<?php require_once "../../global.php"; $user = User::load(Session::getUserID()); $action = Filter::text($_POST['action']); if ($action == 'theme') { // get the new theme $themeID = Filter::numeric($_POST['themeID']); $theme = Theme::load($themeID); // validate the theme if (empty($theme)) { $json = array('error' => 'That theme does not exist.'); exit(json_encode($json)); } // save the new theme $user->setThemeID($theme->getID()); $user->save(); // send us back Session::setMessage("Theme changed."); $json = array('success' => '1'); echo json_encode($json); } elseif ($action == 'notification') { $notificationType = Filter::alphanum($_POST['notificationType']); $notificationValue = Filter::alphanum($_POST['notificationValue']); // convert checkbox value to database-friendly 1 or 0 $value = $notificationValue == 'notify' ? 1 : 0; // figure out which User setter to use based on notification type switch ($notificationType) { case 'chkCommentTaskLeading': $user->setNotifyCommentTaskLeading($value); break;
} } // send us back Session::setMessage('You commented on this update.'); $json = array('success' => '1'); echo json_encode($json); } } elseif ($action == 'comment-reply') { // validate update $updateID = Filter::numeric($_GET['u']); $update = Update::load($updateID); if ($update == null) { header('Location: ' . Url::error()); exit; } $commentID = Filter::numeric($_POST['commentID']); $message = Filter::formattedText($_POST['message']); if ($message == '') { $json = array('error' => 'Your reply cannot be empty.'); exit(json_encode($json)); } else { // post the comment $reply = new Comment(array('creator_id' => Session::getUserID(), 'project_id' => $project->getID(), 'update_id' => $updateID, 'parent_id' => $commentID, 'message' => $message)); $reply->save(); // log it $logEvent = new Event(array('event_type_id' => 'create_update_comment_reply', 'project_id' => $project->getID(), 'user_1_id' => Session::getUserID(), 'item_1_id' => $commentID, 'item_2_id' => $reply->getID(), 'item_3_id' => $updateID, 'data_1' => $message)); $logEvent->save(); // send email notification, if desired $creator = User::load($update->getCreatorID()); if ($creator->getID() != Session::getUserID()) { // don't email yourself
} else { $errorFound = 1; $errorString .= "<span class=bad> Line " . $row . " requires a task name and description.</span><br/>"; $row++; continue; } } else { //Verify that we are not reading the header $isHeader = strpos($line[0], "Title(Required)"); if ($isHeader !== false) { $row++; continue; } //Format number of people to an integer if (!empty($line[2])) { $numberOfPeople = Filter::numeric($line[2]); if ($numberOfPeople == false) { $numberOfPeople = 1; } } else { $numberOfPeople = 0; } //Format Deadline, if empty or an invalid date is given, default to a week from today if (!empty($line[3])) { $deadline = strtotime($line[3]); if ($deadline == false) { $deadline = strtotime("+1 week"); $deadline = date("Y-m-d H:i:s", $deadline); } else { $deadline = date("Y-m-d H:i:s", $deadline); }
// if private project, limit access to invited users, members, and admins // and exclude banned members if ($project->getPrivate()) { if (!Session::isAdmin() && !$project->isCreator(Session::getUserID())) { if (!$project->isInvited(Session::getUserID()) && !$project->isMember(Session::getUserID()) && !$project->isTrusted(Session::getUserID()) || ProjectUser::isBanned(Session::getUserID(), $project->getID())) { header('Location: ' . Url::error()); exit; } } } $projectID = $project->getID(); // page number, if any if (empty($_GET['page'])) { $page = 1; } else { $page = Filter::numeric($_GET['page']); } define('EVENTS_PER_PAGE', 10); // how many events per page switch ($filter) { case "basics": $totalNumEvents = count(Event::getBasicsEventsByProjectID($projectID)); break; case "tasks": $totalNumEvents = count(Event::getTasksEventsByProjectID($projectID)); break; case "discussions": $totalNumEvents = count(Event::getDiscussionsEventsByProjectID($projectID)); break; case "people": $totalNumEvents = count(Event::getPeopleEventsByProjectID($projectID));
// and exclude banned members if ($project->getPrivate()) { if (!Session::isAdmin() && !$project->isCreator(Session::getUserID())) { if (!$project->isInvited(Session::getUserID()) && !$project->isMember(Session::getUserID()) && !$project->isTrusted(Session::getUserID()) || ProjectUser::isBanned(Session::getUserID(), $project->getID())) { header('Location: ' . Url::error()); exit; } } } // page number, if any if (empty($_GET['page'])) { $page = 1; } else { $page = Filter::numeric($_GET['page']); } $discussionID = Filter::numeric($_GET['d']); $discussion = Discussion::load($discussionID); define('REPLIES_PER_PAGE', 10); // how many replies per page $totalNumReplies = count($discussion->getReplies()); // total # replies $numPages = ceil($totalNumReplies / REPLIES_PER_PAGE); // get # pages if ($numPages != 0 && $page > $numPages) { // invalid page number header('Location: ' . Url::error()); exit; } $limit = ($page - 1) * REPLIES_PER_PAGE . ', ' . REPLIES_PER_PAGE; $replies = $discussion->getReplies("ASC", $limit); // get replies
// compose email $body = "<p>" . formatUserLink(Session::getUserID()) . ' untrusted you in the project ' . formatProjectLink($project->getID()) . '.</p>'; $email = array('to' => $u->getEmail(), 'subject' => '[' . PIPELINE_NAME . '] Untrusted in the project ' . $project->getTitle(), 'message' => $body); // send email Email::send($email); } // send us back $user = User::load($userID); Session::setMessage($user->getUsername() . ' is no longer trusted.'); $json = array('success' => '1'); echo json_encode($json); // --- INVITE MEMBERS --- // } elseif ($action == 'invite-members') { $invitees = Filter::text($_POST['invitees']); $message = Filter::formattedText($_POST['message']); $trusted = Filter::numeric($_POST['trusted']); $invitees = explode(',', $invitees); // these arrays will hold valid users and emails to invite $users = array(); $emails = array(); // first, make sure everyone in the list is valid if (!empty($invitees)) { foreach ($invitees as $i) { $i = trim($i); if ($i == '') { continue; } // skip blank if (filter_var($i, FILTER_VALIDATE_EMAIL)) { // it's an email address $user = User::loadByEmail($i);
$slug = Filter::text($_GET['slug']); $project = Project::getProjectFromSlug($slug); // kick us out if slug invalid if ($project == null) { header('Location: ' . Url::error()); exit; } // validate task $taskID = Filter::numeric($_GET['t']); $task = Task::load($taskID); if ($task == null) { header('Location: ' . Url::error()); exit; } // validate update $updateID = Filter::numeric($_GET['u']); $update = Update::load($updateID); if ($update == null) { header('Location: ' . Url::error()); exit; } // if private project, limit access to invited users, members, and admins // and exclude banned members if ($project->getPrivate()) { if (!Session::isAdmin() && !$project->isCreator(Session::getUserID())) { if (!$project->isInvited(Session::getUserID()) && !$project->isMember(Session::getUserID()) && !$project->isTrusted(Session::getUserID()) || ProjectUser::isBanned(Session::getUserID(), $project->getID())) { header('Location: ' . Url::error()); exit; } } }
<?php require_once "../../global.php"; $slug = Filter::text($_GET['slug']); $project = Project::getProjectFromSlug($slug); // kick us out if slug invalid if ($project == null) { header('Location: ' . Url::error()); exit; } // validate task $taskID = Filter::numeric($_GET['t']); $task = Task::load($taskID); if ($task == null) { header('Location: ' . Url::error()); exit; } // if private project, limit access to invited users, members, and admins // and exclude banned members if ($project->getPrivate()) { if (!Session::isAdmin() && !$project->isCreator(Session::getUserID())) { if (!$project->isInvited(Session::getUserID()) && !$project->isMember(Session::getUserID()) && !$project->isTrusted(Session::getUserID()) || ProjectUser::isBanned(Session::getUserID(), $project->getID())) { header('Location: ' . Url::error()); exit; } } } // // validate username // $username = Filter::text($_GET['u']); // $user = User::loadByUsername($username); // // check if user has accepted task
<?php require_once "../../global.php"; if (!Session::isLoggedIn()) { header('Location: ' . Url::error()); exit; } // get message $messageID = Filter::numeric($_GET['m']); $message = Message::load($messageID); if (empty($message)) { header('Location: ' . Url::error()); exit; } // if this is a reply, get the parent message if ($message->getID() != $message->getParentID()) { $message = Message::load($message->getParentID()); } $message->markAllRead(); // we're reading it now $soup = new Soup(); $soup->set('message', $message); $soup->render('site/page/message');
case TASKS_ID: $successURL = Url::tasks($project->getID()); break; case PEOPLE_ID: $successURL = Url::people($project->getID()); break; case ACTIVITY_ID: $successURL = Url::activity($project->getID()); break; default: $successURL = Url::discussion($discussion->getID()); } $json = array('success' => '1', 'successUrl' => $successURL); echo json_encode($json); } elseif ($action == 'reply') { $discussionID = Filter::numeric($_POST['discussionID']); $message = Filter::formattedText($_POST['message']); if ($message == '') { $json = array('error' => 'Your reply can not be blank.'); exit(json_encode($json)); } $discussion = Discussion::load($discussionID); $reply = new Discussion(array('creator_id' => Session::getUserID(), 'project_id' => $discussion->getProjectID(), 'parent_id' => $discussion->getID(), 'title' => $discussion->getTitle(), 'message' => $message, 'category' => $discussion->getCategory())); $reply->save(); // attach any uploads // Upload::attachToItem( // $token, // Upload::TYPE_DISCUSSION, // $reply->getID(), // $project->getID() // );
<?php require_once "../../global.php"; $fileID = Filter::numeric($_GET['fi']); $fileName = Filter::text($_GET['fn']); $upload = Upload::load($fileID); if ($upload == null || $fileName != $upload->getOriginalName() || $upload->getDeleted() == true) { header('Location: ' . Url::error()); exit; } $fileURL = Url::uploads() . '/' . $upload->getStoredName(); header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: public"); header("Content-Description: File Transfer"); header('Content-Type: ' . $upload->getMime() . '"'); header('Content-Disposition: attachment; filename="' . $upload->getOriginalName() . '"'); header("Content-Transfer-Encoding: binary"); header('Content-Length: ' . $upload->getSize()); readfile($fileURL);
<?php require_once "../../global.php"; $inviteID = Filter::numeric($_POST['inviteID']); $invite = Invitation::load($inviteID); $response = Filter::alphanum($_POST['response']); if ($response == 'accept') { // add the user to the project if ($invite->getTrusted()) { $relationship = ProjectUser::TRUSTED; } else { $relationship = ProjectUser::MEMBER; } $pu = new ProjectUser(array('project_id' => $invite->getProjectID(), 'user_id' => $invite->getInviteeID(), 'relationship' => $relationship)); $pu->save(); // update the invite $invite->setResponse(Invitation::ACCEPTED); $invite->setDateResponded(date("Y-m-d H:i:s")); $invite->save(); // prep for logging $eventTypeID = 'accept_member_invitation'; $successMsg = 'You accepted the invitation.'; } else { // update the invite $invite->setResponse(Invitation::DECLINED); $invite->setDateResponded(date("Y-m-d H:i:s")); $invite->save(); // prep for logging $eventTypeID = 'decline_member_invitation'; $successMsg = 'You declined the invitation.'; }
} else { $json = array('error' => 'You did not make any changes.'); exit(json_encode($json)); } } elseif ($action == "progress") { // check for valid date $deadline = Filter::text($_POST['deadline']); $formattedDeadline = strtotime($deadline); if ($formattedDeadline === false && $deadline != '') { $json = array('error' => 'Deadline must be a valid date or empty.'); exit(json_encode($json)); } // edit progress $modified = false; // is status modified? $newStatus = Filter::numeric($_POST['status']); if ($newStatus != $project->getStatus()) { // save changes $oldStatus = $project->getStatus(); $project->setStatus($newStatus); $project->save(); // log it $logEvent = new Event(array('event_type_id' => 'edit_project_status', 'project_id' => $project->getID(), 'user_1_id' => Session::getUserID(), 'data_1' => $oldStatus, 'data_2' => $newStatus)); $logEvent->save(); // set flag $modified = true; } // is deadline modified? $formattedDeadline = $formattedDeadline != '' ? date("Y-m-d H:i:s", $formattedDeadline) : null; $oldDeadline = $project->getDeadline(); if ($formattedDeadline != $oldDeadline) {