Example #1
0
function frs_admin_header($params)
{
    global $group_id;
    /*
    	Are they logged in?
    */
    if (!session_loggedin()) {
        exit_not_logged_in();
    }
    $project =& group_get_object($group_id);
    if (!$project || !is_object($project)) {
        return;
    }
    $perm =& $project->getPermission(session_get_user());
    if (!$perm || !is_object($perm)) {
        return;
    }
    /*
    	Are they a release technician?
    */
    if (!$perm->isReleaseTechnician()) {
        exit_permission_denied();
    }
    frs_header($params);
}
 function PHPWikiServiceAdmin($id)
 {
     global $LANG, $is_wiki_page;
     //used so the search box will add the necessary element to the pop-up box
     $is_wiki_page = 1;
     $this->gid = (int) $id;
     if (empty($this->gid)) {
         exit_no_group();
     }
     if (!user_ismember($this->gid, 'W2')) {
         exit_permission_denied();
     }
     $this->wiki = new PHPWiki($this->gid);
     // If Wiki for project doesn't exist, propose creation...
     if (!$this->wiki->exist()) {
         header('Location: ' . PHPWIKI_PLUGIN_BASE_URL . '/index.php?group_id=' . $this->gid . '&view=install');
     }
     // Set language for phpWiki
     if ($this->wiki->getLanguage_id()) {
         define('DEFAULT_LANGUAGE', $this->wiki->getLanguage_id());
         $LANG = $this->wiki->getLanguage_id();
     }
 }
Example #3
0
function snippet_header($params)
{
    global $is_snippet_page, $HTML, $feedback, $Language;
    if ($GLOBALS['sys_use_snippet'] == 0) {
        exit_permission_denied();
    }
    // LJ used so the search box will add the necessary element to the pop-up box
    // Codendi Specific
    $is_snippet_page = 1;
    $HTML->header($params);
    /*
    	Show horizontal links
    */
    echo '<H2>' . $params['title'] . '</H2>';
    echo '<P><B>';
    echo '<A HREF="/snippet/">' . $Language->getText('snippet_utils', 'browse') . '</A>
		 | <A HREF="/snippet/submit.php">' . $Language->getText('snippet_utils', 'create_s') . '</A>
		 | <A HREF="/snippet/package.php">' . $Language->getText('snippet_utils', 'create_p') . '</A></B>';
    if (isset($params['help']) && $params['help']) {
        echo ' | ' . help_button($params['help'], false, $Language->getText('global', 'help'));
    }
    echo '<P>';
    html_feedback_top($feedback);
}
Example #4
0
/**
 *	session_require() - Convenience function to easily enforce permissions
 *
 *	Calling page will terminate with error message if current user
 *	fails checks.
 *
 *	@param		array	Associative array specifying criteria
 *	@return does not return if check is failed
 *
 */
function session_require($req)
{
    if (!user_isloggedin()) {
        exit_not_logged_in();
        //exit_permission_denied();
    }
    if ($req['group']) {
        $group =& group_get_object($req['group']);
        if (!$group || !is_object($group)) {
            exit_error(_('Error'), _('Error creating group object'));
        } else {
            if ($group->isError()) {
                exit_error(_('Error'), $group->getErrorMessage());
            }
        }
        $perm =& $group->getPermission(session_get_user());
        if (!$perm || !is_object($perm)) {
            exit_error(_('Error'), _('Error creating permission object'));
        } else {
            if ($perm->isError()) {
                exit_error(_('Error'), $perm->getErrorMessage());
            }
        }
        if ($req['admin_flags']) {
            //$query .= " AND admin_flags = '$req[admin_flags]'";
            if (!$perm->isAdmin()) {
                exit_permission_denied();
            }
        } else {
            if (!$perm->isMember()) {
                exit_permission_denied();
            }
        }
    } else {
        if ($req['isloggedin']) {
            //no need to check as long as the check is present at top of function
        } else {
            exit_permission_denied();
        }
    }
}
 /**
  * Check access permissions for wiki and wiki pages.
  *
  * Check restriction for:
  *  wiki: whole wiki can be restricted.
  *  wikipage: each page of the wiki can be restricted.
  */
 function checkPermissions()
 {
     // Check if user can access to whole wiki
     if (!$this->wiki->isAutorized(user_getid())) {
         $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_phpwiki_wikiservice', 'acces_denied_whole', session_make_url("/project/memberlist.php?group_id=" . $this->gid)), CODENDI_PURIFIER_DISABLED);
         exit_permission_denied();
     }
     // Check if user can access to selected page
     if (!empty($_REQUEST['pagename'])) {
         $wp = new PHPWikiPage($this->gid, $_REQUEST['pagename']);
         if (!$wp->isAutorized(user_getid())) {
             $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_phpwiki_wikiservice', 'acces_denied_page', session_make_url("/project/memberlist.php?group_id=" . $this->gid)), CODENDI_PURIFIER_DISABLED);
             exit_permission_denied();
         }
     }
 }
Example #6
0
            return "Next {$minutetime} Minutes";
        }
        return "Next {$timedifference} Seconds";
    }
}
//
//      get the Group object
//
$group_id = getIntFromRequest('group_id');
$group =& group_get_object($group_id);
if (!$group || !is_object($group)) {
    exit_no_group();
}
if ($group->isError()) {
    if ($group->isPermissionDeniedError()) {
        exit_permission_denied($group->getErrorMessage());
    } else {
        exit_error(_('Error'), $group->getErrorMessage());
    }
}
if (!$group_id && $form_grp) {
    $group_id = $form_grp;
}
site_project_header(array('title' => _('Project Member List'), 'group' => $group_id, 'toptab' => 'memberlist'));
echo _('<p>If you would like to contribute to this project by becoming a developer, contact one of the project admins, designated in bold text below.</p>');
$title_arr = array();
$title_arr[] = _('Developer');
$title_arr[] = _('Summary');
$title_arr[] = _('Open Date');
$title_arr[] = _('Last Modified');
echo $GLOBALS['HTML']->listTableTop($title_arr);
Example #7
0
 /**
  * Hook
  */
 function cancelChangeAndUserLdap($params)
 {
     $um = UserManager::instance();
     $user = $um->getCurrentUser();
     if ($GLOBALS['sys_auth_type'] == 'ldap' && $user->getLdapId() != '') {
         if (!$this->hasLDAPWrite()) {
             exit_permission_denied();
         }
     }
 }
    /**
     *  ExecuteAction - Executes the action passed as parameter
     *
     *  @param  string	 action to execute.
     */
    function ExecuteAction($action)
    {
        global $HTML;
        if ($action == "change_status") {
            //change a forum
            $forum_name = getStringFromRequest('forum_name');
            $description = getStringFromRequest('description');
            $send_all_posts_to = getStringFromRequest('send_all_posts_to');
            $allow_anonymous = getIntFromRequest('allow_anonymous');
            $is_public = getIntFromRequest('is_public');
            $moderation_level = getIntFromRequest('moderation_level');
            $group_forum_id = getIntFromRequest('group_forum_id');
            /*
            	Change a forum
            */
            $f = new Forum($this->g, $group_forum_id);
            if (!$f || !is_object($f)) {
                exit_error(_('Error'), _('Error getting Forum'));
            } elseif ($f->isError()) {
                exit_error(_('Error'), $f->getErrorMessage());
            }
            if (!$f->userIsAdmin()) {
                exit_permission_denied();
            }
            if (!$f->update($forum_name, $description, $allow_anonymous, $is_public, $send_all_posts_to, $moderation_level)) {
                exit_error(_('Error'), $f->getErrorMessage());
            } else {
                $feedback = _('Forum Info Updated Successfully');
            }
            return $feedback;
        }
        if ($action == "add_forum") {
            //add forum
            $forum_name = getStringFromRequest('forum_name');
            $description = getStringFromRequest('description');
            $is_public = getStringFromRequest('is_public');
            $send_all_posts_to = getStringFromRequest('send_all_posts_to');
            $allow_anonymous = getStringFromRequest('allow_anonymous');
            $moderation_level = getIntFromRequest('moderation_level');
            /*
            	Adding forums to this group
            */
            if (!$this->p->isForumAdmin()) {
                form_release_key(getStringFromRequest("form_key"));
                exit_permission_denied();
            }
            $f = new Forum($this->g);
            if (!$f || !is_object($f)) {
                form_release_key(getStringFromRequest("form_key"));
                exit_error(_('Error'), _('Error getting Forum'));
            } elseif ($f->isError()) {
                form_release_key(getStringFromRequest("form_key"));
                exit_error(_('Error'), $f->getErrorMessage());
            }
            if (!$f->create($forum_name, $description, $is_public, $send_all_posts_to, 1, $allow_anonymous, $moderation_level)) {
                form_release_key(getStringFromRequest("form_key"));
                exit_error(_('Error'), $f->getErrorMessage());
            } else {
                $feedback = _('Forum created successfully');
            }
            return $feedback;
        }
        if ($action == "delete") {
            //Deleting messages or threads
            $msg_id = getStringFromRequest('deletemsg');
            $forum_id = getIntFromRequest('forum_id');
            $f = new Forum($this->g, $forum_id);
            if (!$f || !is_object($f)) {
                exit_error(_('Error'), _('Error getting Forum'));
            } elseif ($f->isError()) {
                exit_error(_('Error'), $f->getErrorMessage());
            }
            if (!$f->userIsAdmin()) {
                exit_permission_denied();
            }
            $fm = new ForumMessage($f, $msg_id);
            if (!$fm || !is_object($fm)) {
                exit_error(_('Error'), _('Error Getting ForumMessage'));
            } elseif ($fm->isError()) {
                exit_error(_('Error'), $fm->getErrorMessage());
            }
            $count = $fm->delete();
            if (!$count || $fm->isError()) {
                exit_error(_('Error'), $fm->getErrorMessage());
            } else {
                $feedback = sprintf(ngettext('%1$s message deleted', '%1$s messages deleted', $count), $count);
            }
            return $feedback;
        }
        if ($action == "delete_forum") {
            //delete the forum
            /*
            	Deleting entire forum
            */
            $group_forum_id = getIntFromRequest('group_forum_id');
            $f = new Forum($this->g, $group_forum_id);
            if (!$f || !is_object($f)) {
                exit_error(_('Error'), _('Error getting Forum'));
            } elseif ($f->isError()) {
                exit_error(_('Error'), $f->getErrorMessage());
            }
            if (!$f->userIsAdmin()) {
                exit_permission_denied();
            }
            if (!$f->delete(getStringFromRequest('sure'), getStringFromRequest('really_sure'))) {
                exit_error(_('Error'), $f->getErrorMessage());
            } else {
                $feedback = _('Successfully Deleted');
            }
            return $feedback;
        }
        if ($action == "view_pending") {
            //show the pending messages, awaiting moderation
            $group_id = $this->group_id;
            $forum_id = getStringFromRequest("forum_id");
            if ($this->isGroupAdmin()) {
                $this->PrintAdminOptions();
            }
            $sql = "SELECT forum_name, group_forum_id FROM forum_group_list WHERE group_id='{$group_id}' and moderation_level > 0";
            $res = db_query($sql);
            if (!$res) {
                echo db_error();
                return;
            }
            global $sys_db_row_pointer;
            $moderated_forums = array();
            for ($i = 0; $i < db_numrows($res); $i++) {
                $aux = db_fetch_array($res);
                $moderated_forums[$aux[1]] = $aux[0];
            }
            if (count($moderated_forums) == 0) {
                echo $HTML->feedback(_('No forums are moderated for this group'));
                forum_footer(array());
                exit;
            }
            if (!$forum_id) {
                //get the first one
                $keys = array_keys($moderated_forums);
                $forum_id = $keys[0];
            }
            echo '
			<script language="JavaScript" type="text/javascript">
		
			function confirmDel() {
				var agree=confirm("Proceed? Actions are permanent!");
				if (agree) {
					return true;
				} else {
					return false;
				}
			}
			</script>
			<p><form name="pending" action="pending.php" method="post">
			<input type="hidden" name="action" value="update_pending" />
			<input type="hidden" name="form_key" value="' . form_generate_key() . '">
			<input type="hidden" name="group_id" value="' . getIntFromRequest("group_id") . '" />
			<input type="hidden" name="forum_id" value="' . $forum_id . '" />

			';
            //$moderated_forums["A"] = "All Forums for this group"; // to show all
            echo html_build_select_box_from_assoc($moderated_forums, forum_id, $forum_id);
            echo '    <input name="Go" type="submit" value="Go"><p>';
            $title = array();
            $title[] = _('Forum Name');
            $title[] = _('Message');
            $title[] = "Action";
            $sql = "SELECT msg_id,subject,pm.group_forum_id,gl.forum_name FROM forum_pending_messages pm, forum_group_list gl WHERE pm.group_forum_id='{$forum_id}' AND pm.group_forum_id=gl.group_forum_id AND gl.group_forum_id='{$forum_id}'";
            $res = db_query($sql);
            if (!$res) {
                echo db_error();
                return;
            }
            $options = array("1" => "No action", "2" => "Delete", "3" => "Release");
            //array with the supported actions
            //i�ll make a hidden variable, helps to determine when the user updates the info, which action corresponds to which msgID
            for ($i = 0; $i < db_numrows($res); $i++) {
                $ids .= db_result($res, $i, 'msg_id') . ",";
            }
            $i = 2;
            echo $HTML->listTableTop($title);
            while ($onemsg = db_fetch_array($res)) {
                //$url = 'pendingmsgdetail.php?msg_id=' . $onemsg[msg_id];
                //<a href=\"javascript:msgdetail('$url');\">$onemsg[subject]</a>
                $url = "http://www.google.com";
                echo "\n\t\t\t\t<tr" . $HTML->boxGetAltRowStyle($i++) . ">\n\t\t\t\t\t<td>{$onemsg['forum_name']}</td>\t\n\t\t\t\t\t<td><a href=\"#\" OnClick=\"window.open('pendingmsgdetail.php?msg_id={$onemsg['msg_id']}&forum_id={$onemsg['group_forum_id']}&group_id={$group_id}','PendingMessageDetail','width=800,height=600,status=no,resizable=yes');\">{$onemsg['subject']}</a></td>\n\t\t\t\t\t<td><div align=\"right\">" . html_build_select_box_from_assoc($options, "doaction[]", 1) . "</div></td>\n\t\t\t\t</tr>";
            }
            echo $HTML->listTableBottom();
            echo '
			<p>
			<input type="hidden" name="msgids" value="' . $ids . '">
			<div align="right"><input type="submit" onClick="return confirmDel();" name="update" value="' . _('Update') . '"></div>
			</form>
			';
        }
        if ($action == "update_pending") {
            $group_id = getIntFromRequest("group_id");
            $forum_id = getIntFromRequest("forum_id");
            $msgids = getStringFromRequest("msgids");
            //the message ids to update
            $doaction = getArrayFromRequest("doaction");
            //the actions for the messages
            $msgids = split(",", $msgids);
            array_pop($msgids);
            //this last one is empty
            /*if ($this->isGroupAdmin()) {
            			$this->PrintAdminOptions();
            		}*/
            $results = array();
            //messages
            for ($i = 0; $i < count($msgids); $i++) {
                switch ($doaction[$i]) {
                    case 1:
                        //no action
                        break;
                    case 2:
                        //delete
                        db_begin();
                        $sql = "DELETE FROM forum_pending_attachment WHERE msg_id='{$msgids[$i]}'";
                        if (!db_query($sql)) {
                            $feedback .= "DB Error ";
                            $feedback .= db_error() . "<br>";
                            db_rollback();
                            break;
                        }
                        $sql = "DELETE FROM forum_pending_messages WHERE msg_id='{$msgids[$i]}'";
                        if (!db_query($sql)) {
                            $feedback .= "DB Error ";
                            $feedback .= db_error() . "<br>";
                            db_rollback();
                            break;
                        }
                        db_commit();
                        $feedback .= _('Forum deleted');
                        break;
                    case 3:
                        //release
                        $sql = "SELECT * FROM forum_pending_messages WHERE msg_id='{$msgids[$i]}'";
                        $res1 = db_query($sql);
                        if (!$res1) {
                            $feedback .= "DB Error " . db_error() . "<br>";
                            break;
                        }
                        $sql = "SELECT * FROM forum_pending_attachment WHERE msg_id='{$msgids[$i]}'";
                        $res2 = db_query($sql);
                        if (!$res2) {
                            $feedback .= "DB Error " . db_error() . "<br>";
                            break;
                        }
                        $f = new Forum($this->g, $forum_id);
                        if (!$f || !is_object($f)) {
                            exit_error(_('Error'), _('Error getting new Forum'));
                        } elseif ($f->isError()) {
                            exit_error(_('Error'), $f->getErrorMessage());
                        }
                        $fm = new ForumMessage($f);
                        // pending = false
                        if (!$fm || !is_object($fm)) {
                            exit_error(_('Error'), "Error getting new ForumMessage");
                        } elseif ($fm->isError()) {
                            exit_error(_('Error'), "Error getting new ForumMessage: " . $fm->getErrorMessage());
                        }
                        $group_forum_id = db_result($res1, 0, "group_forum_id");
                        $subject = db_result($res1, 0, "subject");
                        $body = db_result($res1, 0, "body");
                        $post_date = db_result($res1, 0, "post_date");
                        $thread_id = db_result($res1, 0, "thread_id");
                        $is_followup_to = db_result($res1, 0, "is_followup_to");
                        $posted_by = db_result($res1, 0, "posted_by");
                        $has_followups = db_result($res1, 0, "has_followups");
                        $most_recent_date = db_result($res1, 0, "most_recent_date");
                        if ($fm->insertreleasedmsg($group_forum_id, $subject, $body, $post_date, $thread_id, $is_followup_to, $posted_by, $has_followups, time())) {
                            $feedback .= "( {$subject} ) " . _('Pending forum released') . "<br>";
                            if (db_numrows($res2) > 0) {
                                //if there�s an attachment
                                $am = new AttachManager();
                                //object that will handle and insert the attachment into the db
                                $am->SetForumMsg($fm);
                                $userid = db_result($res2, 0, "userid");
                                $dateline = db_result($res2, 0, "dateline");
                                $filename = db_result($res2, 0, "filename");
                                $filedata = db_result($res2, 0, "filedata");
                                $filesize = db_result($res2, 0, "filesize");
                                $visible = db_result($res2, 0, "visible");
                                $msg_id = db_result($res2, 0, "msg_id");
                                $filehash = db_result($res2, 0, "filehash");
                                $mimetype = db_result($res2, 0, "mimetype");
                                $am->AddToDBOnly($userid, $dateline, $filename, $filedata, $filesize, $visible, $filehash, $mimetype);
                                foreach ($am->Getmessages() as $item) {
                                    $feedback .= "{$msg_id} - " . $item . "<br>";
                                }
                            }
                            $deleteok = true;
                        } else {
                            if ($fm->isError()) {
                                if ($fm->getErrorMessage() == _('Couldn\'t Update Master Thread parent with current time')) {
                                    //the thread which the message was replying to doesn�t exist any more
                                    $feedback .= "( " . $subject . " ) " . _('The thread which the message was posted to doesn\'t exist anymore, please delete the message.') . "<br>";
                                } else {
                                    $feedback .= "{$msg_id} - " . $fm->getErrorMessage() . "<br>";
                                }
                                $deleteok = false;
                            }
                        }
                        if (isset($am) && is_object($am)) {
                            //if there was an attach, check if it was uploaded ok
                            if (!$am->isError()) {
                                $deleteok = true;
                            } else {
                                //undo the changes to the forum table
                                db_begin();
                                $sql = "DELETE FROM forum WHERE msg_id='{$fm->getID}()'";
                                if (!db_query($sql)) {
                                    $feedback .= "DB Error ";
                                    $feedback .= db_error() . "<br>";
                                    db_rollback();
                                    break;
                                }
                                db_commit();
                                $deleteok = false;
                            }
                        }
                        if ($deleteok) {
                            //delete the message and attach
                            db_begin();
                            $sql = "DELETE FROM forum_pending_attachment WHERE msg_id='{$msgids[$i]}'";
                            if (!db_query($sql)) {
                                $feedback .= "DB Error ";
                                $feedback .= db_error() . "<br>";
                                db_rollback();
                                break;
                            }
                            $sql = "DELETE FROM forum_pending_messages WHERE msg_id='{$msgids[$i]}'";
                            if (!db_query($sql)) {
                                $feedback .= "DB Error ";
                                $feedback .= db_error() . "<br>";
                                db_rollback();
                                break;
                            }
                            db_commit();
                        }
                }
            }
            html_feedback_top($feedback);
            $page = 0;
            $this->ExecuteAction("view_pending");
        }
    }
Example #9
0
/**
 *
 *   Method of easily enforcing permissions
 *   Page will terminate with error message if you fail checks
 *
 */
function session_require($req)
{
    if (!user_isloggedin()) {
        exit_permission_denied();
    }
    /*
    	SF Admins always have permission
    */
    if (user_is_super_user()) {
        return true;
    }
    if ($req['group']) {
        $group =& group_get_object($req['group']);
        if (!$group) {
            exit_no_group();
        }
        if ($req['admin_flags']) {
            //$query .= " AND admin_flags = '$req[admin_flags]'";
            if (!$group->userIsAdmin()) {
                exit_permission_denied();
            }
        } else {
            if (!$group->userIsMember()) {
                exit_permission_denied();
            }
        }
    } else {
        if ($req['isloggedin']) {
            //no need to check as long as the check is present at top of function
        } else {
            exit_permission_denied();
        }
    }
}
Example #10
0
/**
 *	session_require() - Convenience function to easily enforce permissions
 *
 *	Calling page will terminate with error message if current user
 *	fails checks.
 *
 *	@param		array	Associative array specifying criteria
 *	@return does not return if check is failed
 *
 */
function session_require($req)
{
    if (!session_loggedin()) {
        exit_not_logged_in();
    }
    if ($req['group']) {
        $group =& group_get_object($req['group']);
        if (!$group || !is_object($group)) {
            exit_error('Error', 'Could Not Get Group');
        } elseif ($group->isError()) {
            exit_error('Error', $group->getErrorMessage());
        }
        $perm =& $group->getPermission(session_get_user());
        if (!$perm || !is_object($perm) || $perm->isError()) {
            exit_permission_denied();
        }
        //don't really like this, but as admin_flags is not mandatory
        //I add @ to remove the warning
        if (@$req['admin_flags']) {
            if (!$perm->isAdmin()) {
                exit_permission_denied();
            }
        } else {
            if (!$perm->isMember()) {
                exit_permission_denied();
            }
        }
    } else {
        if ($req['isloggedin']) {
            //no need to check as long as the check is present at top of function
        } else {
            exit_permission_denied();
        }
    }
}
Example #11
0
//
// SourceForge: Breaking Down the Barriers to Open Source Development
// Copyright 1999-2000 (c) The SourceForge Crew
// http://sourceforge.net
//
// $Id: submit.php,v 1.3 2004/01/13 13:15:24 helix Exp $
require 'pre.php';
require '../forum/forum_utils.php';
if (user_isloggedin()) {
    //news must now be submitted from a project page -
    if (!$group_id) {
        exit_no_group();
    }
    if (!user_ismember($group_id, 'A')) {
        exit_permission_denied('You cannot submit news ' . 'for a project unless you are an admin on that project');
    }
    if ($post_changes) {
        //check to make sure both fields are there
        if ($summary && $details) {
            /*
            	Insert the row into the db if it's a generic message
            	OR this person is an admin for the group involved
            */
            /*
            	create a new discussion forum without a default msg
            	if one isn't already there
            */
            $new_id = forum_create_forum($sys_news_group, $summary, 1, 0);
            $sql = "INSERT INTO news_bytes (group_id,submitted_by,is_approved,date,forum_id,summary,details) " . " VALUES ('{$group_id}','" . user_getid() . "','0','" . time() . "','{$new_id}','" . htmlspecialchars($summary) . "','" . htmlspecialchars($details) . "')";
            $result = db_query($sql);
Example #12
0
 */
require_once '../env.inc.php';
require_once $gfwww . 'include/pre.php';
require_once $gfwww . 'include/note.php';
require_once $gfwww . 'news/news_utils.php';
require_once $gfcommon . 'forum/Forum.class.php';
require_once $gfcommon . 'include/TextSanitizer.class.php';
// to make the HTML input by the user safe to store
$group_id = getIntFromRequest('group_id');
if (session_loggedin()) {
    if (!user_ismember($group_id, 'A')) {
        exit_permission_denied(_('You cannot submit news for a project unless you are an admin on that project'));
    }
    $group_id = getIntFromRequest('group_id');
    if ($group_id == $sys_news_group) {
        exit_permission_denied(_('Submitting news from the news group is not allowed.'));
    }
    if (getStringFromRequest('post_changes')) {
        if (!form_key_is_valid(getStringFromRequest('form_key'))) {
            exit_form_double_submit();
        }
        $summary = getStringFromRequest('summary');
        $details = getStringFromRequest('details');
        //check to make sure both fields are there
        if ($summary && $details) {
            /*
            	Insert the row into the db if it's a generic message
            	OR this person is an admin for the group involved
            */
            /*
            	create a new discussion forum without a default msg
function project_admin_header($params)
{
    global $group_id, $feedback, $HTML;
    $params['toptab'] = 'admin';
    $params['group'] = $group_id;
    $project =& group_get_object($group_id);
    if (!$project || !is_object($project)) {
        return;
    }
    $perm =& $project->getPermission(session_get_user());
    if (!$perm || !is_object($perm)) {
        return;
    }
    /*
    	Enforce Project Admin Perms
    */
    if (!$perm->isAdmin()) {
        exit_permission_denied();
    }
    site_project_header($params);
    $labels = array();
    $links = array();
    //$labels[] = _('Admin');
    $labels[] = _('Edit Public Info');
    $labels[] = _('Project History');
    if ($GLOBALS['sys_use_people']) {
        $labels[] = _('Post Jobs');
        $labels[] = _('Edit Jobs');
    }
    if ($GLOBALS['sys_use_project_multimedia']) {
        $labels[] = _('Edit Multimedia Data');
    }
    if ($GLOBALS['sys_use_project_vhost']) {
        $labels[] = _('VHOSTs');
    }
    if ($GLOBALS['sys_use_project_database']) {
        $labels[] = _('Database Admin');
    }
    $labels[] = _('Stats');
    plugin_hook("quota_label_project_admin");
    //$links[] = '/project/admin/?group_id='.$group_id;
    $links[] = '/project/admin/editgroupinfo.php?group_id=' . $group_id;
    $links[] = '/project/admin/history.php?group_id=' . $group_id;
    if ($GLOBALS['sys_use_people']) {
        $links[] = '/people/createjob.php?group_id=' . $group_id;
        $links[] = '/people/?group_id=' . $group_id;
    }
    if ($GLOBALS['sys_use_project_multimedia']) {
        $links[] = '/project/admin/editimages.php?group_id=' . $group_id;
    }
    if ($GLOBALS['sys_use_project_vhost']) {
        $links[] = '/project/admin/vhost.php?group_id=' . $group_id;
    }
    if ($GLOBALS['sys_use_project_database']) {
        $links[] = '/project/admin/database.php?group_id=' . $group_id;
    }
    $links[] = '/project/stats/?group_id=' . $group_id;
    plugin_hook("quota_link_project_admin");
    echo $HTML->beginSubMenu();
    echo $HTML->printSubMenu($labels, $links);
    plugin_hook("groupadminmenu", $params);
    echo $HTML->endSubMenu();
}
Example #14
0
 function updateArtifact($row, $data, $aid, &$errors, $notify = false)
 {
     global $Language;
     $ah = new Tracker_Html($this->ath, $aid);
     if (!$ah || !is_object($ah)) {
         exit_error($Language->getText('global', 'error'), $Language->getText('plugin_tracker_index', 'not_create_art'));
     } else {
         if ($ah->isError()) {
             exit_error($Language->getText('global', 'error'), $ah->getErrorMessage());
         } else {
             // Check if users can update anonymously
             if (!user_isloggedin() && !$this->ath->allowsAnon()) {
                 exit_not_logged_in();
             }
             if (!$ah->Tracker->userIsAdmin()) {
                 exit_permission_denied();
                 return;
             }
             $vfl = $this->prepareVfl($data, $artifact_depend_id, $add_cc, $cc_comment, $comments);
             //data control layer
             if (!$ah->handleUpdate($artifact_depend_id, 100, $changes, false, $vfl, true)) {
                 exit_error($Language->getText('global', 'error'), '');
             }
             if ($add_cc) {
                 if (!$ah->updateCC($add_cc, $cc_comment)) {
                     $errors .= $Language->getText('plugin_tracker_import_utils', 'problem_add_cc', $ah->getID()) . " ";
                 }
             }
             $comments_ok = false;
             if ($comments) {
                 if ($this->parseFollowUpComments($comments, $parsed_comments, $aid) && $parsed_comments && !empty($parsed_comments)) {
                     $comments_ok = true;
                     if (!$ah->addFollowUpComments($parsed_comments)) {
                         $errors .= $Language->getText('plugin_tracker_import_utils', 'problem_insert_followup', $ah->getID()) . " ";
                         $comments_ok = false;
                         return false;
                     }
                 } else {
                     return false;
                 }
             }
             if ($notify && (count($changes) > 0 || $add_cc || $comments_ok)) {
                 $agnf = new Tracker_NotificationsManager($this->ath);
                 $ah->mailFollowupWithPermissions($agnf->getAllAddresses($this->ath->getID(), $update = true), $changes);
             }
             if (count($changes) > 0 || $add_cc || $comments_ok) {
                 // Update the 'last_update_date' artifact field
                 $res_last_up = $ah->update_last_update_date();
             }
         }
     }
     return true;
 }
Example #15
0
 /**
  *  Update an artifact. Rk: vfl is an variable list of fields, Vary from one project to another
  *  return true if artifact updated, false if nothing changed or DB update failed
  *
  * @param artifact_id_dependent: artifact dependencies
  * @param canned_response: canned responses
  * @param changes (OUT): array of changes (for notifications)
  *
  *  @return boolean
  */
 function handleUpdate($artifact_id_dependent, $canned_response, &$changes, $masschange = false, $vfl = false, $import = false)
 {
     global $art_field_fact, $HTTP_POST_VARS, $Language;
     if ($masschange && !$this->ArtifactType->userIsAdmin()) {
         exit_permission_denied();
     }
     if (!$import) {
         // Retrieve HTTP GET variables and store them in $vfl array
         $vfl = $art_field_fact->extractFieldList();
         // make sure  required fields are not empty
         if ($art_field_fact->checkEmptyFields($vfl) == false) {
             exit_missing_param();
         }
     }
     //get this artifact from the db
     $result = $this->getFieldsValues();
     //
     //  See which fields changed during the modification
     //  and if we must keep history then do it. Also add them to the update
     //  statement
     //
     $reference_manager =& ReferenceManager::instance();
     $text_value_list = array();
     $changes = array();
     $upd_list = '';
     reset($vfl);
     while (list($field_name, $value) = each($vfl)) {
         $field = $art_field_fact->getFieldFromName($field_name);
         // skip over special fields  except for details which in this
         // particular case can be processed normally
         if ($field->isSpecial()) {
             continue;
         }
         if ($field->isInt() && $value == '' && $field->getRequired() == 0) {
             $value = 0;
         }
         // we check if the given value is authorized for this field (for select box fields only)
         // we don't check here the none value, we have already check it before (we can't check here the none value because the function checkValueInPredefinedValues don't take the none value into account)
         // if the value did not change, we don't do the check (because of stored values that can be deleted now)
         if (!$masschange && $result[$field_name] != $value && $field->isSelectBox() && $value != 100 && !$field->checkValueInPredefinedValues($this->ArtifactType->getID(), $value)) {
             $this->setError($Language->getText('tracker_common_artifact', 'bad_field_value', array($field->getLabel(), $value)));
             return false;
         }
         if (!$masschange && $field->isMultiSelectBox()) {
             if (is_array($value)) {
                 foreach ($value as $a_value) {
                     if ($a_value != 100 && !$field->checkValueInPredefinedValues($this->ArtifactType->getID(), $a_value)) {
                         $this->setError($Language->getText('tracker_common_artifact', 'bad_field_value', array($field->getLabel(), $value)));
                         return false;
                     }
                 }
             }
         }
         $is_text = $field->isTextField() || $field->isTextArea();
         if ($field->isMultiSelectBox() && is_array($value)) {
             if ($masschange && in_array($Language->getText('global', 'unchanged'), $value)) {
                 continue;
             }
             // The field is a multi values field and it has multi assigned values
             $values = $value;
             // check if the user can update the field or not
             if (!$field->userCanUpdate($this->ArtifactType->getGroupID(), $this->ArtifactType->getID(), user_getid())) {
                 // we only throw an error if the values has changed
                 $old_values = $field->getValues($this->getID());
                 list($deleted_values, $added_values) = util_double_diff_array($old_values, $values);
                 if (count($deleted_values) > 0 || count($added_values) > 0) {
                     // The user does not have the permissions to update the current field,
                     // we exit the function with an error message
                     $this->setError($Language->getText('tracker_common_artifact', 'bad_field_permission_update', $field->getLabel()));
                     return false;
                 }
             }
             //don't take into account the none value if there are several values selected
             if (count($values) > 1) {
                 $temp = array();
                 while (list($i, $v) = each($values)) {
                     if ($v == 100) {
                         unset($values[$i]);
                         $unset = true;
                     } else {
                         $temp[] = $v;
                     }
                 }
                 if (isset($unset) && $unset) {
                     $values = $temp;
                 }
             }
             $old_values = $field->getValues($this->getID());
             list($deleted_values, $added_values) = util_double_diff_array($old_values, $values);
             // Check if there are some differences
             if (count($deleted_values) > 0 || count($added_values) > 0) {
                 // Add values in the history
                 $a = $field->getLabelValues($this->ArtifactType->getID(), $old_values);
                 $val = join(",", $a);
                 $b = $field->getLabelValues($this->ArtifactType->getID(), $values);
                 $new_val = join(",", $b);
                 $this->addHistory($field, $val, $new_val);
                 // Update the field value
                 if (!$field->updateValues($this->getID(), $values)) {
                     $GLOBALS['Response']->addFeedback('error', $Language->getText('tracker_common_artifact', 'field_upd_fail', $field->getLabel()));
                 }
                 if ($is_text) {
                     //Log for Cross references
                     $text_value_list[] = $values;
                 }
                 // Keep track of the change
                 $field_html = new ArtifactFieldHtml($field);
                 if (count($deleted_values) > 0) {
                     $val = join(",", $field->getLabelValues($this->ArtifactType->getID(), $deleted_values));
                     $changes[$field_name]['del'] = $val;
                 }
                 if (count($added_values) > 0) {
                     $val = join(",", $field->getLabelValues($this->ArtifactType->getID(), $added_values));
                     $changes[$field_name]['add'] = $val;
                 }
             }
         } else {
             if ($masschange && $value == $Language->getText('global', 'unchanged')) {
                 continue;
             }
             $old_value = $result[$field_name];
             if ($is_text) {
                 $differ = $old_value != htmlspecialchars($value);
                 //Log for Cross references
                 $text_value_list[] = $value;
             } else {
                 if ($field->isDateField()) {
                     // if it's a date we must convert the format to unix time
                     if ($value != '') {
                         list($value, $ok) = util_date_to_unixtime($value);
                     } else {
                         $value = '0';
                     }
                     //first have a look if both dates are uninitialized
                     if (($old_value == 0 || $old_value == '') && ($value == 0 || !$ok)) {
                         $differ = false;
                     } else {
                         // and make also sure that the old_value has been treated as the new value
                         // i.e. old_value (unix timestamp) -> local date (with hours cut off, so change the date by x  hours) -> unixtime
                         $old_date = format_date("Y-m-j", $old_value);
                         list($old_val, $ok) = util_date_to_unixtime($old_date);
                         $differ = $old_val != $value;
                     }
                 } else {
                     $differ = $old_value != $value;
                 }
             }
             if ($differ) {
                 // The userCanUpdate test is only done on modified fields
                 if ($field->userCanUpdate($this->ArtifactType->getGroupID(), $this->ArtifactType->getID(), user_getid())) {
                     if ($is_text) {
                         if ($field->isStandardField()) {
                             $upd_list .= "{$field_name}='" . db_es(htmlspecialchars($value)) . "',";
                         } else {
                             $update_value = htmlspecialchars($value);
                         }
                         $this->addHistory($field, $old_value, $value);
                         $value = stripslashes($value);
                     } else {
                         if ($field->isStandardField()) {
                             $upd_list .= "{$field_name}='" . db_es($value) . "',";
                         } else {
                             $update_value = $value;
                         }
                         $this->addHistory($field, $old_value, $value);
                     }
                     // Update the field value
                     if (!$field->isStandardField()) {
                         if (!$field->updateValue($this->getID(), $update_value)) {
                             $GLOBALS['Response']->addFeedback('error', $Language->getText('tracker_common_artifact', 'field_upd_fail', $field->getLabel()));
                         }
                     }
                     // Keep track of the change
                     $field_html = new ArtifactFieldHtml($field);
                     $changes[$field_name]['del'] = $field_html->display($this->ArtifactType->getID(), $old_value, false, false, true, true);
                     $changes[$field_name]['add'] = $field_html->display($this->ArtifactType->getID(), $value, false, false, true, true);
                 } else {
                     // The user does not have the permissions to update the current field,
                     // we exit the function with an error message
                     $this->setError($Language->getText('tracker_common_artifact', 'bad_field_permission_update', $field->getLabel()));
                     return false;
                 }
             }
         }
     }
     // while
     for ($i = 0; $i < sizeof($text_value_list); $i++) {
         $reference_manager->extractCrossRef($text_value_list[$i], $this->getID(), ReferenceManager::REFERENCE_NATURE_ARTIFACT, $this->ArtifactType->getGroupID());
     }
     $request = HTTPRequest::instance();
     //for masschange look at the special case of changing the submitted_by param
     if ($masschange) {
         reset($HTTP_POST_VARS);
         while (list($key, $val) = each($HTTP_POST_VARS)) {
             $val = $request->get($key);
             //Don't use HTTP_POST_VARS
             if ($key == 'submitted_by' && $val != $Language->getText('global', 'unchanged')) {
                 $sql = "UPDATE artifact SET submitted_by=" . db_ei($val) . " WHERE artifact_id = " . db_ei($this->getID());
                 $res = db_query($sql);
                 $field = $art_field_fact->getFieldFromName('submitted_by');
                 if ($this->getSubmittedBy() != $val) {
                     $this->addHistory('submitted_by', $this->getSubmittedBy(), $val);
                 }
             }
         }
     }
     // Comment field history is handled a little differently. Followup comments
     // are added in the bug history along with the comment type.
     //
     // If a canned response is given it overrides anything typed in the followup
     // comment text area.
     $comment = $request->get('comment');
     $comment_type_id = array_key_exists('comment_type_id', $vfl) ? $vfl['comment_type_id'] : '';
     $vFormat = new Valid_WhiteList('comment_format', array(self::FORMAT_HTML, self::FORMAT_TEXT));
     $comment_format = $request->getValidated('comment_format', $vFormat, self::FORMAT_TEXT);
     $this->addFollowUpComment($comment, $comment_type_id, $canned_response, $changes, $comment_format);
     //
     //  Enter the timestamp if we are changing to closed or declined
     //
     if (isset($changes['status_id']) && $this->isStatusClosed($vfl['status_id'])) {
         $now = time();
         $upd_list .= "close_date='{$now}',";
         $field = $art_field_fact->getFieldFromName('close_date');
         if ($field) {
             $this->addHistory($field, $result['close_date'], '');
         }
     }
     //
     //  Reset the timestamp if we are changing from closed or declined
     //
     if (isset($changes['status_id']) && !$this->isStatusClosed($vfl['status_id'])) {
         $upd_list .= "close_date='',";
         $field = $art_field_fact->getFieldFromName('close_date');
         if ($field) {
             $this->addHistory($field, $result['close_date'], '');
         }
     }
     //
     //  Insert the list of dependencies
     //
     if ($import && $artifact_id_dependent) {
         if (!$this->deleteAllDependencies()) {
             return false;
         }
         if ($artifact_id_dependent == $Language->getText('global', 'none')) {
             unset($artifact_id_dependent);
         }
     }
     if (isset($artifact_id_dependent)) {
         if (!$this->addDependencies($artifact_id_dependent, $changes, $masschange, $import)) {
             return false;
         }
     }
     //
     //  Finally, build the full SQL query and update the artifact itself (if need be)
     //
     $res_upd = true;
     if ($upd_list) {
         // strip the excess comma at the end of the update field list
         $upd_list = substr($upd_list, 0, -1);
         $sql = "UPDATE artifact SET {$upd_list} " . " WHERE artifact_id=" . db_ei($this->getID());
         $res_upd = db_query($sql);
     }
     if (!$res_upd) {
         exit_error($Language->getText('tracker_common_artifact', 'upd_fail') . ': ' . $sql, $Language->getText('tracker_common_artifact', 'upd_fail'));
         return false;
     } else {
         if (!$request->exist('change_permissions') || $request->get('change_permissions')) {
             $this->setPermissions($request->get('use_artifact_permissions_name'), $request->get('ugroups'));
         }
         return true;
     }
 }
Example #16
0
		</td>
	</tr>
	</table>
	</form>
	<?php 
        pm_footer(array());
    } else {
        if ($delete && $group_project_id) {
            $pg = new ProjectGroup($g, $group_project_id);
            if (!$pg || !is_object($pg)) {
                exit_error('Error', 'Could Not Get ProjectGroup');
            } elseif ($pg->isError()) {
                exit_error('Error', $pg->getErrorMessage());
            }
            if (!$pg->userIsAdmin()) {
                exit_permission_denied();
            }
            pm_header(array('title' => _('Delete')));
            ?>
	<form action="<?php 
            echo getStringFromServer('PHP_SELF') . '?group_id=' . $group_id . '&amp;group_project_id=' . $group_project_id;
            ?>
" method="post">
	<input type="hidden" name="post_changes" value="y" />
	<input type="hidden" name="delete" value="y" /><br />
	<?php 
            echo _('You are about to permanently and irretrievably delete this subproject and all its related data!');
            ?>
	<p>
	<input type="checkbox" name="sure" value="1"><?php 
            echo _('I\'m Sure');
 /**
  * Hook: Tracker admin "controller"
  * 
  * @param $params
  * 
  * @return void
  */
 function tracker_graphic_report_admin($params)
 {
     $request = HTTPRequest::instance();
     if ($request->getValidated('func', 'string') != 'date_field_notification') {
         return;
     }
     if (!user_isloggedin()) {
         exit_not_logged_in();
         return;
     }
     if (!$params['ath']->userIsAdmin()) {
         exit_permission_denied();
         return;
     }
     $field_id = $request->getValidated('field_id', 'uint');
     $field = $params['art_field_fact']->getFieldFromId($field_id);
     if ($field && $field->isDateField() && !$field->isSpecial()) {
         if ($request->isPost()) {
             if ($request->existAndNonEmpty('delete_reminder')) {
                 $tdrArtifactField = new TrackerDateReminder_ArtifactField();
                 $tdrArtifactField->deleteFieldReminderSettings($field->getID(), $params['ath']->getID());
             } elseif (array_key_exists('submit_notif_settings', $_REQUEST) && $_REQUEST['submit_notif_settings']) {
                 if ((!isset($_REQUEST['notified_users']) || isset($_REQUEST['notified_users']) && $_REQUEST['notified_users'] == NULL) && _(!isset($_REQUEST['notified_groups']) || isset($_REQUEST['notified_groups']) && $_REQUEST['notified_groups'] == NULL)) {
                     $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_date_reminder', 'specify_notified_users'));
                 } else {
                     if (count($_REQUEST['notified_users']) == 1 && $_REQUEST['notified_users'][0] == 100 && count($_REQUEST['notified_groups']) == 1 && $_REQUEST['notified_groups'][0] == 100) {
                         $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_date_reminder', 'specify_notified_users'));
                     } else {
                         if (!isset($_REQUEST['start']) || isset($_REQUEST['start']) && $_REQUEST['start'] == NULL) {
                             $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_date_reminder', 'specify_notification_start'));
                         } else {
                             if (!ereg("^[0-9]+\$", $_REQUEST['start']) || $_REQUEST['start'] < 0) {
                                 $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_date_reminder', 'positive_value'));
                             } else {
                                 if (!isset($_REQUEST['frequency']) || isset($_REQUEST['frequency']) && ($_REQUEST['frequency'] == NULL || $_REQUEST['frequency'] == 0)) {
                                     $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_date_reminder', 'specify_notification_frequency'));
                                 } else {
                                     if (!ereg("^[0-9]+\$", $_REQUEST['frequency']) || $_REQUEST['frequency'] < 0) {
                                         $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_date_reminder', 'positive_value'));
                                     } else {
                                         if (!isset($_REQUEST['recurse']) || isset($_REQUEST['recurse']) && ($_REQUEST['recurse'] == NULL || $_REQUEST['recurse'] == 0)) {
                                             $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_date_reminder', 'specify_notification_recurse'));
                                         } else {
                                             if (!ereg("^[0-9]+\$", $_REQUEST['recurse']) || $_REQUEST['recurse'] < 0) {
                                                 $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_date_reminder', 'positive_value'));
                                             } else {
                                                 //merge notified_users and notified_groups into one array
                                                 $notified = array();
                                                 if (isset($_REQUEST['notified_users'])) {
                                                     foreach ($_REQUEST['notified_users'] as $u) {
                                                         if ($u != 100) {
                                                             $notified[] = $u;
                                                         }
                                                     }
                                                 }
                                                 if (isset($_REQUEST['notified_groups'])) {
                                                     foreach ($_REQUEST['notified_groups'] as $gr) {
                                                         if ($gr != 100) {
                                                             $notified[] = $gr;
                                                         }
                                                     }
                                                 }
                                                 // now update the reminder settings
                                                 $tdrArtifactField = new TrackerDateReminder_ArtifactField();
                                                 $res = $tdrArtifactField->updateDateFieldReminderSettings($params['ath'], $field, $params['ath']->getID(), $_REQUEST['start'], $_REQUEST['notif_type'], $_REQUEST['frequency'], $_REQUEST['recurse'], $notified);
                                                 if ($res) {
                                                     $GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('plugin_tracker_date_reminder', 'notif_update_success', array($field->getLabel())));
                                                 } else {
                                                     $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_date_reminder', 'notif_update_fail', array($field->getLabel())));
                                                 }
                                             }
                                         }
                                     }
                                 }
                             }
                         }
                     }
                 }
             }
         }
         $params['ath']->adminHeader(array('title' => $GLOBALS['Language']->getText('plugin_tracker_date_reminder', 'admin_date_field_notif'), 'help' => 'tracker.html#email-notification-settings'));
         echo '<H2>' . $GLOBALS['Language']->getText('tracker_import_admin', 'tracker') . ' \'<a href="/tracker/admin/?group_id=' . $params['ath']->Group->getID() . '&atid=' . $params['ath']->getID() . '">' . $params['ath']->getName() . '</a>\' - ' . $GLOBALS['Language']->getText('tracker_include_type', 'mail_notif') . '</h2>';
         $tdrArtifactFieldHtml = new TrackerDateReminder_ArtifactFieldHtml();
         $tdrArtifactFieldHtml->displayDateFieldNotificationSettings($params['ath'], $field);
         $params['ath']->footer(array());
         exit;
     }
 }