public static function get($app, $path, &$cache)
{
if (!starts_with($path, ROOT_PATH)) {
err_log("ILLEGAL REQUEST: " . $path . ", " . ROOT_PATH);
return null;
}
if (is_array($cache) && array_key_exists($path, $cache)) {
return $cache[$path];
}
$item = new Item($app, $path);
if (is_array($cache)) {
$cache[$path] = $item;
}
return $item;
}
$_SESSION['firstname'] = $firstname;
$_SESSION['country'] = $country;
err_log("LOGIN OK", $username);
header("Location: " . $location_url . $redirect);
#header("Location: https://budget.sasscal.org/".$redirect);
die;
} else {
if ($output == "RESET PASSWORD") {
$fields = array('username' => $username, 'redirect' => $redirect);
$postvars = http_build_query($fields);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $location_url . "reset_password.php");
curl_setopt($ch, CURLOPT_POST, count($fields));
curl_setopt($ch, CURLOPT_POSTFIELDS, $postvars);
$result = curl_exec($ch);
curl_close($ch);
die;
} else {
err_log("LOGIN FAILED", $username);
//POST error back to login
$fields = array('error' => $output);
$postvars = http_build_query($fields);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $location_url . "login.php");
curl_setopt($ch, CURLOPT_POST, count($fields));
curl_setopt($ch, CURLOPT_POSTFIELDS, $postvars);
$result = curl_exec($ch);
curl_close($ch);
die;
}
}
if (empty($consumables_planned)) {
$consumables_planned = array_key_exists("consumables_planned", $_POST) ? $_POST["consumables_planned"] : "";
}
$transport_planned = array_key_exists("transport_planned", $_GET) ? $_GET["transport_planned"] : "";
if (empty($transport_planned)) {
$transport_planned = array_key_exists("transport_planned", $_POST) ? $_POST["transport_planned"] : "";
}
$sql = " UPDATE budget SET investments = " . (empty($investments) ? "0" : $investments) . ", personnel = " . (empty($personnel) ? "0" : $personnel) . ", services = " . (empty($services) ? "0" : $services) . ", consumables = " . (empty($consumables) ? "0" : $consumables) . ", transport = " . (empty($transport) ? "0" : $transport) . (empty($status) ? "" : ", status = " . $status) . " WHERE task_id = " . $taskid . " AND year = " . $year . " AND quarter = " . $quarter;
$conn = getConnection();
$result = pg_query($conn, $sql);
if ($result) {
$details = "[taskid:" . $taskid . ", year:" . $year . ", quarter:" . $quarter . ", status:" . $status . ", investments:" . $investments . ", personnel:" . $personnel . ", services:" . $services . ", consumables:" . $consumables . ", transport:" . $transport . "]";
err_log("UPDATE ESTIMATES: ", $details);
// this would also mean that the database trigger will have created the next quarter
$nexty = $quarter == 4 ? $year + 1 : $year;
$nextq = $quarter == 4 ? 1 : $quarter + 1;
$sql = " UPDATE budget SET investments_planned = " . (empty($investments_planned) ? "0" : $investments_planned) . ", personnel_planned = " . (empty($personnel_planned) ? "0" : $personnel_planned) . ", services_planned = " . (empty($services_planned) ? "0" : $services_planned) . ", consumables_planned = " . (empty($consumables_planned) ? "0" : $consumables_planned) . ", transport_planned = " . (empty($transport_planned) ? "0" : $transport_planned) . (empty($status) ? "" : ", status = " . $status) . " WHERE task_id = " . $taskid . " AND year = " . $nexty . " AND quarter = " . $nextq;
$result = pg_query($conn, $sql);
if ($result) {
echo "OK";
$details = "[taskid:" . $taskid . ", year:" . $nexty . ", quarter:" . $nextq . ", status:" . $status . ", investments_planned:" . $investments_planned . ", personnel_planned:" . $personnel_planned . ", services_planned:" . $services_planned . ", consumables_planned:" . $consumables_planned . ", transport_planned:" . $transport_planned . "]";
err_log("UPDATE PLANNED", $details);
} else {
echo pg_last_error($conn);
err_log("UPDATE PLANNED FAILED", pg_last_error($conn));
}
} else {
echo pg_last_error($conn);
err_log("UPDATE ESTIMATES FAILED ", pg_last_error($conn));
}
pg_close($conn);
<?php
include 'check_access.php';
require_once "db.php";
$taskid = array_key_exists("taskid", $_GET) ? $_GET["taskid"] : "";
if (empty($taskid)) {
$taskid = array_key_exists("taskid", $_POST) ? $_POST["taskid"] : "";
}
if (empty($taskid)) {
echo "No Task ID Specified";
exit;
}
$completion = array_key_exists("completion", $_GET) ? $_GET["completion"] : "";
if (empty($completion)) {
$completion = array_key_exists("completion", $_POST) ? $_POST["completion"] : "";
}
$sql = " UPDATE task SET completed_percentage = " . (empty($completion) ? "0" : $completion) . " WHERE id = " . $taskid;
$conn = getConnection();
$result = pg_query($conn, $sql);
if ($result) {
echo "OK";
$details = "[taskid:" . $taskid . ", completed_percentage:" . $completion . "]";
err_log("UPDATE TASK COMPLETION", $details);
} else {
echo pg_last_error($conn);
err_log("UPDATE TASK COMPLETION FAILED", pg_last_error($conn));
}
pg_close($conn);
$year = array_key_exists("year", $_POST) ? $_POST["year"] : "";
$quarter = array_key_exists("quarter", $_POST) ? $_POST["quarter"] : "";
$status = array_key_exists("status", $_POST) ? $_POST["status"] : "";
$investments = array_key_exists("investments", $_POST) ? $_POST["investments"] : "";
$personnel = array_key_exists("personnel", $_POST) ? $_POST["personnel"] : "";
$services = array_key_exists("services", $_POST) ? $_POST["services"] : "";
$consumables = array_key_exists("consumables", $_POST) ? $_POST["consumables"] : "";
$transport = array_key_exists("transport", $_POST) ? $_POST["transport"] : "";
$admin = array_key_exists("admin", $_POST) ? $_POST["admin"] : "";
$investments_actual = array_key_exists("investments_actual", $_POST) ? $_POST["investments_actual"] : "";
$personnel_actual = array_key_exists("personnel_actual", $_POST) ? $_POST["personnel_actual"] : "";
$services_actual = array_key_exists("services_actual", $_POST) ? $_POST["services_actual"] : "";
$consumables_actual = array_key_exists("consumables_actual", $_POST) ? $_POST["consumables_actual"] : "";
$transport_actual = array_key_exists("transport_actual", $_POST) ? $_POST["transport_actual"] : "";
$investments_planned = array_key_exists("investments_planned", $_POST) ? $_POST["investments_planned"] : "";
$personnel_planned = array_key_exists("personnel_planned", $_POST) ? $_POST["personnel_planned"] : "";
$services_planned = array_key_exists("services_planned", $_POST) ? $_POST["services_planned"] : "";
$consumables_planned = array_key_exists("consumables_planned", $_POST) ? $_POST["consumables_planned"] : "";
$transport_planned = array_key_exists("transport_planned", $_POST) ? $_POST["transport_planned"] : "";
$sql = " UPDATE budget SET investments = " . (empty($investments) ? "0" : $investments) . ", personnel = " . (empty($personnel) ? "0" : $personnel) . ", services = " . (empty($services) ? "0" : $services) . ", consumables = " . (empty($consumables) ? "0" : $consumables) . ", transport = " . (empty($transport) ? "0" : $transport) . ", admin = " . (empty($admin) ? "0" : $admin) . ", investments_actual = " . (empty($investments_actual) ? "0" : $investments_actual) . ", personnel_actual = " . (empty($personnel_actual) ? "0" : $personnel_actual) . ", services_actual = " . (empty($services_actual) ? "0" : $services_actual) . ", consumables_actual = " . (empty($consumables_actual) ? "0" : $consumables_actual) . ", transport_actual = " . (empty($transport_actual) ? "0" : $transport_actual) . ", investments_planned = " . (empty($investments_planned) ? "0" : $investments_planned) . ", personnel_planned = " . (empty($personnel_planned) ? "0" : $personnel_planned) . ", services_planned = " . (empty($services_planned) ? "0" : $services_planned) . ", consumables_planned = " . (empty($consumables_planned) ? "0" : $consumables_planned) . ", transport_planned = " . (empty($transport_planned) ? "0" : $transport_planned) . (empty($status) ? "" : ", status = " . $status) . " WHERE task_id = " . $taskid . " AND year = " . $year . " AND quarter = " . $quarter;
$conn = getConnection();
$result = pg_query($conn, $sql);
if ($result) {
echo "OK";
$details = "[taskid:" . $taskid . ", year:" . $year . ", quarter:" . $quarter . ", status:" . $status . ", investments:" . $investments . ", personnel:" . $personnel . ", services:" . $services . ", consumables:" . $consumables . ", transport=" . $transport . ", investments_actual:" . $investments_actual . ", personnel_actual:" . $personnel_actual . ", services_actual:" . $services_actual . ", consumables_actual:" . $consumables_actual . ", transport_actual:" . $transport_actual . ", admin:" . $admin . ", investments_planned:" . $investments_planned . ", personnel_planned:" . $personnel_planned . ", services_planned:" . $services_planned . ", consumables_planned:" . $consumables_planned . ", transport_planned:" . $transport_planned . "]";
err_log("UPDATE LOADING", $details);
} else {
echo pg_last_error($conn);
err_log("UPDATE LOADING FAILED", pg_last_error($conn));
}
pg_close($conn);
}
if ($password !== $password2) {
echo "PASSWORDS DO NOT MATCH";
die;
}
$pass_hash = substr(crypt($password, '$2y$09$' . $pw_salt . '$'), 29);
$sql = " UPDATE access set password = '******' " . "WHERE username = '******' RETURNING level, firstname, country";
$conn = getConnection();
$result = pg_query($conn, $sql);
if ($result) {
$rows = pg_affected_rows($result);
$row = pg_fetch_array($result);
if ($rows > 0) {
echo "OK";
session_start();
session_regenerate_id(true);
$_SESSION['access'] = $row["level"];
$_SESSION['username'] = $username;
$_SESSION['firstname'] = $row["firstname"];
$_SESSION['country'] = $row["country"];
err_log("PASSWORD RESET FOR USER", $username);
die;
} else {
echo "USER NOT FOUND: " . $username;
err_log("PASSWORD RESET FAILED FOR " . $username, "Username Not Found");
}
} else {
echo pg_last_error($conn);
err_log("PASSWORD RESET FAILED FOR " . $username, pg_last_error($conn));
}
pg_close($conn);
if (empty($investments_budget)) {
$investments_budget = array_key_exists("investments_budget", $_POST) ? $_POST["investments_budget"] : "";
}
$services_budget = array_key_exists("services_budget", $_GET) ? $_GET["services_budget"] : "";
if (empty($services_budget)) {
$services_budget = array_key_exists("services_budget", $_POST) ? $_POST["services_budget"] : "";
}
$consumables_budget = array_key_exists("consumables_budget", $_GET) ? $_GET["consumables_budget"] : "";
if (empty($consumables_budget)) {
$consumables_budget = array_key_exists("consumables_budget", $_POST) ? $_POST["consumables_budget"] : "";
}
$transport_budget = array_key_exists("transport_budget", $_GET) ? $_GET["transport_budget"] : "";
if (empty($transport_budget)) {
$transport_budget = array_key_exists("transport_budget", $_POST) ? $_POST["transport_budget"] : "";
}
$personnel_budget = array_key_exists("personnel_budget", $_GET) ? $_GET["personnel_budget"] : "";
if (empty($personnel_budget)) {
$personnel_budget = array_key_exists("personnel_budget", $_POST) ? $_POST["personnel_budget"] : "";
}
$sql = " INSERT INTO task (id, description, owner, institution, country, thematic_area, currency, investments_budget, services_budget, consumables_budget, transport_budget, personnel_budget) VALUES ({$taskid}, '" . $description . "', '" . $owner . "', '" . $institution . "', '" . $country . "', '" . $thematic_area . "', '" . $currency . "', " . $investments_budget . ", " . $services_budget . ", " . $consumables_budget . ", " . $transport_budget . ", " . $personnel_budget . "); INSERT INTO budget (task_id, year, quarter, status) VALUES (" . $taskid . ", " . $firstyear . ", " . $firstquarter . ", 1)";
$conn = getConnection();
$result = pg_query($conn, $sql);
if ($result) {
echo "OK";
$details = "[taskid:" . $taskid . ", owner:" . $owner . ", country:" . $country . ", thematic_area:" . $thematic_area . ", currency:" . $currency . ", start:Q" . $firstquarter . ", " . $firstyear . ", description:'" . $description . "', institution:'" . $institution . "', budget: investments=" . $investments_budget . ", services=" . $services_budget . ", consumables=" . $consumables_budget . ", transport=" . $transport_budget . ", personnel=" . $personnel_budget . "]";
err_log("ADD TASK", $details);
} else {
echo pg_last_error($conn);
err_log("ADD TASK FAILED", pg_last_error($conn));
}
pg_close($conn);
$status = array_key_exists("status", $_POST) ? $_POST["status"] : "";
}
$received = array_key_exists("received", $_GET) ? $_GET["received"] : "";
if (empty($received)) {
$received = array_key_exists("received", $_POST) ? $_POST["received"] : "";
}
$received_date = array_key_exists("received_date", $_GET) ? $_GET["received_date"] : "";
if (empty($received_date)) {
$received_date = array_key_exists("received_date", $_POST) ? $_POST["received_date"] : "";
}
$xrate = array_key_exists("xrate", $_GET) ? $_GET["xrate"] : "";
if (empty($xrate)) {
$xrate = array_key_exists("xrate", $_POST) ? $_POST["xrate"] : "";
}
if ($received < 0) {
echo "Received amount cannot be negative";
err_log("UPDATE RECEIPTS FAILED", "Attempting to add negative receipt of " . $received . " to task " . $taskid);
return;
}
$sql = " UPDATE budget SET received = " . $received . ", received_date = '" . $received_date . "' " . ", xrate = " . $xrate . (empty($status) ? "" : ", status = " . $status) . " WHERE task_id = " . $taskid . " AND year = " . $year . " AND quarter = " . $quarter;
$conn = getConnection();
$result = pg_query($conn, $sql);
if ($result) {
echo "OK";
$details = "[taskid:" . $taskid . ", year:" . $year . ", quarter:" . $quarter . ", received:" . $received . ", received_date:" . $received_date . ", xrate:" . $xrate . ", status:" . $status . "]";
err_log("UPDATE RECEIPTS", $details);
} else {
echo pg_last_error($conn);
err_log("UPDATE RECEIPTS FAILED", pg_last_error($conn));
}
pg_close($conn);
die;
}
}
$username = array_key_exists("username", $_GET) ? $_GET["username"] : "";
if (empty($username)) {
$username = array_key_exists("username", $_POST) ? $_POST["username"] : "";
if (empty($username)) {
echo "Please enter a username";
die;
}
}
$country = array_key_exists("country", $_GET) ? $_GET["country"] : "";
if (empty($country)) {
$country = array_key_exists("country", $_POST) ? $_POST["country"] : "";
}
$level = array_key_exists("level", $_GET) ? $_GET["level"] : "";
if (empty($level)) {
$level = array_key_exists("level", $_POST) ? $_POST["level"] : "";
}
$sql = " INSERT INTO access (username, password, level, country, firstname, lastname) VALUES ('" . $username . "', '', " . $level . ", '" . $country . "', '" . $firstname . "', '" . $lastname . "' )";
$conn = getConnection();
$result = pg_query($conn, $sql);
if ($result) {
echo "OK";
$details = "[username:"******", password:"******", level:" . $level . ", country:" . $country . ", firstname:" . $firstname . ", lastname:" . $lastname . "]";
err_log("ADD USER", $details);
} else {
echo pg_last_error($conn);
err_log("ADD USER FAILED", pg_last_error($conn));
}
pg_close($conn);
}
$prev_unused = array_key_exists("prev_unused", $_GET) ? $_GET["prev_unused"] : "";
if (empty($prev_unused)) {
$prev_unused = array_key_exists("prev_unused", $_POST) ? $_POST["prev_unused"] : "";
}
$prev_xrate = array_key_exists("prev_xrate", $_GET) ? $_GET["prev_xrate"] : "";
if (empty($prev_xrate)) {
$prev_xrate = array_key_exists("prev_xrate", $_POST) ? $_POST["prev_xrate"] : "";
}
$admin = array_key_exists("admin", $_GET) ? $_GET["admin"] : "";
if (empty($admin)) {
$admin = array_key_exists("admin", $_POST) ? $_POST["admin"] : "";
}
$sql = " UPDATE budget SET investments_actual = " . (empty($investments) ? "0" : $investments) . ", personnel_actual = " . (empty($personnel) ? "0" : $personnel) . ", services_actual = " . (empty($services) ? "0" : $services) . ", consumables_actual = " . (empty($consumables) ? "0" : $consumables) . ", transport_actual = " . (empty($transport) ? "0" : $transport) . ", admin = " . (empty($admin) ? "0" : $admin) . (empty($status) ? "" : ", status = " . $status) . " WHERE task_id = " . $taskid . " AND year = " . $year . " AND quarter = " . $quarter;
//if ($status == 3) { //THIS IS NOW TAKEN CARE OF BY THE DATABASE TRIGGER ON BUDGET UPDATE
//$next_quarter = $quarter >= 4 ? 1 : $quarter + 1;
//$next_year = $quarter >= 4 ? $year + 1 : $year;
//$sql .= "; INSERT INTO budget (task_id, year, quarter, prev_unused, prev_xrate, status) ".
//" VALUES (".$taskid.", ".$next_year.", ".$next_quarter.", ".$prev_unused.", ".$prev_xrate.", 1)";
//}
$conn = getConnection();
$result = pg_query($conn, $sql);
if ($result) {
echo "OK";
$details = "[taskid:" . $taskid . ", year:" . $year . ", quarter:" . $quarter . ", status:" . $status . ", investments:" . $investments . ", personnel:" . $personnel . ", services:" . $services . ", consumables:" . $consumables . ", transport:" . $transport . ", admin:" . $admin . "]";
err_log("UPDATE ACTUALS", $details);
} else {
echo pg_last_error($conn);
err_log("UPDATE ACTUALS FAILED", pg_last_error($conn));
}
pg_close($conn);
if (empty($consumables_budget)) {
$consumables_budget = array_key_exists("consumables_budget", $_POST) ? $_POST["consumables_budget"] : "";
}
$transport_budget = array_key_exists("transport_budget", $_GET) ? $_GET["transport_budget"] : "";
if (empty($transport_budget)) {
$transport_budget = array_key_exists("transport_budget", $_POST) ? $_POST["transport_budget"] : "";
}
$personnel_budget = array_key_exists("personnel_budget", $_GET) ? $_GET["personnel_budget"] : "";
if (empty($personnel_budget)) {
$personnel_budget = array_key_exists("personnel_budget", $_POST) ? $_POST["personnel_budget"] : "";
}
$year_budget = array_key_exists("year_budget", $_GET) ? $_GET["year_budget"] : "";
if (empty($year_budget)) {
$year_budget = array_key_exists("year_budget", $_POST) ? $_POST["year_budget"] : "";
}
$kfw_phase_budget = array_key_exists("kfw_phase_budget", $_GET) ? $_GET["kfw_phase_budget"] : "";
if (empty($kfw_phase_budget)) {
$kfw_phase_budget = array_key_exists("kfw_phase_budget", $_POST) ? $_POST["kfw_phase_budget"] : "";
}
$sql = " UPDATE task SET investments_budget = " . (empty($investments_budget) ? "0" : $investments_budget) . ", personnel_budget = " . (empty($personnel_budget) ? "0" : $personnel_budget) . ", services_budget = " . (empty($services_budget) ? "0" : $services_budget) . ", consumables_budget = " . (empty($consumables_budget) ? "0" : $consumables_budget) . ", transport_budget = " . (empty($transport_budget) ? "0" : $transport_budget) . ", year_budget = " . (empty($year_budget) ? "0" : $year_budget) . ", kfw_phase_budget = " . (empty($kfw_phase_budget) ? "0" : $kfw_phase_budget) . " WHERE id = " . $taskid;
$conn = getConnection();
$result = pg_query($conn, $sql);
if ($result) {
echo "OK";
$details = "[taskid:" . $taskid . ", investments_budget:" . $investments_budget . ", personnel_budget:" . $personnel_budget . ", services_budget:" . $services_budget . ", consumables_budget:" . $consumables_budget . ", transport_budget:" . $transport_budget . ", year_budget:" . $year_budget . ", kfw_phase_budget:" . $kfw_phase_budget . "]";
err_log("UPDATE TASK FIGURES", $details);
} else {
echo pg_last_error($conn);
err_log("UPDATE TASK FIGURES FAILED", pg_last_error($conn));
}
pg_close($conn);
<?php
require_once "db.php";
session_start();
$key = $_POST['key'];
$value = $_POST['value'];
$acceptable_keys = array('taskid', 'year', 'quarter', 'reload');
if (isset($_SESSION)) {
if (in_array($key, $acceptable_keys)) {
$_SESSION[$key] = $value;
//err_log("Setting ".$key." to ".$value);
} else {
err_log("WARNING - attempt to change session variable: " . $key);
}
}
$output['taskid'] = isset($_SESSION['taskid']) ? $_SESSION['taskid'] : '?';
$output['year'] = isset($_SESSION['year']) ? $_SESSION['year'] : '?';
$output['quarter'] = isset($_SESSION['quarter']) ? $_SESSION['quarter'] : '?';
echo json_encode($output);