Ejemplo n.º 1
0
 /**
  * Method used to update the values stored in the database. 
  * Typically the user would modify the title of the category in 
  * the application and this method would be called.
  *
  * @access  public
  * @return  integer 1 if the update worked properly, any other value otherwise
  */
 function updateCategory()
 {
     global $HTTP_POST_VARS;
     if (Validation::isWhitespace($HTTP_POST_VARS["title"])) {
         return -2;
     }
     $stmt = "UPDATE\n                    " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "project_phone_category\n                 SET\n                    phc_title='" . Misc::escapeString($HTTP_POST_VARS["title"]) . "'\n                 WHERE\n                    phc_prj_id=" . Misc::escapeInteger($HTTP_POST_VARS["prj_id"]) . " AND\n                    phc_id=" . Misc::escapeInteger($HTTP_POST_VARS["id"]);
     $res = $GLOBALS["db_api"]->dbh->query($stmt);
     if (PEAR::isError($res)) {
         Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
         return -1;
     } else {
         return 1;
     }
 }
Ejemplo n.º 2
0
 /**
  * Method used to update the values stored in the database.
  * Typically the user would modify the title of the category in
  * the application and this method would be called.
  *
  * @return  integer 1 if the update worked properly, any other value otherwise
  */
 public static function updateCategory()
 {
     if (Validation::isWhitespace($_POST['title'])) {
         return -2;
     }
     $stmt = 'UPDATE
                 {{%project_phone_category}}
              SET
                 phc_title=?
              WHERE
                 phc_prj_id=? AND
                 phc_id=?';
     try {
         DB_Helper::getInstance()->query($stmt, array($_POST['title'], $_POST['prj_id'], $_POST['id']));
     } catch (DbException $e) {
         return -1;
     }
     return 1;
 }
Ejemplo n.º 3
0
 /**
  * Method used to add a new category to the application.
  *
  * @access  public
  * @return  integer 1 if the update worked properly, any other value otherwise
  */
 function insert()
 {
     global $HTTP_POST_VARS;
     if (Validation::isWhitespace($HTTP_POST_VARS["title"])) {
         return -2;
     }
     $stmt = "INSERT INTO\n                    " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "project_category\n                 (\n                    prc_prj_id,\n                    prc_title\n                 ) VALUES (\n                    " . Misc::escapeInteger($HTTP_POST_VARS["prj_id"]) . ",\n                    '" . Misc::escapeString($HTTP_POST_VARS["title"]) . "'\n                 )";
     $res = $GLOBALS["db_api"]->dbh->query($stmt);
     if (PEAR::isError($res)) {
         Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
         return -1;
     } else {
         return 1;
     }
 }
Ejemplo n.º 4
0
// | along with this program; if not, write to:                           |
// |                                                                      |
// | Free Software Foundation, Inc.                                       |
// | 51 Franklin Street, Suite 330                                        |
// | Boston, MA 02110-1301, USA.                                          |
// +----------------------------------------------------------------------+
// | Authors: João Prado Maia <*****@*****.**>                             |
// | Authors: Elan Ruusamäe <*****@*****.**>                               |
// +----------------------------------------------------------------------+
require_once dirname(__FILE__) . '/../init.php';
$login = isset($_POST['email']) ? (string) $_POST['email'] : null;
if (Validation::isWhitespace($login)) {
    Auth::redirect('index.php?err=1');
}
$passwd = isset($_POST['passwd']) ? (string) $_POST['passwd'] : null;
if (Validation::isWhitespace($passwd)) {
    Auth::saveLoginAttempt($login, 'failure', 'empty password');
    Auth::redirect('index.php?err=2&email=' . rawurlencode($login));
}
// check if user exists
if (!Auth::userExists($login)) {
    Auth::saveLoginAttempt($login, 'failure', 'unknown user');
    Auth::redirect('index.php?err=3');
}
// check if user is locked
if (Auth::isUserBackOffLocked(Auth::getUserIDByLogin($login))) {
    Auth::saveLoginAttempt($login, 'failure', 'account back-off locked');
    Auth::redirect('index.php?err=13');
}
// check if the password matches
if (!Auth::isCorrectPassword($login, $passwd)) {
Ejemplo n.º 5
0
 /**
  * Method used to update the details of a given custom status.
  *
  * @access  public
  * @return  integer 1 if the update worked properly, any other value otherwise
  */
 function update()
 {
     global $HTTP_POST_VARS;
     if (Validation::isWhitespace($HTTP_POST_VARS["title"])) {
         return -2;
     }
     $stmt = "UPDATE\n                    " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "status\n                 SET\n                    sta_title='" . Misc::escapeString($HTTP_POST_VARS["title"]) . "',\n                    sta_abbreviation='" . Misc::escapeString($HTTP_POST_VARS["abbreviation"]) . "',\n                    sta_rank=" . Misc::escapeInteger($HTTP_POST_VARS['rank']) . ",\n                    sta_color='" . Misc::escapeString($HTTP_POST_VARS["color"]) . "',\n                    sta_is_closed=" . Misc::escapeInteger($HTTP_POST_VARS['is_closed']) . "\n                 WHERE\n                    sta_id=" . Misc::escapeInteger($HTTP_POST_VARS["id"]);
     $res = $GLOBALS["db_api"]->dbh->query($stmt);
     if (PEAR::isError($res)) {
         Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
         return -1;
     } else {
         $projects = Status::getAssociatedProjects($HTTP_POST_VARS['id']);
         $current_projects = array_keys($projects);
         // remove all of the associations with projects, then add them all again
         Status::removeProjectAssociations($HTTP_POST_VARS['id']);
         foreach ($HTTP_POST_VARS['projects'] as $prj_id) {
             Status::addProjectAssociation($HTTP_POST_VARS['id'], $prj_id);
         }
         // need to update all issues that are not supposed to have the changed sta_id to '0'
         $removed_projects = array();
         foreach ($current_projects as $project_id) {
             if (!in_array($project_id, $HTTP_POST_VARS['projects'])) {
                 $removed_projects[] = $project_id;
             }
         }
         if (count($removed_projects) > 0) {
             $stmt = "UPDATE\n                            " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "issue\n                         SET\n                            iss_sta_id=0\n                         WHERE\n                            iss_sta_id=" . Misc::escapeInteger($HTTP_POST_VARS['id']) . " AND\n                            iss_prj_id IN (" . implode(', ', $removed_projects) . ")";
             $res = $GLOBALS["db_api"]->dbh->query($stmt);
             if (PEAR::isError($res)) {
                 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
             }
         }
         return 1;
     }
 }
Ejemplo n.º 6
0
 /**
  * Method used to update a news entry in the system.
  *
  * @return  integer 1 if the update worked, -1 otherwise
  */
 public static function update()
 {
     if (Validation::isWhitespace($_POST['title'])) {
         return -2;
     }
     if (Validation::isWhitespace($_POST['message'])) {
         return -3;
     }
     $stmt = 'UPDATE
                 {{%news}}
              SET
                 nws_title=?,
                 nws_message=?,
                 nws_status=?
              WHERE
                 nws_id=?';
     $params = array($_POST['title'], $_POST['message'], $_POST['status'], $_POST['id']);
     try {
         DB_Helper::getInstance()->query($stmt, $params);
     } catch (DbException $e) {
         return -1;
     }
     // remove all of the associations with projects, then add them all again
     self::removeProjectAssociations($_POST['id']);
     foreach ($_POST['projects'] as $prj_id) {
         self::addProjectAssociation($_POST['id'], $prj_id);
     }
     return 1;
 }
Ejemplo n.º 7
0
 /**
  * Insert note to system, send out notification and log.
  *
  * @param int $usr_id The user ID
  * @param int $issue_id The issue ID
  * @param string $title Title of the note
  * @param string $note Note contents
  * @param array $options extra optional options:
  * - (array) cc: extra recipients to notify (usr_id list)
  * - (bool) add_extra_recipients: whether to add recipients in 'cc' to notification list
  * - (bool) closing: If The issue is being closed. Default false
  * - (bool) is_blocked: FIXME
  * - (bool) log: If adding this note should be logged. Default true
  * - (bool) send_notification: Whether to send a notification about this note or not. Default true
  * - (int) parent_id: FIXME
  * - (string) full_message: FIXME
  * - (string) message_id: FIXME
  * - (string) unknown_user: The email address of a user that sent the blocked email that was turned into this note
  * @return int the new note id if the insert worked, -1 or -2 otherwise
  */
 public static function insertNote($usr_id, $issue_id, $title, $note, $options = array())
 {
     if (Validation::isWhitespace($note)) {
         return -2;
     }
     $options = array_merge(array('unknown_user' => null, 'log' => true, 'closing' => false, 'send_notification' => true, 'is_blocked' => false, 'message_id' => null, 'cc' => null, 'full_message' => null, 'parent_id' => null), $options);
     $prj_id = Issue::getProjectID($issue_id);
     // NOTE: workflow may modify the parameters as $data is passed as reference
     $data = array('title' => &$title, 'note' => &$note, 'options' => $options);
     $workflow = Workflow::preNoteInsert($prj_id, $issue_id, $data);
     if ($workflow !== null) {
         // cancel insert of note
         return $workflow;
     }
     // add the poster to the list of people to be subscribed to the notification list
     // only if there is no 'unknown user' and the note is not blocked
     if (!$options['unknown_user'] && !$options['is_blocked']) {
         $note_cc = $options['add_extra_recipients'] ? $options['cc'] : array();
         // always add the current user to the note_cc list
         $note_cc[] = $usr_id;
         $actions = Notification::getDefaultActions($issue_id, User::getEmail($usr_id), 'note');
         foreach ($note_cc as $subscriber_usr_id) {
             Notification::subscribeUser($usr_id, $issue_id, $subscriber_usr_id, $actions);
         }
     }
     $params = array('not_iss_id' => $issue_id, 'not_usr_id' => $usr_id, 'not_created_date' => Date_Helper::getCurrentDateGMT(), 'not_note' => $note, 'not_title' => $title, 'not_message_id' => $options['message_id'] ?: Mail_Helper::generateMessageID());
     if ($options['full_message']) {
         $params['not_full_message'] = $options['full_message'];
     }
     if ($options['is_blocked']) {
         $params['not_is_blocked'] = '1';
     }
     if ($options['parent_id']) {
         $params['not_parent_id'] = $options['parent_id'];
     }
     if ($options['unknown_user']) {
         $params['not_unknown_user'] = $options['unknown_user'];
     }
     $stmt = 'INSERT INTO
                 {{%note}}
              SET ' . DB_Helper::buildSet($params);
     try {
         DB_Helper::getInstance()->query($stmt, $params);
     } catch (DbException $e) {
         return -1;
     }
     $note_id = DB_Helper::get_last_insert_id();
     Issue::markAsUpdated($issue_id, 'note');
     if ($options['log']) {
         // need to save a history entry for this
         History::add($issue_id, $usr_id, 'note_added', 'Note added by {subject}', array('subject' => User::getFullName($usr_id)));
     }
     // send notifications for the issue being updated
     if ($options['send_notification']) {
         $internal_only = true;
         Notification::notify($issue_id, 'notes', $note_id, $internal_only, $options['cc']);
         Workflow::handleNewNote($prj_id, $issue_id, $usr_id, $options['closing'], $note_id);
     }
     // need to return the new note id here so it can
     // be re-used to associate internal-only attachments
     return $note_id;
 }
Ejemplo n.º 8
0
 /**
  * Method used to add a new category to the application.
  *
  * @return  integer 1 if the update worked properly, any other value otherwise
  */
 public static function insert()
 {
     if (Validation::isWhitespace($_POST['title'])) {
         return -2;
     }
     $stmt = 'INSERT INTO
                 {{%project_category}}
              (
                 prc_prj_id,
                 prc_title
              ) VALUES (
                 ?, ?
              )';
     try {
         DB_Helper::getInstance()->query($stmt, array($_POST['prj_id'], $_POST['title']));
     } catch (DbException $e) {
         return -1;
     }
     return 1;
 }
 /**
  * Adds the specified email address to the list of authorized users.
  *
  * @param   integer $issue_id The id of the issue.
  * @param   string $email The email of the user.
  * @param   boolean $add_history If this should be logged.
  * @return int
  */
 public static function manualInsert($issue_id, $email, $add_history = true)
 {
     if (Validation::isWhitespace($email)) {
         return -1;
     }
     if (self::isAuthorizedReplier($issue_id, $email)) {
         return -1;
     }
     $email = strtolower(Mail_Helper::getEmailAddress($email));
     $workflow = Workflow::handleAuthorizedReplierAdded(Issue::getProjectID($issue_id), $issue_id, $email);
     if ($workflow === false) {
         // cancel subscribing the user
         return -1;
     }
     // first check if this is an actual user or just an email address
     $usr_id = User::getUserIDByEmail($email, true);
     if (!empty($usr_id)) {
         return self::addUser($issue_id, $usr_id, $add_history);
     }
     $stmt = 'INSERT INTO
                 {{%issue_user_replier}}
              (
                 iur_iss_id,
                 iur_usr_id,
                 iur_email
              ) VALUES (
                 ?, ?, ?
              )';
     try {
         DB_Helper::getInstance()->query($stmt, array($issue_id, APP_SYSTEM_USER_ID, $email));
     } catch (DbException $e) {
         return -1;
     }
     if ($add_history) {
         // add the change to the history of the issue
         $usr_id = Auth::getUserID();
         History::add($issue_id, $usr_id, 'replier_other_added', '{email} added to the authorized repliers list by {user}', array('email' => $email, 'user' => User::getFullName($usr_id)));
     }
     return 1;
 }
Ejemplo n.º 10
0
            //Auth::updateAccess($_SESSION['gw_user_en_ID'], 3, 2);
            break;
        case 'admin':
            Auth::updateAccess($_SESSION['gw_user_en_ID'], 2, 6);
            Auth::updateAccess($_SESSION['gw_user_en_ID'], 3, 6);
            Auth::updateAccess($_SESSION['gw_user_en_ID'], 4, 6);
            Auth::updateAccess($_SESSION['gw_user_en_ID'], 5, 6);
            Auth::updateAccess($_SESSION['gw_user_en_ID'], 6, 6);
            break;
    }
}
// END ETEL MODIFIED
if (Validation::isWhitespace($HTTP_POST_VARS["email"])) {
    Auth::redirect(APP_RELATIVE_URL . "index.php?err=1");
}
if (Validation::isWhitespace($HTTP_POST_VARS["passwd"])) {
    Auth::saveLoginAttempt($HTTP_POST_VARS["email"], 'failure', 'empty password');
    Auth::redirect(APP_RELATIVE_URL . "index.php?err=2&email=" . $HTTP_POST_VARS["email"]);
}
// check if user exists
if (!Auth::userExists($HTTP_POST_VARS["email"])) {
    Auth::saveLoginAttempt($HTTP_POST_VARS["email"], 'failure', 'unknown user');
    Auth::redirect(APP_RELATIVE_URL . "index.php?err=3");
}
// check if the password matches
if (!Auth::isCorrectPassword($HTTP_POST_VARS["email"], $HTTP_POST_VARS["passwd"])) {
    Auth::saveLoginAttempt($HTTP_POST_VARS["email"], 'failure', 'wrong password');
    Auth::redirect(APP_RELATIVE_URL . "index.php?err=3&email=" . $HTTP_POST_VARS["email"]);
}
// check if this user did already confirm his account
if (Auth::isPendingUser($HTTP_POST_VARS["email"])) {
Ejemplo n.º 11
0
 /**
  * Method used to add a note using the user interface form
  * available in the application.
  *
  * @param   integer $usr_id The user ID
  * @param   integer $issue_id The issue ID
  * @param   string  $unknown_user The email address of a user that sent the blocked email that was turned into this note. Default is false.
  * @param   boolean $log If adding this note should be logged. Default true.
  * @param   boolean $closing If The issue is being closed. Default false
  * @param   boolean $send_notification Whether to send a notification about this note or not
  * @access  public
  * @return  integer the new note id if the insert worked, -1 or -2 otherwise
  */
 function insert($usr_id, $issue_id, $unknown_user = FALSE, $log = true, $closing = false, $send_notification = true)
 {
     global $HTTP_POST_VARS;
     $issue_id = Misc::escapeInteger($issue_id);
     if (@$HTTP_POST_VARS['add_extra_recipients'] != 'yes') {
         $note_cc = array();
     } else {
         $note_cc = $HTTP_POST_VARS['note_cc'];
     }
     // add the poster to the list of people to be subscribed to the notification list
     // only if there is no 'unknown user'.
     $note_cc[] = $usr_id;
     if ($unknown_user == false) {
         for ($i = 0; $i < count($note_cc); $i++) {
             Notification::subscribeUser($usr_id, $issue_id, $note_cc[$i], Notification::getDefaultActions());
         }
     }
     if (Validation::isWhitespace($HTTP_POST_VARS["note"])) {
         return -2;
     }
     if (empty($HTTP_POST_VARS['message_id'])) {
         $HTTP_POST_VARS['message_id'] = Mail_API::generateMessageID();
     }
     $stmt = "INSERT INTO\n                    " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "note\n                 (\n                    not_iss_id,\n                    not_usr_id,\n                    not_created_date,\n                    not_note,\n                    not_title";
     if (!@empty($HTTP_POST_VARS['blocked_msg'])) {
         $stmt .= ", not_blocked_message";
     }
     $stmt .= ", not_message_id";
     if (!@empty($HTTP_POST_VARS['parent_id'])) {
         $stmt .= ", not_parent_id";
     }
     if ($unknown_user != false) {
         $stmt .= ", not_unknown_user";
     }
     $stmt .= "\n                 ) VALUES (\n                    {$issue_id},\n                    {$usr_id},\n                    '" . Date_API::getCurrentDateGMT() . "',\n                    '" . Misc::escapeString($HTTP_POST_VARS["note"]) . "',\n                    '" . Misc::escapeString($HTTP_POST_VARS["title"]) . "'";
     if (!@empty($HTTP_POST_VARS['blocked_msg'])) {
         $stmt .= ", '" . Misc::escapeString($HTTP_POST_VARS['blocked_msg']) . "'";
     }
     $stmt .= ", '" . Misc::escapeString($HTTP_POST_VARS['message_id']) . "'";
     if (!@empty($HTTP_POST_VARS['parent_id'])) {
         $stmt .= ", " . Misc::escapeInteger($HTTP_POST_VARS['parent_id']) . "";
     }
     if ($unknown_user != false) {
         $stmt .= ", '" . Misc::escapeString($unknown_user) . "'";
     }
     $stmt .= "\n                 )";
     $res = $GLOBALS["db_api"]->dbh->query($stmt);
     if (PEAR::isError($res)) {
         Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
         return -1;
     } else {
         $new_note_id = $GLOBALS["db_api"]->get_last_insert_id();
         Issue::markAsUpdated($issue_id, 'note');
         if ($log) {
             // need to save a history entry for this
             History::add($issue_id, $usr_id, History::getTypeID('note_added'), 'Note added by ' . User::getFullName($usr_id));
         }
         // send notifications for the issue being updated
         if ($send_notification) {
             $internal_only = true;
             if (@$HTTP_POST_VARS['add_extra_recipients'] != 'yes' && @count($HTTP_POST_VARS['note_cc']) > 0) {
                 Notification::notify($issue_id, 'notes', $new_note_id, $internal_only, $HTTP_POST_VARS['note_cc']);
             } else {
                 Notification::notify($issue_id, 'notes', $new_note_id, $internal_only);
             }
             Workflow::handleNewNote(Issue::getProjectID($issue_id), $issue_id, $usr_id, $closing);
         }
         // need to return the new note id here so it can
         // be re-used to associate internal-only attachments
         return $new_note_id;
     }
 }
Ejemplo n.º 12
0
 /**
  * Method used to update a canned email response in the system.
  *
  * @return  integer 1 if the update worked, -1 otherwise
  */
 public static function update()
 {
     if (Validation::isWhitespace($_POST['title'])) {
         return -2;
     }
     $stmt = 'UPDATE
                 {{%email_response}}
              SET
                 ere_title=?,
                 ere_response_body=?
              WHERE
                 ere_id=?';
     try {
         DB_Helper::getInstance()->query($stmt, array($_POST['title'], $_POST['response_body'], $_POST['id']));
     } catch (DbException $e) {
         return -1;
     }
     // remove all of the associations with projects, then add them all again
     self::removeProjectAssociations($_POST['id']);
     foreach ($_POST['projects'] as $prj_id) {
         self::addProjectAssociation($_POST['id'], $prj_id);
     }
     return 1;
 }
Ejemplo n.º 13
0
/**
 * Authorize request.
 * TODO: translations
 * TODO: ip based control
 */
function authorizeRequest()
{
    // try current auth cookie
    $usr_id = Auth::getUserID();
    if (!$usr_id) {
        // otherwise setup HTTP Auth headers
        $authData = getAuthData();
        if ($authData === null) {
            sendAuthenticateHeader();
            echo 'Error: You are required to authenticate in order to access the requested RSS feed.';
            exit;
        }
        list($authUser, $authPassword) = $authData;
        // check the authentication
        if (Validation::isWhitespace($authUser)) {
            sendAuthenticateHeader();
            echo 'Error: Please provide your email address.';
            exit;
        }
        if (Validation::isWhitespace($authPassword)) {
            sendAuthenticateHeader();
            echo 'Error: Please provide your password.';
            exit;
        }
        // check if user exists
        if (!Auth::userExists($authUser)) {
            sendAuthenticateHeader();
            echo 'Error: The user specified does not exist.';
            exit;
        }
        // check if the password matches
        if (!Auth::isCorrectPassword($authUser, $authPassword)) {
            sendAuthenticateHeader();
            echo 'Error: The provided email address/password combo is not correct.';
            exit;
        }
        // check if this user did already confirm his account
        if (Auth::isPendingUser($authUser)) {
            sendAuthenticateHeader();
            echo 'Error: The provided user still needs to have its account confirmed.';
            exit;
        }
        // check if this user is really an active one
        if (!Auth::isActiveUser($authUser)) {
            sendAuthenticateHeader();
            echo 'Error: The provided user is currently set as an inactive user.';
            exit;
        }
        $usr_id = User::getUserIDByEmail($authUser);
        Auth::createFakeCookie($usr_id);
    }
    // check if the required parameter 'custom_id' is really being passed
    if (empty($_GET['custom_id'])) {
        rssError("Error: The required 'custom_id' parameter was not provided.");
        exit;
    }
    // check if the passed 'custom_id' parameter is associated with the usr_id
    if (!Filter::isGlobal($_GET['custom_id']) && !Filter::isOwner($_GET['custom_id'], $usr_id)) {
        rssError('Error: The provided custom filter ID is not associated with the given email address.');
        exit;
    }
}
Ejemplo n.º 14
0
 /**
  * Method used to add a new time tracking category
  *
  * @access  public
  * @return  integer 1 if the update worked, -1 otherwise
  */
 function insert()
 {
     global $HTTP_POST_VARS;
     if (Validation::isWhitespace($HTTP_POST_VARS["title"])) {
         return -2;
     }
     $stmt = "INSERT INTO\n                    " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "time_tracking_category\n                 (\n                    ttc_title,\n                    ttc_created_date\n                 ) VALUES (\n                    '" . Misc::escapeString($HTTP_POST_VARS["title"]) . "',\n                    '" . Date_API::getCurrentDateGMT() . "'\n                 )";
     $res = $GLOBALS["db_api"]->dbh->query($stmt);
     if (PEAR::isError($res)) {
         Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
         return -1;
     } else {
         return 1;
     }
 }
Ejemplo n.º 15
0
        $HTTP_SERVER_VARS['PHP_AUTH_USER'] = $pieces[0];
        $HTTP_SERVER_VARS['PHP_AUTH_PW'] = $pieces[1];
    }
}
if (!isset($HTTP_SERVER_VARS['PHP_AUTH_USER'])) {
    authenticate();
    echo 'Error: You are required to authenticate in order to access the requested RSS feed.';
    exit;
} else {
    // check the authentication
    if (Validation::isWhitespace($HTTP_SERVER_VARS['PHP_AUTH_USER'])) {
        authenticate();
        echo 'Error: Please provide your email address.';
        exit;
    }
    if (Validation::isWhitespace($HTTP_SERVER_VARS['PHP_AUTH_PW'])) {
        authenticate();
        echo 'Error: Please provide your password.';
        exit;
    }
    // check if user exists
    if (!Auth::userExists($HTTP_SERVER_VARS['PHP_AUTH_USER'])) {
        authenticate();
        echo 'Error: The user specified does not exist.';
        exit;
    }
    // check if the password matches
    if (!Auth::isCorrectPassword($HTTP_SERVER_VARS['PHP_AUTH_USER'], $HTTP_SERVER_VARS['PHP_AUTH_PW'])) {
        authenticate();
        echo 'Error: The provided email address/password combo is not correct.';
        exit;
Ejemplo n.º 16
0
 /**
  * Method used to add a new severity to the application.
  *
  * @return  integer 1 if the update worked properly, any other value otherwise
  */
 public static function insert($prj_id, $title, $description, $rank)
 {
     if (Validation::isWhitespace($title)) {
         return -2;
     }
     $sql = 'INSERT INTO
                 {{%project_severity}}
              SET
                 sev_prj_id = ?,
                 sev_title=?,
                 sev_description=?,
                 sev_rank=?';
     try {
         DB_Helper::getInstance()->query($sql, array($prj_id, $title, $description, $rank));
     } catch (DbException $e) {
         return -1;
     }
     return 1;
 }
Ejemplo n.º 17
0
 /**
  * Method used to add a FAQ entry to the system.
  *
  * @return  integer 1 if the insert worked, -1 otherwise
  */
 public static function insert()
 {
     if (Validation::isWhitespace($_POST['title'])) {
         return -2;
     }
     if (Validation::isWhitespace($_POST['message'])) {
         return -3;
     }
     $stmt = 'INSERT INTO
                 {{%faq}}
              (
                 faq_prj_id,
                 faq_usr_id,
                 faq_created_date,
                 faq_title,
                 faq_message,
                 faq_rank
              ) VALUES (
                 ?, ?, ?, ?, ?, ?
              )';
     $params = array($_POST['project'], Auth::getUserID(), Date_Helper::getCurrentDateGMT(), $_POST['title'], $_POST['message'], $_POST['rank']);
     try {
         DB_Helper::getInstance()->query($stmt, $params);
     } catch (DbException $e) {
         return -1;
     }
     $new_faq_id = DB_Helper::get_last_insert_id();
     if (isset($_POST['support_levels']) && count($_POST['support_levels']) > 0) {
         // now populate the faq-support level mapping table
         foreach ($_POST['support_levels'] as $support_level_id) {
             self::addSupportLevelAssociation($new_faq_id, $support_level_id);
         }
     }
     return 1;
 }
Ejemplo n.º 18
0
 /**
  * Method used to update a canned email response in the system.
  *
  * @access  public
  * @return  integer 1 if the update worked, -1 otherwise
  */
 function update()
 {
     global $HTTP_POST_VARS;
     $HTTP_POST_VARS['id'] = Misc::escapeInteger($HTTP_POST_VARS['id']);
     if (Validation::isWhitespace($HTTP_POST_VARS["title"])) {
         return -2;
     }
     $stmt = "UPDATE\n                    " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "email_response\n                 SET\n                    ere_title='" . Misc::escapeString($HTTP_POST_VARS["title"]) . "',\n                    ere_response_body='" . Misc::escapeString($HTTP_POST_VARS["response_body"]) . "'\n                 WHERE\n                    ere_id=" . $HTTP_POST_VARS["id"];
     $res = $GLOBALS["db_api"]->dbh->query($stmt);
     if (PEAR::isError($res)) {
         Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
         return -1;
     } else {
         // remove all of the associations with projects, then add them all again
         Email_Response::removeProjectAssociations($HTTP_POST_VARS['id']);
         foreach ($HTTP_POST_VARS['projects'] as $prj_id) {
             Email_Response::addProjectAssociation($HTTP_POST_VARS['id'], $prj_id);
         }
         return 1;
     }
 }
Ejemplo n.º 19
0
 /**
  * Method used to add a new project to the system.
  *
  * @access  public
  * @return  integer 1 if the update worked, -1 or -2 otherwise
  */
 function insert()
 {
     global $HTTP_POST_VARS;
     if (Validation::isWhitespace($HTTP_POST_VARS["title"])) {
         return -2;
     }
     $stmt = "INSERT INTO\n                    " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "project\n                 (\n                    prj_created_date,\n                    prj_title,\n                    prj_status,\n                    prj_lead_usr_id,\n                    prj_initial_sta_id,\n                    prj_outgoing_sender_name,\n                    prj_outgoing_sender_email,\n                    prj_remote_invocation,\n                    prj_customer_backend,\n                    prj_workflow_backend\n                 ) VALUES (\n                    '" . Date_API::getCurrentDateGMT() . "',\n                    '" . Misc::escapeString($HTTP_POST_VARS["title"]) . "',\n                    '" . Misc::escapeString($HTTP_POST_VARS["status"]) . "',\n                    " . Misc::escapeInteger($HTTP_POST_VARS["lead_usr_id"]) . ",\n                    " . Misc::escapeInteger($HTTP_POST_VARS["initial_status"]) . ",\n                    '" . Misc::escapeString($HTTP_POST_VARS["outgoing_sender_name"]) . "',\n                    '" . Misc::escapeString($HTTP_POST_VARS["outgoing_sender_email"]) . "',\n                    '" . Misc::escapeString($HTTP_POST_VARS["remote_invocation"]) . "',\n                    '" . Misc::escapeString($HTTP_POST_VARS["customer_backend"]) . "',\n                    '" . Misc::escapeString($HTTP_POST_VARS["workflow_backend"]) . "'\n                 )";
     $res = $GLOBALS["db_api"]->dbh->query($stmt);
     if (PEAR::isError($res)) {
         Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
         return -1;
     } else {
         $new_prj_id = $GLOBALS["db_api"]->get_last_insert_id();
         for ($i = 0; $i < count($HTTP_POST_VARS["users"]); $i++) {
             if ($HTTP_POST_VARS["users"][$i] == $HTTP_POST_VARS["lead_usr_id"]) {
                 $role_id = User::getRoleID("Manager");
             } else {
                 $role_id = User::getRoleID("Standard User");
             }
             Project::associateUser($new_prj_id, $HTTP_POST_VARS["users"][$i], $role_id);
         }
         foreach ($HTTP_POST_VARS['statuses'] as $sta_id) {
             Status::addProjectAssociation($sta_id, $new_prj_id);
         }
         Display_Column::setupNewProject($new_prj_id);
         return 1;
     }
 }
Ejemplo n.º 20
0
 /**
  * Method used to add a new time tracking category
  *
  * @param   integer $prj_id The project ID
  * @param   string $title The title of the time tracking category
  * @return  integer 1 if the update worked, -1 otherwise
  */
 public static function insertCategory($prj_id, $title)
 {
     if (Validation::isWhitespace($title)) {
         return -2;
     }
     $stmt = 'INSERT INTO
                 {{%time_tracking_category}}
              (
                 ttc_prj_id,
                 ttc_title,
                 ttc_created_date
              ) VALUES (
                 ?, ?, ?
              )';
     try {
         DB_Helper::getInstance()->query($stmt, array($prj_id, $title, Date_Helper::getCurrentDateGMT()));
     } catch (DbException $e) {
         return -1;
     }
     return 1;
 }
Ejemplo n.º 21
0
 /**
  * Method used to add a new resolution by using the administrative
  * interface of the system.
  *
  * @return  integer 1 if the update worked, -1 or -2 otherwise
  */
 public static function insert()
 {
     if (Validation::isWhitespace($_POST['title'])) {
         return -2;
     }
     $stmt = 'INSERT INTO
                 {{%resolution}}
              (
                 res_title,
                 res_rank,
                 res_created_date
              ) VALUES (
                 ?, ?, ?
              )';
     $params = array($_POST['title'], $_POST['rank'], Date_Helper::getCurrentDateGMT());
     try {
         DB_Helper::getInstance()->query($stmt, $params);
     } catch (DbException $e) {
         return -1;
     }
     return 1;
 }
Ejemplo n.º 22
0
 /**
  * Method used to update the details of a given custom status.
  *
  * @return  integer 1 if the update worked properly, any other value otherwise
  */
 public static function updateFromPost()
 {
     if (Validation::isWhitespace($_POST['title'])) {
         return -2;
     }
     $color = $_POST['color'];
     // validate that it is valid RGB hex color
     if (!preg_match('/^#[a-f\\d]{6}$/i', $color)) {
         return -3;
     }
     $stmt = 'UPDATE
                 {{%status}}
              SET
                 sta_title=?,
                 sta_abbreviation=?,
                 sta_rank=?,
                 sta_color=?,
                 sta_is_closed=?
              WHERE
                 sta_id=?';
     $params = array($_POST['title'], $_POST['abbreviation'], $_POST['rank'], $color, $_POST['is_closed'], $_POST['id']);
     try {
         DB_Helper::getInstance()->query($stmt, $params);
     } catch (DbException $e) {
         return -1;
     }
     $projects = self::getAssociatedProjects($_POST['id']);
     $current_projects = array_keys($projects);
     // remove all of the associations with projects, then add them all again
     self::removeProjectAssociations($_POST['id']);
     foreach ($_POST['projects'] as $prj_id) {
         self::addProjectAssociation($_POST['id'], $prj_id);
     }
     // need to update all issues that are not supposed to have the changed sta_id to '0'
     $removed_projects = array();
     foreach ($current_projects as $project_id) {
         if (!in_array($project_id, $_POST['projects'])) {
             $removed_projects[] = $project_id;
         }
     }
     if (count($removed_projects) > 0) {
         $stmt = 'UPDATE
                     {{%issue}}
                  SET
                     iss_sta_id=0
                  WHERE
                     iss_sta_id=? AND
                     iss_prj_id IN (' . implode(', ', $removed_projects) . ')';
         try {
             DB_Helper::getInstance()->query($stmt, array($_POST['id']));
         } catch (DbException $e) {
             // FIXME: why no error handling?
         }
     }
     return 1;
 }
Ejemplo n.º 23
0
 /**
  * Method used to add a new release by using the administrative
  * interface of the system.
  *
  * @return  integer 1 if the update worked, -1 or -2 otherwise
  */
 public static function insert()
 {
     if (Validation::isWhitespace($_POST['title'])) {
         return -2;
     }
     $scheduled_date = $_POST['scheduled_date']['Year'] . '-' . $_POST['scheduled_date']['Month'] . '-' . $_POST['scheduled_date']['Day'];
     $stmt = 'INSERT INTO
                 {{%project_release}}
              (
                 pre_prj_id,
                 pre_title,
                 pre_scheduled_date,
                 pre_status
              ) VALUES (
                 ?, ?, ?, ?
              )';
     $params = array($_POST['prj_id'], $_POST['title'], $scheduled_date, $_POST['status']);
     try {
         DB_Helper::getInstance()->query($stmt, $params);
     } catch (DbException $e) {
         return -1;
     }
     return 1;
 }
Ejemplo n.º 24
0
 /**
  * Method used to add a new project to the system.
  *
  * @return  integer 1 if the update worked, -1 or -2 otherwise
  */
 public static function insert()
 {
     if (Validation::isWhitespace($_POST['title'])) {
         return -2;
     }
     $stmt = 'INSERT INTO
                 {{%project}}
              (
                 prj_created_date,
                 prj_title,
                 prj_status,
                 prj_lead_usr_id,
                 prj_initial_sta_id,
                 prj_outgoing_sender_name,
                 prj_outgoing_sender_email,
                 prj_mail_aliases,
                 prj_remote_invocation,
                 prj_customer_backend,
                 prj_workflow_backend
              ) VALUES (
                  ?, ?, ?, ?, ?,
                  ?, ?, ?, ?, ?, ?
              )';
     try {
         DB_Helper::getInstance()->query($stmt, array(Date_Helper::getCurrentDateGMT(), $_POST['title'], $_POST['status'], $_POST['lead_usr_id'], $_POST['initial_status'], $_POST['outgoing_sender_name'], $_POST['outgoing_sender_email'], $_POST['mail_aliases'], $_POST['remote_invocation'], $_POST['customer_backend'], $_POST['workflow_backend']));
     } catch (DbException $e) {
         return -1;
     }
     $new_prj_id = DB_Helper::get_last_insert_id();
     foreach ($_POST['users'] as $user) {
         if ($user == $_POST['lead_usr_id']) {
             $role_id = User::getRoleID('Manager');
         } else {
             $role_id = User::getRoleID('Standard User');
         }
         self::associateUser($new_prj_id, $user, $role_id);
     }
     foreach ($_POST['statuses'] as $sta_id) {
         Status::addProjectAssociation($sta_id, $new_prj_id);
     }
     Display_Column::setupNewProject($new_prj_id);
     // insert default timetracking categories
     Time_Tracking::addProjectDefaults($new_prj_id);
     return 1;
 }
Ejemplo n.º 25
0
 /**
  * Method used to add a FAQ entry to the system.
  *
  * @access  public
  * @return  integer 1 if the insert worked, -1 otherwise
  */
 function insert()
 {
     global $HTTP_POST_VARS;
     if (Validation::isWhitespace($HTTP_POST_VARS["title"])) {
         return -2;
     }
     if (Validation::isWhitespace($HTTP_POST_VARS["message"])) {
         return -3;
     }
     $stmt = "INSERT INTO\n                    " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "faq\n                 (\n                    faq_prj_id,\n                    faq_usr_id,\n                    faq_created_date,\n                    faq_title,\n                    faq_message,\n                    faq_rank\n                 ) VALUES (\n                    " . $HTTP_POST_VARS['project'] . ",\n                    " . Auth::getUserID() . ",\n                    '" . Date_API::getCurrentDateGMT() . "',\n                    '" . Misc::escapeString($HTTP_POST_VARS["title"]) . "',\n                    '" . Misc::escapeString($HTTP_POST_VARS["message"]) . "',\n                    " . $HTTP_POST_VARS['rank'] . "\n                 )";
     $res = $GLOBALS["db_api"]->dbh->query($stmt);
     if (PEAR::isError($res)) {
         Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
         return -1;
     } else {
         $new_faq_id = $GLOBALS["db_api"]->get_last_insert_id();
         if (Customer::doesBackendUseSupportLevels(Misc::escapeInteger($HTTP_POST_VARS['project']))) {
             // now populate the faq-support level mapping table
             foreach ($HTTP_POST_VARS['support_levels'] as $support_level_id) {
                 FAQ::addSupportLevelAssociation($new_faq_id, $support_level_id);
             }
         }
         return 1;
     }
 }
Ejemplo n.º 26
0
 /**
  * Method used to add a new release by using the administrative
  * interface of the system.
  *
  * @access  public
  * @return  integer 1 if the update worked, -1 or -2 otherwise
  */
 function insert()
 {
     global $HTTP_POST_VARS;
     if (Validation::isWhitespace($HTTP_POST_VARS["title"])) {
         return -2;
     }
     $scheduled_date = $HTTP_POST_VARS["scheduled_date"]["Year"] . "-" . $HTTP_POST_VARS["scheduled_date"]["Month"] . "-" . $HTTP_POST_VARS["scheduled_date"]["Day"];
     $stmt = "INSERT INTO\n                    " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "project_release\n                 (\n                    pre_prj_id,\n                    pre_title,\n                    pre_scheduled_date,\n                    pre_status\n                 ) VALUES (\n                    " . Misc::escapeInteger($HTTP_POST_VARS["prj_id"]) . ",\n                    '" . Misc::escapeString($HTTP_POST_VARS["title"]) . "',\n                    '" . Misc::escapeString($scheduled_date) . "',\n                    '" . Misc::escapeString($HTTP_POST_VARS["status"]) . "'\n                 )";
     $res = $GLOBALS["db_api"]->dbh->query($stmt);
     if (PEAR::isError($res)) {
         Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
         return -1;
     } else {
         return 1;
     }
 }