function display($data)
{
echo '<fieldset><legend style="font-size:1.2em;">Choose the template of the project</legend>';
include $GLOBALS['Language']->getContent('project/template');
$rows = db_numrows($this->db_templates);
if ($rows > 0) {
//echo '<h3>From templates</h3><blockquote>';
$GLOBALS['HTML']->box1_top($GLOBALS['Language']->getText('register_template', 'choose'));
print '
<TABLE width="100%">';
for ($i = 0; $i < $rows; $i++) {
$this->_displayProject(db_result($this->db_templates, $i, 'group_id'), db_result($this->db_templates, $i, 'group_name'), db_result($this->db_templates, $i, 'register_time'), db_result($this->db_templates, $i, 'unix_group_name'), db_result($this->db_templates, $i, 'short_description'));
}
print '</TABLE>';
$GLOBALS['HTML']->box1_bottom();
//echo '</blockquote>';
}
//{{{ Projects where current user is admin
$result = db_query("SELECT groups.group_name AS group_name, " . "groups.group_id AS group_id, " . "groups.unix_group_name AS unix_group_name, " . "groups.register_time AS register_time, " . "groups.short_description AS short_description " . "FROM groups, user_group " . "WHERE groups.group_id = user_group.group_id " . "AND user_group.user_id = '" . user_getid() . "' " . "AND user_group.admin_flags = 'A' " . "AND groups.status='A' ORDER BY group_name");
echo db_error($result);
$rows = db_numrows($result);
if ($result && $rows) {
include $GLOBALS['Language']->getContent('project/template_my');
echo '<br />';
$GLOBALS['HTML']->box1_top($GLOBALS['Language']->getText('register_template', 'choose_admin'));
print '<TABLE width="100%">';
for ($i = 0; $i < $rows; $i++) {
$this->_displayProject(db_result($result, $i, 'group_id'), db_result($result, $i, 'group_name'), db_result($result, $i, 'register_time'), db_result($result, $i, 'unix_group_name'), db_result($result, $i, 'short_description'));
}
print '</TABLE>';
$GLOBALS['HTML']->box1_bottom();
}
//}}}
echo '</fieldset>';
}
function Widget_MySurveys()
{
$this->Widget('mysurveys');
$no_survey = true;
// Get id and title of the survey that will be promoted to user page. default = survey whose id=1
if ($GLOBALS['sys_my_page_survey']) {
$developer_survey_id = $GLOBALS['sys_my_page_survey'];
} else {
$developer_survey_id = "1";
}
$survey = SurveySingleton::instance();
$sql = "SELECT * from surveys WHERE survey_id=" . db_ei($developer_survey_id);
$result = db_query($sql);
$group_id = db_result($result, 0, 'group_id');
$purifier = Codendi_HTMLPurifier::instance();
$survey_title = $purifier->purify($survey->getSurveyTitle(db_result($result, 0, 'survey_title')));
// Check that the survey is active
$devsurvey_is_active = db_result($result, 0, 'is_active');
if ($devsurvey_is_active == 1) {
$sql = "SELECT * FROM survey_responses " . "WHERE survey_id='" . db_ei($developer_survey_id) . "' AND user_id='" . db_ei(user_getid()) . "'";
$result = db_query($sql);
if (db_numrows($result) < 1) {
$no_survey = false;
$this->content .= '<a href="/survey/survey.php?group_id=' . $group_id . '&survey_id=' . $developer_survey_id . '">' . $survey_title . '</a>';
}
}
if ($no_survey) {
$this->content .= $GLOBALS['Language']->getText('my_index', 'no_survey');
}
}
function session_require($req)
{
global $Language;
/*
Codendi admins always return true
*/
if (user_is_super_user()) {
return true;
}
if (isset($req['group']) && $req['group']) {
$query = "SELECT user_id FROM user_group WHERE user_id=" . user_getid() . " AND group_id=" . db_ei($req['group']);
if (isset($req['admin_flags']) && $req['admin_flags']) {
$query .= " AND admin_flags = '" . db_escape_string($req['admin_flags']) . "'";
}
if (db_numrows(db_query($query)) < 1 || !$req['group']) {
exit_error($Language->getText('include_session', 'insufficient_g_access'), $Language->getText('include_session', 'no_perm_to_view'));
}
} elseif (isset($req['user']) && $req['user']) {
if (user_getid() != $req['user']) {
exit_error($Language->getText('include_session', 'insufficient_u_access'), $Language->getText('include_session', 'no_perm_to_view'));
}
} elseif (isset($req['isloggedin']) && $req['isloggedin']) {
if (!user_isloggedin()) {
exit_error($Language->getText('include_session', 'required_login'), $Language->getText('include_session', 'login'));
}
} else {
exit_error($Language->getText('include_session', 'insufficient_access'), $Language->getText('include_session', 'no_access'));
}
}
function getContent()
{
$html_my_bookmarks = '';
$result = db_query("SELECT bookmark_url, bookmark_title, bookmark_id from user_bookmarks where " . "user_id='" . user_getid() . "' ORDER BY bookmark_title");
$rows = db_numrows($result);
if (!$result || $rows < 1) {
$html_my_bookmarks .= $GLOBALS['Language']->getText('my_index', 'no_bookmark');
$html_my_bookmarks .= db_error();
} else {
$purifier = Codendi_HTMLPurifier::instance();
$html_my_bookmarks .= '<table style="width:100%">';
for ($i = 0; $i < $rows; $i++) {
$bookmark_url = $purifier->purify(db_result($result, $i, 'bookmark_url'), CODENDI_PURIFIER_CONVERT_HTML);
if (my_has_URL_invalid_content($bookmark_url)) {
$bookmark_url = '';
}
$bookmark_title = $purifier->purify(db_result($result, $i, 'bookmark_title'), CODENDI_PURIFIER_CONVERT_HTML);
$html_my_bookmarks .= '<TR class="' . util_get_alt_row_color($i) . '"><TD>';
$html_my_bookmarks .= '<A HREF="' . $bookmark_url . '">' . $bookmark_title . '</A> ';
$html_my_bookmarks .= '<small><A HREF="/my/bookmark_edit.php?bookmark_id=' . db_result($result, $i, 'bookmark_id') . '">[' . $GLOBALS['Language']->getText('my_index', 'edit_link') . ']</A></SMALL></TD>';
$html_my_bookmarks .= '<td style="text-align:right"><A HREF="/my/bookmark_delete.php?bookmark_id=' . db_result($result, $i, 'bookmark_id') . '">';
$html_my_bookmarks .= '<IMG SRC="' . util_get_image_theme("ic/trash.png") . '" HEIGHT="16" WIDTH="16" BORDER="0" ALT="DELETE"></A></td></tr>';
}
$html_my_bookmarks .= '</table>';
}
$html_my_bookmarks .= '<div style="text-align:center; font-size:0.8em;"><a href="/my/bookmark_add.php">[' . $GLOBALS['Language']->getText('my_index', 'add_bookmark') . ']</a></div>';
return $html_my_bookmarks;
}
function register_valid()
{
if (!$GLOBALS["Update"]) {
return 0;
}
// check against old pw
$res = db_query("SELECT user_pw, status FROM users WHERE user_id=" . user_getid());
$row_pw = db_fetch_array($res);
if ($row_pw[user_pw] != md5($GLOBALS[form_oldpw])) {
$GLOBALS[register_error] = "Old password is incorrect.";
return 0;
}
if ($row_pw[status] != 'A') {
$GLOBALS[register_error] = "Account must be active to change password.";
return 0;
}
if (!$GLOBALS[form_pw]) {
$GLOBALS[register_error] = "You must supply a password.";
return 0;
}
if ($GLOBALS[form_pw] != $GLOBALS[form_pw2]) {
$GLOBALS[register_error] = "Passwords do not match.";
return 0;
}
if (!account_pwvalid($GLOBALS[form_pw])) {
return 0;
}
// if we got this far, it must be good
$user =& user_get_object(user_getid());
if (!$user->setPasswd($GLOBALS['form_pw'])) {
$GLOBALS['register_error'] = $user->getErrorMessage();
return 0;
}
return 1;
}
/**
* getPublicArea
*
* Return the link which will be displayed in public area in summary page
*/
function getPublicArea()
{
$html = '';
$html .= '<p><a href="/file/showfiles.php?group_id=' . $this->getGroupId() . '">';
$html .= $GLOBALS['Response']->getImage("ic/file.png", array('width' => '20', 'height' => '20', 'alt' => $GLOBALS['Language']->getText('include_project_home', 'files')));
$html .= ' ' . $GLOBALS['Language']->getText('include_project_home', 'file_releases') . '</a>';
$html .= ' ( ' . $GLOBALS['Language']->getText('include_project_home', 'packages', count($this->_getPackagesForUser(user_getid()))) . ' )';
$html .= '</p>';
return $html;
}
function getContent()
{
$html_my_monitored_forums = '';
$sql = "SELECT groups.group_id, groups.group_name " . "FROM groups,forum_group_list,forum_monitored_forums " . "WHERE groups.group_id=forum_group_list.group_id " . "AND groups.status = 'A' " . "AND forum_group_list.is_public <> 9 " . "AND forum_group_list.group_forum_id=forum_monitored_forums.forum_id " . "AND forum_monitored_forums.user_id='" . user_getid() . "' ";
$um =& UserManager::instance();
$current_user =& $um->getCurrentUser();
if ($current_user->isRestricted()) {
$projects = $current_user->getProjects();
$sql .= "AND groups.group_id IN (" . implode(',', $projects) . ") ";
}
$sql .= "GROUP BY group_id ORDER BY group_id ASC LIMIT 100";
$result = db_query($sql);
$rows = db_numrows($result);
if (!$result || $rows < 1) {
$html_my_monitored_forums .= $GLOBALS['Language']->getText('my_index', 'my_forums_msg');
} else {
$request =& HTTPRequest::instance();
$html_my_monitored_forums .= '<table style="width:100%">';
for ($j = 0; $j < $rows; $j++) {
$group_id = db_result($result, $j, 'group_id');
$sql2 = "SELECT forum_group_list.group_forum_id,forum_group_list.forum_name " . "FROM groups,forum_group_list,forum_monitored_forums " . "WHERE groups.group_id=forum_group_list.group_id " . "AND groups.group_id={$group_id} " . "AND forum_group_list.is_public <> 9 " . "AND forum_group_list.group_forum_id=forum_monitored_forums.forum_id " . "AND forum_monitored_forums.user_id='" . user_getid() . "' LIMIT 100";
$result2 = db_query($sql2);
$rows2 = db_numrows($result2);
$vItemId = new Valid_UInt('hide_item_id');
$vItemId->required();
if ($request->valid($vItemId)) {
$hide_item_id = $request->get('hide_item_id');
} else {
$hide_item_id = null;
}
$vForum = new Valid_WhiteList('hide_forum', array(0, 1));
$vForum->required();
if ($request->valid($vForum)) {
$hide_forum = $request->get('hide_forum');
} else {
$hide_forum = null;
}
list($hide_now, $count_diff, $hide_url) = my_hide_url('forum', $group_id, $hide_item_id, $rows2, $hide_forum);
$html_hdr = ($j ? '<tr class="boxitem"><td colspan="2">' : '') . $hide_url . '<A HREF="/forum/?group_id=' . $group_id . '">' . db_result($result, $j, 'group_name') . '</A> ';
$html = '';
$count_new = max(0, $count_diff);
for ($i = 0; $i < $rows2; $i++) {
if (!$hide_now) {
$group_forum_id = db_result($result2, $i, 'group_forum_id');
$html .= '
<TR class="' . util_get_alt_row_color($i) . '"><TD WIDTH="99%">' . ' - <A HREF="/forum/forum.php?forum_id=' . $group_forum_id . '">' . stripslashes(db_result($result2, $i, 'forum_name')) . '</A></TD>' . '<TD ALIGN="center"><A HREF="/my/stop_monitor.php?forum_id=' . $group_forum_id . '" onClick="return confirm(\'' . $GLOBALS['Language']->getText('my_index', 'stop_forum') . '\')">' . '<IMG SRC="' . util_get_image_theme("ic/trash.png") . '" HEIGHT="16" WIDTH="16" ' . 'BORDER=0 ALT="' . $GLOBALS['Language']->getText('my_index', 'stop_monitor') . '"></A></TD></TR>';
}
}
$html_hdr .= my_item_count($rows2, $count_new) . '</td></tr>';
$html_my_monitored_forums .= $html_hdr . $html;
}
$html_my_monitored_forums .= '</table>';
}
return $html_my_monitored_forums;
}
function getContent()
{
$frsrf = new FRSReleaseFactory();
$html_my_monitored_fp = '';
$sql = "SELECT groups.group_name,groups.group_id " . "FROM groups,filemodule_monitor,frs_package " . "WHERE groups.group_id=frs_package.group_id " . "AND frs_package.status_id !=" . $frsrf->STATUS_DELETED . " " . "AND frs_package.package_id=filemodule_monitor.filemodule_id " . "AND filemodule_monitor.user_id='" . user_getid() . "' ";
$um =& UserManager::instance();
$current_user =& $um->getCurrentUser();
if ($current_user->isRestricted()) {
$projects = $current_user->getProjects();
$sql .= "AND groups.group_id IN (" . implode(',', $projects) . ") ";
}
$sql .= "GROUP BY group_id ORDER BY group_id ASC LIMIT 100";
$result = db_query($sql);
$rows = db_numrows($result);
if (!$result || $rows < 1) {
$html_my_monitored_fp .= $GLOBALS['Language']->getText('my_index', 'my_files_msg');
} else {
$html_my_monitored_fp .= '<table style="width:100%">';
$request =& HTTPRequest::instance();
for ($j = 0; $j < $rows; $j++) {
$group_id = db_result($result, $j, 'group_id');
$sql2 = "SELECT frs_package.name,filemodule_monitor.filemodule_id " . "FROM groups,filemodule_monitor,frs_package " . "WHERE groups.group_id=frs_package.group_id " . "AND groups.group_id={$group_id} " . "AND frs_package.status_id !=" . $frsrf->STATUS_DELETED . " " . "AND frs_package.package_id=filemodule_monitor.filemodule_id " . "AND filemodule_monitor.user_id='" . user_getid() . "' LIMIT 100";
$result2 = db_query($sql2);
$rows2 = db_numrows($result2);
$vItemId = new Valid_UInt('hide_item_id');
$vItemId->required();
if ($request->valid($vItemId)) {
$hide_item_id = $request->get('hide_item_id');
} else {
$hide_item_id = null;
}
$vFrs = new Valid_WhiteList('hide_frs', array(0, 1));
$vFrs->required();
if ($request->valid($vFrs)) {
$hide_frs = $request->get('hide_frs');
} else {
$hide_frs = null;
}
list($hide_now, $count_diff, $hide_url) = my_hide_url('frs', $group_id, $hide_item_id, $rows2, $hide_frs);
$html_hdr = ($j ? '<tr class="boxitem"><td colspan="2">' : '') . $hide_url . '<A HREF="/project/?group_id=' . $group_id . '">' . db_result($result, $j, 'group_name') . '</A> ';
$html = '';
$count_new = max(0, $count_diff);
for ($i = 0; $i < $rows2; $i++) {
if (!$hide_now) {
$html .= '
<TR class="' . util_get_alt_row_color($i) . '">' . '<TD WIDTH="99%"> - <A HREF="/file/showfiles.php?group_id=' . $group_id . '">' . db_result($result2, $i, 'name') . '</A></TD>' . '<TD><A HREF="/file/filemodule_monitor.php?filemodule_id=' . db_result($result2, $i, 'filemodule_id') . '&group_id=' . $group_id . '" onClick="return confirm(\'' . $GLOBALS['Language']->getText('my_index', 'stop_file') . '\')">' . '<IMG SRC="' . util_get_image_theme("ic/trash.png") . '" HEIGHT="16" WIDTH="16" ' . 'BORDER=0" ALT="' . $GLOBALS['Language']->getText('my_index', 'stop_monitor') . '"></A></TD></TR>';
}
}
$html_hdr .= my_item_count($rows2, $count_new) . '</td></tr>';
$html_my_monitored_fp .= $html_hdr . $html;
}
$html_my_monitored_fp .= '</table>';
}
return $html_my_monitored_fp;
}
/**
* $params['isScript']
* $params['groupId']
* $params['time']
*/
function logUser($params)
{
if (!$params['isScript']) {
$uid = 0;
$uid = user_getid();
$request = HTTPRequest::instance();
$cookie_manager = new CookieManager();
$userLogManager = new UserLogManager();
$userLogManager->logAccess($params['time'], $params['groupId'], $uid, $cookie_manager->getCookie('session_hash'), $request->getFromServer('HTTP_USER_AGENT'), $request->getFromServer('REQUEST_METHOD'), $request->getFromServer('REQUEST_URI'), HTTPRequest::instance()->getIPAddress(), $request->getFromServer('HTTP_REFERER'));
}
}
function register_valid()
{
if (!$GLOBALS["Update"]) {
return 0;
}
$GLOBALS[form_authorized_keys] = trim($GLOBALS[form_authorized_keys]);
$GLOBALS[form_authorized_keys] = ereg_replace("(\r\n)|(\n)", "###", $GLOBALS[form_authorized_keys]);
// if we got this far, it must be good
db_query("UPDATE users SET authorized_keys='{$GLOBALS['form_authorized_keys']}' WHERE user_id=" . user_getid());
return 1;
}
/**
* getSummaryPageContent
*
* Return the text to display on the summary page
* @return arr[title], arr[content]
*/
function getSummaryPageContent()
{
$hp = Codendi_HTMLPurifier::instance();
$ret = array('title' => $GLOBALS['Language']->getText('include_project_home', 'latest_file_releases'), 'content' => '');
$packages = $this->_getPackagesForUser(user_getid());
if (count($packages)) {
$ret['content'] .= '
<table cellspacing="1" cellpadding="5" width="100%" border="0">
<tr class="boxitem">
<td>
' . $GLOBALS['Language']->getText('include_project_home', 'package') . '
</td>
<td>
' . $GLOBALS['Language']->getText('include_project_home', 'version') . '
</td>
<td>
' . $GLOBALS['Language']->getText('include_project_home', 'download') . '
</td>
</tr>
';
require_once 'FileModuleMonitorFactory.class.php';
$fmmf = new FileModuleMonitorFactory();
foreach ($packages as $package) {
// the icon is different whether the package is monitored or not
if ($fmmf->isMonitoring($package['package_id'])) {
$monitor_img = $GLOBALS['HTML']->getImage("ic/notification_stop.png", array('alt' => $GLOBALS['Language']->getText('include_project_home', 'stop_monitoring'), 'title' => $GLOBALS['Language']->getText('include_project_home', 'stop_monitoring')));
} else {
$monitor_img = $GLOBALS['HTML']->getImage("ic/notification_start.png", array('alt' => $GLOBALS['Language']->getText('include_project_home', 'start_monitoring'), 'title' => $GLOBALS['Language']->getText('include_project_home', 'start_monitoring')));
}
$ret['content'] .= '
<TR class="boxitem">
<TD>
<B>' . $hp->purify(util_unconvert_htmlspecialchars($package['package_name']), CODENDI_PURIFIER_CONVERT_HTML) . '</B>
<a HREF="/file/filemodule_monitor.php?filemodule_id=' . $package['package_id'] . '">' . $monitor_img . '
</a>
</TD>';
// Releases to display
$ret['content'] .= '<TD>' . $hp->purify($package['release_name'], CODENDI_PURIFIER_CONVERT_HTML) . ' <A href="/file/shownotes.php?group_id=' . $this->getGroupId() . '&release_id=' . $package['release_id'] . '">' . $GLOBALS['HTML']->getImage("ic/text.png", array('alt' => $GLOBALS['Language']->getText('include_project_home', 'release_notes'), 'title' => $GLOBALS['Language']->getText('include_project_home', 'release_notes'))) . '
</TD>
<TD><A HREF="/file/showfiles.php?group_id=' . $this->getGroupId() . '&release_id=' . $package['release_id'] . '">' . $GLOBALS['Language']->getText('include_project_home', 'download') . '</A></TD></TR>';
}
$ret['content'] .= '</table>';
} else {
$ret['content'] .= '<b>' . $GLOBALS['Language']->getText('include_project_home', 'no_files_released') . '</b>';
}
$ret['content'] .= '
<div align="center">
<a href="/file/showfiles.php?group_id=' . $this->getGroupId() . '">[' . $GLOBALS['Language']->getText('include_project_home', 'view_all_files') . ']</A>
</div>
';
return $ret;
}
function User_nforge($id = '')
{
if ($id) {
$this->setID($id);
$u =& user_get_object_by_name($id);
} else {
$u =& user_get_object(user_getid());
if ($u and is_object($u) and !$u->isError()) {
global $DBInfo;
$id = $u->getUnixName();
}
if (!empty($id)) {
$this->setID($id);
$udb = new UserDB($DBInfo);
$tmp = $udb->getUser($id);
// get timezone and make timezone offset
$tz_offset = date('Z');
$update = 0;
if ($tz_offset != $tmp->info['tz_offset']) {
$update = 1;
}
if (!empty($DBInfo->use_homepage_url) and empty($tmp->info['home']) or $update or empty($tmp->info['nick']) or $tmp->info['nick'] != $u->data_array['realname']) {
// register user
$tmp->info['tz_offset'] = $tz_offset;
$tmp->info['nick'] = $u->data_array['realname'];
if (!empty($DBInfo->use_homepage_url)) {
$tmp->info['home'] = util_make_url_u($u->getID(), true);
}
$udb->saveUser($tmp);
}
} else {
$id = 'Anonymous';
$this->setID('Anonymous');
}
}
$this->css = isset($_COOKIE['MONI_CSS']) ? $_COOKIE['MONI_CSS'] : '';
$this->theme = isset($_COOKIE['MONI_THEME']) ? $_COOKIE['MONI_THEME'] : '';
$this->bookmark = isset($_COOKIE['MONI_BOOKMARK']) ? $_COOKIE['MONI_BOOKMARK'] : '';
$this->trail = isset($_COOKIE['MONI_TRAIL']) ? _stripslashes($_COOKIE['MONI_TRAIL']) : '';
$this->tz_offset = isset($_COOKIE['MONI_TZ']) ? _stripslashes($_COOKIE['MONI_TZ']) : '';
$this->nick = isset($_COOKIE['MONI_NICK']) ? _stripslashes($_COOKIE['MONI_NICK']) : '';
if ($this->tz_offset == '') {
$this->tz_offset = date('Z');
}
if (!empty($id) and $id != 'Anonymous') {
global $DBInfo;
$udb = new UserDB($DBInfo);
if (!$udb->_exists($id)) {
$dummy = $udb->saveUser($this);
}
}
}
public function processUpload(HTTPRequest $request)
{
$attch = new PHPWikiAttachment();
$request_uri = preg_replace('/^\\/wiki/', PHPWIKI_PLUGIN_BASE_URL, $request->getFromServer('REQUEST_URI'));
$attch->setUri($request_uri);
if ($attch->exist() && $attch->isActive()) {
if ($attch->isAutorized(user_getid())) {
$attch->htmlDump();
}
} else {
exit_error($GLOBALS['Language']->getText('global', 'error'), $GLOBALS['Language']->getText('plugin_phpwiki_attachment_upload', 'err_not_exist'));
}
}
/**
* handle the insertion of history for corresponding parameters
* $args is an array containing a list of parameters to use when
* the message is to be displayed by the history.php script
* The array is stored as a string at the end of the field_name
* with the following format:
* field_name %% [arg1, arg2...]
*
* @param String $fieldName Event category
* @param String $oldValue Event value
* @param Integer $groupId Project ID
* @param Array $args list of parameters used for message display
*
* @return DataAccessResult
*/
function groupAddHistory($fieldName, $oldValue, $groupId, $args = false)
{
if ($args) {
$fieldName .= " %% " . implode("||", $args);
}
$userId = user_getid();
if ($userId == 0) {
$userId = 100;
}
$sql = 'insert into ' . $this->table_name . '(group_id,field_name,old_value,mod_by,date)
VALUES (' . $this->da->escapeInt($groupId) . ' , ' . $this->da->quoteSmart($fieldName) . ', ' . $this->da->quoteSmart($oldValue) . ' , ' . $this->da->escapeInt($userId) . ' , ' . $this->da->escapeInt($_SERVER['REQUEST_TIME']) . ')';
$this->retrieve($sql);
}
function register_valid()
{
if (!$GLOBALS["Update"]) {
return 0;
}
if (!$GLOBALS[form_shell]) {
$GLOBALS[register_error] = "You must supply a new login shell.";
return 0;
}
// if we got this far, it must be good
db_query("UPDATE users SET shell='{$GLOBALS['form_shell']}' WHERE user_id=" . user_getid());
return 1;
}
/**
* Creates a time entry record
*
* NOTE: this is a real hack as it uses the existing procedural code to call on functionality.
* The biggest drawback is that this method will not be able to return the Primary Key for the
* time entry record because the key is a unixtimestamp (see the way the UI uses timeadd.php
* to fully appreciate what I mean).
*
* @author Tony Bibbs <*****@*****.**>
* @access public
* @param int $projectTaskId The project task the user is reporting time to
* @param int $week The week the time being reported was done
* @param int $daysAdjust Represents the offset to add to the given week to specify the day
* @param int $timeCode The type of work that was done (general categorization)
* @param float $hours The actual time spent
* @return int This will be the Artificat ID otherwise it will be false if an error occurred
* @todo I'm quite concerned that none of the form data is being sanitized for things like
* unwanted HTML, JavaSript and SQL Injection. Might be worth adding that sort of filtering
* as provided by the KSES Filter (search Google).
* @todo The check that looks to see if this method works is not language independent.
* someone that better understands how that all works will want to remove the hardcoded
* 'successfully added'.
*
*/
function create($projectTaskId, $week, $daysAdjust, $timeCode, $hours)
{
$report_date = $week + $days_adjust * REPORT_DAY_SPAN + 12 * 60 * 60;
$res = db_query("INSERT INTO rep_time_tracking (user_id,week,report_date,project_task_id,time_code,hours)\n VALUES ('" . user_getid() . "','{$week}','{$report_date}','{$projectTaskId}','{$timeCode}','{$hours}')");
//$res=db_query("INSERT INTO rep_time_tracking (user_id,week,report_date,project_task_id,time_code,hours)
// VALUES (103,'$week','$report_date','$projectTaskId','$timeCode','$hours')");
//print_r($res); exit;
if (!$res) {
exit_error('Error', db_error());
} else {
$feedback .= _('Successfully Added');
}
return db_affected_rows($res);
}
function snippet_data_can_modify_snippet_package($snippet_package_id)
{
if (user_is_super_user()) {
return true;
} else {
$sql = "SELECT submitted_by FROM snippet_package_version WHERE snippet_package_id='{$snippet_package_id}'";
$result = db_query($sql);
while ($resrow = db_fetch_array($result)) {
if ($resrow['submitted_by'] == user_getid()) {
return true;
break;
}
}
}
return false;
}
function register_valid()
{
global $Language;
$request =& HTTPRequest::instance();
if (!$request->isPost() || !$request->exist('Update')) {
return 0;
}
if (!$request->existAndNonEmpty('form_realname')) {
$GLOBALS['Response']->addFeedback('error', $Language->getText('account_change_realname', 'error'));
return 0;
}
// if we got this far, it must be good
$sql = "UPDATE user SET realname='" . db_es($request->get('form_realname')) . "' WHERE user_id=" . user_getid();
db_query($sql);
return 1;
}
function &getArtifactQueries()
{
if (!is_null($this->ArtifactQueries)) {
return $this->ArtifactQueries;
}
$this->ArtifactQueries = array();
$res = db_query("SELECT * FROM artifact_query WHERE user_id='" . user_getid() . "' " . "AND group_artifact_id='" . $this->ArtifactType->getID() . "'");
if (!$res) {
$this->setError("ArtifactQueryFactory:: Database error");
}
while ($data = db_fetch_array($res)) {
$artifactQuery = new ArtifactQuery($this->ArtifactType, $data["artifact_query_id"]);
$this->ArtifactQueries[] = $artifactQuery;
}
return $this->ArtifactQueries;
}
public function __construct($label, $name, $value, $with_none = false, $onchange = "", $desc = "")
{
parent::__construct($label, $name, $value, $with_none, $onchange, $desc);
require_once 'common/tracker/ArtifactFieldFactory.class.php';
require_once 'common/tracker/ArtifactType.class.php';
$at = new ArtifactType($GLOBALS['ath']->Group, $GLOBALS['ath']->getID(), false);
$aff = new ArtifactFieldFactory($at);
foreach ($aff->getAllUsedFields() as $field) {
if ($field->userCanRead($GLOBALS['group_id'], $GLOBALS['ath']->getID(), user_getid())) {
if ($field->isdateField()) {
$selected = $this->value == $field->getName();
$this->addOption(new HTML_Element_Option($field->getLabel(), $field->getName(), $selected));
}
}
}
}
/**
* return a resultset of Group for the current user
*
* @return resultset
*/
function getMemberGroups()
{
global $Language;
if (!user_isloggedin()) {
$this->setError($Language->getText('include_exit', 'perm_denied'));
return false;
}
$sql = "SELECT g.group_id,g.group_name " . "FROM groups g, user_group ug " . "WHERE g.group_id <> 100 AND g.status = 'A' AND g.group_id = ug.group_id " . "AND ug.user_id=" . user_getid() . " " . "ORDER BY g.group_name ASC";
//echo $sql;
$result = db_query($sql);
$rows = db_numrows($result);
if (!$result || $rows < 1) {
$this->setError($Language->getText('include_common_groupfactory', 'none_found', db_error()));
return false;
}
return $result;
}
/**
* build burnup chart properties
*
* @param Burnup_Engine $engine object
*/
function buildProperties($engine)
{
parent::buildProperties($engine);
$data = array();
$remaining = array();
$engine->legend = null;
$result = array();
$ff = Tracker_FormElementFactory::instance();
$remaining_f = $ff->getFormElementById($this->chart->getRemainingField());
$done_f = $ff->getFormElementById($this->chart->getDoneField());
$ids = array_map(create_function('$a', 'return $a["id"];'), $this->artifacts);
if ($remaining_f && $remaining_f->userCanRead(user_getid()) && $done_f && $done_f->userCanRead(user_getid())) {
$sql = "SELECT c.artifact_id AS id, \n TO_DAYS(FROM_UNIXTIME(submitted_on)) - TO_DAYS(FROM_UNIXTIME(0)) as day, \n f.value as remaining,\n done_f.value as done\n FROM tracker_changeset AS c \n INNER JOIN tracker_changeset_value AS v ON(v.changeset_id = c.id)\n INNER JOIN tracker_field_int_value AS f ON(f.field_id = v.field_id and v.value_id = f.id)\n INNER JOIN tracker_changeset_value AS done_v ON(done_v.changeset_id = c.id)\n INNER JOIN tracker_field_int_value AS done_f ON(done_f.field_id = done_v.field_id and done_v.value_id = done_f.id)\n WHERE c.artifact_id IN (" . implode(',', $ids) . ")\n AND v.field_id = {$remaining_f->id}\n AND done_v.field_id = {$done_f->id}";
//syntax($sql, 'sql');
$res = db_query($sql);
$data = $this->extractDataFromResult($res, $ids, 'done');
$remaining = $this->extractDataFromResult($res, $ids, 'remaining');
}
$engine->data = $data;
$engine->remaining = $remaining;
return $data;
}
function people_add_to_skill_inventory($skill_id, $skill_level_id, $skill_year_id)
{
global $feedback, $Language;
if (user_isloggedin()) {
//check if they've already added this skill
$sql = "SELECT * FROM people_skill_inventory WHERE user_id='" . user_getid() . "' AND skill_id='{$skill_id}'";
$result = db_query($sql);
if (!$result || db_numrows($result) < 1) {
//skill not already in inventory
$sql = "INSERT INTO people_skill_inventory (user_id,skill_id,skill_level_id,skill_year_id) " . "VALUES ('" . user_getid() . "','{$skill_id}','{$skill_level_id}','{$skill_year_id}')";
$result = db_query($sql);
if (!$result || db_affected_rows($result) < 1) {
$feedback .= ' ' . $Language->getText('people_utils', 'error_inserting') . ' ';
echo db_error();
} else {
$feedback .= ' ' . $Language->getText('people_utils', 'added_skill') . ' ';
}
} else {
$feedback .= ' ' . $Language->getText('people_utils', 'error_skill_already') . ' ';
}
} else {
echo '<H1>' . $Language->getText('people_utils', 'must_be_loggin') . '</H1>';
}
}
/**
* Extract References from a given text and insert extracted refs into the database
*
* @param String $html Text to parse
* @param Integer $source_id Id of the item where the text was added
* @param String $source_type Nature of the source
* @param Integer $source_gid Project Id of the project the source item belongs to
* @param Integer $user_id User who owns the text to parse
* @param String $source_key Keyword to use for the reference (if different from the one associated to the nature)
*
* @retrun Boolean True if no error
*/
function extractCrossRef($html, $source_id, $source_type, $source_gid, $user_id = 0, $source_key = null)
{
if ($source_key == null) {
$available_natures = $this->getAvailableNatures();
if ($source_type == self::REFERENCE_NATURE_ARTIFACT) {
$source_key = $this->getArtifactKeyword($source_id, $source_gid);
if (!$source_key) {
$source_key = $available_natures[$source_type]['keyword'];
}
} else {
$source_key = $available_natures[$source_type]['keyword'];
}
}
$matches = $this->_extractAllMatches($html);
foreach ($matches as $match) {
// Analyse match
$key = strtolower($match[1]);
if ($match[2]) {
// A target project name or ID was specified
// remove trailing colon
$target_project = substr($match[2], 0, strlen($match[2]) - 1);
// id or name?
if (is_numeric($target_project)) {
$ref_gid = $target_project;
} else {
// project name instead...
$this->_initGroupHash();
if (isset($this->groupIdByName[$target_project])) {
$ref_gid = $this->groupIdByName[$target_project];
} else {
if (isset($this->groupIdByNameLower[$target_project])) {
$ref_gid = $this->groupIdByNameLower[$target_project];
} else {
return null;
}
}
}
} else {
if ($this->tmpGroupIdForCallbackFunction) {
$ref_gid = $this->tmpGroupIdForCallbackFunction;
} else {
if (array_key_exists('group_id', $GLOBALS)) {
$ref_gid = $GLOBALS['group_id'];
// might not be set
} else {
$ref_gid = '';
}
}
}
$value = $match[3];
if ($ref_gid == "") {
$ref_gid = 100;
}
// use system references only
$num_args = substr_count($value, '/') + 1;
// Count number of arguments in detected reference
$ref = $this->_getReferenceFromKeywordAndNumArgs($key, $ref_gid, $num_args);
if ($ref) {
//Cross reference
$sqlkey = 'SELECT link, nature from reference r,reference_group rg where keyword="' . $match[1] . '" AND r.id = rg.reference_id AND rg.group_id=' . $source_gid;
$reskey = db_query($sqlkey);
if ($reskey && db_numrows($reskey) > 0) {
$key_array = db_fetch_array($reskey);
$target_type = $key_array['nature'];
$target_id = $match[3];
$target_key = $match[1];
// keyword
$target_gid = $ref_gid;
if ($user_id == 0) {
$user_id = user_getid();
}
$cross_ref = new CrossReference($source_id, $source_gid, $source_type, $source_key, $target_id, $target_gid, $target_type, $target_key, $user_id);
if (!$cross_ref->existInDb()) {
$cross_ref->createDbCrossRef();
}
}
}
}
return true;
}
/**
* create - create a new item in the database.
*
* @para string Filename of the item.
* @param string Item filetype.
* @param string Item filesize.
* @param binary Binary item data.
* @param string Item description.
* @return id on success / false on failure.
*/
function create($filename, $filetype, $filesize, $bin_data, $description = false, &$changes)
{
global $Language;
if (!$description) {
$description = $Language->getText('global', 'none');
}
$old_value = $this->Artifact->getAttachedFileNames();
// Some browsers don't supply mime type if they don't know it
if (!$filetype) {
// Let's be on safe side?
$filetype = 'application/octet-stream';
}
//
// data validation
//
if (!$filename || !$filetype || !$filesize || !$bin_data) {
$GLOBALS['Response']->addFeedback('error', '<P>|' . $filename . '|' . $filetype . '|' . $filesize . '|' . $bin_data . '|');
$this->setError('ArtifactFile: ' . $Language->getText('tracker_common_file', 'name_requ'));
return false;
}
if (user_isloggedin()) {
$userid = user_getid();
} else {
$userid = 100;
}
$res = db_query("INSERT INTO artifact_file\n\t\t\t(artifact_id,description,bin_data,filename,filesize,filetype,adddate,submitted_by)\n\t\t\tVALUES \n\t\t\t('" . db_ei($this->Artifact->getID()) . "','" . db_es($description) . "','" . db_es($bin_data) . "','" . db_es($filename) . "',\n\t\t\t'" . db_ei($filesize) . "','" . db_es($filetype) . "','" . time() . "','" . db_ei($userid) . "')");
$id = db_insertid($res, 'artifact_file', 'id');
if (!$res || !$id) {
$this->setError('ArtifactFile: ' . db_error());
return false;
} else {
$this->clearError();
$changes['attach']['description'] = $description;
$changes['attach']['name'] = $filename;
$changes['attach']['size'] = $filesize;
if ($old_value == '') {
$new_value = $filename;
} else {
$new_value = $old_value . "," . $filename;
}
$this->Artifact->addHistory('attachment', $old_value, $new_value);
$changes['attach']['href'] = get_server_url() . "/tracker/download.php?artifact_id=" . $this->Artifact->getID() . "&id={$id}";
return $id;
}
}
// Copyright 1999-2000 (c) The SourceForge Crew
// http://sourceforge.net
//
// $Id: editjob.php,v 1.2 2003/11/13 11:29:25 helix Exp $
require 'pre.php';
require '../people/people_utils.php';
if ($group_id && user_ismember($group_id, 'A')) {
if ($add_job) {
/*
create a new job
*/
if (!$title || !$description || $category_id == 100) {
//required info
exit_error('error - missing info', 'Fill in all required fields');
}
$sql = "INSERT INTO people_job (group_id,created_by,title,description,date,status_id,category_id) " . "VALUES ('{$group_id}','" . user_getid() . "','{$title}','{$description}','" . time() . "','1','{$category_id}')";
$result = db_query($sql);
if (!$result || db_affected_rows($result) < 1) {
$feedback .= ' JOB insert FAILED ';
echo db_error();
} else {
$job_id = db_insertid($result, 'people_job', 'job_id');
$feedback .= ' JOB inserted successfully ';
}
} else {
if ($update_job) {
/*
update the job's description, status, etc
*/
if (!$title || !$description || $category_id == 100 || $status_id == 100 || !$job_id) {
//required info
/**
* create - use this function to create a new entry in the database.
*
* @param string The filename of this document. Can be a URL.
* @param string The filetype of this document. If filename is URL, this should be 'URL';
* @param string The contents of this document (should be addslashes()'d before entry).
* @param int The doc_group id of the doc_groups table.
* @param string The title of this document.
* @param int The language id of the supported_languages table.
* @param string The description of this document.
* @return boolean success.
*/
function create($filename, $filetype, $data, $doc_group, $title, $language_id, $description)
{
if (strlen($title) < 5) {
$this->setError(_('Title Must Be At Least 5 Characters'));
return false;
}
if (strlen($description) < 10) {
$this->setError(_('Document Description Must Be At Least 10 Characters'));
return false;
}
/*
$perm =& $this->Group->getPermission( session_get_user() );
if (!$perm || !is_object($perm) || !$perm->isDocEditor()) {
$this->setPermissionDeniedError();
return false;
}
*/
$user_id = session_loggedin() ? user_getid() : 100;
$doc_initstatus = '3';
// If Editor - uploaded Documents are ACTIVE
if (session_loggedin()) {
$perm =& $this->Group->getPermission(session_get_user());
if ($perm && is_object($perm) && $perm->isDocEditor()) {
$doc_initstatus = '1';
}
}
// If $filetype is "text/plain", $body convert UTF-8 encoding.
if (strcasecmp($filetype, "text/plain") === 0 && function_exists('mb_convert_encoding') && function_exists('mb_detect_encoding')) {
$data = mb_convert_encoding($data, 'UTF-8', mb_detect_encoding($data));
}
$data1 = $data;
// key words for in-document search
$kw = new Parsedata($this->engine_path);
$kwords = $kw->get_parse_data(stripslashes($data1), htmlspecialchars($title1), htmlspecialchars($description), $filetype);
// $kwords = "";
$filesize = strlen($data);
$sql = "INSERT INTO doc_data (group_id,title,description,createdate,doc_group,\n\t\t\tstateid,language_id,filename,filetype,filesize,data,data_words,created_by)\n\t\t\tVALUES ('" . $this->Group->getId() . "',\n\t\t\t'" . htmlspecialchars($title) . "',\n\t\t\t'" . htmlspecialchars($description) . "',\n\t\t\t'" . time() . "',\n\t\t\t'{$doc_group}',\n\t\t\t'{$doc_initstatus}',\n\t\t\t'{$language_id}',\n\t\t\t'{$filename}',\n\t\t\t'{$filetype}',\n\t\t\t'{$filesize}',\n\t\t\t'" . base64_encode(stripslashes($data)) . "',\n\t\t\t'{$kwords}',\n\t\t\t'{$user_id}')";
db_begin();
$result = db_query($sql);
if (!$result) {
$this->setError('Error Adding Document: ' . db_error());
db_rollback();
return false;
}
$docid = db_insertid($result, 'doc_data', 'docid');
if (!$this->fetchData($docid)) {
db_rollback();
return false;
}
$this->sendNotice(true);
db_commit();
return true;
}
$name = db_scrub($_POST["name"]);
$description = db_scrub($_POST["description"]);
$submit = db_scrub($_POST["submit"]);
$ok = false;
if ($submit && !$just_logged_in) {
if ($name == "" or $description == "") {
$feedback = "Please name your policy, and give a definition.";
} else {
$db = new DB();
$ret = $db->query_errcheck("insert into pw_dyn_dreammp (name, user_id, description, private) values\n ('{$name}', '" . user_getid() . "', '{$description}', 2)");
if ($ret) {
$new_dreamid = mysql_insert_id();
$ok = true;
$feedback = "Successfully made new policy <a href=\"/policy.php?id={$new_dreamid}\">" . html_scrub($name) . "</a>. To \n select votes for your new policy, <a href=\"../search.php\">search</a> or\n <a href=\"../divisions.php\">browse</a> for divisions. On the page for\n each division you can choose how somebody supporting your policy would have voted.";
if (user_getid()) {
$db->query("update pw_dyn_user set active_policy_id = {$new_dreamid} where user_id = " . user_getid());
}
audit_log("Added new policy '" . $name . "'");
dream_post_forum_action($db, $new_dreamid, "Created brand new policy.\n\n[b]New Policy:[/b] [url=http://www.publicwhip.org.uk/policy.php?id=" . $new_dreamid . "]" . stripslashes($name) . "[/url]\n[b]Definition:[/b] " . stripslashes($description));
} else {
$feedback = "Failed to add new policy. " . mysql_error();
}
}
}
$title = "Make a new policy";
pw_header();
if ($feedback && !$just_logged_in) {
if ($ok) {
echo "<p>{$feedback}</p>";
} else {
echo "<div class=\"error\"><h2>Creating a new policy not complete, please try again\n </h2><p>{$feedback}</div>";
function bookmark_delete($bookmark_id)
{
db_query("DELETE from user_bookmarks WHERE bookmark_id='" . db_es($bookmark_id) . "' " . "and user_id='" . user_getid() . "'");
}
require_once 'include/ArtifactRulesManagerHtml.class.php';
// Check if this tracker is valid (not deleted)
if (!$ath->isValid()) {
exit_error($Language->getText('global', 'error'), $Language->getText('tracker_add', 'invalid'));
}
// Create factories
$art_field_fact = new ArtifactFieldFactory($ath);
// Printer version ?
if (!$request->exist('pv')) {
$pv = false;
$ro = false;
} else {
$pv = $request->get('pv');
if ($pv) {
$ro = true;
}
}
$GLOBALS['HTML']->includeFooterJavascriptFile('/scripts/tiny_mce/tiny_mce.js');
$GLOBALS['HTML']->addFeed($group->getPublicName() . ' ' . $ath->getName() . ' #' . $ah->getId() . ' - ' . html_entity_decode($ah->getValue('summary'), ENT_QUOTES) . ' - ' . $Language->getText('tracker_include_artifact', 'follow_ups'), '/tracker/?func=rss&aid=' . $ah->getId() . '&atid=' . $ath->getID() . '&group_id=' . $group->getGroupId());
$params = array('title' => $group->getPublicName() . ' ' . $ath->getName() . ' #' . $ah->getID() . ' - \'' . $ah->getSummary() . '\'', 'pagename' => 'tracker', 'atid' => $ath->getID(), 'sectionvals' => array($group->getPublicName()), 'pv' => $pv, 'help' => 'ArtifactUpdate.html');
$ath->header($params);
// artifact object (and field values) initialized in script above (index.php)
$ah->display($ro, $pv, user_getid());
echo '<script type="text/javascript">' . "\n";
$armh = new ArtifactRulesManagerHtml($ath);
$armh->displayRulesAsJavascript();
echo "Event.observe(window, 'load', function() {\n if (\$('tracker_details')) {\n new com.xerox.codendi.FieldEditor('tracker_details', {\n edit: '" . addslashes($Language->getText('tracker_fieldeditor', 'edit')) . "',\n preview: '" . addslashes($Language->getText('tracker_fieldeditor', 'preview')) . "',\n warning: '" . addslashes($Language->getText('tracker_fieldeditor', 'warning')) . "',\n group_id:" . (int) $ath->getGroupId() . "\n });\n }\n \n new Codendi_RTE_Light_Tracker_FollowUp('tracker_artifact_comment');\n});";
echo "new UserAutoCompleter('tracker_cc',\n '" . util_get_dir_image_theme() . "',\n true);\n";
echo "</script>";
// Display footer page
$ath->footer($params);
