public function loadFull(CAppUI $AppUI, $holidayId)
{
$q = new w2p_Database_Query();
$q->addTable('holiday');
$q->addQuery('holiday.*');
$q->addWhere('holiday.holiday_id = ' . (int) $holidayId);
$q->loadObject($this, true, false);
}
public function loadFull(CAppUI $AppUI = null, $contactId)
{
global $AppUI;
$q = new w2p_Database_Query();
$q->addTable('contacts');
$q->addJoin('companies', 'cp', 'cp.company_id = contact_company');
$q->addWhere('contact_id = ' . (int) $contactId);
$q->loadObject($this, true, false);
}
public function loadFull($event_id)
{
$q = new w2p_Database_Query();
$q->addTable('events', 'e');
$q->addQuery('e.*, project_name, project_color_identifier, company_name');
$q->leftJoin('projects', 'p', 'event_project = project_id');
$q->leftJoin('companies', 'c', 'project_company = company_id');
$q->addWhere('event_id = ' . (int) $event_id);
$q->loadObject($this, true, false);
}
public function loadFull(CAppUI $AppUI, $link_id)
{
$q = new w2p_Database_Query();
$q->addQuery('links.*');
$q->addQuery('user_username');
$q->addQuery('contact_first_name, contact_last_name');
$q->addQuery('project_id');
$q->addQuery('task_id, task_name');
$q->addTable('links');
$q->leftJoin('users', 'u', 'link_owner = user_id');
$q->leftJoin('contacts', 'c', 'user_contact = contact_id');
$q->leftJoin('projects', 'p', 'project_id = link_project');
$q->leftJoin('tasks', 't', 'task_id = link_task');
$q->addWhere('link_id = ' . (int) $link_id);
$q->loadObject($this, true, false);
}
public function loadFull(CAppUI $AppUI = null, $deptId)
{
global $AppUI;
$q = new w2p_Database_Query();
$q->addTable('companies', 'com');
$q->addTable('departments', 'dep');
$q->addQuery('dep.*, company_name');
$q->addQuery('con.contact_first_name');
$q->addQuery('con.contact_last_name');
$q->addJoin('users', 'u', 'u.user_id = dep.dept_owner');
$q->addJoin('contacts', 'con', 'u.user_contact = con.contact_id');
$q->addWhere('dep.dept_id = ' . (int) $deptId);
$q->addWhere('dep.dept_company = company_id');
$this->company_name = '';
$this->contact_first_name = '';
$this->contact_last_name = '';
$q->loadObject($this);
}
public function loadFull(CAppUI $AppUI = null, $taskId)
{
global $AppUI;
$q = new w2p_Database_Query();
$q->addTable('tasks');
$q->leftJoin('users', 'u1', 'u1.user_id = task_owner', 'outer');
$q->leftJoin('contacts', 'ct', 'ct.contact_id = u1.user_contact', 'outer');
$q->innerJoin('projects', 'p', 'p.project_id = task_project');
$q->innerJoin('companies', 'co', 'co.company_id = project_company');
$q->addWhere('task_id = ' . (int) $taskId);
$q->addQuery('tasks.*');
$q->addQuery('company_name, project_name, project_color_identifier');
$q->addQuery('CONCAT(contact_first_name, \' \', contact_last_name) as username');
$q->addGroup('task_id');
$q->loadObject($this, true, false);
$this->task_hours_worked += 0;
}
/**
* Login function
*
* A number of things are done in this method to prevent illegal entry:
* <ul>
* <li>The username and password are trimmed and escaped to prevent malicious
* SQL being executed
* </ul>
* The schema previously used the MySQL PASSWORD function for encryption. This
* Method has been deprecated in favour of PHP's MD5() function for database independance.
* The check_legacy_password option is no longer valid
*
* Upon a successful username and password match, several fields from the user
* table are loaded in this object for convenient reference. The style, locales
* and preferences are also loaded at this time.
*
* @param string The user login name
* @param string The user password
* @return boolean True if successful, false if not
*/
public function login($username, $password)
{
$auth_method = w2PgetConfig('auth_method', 'sql');
if ($_POST['login'] != 'login' && $_POST['login'] != $this->_('login', UI_OUTPUT_RAW) && $_REQUEST['login'] != $auth_method) {
die('You have chosen to log in using an unsupported or disabled login method');
}
$auth =& getauth($auth_method);
$username = preg_replace("/[^A-Za-z0-9._@-]/", "", $username);
$username = trim($username);
$password = trim($password);
if (!$auth->authenticate($username, $password)) {
return false;
}
$user_id = $auth->userId($username);
$username = $auth->username;
// Some authentication schemes may collect username in various ways.
// Now that the password has been checked, see if they are allowed to
// access the system
if (!isset($GLOBALS['acl'])) {
$GLOBALS['acl'] = new w2p_Extensions_Permissions();
}
if (!$GLOBALS['acl']->checkLogin($user_id)) {
dprint(__FILE__, __LINE__, 1, 'Permission check failed');
return false;
}
$q = new w2p_Database_Query();
$q->addTable('users');
$q->addQuery('user_id, contact_first_name as user_first_name, ' . 'contact_last_name as user_last_name, contact_display_name as user_display_name, ' . 'contact_company as user_company, contact_department as user_department, user_type');
$q->addJoin('contacts', 'con', 'con.contact_id = user_contact', 'inner');
/* Begin Hack */
/*
* This is a particularly annoying hack but I don't know of a better
* way to resolve #457. In v2.0, there was a refactoring to allow for
* muliple contact methods which resulted in the contact_email being
* removed from the contacts table. If the user is upgrading from
* v1.x and they try to log in before applying the database, crash.
* Info: http://bugs.web2project.net/view.php?id=457
* This hack was deprecated in dbVersion 26 for v2.2 in December 2010.
*/
$qTest = new w2p_Database_Query();
$qTest->addTable('w2pversion');
$qTest->addQuery('max(db_version)');
$dbVersion = $qTest->loadResult();
if ($dbVersion >= 21 && $dbVersion < 26) {
$q->leftJoin('contacts_methods', 'cm', 'cm.contact_id = con.contact_id');
$q->addWhere("cm.method_name = 'email_primary'");
$q->addQuery('cm.method_value AS user_email');
}
/* End Hack */
$q->addWhere('user_id = ' . (int) $user_id . ' AND user_username = \'' . $username . '\'');
$q->loadObject($this);
if (!$this) {
dprint(__FILE__, __LINE__, 1, 'Failed to load user information');
return false;
}
// load the user preferences
$this->loadPrefs($this->user_id);
$this->setUserLocale();
$this->setStyle();
return true;
}
public function loadFull(CAppUI $AppUI, $projectId)
{
$q = new w2p_Database_Query();
$q->addTable('projects');
$q->addQuery('company_name, CONCAT_WS(\' \',contact_first_name,contact_last_name) user_name, projects.*');
$q->addJoin('companies', 'com', 'company_id = project_company', 'inner');
$q->leftJoin('users', 'u', 'user_id = project_owner');
$q->leftJoin('contacts', 'con', 'contact_id = user_contact');
$q->addWhere('project_id = ' . (int) $projectId);
$q->addGroup('project_id');
$this->company_name = '';
$this->user_name = '';
$q->loadObject($this);
}
/**
* Generic check for whether dependencies exist for this object in the db schema
*
* Can be overloaded/supplemented by the child class
* @param string $msg Error message returned
* @param int Optional key index
* @param array Optional array to compiles standard joins: format [label=>'Label',name=>'table name',idfield=>'field',joinfield=>'field']
* @return true|false
*/
public function canDelete(&$msg, $oid = null, $joins = null)
{
global $AppUI;
// First things first. Are we allowed to delete?
$acl =& $AppUI->acl();
if (!$acl->checkModuleItem($this->_tbl_module, 'delete', $oid)) {
$msg = $AppUI->_('noDeletePermission');
return false;
}
$k = $this->_tbl_key;
if ($oid) {
$this->{$k} = intval($oid);
}
if (is_array($joins)) {
$select = $k;
$join = '';
$q = new w2p_Database_Query();
$q->addTable($this->_tbl);
$q->addWhere($k . ' = \'' . $this->{$k} . '\'');
$q->addGroup($k);
foreach ($joins as $table) {
$q->addQuery('COUNT(DISTINCT ' . $table['idfield'] . ') AS ' . $table['idfield']);
$q->addJoin($table['name'], $table['name'], $table['joinfield'] . ' = ' . $k);
}
$obj = null;
$q->loadObject($obj);
$q->clear();
if (!$obj) {
$msg = db_error();
return false;
}
$msg = array();
foreach ($joins as $table) {
$k = $table['idfield'];
if ($obj->{$k}) {
$msg[] = $AppUI->_($table['label']);
}
}
if (count($msg)) {
$msg = $AppUI->_('noDeleteRecord') . ': ' . implode(', ', $msg);
$this->_error = $msg;
return false;
} else {
return true;
}
}
return true;
}
}
if (!$canEdit) {
$AppUI->redirect('m=public&a=access_denied');
}
// check if this record has dependancies to prevent deletion
$msg = '';
$obj = new CFileFolder();
if ($folder > 0) {
$canDelete = $obj->canDelete($msg, $folder);
}
$q = new w2p_Database_Query();
$q->addTable('file_folders');
$q->addQuery('file_folders.*');
$q->addWhere('file_folder_id=' . $folder);
$obj = null;
$q->loadObject($obj);
// load the record data
if (!$obj && $folder > 0) {
$AppUI->setMsg('File Folder');
$AppUI->setMsg('invalidID', UI_MSG_ERROR, true);
$AppUI->redirect();
}
$folders = getFolderSelectList();
// setup the title block
$ttl = $folder ? 'Edit File Folder' : 'Add File Folder';
$titleBlock = new CTitleBlock($ttl, 'folder5.png', $m, $m . '.' . $a);
$titleBlock->addCrumb('?m=files', 'files list');
if ($canEdit && $folder > 0) {
$titleBlock->addCrumbDelete('delete file folder', $canDelete, $msg);
}
$titleBlock->show();
public function loadFull(CAppUI $AppUI = null, $companyId)
{
global $AppUI;
$q = new w2p_Database_Query();
$q->addTable('companies');
$q->addQuery('companies.*');
$q->addQuery('con.contact_first_name');
$q->addQuery('con.contact_last_name');
$q->leftJoin('users', 'u', 'u.user_id = companies.company_owner');
$q->leftJoin('contacts', 'con', 'u.user_contact = con.contact_id');
$q->addWhere('companies.company_id = ' . (int) $companyId);
$q->loadObject($this, true, false);
}
public function loadFull(CAppUI $AppUI, $forum_id)
{
$q = new w2p_Database_Query();
$q->addTable('forums');
$q->addTable('users', 'u');
$q->addQuery('forum_id, forum_project, forum_description, forum_owner, forum_name,
forum_create_date, forum_last_date, forum_message_count, forum_moderated,
user_username, contact_first_name, contact_last_name, contact_display_name,
project_name, project_color_identifier');
$q->addJoin('contacts', 'con', 'contact_id = user_contact', 'inner');
$q->addJoin('projects', 'p', 'p.project_id = forum_project', 'left');
$q->addWhere('user_id = forum_owner');
$q->addWhere('forum_id = ' . (int) $forum_id);
$this->project_name = '';
$this->project_color_identifier = '';
$this->contact_first_name = '';
$this->contact_last_name = '';
$this->contact_display_name = '';
$q->loadObject($this);
}
public function loadByParent($parent_id = 0)
{
$q = new w2p_Database_Query();
$q->addTable('forum_messages');
$q->addWhere('message_parent = ' . $parent_id);
$q->addOrder('message_id DESC');
// fetch last message first
$q->loadObject($this, true, false);
}
/**
* Determines whether the currently logged in user can delete this task log.
*
* @global AppUI $AppUI global user permissions
*
* @param string by ref $msg error msg to be populated on failure
* @param int optional $oid key to check
* @param array $joins optional list of tables to join on
*
* @return bool
*/
public function canDelete(&$msg, $oid = null, $joins = null)
{
global $AppUI;
$q = new w2p_Database_Query();
// First things first. Are we allowed to delete?
$acl =& $AppUI->acl();
if (!canDelete('task_log')) {
$msg = $AppUI->_('noDeletePermission');
return false;
}
$k = $this->_tbl_key;
if ($oid) {
$this->{$k} = (int) $oid;
}
if (is_array($joins)) {
$q->addTable($this->_tbl, 'k');
$q->addQuery($k);
$i = 0;
foreach ($joins as $table) {
$table_alias = 't' . $i++;
$q->leftJoin($table['name'], $table_alias, $table_alias . '.' . $table['joinfield'] . ' = ' . 'k' . '.' . $k);
$q->addQuery('COUNT(DISTINCT ' . $table_alias . '.' . $table['idfield'] . ') AS ' . $table['idfield']);
}
$q->addWhere($k . ' = ' . $this->{$k});
$q->addGroup($k);
$obj = null;
$q->loadObject($obj);
$q->clear();
if (!$obj) {
$msg = db_error();
return false;
}
$msg = array();
foreach ($joins as $table) {
$k = $table['idfield'];
if ($obj->{$k}) {
$msg[] = $AppUI->_($table['label']);
}
}
if (count($msg)) {
$msg = $AppUI->_('noDeleteRecord') . ': ' . implode(', ', $msg);
return false;
}
}
return true;
}
public function loadFull($userId)
{
$q = new w2p_Database_Query();
$q->addTable('users', 'u');
$q->addQuery('u.*');
$q->addQuery('con.contact_email AS user_email');
$q->addQuery('uf.feed_token');
$q->addQuery('con.*, company_id, company_name, dept_name, dept_id');
$q->addJoin('contacts', 'con', 'user_contact = contact_id', 'inner');
$q->addJoin('companies', 'com', 'contact_company = company_id');
$q->addJoin('departments', 'dep', 'dept_id = contact_department');
$q->addJoin('user_feeds', 'uf', 'feed_user = u.user_id');
$q->addWhere('u.user_id = ' . (int) $userId);
$q->loadObject($this, true, false);
}
