function setDataString($field, $value)
{
if (!is_string($value)) {
lcm_panic("Incorrect format: value is not a string.");
}
$this->data[$field] = $value;
}
function panic_not_implemented($table1, $table2)
{
// [ML] Eventually we should print a more user-friendly message,
// but for now, lcm_panic() is the easiest to debug.
$GLOBALS['errors']['join'] = "Report not implemented: join of {$table1} and {$table2}.\n\tPlease write to legalcase-devel@lists.sf.net and explain the report you are\n\ttrying to generate. If possible, please send a sample report with fictive\n\tvalues. It is possible that either it is possible to generate this report\n\tby another way, or that it may be necessary to write a custom report.";
lcm_panic($GLOBALS['errors']['join']);
}
function read_author_data($id_author)
{
$q = "SELECT * FROM lcm_author WHERE id_author=" . $id_author;
$result = lcm_query($q);
if (!($usr = lcm_fetch_array($result))) {
lcm_panic("The user #{$id_author} does not exist in the database.");
}
return $usr;
}
function upgrade_db_version($version, $test = true)
{
if ($test) {
write_meta('lcm_db_version', $version);
lcm_log("Upgraded database to version: {$version}", 'upgrade');
} else {
// DEPRECATED ?
include_lcm('inc_lang');
lcm_panic(_T('install_warning_update_impossible', array('db_version' => $version)));
exit;
}
}
function update_keyword($id_keyword)
{
$kw_title = _request('kw_title');
$kw_name = _request('kw_name');
// only for new keyword
$kw_desc = _request('kw_desc');
$kw_ac_author = _request('kw_ac_author');
// show/hide keyword
$kw_hasvalue = _request('kw_hasvalue');
// show field to enter text value
$kw_idgroup = intval(_request('id_group'));
//
// Check for errors
//
if (!$id_keyword) {
// new keyword
global $system_kwg;
if (!$kw_idgroup) {
lcm_panic("update_keyword: missing or badly formatted id_keyword or id_group");
}
$kwg_info = get_kwg_from_id($kw_idgroup);
if (!$kw_name) {
$_SESSION['errors']['name'] = _Ti('keywords_input_name') . _T('warning_field_mandatory');
}
if (isset($system_kwg[$kwg_info['name']]['keywords'][$kw_name])) {
// XXX [ML] what about user keywords?
$_SESSION['errors']['name'] = _Ti('keywords_input_name') . _T('keywords_warning_kw_code_exists');
}
}
if (!$kw_title) {
$_SESSION['errors']['title'] = _Ti('keywords_input_name') . _T('warning_field_mandatory');
}
if (count($_SESSION['errors'])) {
lcm_header("Location: " . $_SERVER['HTTP_REFERER']);
exit;
}
//
// Apply to database
//
$fl = "description = '{$kw_desc}',\n\t\t\ttitle = '{$kw_title}' ";
if ($kw_ac_author == 'Y' || $kw_ac_author == 'N') {
$fl .= ", ac_author = '{$kw_ac_author}'";
}
if ($kw_hasvalue == 'Y' || $kw_hasvalue == 'N') {
$query .= ", hasvalue = '{$kw_hasvalue}'";
}
if (!$id_keyword) {
// new
$query = "INSERT INTO lcm_keyword\n\t\t\t\tSET id_group = {$kw_idgroup}, \n\t\t\t\t\tname = '{$kw_name}',\n\t\t\t\t\t{$fl} ";
lcm_query($query);
$id_keyword = lcm_insert_id('lcm_keyword', 'id_keyword');
$kw_info = get_kw_from_id($id_keyword);
// for redirection later
} else {
// Get current info about keyword (don't trust the user)
$kw_info = get_kw_from_id($id_keyword);
$query = "UPDATE lcm_keyword\n\t\t\t\t\tSET {$fl}\n\t\t\t\t\tWHERE id_keyword = " . $id_keyword;
lcm_query($query);
}
write_metas();
// update inc_meta_cache.php
$tab = $kw_info['type'] == 'system' ? 'system' : 'user';
lcm_header("Location: keywords.php?tab=" . $tab . "#" . $kw_info['kwg_name']);
exit;
}
function install_step_3()
{
$db_address = _request('db_address');
$db_login = _request('db_login');
$db_password = _request('db_password');
global $lcm_db_version;
$install_log = "";
$upgrade_log = "";
// Possible errors will get trapped in the output buffer and displayed later,
// so that they don't mess up with headers/html.
ob_start();
if (_request('db_choice') == "__manual__") {
$sel_db = _request('manual_db');
} else {
$sel_db = _request('db_choice');
}
$link = lcm_connect_db($db_address, 0, $db_login, $db_password, $sel_db);
$io_output = ob_get_contents();
ob_end_clean();
if (!$link) {
install_html_start('AUTO', '', 3);
lcm_panic("connection denied: " . lcm_sql_error());
}
//
// TEMPORARY (used by testing the installer)
/*
lcm_query("DROP TABLE lcm_case", true);
lcm_query("DROP TABLE lcm_case_attachment", true);
lcm_query("DROP TABLE lcm_stage", true);
lcm_query("DROP TABLE lcm_followup", true);
lcm_query("DROP TABLE lcm_author", true);
lcm_query("DROP TABLE lcm_client", true);
lcm_query("DROP TABLE lcm_client_attachment", true);
lcm_query("DROP TABLE lcm_org", true);
lcm_query("DROP TABLE lcm_org_attachment", true);
lcm_query("DROP TABLE lcm_contact", true);
lcm_query("DROP TABLE lcm_keyword", true);
lcm_query("DROP TABLE lcm_keyword_case", true);
lcm_query("DROP TABLE lcm_keyword_client", true);
lcm_query("DROP TABLE lcm_keyword_org", true);
lcm_query("DROP TABLE lcm_keyword_group", true);
lcm_query("DROP TABLE lcm_report", true);
lcm_query("DROP TABLE lcm_fields", true);
lcm_query("DROP TABLE lcm_filter", true);
lcm_query("DROP TABLE lcm_app", true);
lcm_query("DROP TABLE lcm_app_client_org", true);
lcm_query("DROP TABLE lcm_app_fu", true);
lcm_query("DROP TABLE lcm_author_app", true);
lcm_query("DROP TABLE lcm_case_client_org", true);
lcm_query("DROP TABLE lcm_case_author", true);
lcm_query("DROP TABLE lcm_client_org", true);
lcm_query("DROP TABLE lcm_rep_col", true);
lcm_query("DROP TABLE lcm_rep_line", true);
lcm_query("DROP TABLE lcm_rep_filters", true);
lcm_query("DROP TABLE lcm_filter_conds", true);
lcm_query("DROP TABLE lcm_rep_filter", true);
lcm_query("DROP TABLE lcm_meta", true);
*/
// Test if the software was already installed
$result = lcm_query("SELECT * FROM lcm_meta", true);
$already_installed = !lcm_sql_errno() && lcm_num_rows($result);
$old_lcm_version = 'NONE';
if ($already_installed) {
lcm_log("LCM already installed", 'install');
// Find the current database version
$old_lcm_db_version = 0;
$query = "SELECT value FROM lcm_meta WHERE name = 'lcm_db_version'";
$result = lcm_query_db($query);
while ($row = lcm_fetch_array($result)) {
$old_lcm_db_version = $row['value'];
}
lcm_log("LCM version installed is {$old_lcm_db_version}", 'install');
// Check if upgrade is needed
if ($old_lcm_db_version < $lcm_db_version) {
lcm_log("Calling the upgrade procedure (since < {$lcm_db_version})", 'install');
include_lcm('inc_db_upgrade');
$upgrade_log = upgrade_database($old_lcm_db_version);
} else {
lcm_log("Upgrade _not_ called, looks OK (= {$lcm_db_version})", 'install');
}
} else {
lcm_log("Creating the database from scratch", 'install');
include_lcm('inc_db_create');
$install_log .= create_database();
lcm_log("DB creation complete", 'install');
}
// Create default meta + keywords
include_lcm('inc_meta');
include_lcm('inc_keywords_default');
include_lcm('inc_meta_defaults');
init_default_config();
init_languages();
$skwg = get_default_keywords();
create_groups($skwg);
write_metas();
// regenerate inc/data/inc_meta_cache.php
// Test DB: not used for now..
include_lcm('inc_db_test');
$structure_ok = lcm_structure_test();
if (!empty($install_log)) {
install_html_start('AUTO', '', 3);
echo "<h3><small>" . _T('install_step_three') . "</small> " . _T('install_title_creating_database') . "</h3>\n";
echo "<div class='box_error'>\n";
echo "<p>";
echo "<b>" . _T('warning_operation_failed') . "</b> " . _T('install_database_install_failed');
echo " " . lcm_help("install_connection") . "</p>\n";
echo "</div>\n";
// Dump error listing
echo put_text_in_textbox($install_log);
install_html_end();
} else {
if (!empty($upgrade_log)) {
install_html_start('AUTO', '', 3);
echo "<h3><small>" . _T('install_step_three') . "</small> " . _T('install_title_creating_database') . "</h3>\n";
echo "<div class='box_error'>\n";
echo "<p>" . _T('install_warning_update_impossible', array('old_version' => $old_lcm_version, 'version' => $lcm_version)) . "</p>\n";
echo "</div>\n";
// Dump error listing
echo put_text_in_textbox($upgrade_log);
install_html_end();
} else {
if (!$structure_ok) {
install_html_start('AUTO', '', 3);
echo "<h3><small>" . _T('install_step_three') . "</small> " . _T('install_title_creating_database') . "</h3>\n";
echo "<div class='box_error'>\n";
echo "<p> STRUCTURE PROBLEM </p>\n";
// TRAD
echo "</div>\n";
install_html_end();
} else {
// Everything OK
$conn = '<' . '?php' . "\n";
$conn .= "if (defined('_CONFIG_INC_CONNECT')) return;\n";
$conn .= "define('_CONFIG_INC_CONNECT', '1');\n";
$conn .= "\$GLOBALS['lcm_connect_version'] = 0.1;\n";
$conn .= "include_lcm('inc_db');\n";
$conn .= "@lcm_connect_db('{$db_address}','','{$db_login}','{$db_password}','{$sel_db}');\n";
$conn .= "\$GLOBALS['db_ok'] = !!@lcm_num_rows(@lcm_query_db('SELECT COUNT(*) FROM lcm_meta'));\n";
$conn .= '?' . '>';
$lcm_config_prefix = isset($_SERVER['LcmConfigDir']) ? $_SERVER['LcmConfigDir'] : 'inc/config';
$myFile = fopen($lcm_config_prefix . '/inc_connect_install.php', 'wb');
fputs($myFile, $conn);
fclose($myFile);
install_step_4();
}
}
}
}
$case = intval(_request('case', 0));
$client = intval(_request('client', 0));
$org = intval(_request('org', 0));
if ($case > 0) {
$type = 'case';
$id_type = $case;
} else {
if ($client > 0) {
$type = 'client';
$id_type = $client;
} else {
if ($org > 0) {
$type = 'org';
$id_type = $org;
} else {
lcm_panic("Missing object type for attachment.");
}
}
}
$_SESSION['errors'] = array();
if (isset($_POST['rem_file']) && is_array($_POST['rem_file']) && count($_POST['rem_file']) > 0) {
$rem_files = join(',', $_POST['rem_file']);
$result = lcm_query("UPDATE lcm_{$type}_attachment\n\t\t\t\tSET date_removed=NOW(),content=NULL\n\t\t\t\tWHERE id_{$type}={$id_type}\n\t\t\t\tAND id_attachment IN ({$rem_files})");
}
if (strlen($_FILES['filename']['name']) > 0) {
$_SESSION['user_file'] = $_FILES['filename'];
$_SESSION['user_file']['description'] = _request('description');
$filename = $_SESSION['user_file']['tmp_name'];
if (is_uploaded_file($filename) && $_SESSION['user_file']['size'] > 0) {
$file = fopen($filename, "r");
$file_contents = fread($file, filesize($filename));
if ($GLOBALS['author_session']['status'] != 'admin') {
lcm_panic("You don't have permission to export!");
}
$item = clean_input($_REQUEST['item']);
if (!empty($_REQUEST['id'])) {
$id = intval($_REQUEST['id']);
}
$data = array();
switch ($item) {
case 'case':
load_case($id, $data, _LOAD_ALL);
break;
case 'followup':
$data = load_followup($id, $data, _LOAD_ALL);
break;
case 'client':
$data = load_client($id, $data, _LOAD_ALL);
break;
case 'org':
$data = load_org($id, $data, _LOAD_ALL);
break;
default:
lcm_panic("Incorrect export item type!");
exit;
}
// Send proper headers to browser
header("Content-Type: text/xml");
header("Content-Disposition: filename={$item}_{$id}.xml");
header("Content-Description: " . "Export of {$item} ID{$id}");
echo '<?xml version="1.0"?>' . "\n";
echo xml_encode("{$item}_{$id}", $data);
function save()
{
$errors = $this->validate();
if (count($errors)) {
return $errors;
}
//
// Update
//
$fl = " date_start = '" . $this->getDataString('date_start') . "',\n\t\t\t\tdate_end = '" . $this->getDataString('date_end') . "',\n\t\t\t\ttype = '" . $this->getDataString('type') . "',\n\t\t\t\tsumbilled = " . $this->getDataFloat('sumbilled', 0.0);
if ($this->getDataString('type') == 'stage_change') {
// [ML] To be honest, we should "assert" most of the
// following values, but "new_stage" is the most important.
lcm_assert_value($this->getDataString('new_stage', '__ASSERT__'));
$desc = array('description' => $this->getDataString('description'), 'result' => $this->getDataString('result'), 'conclusion' => $this->getDataString('conclusion'), 'sentence' => $this->getDataString('sentence'), 'sentence_val' => $this->getDataString('sentence_val'), 'new_stage' => $this->getDataString('new_stage'));
$fl .= ", description = '" . serialize($desc) . "'";
} elseif (is_status_change($this->getDataString('type'))) {
$desc = array('description' => $this->getDataString('description'), 'result' => $this->getDataString('result'), 'conclusion' => $this->getDataString('conclusion'), 'sentence' => $this->getDataString('sentence'), 'sentence_val' => $this->getDataString('sentence_val'));
$fl .= ", description = '" . serialize($desc) . "'";
} else {
$fl .= ", description = '" . $this->getDataString('description') . "'";
}
if ($this->getDataInt('id_followup') > 0) {
// Edit of existing follow-up
$id_followup = $this->getDataInt('id_followup');
if (!allowed($this->getDataInt('id_case'), 'e')) {
lcm_panic("You don't have permission to modify this case's information. (" . $this->getDataInt('id_case') . ")");
}
// TODO: check if hiding this FU is allowed
if (allowed($this->getDataInt('id_case'), 'a') && !(is_status_change($this->getDataString('type')) || $this->getDataString('type') == 'assignment' || $this->getDataString('type') == 'unassignment')) {
if ($this->getDataString('delete')) {
$fl .= ", hidden = 'Y'";
} else {
$fl .= ", hidden = 'N'";
}
} else {
$fl .= ", hidden = 'N'";
}
$q = "UPDATE lcm_followup SET {$fl} WHERE id_followup = {$id_followup}";
$result = lcm_query($q);
// Get stage of the follow-up entry
$q = "SELECT id_stage, case_stage FROM lcm_followup WHERE id_followup = {$id_followup}";
$result = lcm_query($q);
if ($row = lcm_fetch_array($result)) {
$case_stage = lcm_assert_value($row['case_stage']);
} else {
lcm_panic("There is no such follow-up (" . $id_followup . ")");
}
// Update the related lcm_stage entry
$q = "UPDATE lcm_stage SET\n\t\t\t\t\tdate_conclusion = '" . $this->getDataString('date_end') . "',\n\t\t\t\t\tkw_result = '" . $this->getDataString('result') . "',\n\t\t\t\t\tkw_conclusion = '" . $this->getDataString('conclusion') . "',\n\t\t\t\t\tkw_sentence = '" . $this->getDataString('sentence') . "',\n\t\t\t\t\tsentence_val = '" . $this->getDataString('sentence_val') . "',\n\t\t\t\t\tdate_agreement = '" . $this->getDataString('date_end') . "'\n\t\t\t\tWHERE id_case = " . $this->getDataInt('id_case') . "\n\t\t\t\t AND kw_case_stage = '" . $case_stage . "'";
lcm_query($q);
} else {
// New follow-up
if (!allowed($this->getDataInt('id_case'), 'w')) {
lcm_panic("You don't have permission to add information to this case. (" . $this->getDataInt('id_case') . ")");
}
// Get the current case stage
$q = "SELECT id_stage, stage FROM lcm_case WHERE id_case=" . $this->getDataInt('id_case', '__ASSERT__');
$result = lcm_query($q);
if ($row = lcm_fetch_array($result)) {
$case_stage = lcm_assert_value($row['stage']);
$case_stage_id = lcm_assert_value($row['id_stage']);
} else {
lcm_panic("There is no such case (" . $this->getDataInt('id_case') . ")");
}
// Add the new follow-up
$q = "INSERT INTO lcm_followup\n\t\t\t\t\tSET id_case=" . $this->getDataInt('id_case') . ",\n\t\t\t\t\t\tid_author=" . $GLOBALS['author_session']['id_author'] . ",\n\t\t\t\t\t\t{$fl},\n\t\t\t\t\t\tid_stage = {$case_stage_id},\n\t\t\t\t\t\tcase_stage='{$case_stage}'";
lcm_query($q);
$this->data['id_followup'] = lcm_insert_id('lcm_followup', 'id_followup');
// Set relation to the parent appointment, if any
if ($this->getDataInt('id_app')) {
$q = "INSERT INTO lcm_app_fu \n\t\t\t\t\t\tSET id_app=" . $this->getDataInt('id_app') . ",\n\t\t\t\t\t\t\tid_followup=" . $this->getDataInt('id_followup', '__ASSERT__') . ",\n\t\t\t\t\t\t\trelation='child'";
$result = lcm_query($q);
}
// Update case status
$status = '';
$stage = '';
switch ($this->getDataString('type')) {
case 'conclusion':
$status = 'closed';
break;
case 'suspension':
$status = 'suspended';
break;
case 'opening':
case 'resumption':
case 'reopening':
$status = 'open';
break;
case 'merge':
$status = 'merged';
break;
case 'deletion':
$status = 'deleted';
break;
case 'stage_change':
$stage = lcm_assert_value($this->getDataString('new_stage'));
break;
}
if ($status || $stage) {
$q = "UPDATE lcm_case\n\t\t\t\t\t\tSET " . ($status ? "status='{$status}'" : '') . ($status && $stage ? ',' : '') . ($stage ? "stage='{$stage}'" : '') . "\n\t\t\t\t\t\tWHERE id_case=" . $this->getDataInt('id_case');
lcm_query($q);
// Close the lcm_stage
// XXX for now, date_agreement is not used
if ($status == 'open') {
// case is being re-opened, so erase previously entered info
$q = "UPDATE lcm_stage\n\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\tdate_conclusion = '0000-00-00 00:00:00',\n\t\t\t\t\t\t\t\tid_fu_conclusion = 0,\n\t\t\t\t\t\t\t\tkw_result = '',\n\t\t\t\t\t\t\t\tkw_conclusion = '',\n\t\t\t\t\t\t\t\tkw_sentence = '',\n\t\t\t\t\t\t\t\tsentence_val = '',\n\t\t\t\t\t\t\t\tdate_agreement = '0000-00-00 00:00:0'\n\t\t\t\t\t\t\tWHERE id_case = " . $this->getDataInt('id_case') . "\n\t\t\t\t\t\t\t AND kw_case_stage = '" . $case_stage . "'";
} else {
$q = "UPDATE lcm_stage\n\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\tdate_conclusion = '" . $this->getDataString('date_end') . "',\n\t\t\t\t\t\t\t\tid_fu_conclusion = " . $this->getDataInt('id_followup') . ",\n\t\t\t\t\t\t\t\tkw_result = '" . $this->getDataString('result') . "',\n\t\t\t\t\t\t\t\tkw_conclusion = '" . $this->getDataString('conclusion') . "',\n\t\t\t\t\t\t\t\tkw_sentence = '" . $this->getDataString('sentence') . "',\n\t\t\t\t\t\t\t\tsentence_val = '" . $this->getDataString('sentence_val') . "',\n\t\t\t\t\t\t\t\tdate_agreement = '" . $this->getDataString('date_end') . "'\n\t\t\t\t\t\t\tWHERE id_case = " . $this->getDataInt('id_case', '__ASSERT__') . "\n\t\t\t\t\t\t\t AND kw_case_stage = '" . $case_stage . "'";
}
lcm_query($q);
}
// If creating a new case stage, make new lcm_stage entry
if ($stage) {
$q = "INSERT INTO lcm_stage SET\n\t\t\t\t\t\t\tid_case = " . $this->getDataInt('id_case', '__ASSERT__') . ",\n\t\t\t\t\t\t\tkw_case_stage = '" . lcm_assert_value($stage) . "',\n\t\t\t\t\t\t\tdate_creation = NOW(),\n\t\t\t\t\t\t\tid_fu_creation = " . $this->getDataInt('id_followup');
lcm_query($q);
}
}
// Keywords
update_keywords_request('followup', $this->getDataInt('id_followup'));
return $errors;
}
}
show_find_box('exp', $find_exp_string);
//
// For "Filter expense owner"
//
$prefs_change = false;
$types_owner = array('my' => 1, 'public' => 1);
$types_period = array('m1' => 30, 'm3' => 91, 'm6' => 182, 'y1' => 365);
// 30 days, 3 months, 6 months, 1 year
if ($author_session['status'] == 'admin') {
$types_owner['all'] = 1;
}
if ($v = _request('case_owner')) {
if ($prefs['case_owner'] != $v) {
if (!array_key_exists($v, $types_owner)) {
lcm_panic("Value for case owner not permitted: " . htmlspecialchars($v));
}
$prefs['case_owner'] = _request('case_owner');
$prefs_change = true;
}
}
// always include 'my' cases [ML] $q_owner is re-used below
$q_owner = " (e.id_author = " . $author_session['id_author'];
if ($prefs['case_owner'] == 'public') {
$q_owner .= " OR e.pub_read = 1";
}
if ($author_session['status'] == 'admin' && $prefs['case_owner'] == 'all') {
$q_owner .= " OR 1=1 ";
}
$q_owner .= " ) ";
//
function getCaseIterator()
{
global $prefs;
if ($this->getCaseDone()) {
lcm_panic("LcmOrg::getCaseIterator called but getCaseDone() returned true");
}
return array_shift($this->cases);
}
function printList()
{
global $prefs;
// Select cases of which the current user is author
$q = "SELECT DISTINCT c.id_case, title, status, public, pub_write, date_creation\n\t\t\tFROM lcm_case as c NATURAL JOIN lcm_case_author as a ";
if ($this->search) {
$q .= " NATURAL LEFT JOIN lcm_keyword_case as kc ";
}
//
// Apply filters to SELECT output
//
$q .= " WHERE 1=1 ";
// Add search criteria, if any
if ($this->search) {
$q .= " AND (";
if (is_numeric($this->search)) {
$q .= " (c.id_case = {$this->search}) OR ";
}
$q .= " (kc.value LIKE '%" . $this->search . "%') OR " . " (c.title LIKE '%" . $this->search . "%') ";
$q .= " )";
}
//
// Case owner: may be used by listcases.php, archives.php, author_det.php, etc.
// Also, it may be a user checking another user's profile (in that case, show only public cases)
// or it may be an admin checking another user's profile. etc.
//
global $author_session;
$owner_filter = $this->getDataString('owner', $prefs['case_owner']);
$owner_id = $this->getDataInt('id_author', $author_session['id_author']);
$q_owner = " (a.id_author = " . $owner_id;
if ($owner_id == $author_session['id_author']) {
// Either in listcases, or user looking at his page in author_det
if ($owner_filter == 'public') {
$q_owner .= " OR c.public = 1";
}
if ($author_session['status'] == 'admin' && $owner_filter == 'all') {
$q_owner .= " OR 1=1 ";
}
} else {
// If not an admin, show only public cases of that user
if ($author_session['status'] != 'admin') {
$q_owner .= " AND c.public = 1";
}
}
$q_owner .= " ) ";
$q .= " AND " . $q_owner;
// Period (date_creation) to show
if ($this->date_start || $this->date_end) {
if ($this->date_start) {
$q .= " AND date_creation >= '" . $this->date_start . "'";
}
if ($this->date_end) {
$q .= " AND date_creation <= '" . $this->date_end . "'";
}
} else {
if ($prefs['case_period'] < 1900) {
// since X days
$q .= " AND " . lcm_query_subst_time('date_creation', 'NOW()') . ' < ' . $prefs['case_period'] * 3600 * 24;
} else {
// for year X
$q .= " AND " . lcm_query_trunc_field('date_creation', 'year') . ' = ' . $prefs['case_period'];
}
}
//
// Sort results
//
$sort_clauses = array();
$sort_allow = array('ASC' => 1, 'DESC' => 1);
// Sort cases by creation date
if ($sort_allow[_request('status_order')]) {
$sort_clauses[] = "status " . _request('status_order');
}
if ($sort_allow[_request('case_order')]) {
$sort_clauses[] = 'date_creation ' . _request('case_order');
} elseif ($sort_allow[_request('upddate_order')]) {
$sort_clauses[] = "date_update " . _request('upddate_order');
} else {
$sort_clauses[] = 'date_creation DESC';
}
// default
$q .= " ORDER BY " . implode(', ', $sort_clauses);
$result = lcm_query($q);
// Check for correct start position of the list
$this->number_of_rows = lcm_num_rows($result);
if ($this->list_pos >= $this->number_of_rows) {
$this->list_pos = 0;
}
// Position to the page info start
if ($this->list_pos > 0) {
if (!lcm_data_seek($result, $this->list_pos)) {
lcm_panic("Error seeking position " . $this->list_pos . " in the result");
}
}
for ($i = 0; $i < $prefs['page_rows'] && ($row = lcm_fetch_array($result)); $i++) {
show_listcase_item($row, $i, $this->search);
}
}
function export($type, $format, $search = '')
{
switch ($type) {
case 'case':
// List cases in the system + search criterion if any
$q = "SELECT id_case,title,legal_reason,alledged_crime,notes,status,stage\n\t\t\t\t\tFROM lcm_case";
if (strlen($search) > 1) {
// Add search criteria
$q .= " WHERE ((title LIKE '%{$search}%')\n\t\t\t\t\t\tOR (status LIKE '%{$search}%')\n\t\t\t\t\t\tOR (stage LIKE '%{$search}%'))";
}
break;
case 'client':
// List clients in the system + search criterion if any
$q = "SELECT id_client,name_first,name_middle,name_last,citizen_number,civil_status,income,gender,notes\n\t\t\t\t\tFROM lcm_client";
if (strlen($search) > 1) {
// Add search criteria
$q .= " WHERE ((name_first LIKE '%{$search}%')\n\t\t\t\t\t\tOR (name_middle LIKE '%{$search}%')\n\t\t\t\t\t\tOR (name_last LIKE '%{$search}%'))";
}
break;
case 'org':
// List organizations in the system + search criterion if any
$q = "SELECT id_org,name,notes,court_reg,tax_number,stat_number\n\t\t\t\t\tFROM lcm_org";
if (strlen($search) > 1) {
// Add search criteria
$q .= " WHERE (name LIKE '%{$search}%')";
}
break;
default:
lcm_panic("invalid type: {$type}");
return 0;
}
$mime_types = array('csv' => 'text/comma-separated-values', 'xml' => 'text/xml');
if (!($mime_type = $mime_types[$format])) {
lcm_panic("invalid type: {$type}");
return 0;
}
$result = lcm_query($q);
if (lcm_num_rows($result) > 0) {
// Send proper headers to browser
header("Content-Type: " . $mime_type);
header("Content-Disposition: filename={$type}.{$format}");
header("Content-Description: " . "Export of {$type}s");
header("Content-Transfer-Encoding: binary");
// echo ( get_magic_quotes_runtime() ? stripslashes($row['content']) : $row['content'] );
// Document start
switch ($format) {
case 'csv':
// Export columns headers
break;
case 'xml':
echo "<document>\r\n";
break;
}
// Document contents
while ($row = lcm_fetch_assoc($result)) {
// Export row start
switch ($format) {
case 'csv':
break;
case 'xml':
echo "\t<row>\r\n";
break;
}
// Prepare row fields
$fields = array();
foreach ($row as $key => $value) {
// Remove escaping if any
$value = get_magic_quotes_runtime() ? stripslashes($value) : $value;
switch ($format) {
case 'csv':
if (is_string($value)) {
// Escape double quote in CVS style
$value = str_replace('"', '""', $value);
// Add double quotes
$value = "\"{$value}\"";
}
break;
case 'xml':
$value = is_string($value) ? htmlspecialchars($value) : $value;
$value = "\t\t<{$key}>{$value}</{$key}>\r\n";
break;
}
$fields[] = $value;
}
// Export row end
switch ($format) {
case 'csv':
echo join(',', $fields) . "\r\n";
break;
case 'xml':
echo join('', $fields);
echo "\t</row>\r\n";
break;
}
}
// Document end
switch ($format) {
case 'csv':
break;
case 'xml':
echo "</document>\r\n";
break;
}
}
}
function update_keywords_request($type_obj, $id_obj, $id_obj_sec = 0)
{
//
// Update existing keywords
//
if (isset($_REQUEST['kw_value_' . $type_obj])) {
$kw_entries = $_REQUEST['kw_entry_' . $type_obj];
$kw_values = $_REQUEST['kw_value_' . $type_obj];
$kwg_ids = $_REQUEST['kwg_id_' . $type_obj];
// Check if the keywords provided are really attached to the object
for ($cpt = 0; isset($kw_entries[$cpt]) && $kw_entries[$cpt]; $cpt++) {
// TODO
}
for ($cpt = 0; isset($kw_entries[$cpt]); $cpt++) {
if ($_REQUEST['kw_del_' . $type_obj . $cpt] || empty($kw_values[$cpt])) {
if ($type_obj == 'stage') {
// The id_case and id_stage are specified explicitely
// even if redundant for security (not to delete on other
// cases) and for integrety checks.
$query = "DELETE FROM lcm_keyword_case\n\t\t\t\t\t\t\t\tWHERE id_case = {$id_obj}\n\t\t\t\t\t\t\t\t AND id_stage = {$id_obj_sec}\n\t\t\t\t\t\t\t\t AND id_entry = " . $kw_entries[$cpt];
} else {
// The id_$type_obj (ex: case, client, org) is specified
// explicitely even if redundant for security and integrity.
$query = "DELETE FROM lcm_keyword_" . $type_obj . "\n\t\t\t\t\t\t\t\tWHERE id_{$type_obj} = {$id_obj}\n\t\t\t\t\t\t\t\t AND id_entry = " . $kw_entries[$cpt];
}
} else {
if ($kw_values[$cpt]) {
if ($type_obj == 'stage') {
$query = "UPDATE lcm_keyword_case\n\t\t\t\t\t\t\t\tSET id_keyword = " . $kw_values[$cpt] . ",\n\t\t\t\t\t\t\t\t\tid_stage = " . $id_obj_sec;
} else {
$query = "UPDATE lcm_keyword_" . $type_obj . " \n\t\t\t\t\t\t\t\tSET id_keyword = " . $kw_values[$cpt];
}
if ($_REQUEST['kw_entryval_' . $type_obj . $cpt]) {
$query .= ", value = '" . $_REQUEST['kw_entryval_' . $type_obj . $cpt] . "'";
}
$query .= " WHERE id_entry = " . $kw_entries[$cpt];
}
}
lcm_query($query);
}
}
//
// New keywords
//
if ($id_obj && isset($_REQUEST['new_keyword_' . $type_obj . '_value'])) {
$cpt = 0;
$new_keywords = $_REQUEST['new_keyword_' . $type_obj . '_value'];
$new_kwg_id = $_REQUEST['new_kwg_' . $type_obj . '_id'];
while (isset($new_keywords[$cpt])) {
// Process new keywords which have a value
if ($new_keywords[$cpt]) {
if (!$new_kwg_id[$cpt]) {
lcm_panic("Empty kwg name");
}
// optionally, we can validate whether it makes sense
// to apply this kwg to this 'object' ... (TODO ?)
if ($type_obj == 'stage') {
$query = "INSERT INTO lcm_keyword_case\n\t\t\t\t\t\t\tSET id_keyword = " . $new_keywords[$cpt] . ",\n\t\t\t\t\t\t\t\tid_case = " . $id_obj . ",\n\t\t\t\t\t\t\t\tid_stage = " . $id_obj_sec;
} else {
$query = "INSERT INTO lcm_keyword_" . $type_obj . "\n\t\t\t\t\t\t\tSET id_keyword = " . $new_keywords[$cpt] . ",\n\t\t\t\t\t\t\t\tid_" . $type_obj . " = " . $id_obj;
}
if (isset($_REQUEST['new_kw_entryval_' . $type_obj . $cpt])) {
if ($_REQUEST['new_kw_entryval_' . $type_obj . $cpt]) {
$query .= ", value = '" . $_REQUEST['new_kw_entryval_' . $type_obj . $cpt] . "'";
} else {
$query = "";
}
}
if ($query) {
lcm_query($query);
}
}
$cpt++;
}
}
}
function lcm_query_trunc_field($date, $type)
{
$ret = "";
switch ($type) {
case 'day':
$ret = "DATE_FORMAT({$date}, '%Y-%m-%d')";
break;
case 'year':
$ret = "YEAR({$date})";
break;
default:
lcm_panic("Not supported");
}
return $ret;
}
}
lcm_log("lcm_upgrade test: current = {$current_version}, should be = {$lcm_db_version}");
// test if upgraded necessary
if ($current_version < $lcm_db_version) {
include_lcm('inc_db_upgrade');
lcm_page_start(_T('title_upgrade_database'));
echo "\n<!-- Upgrading from {$current_version} to {$lcm_db_version} -->\n";
$log = upgrade_database($current_version);
// To be honest, in most cases, it will cause a lcm_panic() and this will
// not show, altough we could (in the future) catch/interpret errors.
if ($log) {
echo "<div class='box_error'>\n";
echo "<p>An error occured while upgrading the database: <br/>{$log}</p>\n";
// TRAD
echo "</div>\n";
lcm_panic("upgrade error ({$log})");
} else {
echo "<div class='box_success'>\n";
echo '<p class="normal_text">' . _T('info_upgrade_database3') . ' <a class="content_link" href="index.php">' . _T('info_upgrade_database5') . "</a></p>\n";
echo "</div>\n";
}
lcm_page_end();
} else {
global $author_session;
lcm_page_start("No database upgrade needed");
// TRAD
// Small practical trick to refresh the report fields/filters
if ($author_session['status'] == 'admin') {
include_lcm('inc_db_upgrade');
include_lcm('inc_repfields_defaults');
$fields = get_default_repfields();
function getCaseIterator()
{
global $prefs;
if ($this->getCaseDone()) {
lcm_panic("LcmClient::getCaseIterator called but getCaseDone() returned true");
}
$ret = array_shift($this->cases);
$this->case_start_from++;
if ($this->getCaseDone()) {
lcm_debug('not done, reloading: ' . count($this->cases));
$this->loadCases($this->case_start_from + $prefs['page_rows']);
}
lcm_debug("getCaseIterator " . count($this->cases));
return $ret;
}
function printEndDoc()
{
// TODO: show report footer?
$content = '</table:table>' . '</office:spreadsheet>' . '</office:body>' . '</office:document-content>' . "\n";
fwrite($this->fcontent, $content);
fclose($this->fcontent);
$all_files = array($this->dir . '/content.xml', $this->dir . '/META-INF/', $this->dir . '/meta.xml', $this->dir . '/mimetype', $this->dir . '/styles.xml');
/*
$params = array (
'remove_path' => $this->dir
);
$this->zipfile->create($all_files, $params);
*/
$this->zipfile->create($all_files, '', $this->dir);
// Send it to the user for download
if (!($f = fopen($this->zipname, 'r'))) {
lcm_panic("Failed to open " . $this->zipname . ": " . $GLOBALS['lcm_errormsg']);
}
while ($data = fread($f, filesize($this->zipname))) {
echo $data;
}
fclose($f);
// TODO: Delete temporary files
unlink($this->dir . '/content.xml');
unlink($this->dir . '/styles.xml');
unlink($this->dir . '/meta.xml');
unlink($this->dir . '/mimetype');
unlink($this->dir . '/META-INF/manifest.xml');
rmdir($this->dir . '/META-INF/');
rmdir($this->dir);
}
function printList()
{
global $prefs;
// Select cases of which the current user is author
$q = "SELECT e.id_expense, e.id_case, e.id_author, e.status, e.type, \n\t\t\t\te.description, e.date_creation, e.date_update, e.pub_read,\n\t\t\t\te.pub_write, a.name_first, a.name_middle, a.name_last,\n\t\t\t\tcount(ec.id_expense) as nb_comments, c.title as case_title\n\t\t\tFROM lcm_expense as e\n\t\t\tLEFT JOIN lcm_expense_comment as ec ON (ec.id_expense = e.id_expense)\n\t\t\tLEFT JOIN lcm_author as a ON (a.id_author = e.id_author) \n\t\t\tLEFT JOIN lcm_case as c ON (c.id_case = e.id_case) ";
$q .= " WHERE (1=1 ";
if ($this->search) {
$q .= " AND (";
if (is_numeric($this->search)) {
$q .= " e.id_expense = " . $this->search . " OR ";
}
$q .= " e.description LIKE '%" . $this->search . "%' ";
$q .= " )";
}
if ($this->id_case) {
$q .= " AND e.id_case = " . $this->id_case;
}
$q .= ")";
//
// Apply filters to SQL
//
// Case owner TODO
// $q .= " AND " . $q_owner;
// Period (date_creation) to show
if ($prefs['case_period'] < 1900) {
// since X days
// $q .= " AND TO_DAYS(NOW()) - TO_DAYS(date_creation) < " . $prefs['case_period'];
$q .= " AND " . lcm_query_subst_time('e.date_creation', 'NOW()') . ' < ' . $prefs['case_period'] * 3600 * 24;
} else {
// for year X
$q .= " AND " . lcm_query_trunc_field('e.date_creation', 'year') . ' = ' . $prefs['case_period'];
}
$q .= " GROUP BY e.id_expense, e.id_case, e.id_author, e.status, e.type, e.description, e.date_creation, e.date_update, e.pub_read, e.pub_write, a.name_first, a.name_middle, a.name_last, c.title ";
//
// Sort
//
$sort_clauses = array();
$sort_allow = array('ASC' => 1, 'DESC' => 1);
// Sort by request type
if ($sort_allow[_request('type_order')]) {
$sort_clauses[] = "type " . _request('type_order');
}
if ($sort_allow[_request('status_order')]) {
$sort_clauses[] = "status " . _request('status_order');
}
// Sort cases by creation or update date
if ($sort_allow[_request('date_order')]) {
$sort_clauses[] = "date_creation " . _request('date_order');
} elseif ($sort_allow[_request('upddate_order')]) {
$sort_clauses[] = "date_update " . _request('upddate_order');
}
if (count($sort_clauses)) {
$q .= " ORDER BY " . implode(', ', $sort_clauses);
} else {
$q .= " ORDER BY date_creation DESC";
}
// default sort
$result = lcm_query($q);
// Check for correct start position of the list
$this->number_of_rows = lcm_num_rows($result);
if ($this->list_pos >= $this->number_of_rows) {
$this->list_pos = 0;
}
// Position to the page info start
if ($this->list_pos > 0) {
if (!lcm_data_seek($result, $this->list_pos)) {
lcm_panic("Error seeking position " . $this->list_pos . " in the result");
}
}
for ($i = 0; $i < $prefs['page_rows'] && ($row = lcm_fetch_array($result)); $i++) {
$css = $i % 2 ? "dark" : "light";
echo "<tr>\n";
// Expense ID
echo "<td class='tbl_cont_" . $css . "'>";
echo highlight_matches($row['id_expense'], $this->search);
echo "</td>\n";
// Author
echo "<td class='tbl_cont_" . $css . "'>";
echo get_person_initials($row);
echo "</td>\n";
// Attached to case..
echo "<td class='tbl_cont_" . $css . "'>";
if ($row['id_case']) {
echo '<abbr title="' . $row['case_title'] . '">' . $row['id_case'] . '</a>';
}
echo "</td>\n";
// Date creation
echo "<td class='tbl_cont_" . $css . "'>";
echo format_date($row['date_creation'], 'short');
echo "</td>\n";
// Type
echo "<td class='tbl_cont_" . $css . "'>";
echo _Tkw('_exptypes', $row['type']);
echo "</td>\n";
// Description
global $fu_desc_len;
// configure via my_options.php with $GLOBALS['fu_desc_len'] = NNN;
$more_desc = _request('more_desc', 0);
$desc_length = isset($fu_desc_len) && $fu_desc_len > 0 ? $fu_desc_len : 256;
$description = $row['description'];
if ($more_desc || strlen(lcm_utf8_decode($row['description'])) < $desc_length) {
$description = $row['description'];
} else {
$description = substr($row['description'], 0, $desc_length) . '...';
}
echo "<td class='tbl_cont_" . $css . "'>";
echo '<a class="content_link" href="exp_det.php?expense=' . $row['id_expense'] . '">';
echo nl2br(highlight_matches($description, $this->search));
echo "</a>";
echo "</td>\n";
// # Comments
echo "<td class='tbl_cont_" . $css . "'>";
echo $row['nb_comments'];
echo "</td>\n";
// Date update
echo "<td class='tbl_cont_" . $css . "'>";
if ($row['date_update'] != $row['date_creation']) {
echo format_date($row['date_update'], 'short');
}
echo "</td>\n";
// Status
echo "<td class='tbl_cont_" . $css . "'>";
echo _T('expense_status_option_' . $row['status']);
echo "</td>\n";
echo "</tr>\n";
}
}
function send_registration_by_email()
{
global $lcm_lang_left;
$_SESSION['form_data'] = array();
$_SESSION['errors'] = array();
$kwg_email = get_kwg_from_name('+email_main');
$form_items = array('name_first' => 'person_input_name_first', 'name_last' => 'person_input_name_last', 'email' => 'input_email', 'username' => 'authoredit_input_username');
foreach ($form_items as $field => $trad) {
$_SESSION['form_data'][$field] = _request($field);
if (!_session($field)) {
$_SESSION['errors'][$field] = _Ti($trad) . _T('warning_field_mandatory');
}
}
if (count($_SESSION['errors'])) {
lcm_header("Location: lcm_pass.php?register=yes");
exit;
}
install_html_start(_T('pass_title_register'), 'login');
// There is a risk that an author changes his e-mail after his account
// is created, to the e-mail of another person, and therefore block the
// other person from registering. But then.. this would allow the other
// person to hijack the account, so it would be a stupid DoS.
$query = "SELECT id_of_person, status FROM lcm_contact as c, lcm_author as a\n\t\tWHERE c.id_of_person = a.id_author\n\t\tAND value = '" . _session('email') . "'\n\t\tAND type_person = 'author'\n\t\tAND type_contact = " . $kwg_email['id_group'];
$result = lcm_query($query);
// Test if the user already exists
if ($row = lcm_fetch_array($result)) {
$id_author = $row['id_of_person'];
$status = $row['status'];
// TODO: if status = 'pending for validation by admin', show message
if ($status == 'trash') {
echo "<br />\n";
echo "<div class='box_error'>" . _T('pass_registration_denied') . "</div>\n";
} else {
echo "<br />\n";
echo "<div class=\"box_error\" align=\"{$lcm_lang_left}\">" . _T('pass_warning_already_registered') . "</div>\n";
return;
}
}
//
// Send identifiers by e-mail
//
include_lcm('inc_access');
include_lcm('inc_mail');
$username = get_unique_username(_session('username'));
$pass = create_random_password(8, $username);
$mdpass = md5($pass);
$open_subscription = read_meta("site_open_subscription");
if (!($open_subscription == 'yes' || $open_subscription == 'moderated')) {
lcm_panic("Subscriptions not permitted.");
}
$status = 'waiting';
if ($open_subscription == 'yes') {
$status = 'normal';
}
lcm_query("INSERT INTO lcm_author (name_first, name_last, username, password, status, date_creation, date_update) " . "VALUES ('" . _session('name_first') . "', '" . _session('name_last') . "', '{$username}', '{$mdpass}', 'normal', NOW(), NOW())");
$id_author = lcm_insert_id('lcm_author', 'id_author');
// Add e-mail to lcm_contact
lcm_query("INSERT INTO lcm_contact (type_person, type_contact, id_of_person, value)\n\t\t\tVALUES ('author', " . $kwg_email['id_group'] . ", {$id_author}, '" . _session('email') . "')");
// Prepare the e-mail to send to the user
$site_name = _T(read_meta('site_name'));
$site_address = read_meta('site_address');
$message = _T('info_greetings') . ",\n\n";
$message .= _T('pass_info_here_info', array('site_name' => $site_name, 'site_address' => $site_address)) . "\n\n";
$message .= "- " . _Ti('login_login') . " {$username}\n";
$message .= "- " . _Ti('login_password') . " {$pass}\n\n";
if ($open_subscription == 'moderated') {
$message .= _T('pass_info_moderated') . "\n\n";
}
$message .= _T('pass_info_automated_msg') . "\n\n";
if (send_email(_session('email'), "[{$site_name}] " . _T('pass_title_personal_identifier'), $message)) {
echo "<p>" . _T('pass_info_identifier_mail') . "</p>\n";
} else {
$email_admin = read_meta('email_sysadmin');
echo "<div class=\"box_error\"><p>" . _T('pass_warning_mail_failure', array('email_admin' => $email_admin)) . "</p></div>\n";
}
// If moderated, send copy to site admin
if ($open_subscription == 'moderated') {
$email_admin = read_meta('email_sysadmin');
send_email($email_admin, "[{$site_name}] " . _T('pass_title_personal_identifier'), $message);
}
}
function lcm_assert_value($value, $allow_zero = false)
{
if (is_numeric($value) && $value == 0 && !$allow_zero) {
lcm_panic("Value is 0, but allow_zero is false");
}
if (!isset($value) || !$value) {
lcm_panic("Missing value (unset or non-true)");
}
return $value;
}
$stage_info = get_kw_from_name('stage', $_REQUEST['new_stage']);
$id_stage = $stage_info['id_keyword'];
update_keywords_request('stage', $_SESSION['form_data']['id_case'], $id_stage);
}
//
// Update lcm_case.date_update (if fu.date_start > c.date_update)
//
$q = "SELECT date_update FROM lcm_case WHERE id_case = " . $fu->getDataInt('id_case', '__ASSERT__');
$result = lcm_query($q);
if ($row = lcm_fetch_array($result)) {
if ($fu->getDataString('date_start', '__ASSERT__') > $row['date_update']) {
$q = "UPDATE lcm_case\n\t\t\t\tSET date_update = '" . $fu->getDatastring('date_start') . "'\n\t\t\t\tWHERE id_case = " . $fu->getDataInt('id_case', '__ASSERT__');
lcm_query($q);
}
} else {
lcm_panic("Query returned no results.");
}
///////////////////////////////////////////////////////////////////////
// Consequent appointment information update
///////////////////////////////////////////////////////////////////////
if (isset($_SESSION['form_data']['add_appointment'])) {
// No errors, proceed with database update
$fl = "\ttype\t\t= '" . clean_input($_SESSION['form_data']['app_type']) . "',\n\t\ttitle\t\t= '" . clean_input($_SESSION['form_data']['app_title']) . "',\n\t\tdescription\t= '" . clean_input($_SESSION['form_data']['app_description']) . "',\n\t\tstart_time\t= '" . $_SESSION['form_data']['app_start_time'] . "',\n\t\tend_time\t= '" . $_SESSION['form_data']['app_end_time'] . "',\n\t\treminder\t= '" . $_SESSION['form_data']['app_reminder'] . "'\n\t\t";
// Add the new appointment
$q = "INSERT INTO lcm_app SET ";
// Add case ID
$q .= 'id_case = ' . $_SESSION['form_data']['id_case'] . ',';
// Add ID of the creator
$q .= 'id_author = ' . $GLOBALS['author_session']['id_author'] . ',';
// Add the rest of the fields
$q .= "{$fl}, date_creation = NOW()";
$q .= " name " . $order_name;
$result = lcm_query($q);
$number_of_rows = lcm_num_rows($result);
// Check for correct start position of the list
if (isset($_REQUEST['list_pos'])) {
$list_pos = $_REQUEST['list_pos'];
} else {
$list_pos = 0;
}
if ($list_pos >= $number_of_rows) {
$list_pos = 0;
}
// Position to the page info start
if ($list_pos > 0) {
if (!lcm_data_seek($result, $list_pos)) {
lcm_panic("Error seeking position {$list_pos} in the result");
}
}
// Output table tags
// Not worth creating show_listorgs_*() for now
$cpt = 0;
$headers = array();
$headers[0]['title'] = "#";
$headers[0]['order'] = 'order_id';
$headers[0]['default'] = '';
$headers[1]['title'] = _Th('org_input_name');
$headers[1]['order'] = 'order_name';
$headers[1]['default'] = 'ASC';
$headers[1]['width'] = '99%';
show_list_start($headers);
for ($i = 0; $i < $prefs['page_rows'] && ($row = lcm_fetch_array($result)); $i++) {
function getSpecial($number)
{
if ($number > $this->special_count) {
lcm_panic("requested special is > " . $this->special_count);
}
if (!isset($this->specials[$number])) {
lcm_panic("special # {$number} does not exist");
}
return $this->specials[$number];
}
//
// Check for access rights
//
// TODO
$edit = 1;
$write = 1;
if (!($admin || $write)) {
lcm_panic("You don't have permission to add follow-ups to this case");
}
//
// Start page
//
if (_request('c')) {
// comment
if (!_request('expense')) {
lcm_panic("Missing expense ID");
}
lcm_page_start(_T('title_expense_comment'), '', '', 'expenses');
} elseif (_request('expense')) {
if (_request('submit') == 'set_exp_status') {
lcm_page_start(_T('title_expense_comment'), '', '', 'expenses');
} else {
lcm_page_start(_T('title_expense_comment'), '', '', 'expenses');
}
} else {
lcm_page_start(_T('title_expense_new'), '', '', 'expenses');
}
/* TODO
show_context_start();
show_context_case_title($case, 'followups');
show_context_case_involving($case);
function lcm_query_trunc_field($date, $type)
{
$ret = "";
switch ($type) {
case 'day':
case 'year':
$ret = "date_trunc('{$type}', {$date})";
break;
default:
lcm_panic("Not supported");
}
return $ret;
}
function show_report_filters($id_report, $is_runtime = false)
{
// Get general report info
$q = "SELECT * FROM lcm_report WHERE id_report = " . intval($id_report);
$res = lcm_query($q);
$rep_info = lcm_fetch_array($res);
if (!$rep_info) {
lcm_panic("Report does not exist: {$id_report}");
}
// List filters attached to this report
$query = "SELECT *\n\t\tFROM lcm_rep_filter as v, lcm_fields as f\n\t\tWHERE id_report = " . $id_report . "\n\t\tAND f.id_field = v.id_field";
// If generating the report (as opposed to editing), show filters
// who have a filter type (eq, neq, in, ..), but no value.
if ($is_runtime) {
$query .= " AND v.type != '' AND v.value = '' ";
}
$result = lcm_query($query);
if (lcm_num_rows($result)) {
if ($is_runtime) {
// submit all at once (else submit on a per-filter basis)
echo '<form action="run_rep.php" name="frm_filters" method="get">' . "\n";
echo '<input name="rep" value="' . $id_report . '" type="hidden" />' . "\n";
if (isset($_REQUEST['export'])) {
echo '<input name="export" value="' . $_REQUEST['export'] . '" type="hidden" />' . "\n";
}
}
echo "<table border='0' class='tbl_usr_dtl' width='99%'>\n";
while ($filter = lcm_fetch_array($result)) {
if (!$is_runtime) {
echo "<form action='upd_rep_field.php' name='frm_line_additem' method='get'>\n";
echo "<input name='update' value='filter' type='hidden' />\n";
echo "<input name='rep' value='{$id_report}' type='hidden' />\n";
echo "<input name='id_filter' value='" . $filter['id_filter'] . "' type='hidden' />\n";
}
echo "<tr>\n";
echo "<td>" . _Th($filter['description']) . "</td>\n";
// Type of filter
echo "<td>";
$all_filters = array('number' => array('none', 'num_eq', 'num_neq', 'num_lt', 'num_le', 'num_gt', 'num_ge'), 'date' => array('none', 'date_eq', 'date_in', 'date_lt', 'date_le', 'date_gt', 'date_ge'), 'text' => array('none', 'text_eq', 'text_neq'));
if ($all_filters[$filter['filter']]) {
// At runtime, if a filter has been selected, do not allow select
if ($filter['type'] && $is_runtime) {
echo _T('rep_filter_' . $filter['type']);
} else {
echo "<select name='filter_type'>\n";
echo "<option value=''>...</option>\n";
foreach ($all_filters[$filter['filter']] as $f) {
$sel = $filter['type'] == $f ? ' selected="selected"' : '';
echo "<option value='" . $f . "'" . $sel . ">" . _T('rep_filter_' . $f) . "</option>\n";
}
echo "</select>\n";
}
} else {
// XXX Should happen only if a filter was removed in a future version, e.g. rarely
// or between development releases.
echo "Unknown filter";
}
echo "</td>\n";
// Value for filter
echo "<td>";
switch ($filter['type']) {
case 'num_eq':
case 'num_neq':
if ($filter['field_name'] == 'id_author') {
$name = $is_runtime ? "filter_val" . $filter['id_filter'] : 'filter_value';
// XXX make this a function
$q = "SELECT * FROM lcm_author WHERE status IN ('admin', 'normal', 'external')";
$result_author = lcm_query($q);
echo "<select name='{$name}'>\n";
echo "<option value=''>...</option>\n";
// TRAD
while ($author = lcm_fetch_array($result_author)) {
// Check for already submitted value
$sel = $filter['value'] == $author['id_author'] || $_REQUEST['filter_val' . $filter['id_filter']] == $author['id_author'] ? ' selected="selected"' : '';
echo "<option value='" . $author['id_author'] . "'" . $sel . ">" . $author['id_author'] . " : " . get_person_name($author) . "</option>\n";
}
echo "</select>\n";
break;
}
case 'num_lt':
case 'num_gt':
$name = $is_runtime ? "filter_val" . $filter['id_filter'] : 'filter_value';
echo '<input style="width: 99%;" type="text" name="' . $name . '" value="' . $filter['value'] . '" />';
break;
case 'date_eq':
case 'date_lt':
case 'date_le':
case 'date_gt':
case 'date_ge':
$name = $is_runtime ? "filter_val" . $filter['id_filter'] : 'date';
echo get_date_inputs($name, $filter['value']);
// FIXME
break;
case 'date_in':
// date_in has two values, stored ex: 2005-01-01 00:00:00;2006-02-02 00:00:00
$name = $is_runtime ? "filter_val" . $filter['id_filter'] : 'date';
$values = split(";", $filter['value']);
echo get_date_inputs($name . '_start', $values[0]);
echo "<br />\n";
echo get_date_inputs($name . '_end', $values[1]);
break;
case 'text_eq':
case 'text_neq':
$name = $is_runtime ? "filter_val" . $filter['id_filter'] : 'filter_value';
if ($filter['enum_type']) {
$enum = explode(":", $filter['enum_type']);
if ($enum[0] == 'keyword') {
if ($enum[1] == 'system_kwg') {
$all_kw = get_keywords_in_group_name($enum[2]);
echo '<select name="' . $name . '">' . "\n";
echo '<option value="">' . "..." . "</option>\n";
// TRAD
foreach ($all_kw as $kw) {
$sel = $filter['value'] == $kw['name'] || $_REQUEST['filter_val' . $filter['id_filter']] == $kw['name'] ? ' selected="selected" ' : '';
echo '<option value="' . $kw['name'] . '"' . $sel . '>' . _Tkw($enum[2], $kw['name']) . "</option>\n";
}
echo "</select>\n";
}
} elseif ($enum[0] == 'list') {
$items = split(",", $enum[1]);
echo '<select name="' . $name . '">' . "\n";
echo '<option value="">' . "..." . "</option>\n";
// TRAD
foreach ($items as $i) {
$tmp = $i;
if ($enum[2]) {
$tmp = _T($enum[2] . $tmp);
}
$sel = $filter['value'] == $i || $_REQUEST['filter_val' . $filter['id_filter']] == $i ? ' selected="selected" ' : '';
echo '<option value="' . $i . '"' . $sel . '>' . $tmp . "</option>\n";
}
echo "</select>\n";
}
} else {
echo '<input style="width: 99%;" type="text" name="' . $name . '" value="' . $filter['value'] . '" />';
}
break;
default:
echo "<!-- no type -->\n";
}
echo "</td>\n";
if (!$is_runtime) {
// Button to validate
echo "<td>";
echo "<button class='simple_form_btn' name='validate_filter_addfield'>" . _T('button_validate') . "</button>\n";
echo "</td>\n";
// Link for "Remove"
echo "<td><a class='content_link' href='upd_rep_field.php?rep=" . $id_report . "&" . "remove=filter" . "&" . "id_filter=" . $filter['id_filter'] . "'>" . "X" . "</a></td>\n";
}
echo "</tr>\n";
if (!$is_runtime) {
echo "</form>\n";
}
}
echo "</table>\n";
}
if ($is_runtime) {
echo "<p><button class='simple_form_btn' name='validate_filter_addfield'>" . _T('button_validate') . "</button></p>\n";
echo "</form>\n";
return;
}
// List all available fields in selected tables for report
$query = "SELECT *\n\t\tFROM lcm_fields\n\t\tWHERE ";
$sources = array();
if ($rep_info['line_src_name']) {
array_push($sources, "'lcm_" . $rep_info['line_src_name'] . "'");
}
// Fetch all tables available as rep colums
// (this is not like rep line, because the source is not always in
// lcm_report, but this should be 'fixed')
$q_tmp = "SELECT DISTINCT table_name \n\t\t\t\tFROM lcm_rep_col as rp, lcm_fields as f\n\t\t\t\tWHERE rp.id_field = f.id_field\n\t\t\t\t AND rp.id_report = " . $id_report;
$result_tmp = lcm_query($q_tmp);
while ($row = lcm_fetch_array($result_tmp)) {
array_push($sources, "'" . $row['table_name'] . "'");
}
// Fetch all keyword sources
if ($rep_info['col_src_type'] == 'keyword' && $rep_info['col_src_name']) {
$kwg = get_kwg_from_name($rep_info['col_src_name']);
if ($kwg['type'] == 'system') {
switch ($kwg['name']) {
}
} else {
if ($kwg['type'] == 'client_org') {
array_push($sources, "'lcm_client'");
array_push($sources, "'lcm_org'");
} else {
array_push($sources, "'lcm_" . $kwg['type'] . "'");
}
}
}
// If lcm_case in there, also add lcm_stage
$tmp = '';
foreach ($sources as $s) {
if ($s == "'lcm_case'") {
$tmp = "lcm_stage";
}
}
if ($tmp) {
array_push($sources, "'lcm_stage'");
}
// List only filters if table were selected as sources (line/col)
if (count($sources)) {
$query .= " table_name IN ( " . implode(" , ", $sources) . " ) AND ";
$query .= " filter != 'none'";
$query .= " ORDER BY table_name ";
echo "<!-- QUERY: {$query} -->\n";
$result = lcm_query($query);
if (lcm_num_rows($result)) {
echo "<form action='upd_rep_field.php' name='frm_line_additem' method='get'>\n";
echo "<input name='rep' value='" . $rep_info['id_report'] . "' type='hidden' />\n";
echo "<input name='add' value='filter' type='hidden' />\n";
echo "<p class='normal_text'>" . _Ti('rep_input_filter_add');
echo "<select name='id_field'>\n";
echo "<option value=''>...</option>\n";
while ($row = lcm_fetch_array($result)) {
echo "<option value='" . $row['id_field'] . "'>" . _Ti('rep_info_table_' . $row['table_name']) . _Th($row['description']) . "</option>\n";
}
echo "</select>\n";
echo "<button class='simple_form_btn' name='validate_filter_addfield'>" . _T('button_validate') . "</button>\n";
echo "</p>\n";
echo "</form>\n";
}
} else {
echo '<p class="normal_text">' . _T('rep_info_select_source_first') . "</p>\n";
}
}
function update_contacts_request($type_person, $id_of_person)
{
// This will be useful later, to check mandatory/optional contacts
$all_contact_kwg = get_kwg_all('contact');
//
// Update existing contacts
//
if (isset($_REQUEST['contact_value'])) {
$contacts = $_REQUEST['contact_value'];
$c_ids = $_REQUEST['contact_id'];
$c_types = $_REQUEST['contact_type'];
//
// Check if the contacts provided are really attached to the person
// or else the user can provide a form with false contacts.
//
$all_contacts = get_contacts($type_person, $id_of_person);
for ($cpt = 0; isset($c_ids[$cpt]) && $c_ids[$cpt]; $cpt++) {
$valid = false;
foreach ($all_contacts as $c) {
if ($c['id_contact'] == $c_ids[$cpt]) {
$valid = true;
}
}
if (!$valid) {
lcm_panic("Invalid modification of existing contact detected.");
}
}
for ($cpt = 0; isset($c_ids[$cpt]); $cpt++) {
// Check first to see if the contact is mandatory
$kwg = get_kwg_from_id($c_types[$cpt]);
$delete_allowed = true;
if ($kwg['policy'] == 'mandatory') {
// XXX Having policy == 'mandatory' but quantity = many
// really makes a mess, and is not handled.
$delete_allowed = false;
}
if (_request('del_contact_' . $c_ids[$cpt])) {
if ($delete_allowed) {
lcm_debug("Contact DEL: {$type_person}, {$id_of_person}, " . $c_ids[$cpt], 1);
delete_contact($c_ids[$cpt]);
} else {
$_SESSION['errors']['upd_contact_' . $cpt] = _T('warning_field_mandatory');
}
} else {
if (!$delete_allowed && !$contacts[$cpt]) {
$_SESSION['errors']['upd_contact_' . $cpt] = _T('warning_field_mandatory');
} else {
lcm_debug("Contact UPD: {$type_person}, {$id_of_person}, " . $c_ids[$cpt] . ' = ' . $contacts[$cpt], 1);
$err = update_contact($c_ids[$cpt], $contacts[$cpt]);
if ($err) {
$_SESSION['errors']['upd_contact_' . $cpt] = $err;
}
}
}
}
}
//
// New contacts
//
if (isset($_REQUEST['new_contact_value'])) {
$cpt = 0;
$new_contacts = $_REQUEST['new_contact_value'];
$c_type_names = $_REQUEST['new_contact_type_name'];
while (isset($new_contacts[$cpt])) {
// Process only new contacts which have a value
if ($new_contacts[$cpt]) {
// And make sure that they have a "type of contact"
if ($c_type_names[$cpt]) {
lcm_debug("Contact NEW: {$type_person}, {$id_of_person}, Name = " . $c_type_names[$cpt] . ', ' . $new_contacts[$cpt], 1);
$err = add_contact($type_person, $id_of_person, $c_type_names[$cpt], $new_contacts[$cpt]);
if ($err) {
$_SESSION['errors']['new_contact_' . $cpt] = $err;
}
} else {
$_SESSION['errors']['new_contact_' . $cpt] = "Please specify the type of contact.";
// TRAD
}
}
$cpt++;
}
}
//
// Check if all mandatory contacts were provided
//
$all_contacts = get_contacts($type_person, $id_of_person);
foreach ($all_contact_kwg as $c) {
if ($c['policy'] == 'mandatory') {
$found = false;
foreach ($all_contacts as $a) {
if ($a['name'] == $c['name'] && trim($a['value'])) {
$found = true;
}
}
if (!$found) {
$_SESSION['errors']['contact_' . $c['name']] = _Ti($c['title']) . _T('warning_field_mandatory');
}
}
}
}
$_SESSION['form_data']['date_start'] = $row['start_time'];
$_SESSION['form_data']['date_end'] = $row['end_time'];
$_SESSION['form_data']['description'] = str_replace(' ', ' ', $_SESSION['form_data']['description']);
}
}
}
//
// Check for access rights
//
$edit = allowed($_SESSION['form_data']['id_case'], 'e');
$write = allowed($_SESSION['form_data']['id_case'], 'w');
if (!($admin || $write)) {
lcm_panic("You don't have permission to add follow-ups to this case");
}
if (isset($_SESSION['followup']) && !$edit) {
lcm_panic("You do not have the permission to edit existing follow-ups");
}
//
// Change status/stage: check for if case status/stage is different than current
//
$statuses = get_possible_case_statuses();
// yes, stupid patch because of annoying PHP warnings
// the whole code needs a rewrite anyway.. too much spagetti!
if (!isset($_REQUEST['submit'])) {
$_REQUEST['submit'] = '';
}
if ($_REQUEST['submit'] == 'set_status') {
// Get case status
$result = lcm_query("SELECT status FROM lcm_case WHERE id_case = " . $case);
$row = lcm_fetch_array($result);
if ($statuses[$_REQUEST['type']] == $row['status']) {
function format_money_india($money, $two_cents = true, $show_currency_sign = false)
{
// See format_money() above.
// This version formats money for indian standards.
// ex: 100000 is 1,00,000.00 -- not 100,000.00
if (is_string($money)) {
$money = trim($money);
}
if (!$money) {
$money = 0.0;
}
if (!($money === 0.0 || is_numeric($money))) {
lcm_panic("parameter is not a valid number: " . $money);
}
$seperator_cents = _T('currency_format_seperator_cents');
$seperator_hundreds = _T('currency_format_seperator_hundreds');
$hundreds = (int) $money;
$cents = round(($money - $hundreds) * 100);
// only two last digits
// format as text
if ($two_cents) {
// i.e. "is money"
$str_cents = sprintf('%02u', $cents);
} else {
// i.e. "not money" (ex: file size)
$str_cents = preg_replace("/0+\$/", "", $cents);
}
// Start with the first 3 digits
if ($hundreds >= 1000) {
$str_hundreds = sprintf('%03u', $hundreds % 1000);
} else {
$str_hundreds = $hundreds;
}
// not clean hack because it will go into the loop below
$hundreds /= 10;
$hundreds = intval($hundreds);
while ($hundreds > 99) {
$hundreds /= 100;
if ($hundreds >= 100) {
$str_hundreds = sprintf('%02u', $hundreds % 100) . $seperator_hundreds . $str_hundreds;
} else {
$str_hundreds = $hundreds % 100 . $seperator_hundreds . $str_hundreds;
}
}
$str_final = $str_hundreds;
if ($str_cents) {
$str_final .= $seperator_cents . $str_cents;
}
if ($show_currency_sign) {
$str_final = _T('currency_format_placement', array('currency' => htmlspecialchars(read_meta('currency')), 'money' => $str_final));
}
return $str_final;
}
