to a lead.
 * This process will delete the lead tags and assign the new.
 * 
 * @param mixed Id (int) or ids (array) of the lead.
 * @param mixed Name (string) or names (array) of the tag.
 * @param bool 	Wether html encode the names or not.
 * 
 * @return mixed The number of assigned tags of false (bool) on error.
 */
function create_lead_tag_with_names($lead_id, $tag_name, $encode_names = false)
{
    if (empty($lead_id)) {
        throw new InvalidArgumentException(__('The lead id cannot be empty'));
    }
    if (empty($tag_name)) {
        throw new InvalidArgumentException(__('The tag name cannot be empty'));
    }
    if (!is_array($lead_id)) {
        $lead_id = array($lead_id);
    }
    if (!is_array($tag_name)) {
        $tag_name = array($tag_name);
    }
    if ($encode_names) {
        $tag_name = safe_input($tag_name);
    }
    $expected_assingments = count($lead_id) * count($tag_name);
    $successfull_assingments = 0;
    // Delete the old tags
    $delete_res = process_sql_delete(LEADS_TABLE, array(LEADS_TABLE_LEAD_ID_COL => $lead_id));
    if ($delete_res !== false) {
        foreach ($lead_id as $l_id) {
            if (is_numeric($l_id) && $l_id > 0) {
                foreach ($tag_name as $t_name) {
                    if (!empty($t_name)) {
                        $tag_id = get_db_value(TAGS_TABLE_ID_COL, TAGS_TABLE, TAGS_TABLE_NAME_COL, $t_name);
                        if (is_numeric($tag_id) && $tag_id > 0) {
                            $values = array(LEADS_TABLE_LEAD_ID_COL => $l_id, LEADS_TABLE_TAG_ID_COL => $tag_id);
                            $result = process_sql_insert(LEADS_TABLE, $values);
                            if ($result !== false) {
                                $successfull_assingments++;
                            }
                        }
                    }
                }
            }
        }
    }
    if ($delete_res === false || $expected_assingments > 0 && $successfull_assingments === 0) {
        $successfull_assingments = false;
    }
    return $successfull_assingments;
}
Ejemplo n.º 3
0
/**
 * This function creates an inventory object for each agent of pandora with name, address, description 
 * and extra fields if are defined as operating system and url address
 */
function synchronize_pandora_inventory()
{
    global $config;
    if (!isset($config["pandora_url"])) {
        return;
    }
    if ($config["pandora_url"] == "") {
        return;
    }
    $separator = ':;:';
    $url = $config['pandora_url'] . '/include/api.php?op=get&apipass='******'pandora_api_password'] . '&op2=all_agents&return_type=csv&user='******'pandora_user'] . '&pass='******'pandora_pass'];
    $return = call_api($url);
    $agents_csv = explode("\n", $return);
    foreach ($agents_csv as $agent_csv) {
        // Avoiding empty csv lines like latest one
        if ($agent_csv == '') {
            continue;
        }
        $values = array();
        $agent = explode(";", $agent_csv);
        $agent_id = $agent[0];
        $agent_name = $agent[1];
        $agent_name_safe = safe_input($agent_name);
        $address = $agent[2];
        $description = $agent[3];
        $os_name = $agent[4];
        $url_address = $agent[5];
        // Check if exist to avoid the creation
        $inventory_id = get_db_value('id', 'tinventory', 'name', $agent_name_safe);
        if ($inventory_id !== false) {
            process_sql_delete('tinventory', array('id' => $inventory_id));
            process_sql_delete('tobject_field_data', array('id_inventory' => $inventory_id));
        }
        $id_object_type = get_db_value('id', 'tobject_type', 'name', safe_input('Pandora agents'));
        $values['name'] = $agent_name_safe;
        $values['description'] = $description;
        $values['id_object_type'] = $id_object_type;
        $values['id_contract'] = $config['default_contract'];
        $id_inventory = process_sql_insert('tinventory', $values);
        if ($id_inventory) {
            $id_type_field_os = get_db_value_filter('id', 'tobject_type_field', array('id_object_type' => $id_object_type, 'label' => safe_input('OS')));
            $id_type_field_ip = get_db_value_filter('id', 'tobject_type_field', array('id_object_type' => $id_object_type, 'label' => safe_input('IP Address')));
            if ($id_type_field_ip == false) {
                $id_type_field_ip = get_db_value_filter('id', 'tobject_type_field', array('id_object_type' => $id_object_type, 'label' => 'IP Address'));
            }
            $id_type_field_url = get_db_value_filter('id', 'tobject_type_field', array('id_object_type' => $id_object_type, 'label' => safe_input('URL Address')));
            if ($id_type_field_url == false) {
                $id_type_field_url = get_db_value_filter('id', 'tobject_type_field', array('id_object_type' => $id_object_type, 'label' => 'URL Address'));
            }
            $id_type_field_id = get_db_value_filter('id', 'tobject_type_field', array('id_object_type' => $id_object_type, 'label' => safe_input('ID Agent')));
            if ($id_type_field_id == false) {
                $id_type_field_id = get_db_value_filter('id', 'tobject_type_field', array('id_object_type' => $id_object_type, 'label' => 'ID Agent'));
            }
            $value_os = array();
            $value_os['id_inventory'] = $id_inventory;
            $value_os['id_object_type_field'] = $id_type_field_os;
            $value_os['data'] = $os_name;
            process_sql_insert('tobject_field_data', $value_os);
            $value_ip = array();
            $value_ip['id_inventory'] = $id_inventory;
            $value_ip['id_object_type_field'] = $id_type_field_ip;
            $value_ip['data'] = $address;
            process_sql_insert('tobject_field_data', $value_ip);
            $value_url = array();
            $value_url['id_inventory'] = $id_inventory;
            $value_url['id_object_type_field'] = $id_type_field_url;
            $value_url['data'] = $url_address;
            process_sql_insert('tobject_field_data', $value_url);
            $value_id = array();
            $value_id['id_inventory'] = $id_inventory;
            $value_id['id_object_type_field'] = $id_type_field_id;
            $value_id['data'] = $agent_id;
            process_sql_insert('tobject_field_data', $value_id);
        }
    }
}
Ejemplo n.º 4
0
    $temp = array();
    // Check if already exists
    /*
     * CREATE TABLE `tcompany_contact` (
      `id` mediumint(8) unsigned NOT NULL auto_increment,
      `id_company` mediumint(8) unsigned NOT NULL,
      `fullname` varchar(150) NOT NULL default '',
      `email` varchar(100) NULL default NULL,
      `phone` varchar(55) NULL default NULL,
      `mobile` varchar(55) NULL default NULL,
      `position` varchar(150) NULL default NULL,
      `description` text NULL DEFAULT NULL,
      `disabled` tinyint(1) NULL default 0,
      PRIMARY KEY  (`id`),
      FOREIGN KEY (`id_company`) REFERENCES tcompany(`id`)
          ON DELETE CASCADE
    ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
    * */
    $id_contact = get_db_value('id', 'tcompany_contact', 'fullname', safe_input($values["fullname"]));
    if ($id_contact == "" and $id_company != "") {
        $temp["fullname"] = safe_input(trim($values['fullname']));
        $temp["email"] = safe_input(trim($values["email_address"]));
        $temp["phone"] = safe_input(trim($values["phone_home"]));
        $temp["mobile"] = safe_input(trim($values["phone_mobile"]));
        $temp["description"] = safe_input(trim($values["description"]));
        $temp["position"] = safe_input(trim($values["title"]));
        $temp["id_company"] = $id_company;
        process_sql_insert('tcompany_contact', $temp);
    }
}
fclose($file);
Ejemplo n.º 5
0
    $base_dir = 'include/mailtemplates';
    $files = list_files($base_dir, ".tpl", 1, 0);
    $retval = array();
    foreach ($files as $file) {
        $retval[$file] = $file;
    }
    return $retval;
}
$update = get_parameter("upd_button", "none");
$refresh = get_parameter("edit_button", "none");
$template = get_parameter("template", "");
$data = "";
// Load template from disk to textarea
if ($refresh != "none") {
    $full_filename = "include/mailtemplates/" . get_parameter("template");
    $data = safe_input(file_get_contents($full_filename));
}
// Update configuration
if ($update != "none") {
    $data = unsafe_string(str_replace("\r\n", "\n", $_POST["template_content"]));
    $file = "include/mailtemplates/" . $template;
    $fileh = fopen($file, "wb");
    if (fwrite($fileh, $data)) {
        echo "<h3 class='suc'>" . lang_string(__('File successfully updated')) . "</h3>";
    } else {
        echo "<h3 class='error'>" . lang_string(__('Problem updating file')) . " ({$file}) </h3>";
    }
    fclose($file);
}
$table->width = '99%';
$table->class = 'search-table-button';
Ejemplo n.º 6
0
 }
 if ($get_data_child) {
     $id_field = get_parameter('id_field', 0);
     if ($id_field) {
         $label_field = get_db_value_sql("SELECT label FROM tincident_type_field WHERE id=" . $id_field);
     } else {
         $label_field = get_parameter('label_field');
     }
     $label_field_enco = get_parameter('label_field_enco', 0);
     if ($label_field_enco) {
         $label_field_enco = str_replace("&quot;", "", $label_field_enco);
         $label_field = base64_decode($label_field_enco);
     }
     $id_parent = get_parameter('id_parent');
     $value_parent = get_parameter('value_parent');
     $value_parent = safe_input(safe_output(base64_decode($value_parent)));
     $sql = "SELECT linked_value FROM tincident_type_field WHERE parent=" . $id_parent . "\n\t\t\tAND label='" . $label_field . "'";
     $field_data = get_db_value_sql($sql);
     $result = false;
     if ($field_data != "") {
         $data = explode(',', $field_data);
         foreach ($data as $item) {
             if ($value_parent == 'any') {
                 $pos_pipe = strpos($item, '|') + 1;
                 $len_item = strlen($item);
                 $value_aux = substr($item, $pos_pipe, $len_item);
                 $result[$value_aux] = $value_aux;
             } else {
                 $pattern = "/^" . $value_parent . "\\|/";
                 if (preg_match($pattern, $item)) {
                     $value_aux = preg_replace($pattern, "", $item);
Ejemplo n.º 7
0
    $user_fields = array();
}
if (isset($_GET["borrar_grupo"])) {
    $grupo = get_parameter('borrar_grupo');
    enterprise_hook('delete_group');
}
$action = get_parameter("action", "edit");
$alta = get_parameter("alta");
///////////////////////////////
// LOAD USER VALUES
///////////////////////////////
if (($action == 'edit' || $action == 'update') && !$alta) {
    $modo = "edicion";
    $update_user = safe_output(get_parameter("update_user", ""));
    // Read user data to include in form
    $sql = "SELECT * FROM tusuario WHERE id_usuario = '" . safe_input($update_user) . "'";
    $rowdup = get_db_row_sql($sql);
    if ($rowdup === false) {
        echo "<h3 class='error'>" . __('There was a problem loading user') . "</h3>";
        echo "</table>";
        include "general/footer.php";
        exit;
    } else {
        $password = $rowdup["password"];
        $comentarios = $rowdup["comentarios"];
        $direccion = $rowdup["direccion"];
        $telefono = $rowdup["telefono"];
        $nivel = $rowdup["nivel"];
        $nombre_real = $rowdup["nombre_real"];
        $avatar = $rowdup["avatar"];
        $lang = $rowdup["lang"];
Ejemplo n.º 8
0
include_once('include/functions_crm.php');
include_once('include/functions_incidents.php');
$id = (int) get_parameter ('id');

$contact = get_db_row ('tcompany_contact', 'id', $id);

$read = check_crm_acl ('other', 'cr', $config['id_user'], $contact['id_company']);
if (!$read) {
	audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation","Trying to access to contact tickets without permission");
	include ("general/noaccess.php");
	exit;
}

$email = safe_output($contact["email"]);
$email = trim($email);
$email = safe_input($email);

$incidents = incidents_get_by_notified_email ($email);

if (!$incidents) {
    echo ui_print_error_message (__("This contact doesn't have any ticket associated"), '', true, 'h3', true);
} else {

	$table->class = "listing";
	$table->width = "99%";
	$table->head[0] = __("ID");
	$table->head[1] = __("Ticket");
	$table->head[2] = __("Status");
	$table->head[3] = __("Priority");
	$table->head[4] = __("Updated");
	$table->data = array();
Ejemplo n.º 9
0
echo "<th>".__('Avg. Scoring');

$min = $offset;
$max = $offset+$config['block_size']-1;
$i = 0;

if (!empty($values)) {
	foreach ($values as $key => $value){

		if($i < $min || $i > $max) {
			$i++;
			continue;
		}
		$i++;

		$row0 = get_db_row ("tusuario", "id_usuario", safe_input("$key"));
		if ($row0){
			$nombre = $row0["id_usuario"];
			$avatar = $row0["avatar"];

			// Get total hours for this month
			$sql= "SELECT SUM(duration) FROM tworkunit WHERE timestamp > '$begin_month' AND timestamp < '$end_month' AND id_user = '******'";
			if ($res = mysql_query($sql)) {	
				$row=mysql_fetch_array($res);
			}
				
			echo "<tr><td>";
				
			echo "<a href='index.php?sec=users&sec2=operation/users/user_edit&id=$nombre' class='tip'>&nbsp;<span>";
			$usuario = get_db_row ("tusuario", "id_usuario", $nombre);
			echo "<b>".$usuario["nombre_real"] . "</b><br>";
 /**
  * Create a zip package with the /tmp files in the user folder on tattachment/file_sharing
  * and delete the original files.
  * Fill the files with FileSharingFile objects is required. This objects should have filled
  * the params 'fullpath' and 'basename'.
  * 
  * @return array The index 'status' shows the result of the operation, the index 'message'
  * returns a message and the index 'bad_files' returns an array with the not created files.
  */
 public function save()
 {
     global $config;
     $result = array('status' => false, 'message' => '', 'badFiles' => array());
     if (isset($this->files) && !empty($this->files) && is_array($this->files)) {
         if (isset($this->id)) {
             // Do nothing. At this moment the package edition is not supported
             $result['message'] = __('At this moment the package edition is not supported');
         } else {
             // Package creation
             if (class_exists("ZipArchive")) {
                 // The admin can manage the file uploads as any user
                 $user_is_admin = (bool) dame_admin($config['id_user']);
                 if ($user_is_admin) {
                     $id_user = get_parameter("id_user", $config['id_user']);
                     // If the user doesn't exist get the current user
                     $user_data = get_user($id_user);
                     if (empty($user_data)) {
                         $id_user = $config['id_user'];
                     }
                     $this->uploader = $id_user;
                 } else {
                     $this->uploader = $config['id_user'];
                 }
                 if (!isset($this->filename) || empty($this->filename)) {
                     $this->filename = 'IntegriaIMS-SharedFile';
                 }
                 if (!isset($this->description)) {
                     $this->description = '';
                 }
                 if (!isset($this->created)) {
                     $this->created = time();
                 }
                 $this->filename .= ".zip";
                 // Insert the package info into the tattachment table
                 $values = array();
                 $values['id_usuario'] = safe_input($this->uploader);
                 $values['filename'] = safe_input($this->filename);
                 $values['timestamp'] = date("Y-m-d", $this->created);
                 $values['public_key'] = hash("sha256", $id . $this->uploader . $this->filename . $this->created);
                 $values['file_sharing'] = 1;
                 $id = process_sql_insert(FileSharingFile::$dbTable, $values);
                 if (!empty($id)) {
                     $this->id = $id;
                     if (!file_exists(self::$fileSharingDir) && !is_dir(self::$fileSharingDir)) {
                         mkdir(self::$fileSharingDir);
                     }
                     $userDir = self::$fileSharingDir . "/" . $this->uploader;
                     if (!file_exists($userDir) && !is_dir($userDir)) {
                         mkdir($userDir);
                     }
                     $this->fullpath = $userDir . "/" . $this->id . "_" . $this->filename;
                     // Zip creation
                     $zip = new ZipArchive();
                     $res = $zip->open($this->fullpath, ZipArchive::CREATE);
                     if ($res === true) {
                         foreach ($this->files as $file) {
                             if (is_array($file)) {
                                 $file = new FileSharingFile($file);
                             }
                             $fullpath = $file->getFullpath();
                             $basename = $file->getBasename();
                             if ($file->isReadable() && !empty($fullpath) && !empty($basename)) {
                                 // Add the file to the package
                                 if (!$zip->addFile($fullpath, $basename)) {
                                     $result['badFiles'][] = $file;
                                 }
                             } else {
                                 $result['badFiles'][] = $file;
                             }
                         }
                         $zip->close();
                         $filesCount = count($this->files);
                         $badFilesCount = count($result['badFiles']);
                         if ($badFilesCount == 0) {
                             $result['status'] = true;
                         } else {
                             if ($badFilesCount < $filesCount) {
                                 $result['status'] = true;
                                 $result['message'] = __('Not all the files where added to the package');
                             } else {
                                 $result['message'] = __('An error occurred while building the package');
                             }
                         }
                         // Remove the original files
                         foreach ($this->files as $file) {
                             if (is_array($file)) {
                                 $file = new FileSharingFile($file);
                             }
                             $file->deleteFromDisk();
                         }
                         // Reload the data and recheck the package
                         if ($result['status']) {
                             $this->loadWithID($this->id);
                             if (!$this->exists || !$this->readable) {
                                 $result['status'] = false;
                                 $result['message'] = __('An error occurred while building the package');
                                 $result['badFiles'] = array();
                                 $this->delete();
                             } else {
                                 // The file was created successsfully
                                 $this->trackingCreation();
                             }
                         }
                     }
                 } else {
                     $result['message'] = __('An error occurred while creating the package');
                     foreach ($this->files as $file) {
                         if (is_array($file)) {
                             $file = new FileSharingFile($file);
                         }
                         $file->deleteFromDisk();
                     }
                 }
             } else {
                 if (get_admin_user($config['id_user'])) {
                     $result['message'] = __("Impossible to handle the package. You have to install the PHP's Zip extension");
                 } else {
                     $result['message'] = __('An error occurred while building the package');
                 }
             }
         }
     } else {
         $result['message'] = __('This package has no files');
     }
     return $result;
 }
Ejemplo n.º 11
0
			$project_access = get_project_access ($config["id_user"], $id_project);
			if (!$project_access["manage"]) {
				audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation","Trying to create tasks in an unauthorized project");
				no_permission ();
			}
		}
		
		$data_array = preg_split ("/\n/", $tasklist);
		
		foreach ($data_array as $data_item){
			$data = trim($data_item);
			
			if ($data != "") {
				$sql = sprintf ('INSERT INTO ttask (id_project, name, id_parent_task, start, end) 
								VALUES (%d, "%s", %d, "%s", "%s")',
								$id_project, safe_input ($data), $parent, $start, $end);

				$id_task = process_sql ($sql, 'insert_id');
				
				if ($id_task) {
					$sql = sprintf("SELECT id_role FROM trole_people_project
									WHERE id_project = %d AND id_user = '******'", $id_project, $owner);
					
					$id_role = process_sql($sql);
					$role = $id_role[0]['id_role'];

					$sql = sprintf('INSERT INTO trole_people_task (id_user, id_role, id_task)
									VALUES ("%s", %d, %d)', $owner, $role, $id_task);

					$result2 = process_sql($sql);
					if (! $result2) {
Ejemplo n.º 12
0
function save_message_workunit()
{
    global $config;
    global $dir;
    global $id;
    include "include/functions_workunits.php";
    $return = array('correct' => false);
    $file_global_counter_chat = $dir . '/incident.' . $id . '.global_counter.txt';
    $log_chat_file = $dir . '/incident.' . $id . '.log.json.txt';
    //First lock the file
    $fp_global_counter = @fopen($file_global_counter_chat, "a+");
    if ($fp_global_counter === false) {
        echo json_encode($return);
        return;
    }
    //Try to look MAX_TIMES times
    $tries = 0;
    while (!flock($fp_global_counter, LOCK_EX)) {
        $tries++;
        if ($tries > MAX_TIMES) {
            echo json_encode($return);
            return;
        }
        sleep(1);
    }
    $text_encode = @file_get_contents($log_chat_file);
    $log = json_decode($text_encode, true);
    //debugPrint($log);
    $txtChat = __('---------- CHAT -------------');
    $txtChat .= "\n";
    foreach ($log as $message) {
        if ($message['type'] == 'notification') {
            //Disabled at the moment
            continue;
            //$txtChat .= __("<<SYSTEM>>");
        } else {
            $txtChat .= $message['user_name'];
        }
        $txtChat .= " :> ";
        $txtChat .= $message['text'];
        $txtChat .= "\n";
    }
    create_workunit($id, safe_input($txtChat), $config['id_user']);
    fclose($fp_global_counter);
    $return['correct'] = true;
    echo json_encode($return);
    return;
}
Ejemplo n.º 13
0
    if (empty($values['name'])) {
        continue;
    }
    // Check parent
    if ($values["account_type"] == "") {
        $values["account_type"] = "Other";
    }
    print $values["name"];
    print " - ";
    print $values["account_type"];
    print "\n";
    $id_company_role = get_db_value('id', 'tcompany_role', 'name', safe_input($values["account_type"]));
    if ($id_company_role == "") {
        $temp = array();
        $temp["name"] = safe_input($values["account_type"]);
        $id_company_role = process_sql_insert('tcompany_role', $temp);
        // Created new company role
        print "[*] Created new company role " . $temp["name"] . " with ID {$id_company_role} \n";
    }
    $temp = array();
    // Check if already exists
    $id_company = get_db_value('id', 'tcompany', 'name', safe_input($values["name"]));
    if ($id_company == "") {
        $temp["name"] = safe_input($values["name"]);
        $temp["address"] = safe_input($values["billing_address_street"] . "\n" . $values["billing_address_city"] . "\n" . $values["billing_address_state"] . "\n" . $values["billing_address_postalcode"] . "\n" . $values["billing_address_country"]);
        $temp["comments"] = safe_input($values["description"] . "\n" . $values["phone_office"] . "\n" . $values["phone_alternate"] . "\n" . $values["website"]);
        $temp["id_company_role"] = $id_company_role;
        process_sql_insert('tcompany', $temp);
    }
}
fclose($file);
Ejemplo n.º 14
0
/** 
 * Get a parameter from post request array.
 * 
 * @param name Name of the parameter
 * @param default Value returned if there were no parameter.
 * 
 * @return Parameter value.
 */
function get_parameter_post($name, $default = "")
{
    if (isset($_POST[$name]) && $_POST[$name] != "") {
        return safe_input($_POST[$name]);
    }
    return $default;
}
Ejemplo n.º 15
0
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.

global $config;

check_login ();

include_once("include/functions_crm.php");

// We need to strip HTML entities if we want to use in a sql search
$search_string = get_parameter ("search_string","");

// Delete spaces from start and end of the search string
$search_string = safe_input(trim(safe_output($search_string)));

if ($search_string == ""){

    echo "<h2>";
    echo __("Global Search");
    echo "</h2>";
    echo "<h4>";
    echo __("Empty search string");
    echo "</h4>";
    return;
}

echo "<h2>";
echo __("Global Search");
echo "</h2>";
Ejemplo n.º 16
0
                    no_permission();
                }
            }
        } else {
            $project_access = get_project_access($config["id_user"], $id_project);
            if (!$project_access["manage"]) {
                audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to create tasks in an unauthorized project");
                no_permission();
            }
        }
        $data_array = preg_split("/\n/", $tasklist);
        foreach ($data_array as $data_item) {
            $data = trim($data_item);
            if ($data != "") {
                $sql = sprintf('INSERT INTO ttask (id_project, name, id_parent_task, start, end) 
								VALUES (%d, "%s", %d, "%s", "%s")', $id_project, safe_input($data), $parent, $start, $end);
                $id_task = process_sql($sql, 'insert_id');
                if ($id_task) {
                    $sql = sprintf("SELECT id_role FROM trole_people_project\n\t\t\t\t\t\t\t\t\tWHERE id_project = %d AND id_user = '******'", $id_project, $owner);
                    $id_role = process_sql($sql);
                    $role = $id_role[0]['id_role'];
                    $sql = sprintf('INSERT INTO trole_people_task (id_user, id_role, id_task)
									VALUES ("%s", %d, %d)', $owner, $role, $id_task);
                    $result2 = process_sql($sql);
                    if (!$result2) {
                        echo "<h3 class='error'>" . __('An error ocurred setting the permissions for the task ' . $data) . "</h3>";
                    }
                } else {
                    echo "<h3 class='error'>" . __('The task ' . $data . ' could not be created') . "</h3>";
                }
            }
Ejemplo n.º 17
0
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
// Load globar vars
global $config;
check_login();
if (!give_acl($config["id_user"], 0, "UM")) {
    audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access User Management");
    require "general/noaccess.php";
    exit;
}
include_once 'include/functions_user.php';
if (isset($_GET["borrar_usuario"])) {
    // if delete user
    $nombre = safe_input($_GET["borrar_usuario"]);
    user_delete_user($nombre);
}
$offset = get_parameter("offset", 0);
$search_text = get_parameter("search_text", "");
$disabled_user = get_parameter("disabled_user", -1);
$level = get_parameter("level", -10);
$group = get_parameter("group", 0);
echo '<h2>' . __('User management') . '</h2>';
echo '<h4>' . __('List users') . '</h4>';
echo "<div style='width:100%' class='divform'>";
if (!isset($filter_form)) {
    $filter_form = '';
}
form_search_users(false, $filter_form);
echo "<form method=post action='index.php?sec=users&sec2=godmode/usuarios/configurar_usuarios&alta=1'>";
Ejemplo n.º 18
0
            return;
        }
    }
    // Does not exist
    echo json_encode(true);
    return;
} elseif ($search_existing_task) {
    require_once 'include/functions_db.php';
    $project_id = (int) get_parameter('project_id');
    $operation_type = (string) get_parameter('type');
    if ($operation_type == "create") {
        $tasks_names = get_parameter('task_name');
        $tasks_names = safe_output($tasks_names);
        $tasks_names = preg_split("/\n/", $tasks_names);
        foreach ($tasks_names as $task_name) {
            $task_name = safe_input($task_name);
            $query_result = get_db_value_filter("name", "ttask", array('name' => $task_name, 'id_project' => $project_id));
            if ($query_result) {
                // Exists. Validation error
                echo json_encode(false);
                return;
            }
        }
    } elseif ($operation_type == "view") {
        $task_name = get_parameter('task_name');
        $old_task_id = get_parameter('task_id');
        if (!$project_id) {
            $project_id = get_db_value("id_project", "ttask", "id", $old_task_id);
        }
        // Name of the edited task
        $old_task_name = get_db_value("name", "ttask", "id", $old_task_id);
Ejemplo n.º 19
0
function inventories_load_file($objects_file)
{
    $file_handle = fopen($objects_file, "r");
    global $config;
    while (!feof($file_handle)) {
        $create = true;
        $line = fgets($file_handle);
        if ($line == '' || !isset($line)) {
            continue;
        }
        preg_match_all('/(.*),/', $line, $matches);
        $values = explode(',', $line);
        $id_object_type = $values[0];
        $owner = $values[1];
        $name = $values[2];
        $public = $values[3];
        $description = $values[4];
        $id_contract = $values[5];
        $id_manufacturer = $values[6];
        $id_parent = $values[7];
        $id_companies = $values[8];
        $id_users = $values[9];
        $status = $values[10];
        if ($id_companies != '') {
            $id_companies_arr = explode(';', $id_companies);
        } else {
            $id_companies_arr = array();
        }
        if ($id_users != '') {
            $id_users_arr = explode(';', $id_users);
        } else {
            $id_users_arr = array();
        }
        $value = array('id_object_type' => $id_object_type, 'owner' => $owner, 'name' => safe_input($name), 'public' => $public, 'description' => safe_input($description), 'id_contract' => $id_contract, 'id_manufacturer' => $id_manufacturer, 'id_parent' => $id_parent, 'status' => $status, 'last_update' => date("Y/m/d", get_system_time()));
        if ($name == '') {
            echo "<h3 class='error'>" . __('Inventory name empty') . "</h3>";
            $create = false;
        } else {
            $inventory_id = get_db_value('id', 'tinventory', 'name', $name);
            if ($inventory_id != false) {
                echo "<h3 class='error'>" . __('Inventory ') . $name . __(' already exists') . "</h3>";
                $create = false;
            }
        }
        if ($id_contract != 0 && $id_contract != '') {
            $exists = get_db_value('id', 'tcontract', 'id', $id_contract);
            if (!$exists) {
                echo "<h3 class='error'>" . __('Contract ') . $id_contract . __(' doesn\'t exist') . "</h3>";
                $create = false;
            }
        }
        if ($id_manufacturer != 0 && $id_manufacturer != '') {
            $exists = get_db_value('id', 'tmanufacturer', 'id', $id_manufacturer);
            if (!$exists) {
                echo "<h3 class='error'>" . __('Manufacturer ') . $id_manufacturer . __(' doesn\'t exist') . "</h3>";
                $create = false;
            }
        }
        if ($id_object_type != 0 && $id_object_type != '') {
            $exists_object_type = get_db_value('id', 'tobject_type', 'id', $id_object_type);
            if (!$exists_object_type) {
                echo "<h3 class='error'>" . __('Object type ') . $id_object_type . __(' doesn\'t exist') . "</h3>";
                $create = false;
            } else {
                //~ $all_fields = inventories_get_all_type_field ($id_object_type);
                $sql = "SELECT * FROM tobject_type_field WHERE id_object_type=" . $id_object_type;
                $all_fields = get_db_all_rows_sql($sql);
                if ($all_fields == false) {
                    $all_fields = array();
                }
                $value_data = array();
                $i = 11;
                $j = 0;
                foreach ($all_fields as $key => $field) {
                    $data = $values[$i];
                    switch ($field['type']) {
                        case 'combo':
                            $combo_val = explode(",", $field['combo_value']);
                            $k = array_search($data, $combo_val);
                            if ($k === false) {
                                echo "<h3 class='error'>" . __('Field ') . $field['label'] . __(' doesn\'t match. Valid values: ') . $field['combo_value'] . "</h3>";
                                $create = false;
                            }
                            break;
                        case 'numeric':
                            $res = is_numeric($data);
                            if (!$res) {
                                echo "<h3 class='error'>" . __('Field ') . $field['label'] . __(' must be numeric') . "</h3>";
                                $create = false;
                            }
                            break;
                        case 'external':
                            $table_ext = $field['external_table_name'];
                            $exists_table = get_db_sql("SHOW TABLES LIKE '{$table_ext}'");
                            if (!$exists_table) {
                                echo "<h3 class='error'>" . __('External table ') . $table_ext . __(' doesn\'t exist') . "</h3>";
                                $create = false;
                            }
                            $id = $field['external_reference_field'];
                            $exists_id = get_db_sql("SELECT {$id} FROM {$table_ext}");
                            if (!$exists_id) {
                                echo "<h3 class='error'>" . __('Id ') . $id . __(' doesn\'t exist') . "</h3>";
                                $create = false;
                            }
                            break;
                    }
                    if ($field['inherit']) {
                        $ok = inventories_check_unique_field($data, $field['type']);
                        if (!$ok) {
                            echo "<h3 class='error'>" . __('Field ') . $field['label'] . __(' must be unique') . "</h3>";
                            $create = false;
                        }
                    }
                    $value_data[$j]['id_object_type_field'] = $field['id'];
                    $value_data[$j]['data'] = safe_input($data);
                    $i++;
                    $j++;
                }
            }
        }
        if ($create) {
            $result_id = process_sql_insert('tinventory', $value);
            if ($result_id) {
                foreach ($value_data as $k => $val_data) {
                    $val_data['id_inventory'] = $result_id;
                    process_sql_insert('tobject_field_data', $val_data);
                }
                if (!empty($id_companies_arr)) {
                    foreach ($id_companies_arr as $id_company) {
                        $values_company['id_inventory'] = $result_id;
                        $values_company['id_reference'] = $id_company;
                        $values_company['type'] = 'company';
                        process_sql_insert('tinventory_acl', $values_company);
                    }
                }
                if (!empty($id_users_arr)) {
                    foreach ($id_users_arr as $id_user) {
                        $values_user['id_inventory'] = $result_id;
                        $values_user['id_reference'] = $id_user;
                        $values_user['type'] = 'user';
                        process_sql_insert('tinventory_acl', $values_user);
                    }
                }
            }
        }
    }
    //end while
    fclose($file_handle);
    echo "<h3 class='info'>" . __('File loaded') . "</h3>";
    return;
}
Ejemplo n.º 20
0
function print_bubble_incidents_per_user_graph($incidents_by_user)
{
    $max_radius = 0;
    $min_visual_radius = 0.5;
    $adjust_visual = false;
    $data = array();
    $id = 0;
    //First we calculate max_radius to ensure a correct visualization
    $incident_radius = array();
    foreach ($incidents_by_user as $incident) {
        $radius = $incident['workunits'] + $incident['hours'] + 0.1 * $incident['files'];
        if ($radius > $max_radius) {
            $max_radius = $radius;
        }
        $incident_radius[$id] = $radius;
        $id++;
    }
    if ($max_radius < $min_visual_radius) {
        $adjust_visual = true;
        $max_radius = 3;
    }
    $id = 0;
    foreach ($incidents_by_user as $incident) {
        $content = '<b>' . __('Creator') . ':</b> ' . safe_input($incident['user_name']) . '<br>' . '<b>' . __('Ticket') . ':</b> ' . safe_input($incident['incident_name']) . '<br>' . '<b>' . __('Workunits') . ':</b> ' . safe_input($incident['workunits']) . '<br>' . '<b>' . __('Hours') . ':</b> ' . safe_input($incident['hours']) . '<br>' . '<b>' . __('Files') . ':</b> ' . safe_input($incident['files']);
        if ($adjust_visual) {
            $radius = 3;
        } else {
            $radius = $incident_radius[$id];
        }
        $row = array();
        $row['radius'] = $radius;
        $row['id_creator'] = $incident['id_creator'];
        $row['content'] = $content;
        $row['link'] = 'index.php?' . 'sec=incidents&' . 'sec2=operation/incidents/incident_dashboard_detail&' . 'id=' . $incident['id_incident'];
        $row['id'] = $id;
        $data[$id] = $row;
        $id++;
    }
    ?>
	<script type="text/javascript">
		var nodes = [
			<?php 
    $first = true;
    foreach ($data as $node) {
        if (!$first) {
            echo ",\n";
        }
        $first = false;
        echo "{\n\t\t\t\t\t'radius': " . $node['radius'] . ",\n\t\t\t\t\t'id_creator': '" . $node['id_creator'] . "',\n\t\t\t\t\t'content': '" . $node['content'] . "',\n\t\t\t\t\t'link': '" . $node['link'] . "',\n\t\t\t\t\t'id': " . $node['id'] . ",\n\t\t\t\t\t}\n";
    }
    ?>
		];
	</script>
	<?php 
    ?>
	<div id="graph_container"></div>
	<style type="text/css">
		circle {
		  stroke: #fff;
		}
		
		circle.over {
			stroke: #999;
		}
		
		circle.mouse_down {
			stroke: #000;
		}
	</style>
	<script type="text/javascript">
		var margin = {top: 0, right: 0, bottom: 0, left: 0},
			width = 960 - margin.left - margin.right,
			height = 500 - margin.top - margin.bottom;
		
		var padding = 6;
		var radius = d3.scale.sqrt().range([0, <?php 
    echo $max_radius;
    ?>
]);
		var color = d3.scale.category20();
		
		var svg = d3.select("#graph_container").append("svg")
			.attr("width", width + margin.left + margin.right)
			.attr("height", height + margin.top + margin.bottom)
			.append("g")
			.attr("transform", "translate(" + margin.left + "," + margin.top + ")");
		
		var force = d3.layout.force()
			.nodes(nodes)
			.size([width, height])
			.gravity(.02)
			.charge(0)
			.on("tick", tick)
			.start();
		
		
		var circle = svg.selectAll("circle")
			.data(nodes)
			.enter().append("circle")
			.attr("id", function(d) { return "node_" + d.id;})
			.attr("r", function(d) { return radius(d.radius); })
			.style("fill", function(d) { return color(d.id_creator); })
			.on("mouseover", over)
			.on("mouseout", out)
			.on("mousemove", move_tooltip)
			.on("mousedown", mouse_down)
			.on("mouseup", mouse_up)
			.call(force.drag);
		
		function tick(e) {
			circle
				.each(cluster(10 * e.alpha * e.alpha))
				.each(collide(0.5))
				.attr("cx", function(d) { return d.x; })
				.attr("cy", function(d) { return d.y; });
		}
		
		// Move d to be adjacent to the cluster node.
		function cluster(alpha) {
			var max = {};
			
			// Find the largest node for each cluster.
			nodes.forEach(function(d) {
				if (!(color(d.color) in max)
					|| (radius(d.radius) > radius(max[color(d.color)].radius))) {
					max[color(d.color)] = d;
				}
			});
			
			return function(d) {
				var node = max[color(d.color)],
				l,
				r,
				x,
				y,
				i = -1;
				
				if (node == d) return;
				
				x = d.x - node.x;
				y = d.y - node.y;
				l = Math.sqrt(x * x + y * y);
				r = radius(d.radius) + radius(node.radius);
				if (l != r) {
					l = (l - r) / l * alpha;
					d.x -= x *= l;
					d.y -= y *= l;
					node.x += x;
					node.y += y;
				}
			};
		}
		
		// Resolves collisions between d and all other circles.
		function collide(alpha) {
			var quadtree = d3.geom.quadtree(nodes);
			return function(d) {
				var r = radius(d.radius) + radius.domain()[1] + padding,
					nx1 = d.x - r,
					nx2 = d.x + r,
					ny1 = d.y - r,
					ny2 = d.y + r;
					
				quadtree.visit(function(quad, x1, y1, x2, y2) {
					if (quad.point && (quad.point !== d)) {
						var x = d.x - quad.point.x,
							y = d.y - quad.point.y,
							l = Math.sqrt(x * x + y * y),
							r = radius(d.radius) + quad.point.radius
								+ (color(d.color) !== quad.point.color) * padding;
						
						if (l < r) {
							l = (l - r) / l * alpha;
							d.x -= x *= l;
							d.y -= y *= l;
							quad.point.x += x;
							quad.point.y += y;
						}
					}
					return x1 > nx2
						|| x2 < nx1
						|| y1 > ny2
						|| y2 < ny1;
				});
			};
		}
		
		var mouse_click_x;
		var mouse_click_y;
		
		function mouse_up(d) {
			x = d3.event.clientX;
			y = d3.event.clientY;
			
			if ((x == mouse_click_x) && 
				(y == mouse_click_y)) {
				window.location = d.link;
			}
		}
		
		function mouse_down(d) {
			svg.select("#node_" + d.id)
				.attr("class", "mouse_down");
			
			mouse_click_x = d3.event.clientX;
			mouse_click_y = d3.event.clientY;
		}
		
		function over(d) {
			svg.select("#node_" + d.id)
				.attr("class", "over");
			
			show_tooltip(d);
		}
		
		function out(d) {
			svg.select("#node_" + d.id)
				.attr("class", "");
			
			hide_tooltip();
		}
		
		function move_tooltip(d) {
			x = d3.event.clientX + 10;
			y = d3.event.clientY + 10;
			
			$("#tooltip").css('left', x + 'px');
			$("#tooltip").css('top', y + 'px');
		}
		
		function create_tooltip(d, x, y) {
			if ($("#tooltip").length == 0) {
				$("body")
					.append($("<div></div>")
					.attr('id', 'tooltip')
					.html(d.content));
			}
			else {
				$("#tooltip").html(d.content);
			}
			
			$("#tooltip").attr('style', 'background: #fff;' + 
				'position: absolute;' + 
				'display: block;' + 
				'width: 200px;' + 
				'text-align: left;' + 
				'padding: 10px 10px 10px 10px;' + 
				'z-index: 2;' + 
				"-webkit-box-shadow: 7px 7px 5px rgba(50, 50, 50, 0.75);" +
				"-moz-box-shadow:    7px 7px 5px rgba(50, 50, 50, 0.75);" +
				"box-shadow:         7px 7px 5px rgba(50, 50, 50, 0.75);" +
				'left: ' + x + 'px;' + 
				'top: ' + y + 'px;');
		}
		
		
		function show_tooltip(d) {
			x = d3.event.clientX + 10;
			y = d3.event.clientY + 10;
			
			create_tooltip(d, x, y);
		}
		
		function hide_tooltip() {
			$("#tooltip").hide();
		}
	</script>
	<?php 
}
Ejemplo n.º 21
0
    if ($len < $nfields) {
        $data = array_pad($data, $nfields, '');
    } elseif ($len > $nfields) {
        $data = array_slice($data, NULL, $nfields);
    }
    $values = array_combine($fields, $data);
    if (empty($values['name'])) {
        continue;
    }
    print $values["name"];
    print " - ";
    print $values["account"];
    print " - ";
    print $values["start_date"];
    print " - ";
    print $values["expiry_date"];
    print "\n";
    $id_account = get_db_value('id', 'tcompany', 'name', safe_input($values["account"]));
    $temp = array();
    // Check if already exists
    $id_contract = get_db_value('id', 'tcontract', 'name', safe_input($values["name"]));
    if ($id_contract == "" and $id_account != "") {
        $temp["name"] = safe_input(trim($values["name"]));
        $temp["description"] = safe_input(trim($values["description"]));
        $temp["date_begin"] = safe_input(trim($values["start_date"]));
        $temp["date_end"] = safe_input(trim($values["expiry_date"]));
        $temp["id_company"] = $id_account;
        process_sql_insert('tcontract', $temp);
    }
}
fclose($file);
Ejemplo n.º 22
0
/**
 * Prints an image HTML element.
 *
 * @param string $src Image source filename.
 * @param bool $return Whether to return or print
 * @param array $options Array with optional HTML options to set. At this moment, the 
 * following options are supported: alt, style, title, width, height, class, pos_tree.
 * @param bool $return_src Whether to return src field of image ('images/*.*') or complete html img tag ('<img src="..." alt="...">'). 
 *
 * @return string HTML code if return parameter is true.
 */
function print_image($src, $return = false, $options = false, $return_src = false)
{
    global $config;
    // path to image
    //~ $src = $config["base_url"] . '/' . $src;
    $src = $config["base_url_images"] . '/' . $src;
    // Only return src field of image
    if ($return_src) {
        if (!$return) {
            echo safe_input($src);
            return;
        }
        return safe_input($src);
    }
    $output = '<img src="' . safe_input($src) . '" ';
    //safe input necessary to strip out html entities correctly
    $style = '';
    if (!empty($options)) {
        //Deprecated or value-less attributes
        if (isset($options["align"])) {
            $style .= 'align:' . $options["align"] . ';';
            //Align is deprecated, use styles.
        }
        if (isset($options["border"])) {
            $style .= 'border:' . $options["border"] . 'px;';
            //Border is deprecated, use styles
        }
        if (isset($options["hspace"])) {
            $style .= 'margin-left:' . $options["hspace"] . 'px;';
            //hspace is deprecated, use styles
            $style .= 'margin-right:' . $options["hspace"] . 'px;';
        }
        if (isset($options["ismap"])) {
            $output .= 'ismap="ismap" ';
            //Defines the image as a server-side image map
        }
        if (isset($options["vspace"])) {
            $style .= 'margin-top:' . $options["vspace"] . 'px;';
            //hspace is deprecated, use styles
            $style .= 'margin-bottom:' . $options["vspace"] . 'px;';
        }
        if (isset($options["style"])) {
            $style .= $options["style"];
        }
        //Valid attributes (invalid attributes get skipped)
        $attrs = array("height", "longdesc", "usemap", "width", "id", "class", "title", "lang", "xml:lang", "onclick", "ondblclick", "onmousedown", "onmouseup", "onmouseover", "onmousemove", "onmouseout", "onkeypress", "onkeydown", "onkeyup", "pos_tree");
        foreach ($attrs as $attribute) {
            if (isset($options[$attribute])) {
                $output .= $attribute . '="' . safe_input($options[$attribute]) . '" ';
            }
        }
    } else {
        $options = array();
    }
    if (!isset($options["alt"]) && isset($options["title"])) {
        $options["alt"] = safe_input($options["title"]);
        //Set alt to title if it's not set
    } elseif (!isset($options["alt"])) {
        $options["alt"] = "";
    }
    if (!empty($style)) {
        $output .= 'style="' . $style . '" ';
    }
    $output .= 'alt="' . safe_input($options['alt']) . '" />';
    if (!$return) {
        echo $output;
    }
    return $output;
}
Ejemplo n.º 23
0
 protected function tracking($action)
 {
     global $config;
     $result = false;
     if (isset($this->id) && !empty($this->id)) {
         $userID = isset($config['id_user']) && !empty($config['id_user']) ? $config['id_user'] : '';
         $data = array('remote_addr' => $_SERVER['REMOTE_ADDR']);
         // To json string
         $data = json_encode($data);
         $values = array('id_attachment' => $this->id, 'timestamp' => date('Y-m-d H:i:s'), 'id_user' => safe_input($userID), 'action' => $action, 'data' => safe_input($data));
         $result = process_sql_insert(self::$dbTableTrack, $values);
     }
     return $result;
 }