function sendNewPass()
{
global $AppUI;
$_live_site = w2PgetConfig('base_url');
$_sitename = w2PgetConfig('company_name');
// ensure no malicous sql gets past
$checkusername = trim(w2PgetParam($_POST, 'checkusername', ''));
$checkusername = db_escape($checkusername);
$confirmEmail = trim(w2PgetParam($_POST, 'checkemail', ''));
$confirmEmail = strtolower(db_escape($confirmEmail));
$q = new w2p_Database_Query();
$q->addTable('users');
$q->addJoin('contacts', 'con', 'user_contact = contact_id', 'inner');
$q->addQuery('user_id');
$q->addWhere('user_username = \'' . $checkusername . '\'');
/* Begin Hack */
/*
* This is a particularly annoying hack but I don't know of a better
* way to resolve #457. In v2.0, there was a refactoring to allow for
* muliple contact methods which resulted in the contact_email being
* removed from the contacts table. If the user is upgrading from
* v1.x and they try to log in before applying the database, crash.
* Info: http://bugs.web2project.net/view.php?id=457
*/
$qTest = new w2p_Database_Query();
$qTest->addTable('w2pversion');
$qTest->addQuery('max(db_version)');
$dbVersion = $qTest->loadResult();
if ($dbVersion >= 21 && $dbVersion < 26) {
$q->leftJoin('contacts_methods', 'cm', 'cm.contact_id = con.contact_id');
$q->addWhere("cm.method_value = '{$confirmEmail}'");
} else {
$q->addWhere("LOWER(contact_email) = '{$confirmEmail}'");
}
/* End Hack */
if (!($user_id = $q->loadResult()) || !$checkusername || !$confirmEmail) {
$AppUI->setMsg('Invalid username or email.', UI_MSG_ERROR);
$AppUI->redirect();
}
$newpass = makePass();
$message = $AppUI->_('sendpass0', UI_OUTPUT_RAW) . ' ' . $checkusername . ' ' . $AppUI->_('sendpass1', UI_OUTPUT_RAW) . ' ' . $_live_site . ' ' . $AppUI->_('sendpass2', UI_OUTPUT_RAW) . ' ' . $newpass . ' ' . $AppUI->_('sendpass3', UI_OUTPUT_RAW);
$subject = $_sitename . ' :: ' . $AppUI->_('sendpass4', UI_OUTPUT_RAW) . ' - ' . $checkusername;
$m = new w2p_Utilities_Mail();
// create the mail
$m->To($confirmEmail);
$m->Subject($subject);
$m->Body($message, isset($GLOBALS['locale_char_set']) ? $GLOBALS['locale_char_set'] : '');
// set the body
$m->Send();
// send the mail
$newpass = md5($newpass);
$q->addTable('users');
$q->addUpdate('user_password', $newpass);
$q->addWhere('user_id=' . $user_id);
$cur = $q->exec();
if (!$cur) {
die('SQL error' . $database->stderr(true));
} else {
$AppUI->setMsg('New User Password created and emailed to you');
$AppUI->redirect();
}
}
public static function getProjects($contactId)
{
$q = new w2p_Database_Query();
$q->addQuery('p.project_id, p.project_name');
$q->addTable('project_contacts', 'pc');
$q->addJoin('projects', 'p', 'p.project_id = pc.project_id', 'inner');
$q->addWhere("contact_id = {$contactId}");
return $q->loadList();
}
echo '<table class="std">
<tr>
<td align="center">';
// Let's figure out which users we have
$user_list = w2PgetUsersHashList();
if ($log_userfilter != 0) {
$user_list = array($log_userfilter => $user_list[$log_userfilter]);
}
$ss = "'" . $start_date->format(FMT_DATETIME_MYSQL) . "'";
$se = "'" . $end_date->format(FMT_DATETIME_MYSQL) . "'";
$and = false;
$where = false;
$q = new w2p_Database_Query();
$q->addTable('tasks', 't');
$q->addQuery('t.*');
$q->addJoin('projects', '', 'projects.project_id = task_project', 'inner');
$q->addJoin('project_departments', '', 'project_departments.project_id = projects.project_id');
$q->addJoin('departments', '', 'department_id = dept_id');
$q->addWhere('project_active = 1');
if (($template_status = w2PgetConfig('template_projects_status_id')) != '') {
$q->addWhere('project_status <> ' . (int) $template_status);
}
if ($use_period) {
$q->addWhere('( (task_start_date >= ' . $ss . ' AND task_start_date <= ' . $se . ') OR ' . '(task_end_date <= ' . $se . ' AND task_end_date >= ' . $ss . ') )');
}
if ($project_id != 0) {
$q->addWhere('task_project=' . $project_id);
}
$proj = new CProject();
$obj = new CTask();
$allowedProjects = $proj->getAllowedSQL($AppUI->user_id, 'task_project');
public function getTaskLogs($taskId, $problem = false)
{
$q = new w2p_Database_Query();
$q->addTable('task_log');
$q->addQuery('task_log.*, user_username, billingcode_name as task_log_costcode');
$q->addQuery('CONCAT(contact_first_name, \' \', contact_last_name) AS real_name');
$q->addWhere('task_log_task = ' . (int) $taskId . ($problem ? ' AND task_log_problem > 0' : ''));
$q->addOrder('task_log_date');
$q->addOrder('task_log_created');
$q->leftJoin('billingcode', '', 'task_log.task_log_costcode = billingcode_id');
$q->addJoin('users', '', 'task_log_creator = user_id', 'inner');
$q->addJoin('contacts', 'ct', 'contact_id = user_contact', 'inner');
return $q->loadList();
}
$owner_ids = array();
$q = new w2p_Database_Query();
$q->addTable('users');
$q->addQuery('user_id');
$q->addJoin('contacts', 'c', 'c.contact_id = user_contact', 'inner');
$q->addWhere('c.contact_department = ' . (int) $department);
$owner_ids = $q->loadColumn();
$q->clear();
}
// pull valid projects and their percent complete information
$q = new w2p_Database_Query();
$q->addTable('projects', 'pr');
$q->addQuery('DISTINCT pr.project_id, project_color_identifier, project_name, project_start_date, project_end_date,
max(t1.task_end_date) AS project_actual_end_date, project_percent_complete,
project_status, project_active');
$q->addJoin('tasks', 't1', 'pr.project_id = t1.task_project');
$q->addJoin('companies', 'c1', 'pr.project_company = c1.company_id');
if ($department > 0 && !$addPwOiD) {
$q->addWhere('project_departments.department_id = ' . (int) $department);
}
if ($project_type > -1) {
$q->addWhere('pr.project_type = ' . (int) $project_type);
}
if ($owner > 0) {
$q->addWhere('pr.project_owner = ' . (int) $owner);
}
if ($proFilter == '-3') {
$q->addWhere('pr.project_owner = ' . (int) $user_id);
} elseif ($proFilter != '-1') {
$q->addWhere('pr.project_status = ' . (int) $proFilter);
}
public static function getFileList($AppUI = null, $company_id = 0, $project_id = 0, $task_id = 0, $category_id = 0)
{
global $AppUI;
$q = new w2p_Database_Query();
$q->addQuery('f.*');
$q->addTable('files', 'f');
$q->addJoin('projects', 'p', 'p.project_id = file_project');
$q->addJoin('project_departments', 'pd', 'p.project_id = pd.project_id');
$q->addJoin('departments', '', 'pd.department_id = dept_id');
$q->addJoin('tasks', 't', 't.task_id = file_task');
$project = new CProject();
//TODO: We need to convert this from static to use ->overrideDatabase() for testing.
$allowedProjects = $project->getAllowedSQL($AppUI->user_id, 'file_project');
if (count($allowedProjects)) {
$q->addWhere('( ( ' . implode(' AND ', $allowedProjects) . ') OR file_project = 0 )');
}
if (isset($company_id) && (int) $company_id > 0) {
$q->addWhere('project_company = ' . (int) $company_id);
}
if (isset($project_id) && (int) $project_id > 0) {
$q->addWhere('file_project = ' . (int) $project_id);
}
if (isset($task_id) && (int) $task_id > 0) {
$q->addWhere('file_task = ' . (int) $task_id);
}
if ($category_id >= 0) {
$q->addWhere('file_category = ' . (int) $category_id);
}
return $q->loadList();
}
$today->convertTZ($AppUI->getPref('TIMEZONE'));
//Lets load the users panel viewing options
$q = new w2p_Database_Query();
$q->addTable('project_designer_options', 'pdo');
$q->addQuery('pdo.*');
$q->addWhere('pdo.pd_option_user = '******'project_id', 0);
$project_id = (int) w2PgetParam($_GET, 'project_id', $project_id);
$extra = array('where' => 'project_active = 1');
$project = new CProject();
$projects = $project->getAllowedRecords($AppUI->user_id, 'projects.project_id,project_name', 'project_name', null, $extra, 'projects');
$q = new w2p_Database_Query();
$q->addTable('projects');
$q->addQuery('projects.project_id, company_name');
$q->addJoin('companies', 'co', 'co.company_id = project_company');
$idx_companies = $q->loadHashList();
$q->clear();
foreach ($projects as $prj_id => $prj_name) {
$projects[$prj_id] = $idx_companies[$prj_id] . ': ' . $prj_name;
}
asort($projects);
$projects = arrayMerge(array('0' => $AppUI->_('(None)', UI_OUTPUT_RAW)), $projects);
$extra = array();
$task = new CTask();
$tasks = $task->getAllowedRecords($AppUI->user_id, 'task_id,task_name', 'task_name', null, $extra);
$tasks = arrayMerge(array('0' => $AppUI->_('(None)', UI_OUTPUT_RAW)), $tasks);
if (!$project_id) {
// setup the title block
$ttl = 'ProjectDesigner';
$titleBlock = new w2p_Theme_TitleBlock($ttl, 'projectdesigner.png', $m, $m . '.' . $a);
public function getTaskLogs(CAppUI $AppUI = null, $projectId, $user_id = 0, $hide_inactive = false, $hide_complete = false, $cost_code = 0)
{
global $AppUI;
$q = new w2p_Database_Query();
$q->addTable('task_log');
$q->addQuery('DISTINCT task_log.*, user_username, task_id');
$q->addQuery("CONCAT(contact_first_name, ' ', contact_last_name) AS real_name");
$q->addQuery('billingcode_name as task_log_costcode');
$q->addJoin('users', 'u', 'user_id = task_log_creator');
$q->addJoin('tasks', 't', 'task_log_task = t.task_id');
$q->addJoin('contacts', 'ct', 'contact_id = user_contact');
$q->addJoin('billingcode', 'b', 'task_log.task_log_costcode = billingcode_id');
$q->addWhere('task_project = ' . (int) $projectId);
if ($user_id > 0) {
$q->addWhere('task_log_creator=' . $user_id);
}
if ($hide_inactive) {
$q->addWhere('task_status>=0');
}
if ($hide_complete) {
$q->addWhere('task_percent_complete < 100');
}
if ($cost_code > 0) {
$q->addWhere("billingcode_id = {$cost_code}");
}
$q->addOrder('task_log_date');
$q->addOrder('task_log_created');
$this->setAllowedSQL($AppUI->user_id, $q, 'task_project');
return $q->loadList();
}
public function _buildQuery()
{
$q = new w2p_Database_Query();
if ($this->table_alias) {
$q->addTable($this->table, $this->table_alias);
} else {
$q->addTable($this->table);
}
$q->addQuery('DISTINCT(' . $this->table_key . ')');
if (isset($this->table_key2)) {
$q->addQuery($this->table_key2);
}
//--MSy--
foreach ($this->table_joins as $join) {
$q->addJoin($join['table'], $join['alias'], $join['join']);
}
foreach ($this->display_fields as $fld) {
$q->addQuery($fld);
}
$q->addOrder($this->table_orderby);
if ($this->table_groupby) {
$q->addGroup($this->table_groupby);
}
if ($this->table_extra) {
$q->addWhere($this->table_extra);
}
$ignore = w2PgetSysVal('FileIndexIgnoreWords');
$ignore = explode(',', $ignore['FileIndexIgnoreWords']);
$this->keywords = array_diff(array_keys($this->keywords), $ignore);
$sql = '';
foreach ($this->keywords as $keyword) {
$sql .= '(';
foreach ($this->search_fields as $field) {
//OR treatment to each keyword
// Search for semi-colons, commas or spaces and allow any to be separators
$or_keywords = preg_split('/[\\s,;]+/', $keyword);
foreach ($or_keywords as $or_keyword) {
if ($this->search_options['ignore_specchar'] == 'on') {
$tmppattern = recode2regexp_utf8($or_keyword);
if ($this->search_options['ignore_case'] == 'on') {
$sql .= ' ' . $field . ' REGEXP \'' . $tmppattern . '\' or ';
} else {
$sql .= ' ' . $field . ' REGEXP BINARY \'' . $tmppattern . '\' or ';
}
} else {
if ($this->search_options['ignore_case'] == 'on') {
$sql .= ' ' . $field . ' LIKE "%' . $or_keyword . '%" or ';
} else {
$sql .= ' ' . $field . ' LIKE BINARY "%' . $or_keyword . '%" or ';
}
}
}
}
// foreach $field
$sql = substr($sql, 0, -4);
if ($this->search_options['all_words'] == 'on') {
$sql .= ') and ';
} else {
$sql .= ') or ';
}
}
// foreach $keyword
//--MSy--
$sql = substr($sql, 0, -4);
if ($sql) {
$q->addWhere($sql);
return $q;
} else {
return null;
}
}
</tr>
<tr>
<td align="right" valign="top"><?php
echo $AppUI->_('Email Log to');
?>
:</td>
<td>
<?php
$tl = $AppUI->getPref('TASKLOGEMAIL');
$ta = $tl & 1;
$tt = $tl & 2;
$tp = $tl & 4;
$task_email_title = array();
$q = new w2p_Database_Query();
$q->addTable('task_contacts', 'tc');
$q->addJoin('contacts', 'c', 'c.contact_id = tc.contact_id', 'inner');
$q->addWhere('tc.task_id = ' . (int) $obj->task_id);
$q->addQuery('tc.contact_id');
$q->addQuery('c.contact_first_name, c.contact_last_name');
$req =& $q->exec();
$cidtc = array();
for ($req; !$req->EOF; $req->MoveNext()) {
$cidtc[] = $req->fields['contact_id'];
$task_email_title[] = $req->fields['contact_first_name'] . ' ' . $req->fields['contact_last_name'];
}
$q->clear();
$q->addTable('project_contacts', 'pc');
$q->addJoin('contacts', 'c', 'c.contact_id = pc.contact_id', 'inner');
$q->addWhere('pc.project_id = ' . (int) $obj->task_project);
$q->addQuery('pc.contact_id');
$q->addQuery('c.contact_first_name, c.contact_last_name');
if ($do_report) {
if (function_exists('styleRenderBoxBottom')) {
echo styleRenderBoxBottom();
}
echo '<br />';
if (function_exists('styleRenderBoxTop')) {
echo styleRenderBoxTop();
}
echo '<table cellspacing="0" cellpadding="4" border="0" width="100%" class="std">
<tr>
<td>';
// Let's figure out which users we have
$q = new w2p_Database_Query();
$q->addTable('users', 'u');
$q->addQuery('u.user_id, u.user_username, contact_first_name, contact_last_name');
$q->addJoin('contacts', 'c', 'u.user_contact = contact_id', 'inner');
$user_list = $q->loadHashList('user_id');
$q->clear();
$q = new w2p_Database_Query();
$q->addTable('tasks', 't');
$q->addTable('user_tasks', 'ut');
$q->addTable('projects', 'pr');
$q->addQuery('t.*, ut.*, pr.project_name');
$q->addWhere('( task_start_date
BETWEEN \'' . $start_date->format(FMT_DATETIME_MYSQL) . '\'
AND \'' . $end_date->format(FMT_DATETIME_MYSQL) . '\'
OR task_end_date BETWEEN \'' . $start_date->format(FMT_DATETIME_MYSQL) . '\'
AND \'' . $end_date->format(FMT_DATETIME_MYSQL) . '\'
OR ( task_start_date <= \'' . $start_date->format(FMT_DATETIME_MYSQL) . '\'
AND task_end_date >= \'' . $end_date->format(FMT_DATETIME_MYSQL) . '\') )');
$q->addWhere('task_end_date IS NOT NULL');
$q->addQuery('*');
$q->addJoin('tasks', '', 'task_project = project_id');
if (!empty($project_id)) {
$q->addWhere('project_id = ' . (int) $project_id);
}
$obj = new CTask();
$allowedTasks = $obj->getAllowedSQL($AppUI->user_id);
if (count($allowedTasks)) {
$obj->getAllowedSQL($AppUI->user_id, $q);
}
$all_tasks = $q->loadList();
$q->clear();
$q = new w2p_Database_Query();
$q->addTable('projects');
$q->addQuery('*, round(sum(task_log_hours),2) as work');
$q->addJoin('tasks', '', 'task_project = project_id');
$q->addJoin('user_tasks', '', 'user_tasks.task_id = tasks.task_id');
$q->addJoin('users', '', 'user_tasks.user_id = users.user_id');
$q->addJoin('contacts', '', 'users.user_contact = contact_id');
$q->addJoin('task_log', '', 'task_log_task = tasks.task_id AND task_log_creator = users.user_id');
$q->addWhere('project_active = 1');
if (($template_status = w2PgetConfig('template_projects_status_id')) != '') {
$q->addWhere('project_status <> ' . (int) $template_status);
}
if (!empty($project_id)) {
$q->addWhere('project_id = ' . (int) $project_id);
}
$q->addGroup('tasks.task_id');
$q->addGroup('users.user_id');
$obj = new CTask();
$allowedTasks = $obj->getAllowedSQL($AppUI->user_id);
<br />
<?php
if (function_exists('styleRenderBoxTop')) {
echo styleRenderBoxTop();
}
if ($do_report) {
// Let's figure out which users we have
$user_list = $active_users;
$ss = '\'' . $start_date->format(FMT_DATETIME_MYSQL) . '\'';
$se = '\'' . $end_date->format(FMT_DATETIME_MYSQL) . '\'';
$and = false;
$where = false;
$q = new w2p_Database_Query();
$q->addTable('tasks', 't');
$q->addQuery('t.*');
$q->addJoin('projects', 'pr', 'pr.project_id = t.task_project', 'inner');
$q->addWhere('pr.project_active = 1');
if (($template_status = w2PgetConfig('template_projects_status_id')) != '') {
$q->addWhere('pr.project_status <> ' . (int) $template_status);
}
if ($use_period) {
$q->addWhere('(( task_start_date >= ' . $ss . ' AND task_start_date <= ' . $se . ' ) OR ' . ' ( task_end_date <= ' . $se . ' AND task_end_date >= ' . $ss . ' ))');
}
$q->addWhere('(task_percent_complete < 100)');
$q->addJoin('user_tasks', 'ut', 'ut.task_id = t.task_id');
if ($log_userfilter > -1) {
$q->addWhere('ut.user_id = ' . $log_userfilter);
}
if ($project_id != 'all') {
$q->addWhere('t.task_project=' . (int) $project_id);
}
/**
* Generic check for whether dependencies exist for this object in the db schema
*
* Can be overloaded/supplemented by the child class
* @param string $msg Error message returned
* @param int Optional key index
* @param array Optional array to compiles standard joins: format [label=>'Label',name=>'table name',idfield=>'field',joinfield=>'field']
* @return true|false
*/
public function canDelete(&$msg, $oid = null, $joins = null)
{
global $AppUI;
// First things first. Are we allowed to delete?
$acl =& $AppUI->acl();
if (!$acl->checkModuleItem($this->_tbl_module, 'delete', $oid)) {
$msg = $AppUI->_('noDeletePermission');
return false;
}
$k = $this->_tbl_key;
if ($oid) {
$this->{$k} = intval($oid);
}
if (is_array($joins)) {
$select = $k;
$join = '';
$q = new w2p_Database_Query();
$q->addTable($this->_tbl);
$q->addWhere($k . ' = \'' . $this->{$k} . '\'');
$q->addGroup($k);
foreach ($joins as $table) {
$q->addQuery('COUNT(DISTINCT ' . $table['idfield'] . ') AS ' . $table['idfield']);
$q->addJoin($table['name'], $table['name'], $table['joinfield'] . ' = ' . $k);
}
$obj = null;
$q->loadObject($obj);
$q->clear();
if (!$obj) {
$msg = db_error();
return false;
}
$msg = array();
foreach ($joins as $table) {
$k = $table['idfield'];
if ($obj->{$k}) {
$msg[] = $AppUI->_($table['label']);
}
}
if (count($msg)) {
$msg = $AppUI->_('noDeleteRecord') . ': ' . implode(', ', $msg);
$this->_error = $msg;
return false;
} else {
return true;
}
}
return true;
}
public function getChildren($group_id, $group_type = 'ARO', $recurse = 'NO_RECURSE')
{
switch (strtolower(trim($group_type))) {
case 'axo':
$group_type = 'axo';
$table = $this->_db_acl_prefix . 'axo_groups';
break;
default:
$group_type = 'aro';
$table = $this->_db_acl_prefix . 'aro_groups';
}
if (empty($group_id)) {
$this->debug_text("get_group_children(): ID ({$group_id}) is empty, this is required");
return false;
}
$q = new w2p_Database_Query();
$q->addTable($table, 'g1');
$q->addQuery('g1.id, g1.name, g1.value, g1.parent_id');
$q->addOrder('g1.value');
switch (strtoupper($recurse)) {
case 'RECURSE':
$q->addJoin($table, 'g2', 'g2.lft<g1.lft AND g2.rgt>g1.rgt');
$q->addWhere('g2.id=' . $group_id);
break;
default:
$q->addWhere('g1.parent_id=' . $group_id);
}
$result = array();
$q->exec();
while ($row = $q->fetchRow()) {
$result[] = array('id' => $row[0], 'name' => $row[1], 'value' => $row[2], 'parent_id' => $row[3]);
}
$q->clear();
return $result;
}
$date = new w2p_Utilities_Date();
if ($viewtype == 'single') {
$s = '';
$first = true;
}
$new_messages = array();
foreach ($messages as $row) {
// Find the parent message - the topic.
if ($row['message_id'] == $message_id) {
$topic = $row['message_title'];
}
$q = new w2p_Database_Query();
$q->addTable('forum_messages');
$q->addTable('users');
$q->addQuery('DISTINCT contact_first_name, contact_last_name, contact_display_name as contact_name, user_username, contact_email');
$q->addJoin('contacts', 'con', 'contact_id = user_contact', 'inner');
$q->addWhere('users.user_id = ' . (int) $row['message_editor']);
$editor = $q->loadList();
$date = intval($row['message_date']) ? new w2p_Utilities_Date($row['message_date']) : null;
if ($viewtype != 'single') {
$s = '';
}
$style = $x ? 'background-color:#eeeeee' : '';
//!!! Different table building for the three different views
// To be cleaned up, and reuse common code at later stage.
if ($viewtype == 'normal') {
$s .= '<tr>';
$s .= '<td valign="top" style="' . $style . '" nowrap="nowrap">';
$s .= '<a href="?m=admin&a=viewuser&user_id=' . $row['message_author'] . '">';
$s .= $row['contact_name'];
$s .= '</a>';
public static function updatePercentComplete($project_id)
{
$working_hours = w2PgetConfig('daily_working_hours') ? w2PgetConfig('daily_working_hours') : 8;
$q = new w2p_Database_Query();
$q->addTable('projects');
$q->addQuery('SUM(t1.task_duration * t1.task_percent_complete * IF(t1.task_duration_type = 24, ' . $working_hours . ', t1.task_duration_type)) / SUM(t1.task_duration * IF(t1.task_duration_type = 24, ' . $working_hours . ', t1.task_duration_type)) AS project_percent_complete');
$q->addJoin('tasks', 't1', 'projects.project_id = t1.task_project', 'inner');
$q->addWhere('project_id = ' . $project_id . ' AND t1.task_id = t1.task_parent');
$project_percent_complete = $q->loadResult();
$q->clear();
$q->addTable('projects');
$q->addUpdate('project_percent_complete', $project_percent_complete);
$q->addWhere('project_id = ' . (int) $project_id);
$q->exec();
global $AppUI;
CTask::storeTokenTask($AppUI, $project_id);
}
public static function getDepartments(CAppUI $AppUI, $companyId)
{
$perms = $AppUI->acl();
if ($AppUI->isActiveModule('departments') && canView('departments')) {
$q = new w2p_Database_Query();
$q->addTable('departments');
$q->addQuery('departments.*, COUNT(contact_department) dept_users');
$q->addJoin('contacts', 'c', 'c.contact_department = dept_id');
$q->addWhere('dept_company = ' . (int) $companyId);
$q->addGroup('dept_id');
$q->addOrder('dept_parent, dept_name');
$department = new CDepartment();
$department->setAllowedSQL($AppUI->user_id, $q);
return $q->loadList();
}
}
if ($boot_query_row) {
$boot_user_session = $boot_query_row['session_id'];
$boot_user_log_id = $boot_query_row['user_access_log_id'];
} else {
$r->clear();
}
}
} while ($boot_query_row);
$msg = $boot_user_name . ' logged out by ' . $AppUI->user_first_name . ' ' . $AppUI->user_last_name;
$AppUI->setMsg($msg, UI_MSG_OK);
$AppUI->redirect('m=admin&tab=3');
}
$q = new w2p_Database_Query();
$q->addTable('sessions', 's');
$q->addQuery('DISTINCT(session_id), user_access_log_id, u.user_id as u_user_id, user_username, contact_last_name, contact_first_name, company_name, contact_company, date_time_in, user_ip');
$q->addJoin('user_access_log', 'ual', 'session_user = user_access_log_id');
$q->addJoin('users', 'u', 'ual.user_id = u.user_id');
$q->addJoin('contacts', 'con', 'u.user_contact = contact_id');
$q->addJoin('companies', 'com', 'contact_company = company_id');
$q->addOrder($orderby);
$rows = $q->loadList();
$q->clear();
$tab = w2PgetParam($_REQUEST, 'tab', 0);
?>
<table cellpadding="2" cellspacing="1" border="0" width="100%" class="tbl">
<tr>
<th colspan="2"> <?php
echo $AppUI->_('sort by');
?>
: </th>
/**
* Login function
*
* A number of things are done in this method to prevent illegal entry:
* <ul>
* <li>The username and password are trimmed and escaped to prevent malicious
* SQL being executed
* </ul>
* The schema previously used the MySQL PASSWORD function for encryption. This
* Method has been deprecated in favour of PHP's MD5() function for database independance.
* The check_legacy_password option is no longer valid
*
* Upon a successful username and password match, several fields from the user
* table are loaded in this object for convenient reference. The style, locales
* and preferences are also loaded at this time.
*
* @param string The user login name
* @param string The user password
* @return boolean True if successful, false if not
*/
public function login($username, $password)
{
$auth_method = w2PgetConfig('auth_method', 'sql');
if ($_POST['login'] != 'login' && $_POST['login'] != $this->_('login', UI_OUTPUT_RAW) && $_REQUEST['login'] != $auth_method) {
die('You have chosen to log in using an unsupported or disabled login method');
}
$auth =& getauth($auth_method);
$username = preg_replace("/[^A-Za-z0-9._@-]/", "", $username);
$username = trim($username);
$password = trim($password);
if (!$auth->authenticate($username, $password)) {
return false;
}
$user_id = $auth->userId($username);
$username = $auth->username;
// Some authentication schemes may collect username in various ways.
// Now that the password has been checked, see if they are allowed to
// access the system
if (!isset($GLOBALS['acl'])) {
$GLOBALS['acl'] = new w2p_Extensions_Permissions();
}
if (!$GLOBALS['acl']->checkLogin($user_id)) {
dprint(__FILE__, __LINE__, 1, 'Permission check failed');
return false;
}
$q = new w2p_Database_Query();
$q->addTable('users');
$q->addQuery('user_id, contact_first_name as user_first_name, ' . 'contact_last_name as user_last_name, contact_display_name as user_display_name, ' . 'contact_company as user_company, contact_department as user_department, user_type');
$q->addJoin('contacts', 'con', 'con.contact_id = user_contact', 'inner');
/* Begin Hack */
/*
* This is a particularly annoying hack but I don't know of a better
* way to resolve #457. In v2.0, there was a refactoring to allow for
* muliple contact methods which resulted in the contact_email being
* removed from the contacts table. If the user is upgrading from
* v1.x and they try to log in before applying the database, crash.
* Info: http://bugs.web2project.net/view.php?id=457
* This hack was deprecated in dbVersion 26 for v2.2 in December 2010.
*/
$qTest = new w2p_Database_Query();
$qTest->addTable('w2pversion');
$qTest->addQuery('max(db_version)');
$dbVersion = $qTest->loadResult();
if ($dbVersion >= 21 && $dbVersion < 26) {
$q->leftJoin('contacts_methods', 'cm', 'cm.contact_id = con.contact_id');
$q->addWhere("cm.method_name = 'email_primary'");
$q->addQuery('cm.method_value AS user_email');
}
/* End Hack */
$q->addWhere('user_id = ' . (int) $user_id . ' AND user_username = \'' . $username . '\'');
$q->loadObject($this);
if (!$this) {
dprint(__FILE__, __LINE__, 1, 'Failed to load user information');
return false;
}
// load the user preferences
$this->loadPrefs($this->user_id);
$this->setUserLocale();
$this->setStyle();
return true;
}
/* $Id$ $URL$ */
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
$perms =& $AppUI->acl();
if (!canView('tasks')) {
$AppUI->redirect('m=public&a=access_denied');
}
$proj = (int) w2PgetParam($_GET, 'project', 0);
$userFilter = w2PgetParam($_GET, 'userFilter', false);
$q = new w2p_Database_Query();
$q->addQuery('t.task_id, t.task_name');
$q->addTable('tasks', 't');
if ($userFilter) {
$q->addJoin('user_tasks', 'ut', 'ut.task_id = t.task_id');
$q->addWhere('ut.user_id = ' . (int) $AppUI->user_id);
}
if ($proj != 0) {
$q->addWhere('task_project = ' . (int) $proj);
}
$tasks = $q->loadList();
$q->clear();
?>
<script language="javascript" type="text/javascript">
function loadTasks() {
var tasks = new Array();
var sel = parent.document.forms['form'].new_task;
while (sel.options.length) {
sel.options[0] = null;
public function notifyContacts($notifyContacts)
{
global $AppUI, $w2Pconfig, $locale_char_set;
if ($notifyContacts) {
//if no project specified than we will not do anything
if ($this->file_project != 0) {
$this->_project = new CProject();
$this->_project->load($this->file_project);
$mail = new w2p_Utilities_Mail();
if ($this->file_task == 0) {
//notify all developers
$mail->Subject($AppUI->_('Project') . ': ' . $this->_project->project_name . '::' . $this->file_name, $locale_char_set);
} else {
//notify all assigned users
$this->_task = new CTask();
$this->_task->load($this->file_task);
$mail->Subject($AppUI->_('Project') . ': ' . $this->_project->project_name . '::' . $this->_task->task_name . '::' . $this->file_name, $locale_char_set);
}
$body = $AppUI->_('Project') . ': ' . $this->_project->project_name;
$body .= "\n" . $AppUI->_('URL') . ': ' . W2P_BASE_URL . '/index.php?m=projects&a=view&project_id=' . $this->_project->project_id;
if (intval($this->_task->task_id) != 0) {
$body .= "\n\n" . $AppUI->_('Task') . ': ' . $this->_task->task_name;
$body .= "\n" . $AppUI->_('URL') . ': ' . W2P_BASE_URL . '/index.php?m=tasks&a=view&task_id=' . $this->_task->task_id;
$body .= "\n" . $AppUI->_('Description') . ":\n" . $this->_task->task_description;
$q = new w2p_Database_Query();
$q->addTable('project_contacts', 'pc');
$q->addQuery('c.contact_email as contact_email, c.contact_first_name as contact_first_name, c.contact_last_name as contact_last_name');
$q->addJoin('contacts', 'c', 'c.contact_id = pc.contact_id');
$q->addWhere('pc.project_id = ' . (int) $this->_project->project_id);
$sql = '(' . $q->prepare() . ')';
$q->clear();
$sql .= ' UNION ';
$q->addTable('task_contacts', 'tc');
$q->addQuery('c.contact_email as contact_email, c.contact_first_name as contact_first_name, c.contact_last_name as contact_last_name');
$q->addJoin('contacts', 'c', 'c.contact_id = tc.contact_id');
$q->addWhere('tc.task_id = ' . (int) $this->_task->task_id);
} else {
$q = new w2p_Database_Query();
$q->addTable('project_contacts', 'pc');
$q->addQuery('pc.project_id, pc.contact_id');
$q->addQuery('c.contact_email as contact_email, c.contact_first_name as contact_first_name, c.contact_last_name as contact_last_name');
$q->addJoin('contacts', 'c', 'c.contact_id = pc.contact_id');
$q->addWhere('pc.project_id = ' . (int) $this->file_project);
}
$this->_users = $q->loadList();
$body .= "\n\nFile " . $this->file_name . ' was ' . $this->_message . ' by ' . $AppUI->user_first_name . ' ' . $AppUI->user_last_name;
if ($this->_message != 'deleted') {
$body .= "\n" . $AppUI->_('URL') . ': ' . W2P_BASE_URL . '/fileviewer.php?file_id=' . $this->file_id;
$body .= "\n" . $AppUI->_('Description') . ":\n" . $this->file_description;
}
//send mail
$mail->Body($body, isset($GLOBALS['locale_char_set']) ? $GLOBALS['locale_char_set'] : '');
foreach ($this->_users as $row) {
if ($mail->ValidEmail($row['contact_email'])) {
$mail->To($row['contact_email'], true);
$mail->Send();
}
}
return '';
}
}
}
echo styleRenderBoxTop();
}
echo '<table cellspacing="0" cellpadding="4" border="0" width="100%" class="std">
<tr>
<td>';
// Let's figure out which users we have
$user_list = w2PgetUsersHashList();
// Now which tasks will we need and the real allocated hours (estimated time / number of users)
// Also we will use tasks with duration_type = 1 (hours) and those that are not marked
// as milstones
// GJB: Note that we have to special case duration type 24 and this refers to the hours in a day, NOT 24 hours
$working_hours = $w2Pconfig['daily_working_hours'];
$q = new w2p_Database_Query();
$q->addTable('tasks', 't');
$q->addTable('user_tasks', 'ut');
$q->addJoin('projects', '', 'project_id = task_project', 'inner');
$q->addQuery('t.task_id, round(t.task_duration * IF(t.task_duration_type = 24, ' . $working_hours . ', t.task_duration_type)/count(ut.task_id),2) as hours_allocated');
$q->addWhere('t.task_id = ut.task_id');
$q->addWhere('t.task_milestone = 0');
$q->addWhere('project_active = 1');
if (($template_status = w2PgetConfig('template_projects_status_id')) != '') {
$q->addWhere('project_status <> ' . (int) $template_status);
}
if ($project_id != 0) {
$q->addWhere('t.task_project = ' . (int) $project_id);
}
if (!$log_all) {
$q->addWhere('t.task_start_date >= \'' . $start_date->format(FMT_DATETIME_MYSQL) . '\'');
$q->addWhere('t.task_start_date <= \'' . $end_date->format(FMT_DATETIME_MYSQL) . '\'');
}
$q->addGroup('t.task_id');
$columns = array();
$columns[] = '<b>' . $AppUI->_('Task Name') . '</b>';
$columns[] = '<b>' . $AppUI->_('Owner') . '</b>';
$columns[] = '<b>' . $AppUI->_('Assigned Users') . '</b>';
if ($hasResources) {
$columns[] = '<b>' . $AppUI->_('Assigned Resources') . '</b>';
}
$columns[] = '<b>' . $AppUI->_('Finish Date') . '</b>';
// Grab the completed items in the last week
$q = new w2p_Database_Query();
$q->addQuery('a.*');
$q->addQuery('contact_display_name AS user_username');
$q->addTable('tasks', 'a');
$q->addTable('projects', 'pr');
$q->addWhere('a.task_project = pr.project_id');
$q->addJoin('users', 'b', 'a.task_owner = b.user_id', 'inner');
$q->addJoin('contacts', 'ct', 'ct.contact_id = b.user_contact', 'inner');
$q->addWhere('task_percent_complete < 100');
$q->addWhere('pr.project_active = 1');
if (($template_status = w2PgetConfig('template_projects_status_id')) != '') {
$q->addWhere('pr.project_status <> ' . (int) $template_status);
}
if ($project_id != 0) {
$q->addWhere('task_project = ' . (int) $project_id);
}
$q->addWhere('task_end_date < \'' . $date->format(FMT_DATETIME_MYSQL) . '\'');
$proj = new CProject();
$proj->setAllowedSQL($AppUI->user_id, $q, null, 'pr');
$obj = new CTask();
$obj->setAllowedSQL($AppUI->user_id, $q);
$tasks = $q->loadHashList('task_id');
$q->addJoin('companies', 'com', 'company_id = project_company', 'inner');
$q->addJoin('tasks', 't1', 'p.project_id = t1.task_project', 'inner');
$q->leftJoin('project_departments', 'project_departments', 'p.project_id = project_departments.project_id OR project_departments.project_id IS NULL');
$q->leftJoin('departments', 'departments', 'departments.dept_id = project_departments.department_id OR dept_id IS NULL');
$q->addWhere($where_list . ($where_list ? ' AND ' : '') . 't1.task_id = t1.task_parent');
$q->addGroup('p.project_id');
if (!$project_id && !$task_id) {
$q->addOrder('project_name');
}
if ($project_id > 0) {
$q->addWhere('p.project_id = ' . $project_id);
}
$q2 = new w2p_Database_Query();
$q2->addTable('projects');
$q2->addQuery('project_id, COUNT(t1.task_id) AS total_tasks');
$q2->addJoin('tasks', 't1', 'projects.project_id = t1.task_project', 'inner');
if ($where_list) {
$q2->addWhere($where_list);
}
if ($project_id > 0) {
$q2->addWhere('project_id = ' . $project_id);
}
$q2->addGroup('project_id');
$perms =& $AppUI->acl();
$projects = array();
$canViewTask = canView('tasks');
if ($canViewTask) {
$prc = $q->exec();
echo db_error();
while ($row = $q->fetchRow()) {
$projects[$row['project_id']] = $row;
if ($caller == 'todo') {
$gantt->addMilestone(array($name, $pname, '', $s, $s), $a['task_start_date']);
} else {
$gantt->addMilestone(array($name, '', $s, $s), $a['task_start_date']);
}
} else {
$type = $a['task_duration_type'];
$dur = $a['task_duration'];
if ($type == 24) {
$dur *= $w2Pconfig['daily_working_hours'];
}
if ($showWork == '1') {
$work_hours = 0;
$q = new w2p_Database_Query();
$q->addTable('tasks', 't');
$q->addJoin('user_tasks', 'u', 't.task_id = u.task_id', 'inner');
$q->addQuery('ROUND(SUM(t.task_duration*u.perc_assignment/100),2) AS wh');
$q->addWhere('t.task_duration_type = 24');
$q->addWhere('t.task_id = ' . (int) $a['task_id']);
$wh = $q->loadResult();
$work_hours = $wh * $w2Pconfig['daily_working_hours'];
$q->clear();
$q->addTable('tasks', 't');
$q->addJoin('user_tasks', 'u', 't.task_id = u.task_id', 'inner');
$q->addQuery('ROUND(SUM(t.task_duration*u.perc_assignment/100),2) AS wh');
$q->addWhere('t.task_duration_type = 1');
$q->addWhere('t.task_id = ' . (int) $a['task_id']);
$wh2 = $q->loadResult();
$work_hours += $wh2;
$q->clear();
//due to the round above, we don't want to print decimals unless they really exist
}
} else {
if ($tab < 0) {
$catsql = false;
} else {
$catsql = 'file_category = ' . $tab;
}
}
// Fetch permissions once for all queries
$allowedProjects = $project->getAllowedSQL($AppUI->user_id, 'file_project');
$allowedTasks = $task->getAllowedSQL($AppUI->user_id, 'file_task');
// SQL text for count the total recs from the selected option
$q = new w2p_Database_Query();
$q->addQuery('count(file_id)');
$q->addTable('files', 'f');
$q->addJoin('projects', 'p', 'p.project_id = file_project');
$q->addJoin('tasks', 't', 't.task_id = file_task');
$q->leftJoin('project_departments', 'project_departments', 'p.project_id = project_departments.project_id OR project_departments.project_id IS NULL');
$q->leftJoin('departments', 'departments', 'departments.dept_id = project_departments.department_id OR dept_id IS NULL');
if (count($allowedProjects)) {
$q->addWhere('( ( ' . implode(' AND ', $allowedProjects) . ') OR file_project = 0 )');
}
if (count($allowedTasks)) {
$q->addWhere('( ( ' . implode(' AND ', $allowedTasks) . ') OR file_task = 0 )');
}
if ($catsql) {
$q->addWhere($catsql);
}
if ($company_id) {
$q->addWhere('project_company = ' . (int) $company_id);
}
function getStructuredProjects($original_project_id = 0, $project_status = -1, $active_only = false)
{
global $AppUI, $st_projects_arr;
$st_projects = array(0 => '');
$q = new w2p_Database_Query();
$q->addTable('projects');
$q->addJoin('companies', '', 'projects.project_company = company_id', 'inner');
$q->addQuery('DISTINCT(projects.project_id), project_name, project_parent');
if ($original_project_id) {
$q->addWhere('project_original_parent = ' . (int) $original_project_id);
}
if ($project_status >= 0) {
$q->addWhere('project_status = ' . (int) $project_status);
}
if ($active_only) {
$q->addWhere('project_active = 1');
}
$q->addOrder('project_start_date, project_end_date');
$obj = new CCompany();
$obj->setAllowedSQL($AppUI->user_id, $q);
$dpt = new CDepartment();
$dpt->setAllowedSQL($AppUI->user_id, $q);
$q->leftJoin('project_departments', 'pd', 'pd.project_id = projects.project_id');
$q->leftJoin('departments', 'd', 'd.dept_id = pd.department_id');
$st_projects = $q->loadList();
$tnums = count($st_projects);
for ($i = 0; $i < $tnums; $i++) {
$st_project = $st_projects[$i];
if ($st_project['project_parent'] == $st_project['project_id']) {
show_st_project($st_project);
find_proj_child($st_projects, $st_project['project_id']);
}
}
}
$row = 0;
if (!is_array($projects) || sizeof($projects) == 0) {
$d = new w2p_Utilities_Date();
$columnValues = array('project_name' => $AppUI->_('No projects found'), 'start_date' => $d->getDate(), 'end_date' => $d->getDate(), 'actual_end' => '');
$gantt->addBar($columnValues, ' ', 0.6, 'red');
} else {
if (is_array($projects)) {
//pull all tasks into an array keyed by the project id, and get the tasks in hierarchy
if ($showAllGantt) {
// insert tasks into Gantt Chart
// select for tasks for each project
// pull tasks
$q = new w2p_Database_Query();
$q->addTable('tasks', 't');
$q->addQuery('t.task_id, task_parent, task_name, task_start_date, task_end_date, task_duration, task_duration_type, task_priority, task_percent_complete, task_order, task_project, task_milestone, project_id, project_name, task_dynamic');
$q->addJoin('projects', 'p', 'project_id = t.task_project');
$q->addOrder('project_id, task_start_date');
$q->addWhere('project_original_parent = ' . (int) $original_project_id);
//$tasks = $q->loadList();
$task = new CTask();
$task->setAllowedSQL($AppUI->user_id, $q);
$proTasks = $q->loadHashList('task_id');
$orrarr[] = array('task_id' => 0, 'order_up' => 0, 'order' => '');
$end_max = '0000-00-00 00:00:00';
$start_min = date('Y-m-d H:i:s');
//pull the tasks into an array
foreach ($proTasks as $rec) {
if ($rec['task_start_date'] == '0000-00-00 00:00:00') {
$rec['task_start_date'] = date('Y-m-d H:i:s');
}
$tsd = new w2p_Utilities_Date($rec['task_start_date']);
echo db_error();
if ($company_id) {
$q = new w2p_Database_Query();
$q->addTable('companies');
$q->addQuery('company_name');
$q->addWhere('company_id=' . (int) $company_id);
$cname = 'Company: ' . $q->loadResult();
} else {
$cname = 'All Companies and All Projects';
}
echo db_error();
if ($log_userfilter) {
$q = new w2p_Database_Query();
$q->addTable('contacts');
$q->addQuery('CONCAT(contact_first_name, \' \', contact_last_name)');
$q->addJoin('users', '', 'user_contact = contact_id', 'inner');
$q->addWhere('user_id =' . (int) $log_userfilter);
$uname = 'User: '******'All Users';
}
$font_dir = W2P_BASE_DIR . '/lib/ezpdf/fonts';
$temp_dir = W2P_BASE_DIR . '/files/temp';
$base_url = w2PgetConfig('base_url');
require $AppUI->getLibraryClass('ezpdf/class.ezpdf');
$pdf = new Cezpdf();
$pdf->ezSetCmMargins(1, 2, 1.5, 1.5);
$pdf->selectFont($font_dir . '/Helvetica.afm', 'none');
$pdf->ezText(w2PgetConfig('company_name'), 12);
// $pdf->ezText( w2PgetConfig( 'company_name' ).' :: '.w2PgetConfig( 'page_title' ), 12 );
$date = new w2p_Utilities_Date();