function action_updateproject()
{
global $proj, $db, $baseurl;
if (Post::val('delete_project')) {
$url = Post::val('move_to') ? CreateURL(array('pm', 'proj' . Post::num('move_to'), 'prefs')) : $baseurl;
if (Backend::delete_project($proj->id, Post::val('move_to'))) {
return array(SUBMIT_OK, L('projectdeleted'), $url);
} else {
return array(ERROR_INPUT, L('projectnotdeleted'), $url);
}
}
if (!Post::val('project_title')) {
return array(ERROR_RECOVER, L('emptytitle'));
}
$cols = array('project_title', 'theme_style', 'lang_code', 'default_task', 'default_entry', 'intro_message', 'notify_email', 'notify_jabber', 'notify_subject', 'notify_reply', 'feed_description', 'feed_img_url', 'svn_user', 'svn_url', 'svn_password', 'mail_headers');
$args = array_map('Post_to0', $cols);
foreach (array('others_view', 'anon_open', 'send_digest', 'anon_view_tasks', 'anon_group', 'comment_closed', 'auto_assign', 'roadmap_field', 'override_user_lang') as $name) {
$cols[] = $name;
$args[] = Post::num($name);
}
foreach (array('notify_types', 'changelog_reso', 'syntax_plugins') as $name) {
$cols[] = $name;
$args[] = implode(' ', (array) Post::val($name));
}
// invalidate the cache if necessary
if (implode(' ', (array) Post::val('syntax_plugins')) != $proj->prefs['syntax_plugins']) {
$db->execParam('DELETE FROM {cache} WHERE project_id = ?', $proj->id);
}
// carefully check the project prefix...
$prefix = Post::val('project_prefix');
// already in use?
$use = $db->x->GetOne('SELECT project_id FROM {projects} WHERE project_prefix = ? AND project_id != ?', null, array($prefix, $proj->id));
if (Filters::isAlnum($prefix) && $prefix != 'FS' && !$use) {
$cols[] = 'project_prefix';
$args[] = $prefix;
} else {
return array(ERROR_RECOVER, L('badprefix'));
}
$cols[] = 'last_updated';
$args[] = time();
$cols[] = 'default_cat_owner';
$args[] = Flyspray::UserNameToId(Post::val('default_cat_owner'));
$db->x->autoExecute('{projects}', array_combine($cols, $args), MDB2_AUTOQUERY_UPDATE, sprintf('project_id = %d', $proj->id));
$db->x->execParam('UPDATE {projects} SET visible_columns = ? WHERE project_id = ?', array(trim(Post::val('visible_columns')), $proj->id));
return array(SUBMIT_OK, L('projectupdated'));
}
// ##################
// adding a version list item
// ##################
// ##################
// adding a version list item
// ##################
case 'pm.add_to_version_list':
case 'admin.add_to_version_list':
if (!$user->perms('manage_project') || !isset($list_table_name)) {
break;
}
if (!Post::val('list_name')) {
Flyspray::show_error(L('fillallfields'));
break;
}
$position = Post::num('list_position');
if (!$position) {
$position = $db->FetchOne($db->Query("SELECT max(list_position)+1\n FROM {$list_table_name}\n WHERE project_id = ?", array($proj->id)));
}
$check = $db->Query("SELECT COUNT(*)\n FROM {$list_table_name}\n WHERE (project_id = 0 OR project_id = ?)\n AND {$list_column_name} = ?", array($proj->id, Post::val('list_name')));
$itemexists = $db->FetchOne($check);
if ($itemexists) {
Flyspray::show_error(sprintf(L('itemexists'), Post::val('list_name')));
return;
}
$db->Query("INSERT INTO {$list_table_name}\n (project_id, {$list_column_name}, list_position, show_in_list, version_tense)\n VALUES (?, ?, ?, ?, ?)", array($proj->id, Post::val('list_name'), intval($position), '1', Post::val('version_tense')));
$_SESSION['SUCCESS'] = L('listitemadded');
break;
// ##################
// updating the category list
// ##################
box-shadow: 0 1px 1px #ddd;
color: #565656;
cursor: pointer;
display: inline-block;
font-family: sans-serif;
font-size: 100%;
font-weight: bold;
line-height: 130%;
padding: 8px 13px 8px 10px;
text-decoration: none;
">Remove the folder ' . DIRECTORY_SEPARATOR . 'setup</a> before you start using Flyspray</p>
');
}
# load the correct $proj early also for checks on quickedit.php taskediting calls
if (BASEDIR . DIRECTORY_SEPARATOR . 'js' . DIRECTORY_SEPARATOR . 'callbacks' . DIRECTORY_SEPARATOR . 'quickedit.php' == $_SERVER['SCRIPT_FILENAME'] && Post::num('task_id')) {
$result = $db->Query('SELECT project_id FROM {tasks} WHERE task_id = ?', array(Post::num('task_id')));
$project_id = $db->FetchOne($result);
} elseif (in_array(Req::val('do'), array('details', 'depends', 'editcomment'))) {
if (Req::num('task_id')) {
$result = $db->Query('SELECT project_id FROM {tasks} WHERE task_id = ?', array(Req::num('task_id')));
$project_id = $db->FetchOne($result);
}
}
if (Req::val('do') == 'pm' && Req::val('area') == 'editgroup') {
if (Req::num('id')) {
$result = $db->Query('SELECT project_id FROM {groups} WHERE group_id = ?', array(Req::num('id')));
$project_id = $db->FetchOne($result);
}
}
if (!isset($project_id)) {
$project_id = $fs->prefs['default_project'];
function action_sendcode()
{
global $user, $db, $fs, $conf, $baseurl;
if (!Post::val('user_name') || !Post::val('real_name') || !Post::val('email_address')) {
// If the form wasn't filled out correctly, show an error
return array(ERROR_RECOVER, L('registererror'));
}
$email = Post::val('email_address');
$jabber_id = Post::val('jabber_id');
//email is mandatory
if (!$email || !Flyspray::check_email($email)) {
return array(ERROR_RECOVER, L('novalidemail'));
}
//jabber_id is optional
if ($jabber_id && !Jabber::check_jid($jabber_id)) {
return array(ERROR_RECOVER, L('novalidjabber'));
}
$user_name = Backend::clean_username(Post::val('user_name'));
// Limit lengths
$real_name = substr(trim(Post::val('real_name')), 0, 100);
// Remove doubled up spaces and control chars
$real_name = preg_replace('![\\x00-\\x1f\\s]+!u', ' ', $real_name);
if (!$user_name || !$real_name) {
return array(ERROR_RECOVER, L('entervalidusername'));
}
// Delete registration codes older than 24 hours
$yesterday = time() - 86400;
$db->x->execParam('DELETE FROM {registrations} WHERE reg_time < ?', $yesterday);
$taken = $db->x->getRow('SELECT u.user_id FROM {users} u, {registrations} r
WHERE u.user_name = ? OR r.user_name = ?', null, array($user_name, $user_name));
if ($taken) {
return array(ERROR_RECOVER, L('usernametaken'));
}
$taken = $db->x->getRow("SELECT user_id\n FROM {users}\n WHERE jabber_id = ? AND jabber_id != NULL\n OR email_address = ? AND email_address != NULL", null, array($jabber_id, $email));
if ($taken) {
return array(ERROR_RECOVER, L('emailtaken'));
}
if ($fs->prefs['use_recaptcha']) {
$solution = new reCAPTCHA_Solution();
$solution->privatekey = $fs->prefs['recaptcha_priv_key'];
$solution->challenge = Post::val('recaptcha_challenge_field');
$solution->response = Post::val('recaptcha_response_field');
$solution->remoteip = $_SERVER['REMOTE_ADDR'];
if (!$solution->isValid()) {
return array(ERROR_RECOVER, $solution->error_code);
}
}
$magic_url = substr(md5(uniqid(rand(), true)), 0, 20);
//send the email first.
if (Notifications::send(Post::val('email_address'), ADDRESS_EMAIL, NOTIFY_CONFIRMATION, array($baseurl, $magic_url, $user_name))) {
//email sent succefully, now update the database.
$reg_values = array('reg_time' => time(), 'user_name' => $user_name, 'real_name' => $real_name, 'email_address' => Post::val('email_address'), 'jabber_id' => Post::val('jabber_id'), 'notify_type' => Post::num('notify_type'), 'magic_url' => $magic_url, 'time_zone' => Post::num('time_zone'));
// Insert everything into the database
$query = $db->x->autoExecute('{registrations}', $reg_values);
if (!PEAR::isError($query)) {
return array(SUBMIT_OK, L('codesent'), $baseurl);
}
} else {
return array(ERROR_INPUT, L('codenotsent'));
}
}
function action_add_to_list()
{
global $fs, $db, $proj, $user;
if (!Post::val('item_name')) {
return array(ERROR_RECOVER, L('fillallfields'));
}
$position = Post::num('list_position');
if (!$position) {
$position = intval($db->x->GetOne('SELECT max(list_position)+1
FROM {list_items}
WHERE list_id = ?', null, Post::val('list_id')));
}
$cols = array('item_name', 'list_id');
if (Post::val('version_tense')) {
$cols[] = 'version_tense';
}
$params = array();
$params[] = $position;
$params = array_merge($params, array_map('Post_to0', $cols));
$params[] = 1;
array_unshift($cols, 'list_position');
array_push($cols, 'show_in_list');
$db->x->autoExecute('{list_items}', array_combine($cols, $params));
return array(SUBMIT_OK, L('listitemadded'));
}
<?php
/*
This script is the AJAX callback that deletes a user's saved search
*/
define('IN_FS', true);
require_once '../../header.php';
if (Cookie::has('flyspray_userid') && Cookie::has('flyspray_passhash')) {
$user = new User(Cookie::val('flyspray_userid'));
$user->check_account_ok();
if (!Post::has('csrftoken')) {
header(':', true, 428);
# 'Precondition Required'
die('missingtoken');
} elseif (Post::val('csrftoken') == $_SESSION['csrftoken']) {
# empty
} else {
header(':', true, 412);
# 'Precondition Failed'
die('wrongtoken');
}
if (!$user->isAnon()) {
$db->Query('DELETE FROM {searches} WHERE id = ? AND user_id = ?', array(Post::num('id'), $user->id));
echo $db->AffectedRows();
}
}
function action_updatenote()
{
global $db, $user;
if (!Post::val('message_subject')) {
return array(ERROR_RECOVER, L('enternotesubject'));
}
$num = $db->x->autoExecute('{notes}', array('message_subject' => Post::val('message_subject'), 'message_body' => Post::val('message_body'), 'last_updated' => time(), 'syntax_plugins' => implode(' ', (array) Post::val('message_body_syntax_plugins'))), MDB2_AUTOQUERY_UPDATE, sprintf('note_id = %d AND user_id = %d', Post::num('note_id'), $user->id));
if ($num) {
return array(SUBMIT_OK, L('noteupdated'), CreateUrl(array('myprofile', 'notes'), array('note_id' => Post::val('note_id'))));
} else {
return array(ERROR_INPUT, L('notedoesnotexist'));
}
}
function action_close($task)
{
global $user, $db, $fs, $proj;
if (!$user->can_close_task($task)) {
return array(ERROR_PERMS);
}
if ($task['is_closed']) {
return array(ERROR_INPUT, L('taskalreadyclosed'));
}
if (!Post::val('resolution_reason')) {
return array(ERROR_RECOVER, L('noclosereason'));
}
if (Post::num('close_after_num') && Post::num('close_after_type')) {
// prepare auto close
$db->x->execParam('UPDATE {tasks}
SET closed_by = ?, closure_comment = ?,
resolution_reason = ?, last_edited_time = ?,
last_edited_by = ?, close_after = ?, percent_complete = ?
WHERE task_id = ?', array($user->id, Post::val('closure_comment', ''), Post::val('resolution_reason'), time(), $user->id, Post::num('close_after_num') * Post::num('close_after_type'), (bool) Post::num('mark100') * 100, $task['task_id']));
return array(SUBMIT_OK, L('taskautoclosedmsg'));
}
Backend::close_task($task['task_id'], Post::val('resolution_reason'), Post::val('closure_comment', ''), Post::val('mark100', false));
return array(SUBMIT_OK, L('taskclosedmsg'));
}
}
// Import previous values
$args = $task;
if (is_array($args['assigned_to'])) {
$args['assigned_to'] = implode(';', $task['assigned_to_uname']);
}
$fieldname = Post::val('field');
switch ($fieldname) {
case 'summary':
$args['item_summary'] = Post::val('value');
break;
case 'project':
$args['project_id'] = Post::num('value');
break;
case 'progress':
$args['percent_complete'] = Post::num('value');
break;
case 'assigned_to':
$args['assigned_to'] = Post::val('value');
$fieldname = 'assignedto';
break;
default:
// now all the custom fields
$field = new Field(substr($fieldname, 5));
if ($field->id) {
$args[$fieldname] = Post::val('value');
}
}
// Let our backend function do the rest
Backend::edit_task($task, $args);
// let's get the updated value
<?php
define('IN_FS', true);
require_once '../../header.php';
// Require inputs
if (!Post::has('detail') || !Post::has('summary') || !Post::has('project_id')) {
return;
}
// Load user profile
if (Cookie::has('flyspray_userid') && Cookie::has('flyspray_passhash')) {
$user = new User(Cookie::val('flyspray_userid'));
$user->check_account_ok();
} else {
$user = new User(0, $proj);
}
// Require right to open a task on current project
if (!$user->can_open_task($proj)) {
return;
}
// Prepare SQL params
$params = array('project_id' => Post::num('project_id'), 'summary' => "%" . trim(Post::val('summary')) . "%", 'details' => "%" . trim(Post::val('detail')) . "%");
$sql = $db->Query('SELECT count(*)
FROM {tasks} t
WHERE t.project_id = ?
AND t.item_summary like ?
AND t.detailed_desc like ?', $params);
$sametask = $db->fetchOne($sql);
echo $sametask;
