public function loadFull(CAppUI $AppUI, $holidayId) { $q = new w2p_Database_Query(); $q->addTable('holiday'); $q->addQuery('holiday.*'); $q->addWhere('holiday.holiday_id = ' . (int) $holidayId); $q->loadObject($this, true, false); }
public function loadFull(CAppUI $AppUI = null, $contactId) { global $AppUI; $q = new w2p_Database_Query(); $q->addTable('contacts'); $q->addJoin('companies', 'cp', 'cp.company_id = contact_company'); $q->addWhere('contact_id = ' . (int) $contactId); $q->loadObject($this, true, false); }
public function loadFull($event_id) { $q = new w2p_Database_Query(); $q->addTable('events', 'e'); $q->addQuery('e.*, project_name, project_color_identifier, company_name'); $q->leftJoin('projects', 'p', 'event_project = project_id'); $q->leftJoin('companies', 'c', 'project_company = company_id'); $q->addWhere('event_id = ' . (int) $event_id); $q->loadObject($this, true, false); }
public function loadFull(CAppUI $AppUI, $link_id) { $q = new w2p_Database_Query(); $q->addQuery('links.*'); $q->addQuery('user_username'); $q->addQuery('contact_first_name, contact_last_name'); $q->addQuery('project_id'); $q->addQuery('task_id, task_name'); $q->addTable('links'); $q->leftJoin('users', 'u', 'link_owner = user_id'); $q->leftJoin('contacts', 'c', 'user_contact = contact_id'); $q->leftJoin('projects', 'p', 'project_id = link_project'); $q->leftJoin('tasks', 't', 'task_id = link_task'); $q->addWhere('link_id = ' . (int) $link_id); $q->loadObject($this, true, false); }
public function loadFull(CAppUI $AppUI = null, $deptId) { global $AppUI; $q = new w2p_Database_Query(); $q->addTable('companies', 'com'); $q->addTable('departments', 'dep'); $q->addQuery('dep.*, company_name'); $q->addQuery('con.contact_first_name'); $q->addQuery('con.contact_last_name'); $q->addJoin('users', 'u', 'u.user_id = dep.dept_owner'); $q->addJoin('contacts', 'con', 'u.user_contact = con.contact_id'); $q->addWhere('dep.dept_id = ' . (int) $deptId); $q->addWhere('dep.dept_company = company_id'); $this->company_name = ''; $this->contact_first_name = ''; $this->contact_last_name = ''; $q->loadObject($this); }
public function loadFull(CAppUI $AppUI = null, $taskId) { global $AppUI; $q = new w2p_Database_Query(); $q->addTable('tasks'); $q->leftJoin('users', 'u1', 'u1.user_id = task_owner', 'outer'); $q->leftJoin('contacts', 'ct', 'ct.contact_id = u1.user_contact', 'outer'); $q->innerJoin('projects', 'p', 'p.project_id = task_project'); $q->innerJoin('companies', 'co', 'co.company_id = project_company'); $q->addWhere('task_id = ' . (int) $taskId); $q->addQuery('tasks.*'); $q->addQuery('company_name, project_name, project_color_identifier'); $q->addQuery('CONCAT(contact_first_name, \' \', contact_last_name) as username'); $q->addGroup('task_id'); $q->loadObject($this, true, false); $this->task_hours_worked += 0; }
/** * Login function * * A number of things are done in this method to prevent illegal entry: * <ul> * <li>The username and password are trimmed and escaped to prevent malicious * SQL being executed * </ul> * The schema previously used the MySQL PASSWORD function for encryption. This * Method has been deprecated in favour of PHP's MD5() function for database independance. * The check_legacy_password option is no longer valid * * Upon a successful username and password match, several fields from the user * table are loaded in this object for convenient reference. The style, locales * and preferences are also loaded at this time. * * @param string The user login name * @param string The user password * @return boolean True if successful, false if not */ public function login($username, $password) { $auth_method = w2PgetConfig('auth_method', 'sql'); if ($_POST['login'] != 'login' && $_POST['login'] != $this->_('login', UI_OUTPUT_RAW) && $_REQUEST['login'] != $auth_method) { die('You have chosen to log in using an unsupported or disabled login method'); } $auth =& getauth($auth_method); $username = preg_replace("/[^A-Za-z0-9._@-]/", "", $username); $username = trim($username); $password = trim($password); if (!$auth->authenticate($username, $password)) { return false; } $user_id = $auth->userId($username); $username = $auth->username; // Some authentication schemes may collect username in various ways. // Now that the password has been checked, see if they are allowed to // access the system if (!isset($GLOBALS['acl'])) { $GLOBALS['acl'] = new w2p_Extensions_Permissions(); } if (!$GLOBALS['acl']->checkLogin($user_id)) { dprint(__FILE__, __LINE__, 1, 'Permission check failed'); return false; } $q = new w2p_Database_Query(); $q->addTable('users'); $q->addQuery('user_id, contact_first_name as user_first_name, ' . 'contact_last_name as user_last_name, contact_display_name as user_display_name, ' . 'contact_company as user_company, contact_department as user_department, user_type'); $q->addJoin('contacts', 'con', 'con.contact_id = user_contact', 'inner'); /* Begin Hack */ /* * This is a particularly annoying hack but I don't know of a better * way to resolve #457. In v2.0, there was a refactoring to allow for * muliple contact methods which resulted in the contact_email being * removed from the contacts table. If the user is upgrading from * v1.x and they try to log in before applying the database, crash. * Info: http://bugs.web2project.net/view.php?id=457 * This hack was deprecated in dbVersion 26 for v2.2 in December 2010. */ $qTest = new w2p_Database_Query(); $qTest->addTable('w2pversion'); $qTest->addQuery('max(db_version)'); $dbVersion = $qTest->loadResult(); if ($dbVersion >= 21 && $dbVersion < 26) { $q->leftJoin('contacts_methods', 'cm', 'cm.contact_id = con.contact_id'); $q->addWhere("cm.method_name = 'email_primary'"); $q->addQuery('cm.method_value AS user_email'); } /* End Hack */ $q->addWhere('user_id = ' . (int) $user_id . ' AND user_username = \'' . $username . '\''); $q->loadObject($this); if (!$this) { dprint(__FILE__, __LINE__, 1, 'Failed to load user information'); return false; } // load the user preferences $this->loadPrefs($this->user_id); $this->setUserLocale(); $this->setStyle(); return true; }
public function loadFull(CAppUI $AppUI, $projectId) { $q = new w2p_Database_Query(); $q->addTable('projects'); $q->addQuery('company_name, CONCAT_WS(\' \',contact_first_name,contact_last_name) user_name, projects.*'); $q->addJoin('companies', 'com', 'company_id = project_company', 'inner'); $q->leftJoin('users', 'u', 'user_id = project_owner'); $q->leftJoin('contacts', 'con', 'contact_id = user_contact'); $q->addWhere('project_id = ' . (int) $projectId); $q->addGroup('project_id'); $this->company_name = ''; $this->user_name = ''; $q->loadObject($this); }
/** * Generic check for whether dependencies exist for this object in the db schema * * Can be overloaded/supplemented by the child class * @param string $msg Error message returned * @param int Optional key index * @param array Optional array to compiles standard joins: format [label=>'Label',name=>'table name',idfield=>'field',joinfield=>'field'] * @return true|false */ public function canDelete(&$msg, $oid = null, $joins = null) { global $AppUI; // First things first. Are we allowed to delete? $acl =& $AppUI->acl(); if (!$acl->checkModuleItem($this->_tbl_module, 'delete', $oid)) { $msg = $AppUI->_('noDeletePermission'); return false; } $k = $this->_tbl_key; if ($oid) { $this->{$k} = intval($oid); } if (is_array($joins)) { $select = $k; $join = ''; $q = new w2p_Database_Query(); $q->addTable($this->_tbl); $q->addWhere($k . ' = \'' . $this->{$k} . '\''); $q->addGroup($k); foreach ($joins as $table) { $q->addQuery('COUNT(DISTINCT ' . $table['idfield'] . ') AS ' . $table['idfield']); $q->addJoin($table['name'], $table['name'], $table['joinfield'] . ' = ' . $k); } $obj = null; $q->loadObject($obj); $q->clear(); if (!$obj) { $msg = db_error(); return false; } $msg = array(); foreach ($joins as $table) { $k = $table['idfield']; if ($obj->{$k}) { $msg[] = $AppUI->_($table['label']); } } if (count($msg)) { $msg = $AppUI->_('noDeleteRecord') . ': ' . implode(', ', $msg); $this->_error = $msg; return false; } else { return true; } } return true; }
} if (!$canEdit) { $AppUI->redirect('m=public&a=access_denied'); } // check if this record has dependancies to prevent deletion $msg = ''; $obj = new CFileFolder(); if ($folder > 0) { $canDelete = $obj->canDelete($msg, $folder); } $q = new w2p_Database_Query(); $q->addTable('file_folders'); $q->addQuery('file_folders.*'); $q->addWhere('file_folder_id=' . $folder); $obj = null; $q->loadObject($obj); // load the record data if (!$obj && $folder > 0) { $AppUI->setMsg('File Folder'); $AppUI->setMsg('invalidID', UI_MSG_ERROR, true); $AppUI->redirect(); } $folders = getFolderSelectList(); // setup the title block $ttl = $folder ? 'Edit File Folder' : 'Add File Folder'; $titleBlock = new CTitleBlock($ttl, 'folder5.png', $m, $m . '.' . $a); $titleBlock->addCrumb('?m=files', 'files list'); if ($canEdit && $folder > 0) { $titleBlock->addCrumbDelete('delete file folder', $canDelete, $msg); } $titleBlock->show();
public function loadFull(CAppUI $AppUI = null, $companyId) { global $AppUI; $q = new w2p_Database_Query(); $q->addTable('companies'); $q->addQuery('companies.*'); $q->addQuery('con.contact_first_name'); $q->addQuery('con.contact_last_name'); $q->leftJoin('users', 'u', 'u.user_id = companies.company_owner'); $q->leftJoin('contacts', 'con', 'u.user_contact = con.contact_id'); $q->addWhere('companies.company_id = ' . (int) $companyId); $q->loadObject($this, true, false); }
public function loadFull(CAppUI $AppUI, $forum_id) { $q = new w2p_Database_Query(); $q->addTable('forums'); $q->addTable('users', 'u'); $q->addQuery('forum_id, forum_project, forum_description, forum_owner, forum_name, forum_create_date, forum_last_date, forum_message_count, forum_moderated, user_username, contact_first_name, contact_last_name, contact_display_name, project_name, project_color_identifier'); $q->addJoin('contacts', 'con', 'contact_id = user_contact', 'inner'); $q->addJoin('projects', 'p', 'p.project_id = forum_project', 'left'); $q->addWhere('user_id = forum_owner'); $q->addWhere('forum_id = ' . (int) $forum_id); $this->project_name = ''; $this->project_color_identifier = ''; $this->contact_first_name = ''; $this->contact_last_name = ''; $this->contact_display_name = ''; $q->loadObject($this); }
public function loadByParent($parent_id = 0) { $q = new w2p_Database_Query(); $q->addTable('forum_messages'); $q->addWhere('message_parent = ' . $parent_id); $q->addOrder('message_id DESC'); // fetch last message first $q->loadObject($this, true, false); }
/** * Determines whether the currently logged in user can delete this task log. * * @global AppUI $AppUI global user permissions * * @param string by ref $msg error msg to be populated on failure * @param int optional $oid key to check * @param array $joins optional list of tables to join on * * @return bool */ public function canDelete(&$msg, $oid = null, $joins = null) { global $AppUI; $q = new w2p_Database_Query(); // First things first. Are we allowed to delete? $acl =& $AppUI->acl(); if (!canDelete('task_log')) { $msg = $AppUI->_('noDeletePermission'); return false; } $k = $this->_tbl_key; if ($oid) { $this->{$k} = (int) $oid; } if (is_array($joins)) { $q->addTable($this->_tbl, 'k'); $q->addQuery($k); $i = 0; foreach ($joins as $table) { $table_alias = 't' . $i++; $q->leftJoin($table['name'], $table_alias, $table_alias . '.' . $table['joinfield'] . ' = ' . 'k' . '.' . $k); $q->addQuery('COUNT(DISTINCT ' . $table_alias . '.' . $table['idfield'] . ') AS ' . $table['idfield']); } $q->addWhere($k . ' = ' . $this->{$k}); $q->addGroup($k); $obj = null; $q->loadObject($obj); $q->clear(); if (!$obj) { $msg = db_error(); return false; } $msg = array(); foreach ($joins as $table) { $k = $table['idfield']; if ($obj->{$k}) { $msg[] = $AppUI->_($table['label']); } } if (count($msg)) { $msg = $AppUI->_('noDeleteRecord') . ': ' . implode(', ', $msg); return false; } } return true; }
public function loadFull($userId) { $q = new w2p_Database_Query(); $q->addTable('users', 'u'); $q->addQuery('u.*'); $q->addQuery('con.contact_email AS user_email'); $q->addQuery('uf.feed_token'); $q->addQuery('con.*, company_id, company_name, dept_name, dept_id'); $q->addJoin('contacts', 'con', 'user_contact = contact_id', 'inner'); $q->addJoin('companies', 'com', 'contact_company = company_id'); $q->addJoin('departments', 'dep', 'dept_id = contact_department'); $q->addJoin('user_feeds', 'uf', 'feed_user = u.user_id'); $q->addWhere('u.user_id = ' . (int) $userId); $q->loadObject($this, true, false); }