foreach ($_FILES['attachments']['name'] as $num => $filename) { if (empty($_FILES['attachments']['name']) || empty($_FILES['attachments']['name'][$num])) { continue; } if (!isFileNameSafe($_FILES['attachments']['name'][$num])) { exit("Invalid upload filename. Valid filenames contain only alpha-numeric, dot, hyphen and underscore characters."); } $filename = trim($filename); $filename = preg_replace("/[^a-zA-Z0-9-_. ]/", "", $filename); mt_srand(time()); $rand = mt_rand(100000, 999999); $newfilename = $rand . "_" . $filename; move_uploaded_file($_FILES['attachments']['tmp_name'][$num], $projectsdir . $newfilename); $attachments[] = $newfilename; update_query("mod_project", array("attachments" => implode(",", $attachments)), array("id" => $projectid)); project_management_log($projectid, $vars['_lang']['clientaddedattachment'] . " " . $filename); } } redir("m=project_management&a=view&id=" . $projectid); } global $currency; $currency = getCurrency($_SESSION['uid']); $tplvars['project'] = array("id" => $data['id'], "title" => $data['title'], "adminid" => $data['adminid'], "adminname" => get_query_val("tbladmins", "CONCAT(firstname,' ',lastname)", array("id" => $data['adminid'])), "created" => fromMySQLDate($data['created'], 0, 1), "duedate" => fromMySQLDate($data['duedate'], 0, 1), "duein" => project_management_daysleft($data['duedate']), "lastmodified" => fromMySQLDate($data['lastmodified'], 0, 1), "totaltime" => $totaltime, "status" => $data['status']); if (!$tplvars['project']['adminname']) { $tplvars['project']['adminname'] = "None"; } $ticketids = $data['ticketids']; $invoiceids = $data['invoiceids']; $attachments = $data['attachments']; $ticketinvoicelinks = $tickets = $invoices = $attachmentsarray = array(); $ticketids = explode(",", $ticketids);
if (!defined("WHMCS")) { exit("This file cannot be accessed directly"); } $jscode .= "function doDelete(id) {\n if (confirm(\"" . $vars['_lang']['confirmdeleteproject'] . "\")) {\n window.location='" . $modulelink . "&action=delete&projectid='+id;\n }\n}\n"; if ($action == "delete") { if (project_management_checkperm("Delete Projects")) { $projectdata = get_query_vals("mod_project", "id,title,attachments", array("id" => $_REQUEST['projectid'])); $attachments = explode(",", $projectdata['attachments']); $projectsdir = $attachments_dir . "projects/" . (int) $projectdata['id'] . "/"; project_management_recursive_rmdir($projectsdir); delete_query("mod_project", array("id" => $projectdata['id'])); delete_query("mod_projecttasks", array("projectid" => $projectdata['id'])); delete_query("mod_projecttimes", array("projectid" => $projectdata['id'])); delete_query("mod_projectmessages", array("projectid" => $projectdata['id'])); delete_query("mod_projectlog", array("projectid" => $projectdata['id'])); project_management_log($projectdata['projectid'], $vars['_lang']['deletedproject'] . " - " . $projectdata['title']); } redir("module=project_management"); } $q = htmlspecialchars($_REQUEST['q']); echo $headeroutput . "<table width=\"100%\" cellspacing=\"0\" cellpadding=\"0\"><tr><td width=\"80%\" valign=\"top\">\n"; $tabledata = ""; $aInt->sortableTableInit("duedate", "ASC"); $where = "completed=0"; if ($_REQUEST['view'] == "tasks") { if ($_REQUEST['filter'] == "mine") { $where = "adminid=" . $_SESSION['adminid']; } else { if ($_REQUEST['filter'] == "mineincomplete") { $where = "completed=0 AND adminid=" . $_SESSION['adminid']; } else {
$task = $_REQUEST['task']; $taskid = $_REQUEST['taskid']; $taskadmin = $_REQUEST['taskadmin']; $taskduedate = toMySQLDate($_REQUEST['taskduedate']); $tasknotes = $_REQUEST['tasknotes']; update_query("mod_projecttasks", array("task" => $task, "adminid" => $taskadmin, "duedate" => $taskduedate, "notes" => $tasknotes), array("id" => $taskid)); foreach ($_REQUEST['admin'] as $timerid => $adminval) { $starttime = $_REQUEST['start'][$timerid]; $endtime = $_REQUEST['end'][$timerid]; $starttime = toMySQLDate($starttime); if ($endtime && $endtime != "-") { $endtime = toMySQLDate($endtime); } update_query("mod_projecttimes", array("adminid" => $adminval, "start" => strtotime($starttime), "end" => strtotime($endtime)), array("id" => $timerid)); } project_management_log($projectid, "Edited Task ID " . $taskid); redir("module=project_management&m=view&projectid=" . $projectid); } if ($projectid) { $result = select_query("mod_project", "", array("id" => $projectid)); $data = mysql_fetch_array($result); $projectid = $data['id']; if (!$projectid) { echo "<p><b>" . $vars['_lang']['editedendtimefortimeid'] . "</b></p><p>Project ID Not Found</p>"; return null; } $title = $data['title']; $attachments = $data['attachments']; $ticketids = $data['ticketids']; $notes = $data['notes']; $userid = $data['userid'];
function project_management_output($vars) { global $whmcs; global $licensing; global $CONFIG; global $aInt; global $numrows; global $page; global $limit; global $order; global $orderby; global $jquerycode; global $jscode; global $attachments_dir; require ROOTDIR . "/includes/clientfunctions.php"; require ROOTDIR . "/includes/invoicefunctions.php"; $modulelink = $vars['modulelink']; $perms = unserialize($vars['perms']); $m = $_REQUEST['m']; $a = $_REQUEST['a']; $action = $_REQUEST['action']; if (!PMADDONLICENSE) { if ($whmcs->get_req_var("refresh")) { $licensing->forceRemoteCheck(); redir("module=project_management"); } echo "<div class=\"gracefulexit\">\nYour WHMCS license key is not enabled to use the Project Management Addon yet.<br /><br />\nYou can find out more about it and purchase @ <a href=\"http://go.whmcs.com/90/project-management\" target=\"_blank\">www.whmcs.com/addons/project-management</a><br /><br />\nIf you have only recently purchased the addon, please <a href=\"addonmodules.php?module=project_management&refresh=1\">click here</a> to perform a license refresh.\n</div>"; return false; } if ($_REQUEST['createproj']) { $statuses = explode(",", $vars['statusvalues']); if ($_REQUEST['ajax']) { if (project_management_checkperm("Create New Projects")) { $dates = array(); foreach ($_REQUEST['input'] as $key => $value) { if ($value['name'] == "ticketnum") { $value['name'] = "ticketids"; } if ($value['name'] == "created" || $value['name'] == "duedate") { $dates[$value['name']] = $value['value']; $value['value'] = toMySQLDate($value['value']); } $insertarr[$value['name']] = $value['value']; } $insertarr['status'] = $statuses[0]; $insertarr['lastmodified'] = "now()"; $projectid = insert_query("mod_project", $insertarr); echo "<tr><td><a href=\"addonmodules.php?module=project_management&m=view&projectid=" . $projectid . "\">" . $projectid . "</a></td><td><a href=\"addonmodules.php?module=project_management&m=view&projectid=" . $projectid . "\">" . $insertarr['title'] . "</a> <span id=\"projecttimercontrol" . $projectid . "\" class=\"tickettimer\"><a href=\"#\" onclick=\"projectstarttimer('" . $projectid . "');return false\"><img src=\"../modules/addons/project_management/images/starttimer.png\" align=\"absmiddle\" border=\"0\" /> Start Tracking Time</a></td><td>" . get_query_val("tbladmins", "CONCAT(firstname,' ',lastname)", array("id" => $insertarr['adminid'])) . "</td><td>" . $dates['created'] . "</td><td>" . $dates['duedate'] . "</td><td>" . getTodaysDate() . "</td><td>" . $statuses[0] . "</td></tr>"; exit; } else { echo "0"; exit; } } if (project_management_checkperm("Create New Projects") && trim($_REQUEST['title'])) { $projectid = insert_query("mod_project", array("title" => $_REQUEST['title'], "userid" => $_REQUEST['userid'], "created" => toMySQLDate($_REQUEST['created']), "duedate" => toMySQLDate($_REQUEST['duedate']), "adminid" => $_REQUEST['adminid'], "ticketids" => $_REQUEST['ticketnum'], "status" => $statuses[0])); project_management_log($projectid, $vars['_lang']['createdproject']); redir("module=project_management&m=view&projectid=" . (int) $projectid); } } $jscode = "function createnewproject() {\n \$(\"#createnewcont\").slideDown();\n}\nfunction cancelnewproject() {\n \$(\"#createnewcont\").slideUp();\n}\nfunction searchselectclient(userid,name,email) {\n \$(\"#clientname\").val(name);\n \$(\"#userid\").val(userid);\n \$(\"#cpclientname\").val(name);\n \$(\"#cpuserid\").val(userid);\n \$(\"#cpclientsearchcancel\").fadeOut();\n\t\$(\"#cpticketclientsearchresults\").slideUp(\"slow\");\n}\n"; $jquerycode = "\$(\"#cpclientname\").keyup(function () {\n\tvar ticketuseridsearchlength = \$(\"#cpclientname\").val().length;\n\tif (ticketuseridsearchlength>2) {\n\t\$.post(\"search.php\", { ticketclientsearch: 1, value: \$(\"#cpclientname\").val() },\n\t function(data){\n if (data) {\n \$(\"#cpticketclientsearchresults\").html(data);\n \$(\"#cpticketclientsearchresults\").slideDown(\"slow\");\n \$(\"#cpclientsearchcancel\").fadeIn();\n }\n });\n\t}\n});\n\$(\"#cpclientsearchcancel\").click(function () {\n \$(\"#cpticketclientsearchresults\").slideUp(\"slow\");\n \$(\"#cpclientsearchcancel\").fadeOut();\n});"; $headeroutput = "\n<link href=\"../modules/addons/project_management/css/style.css\" rel=\"stylesheet\" type=\"text/css\" />\n\n<div class=\"projectmanagement\">"; if (project_management_checkperm("Create New Projects")) { $headeroutput .= "\n<div id=\"createnewcont\" style=\"display:none;\">\n<div class=\"createnewcont2\">\n<div class=\"createnewproject\">\n<div class=\"title\">" . $vars['_lang']['createnewproject'] . "</div>\n<form method=\"post\" action=\"" . $modulelink . "&createproj=1\">\n<div class=\"label\">" . $vars['_lang']['title'] . "</div>\n<input type=\"text\" name=\"title\" class=\"title\" />\n<div class=\"float\">\n<div class=\"label\">" . $vars['_lang']['created'] . "</div>\n<input type=\"text\" name=\"created\" class=\"datepick\" value=\"" . getTodaysDate() . "\" />\n</div>\n<div class=\"float\">\n<div class=\"label\">" . $vars['_lang']['duedate'] . "</div>\n<input type=\"text\" name=\"duedate\" class=\"datepick\" value=\"" . getTodaysDate() . "\" />\n</div>\n<div class=\"float\">\n<div class=\"label\">" . $vars['_lang']['assignedto'] . "</div>\n<select class=\"title\" name=\"adminid\">"; $headeroutput .= "<option value=\"0\">" . $vars['_lang']['none'] . "</option>"; $result = select_query("tbladmins", "id,firstname,lastname", array("disabled" => "0"), "firstname` ASC,`lastname", "ASC"); while ($data = mysql_fetch_array($result)) { $aid = $data['id']; $adminfirstname = $data['firstname']; $adminlastname = $data['lastname']; $headeroutput .= "<option value=\"" . $aid . "\""; if ($aid == $adminid) { echo " selected"; } $headeroutput .= ">" . $adminfirstname . " " . $adminlastname . "</option>"; } $headeroutput .= "</select>\n</div>\n<div class=\"float\">\n<div class=\"label\">" . $vars['_lang']['ticketnumberhash'] . "</div>\n<input type=\"text\" name=\"ticketnum\" class=\"ticketnum\" />\n</div>\n<div class=\"clear\"></div>\n<div class=\"float\">\n<div class=\"label\">" . $vars['_lang']['associatedclient'] . "</div>\n<input type=\"hidden\" name=\"userid\" id=\"cpuserid\" /><input type=\"text\" id=\"cpclientname\" value=\"" . $clientname . "\" class=\"title\" onfocus=\"if(this.value=='" . addslashes($clientname) . "')this.value=''\" /> <img src=\"images/icons/delete.png\" alt=\"" . $vars['_lang']['cancel'] . "\" align=\"right\" id=\"clientsearchcancel\" height=\"16\" width=\"16\"><div id=\"cpticketclientsearchresults\" style=\"z-index:2000;\"></div>\n</div>\n<br /><br />\n<div align=\"center\"><input type=\"submit\" value=\"" . $vars['_lang']['create'] . "\" class=\"create\" /> <input type=\"button\" value=\"" . $vars['_lang']['cancel'] . "\" class=\"create\" onclick=\"cancelnewproject();return false\" /></div>\n</form>\n</div>\n</div>\n</div>"; } $headeroutput .= "<div class=\"adminbar\"><a href=\"" . $modulelink . "\"><img src=\"images/icons/system.png\" /> " . $vars['_lang']['home'] . "</a> <a href=\"" . $modulelink . "&m=reports\"><img src=\"images/icons/reports.png\" /> " . $vars['_lang']['viewreports'] . "</a> <a href=\"reports.php?report=project_staff_logs\"><img src=\"images/icons/billableitems.png\" /> " . $vars['_lang']['viewstafflogs'] . "</a> <a href=\"" . $modulelink . "&m=activity\"><img src=\"images/icons/logs.png\" /> " . $vars['_lang']['viewactivitylogs'] . "</a> "; if (project_management_check_masteradmin()) { $headeroutput .= "<a href=\"" . $modulelink . "&m=settings\"><img src=\"images/icons/config.png\" /> " . $vars['_lang']['settings'] . "</a> "; } $headeroutput .= "<a href=\"http://docs.whmcs.com/Project_Management\"><img src=\"images/icons/support.png\" /> " . $vars['_lang']['help'] . "</a></div>\n\n<div class=\"mainbar\">\n<table width=\"100%\" cellspacing=\"0\" cellpadding=\"0\"><tr><td>"; if (project_management_checkperm("Create New Projects")) { $headeroutput .= "<a href=\"#\" onclick=\"createnewproject();return false\" class=\"create\"><img src=\"images/icons/add.png\" align=\"top\" border=\"0\" /> <b>" . $vars['_lang']['createnewproject'] . "</b></a>\n</td><td align=\"center\">"; } $headeroutput .= "<span class=\"browsehover\">" . $vars['_lang']['browseprojects'] . "</span>: <a href=\"" . $modulelink . "\">" . $vars['_lang']['incomplete'] . "</a> | <a href=\"" . $modulelink . "&view=mineincomplete\">" . $vars['_lang']['myincomplete'] . "</a> | <a href=\"" . $modulelink . "&view=all\">" . $vars['_lang']['viewall'] . "</a> | <a href=\"" . $modulelink . "&view=mine\">" . $vars['_lang']['assignedtome'] . "</a> | <a href=\"" . $modulelink . "&view=week\">" . $vars['_lang']['duein7days'] . "</a> | <a href=\"" . $modulelink . "&view=closed\">" . $vars['_lang']['closed'] . "</a><br />\n<strong>" . $vars['_lang']['browsetasks'] . "</strong> : <a href=\"" . $modulelink . "&view=tasks&filter=incomplete\">" . $vars['_lang']['incomplete'] . "</a> | <a href=\"" . $modulelink . "&view=tasks&filter=mineincomplete\">" . $vars['_lang']['myincomplete'] . "</a> | <a href=\"" . $modulelink . "&view=tasks\">" . $vars['_lang']['viewall'] . "</a> | <a href=\"" . $modulelink . "&view=tasks&filter=mine\">" . $vars['_lang']['assignedtome'] . "</a> | <a href=\"" . $modulelink . "&view=tasks&filter=week\">" . $vars['_lang']['duein7days'] . "</a> | <a href=\"" . $modulelink . "&view=tasks&filter=closed\">" . $vars['_lang']['closed'] . "</a></span>\n</td><td>\n<form method=\"post\" action=\"" . $modulelink . "\">\n<div class=\"search\"><input type=\"text\" name=\"q\" value=\"" . (isset($_REQUEST['q']) ? $_REQUEST['q'] : $vars['_lang']['search']) . "\" onfocus=\"this.value=(this.value=='" . $vars['_lang']['search'] . "') ? '' : this.value;\" onblur=\"this.value=(this.value=='') ? '" . $vars['_lang']['search'] . "' : this.value;\" class=\"search\" /></div>\n</form>\n</td></tr></table>\n</div>\n"; if (!in_array($m, array("view", "edittask", "activity", "reports", "settings"))) { $m = "overview"; } $modulelink .= "&m=" . $m; require ROOTDIR . "/modules/addons/project_management/" . $m . ".php"; echo "</div>"; }
$counter += 1; } continue; } continue; } } $invoiceids = get_query_val("mod_project", "invoiceids", array("id" => $projectid)); $invoiceids = explode(",", $invoiceids); $invoiceids[] = $invoiceid; $invoiceids = implode(",", $invoiceids); update_query("mod_project", array("invoiceids" => $invoiceids), array("id" => $projectid)); if ($invoiceid && $_REQUEST['sendinvoicegenemail'] == "true") { sendMessage("Invoice Created", $invoiceid); } project_management_log($projectid, $vars['_lang']['createdtimebasedinvoice'] . " " . $invoiceid, $userid); run_hook("InvoiceCreationAdminArea", array("invoiceid" => $invoiceid)); redir("module=project_management&m=view&projectid=" . (int) $projectid); exit; } else { if ($a == "savetasklist") { $tasksarray = array(); $result = select_query("mod_projecttasks", "", array("projectid" => $_REQUEST['projectid']), "order", "ASC"); while ($data = mysql_fetch_array($result)) { $tasksarray[] = array("task" => $data['task'], "notes" => $data['notes'], "adminid" => $data['adminid'], "duedate" => $data['duedate']); } insert_query("mod_projecttasktpls", array("name" => $_REQUEST['taskname'], "tasks" => serialize($tasksarray))); } else { if ($a == "loadtasklist") { $maxorder = get_query_val("mod_projecttasks", "MAX(`order`)", array("projectid" => $_REQUEST['projectid'])); $result = select_query("mod_projecttasktpls", "tasks", array("id" => $_REQUEST['tasktplid']));