/** * presave functions are called before the session storage of tab data * is destroyed. It can be used to save this data to be used later in * the postsave function. */ function resource_presave() { global $other_resources; //check to see if we are in the post save list or if we need to query the session. $other_resources = dPgetParam($_POST, 'hresource_assign'); dprint(__FILE__, __LINE__, 5, "setting other resources to {$other_resources}"); }
function sendNewPass() { global $AppUI; $_live_site = dPgetConfig('base_url'); $_sitename = dPgetConfig('company_name'); // ensure no malicous sql gets past $checkusername = trim(dPgetParam($_POST, 'checkusername', '')); $checkusername = db_escape($checkusername); $confirmEmail = trim(dPgetParam($_POST, 'checkemail', '')); $confirmEmail = mb_strtolower(db_escape($confirmEmail)); $q = new DBQuery(); $q->addTable('users', 'u'); $q->addQuery('u.user_id'); $q->addWhere('user_username=\'' . $checkusername . '\' AND LOWER(contact_email)=\'' . $confirmEmail . '\''); $q->leftJoin('contacts', 'c', 'u.user_contact = c.contact_id'); if (!($user_id = $q->loadResult()) || !$checkusername || !$confirmEmail) { $AppUI->setMsg('Invalid username or email.', UI_MSG_ERROR); $AppUI->redirect(); } $newpass = makePass(); $message = $AppUI->_('sendpass0', UI_OUTPUT_RAW) . ' ' . $checkusername . ' ' . $AppUI->_('sendpass1', UI_OUTPUT_RAW) . ' ' . $_live_site . ' ' . $AppUI->_('sendpass2', UI_OUTPUT_RAW) . ' ' . $newpass . ' ' . $AppUI->_('sendpass3', UI_OUTPUT_RAW); $subject = "{$_sitename} :: " . $AppUI->_('sendpass4', UI_OUTPUT_RAW) . " - {$checkusername}"; $m = new Mail(); // create the mail $m->From("dotProject@" . dPgetConfig('site_domain')); $m->To($confirmEmail); $m->Subject($subject); $m->Body($message, isset($GLOBALS['locale_char_set']) ? $GLOBALS['locale_char_set'] : ""); // set the body $m->Send(); // send the mail $newpass = md5($newpass); $q->clear(); $q->addTable('users'); $q->addUpdate('user_password', $newpass, true); $q->addWhere('user_id=\'' . $user_id . '\''); $cur = $q->exec(); if (!$cur) { die('SQL error' . $database->stderr(true)); } else { $AppUI->setMsg('New User Password created and emailed to you'); $AppUI->redirect(); } }
function sendNewPass() { global $AppUI; $_live_site = dPgetConfig('base_url'); $_sitename = dPgetConfig('company_name'); // ensure no malicous sql gets past $checkusername = trim(dPgetParam($_POST, 'checkusername', '')); $checkusername = db_escape($checkusername); $confirmEmail = trim(dPgetParam($_POST, 'checkemail', '')); $confirmEmail = mb_strtolower(db_escape($confirmEmail)); $query = 'SELECT user_id FROM users LEFT JOIN contacts ON user_contact = contact_id' . " WHERE user_username='******' AND LOWER(contact_email)='{$confirmEmail}'"; if (!($user_id = db_loadResult($query)) || !$checkusername || !$confirmEmail) { $AppUI->setMsg('Invalid username or email.', UI_MSG_ERROR); $AppUI->redirect(); } $newpass = makePass(); $message = $AppUI->_('sendpass0', UI_OUTPUT_RAW) . ' ' . $checkusername . ' ' . $AppUI->_('sendpass1', UI_OUTPUT_RAW) . ' ' . $_live_site . ' ' . $AppUI->_('sendpass2', UI_OUTPUT_RAW) . ' ' . $newpass . ' ' . $AppUI->_('sendpass3', UI_OUTPUT_RAW); $subject = "{$_sitename} :: " . $AppUI->_('sendpass4', UI_OUTPUT_RAW) . " - {$checkusername}"; $m = new Mail(); // create the mail $m->From("dotProject@" . dPgetConfig('site_domain')); $m->To($confirmEmail); $m->Subject($subject); $m->Body($message, isset($GLOBALS['locale_char_set']) ? $GLOBALS['locale_char_set'] : ""); // set the body $m->Send(); // send the mail $newpass = md5($newpass); $sql = "UPDATE users SET user_password='******' WHERE user_id='{$user_id}'"; $cur = db_exec($sql); if (!$cur) { die('SQL error' . $database->stderr(true)); } else { $AppUI->setMsg('New User Password created and emailed to you'); $AppUI->redirect(); } }
if ($user_id && $m_orig == 'admin' && $a_orig == 'viewuser') { $q->addWhere('project_owner = ' . $user_id); } if ($showInactive != '1') { $q->addWhere('project_status != 7'); } $pjobj->setAllowedSQL($AppUI->user_id, $q, null, 'p'); $q->addGroup('p.project_id'); $q->addOrder('project_name, task_end_date DESC'); $projects = $q->loadList(); $q->clear(); // Don't push the width higher than about 1200 pixels, otherwise it may not display. $width = min(dPgetParam($_GET, 'width', 600), 1400); $start_date = dPgetParam($_GET, 'start_date', 0); $end_date = dPgetParam($_GET, 'end_date', 0); $showAllGantt = dPgetParam($_REQUEST, 'showAllGantt', '0'); //$showTaskGantt = dPgetParam($_GET, 'showTaskGantt', '0'); $graph = new GanttGraph($width); $graph->ShowHeaders(GANTT_HYEAR | GANTT_HMONTH | GANTT_HDAY | GANTT_HWEEK); $graph->SetFrame(false); $graph->SetBox(true, array(0, 0, 0), 2); $graph->scale->week->SetStyle(WEEKSTYLE_FIRSTDAY); $pLocale = setlocale(LC_TIME, 0); // get current locale for LC_TIME $res = @setlocale(LC_TIME, $AppUI->user_lang[0]); if ($res) { // Setting locale doesn't fail $graph->scale->SetDateLocale($AppUI->user_lang[0]); } setlocale(LC_TIME, $pLocale); if ($start_date && $end_date) {
<?php //$Id: do_task_assign_aed.php 5731 2008-06-06 23:02:31Z merlinyoda $ if (!defined('DP_BASE_DIR')) { die('You should not access this file directly.'); } $del = isset($_POST['del']) ? $_POST['del'] : 0; $rm = isset($_POST['rm']) ? $_POST['rm'] : 0; $hassign = @$_POST['hassign']; $htasks = @$_POST['htasks']; $store = dPgetParam($_POST, 'store', 0); $chUTP = dPgetParam($_POST, 'chUTP', 0); $percentage_assignment = dPgetParam($_POST, 'percentage_assignment'); $user_task_priority = dPgetParam($_POST, 'user_task_priority'); $user_id = @$_POST['user_id']; // prepare the percentage of assignment per user as required by CTask::updateAssigned() $hperc_assign_ar = array(); if (isset($hassign)) { $tarr = explode(',', $hassign); foreach ($tarr as $uid) { if (intval($uid) > 0) { $hperc_assign_ar[$uid] = $percentage_assignment; } } } // prepare a list of tasks to process $htasks_ar = array(); if (isset($htasks)) { $tarr = explode(',', $htasks); foreach ($tarr as $tid) { if (intval($tid) > 0) {
$q->addJoin('projects', 'p', 'p.project_id = t.task_project'); $q->addJoin('companies', 'c', 'p.project_company = c.company_id'); $q->addQuery('u.user_username, t.task_name, t.task_start_date, t.task_milestone' . ', ut.perc_assignment, t.task_end_date, t.task_dynamic' . ', p.project_color_identifier, p.project_name'); $q->addOrder('t.task_name, t.task_start_date, t.task_end_date, ut.perc_assignment'); $tasks = $q->loadList(); $q->clear(); $q->addTable('user_tasks', 'ut'); $q->innerJoin('users', 'u', 'u.user_id = ut.user_id'); $q->innerJoin('tasks', 't', 't.task_id = ut.task_id'); $q->addQuery('min(t.task_start_date) AS task_min_date, max(t.task_end_date) AS task_max_date'); $taskMinMax = $q->loadList(); $q->clear(); $width = dPgetParam($_GET, 'width', 600); $start_date = dPgetParam($_GET, 'start_date', 0); $end_date = dPgetParam($_GET, 'end_date', 0); $showTaskGantt = dPgetParam($_GET, 'showTaskGantt', 0); $graph2 = new GanttGraph($width); $graph2->ShowHeaders(GANTT_HYEAR | GANTT_HMONTH | GANTT_HDAY | GANTT_HWEEK); $graph2->SetFrame(false); $graph2->SetBox(true, array(0, 0, 0), 2); $graph2->scale->week->SetStyle(WEEKSTYLE_FIRSTDAY); $pLocale = setlocale(LC_TIME, 0); // get current locale for LC_TIME $res = @setlocale(LC_TIME, $AppUI->user_lang[2]); if ($res) { // Setting locale doesn't fail $graph->scale->SetDateLocale($AppUI->user_lang[2]); } setlocale(LC_TIME, $pLocale); if ($start_date && $end_date) { $graph2->SetDateRange($start_date, $end_date);
<?php /* FILES $Id: index.php 6149 2012-01-09 11:58:40Z ajdonnison $ */ if (!defined('DP_BASE_DIR')) { die('You should not access this file directly.'); } $AppUI->savePlace(); // "File" filters info $AppUI->setState('FileIdxTab', (int) dPgetParam($_GET, 'tab')); $tab = $AppUI->getState('FileIdxTab', 0); $active = intval(!$AppUI->getState('FileIdxTab')); // to pass to "new file" button $folder = intval(dPgetParam($_GET, 'folder', 0)); // "Project" filters info require_once $AppUI->getModuleClass('projects'); // retrieve any state parameters if (isset($_REQUEST['project_id'])) { $AppUI->setState('FileIdxProject', $_REQUEST['project_id']); } $project_id = $AppUI->getState('FileIdxProject', 0); /* * get "Allowed" projects for filter list * ("All" is always allowed when basing permission on projects) */ $project = new CProject(); $extra = array('from' => 'files', 'where' => 'project_id = file_project'); $projects = $project->getAllowedRecords($AppUI->user_id, 'project_id,project_name', 'project_name', null, $extra); $projects = arrayMerge(array('0' => $AppUI->_('All', UI_OUTPUT_RAW)), $projects); // get SQL for allowed projects/tasks and folders $task = new CTask(); $allowedProjects = $project->getAllowedSQL($AppUI->user_id, 'file_project');
global $AppUI, $project_id, $task_id, $deny, $canRead, $canEdit, $dPconfig, $cfObj, $m, $obj; require_once $AppUI->getModuleClass('files'); global $allowed_folders_ary, $denied_folders_ary, $limited; $cfObj = new CFileFolder(); $allowed_folders_ary = $cfObj->getAllowedRecords($AppUI->user_id); $denied_folders_ary = $cfObj->getDeniedRecords($AppUI->user_id); $limited = count($allowed_folders_ary) < $cfObj->countFolders() ? true : false; if (!$limited) { $canEdit = true; } else { if ($limited && array_key_exists($folder, $allowed_folders_ary)) { $canEdit = true; } else { $canEdit = false; } } $showProject = false; $project_id = $obj->task_project; if (getPermission('files', 'edit')) { echo '<a href="?m=files&a=addedit&project_id=' . $project_id . '&file_task=' . $task_id . '">' . $AppUI->_('Attach a file') . '</a>'; echo dPshowImage(dPfindImage('stock_attach-16.png', $m), 16, 16, ''); } $canAccess_folders = getPermission('file_folders', 'access'); if ($canAccess_folders) { $folder = (int) dPgetParam($_GET, 'folder', 0); require DP_BASE_DIR . '/modules/files/folders_table.php'; } else { if (getPermission('files', 'view')) { require DP_BASE_DIR . '/modules/files/index_table.php'; } }
<?php /* PROJECTS $Id: view.php,v 1.94.4.11 2007/08/10 00:30:31 merlinyoda Exp $ */ if (!defined('DP_BASE_DIR')) { die('You should not access this file directly.'); } $project_id = intval(dPgetParam($_GET, "project_id", 0)); // check permissions for this record $perms =& $AppUI->acl(); $canRead = $perms->checkModuleItem($m, 'view', $project_id); $canEdit = $perms->checkModuleItem($m, 'edit', $project_id); $canEditT = $perms->checkModule('tasks', 'add'); if (!$canRead) { $AppUI->redirect("m=public&a=access_denied"); } // retrieve any state parameters if (isset($_GET['tab'])) { $AppUI->setState('ProjVwTab', $_GET['tab']); } $tab = $AppUI->getState('ProjVwTab') !== NULL ? $AppUI->getState('ProjVwTab') : 0; // check if this record has dependencies to prevent deletion $msg = ''; $obj = new CProject(); // Now check if the proect is editable/viewable. $denied = $obj->getDeniedRecords($AppUI->user_id); if (in_array($project_id, $denied)) { $AppUI->redirect("m=public&a=access_denied"); } $canDelete = $obj->canDelete($msg, $project_id); // get critical tasks (criteria: task_end_date) $criticalTasks = $project_id > 0 ? $obj->getCriticalTasks($project_id) : NULL;
<?php /* CONTACTS $Id: view.php 6200 2013-01-15 06:24:08Z ajdonnison $ */ if (!defined('DP_BASE_DIR')) { die('You should not access this file directly.'); } $contact_id = intval(dPgetParam($_GET, 'contact_id', 0)); $AppUI->savePlace(); // load the record data $msg = ''; $row = new CContact(); $canDelete = $row->canDelete($msg, $contact_id); // Don't allow to delete contacts, that have a user associated to them. $q = new DBQuery(); $q->addTable('users'); $q->addQuery('user_id'); $q->addWhere('user_contact = ' . $contact_id); $sql = $q->prepare(); $q->clear(); $tmp_user = db_loadResult($sql); if (!empty($tmp_user)) { $canDelete = false; } $canEdit = getPermission($m, 'edit', $contact_id); if (!$row->load($contact_id) && $contact_id > 0) { $AppUI->setMsg('Contact'); $AppUI->setMsg('invalidID', UI_MSG_ERROR, true); $AppUI->redirect(); } else { if ($row->contact_private && $row->contact_owner != $AppUI->user_id && $row->contact_owner && $contact_id != 0) { $AppUI->redirect('m=public&a=access_denied');
$filter = "dept_company = " . $_GET["company_id"]; $additional_get_information = "company_id=" . $_GET["company_id"]; break; } $q = new DBQuery(); $q->addTable($table_name); $q->addQuery("{$id_field}, {$name_field}"); if ($filter != null) { $q->addWhere($filter); } $q->addOrder($name_field); $company_list = array("0" => "") + $q->loadHashList(); ?> <?php if (dPgetParam($_POST, $id_field, 0) != 0) { $q = new DBQuery(); $q->addTable($table_name); $q->addQuery('*'); $q->addWhere("{$id_field}=" . $_POST[$id_field]); $sql = $q->prepare(); $q->clear(); db_loadHash($sql, $r_data); $data_update_script = ""; $update_address = isset($_POST["overwrite_address"]); if ($table_name == "companies") { $update_fields = array(); if ($update_address) { $update_fields = array("company_address1" => "contact_address1", "company_address2" => "contact_address2", "company_city" => "contact_city", "company_state" => "contact_state", "company_zip" => "contact_zip", "company_phone1" => "contact_phone", "company_phone2" => "contact_phone2", "company_fax" => "contact_fax"); } $data_update_script = "opener.setCompany('" . $_POST[$id_field] . "', '" . db_escape($r_data[$name_field]) . "');\n";
<?php if (!defined('DP_BASE_DIR')) { die('You should not access this file directly.'); } $show_all = (int) dPgetParam($_REQUEST, 'show_all', 0); $company_id = (int) dPgetParam($_REQUEST, 'company_id', 0); $contact_id = (int) dPgetParam($_POST, 'contact_id', 0); $call_back = dPgetCleanParam($_GET, 'call_back', null); $contacts_submited = (int) dPgetParam($_POST, 'contacts_submited', 0); $selected_contacts_id = dPgetCleanParam($_GET, 'selected_contacts_id', ''); if (dPgetParam($_POST, 'selected_contacts_id')) { $selected_contacts_id = dPgetCleanParam($_POST, 'selected_contacts_id'); } ?> <script language="javascript"> function setContactIDs (method,querystring) { var URL = 'index.php?m=public&a=contact_selector'; var field = document.getElementsByName('contact_id[]'); var selected_contacts_id = document.frmContactSelect.selected_contacts_id; var currentIDstring = selected_contacts_id.value.toString(); var currentIDs = currentIDstring.split(','); var addkeepIDs = new Array(); var dropIDs = new Array(); var resultIDs = new Array(); var i = 0; var j = 0; var flag = 0;
} global $AppUI, $project_id, $deny, $canRead, $canEdit, $dPconfig, $cfObj, $m; require_once $AppUI->getModuleClass('files'); global $allowed_folders_ary, $denied_folders_ary, $limited; $cfObj = new CFileFolder(); $allowed_folders_ary = $cfObj->getAllowedRecords($AppUI->user_id); $denied_folders_ary = $cfObj->getDeniedRecords($AppUI->user_id); $limited = count($allowed_folders_ary) < $cfObj->countFolders() ? true : false; if (!$limited) { $canEdit = true; } else { if ($limited && array_key_exists($folder, $allowed_folders_ary)) { $canEdit = true; } else { $canEdit = false; } } $showProject = false; if (getPermission('files', 'edit')) { echo '<a href="?m=files&a=addedit&project_id=' . $project_id . '">' . $AppUI->_('Attach a file') . '</a>'; echo dPshowImage(dPfindImage('stock_attach-16.png', $m), 16, 16, ''); } $canAccess_folders = getPermission('file_folders', 'access'); if ($canAccess_folders) { $folder = dPgetParam($_GET, 'folder', 0); require DP_BASE_DIR . '/modules/files/folders_table.php'; } else { if (getPermission('files', 'view')) { require DP_BASE_DIR . '/modules/files/index_table.php'; } }
if (!$project_id) { $showProject = true; } // get company to filter files by //if (isset( $_POST['company_id'] )) { // $AppUI->setState( 'FileIdxCompany', intval( $_POST['company_id'] ) ); //} //$company_id = $AppUI->getState( 'FileIdxCompany' ) !== NULL ? $AppUI->getState( 'FileIdxCompany' ) : $AppUI->user_company; if (!isset($company_id)) { $company_id = dPgetParam($_REQUEST, 'company_id', 0); } $obj = new CCompany(); $allowed_companies_ary = $obj->getAllowedRecords($AppUI->user_id, 'company_id,company_name', 'company_name'); $allowed_companies = implode(",", array_keys($allowed_companies_ary)); if (!isset($task_id)) { $task_id = dPgetParam($_REQUEST, 'task_id', 0); } global $xpg_min, $xpg_pagesize; $xpg_pagesize = 30; $xpg_min = $xpg_pagesize * ($page - 1); // This is where we start our record set from // load the following classes to retrieved denied records include_once $AppUI->getModuleClass('projects'); include_once $AppUI->getModuleClass('tasks'); $project = new CProject(); $deny1 = $project->getDeniedRecords($AppUI->user_id); $task = new CTask(); $deny2 = $task->getDeniedRecords($AppUI->user_id); global $file_types; $file_types = dPgetSysVal("FileType"); $folder = $folder ? $folder : 0;
<?php /* CONTACTS $Id: do_contact_aed.php 5872 2009-04-25 00:09:56Z merlinyoda $ */ if (!defined('DP_BASE_DIR')) { die('You should not access this file directly.'); } $obj = new CContact(); $msg = ''; if (!$obj->bind($_POST)) { $AppUI->setMsg($obj->getError(), UI_MSG_ERROR); $AppUI->redirect(); } $del = dPgetParam($_POST, 'del', 0); // prepare (and translate) the module name ready for the suffix $AppUI->setMsg('Contact'); if ($del) { if ($msg = $obj->delete()) { $AppUI->setMsg($msg, UI_MSG_ERROR); $AppUI->redirect(); } else { $AppUI->setMsg("deleted", UI_MSG_ALERT, true); $AppUI->redirect("m=contacts"); } } else { $isNotNew = @$_POST['contact_id']; if ($msg = $obj->store()) { $AppUI->setMsg($msg, UI_MSG_ERROR); } else { $AppUI->setMsg($isNotNew ? 'updated' : 'added', UI_MSG_OK, true); } $AppUI->redirect();
<?php /* FORUMS $Id: view_pdf.php 6149 2012-01-09 11:58:40Z ajdonnison $ */ if (!defined('DP_BASE_DIR')) { die('You should not call this file directly.'); } $AppUI->savePlace(); $sort = dPgetCleanParam($_REQUEST, 'sort', 'asc'); $forum_id = (int) dPgetParam($_REQUEST, 'forum_id', 0); $message_id = (int) dPgetParam($_REQUEST, 'message_id', 0); if (!getPermission('forums', 'view', $message_id)) { $AppUI->redirect("m=public&a=access_denied"); } $q = new DBQuery(); $q->addTable('forums'); $q->addTable('forum_messages', 'msg'); $q->addQuery('msg.*, contact_first_name, contact_last_name, contact_email, user_username, forum_moderated, visit_user'); $q->addJoin('forum_visits', 'v', "visit_user = {$AppUI->user_id} AND visit_forum = {$forum_id} AND visit_message = msg.message_id"); $q->addJoin('users', 'u', 'message_author = u.user_id'); $q->addJoin('contacts', 'con', 'contact_id = user_contact'); $q->addWhere("forum_id = message_forum AND (message_id = {$message_id} OR message_parent = {$message_id})"); if (dPgetConfig('forum_descendent_order') || dPgetCleanParam($_REQUEST, 'sort', 0)) { $q->addOrder("message_date {$sort}"); } $messages = $q->loadList(); $x = false; $date = new CDate(); $pdfdata = array(); $pdfhead = array('Date', 'User', 'Message'); $new_messages = array();
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ // one site for both adding and editing timesheet's log items // besides the following lines show the possiblities of the dPframework // retrieve GET-Parameters via dPframework // please always use this way instead of hard code (e.g. there have been some problems with REGISTER_GLOBALS=OFF with hard code) global $AppUI, $user_id, $percent; $user_id = $AppUI->user_id; $task_log_id = intval(dPgetParam($_GET, "task_log_id", 0)); $task_log_name = intval(dPgetParam($_GET, "task_log_name", 0)); // check permissions for this record $canEdit = !getDenyEdit($m, $task_log_id); if (!$canEdit) { $AppUI->redirect("m=public&a=access_denied"); } // use the object oriented design of dP for loading the log that should be edited // therefore create a new instance of the Timesheet Class $obj = new CTimesheet(); $df = $AppUI->getPref('SHDATEFORMAT'); // pull users // pull users $q = new DBQuery(); $q->addTable('tasks', 't'); $q->addTable('projects', 'p'); $q->addTable('user_tasks', 'u');
<?php /* FORUMS $Id: post_message.php 5541 2007-11-25 22:31:12Z ajdonnison $ */ if (!defined('DP_BASE_DIR')) { die('You should not access this file directly.'); } // Add / Edit forum $message_id = isset($_GET['message_id']) ? $_GET['message_id'] : 0; $message_parent = isset($_GET['message_parent']) ? $_GET['message_parent'] : -1; $forum_id = dPgetParam($_REQUEST, 'forum_id', 0); // Build a back-url for when the back button is pressed $back_url_params = array(); foreach ($_GET as $k => $v) { if ($k != 'post_message') { $back_url_params[] = "{$k}={$v}"; } } $back_url = implode('&', $back_url_params); //Pull forum information $q = new DBQuery(); $q->addTable('forums'); $q->addTable('projects'); $q->addQuery('forum_name, forum_owner, forum_moderated, project_name, project_id'); $q->addWhere("forums.forum_id = {$forum_id}"); $q->addWhere('forums.forum_project = projects.project_id'); $res = $q->exec(); $forum_info = $q->fetchRow(); $q->clear(); echo db_error(); //pull message information $q = new DBQuery();
<?php if (!defined('DP_BASE_DIR')) { die('You should not access this file directly.'); } $AppUI->savePlace(); $do_report = (bool) dPgetParam($_POST, 'do_report', true); $log_start_date = dPgetCleanParam($_POST, 'log_start_date', 0); $log_end_date = dPgetCleanParam($_POST, 'log_end_date', 0); $log_all = (bool) dPgetParam($_POST, 'log_all', true); $use_period = (int) dPgetParam($_POST, 'use_period', 0); $show_orphaned = (int) dPgetParam($_POST, 'show_orphaned', 0); $display_week_hours = (int) dPgetParam($_POST, 'display_week_hours', 0); $max_levels = dPgetCleanParam($_POST, 'max_levels', ''); $log_userfilter = (int) dPgetParam($_POST, 'log_userfilter', 0); $company_id = dPgetCleanParam($_POST, 'company_id', 'all'); $project_id = dPgetCleanParam($_POST, 'project_id', 'all'); require_once $AppUI->getModuleClass('projects'); require_once $AppUI->getModuleClass('tasks'); $proj = new CProject(); // filtering by companies $projects = $proj->getAllowedRecords($AppUI->user_id, 'project_id,project_name', 'project_name'); $projFilter = arrayMerge(array('all' => $AppUI->_('All Projects')), $projects); $durnTypes = dPgetSysVal('TaskDurationType'); $taskPriority = dPgetSysVal('TaskPriority'); // create Date objects from the datetime fields $start_date = intval($log_start_date) ? new CDate($log_start_date) : new CDate(); $end_date = intval($log_end_date) ? new CDate($log_end_date) : new CDate(); $now = new CDate(); if (!$log_start_date) { $start_date->subtractSpan(new Date_Span('14,0,0,0'));
<?php /* RESOURCES $Id: do_resource_aed.php 6149 2012-01-09 11:58:40Z ajdonnison $ */ if (!defined('DP_BASE_DIR')) { die('You should not access this file directly.'); } $del = (int) dPgetParam($_POST, 'del', 0); $obj = new CResource(); $msg = ''; if (!$obj->bind($_POST)) { $AppUI->setMsg($obj->getError(), UI_MSG_ERROR); $AppUI->redirect(); } $AppUI->setMsg('Resource'); if ($del) { if (!$obj->canDelete($msg)) { $AppUI->setMsg($msg, UI_MSG_ERROR); $AppUI->redirect(); } if ($msg = $obj->delete()) { $AppUI->setMsg($msg, UI_MSG_ERROR); $AppUI->redirect(); } else { $AppUI->setMsg('deleted', UI_MSG_ALERT, true); $AppUI->redirect('', -1); } } else { if ($msg = $obj->store()) { $AppUI->setMsg($msg, UI_MSG_ERROR); } else { $AppUI->setMsg($_POST['resource_id'] ? 'updated' : 'added', UI_MSG_OK, true);
<?php /* FILES $Id: index.php 6038 2010-10-03 05:49:01Z ajdonnison $ */ if (!defined('DP_BASE_DIR')) { die('You should not access this file directly.'); } $AppUI->savePlace(); // retrieve any state parameters if (isset($_REQUEST['project_id'])) { $AppUI->setState('LinkIdxProject', intval($_REQUEST['project_id'])); } $project_id = $AppUI->getState('LinkIdxProject') !== NULL ? $AppUI->getState('LinkIdxProject') : 0; if (dPgetParam($_GET, 'tab', -1) != -1) { $AppUI->setState('LinkIdxTab', intval(dPgetParam($_GET, 'tab'))); } $tab = $AppUI->getState('LinkIdxTab') !== NULL ? $AppUI->getState('LinkIdxTab') : 0; $active = intval(!$AppUI->getState('LinkIdxTab')); require_once $AppUI->getModuleClass('projects'); // get the list of visible companies $extra = array('from' => 'links', 'where' => 'project_id = link_project'); $project = new CProject(); $projects = $project->getAllowedRecords($AppUI->user_id, 'project_id,project_name', 'project_name', null, $extra); $projects = arrayMerge(array('0' => $AppUI->_('All', UI_OUTPUT_JS)), $projects); // setup the title block $titleBlock = new CTitleBlock('Links', 'folder5.png', $m, "{$m}.{$a}"); $titleBlock->addCell($AppUI->_('Search') . ':'); $titleBlock->addCell('<input type="text" class="text" size="10" name="search" onchange="javascript:document.searchfilter.submit();" value=' . "'{$search}'" . 'title="' . $AppUI->_('Search in name and description fields', UI_OUTPUT_JS) . '"/>', '', '<form action="?m=links" method="post" id="searchfilter">', '</form>'); $titleBlock->addCell($AppUI->_('Filter') . ':'); $titleBlock->addCell(arraySelect($projects, 'project_id', 'onchange="javascript:document.pickProject.submit()" size="1" class="text"', $project_id), '', '<form name="pickProject" action="?m=links" method="post">', '</form>'); if ($canEdit) { $titleBlock->addCell('<input type="submit" class="button" value="' . $AppUI->_('new link') . '" />', '', '<form action="?m=links&a=addedit" method="post">', '</form>');
function notifyOwner() { $q = new DBQuery(); global $AppUI, $locale_char_set; $q->addTable('projects'); $q->addQuery('project_name'); $q->addWhere('project_id=' . $this->task_project); $sql = $q->prepare(); $q->clear(); $projname = htmlspecialchars_decode(db_loadResult($sql)); $mail = new Mail(); $mail->Subject($projname . '::' . $this->task_name . ' ' . $AppUI->_($this->_action, UI_OUTPUT_RAW), $locale_char_set); // c = creator // a = assignee // o = owner $q->addTable('tasks', 't'); $q->leftJoin('user_tasks', 'u', 'u.task_id = t.task_id'); $q->leftJoin('users', 'o', 'o.user_id = t.task_owner'); $q->leftJoin('contacts', 'oc', 'oc.contact_id = o.user_contact'); $q->leftJoin('users', 'c', 'c.user_id = t.task_creator'); $q->leftJoin('contacts', 'cc', 'cc.contact_id = c.user_contact'); $q->leftJoin('users', 'a', 'a.user_id = u.user_id'); $q->leftJoin('contacts', 'ac', 'ac.contact_id = a.user_contact'); $q->addQuery('t.task_id, cc.contact_email as creator_email' . ', cc.contact_first_name as creator_first_name' . ', cc.contact_last_name as creator_last_name' . ', oc.contact_email as owner_email' . ', oc.contact_first_name as owner_first_name' . ', oc.contact_last_name as owner_last_name' . ', a.user_id as assignee_id, ac.contact_email as assignee_email' . ', ac.contact_first_name as assignee_first_name' . ', ac.contact_last_name as assignee_last_name'); $q->addWhere(' t.task_id = ' . $this->task_id); $sql = $q->prepare(); $q->clear(); $users = db_loadList($sql); if (count($users)) { $body = $AppUI->_('Project', UI_OUTPUT_RAW) . ': ' . $projname . "\n" . $AppUI->_('Task', UI_OUTPUT_RAW) . ': ' . $this->task_name . "\n" . $AppUI->_('URL', UI_OUTPUT_RAW) . ': ' . DP_BASE_URL . '/index.php?m=tasks&a=view&task_id=' . $this->task_id . "\n\n" . $AppUI->_('Description', UI_OUTPUT_RAW) . ': ' . "\n" . $this->task_description . "\n\n" . $AppUI->_('Creator', UI_OUTPUT_RAW) . ': ' . $AppUI->user_first_name . ' ' . $AppUI->user_last_name . "\n\n" . $AppUI->_('Progress', UI_OUTPUT_RAW) . ': ' . $this->task_percent_complete . '%' . "\n\n" . dPgetParam($_POST, 'task_log_description'); $mail->Body($body, isset($GLOBALS['locale_char_set']) ? $GLOBALS['locale_char_set'] : ''); $mail->From('"' . $AppUI->user_first_name . ' ' . $AppUI->user_last_name . '" <' . $AppUI->user_email . '>'); } if ($mail->ValidEmail($users[0]['owner_email'])) { $mail->To($users[0]['owner_email'], true); $mail->Send(); } return ''; }
<?php if (!defined('DP_BASE_DIR')) { die('You should not access this file directly.'); } // Copyright 2004 Adam Donnison <*****@*****.**> $resource_id = intval(dPgetParam($_GET, 'resource_id', null)); $canDelete = getPermission('resources', 'delete', $resource_id); $canView = getPermission('resources', 'view', $resource_id); if (!$resource_id && !getPermission('resources', 'add') || !$canView || !$canEdit) { $AppUI->redirect('m=public&a=access_denied'); } $obj = new CResource(); if ($resource_id && !$obj->load($resource_id)) { $AppUI->setMsg('Resource'); $AppUI->setMsg('invalidID', UI_MSG_ERROR, true); $AppUI->redirect(); } $titleBlock = new CTitleBlock($resource_id ? 'Edit Resource' : 'Add Resource', 'helpdesk.png', $m, "{$m}.{$a}"); $titleBlock->addCrumb('?m=resources', 'resource list'); if ($resource_id) { $titleBlock->addCrumb("?m=resources&a=view&resource_id={$resource_id}", 'view this resource'); } $titleBlock->show(); $typelist = $obj->typeSelect(); ?> <form name="editfrm" action="?m=resources" method="post"> <input type="hidden" name="dosql" value="do_resource_aed" /> <input type="hidden" name="resource_id" value="<?php echo dPformSafe($resource_id); ?>
/* FORUMS $Id$ */ if (!defined('DP_BASE_DIR')) { die('You should not access this file directly.'); } // Add / Edit forum $forum_id = intval(dPgetParam($_GET, 'forum_id', 0)); $forum_project = intval(dPgetParam($_GET, 'forum_project', 0)); // check permissions for this record $canEdit = getPermission($m, 'edit', $forum_id); if (!$canEdit || !$canAuthor) { $AppUI->redirect("m=public&a=access_denied"); } // load the companies class to retrieved denied projects require_once $AppUI->getModuleClass('projects'); $forum_id = intval(dPgetParam($_GET, 'forum_id', 0)); //Pull forum information $q = new DBQuery(); $q->addTable('forums'); $q->addWhere("forums.forum_id = {$forum_id}"); $res = $q->exec(); echo db_error(); $forum_info = db_fetch_assoc($res); $status = isset($forum_info["forum_status"]) ? $forum_info["forum_status"] : -1; // get any project records denied from viewing $projObj = new CProject(); //Pull project Information $q = new DBQuery(); $q->addTable('projects'); $q->addQuery('project_id, project_name'); $q->addWhere('project_status <> 7');
f.submit(); } </script> <?php } // get the prefered date format $df = $AppUI->getPref('SHDATEFORMAT'); $reports = $AppUI->readFiles(dPgetConfig('root_dir') . "/modules/projects/reports", "\\.php\$"); // setup the title block if (!$suppressHeaders) { $titleBlock = new CTitleBlock('Project Reports'); $titleBlock->addButton("projects list", 'index.php?m=projects'); $titleBlock->show(); } $report_type_var = dPgetParam($_GET, 'report_type', ''); if (!empty($report_type_var)) { $report_type_var = '&report_type=' . $report_type; } $title_ext = ''; if ($report_type != '') { $rfx = DP_BASE_DIR . "/modules/projects/reports/" . $report_type . '.' . $AppUI->user_locale . '.txt'; if (file_exists($rfx)) { $ds = file($rfx); $title_ext = ' - ' . $ds[0]; } } if (!$suppressHeaders) { if (!isset($display_project_name)) { $display_project_name = $AppUI->_('All'); }
<?php /* FILES $Id: index.php,v 1.33 2005/02/22 03:17:13 cyberhorse Exp $ */ $AppUI->savePlace(); // retrieve any state parameters if (isset($_REQUEST['project_id'])) { $AppUI->setState('FileIdxProject', $_REQUEST['project_id']); } $project_id = $AppUI->getState('FileIdxProject', 0); if (dPgetParam($_GET, 'tab', -1) != -1) { $AppUI->setState('FileIdxTab', dPgetParam($_GET, 'tab')); } $tab = $AppUI->getState('FileIdxTab', 0); $active = intval(!$AppUI->getState('FileIdxTab')); require_once $AppUI->getModuleClass('projects'); // get the list of visible companies $extra = array('from' => 'files', 'where' => 'project_id = file_project'); $project = new CProject(); $projects = $project->getAllowedRecords($AppUI->user_id, 'project_id,project_name', 'project_name', null, $extra); $allowedProjects = array_keys($projects); $projects = arrayMerge(array('0' => $AppUI->_('All', UI_OUTPUT_RAW)), $projects); // setup the title block $titleBlock = new CTitleBlock('Files', 'folder5.png', $m, "{$m}.{$a}"); $titleBlock->addCell($AppUI->_('Filter') . ':'); $titleBlock->addCell(arraySelect($projects, 'project_id', 'onChange="document.pickProject.submit()" size="1" class="text"', $project_id), '', '<form name="pickProject" action="?m=files" method="post">', '</form>'); if ($canEdit) { $titleBlock->addCell('<input type="submit" class="button" value="' . $AppUI->_('new file') . '">', '', '<form action="?m=files&a=addedit" method="post">', '</form>'); } $titleBlock->show(); $file_types = dPgetSysVal("FileType"); if ($tab != -1) {
// prepare (and translate) the module name ready for the suffix if ($del) { $project_id = dPgetParam($_POST, 'project_id', 0); $canDelete = $obj->canDelete($msg, $project_id); if (!$canDelete) { $AppUI->setMsg($msg, UI_MSG_ERROR); $AppUI->redirect(); } if ($msg = $obj->delete()) { $AppUI->setMsg($msg, UI_MSG_ERROR); $AppUI->redirect(); } else { $AppUI->setMsg("Project deleted", UI_MSG_ALERT); $AppUI->redirect("m=projects"); } } else { if ($msg = $obj->store()) { $AppUI->setMsg($msg, UI_MSG_ERROR); } else { $isNotNew = @$_POST['project_id']; if ($importTask_projectId = dPgetParam($_POST, 'import_tasks_from', '0')) { $obj->importTasks($importTask_projectId); } $AppUI->setMsg($isNotNew ? 'Project updated' : 'Project inserted', UI_MSG_OK, true); $custom_fields = new CustomFields($m, 'addedit', $obj->project_id, "edit"); $custom_fields->bind($_POST); $sql = $custom_fields->store($obj->project_id); // Store Custom Fields } $AppUI->redirect(); }
$title = $AppUI->_($ticket_type) . " " . $AppUI->_('to Ticket') . " #{$ticket_parent}"; $fields = array("headings" => array("From", "To", "Subject", "Date", "Cc", "<br />"), "columns" => array("author", "recipient", "subject", "timestamp", "cc", "body"), "types" => array("email", "original_author", "normal", "elapsed_date", "email", "body")); } else { if ($ticket_type == "Staff Comment") { $title = $AppUI->_($ticket_type) . " " . $AppUI->_('to Ticket') . " #{$ticket_parent}"; $fields = array("headings" => array("From", "Date", "<br />"), "columns" => array("author", "timestamp", "body"), "types" => array("email", "elapsed_date", "body")); } else { $title = $AppUI->_('Ticket') . " #{$ticket}"; $fields = array('headings' => array('From', 'Subject', 'Date', 'Cc', 'Status', 'Priority', 'Owner', 'Company', 'Project', '<br />'), 'columns' => array('author', 'subject', 'timestamp', 'cc', 'type', 'priority', 'assignment', 'ticket_company', 'ticket_project', 'body'), 'types' => array('email', 'normal', 'elapsed_date', 'email', 'status', 'priority_select', 'assignment', 'ticket_company', 'ticket_project', 'body')); } } /* perform updates */ $orig_assignment = dPgetParam($_POST, 'orig_assignment', ''); $author = dPgetParam($_POST, 'author', ''); $priority = dPgetParam($_POST, 'priority', ''); $subject = dPgetParam($_POST, 'subject', ''); if (@$type_toggle || @$priority_toggle || @$assignment_toggle) { do_query("UPDATE tickets SET type = '{$type_toggle}', priority = '{$priority_toggle}', assignment = '{$assignment_toggle}' WHERE ticket = '{$ticket}'"); //Emailing notifications. $change = ' '; if ($type_toggle) { $change .= $AppUI->_('Status changed') . ' '; } if ($priority_toggle) { $change .= $AppUI->_('Priority changed') . ' '; } if ($assignment_toggle) { $change .= $AppUI->_('Assignment changed') . ' '; } $boundary = "_lkqwkASDHASK89271893712893"; $message = "--{$boundary}\n";
<?php /* COMPANIES $Id: addedit.php 4800 2007-03-06 00:34:46Z merlinyoda $ */ if (!defined('DP_BASE_DIR')) { die('You should not access this file directly.'); } $company_id = intval(dPgetParam($_GET, "company_id", 0)); // check permissions for this company $perms =& $AppUI->acl(); // If the company exists we need edit permission, // If it is a new company we need add permission on the module. if ($company_id) { $canEdit = $perms->checkModuleItem($m, "edit", $company_id); } else { $canEdit = $perms->checkModule($m, "add"); } if (!$canEdit) { $AppUI->redirect("m=public&a=access_denied"); } // load the company types $types = dPgetSysVal('CompanyType'); // load the record data $q = new DBQuery(); $q->addTable('companies'); $q->addQuery('companies.*'); $q->addQuery('con.contact_first_name'); $q->addQuery('con.contact_last_name'); $q->addJoin('users', 'u', 'u.user_id = companies.company_owner'); $q->addJoin('contacts', 'con', 'u.user_contact = con.contact_id'); $q->addWhere('companies.company_id = ' . $company_id); $sql = $q->prepare();
<?php $coarseness = dPgetParam($_POST, "coarseness", 1); $do_report = dPgetParam($_POST, "do_report", 0); $hideNonWd = dPgetParam($_POST, "hideNonWd", 0); $log_start_date = dPgetParam($_POST, "log_start_date", 0); $log_end_date = dPgetParam($_POST, "log_end_date", 0); $use_assigned_percentage = dPgetParam($_POST, "use_assigned_percentage", 0); $user_id = dPgetParam($_POST, "user_id", $AppUI->user_id); // create Date objects from the datetime fields $start_date = intval($log_start_date) ? new CDate($log_start_date) : new CDate(date("Y-m-01")); $end_date = intval($log_end_date) ? new CDate($log_end_date) : new CDate(); $end_date->setTime(23, 59, 59); ?> <script language="javascript"> Calendar.enabled = true; </script> <form name="editFrm" action="index.php?m=projects&a=reports" method="post"> <input type="hidden" name="project_id" value="<?php echo $project_id; ?> " /> <input type="hidden" name="report_category" value="<?php echo $report_category; ?> " /> <input type="hidden" name="report_type" value="<?php echo $report_type; ?>