function login_user($user, $password)
{
global $DBConn;
$sql = "SELECT * FROM user WHERE EMail = '" . $user . "' AND Disabled_User = 0 AND Password = '******'";
$query = mysqli_query($DBConn, $sql);
if (mysqli_num_rows($query) > 0) {
$result = mysqli_fetch_assoc($query);
auditit(0, 0, $result['EMail'], 'Login');
return array('session_identifier' => md5($result['EMail'] . $result['Password']), 'ID' => $result['ID'], 'Email' => $result['EMail'], 'Friendly_Name' => $result['Friendly_Name']);
} else {
//fudge the old password handling
$sql = "SELECT * FROM user WHERE email = '" . $user . "' AND Disabled_User = 0 AND password = '******'";
$query = mysqli_query($DBConn, $sql);
// a valid old password
if (mysqli_num_rows($query) > 0) {
$result = mysqli_fetch_assoc($query);
// update to the new one
$sqlu = "Update user SET Password='******' WHERE email = '" . $user . "'";
$query = mysqli_query($DBConn, $sqlu);
} else {
auditit(0, 0, $user, 'Unsuccessful Login');
return false;
}
}
}
<?php
include 'include/header.inc.php';
$showForm = true;
if ($_REQUEST['reset']) {
if (readonly($_REQUEST['PID']) == 0) {
$sql = 'delete from tags where Project_ID=' . $_REQUEST['PID'];
$tags_Res = mysqli_query($DBConn, $sql);
$sql = "insert into tags (Project_ID, tags.Desc) select Project_ID, GROUP_CONCAT(distinct(Tags) SEPARATOR ',') as Tags from story where length(Tags)> 0 and Project_ID=" . $_REQUEST['PID'] . " group by Project_ID";
$tags_Res = mysqli_query($DBConn, $sql);
$sql = 'select * from tags where Project_ID=' . $_REQUEST['PID'];
$tags_Res = mysqli_query($DBConn, $sql);
$tags_Row = mysqli_fetch_assoc($tags_Res);
$newTags = implode(",", array_unique(explode(",", $tags_Row['Desc'])));
$sql = 'UPDATE tags SET tags.Desc="' . $newTags . '" where tags.Project_ID=' . $_REQUEST['PID'];
$tags_Res = mysqli_query($DBConn, $sql);
$showForm = false;
auditit($_REQUEST['PID'], 0, $_SESSION['Email'], 'Clear Unused Tags', '', '');
}
}
if ($_REQUEST['noreset']) {
$showForm = false;
$resetd = false;
header('Location:project_Summary.php?PID=' . $_REQUEST['PID']);
}
if ($showForm) {
echo '<form method="post" action="?"><p><h2>' . 'Are you sure you want to Clear unused Tags for this project?<br /></h2><p>' . '<p>' . '<input type="submit" name="reset" value="Yes, Clear"> ' . '<input type="hidden" name="PID" value="' . $_REQUEST['PID'] . '">' . '<input type="submit" name="noreset" value="No, Don\'t clear">' . '</form>';
} else {
header('Location:project_Summary.php?PID=' . $_REQUEST['PID']);
}
include 'include/footer.inc.php';
//Audit
//If we are updating
if ($sql_method === 'UPDATE') {
// for each field that appears in a story record
foreach ($orow as $key => $value) {
// that is passed in (Blocked wants some special handling)
if ($_REQUEST[$key] || $key == 'Blocked' && $orow['Blocked'] == 1) {
// and somethng has changed then log it
if ($_REQUEST[$key] !== $orow[$key]) {
echo '# n' . $key . ' ' . $_REQUEST[$key] . ' - o' . $orow[$key] . '</br>';
auditit($_REQUEST['PID'], $_REQUEST['AID'], $_SESSION['Email'], $aaction . $key, $orow[$key], $_REQUEST[$key]);
}
}
}
} else {
auditit($_REQUEST['PID'], 0, $_SESSION['Email'], $aaction, '', $_REQUEST['Summary']);
}
$showForm = false;
Update_Parent_Points($_REQUEST['AID']);
Update_Iteration_Points($_REQUEST['Iteration_ID']);
Update_Project_Tags($_REQUEST['PID'], $_REQUEST['Tags']);
if (!empty($_REQUEST['gobackto'])) {
header('Location:' . $_REQUEST['gobackto']);
} else {
header('Location:story_List.php?PID=' . $_REQUEST['PID'] . '&IID=' . $_REQUEST['IID']);
}
} else {
$error = 'The form failed to process correctly.' . mysqli_error($DBConn);
}
}
if (!empty($error)) {
<?php
require_once 'include/dbconfig.inc.php';
require_once 'include/common.php';
$user_details = check_user($_SESSION['user_identifier']);
if (!$user_details) {
exit;
}
$sql = 'UPDATE task SET task.Done=' . $_GET['DONE'] . ' WHERE task.ID=' . $_GET['TID'];
mysqli_query($DBConn, $sql);
if ($_GET['DONE'] == 0) {
$Status = 'Todo';
}
if ($_GET['DONE'] == 1) {
$Status = 'Doing';
}
if ($_GET['DONE'] == 2) {
$Status = 'Done';
}
auditit($_GET['PID'], $_GET['AID'], $_SESSION['Email'], 'Update task status', $_GET['TID'] . '-' . $_GET['desc'], $Status);
<?php
require_once 'include/dbconfig.inc.php';
require_once 'include/common.php';
$user_details = check_user($_SESSION['user_identifier']);
if (!$user_details) {
exit;
}
$sql = 'INSERT INTO task SET Story_AID="' . $_GET['AID'] . '", task.User_ID="' . $_GET['user'] . '", task.Rank="30000' . '", task.Desc="' . mysqli_real_escape_string($DBConn, $_GET['desc']) . '", Done="0' . '", Expected_Hours="' . $_GET['exph'] . '", Actual_Hours="' . $_GET['acth'] . '";';
mysqli_query($DBConn, $sql);
auditit($_GET['PID'], $_GET['AID'], $_SESSION['Email'], 'Added task', $_GET['desc'] . ' Assign to:' . Get_User($_GET['user']) . ' Expect. h:' . $_GET['exph'] . ' Act. h:' . $_GET['acth']);
}
}
}
mysqli_query($DBConn, 'DELETE FROM from upload u left Join story s on u.AID = s.AID where s.Project_ID =' . ($_REQUEST['PID'] + 0));
mysqli_query($DBConn, 'DELETE FROM story WHERE Project_ID = ' . ($_REQUEST['PID'] + 0));
mysqli_query($DBConn, 'DELETE FROM story_status WHERE Project_ID = ' . ($_REQUEST['PID'] + 0));
mysqli_query($DBConn, 'DELETE FROM story_type WHERE Project_ID = ' . ($_REQUEST['PID'] + 0));
mysqli_query($DBConn, 'DELETE FROM iteration WHERE Project_ID = ' . ($_REQUEST['PID'] + 0));
mysqli_query($DBConn, 'DELETE FROM tags WHERE Project_ID = ' . ($_REQUEST['PID'] + 0));
mysqli_query($DBConn, 'DELETE FROM user_project WHERE Project_ID = ' . ($_REQUEST['PID'] + 0));
mysqli_query($DBConn, 'DELETE FROM audit WHERE PID = ' . ($_REQUEST['PID'] + 0));
if (mysqli_query($DBConn, 'DELETE FROM project WHERE ID = ' . $_REQUEST['PID'])) {
$showForm = false;
$deleted = true;
header('Location:project_List.php');
}
} else {
if ($_REQUEST['nodelete']) {
auditit($_REQUEST['PID'], 0, $_SESSION['Email'], 'Deleted Project ', Get_Project_Name($_REQUEST['PID']));
$showForm = false;
$deleted = false;
}
}
if ($showForm) {
echo '<br>Are you sure you want to delete:<br><ul>' . '<li>points</li>' . '<li>comments</li>' . '<li>object</li>' . '<li> stories</li>' . '<li>iteration</li>' . '<li>story-status</li>' . '<li>story type and</li>' . '<li>tags</li>' . '<li>audit logs</li>' . '<li>Uploaded files</li>' . '</ul> as well as this project?<p>';
echo '<br>Users are <b>not</b> deleted<br>';
echo '<form method="post" action="?">' . 'Are you sure you want to delete this Project?<br />' . '<input type="hidden" name="PID" value="' . $_REQUEST['PID'] . '">' . '<input type="submit" name="delete" value="Yes, Delete"> ' . '<input type="submit" name="nodelete" value="No, Don\'t Delete">' . '</form>';
} else {
header('Location:project_List.php');
}
include 'include/footer.inc.php';
<?php
require_once 'include/dbconfig.inc.php';
require_once 'include/common.php';
$user_details = check_user($_SESSION['user_identifier']);
if (!$user_details) {
exit;
}
$comt = fetchusingID('Comment_Text', $_GET['id'], 'comment');
$sql = 'DELETE FROM comment WHERE ID=' . $_GET['id'];
mysqli_query($DBConn, $sql);
$cnt = mysqli_affected_rows($DBConn);
echo $cnt;
if ($cnt > 0) {
if ($_GET['type'] == 's') {
auditit($_GET['PID'], $_GET['AID'], $_SESSION['Email'], 'Deleted story Comment', $comt);
} else {
auditit($_GET['PID'], $_GET['AID'], $_SESSION['Email'], 'Deleted iteration Comment', $comt);
}
}
<?php /* include login functions */ require_once 'include/dbconfig.inc.php'; require_once 'include/common.php'; auditit(0, 0, $_SESSION['Email'], 'Logout'); session_destroy(); ?> <meta http-equiv="refresh" content="0; url=index.php"> <h1> <center> <br> Logged Out </h1>
<?php
require_once 'include/dbconfig.inc.php';
require_once 'include/common.php';
$user_details = check_user($_SESSION['user_identifier']);
if (!$user_details) {
exit;
}
//STAID= status order id for his project.
$sql = 'UPDATE story SET story.Status=(select d.Desc from story_status as d where d.Project_ID = (select project_ID from iteration where iteration.ID=' . $_GET['IID'] . ' ) and d.Order=' . $_GET['STAID'] . ') WHERE story.AID=' . $_GET['AID'];
mysqli_query($DBConn, $sql);
Update_Iteration_Points($_GET['IID']);
//this updates bot the parent points as well as the parent status
Update_Parent_Points($_GET['AID']);
auditit($_GET['PID'], $_GET['AID'], $_SESSION['Email'], 'Update Status', '', $_GET['AID']);
<?php
include 'include/header.inc.php';
if ($Usr['Admin_User'] == 1) {
$showForm = true;
} else {
$showForm = true;
}
if ($_REQUEST['delete'] && $Usr['Admin_User'] == 1) {
auditit(0, 0, $_SESSION['Email'], 'Deleted User', $_REQUEST['id'] . '-' . $_REQUEST['desc']);
if (mysqli_query($DBConn, 'DELETE FROM user WHERE ID = ' . ($_REQUEST['id'] + 0))) {
$showForm = false;
$deleted = true;
}
} else {
if ($_REQUEST['nodelete']) {
$showForm = false;
$deleted = false;
}
}
if ($showForm) {
echo '<form method="post" action="?">' . '<p>Are you sure you want to delete this User?<p>' . $_REQUEST['id'] . ' - ' . $_REQUEST['desc'] . '<p>' . '<input type="hidden" name="id" value="' . $_REQUEST['id'] . '">' . '<input type="hidden" name="desc" value="' . $_REQUEST['desc'] . '">' . '<input type="submit" name="delete" value="Yes, Delete"> ' . '<input type="submit" name="nodelete" value="No, Don\'t Delete">' . '</form>';
} else {
header('Location:user_List.php');
}
include 'include/footer.inc.php';
<?php
require_once 'include/dbconfig.inc.php';
require_once 'include/common.php';
$user_details = check_user($_SESSION['user_identifier']);
if (!$user_details) {
exit;
}
foreach ($_GET['story'] as $key => $value) {
$key = ($key + 1) * 10;
$sql = 'UPDATE story SET story.Iteration_Rank=' . $key . ' WHERE story.AID=' . $value;
mysqli_query($DBConn, $sql);
}
if ($_GET[rank] === 'i') {
$act = 'Increased Rank';
} else {
$act = 'Decreased Rank';
}
auditit($_GET['PID'], $_GET['AID'], $_SESSION['Email'], $act);
<?php
require_once 'include/dbconfig.inc.php';
require_once 'include/common.php';
$user_details = check_user($_SESSION['user_identifier']);
if (!$user_details) {
exit;
}
$sql = 'DELETE FROM task WHERE task.ID=' . $_GET['id'];
mysqli_query($DBConn, $sql);
auditit($_GET['PID'], $_GET['AID'], $_SESSION['Email'], 'Deleted task', $_GET['id'] . '-' . $_GET['desc']);
// Check valid filetypes
$pos = strrpos($validfiletypes, $fileType . ',');
if ($pos === false) {
// note: three equal signs
$valid_file = false;
$message = 'Bad File type.';
} else {
$valid_file = true;
}
if ($_FILES['file']['size'] > 2097152) {
$valid_file = false;
$message = 'Oops! Your file size is to large.';
}
//if the file has passed the tests
if ($valid_file) {
//move it to where we want it to be
move_uploaded_file($_FILES['file']['tmp_name'], getcwd() . '/upload/' . $new_file_name . '.' . $fileType);
$fileSize = $_FILES['file']['size'];
$query = "INSERT INTO upload (upload.AID, upload.Name, upload.Desc, upload.Size, upload.Type ) " . "VALUES (" . $_REQUEST['AID'] . ", UNHEX('" . $new_file_name . "'),'" . $_FILES['file']['name'] . "', " . $fileSize . ", '" . $fileType . "')";
mysqli_query($DBConn, $query);
$message = '';
auditit($_REQUEST['PID'], $_REQUEST['AID'], $_SESSION['Email'], 'Uploaded File', $_FILES['file']['name'], $new_file_name);
} else {
$message = 'Invalid file.';
}
} else {
//set that to be the returned message
$message = 'Ooops! Your upload triggered the following error: ' . $_FILES['file']['error'];
}
}
echo $message;
if (empty($_REQUEST['id'])) {
$sql_method = 'INSERT INTO';
$button_name = 'Add';
$whereClause = '';
} else {
$sql_method = 'UPDATE';
$button_name = 'Save';
$whereClause = 'WHERE ID = ' . ($_REQUEST['id'] + 0);
}
if (mysqli_query($DBConn, "{$sql_method} story_status SET\n \t\t\tProject_ID = '" . $_REQUEST['PID'] . "',\n\t\t\tstory_status.Desc = '" . $_REQUEST['Desc'] . "',\n\t\t\tstory_status.Policy = '" . $_REQUEST['Policy'] . "',\n\t\t\tstory_status.Order = '" . $_REQUEST['Order'] . "',\n\t\t\tRGB = '" . $_REQUEST['RGB'] . "' {$whereClause}")) {
$sql = 'Update story set story.Status="' . $_REQUEST['Desc'] . '" where story.Project_ID=' . $_REQUEST['PID'] . ' and story.Status="' . $_REQUEST['ODesc'] . '"';
mysqli_query($DBConn, $sql);
$sql = 'Update points_log set points_log.Status="' . $_REQUEST['Desc'] . '" where points_log.Project_ID=' . $_REQUEST['PID'] . ' and points_log.Status="' . $_REQUEST['ODesc'] . '"';
mysqli_query($DBConn, $sql);
$showForm = false;
auditit($_REQUEST['PID'], 0, $_SESSION['Email'], 'Update Project Story Status', '', $_REQUEST['Desc'] . '-' . $_REQUEST['Policy'] . '-' . $_REQUEST['RGB']);
} else {
$error = 'The form failed to process correctly.' . mysqli_error();
}
}
if (!empty($error)) {
echo '<div class="error">' . $error . '</div>';
}
if ($showForm) {
if (!empty($_REQUEST['id'])) {
$storyStatus_Res = mysqli_query($DBConn, 'SELECT * FROM story_status WHERE ID = ' . $_REQUEST['id']);
$storyStatus_Row = mysqli_fetch_assoc($storyStatus_Res);
} else {
$storyStatus_Row = $_REQUEST;
}
echo '<table align="center" cellpadding="6" cellspacing="0" border="0">' . '<form method="post" action="?">';
mysqli_query($DBConn, $sql);
if (mysqli_error($DBConn)) {
$hasError = true;
echo '<br>Error on record ' . $data;
echo '<br>' . mysqli_error($DBConn) . '<br>';
} else {
echo '<br> Imported :' . $data;
}
}
} else {
echo 'Unable to open file<p>';
echo $_FILES['file']['name'];
$hasError = true;
}
$showForm = false;
auditit(0, 0, $_SESSION['Email'], 'Imported new hints', $_FILES['file']['name']);
?>
<center><p><p><form enctype="multipart/form-data" method="post" action="?">
<br><input type="submit" name="acceptImport" value="OK">
</form></center>
<?php
}
if ($showForm) {
echo '<center><p><form enctype="multipart/form-data" method="post" action="?">';
?>
<input type="hidden" name="MAX_FILE_SIZE" value="2097152" />
Import hints: <input type="file" size="50" name="file" /><p>
Delete Existing: <input 'checked' value="1" type="checkbox" name="delete_existing" /><p>
<input type="submit" name="saveUpload" value="Import">
</form></center>
foreach ($aresult as $key => $value) {
if ($aresult[$key]) {
auditit($_REQUEST['PID'], $_REQUEST['id'], $_SESSION['Email'], 'Deleted ' . $key, $aresult[$key]);
}
}
if (mysqli_query($DBConn, 'DELETE FROM story WHERE AID=' . $_REQUEST['id'] . ' AND Project_ID=' . $_REQUEST['PID'])) {
$asql = 'delete from task where Story_AID=' . $_REQUEST['id'];
$aqry = mysqli_query($DBConn, $asql);
$asql = 'delete from comment where Story_AID=' . $_REQUEST['id'];
$aqry = mysqli_query($DBConn, $asql);
$asql = "select upload.Name, upload.Desc, HEX(Name) as HName, upload.Type FROM upload WHERE upload.AID=" . $_REQUEST['id'];
$aqry = mysqli_query($DBConn, $asql);
while ($aresult = mysqli_fetch_array($aqry)) {
if (!mysqli_error($DBConn)) {
if (unlink('upload/' . $aresult['HName'] . '.' . $aresult['Type'])) {
auditit($_REQUEST['PID'], $_REQUEST['id'], $_SESSION['Email'], 'Deleted uploaded file ', $aresult[HName], $aresult[Desc]);
}
}
}
$asql = "DELETE FROM upload WHERE upload.AID=" . $_REQUEST['id'];
$aqry = mysqli_query($DBConn, $asql);
$showForm = false;
$deleted = true;
Update_Iteration_Points($_REQUEST['IID']);
}
}
} else {
if ($_REQUEST['nodelete']) {
$showForm = false;
$deleted = false;
}
<?php
require_once 'include/dbconfig.inc.php';
require_once 'include/common.php';
$user_details = check_user($_SESSION['user_identifier']);
if (!$user_details) {
exit;
}
// add it
$ssql = 'INSERT INTO story (Project_ID, Release_ID, Iteration_ID, Parent_Story_ID, Created_Date' . ', Status, Epic_Rank, Iteration_Rank, Size, Blocked' . ', Summary, Col_1, As_A, Col_2, Acceptance, Tags, Type, Created_By_ID, ID)' . ' SELECT Project_ID, Release_ID, Iteration_ID, Parent_Story_ID, Created_Date' . ', Status, Epic_Rank, Iteration_Rank, Size, Blocked' . ', CONCAT("(Dup. of #",ID,") ",Summary), Col_1, As_A, Col_2, Acceptance, Tags, Type, ' . '"' . $_SESSION['ID'] . '", (SELECT max(local.ID)+1 from story as local where Project_ID=story.Project_ID)' . ' FROM story WHERE story.AID=' . $_GET['SAID'];
//echo '<br>'.$sql;
// Add the record
mysqli_query($DBConn, $ssql);
// Fecth new local ID
$sql = 'select ID, AID, Project_ID, Iteration_ID, Summary from story where AID=' . mysqli_insert_id($DBConn);
//echo '<br>'.$sql;
$res = mysqli_query($DBConn, $sql);
$RecRow = mysqli_fetch_assoc($res);
$story_Row['ID'] = $RecRow['ID'];
Update_Iteration_Points($RecRow['Iteration_ID']);
echo 'New story <a title="Edit story #' . $story_Row['ID'] . '" href="story_Edit.php?AID=' . $RecRow['AID'] . '&PID=' . $RecRow['Project_ID'] . '&IID=' . $RecRow['Iteration_ID'] . '">#' . $story_Row['ID'] . '</a> Created';
// and now dupcate the tasks
if ($_GET['TASKS'] == 'True') {
$sql = 'INSERT INTO task (Story_AID, User_ID, Rank, task.Desc, Done, Expected_Hours, Actual_Hours, Task_Date)' . ' SELECT ' . $RecRow['AID'] . ', 0, Rank, task.Desc, 0, Expected_Hours, 0, Task_Date' . ' FROM task WHERE task.Story_AID=' . $_GET['SAID'];
mysqli_query($DBConn, $sql);
}
auditit($RecRow['Project_ID'], $RecRow['AID'], $_SESSION['Email'], 'Duplicated Story from', $_GET['SAID'], $_GET['SAID'] . '-' . $RecRow['Summary'], 'Story #' . $RecRow['ID']);
auditit($RecRow['Project_ID'], $_GET['SAID'], $_SESSION['Email'], 'Duplicated Story to', $_GET['SAID'] . '-' . $RecRow['Summary'], 'Story #' . $RecRow['ID']);
if ($Usr['Admin_User'] == 1) {
mysqli_query($DBConn, 'DELETE from user_project where User_ID =' . $_REQUEST['id']);
if ($_REQUEST['proj']) {
foreach ($_REQUEST['proj'] as $proj) {
$sql = 'INSERT into user_project set User_ID=' . $_REQUEST['id'] . ', Project_ID=' . $proj . ' ';
$audit = " ";
if (isset($_REQUEST['Readonly' . $proj])) {
$sql .= ', Readonly =1';
$audit .= 'Read only: True';
}
if (isset($_REQUEST['proj_admin' . $proj])) {
$sql .= ', Project_Admin=1';
$audit .= 'Proj Admin: True';
}
mysqli_query($DBConn, $sql);
auditit($proj, 0, $_SESSION['Email'], 'Alter access', $_REQUEST['EMail'], Get_Project_Name($proj) . '" ' . $audit);
}
}
}
} else {
$error = 'The form failed to process correctly.' . mysqli_error($DBConn);
}
}
}
if (!empty($error)) {
echo '<div class="error">' . $error . '</div>';
}
if ($showForm) {
if ($Usr['Admin_User'] == 1 || $_REQUEST['id'] == $_SESSION['ID']) {
if (!empty($_REQUEST['id'])) {
$user_Res = mysqli_query($DBConn, 'SELECT * FROM user WHERE ID = ' . $_REQUEST['id']);
$QRow = mysqli_fetch_assoc($QRes);
$audittext = ' Query ' . $_GET['QID'] . ' ' . $QRow['qdesc'];
$cond = " " . $QRow['QSQL'];
$cond = str_replace('{User}', $_SESSION['ID'], $cond);
$cond = str_replace('{Iteration}', $_REQUEST['IID'], $cond);
$cond = str_replace('{Project}', $_REQUEST['PID'], $cond);
$cond = str_replace('{Backlog}', $Project['Backlog_ID'], $cond);
$sql .= ' and ' . $cond . ' ' . $QRow['Qorder'];
}
// make sure that we dont get parent stories when this is an iteration export (only really applies for the backlog.)
if (empty($_GET['etype'])) {
$sql .= ' and story.Iteration_ID=' . $_GET['IID'] . ' and 0=(select count(Parent_Story_ID) from story as p where p.Parent_Story_ID = story.AID) ';
}
if (empty($_GET['QID'])) {
$sql .= ' ORDER BY Iteration_Rank';
}
$result = mysqli_query($DBConn, $sql) or die('Query failed!');
if ($row = mysqli_fetch_assoc($result)) {
do {
if (!$flag) {
// display field/column names as first row
fputcsv($out, array_keys($row), ',', '"');
$flag = true;
}
array_walk($row, 'cleanData');
fputcsv($out, array_values($row), ',', '"');
} while ($row = mysqli_fetch_assoc($result));
}
fclose($out);
auditit($_REQUEST['PID'], 0, $_SESSION['Email'], 'Exported', $audittext, $filename);
exit;
$user_details = check_user($_SESSION['user_identifier']);
if (!$user_details) {
exit;
}
$comment_text = mysqli_real_escape_string($DBConn, $_REQUEST['comment_text']);
if ($_REQUEST['Type'] == "s") {
$q = "INSERT INTO comment (Parent_ID, User_Name, Story_AID, Comment_Text) VALUES (" . $_REQUEST['Parent_ID'] . ", '" . $_REQUEST[User_Name] . "', " . $_REQUEST['Story_AID'] . ", '" . $comment_text . "' )";
auditit($_REQUEST['PID'], $_REQUEST['Story_AID'], $_SESSION['Email'], 'Added Comment', '', $_REQUEST['comment_text']);
} else {
if ($_REQUEST['Story_AID'] == 0) {
$icoid = NextIterationCommentObject();
// so get the next comment object id
$q = 'Update Iteration set Comment_Object_ID=' . $icoid . ' where ID=' . $_REQUEST['Iteration_ID'];
// and set it
$row = mysqli_query($DBConn, $q);
} else {
$icoid = $_REQUEST['Story_AID'];
}
$q = "INSERT INTO comment (Parent_ID, User_Name, Comment_Object_ID, Comment_Text) VALUES (" . $_REQUEST['Parent_ID'] . ", '" . $_REQUEST[User_Name] . "', " . $icoid . ", '" . $comment_text . "' )";
auditit($_REQUEST['PID'], 0, $_SESSION['Email'], 'Added Iteration Comment', '', $_REQUEST['comment_text']);
}
$row = mysqli_query($DBConn, $q);
$id = mysqli_insert_id($DBConn);
if (mysqli_affected_rows($DBConn) == 1) {
$r = mysqli_query($DBConn, 'select * from comment where ID =' . $id);
$row = mysqli_fetch_assoc($r);
GetComments($row, $_REQUEST['replyid'], $_REQUEST['Type']);
} else {
echo $q;
echo "Comment cannot be posted. Please try again.";
}
<?php
$showForm = true;
if (isset($_POST['saveUpdate'])) {
if (empty($_REQUEST['id'])) {
$sql_method = 'INSERT INTO';
$button_name = 'Add';
$whereClause = '';
} else {
$sql_method = 'UPDATE';
$button_name = 'Save';
$whereClause = 'WHERE ID = ' . ($_REQUEST['id'] + 0);
}
if (mysqli_query($DBConn, "{$sql_method} story_type SET \t\t\tstory_type.Project_ID = '" . $_REQUEST['PID'] . "',\n\t\t\tstory_type.Desc = '" . $_REQUEST['Desc'] . "',\n\t\t\tstory_type.Order = '" . $_REQUEST['Order'] . "' {$whereClause}")) {
$showForm = false;
auditit($_REQUEST['PID'], 0, $_SESSION['Email'], '', 'Update Story Type', $_REQUEST['id'] . '-' . $_REQUEST['Desc'] . '-' . $_REQUEST['Order']);
} else {
$error = 'The form failed to process correctly.' . mysqli_error($DBConn);
}
}
if (!empty($error)) {
echo '<div class="error">' . $error . '</div>';
}
if ($showForm) {
if (!empty($_REQUEST['id'])) {
$storyType_Res = mysqli_query($DBConn, 'SELECT * FROM story_type WHERE ID = ' . $_REQUEST['id']);
$storyType_Row = mysqli_fetch_assoc($storyType_Res);
} else {
$storyType_Row = $_REQUEST;
}
echo '<table align="center" cellpadding="6" cellspacing="0" border="0">' . '<form method="post" action="?">';
$_REQUEST['PARID'] = substr($_REQUEST['PARID'], 0, 1);
if ($_REQUEST['PARID'] == 'P') {
$sql = 'UPDATE story SET story.Release_ID=0 WHERE story.Project_ID=' . $_REQUEST['PID'] . ' AND story.Release_ID=' . $_REQUEST['RID'];
auditit($_REQUEST['PID'], 0, $_SESSION['Email'], 'Removed entire Project', Get_Project_Name($_REQUEST['PID']) . ' from Release: ' . Get_Release_Name($_REQUEST['RID']));
} elseif ($_REQUEST['PARID'] == 'D') {
$sql = 'UPDATE story SET story.Release_ID=0 WHERE story.Status="Done" AND story.Release_ID=' . $_REQUEST['RID'] . ' and story.Project_id=' . $_REQUEST['PID'];
auditit($_REQUEST['PID'], 0, $_SESSION['Email'], 'Removed all Done work', 'for Project: ' . Get_Project_Name($_REQUEST['PID']) . ' from Release: ' . Get_Release_Name($_REQUEST['RID']));
} elseif ($_REQUEST['PARID'] == 'N') {
$sql = 'UPDATE story SET story.Release_ID=0 WHERE story.Status<>"Done" AND story.Release_ID=' . $_REQUEST['RID'] . ' and story.Project_id=' . $_REQUEST['PID'];
auditit($_REQUEST['PID'], 0, $_SESSION['Email'], 'Removed all NOT DONE work', ' in Project: ' . Get_Project_Name($_REQUEST['PID']) . ' from Release: ' . Get_Release_Name($_REQUEST['RID']));
} elseif ($_REQUEST['PARID'] == 'I') {
$sql = 'UPDATE story SET story.Release_ID=0 WHERE story.Iteration_ID="' . $_REQUEST['IID'] . '" AND story.Release_ID=' . $_REQUEST['RID'] . ' and story.Project_id=' . $_REQUEST['PID'];
auditit($_REQUEST['PID'], 0, $_SESSION['Email'], 'Removed Iteration', Get_Iteration_Name($_REQUEST['IID']) . ' from Release: ' . Get_Release_Name($_REQUEST['RID']));
} else {
$sql = 'UPDATE story SET story.Release_ID=0 WHERE (story.Parent_Story_ID=' . $_REQUEST['PARID'] . ' AND story.Release_ID=' . $_REQUEST['RID'] . ') or story.AID=' . $_REQUEST['PARID'];
auditit($_REQUEST['PID'], 0, $_SESSION['Email'], 'Removed Epic', $_REQUEST['PARID'] . ' from Release: ' . Get_Release_Name($_REQUEST['RID']));
}
mysqli_query($DBConn, $sql);
}
function GetTreeRoot($sql, $flag = '')
{
global $DBConn;
$tree_Res = mysqli_query($DBConn, $sql);
echo '<br> <img id="1line" src="images/1line.png" title="One line story display"> <img id="2line" src="images/2line.png" title="Two line story display"> <img id="3line" src="images/3line.png" title="Three line story display">';
echo ' <a href="#" class="btnCollapseAll" id="">Collapse</a>/';
echo '<a href="#" class="btnExpandAll" id="">Expand</a>';
echo '<div class="tree" id="tree">';
echo '<ul>';
GetTree($tree_Res, $flag);
echo '</ul>';
echo '</div>';
<?php
require_once 'include/dbconfig.inc.php';
require_once 'include/common.php';
$user_details = check_user($_SESSION['user_identifier']);
if (!$user_details) {
exit;
}
auditit($_GET['PID'], $_GET['AID'], $_SESSION['Email'], 'Deleted File:' . $_GET['Name'] . '.' . $_GET['Type']);
$sql = "DELETE FROM upload WHERE upload.Name=UNHEX('" . $_GET['Name'] . "')";
mysqli_query($DBConn, $sql);
if (!mysqli_error($DBConn)) {
unlink(getcwd() . '/upload/' . $_GET['Name'] . '.' . $_GET['Type']);
}
<?php
require_once 'include/dbconfig.inc.php';
require_once 'include/common.php';
$user_details = check_user($_SESSION['user_identifier']);
if (!$user_details) {
exit;
}
$sql = 'UPDATE story SET story.Parent_Story_ID="' . $_GET['NPAR'] . '" WHERE story.AID=' . $_GET['SID'];
mysqli_query($DBConn, $sql);
Update_Parent_Points($_GET['SID']);
Update_oldParent_Points($_GET['OPAR']);
auditit($_GET['PID'], $_GET['SID'], $_SESSION['Email'], 'Update parent', fetchusingID('Summary', $_GET['OPAR'], 'story'), fetchusingID('Summary', $_GET['NPAR'], 'story'));
if (isset($_POST['truncateit'])) {
$sql = 'TRUNCATE TABLE audit';
mysqli_query($DBConn, $sql);
auditit(0, 0, $_SESSION['Email'], 'Audit log truncated', 'All records deleted and index reset');
if (mysqli_error($DBConn)) {
echo '<br>' . mysqli_error($DBConn) . '<br>';
} else {
echo '<center><P><B>All Audit records Deleted.</B><P>';
}
$showForm = false;
}
if (isset($_POST['beforedate'])) {
$sql = "DELETE FROM audit where audit.When<'" . $_REQUEST['Start_Date'] . "'";
echo $sql;
mysqli_query($DBConn, $sql);
auditit(0, 0, $_SESSION['Email'], 'Audit log truncated', 'All records before ' . $_REQUEST['Start_Date'] . ' deleted');
if (mysqli_error($DBConn)) {
echo '<br>' . mysqli_error($DBConn) . '<br>';
} else {
echo '<center><P><B>All records before ' . $_REQUEST['Start_Date'] . ' deleted</B><P>';
}
$showForm = false;
}
if ($showForm == false) {
echo '<center><p><p><form enctype="multipart/form-data" method="post" action="?">';
echo ' <br><input type="submit" name="ok" value="OK">';
echo ' </form></center>';
}
if ($showForm) {
if ($Usr['Admin_User'] == 1) {
?>
<?php
require_once 'include/dbconfig.inc.php';
require_once 'include/common.php';
$user_details = check_user($_SESSION['user_identifier']);
if (!$user_details) {
exit;
}
$sql = 'UPDATE story SET story.Iteration_ID=' . $_GET['IID'] . ' WHERE story.AID=' . $_GET['AID'];
mysqli_query($DBConn, $sql);
if ($_GET['mov'] == 'ltr') {
echo Update_Iteration_Points($_GET['IID']);
} else {
Update_Iteration_Points($_GET['IID']);
}
if ($_GET['mov'] == 'rtl') {
echo Update_Iteration_Points($_GET['OIID']);
} else {
Update_Iteration_Points($_GET['OIID']);
}
auditit($_GET['PID'], $_GET['AID'], $_SESSION['Email'], 'Move story', Get_Iteration_Name($_GET['OIID'], false), Get_Iteration_Name($_GET['IID'], false));