function check_incident_access($id)
{
global $config;
if ($id) {
$incident = get_incident($id);
if ($incident !== false) {
$id_grupo = $incident['id_grupo'];
} else {
echo "<h1>" . __("Ticket") . "</h1>";
echo ui_print_error_message(__("There is no information for this ticket"), '', true, 'h3', true);
echo "<br>";
echo "<a style='margin-left: 90px' href='index.php?sec=incidents&sec2=operation/incidents/incident_search'>" . __("Try the search form to find the ticket") . "</a>";
return false;
}
}
if (isset($incident)) {
//Incident creators must see their incidents
$check_acl = enterprise_hook("incidents_check_incident_acl", array($incident));
$standalone_check = enterprise_hook("manage_standalone", array($incident));
if ($check_acl !== ENTERPRISE_NOT_HOOK && !$check_acl || $standalone_check !== ENTERPRISE_NOT_HOOK && !$standalone_check) {
// Doesn't have access to this page
audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to ticket (External user) " . $id);
include "general/noaccess.php";
return false;
}
} else {
if (!give_acl($config['id_user'], $id_grupo, "IR")) {
// Doesn't have access to this page
audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to ticket " . $id);
include "general/noaccess.php";
return false;
} else {
//No incident but ACLs enabled
echo ui_print_error_message(__("The ticket doesn't exist"), '', true, 'h3', true);
return false;
}
}
return true;
}
$external_check = enterprise_hook("manage_external", array($incident));
if (($check_acl !== ENTERPRISE_NOT_HOOK && !$check_acl) || ($external_check !== ENTERPRISE_NOT_HOOK && !$external_check)) {
// Doesn't have access to this page
audit_db ($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation",
'Trying to access files of ticket #'.$id." '".$titulo."'");
if (!defined ('AJAX')) {
include ("general/noaccess.php");
exit;
} else {
return;
}
}
if (!$id) {
audit_db ($config['id_user'], $REMOTE_ADDR, "ACL Violation",
"Trying to access files of ticket #".$id);
if (!defined ('AJAX')) {
include ("general/noaccess.php");
exit;
} else {
return;
}
}
if (defined ('AJAX')) {
$upload_file = (bool) get_parameter("upload_file");
if ($upload_file) {
$result = array();
$result["status"] = false;
$result["message"] = "";
$result["id_attachment"] = 0;
$section_write_permission = check_crm_acl('company', 'cw');
$section_manage_permission = check_crm_acl('company', 'cm');
if (!$section_read_permission && !$section_write_permission && !$section_manage_permission) {
audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to contacts without permission");
include "general/noaccess.php";
exit;
}
if ($id || $id_company) {
if ($id) {
$id_company = get_db_value('id_company', 'tcompany_contact', 'id', $id);
}
$read_permission = check_crm_acl('other', 'cr', $config['id_user'], $id_company);
$write_permission = check_crm_acl('other', 'cw', $config['id_user'], $id_company);
$manage_permission = check_crm_acl('other', 'cm', $config['id_user'], $id_company);
if (!$read_permission && !$write_permission && !$manage_permission || $id_company === false) {
audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access a contact without permission");
include "general/noaccess.php";
exit;
}
}
$op = get_parameter("op", "details");
if ($id == 0) {
echo "<h1>" . __('Contact management') . "</h1>";
}
if ($id != 0) {
echo '<ul style="height: 30px;" class="ui-tabs-nav">';
if ($op == "files") {
echo '<li class="ui-tabs-selected">';
} else {
echo '<li class="ui-tabs">';
}
$id = (int) get_parameter ('id');
$clean_output = get_parameter('clean_output');
if (! $id) {
require ("general/noaccess.php");
exit;
}
$incident = get_db_row ('tincidencia', 'id_incidencia', $id);
//user with IR and incident creator see the information
$check_acl = enterprise_hook("incidents_check_incident_acl", array($incident));
$standalone_check = enterprise_hook("manage_standalone", array($incident));
if (($check_acl !== ENTERPRISE_NOT_HOOK && !$check_acl) || ($standalone_check !== ENTERPRISE_NOT_HOOK && !$standalone_check)) {
audit_db ($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation","Trying to access to ticket #".$id);
include ("general/noaccess.php");
exit;
}
//Clean output we need to print incident title header :)
if ($clean_output) {
echo '<h1 class="ticket_clean_report_title">'.__("Statistics")."</h1>";
}
$fields = array(SECONDS_1DAY => "1 day",
SECONDS_2DAY => "2 days",
SECONDS_1WEEK => "1 week",
SECONDS_2WEEK => "2 weeks",
SECONDS_1MONTH => "1 month");
if ($result === false) {
echo '<h3 class="error">' . __('There was a problem modifying group') . '</h3>';
} else {
audit_db($config["id_user"], $config["REMOTE_ADDR"], "Group management", "Modified group now called '{$name}'");
echo '<h3 class="suc">' . __('Successfully updated') . '</h3>';
}
}
// Delete group
if ($delete_group) {
$name = get_db_sql("SELECT nombre FROM tgrupo WHERE id_grupo = {$id}");
$sql = sprintf('DELETE FROM tgrupo WHERE id_grupo = %d', $id);
$result = process_sql($sql);
if ($result === false) {
echo '<h3 class="error">' . __('There was a problem deleting group') . '</h3>';
} else {
audit_db($config["id_user"], $config["REMOTE_ADDR"], "Group management", "Deleted group '{$name}'");
echo '<h3 class="suc">' . __('Successfully deleted') . '</h3>';
}
}
$offset = get_parameter("offset", 0);
$search_text = get_parameter("search_text", "");
echo "<table class='search-table' style='width: 99%;'><form name='bskd' method=post action='index.php?sec=users&sec2=godmode/grupos/lista_grupos'>";
echo "<td>";
echo "<b>" . __('Search text') . "</b> ";
print_input_text("search_text", $search_text, '', 40, 0, false);
echo "</td>";
echo "<td>";
print_submit_button(__('Search'), '', false, 'class="sub next"', false, false);
echo "</td>";
echo "</table></form>";
$groups = get_db_all_rows_sql("SELECT * FROM tgrupo WHERE nombre LIKE '%{$search_text}%' ORDER BY nombre");
// INTEGRIA - the ITIL Management System
// http://integria.sourceforge.net
// ==================================================
// Copyright (c) 2008 Ártica Soluciones Tecnológicas
// http://www.artica.es <*****@*****.**>
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; version 2
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
global $config;
check_login();
if (!give_acl($config["id_user"], 0, "IM")) {
audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access company section");
require "general/noaccess.php";
exit;
}
$id_incident_type = (int) get_parameter('id');
$add_field = (int) get_parameter('add_field');
$update_field = (int) get_parameter('update_field');
$id_field = (int) get_parameter('id_field');
$label = '';
$type = 'text';
$combo_value = '';
$linked_value = '';
$parent = '';
$show_in_list = false;
$global_field = false;
$add_linked_value = '';
if ($report === false)
return;
$name = $report['name'];
$sql = $report['sql'];
$id_group = $report['id_group'];
$user_in_group = get_db_value_filter('id_grupo', 'tusuario_perfil', array('id_usuario'=>$config['id_user'],'id_grupo'=>$id_group));
if ($id_group == 1) {
$user_in_group = 1;
}
}
if ((!dame_admin ($config['id_user'])) && ($user_in_group == false)) {
// Doesn't have access to this page
audit_db ($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access inventory reports");
include ("general/noaccess.php");
return;
}
$result_msg = '';
if ($create) {
$values['name'] = (string) get_parameter ('name');
$values['sql'] = (string) get_parameter ('sql');
$values['id_group'] = get_parameter('id_group', 0);
$result = false;
if (! empty ($values['name']))
$result = process_sql_insert ('tinventory_reports', $values);
if ($result) {
// INTEGRIA - the ITIL Management System
// http://integria.sourceforge.net
// ==================================================
// Copyright (c) 2008 Ártica Soluciones Tecnológicas
// http://www.artica.es <*****@*****.**>
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; version 2
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
global $config;
check_login();
if (!give_acl($config["id_user"], 0, "PM")) {
audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access external table management");
require "general/noaccess.php";
exit;
}
$external_table = get_parameter('external_table');
$id_object_type = get_parameter('id');
$delete_row = get_parameter('delete_row', 0);
$update_row = get_parameter('update_row', 0);
$add_row = get_parameter('add_row', 0);
//add new line to enter data
$insert_row = get_parameter('insert_row', 0);
if ($delete_row) {
$key = get_parameter('key');
$key_value = get_parameter('key_value');
$result = process_sql_delete($external_table, array($key => $key_value));
if ($result) {
print_table($table);
if ($write_permission || $manage_permission) {
echo '<form method="post" action="index.php?sec=customers&sec2=operation/contacts/contact_detail&id_company=' . $id . '">';
echo '<div style="width: ' . $table->width . '; text-align: right;">';
print_submit_button(__('Create'), 'new_btn', false, 'class="sub next"');
print_input_hidden('new_contact', 1);
echo '</div>';
echo '</form>';
}
} elseif ($op == "invoices") {
$permission = check_crm_acl('invoice', '', $config['id_user'], $id);
$new_invoice = get_parameter("new_invoice", 0);
$operation_invoices = get_parameter("operation_invoices", "");
$view_invoice = get_parameter("view_invoice", 0);
if (!$permission && !$manage_permission and $operation_invoices != "add_invoice") {
audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to an invoice");
include "general/noaccess.php";
exit;
}
$company_name = get_db_sql("SELECT name FROM tcompany WHERE id = {$id}");
if ($operation_invoices != "" or $new_invoice != 0 or $view_invoice != 0) {
$id_invoice = get_parameter("id_invoice", -1);
if ($id_invoice) {
$is_locked = crm_is_invoice_locked($id_invoice);
$lock_permission = crm_check_lock_permission($config["id_user"], $id_invoice);
}
if ($new_invoice == 0 && $is_locked) {
$locked_id_user = crm_get_invoice_locked_id_user($id_invoice);
// Show an only readable invoice
echo "<h3>" . __("Invoice #") . $id_invoice;
echo ' (' . __('Locked by ') . $locked_id_user . ')';
WHERE id = %d',
$timestamp, $duration, $description, $have_cost,
$id_profile, $public, $wu_user, $work_home, $id_workunit);
$result = process_sql ($sql);
if ($id_task !=0) {
// Old old association
process_sql ("DELETE FROM tworkunit_task WHERE id_workunit = $id_workunit");
// Create new one
$sql = sprintf ('INSERT INTO tworkunit_task
(id_task, id_workunit) VALUES (%d, %d)',
$id_task, $id_workunit);
$result = process_sql ($sql, 'insert_id');
}
$result_output = ui_print_success_message (__('Workunit updated'), '', true, 'h3', true);
audit_db ($config["id_user"], $config["REMOTE_ADDR"], "PWU", "Updated PWU. $description");
if ($result !== false) {
set_task_completion ($id_task);
}
}
$multiple_wu_report = array();
if ($operation == 'multiple_wu_insert') {
//Walk post array looking for
$i = 1;
while(true) {
if (!get_parameter("start_date_".$i)) {
// INTEGRIA - the ITIL Management System
// http://integria.sourceforge.net
// ==================================================
// Copyright (c) 2008 Ártica Soluciones Tecnológicas
// http://www.artica.es <*****@*****.**>
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; version 2
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
global $config;
check_login();
if (give_acl($config["id_user"], 0, "FM") == 0) {
audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access log viewer");
require "general/noaccess.php";
exit;
}
$file_name = $config["homedir"] . "/integria.log";
$delete = get_parameter("delete", 0);
if ($delete == 1) {
if (file_exists($file_name)) {
unlink($file_name);
}
}
echo "<h1>" . __("Error log") . "</h1>";
if (!file_exists($file_name)) {
echo "<div class='under_tabs_info'>" . __("Cannot find file") . "(" . $file_name . ")</div>";
} else {
$filesize = filesize($file_name);
// if delete
$id = (int) get_parameter('id');
$name = get_db_value('name', 'tnewsletter', 'id', $id);
$id_group = get_db_value('id_group', 'tnewsletter', 'id', $id);
if (!$manager) {
audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to delete a company without privileges");
require "general/noaccess.php";
exit;
}
$sql = sprintf('DELETE FROM tnewsletter WHERE id = %d', $id);
process_sql($sql);
$sql = sprintf('DELETE FROM tnewsletter_tracking WHERE id_newsletter = %d', $id);
process_sql($sql);
$sql = sprintf('DELETE FROM tnewsletter_queue_data WHERE id_newsletter = %d', $id);
process_sql($sql);
audit_db($config["id_user"], $config["REMOTE_ADDR"], "Newsletter Management", "Deleted newsletter {$name}");
echo "<h3 class='suc'>" . __('Successfully deleted') . "</h3>";
$id = 0;
}
// General newsletter listing
echo "<h2>" . __('Newsletter management') . "</h2>";
echo "<br>";
$search_text = (string) get_parameter('search_text');
$where_clause = "WHERE 1=1 ";
if ($search_text != "") {
$where_clause .= sprintf('AND name LIKE "%%%s%%"', $search_text);
}
$table->width = '90%';
$table->class = 'search-table';
$table->style = array();
$table->style[0] = 'font-weight: bold;';
// Integria can override localtime zone by a user-specified timezone.
$timestamp = print_mysql_timestamp();
$sql = sprintf('INSERT INTO tincidencia
(inicio, actualizacion, titulo, descripcion,
id_usuario, estado, prioridad,
id_grupo, id_creator, notify_email, id_task,
resolution, id_incident_type, sla_disabled, email_copy, epilog)
VALUES ("%s", "%s", "%s", "%s", "%s", %d, %d, %d, "%s",
%d, %d, %d, %d, %d, "%s", "%s")', $timestamp, $timestamp, $title, $description, $id_user_responsible, $estado, $priority, $group_id, $id_creator, $email_notify, $id_task, $resolution, $id_incident_type, $sla_disabled, $email_copy, $epilog);
$id = process_sql($sql, 'insert_id');
if ($id !== false) {
/* Update inventory objects in incident */
update_incident_inventories($id, array($id_inventory));
$result_msg = ui_print_success_message(__('Successfully created') . ' (id #' . $id . ')', '', true);
$result_msg .= '<h4><a href="index.php?sec=incidents&sec2=operation/incidents_simple/incident&id=' . $id . '">' . __('Please click here to continue working with ticket #') . $id . "</a></h4>";
audit_db($config["id_user"], $config["REMOTE_ADDR"], "Ticket created", "User " . $config['id_user'] . " created ticket #" . $id);
incident_tracking($id, INCIDENT_CREATED);
//Add traces and statistic information
incidents_set_tracking($id, 'create', $priority, $estado, $resolution, $id_user_responsible, $group_id);
// Email notify to all people involved in this incident
if ($email_notify) {
mail_incident($id, $id_user_responsible, "", 0, 1);
}
//insert data to incident type fields
if ($id_incident_type > 0) {
$sql_label = "SELECT `label` FROM `tincident_type_field` WHERE id_incident_type = {$id_incident_type}";
$labels = get_db_all_rows_sql($sql_label);
if ($labels === false) {
$labels = array();
}
foreach ($labels as $label) {
if ($id_project) {
$project_access = get_project_access($config['id_user'], $id_project);
}
// ACL - To access to this section, the required permission is PR
if (!$section_access['read']) {
audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to project detail section");
no_permission();
}
// ACL - If creating, the required permission is PW
if ($create_project && !$section_access['write']) {
audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to create a project");
no_permission();
}
// ACL - To view an existing project, belong to it is required
if ($id_project && !$project_access['read']) {
audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to view a project");
no_permission();
}
// Edition / View mode
if ($id_project) {
$project = get_db_row('tproject', 'id', $id_project);
$name = $project["name"];
$description = $project["description"];
$start_date = $project["start"];
$end_date = $project["end"];
$owner = $project["id_owner"];
$id_project_group = $project["id_project_group"];
}
// Main project table
echo "<h1>" . __('Project report') . " » " . get_db_value("name", "tproject", "id", $id_project);
if (!$clean_output) {
function api_add_address_to_newsletter($return_type, $user, $params)
{
global $config;
if (!give_acl($user, 0, "CN")) {
audit_db($user, $config["REMOTE_ADDR"], "ACL Violation", "Trying to access newsletter management");
exit;
}
$values['id_newsletter'] = $params[0];
$values['name'] = $params[1];
$values['email'] = $params[2];
$values['status'] = 0;
$values['datetime'] = print_mysql_timestamp();
$values['validated'] = 0;
$check_id_newsletter = get_db_value("id", "tnewsletter", "id", $values['id_newsletter']);
$result = 0;
if (!empty($check_id_newsletter)) {
$result = process_sql_insert('tnewsletter_address', $values);
}
switch ($return_type) {
case "xml":
echo xml_node($result);
break;
case "csv":
echo $result;
break;
}
return;
}
function project_tree($id_project, $id_user)
{
include "../include/config.php";
$config["id_user"] = $id_user;
if (user_belong_project($id_user, $id_project) == 0) {
audit_db($id_user, $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to task manager of unauthorized project");
include $config["homedir"] . "/general/noaccess.php";
exit;
}
if ($id_project != -1) {
$project_name = get_db_value("name", "tproject", "id", $id_project);
} else {
$project_name = "";
}
$dotfilename = $config["homedir"] . "/attachment/tmp/{$id_user}.dot";
$pngfilename = $config["homedir"] . "/attachment/tmp/{$id_user}.project.png";
$dotfile = fopen($dotfilename, "w");
$total_task = 0;
$sql2 = "SELECT * FROM ttask WHERE id_project = {$id_project}";
if ($result2 = mysql_query($sql2)) {
while ($row2 = mysql_fetch_array($result2)) {
if (user_belong_task($id_user, $row2["id"]) == 1) {
$task[$total_task] = $row2["id"];
$task_name[$total_task] = $row2["name"];
$task_parent[$total_task] = $row2["id_parent_task"];
$task_workunit[$total_task] = get_task_workunit_hours($row2["id"]);
$total_task++;
}
}
}
fwrite($dotfile, "digraph Integria {\n");
fwrite($dotfile, "\t ranksep=2.0;\n");
fwrite($dotfile, "\t ratio=auto;\n");
fwrite($dotfile, "\t size=\"9,12\";\n");
fwrite($dotfile, "\t node[fontsize=" . $config['fontsize'] . "];\n");
fwrite($dotfile, ' project [label="' . wordwrap($project_name, 12, '\\n') . '",shape="ellipse", style="filled", color="grey"];' . "\n");
for ($ax = 0; $ax < $total_task; $ax++) {
fwrite($dotfile, 'TASK' . $task[$ax] . ' [label="' . wordwrap($task_name[$ax], 12, '\\n') . '"];');
fwrite($dotfile, "\n");
}
// Make project first parent task relation visible
for ($ax = 0; $ax < $total_task; $ax++) {
if ($task_parent[$ax] == 0) {
fwrite($dotfile, 'project -> TASK' . $task[$ax] . ';');
fwrite($dotfile, "\n");
}
}
// Make task-subtask parent task relation visible
for ($ax = 0; $ax < $total_task; $ax++) {
if ($task_parent[$ax] != 0) {
fwrite($dotfile, 'TASK' . $task_parent[$ax] . ' -> TASK' . $task[$ax] . ';');
fwrite($dotfile, "\n");
}
}
fwrite($dotfile, "}");
fwrite($dotfile, "\n");
// exec ("twopi -Tpng $dotfilename -o $pngfilename");
exec("twopi -Tpng {$dotfilename} -o {$pngfilename}");
Header('Content-type: image/png');
$imgPng = imageCreateFromPng($pngfilename);
imageAlphaBlending($imgPng, true);
imageSaveAlpha($imgPng, true);
imagePng($imgPng);
//unlink ($pngfilename);
//unlink ($dotfilename);
}
// Update
if ($update_object) {
$name = (string) get_parameter("name");
$icon = (string) get_parameter("icon");
$min_stock = (int) get_parameter("min_stock");
$description = (string) get_parameter("description");
$show_in_list = (int) get_parameter("show_in_list");
$sql = sprintf('UPDATE tobject_type SET name = "%s", icon = "%s", min_stock = %d,
description = "%s", show_in_list = %d WHERE id = %s', $name, $icon, $min_stock, $description, $show_in_list, $id);
$result = process_sql($sql);
if (!$result) {
echo "<h3 class='error'>" . __('Could not be updated') . "</h3>";
} else {
echo "<h3 class='suc'>" . __('Successfully updated') . "</h3>";
//insert_event ("PRODUCT UPDATED", $id, 0, $name);
audit_db($config["id_user"], $config["REMOTE_ADDR"], "Inventory Management", "Updated object {$id} - {$name}");
}
}
// Delete
if ($delete_object) {
// Move parent who has this product to 0
$sql = sprintf('DELETE FROM tobject_type_field WHERE id_object_type = %d', $id);
process_sql($sql);
$sql = sprintf('DELETE FROM tobject_type WHERE id = %d', $id);
$result = process_sql($sql);
if ($result) {
echo '<h3 class="suc">' . __("Successfully deleted") . '</h3>';
} else {
echo '<h3 class="error">' . __("Could not be deleted") . '</h3>';
}
$id = 0;
$id = 0;
$fullname = (string) get_parameter ('fullname');
$phone = (string) get_parameter ('phone');
$mobile = (string) get_parameter ('mobile');
$email = (string) get_parameter ('email');
$position = (string) get_parameter ('position');
$id_company = (int) get_parameter ('id_company');
$disabled = (int) get_parameter ('disabled');
$description = (string) get_parameter ('description');
$id_contract = (int) get_parameter ('id_contract');
if ($id_contract) {
$id_company = (int) get_db_value ('id_company', 'tcontract', 'id', $id_contract);
}
} else {
if (!$read_permission) {
audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation","Trying to access a contact in a group without access");
require ("general/noaccess.php");
exit;
}
$contact = get_db_row ("tcompany_contact", "id", $id);
$fullname = $contact['fullname'];
$phone = $contact['phone'];
$mobile = $contact['mobile'];
$email = $contact['email'];
$position = $contact['position'];
$id_company = $contact['id_company'];
$disabled = $contact['disabled'];
$description = $contact['description'];
}
$table = new stdClass();
echo "<li class='nomn'>";
echo "<a href='index.php?sec=incidents&sec2=operation/incidents/incident_files&id={$id_inc}'><img src='images/disk.png' class='top' border=0> " . __('Files') . " ({$file_number}) </a>";
echo "</li>";
}
// Notes
$note_number = dame_numero_notas($id_inc);
if ($note_number > 0) {
echo "<li class='nomn'>";
echo "<a href='index.php?sec=incidents&sec2=operation/incidents/incident_notes&id={$id_inc}'><img src='images/note.png' class='top' border=0> " . __('Notes') . " ({$note_number}) </a>";
echo "</li>";
}
echo "</ul>";
echo "</div>";
echo "<div style='height: 25px'> </div>";
} else {
audit_db($id_user, $REMOTE_ADDR, "ACL Violation", "Trying to access to ticket " . $id_inc . " '" . $titulo . "'");
include "general/noaccess.php";
exit;
}
// ********************************************************************
// Notes
// ********************************************************************
echo $result_msg;
echo "<br>";
$title = __('Notes attached to ticket') . " #{$id_inc} '" . get_incident_title($id_inc) . "'";
echo "<h3>{$title}</h3>";
$sql4 = 'SELECT * FROM tworkunit_incident WHERE id_incident = ' . $id_inc . ' ORDER BY id_workunit ASC';
if ($res4 = mysql_query($sql4)) {
while ($row4 = mysql_fetch_array($res4)) {
$sql3 = 'SELECT * FROM tworkunit WHERE id = ' . $row4["id_workunit"];
$res3 = mysql_query($sql3);
$start = get_parameter('start_date2', date("Y-m-d"));
$end = get_parameter('end_date2', date("Y-m-d"));
$owner = get_parameter('dueno');
if ($parent) {
$project_access = get_project_access($config["id_user"], $id_project);
if (!$project_access["manage"]) {
$task_access = get_project_access($config["id_user"], $id_project, $parent);
if (!$task_access["manage"]) {
audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to create tasks in an unauthorized project");
no_permission();
}
}
} else {
$project_access = get_project_access($config["id_user"], $id_project);
if (!$project_access["manage"]) {
audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to create tasks in an unauthorized project");
no_permission();
}
}
$data_array = preg_split("/\n/", $tasklist);
foreach ($data_array as $data_item) {
$data = trim($data_item);
if ($data != "") {
$sql = sprintf('INSERT INTO ttask (id_project, name, id_parent_task, start, end)
VALUES (%d, "%s", %d, "%s", "%s")', $id_project, safe_input($data), $parent, $start, $end);
$id_task = process_sql($sql, 'insert_id');
if ($id_task) {
$sql = sprintf("SELECT id_role FROM trole_people_project\n\t\t\t\t\t\t\t\t\tWHERE id_project = %d AND id_user = '******'", $id_project, $owner);
$id_role = process_sql($sql);
$role = $id_role[0]['id_role'];
$sql = sprintf('INSERT INTO trole_people_task (id_user, id_role, id_task)
$id_user_show = get_parameter ("id_user", $config["id_user"]);
if (($id_user_show != $config["id_user"]) AND (!give_acl($config["id_user"], 0, "PM"))){
// Doesn't have access to this page
audit_db($id_user, $config["REMOTE_ADDR"], "ACL Violation","Trying to access to another user yearly report without proper rights");
include ("general/noaccess.php");
exit;
}
// Extended ACL check for project manager
// TODO - Move to enteprrise, encapsulate in a general function
$users = get_user_visible_users();
if (($id_user_show == "") || (($id_user_show != $config["id_user"]) && !in_array($id_user_show, array_keys($users)))) {
audit_db("Noauth", $config["REMOTE_ADDR"], "No permission access", "Trying to access user workunit report");
require ("general/noaccess.php");
exit;
}
echo "<h2>".__('Annual report')."</h2>";
echo "<h4>".__('For user').": ". $id_user_show;
echo "<div id='button-bar-title'><ul>";
if ($clean_output == 0) {
// link full screen
if ($pure) {
$html_report_image = print_html_report_image ("index.php?sec=users&sec2=operation/user_report/report_annual&id_user=$id_user_show&year=$year",
__("Full screen"), "", array("pure" => 0));
}
exit;
}
$id_owner = get_db_value ('id_owner', 'tproject', 'id', $id_project);
$sql = sprintf ('UPDATE tproject SET disabled = 0 WHERE id = %d', $id_project);
process_sql ($sql);
echo ui_print_success_message (__('Successfully reactivated'), '', true, 'h3', true);
audit_db ($config['id_user'], $REMOTE_ADDR, "Project activated", "User ".$config['id_user']." activated project #".$id_project);
project_tracking ($id_project, PROJECT_ACTIVATED);
}
// Delete
if ($delete_project) {
if (!$project_permission['manage']) {
audit_db ($config['id_user'], $REMOTE_ADDR, "ACL Forbidden", "User ".$config['id_user']." try to delete project #$id_project");
require ("general/noaccess.php");
exit;
}
$id_owner = get_db_value ('id_owner', 'tproject', 'id', $id_project);
delete_project ($id_project);
echo ui_print_success_message (__('Successfully deleted'), '', true, 'h3', true);
}
if ($view_disabled) {
echo '<h2>'.__('Projects').'</h2>';
echo '<h4>'.__('Archived projects');
echo integria_help ("archieved_projects", true);
echo '</h4>';
}
// Integria 4.2 - http://integria.sourceforge.net
// ==================================================
// Copyright (c) 2007-2008 Sancho Lerena, slerena@gmail.com
// Copyright (c) 2007-2008 Artica Soluciones Tecnologicas
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; version 2
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
global $config;
check_login();
require_once 'include/functions_tags.php';
if (!dame_admin($config["id_user"])) {
audit_db("ACL Violation", $config["REMOTE_ADDR"], "No administrator access", "Trying to access setup");
require "general/noaccess.php";
exit;
}
echo "<h1>" . __("Tags management") . "</h1>";
// Tag info
$id = (int) get_parameter('id');
$name = (string) get_parameter('name');
$colour = (string) get_parameter('colour');
// Actions
$action = (string) get_parameter('action');
$create = $action === 'create';
$update = $action === 'update';
$delete = $action === 'delete';
if ($create || $update || $delete) {
$crud_operation = array();
$incident = get_db_row_sql('SELECT titulo, descripcion, epilog FROM tincidencia WHERE id_incidencia = ' . $id_incident);
if ($incident !== false) {
$title = $incident['titulo'];
$data = $incident['descripcion'] . "\n\n" . $incident['epilog'];
}
}
} else {
$id = get_parameter("update", -1);
$row = get_db_row("tkb_data", "id", $id);
$data = $row["data"];
$title = $row["title"];
$id_product = $row["id_product"];
$id_language = $row["id_language"];
$id_category = $row["id_category"];
if ($id != -1 && !check_kb_item_accessibility($id_user, $id)) {
audit_db($id_user, $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to KB forbidden item");
require "general/noaccess.php";
exit;
}
}
echo "<h2>" . __('KB Data management') . "</h2>";
if ($id == -1) {
echo "<h3>" . __('Create a new KB item') . "</a></h3>";
echo "<form id='form-kb_item' name=prodman method='post' action='index.php?sec=kb&sec2=operation/kb/manage_data&create2'>";
} else {
echo "<h3>" . __('Update existing KB item') . "</a></h3>";
echo "<form id='form-kb_item' enctype='multipart/form-data' name=prodman2 method='post' action='index.php?sec=kb&sec2=operation/kb/manage_data&update2'>";
echo "<input id='id_kb_item' type=hidden name=id value='{$id}'>";
}
echo '<table width="90%" class="databox">';
echo "<tr>";
global $config;
check_login ();
// Get parameters
$id_project = get_parameter ('id_project');
$id_task = get_parameter ('id_task', -1);
$project_manager = get_db_value ('id_owner', 'tproject', 'id', $id_project);
$operation = (string) get_parameter ('operation');
$title = get_parameter ("title", "");
$description = get_parameter ("description", "");
// ACL
$task_permission = get_project_access ($config["id_user"], $id_project, $id_task, false, true);
if (!$task_permission["manage"]) {
audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to task email report without permission");
no_permission();
}
if ($operation == "generate_email") {
$task_participants = get_db_all_rows_sql ("SELECT direccion, nombre_real FROM tusuario, trole_people_task WHERE tusuario.id_usuario = trole_people_task.id_user AND trole_people_task.id_task = $id_task");
$participants ="";
foreach ($task_participants as $participant){
$participant["direccion"];
$text = ascii_output ($description);
$subject = ascii_output ($title);
integria_sendmail ($participant["direccion"], $subject, $text);
}
echo ui_print_success_message (__("Operation successfully completed"), '', true, 'h3', true);
}
echo ui_print_error_message (__('Could not be updated'), '', true, 'h3', true);
else {
echo ui_print_success_message (__('Successfully updated'), '', true, 'h3', true);
audit_db ($config["id_user"], $config["REMOTE_ADDR"], "SLA Modified",
"Updated SLA ($name)", $sql);
}
$id = 0;
}
// DELETE
// ==================
if ($delete_sla) {
$name = get_db_value ('name', 'tsla', 'id', $id);
$sql = sprintf ('DELETE FROM tsla WHERE id = %d', $id);
$result = process_sql ($sql);
audit_db ($config["id_user"], $config["REMOTE_ADDR"], "SLA Deleted",
"Delete SLA ($name)", $sql);
echo ui_print_success_message (__("Successfully deleted"), '', true, 'h3', true);
$id = 0;
}
// FORM (Update / Create)
if ($id || $new_sla) {
if ($new_sla) {
$name = "";
$description = "";
$min_response = 48.0;
$max_response = 480.0;
$max_incidents = 10;
$max_inactivity = 96.0;
$id_sla_base = 0;
$enforced = 1;
// ========================================================
// Copyright (c) 2004-2007 Sancho Lerena, slerena@gmail.com
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation version 2
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// Load global vars
global $config;
if (check_login() != 0) {
audit_db("Noauth", $config["REMOTE_ADDR"], "No authenticated access", "Trying to access ticket viewer");
require "general/noaccess.php";
exit;
}
$id_nota = get_parameter("id", 0);
$id_incident = get_parameter("id_inc", 0);
// ********************************************************************
// Note detail of $id_note
// ********************************************************************
$sql4 = 'SELECT * FROM tnota WHERE id_nota = ' . $id_nota;
$res4 = mysql_query($sql4);
if ($row3 = mysql_fetch_array($res4)) {
echo "<div class='notetitle'>";
// titulo
$timestamp = $row3["timestamp"];
$nota = $row3["nota"];
SET description = "%s", name = "%s" WHERE id = %d', $description, $name, $id);
$result = process_sql($sql);
if ($result === false) {
echo '<h3 class="error">' . __('Building cannot be updated') . '</h3>';
} else {
echo '<h3 class="suc">' . __('Successfully updated') . '</h3>';
audit_db($config["id_user"], $config["REMOTE_ADDR"], "Building", "Updated building {$id} - {$name}");
}
$id = 0;
}
// DELETE
if ($delete_building) {
$name = get_db_value('name', 'tbuilding', 'id', $id);
$sql = sprintf('DELETE FROM tbuilding WHERE id = %d', $id);
process_sql($sql);
audit_db($config["id_user"], $config["REMOTE_ADDR"], "Building", "Deleted building {$id} - {$name}");
echo '<h3 class="suc">' . __('Successfully deleted') . '</h3>';
$id = 0;
}
echo '<h2>' . __('Building management') . '</h2>';
// FORM (Update / Create)
if ($id || $new_building) {
if ($new_building) {
$id = 0;
$name = "";
$description = "";
} else {
$building = get_db_row('tbuilding', 'id', $id);
$name = $building['name'];
$description = $building['description'];
}
// as published by the Free Software Foundation; version 2
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
global $config;
check_login();
if (!$id) {
audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to a lead forward");
include "general/noaccess.php";
exit;
}
$write_permission = check_crm_acl('lead', 'cw', $config['id_user'], $id);
$manage_permission = check_crm_acl('lead', 'cm', $config['id_user'], $id);
if (!$write_permission && !$manage_permission) {
audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to a lead forward");
include "general/noaccess.php";
exit;
}
$lead = get_db_row('tlead', 'id', $id);
$user = get_db_row("tusuario", "id_usuario", $config["id_user"]);
$company_user = get_db_sql("select name FROM tcompany where id = " . $user["id_company"]);
$from = get_parameter("from", $user["direccion"]);
$to = get_parameter("to", "");
$subject = get_parameter("subject", "");
$mail = get_parameter("mail", "");
$send = (int) get_parameter("send", 0);
$cco = get_parameter("cco", "");
// Send mail
if ($send) {
if ($subject != "" and $from != "" and $to != "") {
private function showNoPermission()
{
$system = System::getInstance();
audit_db($system->getConfig('id_user'), $REMOTE_ADDR, "ACL Violation", "Trying to access to workorder section");
$error['title_text'] = __('You don\'t have access to this page');
$error['content_text'] = __('Access to this page is restricted to
authorized users only, please contact to system administrator
if you need assistance. <br><br>Please know that all attempts
to access this page are recorded in security logs of Integria
System Database');
$home = new Home();
$home->show($error);
}