public function duom_anal()
{
$page = new AdminPage();
$panel = new DuomenuAnalizePanel();
$panel1 = new Lenteles1();
$panel2 = new Filters();
$page->addToContainer(1, $panel1->getHtml());
$page->addToContainer(2, $panel->getHtml());
$page->addToContainer(2, $panel2->getHtml());
$page->pagePrint();
}
function tpl_list_heading($colname, $format = "<th%s>%s</th>")
{
global $proj, $page;
$imgbase = '<img src="%s" alt="%s" />';
$class = '';
$html = eL($colname);
if ($colname == 'comments' || $colname == 'attachments') {
$html = sprintf($imgbase, $page->get_image(substr($colname, 0, -1)), $html);
}
if (Get::val('order') == $colname) {
$class = ' class="orderby"';
$sort1 = Get::safe('sort', 'desc') == 'desc' ? 'asc' : 'desc';
$sort2 = Get::safe('sort2', 'desc');
$order2 = Get::safe('order2');
$html .= ' ' . sprintf($imgbase, $page->get_image(Get::val('sort')), Get::safe('sort'));
} else {
$sort1 = 'desc';
if (in_array($colname, array('project', 'tasktype', 'category', 'openedby', 'assignedto'))) {
$sort1 = 'asc';
}
$sort2 = Get::safe('sort', 'desc');
$order2 = Get::safe('order');
}
$new_order = array('order' => $colname, 'sort' => $sort1, 'order2' => $order2, 'sort2' => $sort2);
$html = sprintf('<a title="%s" href="%s">%s</a>', eL('sortthiscolumn'), Filters::noXSS(CreateURL('index', $proj->id, null, array_merge($_GET, $new_order))), $html);
return sprintf($format, $class, $html);
}
public static function getInstance()
{
if (self::$instance == NULL) {
self::$instance = new self();
}
return self::$instance;
}
/**
* @deprecated
*/
public static function omitFilter($method, $filter)
{
$message = '%s is deprecated, please use %::removeMethodFilter()';
trigger_error(sprintf($message, __METHOD__, __CLASS__), E_USER_DEPRECATED);
list(, $method) = Filters::target($method);
return $this->removeMethodFilter($method, $filter);
}
public function testOnceHandler()
{
$rawTitle = ' Hello world!!! ';
$this->filters->once('before_output_title', 'trim');
$this->filters->filter('before_output_title', $rawTitle);
$title = $this->filters->filter('before_output_title', $rawTitle);
self::assertEquals($rawTitle, $title);
}
function beforeCache(&$input, $plugins)
{
$input = preg_replace('|[[:space:]]+[[:alpha:]]+://[^<>[:space:]]+[[:alnum:]/]|', '<a href="\\0">\\0</a>', $input);
$input = preg_replace('/[a-zA-Z0-9._-]+@[a-zA-Z0-9-.]+\\.[a-zA-Z]{2,5}/', '<a href="mailto:\\0">\\0</a>', $input);
if (!in_array('WikiSyntax', $plugins)) {
$input = '<p>' . nl2br(Filters::noXSS($input)) . '</p>';
}
}
/**
* Filter data.
* @param $data string|int|array|object
* @return mixed Filtered data
*/
public function filterData($data)
{
$data_type = gettype($data);
if ($data_type == 'array' || $data_type == 'object') {
$data = Filters::filterKeyValuePairs($data);
} elseif ($data_type == 'string') {
$data = Filters::filterString($data);
}
return $data;
}
public function testStopPropagation()
{
$rawTitle = ' Hello world!!! ';
$this->filters->on('before_output_title', 'trim');
$this->filters->on('before_output_title', function ($value) {
throw (new StopPropagation())->setValue($value);
});
$this->filters->on('before_output_title', [$this, 'customFilterHandler']);
$title = $this->filters->filter('before_output_title', $rawTitle);
self::assertEquals('Hello world!!!', $title);
}
/**
* Returns kills in json format according to the specified parameters
*
* @static
* @param array $parameters
* @return array
*/
public static function getKills($parameters = array())
{
$ip = IP::get();
$userAgent = @$_SERVER["HTTP_USER_AGENT"];
Log::log("API Fetch: " . $_SERVER["REQUEST_URI"] . " (" . $ip . " / " . $userAgent . ")");
$tables = array();
$orWhereClauses = array();
$andWhereClauses = array();
Filters::buildFilters($tables, $orWhereClauses, $andWhereClauses, $parameters, true);
$tables = array_unique($tables);
//if (sizeof($tables) > 1) throw new Exception("Advanced multi-table searching is currently disabled");
if (sizeof($tables) == 0) {
$tables[] = "zz_participants p";
}
if (sizeof($tables) == 2) {
$tablePrefix = "k";
} else {
$tablePrefix = substr($tables[0], strlen($tables[0]) - 1, 1);
}
$query = "select distinct {$tablePrefix}.killID from ";
$query .= implode(" left join ", array_unique($tables));
if (sizeof($tables) == 2) {
$query .= " on (k.killID = p.killID) ";
}
if (sizeof($andWhereClauses) || sizeof($orWhereClauses)) {
$query .= " where ";
if (sizeof($orWhereClauses) > 0) {
$andOr = array_key_exists("combined", $parameters) && $parameters["combined"] == true ? " or " : " and ";
$query .= " ( " . implode($andOr, $orWhereClauses) . " ) ";
if (sizeof($andWhereClauses)) {
$query .= " and ";
}
}
if (sizeof($andWhereClauses)) {
$query .= implode(" and ", $andWhereClauses);
}
}
if (array_key_exists("limit", $parameters) && $parameters["limit"] < 200) {
$limit = $parameters["limit"];
$offset = 0;
} else {
$limit = 200;
// Hardcoded, yes. This number should never change. -- Squizz
$page = array_key_exists("page", $parameters) ? (int) $parameters["page"] : 1;
$offset = ($page - 1) * $limit;
}
$orderDirection = array_key_exists("orderDirection", $parameters) ? $parameters["orderDirection"] : "desc";
$query .= " order by {$tablePrefix}.dttm {$orderDirection} limit {$offset}, {$limit}";
$cacheTime = 3600;
$kills = Db::query($query, array(), $cacheTime);
return self::getJSON($kills, $parameters);
}
public static function getUrlImage($str)
{
//removendo os acentos
$str = trim($str);
$str = Filters::remove_accents($str);
//trocando espaço em branco por underline
$str = eregi_replace('( )', '_', $str);
//tirando outros caracteres invalidos
$str = eregi_replace('[^a-z0-9\\_]', '', $str);
//trocando duplo,tripo,quadrupo... espaço (underline) por 1 underline só
$str = eregi_replace('[\\_]{2,}', '', $str);
return strtolower($str);
}
/**
* Gets killmails
*
* @param $parameters an array of parameters to fetch mails for
* @param $allTime gets all mails from the beginning of time or not
* @return array
*/
public static function getKills($parameters = array(), $allTime = true)
{
$tables = array();
$orWhereClauses = array();
$andWhereClauses = array();
Filters::buildFilters($tables, $orWhereClauses, $andWhereClauses, $parameters, $allTime);
$tables = array_unique($tables);
if (sizeof($tables) == 0) {
$tables[] = "zz_participants p";
}
if (sizeof($tables) == 2) {
$tablePrefix = "k";
} else {
$tablePrefix = substr($tables[0], strlen($tables[0]) - 1, 1);
}
$query = "select distinct {$tablePrefix}.killID from ";
$query .= implode(" left join ", array_unique($tables));
if (sizeof($tables) == 2) {
$query .= " on (k.killID = p.killID) ";
}
if (sizeof($andWhereClauses) || sizeof($orWhereClauses)) {
$query .= " where ";
if (sizeof($orWhereClauses) > 0) {
$andOr = array_key_exists("combined", $parameters) && $parameters["combined"] == true ? " or " : " and ";
$query .= " ( " . implode($andOr, $orWhereClauses) . " ) ";
if (sizeof($andWhereClauses)) {
$query .= " and ";
}
}
if (sizeof($andWhereClauses)) {
$query .= implode(" and ", $andWhereClauses);
}
}
$limit = array_key_exists("limit", $parameters) ? (int) $parameters["limit"] : 50;
$page = array_key_exists("page", $parameters) ? (int) $parameters["page"] : 1;
$offset = ($page - 1) * $limit;
$orderBy = array_key_exists("orderBy", $parameters) ? $parameters["orderBy"] : "{$tablePrefix}.dttm";
$orderDirection = array_key_exists("orderDirection", $parameters) ? $parameters["orderDirection"] : "desc";
$query .= " order by {$orderBy} {$orderDirection} limit {$offset}, {$limit}";
$cacheTime = array_key_exists("cacheTime", $parameters) ? (int) $parameters["cacheTime"] : 120;
$cacheTime = max(120, $cacheTime);
if (array_key_exists("log", $parameters)) {
Db::log($query, array());
}
$kills = Db::query($query, array(), $cacheTime);
$merged = self::getKillsDetails($kills);
return $merged;
}
function imageAttachment($matches)
{
global $db, $baseurl, $user;
// we'll not blindly make images out of all attachments
$ext = substr($matches[1], -3);
if (!in_array($ext, array('png', 'jpg', 'gif'))) {
return $matches[0];
}
$att = $db->x->getRow('SELECT * FROM {attachments} WHERE orig_name = ?', null, $matches[1]);
$task = Flyspray::GetTaskDetails($att['task_id']);
if ($att && $user->can_view_task($task)) {
return sprintf('<img src="%s" alt="%s" />', Filters::noXSS($baseurl . '?getfile=' . $att['attachment_id']), Filters::noXSS($att['orig_name']));
} else {
return $matches[0];
}
}
function action_updateproject()
{
global $proj, $db, $baseurl;
if (Post::val('delete_project')) {
$url = Post::val('move_to') ? CreateURL(array('pm', 'proj' . Post::num('move_to'), 'prefs')) : $baseurl;
if (Backend::delete_project($proj->id, Post::val('move_to'))) {
return array(SUBMIT_OK, L('projectdeleted'), $url);
} else {
return array(ERROR_INPUT, L('projectnotdeleted'), $url);
}
}
if (!Post::val('project_title')) {
return array(ERROR_RECOVER, L('emptytitle'));
}
$cols = array('project_title', 'theme_style', 'lang_code', 'default_task', 'default_entry', 'intro_message', 'notify_email', 'notify_jabber', 'notify_subject', 'notify_reply', 'feed_description', 'feed_img_url', 'svn_user', 'svn_url', 'svn_password', 'mail_headers');
$args = array_map('Post_to0', $cols);
foreach (array('others_view', 'anon_open', 'send_digest', 'anon_view_tasks', 'anon_group', 'comment_closed', 'auto_assign', 'roadmap_field', 'override_user_lang') as $name) {
$cols[] = $name;
$args[] = Post::num($name);
}
foreach (array('notify_types', 'changelog_reso', 'syntax_plugins') as $name) {
$cols[] = $name;
$args[] = implode(' ', (array) Post::val($name));
}
// invalidate the cache if necessary
if (implode(' ', (array) Post::val('syntax_plugins')) != $proj->prefs['syntax_plugins']) {
$db->execParam('DELETE FROM {cache} WHERE project_id = ?', $proj->id);
}
// carefully check the project prefix...
$prefix = Post::val('project_prefix');
// already in use?
$use = $db->x->GetOne('SELECT project_id FROM {projects} WHERE project_prefix = ? AND project_id != ?', null, array($prefix, $proj->id));
if (Filters::isAlnum($prefix) && $prefix != 'FS' && !$use) {
$cols[] = 'project_prefix';
$args[] = $prefix;
} else {
return array(ERROR_RECOVER, L('badprefix'));
}
$cols[] = 'last_updated';
$args[] = time();
$cols[] = 'default_cat_owner';
$args[] = Flyspray::UserNameToId(Post::val('default_cat_owner'));
$db->x->autoExecute('{projects}', array_combine($cols, $args), MDB2_AUTOQUERY_UPDATE, sprintf('project_id = %d', $proj->id));
$db->x->execParam('UPDATE {projects} SET visible_columns = ? WHERE project_id = ?', array(trim(Post::val('visible_columns')), $proj->id));
return array(SUBMIT_OK, L('projectupdated'));
}
function Project($id)
{
global $db, $fs;
// Get custom fields
$fields = $db->x->getAll('SELECT f.*, l.list_type
FROM {fields} f
LEFT JOIN {lists} l ON f.list_id = l.list_id
WHERE f.project_id IN (0, ?) ORDER BY field_name', null, array($id));
foreach ($fields as $field) {
$f = new Field($field);
if ($f->id == $fs->prefs['color_field']) {
$f->values = $this->get_list($f->prefs, $f->id);
}
$this->fields['field' . $field['field_id']] = $f;
}
$this->columns = array_combine($this->columns, array_map('L', $this->columns));
foreach ($this->fields as $field) {
$this->columns['field' . $field->id] = $field->prefs['field_name'];
}
if (is_numeric($id) && $id > 0) {
$this->prefs = $db->x->getRow("SELECT p.*, c.content AS pm_instructions, c.last_updated AS cache_update\n FROM {projects} p\n LEFT JOIN {cache} c ON c.topic = p.project_id AND c.type = 'msg'\n WHERE p.project_id = ?", null, array($id));
if (is_array($this->prefs)) {
$this->id = (int) $this->prefs['project_id'];
$this->prefs['visible_columns'] = implode(' ', array_intersect(explode(' ', $this->prefs['visible_columns']), array_keys($this->columns)));
$this->prefs['theme_style'] = Filters::enum($this->prefs['theme_style'], Flyspray::listThemes());
return;
}
}
$this->id = 0;
$this->prefs = array();
$this->prefs['project_title'] = L('allprojects');
$this->prefs['feed_description'] = L('feedforall');
$this->prefs['theme_style'] = $fs->prefs['global_theme'];
$this->prefs['theme_style'] = Filters::enum($this->prefs['theme_style'], Flyspray::listThemes());
$this->prefs['lang_code'] = $fs->prefs['lang_code'];
$this->prefs['others_view'] = 1;
$this->prefs['intro_message'] = '';
$this->prefs['anon_open'] = $this->prefs['override_user_lang'] = 0;
$this->prefs['feed_img_url'] = '';
$this->prefs['default_entry'] = $fs->prefs['default_entry'];
$this->prefs['notify_reply'] = '';
$fs->prefs['visible_columns'] = implode(' ', array_intersect(explode(' ', $fs->prefs['visible_columns']), array_keys($this->columns)));
return;
}
public function get_userlist_by_filter()
{
if (!empty($this->postData['filter_set'])) {
$filter_set = \Filters::getInstance();
$filter_set->setResellerID(array_key_exists('reseller', $this->postData) ? $this->postData['reseller'] : 0);
$filter_set->initData('users', 'id');
$curr_filter_set = \Mysql::getInstance()->from('filter_set')->where(array('id' => $this->postData['filter_set']))->get()->first();
if (!empty($curr_filter_set) && ($unserialize_data = @unserialize($curr_filter_set['filter_set']))) {
$filter_data = array();
foreach ($unserialize_data as $row) {
$filter_data[$row[0]] = $row;
}
$filters_with_cond = array_filter(array_map(function ($row) use($filter_data) {
if (array_key_exists($row['text_id'], $filter_data)) {
$value = $row['text_id'] == 'status' || $row['text_id'] == 'state' ? (int) ($filter_data[$row['text_id']][2] - 1 > 0) : $filter_data[$row['text_id']][2];
return array($row['method'], $filter_data[$row['text_id']][1], $value);
}
}, $filter_set->getFilters()));
$filter_set->setFilters($filters_with_cond);
$this->user_list = $filter_set->getData();
}
}
return $this;
}
public static function loginHandle()
{
if (check_post('cc_login_uname', 'cc_login_passwd', 'cc_login_login')) {
// for security, we don't want session fixation :(
session_regenerate_id();
$_SESSION['uname'] = $_POST['cc_login_uname'];
$_SESSION['pword'] = hash('whirlpool', $_POST['cc_login_passwd']);
$_SESSION['last_ip'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['last_user_agent'] = $_SERVER['HTTP_USER_AGENT'];
if (self::checkSession()) {
//var_dump(TH_PUB_ADMIN);exit();
if ($_POST['cc_login_remember'] == "yes") {
$host = $_SERVER['HTTP_HOST'];
if (substr($host, 0, 4) == "www.") {
$host = substr($host, 3);
}
setcookie('ln', self::packCookie(), time() + 60 * 60 * 24 * 30 * 12);
}
cc_redirect(TH_PUB_ADMIN, true);
} else {
Filters::bind('post_output_login', 'Users::outputError');
}
}
}
if(checkbox)
checkbox.checked = true;
var hidden = document.getElementById('id_hidden_' + id);
if(hidden)
hidden.disabled = false;
var conf = document.getElementById('id_confirm');
if(conf)
conf.disabled = true;
}
</script>
<?php
// Set current directory to where the language files are
chdir("../lang");
$lang = @$_GET['lang'];
$fail = '';
if (!$lang || !Filters::isAlnum($lang)) {
$fail .= "Language code not supplied correctly<br/>\n";
}
if (!file_exists('en.php')) {
$fail .= "The english language file <code>en.php</code> is missing. Make sure this script is run from the same directory as the language files <code>.../flyspray/lang/</code><br/>\n";
}
if ($fail) {
die($fail . "<b>Usage:</b> <a href='.langedit.php?lang='>.langedit.php?lang=<lang code></a> where <lang code> should be replaced by your languge, e.g. <b>de</b> for German.");
}
// Read english language file in array $language (assumed to be UTF-8 encoded)
require_once 'en.php';
if (!is_array(@$language)) {
die("Invalid language file for english");
}
$count = count($language);
// Read the translation file in array $translation (assumed to be UTF-8 encoded)
<?php
require_once 'app/autoload.php';
if (isset($_SESSION['chat_login']['id_user'])) {
// Return
$return = '';
// Update dos users
$users = new UsersModel();
$users->setFields(array('timestamp'));
$users->setData(array('timestamp' => date('Y-m-d H:i:s')));
$users->update($_SESSION['chat_login']['id_user']);
// Lendo as messages
$users = new UsersModel();
$users->setCond('id_room = ' . $_SESSION['chat_login']['id_room']);
$users->setCond('id != ' . $_SESSION['chat_login']['id_user']);
$users->setCond('active = 1');
$users->setOrderBy('user asc');
$load = $users->load_all();
$json = array();
foreach ($load as $line) {
// Retorno
$user = Filters::convert(htmlentities($line['user']));
$return .= '<a href="#" id="user_' . $line['id'] . '" rel="' . $line['id'] . '">' . $user . '</a>';
$json[] = '["' . $line['id'] . '", "' . $user . '"]';
}
echo '[' . implode(',', $json) . ']';
} else {
echo 'error';
}
/**
* Uses service location (i.e. `Libraries::locate()`) to look up a named class of a particular
* type, and creates an instance of it, and passes an array of parameters to the constructor.
*
* If the given class can't be found, an exception is thrown.
*
* @param string $type The type of class as defined by `Libraries::$_paths`.
* @param string $name The un-namespaced name of the class to instantiate.
* @param array $options An array of constructor parameters to pass to the class.
* @return object If the class is found, returns an instance of it, otherwise throws an
* exception.
* @throws lithium\core\ClassNotFoundException Throws an exception if the class can't be found.
* @filter
*/
public static function instance($type, $name, array $options = array())
{
$params = compact('type', 'name', 'options');
$_paths =& static::$_paths;
$implementation = function ($self, $params) use(&$_paths) {
$name = $params['name'];
$type = $params['type'];
if (!$name && !$type) {
$message = "Invalid class lookup: `\$name` and `\$type` are empty.";
throw new ClassNotFoundException($message);
}
if (!is_string($type) && $type !== null && !isset($_paths[$type])) {
throw new ClassNotFoundException("Invalid class type `{$type}`.");
}
if (!($class = $self::locate($type, $name))) {
throw new ClassNotFoundException("Class `{$name}` of type `{$type}` not found.");
}
if (is_object($class)) {
return $class;
}
if (!(is_string($class) && class_exists($class))) {
throw new ClassNotFoundException("Class `{$name}` of type `{$type}` not defined.");
}
return new $class($params['options']);
};
if (!isset(static::$_methodFilters[__FUNCTION__])) {
return $implementation(get_called_class(), $params);
}
$class = get_called_class();
$method = __FUNCTION__;
$data = array_merge(static::$_methodFilters[__FUNCTION__], array($implementation));
return Filters::run($class, $params, compact('data', 'class', 'method'));
}
/**
* Returns an array of tasks (respecting pagination) and an ID list (all tasks)
* @param array $args
* @param array $visible
* @param integer $offset
* @param integer $comment
* @param bool $perpage
* @access public
* @return array
* @version 1.0
*/
public static function get_task_list($args, $visible, $offset = 0, $perpage = 20)
{
global $fs, $proj, $db, $user, $conf;
/* build SQL statement {{{ */
// Original SQL courtesy of Lance Conry http://www.rhinosw.com/
$where = $sql_params = array();
// echo '<pre>' . print_r($visible, true) . '</pre>';
// echo '<pre>' . print_r($args, true) . '</pre>';
// PostgreSQL LIKE searches are by default case sensitive,
// so we use ILIKE instead. For other databases, in our case
// only MySQL/MariaDB, LIKE is good for our purposes.
$LIKEOP = 'LIKE';
if ($db->dblink->dataProvider == 'postgres') {
$LIKEOP = 'ILIKE';
}
$select = '';
$groupby = 't.task_id, ';
$cgroupbyarr = array();
// Joins absolutely needed for user viewing rights
$from = ' {tasks} t
-- All tasks have a project!
JOIN {projects} p ON t.project_id = p.project_id';
// Not needed for anonymous users
if (!$user->isAnon()) {
$from .= ' -- Global group always exists
JOIN ({groups} gpg
JOIN {users_in_groups} gpuig ON gpg.group_id = gpuig.group_id AND gpuig.user_id = ?
) ON gpg.project_id = 0
-- Project group might exist or not.
LEFT JOIN ({groups} pg
JOIN {users_in_groups} puig ON pg.group_id = puig.group_id AND puig.user_id = ?
) ON pg.project_id = t.project_id';
$sql_params[] = $user->id;
$sql_params[] = $user->id;
}
// Keep this always, could also used for showing assigned users for a task.
// Keeps the overall logic somewhat simpler.
$from .= ' LEFT JOIN {assigned} ass ON t.task_id = ass.task_id';
$from .= ' LEFT JOIN {task_tag} tt ON t.task_id = tt.task_id';
$cfrom = $from;
// Seems resution name really is needed...
$select .= 'lr.resolution_name, ';
$from .= ' LEFT JOIN {list_resolution} lr ON t.resolution_reason = lr.resolution_id ';
$groupby .= 'lr.resolution_name, ';
// Otherwise, only join tables which are really necessary to speed up the db-query
if (array_get($args, 'type') || in_array('tasktype', $visible)) {
$select .= ' lt.tasktype_name, ';
$from .= '
LEFT JOIN {list_tasktype} lt ON t.task_type = lt.tasktype_id ';
$groupby .= ' lt.tasktype_id, ';
}
if (array_get($args, 'status') || in_array('status', $visible)) {
$select .= ' lst.status_name, ';
$from .= '
LEFT JOIN {list_status} lst ON t.item_status = lst.status_id ';
$groupby .= ' lst.status_id, ';
}
if (array_get($args, 'cat') || in_array('category', $visible)) {
$select .= ' lc.category_name AS category_name, ';
$from .= '
LEFT JOIN {list_category} lc ON t.product_category = lc.category_id ';
$groupby .= 'lc.category_id, ';
}
if (in_array('votes', $visible)) {
$select .= ' (SELECT COUNT(vot.vote_id) FROM {votes} vot WHERE vot.task_id = t.task_id) AS num_votes, ';
}
$maxdatesql = ' GREATEST((SELECT max(c.date_added) FROM {comments} c WHERE c.task_id = t.task_id), t.date_opened, t.date_closed, t.last_edited_time) ';
$search_for_changes = in_array('lastedit', $visible) || array_get($args, 'changedto') || array_get($args, 'changedfrom');
if ($search_for_changes) {
$select .= ' GREATEST((SELECT max(c.date_added) FROM {comments} c WHERE c.task_id = t.task_id), t.date_opened, t.date_closed, t.last_edited_time) AS max_date, ';
$cgroupbyarr[] = 't.task_id';
}
if (array_get($args, 'search_in_comments')) {
$from .= '
LEFT JOIN {comments} c ON t.task_id = c.task_id ';
$cfrom .= '
LEFT JOIN {comments} c ON t.task_id = c.task_id ';
$cgroupbyarr[] = 't.task_id';
}
if (in_array('comments', $visible)) {
$select .= ' (SELECT COUNT(cc.comment_id) FROM {comments} cc WHERE cc.task_id = t.task_id) AS num_comments, ';
}
if (in_array('reportedin', $visible)) {
$select .= ' lv.version_name AS product_version_name, ';
$from .= '
LEFT JOIN {list_version} lv ON t.product_version = lv.version_id ';
$groupby .= 'lv.version_id, ';
}
if (array_get($args, 'opened') || in_array('openedby', $visible)) {
$select .= ' uo.real_name AS opened_by_name, ';
$from .= '
LEFT JOIN {users} uo ON t.opened_by = uo.user_id ';
$groupby .= 'uo.user_id, ';
if (array_get($args, 'opened')) {
$cfrom .= '
LEFT JOIN {users} uo ON t.opened_by = uo.user_id ';
}
}
if (array_get($args, 'closed')) {
$select .= ' uc.real_name AS closed_by_name, ';
$from .= '
LEFT JOIN {users} uc ON t.closed_by = uc.user_id ';
$groupby .= 'uc.user_id, ';
$cfrom .= '
LEFT JOIN {users} uc ON t.closed_by = uc.user_id ';
}
if (array_get($args, 'due') || in_array('dueversion', $visible)) {
$select .= ' lvc.version_name AS closedby_version_name, ';
$from .= '
LEFT JOIN {list_version} lvc ON t.closedby_version = lvc.version_id ';
$groupby .= 'lvc.version_id, lvc.list_position, ';
}
if (in_array('os', $visible)) {
$select .= ' los.os_name AS os_name, ';
$from .= '
LEFT JOIN {list_os} los ON t.operating_system = los.os_id ';
$groupby .= 'los.os_id, ';
}
if (in_array('attachments', $visible)) {
$select .= ' (SELECT COUNT(attc.attachment_id) FROM {attachments} attc WHERE attc.task_id = t.task_id) AS num_attachments, ';
}
if (array_get($args, 'has_attachment')) {
$where[] = 'EXISTS (SELECT 1 FROM {attachments} att WHERE t.task_id = att.task_id)';
}
# 20150213 currently without recursive subtasks!
if (in_array('effort', $visible)) {
$select .= ' (SELECT SUM(ef.effort) FROM {effort} ef WHERE t.task_id = ef.task_id) AS effort, ';
}
if (array_get($args, 'dev') || in_array('assignedto', $visible)) {
# not every db system has this feature out of box
if ('mysql' == $db->dblink->dataProvider) {
#$select .= ' GROUP_CONCAT(u.real_name) AS assigned_to_name, ';
# without distinct i see multiple times each assignee
# maybe performance penalty due distinct?, solve by better groupby construction?
$select .= ' GROUP_CONCAT(DISTINCT u.real_name) AS assigned_to_name, ';
# maybe later for building links to users
#$select .= ' GROUP_CONCAT(DISTINCT u.real_name ORDER BY u.user_id) AS assigned_to_name, ';
#$select .= ' GROUP_CONCAT(DISTINCT u.user_id ORDER BY u.user_id) AS assignedids, ';
} else {
$select .= ' MIN(u.real_name) AS assigned_to_name, ';
$select .= ' (SELECT COUNT(assc.user_id) FROM {assigned} assc WHERE assc.task_id = t.task_id) AS num_assigned, ';
}
// assigned table is now always included in join
$from .= '
LEFT JOIN {users} u ON ass.user_id = u.user_id ';
$groupby .= 'ass.task_id, ';
if (array_get($args, 'dev')) {
$cfrom .= '
LEFT JOIN {users} u ON ass.user_id = u.user_id ';
$cgroupbyarr[] = 't.task_id';
$cgroupbyarr[] = 'ass.task_id';
}
}
# not every db system has this feature out of box
if ('mysql' == $db->dblink->dataProvider) {
# without distinct i see multiple times each tag (when task has several assignees too)
$select .= ' GROUP_CONCAT(DISTINCT tg.tag_name ORDER BY tg.list_position) AS tags, ';
$select .= ' GROUP_CONCAT(DISTINCT tg.tag_id ORDER BY tg.list_position) AS tagids, ';
$select .= ' GROUP_CONCAT(DISTINCT tg.class ORDER BY tg.list_position) AS tagclass, ';
} else {
# FIXME: GROUP_CONCAT() for postgresql?
$select .= ' MIN(tg.tag_name) AS tags, ';
#$select .= ' (SELECT COUNT(tt.tag_id) FROM {task_tag} tt WHERE tt.task_id = t.task_id) AS tagnum, ';
$select .= ' MIN(tg.tag_id) AS tagids, ';
$select .= " '' AS tagclass, ";
}
// task_tag join table is now always included in join
$from .= '
LEFT JOIN {list_tag} tg ON tt.tag_id = tg.tag_id ';
$groupby .= 'tt.task_id, ';
$cfrom .= '
LEFT JOIN {list_tag} tg ON tt.tag_id = tg.tag_id ';
$cgroupbyarr[] = 't.task_id';
$cgroupbyarr[] = 'tt.task_id';
# use preparsed task description cache for dokuwiki when possible
if ($conf['general']['syntax_plugin'] == 'dokuwiki' && FLYSPRAY_USE_CACHE == true) {
$select .= ' cache.content desccache, ';
$from .= '
LEFT JOIN {cache} cache ON t.task_id=cache.topic AND cache.type="task" ';
} else {
$select .= 'NULL AS desccache, ';
}
if (array_get($args, 'only_primary')) {
$where[] = 'NOT EXISTS (SELECT 1 FROM {dependencies} dep WHERE dep.dep_task_id = t.task_id)';
}
# feature FS#1600
if (array_get($args, 'only_blocker')) {
$where[] = 'EXISTS (SELECT 1 FROM {dependencies} dep WHERE dep.dep_task_id = t.task_id)';
}
if (array_get($args, 'only_blocked')) {
$where[] = 'EXISTS (SELECT 1 FROM {dependencies} dep WHERE dep.task_id = t.task_id)';
}
# feature FS#1599
if (array_get($args, 'only_unblocked')) {
$where[] = 'NOT EXISTS (SELECT 1 FROM {dependencies} dep WHERE dep.task_id = t.task_id)';
}
if (array_get($args, 'hide_subtasks')) {
$where[] = 't.supertask_id = 0';
}
if (array_get($args, 'only_watched')) {
$where[] = 'EXISTS (SELECT 1 FROM {notifications} fsn WHERE t.task_id = fsn.task_id AND fsn.user_id = ?)';
$sql_params[] = $user->id;
}
if ($proj->id) {
$where[] = 't.project_id = ?';
$sql_params[] = $proj->id;
} else {
if (!$user->isAnon()) {
// Anon-case handled later.
$allowed = array();
foreach ($fs->projects as $p) {
$allowed[] = $p['project_id'];
}
if (count($allowed) > 0) {
$where[] = 't.project_id IN (' . implode(',', $allowed) . ')';
} else {
$where[] = '0 = 1';
# always empty result
}
}
}
// process users viewing rights, if not anonymous
if (!$user->isAnon()) {
$where[] = '
( -- Begin block where users viewing rights are checked.
-- Case everyone can see all project tasks anyway and task not private
(t.mark_private = 0 AND p.others_view = 1)
OR
-- Case admin or project manager, can see any task, even private
(gpg.is_admin = 1 OR gpg.manage_project = 1 OR pg.is_admin = 1 OR pg.manage_project = 1)
OR
-- Case allowed to see all tasks, but not private
((gpg.view_tasks = 1 OR pg.view_tasks = 1) AND t.mark_private = 0)
OR
-- Case allowed to see own tasks (automatically covers private tasks also for this user!)
((gpg.view_own_tasks = 1 OR pg.view_own_tasks = 1) AND (t.opened_by = ? OR ass.user_id = ?))
OR
-- Case task is private, but user either opened it or is an assignee
(t.mark_private = 1 AND (t.opened_by = ? OR ass.user_id = ?))
OR
-- Leave groups tasks as the last one to check. They are the only ones that actually need doing a subquery
-- for checking viewing rights. There\'s a chance that a previous check already matched and the subquery is
-- not executed at all. All this of course depending on how the database query optimizer actually chooses
-- to fetch the results and execute this query... At least it has been given the hint.
-- Case allowed to see groups tasks, all projects (NOTE: both global and project specific groups accepted here)
-- Strange... do not use OR here with user_id in EXISTS clause, seems to prevent using index with both mysql and
-- postgresql, query times go up a lot. So it\'ll be 2 different EXISTS OR\'ed together.
(gpg.view_groups_tasks = 1 AND t.mark_private = 0 AND (
EXISTS (SELECT 1 FROM {users_in_groups} WHERE (group_id = pg.group_id OR group_id = gpg.group_id) AND user_id = t.opened_by)
OR
EXISTS (SELECT 1 FROM {users_in_groups} WHERE (group_id = pg.group_id OR group_id = gpg.group_id) AND user_id = ass.user_id)
))
OR
-- Case allowed to see groups tasks, current project. Only project group allowed here.
(pg.view_groups_tasks = 1 AND t.mark_private = 0 AND (
EXISTS (SELECT 1 FROM {users_in_groups} WHERE group_id = pg.group_id AND user_id = t.opened_by)
OR
EXISTS (SELECT 1 FROM {users_in_groups} WHERE group_id = pg.group_id AND user_id = ass.user_id)
))
) -- Rights have been checked
';
$sql_params[] = $user->id;
$sql_params[] = $user->id;
$sql_params[] = $user->id;
$sql_params[] = $user->id;
}
/// process search-conditions {{{
$submits = array('type' => 'task_type', 'sev' => 'task_severity', 'due' => 'closedby_version', 'reported' => 'product_version', 'cat' => 'product_category', 'status' => 'item_status', 'percent' => 'percent_complete', 'pri' => 'task_priority', 'dev' => array('ass.user_id', 'u.user_name', 'u.real_name'), 'opened' => array('opened_by', 'uo.user_name', 'uo.real_name'), 'closed' => array('closed_by', 'uc.user_name', 'uc.real_name'));
foreach ($submits as $key => $db_key) {
$type = array_get($args, $key, $key == 'status' ? 'open' : '');
settype($type, 'array');
if (in_array('', $type)) {
continue;
}
$temp = '';
$condition = '';
foreach ($type as $val) {
// add conditions for the status selection
if ($key == 'status' && $val == 'closed' && !in_array('open', $type)) {
$temp .= ' is_closed = 1 AND';
} elseif ($key == 'status' && !in_array('closed', $type)) {
$temp .= ' is_closed = 0 AND';
}
if (is_numeric($val) && !is_array($db_key) && !($key == 'status' && $val == 'closed')) {
$temp .= ' ' . $db_key . ' = ? OR';
$sql_params[] = $val;
} elseif (is_array($db_key)) {
if ($key == 'dev' && ($val == 'notassigned' || $val == '0' || $val == '-1')) {
$temp .= ' ass.user_id is NULL OR';
} else {
foreach ($db_key as $singleDBKey) {
if (strpos($singleDBKey, '_name') !== false) {
$temp .= ' ' . $singleDBKey . " {$LIKEOP} ? OR";
$sql_params[] = '%' . $val . '%';
} elseif (is_numeric($val)) {
$temp .= ' ' . $singleDBKey . ' = ? OR';
$sql_params[] = $val;
}
}
}
}
// Add the subcategories to the query
if ($key == 'cat') {
$result = $db->Query('SELECT *
FROM {list_category}
WHERE category_id = ?', array($val));
$cat_details = $db->FetchRow($result);
$result = $db->Query('SELECT *
FROM {list_category}
WHERE lft > ? AND rgt < ? AND project_id = ?', array($cat_details['lft'], $cat_details['rgt'], $cat_details['project_id']));
while ($row = $db->FetchRow($result)) {
$temp .= ' product_category = ? OR';
$sql_params[] = $row['category_id'];
}
}
}
if ($temp) {
$where[] = '(' . substr($temp, 0, -3) . ')';
}
}
/// }}}
$order_keys = array('id' => 't.task_id', 'project' => 'project_title', 'tasktype' => 'tasktype_name', 'dateopened' => 'date_opened', 'summary' => 'item_summary', 'severity' => 'task_severity', 'category' => 'lc.category_name', 'status' => 'is_closed, item_status', 'dueversion' => 'lvc.list_position', 'duedate' => 'due_date', 'progress' => 'percent_complete', 'lastedit' => 'max_date', 'priority' => 'task_priority', 'openedby' => 'uo.real_name', 'reportedin' => 't.product_version', 'assignedto' => 'u.real_name', 'dateclosed' => 't.date_closed', 'os' => 'los.os_name', 'votes' => 'num_votes', 'attachments' => 'num_attachments', 'comments' => 'num_comments', 'private' => 'mark_private', 'supertask' => 't.supertask_id');
// make sure that only columns can be sorted that are visible (and task severity, since it is always loaded)
$order_keys = array_intersect_key($order_keys, array_merge(array_flip($visible), array('severity' => 'task_severity')));
// Implementing setting "Default order by"
if (!array_key_exists('order', $args)) {
# now also for $proj->id=0 (allprojects)
$orderBy = $proj->prefs['sorting'][0]['field'];
$sort = $proj->prefs['sorting'][0]['dir'];
if (count($proj->prefs['sorting']) > 1) {
$orderBy2 = $proj->prefs['sorting'][1]['field'];
$sort2 = $proj->prefs['sorting'][1]['dir'];
} else {
$orderBy2 = 'severity';
$sort2 = 'DESC';
}
} else {
$orderBy = $args['order'];
$sort = $args['sort'];
$orderBy2 = 'severity';
$sort2 = 'desc';
}
// TODO: Fix this! If something is already ordered by task_id, there's
// absolutely no use to even try to order by something else also.
$order_column[0] = $order_keys[Filters::enum(array_get($args, 'order', $orderBy), array_keys($order_keys))];
$order_column[1] = $order_keys[Filters::enum(array_get($args, 'order2', $orderBy2), array_keys($order_keys))];
$sortorder = sprintf('%s %s, %s %s, t.task_id ASC', $order_column[0], Filters::enum(array_get($args, 'sort', $sort), array('asc', 'desc')), $order_column[1], Filters::enum(array_get($args, 'sort2', $sort2), array('asc', 'desc')));
$having = array();
$dates = array('duedate' => 'due_date', 'changed' => $maxdatesql, 'opened' => 'date_opened', 'closed' => 'date_closed');
foreach ($dates as $post => $db_key) {
$var = $post == 'changed' ? 'having' : 'where';
if ($date = array_get($args, $post . 'from')) {
${$var}[] = '(' . $db_key . ' >= ' . Flyspray::strtotime($date) . ')';
}
if ($date = array_get($args, $post . 'to')) {
${$var}[] = '(' . $db_key . ' <= ' . Flyspray::strtotime($date) . ' AND ' . $db_key . ' > 0)';
}
}
if (array_get($args, 'string')) {
$words = explode(' ', strtr(array_get($args, 'string'), '()', ' '));
$comments = '';
$where_temp = array();
if (array_get($args, 'search_in_comments')) {
$comments .= " OR c.comment_text {$LIKEOP} ?";
}
if (array_get($args, 'search_in_details')) {
$comments .= " OR t.detailed_desc {$LIKEOP} ?";
}
foreach ($words as $word) {
$likeWord = '%' . str_replace('+', ' ', trim($word)) . '%';
$where_temp[] = "(t.item_summary {$LIKEOP} ? OR t.task_id = ? {$comments})";
array_push($sql_params, $likeWord, intval($word));
if (array_get($args, 'search_in_comments')) {
array_push($sql_params, $likeWord);
}
if (array_get($args, 'search_in_details')) {
array_push($sql_params, $likeWord);
}
}
$where[] = '(' . implode(array_get($args, 'search_for_all') ? ' AND ' : ' OR ', $where_temp) . ')';
}
if ($user->isAnon()) {
$where[] = 't.mark_private = 0 AND p.others_view = 1';
if (array_key_exists('status', $args)) {
if (in_array('closed', $args['status']) && !in_array('open', $args['status'])) {
$where[] = 't.is_closed = 1';
} elseif (in_array('open', $args['status']) && !in_array('closed', $args['status'])) {
$where[] = 't.is_closed = 0';
}
}
}
$where = count($where) ? 'WHERE ' . join(' AND ', $where) : '';
// Get the column names of table tasks for the group by statement
if (!strcasecmp($conf['database']['dbtype'], 'pgsql')) {
$groupby .= "p.project_title, p.project_is_active, ";
// Remove this after checking old PostgreSQL docs.
// 1 column from task table should be enough, after
// already grouping by task_id, there's no possibility
// to have anything more in that table to group by.
$groupby .= $db->GetColumnNames('{tasks}', 't.task_id', 't.');
} else {
$groupby = 't.task_id';
}
$having = count($having) ? 'HAVING ' . join(' AND ', $having) : '';
// echo '<pre>' . print_r($args, true) . '</pre>';
// echo '<pre>' . print_r($cgroupbyarr, true) . '</pre>';
$cgroupby = count($cgroupbyarr) ? 'GROUP BY ' . implode(',', array_unique($cgroupbyarr)) : '';
$sqlcount = "SELECT COUNT(*) FROM (SELECT 1, t.task_id, t.date_opened, t.date_closed, t.last_edited_time\n FROM {$cfrom}\n {$where}\n {$cgroupby}\n {$having}) s";
$sqltext = "SELECT t.*, {$select}\np.project_title, p.project_is_active\nFROM {$from}\n{$where}\nGROUP BY {$groupby}\n{$having}\nORDER BY {$sortorder}";
// Very effective alternative with a little bit more work
// and if row_number() can be emulated in mysql. Idea:
// Move every join and other operation not needed in
// the inner clause to select rows to the outer query,
// and do the rest when we already know which rows
// are in the window to show. Got it to run constantly
// under 6000 ms.
/* Leave this for next version, don't have enough time for testing.
$sqlexperiment = "SELECT * FROM (
SELECT row_number() OVER(ORDER BY task_id) AS rownum,
t.*, $select p.project_title, p.project_is_active FROM $from
$where
GROUP BY $groupby
$having
ORDER BY $sortorder
)
t WHERE rownum BETWEEN $offset AND " . ($offset + $perpage);
*/
// echo '<pre>'.print_r($sql_params, true).'</pre>'; # for debugging
// echo '<pre>'.$sqlcount.'</pre>'; # for debugging
// echo '<pre>'.$sqltext.'</pre>'; # for debugging
$sql = $db->Query($sqlcount, $sql_params);
$totalcount = $db->FetchOne($sql);
# 20150313 peterdd: Do not override task_type with tasktype_name until we changed t.task_type to t.task_type_id! We need the id too.
$sql = $db->Query($sqltext, $sql_params, $perpage, $offset);
// $sql = $db->Query($sqlexperiment, $sql_params);
$tasks = $db->fetchAllArray($sql);
$id_list = array();
$limit = array_get($args, 'limit', -1);
$forbidden_tasks_count = 0;
foreach ($tasks as $key => $task) {
$id_list[] = $task['task_id'];
if (!$user->can_view_task($task)) {
unset($tasks[$key]);
$forbidden_tasks_count++;
}
}
// Work on this is not finished until $forbidden_tasks_count is always zero.
// echo "<pre>$offset : $perpage : $totalcount : $forbidden_tasks_count</pre>";
return array($tasks, $id_list, $totalcount, $forbidden_tasks_count);
// # end alternative
}
<?php
require 'app/inc/autoload.php';
if (isset($_POST) && !empty($_POST)) {
$user = Filters::anti_sql_injection($_POST['user']);
$password = md5($_POST['password']);
$admin_model = new AdminModel();
$admin_model->setCond('user = "******"');
$admin_model->setCond('password = "******"');
$load = $admin_model->load();
if (!empty($load)) {
$_SESSION['id_admin'] = $load[0]['id'];
$_SESSION['user_admin'] = $load[0]['user'];
$_SESSION['password_admin'] = $load[0]['password'];
}
}
// Check login
if (isset($_SESSION['user_admin']) && isset($_SESSION['password_admin'])) {
header('location: index.php');
exit;
}
Template::getHeader();
?>
<div id="content">
<form method="post" name="login" action="login.php">
<div class="block_field">
<label for="user">User<label>
<input type="text" name="user" id="user" size="30" />
</div>
<div class="block_field">
<label for="password">Password<label>
/**
* Returns an array of tasks (respecting pagination) and an ID list (all tasks)
* @param array $args call by reference because we have to modifiy $_GET if we use default values from a user profile
* @param array $visible
* @param integer $offset
* @param integer $comment
* @param bool $perpage
* @access public
* @return array
* @version 1.0
*/
function get_task_list(&$args, $visible, $offset = 0, $perpage = null)
{
global $proj, $db, $user, $conf, $fs;
/* build SQL statement {{{ */
// Original SQL courtesy of Lance Conry http://www.rhinosw.com/
$where = $sql_params = array();
$select = '';
$groupby = 't.task_id, ';
$from = ' {tasks} t
LEFT JOIN {projects} p ON t.project_id = p.project_id
LEFT JOIN {list_items} lr ON t.resolution_reason = lr.list_item_id
LEFT JOIN {redundant} r ON t.task_id = r.task_id ';
// Only join tables which are really necessary to speed up the db-query
$from .= ' LEFT JOIN {assigned} ass ON t.task_id = ass.task_id ';
$from .= ' LEFT JOIN {users} u ON ass.user_id = u.user_id ';
if (array_get($args, 'dev') || in_array('assignedto', $visible)) {
$select .= ' MIN(u.real_name) AS assigned_to_name, ';
$select .= ' COUNT(ass.user_id) AS num_assigned, ';
}
if (array_get($args, 'only_primary')) {
$from .= ' LEFT JOIN {dependencies} dep ON dep.dep_task_id = t.task_id ';
$where[] = 'dep.depend_id IS null';
}
if (array_get($args, 'has_attachment')) {
$where[] = 'attachment_count > 0';
}
// sortable default fields
$order_keys = array('id' => 't.task_id %s', 'project' => 'project_title %s', 'dateopened' => 'date_opened %s', 'summary' => 'item_summary %s', 'progress' => 'percent_complete %s', 'lastedit' => 'last_changed_time %s', 'openedby' => 'r.opened_by_real_name %s', 'closedby' => 'r.closed_by_real_name %s', 'changedby' => 'r.last_changed_by_real_name %s', 'assignedto' => 'u.real_name %s', 'dateclosed' => 't.date_closed %s', 'votes' => 'vote_count %s', 'attachments' => 'attachment_count %s', 'comments' => 'comment_count %s', 'state' => 'closed_by %1$s, is_closed %1$s', 'projectlevelid' => 'prefix_id %s', 'private' => 'mark_private %s');
// custom sortable fields
foreach ($proj->fields as $field) {
if ($field->prefs['list_type'] == LIST_CATEGORY) {
// consider hierarchical structure of categories
$order_keys['field' . $field->id] = 'lcfield' . $field->id . '.lft %1$s, field' . $field->id . ' %1$s';
} else {
$order_keys['field' . $field->id] = 'field' . $field->id . ' %s';
}
}
// Default user sort column and order
if (!$user->isAnon()) {
if (!isset($args['sort'])) {
$args['sort'] = $user->infos['defaultorder'];
}
if (!isset($args['order'])) {
$usercolumns = explode(' ', $user->infos['defaultsortcolumn']);
foreach ($usercolumns as $column) {
if (isset($order_keys[$column])) {
$args['order'] = $column;
break;
}
}
}
}
// make sure that only columns can be sorted that are visible
$order_keys = array_intersect_key($order_keys, array_flip($visible));
$order_column[0] = $order_keys[Filters::enum(array_get($args, 'order', 'id'), array_keys($order_keys))];
$order_column[1] = $order_keys[Filters::enum(array_get($args, 'order2', 'project'), array_keys($order_keys))];
$order_column[0] = sprintf($order_column[0], strtoupper(Filters::enum(array_get($args, 'sort', 'desc'), array('asc', 'desc'))));
$order_column[1] = sprintf($order_column[1], strtoupper(Filters::enum(array_get($args, 'sort2', 'desc'), array('asc', 'desc'))));
$sortorder = sprintf('%s, %s, t.task_id ASC', $order_column[0], $order_column[1]);
// search custom fields
$custom_fields_joined = array();
foreach ($proj->fields as $field) {
$ref = 'field' . $field->id;
if ($field->prefs['field_type'] == FIELD_DATE) {
if (!array_get($args, 'field' . $field->id . 'from') && !array_get($args, 'field' . $field->id . 'to')) {
continue;
}
$from .= " LEFT JOIN {field_values} {$ref} ON t.task_id = {$ref}.task_id AND {$ref}.field_id = {$field->id} ";
$custom_fields_joined[] = $field->id;
if ($date = array_get($args, 'field' . $field->id . 'from')) {
$where[] = "({$ref}.field_value >= ?)";
$sql_params[] = Flyspray::strtotime($date);
}
if ($date = array_get($args, 'field' . $field->id . 'to')) {
$where[] = "({$ref}.field_value <= ? AND {$ref}.field_value > 0)";
$sql_params[] = Flyspray::strtotime($date);
}
} elseif ($field->prefs['field_type'] == FIELD_LIST) {
if (in_array('', (array) array_get($args, 'field' . $field->id, array('')))) {
continue;
}
$from .= " LEFT JOIN {field_values} {$ref} ON t.task_id = {$ref}.task_id AND {$ref}.field_id = {$field->id} ";
$custom_fields_joined[] = $field->id;
$fwhere = array();
foreach ($args['field' . $field->id] as $val) {
$fwhere[] = " {$ref}.field_value = ? ";
$sql_params[] = $val;
}
if (count($fwhere)) {
$where[] = ' (' . implode(' OR ', $fwhere) . ') ';
}
} else {
if (!($val = array_get($args, 'field' . $field->id))) {
continue;
}
$from .= " LEFT JOIN {field_values} {$ref} ON t.task_id = {$ref}.task_id AND {$ref}.field_id = {$field->id} ";
$custom_fields_joined[] = $field->id;
$where[] = "({$ref}.field_value LIKE ?)";
// try to determine a valid user ID if necessary
if ($field->prefs['field_type'] == FIELD_USER) {
$val = Flyspray::UserNameOrId($val);
}
$sql_params[] = $val;
}
}
// now join custom fields used in columns
foreach ($proj->columns as $col => $name) {
if (preg_match('/^field(\\d+)$/', $col, $match) && (in_array($col, $visible) || $match[1] == $fs->prefs['color_field'])) {
if (!in_array($match[1], $custom_fields_joined)) {
$from .= " LEFT JOIN {field_values} {$col} ON t.task_id = {$col}.task_id AND {$col}.field_id = " . intval($match[1]);
}
$from .= " LEFT JOIN {fields} f{$col} ON f{$col}.field_id = {$col}.field_id ";
// join special tables for certain fields
if ($proj->fields['field' . $match[1]]->prefs['field_type'] == FIELD_LIST) {
$from .= "LEFT JOIN {list_items} li{$col} ON (f{$col}.list_id = li{$col}.list_id AND {$col}.field_value = li{$col}.list_item_id)\n LEFT JOIN {list_category} lc{$col} ON (f{$col}.list_id = lc{$col}.list_id AND {$col}.field_value = lc{$col}.category_id) ";
if ($proj->fields['field' . $match[1]]->prefs['list_type'] != LIST_CATEGORY) {
$select .= " li{$col}.item_name AS {$col}_name, ";
} else {
$select .= " lc{$col}.category_name AS {$col}_name, ";
}
} else {
if ($proj->fields['field' . $match[1]]->prefs['field_type'] == FIELD_USER) {
$from .= " LEFT JOIN {users} u{$col} ON {$col}.field_value = u{$col}.user_id ";
$select .= " u{$col}.user_name AS {$col}_name, ";
}
}
$select .= "{$col}.field_value AS {$col}, ";
// adding data to queries not nice, but otherwise sql_params and joins are not in sync
}
}
// open / closed (never thought that I'd use XOR some time)
if (in_array('open', array_get($args, 'status', array('open'))) xor in_array('closed', array_get($args, 'status', array()))) {
$where[] = ' is_closed = ? ';
$sql_params[] = (int) in_array('closed', array_get($args, 'status', array()));
}
/// process search-conditions {{{
$submits = array('percent' => 'percent_complete', 'dev' => array('a.user_id', 'us.user_name'), 'opened' => array('opened_by', 'r.opened_by_user_name'), 'closed' => array('closed_by', 'r.closed_by_user_name'));
// add custom user fields
foreach ($submits as $key => $db_key) {
$type = array_get($args, $key, '');
settype($type, 'array');
if (in_array('', $type)) {
continue;
}
if ($key == 'dev') {
$from .= 'LEFT JOIN {assigned} a ON t.task_id = a.task_id ';
$from .= 'LEFT JOIN {users} us ON a.user_id = us.user_id ';
}
$temp = '';
$condition = '';
foreach ($type as $val) {
if (is_numeric($val) && !is_array($db_key)) {
$temp .= ' ' . $db_key . ' = ? OR';
$sql_params[] = $val;
} elseif (is_array($db_key)) {
if ($key == 'dev' && ($val == 'notassigned' || $val == '0' || $val == '-1')) {
$temp .= ' a.user_id IS NULL OR';
} else {
if (is_numeric($val)) {
$condition = ' = ? OR';
} else {
$val = '%' . $val . '%';
$condition = ' LIKE ? OR';
}
foreach ($db_key as $value) {
$temp .= ' ' . $value . $condition;
$sql_params[] = $val;
}
}
}
}
if ($temp) {
$where[] = '(' . substr($temp, 0, -3) . ')';
}
}
/// }}}
$having = array();
$dates = array('due_date', 'changed' => 'r.last_changed_time', 'opened' => 'date_opened', 'closed' => 'date_closed');
foreach ($dates as $post => $db_key) {
$var = $post == 'changed' ? 'having' : 'where';
if ($date = array_get($args, $post . 'from')) {
${$var}[] = '(' . $db_key . ' >= ' . Flyspray::strtotime($date) . ')';
}
if ($date = array_get($args, $post . 'to')) {
${$var}[] = '(' . $db_key . ' <= ' . Flyspray::strtotime($date) . ' AND ' . $db_key . ' > 0)';
}
}
if (array_get($args, 'string')) {
$words = explode(' ', strtr(array_get($args, 'string'), '()', ' '));
$comments = '';
$where_temp = array();
if (array_get($args, 'search_in_comments')) {
$from .= 'LEFT JOIN {comments} c ON t.task_id = c.task_id ';
$comments .= ' OR c.comment_text LIKE ? ';
}
if (array_get($args, 'search_in_details')) {
$comments .= 'OR t.detailed_desc LIKE ? ';
}
foreach ($words as $word) {
$word = '%' . str_replace('+', ' ', trim($word)) . '%';
$where_temp[] = "(t.item_summary LIKE ? OR t.task_id LIKE ? {$comments})";
array_push($sql_params, $word, $word);
if (array_get($args, 'search_in_comments')) {
array_push($sql_params, $word);
}
if (array_get($args, 'search_in_details')) {
array_push($sql_params, $word);
}
}
$where[] = '(' . implode(array_get($args, 'search_for_all') ? ' AND ' : ' OR ', $where_temp) . ')';
}
if (array_get($args, 'only_watched')) {
//join the notification table to get watched tasks
$from .= ' LEFT JOIN {notifications} fsn ON t.task_id = fsn.task_id';
$where[] = 'fsn.user_id = ?';
$sql_params[] = $user->id;
}
if ($proj->id) {
$where[] = 't.project_id = ?';
$sql_params[] = $proj->id;
} else {
$tmpwhere = array();
foreach (array_get($args, 'search_project', array()) as $id) {
if ($id) {
$tmpwhere[] = 't.project_id = ?';
$sql_params[] = $id;
}
}
if (count($tmpwhere)) {
$where[] = '(' . implode(' OR ', $tmpwhere) . ')';
}
}
$where = count($where) ? 'WHERE ' . join(' AND ', $where) : '';
// Get the column names of table tasks for the group by statement
if (!strcasecmp($conf['database']['dbtype'], 'pgsql')) {
$order_column[0] = substr($order_column[0], 0, -4);
$order_column[1] = substr($order_column[1], 0, -4);
$groupby .= "p.project_title, p.project_prefix, {$order_column[0]},{$order_column[1]}, lr.item_name, ";
$groupby .= GetColumnNames('{tasks}', 't.task_id', 't');
} else {
$groupby = 't.task_id';
}
$having = count($having) ? 'HAVING ' . join(' AND ', $having) : '';
$tasks = $db->x->getAll("\n SELECT t.*, r.*, {$select}\n p.project_title, p.project_prefix,\n lr.item_name AS resolution_name\n FROM {$from}\n {$where}\n GROUP BY {$groupby}\n {$having}\n ORDER BY {$sortorder}", null, $sql_params);
$id_list = array();
$limit = array_get($args, 'limit', -1);
$task_count = 0;
foreach ($tasks as $key => $task) {
$id_list[] = $task['task_id'];
if (!$user->can_view_task($task)) {
unset($tasks[$key]);
array_pop($id_list);
--$task_count;
} elseif ($perpage && ($task_count < $offset || $task_count > $offset - 1 + $perpage || $limit > 0 && $task_count >= $limit)) {
unset($tasks[$key]);
}
++$task_count;
}
return array($tasks, $id_list);
}
/**
* Filter and return $_GET.
* @return object
*/
private function getQueryParameters()
{
return Filters::filterKeyValuePairs($_GET);
}
function pagenums($pagenum, $perpage, $totalcount)
{
global $proj;
$pagenum = intval($pagenum);
$perpage = intval($perpage);
$totalcount = intval($totalcount);
// Just in case $perpage is something weird, like 0, fix it here:
if ($perpage < 1) {
$perpage = $totalcount > 0 ? $totalcount : 1;
}
$pages = ceil($totalcount / $perpage);
$output = sprintf(eL('page'), $pagenum, $pages);
if ($totalcount / $perpage > 1) {
$params = $_GET;
# unset unneeded params for shorter urls
unset($params['do']);
unset($params['project']);
unset($params['switch']);
$output .= '<span class="pagenums DoNotPrint">';
$start = max(1, $pagenum - 4 + min(2, $pages - $pagenum));
$finish = min($start + 4, $pages);
if ($start > 1) {
$url = Filters::noXSS(CreateURL('tasklist', $proj->id, null, array_merge($params, array('pagenum' => 1))));
$output .= sprintf('<a href="%s"><<%s </a>', $url, eL('first'));
}
if ($pagenum > 1) {
$url = Filters::noXSS(CreateURL('tasklist', $proj->id, null, array_merge($params, array('pagenum' => $pagenum - 1))));
$output .= sprintf('<a id="previous" accesskey="p" href="%s">< %s</a> - ', $url, eL('previous'));
}
for ($pagelink = $start; $pagelink <= $finish; $pagelink++) {
if ($pagelink != $start) {
$output .= ' - ';
}
if ($pagelink == $pagenum) {
$output .= sprintf('<strong>%d</strong>', $pagelink);
} else {
$url = Filters::noXSS(CreateURL('tasklist', $proj->id, null, array_merge($params, array('pagenum' => $pagelink))));
$output .= sprintf('<a href="%s">%d</a>', $url, $pagelink);
}
}
if ($pagenum < $pages) {
$url = Filters::noXSS(CreateURL('tasklist', $proj->id, null, array_merge($params, array('pagenum' => $pagenum + 1))));
$output .= sprintf(' - <a id="next" accesskey="n" href="%s">%s ></a>', $url, eL('next'));
}
if ($finish < $pages) {
$url = Filters::noXSS(CreateURL('tasklist', $proj->id, null, array_merge($params, array('pagenum' => $pages))));
$output .= sprintf('<a href="%s"> %s >></a>', $url, eL('last'));
}
$output .= '</span>';
}
return $output;
}
function tpl_draw_cell($task, $colname, $format = "<td class='%s %s'>%s</td>")
{
global $fs, $proj, $page;
$indexes = array('id' => 'task_id', 'project' => 'project_title', 'summary' => 'item_summary', 'dateopened' => 'date_opened', 'openedby' => 'opened_by_real_name', 'closedby' => 'closed_by_real_name', 'changedby' => 'last_changed_by_real_name', 'assignedto' => 'assigned_to_name', 'lastedit' => 'last_changed_time', 'comments' => 'comment_count', 'votes' => 'vote_count', 'attachments' => 'attachment_count', 'dateclosed' => 'date_closed', 'projectlevelid' => 'prefix_id', 'progress' => '', 'state' => '', 'private' => 'mark_private');
//must be an array , must contain elements and be alphanumeric (permitted "_")
if (!is_array($task) || empty($task) || preg_match('![^A-Za-z0-9_]!', $colname)) {
//run away..
return '';
}
switch ($colname) {
case 'id':
$value = tpl_tasklink($task, $task['task_id']);
break;
case 'projectlevelid':
$value = tpl_tasklink($task, $task['project_prefix'] . '#' . $task['prefix_id']);
break;
case 'summary':
$value = tpl_tasklink($task, utf8_substr($task['item_summary'], 0, 55), false, array(), array('state', 'age', 'percent_complete'));
if (utf8_strlen($task['item_summary']) > 55) {
$value .= '...';
}
break;
case 'lastedit':
case 'dateopened':
case 'dateclosed':
$value = formatDate($task[$indexes[$colname]]);
break;
case 'progress':
$value = '<div class="taskpercent"><div style="width:' . $task['percent_complete'] . '%"> </div></div>';
break;
case 'assignedto':
$value = Filters::noXSS($task[$indexes[$colname]]);
if ($task['num_assigned'] > 1) {
$value .= ', +' . ($task['num_assigned'] - 1);
}
break;
case 'state':
if ($task['is_closed']) {
$value = L('closed');
} elseif ($task['closed_by']) {
$value = L('reopened');
} else {
$value = L('open');
}
break;
case 'private':
$value = $task[$indexes[$colname]] ? L('yes') : L('no');
break;
default:
if (isset($indexes[$colname])) {
$value = $task[$indexes[$colname]];
} elseif (isset($task[$colname . '_name'])) {
$value = $task[$colname . '_name'];
} else {
if (isset($proj->fields[$colname])) {
$value = $proj->fields[$colname]->view($task, array(), true);
} else {
$value = $task[$colname];
}
}
$value = Filters::noXSS($value);
break;
}
$wsvalue = str_replace(' ', '', $value);
return sprintf($format, 'task_' . $colname, Filters::isAlnum($wsvalue) ? $colname . '_' . $wsvalue : '', $value);
}
/**
* Get data para insercao
*/
public function getData()
{
// Deletando fields vazios
if (count($this->remove_empty)) {
foreach ($this->remove_empty as $field) {
if (array_key_exists($field, $this->data) && $this->data[$field] == '') {
$key = array_search($field, $this->fields);
unset($this->fields[$key]);
}
}
}
// Aplicando formatação aos valores
$values = array();
foreach ($this->fields as $field) {
if (array_key_exists($field, $this->data)) {
$treated_value = Filters::anti_sql_injection($this->data[$field]);
$treated_value = $this->strip_tags ? Filters::strip_tags($treated_value) : $treated_value;
if (array_key_exists($field, $this->_filters)) {
$filter = $this->_filters[$field];
$all_filters = get_class_methods('Filters');
if (function_exists($filter)) {
$treated_value = $filter($treated_value);
} else {
if (in_array($filter, get_class_methods($this))) {
$treated_value = $this->{$filter}($treated_value);
} else {
if (in_array($filter, $all_filters)) {
$treated_value = Filters::$filter($treated_value);
}
}
}
}
$values[$field] = '"' . $treated_value . '"';
} else {
$values[$field] = '""';
}
}
return $values;
}
$return .= '<div class="' . $class_box . '">';
$return .= '<span class="head_msg">';
$return .= '<span class="time_msg">' . date('H:i:s', strtotime($line['timestamp'])) . '</span> ';
$return .= '<span class="user_name" rel="' . $id_user . '">' . $user_name . '</span> ';
$return .= '</span> ';
$return .= '<span class="message_user_' . $line['type'] . '">' . $message . '</span>';
$return .= '</div>';
} else {
// Whose behalf he is receiving
$name_to = Locale::setContent('All users');
$users = new UsersModel();
$users->setCond('active = 1');
$users->setCond('id = ' . $line['to_user']);
$user = $users->load_all();
if (isset($user[0]) && count($user[0])) {
$name_to = Filters::convert(htmlentities($user[0]['user']));
}
$class_box .= $line['reserved'] ? ' box_msg_reserved inline_green' : '';
$class_box .= $line['to_user'] == $_SESSION['chat_login']['id_user'] ? ' to_you_message' : '';
$class_box .= $line['id_user'] == $_SESSION['chat_login']['id_user'] ? ' for_you_message' : '';
if (MESSAGE_TYPE == 'inline') {
$class_box .= ' box_msg_inline';
}
$return .= '<div class="' . $class_box . '">';
$return .= '<span class="head_msg">';
$return .= '<span class="time_msg">' . date('H:i:s', strtotime($line['timestamp'])) . '</span> ';
$return .= '<span class="user_name" rel="' . $id_user . '">' . $user_name . '</span> ';
$return .= ($line['reserved'] ? '<b>(' . Locale::setContent('reservedly') . ')</b> ' : '') . ' ' . Locale::setContent('tells') . ' ';
$return .= '<span class="name_to" rel="' . $to_user . '">' . $name_to . '</span>: ';
$return .= '<span class="remove_message">' . Locale::setContent('Hide message') . '</span> ';
$return .= '</span>';
/**
* Collects a set of filters to iterate. Creates a filter chain for the given class/method,
* executes it, and returns the value.
*
* @param mixed $class The class for which this filter chain is being created. If this is the
* result of a static method call, `$class` should be a string. Otherwise, it should
* be the instance of the object making the call.
* @param array $params An associative array of the given method's parameters.
* @param array $options The configuration options with which to create the filter chain.
* Mainly, these options allow the `Filters` object to be queried for details such as
* which class / method initiated it. Available keys:
* - `'class'`: The name of the class that initiated the filter chain.
* - `'method'`: The name of the method that initiated the filter chain.
* - `'data'` _array_: An array of callable objects (usually closures) to be iterated
* through. By default, execution will be nested such that the first item will be
* executed first, and will be the last to return.
* @return Returns the value returned by the first closure in `$options['data`]`.
*/
public static function run($class, $params, array $options = array())
{
$defaults = array('class' => null, 'method' => null, 'data' => array());
$options += $defaults;
$lazyFilterCheck = is_string($class) && $options['method'];
if ($lazyFilterCheck && isset(static::$_lazyFilters[$class][$options['method']])) {
$filters = static::$_lazyFilters[$class][$options['method']];
unset(static::$_lazyFilters[$class][$options['method']]);
$options['data'] = array_merge($filters, $options['data']);
foreach ($filters as $filter) {
$class::applyFilter($options['method'], $filter);
}
}
$chain = new Filters($options);
$next = $chain->rewind();
return $next($class, $params, $chain);
}
/**
* Query
*
* @param mixed $sql
* @param mixed $inputarr
* @param mixed $numrows
* @param mixed $offset
* @access public
* @return void
*/
public function Query($sql, $inputarr = false, $numrows = -1, $offset = -1)
{
// auto add $dbprefix where we have {table}
$sql = $this->_add_prefix($sql);
// remove conversions for MySQL
if (strcasecmp($this->dbtype, 'pgsql') != 0) {
$sql = str_replace('::int', '', $sql);
$sql = str_replace('::text', '', $sql);
}
$ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
if ($numrows >= 0 or $offset >= 0) {
/* adodb drivers are inconsisent with the casting of $numrows and $offset so WE
* cast to integer here anyway */
$result = $this->dblink->SelectLimit($sql, (int) $numrows, (int) $offset, $inputarr);
} else {
$result = $this->dblink->Execute($sql, $inputarr);
}
if (!$result) {
if (function_exists("debug_backtrace") && defined('DEBUG_SQL')) {
echo "<pre style='text-align: left;'>";
var_dump(debug_backtrace());
echo "</pre>";
}
$query_params = '';
if (is_array($inputarr) && count($inputarr)) {
$query_params = implode(',', array_map(array('Filters', 'noXSS'), $inputarr));
}
die(sprintf("Query {%s} with params {%s} Failed! (%s)", Filters::noXSS($sql), $query_params, Filters::noXSS($this->dblink->ErrorMsg())));
}
return $result;
}
$send = true;
} else {
$to_user = 0;
$send = true;
}
}
// Send message
if (isset($send) && (!isset($_SESSION['chat_login']['last_send']) || isset($_SESSION['chat_login']['last_send']) && time() >= $_SESSION['chat_login']['last_send'])) {
// Last message sent
$_SESSION['chat_login']['last_send'] = $_SERVER['REQUEST_TIME'];
// Delete old messages
$messages = new MessagesModel();
$messages->setCond('timestamp < "' . date('Y-m-d H:i:s', strtotime('-' . TIME_MESSAGE_OLD . ' minutes')) . '"');
$messages->delete();
// Data
$data = new StdClass();
$data->user = Filters::convert($_SESSION['chat_login']['user']);
$data->id_user = $_SESSION['chat_login']['id_user'];
$data->message = Filters::convert($message);
$data->to_user = $to_user;
$data->id_room = $_SESSION['chat_login']['id_room'];
$data->reserved = $reserved;
$data->timestamp = date('Y-m-d H:i:s');
$fields = array_keys((array) $data);
// Insert message
$messages = new MessagesModel();
$messages->setFields($fields);
$messages->setData($data);
$messages->insert();
}
}
