function create_groups($keyword_groups)
{
foreach ($keyword_groups as $skwg) {
// Insert keyword group data into database table
$q = "INSERT INTO lcm_keyword_group \n\t\t\t\t(name, title, description, type, policy, quantity, suggest, ac_admin, ac_author) \n\t\t\tVALUES (" . "'" . addslashes($skwg['name']) . "', " . "'" . addslashes($skwg['title']) . "', " . "'" . addslashes($skwg['description']) . "', " . "'" . addslashes($skwg['type']) . "', " . "'" . addslashes($skwg['policy']) . "', " . "'" . addslashes($skwg['quantity']) . "', " . "'" . addslashes($skwg['suggest']) . "', " . "'" . addslashes($skwg['ac_admin']) . "', " . "'" . addslashes($skwg['ac_author']) . "')";
$result = lcm_query($q, true);
// Ignore if keyword exists (has unique key)
// Findout under what ID is this group stored
// Note: Do this instead of lcm_insert_id() because the keyword might not have been
// inserted, so using lcm_insert_id() would re-create ALL keywords using the latest kwg id...
$q = "SELECT id_group,name FROM lcm_keyword_group WHERE name='" . addslashes($skwg['name']) . "'";
$result = lcm_query($q);
$row = lcm_fetch_array($result);
$kwg_id = $row['id_group'];
// If group is not successfully created or its ID is not found, report error
// [ML] Failed SQL insert generates lcm_panic(), so this becomes useless.
if ($kwg_id < 1) {
lcm_log("create_groups: creation of keyword group seems to have failed. Aborting.");
lcm_log("-> Query was: " . $q);
return;
}
// Insert keywords data into database table
foreach ($skwg['keywords'] as $k) {
if (!isset($k['hasvalue'])) {
$k['hasvalue'] = 'N';
}
$q = "INSERT INTO lcm_keyword\n\t\t\t\t\t(id_group, name, title, description, hasvalue, ac_author)\n\t\t\t\tVALUES (" . $kwg_id . ", " . "'" . addslashes($k['name']) . "', " . "'" . addslashes($k['title']) . "', " . "'" . addslashes($k['description']) . "', " . "'" . addslashes($k['hasvalue']) . "', " . "'" . addslashes($k['ac_author']) . "')";
$result = lcm_query($q, true);
// Ignore if keyword exists (has unique key)
}
}
}
function read_author_data($id_author)
{
$q = "SELECT * FROM lcm_author WHERE id_author=" . $id_author;
$result = lcm_query($q);
if (!($usr = lcm_fetch_array($result))) {
lcm_panic("The user #{$id_author} does not exist in the database.");
}
return $usr;
}
function get_contact_by_id($id_contact)
{
if (!$id_contact) {
return NULL;
}
$query = "SELECT *\n\t\t\t\tFROM lcm_contact\n\t\t\t\tWHERE id_contact = " . intval($id_contact);
$result = lcm_query($query);
if ($row = lcm_fetch_array($result)) {
return $row;
} else {
return NULL;
}
}
function write_meta($name, $value)
{
// Escape $value
$value = addslashes($value);
// PostgreSQL does not support "REPLACE foo" syntax
$query = "SELECT name, value FROM lcm_meta WHERE name = '{$name}'";
$result = lcm_query($query);
if ($row = lcm_fetch_array($result)) {
lcm_query("UPDATE lcm_meta \n\t\t\t\tSET value = '{$value}'\n\t\t\t\tWHERE name = '{$name}'");
} else {
lcm_query("INSERT INTO lcm_meta (name, value) VALUES ('{$name}', '{$value}')");
}
// Refresh cache (inc_meta_cache.php)
write_metas();
}
function create_repfields($rep_fields)
{
foreach ($rep_fields as $f) {
$q = "SELECT * \n\t\t\t\tFROM lcm_fields \n\t\t\t\tWHERE table_name = '" . $f['table_name'] . "'\n\t\t\t\t AND field_name = '" . $f['field_name'] . "'";
$result = lcm_query($q);
if ($row = lcm_fetch_array($result)) {
// check if update necessary
$needs_update = false;
foreach ($f as $key => $val) {
if ($row[$key] != $val) {
$needs_update = true;
}
}
if ($needs_update) {
$all_fields_tmp = array();
$all_fields = "";
foreach ($f as $key => $val) {
$all_fields_tmp[] = "{$key} = '{$val}'";
}
$all_fields = implode(", ", $all_fields_tmp);
$q2 = "UPDATE lcm_fields\n\t\t\t\t\t\tSET " . $all_fields . "\n\t\t\t\t\t\tWHERE table_name = '" . $f['table_name'] . "'\n\t\t\t\t\t\t AND field_name = '" . $f['field_name'] . "'";
lcm_query($q2);
}
} else {
// insert new field
$field_list = "";
$values_list = "";
foreach ($f as $key => $val) {
$field_list .= "{$key},";
$values_list .= "'{$val}',";
}
$field_list = preg_replace("/,\$/", "", $field_list);
$values_list = preg_replace("/,\$/", "", $values_list);
$q2 = "INSERT INTO lcm_fields ({$field_list})\n\t\t\t\t\t\tVALUES (" . $values_list . ")";
lcm_query($q2);
}
}
}
if ($ok) {
break;
}
}
if ($ok) {
$ok = $auth->lire();
}
if ($ok) {
$auth->activate();
// Force cookies for admins
if ($auth->username and $auth->status == 'admin') {
$cookie_admin = "@" . $auth->username;
}
$query = "SELECT * \n\t\t\t\t\tFROM lcm_author\n\t\t\t\t\tWHERE username='******'";
$result = lcm_query($query);
if ($row_author = lcm_fetch_array($result)) {
$cookie_session = creer_cookie_session($row_author);
}
$cible->addVar('privet', 'yes');
} else {
$cible = new Link("lcm_login.php");
$cible->addVar('var_login', $login);
$cible->addVar('var_url', urldecode($url));
if ($session_password || $session_password_md5) {
$cible->addVar('var_erreur', 'pass');
}
}
}
// Set a session cookie?
if ($cookie_session) {
if ($session_remember == 'yes') {
function printList()
{
global $prefs;
// Select cases of which the current user is author
$q = "SELECT e.id_expense, e.id_case, e.id_author, e.status, e.type, \n\t\t\t\te.description, e.date_creation, e.date_update, e.pub_read,\n\t\t\t\te.pub_write, a.name_first, a.name_middle, a.name_last,\n\t\t\t\tcount(ec.id_expense) as nb_comments, c.title as case_title\n\t\t\tFROM lcm_expense as e\n\t\t\tLEFT JOIN lcm_expense_comment as ec ON (ec.id_expense = e.id_expense)\n\t\t\tLEFT JOIN lcm_author as a ON (a.id_author = e.id_author) \n\t\t\tLEFT JOIN lcm_case as c ON (c.id_case = e.id_case) ";
$q .= " WHERE (1=1 ";
if ($this->search) {
$q .= " AND (";
if (is_numeric($this->search)) {
$q .= " e.id_expense = " . $this->search . " OR ";
}
$q .= " e.description LIKE '%" . $this->search . "%' ";
$q .= " )";
}
if ($this->id_case) {
$q .= " AND e.id_case = " . $this->id_case;
}
$q .= ")";
//
// Apply filters to SQL
//
// Case owner TODO
// $q .= " AND " . $q_owner;
// Period (date_creation) to show
if ($prefs['case_period'] < 1900) {
// since X days
// $q .= " AND TO_DAYS(NOW()) - TO_DAYS(date_creation) < " . $prefs['case_period'];
$q .= " AND " . lcm_query_subst_time('e.date_creation', 'NOW()') . ' < ' . $prefs['case_period'] * 3600 * 24;
} else {
// for year X
$q .= " AND " . lcm_query_trunc_field('e.date_creation', 'year') . ' = ' . $prefs['case_period'];
}
$q .= " GROUP BY e.id_expense, e.id_case, e.id_author, e.status, e.type, e.description, e.date_creation, e.date_update, e.pub_read, e.pub_write, a.name_first, a.name_middle, a.name_last, c.title ";
//
// Sort
//
$sort_clauses = array();
$sort_allow = array('ASC' => 1, 'DESC' => 1);
// Sort by request type
if ($sort_allow[_request('type_order')]) {
$sort_clauses[] = "type " . _request('type_order');
}
if ($sort_allow[_request('status_order')]) {
$sort_clauses[] = "status " . _request('status_order');
}
// Sort cases by creation or update date
if ($sort_allow[_request('date_order')]) {
$sort_clauses[] = "date_creation " . _request('date_order');
} elseif ($sort_allow[_request('upddate_order')]) {
$sort_clauses[] = "date_update " . _request('upddate_order');
}
if (count($sort_clauses)) {
$q .= " ORDER BY " . implode(', ', $sort_clauses);
} else {
$q .= " ORDER BY date_creation DESC";
}
// default sort
$result = lcm_query($q);
// Check for correct start position of the list
$this->number_of_rows = lcm_num_rows($result);
if ($this->list_pos >= $this->number_of_rows) {
$this->list_pos = 0;
}
// Position to the page info start
if ($this->list_pos > 0) {
if (!lcm_data_seek($result, $this->list_pos)) {
lcm_panic("Error seeking position " . $this->list_pos . " in the result");
}
}
for ($i = 0; $i < $prefs['page_rows'] && ($row = lcm_fetch_array($result)); $i++) {
$css = $i % 2 ? "dark" : "light";
echo "<tr>\n";
// Expense ID
echo "<td class='tbl_cont_" . $css . "'>";
echo highlight_matches($row['id_expense'], $this->search);
echo "</td>\n";
// Author
echo "<td class='tbl_cont_" . $css . "'>";
echo get_person_initials($row);
echo "</td>\n";
// Attached to case..
echo "<td class='tbl_cont_" . $css . "'>";
if ($row['id_case']) {
echo '<abbr title="' . $row['case_title'] . '">' . $row['id_case'] . '</a>';
}
echo "</td>\n";
// Date creation
echo "<td class='tbl_cont_" . $css . "'>";
echo format_date($row['date_creation'], 'short');
echo "</td>\n";
// Type
echo "<td class='tbl_cont_" . $css . "'>";
echo _Tkw('_exptypes', $row['type']);
echo "</td>\n";
// Description
global $fu_desc_len;
// configure via my_options.php with $GLOBALS['fu_desc_len'] = NNN;
$more_desc = _request('more_desc', 0);
$desc_length = isset($fu_desc_len) && $fu_desc_len > 0 ? $fu_desc_len : 256;
$description = $row['description'];
if ($more_desc || strlen(lcm_utf8_decode($row['description'])) < $desc_length) {
$description = $row['description'];
} else {
$description = substr($row['description'], 0, $desc_length) . '...';
}
echo "<td class='tbl_cont_" . $css . "'>";
echo '<a class="content_link" href="exp_det.php?expense=' . $row['id_expense'] . '">';
echo nl2br(highlight_matches($description, $this->search));
echo "</a>";
echo "</td>\n";
// # Comments
echo "<td class='tbl_cont_" . $css . "'>";
echo $row['nb_comments'];
echo "</td>\n";
// Date update
echo "<td class='tbl_cont_" . $css . "'>";
if ($row['date_update'] != $row['date_creation']) {
echo format_date($row['date_update'], 'short');
}
echo "</td>\n";
// Status
echo "<td class='tbl_cont_" . $css . "'>";
echo _T('expense_status_option_' . $row['status']);
echo "</td>\n";
echo "</tr>\n";
}
}
while ($row = lcm_fetch_array($result)) {
// $q .= ($q ? ', ' : '');
$q .= get_person_name($row) . ($row['name'] ? " of " . $row['name'] : '');
// TRAD
$q .= ' (<label for="id_rem_client' . $row['id_client'] . ':' . $row['id_org'] . '">';
$q .= '<img src="images/jimmac/stock_trash-16.png" width="16" height="16" alt="Remove?" title="Remove?" /></label> ';
$q .= '<input type="checkbox" id="id_rem_client' . $row['id_client'] . ':' . $row['id_org'] . '" name="rem_client[]" value="' . $row['id_client'] . ':' . $row['id_org'] . '"/>)<br />';
// TRAD
}
echo "\t\t\t{$q}\n";
// List rest of the clients to add
$q = "SELECT c.id_client, c.name_first, c.name_last, co.id_org, o.name\n\t\t\tFROM lcm_client AS c\n\t\t\tLEFT JOIN lcm_client_org AS co USING (id_client)\n\t\t\tLEFT JOIN lcm_org AS o ON (co.id_org = o.id_org)\n\t\t\tLEFT JOIN lcm_app_client_org AS aco ON (aco.id_client = c.id_client AND aco.id_app = " . _session('id_app', 0) . ")\n\t\t\tWHERE id_app IS NULL\n\t\t\tORDER BY c.name_first, c.name_last, o.name";
$result = lcm_query($q);
echo '<select name="client">' . "\n";
echo '<option selected="selected" value="0"> ... </option>' . "\n";
while ($row = lcm_fetch_array($result)) {
echo '<option value="' . $row['id_client'] . ':' . $row['id_org'] . '">' . get_person_name($row) . ($row['name'] ? ' of ' . $row['name'] : '') . "</option>\n";
}
echo "</select>\n";
echo "<button name=\"submit\" type=\"submit\" value=\"add_client\" class=\"simple_form_btn\">" . 'Add' . "</button>\n";
// TRAD
echo "</td></tr>\n";
echo "</table>\n";
// Delete appointment
if (_session('id_app', 0)) {
// $checked = ($this->getDataString('hidden') == 'Y' ? ' checked="checked" ' : '');
$checked = $_SESSION['form_data']['hidden'] == 'Y' ? ' checked="checked" ' : '';
echo '<p class="normal_text">';
echo '<input type="checkbox"' . $checked . ' name="hidden" id="box_delete" />';
echo '<label for="box_delete">' . _T('app_info_delete') . '</label>';
echo "</p>\n";
function save()
{
$errors = $this->validate();
if (count($errors)) {
return $errors;
}
//
// Update
//
$fl = " date_start = '" . $this->getDataString('date_start') . "',\n\t\t\t\tdate_end = '" . $this->getDataString('date_end') . "',\n\t\t\t\ttype = '" . $this->getDataString('type') . "',\n\t\t\t\tsumbilled = " . $this->getDataFloat('sumbilled', 0.0);
if ($this->getDataString('type') == 'stage_change') {
// [ML] To be honest, we should "assert" most of the
// following values, but "new_stage" is the most important.
lcm_assert_value($this->getDataString('new_stage', '__ASSERT__'));
$desc = array('description' => $this->getDataString('description'), 'result' => $this->getDataString('result'), 'conclusion' => $this->getDataString('conclusion'), 'sentence' => $this->getDataString('sentence'), 'sentence_val' => $this->getDataString('sentence_val'), 'new_stage' => $this->getDataString('new_stage'));
$fl .= ", description = '" . serialize($desc) . "'";
} elseif (is_status_change($this->getDataString('type'))) {
$desc = array('description' => $this->getDataString('description'), 'result' => $this->getDataString('result'), 'conclusion' => $this->getDataString('conclusion'), 'sentence' => $this->getDataString('sentence'), 'sentence_val' => $this->getDataString('sentence_val'));
$fl .= ", description = '" . serialize($desc) . "'";
} else {
$fl .= ", description = '" . $this->getDataString('description') . "'";
}
if ($this->getDataInt('id_followup') > 0) {
// Edit of existing follow-up
$id_followup = $this->getDataInt('id_followup');
if (!allowed($this->getDataInt('id_case'), 'e')) {
lcm_panic("You don't have permission to modify this case's information. (" . $this->getDataInt('id_case') . ")");
}
// TODO: check if hiding this FU is allowed
if (allowed($this->getDataInt('id_case'), 'a') && !(is_status_change($this->getDataString('type')) || $this->getDataString('type') == 'assignment' || $this->getDataString('type') == 'unassignment')) {
if ($this->getDataString('delete')) {
$fl .= ", hidden = 'Y'";
} else {
$fl .= ", hidden = 'N'";
}
} else {
$fl .= ", hidden = 'N'";
}
$q = "UPDATE lcm_followup SET {$fl} WHERE id_followup = {$id_followup}";
$result = lcm_query($q);
// Get stage of the follow-up entry
$q = "SELECT id_stage, case_stage FROM lcm_followup WHERE id_followup = {$id_followup}";
$result = lcm_query($q);
if ($row = lcm_fetch_array($result)) {
$case_stage = lcm_assert_value($row['case_stage']);
} else {
lcm_panic("There is no such follow-up (" . $id_followup . ")");
}
// Update the related lcm_stage entry
$q = "UPDATE lcm_stage SET\n\t\t\t\t\tdate_conclusion = '" . $this->getDataString('date_end') . "',\n\t\t\t\t\tkw_result = '" . $this->getDataString('result') . "',\n\t\t\t\t\tkw_conclusion = '" . $this->getDataString('conclusion') . "',\n\t\t\t\t\tkw_sentence = '" . $this->getDataString('sentence') . "',\n\t\t\t\t\tsentence_val = '" . $this->getDataString('sentence_val') . "',\n\t\t\t\t\tdate_agreement = '" . $this->getDataString('date_end') . "'\n\t\t\t\tWHERE id_case = " . $this->getDataInt('id_case') . "\n\t\t\t\t AND kw_case_stage = '" . $case_stage . "'";
lcm_query($q);
} else {
// New follow-up
if (!allowed($this->getDataInt('id_case'), 'w')) {
lcm_panic("You don't have permission to add information to this case. (" . $this->getDataInt('id_case') . ")");
}
// Get the current case stage
$q = "SELECT id_stage, stage FROM lcm_case WHERE id_case=" . $this->getDataInt('id_case', '__ASSERT__');
$result = lcm_query($q);
if ($row = lcm_fetch_array($result)) {
$case_stage = lcm_assert_value($row['stage']);
$case_stage_id = lcm_assert_value($row['id_stage']);
} else {
lcm_panic("There is no such case (" . $this->getDataInt('id_case') . ")");
}
// Add the new follow-up
$q = "INSERT INTO lcm_followup\n\t\t\t\t\tSET id_case=" . $this->getDataInt('id_case') . ",\n\t\t\t\t\t\tid_author=" . $GLOBALS['author_session']['id_author'] . ",\n\t\t\t\t\t\t{$fl},\n\t\t\t\t\t\tid_stage = {$case_stage_id},\n\t\t\t\t\t\tcase_stage='{$case_stage}'";
lcm_query($q);
$this->data['id_followup'] = lcm_insert_id('lcm_followup', 'id_followup');
// Set relation to the parent appointment, if any
if ($this->getDataInt('id_app')) {
$q = "INSERT INTO lcm_app_fu \n\t\t\t\t\t\tSET id_app=" . $this->getDataInt('id_app') . ",\n\t\t\t\t\t\t\tid_followup=" . $this->getDataInt('id_followup', '__ASSERT__') . ",\n\t\t\t\t\t\t\trelation='child'";
$result = lcm_query($q);
}
// Update case status
$status = '';
$stage = '';
switch ($this->getDataString('type')) {
case 'conclusion':
$status = 'closed';
break;
case 'suspension':
$status = 'suspended';
break;
case 'opening':
case 'resumption':
case 'reopening':
$status = 'open';
break;
case 'merge':
$status = 'merged';
break;
case 'deletion':
$status = 'deleted';
break;
case 'stage_change':
$stage = lcm_assert_value($this->getDataString('new_stage'));
break;
}
if ($status || $stage) {
$q = "UPDATE lcm_case\n\t\t\t\t\t\tSET " . ($status ? "status='{$status}'" : '') . ($status && $stage ? ',' : '') . ($stage ? "stage='{$stage}'" : '') . "\n\t\t\t\t\t\tWHERE id_case=" . $this->getDataInt('id_case');
lcm_query($q);
// Close the lcm_stage
// XXX for now, date_agreement is not used
if ($status == 'open') {
// case is being re-opened, so erase previously entered info
$q = "UPDATE lcm_stage\n\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\tdate_conclusion = '0000-00-00 00:00:00',\n\t\t\t\t\t\t\t\tid_fu_conclusion = 0,\n\t\t\t\t\t\t\t\tkw_result = '',\n\t\t\t\t\t\t\t\tkw_conclusion = '',\n\t\t\t\t\t\t\t\tkw_sentence = '',\n\t\t\t\t\t\t\t\tsentence_val = '',\n\t\t\t\t\t\t\t\tdate_agreement = '0000-00-00 00:00:0'\n\t\t\t\t\t\t\tWHERE id_case = " . $this->getDataInt('id_case') . "\n\t\t\t\t\t\t\t AND kw_case_stage = '" . $case_stage . "'";
} else {
$q = "UPDATE lcm_stage\n\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\tdate_conclusion = '" . $this->getDataString('date_end') . "',\n\t\t\t\t\t\t\t\tid_fu_conclusion = " . $this->getDataInt('id_followup') . ",\n\t\t\t\t\t\t\t\tkw_result = '" . $this->getDataString('result') . "',\n\t\t\t\t\t\t\t\tkw_conclusion = '" . $this->getDataString('conclusion') . "',\n\t\t\t\t\t\t\t\tkw_sentence = '" . $this->getDataString('sentence') . "',\n\t\t\t\t\t\t\t\tsentence_val = '" . $this->getDataString('sentence_val') . "',\n\t\t\t\t\t\t\t\tdate_agreement = '" . $this->getDataString('date_end') . "'\n\t\t\t\t\t\t\tWHERE id_case = " . $this->getDataInt('id_case', '__ASSERT__') . "\n\t\t\t\t\t\t\t AND kw_case_stage = '" . $case_stage . "'";
}
lcm_query($q);
}
// If creating a new case stage, make new lcm_stage entry
if ($stage) {
$q = "INSERT INTO lcm_stage SET\n\t\t\t\t\t\t\tid_case = " . $this->getDataInt('id_case', '__ASSERT__') . ",\n\t\t\t\t\t\t\tkw_case_stage = '" . lcm_assert_value($stage) . "',\n\t\t\t\t\t\t\tdate_creation = NOW(),\n\t\t\t\t\t\t\tid_fu_creation = " . $this->getDataInt('id_followup');
lcm_query($q);
}
}
// Keywords
update_keywords_request('followup', $this->getDataInt('id_followup'));
return $errors;
}
function get_keywords_applied_to($type, $id, $id_sec = 0)
{
if (!$GLOBALS['legal_obj'][$type]) {
lcm_panic("Unknown type: " . $type);
}
if ($type == 'stage') {
$query = "SELECT kwlist.*, kwinfo.*, kwg.title as kwg_title, kwg.name as kwg_name\n\t\t\t\tFROM lcm_keyword_case as kwlist, lcm_keyword as kwinfo, lcm_keyword_group as kwg\n\t\t\t\tWHERE id_case = " . $id . " \n\t\t\t\t AND kwinfo.id_keyword = kwlist.id_keyword\n\t\t\t\t AND kwg.id_group = kwinfo.id_group\n\t\t\t\t AND kwlist.id_stage = " . $id_sec;
} else {
$query = "SELECT kwlist.*, kwinfo.*, kwg.title as kwg_title, kwg.name as kwg_name\n\t\t\t\tFROM lcm_keyword_" . $type . " as kwlist, lcm_keyword as kwinfo, lcm_keyword_group as kwg\n\t\t\t\tWHERE id_" . $type . " = " . $id . " \n\t\t\t\t AND kwinfo.id_keyword = kwlist.id_keyword\n\t\t\t\t AND kwg.id_group = kwinfo.id_group";
if ($type == 'case') {
$query .= " AND kwlist.id_stage = 0";
}
}
$result = lcm_query($query);
$ret = array();
while ($row = lcm_fetch_array($result)) {
array_push($ret, $row);
}
return $ret;
}
function printList()
{
global $prefs;
// Select cases of which the current user is author
$q = "SELECT DISTINCT c.id_case, title, status, public, pub_write, date_creation\n\t\t\tFROM lcm_case as c NATURAL JOIN lcm_case_author as a ";
if ($this->search) {
$q .= " NATURAL LEFT JOIN lcm_keyword_case as kc ";
}
//
// Apply filters to SELECT output
//
$q .= " WHERE 1=1 ";
// Add search criteria, if any
if ($this->search) {
$q .= " AND (";
if (is_numeric($this->search)) {
$q .= " (c.id_case = {$this->search}) OR ";
}
$q .= " (kc.value LIKE '%" . $this->search . "%') OR " . " (c.title LIKE '%" . $this->search . "%') ";
$q .= " )";
}
//
// Case owner: may be used by listcases.php, archives.php, author_det.php, etc.
// Also, it may be a user checking another user's profile (in that case, show only public cases)
// or it may be an admin checking another user's profile. etc.
//
global $author_session;
$owner_filter = $this->getDataString('owner', $prefs['case_owner']);
$owner_id = $this->getDataInt('id_author', $author_session['id_author']);
$q_owner = " (a.id_author = " . $owner_id;
if ($owner_id == $author_session['id_author']) {
// Either in listcases, or user looking at his page in author_det
if ($owner_filter == 'public') {
$q_owner .= " OR c.public = 1";
}
if ($author_session['status'] == 'admin' && $owner_filter == 'all') {
$q_owner .= " OR 1=1 ";
}
} else {
// If not an admin, show only public cases of that user
if ($author_session['status'] != 'admin') {
$q_owner .= " AND c.public = 1";
}
}
$q_owner .= " ) ";
$q .= " AND " . $q_owner;
// Period (date_creation) to show
if ($this->date_start || $this->date_end) {
if ($this->date_start) {
$q .= " AND date_creation >= '" . $this->date_start . "'";
}
if ($this->date_end) {
$q .= " AND date_creation <= '" . $this->date_end . "'";
}
} else {
if ($prefs['case_period'] < 1900) {
// since X days
$q .= " AND " . lcm_query_subst_time('date_creation', 'NOW()') . ' < ' . $prefs['case_period'] * 3600 * 24;
} else {
// for year X
$q .= " AND " . lcm_query_trunc_field('date_creation', 'year') . ' = ' . $prefs['case_period'];
}
}
//
// Sort results
//
$sort_clauses = array();
$sort_allow = array('ASC' => 1, 'DESC' => 1);
// Sort cases by creation date
if ($sort_allow[_request('status_order')]) {
$sort_clauses[] = "status " . _request('status_order');
}
if ($sort_allow[_request('case_order')]) {
$sort_clauses[] = 'date_creation ' . _request('case_order');
} elseif ($sort_allow[_request('upddate_order')]) {
$sort_clauses[] = "date_update " . _request('upddate_order');
} else {
$sort_clauses[] = 'date_creation DESC';
}
// default
$q .= " ORDER BY " . implode(', ', $sort_clauses);
$result = lcm_query($q);
// Check for correct start position of the list
$this->number_of_rows = lcm_num_rows($result);
if ($this->list_pos >= $this->number_of_rows) {
$this->list_pos = 0;
}
// Position to the page info start
if ($this->list_pos > 0) {
if (!lcm_data_seek($result, $this->list_pos)) {
lcm_panic("Error seeking position " . $this->list_pos . " in the result");
}
}
for ($i = 0; $i < $prefs['page_rows'] && ($row = lcm_fetch_array($result)); $i++) {
show_listcase_item($row, $i, $this->search);
}
}
function install_step_3()
{
$db_address = _request('db_address');
$db_login = _request('db_login');
$db_password = _request('db_password');
global $lcm_db_version;
$install_log = "";
$upgrade_log = "";
// Possible errors will get trapped in the output buffer and displayed later,
// so that they don't mess up with headers/html.
ob_start();
if (_request('db_choice') == "__manual__") {
$sel_db = _request('manual_db');
} else {
$sel_db = _request('db_choice');
}
$link = lcm_connect_db($db_address, 0, $db_login, $db_password, $sel_db);
$io_output = ob_get_contents();
ob_end_clean();
if (!$link) {
install_html_start('AUTO', '', 3);
lcm_panic("connection denied: " . lcm_sql_error());
}
//
// TEMPORARY (used by testing the installer)
/*
lcm_query("DROP TABLE lcm_case", true);
lcm_query("DROP TABLE lcm_case_attachment", true);
lcm_query("DROP TABLE lcm_stage", true);
lcm_query("DROP TABLE lcm_followup", true);
lcm_query("DROP TABLE lcm_author", true);
lcm_query("DROP TABLE lcm_client", true);
lcm_query("DROP TABLE lcm_client_attachment", true);
lcm_query("DROP TABLE lcm_org", true);
lcm_query("DROP TABLE lcm_org_attachment", true);
lcm_query("DROP TABLE lcm_contact", true);
lcm_query("DROP TABLE lcm_keyword", true);
lcm_query("DROP TABLE lcm_keyword_case", true);
lcm_query("DROP TABLE lcm_keyword_client", true);
lcm_query("DROP TABLE lcm_keyword_org", true);
lcm_query("DROP TABLE lcm_keyword_group", true);
lcm_query("DROP TABLE lcm_report", true);
lcm_query("DROP TABLE lcm_fields", true);
lcm_query("DROP TABLE lcm_filter", true);
lcm_query("DROP TABLE lcm_app", true);
lcm_query("DROP TABLE lcm_app_client_org", true);
lcm_query("DROP TABLE lcm_app_fu", true);
lcm_query("DROP TABLE lcm_author_app", true);
lcm_query("DROP TABLE lcm_case_client_org", true);
lcm_query("DROP TABLE lcm_case_author", true);
lcm_query("DROP TABLE lcm_client_org", true);
lcm_query("DROP TABLE lcm_rep_col", true);
lcm_query("DROP TABLE lcm_rep_line", true);
lcm_query("DROP TABLE lcm_rep_filters", true);
lcm_query("DROP TABLE lcm_filter_conds", true);
lcm_query("DROP TABLE lcm_rep_filter", true);
lcm_query("DROP TABLE lcm_meta", true);
*/
// Test if the software was already installed
$result = lcm_query("SELECT * FROM lcm_meta", true);
$already_installed = !lcm_sql_errno() && lcm_num_rows($result);
$old_lcm_version = 'NONE';
if ($already_installed) {
lcm_log("LCM already installed", 'install');
// Find the current database version
$old_lcm_db_version = 0;
$query = "SELECT value FROM lcm_meta WHERE name = 'lcm_db_version'";
$result = lcm_query_db($query);
while ($row = lcm_fetch_array($result)) {
$old_lcm_db_version = $row['value'];
}
lcm_log("LCM version installed is {$old_lcm_db_version}", 'install');
// Check if upgrade is needed
if ($old_lcm_db_version < $lcm_db_version) {
lcm_log("Calling the upgrade procedure (since < {$lcm_db_version})", 'install');
include_lcm('inc_db_upgrade');
$upgrade_log = upgrade_database($old_lcm_db_version);
} else {
lcm_log("Upgrade _not_ called, looks OK (= {$lcm_db_version})", 'install');
}
} else {
lcm_log("Creating the database from scratch", 'install');
include_lcm('inc_db_create');
$install_log .= create_database();
lcm_log("DB creation complete", 'install');
}
// Create default meta + keywords
include_lcm('inc_meta');
include_lcm('inc_keywords_default');
include_lcm('inc_meta_defaults');
init_default_config();
init_languages();
$skwg = get_default_keywords();
create_groups($skwg);
write_metas();
// regenerate inc/data/inc_meta_cache.php
// Test DB: not used for now..
include_lcm('inc_db_test');
$structure_ok = lcm_structure_test();
if (!empty($install_log)) {
install_html_start('AUTO', '', 3);
echo "<h3><small>" . _T('install_step_three') . "</small> " . _T('install_title_creating_database') . "</h3>\n";
echo "<div class='box_error'>\n";
echo "<p>";
echo "<b>" . _T('warning_operation_failed') . "</b> " . _T('install_database_install_failed');
echo " " . lcm_help("install_connection") . "</p>\n";
echo "</div>\n";
// Dump error listing
echo put_text_in_textbox($install_log);
install_html_end();
} else {
if (!empty($upgrade_log)) {
install_html_start('AUTO', '', 3);
echo "<h3><small>" . _T('install_step_three') . "</small> " . _T('install_title_creating_database') . "</h3>\n";
echo "<div class='box_error'>\n";
echo "<p>" . _T('install_warning_update_impossible', array('old_version' => $old_lcm_version, 'version' => $lcm_version)) . "</p>\n";
echo "</div>\n";
// Dump error listing
echo put_text_in_textbox($upgrade_log);
install_html_end();
} else {
if (!$structure_ok) {
install_html_start('AUTO', '', 3);
echo "<h3><small>" . _T('install_step_three') . "</small> " . _T('install_title_creating_database') . "</h3>\n";
echo "<div class='box_error'>\n";
echo "<p> STRUCTURE PROBLEM </p>\n";
// TRAD
echo "</div>\n";
install_html_end();
} else {
// Everything OK
$conn = '<' . '?php' . "\n";
$conn .= "if (defined('_CONFIG_INC_CONNECT')) return;\n";
$conn .= "define('_CONFIG_INC_CONNECT', '1');\n";
$conn .= "\$GLOBALS['lcm_connect_version'] = 0.1;\n";
$conn .= "include_lcm('inc_db');\n";
$conn .= "@lcm_connect_db('{$db_address}','','{$db_login}','{$db_password}','{$sel_db}');\n";
$conn .= "\$GLOBALS['db_ok'] = !!@lcm_num_rows(@lcm_query_db('SELECT COUNT(*) FROM lcm_meta'));\n";
$conn .= '?' . '>';
$lcm_config_prefix = isset($_SERVER['LcmConfigDir']) ? $_SERVER['LcmConfigDir'] : 'inc/config';
$myFile = fopen($lcm_config_prefix . '/inc_connect_install.php', 'wb');
fputs($myFile, $conn);
fclose($myFile);
install_step_4();
}
}
}
}
function lire()
{
// read
global $ldap_link, $ldap_base, $flag_utf8_decode;
$this->nom = $this->email = $this->pass = $this->statut = '';
if (!$this->login) {
return false;
}
// If the author exists in the database, fetch his infos
$query = "SELECT * FROM spip_auteurs WHERE login='******' AND source='ldap'";
$result = lcm_query($query);
if ($row = lcm_fetch_array($result)) {
$this->nom = $row['nom'];
$this->email = $row['email'];
$this->statut = $row['statut'];
$this->bio = $row['bio'];
return true;
}
// Read the info on the author from LDAP
$result = @ldap_read($ldap_link, $this->user_dn, "objectClass=*", array("uid", "cn", "mail", "description"));
// If the user cannot read his informations, reconnect with the main account
if (!$result) {
if (spip_connect_ldap()) {
$result = @ldap_read($ldap_link, $this->user_dn, "objectClass=*", array("uid", "cn", "mail", "description"));
} else {
return false;
}
}
if (!$result) {
return false;
}
// Fetch the author's data
$info = @ldap_get_entries($ldap_link, $result);
if (!is_array($info)) {
return false;
}
for ($i = 0; $i < $info["count"]; $i++) {
$val = $info[$i];
if (is_array($val)) {
if (!$this->nom) {
$this->nom = $val['cn'][0];
}
if (!$this->email) {
$this->email = $val['mail'][0];
}
if (!$this->login) {
$this->login = $val['uid'][0];
}
if (!$this->bio) {
$this->bio = $val['description'][0];
}
}
}
// Convert from UTF-8 (default encoding)
if ($flag_utf8_decode) {
$this->nom = utf8_decode($this->nom);
$this->email = utf8_decode($this->email);
$this->login = utf8_decode($this->login);
$this->bio = utf8_decode($this->bio);
}
return true;
}
function spip_fetch_array($r)
{
lcm_log("use of deprecated function: spip_fetch_array, use lcm_fetch_array instead");
return lcm_fetch_array($r);
}
function setupReportLines()
{
$this->addComment("setupReportLines() called.");
$q = "SELECT *\n\t\t\t\tFROM lcm_rep_line as l, lcm_fields as f\n\t\t\t\tWHERE id_report = " . $this->getId() . "\n\t\t\t\tAND l.id_field = f.id_field\n\t\t\t\tORDER BY col_order, id_line ASC";
$result = lcm_query($q);
while ($row = lcm_fetch_array($result)) {
$my_line_table = $row['table_name'];
$this->addLine(prefix_field($row['table_name'], $row['field_name']));
$this->addHeader(_Th($row['description']), $row['filter'], $row['enum_type'], '', $row['field_name']);
if ($row['field_name'] == 'count(*)') {
$this->setOption('do_grouping', 'yes');
}
// $do_grouping = true;
}
if (count($this->getLines())) {
return;
}
//
// No fields were specified: show them all (avoids errors)
//
if ($this->rep_info['line_src_type'] == 'table') {
$q = "SELECT * \n\t\t\t\t\tFROM lcm_fields \n\t\t\t\t\tWHERE table_name = 'lcm_" . $this->rep_info['line_src_name'] . "'\n\t\t\t\t\t AND field_name != 'count(*)'";
$result = lcm_query($q);
while ($row = lcm_fetch_array($result)) {
$this->addLine(prefix_field($row['table_name'], $row['field_name']));
$this->addHeader(_Th($row['description']), $row['filter'], $row['enum_type'], '', $row['field_name']);
}
} elseif ($this->rep_info['line_src_type'] == 'keyword') {
$kwg = get_kwg_from_name($this->rep_info['line_src_name']);
$this->addLine("k.title as 'TRAD'");
$this->addHeader(_Th(remove_number_prefix($kwg['title'])), $kwg['filter'], $kwg['enum_type'], '', 'k.id_keyword');
// XXX not sure about id_keyword
}
}
// Show parent followup ([ML] fu.type necessary for short-desc)
$q = "SELECT a.id_followup, fu.description, fu.type\n\t\t\t\tFROM lcm_app_fu as a, lcm_followup as fu\n\t\t\t\tWHERE a.id_app = " . $row['id_app'] . "\n\t\t\t \t AND a.id_followup = fu.id_followup\n\t\t\t\t AND a.relation = 'parent'";
$res_fu = lcm_query($q);
if (lcm_num_rows($res_fu) > 0) {
// Show parent followup title
$fu = lcm_fetch_array($res_fu);
$short_description = get_fu_description($fu);
echo '<br />Consequent to:' . ' <a class="content_link" href="fu_det.php?followup=' . $fu['id_followup'] . '">' . $short_description . "</a><br />\n";
// TRAD
}
// Show child followup
$q = "SELECT lcm_app_fu.id_followup,lcm_followup.description FROM lcm_app_fu,lcm_followup\n\t\t\tWHERE lcm_app_fu.id_app=" . $row['id_app'] . "\n\t\t\t\tAND lcm_app_fu.id_followup=lcm_followup.id_followup\n\t\t\t\tAND lcm_app_fu.relation='child'";
$res_fu = lcm_query($q);
if (lcm_num_rows($res_fu) > 0) {
// Show child followup title
$fu = lcm_fetch_array($res_fu);
$title_length = $prefs['screen'] == "wide" ? 48 : 115;
if (strlen(lcm_utf8_decode($fu['description'])) < $title_length) {
$short_description = $fu['description'];
} else {
$short_description = substr($fu['description'], 0, $title_length) . '...';
}
echo '<br />Resulting followup:' . ' <a href="fu_det.php?followup=' . $fu['id_followup'] . '">' . $short_description;
// TRAD
} else {
if ($ac['w']) {
// Show create followup from appointment
echo '<br /><a href="edit_fu.php?case=' . $row['id_case'] . '&app=' . $row['id_app'] . '" class="create_new_lnk">Create new followup from this appointment';
// TRAD
}
}
function send_registration_by_email()
{
global $lcm_lang_left;
$_SESSION['form_data'] = array();
$_SESSION['errors'] = array();
$kwg_email = get_kwg_from_name('+email_main');
$form_items = array('name_first' => 'person_input_name_first', 'name_last' => 'person_input_name_last', 'email' => 'input_email', 'username' => 'authoredit_input_username');
foreach ($form_items as $field => $trad) {
$_SESSION['form_data'][$field] = _request($field);
if (!_session($field)) {
$_SESSION['errors'][$field] = _Ti($trad) . _T('warning_field_mandatory');
}
}
if (count($_SESSION['errors'])) {
lcm_header("Location: lcm_pass.php?register=yes");
exit;
}
install_html_start(_T('pass_title_register'), 'login');
// There is a risk that an author changes his e-mail after his account
// is created, to the e-mail of another person, and therefore block the
// other person from registering. But then.. this would allow the other
// person to hijack the account, so it would be a stupid DoS.
$query = "SELECT id_of_person, status FROM lcm_contact as c, lcm_author as a\n\t\tWHERE c.id_of_person = a.id_author\n\t\tAND value = '" . _session('email') . "'\n\t\tAND type_person = 'author'\n\t\tAND type_contact = " . $kwg_email['id_group'];
$result = lcm_query($query);
// Test if the user already exists
if ($row = lcm_fetch_array($result)) {
$id_author = $row['id_of_person'];
$status = $row['status'];
// TODO: if status = 'pending for validation by admin', show message
if ($status == 'trash') {
echo "<br />\n";
echo "<div class='box_error'>" . _T('pass_registration_denied') . "</div>\n";
} else {
echo "<br />\n";
echo "<div class=\"box_error\" align=\"{$lcm_lang_left}\">" . _T('pass_warning_already_registered') . "</div>\n";
return;
}
}
//
// Send identifiers by e-mail
//
include_lcm('inc_access');
include_lcm('inc_mail');
$username = get_unique_username(_session('username'));
$pass = create_random_password(8, $username);
$mdpass = md5($pass);
$open_subscription = read_meta("site_open_subscription");
if (!($open_subscription == 'yes' || $open_subscription == 'moderated')) {
lcm_panic("Subscriptions not permitted.");
}
$status = 'waiting';
if ($open_subscription == 'yes') {
$status = 'normal';
}
lcm_query("INSERT INTO lcm_author (name_first, name_last, username, password, status, date_creation, date_update) " . "VALUES ('" . _session('name_first') . "', '" . _session('name_last') . "', '{$username}', '{$mdpass}', 'normal', NOW(), NOW())");
$id_author = lcm_insert_id('lcm_author', 'id_author');
// Add e-mail to lcm_contact
lcm_query("INSERT INTO lcm_contact (type_person, type_contact, id_of_person, value)\n\t\t\tVALUES ('author', " . $kwg_email['id_group'] . ", {$id_author}, '" . _session('email') . "')");
// Prepare the e-mail to send to the user
$site_name = _T(read_meta('site_name'));
$site_address = read_meta('site_address');
$message = _T('info_greetings') . ",\n\n";
$message .= _T('pass_info_here_info', array('site_name' => $site_name, 'site_address' => $site_address)) . "\n\n";
$message .= "- " . _Ti('login_login') . " {$username}\n";
$message .= "- " . _Ti('login_password') . " {$pass}\n\n";
if ($open_subscription == 'moderated') {
$message .= _T('pass_info_moderated') . "\n\n";
}
$message .= _T('pass_info_automated_msg') . "\n\n";
if (send_email(_session('email'), "[{$site_name}] " . _T('pass_title_personal_identifier'), $message)) {
echo "<p>" . _T('pass_info_identifier_mail') . "</p>\n";
} else {
$email_admin = read_meta('email_sysadmin');
echo "<div class=\"box_error\"><p>" . _T('pass_warning_mail_failure', array('email_admin' => $email_admin)) . "</p></div>\n";
}
// If moderated, send copy to site admin
if ($open_subscription == 'moderated') {
$email_admin = read_meta('email_sysadmin');
send_email($email_admin, "[{$site_name}] " . _T('pass_title_personal_identifier'), $message);
}
}
function show_report_for_user($author, $date_start, $date_end, $type)
{
if ($type == "case") {
$q = "SELECT c.title, c.id_case, \n\t\t\t\t\t\t\t\tsum(IF(UNIX_TIMESTAMP(fu.date_end) > 0,\n\t\t\t\t\t\t\t\t\tUNIX_TIMESTAMP(fu.date_end)-UNIX_TIMESTAMP(fu.date_start), 0)) as time,\n\t\t\t\t\t\t\t\tsum(sumbilled) as sumbilled \n\t\t\t\t\t\t \t FROM lcm_case as c, lcm_followup as fu \n\t\t\t\t\t\t\t WHERE fu.id_case = c.id_case AND fu.id_author = {$author}\n\t\t\t\t\t\t\t\tAND UNIX_TIMESTAMP(date_start) >= UNIX_TIMESTAMP('" . $date_start . "') ";
if ($date_end != "-1") {
$q .= " AND UNIX_TIMESTAMP(date_end) <= UNIX_TIMESTAMP('" . $date_end . "')";
}
$q .= " GROUP BY fu.id_case";
} elseif ($type == "fu") {
$q = "SELECT fu.type,\n\t\t\t\t\t\t\t\tsum(IF(UNIX_TIMESTAMP(fu.date_end) > 0,\n\t\t\t\t\t\t\t\t\tUNIX_TIMESTAMP(fu.date_end)-UNIX_TIMESTAMP(fu.date_start), 0)) as time,\n\t\t\t\t\t\t\t\tsum(sumbilled) as sumbilled \n\t\t\t\t\t\t \t FROM lcm_followup as fu \n\t\t\t\t\t\t\t WHERE fu.id_author = {$author}\n\t\t\t\t\t\t\t\tAND UNIX_TIMESTAMP(date_start) >= UNIX_TIMESTAMP('" . $date_start . "') ";
if ($date_end != "-1") {
$q .= " AND UNIX_TIMESTAMP(date_end) <= UNIX_TIMESTAMP('" . $date_end . "') ";
}
$q .= " GROUP BY fu.type";
} elseif ($type == "agenda") {
$q = "SELECT ap.type,\n\t\t\t\t\t\t\t\tsum(IF(UNIX_TIMESTAMP(ap.end_time) > 0,\n\t\t\t\t\t\t\t\t\tUNIX_TIMESTAMP(ap.end_time)-UNIX_TIMESTAMP(ap.start_time), 0)) as time\n\t\t\t\t\t\t \t FROM lcm_app as ap\n\t\t\t\t\t\t\t WHERE ap.id_author = {$author}\n\t\t\t\t\t\t\t \tAND ap.id_case = 0\n\t\t\t\t\t\t\t\tAND UNIX_TIMESTAMP(start_time) >= UNIX_TIMESTAMP('" . $date_start . "') ";
if ($date_end != "-1") {
$q .= " AND UNIX_TIMESTAMP(end_time) <= UNIX_TIMESTAMP('" . $date_end . "') ";
}
$q .= " GROUP BY ap.type";
}
$result = lcm_query($q);
echo "<p class=\"normal_text\">\n";
echo "<table border='0' class='tbl_usr_dtl' width='99%'>\n";
echo "<tr>\n";
echo '<th class="heading">' . _T('case_subtitle_times_by_' . $type) . "</th>\n";
echo "<th class='heading' width='1%' nowrap='nowrap'>" . _Th('case_input_total_time') . ' (' . _T('time_info_short_hour') . ")" . "</th>\n";
$total_time = 0;
$total_sum_billed = 0.0;
$meta_sum_billed = read_meta('fu_sum_billed') == 'yes';
$meta_sum_billed &= $type == "case" || $type == "fu";
if ($meta_sum_billed) {
$currency = read_meta('currency');
echo "<th class='heading' width='1%' nowrap='nowrap'>" . _Th('fu_input_sum_billed') . ' (' . $currency . ")</th>\n";
}
echo "</tr>\n";
// Show table contents & calculate total
while ($row = lcm_fetch_array($result)) {
echo "<tr>\n";
echo "<!-- Total = " . $total_sum_billed . " - row = " . $row['sumbilled'] . " -->\n";
$total_time += $row['time'];
$total_sum_billed += $row['sumbilled'];
echo '<td>';
if ($type == "case") {
echo '<a class="content_link" href="case_det.php?case=' . $row['id_case'] . '">' . $row['id_case'] . ': ' . $row['title'] . '</a>';
} elseif ($type == "fu") {
echo _Tkw("followups", $row['type']);
} elseif ($type == "agenda") {
echo _Tkw("appointments", $row['type']);
}
echo '</td>';
echo '<td align="right">' . format_time_interval_prefs($row['time']) . "</td>\n";
if ($meta_sum_billed) {
echo '<td align="right">';
echo format_money($row['sumbilled']);
echo "</td>\n";
}
echo "</tr>\n";
}
// Show total case hours
echo "<tr>\n";
echo "<td><strong>" . _Ti('generic_input_total') . "</strong></td>\n";
echo "<td align='right'><strong>";
echo format_time_interval_prefs($total_time);
echo "</strong></td>\n";
if ($meta_sum_billed) {
echo '<td align="right"><strong>';
echo format_money($total_sum_billed);
echo "</strong></td>\n";
}
echo "</tr>\n";
echo "</table>\n";
echo "</p>\n";
}
function show_login($cible, $prive = 'prive', $message_login = '')
{
$error = '';
$login = _request('var_login');
$logout = _request('var_logout');
// If the cookie fails, inc_auth tried to redirect to lcm_cookie who
// then tried to put a cookie. If it is not there, it is "cookie failed"
// who is there, and it's probably a bookmark on privet=yes and not
// a cookie failure.
$cookie_failed = "";
if (_request('var_cookie_failed')) {
$cookie_failed = $_COOKIE['lcm_session'] != 'cookie_test_failed';
}
global $author_session;
global $lcm_session;
global $clean_link;
if (!$cible) {
// cible = destination
$cible = new Link(_request('var_url', 'index.php'));
}
$cible->delVar('var_erreur');
$cible->delVar('var_url');
$cible->delVar('var_cookie_failed');
$clean_link->delVar('var_erreur');
$clean_link->delVar('var_login');
$clean_link->delVar('var_cookie_failed');
$url = $cible->getUrl();
// This populates the $author_session variable
include_lcm('inc_session');
verifier_visiteur();
if ($author_session and !$logout and ($author_session['status'] == 'admin' or $author_session['status'] == 'normal')) {
if ($url != $GLOBALS['clean_link']->getUrl()) {
lcm_header("Location: " . $cible->getUrlForHeader());
}
// [ML] This is making problems for no reason, we use login only
// for one mecanism (entering the system).
// echo "<a href='$url'>"._T('login_this_way')."</a>\n";
echo "<a class='content_link' href='index.php'>" . _T('login_this_way') . "</a>\n";
return;
}
if (_request('var_erreur') == 'pass') {
$error = _T('login_password_incorrect');
}
// The login is memorized in the cookie for a possible future admin login
if (!$login && isset($_COOKIE['lcm_admin'])) {
if (preg_match("/^@(.*)\$/", $_COOKIE['lcm_admin'], $regs)) {
$login = $regs[1];
}
} else {
if ($login == '-1') {
$login = '';
}
}
// other sources for authentication
$flag_autres_sources = isset($GLOBALS['ldap_present']) ? $GLOBALS['ldap_present'] : '';
// What informations to pass?
if ($login) {
$status_login = 0;
// unknown status
$login = clean_input($login);
$query = "SELECT id_author, status, password, prefs, alea_actuel, alea_futur \n\t\t\t\t\tFROM lcm_author \n\t\t\t\t\tWHERE username='******'";
$result = lcm_query($query);
if ($row = lcm_fetch_array($result)) {
if ($row['status'] == 'trash' or $row['password'] == '') {
$status_login = -1;
// deny
} else {
$status_login = 1;
// known login
// Which infos to pass for the javascript ?
$id_author = $row['id_author'];
$alea_actuel = $row['alea_actuel'];
// for MD5
$alea_futur = $row['alea_futur'];
// Button for lenght of connection
if ($row['prefs']) {
$prefs = unserialize($row['prefs']);
$rester_checked = $prefs['cnx'] == 'perma' ? ' checked=\'checked\'' : '';
}
}
}
// Unknown login (except LDAP) or refused
if ($status_login == -1 or $status_login == 0 and !$flag_autres_sources) {
$error = _T('login_identifier_unknown', array('login' => htmlspecialchars(clean_output($login))));
$login = '';
// [ML] Not sure why this was here, but headers are already sent
// therefore it causes an error message (which is not shown, but
// might make a mess, knowing how PHP runs differently everywhere..)
// @lcm_setcookie('lcm_admin', '', time() - 3600);
}
}
// Javascript for the focus
if ($login) {
$js_focus = 'document.form_login.session_password.focus();';
} else {
$js_focus = 'document.form_login.var_login.focus();';
}
// [ML] we should probably add a help link here, since tech, but let's see
// how many users complain first, since this should affect only tech users
if ($cookie_failed == "yes") {
$error = _T('login_warning_cookie');
}
echo open_login();
// [ML] Looks like there is no reason why to use $clean_link (defined in inc_version.php)
// It would cause very strange bugs when the "feed_globals()" were removed from inc_version
// and in the end, well, it looks rather useless.
//
// Strange bugs were caused because $action would be "./" and therefore it
// would call index.php -> listcases.php -> includes inc_auth.php who then
// calls auth(), who redirects to the login page.
$action = $clean_link->getUrl();
// $action = "lcm_login.php";
if ($login) {
// Shows the login form, including the MD5 javascript
$flag_challenge_md5 = true;
if ($flag_challenge_md5) {
echo '<script type="text/javascript" src="inc/md5.js"></script>';
}
echo "\n";
echo '<form name="form_login" action="lcm_cookie.php" method="post"';
if ($flag_challenge_md5) {
echo " onsubmit='if (this.session_password.value) {\n\t\t\t\tthis.session_password_md5.value = calcMD5(\"{$alea_actuel}\" + this.session_password.value);\n\t\t\t\tthis.next_session_password_md5.value = calcMD5(\"{$alea_futur}\" + this.session_password.value);\n\t\t\t\tthis.session_password.value = \"\"; }'";
}
echo ">\n";
echo "<div class='main_login_box' style='text-align:" . $GLOBALS["lcm_lang_left"] . ";'>\n";
if ($error) {
echo "<div style='color:red;'><b>" . _T('login_access_denied') . " {$error}</b></div><br />\n";
}
if ($flag_challenge_md5) {
// This is printed with javascript so that it is hidden from navigators not
// using JS, since they will see the username field anyway.
echo "<script type=\"text/javascript\"><!--\n" . "document.write('" . addslashes(_T('login_login')) . " <b>{$login}</b><br/>" . "<font size=\\'2\\'><a href=\\'lcm_cookie.php?cookie_admin=no&url=" . rawurlencode($action) . "\\' class=\\'link_btn\\'>" . _T('login_other_identifier') . "</a></font>');\n" . "//--></script>\n";
// If javascript is active, we pass the login in the hidden field
echo "<input type='hidden' name='session_login_hidden' value='{$login}' />";
// If javascript is not active, the login is still modifiable
// (since the challenge is not used)
echo "<noscript>";
}
echo "\t<label for='session_login'><b>" . _T('login_login') . "</b> (" . _T('login_info_login') . ")<br /></label>";
echo "\t<input type='text' name='session_login' id='session_login' class='forml' value=\"{$login}\" size='40' />\n";
if ($flag_challenge_md5) {
echo "</noscript>\n";
}
echo "\t<p />\n";
echo "\t<label for='session_password'><b>" . _T('login_password') . "</b><br /></label>";
echo "\t<input type='password' name='session_password' id='session_password' class='forml' value=\"\" size='40' />\n";
echo "\t<input type='hidden' name='essai_login' value='oui' />\n";
echo "\t<br /> <input type='checkbox' name='session_remember' value='yes' id='session_remember'{$rester_checked} /> ";
echo "\t<label for='session_remember'>" . _T('login_remain_logged_on') . "</label>";
echo "\t<input type='hidden' name='url' value='{$url}' />\n";
echo "\t<input type='hidden' name='session_password_md5' value='' />\n";
echo "\t<input type='hidden' name='next_session_password_md5' value='' />\n";
echo "<div align='right'><input class='button_login' type='submit' value='" . _T('button_validate') . "' /></div>\n";
echo "</div>";
echo "</form>";
} else {
// Ask only for the login/username
$action = quote_amp($action);
echo "<form name='form_login' action='{$action}' method='post'>\n";
echo "<div class='main_login_box' style='text-align:" . $GLOBALS["lcm_lang_left"] . ";'>";
if ($error) {
echo "<span style='color:red;'><b>" . _T('login_access_denied') . " {$error}</b></span><p />";
}
echo "<label><b>" . _T('login_login') . '</b> (' . _T('login_info_login') . ')' . "<br /></label>";
echo "<input type='text' name='var_login' class='forml' value=\"\" size='40' />\n";
echo "<input type='hidden' name='var_url' value='{$url}' />\n";
echo "<div align='right'><input class='button_login' type='submit' value='" . _T('button_validate') . "' /></div>\n";
echo "</div>";
echo "</form>";
}
// Focus management
echo "<script type=\"text/javascript\"><!--\n" . $js_focus . "\n//--></script>\n";
// Start the login footer
echo "<div align='left' style='font-size: 12px;' >";
echo "<div class='lang_combo_box'>" . menu_languages() . "</div>\n";
// button for "forgotten password"
include_lcm('inc_mail');
if (server_can_send_email()) {
echo '<a href="lcm_pass.php?pass_forgotten=yes" target="lcm_pass" onclick="' . "javascript:window.open(this.href, 'lcm_pass', 'scrollbars=yes, resizable=yes, width=640, height=280'); return false;\" class=\"link_btn\">" . _T('login_password_forgotten') . '</a>';
}
$register_popup = 'href="lcm_pass.php?register=yes" target="lcm_pass" ' . ' onclick="' . "javascript:window.open('lcm_pass.php?register=yes', 'lcm_pass', 'scrollbars=yes, resizable=yes, width=640, height=500'); return false;\"";
$open_subscription = read_meta("site_open_subscription");
if ($open_subscription == 'yes' || $open_subscription == 'moderated') {
echo " <a {$register_popup} class=\"link_btn\">" . _T('login_register') . '</a>';
}
echo "</div>\n";
echo close_login();
}
function changer_typo($lang = '', $source = '')
{
global $lang_typo, $lang_dir, $dir_lang;
if (preg_match("/^(article|rubrique|breve|auteur)([0-9]+)/", $source, $regs)) {
$r = lcm_fetch_array(lcm_query("SELECT lang FROM spip_" . $regs[1] . "s WHERE id_" . $regs[1] . "=" . $regs[2]));
$lang = $r['lang'];
}
if (!$lang) {
$lang = read_meta('default_language');
}
$lang_typo = lang_typo($lang);
$lang_dir = lang_dir($lang);
$dir_lang = " dir='{$lang_dir}'";
}
}
// Position to the page info start
if ($list_pos > 0) {
if (!lcm_data_seek($result, $list_pos)) {
die("Error seeking position {$list_pos} in the result");
}
}
show_find_box('org', $find_org_string, '__self__');
echo '<form action="add_client.php" method="post">' . "\n";
$headers[0]['title'] = "";
$headers[0]['order'] = 'no_order';
$headers[1]['title'] = _Th('org_input_name');
$headers[1]['order'] = 'order_name';
$headers[1]['default'] = 'ASC';
show_list_start($headers);
for ($i = 0; $i < $prefs['page_rows'] && ($row = lcm_fetch_array($result)); $i++) {
echo "<tr>\n";
// Show checkbox
echo "<td width='1%' class='tbl_cont_" . ($i % 2 ? "dark" : "light") . "'>";
echo "<input type='checkbox' name='orgs[]' value='" . $row['id_org'] . "'>";
echo "</td>\n";
// Show org name
echo "<td class='tbl_cont_" . ($i % 2 ? "dark" : "light") . "'>";
echo '<a href="org_det.php?org=' . $row['id_org'] . '" class="content_link">';
echo highlight_matches(clean_output($row['name']), $find_org_string);
echo "</a>";
echo "</td>\n";
echo "</tr>\n";
}
echo "<tr>\n";
echo '<td colspan="2"><p><a href="edit_org.php?attach_case=' . $case . '" class="create_new_lnk">' . _T('org_button_new_for_case') . '</a></p></td>' . "\n";
function lcm_db_40_refresh_case_update()
{
$server_info = lcm_sql_server_info();
// [ML] This won't work on MySQL 3.23 .. nor 4.0 (?!)
if (preg_match('/^MySQL/', $server_info) && !preg_match('/^MySQL 3\\./', $server_info) && !preg_match('/^MySQL 4\\.0/', $server_info)) {
lcm_query("UPDATE lcm_case \n\t\t\t\t\t\tSET date_update = (SELECT max(fu.date_start) \n\t\t\t\t\t\t\t\t\t\tFROM lcm_followup as fu \n\t\t\t\t\t\t\t\t\t\tWHERE lcm_case.id_case = fu.id_case\n\t\t\t\t\t\t\t\t\t\tGROUP BY fu.id_case)", true);
} else {
// [ML] Probably not the best idea.. but brain-dead mysql
// incompatibilities are driving me crazy..
//
// Note: using the join to exclude non-empty dates allows to
// continue/re-run the upgrade if it makes a time-out.
$result = lcm_query("SELECT c.id_case, MAX(fu.date_start) as date\n\t\t\t\t\t\t\t\tFROM lcm_followup as fu, lcm_case as c\n\t\t\t\t\t\t\t\tWHERE fu.id_case = c.id_case\n\t\t\t\t\t\t\t\t AND c.date_update != '0000-00-00 00:00:00'\n\t\t\t\t\t\t\t\tGROUP BY fu.id_case\n\t\t\t\t\t\t\t\tORDER BY fu.id_case ASC");
while ($row = lcm_fetch_array($result)) {
lcm_query("UPDATE lcm_case\n\t\t\t\t\t\t\tSET date_update = '" . $row['date'] . "'\n\t\t\t\t\t\t\tWHERE id_case = " . $row['id_case']);
}
}
}
echo "</td>\n";
if ($meta_sum_billed == 'yes') {
echo '<td align="right" valign="top">';
echo format_money($row['sumbilled']);
echo "</td>\n";
}
if ($show_more_times) {
$fu_types = get_keywords_in_group_name('followups', false);
$html = "";
foreach ($fu_types as $f) {
$q2 = "SELECT type,\n\t\t\t\t\t\t\t\t\tsum(IF(UNIX_TIMESTAMP(fu.date_end) > 0,\n\t\t\t\t\t\t\t\t\t\tUNIX_TIMESTAMP(fu.date_end)-UNIX_TIMESTAMP(fu.date_start), 0)) as time,\n\t\t\t\t\t\t\t\t\tsum(sumbilled) as sumbilled\n\t\t\t\t\t\t\t\tFROM lcm_followup as fu\n\t\t\t\t\t\t\t\tWHERE fu.id_case = {$case}\n\t\t\t\t\t\t\t\t AND fu.id_author = " . $row['id_author'] . "\n\t\t\t\t\t\t\t\t AND fu.hidden = 'N'\n\t\t\t\t\t\t\t\t AND fu.type = '" . $f['name'] . "'\n\t\t\t\t\t\t\t\tGROUP BY fu.type";
$r2 = lcm_query($q2);
// FIXME: css for "ul/li" is a bit weird, but without specifying the height,
// the text is displayed under the line...
// But we should probably scrap the whole table anyway
while ($row2 = lcm_fetch_array($r2)) {
// either: futype (70%) + length (15%) + sumbilled (15%)
// or only: futype (70%) + length (30%)
$html .= "<li style='clear: both; height: 1.4em; width: 100%;'>";
$html .= '<div style="float: left; text-align: left;">' . _Tkw('followups', $row2['type']) . ": " . '</div>';
if ($meta_sum_billed == 'yes') {
$html .= '<div style="width: 120px; float: right; text-align: right;">' . format_money($row2['sumbilled']) . '</div>';
}
$html .= '<div style="width: 120px; float: right; text-align: right;">' . format_time_interval_prefs($row2['time']) . '</div>';
$html .= "</li>\n";
}
}
if ($html) {
echo "</tr>\n";
echo "<tr>";
if ($meta_sum_billed == 'yes') {
show_context_case_title($fu_data['id_case']);
show_context_case_stage($fu_data['id_case'], $fu_data['id_followup']);
show_context_case_involving($fu_data['id_case']);
// Show parent appointment, if any
// [ML] todo put in inc_presentation
$q = "SELECT app.*\n\t\tFROM lcm_app_fu as af, lcm_app as app\n\t\tWHERE af.id_followup = {$followup} \n\t\t AND af.id_app = app.id_app \n\t\t AND af.relation = 'child'";
$res_app = lcm_query($q);
if ($app = lcm_fetch_array($res_app)) {
echo '<li style="list-style-type: none;">' . _T('fu_input_parent_appointment') . ' ';
echo '<a class="content_link" href="app_det.php?app=' . $app['id_app'] . '">' . _Tkw('appointments', $app['type']) . ' (' . $app['title'] . ') from ' . format_date($app['start_time']) . "</a></li>\n";
// TRAD
}
// Show child appointment, if any
$q = "SELECT app.* \n\t\tFROM lcm_app_fu as af, lcm_app as app\n\t\tWHERE af.id_followup = {$followup} \n\t\t AND af.id_app = app.id_app \n\t\t AND af.relation = 'parent'";
$res_app = lcm_query($q);
if ($app = lcm_fetch_array($res_app)) {
echo '<li style="list-style-type: none;">' . _T('fu_input_child_appointment') . ' ';
echo '<a class="content_link" href="app_det.php?app=' . $app['id_app'] . '">' . _Tkw('appointments', $app['type']) . ' (' . $app['title'] . ') from ' . format_date($app['start_time']) . "</a></li>\n";
// TRAD
}
// Show stage information
if ($fu_data['case_stage']) {
// if editing an existing followup..
if ($fu_data['case_stage']) {
$stage_info = get_kw_from_name('stage', $fu_data['case_stage']);
}
$id_stage = $stage_info['id_keyword'];
show_context_stage($fu_data['id_case'], $id_stage);
}
show_context_end();
if ($fu_data['hidden'] == 'Y') {
function show_report_filters($id_report, $is_runtime = false)
{
// Get general report info
$q = "SELECT * FROM lcm_report WHERE id_report = " . intval($id_report);
$res = lcm_query($q);
$rep_info = lcm_fetch_array($res);
if (!$rep_info) {
lcm_panic("Report does not exist: {$id_report}");
}
// List filters attached to this report
$query = "SELECT *\n\t\tFROM lcm_rep_filter as v, lcm_fields as f\n\t\tWHERE id_report = " . $id_report . "\n\t\tAND f.id_field = v.id_field";
// If generating the report (as opposed to editing), show filters
// who have a filter type (eq, neq, in, ..), but no value.
if ($is_runtime) {
$query .= " AND v.type != '' AND v.value = '' ";
}
$result = lcm_query($query);
if (lcm_num_rows($result)) {
if ($is_runtime) {
// submit all at once (else submit on a per-filter basis)
echo '<form action="run_rep.php" name="frm_filters" method="get">' . "\n";
echo '<input name="rep" value="' . $id_report . '" type="hidden" />' . "\n";
if (isset($_REQUEST['export'])) {
echo '<input name="export" value="' . $_REQUEST['export'] . '" type="hidden" />' . "\n";
}
}
echo "<table border='0' class='tbl_usr_dtl' width='99%'>\n";
while ($filter = lcm_fetch_array($result)) {
if (!$is_runtime) {
echo "<form action='upd_rep_field.php' name='frm_line_additem' method='get'>\n";
echo "<input name='update' value='filter' type='hidden' />\n";
echo "<input name='rep' value='{$id_report}' type='hidden' />\n";
echo "<input name='id_filter' value='" . $filter['id_filter'] . "' type='hidden' />\n";
}
echo "<tr>\n";
echo "<td>" . _Th($filter['description']) . "</td>\n";
// Type of filter
echo "<td>";
$all_filters = array('number' => array('none', 'num_eq', 'num_neq', 'num_lt', 'num_le', 'num_gt', 'num_ge'), 'date' => array('none', 'date_eq', 'date_in', 'date_lt', 'date_le', 'date_gt', 'date_ge'), 'text' => array('none', 'text_eq', 'text_neq'));
if ($all_filters[$filter['filter']]) {
// At runtime, if a filter has been selected, do not allow select
if ($filter['type'] && $is_runtime) {
echo _T('rep_filter_' . $filter['type']);
} else {
echo "<select name='filter_type'>\n";
echo "<option value=''>...</option>\n";
foreach ($all_filters[$filter['filter']] as $f) {
$sel = $filter['type'] == $f ? ' selected="selected"' : '';
echo "<option value='" . $f . "'" . $sel . ">" . _T('rep_filter_' . $f) . "</option>\n";
}
echo "</select>\n";
}
} else {
// XXX Should happen only if a filter was removed in a future version, e.g. rarely
// or between development releases.
echo "Unknown filter";
}
echo "</td>\n";
// Value for filter
echo "<td>";
switch ($filter['type']) {
case 'num_eq':
case 'num_neq':
if ($filter['field_name'] == 'id_author') {
$name = $is_runtime ? "filter_val" . $filter['id_filter'] : 'filter_value';
// XXX make this a function
$q = "SELECT * FROM lcm_author WHERE status IN ('admin', 'normal', 'external')";
$result_author = lcm_query($q);
echo "<select name='{$name}'>\n";
echo "<option value=''>...</option>\n";
// TRAD
while ($author = lcm_fetch_array($result_author)) {
// Check for already submitted value
$sel = $filter['value'] == $author['id_author'] || $_REQUEST['filter_val' . $filter['id_filter']] == $author['id_author'] ? ' selected="selected"' : '';
echo "<option value='" . $author['id_author'] . "'" . $sel . ">" . $author['id_author'] . " : " . get_person_name($author) . "</option>\n";
}
echo "</select>\n";
break;
}
case 'num_lt':
case 'num_gt':
$name = $is_runtime ? "filter_val" . $filter['id_filter'] : 'filter_value';
echo '<input style="width: 99%;" type="text" name="' . $name . '" value="' . $filter['value'] . '" />';
break;
case 'date_eq':
case 'date_lt':
case 'date_le':
case 'date_gt':
case 'date_ge':
$name = $is_runtime ? "filter_val" . $filter['id_filter'] : 'date';
echo get_date_inputs($name, $filter['value']);
// FIXME
break;
case 'date_in':
// date_in has two values, stored ex: 2005-01-01 00:00:00;2006-02-02 00:00:00
$name = $is_runtime ? "filter_val" . $filter['id_filter'] : 'date';
$values = split(";", $filter['value']);
echo get_date_inputs($name . '_start', $values[0]);
echo "<br />\n";
echo get_date_inputs($name . '_end', $values[1]);
break;
case 'text_eq':
case 'text_neq':
$name = $is_runtime ? "filter_val" . $filter['id_filter'] : 'filter_value';
if ($filter['enum_type']) {
$enum = explode(":", $filter['enum_type']);
if ($enum[0] == 'keyword') {
if ($enum[1] == 'system_kwg') {
$all_kw = get_keywords_in_group_name($enum[2]);
echo '<select name="' . $name . '">' . "\n";
echo '<option value="">' . "..." . "</option>\n";
// TRAD
foreach ($all_kw as $kw) {
$sel = $filter['value'] == $kw['name'] || $_REQUEST['filter_val' . $filter['id_filter']] == $kw['name'] ? ' selected="selected" ' : '';
echo '<option value="' . $kw['name'] . '"' . $sel . '>' . _Tkw($enum[2], $kw['name']) . "</option>\n";
}
echo "</select>\n";
}
} elseif ($enum[0] == 'list') {
$items = split(",", $enum[1]);
echo '<select name="' . $name . '">' . "\n";
echo '<option value="">' . "..." . "</option>\n";
// TRAD
foreach ($items as $i) {
$tmp = $i;
if ($enum[2]) {
$tmp = _T($enum[2] . $tmp);
}
$sel = $filter['value'] == $i || $_REQUEST['filter_val' . $filter['id_filter']] == $i ? ' selected="selected" ' : '';
echo '<option value="' . $i . '"' . $sel . '>' . $tmp . "</option>\n";
}
echo "</select>\n";
}
} else {
echo '<input style="width: 99%;" type="text" name="' . $name . '" value="' . $filter['value'] . '" />';
}
break;
default:
echo "<!-- no type -->\n";
}
echo "</td>\n";
if (!$is_runtime) {
// Button to validate
echo "<td>";
echo "<button class='simple_form_btn' name='validate_filter_addfield'>" . _T('button_validate') . "</button>\n";
echo "</td>\n";
// Link for "Remove"
echo "<td><a class='content_link' href='upd_rep_field.php?rep=" . $id_report . "&" . "remove=filter" . "&" . "id_filter=" . $filter['id_filter'] . "'>" . "X" . "</a></td>\n";
}
echo "</tr>\n";
if (!$is_runtime) {
echo "</form>\n";
}
}
echo "</table>\n";
}
if ($is_runtime) {
echo "<p><button class='simple_form_btn' name='validate_filter_addfield'>" . _T('button_validate') . "</button></p>\n";
echo "</form>\n";
return;
}
// List all available fields in selected tables for report
$query = "SELECT *\n\t\tFROM lcm_fields\n\t\tWHERE ";
$sources = array();
if ($rep_info['line_src_name']) {
array_push($sources, "'lcm_" . $rep_info['line_src_name'] . "'");
}
// Fetch all tables available as rep colums
// (this is not like rep line, because the source is not always in
// lcm_report, but this should be 'fixed')
$q_tmp = "SELECT DISTINCT table_name \n\t\t\t\tFROM lcm_rep_col as rp, lcm_fields as f\n\t\t\t\tWHERE rp.id_field = f.id_field\n\t\t\t\t AND rp.id_report = " . $id_report;
$result_tmp = lcm_query($q_tmp);
while ($row = lcm_fetch_array($result_tmp)) {
array_push($sources, "'" . $row['table_name'] . "'");
}
// Fetch all keyword sources
if ($rep_info['col_src_type'] == 'keyword' && $rep_info['col_src_name']) {
$kwg = get_kwg_from_name($rep_info['col_src_name']);
if ($kwg['type'] == 'system') {
switch ($kwg['name']) {
}
} else {
if ($kwg['type'] == 'client_org') {
array_push($sources, "'lcm_client'");
array_push($sources, "'lcm_org'");
} else {
array_push($sources, "'lcm_" . $kwg['type'] . "'");
}
}
}
// If lcm_case in there, also add lcm_stage
$tmp = '';
foreach ($sources as $s) {
if ($s == "'lcm_case'") {
$tmp = "lcm_stage";
}
}
if ($tmp) {
array_push($sources, "'lcm_stage'");
}
// List only filters if table were selected as sources (line/col)
if (count($sources)) {
$query .= " table_name IN ( " . implode(" , ", $sources) . " ) AND ";
$query .= " filter != 'none'";
$query .= " ORDER BY table_name ";
echo "<!-- QUERY: {$query} -->\n";
$result = lcm_query($query);
if (lcm_num_rows($result)) {
echo "<form action='upd_rep_field.php' name='frm_line_additem' method='get'>\n";
echo "<input name='rep' value='" . $rep_info['id_report'] . "' type='hidden' />\n";
echo "<input name='add' value='filter' type='hidden' />\n";
echo "<p class='normal_text'>" . _Ti('rep_input_filter_add');
echo "<select name='id_field'>\n";
echo "<option value=''>...</option>\n";
while ($row = lcm_fetch_array($result)) {
echo "<option value='" . $row['id_field'] . "'>" . _Ti('rep_info_table_' . $row['table_name']) . _Th($row['description']) . "</option>\n";
}
echo "</select>\n";
echo "<button class='simple_form_btn' name='validate_filter_addfield'>" . _T('button_validate') . "</button>\n";
echo "</p>\n";
echo "</form>\n";
}
} else {
echo '<p class="normal_text">' . _T('rep_info_select_source_first') . "</p>\n";
}
}
function get_fu_description($item, $make_short = true)
{
if (!is_array($item)) {
lcm_debug("get_fu_description: parameter is not an array.");
return '';
}
global $prefs;
global $fu_desc_len;
// configure via my_options.php with $GLOBALS['fu_desc_len'] = NNN;
$short_description = '';
// Set the length of short followup title (was: wide = 48, narrow = 115)
$title_length = isset($fu_desc_len) && $fu_desc_len > 0 ? $fu_desc_len : 256;
if ($item['type'] == 'assignment' && is_numeric($item['description'])) {
$res1 = lcm_query("SELECT * FROM lcm_author WHERE id_author = " . $item['description']);
$author1 = lcm_fetch_array($res1);
$short_description = _T('case_info_author_assigned', array('name' => get_person_name($author1)));
} elseif ($item['type'] == 'unassignment' && is_numeric($item['description'])) {
$res1 = lcm_query("SELECT * FROM lcm_author WHERE id_author = " . $item['description']);
$author1 = lcm_fetch_array($res1);
$short_description = _T('case_info_author_unassigned', array('name' => get_person_name($author1)));
} elseif ($item['type'] == 'stage_change' || is_status_change($item['type'])) {
$tmp = lcm_unserialize($item['description']);
// for backward compatibility, make it optional
if ($item['case_stage']) {
$short_description = _Tkw('stage', $item['case_stage']);
}
if ($tmp['description']) {
$short_description .= " / " . $tmp['description'];
}
if ($tmp['result'] || $tmp['conclusion']) {
$short_description .= "\n" . _Ti('fu_input_conclusion');
}
if ($tmp['result']) {
$short_description .= _Tkw('_crimresults', $tmp['result']) . "/";
}
if ($tmp['conclusion']) {
$short_description .= _Tkw('conclusion', $tmp['conclusion']);
}
if ($tmp['sentence']) {
$short_description .= "\n" . _Ti('fu_input_sentence') . _Tkw('sentence', $tmp['sentence'], array('currency' => read_meta('currency')));
}
if ($tmp['sentence_val']) {
$short_description .= ": " . $tmp['sentence_val'];
}
} else {
if ($item['description']) {
if (!$make_short || strlen(lcm_utf8_decode($item['description'])) < $title_length) {
$short_description = $item['description'];
} else {
$short_description = substr($item['description'], 0, $title_length) . '...';
}
$short_description = clean_output($short_description);
} else {
$short_description = _T('fu_info_emptydesc');
}
}
$short_description = nl2br($short_description);
if (empty($short_description)) {
$short_description = _T('info_not_available');
}
return $short_description;
}
function auth()
{
global $INSECURE, $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_COOKIE_VARS, $REMOTE_USER, $PHP_AUTH_USER, $PHP_AUTH_PW;
global $auth_can_disconnect;
global $connect_id_auteur, $connect_nom, $connect_bio, $connect_email;
global $connect_nom_site, $connect_url_site, $connect_login, $connect_pass;
global $connect_activer_imessage, $connect_activer_messagerie;
global $connect_status;
global $author_session, $prefs;
global $clean_link;
// This reloads $GLOBALS['db_ok'], just in case
include_config('inc_connect');
// If there is not SQL connection, quit.
if (!$GLOBALS['db_ok']) {
include_lcm('inc_presentation');
lcm_html_start("Technical problem", "install");
// annoy sql_errno()
echo "\n<!-- \n";
echo "\t* Flag connect: " . $GLOBALS['flag_connect'] . "\n\t";
lcm_query("SELECT count(*) from lcm_meta");
echo "\n-->\n\n";
echo "<div align='left' style='width: 600px;' class='box_error'>\n";
echo "\t<h3>" . _T('title_technical_problem') . "</h3>\n";
echo "\t<p>" . _T('info_technical_problem_database') . "</p>\n";
if (lcm_sql_errno()) {
echo "\t<p><tt>" . lcm_sql_errno() . " " . lcm_sql_error() . "</tt></p>\n";
} else {
echo "\t<p><tt>No error diagnostic was provided.</tt></p>\n";
}
echo "</div>\n";
lcm_html_end();
return false;
}
// Initialise variables (avoid URL hacks)
$auth_login = "";
$auth_pass = "";
$auth_pass_ok = false;
$auth_can_disconnect = false;
// Fetch identification data from authentication session
if (isset($_COOKIE['lcm_session'])) {
if (verifier_session($_COOKIE['lcm_session'])) {
if ($author_session['status'] == 'admin' or $author_session['status'] == 'normal') {
$auth_login = $author_session['username'];
$auth_pass_ok = true;
$auth_can_disconnect = true;
}
}
} else {
if ($_REQUEST['privet'] == 'yes') {
// Failed login attempt: cookie failed
$link = new Link("lcm_cookie.php?cookie_test_failed=yes");
$clean_link->delVar('privet');
$url = str_replace('/./', '/', $clean_link->getUrl());
$link->addVar('var_url', $url);
@header("Location: " . $link->getUrl());
exit;
}
}
// If not authenticated, ask for login / password
if (!$auth_login) {
$url = $clean_link->getUrl();
@header("Location: lcm_login.php?var_url=" . urlencode($url));
exit;
}
//
// Search for the login in the authors' table
//
$auth_login = addslashes($auth_login);
$query = "SELECT * FROM lcm_author WHERE username='******' AND status !='external' AND status !='6forum'";
$result = @lcm_query($query);
if ($row = lcm_fetch_array($result)) {
$connect_id_auteur = $row['id_author'];
$connect_nom = $row['name_first'];
$connect_login = $row['username'];
$connect_pass = $row['password'];
$connect_status = $row['status'];
$connect_activer_messagerie = "non";
//$row["messagerie"];
$connect_activer_imessage = "non ";
//$row["imessage"];
// Set the users' preferences
$prefs = unserialize(get_magic_quotes_runtime() ? stripslashes($row['prefs']) : $row['prefs']);
//
// Default values for some possibly unset preferences
//
if (!isset($prefs['page_rows']) || intval($prefs['page_rows']) < 1) {
$prefs['page_rows'] = 15;
}
if (!isset($prefs['theme']) || !$prefs['theme']) {
$prefs['theme'] = 'green';
}
if (!isset($prefs['screen']) || !$prefs['screen']) {
$prefs['screen'] = 'wide';
}
if (!isset($prefs['font_size']) || !$prefs['font_size']) {
$prefs['font_size'] = 'medium_font';
}
if (!isset($prefs['case_owner']) || !$prefs['case_owner']) {
$prefs['case_owner'] = 'my';
}
if (!isset($prefs['case_period']) || !$prefs['case_period']) {
$prefs['case_period'] = '91';
}
if (!isset($prefs['mode']) || !$prefs['mode']) {
$prefs['mode'] = 'simple';
}
if (!isset($prefs['time_intervals']) || !$prefs['time_intervals']) {
$prefs['time_intervals'] = 'relative';
$prefs['time_intervals_notation'] = 'hours_only';
}
} else {
// This case is a strange possibility: the author is authentified
// OK, but he does not exist in the authors table. Possible cause:
// the database was restaured and the author does not exist (and
// the user was authentified by another source, such as LDAP).
// Note: we use to show a strange error message which would advice
// to logout, but since it occurs only after db upgrade, just logout
// brutally (with cookie_admin=no to forget the username).
lcm_header('Location: lcm_cookie.php?cookie_admin=no&logout=' . $auth_login);
exit;
}
if (!$auth_pass_ok) {
@header("Location: lcm_login.php?var_erreur=pass");
exit;
}
// [ML] Again, not sure how this is used, but we can ignore it for now
// TODO (note: nouveau == new)
if ($connect_status == 'nouveau') {
$query = "UPDATE lcm_author SET status = 'normal' WHERE id_author = {$connect_id_auteur}";
$result = lcm_query($query);
$connect_status = 'normal';
}
// PHP sessions are started here, and stopped at logout
session_start();
return true;
}
function getCaseTotal()
{
static $cpt_total_cache = null;
if (is_null($cpt_total_cache)) {
$query = "SELECT count(*) as cpt\n\t\t\t\t\tFROM lcm_case_client_org as clo, lcm_case as c\n\t\t\t\t\tWHERE clo.id_client = " . $this->getDataInt('id_client', '__ASSERT__') . "\n\t\t\t\t\t AND clo.id_case = c.id_case ";
$result = lcm_query($query);
if ($row = lcm_fetch_array($result)) {
$cpt_total_cache = $row['cpt'];
} else {
$cpt_total_cache = 0;
}
}
return $cpt_total_cache;
}
}
// Show stage information [ML] Not very efficient, I know, but I prefer to avoid spagetti
if ($_SESSION['form_data']['case_stage']) {
// if editing an existing followup..
$stage_info = get_kw_from_name('stage', $_SESSION['form_data']['case_stage']);
$id_stage = $stage_info['id_keyword'];
show_context_stage($case, $id_stage);
} elseif (isset($old_stage) && $old_stage) {
// setting new stage
$stage_info = get_kw_from_name('stage', $old_stage);
$id_stage = $stage_info['id_keyword'];
show_context_stage($case, $id_stage);
} else {
// Normal follow-up
$result = lcm_query("SELECT stage FROM lcm_case WHERE id_case = " . $case);
$row = lcm_fetch_array($result);
if ($row['stage']) {
$stage_info = get_kw_from_name('stage', $row['stage']);
$id_stage = $stage_info['id_keyword'];
show_context_stage($case, $id_stage);
}
}
show_context_end();
// Show the errors (if any)
echo show_all_errors($_SESSION['errors']);
// Disable inputs when edit is not allowed for the field
$dis = $admin || $edit ? '' : 'disabled="disabled"';
echo '<form action="upd_fu.php" method="post">' . "\n";
$obj_fu = new LcmFollowupInfoUI($_SESSION['follow']);
$obj_fu->printEdit();
echo '<button name="submit" type="submit" value="submit" class="simple_form_btn">' . _T('button_validate') . "</button>\n";
}
if ($list_pos >= $number_of_rows) {
$list_pos = 0;
}
// Position to the page info start
if ($list_pos > 0) {
if (!lcm_data_seek($result, $list_pos)) {
lcm_panic("Error seeking position {$list_pos} in the result");
}
}
if (lcm_num_rows($result)) {
echo '<fieldset class="info_box">' . "\n";
show_page_subtitle(_T('client_subtitle_cases'), 'cases_participants');
echo "<p class=\"normal_text\">\n";
show_listcase_start();
for ($cpt = 0; $i < $prefs['page_rows'] && ($row1 = lcm_fetch_array($result)); $cpt++) {
show_listcase_item($row1, $cpt);
}
show_listcase_end($list_pos, $number_of_rows);
echo "</p>\n";
echo "</fieldset>\n";
}
break;
//
// Client attachments
//
//
// Client attachments
//
case 'attachments':
echo '<fieldset class="info_box">';
