public function give() { try { if (!Session::uid()) { throw new Exception('Not enough rights'); } if (!isset($_POST['budget_seed']) || !isset($_POST['source_txt']) && !isset($_POST['source_id']) || !isset($_POST['budget_note'])) { throw new Exception('Invalid parameters'); } $budget_seed = (int) $_POST['budget_seed']; $source_txt = mysql_real_escape_string($_POST['source_txt']); $source_id = (int) $_POST['source_id']; $budget_note = mysql_real_escape_string($_POST['budget_note']); if ($budget_seed == 1) { $source_id = 0; $source = $source_txt; if (empty($source)) { throw new Exception('Source field is mandatory'); } } else { $source = "Amount from budget id: " . $source_id; if ($source_id == 0) { throw new Exception('Source field is mandatory'); } } $receiver_id = intval($_POST['receiver_id']); $amount = isset($_POST['amount']) ? floatval($_POST['amount']) : 0; $reason = mysql_real_escape_string($_POST['reason']); if (empty($receiver_id)) { throw new Exception('Receiver field is mandatory'); } if (empty($amount)) { throw new Exception('Amount field is mandatory'); } if (empty($reason)) { throw new Exception('For field is mandatory'); } $giver = new User(); $receiver = new User(); if (!$giver->findUserById(Session::uid()) || !$receiver->findUserById($receiver_id)) { throw new Exception('Invalid user'); } $stringAmount = number_format($amount, 2); $budget = new Budget(); if (!$budget_seed) { if (!$budget->loadById($source_id)) { throw new Exception('Invalid budget!'); } // Check if user is owner of source budget if ($budget->receiver_id != Session::uid()) { error_log('Possible Hacking attempt: User ' . Session::uid() . ' attempted to budget ' . $amount . ' to ' . $receiver_id . ' from budget ' . $budget->id); throw new Exception('You\'re not the owner of this budget!'); } $remainingFunds = $budget->getRemainingFunds(); } if ($budget_seed != 1 && $amount > $budget->getRemainingFunds()) { throw new Exception('Not enough budget available (total: $' . $giver->getBudget() . " from budget #" . $budget->id . ")"); } $receiver->setBudget($receiver->getBudget() + $amount)->save(); $query = "\n INSERT INTO `" . BUDGETS . "` (\n `giver_id`,\n `receiver_id`,\n `amount`,\n `remaining`,\n `reason`,\n `transfer_date`,\n `seed`,\n `source_data`,\n `notes`,\n `active`\n ) VALUES (\n '" . $_SESSION['userid'] . "',\n '{$receiver_id}',\n '{$amount}',\n '{$amount}',\n '{$reason}',\n NOW(),\n '{$budget_seed}',\n '{$source}',\n '{$budget_note}',\n 1\n )"; if (!mysql_unbuffered_query($query)) { throw new Exception('Error in query.'); } $id = mysql_insert_id(); $query = "\n INSERT INTO `" . BUDGET_SOURCE . "` (\n `giver_id`,\n `budget_id`,\n `source_budget_id`,\n `amount_granted`,\n `original_amount`,\n `transfer_date`,\n `source_data`\n ) VALUES (\n '" . $_SESSION['userid'] . "',\n '{$id}',\n '{$source_id}',\n '{$amount}',\n '0',\n NOW(),\n '{$source}'\n )"; if (!mysql_unbuffered_query($query)) { throw new Exception('Error in query.'); } if (!$budget_seed) { $giver->updateBudget(-$amount, $source_id); $reason = $budget->reason; } $query2 = "\n UPDATE `" . USERS . "`\n SET `is_runner` = 1\n WHERE `id` = {$receiver_id}\n AND `is_runner` = 0 "; if (!mysql_unbuffered_query($query2)) { throw new Exception('Error in query.'); } Utils::systemNotification('@' . $giver->getNickname() . ' budgeted @' . $receiver->getNickname() . " \$" . number_format($amount, 2) . " for " . $reason . "."); Notification::notifyBudget($amount, $reason, $giver, $receiver); if ($budget_seed == 1) { Notification::notifySeedBudget($amount, $reason, $source, $giver, $receiver); } $receiver = User::find($receiver_id); return $this->setOutput(array('success' => true, 'message' => 'You gave ' . '$' . $stringAmount . ' budget to ' . $receiver->getNickname())); } catch (Exception $e) { return $this->setOutput(array('success' => false, 'message' => $e->getMessage())); } }
public function info($id) { $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : false; $this->write('tab', isset($_REQUEST['tab']) ? $_REQUEST['tab'] : ""); $reqUserId = Session::uid(); $this->write('reqUserId', $reqUserId); $reqUser = new User(); if ($reqUserId > 0) { $reqUser->findUserById($reqUserId); $budget = $reqUser->getBudget(); } $this->write('reqUser', $reqUser); $is_runner = isset($_SESSION['is_runner']) ? $_SESSION['is_runner'] : 0; $is_payer = isset($_SESSION['is_payer']) ? $_SESSION['is_payer'] : 0; // admin posting data if (!empty($_POST) && ($is_runner || $is_payer) && !$action) { $user_id = (int) $_POST['user_id']; if (!empty($_POST['save-salary'])) { $field = 'salary'; $value = mysql_real_escape_string($_POST['value']); } else { $field = $_POST['field']; $value = (int) $_POST['value']; } $updateUser = new User(); if ($updateUser->findUserById($user_id)) { switch ($field) { case 'salary': $updateUser->setAnnual_salary($value); Utils::systemNotification("A new salary has been set for @" . $updateUser->getNickname()); break; case 'ispayer': $updateUser->setIs_payer($value); break; case 'isrunner': $updateUser->setIs_runner($value); break; case 'isinternal': $updateUser->setIs_internal($value); break; case 'ispaypalverified': $updateUser->setPaypal_verified($value); if ($value) { $updateUser->setHas_w2(false); } break; case 'isw2employee': $updateUser->setHas_w2($value); if ($value) { $updateUser->setPaypal_verified(false); $updateUser->setw9_status('not-applicable'); } break; case 'manager': $updateUser->setManager($value); if ($value) { $manager = new User(); $manager->findUserById($value); // Send journal notification Utils::systemNotification("The manager for @" . $updateUser->getNickname() . " is now set to @" . $manager->getNickname()); } else { Utils::systemNotification("The manager for @" . $updateUser->getNickname() . " has been removed"); } break; case 'referrer': $updateUser->setReferred_by($value); if ($value) { $referrer = new User(); $referrer->findUserById($value); // Send journal notification Utils::systemNotification("The referrer for @" . $updateUser->getNickname() . " is now set to @" . $referrer->getNickname()); } else { Utils::systemNotification("The referrer for @" . $updateUser->getNickname() . " has been removed"); } break; case 'isactive': $updateUser->setIs_active($value); break; default: break; } $updateUser->save(); $response = array('succeeded' => true, 'message' => 'User details updated successfully'); echo json_encode($response); exit(0); } else { die(json_encode(array('succeeded' => false, 'message' => 'Error: Could not determine the user_id'))); } } $user = new User(); $user = User::find($id ? $id : Session::uid()); $userId = $user->getId(); /** * If we couldn't find a valid User, return an ErrorView */ if (!$user->getId()) { $this->write('msg', 'That user doesn\'t exist.'); $this->write('link', WORKLIST_URL); $this->view = new ErrorView(); parent::run(); } $this->write('userId', $userId); $this->write('user', $user); $this->write('Annual_Salary', $user->getAnnual_salary() > 0 ? $user->getAnnual_salary() : ''); $this->write('manager', $user->getManager()); $this->write('referred_by', $user->getReferred_by()); if ($action == 'create-sandbox') { $result = array(); try { if (!$is_runner) { throw new Exception("Access Denied"); } $args = array('unixusername', 'projects'); foreach ($args as $arg) { ${$arg} = mysql_real_escape_string($_REQUEST[$arg]); } $projectList = explode(",", str_replace(" ", "", $projects)); // Create sandbox for user $sandboxUtil = new SandBoxUtil(); $sandboxUtil->createSandbox($user->getUsername(), $user->getNickname(), $unixusername, $projectList); // If sb creation was successful, update users table $user->setHas_sandbox(1); $user->setUnixusername($unixusername); $user->setProjects_checkedout($projects); $user->save(); // add to project_users table foreach ($projectList as $project) { $project_id = Project::getIdFromRepo($project); $user->checkoutProject($project_id); } } catch (Exception $e) { $result["error"] = $e->getMessage(); } echo json_encode($result); die; } $reviewee_id = (int) $userId; $review = new Review(); $this->write('reviewsList', $review->getReviews($reviewee_id, $reqUserId)); $this->write('projects', $this->getProjectList()); $user_projects = $user->getProjects_checkedout(); $this->write('has_sandbox', count($user_projects) > 0); $users_favorite = new Users_Favorite(); $favorite_enabled = 1; $favorite = $users_favorite->getMyFavoriteForUser($reqUserId, $userId); if (isset($favorite['favorite'])) { $favorite_enabled = $favorite['favorite']; } $favorite_count = $users_favorite->getUserFavoriteCount($userId); $this->write('favorite_count', $favorite_count); $this->write('favorite_enabled', $favorite_enabled); parent::run(); }
public function view($id) { try { $project = Project::find($id); } catch (Exception $e) { $error = $e->getMessage(); die($error); } $is_runner = !empty($_SESSION['is_runner']) ? 1 : 0; $is_payer = !empty($_SESSION['is_payer']) ? 1 : 0; //get the project owner $project_user = new User(); $project_user->findUserById($project->getOwnerId()); $this->write('project_user', $project_user); $userId = Session::uid(); if ($userId > 0) { Utils::initUserById($userId); $user = new User(); $user->findUserById($userId); // @TODO: this is overwritten below.. -- lithium $nick = $user->getNickname(); $userbudget = $user->getBudget(); $budget = number_format($userbudget); $is_owner = $project->isOwner($user->getId()); $is_admin = $user->getIs_admin(); } else { $is_owner = false; $is_admin = false; } $runners = $project->getRunners(); if (isset($_REQUEST['save_project']) && ($is_runner || $is_payer || $is_owner)) { $project->setDescription($_REQUEST['description'])->setShortDescription($_REQUEST['short_description']); $project->setWebsite($_REQUEST['website']); $cr_anyone = $_REQUEST['cr_anyone'] ? 1 : 0; $cr_3_favorites = $_REQUEST['cr_3_favorites'] ? 1 : 0; $cr_project_admin = isset($_REQUEST['cr_project_admin']) ? 1 : 0; $cr_users_specified = isset($_REQUEST['cr_users_specified']) ? 1 : 0; $cr_job_runner = isset($_REQUEST['cr_job_runner']) ? 1 : 0; $internal = isset($_REQUEST['internal']) ? 1 : 0; $require_sandbox = isset($_REQUEST['require_sandbox']) ? 1 : 0; $hipchat_enabled = isset($_REQUEST['hipchat_enabled']) ? 1 : 0; $project->setCrAnyone($cr_anyone); $project->setCrFav($cr_3_favorites); $project->setCrAdmin($cr_project_admin); $project->setCrRunner($cr_job_runner); $project->setCrUsersSpecified($cr_users_specified); $project->setHipchatEnabled($hipchat_enabled); $project->setHipchatNotificationToken($_REQUEST['hipchat_notification_token']); $project->setHipchatRoom($_REQUEST['hipchat_room']); $project->setHipchatColor($_REQUEST['hipchat_color']); if ($user->getIs_admin()) { $project->setInternal($internal); } if ($user->getIs_admin()) { $project->setRequireSandbox($require_sandbox); } if ($_REQUEST['logoProject'] != "") { $project->setLogo(basename($_REQUEST['logoProject'])); } $project->save(); // we clear post to prevent the page from redirecting $_POST = array(); } $project_id = $project->getProjectId(); $hide_project_column = true; // save,edit,delete roles <mikewasmie 16-jun-2011> if ($is_runner || $is_payer || $project->isOwner($userId)) { if (isset($_POST['save_role'])) { $args = array('role_title', 'percentage', 'min_amount'); foreach ($args as $arg) { ${$arg} = mysql_real_escape_string($_POST[$arg]); } $role_id = $project->addRole($project_id, $role_title, $percentage, $min_amount); } if (isset($_POST['edit_role'])) { $args = array('role_id', 'role_title', 'percentage', 'min_amount'); foreach ($args as $arg) { ${$arg} = mysql_real_escape_string($_POST[$arg]); } $res = $project->editRole($role_id, $role_title, $percentage, $min_amount); } if (isset($_POST['delete_role'])) { $role_id = mysql_real_escape_string($_POST['role_id']); $res = $project->deleteRole($role_id); } } /* Prevent reposts on refresh */ if (!empty($_POST)) { unset($_POST); header('Location: ' . $projectName); exit; } $edit_mode = false; if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'edit' && ($is_admin || $is_owner)) { $edit_mode = true; } $this->write('project', $project); $this->write('edit_mode', $edit_mode); $this->write('is_owner', $is_owner); parent::run(); }
public function listView($projectName = null, $filterName = null) { $this->view = new JobsView(); // $nick is setup above.. and then overwritten here -- lithium $nick = ''; $userId = Session::uid(); if ($userId > 0) { Utils::initUserById($userId); $user = new User(); $user->findUserById($userId); // @TODO: this is overwritten below.. -- lithium $nick = $user->getNickname(); $userbudget = $user->getBudget(); $budget = number_format($userbudget); $this->is_internal = $user->isInternal(); } $this->is_runner = !empty($_SESSION['is_runner']) ? 1 : 0; $is_payer = !empty($_SESSION['is_payer']) ? 1 : 0; $is_admin = !empty($_SESSION['is_admin']) ? 1 : 0; $workitem = new WorkItem(); $queryFilter = empty($_REQUEST['query']) ? '' : $_REQUEST['query']; $this->write('queryFilter', $queryFilter); $this->write('followingFilter', $filterName != null && $filterName == "following" ? true : false); if ($projectName != null && $projectName != "all") { $project = Project::find($projectName); $this->write('projectFilter', $project ? $project->getProjectId() : 0); } else { $this->write('projectFilter', 0); } if ($filterName != null && $filterName != "following") { $this->write('statusFilter', $filterName); } else { $this->write('statusFilter', empty($queryFilter) ? 'Active' : 'All'); } $this->write('labelsFilter', array_slice(func_get_args(), 2)); // Prevent reposts on refresh if (!empty($_POST)) { unset($_POST); $this->view = null; Utils::redirect('./jobs'); exit; } $worklist_id = isset($_REQUEST['job_id']) ? intval($_REQUEST['job_id']) : 0; $this->write('req_status', isset($_GET['status']) ? $_GET['status'] : ''); $this->write('review_only', isset($_GET['status']) && $_GET['status'] == 'needs-review' ? 'true' : 'false'); parent::run(); }