Example #1
0
function login_user($user, $password)
{
    global $DBConn;
    $sql = "SELECT * FROM user  WHERE EMail = '" . $user . "'   AND Disabled_User = 0 AND Password = '******'";
    $query = mysqli_query($DBConn, $sql);
    if (mysqli_num_rows($query) > 0) {
        $result = mysqli_fetch_assoc($query);
        auditit(0, 0, $result['EMail'], 'Login');
        return array('session_identifier' => md5($result['EMail'] . $result['Password']), 'ID' => $result['ID'], 'Email' => $result['EMail'], 'Friendly_Name' => $result['Friendly_Name']);
    } else {
        //fudge the old password handling
        $sql = "SELECT * FROM user  WHERE email = '" . $user . "' AND Disabled_User = 0 AND password = '******'";
        $query = mysqli_query($DBConn, $sql);
        // a valid old password
        if (mysqli_num_rows($query) > 0) {
            $result = mysqli_fetch_assoc($query);
            // update to the new one
            $sqlu = "Update user SET Password='******' WHERE email = '" . $user . "'";
            $query = mysqli_query($DBConn, $sqlu);
        } else {
            auditit(0, 0, $user, 'Unsuccessful Login');
            return false;
        }
    }
}
Example #2
0
<?php

include 'include/header.inc.php';
$showForm = true;
if ($_REQUEST['reset']) {
    if (readonly($_REQUEST['PID']) == 0) {
        $sql = 'delete from tags where Project_ID=' . $_REQUEST['PID'];
        $tags_Res = mysqli_query($DBConn, $sql);
        $sql = "insert into tags (Project_ID, tags.Desc) select Project_ID, GROUP_CONCAT(distinct(Tags) SEPARATOR ',') as Tags from story where length(Tags)> 0 and Project_ID=" . $_REQUEST['PID'] . " group by Project_ID";
        $tags_Res = mysqli_query($DBConn, $sql);
        $sql = 'select * from tags where Project_ID=' . $_REQUEST['PID'];
        $tags_Res = mysqli_query($DBConn, $sql);
        $tags_Row = mysqli_fetch_assoc($tags_Res);
        $newTags = implode(",", array_unique(explode(",", $tags_Row['Desc'])));
        $sql = 'UPDATE tags SET tags.Desc="' . $newTags . '" where tags.Project_ID=' . $_REQUEST['PID'];
        $tags_Res = mysqli_query($DBConn, $sql);
        $showForm = false;
        auditit($_REQUEST['PID'], 0, $_SESSION['Email'], 'Clear Unused Tags', '', '');
    }
}
if ($_REQUEST['noreset']) {
    $showForm = false;
    $resetd = false;
    header('Location:project_Summary.php?PID=' . $_REQUEST['PID']);
}
if ($showForm) {
    echo '<form method="post" action="?"><p><h2>' . 'Are you sure you want to Clear unused Tags for this project?<br /></h2><p>' . '<p>' . '<input type="submit" name="reset" value="Yes, Clear"> &nbsp; ' . '<input type="hidden" name="PID" value="' . $_REQUEST['PID'] . '">' . '<input type="submit" name="noreset" value="No, Don\'t clear">' . '</form>';
} else {
    header('Location:project_Summary.php?PID=' . $_REQUEST['PID']);
}
include 'include/footer.inc.php';
Example #3
0
        //Audit
        //If we are updating
        if ($sql_method === 'UPDATE') {
            // for each field  that appears in a story record
            foreach ($orow as $key => $value) {
                // that is passed in (Blocked wants some special handling)
                if ($_REQUEST[$key] || $key == 'Blocked' && $orow['Blocked'] == 1) {
                    // and somethng has changed then log it
                    if ($_REQUEST[$key] !== $orow[$key]) {
                        echo '# n' . $key . ' ' . $_REQUEST[$key] . ' - o' . $orow[$key] . '</br>';
                        auditit($_REQUEST['PID'], $_REQUEST['AID'], $_SESSION['Email'], $aaction . $key, $orow[$key], $_REQUEST[$key]);
                    }
                }
            }
        } else {
            auditit($_REQUEST['PID'], 0, $_SESSION['Email'], $aaction, '', $_REQUEST['Summary']);
        }
        $showForm = false;
        Update_Parent_Points($_REQUEST['AID']);
        Update_Iteration_Points($_REQUEST['Iteration_ID']);
        Update_Project_Tags($_REQUEST['PID'], $_REQUEST['Tags']);
        if (!empty($_REQUEST['gobackto'])) {
            header('Location:' . $_REQUEST['gobackto']);
        } else {
            header('Location:story_List.php?PID=' . $_REQUEST['PID'] . '&IID=' . $_REQUEST['IID']);
        }
    } else {
        $error = 'The form failed to process correctly.' . mysqli_error($DBConn);
    }
}
if (!empty($error)) {
<?php

require_once 'include/dbconfig.inc.php';
require_once 'include/common.php';
$user_details = check_user($_SESSION['user_identifier']);
if (!$user_details) {
    exit;
}
$sql = 'UPDATE task SET task.Done=' . $_GET['DONE'] . ' WHERE task.ID=' . $_GET['TID'];
mysqli_query($DBConn, $sql);
if ($_GET['DONE'] == 0) {
    $Status = 'Todo';
}
if ($_GET['DONE'] == 1) {
    $Status = 'Doing';
}
if ($_GET['DONE'] == 2) {
    $Status = 'Done';
}
auditit($_GET['PID'], $_GET['AID'], $_SESSION['Email'], 'Update task status', $_GET['TID'] . '-' . $_GET['desc'], $Status);
Example #5
0
<?php

require_once 'include/dbconfig.inc.php';
require_once 'include/common.php';
$user_details = check_user($_SESSION['user_identifier']);
if (!$user_details) {
    exit;
}
$sql = 'INSERT INTO task SET Story_AID="' . $_GET['AID'] . '", task.User_ID="' . $_GET['user'] . '", task.Rank="30000' . '", task.Desc="' . mysqli_real_escape_string($DBConn, $_GET['desc']) . '",  Done="0' . '", Expected_Hours="' . $_GET['exph'] . '", Actual_Hours="' . $_GET['acth'] . '";';
mysqli_query($DBConn, $sql);
auditit($_GET['PID'], $_GET['AID'], $_SESSION['Email'], 'Added task', $_GET['desc'] . ' Assign to:' . Get_User($_GET['user']) . ' Expect. h:' . $_GET['exph'] . ' Act. h:' . $_GET['acth']);
            }
        }
    }
    mysqli_query($DBConn, 'DELETE FROM from upload u left Join story s  on u.AID = s.AID where s.Project_ID =' . ($_REQUEST['PID'] + 0));
    mysqli_query($DBConn, 'DELETE FROM story WHERE Project_ID = ' . ($_REQUEST['PID'] + 0));
    mysqli_query($DBConn, 'DELETE FROM story_status WHERE Project_ID = ' . ($_REQUEST['PID'] + 0));
    mysqli_query($DBConn, 'DELETE FROM story_type WHERE Project_ID = ' . ($_REQUEST['PID'] + 0));
    mysqli_query($DBConn, 'DELETE FROM iteration WHERE Project_ID = ' . ($_REQUEST['PID'] + 0));
    mysqli_query($DBConn, 'DELETE FROM tags WHERE Project_ID = ' . ($_REQUEST['PID'] + 0));
    mysqli_query($DBConn, 'DELETE FROM user_project WHERE Project_ID = ' . ($_REQUEST['PID'] + 0));
    mysqli_query($DBConn, 'DELETE FROM audit WHERE PID = ' . ($_REQUEST['PID'] + 0));
    if (mysqli_query($DBConn, 'DELETE FROM project WHERE ID = ' . $_REQUEST['PID'])) {
        $showForm = false;
        $deleted = true;
        header('Location:project_List.php');
    }
} else {
    if ($_REQUEST['nodelete']) {
        auditit($_REQUEST['PID'], 0, $_SESSION['Email'], 'Deleted Project ', Get_Project_Name($_REQUEST['PID']));
        $showForm = false;
        $deleted = false;
    }
}
if ($showForm) {
    echo '<br>Are you sure you want to delete:<br><ul>' . '<li>points</li>' . '<li>comments</li>' . '<li>object</li>' . '<li> stories</li>' . '<li>iteration</li>' . '<li>story-status</li>' . '<li>story type and</li>' . '<li>tags</li>' . '<li>audit logs</li>' . '<li>Uploaded files</li>' . '</ul> as well as this project?<p>';
    echo '<br>Users are <b>not</b> deleted<br>';
    echo '<form method="post" action="?">' . 'Are you sure you want to delete this Project?<br />' . '<input type="hidden" name="PID" value="' . $_REQUEST['PID'] . '">' . '<input type="submit" name="delete" value="Yes, Delete"> &nbsp; ' . '<input type="submit" name="nodelete" value="No, Don\'t Delete">' . '</form>';
} else {
    header('Location:project_List.php');
}
include 'include/footer.inc.php';
<?php

require_once 'include/dbconfig.inc.php';
require_once 'include/common.php';
$user_details = check_user($_SESSION['user_identifier']);
if (!$user_details) {
    exit;
}
$comt = fetchusingID('Comment_Text', $_GET['id'], 'comment');
$sql = 'DELETE FROM comment WHERE ID=' . $_GET['id'];
mysqli_query($DBConn, $sql);
$cnt = mysqli_affected_rows($DBConn);
echo $cnt;
if ($cnt > 0) {
    if ($_GET['type'] == 's') {
        auditit($_GET['PID'], $_GET['AID'], $_SESSION['Email'], 'Deleted story Comment', $comt);
    } else {
        auditit($_GET['PID'], $_GET['AID'], $_SESSION['Email'], 'Deleted iteration Comment', $comt);
    }
}
Example #8
0
<?php

/* include login functions */
require_once 'include/dbconfig.inc.php';
require_once 'include/common.php';
auditit(0, 0, $_SESSION['Email'], 'Logout');
session_destroy();
?>
<meta http-equiv="refresh" content="0; url=index.php"> 
<h1>
<center>
<br>
Logged Out
</h1>
<?php

require_once 'include/dbconfig.inc.php';
require_once 'include/common.php';
$user_details = check_user($_SESSION['user_identifier']);
if (!$user_details) {
    exit;
}
//STAID= status order id for his project.
$sql = 'UPDATE story SET story.Status=(select d.Desc from story_status as d where d.Project_ID = (select project_ID from iteration where iteration.ID=' . $_GET['IID'] . ' ) and d.Order=' . $_GET['STAID'] . ') WHERE story.AID=' . $_GET['AID'];
mysqli_query($DBConn, $sql);
Update_Iteration_Points($_GET['IID']);
//this updates bot the parent points as well as the parent status
Update_Parent_Points($_GET['AID']);
auditit($_GET['PID'], $_GET['AID'], $_SESSION['Email'], 'Update Status', '', $_GET['AID']);
Example #10
0
<?php

include 'include/header.inc.php';
if ($Usr['Admin_User'] == 1) {
    $showForm = true;
} else {
    $showForm = true;
}
if ($_REQUEST['delete'] && $Usr['Admin_User'] == 1) {
    auditit(0, 0, $_SESSION['Email'], 'Deleted User', $_REQUEST['id'] . '-' . $_REQUEST['desc']);
    if (mysqli_query($DBConn, 'DELETE FROM user WHERE ID = ' . ($_REQUEST['id'] + 0))) {
        $showForm = false;
        $deleted = true;
    }
} else {
    if ($_REQUEST['nodelete']) {
        $showForm = false;
        $deleted = false;
    }
}
if ($showForm) {
    echo '<form method="post" action="?">' . '<p>Are you sure you want to delete this User?<p>' . $_REQUEST['id'] . ' - ' . $_REQUEST['desc'] . '<p>' . '<input type="hidden" name="id" value="' . $_REQUEST['id'] . '">' . '<input type="hidden" name="desc" value="' . $_REQUEST['desc'] . '">' . '<input type="submit" name="delete" value="Yes, Delete"> &nbsp; ' . '<input type="submit" name="nodelete" value="No, Don\'t Delete">' . '</form>';
} else {
    header('Location:user_List.php');
}
include 'include/footer.inc.php';
<?php

require_once 'include/dbconfig.inc.php';
require_once 'include/common.php';
$user_details = check_user($_SESSION['user_identifier']);
if (!$user_details) {
    exit;
}
foreach ($_GET['story'] as $key => $value) {
    $key = ($key + 1) * 10;
    $sql = 'UPDATE story SET story.Iteration_Rank=' . $key . ' WHERE story.AID=' . $value;
    mysqli_query($DBConn, $sql);
}
if ($_GET[rank] === 'i') {
    $act = 'Increased Rank';
} else {
    $act = 'Decreased Rank';
}
auditit($_GET['PID'], $_GET['AID'], $_SESSION['Email'], $act);
Example #12
0
<?php

require_once 'include/dbconfig.inc.php';
require_once 'include/common.php';
$user_details = check_user($_SESSION['user_identifier']);
if (!$user_details) {
    exit;
}
$sql = 'DELETE FROM task WHERE task.ID=' . $_GET['id'];
mysqli_query($DBConn, $sql);
auditit($_GET['PID'], $_GET['AID'], $_SESSION['Email'], 'Deleted task', $_GET['id'] . '-' . $_GET['desc']);
Example #13
0
        // Check valid filetypes
        $pos = strrpos($validfiletypes, $fileType . ',');
        if ($pos === false) {
            // note: three equal signs
            $valid_file = false;
            $message = 'Bad File type.';
        } else {
            $valid_file = true;
        }
        if ($_FILES['file']['size'] > 2097152) {
            $valid_file = false;
            $message = 'Oops!  Your file size is to large.';
        }
        //if the file has passed the tests
        if ($valid_file) {
            //move it to where we want it to be
            move_uploaded_file($_FILES['file']['tmp_name'], getcwd() . '/upload/' . $new_file_name . '.' . $fileType);
            $fileSize = $_FILES['file']['size'];
            $query = "INSERT INTO upload (upload.AID, upload.Name, upload.Desc, upload.Size, upload.Type ) " . "VALUES (" . $_REQUEST['AID'] . ", UNHEX('" . $new_file_name . "'),'" . $_FILES['file']['name'] . "', " . $fileSize . ", '" . $fileType . "')";
            mysqli_query($DBConn, $query);
            $message = '';
            auditit($_REQUEST['PID'], $_REQUEST['AID'], $_SESSION['Email'], 'Uploaded File', $_FILES['file']['name'], $new_file_name);
        } else {
            $message = 'Invalid file.';
        }
    } else {
        //set that to be the returned message
        $message = 'Ooops!  Your upload triggered the following error:  ' . $_FILES['file']['error'];
    }
}
echo $message;
    if (empty($_REQUEST['id'])) {
        $sql_method = 'INSERT INTO';
        $button_name = 'Add';
        $whereClause = '';
    } else {
        $sql_method = 'UPDATE';
        $button_name = 'Save';
        $whereClause = 'WHERE ID = ' . ($_REQUEST['id'] + 0);
    }
    if (mysqli_query($DBConn, "{$sql_method} story_status SET\n \t\t\tProject_ID = '" . $_REQUEST['PID'] . "',\n\t\t\tstory_status.Desc = '" . $_REQUEST['Desc'] . "',\n\t\t\tstory_status.Policy = '" . $_REQUEST['Policy'] . "',\n\t\t\tstory_status.Order = '" . $_REQUEST['Order'] . "',\n\t\t\tRGB = '" . $_REQUEST['RGB'] . "' {$whereClause}")) {
        $sql = 'Update story set story.Status="' . $_REQUEST['Desc'] . '" where story.Project_ID=' . $_REQUEST['PID'] . ' and story.Status="' . $_REQUEST['ODesc'] . '"';
        mysqli_query($DBConn, $sql);
        $sql = 'Update points_log set points_log.Status="' . $_REQUEST['Desc'] . '" where points_log.Project_ID=' . $_REQUEST['PID'] . ' and points_log.Status="' . $_REQUEST['ODesc'] . '"';
        mysqli_query($DBConn, $sql);
        $showForm = false;
        auditit($_REQUEST['PID'], 0, $_SESSION['Email'], 'Update Project Story Status', '', $_REQUEST['Desc'] . '-' . $_REQUEST['Policy'] . '-' . $_REQUEST['RGB']);
    } else {
        $error = 'The form failed to process correctly.' . mysqli_error();
    }
}
if (!empty($error)) {
    echo '<div class="error">' . $error . '</div>';
}
if ($showForm) {
    if (!empty($_REQUEST['id'])) {
        $storyStatus_Res = mysqli_query($DBConn, 'SELECT * FROM story_status WHERE ID = ' . $_REQUEST['id']);
        $storyStatus_Row = mysqli_fetch_assoc($storyStatus_Res);
    } else {
        $storyStatus_Row = $_REQUEST;
    }
    echo '<table align="center" cellpadding="6" cellspacing="0" border="0">' . '<form method="post" action="?">';
Example #15
0
            mysqli_query($DBConn, $sql);
            if (mysqli_error($DBConn)) {
                $hasError = true;
                echo '<br>Error on record ' . $data;
                echo '<br>' . mysqli_error($DBConn) . '<br>';
            } else {
                echo '<br> Imported :' . $data;
            }
        }
    } else {
        echo 'Unable to open file<p>';
        echo $_FILES['file']['name'];
        $hasError = true;
    }
    $showForm = false;
    auditit(0, 0, $_SESSION['Email'], 'Imported new hints', $_FILES['file']['name']);
    ?>
				<center><p><p><form  enctype="multipart/form-data" method="post" action="?">
				<br><input type="submit" name="acceptImport" value="OK">
				</form></center>
<?php 
}
if ($showForm) {
    echo '<center><p><form  enctype="multipart/form-data" method="post" action="?">';
    ?>
				<input type="hidden" name="MAX_FILE_SIZE" value="2097152" />
				Import hints: <input type="file" size="50" name="file" /><p>
				Delete Existing: <input 'checked' value="1" type="checkbox" name="delete_existing" /><p>
				<input type="submit" name="saveUpload" value="Import">
			</form></center>
Example #16
0
        foreach ($aresult as $key => $value) {
            if ($aresult[$key]) {
                auditit($_REQUEST['PID'], $_REQUEST['id'], $_SESSION['Email'], 'Deleted ' . $key, $aresult[$key]);
            }
        }
        if (mysqli_query($DBConn, 'DELETE FROM story WHERE AID=' . $_REQUEST['id'] . ' AND Project_ID=' . $_REQUEST['PID'])) {
            $asql = 'delete from task where Story_AID=' . $_REQUEST['id'];
            $aqry = mysqli_query($DBConn, $asql);
            $asql = 'delete from comment where Story_AID=' . $_REQUEST['id'];
            $aqry = mysqli_query($DBConn, $asql);
            $asql = "select upload.Name, upload.Desc, HEX(Name) as HName, upload.Type FROM upload WHERE upload.AID=" . $_REQUEST['id'];
            $aqry = mysqli_query($DBConn, $asql);
            while ($aresult = mysqli_fetch_array($aqry)) {
                if (!mysqli_error($DBConn)) {
                    if (unlink('upload/' . $aresult['HName'] . '.' . $aresult['Type'])) {
                        auditit($_REQUEST['PID'], $_REQUEST['id'], $_SESSION['Email'], 'Deleted uploaded file ', $aresult[HName], $aresult[Desc]);
                    }
                }
            }
            $asql = "DELETE FROM upload WHERE upload.AID=" . $_REQUEST['id'];
            $aqry = mysqli_query($DBConn, $asql);
            $showForm = false;
            $deleted = true;
            Update_Iteration_Points($_REQUEST['IID']);
        }
    }
} else {
    if ($_REQUEST['nodelete']) {
        $showForm = false;
        $deleted = false;
    }
<?php

require_once 'include/dbconfig.inc.php';
require_once 'include/common.php';
$user_details = check_user($_SESSION['user_identifier']);
if (!$user_details) {
    exit;
}
// add it
$ssql = 'INSERT INTO story (Project_ID, Release_ID, Iteration_ID, Parent_Story_ID, Created_Date' . ', Status, Epic_Rank, Iteration_Rank, Size, Blocked' . ', Summary, Col_1, As_A, Col_2, Acceptance, Tags, Type, Created_By_ID, ID)' . ' SELECT Project_ID, Release_ID, Iteration_ID, Parent_Story_ID, Created_Date' . ', Status, Epic_Rank, Iteration_Rank, Size, Blocked' . ', CONCAT("(Dup. of #",ID,") ",Summary), Col_1, As_A, Col_2, Acceptance, Tags, Type, ' . '"' . $_SESSION['ID'] . '", (SELECT max(local.ID)+1 from story as local where Project_ID=story.Project_ID)' . ' FROM story WHERE story.AID=' . $_GET['SAID'];
//echo '<br>'.$sql;
// Add the record
mysqli_query($DBConn, $ssql);
// Fecth new local ID
$sql = 'select ID, AID, Project_ID, Iteration_ID, Summary from story where AID=' . mysqli_insert_id($DBConn);
//echo '<br>'.$sql;
$res = mysqli_query($DBConn, $sql);
$RecRow = mysqli_fetch_assoc($res);
$story_Row['ID'] = $RecRow['ID'];
Update_Iteration_Points($RecRow['Iteration_ID']);
echo 'New story <a title="Edit story #' . $story_Row['ID'] . '" href="story_Edit.php?AID=' . $RecRow['AID'] . '&PID=' . $RecRow['Project_ID'] . '&IID=' . $RecRow['Iteration_ID'] . '">#' . $story_Row['ID'] . '</a> Created';
// and now dupcate the tasks
if ($_GET['TASKS'] == 'True') {
    $sql = 'INSERT INTO task (Story_AID, User_ID, Rank, task.Desc, Done, Expected_Hours, Actual_Hours, Task_Date)' . ' SELECT ' . $RecRow['AID'] . ', 0, Rank, task.Desc, 0, Expected_Hours, 0, Task_Date' . ' FROM task WHERE task.Story_AID=' . $_GET['SAID'];
    mysqli_query($DBConn, $sql);
}
auditit($RecRow['Project_ID'], $RecRow['AID'], $_SESSION['Email'], 'Duplicated Story from', $_GET['SAID'], $_GET['SAID'] . '-' . $RecRow['Summary'], 'Story #' . $RecRow['ID']);
auditit($RecRow['Project_ID'], $_GET['SAID'], $_SESSION['Email'], 'Duplicated Story to', $_GET['SAID'] . '-' . $RecRow['Summary'], 'Story #' . $RecRow['ID']);
Example #18
0
            if ($Usr['Admin_User'] == 1) {
                mysqli_query($DBConn, 'DELETE from user_project where User_ID =' . $_REQUEST['id']);
                if ($_REQUEST['proj']) {
                    foreach ($_REQUEST['proj'] as $proj) {
                        $sql = 'INSERT into user_project set User_ID=' . $_REQUEST['id'] . ', Project_ID=' . $proj . ' ';
                        $audit = " ";
                        if (isset($_REQUEST['Readonly' . $proj])) {
                            $sql .= ', Readonly =1';
                            $audit .= 'Read only: True';
                        }
                        if (isset($_REQUEST['proj_admin' . $proj])) {
                            $sql .= ', Project_Admin=1';
                            $audit .= 'Proj Admin: True';
                        }
                        mysqli_query($DBConn, $sql);
                        auditit($proj, 0, $_SESSION['Email'], 'Alter access', $_REQUEST['EMail'], Get_Project_Name($proj) . '" ' . $audit);
                    }
                }
            }
        } else {
            $error = 'The form failed to process correctly.' . mysqli_error($DBConn);
        }
    }
}
if (!empty($error)) {
    echo '<div class="error">' . $error . '</div>';
}
if ($showForm) {
    if ($Usr['Admin_User'] == 1 || $_REQUEST['id'] == $_SESSION['ID']) {
        if (!empty($_REQUEST['id'])) {
            $user_Res = mysqli_query($DBConn, 'SELECT * FROM user WHERE ID = ' . $_REQUEST['id']);
Example #19
0
    $QRow = mysqli_fetch_assoc($QRes);
    $audittext = ' Query ' . $_GET['QID'] . ' ' . $QRow['qdesc'];
    $cond = " " . $QRow['QSQL'];
    $cond = str_replace('{User}', $_SESSION['ID'], $cond);
    $cond = str_replace('{Iteration}', $_REQUEST['IID'], $cond);
    $cond = str_replace('{Project}', $_REQUEST['PID'], $cond);
    $cond = str_replace('{Backlog}', $Project['Backlog_ID'], $cond);
    $sql .= ' and ' . $cond . ' ' . $QRow['Qorder'];
}
// make sure that we dont get parent  stories when this is an iteration export (only really applies for the backlog.)
if (empty($_GET['etype'])) {
    $sql .= ' and story.Iteration_ID=' . $_GET['IID'] . ' and 0=(select count(Parent_Story_ID) from story as p where p.Parent_Story_ID = story.AID) ';
}
if (empty($_GET['QID'])) {
    $sql .= ' ORDER BY Iteration_Rank';
}
$result = mysqli_query($DBConn, $sql) or die('Query failed!');
if ($row = mysqli_fetch_assoc($result)) {
    do {
        if (!$flag) {
            // display field/column names as first row
            fputcsv($out, array_keys($row), ',', '"');
            $flag = true;
        }
        array_walk($row, 'cleanData');
        fputcsv($out, array_values($row), ',', '"');
    } while ($row = mysqli_fetch_assoc($result));
}
fclose($out);
auditit($_REQUEST['PID'], 0, $_SESSION['Email'], 'Exported', $audittext, $filename);
exit;
Example #20
0
$user_details = check_user($_SESSION['user_identifier']);
if (!$user_details) {
    exit;
}
$comment_text = mysqli_real_escape_string($DBConn, $_REQUEST['comment_text']);
if ($_REQUEST['Type'] == "s") {
    $q = "INSERT INTO comment (Parent_ID, User_Name, Story_AID, Comment_Text) VALUES (" . $_REQUEST['Parent_ID'] . ", '" . $_REQUEST[User_Name] . "', " . $_REQUEST['Story_AID'] . ", '" . $comment_text . "' )";
    auditit($_REQUEST['PID'], $_REQUEST['Story_AID'], $_SESSION['Email'], 'Added Comment', '', $_REQUEST['comment_text']);
} else {
    if ($_REQUEST['Story_AID'] == 0) {
        $icoid = NextIterationCommentObject();
        // so get the next comment object id
        $q = 'Update Iteration set Comment_Object_ID=' . $icoid . ' where ID=' . $_REQUEST['Iteration_ID'];
        // and set it
        $row = mysqli_query($DBConn, $q);
    } else {
        $icoid = $_REQUEST['Story_AID'];
    }
    $q = "INSERT INTO comment (Parent_ID, User_Name, Comment_Object_ID, Comment_Text) VALUES (" . $_REQUEST['Parent_ID'] . ", '" . $_REQUEST[User_Name] . "', " . $icoid . ", '" . $comment_text . "' )";
    auditit($_REQUEST['PID'], 0, $_SESSION['Email'], 'Added Iteration Comment', '', $_REQUEST['comment_text']);
}
$row = mysqli_query($DBConn, $q);
$id = mysqli_insert_id($DBConn);
if (mysqli_affected_rows($DBConn) == 1) {
    $r = mysqli_query($DBConn, 'select * from comment where ID =' . $id);
    $row = mysqli_fetch_assoc($r);
    GetComments($row, $_REQUEST['replyid'], $_REQUEST['Type']);
} else {
    echo $q;
    echo "Comment cannot be posted. Please try again.";
}
<?php 
$showForm = true;
if (isset($_POST['saveUpdate'])) {
    if (empty($_REQUEST['id'])) {
        $sql_method = 'INSERT INTO';
        $button_name = 'Add';
        $whereClause = '';
    } else {
        $sql_method = 'UPDATE';
        $button_name = 'Save';
        $whereClause = 'WHERE ID = ' . ($_REQUEST['id'] + 0);
    }
    if (mysqli_query($DBConn, "{$sql_method} story_type SET \t\t\tstory_type.Project_ID = '" . $_REQUEST['PID'] . "',\n\t\t\tstory_type.Desc = '" . $_REQUEST['Desc'] . "',\n\t\t\tstory_type.Order = '" . $_REQUEST['Order'] . "' {$whereClause}")) {
        $showForm = false;
        auditit($_REQUEST['PID'], 0, $_SESSION['Email'], '', 'Update Story Type', $_REQUEST['id'] . '-' . $_REQUEST['Desc'] . '-' . $_REQUEST['Order']);
    } else {
        $error = 'The form failed to process correctly.' . mysqli_error($DBConn);
    }
}
if (!empty($error)) {
    echo '<div class="error">' . $error . '</div>';
}
if ($showForm) {
    if (!empty($_REQUEST['id'])) {
        $storyType_Res = mysqli_query($DBConn, 'SELECT * FROM story_type WHERE ID = ' . $_REQUEST['id']);
        $storyType_Row = mysqli_fetch_assoc($storyType_Res);
    } else {
        $storyType_Row = $_REQUEST;
    }
    echo '<table align="center" cellpadding="6" cellspacing="0" border="0">' . '<form method="post" action="?">';
Example #22
0
    $_REQUEST['PARID'] = substr($_REQUEST['PARID'], 0, 1);
    if ($_REQUEST['PARID'] == 'P') {
        $sql = 'UPDATE story SET story.Release_ID=0 WHERE story.Project_ID=' . $_REQUEST['PID'] . ' AND story.Release_ID=' . $_REQUEST['RID'];
        auditit($_REQUEST['PID'], 0, $_SESSION['Email'], 'Removed entire Project', Get_Project_Name($_REQUEST['PID']) . ' from Release: ' . Get_Release_Name($_REQUEST['RID']));
    } elseif ($_REQUEST['PARID'] == 'D') {
        $sql = 'UPDATE story SET story.Release_ID=0 WHERE story.Status="Done" AND story.Release_ID=' . $_REQUEST['RID'] . ' and story.Project_id=' . $_REQUEST['PID'];
        auditit($_REQUEST['PID'], 0, $_SESSION['Email'], 'Removed all Done work', 'for Project: ' . Get_Project_Name($_REQUEST['PID']) . ' from Release: ' . Get_Release_Name($_REQUEST['RID']));
    } elseif ($_REQUEST['PARID'] == 'N') {
        $sql = 'UPDATE story SET story.Release_ID=0 WHERE story.Status<>"Done" AND story.Release_ID=' . $_REQUEST['RID'] . ' and story.Project_id=' . $_REQUEST['PID'];
        auditit($_REQUEST['PID'], 0, $_SESSION['Email'], 'Removed all NOT DONE work', ' in Project: ' . Get_Project_Name($_REQUEST['PID']) . ' from Release: ' . Get_Release_Name($_REQUEST['RID']));
    } elseif ($_REQUEST['PARID'] == 'I') {
        $sql = 'UPDATE story SET story.Release_ID=0 WHERE story.Iteration_ID="' . $_REQUEST['IID'] . '" AND story.Release_ID=' . $_REQUEST['RID'] . ' and story.Project_id=' . $_REQUEST['PID'];
        auditit($_REQUEST['PID'], 0, $_SESSION['Email'], 'Removed Iteration', Get_Iteration_Name($_REQUEST['IID']) . ' from Release: ' . Get_Release_Name($_REQUEST['RID']));
    } else {
        $sql = 'UPDATE story SET story.Release_ID=0 WHERE (story.Parent_Story_ID=' . $_REQUEST['PARID'] . ' AND story.Release_ID=' . $_REQUEST['RID'] . ') or story.AID=' . $_REQUEST['PARID'];
        auditit($_REQUEST['PID'], 0, $_SESSION['Email'], 'Removed Epic', $_REQUEST['PARID'] . ' from Release: ' . Get_Release_Name($_REQUEST['RID']));
    }
    mysqli_query($DBConn, $sql);
}
function GetTreeRoot($sql, $flag = '')
{
    global $DBConn;
    $tree_Res = mysqli_query($DBConn, $sql);
    echo '<br>&nbsp;&nbsp;<img id="1line" src="images/1line.png" title="One line story display"> <img id="2line" src="images/2line.png" title="Two line story display"> <img id="3line" src="images/3line.png" title="Three line story display">';
    echo '&nbsp;&nbsp;<a href="#" class="btnCollapseAll" id="">Collapse</a>/';
    echo '<a href="#" class="btnExpandAll" id="">Expand</a>';
    echo '<div class="tree" id="tree">';
    echo '<ul>';
    GetTree($tree_Res, $flag);
    echo '</ul>';
    echo '</div>';
<?php

require_once 'include/dbconfig.inc.php';
require_once 'include/common.php';
$user_details = check_user($_SESSION['user_identifier']);
if (!$user_details) {
    exit;
}
auditit($_GET['PID'], $_GET['AID'], $_SESSION['Email'], 'Deleted File:' . $_GET['Name'] . '.' . $_GET['Type']);
$sql = "DELETE FROM upload WHERE upload.Name=UNHEX('" . $_GET['Name'] . "')";
mysqli_query($DBConn, $sql);
if (!mysqli_error($DBConn)) {
    unlink(getcwd() . '/upload/' . $_GET['Name'] . '.' . $_GET['Type']);
}
<?php

require_once 'include/dbconfig.inc.php';
require_once 'include/common.php';
$user_details = check_user($_SESSION['user_identifier']);
if (!$user_details) {
    exit;
}
$sql = 'UPDATE story SET story.Parent_Story_ID="' . $_GET['NPAR'] . '" WHERE story.AID=' . $_GET['SID'];
mysqli_query($DBConn, $sql);
Update_Parent_Points($_GET['SID']);
Update_oldParent_Points($_GET['OPAR']);
auditit($_GET['PID'], $_GET['SID'], $_SESSION['Email'], 'Update parent', fetchusingID('Summary', $_GET['OPAR'], 'story'), fetchusingID('Summary', $_GET['NPAR'], 'story'));
if (isset($_POST['truncateit'])) {
    $sql = 'TRUNCATE TABLE audit';
    mysqli_query($DBConn, $sql);
    auditit(0, 0, $_SESSION['Email'], 'Audit log truncated', 'All records deleted and index reset');
    if (mysqli_error($DBConn)) {
        echo '<br>' . mysqli_error($DBConn) . '<br>';
    } else {
        echo '<center><P><B>All Audit records Deleted.</B><P>';
    }
    $showForm = false;
}
if (isset($_POST['beforedate'])) {
    $sql = "DELETE FROM audit where audit.When<'" . $_REQUEST['Start_Date'] . "'";
    echo $sql;
    mysqli_query($DBConn, $sql);
    auditit(0, 0, $_SESSION['Email'], 'Audit log truncated', 'All records before ' . $_REQUEST['Start_Date'] . ' deleted');
    if (mysqli_error($DBConn)) {
        echo '<br>' . mysqli_error($DBConn) . '<br>';
    } else {
        echo '<center><P><B>All records before ' . $_REQUEST['Start_Date'] . ' deleted</B><P>';
    }
    $showForm = false;
}
if ($showForm == false) {
    echo '<center><p><p><form  enctype="multipart/form-data" method="post" action="?">';
    echo '			<br><input type="submit" name="ok" value="OK">';
    echo '			</form></center>';
}
if ($showForm) {
    if ($Usr['Admin_User'] == 1) {
        ?>
<?php

require_once 'include/dbconfig.inc.php';
require_once 'include/common.php';
$user_details = check_user($_SESSION['user_identifier']);
if (!$user_details) {
    exit;
}
$sql = 'UPDATE story SET story.Iteration_ID=' . $_GET['IID'] . ' WHERE story.AID=' . $_GET['AID'];
mysqli_query($DBConn, $sql);
if ($_GET['mov'] == 'ltr') {
    echo Update_Iteration_Points($_GET['IID']);
} else {
    Update_Iteration_Points($_GET['IID']);
}
if ($_GET['mov'] == 'rtl') {
    echo Update_Iteration_Points($_GET['OIID']);
} else {
    Update_Iteration_Points($_GET['OIID']);
}
auditit($_GET['PID'], $_GET['AID'], $_SESSION['Email'], 'Move story', Get_Iteration_Name($_GET['OIID'], false), Get_Iteration_Name($_GET['IID'], false));