<?php
require_once "../../global.php";
$user = User::load(Session::getUserID());
$action = Filter::text($_POST['action']);
if ($action == 'theme') {
// get the new theme
$themeID = Filter::numeric($_POST['themeID']);
$theme = Theme::load($themeID);
// validate the theme
if (empty($theme)) {
$json = array('error' => 'That theme does not exist.');
exit(json_encode($json));
}
// save the new theme
$user->setThemeID($theme->getID());
$user->save();
// send us back
Session::setMessage("Theme changed.");
$json = array('success' => '1');
echo json_encode($json);
} elseif ($action == 'notification') {
$notificationType = Filter::alphanum($_POST['notificationType']);
$notificationValue = Filter::alphanum($_POST['notificationValue']);
// convert checkbox value to database-friendly 1 or 0
$value = $notificationValue == 'notify' ? 1 : 0;
// figure out which User setter to use based on notification type
switch ($notificationType) {
case 'chkCommentTaskLeading':
$user->setNotifyCommentTaskLeading($value);
break;
}
}
// send us back
Session::setMessage('You commented on this update.');
$json = array('success' => '1');
echo json_encode($json);
}
} elseif ($action == 'comment-reply') {
// validate update
$updateID = Filter::numeric($_GET['u']);
$update = Update::load($updateID);
if ($update == null) {
header('Location: ' . Url::error());
exit;
}
$commentID = Filter::numeric($_POST['commentID']);
$message = Filter::formattedText($_POST['message']);
if ($message == '') {
$json = array('error' => 'Your reply cannot be empty.');
exit(json_encode($json));
} else {
// post the comment
$reply = new Comment(array('creator_id' => Session::getUserID(), 'project_id' => $project->getID(), 'update_id' => $updateID, 'parent_id' => $commentID, 'message' => $message));
$reply->save();
// log it
$logEvent = new Event(array('event_type_id' => 'create_update_comment_reply', 'project_id' => $project->getID(), 'user_1_id' => Session::getUserID(), 'item_1_id' => $commentID, 'item_2_id' => $reply->getID(), 'item_3_id' => $updateID, 'data_1' => $message));
$logEvent->save();
// send email notification, if desired
$creator = User::load($update->getCreatorID());
if ($creator->getID() != Session::getUserID()) {
// don't email yourself
} else {
$errorFound = 1;
$errorString .= "<span class=bad> Line " . $row . " requires a task name and description.</span><br/>";
$row++;
continue;
}
} else {
//Verify that we are not reading the header
$isHeader = strpos($line[0], "Title(Required)");
if ($isHeader !== false) {
$row++;
continue;
}
//Format number of people to an integer
if (!empty($line[2])) {
$numberOfPeople = Filter::numeric($line[2]);
if ($numberOfPeople == false) {
$numberOfPeople = 1;
}
} else {
$numberOfPeople = 0;
}
//Format Deadline, if empty or an invalid date is given, default to a week from today
if (!empty($line[3])) {
$deadline = strtotime($line[3]);
if ($deadline == false) {
$deadline = strtotime("+1 week");
$deadline = date("Y-m-d H:i:s", $deadline);
} else {
$deadline = date("Y-m-d H:i:s", $deadline);
}
// if private project, limit access to invited users, members, and admins
// and exclude banned members
if ($project->getPrivate()) {
if (!Session::isAdmin() && !$project->isCreator(Session::getUserID())) {
if (!$project->isInvited(Session::getUserID()) && !$project->isMember(Session::getUserID()) && !$project->isTrusted(Session::getUserID()) || ProjectUser::isBanned(Session::getUserID(), $project->getID())) {
header('Location: ' . Url::error());
exit;
}
}
}
$projectID = $project->getID();
// page number, if any
if (empty($_GET['page'])) {
$page = 1;
} else {
$page = Filter::numeric($_GET['page']);
}
define('EVENTS_PER_PAGE', 10);
// how many events per page
switch ($filter) {
case "basics":
$totalNumEvents = count(Event::getBasicsEventsByProjectID($projectID));
break;
case "tasks":
$totalNumEvents = count(Event::getTasksEventsByProjectID($projectID));
break;
case "discussions":
$totalNumEvents = count(Event::getDiscussionsEventsByProjectID($projectID));
break;
case "people":
$totalNumEvents = count(Event::getPeopleEventsByProjectID($projectID));
// and exclude banned members
if ($project->getPrivate()) {
if (!Session::isAdmin() && !$project->isCreator(Session::getUserID())) {
if (!$project->isInvited(Session::getUserID()) && !$project->isMember(Session::getUserID()) && !$project->isTrusted(Session::getUserID()) || ProjectUser::isBanned(Session::getUserID(), $project->getID())) {
header('Location: ' . Url::error());
exit;
}
}
}
// page number, if any
if (empty($_GET['page'])) {
$page = 1;
} else {
$page = Filter::numeric($_GET['page']);
}
$discussionID = Filter::numeric($_GET['d']);
$discussion = Discussion::load($discussionID);
define('REPLIES_PER_PAGE', 10);
// how many replies per page
$totalNumReplies = count($discussion->getReplies());
// total # replies
$numPages = ceil($totalNumReplies / REPLIES_PER_PAGE);
// get # pages
if ($numPages != 0 && $page > $numPages) {
// invalid page number
header('Location: ' . Url::error());
exit;
}
$limit = ($page - 1) * REPLIES_PER_PAGE . ', ' . REPLIES_PER_PAGE;
$replies = $discussion->getReplies("ASC", $limit);
// get replies
// compose email
$body = "<p>" . formatUserLink(Session::getUserID()) . ' untrusted you in the project ' . formatProjectLink($project->getID()) . '.</p>';
$email = array('to' => $u->getEmail(), 'subject' => '[' . PIPELINE_NAME . '] Untrusted in the project ' . $project->getTitle(), 'message' => $body);
// send email
Email::send($email);
}
// send us back
$user = User::load($userID);
Session::setMessage($user->getUsername() . ' is no longer trusted.');
$json = array('success' => '1');
echo json_encode($json);
// --- INVITE MEMBERS --- //
} elseif ($action == 'invite-members') {
$invitees = Filter::text($_POST['invitees']);
$message = Filter::formattedText($_POST['message']);
$trusted = Filter::numeric($_POST['trusted']);
$invitees = explode(',', $invitees);
// these arrays will hold valid users and emails to invite
$users = array();
$emails = array();
// first, make sure everyone in the list is valid
if (!empty($invitees)) {
foreach ($invitees as $i) {
$i = trim($i);
if ($i == '') {
continue;
}
// skip blank
if (filter_var($i, FILTER_VALIDATE_EMAIL)) {
// it's an email address
$user = User::loadByEmail($i);
$slug = Filter::text($_GET['slug']);
$project = Project::getProjectFromSlug($slug);
// kick us out if slug invalid
if ($project == null) {
header('Location: ' . Url::error());
exit;
}
// validate task
$taskID = Filter::numeric($_GET['t']);
$task = Task::load($taskID);
if ($task == null) {
header('Location: ' . Url::error());
exit;
}
// validate update
$updateID = Filter::numeric($_GET['u']);
$update = Update::load($updateID);
if ($update == null) {
header('Location: ' . Url::error());
exit;
}
// if private project, limit access to invited users, members, and admins
// and exclude banned members
if ($project->getPrivate()) {
if (!Session::isAdmin() && !$project->isCreator(Session::getUserID())) {
if (!$project->isInvited(Session::getUserID()) && !$project->isMember(Session::getUserID()) && !$project->isTrusted(Session::getUserID()) || ProjectUser::isBanned(Session::getUserID(), $project->getID())) {
header('Location: ' . Url::error());
exit;
}
}
}
<?php
require_once "../../global.php";
$slug = Filter::text($_GET['slug']);
$project = Project::getProjectFromSlug($slug);
// kick us out if slug invalid
if ($project == null) {
header('Location: ' . Url::error());
exit;
}
// validate task
$taskID = Filter::numeric($_GET['t']);
$task = Task::load($taskID);
if ($task == null) {
header('Location: ' . Url::error());
exit;
}
// if private project, limit access to invited users, members, and admins
// and exclude banned members
if ($project->getPrivate()) {
if (!Session::isAdmin() && !$project->isCreator(Session::getUserID())) {
if (!$project->isInvited(Session::getUserID()) && !$project->isMember(Session::getUserID()) && !$project->isTrusted(Session::getUserID()) || ProjectUser::isBanned(Session::getUserID(), $project->getID())) {
header('Location: ' . Url::error());
exit;
}
}
}
// // validate username
// $username = Filter::text($_GET['u']);
// $user = User::loadByUsername($username);
// // check if user has accepted task
<?php
require_once "../../global.php";
if (!Session::isLoggedIn()) {
header('Location: ' . Url::error());
exit;
}
// get message
$messageID = Filter::numeric($_GET['m']);
$message = Message::load($messageID);
if (empty($message)) {
header('Location: ' . Url::error());
exit;
}
// if this is a reply, get the parent message
if ($message->getID() != $message->getParentID()) {
$message = Message::load($message->getParentID());
}
$message->markAllRead();
// we're reading it now
$soup = new Soup();
$soup->set('message', $message);
$soup->render('site/page/message');
case TASKS_ID:
$successURL = Url::tasks($project->getID());
break;
case PEOPLE_ID:
$successURL = Url::people($project->getID());
break;
case ACTIVITY_ID:
$successURL = Url::activity($project->getID());
break;
default:
$successURL = Url::discussion($discussion->getID());
}
$json = array('success' => '1', 'successUrl' => $successURL);
echo json_encode($json);
} elseif ($action == 'reply') {
$discussionID = Filter::numeric($_POST['discussionID']);
$message = Filter::formattedText($_POST['message']);
if ($message == '') {
$json = array('error' => 'Your reply can not be blank.');
exit(json_encode($json));
}
$discussion = Discussion::load($discussionID);
$reply = new Discussion(array('creator_id' => Session::getUserID(), 'project_id' => $discussion->getProjectID(), 'parent_id' => $discussion->getID(), 'title' => $discussion->getTitle(), 'message' => $message, 'category' => $discussion->getCategory()));
$reply->save();
// attach any uploads
// Upload::attachToItem(
// $token,
// Upload::TYPE_DISCUSSION,
// $reply->getID(),
// $project->getID()
// );
<?php
require_once "../../global.php";
$fileID = Filter::numeric($_GET['fi']);
$fileName = Filter::text($_GET['fn']);
$upload = Upload::load($fileID);
if ($upload == null || $fileName != $upload->getOriginalName() || $upload->getDeleted() == true) {
header('Location: ' . Url::error());
exit;
}
$fileURL = Url::uploads() . '/' . $upload->getStoredName();
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header('Content-Type: ' . $upload->getMime() . '"');
header('Content-Disposition: attachment; filename="' . $upload->getOriginalName() . '"');
header("Content-Transfer-Encoding: binary");
header('Content-Length: ' . $upload->getSize());
readfile($fileURL);
<?php
require_once "../../global.php";
$inviteID = Filter::numeric($_POST['inviteID']);
$invite = Invitation::load($inviteID);
$response = Filter::alphanum($_POST['response']);
if ($response == 'accept') {
// add the user to the project
if ($invite->getTrusted()) {
$relationship = ProjectUser::TRUSTED;
} else {
$relationship = ProjectUser::MEMBER;
}
$pu = new ProjectUser(array('project_id' => $invite->getProjectID(), 'user_id' => $invite->getInviteeID(), 'relationship' => $relationship));
$pu->save();
// update the invite
$invite->setResponse(Invitation::ACCEPTED);
$invite->setDateResponded(date("Y-m-d H:i:s"));
$invite->save();
// prep for logging
$eventTypeID = 'accept_member_invitation';
$successMsg = 'You accepted the invitation.';
} else {
// update the invite
$invite->setResponse(Invitation::DECLINED);
$invite->setDateResponded(date("Y-m-d H:i:s"));
$invite->save();
// prep for logging
$eventTypeID = 'decline_member_invitation';
$successMsg = 'You declined the invitation.';
}
} else {
$json = array('error' => 'You did not make any changes.');
exit(json_encode($json));
}
} elseif ($action == "progress") {
// check for valid date
$deadline = Filter::text($_POST['deadline']);
$formattedDeadline = strtotime($deadline);
if ($formattedDeadline === false && $deadline != '') {
$json = array('error' => 'Deadline must be a valid date or empty.');
exit(json_encode($json));
}
// edit progress
$modified = false;
// is status modified?
$newStatus = Filter::numeric($_POST['status']);
if ($newStatus != $project->getStatus()) {
// save changes
$oldStatus = $project->getStatus();
$project->setStatus($newStatus);
$project->save();
// log it
$logEvent = new Event(array('event_type_id' => 'edit_project_status', 'project_id' => $project->getID(), 'user_1_id' => Session::getUserID(), 'data_1' => $oldStatus, 'data_2' => $newStatus));
$logEvent->save();
// set flag
$modified = true;
}
// is deadline modified?
$formattedDeadline = $formattedDeadline != '' ? date("Y-m-d H:i:s", $formattedDeadline) : null;
$oldDeadline = $project->getDeadline();
if ($formattedDeadline != $oldDeadline) {
