public function testW2PgetParam()
{
$params = array('m' => 'projects', 'a' => 'view', 'v' => '<script>alert</script>', 'html' => '<div onclick="doSomething()">asdf</div>', '<script>' => 'Something Nasty');
$this->assertEquals('projects', w2PgetParam($params, 'm'));
$this->assertEquals('', w2PgetParam($params, 'NotGonnaBeThere'));
$this->assertEquals('Some Default', w2PgetParam($params, 'NotGonnaBeThere', 'Some Default'));
//$this->markTestIncomplete("Currently w2PgetParam redirects for tainted names.. what do we do there?");
//$this->markTestIncomplete("Currently w2PgetParam redirects for tainted values.. what do we do there?");
}
function sendNewPass()
{
global $AppUI;
$_live_site = w2PgetConfig('base_url');
$_sitename = w2PgetConfig('company_name');
// ensure no malicous sql gets past
$checkusername = trim(w2PgetParam($_POST, 'checkusername', ''));
$checkusername = db_escape($checkusername);
$confirmEmail = trim(w2PgetParam($_POST, 'checkemail', ''));
$confirmEmail = strtolower(db_escape($confirmEmail));
$q = new DBQuery();
$q->addTable('users');
$q->addJoin('contacts', '', 'user_contact = contact_id', 'inner');
$q->addQuery('user_id');
$q->addWhere('user_username = \'' . $checkusername . '\'');
$q->addWhere('LOWER(contact_email) = \'' . $confirmEmail . '\'');
if (!($user_id = $q->loadResult()) || !$checkusername || !$confirmEmail) {
$AppUI->setMsg('Invalid username or email.', UI_MSG_ERROR);
$AppUI->redirect();
}
$newpass = makePass();
$message = $AppUI->_('sendpass0', UI_OUTPUT_RAW) . ' ' . $checkusername . ' ' . $AppUI->_('sendpass1', UI_OUTPUT_RAW) . ' ' . $_live_site . ' ' . $AppUI->_('sendpass2', UI_OUTPUT_RAW) . ' ' . $newpass . ' ' . $AppUI->_('sendpass3', UI_OUTPUT_RAW);
$subject = $_sitename . ' :: ' . $AppUI->_('sendpass4', UI_OUTPUT_RAW) . ' - ' . $checkusername;
$m = new Mail();
// create the mail
$m->To($confirmEmail);
$m->Subject($subject);
$m->Body($message, isset($GLOBALS['locale_char_set']) ? $GLOBALS['locale_char_set'] : '');
// set the body
$m->Send();
// send the mail
$newpass = md5($newpass);
$q->addTable('users');
$q->addUpdate('user_password', $newpass);
$q->addWhere('user_id=' . $user_id);
$cur = $q->exec();
if (!$cur) {
die('SQL error' . $database->stderr(true));
} else {
$AppUI->setMsg('New User Password created and emailed to you');
$AppUI->redirect();
}
}
if (!$canRead) {
$AppUI->redirect('m=public&a=access_denied');
}
$AppUI->savePlace();
w2PsetMicroTime();
// retrieve any state parameters
if (isset($_REQUEST['company_id'])) {
$AppUI->setState('CalIdxCompany', intval(w2PgetParam($_REQUEST, 'company_id', 0)));
}
$company_id = $AppUI->getState('CalIdxCompany', 0);
// Using simplified set/get semantics. Doesn't need as much code in the module.
$event_filter = $AppUI->checkPrefState('CalIdxFilter', w2PgetParam($_REQUEST, 'event_filter', 'my'), 'EVENTFILTER', 'my');
// get the passed timestamp (today if none)
$ctoday = new w2p_Utilities_Date();
$today = $ctoday->format(FMT_TIMESTAMP_DATE);
$date = w2PgetParam($_GET, 'date', $today);
// get the list of visible companies
$company = new CCompany();
$companies = $company->getAllowedRecords($AppUI->user_id, 'company_id,company_name', 'company_name');
$companies = arrayMerge(array('0' => $AppUI->_('All')), $companies);
// setup the title block
$titleBlock = new CTitleBlock('Monthly Calendar', 'myevo-appointments.png', $m, $m . '.' . $a);
$titleBlock->addCrumb('?m=calendar&a=year_view&date=' . $date, 'year view');
$titleBlock->addCrumb('?m=calendar&date=' . $date, 'month view');
$titleBlock->addCrumb('?m=calendar&a=week_view&date=' . $date, 'week view');
$titleBlock->addCrumb('?m=calendar&a=day_view&date=' . $date, 'day view');
$titleBlock->addCell($AppUI->_('Company') . ':');
$titleBlock->addCell(arraySelect($companies, 'company_id', 'onChange="document.pickCompany.submit()" class="text"', $company_id), '', '<form action="' . $_SERVER['REQUEST_URI'] . '" method="post" name="pickCompany" accept-charset="utf-8">', '</form>');
$titleBlock->addCell($AppUI->_('Event Filter') . ':');
$titleBlock->addCell(arraySelect($event_filter_list, 'event_filter', 'onChange="document.pickFilter.submit()" class="text"', $event_filter, true), '', '<form action="' . $_SERVER['REQUEST_URI'] . '" method="post" name="pickFilter" accept-charset="utf-8">', '</form>');
$titleBlock->show();
<?php
if (!defined('W2P_BASE_DIR')) {
die('You should not call this file directly.');
}
$sort = w2PgetParam($_REQUEST, 'sort', 'asc');
$forum_id = w2PgetParam($_REQUEST, 'forum_id', 0);
$message_id = w2PgetParam($_REQUEST, 'message_id', 0);
$perms =& $AppUI->acl();
if (!$perms->checkModuleItem('forums', 'view', $forum_id)) {
$AppUI->redirect(ACCESS_DENIED);
}
$forum = new CForum();
$forum->load($forum_id);
$project = new CProject();
$project->load($forum->forum_project);
$messages = $forum->getMessages(null, $forum_id, $message_id, $sort);
// get the prefered date format
$df = $AppUI->getPref('SHDATEFORMAT');
$df .= ' ' . $AppUI->getPref('TIMEFORMAT');
$pdfdata = array();
$pdfhead = array('Date', 'User', 'Message');
foreach ($messages as $row) {
// Find the parent message - the topic.
if ($row['message_id'] == $message_id) {
$topic = $row['message_title'];
}
$date = new w2p_Utilities_Date($AppUI->formatTZAwareTime($row['message_date'], '%Y-%m-%d %T'));
$pdfdata[] = array($date->format($df), $row['contact_display_name'], '<b>' . $row['message_title'] . '</b>' . "\n" . $row['message_body']);
}
$font_dir = W2P_BASE_DIR . '/lib/ezpdf/fonts';
$projFilter = arrayMerge(array('-2' => 'All w/o in progress'), $projFilter);
$projFilter = arrayMerge(array('-3' => 'All w/o archived'), $projFilter);
natsort($projFilter);
// retrieve any state parameters
if (isset($_GET['tab'])) {
$AppUI->setState('DeptProjIdxTab', w2PgetParam($_GET, 'tab', null));
}
if (isset($_GET['orderby'])) {
$orderdir = $AppUI->getState('DeptProjIdxOrderDir') ? $AppUI->getState('DeptProjIdxOrderDir') == 'asc' ? 'desc' : 'asc' : 'desc';
$AppUI->setState('DeptProjIdxOrderBy', w2PgetParam($_GET, 'orderby', null));
$AppUI->setState('DeptProjIdxOrderDir', $orderdir);
}
$orderby = $AppUI->getState('DeptProjIdxOrderBy') ? $AppUI->getState('DeptProjIdxOrderBy') : 'project_end_date';
$orderdir = $AppUI->getState('DeptProjIdxOrderDir') ? $AppUI->getState('DeptProjIdxOrderDir') : 'asc';
if (isset($_POST['show_form'])) {
$AppUI->setState('addProjWithOwnerInDep', w2PgetParam($_POST, 'add_pwoid', 0));
}
$addPwT = $AppUI->getState('addProjWithTasks', 0);
$addPwOiD = $AppUI->getState('addProjWithOwnerInDep', 0);
$extraGet = '&user_id=' . $user_id;
// collect the full projects list data via function in projects.class.php
/*
* TODO: This is a *nasty* *nasty* kludge that should be cleaned up.
* Unfortunately due to the global variables from dotProject, we're stuck with
* this mess for now.
*
* May God have mercy on our souls for the atrocity we're about to commit.
*/
$tmpDepartments = $department;
$department = $dept_id;
$project = new CProject();
}
if ($ted->after(new CDate($projects[$row['task_project']]['project_end_date'])) || $projects[$row['task_project']]['project_end_date'] == '') {
$projects[$row['task_project']]['project_end_date'] = $row['task_end_date'];
}
$projects[$row['task_project']]['tasks'][] = $row;
}
$q->clear();
unset($proTasks);
//consider critical (concerning end date) tasks as well
if ($caller != 'todo') {
$start_min = $projects[$project_id]['project_start_date'];
$end_max = $projects[$project_id]['project_end_date'] > $criticalTasks[0]['task_end_date'] ? $projects[$project_id]['project_end_date'] : $criticalTasks[0]['task_end_date'];
}
$width = min(w2PgetParam($_GET, 'width', 600), 1400);
$start_date = w2PgetParam($_GET, 'start_date', $start_min);
$end_date = w2PgetParam($_GET, 'end_date', $end_max);
$count = 0;
$gantt = new GanttRenderer($AppUI, $width);
$gantt->localize();
$gantt->setTitle($projects[$project_id]['project_name'], '#' . $projects[$project_id]['project_color_identifier']);
$field = $showWork == '1' ? 'Work' : 'Dur';
if ($caller == 'todo') {
$columnNames = array('Task name', 'Project name', $field, 'Start', 'Finish');
$columnSizes = array(180, 50, 60, 60, 60);
} else {
$columnNames = array('Task name', $field, 'Start', 'Finish');
$columnSizes = array(230, 60, 60, 60);
}
$gantt->setColumnHeaders($columnNames, $columnSizes);
//-----------------------------------------
// nice Gantt image
<?php
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
$perms =& $AppUI->acl();
$role_id = (int) w2PgetParam($_GET, 'role_id', 0);
$role = $perms->getRole($role_id);
$tab = $AppUI->processIntState('RoleVwTab', $_GET, 'tab', 0);
if (!is_array($role)) {
$titleBlock = new w2p_Theme_TitleBlock('Invalid Role', 'main-settings.png', $m);
$titleBlock->addCrumb('?m=system&u=roles', 'role list');
$titleBlock->show();
} else {
$titleBlock = new w2p_Theme_TitleBlock('View Role', 'main-settings.png', $m);
$titleBlock->addCrumb('?m=system&u=roles', 'role list');
$titleBlock->show();
// Now onto the display of the user.
?>
<table class="std view">
<tr>
<td align="right" nowrap="nowrap"><?php
echo $AppUI->_('Role ID');
?>
:</td>
<td class="hilite" width="100%"><?php
echo $role["value"];
?>
</td>
</tr>
<tr>
$q->clear();
}
$AppUI->redirect('', -1);
}
$AppUI->savePlace();
$durnTypes = w2PgetSysVal('TaskDurationType');
$taskPriority = w2PgetSysVal('TaskPriority');
$task_project = $project_id;
$task_sort_item1 = w2PgetParam($_GET, 'task_sort_item1', '');
$task_sort_type1 = w2PgetParam($_GET, 'task_sort_type1', '');
$task_sort_item2 = w2PgetParam($_GET, 'task_sort_item2', '');
$task_sort_type2 = w2PgetParam($_GET, 'task_sort_type2', '');
$task_sort_order1 = intval(w2PgetParam($_GET, 'task_sort_order1', 0));
$task_sort_order2 = intval(w2PgetParam($_GET, 'task_sort_order2', 0));
if (isset($_POST['show_task_options'])) {
$AppUI->setState('TaskListShowIncomplete', w2PgetParam($_POST, 'show_incomplete', 0));
}
$showIncomplete = $AppUI->getState('TaskListShowIncomplete', 0);
$project = new CProject();
// $allowedProjects = $project->getAllowedRecords($AppUI->user_id, 'project_id, project_name');
$allowedProjects = $project->getAllowedSQL($AppUI->user_id);
$working_hours = $w2Pconfig['daily_working_hours'] ? $w2Pconfig['daily_working_hours'] : 8;
$q->addQuery('projects.project_id, project_color_identifier, project_name');
$q->addQuery('SUM(task_duration * task_percent_complete * IF(task_duration_type = 24, ' . $working_hours . ', task_duration_type)) / SUM(task_duration * IF(task_duration_type = 24, ' . $working_hours . ', task_duration_type)) AS project_percent_complete');
$q->addQuery('company_name');
$q->addTable('projects');
$q->leftJoin('tasks', 't1', 'projects.project_id = t1.task_project');
$q->leftJoin('companies', 'c', 'company_id = project_company');
$q->leftJoin('project_departments', 'project_departments', 'projects.project_id = project_departments.project_id OR project_departments.project_id IS NULL');
$q->leftJoin('departments', 'departments', 'departments.dept_id = project_departments.department_id OR dept_id IS NULL');
$q->addWhere('t1.task_id = t1.task_parent');
}
$bulk_move_date = (int) w2PgetParam($_POST, 'bulk_move_date', '0');
$bulk_task_percent_complete = w2PgetParam($_POST, 'bulk_task_percent_complete', '');
$perms =& $AppUI->acl();
if (!canEdit('tasks')) {
$AppUI->redirect('m=public&a=access_denied');
}
//Lets store the panels view options of the user:
$pdo = new CProjectDesignerOptions();
$pdo->pd_option_user = $AppUI->user_id;
$pdo->pd_option_view_project = w2PgetParam($_POST, 'opt_view_project', 0);
$pdo->pd_option_view_gantt = w2PgetParam($_POST, 'opt_view_gantt', 0);
$pdo->pd_option_view_tasks = w2PgetParam($_POST, 'opt_view_tasks', 0);
$pdo->pd_option_view_actions = w2PgetParam($_POST, 'opt_view_actions', 0);
$pdo->pd_option_view_addtasks = w2PgetParam($_POST, 'opt_view_addtsks', 0);
$pdo->pd_option_view_files = w2PgetParam($_POST, 'opt_view_files', 0);
$pdo->store();
if (is_array($selected) && count($selected)) {
$upd_task = new CTask();
foreach ($selected as $key => $val) {
if ($key) {
$upd_task->load($key);
}
//Action: Modify Percent Complete
if ($bulk_task_percent_complete != '' && (int) $_POST['bulk_task_percent_complete'] == (int) $bulk_task_percent_complete) {
if ($upd_task->task_id) {
$upd_task->task_percent_complete = $bulk_task_percent_complete;
$result = $upd_task->store($AppUI);
if (is_array($result)) {
break;
}
$perms =& $AppUI->acl();
$canView = $perms->checkModule($m, 'view');
$canAddProject = $perms->checkModuleItem('projects', 'view', $project_id);
if (!$canView) {
$AppUI->redirect('m=public&a=access_denied');
}
$AppUI->loadCalendarJS();
$today = new CDate();
//Lets load the users panel viewing options
$q = new DBQuery();
$q->addTable('project_designer_options', 'pdo');
$q->addQuery('pdo.*');
$q->addWhere('pdo.pd_option_user = '******'project_id', 0);
$project_id = (int) w2PgetParam($_GET, 'project_id', $project_id);
$extra = array('where' => 'project_active = 1');
$project = new CProject();
$projects = $project->getAllowedRecords($AppUI->user_id, 'projects.project_id,project_name', 'project_name', null, $extra, 'projects');
$q = new DBQuery();
$q->addTable('projects');
$q->addQuery('projects.project_id, company_name');
$q->addJoin('companies', 'co', 'co.company_id = project_company');
$idx_companies = $q->loadHashList();
$q->clear();
foreach ($projects as $prj_id => $prj_name) {
$projects[$prj_id] = $idx_companies[$prj_id] . ': ' . $prj_name;
}
asort($projects);
$projects = arrayMerge(array('0' => $AppUI->_('(None)', UI_OUTPUT_RAW)), $projects);
$extra = array();
<?php
/* $Id$ $URL$ */
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
$file_folder_id = intval(w2PgetParam($_POST, 'file_folder_id', 0));
$del = intval(w2PgetParam($_POST, 'del', 0));
$redirect = w2PgetParam($_POST, 'redirect', '');
$isNotNew = $_POST['file_folder_id'];
$perms =& $AppUI->acl();
if ($del) {
if (!$perms->checkModule('files', 'delete')) {
$AppUI->redirect('m=public&a=access_denied');
}
} elseif ($isNotNew) {
if (!$perms->checkModule('files', 'edit')) {
$AppUI->redirect('m=public&a=access_denied');
}
} else {
if (!$perms->checkModule('files', 'add')) {
$AppUI->redirect('m=public&a=access_denied');
}
}
$obj = new CFileFolder();
if ($file_folder_id) {
$obj->_message = 'updated';
$oldObj = new CFileFolder();
$oldObj->load($file_folder_id);
} else {
$obj->_message = 'added';
<?php
/* $Id: contact_selector.php 1967 2011-07-03 22:39:16Z caseydk $ $URL: https://web2project.svn.sourceforge.net/svnroot/web2project/tags/version2.4/modules/public/contact_selector.php $ */
//if (!defined('W2P_BASE_DIR')){
// die('You should not access this file directly.');
//}
$show_all = w2PgetParam($_REQUEST, 'show_all', 0);
$company_id = w2PgetParam($_REQUEST, 'company_id', 0);
$contact_id = w2PgetParam($_POST, 'contact_id', 0);
$call_back = w2PgetParam($_GET, 'call_back', null);
$contacts_submited = w2PgetParam($_POST, 'contacts_submited', 0);
$selected_contacts_id = w2PgetParam($_GET, 'selected_contacts_id', '');
if (w2PgetParam($_POST, 'selected_contacts_id')) {
$selected_contacts_id = w2PgetParam($_POST, 'selected_contacts_id');
}
?>
<script language="javascript" type="text/javascript">
// ECMA Script section Carsten Menke <*****@*****.**>
function setContactIDs(method, querystring) {
var URL = 'index.php?m=public&a=contact_selector';
var field = document.getElementsByName('contact_id[]');
var selected_contacts_id = document.frmContactSelect.selected_contacts_id;
var tmp = new Array();
if (method == 'GET' && querystring){
URL += '&' + querystring;
}
var count = 0;
for (i = 0, i_cmp = field.length; i < i_cmp; i++) {
if (field[i].checked) {
<?php
/* $Id$ $URL$ */
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
// check permissions
$perms =& $AppUI->acl();
if (!canEdit('roles')) {
$AppUI->redirect('m=public&a=access_denied');
}
$del = (int) w2PgetParam($_POST, 'del', 0);
$copy_role_id = w2PgetParam($_POST, 'copy_role_id', null);
$role = new CRole();
if ($msg = $role->bind($_POST)) {
$AppUI->setMsg($msg, UI_MSG_ERROR);
$AppUI->redirect();
}
if ($del) {
if ($role->delete()) {
$AppUI->setMsg('Role deleted', UI_MSG_ALERT);
} else {
$AppUI->setMsg('This Role could not be deleted', UI_MSG_ERROR);
}
} else {
//Reformulated the store method to return the id of the role if sucessful, because the ids are managed by phpGALC
//and therefore when we store the role, the role id is empty. So we need the id returned by phpGACL to be able to
//copy permissions from other Roles.
//If no valid id (by that I mean an integer value) is returned, then we trigger the Error Message $msg (not an integer).
if (!(int) ($msg = $role_id = $role->store())) {
$AppUI->setMsg($msg, UI_MSG_ERROR);
?>
</th>
</tr>
<?php
foreach ($billingcodes as $code) {
echo showcodes($code);
}
if (isset($_GET['billingcode_id'])) {
$q->addQuery('*');
$q->addTable('billingcode');
$q->addWhere('billingcode_id = ' . (int) w2PgetParam($_GET, 'billingcode_id', 0));
list($obj) = $q->loadList();
echo '
<tr>
<td> <input type="hidden" name="billingcode_id" value="' . w2PgetParam($_GET, 'billingcode_id', 0) . '" /></td>
<td><input type="text" class="text" name="billingcode_name" value="' . $obj['billingcode_name'] . '" /></td>
<td><input type="text" class="text" name="billingcode_value" value="' . $obj['billingcode_value'] . '" /></td>
<td><input type="text" class="text" name="billingcode_desc" value="' . $obj['billingcode_desc'] . '" /></td>
</tr>';
} else {
?>
<tr>
<td> </td>
<td><input type="text" class="text" name="billingcode_name" value="" /></td>
<td><input type="text" class="text" name="billingcode_value" value="" /></td>
<td><input type="text" class="text" name="billingcode_desc" value="" /></td>
</tr>
<?php
}
?>
$perms =& $AppUI->acl();
if (!canView('users')) {
$AppUI->redirect(ACCESS_DENIED);
}
if (isset($_GET['stub'])) {
$AppUI->setState('UserIdxStub', w2PgetParam($_GET, 'stub', null));
$AppUI->setState('UserIdxWhere', '');
} elseif (isset($_POST['search_string'])) {
$AppUI->setState('UserIdxWhere', $_POST['search_string']);
$AppUI->setState('UserIdxStub', '');
}
$stub = $AppUI->getState('UserIdxStub');
$where = $AppUI->getState('UserIdxWhere');
$where = w2PformSafe($where, true);
if (isset($_GET['orderby'])) {
$AppUI->setState('UserIdxOrderby', w2PgetParam($_GET, 'orderby', null));
}
$orderby = $AppUI->getState('UserIdxOrderby') ? $AppUI->getState('UserIdxOrderby') : 'user_username';
$orderby = $tab == 3 || $orderby != 'date_time_in' && $orderby != 'user_ip' ? $orderby : 'user_username';
// Pull First Letters
$letters = CUser::getFirstLetters();
$letters = $letters . CContact::getFirstLetters($AppUI->user_id, true);
$a2z = '<a href="./index.php?m=users&stub=0">' . $AppUI->_('All') . '</a> ';
for ($c = 65; $c < 91; $c++) {
$cu = chr($c);
$cell = !(mb_strpos($letters, $cu) === false) ? '<a href="?m=users&stub=' . $cu . '">' . $cu . '</a>' : '<font color="#999999">' . $cu . '</font>';
$a2z .= $cell . ' ';
}
// setup the title block
$titleBlock = new w2p_Theme_TitleBlock('User Management', 'icon.png', $m);
$titleBlock->addSearchCell($where);
<?php
/* $Id$ $URL$ */
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
global $AppUI, $cal_sdf;
$AppUI->loadCalendarJS();
$do_report = w2PgetParam($_POST, 'do_report', 0);
$log_start_date = w2PgetParam($_POST, 'log_start_date', 0);
$log_end_date = w2PgetParam($_POST, 'log_end_date', 0);
$log_all = w2PgetParam($_POST['log_all'], 0);
$group_by_unit = w2PgetParam($_POST['group_by_unit'], 'day');
// create Date objects from the datetime fields
$start_date = intval($log_start_date) ? new w2p_Utilities_Date($log_start_date) : new w2p_Utilities_Date();
$end_date = intval($log_end_date) ? new w2p_Utilities_Date($log_end_date) : new w2p_Utilities_Date();
if (!$log_start_date) {
$start_date->subtractSpan(new Date_Span('14,0,0,0'));
}
$end_date->setTime(23, 59, 59);
if (function_exists('styleRenderBoxTop')) {
echo styleRenderBoxTop();
}
?>
<form name="editFrm" action="index.php?m=reports" method="post" accept-charset="utf-8">
<input type="hidden" name="project_id" value="<?php
echo $project_id;
?>
" />
<input type="hidden" name="report_type" value="<?php
echo $report_type;
<?php
/**
* This file exists exclusively because it allows the Files module to use the
* same url generation that the other modules do. Aka.. it makes our lives
* easier and it's one less thing to have to code around.
*/
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
$file_id = (int) w2PgetParam($_GET, 'file_id', 0);
$file = new CFile();
if (!$file->load($file_id)) {
$AppUI->redirect(ACCESS_DENIED);
}
header("Location: fileviewer.php?file_id=" . $file_id);
<?php
/* $Id$ $URL$ */
if (!defined('W2P_BASE_DIR')) {
die('You should not call this file directly.');
}
$df = $AppUI->getPref('SHDATEFORMAT');
$date = w2PgetParam($_GET, 'date', '');
$field = w2PgetParam($_GET, 'field', '');
$this_day = new w2p_Utilities_Date($date);
$formatted_date = $this_day->format($df);
?>
<script language="javascript" type="text/javascript">
<!--
window.parent.document.<?php
echo $field;
?>
.value = '<?php
echo $formatted_date;
?>
';
//-->
</script>
<?php
/* $Id$ $URL$ */
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
// Add / Edit forum
$message_parent = (int) w2PgetParam($_GET, 'message_parent', -1);
$message_id = (int) w2PgetParam($_GET, 'message_id', 0);
$forum_id = (int) w2PgetParam($_REQUEST, 'forum_id', 0);
$perms =& $AppUI->acl();
$canAdd = $perms->checkModuleItem('forums', 'add');
$canEdit = $perms->checkModuleItem('forums', 'edit', $forum_id);
// check permissions
if (!$canEdit && !$canAdd) {
$AppUI->redirect('m=public&a=access_denied');
}
//Pull forum information
$myForum = new CForum();
$myForum->load($AppUI, $forum_id);
if (!$myForum) {
$AppUI->setMsg('Forum');
$AppUI->setMsg('invalidID', UI_MSG_ERROR, true);
$AppUI->redirect('m=forums');
} else {
$AppUI->savePlace();
}
// Build a back-url for when the back button is pressed
$back_url_params = array();
foreach ($_GET as $k => $v) {
if ($k != 'post_message') {
<?php
/* $Id$ $URL$ */
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
$perms =& $AppUI->acl();
if (!canView('tasks')) {
$AppUI->redirect('m=public&a=access_denied');
}
$proj = (int) w2PgetParam($_GET, 'project', 0);
$userFilter = w2PgetParam($_GET, 'userFilter', false);
$q = new w2p_Database_Query();
$q->addQuery('t.task_id, t.task_name');
$q->addTable('tasks', 't');
if ($userFilter) {
$q->addJoin('user_tasks', 'ut', 'ut.task_id = t.task_id');
$q->addWhere('ut.user_id = ' . (int) $AppUI->user_id);
}
if ($proj != 0) {
$q->addWhere('task_project = ' . (int) $proj);
}
$tasks = $q->loadList();
$q->clear();
?>
<script language="javascript" type="text/javascript">
function loadTasks() {
var tasks = new Array();
var sel = parent.document.forms['form'].new_task;
while (sel.options.length) {
break;
case 'taskowned':
$q->addWhere('task_owner = ' . (int) $user_id);
break;
default:
$q->addTable('user_tasks');
$q->addWhere('user_tasks.user_id = ' . (int) $user_id);
$q->addWhere('user_tasks.task_id = tasks.task_id');
break;
}
if (($project_id || $task_id) && $showIncomplete) {
$q->addWhere('( task_percent_complete < 100 OR task_percent_complete IS NULL)');
}
$task_status = 0;
if ($min_view && isset($_GET['task_status'])) {
$task_status = (int) w2PgetParam($_GET, 'task_status', null);
} elseif ($currentTabId == 1 && $project_id) {
$task_status = -1;
} elseif (!$currentTabName) {
// If we aren't tabbed we are in the tasks list.
$task_status = (int) $AppUI->getState('inactive');
}
//When in task view context show all the tasks, active and inactive. (by not limiting the query by task status)
//When in a project view or in the tasks list, show the active or the inactive tasks depending on the selected tab or button.
if (!$task_id) {
$q->addWhere('task_status = ' . (int) $task_status);
}
if (isset($task_type) && (int) $task_type > 0) {
$q->addWhere('task_type = ' . (int) $task_type);
}
if (isset($task_owner) && (int) $task_owner > 0) {
/** @deprecated */
function w2PgetCleanParam(&$arr, $name, $def = null)
{
trigger_error("w2PgetCleanParam() has been deprecated in v3.1 and will be removed in v4.0. Use w2PgetParam() instead.", E_USER_NOTICE);
return w2PgetParam($arr, $name, $def);
}
}
/* FILES $Id$ */
// modified later by Pablo Roca (proca) in 18 August 2003 - added page support
// Files modules: index page re-usable sub-table
global $AppUI, $deny1, $canRead, $canEdit, $canAdmin;
global $company_id, $project_id, $task_id;
global $currentTabId;
global $currentTabName;
global $tabbed, $m;
// add to allow for returning to other modules besides Files
$current_uriArray = parse_url($_SERVER['REQUEST_URI']);
$current_uri = $current_uriArray['query'];
$tab = !$company_id && !$project_id && !$task_id || $m == 'files' ? $currentTabId : 0;
$page = w2PgetParam($_GET, 'page', 1);
if (!isset($project_id)) {
$project_id = w2PgetParam($_REQUEST, 'project_id', 0);
}
if (!isset($showProject)) {
$showProject = true;
}
$xpg_pagesize = w2PgetConfig('page_size', 50);
$xpg_min = $xpg_pagesize * ($page - 1);
// This is where we start our record set from
// load the following classes to retrieved denied records
$project = new CProject();
$task = new CTask();
$df = $AppUI->getPref('SHDATEFORMAT');
$tf = $AppUI->getPref('TIMEFORMAT');
if (($company_id || $project_id || $task_id) && !($m == 'files')) {
$catsql = false;
} elseif ($tabbed) {
<?php
/* $Id: index.php 1877 2011-05-06 15:00:39Z caseydk $ $URL: https://web2project.svn.sourceforge.net/svnroot/web2project/tags/version2.4/modules/contacts/index.php $ */
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
$AppUI->savePlace();
if (!$canAccess) {
$AppUI->redirect('m=public&a=access_denied');
}
$perms =& $AppUI->acl();
$countries = w2PgetSysVal('GlobalCountries');
// retrieve any state parameters
$searchString = w2PgetParam($_GET, 'search_string', '');
if ($searchString != '') {
$AppUI->setState('ContIdxWhere', $searchString);
}
$where = $AppUI->getState('ContIdxWhere') ? $AppUI->getState('ContIdxWhere') : '%';
$orderby = 'contact_first_name';
$search_map = array($orderby, 'contact_first_name', 'contact_last_name');
// optional fields shown in the list (could be modified to allow brief and verbose, etc)
$showfields = array('contact_address1' => 'contact_address1', 'contact_address2' => 'contact_address2', 'contact_city' => 'contact_city', 'contact_state' => 'contact_state', 'contact_zip' => 'contact_zip', 'contact_country' => 'contact_country', 'contact_company' => 'contact_company', 'company_name' => 'company_name', 'dept_name' => 'dept_name', 'contact_phone' => 'contact_phone', 'contact_email' => 'contact_email', 'contact_job' => 'contact_job');
$contactMethods = array('phone_alt', 'phone_mobile', 'phone_fax');
$methodLabels = w2PgetSysVal('ContactMethods');
// assemble the sql statement
$rows = CContact::searchContacts($AppUI, $where);
$carr[] = array();
$carrWidth = 4;
$carrHeight = 4;
$rn = count($rows);
$t = ceil($rn / $carrWidth);
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
// @todo convert to template
global $AppUI, $cal_sdf;
$AppUI->getTheme()->loadCalendarJS();
$do_report = w2PgetParam($_POST, 'do_report', 0);
$log_start_date = w2PgetParam($_POST, 'log_start_date', 0);
$log_end_date = w2PgetParam($_POST, 'log_end_date', 0);
$log_all = w2PgetParam($_POST['log_all'], 0);
$use_period = w2PgetParam($_POST, 'use_period', 0);
$display_week_hours = w2PgetParam($_POST, 'display_week_hours', 0);
$max_levels = w2PgetParam($_POST, 'max_levels', 'max');
$log_userfilter = w2PgetParam($_POST, 'log_userfilter', '');
$log_open = w2PgetParam($_POST, 'log_open', 0);
$pdf_output = w2PgetParam($_POST, 'pdf_output', 0);
$table_header = '';
$table_rows = '';
// create Date objects from the datetime fields
$start_date = intval($log_start_date) ? new w2p_Utilities_Date($log_start_date) : new w2p_Utilities_Date();
$end_date = intval($log_end_date) ? new w2p_Utilities_Date($log_end_date) : new w2p_Utilities_Date();
if (!$log_start_date) {
$start_date->subtractSpan(new Date_Span('14,0,0,0'));
}
$end_date->setTime(23, 59, 59);
echo $AppUI->getTheme()->styleRenderBoxTop();
?>
<form name="editFrm" action="index.php?m=reports" method="post" accept-charset="utf-8">
<input type="hidden" name="project_id" value="<?php
echo $project_id;
?>
<?php
/* PROJECTS $Id$ $URL$ */
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
global $AppUI, $projects, $company_id, $pstatus, $project_statuses, $currentTabId, $currentTabName, $is_tabbed, $st_projects_arr;
$perms =& $AppUI->acl();
$df = $AppUI->getPref('SHDATEFORMAT');
$page = w2PgetParam($_GET, 'page', 1);
$xpg_pagesize = w2PgetConfig('page_size', 50);
$xpg_min = $xpg_pagesize * ($page - 1);
// This is where we start our record set from
$projectStatuses = w2PgetSysVal('ProjectStatus');
//Tabbed view
if ($is_tabbed) {
$project_status_filter = $currentTabId;
//Lets fix the status filter for Not defined, All, All Active and Archived
//All
if ($currentTabId == 0) {
$project_status_filter = -1;
//All Active
} elseif ($currentTabId == 1) {
$project_status_filter = -2;
//Archived
} elseif ($currentTabId == count($project_statuses) - 1) {
$project_status_filter = -3;
//The other project status
} else {
$project_status_filter = $projectStatuses[0] ? $currentTabId - 2 : $currentTabId - 1;
}
*/
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
global $this_day, $prev_day, $next_day, $first_time, $last_time, $company_id, $event_filter, $event_filter_list, $AppUI;
// load the event types
$types = w2PgetSysVal('EventType');
$links = array();
$df = $AppUI->getPref('SHDATEFORMAT');
$perms =& $AppUI->acl();
$user_id = $AppUI->user_id;
$other_users = false;
$no_modify = false;
if (canView('admin')) {
$other_users = true;
if (($show_uid = w2PgetParam($_REQUEST, 'show_user_events', 0)) != 0) {
$user_id = $show_uid;
$no_modify = true;
$AppUI->setState('event_user_id', $user_id);
}
}
class CTask_ex extends CTask
{
public function getAllTasksForPeriod($start_date, $end_date, $company_id = 0, $user_id = null)
{
global $AppUI;
$q = new w2p_Database_Query();
// convert to default db time stamp
$db_start = $start_date->format(FMT_DATETIME_MYSQL);
$db_end = $end_date->format(FMT_DATETIME_MYSQL);
// Allow for possible passing of user_id 0 to stop user filtering
if ($canEdit && $project_id) {
$titleBlock->addCell('<input type="submit" class="button" value="' . $AppUI->_('new task') . '">', '', '<form action="?m=tasks&a=addedit&task_project=' . $project_id . '" method="post" accept-charset="utf-8">', '</form>');
}
$titleBlock->show();
if (w2PgetParam($_GET, 'inactive', '') == 'toggle') {
$AppUI->setState('inactive', $AppUI->getState('inactive') == -1 ? 0 : -1);
}
$in = $AppUI->getState('inactive') == -1 ? '' : 'in';
// use a new title block (a new row) to prevent from oversized sites
$titleBlock = new w2p_Theme_TitleBlock('', 'shim.gif');
$titleBlock->showhelp = false;
$titleBlock->addCell(' ' . $AppUI->_('Task Filter') . ':');
$titleBlock->addCell(arraySelect($filters, 'f', 'size="1" class="text" onChange="document.taskFilter.submit();"', $f, true), '', '<form action="?m=tasks" method="post" name="taskFilter" accept-charset="utf-8">', '</form>');
$titleBlock->addCell();
$titleBlock->addCrumb('?m=tasks&a=todo&user_id=' . $user_id, 'my todo');
if (w2PgetParam($_GET, 'pinned') == 1) {
$titleBlock->addCrumb('?m=tasks', 'all tasks');
} else {
$titleBlock->addCrumb('?m=tasks&pinned=1', 'my pinned tasks');
}
$titleBlock->addCrumb('?m=tasks&inactive=toggle', 'show ' . $in . 'active tasks');
$titleBlock->addCrumb('?m=tasks&a=tasksperuser', 'tasks per user');
if (!$project_id) {
if (!isset($query_string)) {
$query_string = '';
}
$titleBlock->addCell('
<form name="task_list_options" method="post" action="' . $query_string . '" accept-charset="utf-8">
<input type="hidden" name="show_task_options" value="1" />
<input type="checkbox" name="show_incomplete" id="show_incomplete" onclick="document.task_list_options.submit();"' . ($showIncomplete ? 'checked="checked"' : '') . '/>
<label for="show_incomplete">' . $AppUI->_("Incomplete Tasks Only") . '</label>
if ($department > 0) {
$q->addWhere('project_departments.department_id = ' . (int) $department);
}
if (!($department > 0) && $company_id != 0) {
$q->addWhere('project_company = ' . (int) $company_id);
}
$q->addWhere('project_original_parent = ' . (int) $original_project_id);
$pjobj->setAllowedSQL($AppUI->user_id, $q, null, 'pr');
$q->addGroup('pr.project_id');
$q->addOrder('project_start_date, project_end_date, project_name');
$projects = $q->loadHashList('project_id');
$q->clear();
$width = w2PgetParam($_GET, 'width', 600);
$start_date = w2PgetParam($_GET, 'start_date', 0);
$end_date = w2PgetParam($_GET, 'end_date', 0);
$showAllGantt = w2PgetParam($_REQUEST, 'showAllGantt', '1');
$gantt = new w2p_Output_GanttRenderer($AppUI, $width);
$gantt->localize();
$original_project = new CProject();
$original_project->load($original_project_id);
$tableTitle = $original_project->project_name . ': ' . $AppUI->_('Multi-Project Gantt');
$gantt->setTitle($tableTitle, '#eeeeee');
$columnNames = array('Project name', 'Start Date', 'Finish', 'Actual End');
$columnSizes = array(200, 75, 75, 75);
$gantt->setColumnHeaders($columnNames, $columnSizes);
/*
* TODO: Technically, doing the date math below using the strtotime is bad
* form because it is suseptible to the 2038 date bug. Hopefully, we'll
* either have this bug fixed and resolved by then and/or no one is
* scheduling projects 28 years into the future. Regardless, it's much
* easier than actual date math.
public function notifyOwner()
{
$q = new w2p_Database_Query();
global $AppUI, $locale_char_set;
$q->addTable('projects');
$q->addQuery('project_name');
$q->addWhere('project_id=' . (int) $this->task_project);
$projname = htmlspecialchars_decode($q->loadResult());
$q->clear();
$mail = new w2p_Utilities_Mail();
$mail->Subject($projname . '::' . $this->task_name . ' ' . $AppUI->_($this->_action, UI_OUTPUT_RAW), $locale_char_set);
// c = creator
// a = assignee
// o = owner
$q->addTable('tasks', 't');
$q->leftJoin('user_tasks', 'u', 'u.task_id = t.task_id');
$q->leftJoin('users', 'o', 'o.user_id = t.task_owner');
$q->leftJoin('contacts', 'oc', 'oc.contact_id = o.user_contact');
$q->addQuery('oc.contact_id as owner_contact_id');
$q->leftJoin('users', 'c', 'c.user_id = t.task_creator');
$q->leftJoin('contacts', 'cc', 'cc.contact_id = c.user_contact');
$q->addQuery('cc.contact_id as creator_contact_id');
$q->leftJoin('users', 'a', 'a.user_id = u.user_id');
$q->leftJoin('contacts', 'ac', 'ac.contact_id = a.user_contact');
$q->addQuery('ac.contact_id as assignee_contact_id');
$q->addQuery('t.task_id, cc.contact_email as creator_email' . ', cc.contact_first_name as creator_first_name' . ', cc.contact_last_name as creator_last_name' . ', oc.contact_email as owner_email' . ', oc.contact_first_name as owner_first_name' . ', oc.contact_last_name as owner_last_name' . ', a.user_id as assignee_id, ac.contact_email as assignee_email' . ', ac.contact_first_name as assignee_first_name' . ', ac.contact_last_name as assignee_last_name');
$q->addWhere(' t.task_id = ' . (int) $this->task_id);
$users = $q->loadList();
$q->clear();
if (count($users)) {
$body = $AppUI->_('Project', UI_OUTPUT_RAW) . ': ' . $projname . "\n" . $AppUI->_('Task', UI_OUTPUT_RAW) . ': ' . $this->task_name . "\n" . $AppUI->_('URL', UI_OUTPUT_RAW) . ': ' . W2P_BASE_URL . '/index.php?m=tasks&a=view&task_id=' . $this->task_id . "\n\n" . $AppUI->_('Description', UI_OUTPUT_RAW) . ': ' . "\n" . $this->task_description . "\n\n" . $AppUI->_('Creator', UI_OUTPUT_RAW) . ': ' . $AppUI->user_first_name . ' ' . $AppUI->user_last_name . "\n\n" . $AppUI->_('Progress', UI_OUTPUT_RAW) . ': ' . $this->task_percent_complete . '%' . "\n\n" . w2PgetParam($_POST, 'task_log_description');
$mail->Body($body, isset($GLOBALS['locale_char_set']) ? $GLOBALS['locale_char_set'] : '');
}
if ($mail->ValidEmail($users[0]['owner_email'])) {
$mail->To($users[0]['owner_email'], true);
$mail->Send();
}
return '';
}