function mysql_session_write($SessionID, $val)
{
$SessionID = addslashes($SessionID);
$val = addslashes($val);
$sql = "SELECT COUNT(*) FROM tsessions_php\n\t\tWHERE id_session = '{$SessionID}'";
$SessionExists = process_sql($sql);
$session_exists = $SessionExists[0]['COUNT(*)'];
if ($session_exists == 0) {
$now = time();
$retval_write = process_sql_insert('tsessions_php', array('id_session' => $SessionID, 'last_active' => $now, 'data' => $val));
} else {
$now = time();
$retval_write = process_sql_update('tsessions_php', array('last_active' => $now, 'data' => $val), array('id_session' => $SessionID));
}
return $retval_write;
}
/**
* Create Profile for User
*
* @param string User ID
* @param int Profile ID (default 1 => AR)
* @param int Group ID (default 1 => All)
* @param string Assign User who assign the profile to user.
*
* @return mixed Number id if succesful, false if not
*/
function profile_create_user_profile($id_user, $id_profile = 1, $id_group = 0, $assignUser = false)
{
global $config;
if (empty($id_profile) || $id_group < 0) {
return false;
}
if (isset($config["id_usuario"])) {
//Usually this is set unless we call it while logging in (user known by auth scheme but not by pandora)
$assign = $config["id_usuario"];
} else {
$assign = $id_user;
}
if ($assignUser !== false) {
$assign = $assignUser;
}
$insert = array("id_usuario" => $id_user, "id_perfil" => $id_profile, "id_grupo" => $id_group, "assigned_by" => $assign);
return process_sql_insert("tusuario_perfil", $insert);
}
function fill_new_sla_table()
{
echo "Filling the table 'tincident_sla_graph_data'...\n";
$last_values = array();
$sql = "SELECT id_incident, utimestamp, value\n\t\t\tFROM tincident_sla_graph\n\t\t\tORDER BY utimestamp ASC";
$new = true;
while ($data = get_db_all_row_by_steps_sql($new, $result_sla, $sql)) {
$new = false;
$id_incident = $data["id_incident"];
$value = $data["value"];
$utimestamp = $data["utimestamp"];
if (!isset($last_values[$id_incident]) || isset($last_values[$id_incident]) && $last_values[$id_incident] != $value) {
$last_values[$id_incident] = $value;
$values = array("id_incident" => $id_incident, "utimestamp" => $utimestamp, "value" => $value);
process_sql_insert("tincident_sla_graph_data", $values);
}
}
echo "Filling the table 'tincident_sla_graph_data'... DONE\n";
}
$value = array();
$value["label"] = get_parameter("label");
$value["type"] = get_parameter("type");
$value["combo_value"] = get_parameter("combo_value");
if ($value['type'] == 'combo') {
if ($value['combo_value'] == '') {
$error_combo = true;
}
}
if ($value['label'] == '') {
echo ui_print_error_message(__('Empty field name'), '', true, 'h3', true);
} else {
if ($error_combo) {
echo ui_print_error_message(__('Empty combo value'), '', true, 'h3', true);
} else {
$result_field = process_sql_insert('tuser_field', $value);
if ($result_field === false) {
echo ui_print_error_message(__('Field could not be created'), '', true, 'h3', true);
} else {
echo ui_print_success_message(__('Field created successfully'), '', true, 'h3', true);
$id_field = $result_field;
}
}
}
}
if ($update_field) {
//update field to incident type
$id_field = get_parameter('id_field');
$value_update['label'] = get_parameter('label');
$value_update['type'] = get_parameter('type');
$value_update['combo_value'] = get_parameter('combo_value', '');
function graph_sla($incident)
{
$id_incident = $incident['id_incidencia'];
$utimestamp = time();
//Get sla values for this incident
$sla_affected = get_db_value("affected_sla_id", "tincidencia", "id_incidencia", $id_incident);
$values['id_incident'] = $id_incident;
$values['utimestamp'] = $utimestamp;
//If incident is affected by SLA then the graph value is 0
if ($sla_affected) {
$values['value'] = 0;
} else {
$values['value'] = 1;
}
$sql = sprintf("SELECT value\n\t\t\t\t\tFROM tincident_sla_graph_data\n\t\t\t\t\tWHERE id_incident = %d\n\t\t\t\t\tORDER BY utimestamp DESC", $id_incident);
$result = get_db_row_sql($sql);
$last_value = !empty($result) ? $result['value'] : -1;
if ($values['value'] != $last_value) {
//Insert SLA value in table
process_sql_insert('tincident_sla_graph_data', $values);
}
}
} else {
echo "<h3 class='error'>" . __('There was a problem updating row') . "</h3>";
}
}
if ($insert_row) {
$fields = get_db_all_rows_sql("DESC " . $external_table);
$key = get_parameter('key');
if ($fields == false) {
$fields = array();
}
foreach ($fields as $field) {
if ($field['Field'] != $key) {
$values[$field['Field']] = get_parameter($field['Field']);
}
}
$result_insert = process_sql_insert($external_table, $values);
if ($result_insert) {
echo "<h3 class='suc'>" . __('Inserted row') . "</h3>";
} else {
echo "<h3 class='error'>" . __('There was a problem inserting row') . "</h3>";
}
}
echo "<h1>" . __('External table management') . "</h1>";
$table->width = '98%';
$table->class = 'search-table';
$table->id = "external-editor";
$table->data = array();
$ext_tables = inventories_get_external_tables($id_object_type);
$table->data[0][0] = print_select($ext_tables, 'external_table', $external_table, '', __('None'), "", true, false, false, __('Select external table'));
$button = '<div style=" text-align: right;">';
$button .= print_submit_button(__('Add row'), 'search', false, 'class="sub search"', true);
if ($value['type'] == 'linked') {
if ($value['linked_value'] == '')
$error_linked = true;
}
if ($value['label'] == '') {
echo ui_print_error_message (__('Empty field name'), '', true, 'h3', true);
} else if ($value['type'] == '0') {
echo ui_print_error_message (__('Empty type field'), '', true, 'h3', true);
} else if ($error_combo) {
echo ui_print_error_message (__('Empty combo value'), '', true, 'h3', true);
} else if ($error_linked) {
echo ui_print_error_message (__('Empty linked value'), '', true, 'h3', true);
} else {
$result_field = process_sql_insert('tcontract_field', $value);
if ($result_field === false) {
echo ui_print_error_message (__('Field could not be created'), '', true, 'h3', true);
} else {
echo ui_print_success_message (__('Field created successfully'), '', true, 'h3', true);
$id_field = $result_field;
}
}
}
if ($update_field) { //update field to incident type
$id_field = get_parameter ('id_field');
$value_update['label'] = get_parameter('label');
$value_update['type'] = get_parameter ('type');
function integria_sendmail($to, $subject = "[INTEGRIA]", $body, $attachments = false, $code = "", $from = "", $remove_header_footer = 0, $cc = "", $extra_headers = "")
{
global $config;
if ($to == '') {
return false;
}
$to = trim(safe_output($to));
$from = trim(safe_output($from));
$cc = trim(safe_output($cc));
$config["mail_from"] = trim($config["mail_from"]);
$current_date = date("Y/m/d H:i:s");
// We need to convert to pure ASCII here to use carriage returns
$body = safe_output($body);
$subject = ascii_output($subject);
if ($remove_header_footer == 0) {
// Add global header and footer to mail
$body = safe_output($config["HEADER_EMAIL"]) . "\r\n" . $body . "\r\n" . safe_output($config["FOOTER_EMAIL"]);
}
// Add custom code to the end of message subject (to put there ID's).
if ($code != "") {
$subject = "[{$code}] " . $subject;
// $body = $body."\r\nNOTICE: Please don't alter the SUBJECT when answer to this mail, it contains a special code who makes reference to this issue.";
}
// This is a special scenario... we store all the information "ready" in the database,
// without HTML encoding. THis is because it is not to be rendered on a browser,
// it will be directly to a SMTP connection.
$values = array('date' => $current_date, 'attempts' => 0, 'status' => 0, 'recipient' => $to, 'subject' => mysql_real_escape_string($subject), 'body' => mysql_real_escape_string($body), 'attachment_list' => $attachments, 'from' => $from, 'cc' => $cc, 'extra_headers' => $extra_headers);
process_sql_insert('tpending_mail', $values);
}
require ("general/noaccess.php");
exit;
}
$values = array('progress' => 100);
$where = array('id' => $id);
$result = process_sql_update('tlead', $values, $where);
if ($result > 0) {
$values = array(
'id_lead' => $id,
'id_user' => $config["id_user"],
'timestamp' => date ("Y-m-d H:i:s"),
'description' => "Lead closed"
);
process_sql_insert('tlead_history', $values);
echo ui_print_success_message (__('Successfully closed'), '', true, 'h3', true);
$id = 0;
if ($massive_leads_update && is_ajax()) {
$total_result['closed'] = true;
}
}
}
// Delete
if ($delete) {
if (!$write_permission && !$manage_permission) {
audit_db ($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to delete a lead");
}
//$id = 0;
$sql_global_ids = "SELECT DISTINCT (global_id)\n\t\t\t\tFROM tincident_type_field\n\t\t\t\tWHERE global_id != 0";
$global_ids = get_db_all_rows_sql($sql_global_ids);
if ($global_ids) {
foreach ($global_ids as $global_id) {
$sql = "SELECT * FROM tincident_type_field WHERE id=" . $global_id['global_id'];
$type_field = get_db_row_sql($sql);
$value['id_incident_type'] = $id;
$value['label'] = $type_field["label"];
$value['type'] = $type_field["type"];
$value['combo_value'] = $type_field["combo_value"];
$value['linked_value'] = $type_field["linked_value"];
$value['show_in_list'] = $type_field["show_in_list"];
$value['global_id'] = $type_field["global_id"];
$result = process_sql_insert('tincident_type_field', $value);
if (!$result) {
echo '<h3 class="error">' . __('There was a problem creating global field for type could not be created for type: ') . " " . $global_id["global_id"] . '</h3>';
}
}
}
}
// UPDATE
if ($update_type) {
$values['name'] = (string) get_parameter('name');
$values['description'] = (string) get_parameter('description');
//$values['id_wizard'] = (int) get_parameter ('wizard');
//$values['id_group'] = (int) get_parameter ('id_group');
if ($values['name'] != "") {
$result = process_sql_update('tincident_type', $values, array('id' => $id));
if ($result === false) {
$description = (string) get_parameter('description');
$date = (string) get_parameter('date', date('Y-m-d'));
$time = (string) get_parameter('time', date('H:i'));
$duration = (int) get_parameter('duration');
$public = (int) get_parameter('public');
$alarm = (int) get_parameter('alarm');
$groups = get_parameter('groups', array());
// The 0 group is the 'none' option
if (in_array(0, $groups)) {
$groups = array();
}
$values = array('public' => $public, 'alarm' => $alarm, 'timestamp' => $date . ' ' . $time, 'id_user' => $config['id_user'], 'title' => $title, 'duration' => $duration, 'description' => $description);
$result = false;
if (empty($id)) {
$old_entry = array();
$result = process_sql_insert('tagenda', $values);
} else {
$old_entry = get_db_row('tagenda', 'id', $id);
$result = process_sql_update('tagenda', $values, array('id' => $id));
}
if ($result !== false) {
if (empty($id)) {
$groups = agenda_process_privacy_groups($result, $public, $groups);
} else {
$groups = agenda_process_privacy_groups($id, $public, $groups);
}
$full_path = $config['homedir'] . '/attachment/tmp/';
$ical_text = create_ical($date . ' ' . $time, $duration, $config['id_user'], $description, "Integria imported event: {$title}");
$full_filename = $full_path . $config['id_user'] . '-' . microtime(true) . '.ics';
$full_filename_h = fopen($full_filename, 'a');
fwrite($full_filename_h, $ical_text);
function inventories_load_file($objects_file)
{
$file_handle = fopen($objects_file, "r");
global $config;
while (!feof($file_handle)) {
$create = true;
$line = fgets($file_handle);
if ($line == '' || !isset($line)) {
continue;
}
preg_match_all('/(.*),/', $line, $matches);
$values = explode(',', $line);
$id_object_type = $values[0];
$owner = $values[1];
$name = $values[2];
$public = $values[3];
$description = $values[4];
$id_contract = $values[5];
$id_manufacturer = $values[6];
$id_parent = $values[7];
$id_companies = $values[8];
$id_users = $values[9];
$status = $values[10];
if ($id_companies != '') {
$id_companies_arr = explode(';', $id_companies);
} else {
$id_companies_arr = array();
}
if ($id_users != '') {
$id_users_arr = explode(';', $id_users);
} else {
$id_users_arr = array();
}
$value = array('id_object_type' => $id_object_type, 'owner' => $owner, 'name' => safe_input($name), 'public' => $public, 'description' => safe_input($description), 'id_contract' => $id_contract, 'id_manufacturer' => $id_manufacturer, 'id_parent' => $id_parent, 'status' => $status, 'last_update' => date("Y/m/d", get_system_time()));
if ($name == '') {
echo "<h3 class='error'>" . __('Inventory name empty') . "</h3>";
$create = false;
} else {
$inventory_id = get_db_value('id', 'tinventory', 'name', $name);
if ($inventory_id != false) {
echo "<h3 class='error'>" . __('Inventory ') . $name . __(' already exists') . "</h3>";
$create = false;
}
}
if ($id_contract != 0 && $id_contract != '') {
$exists = get_db_value('id', 'tcontract', 'id', $id_contract);
if (!$exists) {
echo "<h3 class='error'>" . __('Contract ') . $id_contract . __(' doesn\'t exist') . "</h3>";
$create = false;
}
}
if ($id_manufacturer != 0 && $id_manufacturer != '') {
$exists = get_db_value('id', 'tmanufacturer', 'id', $id_manufacturer);
if (!$exists) {
echo "<h3 class='error'>" . __('Manufacturer ') . $id_manufacturer . __(' doesn\'t exist') . "</h3>";
$create = false;
}
}
if ($id_object_type != 0 && $id_object_type != '') {
$exists_object_type = get_db_value('id', 'tobject_type', 'id', $id_object_type);
if (!$exists_object_type) {
echo "<h3 class='error'>" . __('Object type ') . $id_object_type . __(' doesn\'t exist') . "</h3>";
$create = false;
} else {
//~ $all_fields = inventories_get_all_type_field ($id_object_type);
$sql = "SELECT * FROM tobject_type_field WHERE id_object_type=" . $id_object_type;
$all_fields = get_db_all_rows_sql($sql);
if ($all_fields == false) {
$all_fields = array();
}
$value_data = array();
$i = 11;
$j = 0;
foreach ($all_fields as $key => $field) {
$data = $values[$i];
switch ($field['type']) {
case 'combo':
$combo_val = explode(",", $field['combo_value']);
$k = array_search($data, $combo_val);
if ($k === false) {
echo "<h3 class='error'>" . __('Field ') . $field['label'] . __(' doesn\'t match. Valid values: ') . $field['combo_value'] . "</h3>";
$create = false;
}
break;
case 'numeric':
$res = is_numeric($data);
if (!$res) {
echo "<h3 class='error'>" . __('Field ') . $field['label'] . __(' must be numeric') . "</h3>";
$create = false;
}
break;
case 'external':
$table_ext = $field['external_table_name'];
$exists_table = get_db_sql("SHOW TABLES LIKE '{$table_ext}'");
if (!$exists_table) {
echo "<h3 class='error'>" . __('External table ') . $table_ext . __(' doesn\'t exist') . "</h3>";
$create = false;
}
$id = $field['external_reference_field'];
$exists_id = get_db_sql("SELECT {$id} FROM {$table_ext}");
if (!$exists_id) {
echo "<h3 class='error'>" . __('Id ') . $id . __(' doesn\'t exist') . "</h3>";
$create = false;
}
break;
}
if ($field['inherit']) {
$ok = inventories_check_unique_field($data, $field['type']);
if (!$ok) {
echo "<h3 class='error'>" . __('Field ') . $field['label'] . __(' must be unique') . "</h3>";
$create = false;
}
}
$value_data[$j]['id_object_type_field'] = $field['id'];
$value_data[$j]['data'] = safe_input($data);
$i++;
$j++;
}
}
}
if ($create) {
$result_id = process_sql_insert('tinventory', $value);
if ($result_id) {
foreach ($value_data as $k => $val_data) {
$val_data['id_inventory'] = $result_id;
process_sql_insert('tobject_field_data', $val_data);
}
if (!empty($id_companies_arr)) {
foreach ($id_companies_arr as $id_company) {
$values_company['id_inventory'] = $result_id;
$values_company['id_reference'] = $id_company;
$values_company['type'] = 'company';
process_sql_insert('tinventory_acl', $values_company);
}
}
if (!empty($id_users_arr)) {
foreach ($id_users_arr as $id_user) {
$values_user['id_inventory'] = $result_id;
$values_user['id_reference'] = $id_user;
$values_user['type'] = 'user';
process_sql_insert('tinventory_acl', $values_user);
}
}
}
}
}
//end while
fclose($file_handle);
echo "<h3 class='info'>" . __('File loaded') . "</h3>";
return;
}
function incidents_update_incident_stats_data($incident)
{
$start_time = strtotime($incident["inicio"]);
// Check valid date
if ($start_time < strtotime('1970-01-01 00:00:00')) {
return;
}
$id_incident = $incident["id_incidencia"];
$last_incident_update = $incident["last_stat_check"];
$last_incident_update_time = strtotime($last_incident_update);
$now = time();
$metrics = array(INCIDENT_METRIC_USER, INCIDENT_METRIC_STATUS, INCIDENT_METRIC_GROUP);
foreach ($metrics as $metric) {
$state = incidents_metric_to_state($metric);
// Get the last updated item in the last incident update
$sql = sprintf("SELECT timestamp, id_aditional\n\t\t\t\t\t\tFROM tincident_track\n\t\t\t\t\t\tWHERE id_incident = %d\n\t\t\t\t\t\t\tAND state = %d\n\t\t\t\t\t\t\tAND timestamp < '%s'\n\t\t\t\t\t\tORDER BY timestamp DESC\n\t\t\t\t\t\tLIMIT 1", $id_incident, $state, $last_incident_update);
$last_updated_value = process_sql($sql);
if ($last_updated_value === false) {
$last_updated_value = array();
}
// Get the changes of the metric from the incident track table
// Get only the changes produced before the last incident update
// in ascending order
$sql = sprintf("SELECT timestamp, id_aditional\n\t\t\t\t\t\tFROM tincident_track\n\t\t\t\t\t\tWHERE id_incident = %d\n\t\t\t\t\t\t\tAND state = %d\n\t\t\t\t\t\t\tAND timestamp > '%s'\n\t\t\t\t\t\tORDER BY timestamp ASC", $id_incident, $state, $last_incident_update);
$track_values = process_sql($sql);
if ($track_values === false) {
$track_values = array();
}
// If there is no changes since the last incident update,
// the actual value is updated
if (count($track_values) < 1 && count($last_updated_value) > 0) {
incidents_update_stats_item($id_incident, $last_updated_value[0]["id_aditional"], $metric, $last_incident_update_time, $now);
}
// Go over the changes to create the stat items and set the seconds
// passed in every state
for ($i = 0; $i < count($track_values); $i++) {
$min_time = strtotime($track_values[$i]["timestamp"]);
if ($track_values[$i + 1]) {
// There was a change after this change
$max_time = strtotime($track_values[$i + 1]["timestamp"]);
} else {
// The actual value
$max_time = $now;
}
// Final update to the last metric item of the last incident update
if (!$track_values[$i - 1] && count($last_updated_value) > 0) {
incidents_update_stats_item($id_incident, $last_updated_value[0]["id_aditional"], $metric, $last_incident_update_time, $min_time);
}
incidents_update_stats_item($id_incident, $track_values[$i]["id_aditional"], $metric, $min_time, $max_time);
}
}
// total_time
$filter = array("metric" => INCIDENT_METRIC_STATUS, "status" => STATUS_CLOSED, "id_incident" => $id_incident);
$closed_time = get_db_value_filter("seconds", "tincident_stats", $filter);
if (!$closed_time) {
$closed_time = 0;
}
$start_time = strtotime($incident["inicio"]);
$holidays_seconds = incidents_get_holidays_seconds_by_timerange($start_time, $now);
$total_time = $now - $start_time - $closed_time - $holidays_seconds;
$sql = sprintf("SELECT id\n\t\t\t\t\tFROM tincident_stats\n\t\t\t\t\tWHERE id_incident = %d\n\t\t\t\t\t\tAND metric = '%s'", $id_incident, INCIDENT_METRIC_TOTAL_TIME);
$row = get_db_row_sql($sql);
//Check if we have a previous stat metric to update or create it
if ($row) {
$val_upd = array("seconds" => $total_time);
$val_where = array("id" => $row["id"]);
process_sql_update("tincident_stats", $val_upd, $val_where);
} else {
$val_new = array("seconds" => $total_time, "metric" => INCIDENT_METRIC_TOTAL_TIME, "id_incident" => $id_incident);
process_sql_insert("tincident_stats", $val_new);
}
// total_w_third
$filter = array("metric" => INCIDENT_METRIC_STATUS, "status" => STATUS_PENDING_THIRD_PERSON, "id_incident" => $id_incident);
$third_time = get_db_value_filter("seconds", "tincident_stats", $filter);
if (!$third_time || $third_time < 0) {
$third_time = 0;
}
$total_time -= $third_time;
$sql = sprintf("SELECT id\n\t\t\t\t\tFROM tincident_stats\n\t\t\t\t\tWHERE id_incident = %d\n\t\t\t\t\t\tAND metric = '%s'", $id_incident, INCIDENT_METRIC_TOTAL_TIME_NO_THIRD);
$row = get_db_row_sql($sql);
//Check if we have a previous stat metric to update or create it
if ($row) {
$val_upd = array("seconds" => $total_time);
$val_where = array("id" => $row["id"]);
process_sql_update("tincident_stats", $val_upd, $val_where);
} else {
$val_new = array("seconds" => $total_time, "metric" => INCIDENT_METRIC_TOTAL_TIME_NO_THIRD, "id_incident" => $id_incident);
process_sql_insert("tincident_stats", $val_new);
}
//Update last_incident_update field from tincidencia
$update_values = array("last_stat_check" => date("Y-m-d H:i:s", $now));
process_sql_update("tincidencia", $update_values, array("id_incidencia" => $id_incident));
}
/**
* Update affected users in an inventory.
*
* @param int inventory id to update.
* @param array List of affected users ids.
* @param update = false to create and update = true to update
*/
function inventory_update_users($id_inventory, $users, $update = false)
{
error_reporting(0);
$where_clause = '';
if (empty($users)) {
$users = array(0);
}
if ($update) {
$sql = sprintf("DELETE FROM tinventory_acl WHERE id_inventory = %d AND type='user'", $id_inventory);
$res = process_sql($sql);
if ($res !== false && $res > 0) {
$updated = true;
}
}
$type = 'user';
foreach ($users as $key => $id_user) {
if ($id_user != '') {
$value = array();
$value['id_inventory'] = $id_inventory;
$value['id_reference'] = $id_user;
$value['type'] = $type;
$tmp = process_sql_insert('tinventory_acl', $value);
}
}
if ($update && $updated === true) {
inventory_tracking($id_inventory, INVENTORY_USERS_UPDATED);
} else {
if (!empty($users) && $users != array(0)) {
inventory_tracking($id_inventory, INVENTORY_USERS_CREATED);
}
}
}
/**
* Move file sharing items to file releases section (attachment/downloads) and
* remove it from file sharing section (attachment/file_sharing)
*/
function move_file_sharing_items()
{
global $config;
$file_sharing_path = $config["homedir"] . "attachment/file_sharing/";
$new_path = $config["homedir"] . "attachment/downloads/";
if (is_dir($file_sharing_path)) {
if ($dh = opendir($file_sharing_path)) {
while (($file = readdir($dh)) !== false) {
if (is_dir($file_sharing_path . $file) && $file != "." && $file != "..") {
$file_path = $file_sharing_path . $file . "/";
if ($dh2 = opendir($file_sharing_path . $file)) {
while (($file2 = readdir($dh2)) !== false) {
if ($file2 != "." && $file2 != "..") {
copy($file_path . $file2, $new_path . $file2);
$external_id = sha1(random_string(12) . date());
$values = array('name' => $file2, 'location' => "attachment/downloads/{$file2}", 'description' => "Migrated from file sharing", 'id_category' => 0, 'id_user' => $config["id_user"], 'date' => date("Y-m-d H:i:s"), 'public' => 1, 'external_id' => $external_id);
process_sql_insert("tdownload", $values);
unlink($file_path . $file2);
}
}
}
closedir($dh2);
rmdir($file_path);
}
}
}
closedir($dh);
rmdir($file_sharing_path);
}
process_sql("INSERT INTO tconfig (`token`,`value`) VALUES ('file_sharing_items_moved', 1)");
}
/**
* Create a new user
*
* @return bool false
*/
function create_user($id_user, $password, $user_info)
{
$values = $user_info;
$values["id_usuario"] = $id_user;
$values["password"] = md5($password);
//$values["last_connect"] = 0;
$values["fecha_registro"] = get_system_time();
return @process_sql_insert("tusuario", $values) !== false;
}
$upload_status = getFileUploadStatus("upfile");
$upload_result = translateFileUploadStatus($upload_status);
if ($upload_result === true) {
$filename = $_FILES["upfile"]['name'];
$extension = pathinfo($filename, PATHINFO_EXTENSION);
$invalid_extensions = "/^(bat|exe|cmd|sh|php|php1|php2|php3|php4|php5|pl|cgi|386|dll|com|torrent|js|app|jar|\n\t\t\tpif|vb|vbscript|wsf|asp|cer|csr|jsp|drv|sys|ade|adp|bas|chm|cpl|crt|csh|fxp|hlp|hta|inf|ins|isp|jse|htaccess|\n\t\t\thtpasswd|ksh|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|ops|pcd|prg|reg|scr|sct|shb|shs|url|vbe|vbs|wsc|wsf|wsh)\$/i";
if (!preg_match($invalid_extensions, $extension)) {
$filename = str_replace(" ", "_", $filename);
// Replace conflictive characters
$filename = filter_var($filename, FILTER_SANITIZE_URL);
// Replace conflictive characters
$file_tmp = $_FILES["upfile"]['tmp_name'];
$filesize = $_FILES["upfile"]["size"];
// In bytes
$values = array("id_company" => $id_company, "id_usuario" => $config['id_user'], "filename" => $filename, "description" => "", "size" => $filesize, "timestamp" => date("Y-m-d"));
$id_attachment = process_sql_insert("tattachment", $values);
if ($id_attachment) {
$location = $config["homedir"] . "/attachment/" . $id_attachment . "_" . $filename;
if (copy($file_tmp, $location)) {
// Delete temporal file
unlink($file_tmp);
$result["status"] = true;
$result["id_attachment"] = $id_attachment;
} else {
unlink($file_tmp);
process_sql_delete('tattachment', array('id_attachment' => $id_attachment));
$result["message"] = __('The file could not be copied');
}
}
} else {
$result["message"] = __('Invalid extension');
if ($len < $nfields) {
$data = array_pad($data, $nfields, '');
} elseif ($len > $nfields) {
$data = array_slice($data, NULL, $nfields);
}
$values = array_combine($fields, $data);
if (empty($values['name'])) {
continue;
}
print $values["name"];
print " - ";
print $values["account"];
print " - ";
print $values["start_date"];
print " - ";
print $values["expiry_date"];
print "\n";
$id_account = get_db_value('id', 'tcompany', 'name', safe_input($values["account"]));
$temp = array();
// Check if already exists
$id_contract = get_db_value('id', 'tcontract', 'name', safe_input($values["name"]));
if ($id_contract == "" and $id_account != "") {
$temp["name"] = safe_input(trim($values["name"]));
$temp["description"] = safe_input(trim($values["description"]));
$temp["date_begin"] = safe_input(trim($values["start_date"]));
$temp["date_end"] = safe_input(trim($values["expiry_date"]));
$temp["id_company"] = $id_account;
process_sql_insert('tcontract', $temp);
}
}
fclose($file);
function load_file($users_file, $group, $profile, $nivel, $pass_policy, $avatar)
{
$file_handle = fopen($users_file, "r");
global $config;
enterprise_include('include/functions_license.php', true);
$is_manager_profile = enterprise_hook('license_check_manager_profile', array($profile));
if ($is_manager_profile == ENTERPRISE_NOT_HOOK) {
$users_check = true;
} else {
if ($is_manager_profile) {
$users_check = enterprise_hook('license_check_manager_users_num');
} else {
$users_check = enterprise_hook('license_check_regular_users_num');
}
}
while (!feof($file_handle) && $users_check === true) {
$line = fgets($file_handle);
preg_match_all('/(.*),/', $line, $matches);
$values = explode(',', $line);
$id_usuario = $values[0];
$pass = $values[1];
$pass = md5($pass);
$nombre_real = $values[2];
$mail = $values[3];
$tlf = $values[4];
$desc = $values[5];
$avatar = $values[6];
$disabled = $values[7];
$id_company = $values[8];
$num_employee = $values[9];
$enable_login = $values[10];
$force_change_pass = 0;
if ($pass_policy) {
$force_change_pass = 1;
}
$value = array('id_usuario' => $id_usuario, 'nombre_real' => $nombre_real, 'password' => $pass, 'comentarios' => $desc, 'direccion' => $mail, 'telefono' => $tlf, 'nivel' => $nivel, 'avatar' => $avatar, 'disabled' => $disabled, 'id_company' => $id_company, 'num_employee' => $num_employee, 'enable_login' => $enable_login, 'force_change_pass' => $force_change_pass);
if ($id_usuario != '' && $nombre_real != '') {
if ($id_usuario == get_db_value('id_usuario', 'tusuario', 'id_usuario', $id_usuario)) {
echo ui_print_error_message(__('User ') . $id_usuario . __(' already exists'), '', true, 'h3', true);
} else {
$resul = process_sql_insert('tusuario', $value);
if ($resul == false) {
$value2 = array('id_usuario' => $id_usuario, 'id_perfil' => $profile, 'id_grupo' => $group, 'assigned_by' => $config["id_user"]);
if ($id_usuario != '') {
process_sql_insert('tusuario_perfil', $value2);
}
}
}
}
}
if ($users_check === false) {
echo ui_print_error_message(__('The number of users has reached the license limit'), '', true, 'h3', true);
}
fclose($file_handle);
echo ui_print_success_message(__('File loaded'), '', true, 'h3', true);
return;
}
function api_add_address_to_newsletter($return_type, $user, $params)
{
global $config;
if (!give_acl($user, 0, "CN")) {
audit_db($user, $config["REMOTE_ADDR"], "ACL Violation", "Trying to access newsletter management");
exit;
}
$values['id_newsletter'] = $params[0];
$values['name'] = $params[1];
$values['email'] = $params[2];
$values['status'] = 0;
$values['datetime'] = print_mysql_timestamp();
$values['validated'] = 0;
$check_id_newsletter = get_db_value("id", "tnewsletter", "id", $values['id_newsletter']);
$result = 0;
if (!empty($check_id_newsletter)) {
$result = process_sql_insert('tnewsletter_address', $values);
}
switch ($return_type) {
case "xml":
echo xml_node($result);
break;
case "csv":
echo $result;
break;
}
return;
}
/**
* Assign a tag to a lead.
* This process will delete the lead tags and assign the new.
*
* @param mixed Id (int) or ids (array) of the lead.
* @param mixed Name (string) or names (array) of the tag.
* @param bool Wether html encode the names or not.
*
* @return mixed The number of assigned tags of false (bool) on error.
*/
function create_lead_tag_with_names($lead_id, $tag_name, $encode_names = false)
{
if (empty($lead_id)) {
throw new InvalidArgumentException(__('The lead id cannot be empty'));
}
if (empty($tag_name)) {
throw new InvalidArgumentException(__('The tag name cannot be empty'));
}
if (!is_array($lead_id)) {
$lead_id = array($lead_id);
}
if (!is_array($tag_name)) {
$tag_name = array($tag_name);
}
if ($encode_names) {
$tag_name = safe_input($tag_name);
}
$expected_assingments = count($lead_id) * count($tag_name);
$successfull_assingments = 0;
// Delete the old tags
$delete_res = process_sql_delete(LEADS_TABLE, array(LEADS_TABLE_LEAD_ID_COL => $lead_id));
if ($delete_res !== false) {
foreach ($lead_id as $l_id) {
if (is_numeric($l_id) && $l_id > 0) {
foreach ($tag_name as $t_name) {
if (!empty($t_name)) {
$tag_id = get_db_value(TAGS_TABLE_ID_COL, TAGS_TABLE, TAGS_TABLE_NAME_COL, $t_name);
if (is_numeric($tag_id) && $tag_id > 0) {
$values = array(LEADS_TABLE_LEAD_ID_COL => $l_id, LEADS_TABLE_TAG_ID_COL => $tag_id);
$result = process_sql_insert(LEADS_TABLE, $values);
if ($result !== false) {
$successfull_assingments++;
}
}
}
}
}
}
}
if ($delete_res === false || $expected_assingments > 0 && $successfull_assingments === 0) {
$successfull_assingments = false;
}
return $successfull_assingments;
}
function um_db_create_auth($client_key, $subscription_limit, $description = '', $developer = false)
{
global $db;
if (!is_numeric($subscription_limit)) {
echo '<strong>Error</strong>: Subscription must be numeric<br />';
return false;
}
$values = array('client_key' => $client_key, 'subscription_limit' => $subscription_limit, 'description' => $description, 'developer' => $developer);
$result = process_sql_insert(DB_PREFIX . 'tupdate_auth', $values);
if ($result === false) {
echo '<strong>Error creating authorization</strong> <br />';
return false;
}
return true;
}
$timestamp = print_mysql_timestamp();
$values = array(
"timestamp" => $timestamp,
"duration" => 0,
"id_user" => $config['id_user'],
"description" => $nota,
"public" => 1
);
$id_workunit = process_sql_insert("tworkunit", $values);
$values = array(
"id_incident" => $id,
"id_workunit" => $id_workunit
);
process_sql_insert("tworkunit_incident", $values);
// Updating the ticket
process_sql_update("tincidencia", array("actualizacion" => $timestamp), array("id_incidencia" => $id));
} else {
unlink ($file_tmp);
process_sql_delete ('tattachment', array('id_attachment' => $id_attachment));
$result["message"] = __('The file could not be copied');
}
}
} else {
$result["message"] = __('Invalid extension');
}
} else {
/**
* Create a zip package with the /tmp files in the user folder on tattachment/file_sharing
* and delete the original files.
* Fill the files with FileSharingFile objects is required. This objects should have filled
* the params 'fullpath' and 'basename'.
*
* @return array The index 'status' shows the result of the operation, the index 'message'
* returns a message and the index 'bad_files' returns an array with the not created files.
*/
public function save()
{
global $config;
$result = array('status' => false, 'message' => '', 'badFiles' => array());
if (isset($this->files) && !empty($this->files) && is_array($this->files)) {
if (isset($this->id)) {
// Do nothing. At this moment the package edition is not supported
$result['message'] = __('At this moment the package edition is not supported');
} else {
// Package creation
if (class_exists("ZipArchive")) {
// The admin can manage the file uploads as any user
$user_is_admin = (bool) dame_admin($config['id_user']);
if ($user_is_admin) {
$id_user = get_parameter("id_user", $config['id_user']);
// If the user doesn't exist get the current user
$user_data = get_user($id_user);
if (empty($user_data)) {
$id_user = $config['id_user'];
}
$this->uploader = $id_user;
} else {
$this->uploader = $config['id_user'];
}
if (!isset($this->filename) || empty($this->filename)) {
$this->filename = 'IntegriaIMS-SharedFile';
}
if (!isset($this->description)) {
$this->description = '';
}
if (!isset($this->created)) {
$this->created = time();
}
$this->filename .= ".zip";
// Insert the package info into the tattachment table
$values = array();
$values['id_usuario'] = safe_input($this->uploader);
$values['filename'] = safe_input($this->filename);
$values['timestamp'] = date("Y-m-d", $this->created);
$values['public_key'] = hash("sha256", $id . $this->uploader . $this->filename . $this->created);
$values['file_sharing'] = 1;
$id = process_sql_insert(FileSharingFile::$dbTable, $values);
if (!empty($id)) {
$this->id = $id;
if (!file_exists(self::$fileSharingDir) && !is_dir(self::$fileSharingDir)) {
mkdir(self::$fileSharingDir);
}
$userDir = self::$fileSharingDir . "/" . $this->uploader;
if (!file_exists($userDir) && !is_dir($userDir)) {
mkdir($userDir);
}
$this->fullpath = $userDir . "/" . $this->id . "_" . $this->filename;
// Zip creation
$zip = new ZipArchive();
$res = $zip->open($this->fullpath, ZipArchive::CREATE);
if ($res === true) {
foreach ($this->files as $file) {
if (is_array($file)) {
$file = new FileSharingFile($file);
}
$fullpath = $file->getFullpath();
$basename = $file->getBasename();
if ($file->isReadable() && !empty($fullpath) && !empty($basename)) {
// Add the file to the package
if (!$zip->addFile($fullpath, $basename)) {
$result['badFiles'][] = $file;
}
} else {
$result['badFiles'][] = $file;
}
}
$zip->close();
$filesCount = count($this->files);
$badFilesCount = count($result['badFiles']);
if ($badFilesCount == 0) {
$result['status'] = true;
} else {
if ($badFilesCount < $filesCount) {
$result['status'] = true;
$result['message'] = __('Not all the files where added to the package');
} else {
$result['message'] = __('An error occurred while building the package');
}
}
// Remove the original files
foreach ($this->files as $file) {
if (is_array($file)) {
$file = new FileSharingFile($file);
}
$file->deleteFromDisk();
}
// Reload the data and recheck the package
if ($result['status']) {
$this->loadWithID($this->id);
if (!$this->exists || !$this->readable) {
$result['status'] = false;
$result['message'] = __('An error occurred while building the package');
$result['badFiles'] = array();
$this->delete();
} else {
// The file was created successsfully
$this->trackingCreation();
}
}
}
} else {
$result['message'] = __('An error occurred while creating the package');
foreach ($this->files as $file) {
if (is_array($file)) {
$file = new FileSharingFile($file);
}
$file->deleteFromDisk();
}
}
} else {
if (get_admin_user($config['id_user'])) {
$result['message'] = __("Impossible to handle the package. You have to install the PHP's Zip extension");
} else {
$result['message'] = __('An error occurred while building the package');
}
}
}
} else {
$result['message'] = __('This package has no files');
}
return $result;
}
}
//insert data to incident type fields
if ($id_incident_type != 0) {
$sql_label = "SELECT `label` FROM `tincident_type_field` WHERE id_incident_type = {$id_incident_type}";
$labels = get_db_all_rows_sql($sql_label);
if ($labels === false) {
$labels = array();
}
foreach ($labels as $label) {
$id_incident_field = get_db_value_filter('id', 'tincident_type_field', array('id_incident_type' => $id_incident_type, 'label' => $label['label']), 'AND');
$values_insert['id_incident'] = $id;
$values_insert['data'] = get_parameter(base64_encode($label['label']));
//~ $values_insert['data'] = str_replace('
', "",get_parameter (base64_encode($label['label'])));
$values_insert['id_incident_field'] = $id_incident_field;
$id_incident_field = get_db_value('id', 'tincident_type_field', 'id_incident_type', $id_incident_type);
process_sql_insert('tincident_field_data', $values_insert);
}
}
// ATTACH A FILE IF IS PROVIDED
$upfiles = json_decode(safe_output($upfiles), true);
if (!empty($upfiles)) {
include_once 'include/functions_workunits.php';
foreach ($upfiles as $file) {
if (is_array($file)) {
if ($file['description']) {
$file_description = $file['description'];
} else {
$file_description = __('No description available');
}
$file_result = attach_incident_file($id, $file["location"], $file_description, false, $file["name"]);
}
$temp = array();
// Check if already exists
/*
* CREATE TABLE `tcompany_contact` (
`id` mediumint(8) unsigned NOT NULL auto_increment,
`id_company` mediumint(8) unsigned NOT NULL,
`fullname` varchar(150) NOT NULL default '',
`email` varchar(100) NULL default NULL,
`phone` varchar(55) NULL default NULL,
`mobile` varchar(55) NULL default NULL,
`position` varchar(150) NULL default NULL,
`description` text NULL DEFAULT NULL,
`disabled` tinyint(1) NULL default 0,
PRIMARY KEY (`id`),
FOREIGN KEY (`id_company`) REFERENCES tcompany(`id`)
ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
* */
$id_contact = get_db_value('id', 'tcompany_contact', 'fullname', safe_input($values["fullname"]));
if ($id_contact == "" and $id_company != "") {
$temp["fullname"] = safe_input(trim($values['fullname']));
$temp["email"] = safe_input(trim($values["email_address"]));
$temp["phone"] = safe_input(trim($values["phone_home"]));
$temp["mobile"] = safe_input(trim($values["phone_mobile"]));
$temp["description"] = safe_input(trim($values["description"]));
$temp["position"] = safe_input(trim($values["title"]));
$temp["id_company"] = $id_company;
process_sql_insert('tcompany_contact', $temp);
}
}
fclose($file);
function um_component_add_blacklist($component, $name)
{
$values = array('component' => $component->name, 'name' => $name);
$result = process_sql_insert(DB_PREFIX . 'tupdate_component_blacklist', $values);
if ($result === false) {
echo '<strong>Error creating blacklist component</strong> <br />';
return false;
}
return true;
}
function um_db_create_update($type, $component_name, $id_package, $update, $db_data = NULL)
{
global $db;
global $config;
if ($id_package == 0) {
return false;
}
$component = um_db_get_component($component_name);
if (!$component) {
return;
}
$values = array('type' => $type, 'component' => $component_name, 'id_update_package' => $id_package);
switch ($type) {
case 'code':
$filepath = realpath($component->path . '/' . $update->filename);
$values['svn_version'] = um_file_get_svn_revision($filepath);
case 'binary':
$last_update = um_update_get_last_from_filename($component_name, $update->filename);
$filepath = realpath($component->path . '/' . $update->filename);
$values['checksum'] = md5_file($filepath);
if ($last_update && $last_update->checksum == $values['checksum']) {
return false;
}
/* Add relative path if has one */
if ($component->relative_path != '') {
$values['filename'] = $component->relative_path . $update->filename;
} else {
$values['filename'] = $update->filename;
}
$values['data'] = um_file_uuencode($filepath);
if ($last_update && $last_update->checksum != '') {
$values['previous_checksum'] = $last_update->checksum;
}
break;
case 'db_data':
if ($db_data === NULL) {
return false;
}
$component_db = um_db_get_component_db($update->id_component_db);
$field = $component_db->field_name;
$values['db_field_value'] = $db_data->{$field};
$values['id_component_db'] = $update->id_component_db;
switch ($config["dbtype"]) {
case "mysql":
$values['data'] = um_data_encode('INSERT INTO `' . $component_db->table_name . '` (`' . implode('`,`', array_keys(get_object_vars($db_data))) . '`) VALUES (\'' . implode('\',\'', get_object_vars($db_data)) . '\')');
break;
case "postgresql":
$values['data'] = um_data_encode('INSERT INTO "' . $component_db->table_name . '" ("' . implode('", "', array_keys(get_object_vars($db_data))) . '") VALUES (\'' . implode('\',\'', get_object_vars($db_data)) . '\')');
break;
case "oracle":
$values['data'] = um_data_encode('INSERT INTO ' . $component_db->table_name . ' (' . implode(', ', array_keys(get_object_vars($db_data))) . ') VALUES (\'' . implode('\',\'', get_object_vars($db_data)) . '\')');
break;
}
break;
case 'db_schema':
$values['data'] = um_data_encode($update->data);
break;
default:
return false;
}
$result = process_sql_insert(DB_PREFIX . 'tupdate', $values);
if ($result === false) {
echo '<strong>Error creating update</strong> <br />';
return false;
}
return true;
}
if ((!dame_admin ($config['id_user'])) && ($user_in_group == false)) {
// Doesn't have access to this page
audit_db ($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access inventory reports");
include ("general/noaccess.php");
return;
}
$result_msg = '';
if ($create) {
$values['name'] = (string) get_parameter ('name');
$values['sql'] = (string) get_parameter ('sql');
$values['id_group'] = get_parameter('id_group', 0);
$result = false;
if (! empty ($values['name']))
$result = process_sql_insert ('tinventory_reports', $values);
if ($result) {
$result_msg = ui_print_success_message (__("Successfully created"), '', true, 'h3', true);
$id = $result;
} else {
$result_msg = ui_print_error_message (__('Could not be created'), '', true, 'h3', true);
$id = false;
}
}
if ($update) {
$values['name'] = (string) get_parameter ('name');
$values['sql'] = (string) get_parameter ('sql');
$values['id_group'] = get_parameter('id_group');
public function insertIncident($title, $description, $group_id, $id_creator = "", $status = 1, $priority = 2, $resolution = 0, $id_task = 0, $sla_disabled = 0, $id_incident_type = 0, $email_copy = "", $email_notify = -1, $id_parent = 0, $epilog = "")
{
$system = System::getInstance();
if ($id_creator == "") {
$id_creator = $system->getConfig('id_user');
}
if ($email_notify == -1) {
$email_notify = get_db_value("forced_email", "tgrupo", "id_grupo", $group_id);
}
if ($id_parent == 0) {
$idParentValue = 'NULL';
} else {
$idParentValue = sprintf('%d', $id_parent);
}
$user_responsible = get_group_default_user($group_id);
$id_user_responsible = $user_responsible['id_usuario'];
if ($id_user_responsible === false) {
$id_user_responsible = $system->getConfig('id_user');
}
$id_inventory = get_group_default_inventory($group_id, true);
// DONT use MySQL NOW() or UNIXTIME_NOW() because
// Integria can override localtime zone by a user-specified timezone.
$timestamp = print_mysql_timestamp();
$sql = "INSERT INTO tincidencia\n\t\t\t\t(inicio, actualizacion, titulo, descripcion, id_usuario,\n\t\t\t\testado, prioridad, id_grupo, id_creator, notify_email, id_task,\n\t\t\t\tresolution, id_incident_type, sla_disabled, email_copy, epilog)\n\t\t\t\tVALUES ('{$timestamp}', '{$timestamp}', '{$title}', '{$description}',\n\t\t\t\t'{$id_user_responsible}', {$status}, {$priority}, {$group_id}, '{$id_creator}',\n\t\t\t\t{$email_notify}, {$id_task}, {$resolution}, {$id_incident_type}, {$sla_disabled},\n\t\t\t\t'{$email_copy}', '{$epilog}')";
$id_incident = process_sql($sql, 'insert_id');
if ($id_incident !== false) {
if (include_once $system->getConfig('homedir') . "/include/functions_incidents.php") {
/* Update inventory objects in incident */
update_incident_inventories($id_incident, array($id_inventory));
}
audit_db($config["id_user"], $config["REMOTE_ADDR"], "Ticket created", "User " . $config['id_user'] . " created ticket #" . $id_incident);
incident_tracking($id_incident, INCIDENT_CREATED);
// Email notify to all people involved in this incident
if ($email_notify) {
mail_incident($id_incident, $usuario, "", 0, 1);
}
// Insert data of incident type fields
if ($id_incident_type > 0) {
$sql_label = "SELECT `label` FROM `tincident_type_field` WHERE id_incident_type = {$id_incident_type}";
$labels = get_db_all_rows_sql($sql_label);
if ($labels === false) {
$labels = array();
}
foreach ($labels as $label) {
$id_incident_field = get_db_value_filter('id', 'tincident_type_field', array('id_incident_type' => $id_incident_type, 'label' => $label['label']), 'AND');
$values_insert['id_incident'] = $id_incident;
$values_insert['data'] = $system->getRequest(base64_encode($label['label']));
$values_insert['id_incident_field'] = $id_incident_field;
$id_incident_field = get_db_value('id', 'tincident_type_field', 'id_incident_type', $id_incident_type);
process_sql_insert('tincident_field_data', $values_insert);
}
}
return $id_incident;
}
}
