function check_incident_access($id) { global $config; if ($id) { $incident = get_incident($id); if ($incident !== false) { $id_grupo = $incident['id_grupo']; } else { echo "<h1>" . __("Ticket") . "</h1>"; echo ui_print_error_message(__("There is no information for this ticket"), '', true, 'h3', true); echo "<br>"; echo "<a style='margin-left: 90px' href='index.php?sec=incidents&sec2=operation/incidents/incident_search'>" . __("Try the search form to find the ticket") . "</a>"; return false; } } if (isset($incident)) { //Incident creators must see their incidents $check_acl = enterprise_hook("incidents_check_incident_acl", array($incident)); $standalone_check = enterprise_hook("manage_standalone", array($incident)); if ($check_acl !== ENTERPRISE_NOT_HOOK && !$check_acl || $standalone_check !== ENTERPRISE_NOT_HOOK && !$standalone_check) { // Doesn't have access to this page audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to ticket (External user) " . $id); include "general/noaccess.php"; return false; } } else { if (!give_acl($config['id_user'], $id_grupo, "IR")) { // Doesn't have access to this page audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to ticket " . $id); include "general/noaccess.php"; return false; } else { //No incident but ACLs enabled echo ui_print_error_message(__("The ticket doesn't exist"), '', true, 'h3', true); return false; } } return true; }
$external_check = enterprise_hook("manage_external", array($incident)); if (($check_acl !== ENTERPRISE_NOT_HOOK && !$check_acl) || ($external_check !== ENTERPRISE_NOT_HOOK && !$external_check)) { // Doesn't have access to this page audit_db ($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", 'Trying to access files of ticket #'.$id." '".$titulo."'"); if (!defined ('AJAX')) { include ("general/noaccess.php"); exit; } else { return; } } if (!$id) { audit_db ($config['id_user'], $REMOTE_ADDR, "ACL Violation", "Trying to access files of ticket #".$id); if (!defined ('AJAX')) { include ("general/noaccess.php"); exit; } else { return; } } if (defined ('AJAX')) { $upload_file = (bool) get_parameter("upload_file"); if ($upload_file) { $result = array(); $result["status"] = false; $result["message"] = ""; $result["id_attachment"] = 0;
$section_write_permission = check_crm_acl('company', 'cw'); $section_manage_permission = check_crm_acl('company', 'cm'); if (!$section_read_permission && !$section_write_permission && !$section_manage_permission) { audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to contacts without permission"); include "general/noaccess.php"; exit; } if ($id || $id_company) { if ($id) { $id_company = get_db_value('id_company', 'tcompany_contact', 'id', $id); } $read_permission = check_crm_acl('other', 'cr', $config['id_user'], $id_company); $write_permission = check_crm_acl('other', 'cw', $config['id_user'], $id_company); $manage_permission = check_crm_acl('other', 'cm', $config['id_user'], $id_company); if (!$read_permission && !$write_permission && !$manage_permission || $id_company === false) { audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access a contact without permission"); include "general/noaccess.php"; exit; } } $op = get_parameter("op", "details"); if ($id == 0) { echo "<h1>" . __('Contact management') . "</h1>"; } if ($id != 0) { echo '<ul style="height: 30px;" class="ui-tabs-nav">'; if ($op == "files") { echo '<li class="ui-tabs-selected">'; } else { echo '<li class="ui-tabs">'; }
$id = (int) get_parameter ('id'); $clean_output = get_parameter('clean_output'); if (! $id) { require ("general/noaccess.php"); exit; } $incident = get_db_row ('tincidencia', 'id_incidencia', $id); //user with IR and incident creator see the information $check_acl = enterprise_hook("incidents_check_incident_acl", array($incident)); $standalone_check = enterprise_hook("manage_standalone", array($incident)); if (($check_acl !== ENTERPRISE_NOT_HOOK && !$check_acl) || ($standalone_check !== ENTERPRISE_NOT_HOOK && !$standalone_check)) { audit_db ($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation","Trying to access to ticket #".$id); include ("general/noaccess.php"); exit; } //Clean output we need to print incident title header :) if ($clean_output) { echo '<h1 class="ticket_clean_report_title">'.__("Statistics")."</h1>"; } $fields = array(SECONDS_1DAY => "1 day", SECONDS_2DAY => "2 days", SECONDS_1WEEK => "1 week", SECONDS_2WEEK => "2 weeks", SECONDS_1MONTH => "1 month");
if ($result === false) { echo '<h3 class="error">' . __('There was a problem modifying group') . '</h3>'; } else { audit_db($config["id_user"], $config["REMOTE_ADDR"], "Group management", "Modified group now called '{$name}'"); echo '<h3 class="suc">' . __('Successfully updated') . '</h3>'; } } // Delete group if ($delete_group) { $name = get_db_sql("SELECT nombre FROM tgrupo WHERE id_grupo = {$id}"); $sql = sprintf('DELETE FROM tgrupo WHERE id_grupo = %d', $id); $result = process_sql($sql); if ($result === false) { echo '<h3 class="error">' . __('There was a problem deleting group') . '</h3>'; } else { audit_db($config["id_user"], $config["REMOTE_ADDR"], "Group management", "Deleted group '{$name}'"); echo '<h3 class="suc">' . __('Successfully deleted') . '</h3>'; } } $offset = get_parameter("offset", 0); $search_text = get_parameter("search_text", ""); echo "<table class='search-table' style='width: 99%;'><form name='bskd' method=post action='index.php?sec=users&sec2=godmode/grupos/lista_grupos'>"; echo "<td>"; echo "<b>" . __('Search text') . "</b> "; print_input_text("search_text", $search_text, '', 40, 0, false); echo "</td>"; echo "<td>"; print_submit_button(__('Search'), '', false, 'class="sub next"', false, false); echo "</td>"; echo "</table></form>"; $groups = get_db_all_rows_sql("SELECT * FROM tgrupo WHERE nombre LIKE '%{$search_text}%' ORDER BY nombre");
// INTEGRIA - the ITIL Management System // http://integria.sourceforge.net // ================================================== // Copyright (c) 2008 Ártica Soluciones Tecnológicas // http://www.artica.es <*****@*****.**> // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License // as published by the Free Software Foundation; version 2 // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. global $config; check_login(); if (!give_acl($config["id_user"], 0, "IM")) { audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access company section"); require "general/noaccess.php"; exit; } $id_incident_type = (int) get_parameter('id'); $add_field = (int) get_parameter('add_field'); $update_field = (int) get_parameter('update_field'); $id_field = (int) get_parameter('id_field'); $label = ''; $type = 'text'; $combo_value = ''; $linked_value = ''; $parent = ''; $show_in_list = false; $global_field = false; $add_linked_value = '';
if ($report === false) return; $name = $report['name']; $sql = $report['sql']; $id_group = $report['id_group']; $user_in_group = get_db_value_filter('id_grupo', 'tusuario_perfil', array('id_usuario'=>$config['id_user'],'id_grupo'=>$id_group)); if ($id_group == 1) { $user_in_group = 1; } } if ((!dame_admin ($config['id_user'])) && ($user_in_group == false)) { // Doesn't have access to this page audit_db ($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access inventory reports"); include ("general/noaccess.php"); return; } $result_msg = ''; if ($create) { $values['name'] = (string) get_parameter ('name'); $values['sql'] = (string) get_parameter ('sql'); $values['id_group'] = get_parameter('id_group', 0); $result = false; if (! empty ($values['name'])) $result = process_sql_insert ('tinventory_reports', $values); if ($result) {
// INTEGRIA - the ITIL Management System // http://integria.sourceforge.net // ================================================== // Copyright (c) 2008 Ártica Soluciones Tecnológicas // http://www.artica.es <*****@*****.**> // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License // as published by the Free Software Foundation; version 2 // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. global $config; check_login(); if (!give_acl($config["id_user"], 0, "PM")) { audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access external table management"); require "general/noaccess.php"; exit; } $external_table = get_parameter('external_table'); $id_object_type = get_parameter('id'); $delete_row = get_parameter('delete_row', 0); $update_row = get_parameter('update_row', 0); $add_row = get_parameter('add_row', 0); //add new line to enter data $insert_row = get_parameter('insert_row', 0); if ($delete_row) { $key = get_parameter('key'); $key_value = get_parameter('key_value'); $result = process_sql_delete($external_table, array($key => $key_value)); if ($result) {
print_table($table); if ($write_permission || $manage_permission) { echo '<form method="post" action="index.php?sec=customers&sec2=operation/contacts/contact_detail&id_company=' . $id . '">'; echo '<div style="width: ' . $table->width . '; text-align: right;">'; print_submit_button(__('Create'), 'new_btn', false, 'class="sub next"'); print_input_hidden('new_contact', 1); echo '</div>'; echo '</form>'; } } elseif ($op == "invoices") { $permission = check_crm_acl('invoice', '', $config['id_user'], $id); $new_invoice = get_parameter("new_invoice", 0); $operation_invoices = get_parameter("operation_invoices", ""); $view_invoice = get_parameter("view_invoice", 0); if (!$permission && !$manage_permission and $operation_invoices != "add_invoice") { audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to an invoice"); include "general/noaccess.php"; exit; } $company_name = get_db_sql("SELECT name FROM tcompany WHERE id = {$id}"); if ($operation_invoices != "" or $new_invoice != 0 or $view_invoice != 0) { $id_invoice = get_parameter("id_invoice", -1); if ($id_invoice) { $is_locked = crm_is_invoice_locked($id_invoice); $lock_permission = crm_check_lock_permission($config["id_user"], $id_invoice); } if ($new_invoice == 0 && $is_locked) { $locked_id_user = crm_get_invoice_locked_id_user($id_invoice); // Show an only readable invoice echo "<h3>" . __("Invoice #") . $id_invoice; echo ' (' . __('Locked by ') . $locked_id_user . ')';
WHERE id = %d', $timestamp, $duration, $description, $have_cost, $id_profile, $public, $wu_user, $work_home, $id_workunit); $result = process_sql ($sql); if ($id_task !=0) { // Old old association process_sql ("DELETE FROM tworkunit_task WHERE id_workunit = $id_workunit"); // Create new one $sql = sprintf ('INSERT INTO tworkunit_task (id_task, id_workunit) VALUES (%d, %d)', $id_task, $id_workunit); $result = process_sql ($sql, 'insert_id'); } $result_output = ui_print_success_message (__('Workunit updated'), '', true, 'h3', true); audit_db ($config["id_user"], $config["REMOTE_ADDR"], "PWU", "Updated PWU. $description"); if ($result !== false) { set_task_completion ($id_task); } } $multiple_wu_report = array(); if ($operation == 'multiple_wu_insert') { //Walk post array looking for $i = 1; while(true) { if (!get_parameter("start_date_".$i)) {
// INTEGRIA - the ITIL Management System // http://integria.sourceforge.net // ================================================== // Copyright (c) 2008 Ártica Soluciones Tecnológicas // http://www.artica.es <*****@*****.**> // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License // as published by the Free Software Foundation; version 2 // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. global $config; check_login(); if (give_acl($config["id_user"], 0, "FM") == 0) { audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access log viewer"); require "general/noaccess.php"; exit; } $file_name = $config["homedir"] . "/integria.log"; $delete = get_parameter("delete", 0); if ($delete == 1) { if (file_exists($file_name)) { unlink($file_name); } } echo "<h1>" . __("Error log") . "</h1>"; if (!file_exists($file_name)) { echo "<div class='under_tabs_info'>" . __("Cannot find file") . "(" . $file_name . ")</div>"; } else { $filesize = filesize($file_name);
// if delete $id = (int) get_parameter('id'); $name = get_db_value('name', 'tnewsletter', 'id', $id); $id_group = get_db_value('id_group', 'tnewsletter', 'id', $id); if (!$manager) { audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to delete a company without privileges"); require "general/noaccess.php"; exit; } $sql = sprintf('DELETE FROM tnewsletter WHERE id = %d', $id); process_sql($sql); $sql = sprintf('DELETE FROM tnewsletter_tracking WHERE id_newsletter = %d', $id); process_sql($sql); $sql = sprintf('DELETE FROM tnewsletter_queue_data WHERE id_newsletter = %d', $id); process_sql($sql); audit_db($config["id_user"], $config["REMOTE_ADDR"], "Newsletter Management", "Deleted newsletter {$name}"); echo "<h3 class='suc'>" . __('Successfully deleted') . "</h3>"; $id = 0; } // General newsletter listing echo "<h2>" . __('Newsletter management') . "</h2>"; echo "<br>"; $search_text = (string) get_parameter('search_text'); $where_clause = "WHERE 1=1 "; if ($search_text != "") { $where_clause .= sprintf('AND name LIKE "%%%s%%"', $search_text); } $table->width = '90%'; $table->class = 'search-table'; $table->style = array(); $table->style[0] = 'font-weight: bold;';
// Integria can override localtime zone by a user-specified timezone. $timestamp = print_mysql_timestamp(); $sql = sprintf('INSERT INTO tincidencia (inicio, actualizacion, titulo, descripcion, id_usuario, estado, prioridad, id_grupo, id_creator, notify_email, id_task, resolution, id_incident_type, sla_disabled, email_copy, epilog) VALUES ("%s", "%s", "%s", "%s", "%s", %d, %d, %d, "%s", %d, %d, %d, %d, %d, "%s", "%s")', $timestamp, $timestamp, $title, $description, $id_user_responsible, $estado, $priority, $group_id, $id_creator, $email_notify, $id_task, $resolution, $id_incident_type, $sla_disabled, $email_copy, $epilog); $id = process_sql($sql, 'insert_id'); if ($id !== false) { /* Update inventory objects in incident */ update_incident_inventories($id, array($id_inventory)); $result_msg = ui_print_success_message(__('Successfully created') . ' (id #' . $id . ')', '', true); $result_msg .= '<h4><a href="index.php?sec=incidents&sec2=operation/incidents_simple/incident&id=' . $id . '">' . __('Please click here to continue working with ticket #') . $id . "</a></h4>"; audit_db($config["id_user"], $config["REMOTE_ADDR"], "Ticket created", "User " . $config['id_user'] . " created ticket #" . $id); incident_tracking($id, INCIDENT_CREATED); //Add traces and statistic information incidents_set_tracking($id, 'create', $priority, $estado, $resolution, $id_user_responsible, $group_id); // Email notify to all people involved in this incident if ($email_notify) { mail_incident($id, $id_user_responsible, "", 0, 1); } //insert data to incident type fields if ($id_incident_type > 0) { $sql_label = "SELECT `label` FROM `tincident_type_field` WHERE id_incident_type = {$id_incident_type}"; $labels = get_db_all_rows_sql($sql_label); if ($labels === false) { $labels = array(); } foreach ($labels as $label) {
if ($id_project) { $project_access = get_project_access($config['id_user'], $id_project); } // ACL - To access to this section, the required permission is PR if (!$section_access['read']) { audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to project detail section"); no_permission(); } // ACL - If creating, the required permission is PW if ($create_project && !$section_access['write']) { audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to create a project"); no_permission(); } // ACL - To view an existing project, belong to it is required if ($id_project && !$project_access['read']) { audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to view a project"); no_permission(); } // Edition / View mode if ($id_project) { $project = get_db_row('tproject', 'id', $id_project); $name = $project["name"]; $description = $project["description"]; $start_date = $project["start"]; $end_date = $project["end"]; $owner = $project["id_owner"]; $id_project_group = $project["id_project_group"]; } // Main project table echo "<h1>" . __('Project report') . " » " . get_db_value("name", "tproject", "id", $id_project); if (!$clean_output) {
function api_add_address_to_newsletter($return_type, $user, $params) { global $config; if (!give_acl($user, 0, "CN")) { audit_db($user, $config["REMOTE_ADDR"], "ACL Violation", "Trying to access newsletter management"); exit; } $values['id_newsletter'] = $params[0]; $values['name'] = $params[1]; $values['email'] = $params[2]; $values['status'] = 0; $values['datetime'] = print_mysql_timestamp(); $values['validated'] = 0; $check_id_newsletter = get_db_value("id", "tnewsletter", "id", $values['id_newsletter']); $result = 0; if (!empty($check_id_newsletter)) { $result = process_sql_insert('tnewsletter_address', $values); } switch ($return_type) { case "xml": echo xml_node($result); break; case "csv": echo $result; break; } return; }
function project_tree($id_project, $id_user) { include "../include/config.php"; $config["id_user"] = $id_user; if (user_belong_project($id_user, $id_project) == 0) { audit_db($id_user, $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to task manager of unauthorized project"); include $config["homedir"] . "/general/noaccess.php"; exit; } if ($id_project != -1) { $project_name = get_db_value("name", "tproject", "id", $id_project); } else { $project_name = ""; } $dotfilename = $config["homedir"] . "/attachment/tmp/{$id_user}.dot"; $pngfilename = $config["homedir"] . "/attachment/tmp/{$id_user}.project.png"; $dotfile = fopen($dotfilename, "w"); $total_task = 0; $sql2 = "SELECT * FROM ttask WHERE id_project = {$id_project}"; if ($result2 = mysql_query($sql2)) { while ($row2 = mysql_fetch_array($result2)) { if (user_belong_task($id_user, $row2["id"]) == 1) { $task[$total_task] = $row2["id"]; $task_name[$total_task] = $row2["name"]; $task_parent[$total_task] = $row2["id_parent_task"]; $task_workunit[$total_task] = get_task_workunit_hours($row2["id"]); $total_task++; } } } fwrite($dotfile, "digraph Integria {\n"); fwrite($dotfile, "\t ranksep=2.0;\n"); fwrite($dotfile, "\t ratio=auto;\n"); fwrite($dotfile, "\t size=\"9,12\";\n"); fwrite($dotfile, "\t node[fontsize=" . $config['fontsize'] . "];\n"); fwrite($dotfile, ' project [label="' . wordwrap($project_name, 12, '\\n') . '",shape="ellipse", style="filled", color="grey"];' . "\n"); for ($ax = 0; $ax < $total_task; $ax++) { fwrite($dotfile, 'TASK' . $task[$ax] . ' [label="' . wordwrap($task_name[$ax], 12, '\\n') . '"];'); fwrite($dotfile, "\n"); } // Make project first parent task relation visible for ($ax = 0; $ax < $total_task; $ax++) { if ($task_parent[$ax] == 0) { fwrite($dotfile, 'project -> TASK' . $task[$ax] . ';'); fwrite($dotfile, "\n"); } } // Make task-subtask parent task relation visible for ($ax = 0; $ax < $total_task; $ax++) { if ($task_parent[$ax] != 0) { fwrite($dotfile, 'TASK' . $task_parent[$ax] . ' -> TASK' . $task[$ax] . ';'); fwrite($dotfile, "\n"); } } fwrite($dotfile, "}"); fwrite($dotfile, "\n"); // exec ("twopi -Tpng $dotfilename -o $pngfilename"); exec("twopi -Tpng {$dotfilename} -o {$pngfilename}"); Header('Content-type: image/png'); $imgPng = imageCreateFromPng($pngfilename); imageAlphaBlending($imgPng, true); imageSaveAlpha($imgPng, true); imagePng($imgPng); //unlink ($pngfilename); //unlink ($dotfilename); }
// Update if ($update_object) { $name = (string) get_parameter("name"); $icon = (string) get_parameter("icon"); $min_stock = (int) get_parameter("min_stock"); $description = (string) get_parameter("description"); $show_in_list = (int) get_parameter("show_in_list"); $sql = sprintf('UPDATE tobject_type SET name = "%s", icon = "%s", min_stock = %d, description = "%s", show_in_list = %d WHERE id = %s', $name, $icon, $min_stock, $description, $show_in_list, $id); $result = process_sql($sql); if (!$result) { echo "<h3 class='error'>" . __('Could not be updated') . "</h3>"; } else { echo "<h3 class='suc'>" . __('Successfully updated') . "</h3>"; //insert_event ("PRODUCT UPDATED", $id, 0, $name); audit_db($config["id_user"], $config["REMOTE_ADDR"], "Inventory Management", "Updated object {$id} - {$name}"); } } // Delete if ($delete_object) { // Move parent who has this product to 0 $sql = sprintf('DELETE FROM tobject_type_field WHERE id_object_type = %d', $id); process_sql($sql); $sql = sprintf('DELETE FROM tobject_type WHERE id = %d', $id); $result = process_sql($sql); if ($result) { echo '<h3 class="suc">' . __("Successfully deleted") . '</h3>'; } else { echo '<h3 class="error">' . __("Could not be deleted") . '</h3>'; } $id = 0;
$id = 0; $fullname = (string) get_parameter ('fullname'); $phone = (string) get_parameter ('phone'); $mobile = (string) get_parameter ('mobile'); $email = (string) get_parameter ('email'); $position = (string) get_parameter ('position'); $id_company = (int) get_parameter ('id_company'); $disabled = (int) get_parameter ('disabled'); $description = (string) get_parameter ('description'); $id_contract = (int) get_parameter ('id_contract'); if ($id_contract) { $id_company = (int) get_db_value ('id_company', 'tcontract', 'id', $id_contract); } } else { if (!$read_permission) { audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation","Trying to access a contact in a group without access"); require ("general/noaccess.php"); exit; } $contact = get_db_row ("tcompany_contact", "id", $id); $fullname = $contact['fullname']; $phone = $contact['phone']; $mobile = $contact['mobile']; $email = $contact['email']; $position = $contact['position']; $id_company = $contact['id_company']; $disabled = $contact['disabled']; $description = $contact['description']; } $table = new stdClass();
echo "<li class='nomn'>"; echo "<a href='index.php?sec=incidents&sec2=operation/incidents/incident_files&id={$id_inc}'><img src='images/disk.png' class='top' border=0> " . __('Files') . " ({$file_number}) </a>"; echo "</li>"; } // Notes $note_number = dame_numero_notas($id_inc); if ($note_number > 0) { echo "<li class='nomn'>"; echo "<a href='index.php?sec=incidents&sec2=operation/incidents/incident_notes&id={$id_inc}'><img src='images/note.png' class='top' border=0> " . __('Notes') . " ({$note_number}) </a>"; echo "</li>"; } echo "</ul>"; echo "</div>"; echo "<div style='height: 25px'> </div>"; } else { audit_db($id_user, $REMOTE_ADDR, "ACL Violation", "Trying to access to ticket " . $id_inc . " '" . $titulo . "'"); include "general/noaccess.php"; exit; } // ******************************************************************** // Notes // ******************************************************************** echo $result_msg; echo "<br>"; $title = __('Notes attached to ticket') . " #{$id_inc} '" . get_incident_title($id_inc) . "'"; echo "<h3>{$title}</h3>"; $sql4 = 'SELECT * FROM tworkunit_incident WHERE id_incident = ' . $id_inc . ' ORDER BY id_workunit ASC'; if ($res4 = mysql_query($sql4)) { while ($row4 = mysql_fetch_array($res4)) { $sql3 = 'SELECT * FROM tworkunit WHERE id = ' . $row4["id_workunit"]; $res3 = mysql_query($sql3);
$start = get_parameter('start_date2', date("Y-m-d")); $end = get_parameter('end_date2', date("Y-m-d")); $owner = get_parameter('dueno'); if ($parent) { $project_access = get_project_access($config["id_user"], $id_project); if (!$project_access["manage"]) { $task_access = get_project_access($config["id_user"], $id_project, $parent); if (!$task_access["manage"]) { audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to create tasks in an unauthorized project"); no_permission(); } } } else { $project_access = get_project_access($config["id_user"], $id_project); if (!$project_access["manage"]) { audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to create tasks in an unauthorized project"); no_permission(); } } $data_array = preg_split("/\n/", $tasklist); foreach ($data_array as $data_item) { $data = trim($data_item); if ($data != "") { $sql = sprintf('INSERT INTO ttask (id_project, name, id_parent_task, start, end) VALUES (%d, "%s", %d, "%s", "%s")', $id_project, safe_input($data), $parent, $start, $end); $id_task = process_sql($sql, 'insert_id'); if ($id_task) { $sql = sprintf("SELECT id_role FROM trole_people_project\n\t\t\t\t\t\t\t\t\tWHERE id_project = %d AND id_user = '******'", $id_project, $owner); $id_role = process_sql($sql); $role = $id_role[0]['id_role']; $sql = sprintf('INSERT INTO trole_people_task (id_user, id_role, id_task)
$id_user_show = get_parameter ("id_user", $config["id_user"]); if (($id_user_show != $config["id_user"]) AND (!give_acl($config["id_user"], 0, "PM"))){ // Doesn't have access to this page audit_db($id_user, $config["REMOTE_ADDR"], "ACL Violation","Trying to access to another user yearly report without proper rights"); include ("general/noaccess.php"); exit; } // Extended ACL check for project manager // TODO - Move to enteprrise, encapsulate in a general function $users = get_user_visible_users(); if (($id_user_show == "") || (($id_user_show != $config["id_user"]) && !in_array($id_user_show, array_keys($users)))) { audit_db("Noauth", $config["REMOTE_ADDR"], "No permission access", "Trying to access user workunit report"); require ("general/noaccess.php"); exit; } echo "<h2>".__('Annual report')."</h2>"; echo "<h4>".__('For user').": ". $id_user_show; echo "<div id='button-bar-title'><ul>"; if ($clean_output == 0) { // link full screen if ($pure) { $html_report_image = print_html_report_image ("index.php?sec=users&sec2=operation/user_report/report_annual&id_user=$id_user_show&year=$year", __("Full screen"), "", array("pure" => 0)); }
exit; } $id_owner = get_db_value ('id_owner', 'tproject', 'id', $id_project); $sql = sprintf ('UPDATE tproject SET disabled = 0 WHERE id = %d', $id_project); process_sql ($sql); echo ui_print_success_message (__('Successfully reactivated'), '', true, 'h3', true); audit_db ($config['id_user'], $REMOTE_ADDR, "Project activated", "User ".$config['id_user']." activated project #".$id_project); project_tracking ($id_project, PROJECT_ACTIVATED); } // Delete if ($delete_project) { if (!$project_permission['manage']) { audit_db ($config['id_user'], $REMOTE_ADDR, "ACL Forbidden", "User ".$config['id_user']." try to delete project #$id_project"); require ("general/noaccess.php"); exit; } $id_owner = get_db_value ('id_owner', 'tproject', 'id', $id_project); delete_project ($id_project); echo ui_print_success_message (__('Successfully deleted'), '', true, 'h3', true); } if ($view_disabled) { echo '<h2>'.__('Projects').'</h2>'; echo '<h4>'.__('Archived projects'); echo integria_help ("archieved_projects", true); echo '</h4>'; }
// Integria 4.2 - http://integria.sourceforge.net // ================================================== // Copyright (c) 2007-2008 Sancho Lerena, slerena@gmail.com // Copyright (c) 2007-2008 Artica Soluciones Tecnologicas // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License // as published by the Free Software Foundation; version 2 // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. global $config; check_login(); require_once 'include/functions_tags.php'; if (!dame_admin($config["id_user"])) { audit_db("ACL Violation", $config["REMOTE_ADDR"], "No administrator access", "Trying to access setup"); require "general/noaccess.php"; exit; } echo "<h1>" . __("Tags management") . "</h1>"; // Tag info $id = (int) get_parameter('id'); $name = (string) get_parameter('name'); $colour = (string) get_parameter('colour'); // Actions $action = (string) get_parameter('action'); $create = $action === 'create'; $update = $action === 'update'; $delete = $action === 'delete'; if ($create || $update || $delete) { $crud_operation = array();
$incident = get_db_row_sql('SELECT titulo, descripcion, epilog FROM tincidencia WHERE id_incidencia = ' . $id_incident); if ($incident !== false) { $title = $incident['titulo']; $data = $incident['descripcion'] . "\n\n" . $incident['epilog']; } } } else { $id = get_parameter("update", -1); $row = get_db_row("tkb_data", "id", $id); $data = $row["data"]; $title = $row["title"]; $id_product = $row["id_product"]; $id_language = $row["id_language"]; $id_category = $row["id_category"]; if ($id != -1 && !check_kb_item_accessibility($id_user, $id)) { audit_db($id_user, $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to KB forbidden item"); require "general/noaccess.php"; exit; } } echo "<h2>" . __('KB Data management') . "</h2>"; if ($id == -1) { echo "<h3>" . __('Create a new KB item') . "</a></h3>"; echo "<form id='form-kb_item' name=prodman method='post' action='index.php?sec=kb&sec2=operation/kb/manage_data&create2'>"; } else { echo "<h3>" . __('Update existing KB item') . "</a></h3>"; echo "<form id='form-kb_item' enctype='multipart/form-data' name=prodman2 method='post' action='index.php?sec=kb&sec2=operation/kb/manage_data&update2'>"; echo "<input id='id_kb_item' type=hidden name=id value='{$id}'>"; } echo '<table width="90%" class="databox">'; echo "<tr>";
global $config; check_login (); // Get parameters $id_project = get_parameter ('id_project'); $id_task = get_parameter ('id_task', -1); $project_manager = get_db_value ('id_owner', 'tproject', 'id', $id_project); $operation = (string) get_parameter ('operation'); $title = get_parameter ("title", ""); $description = get_parameter ("description", ""); // ACL $task_permission = get_project_access ($config["id_user"], $id_project, $id_task, false, true); if (!$task_permission["manage"]) { audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to task email report without permission"); no_permission(); } if ($operation == "generate_email") { $task_participants = get_db_all_rows_sql ("SELECT direccion, nombre_real FROM tusuario, trole_people_task WHERE tusuario.id_usuario = trole_people_task.id_user AND trole_people_task.id_task = $id_task"); $participants =""; foreach ($task_participants as $participant){ $participant["direccion"]; $text = ascii_output ($description); $subject = ascii_output ($title); integria_sendmail ($participant["direccion"], $subject, $text); } echo ui_print_success_message (__("Operation successfully completed"), '', true, 'h3', true); }
echo ui_print_error_message (__('Could not be updated'), '', true, 'h3', true); else { echo ui_print_success_message (__('Successfully updated'), '', true, 'h3', true); audit_db ($config["id_user"], $config["REMOTE_ADDR"], "SLA Modified", "Updated SLA ($name)", $sql); } $id = 0; } // DELETE // ================== if ($delete_sla) { $name = get_db_value ('name', 'tsla', 'id', $id); $sql = sprintf ('DELETE FROM tsla WHERE id = %d', $id); $result = process_sql ($sql); audit_db ($config["id_user"], $config["REMOTE_ADDR"], "SLA Deleted", "Delete SLA ($name)", $sql); echo ui_print_success_message (__("Successfully deleted"), '', true, 'h3', true); $id = 0; } // FORM (Update / Create) if ($id || $new_sla) { if ($new_sla) { $name = ""; $description = ""; $min_response = 48.0; $max_response = 480.0; $max_incidents = 10; $max_inactivity = 96.0; $id_sla_base = 0; $enforced = 1;
// ======================================================== // Copyright (c) 2004-2007 Sancho Lerena, slerena@gmail.com // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License // as published by the Free Software Foundation version 2 // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. // Load global vars global $config; if (check_login() != 0) { audit_db("Noauth", $config["REMOTE_ADDR"], "No authenticated access", "Trying to access ticket viewer"); require "general/noaccess.php"; exit; } $id_nota = get_parameter("id", 0); $id_incident = get_parameter("id_inc", 0); // ******************************************************************** // Note detail of $id_note // ******************************************************************** $sql4 = 'SELECT * FROM tnota WHERE id_nota = ' . $id_nota; $res4 = mysql_query($sql4); if ($row3 = mysql_fetch_array($res4)) { echo "<div class='notetitle'>"; // titulo $timestamp = $row3["timestamp"]; $nota = $row3["nota"];
SET description = "%s", name = "%s" WHERE id = %d', $description, $name, $id); $result = process_sql($sql); if ($result === false) { echo '<h3 class="error">' . __('Building cannot be updated') . '</h3>'; } else { echo '<h3 class="suc">' . __('Successfully updated') . '</h3>'; audit_db($config["id_user"], $config["REMOTE_ADDR"], "Building", "Updated building {$id} - {$name}"); } $id = 0; } // DELETE if ($delete_building) { $name = get_db_value('name', 'tbuilding', 'id', $id); $sql = sprintf('DELETE FROM tbuilding WHERE id = %d', $id); process_sql($sql); audit_db($config["id_user"], $config["REMOTE_ADDR"], "Building", "Deleted building {$id} - {$name}"); echo '<h3 class="suc">' . __('Successfully deleted') . '</h3>'; $id = 0; } echo '<h2>' . __('Building management') . '</h2>'; // FORM (Update / Create) if ($id || $new_building) { if ($new_building) { $id = 0; $name = ""; $description = ""; } else { $building = get_db_row('tbuilding', 'id', $id); $name = $building['name']; $description = $building['description']; }
// as published by the Free Software Foundation; version 2 // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. global $config; check_login(); if (!$id) { audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to a lead forward"); include "general/noaccess.php"; exit; } $write_permission = check_crm_acl('lead', 'cw', $config['id_user'], $id); $manage_permission = check_crm_acl('lead', 'cm', $config['id_user'], $id); if (!$write_permission && !$manage_permission) { audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to a lead forward"); include "general/noaccess.php"; exit; } $lead = get_db_row('tlead', 'id', $id); $user = get_db_row("tusuario", "id_usuario", $config["id_user"]); $company_user = get_db_sql("select name FROM tcompany where id = " . $user["id_company"]); $from = get_parameter("from", $user["direccion"]); $to = get_parameter("to", ""); $subject = get_parameter("subject", ""); $mail = get_parameter("mail", ""); $send = (int) get_parameter("send", 0); $cco = get_parameter("cco", ""); // Send mail if ($send) { if ($subject != "" and $from != "" and $to != "") {
private function showNoPermission() { $system = System::getInstance(); audit_db($system->getConfig('id_user'), $REMOTE_ADDR, "ACL Violation", "Trying to access to workorder section"); $error['title_text'] = __('You don\'t have access to this page'); $error['content_text'] = __('Access to this page is restricted to authorized users only, please contact to system administrator if you need assistance. <br><br>Please know that all attempts to access this page are recorded in security logs of Integria System Database'); $home = new Home(); $home->show($error); }