public function loadFull(CAppUI $AppUI = null, $contactId)
{
global $AppUI;
$q = new DBQuery();
$q->addTable('contacts');
$q->addJoin('companies', 'cp', 'cp.company_id = contact_company');
$q->addWhere('contact_id = ' . (int) $contactId);
$q->loadObject($this, true, false);
}
public function loadFull(CAppUI $AppUI, $link_id)
{
$q = new DBQuery();
$q->addQuery('links.*');
$q->addQuery('user_username');
$q->addQuery('contact_first_name, contact_last_name');
$q->addQuery('project_id');
$q->addQuery('task_id, task_name');
$q->addTable('links');
$q->leftJoin('users', 'u', 'link_owner = user_id');
$q->leftJoin('contacts', 'c', 'user_contact = contact_id');
$q->leftJoin('projects', 'p', 'project_id = link_project');
$q->leftJoin('tasks', 't', 'task_id = link_task');
$q->addWhere('link_id = ' . (int) $link_id);
$q->loadObject($this, true, false);
}
public function loadFull(CAppUI $AppUI = null, $deptId)
{
global $AppUI;
$q = new DBQuery();
$q->addTable('companies', 'com');
$q->addTable('departments', 'dep');
$q->addQuery('dep.*, company_name');
$q->addQuery('con.contact_first_name');
$q->addQuery('con.contact_last_name');
$q->addJoin('users', 'u', 'u.user_id = dep.dept_owner');
$q->addJoin('contacts', 'con', 'u.user_contact = con.contact_id');
$q->addWhere('dep.dept_id = ' . (int) $deptId);
$q->addWhere('dep.dept_company = company_id');
$this->company_name = '';
$this->contact_first_name = '';
$this->contact_last_name = '';
$q->loadObject($this);
}
public function canDelete(&$msg, $oid = null, $joins = null)
{
global $AppUI;
$q = new DBQuery();
// First things first. Are we allowed to delete?
$acl =& $AppUI->acl();
if (!$acl->checkModule('task_log', 'delete')) {
$msg = $AppUI->_('noDeletePermission');
return false;
}
$k = $this->_tbl_key;
if ($oid) {
$this->{$k} = intval($oid);
}
if (is_array($joins)) {
$q->addTable($this->_tbl, 'k');
$q->addQuery($k);
$i = 0;
foreach ($joins as $table) {
$table_alias = 't' . $i++;
$q->leftJoin($table['name'], $table_alias, $table_alias . '.' . $table['joinfield'] . ' = ' . 'k' . '.' . $k);
$q->addQuery('COUNT(DISTINCT ' . $table_alias . '.' . $table['idfield'] . ') AS ' . $table['idfield']);
}
$q->addWhere($k . ' = ' . $this->{$k});
$q->addGroup($k);
$obj = null;
$q->loadObject($obj);
$q->clear();
if (!$obj) {
$msg = db_error();
return false;
}
$msg = array();
foreach ($joins as $table) {
$k = $table['idfield'];
if ($obj->{$k}) {
$msg[] = $AppUI->_($table['label']);
}
}
if (count($msg)) {
$msg = $AppUI->_('noDeleteRecord') . ': ' . implode(', ', $msg);
return false;
}
}
return true;
}
public function loadFull(CAppUI $AppUI = null, $companyId)
{
global $AppUI;
$q = new DBQuery();
$q->addTable('companies');
$q->addQuery('companies.*');
$q->addQuery('con.contact_first_name');
$q->addQuery('con.contact_last_name');
$q->leftJoin('users', 'u', 'u.user_id = companies.company_owner');
$q->leftJoin('contacts', 'con', 'u.user_contact = con.contact_id');
$q->addWhere('companies.company_id = ' . (int) $companyId);
$q->loadObject($this, true, false);
}
$q->addWhere('task_project = ' . (int) $project_id);
$hasTasks = $q->loadResult();
$q->clear();
// load the record data
// GJB: Note that we have to special case duration type 24 and this refers to the hours in a day, NOT 24 hours
$obj = null;
if ($hasTasks) {
$q->addTable('projects');
$q->addQuery('company_name, CONCAT_WS(\' \',contact_first_name,contact_last_name) user_name, projects.*, SUM(t1.task_duration * t1.task_percent_complete * IF(t1.task_duration_type = 24, ' . $working_hours . ', t1.task_duration_type)) / SUM(t1.task_duration * IF(t1.task_duration_type = 24, ' . $working_hours . ', t1.task_duration_type)) AS project_percent_complete');
$q->addJoin('companies', 'com', 'company_id = project_company');
$q->addJoin('users', 'u', 'user_id = project_owner');
$q->addJoin('contacts', 'con', 'contact_id = user_contact');
$q->addJoin('tasks', 't1', 'projects.project_id = t1.task_project');
$q->addWhere('projects.project_id = ' . (int) $project_id . ' AND t1.task_id = t1.task_parent');
$q->addGroup('projects.project_id');
$q->loadObject($obj);
} else {
$q->addTable('projects');
$q->addQuery('company_name, CONCAT_WS(\' \',contact_first_name,contact_last_name) user_name, projects.*, (0.0) AS project_percent_complete');
$q->addJoin('companies', 'com', 'company_id = project_company');
$q->addJoin('users', 'u', 'user_id = project_owner');
$q->addJoin('contacts', 'con', 'contact_id = user_contact');
$q->addWhere('projects.project_id = ' . (int) $project_id);
$q->addGroup('projects.project_id');
$q->loadObject($obj);
}
$q->clear();
if (!$obj) {
$AppUI->setMsg('Project');
$AppUI->setMsg('invalidID', UI_MSG_ERROR, true);
$AppUI->redirect();
/**
* Login function
*
* A number of things are done in this method to prevent illegal entry:
* <ul>
* <li>The username and password are trimmed and escaped to prevent malicious
* SQL being executed
* </ul>
* The schema previously used the MySQL PASSWORD function for encryption. This
* Method has been deprecated in favour of PHP's MD5() function for database independance.
* The check_legacy_password option is no longer valid
*
* Upon a successful username and password match, several fields from the user
* table are loaded in this object for convenient reference. The style, locales
* and preferences are also loaded at this time.
*
* @param string The user login name
* @param string The user password
* @return boolean True if successful, false if not
*/
public function login($username, $password)
{
require_once W2P_BASE_DIR . '/classes/authenticator.class.php';
$auth_method = w2PgetConfig('auth_method', 'sql');
if ($_POST['login'] != 'login' && $_POST['login'] != $this->_('login', UI_OUTPUT_RAW) && $_REQUEST['login'] != $auth_method) {
die('You have chosen to log in using an unsupported or disabled login method');
}
$auth =& getauth($auth_method);
$username = trim(db_escape($username));
$password = trim($password);
if (!$auth->authenticate($username, $password)) {
return false;
}
$user_id = $auth->userId($username);
$username = $auth->username;
// Some authentication schemes may collect username in various ways.
// Now that the password has been checked, see if they are allowed to
// access the system
if (!isset($GLOBALS['acl'])) {
$GLOBALS['acl'] = new w2Pacl();
}
if (!$GLOBALS['acl']->checkLogin($user_id)) {
dprint(__FILE__, __LINE__, 1, 'Permission check failed');
return false;
}
$q = new DBQuery();
$q->addTable('users');
$q->addQuery('user_id, contact_first_name as user_first_name, contact_last_name as user_last_name, contact_company as user_company, contact_department as user_department, contact_email as user_email, user_type');
$q->addJoin('contacts', 'con', 'contact_id = user_contact', 'inner');
$q->addWhere('user_id = ' . (int) $user_id . ' AND user_username = \'' . $username . '\'');
$sql = $q->prepare();
$q->loadObject($this);
$q->clear();
dprint(__FILE__, __LINE__, 7, 'Login SQL: ' . $sql);
if (!$this) {
dprint(__FILE__, __LINE__, 1, 'Failed to load user information');
return false;
}
// load the user preferences
$this->loadPrefs($this->user_id);
$this->setUserLocale();
$this->checkStyle();
// Let's see if this user has admin privileges
if (!getDenyRead('admin')) {
$this->user_is_admin = 1;
}
return true;
}
public function loadFull($event_id)
{
$q = new DBQuery();
$q->addTable('events', 'e');
$q->addQuery('e.*, project_name, company_name');
$q->leftJoin('projects', 'p', 'event_project = project_id');
$q->leftJoin('companies', 'c', 'project_company = company_id');
$q->addWhere('event_id = ' . (int) $event_id);
$q->loadObject($this, true, false);
}
public function loadFull($userId)
{
$q = new DBQuery();
$q->addTable('users', 'u');
$q->addQuery('u.*');
$q->addQuery('uf.feed_token');
$q->addQuery('con.*, company_id, company_name, dept_name, dept_id');
$q->addJoin('contacts', 'con', 'user_contact = contact_id', 'inner');
$q->addJoin('companies', 'com', 'contact_company = company_id');
$q->addJoin('departments', 'dep', 'dept_id = contact_department');
$q->addJoin('user_feeds', 'uf', 'feed_user = u.user_id');
$q->addWhere('u.user_id = ' . (int) $userId);
$q->loadObject($this, true, false);
}
public function loadFull(CAppUI $AppUI = null, $projectId)
{
global $AppUI;
$q = new DBQuery();
$q->addTable('projects');
$q->addQuery('company_name, CONCAT_WS(\' \',contact_first_name,contact_last_name) user_name, projects.*');
$q->addJoin('companies', 'com', 'company_id = project_company', 'inner');
$q->leftJoin('users', 'u', 'user_id = project_owner');
$q->leftJoin('contacts', 'con', 'contact_id = user_contact');
$q->addWhere('project_id = ' . (int) $projectId);
$q->addGroup('project_id');
$this->company_name = '';
$this->user_name = '';
$q->loadObject($this);
}