/**
* Method used to update the values stored in the database.
* Typically the user would modify the title of the category in
* the application and this method would be called.
*
* @access public
* @return integer 1 if the update worked properly, any other value otherwise
*/
function updateCategory()
{
global $HTTP_POST_VARS;
if (Validation::isWhitespace($HTTP_POST_VARS["title"])) {
return -2;
}
$stmt = "UPDATE\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "project_phone_category\n SET\n phc_title='" . Misc::escapeString($HTTP_POST_VARS["title"]) . "'\n WHERE\n phc_prj_id=" . Misc::escapeInteger($HTTP_POST_VARS["prj_id"]) . " AND\n phc_id=" . Misc::escapeInteger($HTTP_POST_VARS["id"]);
$res = $GLOBALS["db_api"]->dbh->query($stmt);
if (PEAR::isError($res)) {
Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
return -1;
} else {
return 1;
}
}
/**
* Method used to update the values stored in the database.
* Typically the user would modify the title of the category in
* the application and this method would be called.
*
* @return integer 1 if the update worked properly, any other value otherwise
*/
public static function updateCategory()
{
if (Validation::isWhitespace($_POST['title'])) {
return -2;
}
$stmt = 'UPDATE
{{%project_phone_category}}
SET
phc_title=?
WHERE
phc_prj_id=? AND
phc_id=?';
try {
DB_Helper::getInstance()->query($stmt, array($_POST['title'], $_POST['prj_id'], $_POST['id']));
} catch (DbException $e) {
return -1;
}
return 1;
}
/**
* Method used to add a new category to the application.
*
* @access public
* @return integer 1 if the update worked properly, any other value otherwise
*/
function insert()
{
global $HTTP_POST_VARS;
if (Validation::isWhitespace($HTTP_POST_VARS["title"])) {
return -2;
}
$stmt = "INSERT INTO\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "project_category\n (\n prc_prj_id,\n prc_title\n ) VALUES (\n " . Misc::escapeInteger($HTTP_POST_VARS["prj_id"]) . ",\n '" . Misc::escapeString($HTTP_POST_VARS["title"]) . "'\n )";
$res = $GLOBALS["db_api"]->dbh->query($stmt);
if (PEAR::isError($res)) {
Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
return -1;
} else {
return 1;
}
}
// | along with this program; if not, write to: |
// | |
// | Free Software Foundation, Inc. |
// | 51 Franklin Street, Suite 330 |
// | Boston, MA 02110-1301, USA. |
// +----------------------------------------------------------------------+
// | Authors: João Prado Maia <*****@*****.**> |
// | Authors: Elan Ruusamäe <*****@*****.**> |
// +----------------------------------------------------------------------+
require_once dirname(__FILE__) . '/../init.php';
$login = isset($_POST['email']) ? (string) $_POST['email'] : null;
if (Validation::isWhitespace($login)) {
Auth::redirect('index.php?err=1');
}
$passwd = isset($_POST['passwd']) ? (string) $_POST['passwd'] : null;
if (Validation::isWhitespace($passwd)) {
Auth::saveLoginAttempt($login, 'failure', 'empty password');
Auth::redirect('index.php?err=2&email=' . rawurlencode($login));
}
// check if user exists
if (!Auth::userExists($login)) {
Auth::saveLoginAttempt($login, 'failure', 'unknown user');
Auth::redirect('index.php?err=3');
}
// check if user is locked
if (Auth::isUserBackOffLocked(Auth::getUserIDByLogin($login))) {
Auth::saveLoginAttempt($login, 'failure', 'account back-off locked');
Auth::redirect('index.php?err=13');
}
// check if the password matches
if (!Auth::isCorrectPassword($login, $passwd)) {
/**
* Method used to update the details of a given custom status.
*
* @access public
* @return integer 1 if the update worked properly, any other value otherwise
*/
function update()
{
global $HTTP_POST_VARS;
if (Validation::isWhitespace($HTTP_POST_VARS["title"])) {
return -2;
}
$stmt = "UPDATE\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "status\n SET\n sta_title='" . Misc::escapeString($HTTP_POST_VARS["title"]) . "',\n sta_abbreviation='" . Misc::escapeString($HTTP_POST_VARS["abbreviation"]) . "',\n sta_rank=" . Misc::escapeInteger($HTTP_POST_VARS['rank']) . ",\n sta_color='" . Misc::escapeString($HTTP_POST_VARS["color"]) . "',\n sta_is_closed=" . Misc::escapeInteger($HTTP_POST_VARS['is_closed']) . "\n WHERE\n sta_id=" . Misc::escapeInteger($HTTP_POST_VARS["id"]);
$res = $GLOBALS["db_api"]->dbh->query($stmt);
if (PEAR::isError($res)) {
Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
return -1;
} else {
$projects = Status::getAssociatedProjects($HTTP_POST_VARS['id']);
$current_projects = array_keys($projects);
// remove all of the associations with projects, then add them all again
Status::removeProjectAssociations($HTTP_POST_VARS['id']);
foreach ($HTTP_POST_VARS['projects'] as $prj_id) {
Status::addProjectAssociation($HTTP_POST_VARS['id'], $prj_id);
}
// need to update all issues that are not supposed to have the changed sta_id to '0'
$removed_projects = array();
foreach ($current_projects as $project_id) {
if (!in_array($project_id, $HTTP_POST_VARS['projects'])) {
$removed_projects[] = $project_id;
}
}
if (count($removed_projects) > 0) {
$stmt = "UPDATE\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "issue\n SET\n iss_sta_id=0\n WHERE\n iss_sta_id=" . Misc::escapeInteger($HTTP_POST_VARS['id']) . " AND\n iss_prj_id IN (" . implode(', ', $removed_projects) . ")";
$res = $GLOBALS["db_api"]->dbh->query($stmt);
if (PEAR::isError($res)) {
Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
}
}
return 1;
}
}
/**
* Method used to update a news entry in the system.
*
* @return integer 1 if the update worked, -1 otherwise
*/
public static function update()
{
if (Validation::isWhitespace($_POST['title'])) {
return -2;
}
if (Validation::isWhitespace($_POST['message'])) {
return -3;
}
$stmt = 'UPDATE
{{%news}}
SET
nws_title=?,
nws_message=?,
nws_status=?
WHERE
nws_id=?';
$params = array($_POST['title'], $_POST['message'], $_POST['status'], $_POST['id']);
try {
DB_Helper::getInstance()->query($stmt, $params);
} catch (DbException $e) {
return -1;
}
// remove all of the associations with projects, then add them all again
self::removeProjectAssociations($_POST['id']);
foreach ($_POST['projects'] as $prj_id) {
self::addProjectAssociation($_POST['id'], $prj_id);
}
return 1;
}
/**
* Insert note to system, send out notification and log.
*
* @param int $usr_id The user ID
* @param int $issue_id The issue ID
* @param string $title Title of the note
* @param string $note Note contents
* @param array $options extra optional options:
* - (array) cc: extra recipients to notify (usr_id list)
* - (bool) add_extra_recipients: whether to add recipients in 'cc' to notification list
* - (bool) closing: If The issue is being closed. Default false
* - (bool) is_blocked: FIXME
* - (bool) log: If adding this note should be logged. Default true
* - (bool) send_notification: Whether to send a notification about this note or not. Default true
* - (int) parent_id: FIXME
* - (string) full_message: FIXME
* - (string) message_id: FIXME
* - (string) unknown_user: The email address of a user that sent the blocked email that was turned into this note
* @return int the new note id if the insert worked, -1 or -2 otherwise
*/
public static function insertNote($usr_id, $issue_id, $title, $note, $options = array())
{
if (Validation::isWhitespace($note)) {
return -2;
}
$options = array_merge(array('unknown_user' => null, 'log' => true, 'closing' => false, 'send_notification' => true, 'is_blocked' => false, 'message_id' => null, 'cc' => null, 'full_message' => null, 'parent_id' => null), $options);
$prj_id = Issue::getProjectID($issue_id);
// NOTE: workflow may modify the parameters as $data is passed as reference
$data = array('title' => &$title, 'note' => &$note, 'options' => $options);
$workflow = Workflow::preNoteInsert($prj_id, $issue_id, $data);
if ($workflow !== null) {
// cancel insert of note
return $workflow;
}
// add the poster to the list of people to be subscribed to the notification list
// only if there is no 'unknown user' and the note is not blocked
if (!$options['unknown_user'] && !$options['is_blocked']) {
$note_cc = $options['add_extra_recipients'] ? $options['cc'] : array();
// always add the current user to the note_cc list
$note_cc[] = $usr_id;
$actions = Notification::getDefaultActions($issue_id, User::getEmail($usr_id), 'note');
foreach ($note_cc as $subscriber_usr_id) {
Notification::subscribeUser($usr_id, $issue_id, $subscriber_usr_id, $actions);
}
}
$params = array('not_iss_id' => $issue_id, 'not_usr_id' => $usr_id, 'not_created_date' => Date_Helper::getCurrentDateGMT(), 'not_note' => $note, 'not_title' => $title, 'not_message_id' => $options['message_id'] ?: Mail_Helper::generateMessageID());
if ($options['full_message']) {
$params['not_full_message'] = $options['full_message'];
}
if ($options['is_blocked']) {
$params['not_is_blocked'] = '1';
}
if ($options['parent_id']) {
$params['not_parent_id'] = $options['parent_id'];
}
if ($options['unknown_user']) {
$params['not_unknown_user'] = $options['unknown_user'];
}
$stmt = 'INSERT INTO
{{%note}}
SET ' . DB_Helper::buildSet($params);
try {
DB_Helper::getInstance()->query($stmt, $params);
} catch (DbException $e) {
return -1;
}
$note_id = DB_Helper::get_last_insert_id();
Issue::markAsUpdated($issue_id, 'note');
if ($options['log']) {
// need to save a history entry for this
History::add($issue_id, $usr_id, 'note_added', 'Note added by {subject}', array('subject' => User::getFullName($usr_id)));
}
// send notifications for the issue being updated
if ($options['send_notification']) {
$internal_only = true;
Notification::notify($issue_id, 'notes', $note_id, $internal_only, $options['cc']);
Workflow::handleNewNote($prj_id, $issue_id, $usr_id, $options['closing'], $note_id);
}
// need to return the new note id here so it can
// be re-used to associate internal-only attachments
return $note_id;
}
/**
* Method used to add a new category to the application.
*
* @return integer 1 if the update worked properly, any other value otherwise
*/
public static function insert()
{
if (Validation::isWhitespace($_POST['title'])) {
return -2;
}
$stmt = 'INSERT INTO
{{%project_category}}
(
prc_prj_id,
prc_title
) VALUES (
?, ?
)';
try {
DB_Helper::getInstance()->query($stmt, array($_POST['prj_id'], $_POST['title']));
} catch (DbException $e) {
return -1;
}
return 1;
}
/**
* Adds the specified email address to the list of authorized users.
*
* @param integer $issue_id The id of the issue.
* @param string $email The email of the user.
* @param boolean $add_history If this should be logged.
* @return int
*/
public static function manualInsert($issue_id, $email, $add_history = true)
{
if (Validation::isWhitespace($email)) {
return -1;
}
if (self::isAuthorizedReplier($issue_id, $email)) {
return -1;
}
$email = strtolower(Mail_Helper::getEmailAddress($email));
$workflow = Workflow::handleAuthorizedReplierAdded(Issue::getProjectID($issue_id), $issue_id, $email);
if ($workflow === false) {
// cancel subscribing the user
return -1;
}
// first check if this is an actual user or just an email address
$usr_id = User::getUserIDByEmail($email, true);
if (!empty($usr_id)) {
return self::addUser($issue_id, $usr_id, $add_history);
}
$stmt = 'INSERT INTO
{{%issue_user_replier}}
(
iur_iss_id,
iur_usr_id,
iur_email
) VALUES (
?, ?, ?
)';
try {
DB_Helper::getInstance()->query($stmt, array($issue_id, APP_SYSTEM_USER_ID, $email));
} catch (DbException $e) {
return -1;
}
if ($add_history) {
// add the change to the history of the issue
$usr_id = Auth::getUserID();
History::add($issue_id, $usr_id, 'replier_other_added', '{email} added to the authorized repliers list by {user}', array('email' => $email, 'user' => User::getFullName($usr_id)));
}
return 1;
}
//Auth::updateAccess($_SESSION['gw_user_en_ID'], 3, 2);
break;
case 'admin':
Auth::updateAccess($_SESSION['gw_user_en_ID'], 2, 6);
Auth::updateAccess($_SESSION['gw_user_en_ID'], 3, 6);
Auth::updateAccess($_SESSION['gw_user_en_ID'], 4, 6);
Auth::updateAccess($_SESSION['gw_user_en_ID'], 5, 6);
Auth::updateAccess($_SESSION['gw_user_en_ID'], 6, 6);
break;
}
}
// END ETEL MODIFIED
if (Validation::isWhitespace($HTTP_POST_VARS["email"])) {
Auth::redirect(APP_RELATIVE_URL . "index.php?err=1");
}
if (Validation::isWhitespace($HTTP_POST_VARS["passwd"])) {
Auth::saveLoginAttempt($HTTP_POST_VARS["email"], 'failure', 'empty password');
Auth::redirect(APP_RELATIVE_URL . "index.php?err=2&email=" . $HTTP_POST_VARS["email"]);
}
// check if user exists
if (!Auth::userExists($HTTP_POST_VARS["email"])) {
Auth::saveLoginAttempt($HTTP_POST_VARS["email"], 'failure', 'unknown user');
Auth::redirect(APP_RELATIVE_URL . "index.php?err=3");
}
// check if the password matches
if (!Auth::isCorrectPassword($HTTP_POST_VARS["email"], $HTTP_POST_VARS["passwd"])) {
Auth::saveLoginAttempt($HTTP_POST_VARS["email"], 'failure', 'wrong password');
Auth::redirect(APP_RELATIVE_URL . "index.php?err=3&email=" . $HTTP_POST_VARS["email"]);
}
// check if this user did already confirm his account
if (Auth::isPendingUser($HTTP_POST_VARS["email"])) {
/**
* Method used to add a note using the user interface form
* available in the application.
*
* @param integer $usr_id The user ID
* @param integer $issue_id The issue ID
* @param string $unknown_user The email address of a user that sent the blocked email that was turned into this note. Default is false.
* @param boolean $log If adding this note should be logged. Default true.
* @param boolean $closing If The issue is being closed. Default false
* @param boolean $send_notification Whether to send a notification about this note or not
* @access public
* @return integer the new note id if the insert worked, -1 or -2 otherwise
*/
function insert($usr_id, $issue_id, $unknown_user = FALSE, $log = true, $closing = false, $send_notification = true)
{
global $HTTP_POST_VARS;
$issue_id = Misc::escapeInteger($issue_id);
if (@$HTTP_POST_VARS['add_extra_recipients'] != 'yes') {
$note_cc = array();
} else {
$note_cc = $HTTP_POST_VARS['note_cc'];
}
// add the poster to the list of people to be subscribed to the notification list
// only if there is no 'unknown user'.
$note_cc[] = $usr_id;
if ($unknown_user == false) {
for ($i = 0; $i < count($note_cc); $i++) {
Notification::subscribeUser($usr_id, $issue_id, $note_cc[$i], Notification::getDefaultActions());
}
}
if (Validation::isWhitespace($HTTP_POST_VARS["note"])) {
return -2;
}
if (empty($HTTP_POST_VARS['message_id'])) {
$HTTP_POST_VARS['message_id'] = Mail_API::generateMessageID();
}
$stmt = "INSERT INTO\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "note\n (\n not_iss_id,\n not_usr_id,\n not_created_date,\n not_note,\n not_title";
if (!@empty($HTTP_POST_VARS['blocked_msg'])) {
$stmt .= ", not_blocked_message";
}
$stmt .= ", not_message_id";
if (!@empty($HTTP_POST_VARS['parent_id'])) {
$stmt .= ", not_parent_id";
}
if ($unknown_user != false) {
$stmt .= ", not_unknown_user";
}
$stmt .= "\n ) VALUES (\n {$issue_id},\n {$usr_id},\n '" . Date_API::getCurrentDateGMT() . "',\n '" . Misc::escapeString($HTTP_POST_VARS["note"]) . "',\n '" . Misc::escapeString($HTTP_POST_VARS["title"]) . "'";
if (!@empty($HTTP_POST_VARS['blocked_msg'])) {
$stmt .= ", '" . Misc::escapeString($HTTP_POST_VARS['blocked_msg']) . "'";
}
$stmt .= ", '" . Misc::escapeString($HTTP_POST_VARS['message_id']) . "'";
if (!@empty($HTTP_POST_VARS['parent_id'])) {
$stmt .= ", " . Misc::escapeInteger($HTTP_POST_VARS['parent_id']) . "";
}
if ($unknown_user != false) {
$stmt .= ", '" . Misc::escapeString($unknown_user) . "'";
}
$stmt .= "\n )";
$res = $GLOBALS["db_api"]->dbh->query($stmt);
if (PEAR::isError($res)) {
Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
return -1;
} else {
$new_note_id = $GLOBALS["db_api"]->get_last_insert_id();
Issue::markAsUpdated($issue_id, 'note');
if ($log) {
// need to save a history entry for this
History::add($issue_id, $usr_id, History::getTypeID('note_added'), 'Note added by ' . User::getFullName($usr_id));
}
// send notifications for the issue being updated
if ($send_notification) {
$internal_only = true;
if (@$HTTP_POST_VARS['add_extra_recipients'] != 'yes' && @count($HTTP_POST_VARS['note_cc']) > 0) {
Notification::notify($issue_id, 'notes', $new_note_id, $internal_only, $HTTP_POST_VARS['note_cc']);
} else {
Notification::notify($issue_id, 'notes', $new_note_id, $internal_only);
}
Workflow::handleNewNote(Issue::getProjectID($issue_id), $issue_id, $usr_id, $closing);
}
// need to return the new note id here so it can
// be re-used to associate internal-only attachments
return $new_note_id;
}
}
/**
* Method used to update a canned email response in the system.
*
* @return integer 1 if the update worked, -1 otherwise
*/
public static function update()
{
if (Validation::isWhitespace($_POST['title'])) {
return -2;
}
$stmt = 'UPDATE
{{%email_response}}
SET
ere_title=?,
ere_response_body=?
WHERE
ere_id=?';
try {
DB_Helper::getInstance()->query($stmt, array($_POST['title'], $_POST['response_body'], $_POST['id']));
} catch (DbException $e) {
return -1;
}
// remove all of the associations with projects, then add them all again
self::removeProjectAssociations($_POST['id']);
foreach ($_POST['projects'] as $prj_id) {
self::addProjectAssociation($_POST['id'], $prj_id);
}
return 1;
}
/**
* Authorize request.
* TODO: translations
* TODO: ip based control
*/
function authorizeRequest()
{
// try current auth cookie
$usr_id = Auth::getUserID();
if (!$usr_id) {
// otherwise setup HTTP Auth headers
$authData = getAuthData();
if ($authData === null) {
sendAuthenticateHeader();
echo 'Error: You are required to authenticate in order to access the requested RSS feed.';
exit;
}
list($authUser, $authPassword) = $authData;
// check the authentication
if (Validation::isWhitespace($authUser)) {
sendAuthenticateHeader();
echo 'Error: Please provide your email address.';
exit;
}
if (Validation::isWhitespace($authPassword)) {
sendAuthenticateHeader();
echo 'Error: Please provide your password.';
exit;
}
// check if user exists
if (!Auth::userExists($authUser)) {
sendAuthenticateHeader();
echo 'Error: The user specified does not exist.';
exit;
}
// check if the password matches
if (!Auth::isCorrectPassword($authUser, $authPassword)) {
sendAuthenticateHeader();
echo 'Error: The provided email address/password combo is not correct.';
exit;
}
// check if this user did already confirm his account
if (Auth::isPendingUser($authUser)) {
sendAuthenticateHeader();
echo 'Error: The provided user still needs to have its account confirmed.';
exit;
}
// check if this user is really an active one
if (!Auth::isActiveUser($authUser)) {
sendAuthenticateHeader();
echo 'Error: The provided user is currently set as an inactive user.';
exit;
}
$usr_id = User::getUserIDByEmail($authUser);
Auth::createFakeCookie($usr_id);
}
// check if the required parameter 'custom_id' is really being passed
if (empty($_GET['custom_id'])) {
rssError("Error: The required 'custom_id' parameter was not provided.");
exit;
}
// check if the passed 'custom_id' parameter is associated with the usr_id
if (!Filter::isGlobal($_GET['custom_id']) && !Filter::isOwner($_GET['custom_id'], $usr_id)) {
rssError('Error: The provided custom filter ID is not associated with the given email address.');
exit;
}
}
/**
* Method used to add a new time tracking category
*
* @access public
* @return integer 1 if the update worked, -1 otherwise
*/
function insert()
{
global $HTTP_POST_VARS;
if (Validation::isWhitespace($HTTP_POST_VARS["title"])) {
return -2;
}
$stmt = "INSERT INTO\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "time_tracking_category\n (\n ttc_title,\n ttc_created_date\n ) VALUES (\n '" . Misc::escapeString($HTTP_POST_VARS["title"]) . "',\n '" . Date_API::getCurrentDateGMT() . "'\n )";
$res = $GLOBALS["db_api"]->dbh->query($stmt);
if (PEAR::isError($res)) {
Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
return -1;
} else {
return 1;
}
}
$HTTP_SERVER_VARS['PHP_AUTH_USER'] = $pieces[0];
$HTTP_SERVER_VARS['PHP_AUTH_PW'] = $pieces[1];
}
}
if (!isset($HTTP_SERVER_VARS['PHP_AUTH_USER'])) {
authenticate();
echo 'Error: You are required to authenticate in order to access the requested RSS feed.';
exit;
} else {
// check the authentication
if (Validation::isWhitespace($HTTP_SERVER_VARS['PHP_AUTH_USER'])) {
authenticate();
echo 'Error: Please provide your email address.';
exit;
}
if (Validation::isWhitespace($HTTP_SERVER_VARS['PHP_AUTH_PW'])) {
authenticate();
echo 'Error: Please provide your password.';
exit;
}
// check if user exists
if (!Auth::userExists($HTTP_SERVER_VARS['PHP_AUTH_USER'])) {
authenticate();
echo 'Error: The user specified does not exist.';
exit;
}
// check if the password matches
if (!Auth::isCorrectPassword($HTTP_SERVER_VARS['PHP_AUTH_USER'], $HTTP_SERVER_VARS['PHP_AUTH_PW'])) {
authenticate();
echo 'Error: The provided email address/password combo is not correct.';
exit;
/**
* Method used to add a new severity to the application.
*
* @return integer 1 if the update worked properly, any other value otherwise
*/
public static function insert($prj_id, $title, $description, $rank)
{
if (Validation::isWhitespace($title)) {
return -2;
}
$sql = 'INSERT INTO
{{%project_severity}}
SET
sev_prj_id = ?,
sev_title=?,
sev_description=?,
sev_rank=?';
try {
DB_Helper::getInstance()->query($sql, array($prj_id, $title, $description, $rank));
} catch (DbException $e) {
return -1;
}
return 1;
}
/**
* Method used to add a FAQ entry to the system.
*
* @return integer 1 if the insert worked, -1 otherwise
*/
public static function insert()
{
if (Validation::isWhitespace($_POST['title'])) {
return -2;
}
if (Validation::isWhitespace($_POST['message'])) {
return -3;
}
$stmt = 'INSERT INTO
{{%faq}}
(
faq_prj_id,
faq_usr_id,
faq_created_date,
faq_title,
faq_message,
faq_rank
) VALUES (
?, ?, ?, ?, ?, ?
)';
$params = array($_POST['project'], Auth::getUserID(), Date_Helper::getCurrentDateGMT(), $_POST['title'], $_POST['message'], $_POST['rank']);
try {
DB_Helper::getInstance()->query($stmt, $params);
} catch (DbException $e) {
return -1;
}
$new_faq_id = DB_Helper::get_last_insert_id();
if (isset($_POST['support_levels']) && count($_POST['support_levels']) > 0) {
// now populate the faq-support level mapping table
foreach ($_POST['support_levels'] as $support_level_id) {
self::addSupportLevelAssociation($new_faq_id, $support_level_id);
}
}
return 1;
}
/**
* Method used to update a canned email response in the system.
*
* @access public
* @return integer 1 if the update worked, -1 otherwise
*/
function update()
{
global $HTTP_POST_VARS;
$HTTP_POST_VARS['id'] = Misc::escapeInteger($HTTP_POST_VARS['id']);
if (Validation::isWhitespace($HTTP_POST_VARS["title"])) {
return -2;
}
$stmt = "UPDATE\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "email_response\n SET\n ere_title='" . Misc::escapeString($HTTP_POST_VARS["title"]) . "',\n ere_response_body='" . Misc::escapeString($HTTP_POST_VARS["response_body"]) . "'\n WHERE\n ere_id=" . $HTTP_POST_VARS["id"];
$res = $GLOBALS["db_api"]->dbh->query($stmt);
if (PEAR::isError($res)) {
Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
return -1;
} else {
// remove all of the associations with projects, then add them all again
Email_Response::removeProjectAssociations($HTTP_POST_VARS['id']);
foreach ($HTTP_POST_VARS['projects'] as $prj_id) {
Email_Response::addProjectAssociation($HTTP_POST_VARS['id'], $prj_id);
}
return 1;
}
}
/**
* Method used to add a new project to the system.
*
* @access public
* @return integer 1 if the update worked, -1 or -2 otherwise
*/
function insert()
{
global $HTTP_POST_VARS;
if (Validation::isWhitespace($HTTP_POST_VARS["title"])) {
return -2;
}
$stmt = "INSERT INTO\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "project\n (\n prj_created_date,\n prj_title,\n prj_status,\n prj_lead_usr_id,\n prj_initial_sta_id,\n prj_outgoing_sender_name,\n prj_outgoing_sender_email,\n prj_remote_invocation,\n prj_customer_backend,\n prj_workflow_backend\n ) VALUES (\n '" . Date_API::getCurrentDateGMT() . "',\n '" . Misc::escapeString($HTTP_POST_VARS["title"]) . "',\n '" . Misc::escapeString($HTTP_POST_VARS["status"]) . "',\n " . Misc::escapeInteger($HTTP_POST_VARS["lead_usr_id"]) . ",\n " . Misc::escapeInteger($HTTP_POST_VARS["initial_status"]) . ",\n '" . Misc::escapeString($HTTP_POST_VARS["outgoing_sender_name"]) . "',\n '" . Misc::escapeString($HTTP_POST_VARS["outgoing_sender_email"]) . "',\n '" . Misc::escapeString($HTTP_POST_VARS["remote_invocation"]) . "',\n '" . Misc::escapeString($HTTP_POST_VARS["customer_backend"]) . "',\n '" . Misc::escapeString($HTTP_POST_VARS["workflow_backend"]) . "'\n )";
$res = $GLOBALS["db_api"]->dbh->query($stmt);
if (PEAR::isError($res)) {
Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
return -1;
} else {
$new_prj_id = $GLOBALS["db_api"]->get_last_insert_id();
for ($i = 0; $i < count($HTTP_POST_VARS["users"]); $i++) {
if ($HTTP_POST_VARS["users"][$i] == $HTTP_POST_VARS["lead_usr_id"]) {
$role_id = User::getRoleID("Manager");
} else {
$role_id = User::getRoleID("Standard User");
}
Project::associateUser($new_prj_id, $HTTP_POST_VARS["users"][$i], $role_id);
}
foreach ($HTTP_POST_VARS['statuses'] as $sta_id) {
Status::addProjectAssociation($sta_id, $new_prj_id);
}
Display_Column::setupNewProject($new_prj_id);
return 1;
}
}
/**
* Method used to add a new time tracking category
*
* @param integer $prj_id The project ID
* @param string $title The title of the time tracking category
* @return integer 1 if the update worked, -1 otherwise
*/
public static function insertCategory($prj_id, $title)
{
if (Validation::isWhitespace($title)) {
return -2;
}
$stmt = 'INSERT INTO
{{%time_tracking_category}}
(
ttc_prj_id,
ttc_title,
ttc_created_date
) VALUES (
?, ?, ?
)';
try {
DB_Helper::getInstance()->query($stmt, array($prj_id, $title, Date_Helper::getCurrentDateGMT()));
} catch (DbException $e) {
return -1;
}
return 1;
}
/**
* Method used to add a new resolution by using the administrative
* interface of the system.
*
* @return integer 1 if the update worked, -1 or -2 otherwise
*/
public static function insert()
{
if (Validation::isWhitespace($_POST['title'])) {
return -2;
}
$stmt = 'INSERT INTO
{{%resolution}}
(
res_title,
res_rank,
res_created_date
) VALUES (
?, ?, ?
)';
$params = array($_POST['title'], $_POST['rank'], Date_Helper::getCurrentDateGMT());
try {
DB_Helper::getInstance()->query($stmt, $params);
} catch (DbException $e) {
return -1;
}
return 1;
}
/**
* Method used to update the details of a given custom status.
*
* @return integer 1 if the update worked properly, any other value otherwise
*/
public static function updateFromPost()
{
if (Validation::isWhitespace($_POST['title'])) {
return -2;
}
$color = $_POST['color'];
// validate that it is valid RGB hex color
if (!preg_match('/^#[a-f\\d]{6}$/i', $color)) {
return -3;
}
$stmt = 'UPDATE
{{%status}}
SET
sta_title=?,
sta_abbreviation=?,
sta_rank=?,
sta_color=?,
sta_is_closed=?
WHERE
sta_id=?';
$params = array($_POST['title'], $_POST['abbreviation'], $_POST['rank'], $color, $_POST['is_closed'], $_POST['id']);
try {
DB_Helper::getInstance()->query($stmt, $params);
} catch (DbException $e) {
return -1;
}
$projects = self::getAssociatedProjects($_POST['id']);
$current_projects = array_keys($projects);
// remove all of the associations with projects, then add them all again
self::removeProjectAssociations($_POST['id']);
foreach ($_POST['projects'] as $prj_id) {
self::addProjectAssociation($_POST['id'], $prj_id);
}
// need to update all issues that are not supposed to have the changed sta_id to '0'
$removed_projects = array();
foreach ($current_projects as $project_id) {
if (!in_array($project_id, $_POST['projects'])) {
$removed_projects[] = $project_id;
}
}
if (count($removed_projects) > 0) {
$stmt = 'UPDATE
{{%issue}}
SET
iss_sta_id=0
WHERE
iss_sta_id=? AND
iss_prj_id IN (' . implode(', ', $removed_projects) . ')';
try {
DB_Helper::getInstance()->query($stmt, array($_POST['id']));
} catch (DbException $e) {
// FIXME: why no error handling?
}
}
return 1;
}
/**
* Method used to add a new release by using the administrative
* interface of the system.
*
* @return integer 1 if the update worked, -1 or -2 otherwise
*/
public static function insert()
{
if (Validation::isWhitespace($_POST['title'])) {
return -2;
}
$scheduled_date = $_POST['scheduled_date']['Year'] . '-' . $_POST['scheduled_date']['Month'] . '-' . $_POST['scheduled_date']['Day'];
$stmt = 'INSERT INTO
{{%project_release}}
(
pre_prj_id,
pre_title,
pre_scheduled_date,
pre_status
) VALUES (
?, ?, ?, ?
)';
$params = array($_POST['prj_id'], $_POST['title'], $scheduled_date, $_POST['status']);
try {
DB_Helper::getInstance()->query($stmt, $params);
} catch (DbException $e) {
return -1;
}
return 1;
}
/**
* Method used to add a new project to the system.
*
* @return integer 1 if the update worked, -1 or -2 otherwise
*/
public static function insert()
{
if (Validation::isWhitespace($_POST['title'])) {
return -2;
}
$stmt = 'INSERT INTO
{{%project}}
(
prj_created_date,
prj_title,
prj_status,
prj_lead_usr_id,
prj_initial_sta_id,
prj_outgoing_sender_name,
prj_outgoing_sender_email,
prj_mail_aliases,
prj_remote_invocation,
prj_customer_backend,
prj_workflow_backend
) VALUES (
?, ?, ?, ?, ?,
?, ?, ?, ?, ?, ?
)';
try {
DB_Helper::getInstance()->query($stmt, array(Date_Helper::getCurrentDateGMT(), $_POST['title'], $_POST['status'], $_POST['lead_usr_id'], $_POST['initial_status'], $_POST['outgoing_sender_name'], $_POST['outgoing_sender_email'], $_POST['mail_aliases'], $_POST['remote_invocation'], $_POST['customer_backend'], $_POST['workflow_backend']));
} catch (DbException $e) {
return -1;
}
$new_prj_id = DB_Helper::get_last_insert_id();
foreach ($_POST['users'] as $user) {
if ($user == $_POST['lead_usr_id']) {
$role_id = User::getRoleID('Manager');
} else {
$role_id = User::getRoleID('Standard User');
}
self::associateUser($new_prj_id, $user, $role_id);
}
foreach ($_POST['statuses'] as $sta_id) {
Status::addProjectAssociation($sta_id, $new_prj_id);
}
Display_Column::setupNewProject($new_prj_id);
// insert default timetracking categories
Time_Tracking::addProjectDefaults($new_prj_id);
return 1;
}
/**
* Method used to add a FAQ entry to the system.
*
* @access public
* @return integer 1 if the insert worked, -1 otherwise
*/
function insert()
{
global $HTTP_POST_VARS;
if (Validation::isWhitespace($HTTP_POST_VARS["title"])) {
return -2;
}
if (Validation::isWhitespace($HTTP_POST_VARS["message"])) {
return -3;
}
$stmt = "INSERT INTO\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "faq\n (\n faq_prj_id,\n faq_usr_id,\n faq_created_date,\n faq_title,\n faq_message,\n faq_rank\n ) VALUES (\n " . $HTTP_POST_VARS['project'] . ",\n " . Auth::getUserID() . ",\n '" . Date_API::getCurrentDateGMT() . "',\n '" . Misc::escapeString($HTTP_POST_VARS["title"]) . "',\n '" . Misc::escapeString($HTTP_POST_VARS["message"]) . "',\n " . $HTTP_POST_VARS['rank'] . "\n )";
$res = $GLOBALS["db_api"]->dbh->query($stmt);
if (PEAR::isError($res)) {
Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
return -1;
} else {
$new_faq_id = $GLOBALS["db_api"]->get_last_insert_id();
if (Customer::doesBackendUseSupportLevels(Misc::escapeInteger($HTTP_POST_VARS['project']))) {
// now populate the faq-support level mapping table
foreach ($HTTP_POST_VARS['support_levels'] as $support_level_id) {
FAQ::addSupportLevelAssociation($new_faq_id, $support_level_id);
}
}
return 1;
}
}
/**
* Method used to add a new release by using the administrative
* interface of the system.
*
* @access public
* @return integer 1 if the update worked, -1 or -2 otherwise
*/
function insert()
{
global $HTTP_POST_VARS;
if (Validation::isWhitespace($HTTP_POST_VARS["title"])) {
return -2;
}
$scheduled_date = $HTTP_POST_VARS["scheduled_date"]["Year"] . "-" . $HTTP_POST_VARS["scheduled_date"]["Month"] . "-" . $HTTP_POST_VARS["scheduled_date"]["Day"];
$stmt = "INSERT INTO\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "project_release\n (\n pre_prj_id,\n pre_title,\n pre_scheduled_date,\n pre_status\n ) VALUES (\n " . Misc::escapeInteger($HTTP_POST_VARS["prj_id"]) . ",\n '" . Misc::escapeString($HTTP_POST_VARS["title"]) . "',\n '" . Misc::escapeString($scheduled_date) . "',\n '" . Misc::escapeString($HTTP_POST_VARS["status"]) . "'\n )";
$res = $GLOBALS["db_api"]->dbh->query($stmt);
if (PEAR::isError($res)) {
Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
return -1;
} else {
return 1;
}
}