/** * Method used to update the values stored in the database. * Typically the user would modify the title of the category in * the application and this method would be called. * * @access public * @return integer 1 if the update worked properly, any other value otherwise */ function updateCategory() { global $HTTP_POST_VARS; if (Validation::isWhitespace($HTTP_POST_VARS["title"])) { return -2; } $stmt = "UPDATE\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "project_phone_category\n SET\n phc_title='" . Misc::escapeString($HTTP_POST_VARS["title"]) . "'\n WHERE\n phc_prj_id=" . Misc::escapeInteger($HTTP_POST_VARS["prj_id"]) . " AND\n phc_id=" . Misc::escapeInteger($HTTP_POST_VARS["id"]); $res = $GLOBALS["db_api"]->dbh->query($stmt); if (PEAR::isError($res)) { Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); return -1; } else { return 1; } }
/** * Method used to update the values stored in the database. * Typically the user would modify the title of the category in * the application and this method would be called. * * @return integer 1 if the update worked properly, any other value otherwise */ public static function updateCategory() { if (Validation::isWhitespace($_POST['title'])) { return -2; } $stmt = 'UPDATE {{%project_phone_category}} SET phc_title=? WHERE phc_prj_id=? AND phc_id=?'; try { DB_Helper::getInstance()->query($stmt, array($_POST['title'], $_POST['prj_id'], $_POST['id'])); } catch (DbException $e) { return -1; } return 1; }
/** * Method used to add a new category to the application. * * @access public * @return integer 1 if the update worked properly, any other value otherwise */ function insert() { global $HTTP_POST_VARS; if (Validation::isWhitespace($HTTP_POST_VARS["title"])) { return -2; } $stmt = "INSERT INTO\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "project_category\n (\n prc_prj_id,\n prc_title\n ) VALUES (\n " . Misc::escapeInteger($HTTP_POST_VARS["prj_id"]) . ",\n '" . Misc::escapeString($HTTP_POST_VARS["title"]) . "'\n )"; $res = $GLOBALS["db_api"]->dbh->query($stmt); if (PEAR::isError($res)) { Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); return -1; } else { return 1; } }
// | along with this program; if not, write to: | // | | // | Free Software Foundation, Inc. | // | 51 Franklin Street, Suite 330 | // | Boston, MA 02110-1301, USA. | // +----------------------------------------------------------------------+ // | Authors: João Prado Maia <*****@*****.**> | // | Authors: Elan Ruusamäe <*****@*****.**> | // +----------------------------------------------------------------------+ require_once dirname(__FILE__) . '/../init.php'; $login = isset($_POST['email']) ? (string) $_POST['email'] : null; if (Validation::isWhitespace($login)) { Auth::redirect('index.php?err=1'); } $passwd = isset($_POST['passwd']) ? (string) $_POST['passwd'] : null; if (Validation::isWhitespace($passwd)) { Auth::saveLoginAttempt($login, 'failure', 'empty password'); Auth::redirect('index.php?err=2&email=' . rawurlencode($login)); } // check if user exists if (!Auth::userExists($login)) { Auth::saveLoginAttempt($login, 'failure', 'unknown user'); Auth::redirect('index.php?err=3'); } // check if user is locked if (Auth::isUserBackOffLocked(Auth::getUserIDByLogin($login))) { Auth::saveLoginAttempt($login, 'failure', 'account back-off locked'); Auth::redirect('index.php?err=13'); } // check if the password matches if (!Auth::isCorrectPassword($login, $passwd)) {
/** * Method used to update the details of a given custom status. * * @access public * @return integer 1 if the update worked properly, any other value otherwise */ function update() { global $HTTP_POST_VARS; if (Validation::isWhitespace($HTTP_POST_VARS["title"])) { return -2; } $stmt = "UPDATE\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "status\n SET\n sta_title='" . Misc::escapeString($HTTP_POST_VARS["title"]) . "',\n sta_abbreviation='" . Misc::escapeString($HTTP_POST_VARS["abbreviation"]) . "',\n sta_rank=" . Misc::escapeInteger($HTTP_POST_VARS['rank']) . ",\n sta_color='" . Misc::escapeString($HTTP_POST_VARS["color"]) . "',\n sta_is_closed=" . Misc::escapeInteger($HTTP_POST_VARS['is_closed']) . "\n WHERE\n sta_id=" . Misc::escapeInteger($HTTP_POST_VARS["id"]); $res = $GLOBALS["db_api"]->dbh->query($stmt); if (PEAR::isError($res)) { Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); return -1; } else { $projects = Status::getAssociatedProjects($HTTP_POST_VARS['id']); $current_projects = array_keys($projects); // remove all of the associations with projects, then add them all again Status::removeProjectAssociations($HTTP_POST_VARS['id']); foreach ($HTTP_POST_VARS['projects'] as $prj_id) { Status::addProjectAssociation($HTTP_POST_VARS['id'], $prj_id); } // need to update all issues that are not supposed to have the changed sta_id to '0' $removed_projects = array(); foreach ($current_projects as $project_id) { if (!in_array($project_id, $HTTP_POST_VARS['projects'])) { $removed_projects[] = $project_id; } } if (count($removed_projects) > 0) { $stmt = "UPDATE\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "issue\n SET\n iss_sta_id=0\n WHERE\n iss_sta_id=" . Misc::escapeInteger($HTTP_POST_VARS['id']) . " AND\n iss_prj_id IN (" . implode(', ', $removed_projects) . ")"; $res = $GLOBALS["db_api"]->dbh->query($stmt); if (PEAR::isError($res)) { Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); } } return 1; } }
/** * Method used to update a news entry in the system. * * @return integer 1 if the update worked, -1 otherwise */ public static function update() { if (Validation::isWhitespace($_POST['title'])) { return -2; } if (Validation::isWhitespace($_POST['message'])) { return -3; } $stmt = 'UPDATE {{%news}} SET nws_title=?, nws_message=?, nws_status=? WHERE nws_id=?'; $params = array($_POST['title'], $_POST['message'], $_POST['status'], $_POST['id']); try { DB_Helper::getInstance()->query($stmt, $params); } catch (DbException $e) { return -1; } // remove all of the associations with projects, then add them all again self::removeProjectAssociations($_POST['id']); foreach ($_POST['projects'] as $prj_id) { self::addProjectAssociation($_POST['id'], $prj_id); } return 1; }
/** * Insert note to system, send out notification and log. * * @param int $usr_id The user ID * @param int $issue_id The issue ID * @param string $title Title of the note * @param string $note Note contents * @param array $options extra optional options: * - (array) cc: extra recipients to notify (usr_id list) * - (bool) add_extra_recipients: whether to add recipients in 'cc' to notification list * - (bool) closing: If The issue is being closed. Default false * - (bool) is_blocked: FIXME * - (bool) log: If adding this note should be logged. Default true * - (bool) send_notification: Whether to send a notification about this note or not. Default true * - (int) parent_id: FIXME * - (string) full_message: FIXME * - (string) message_id: FIXME * - (string) unknown_user: The email address of a user that sent the blocked email that was turned into this note * @return int the new note id if the insert worked, -1 or -2 otherwise */ public static function insertNote($usr_id, $issue_id, $title, $note, $options = array()) { if (Validation::isWhitespace($note)) { return -2; } $options = array_merge(array('unknown_user' => null, 'log' => true, 'closing' => false, 'send_notification' => true, 'is_blocked' => false, 'message_id' => null, 'cc' => null, 'full_message' => null, 'parent_id' => null), $options); $prj_id = Issue::getProjectID($issue_id); // NOTE: workflow may modify the parameters as $data is passed as reference $data = array('title' => &$title, 'note' => &$note, 'options' => $options); $workflow = Workflow::preNoteInsert($prj_id, $issue_id, $data); if ($workflow !== null) { // cancel insert of note return $workflow; } // add the poster to the list of people to be subscribed to the notification list // only if there is no 'unknown user' and the note is not blocked if (!$options['unknown_user'] && !$options['is_blocked']) { $note_cc = $options['add_extra_recipients'] ? $options['cc'] : array(); // always add the current user to the note_cc list $note_cc[] = $usr_id; $actions = Notification::getDefaultActions($issue_id, User::getEmail($usr_id), 'note'); foreach ($note_cc as $subscriber_usr_id) { Notification::subscribeUser($usr_id, $issue_id, $subscriber_usr_id, $actions); } } $params = array('not_iss_id' => $issue_id, 'not_usr_id' => $usr_id, 'not_created_date' => Date_Helper::getCurrentDateGMT(), 'not_note' => $note, 'not_title' => $title, 'not_message_id' => $options['message_id'] ?: Mail_Helper::generateMessageID()); if ($options['full_message']) { $params['not_full_message'] = $options['full_message']; } if ($options['is_blocked']) { $params['not_is_blocked'] = '1'; } if ($options['parent_id']) { $params['not_parent_id'] = $options['parent_id']; } if ($options['unknown_user']) { $params['not_unknown_user'] = $options['unknown_user']; } $stmt = 'INSERT INTO {{%note}} SET ' . DB_Helper::buildSet($params); try { DB_Helper::getInstance()->query($stmt, $params); } catch (DbException $e) { return -1; } $note_id = DB_Helper::get_last_insert_id(); Issue::markAsUpdated($issue_id, 'note'); if ($options['log']) { // need to save a history entry for this History::add($issue_id, $usr_id, 'note_added', 'Note added by {subject}', array('subject' => User::getFullName($usr_id))); } // send notifications for the issue being updated if ($options['send_notification']) { $internal_only = true; Notification::notify($issue_id, 'notes', $note_id, $internal_only, $options['cc']); Workflow::handleNewNote($prj_id, $issue_id, $usr_id, $options['closing'], $note_id); } // need to return the new note id here so it can // be re-used to associate internal-only attachments return $note_id; }
/** * Method used to add a new category to the application. * * @return integer 1 if the update worked properly, any other value otherwise */ public static function insert() { if (Validation::isWhitespace($_POST['title'])) { return -2; } $stmt = 'INSERT INTO {{%project_category}} ( prc_prj_id, prc_title ) VALUES ( ?, ? )'; try { DB_Helper::getInstance()->query($stmt, array($_POST['prj_id'], $_POST['title'])); } catch (DbException $e) { return -1; } return 1; }
/** * Adds the specified email address to the list of authorized users. * * @param integer $issue_id The id of the issue. * @param string $email The email of the user. * @param boolean $add_history If this should be logged. * @return int */ public static function manualInsert($issue_id, $email, $add_history = true) { if (Validation::isWhitespace($email)) { return -1; } if (self::isAuthorizedReplier($issue_id, $email)) { return -1; } $email = strtolower(Mail_Helper::getEmailAddress($email)); $workflow = Workflow::handleAuthorizedReplierAdded(Issue::getProjectID($issue_id), $issue_id, $email); if ($workflow === false) { // cancel subscribing the user return -1; } // first check if this is an actual user or just an email address $usr_id = User::getUserIDByEmail($email, true); if (!empty($usr_id)) { return self::addUser($issue_id, $usr_id, $add_history); } $stmt = 'INSERT INTO {{%issue_user_replier}} ( iur_iss_id, iur_usr_id, iur_email ) VALUES ( ?, ?, ? )'; try { DB_Helper::getInstance()->query($stmt, array($issue_id, APP_SYSTEM_USER_ID, $email)); } catch (DbException $e) { return -1; } if ($add_history) { // add the change to the history of the issue $usr_id = Auth::getUserID(); History::add($issue_id, $usr_id, 'replier_other_added', '{email} added to the authorized repliers list by {user}', array('email' => $email, 'user' => User::getFullName($usr_id))); } return 1; }
//Auth::updateAccess($_SESSION['gw_user_en_ID'], 3, 2); break; case 'admin': Auth::updateAccess($_SESSION['gw_user_en_ID'], 2, 6); Auth::updateAccess($_SESSION['gw_user_en_ID'], 3, 6); Auth::updateAccess($_SESSION['gw_user_en_ID'], 4, 6); Auth::updateAccess($_SESSION['gw_user_en_ID'], 5, 6); Auth::updateAccess($_SESSION['gw_user_en_ID'], 6, 6); break; } } // END ETEL MODIFIED if (Validation::isWhitespace($HTTP_POST_VARS["email"])) { Auth::redirect(APP_RELATIVE_URL . "index.php?err=1"); } if (Validation::isWhitespace($HTTP_POST_VARS["passwd"])) { Auth::saveLoginAttempt($HTTP_POST_VARS["email"], 'failure', 'empty password'); Auth::redirect(APP_RELATIVE_URL . "index.php?err=2&email=" . $HTTP_POST_VARS["email"]); } // check if user exists if (!Auth::userExists($HTTP_POST_VARS["email"])) { Auth::saveLoginAttempt($HTTP_POST_VARS["email"], 'failure', 'unknown user'); Auth::redirect(APP_RELATIVE_URL . "index.php?err=3"); } // check if the password matches if (!Auth::isCorrectPassword($HTTP_POST_VARS["email"], $HTTP_POST_VARS["passwd"])) { Auth::saveLoginAttempt($HTTP_POST_VARS["email"], 'failure', 'wrong password'); Auth::redirect(APP_RELATIVE_URL . "index.php?err=3&email=" . $HTTP_POST_VARS["email"]); } // check if this user did already confirm his account if (Auth::isPendingUser($HTTP_POST_VARS["email"])) {
/** * Method used to add a note using the user interface form * available in the application. * * @param integer $usr_id The user ID * @param integer $issue_id The issue ID * @param string $unknown_user The email address of a user that sent the blocked email that was turned into this note. Default is false. * @param boolean $log If adding this note should be logged. Default true. * @param boolean $closing If The issue is being closed. Default false * @param boolean $send_notification Whether to send a notification about this note or not * @access public * @return integer the new note id if the insert worked, -1 or -2 otherwise */ function insert($usr_id, $issue_id, $unknown_user = FALSE, $log = true, $closing = false, $send_notification = true) { global $HTTP_POST_VARS; $issue_id = Misc::escapeInteger($issue_id); if (@$HTTP_POST_VARS['add_extra_recipients'] != 'yes') { $note_cc = array(); } else { $note_cc = $HTTP_POST_VARS['note_cc']; } // add the poster to the list of people to be subscribed to the notification list // only if there is no 'unknown user'. $note_cc[] = $usr_id; if ($unknown_user == false) { for ($i = 0; $i < count($note_cc); $i++) { Notification::subscribeUser($usr_id, $issue_id, $note_cc[$i], Notification::getDefaultActions()); } } if (Validation::isWhitespace($HTTP_POST_VARS["note"])) { return -2; } if (empty($HTTP_POST_VARS['message_id'])) { $HTTP_POST_VARS['message_id'] = Mail_API::generateMessageID(); } $stmt = "INSERT INTO\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "note\n (\n not_iss_id,\n not_usr_id,\n not_created_date,\n not_note,\n not_title"; if (!@empty($HTTP_POST_VARS['blocked_msg'])) { $stmt .= ", not_blocked_message"; } $stmt .= ", not_message_id"; if (!@empty($HTTP_POST_VARS['parent_id'])) { $stmt .= ", not_parent_id"; } if ($unknown_user != false) { $stmt .= ", not_unknown_user"; } $stmt .= "\n ) VALUES (\n {$issue_id},\n {$usr_id},\n '" . Date_API::getCurrentDateGMT() . "',\n '" . Misc::escapeString($HTTP_POST_VARS["note"]) . "',\n '" . Misc::escapeString($HTTP_POST_VARS["title"]) . "'"; if (!@empty($HTTP_POST_VARS['blocked_msg'])) { $stmt .= ", '" . Misc::escapeString($HTTP_POST_VARS['blocked_msg']) . "'"; } $stmt .= ", '" . Misc::escapeString($HTTP_POST_VARS['message_id']) . "'"; if (!@empty($HTTP_POST_VARS['parent_id'])) { $stmt .= ", " . Misc::escapeInteger($HTTP_POST_VARS['parent_id']) . ""; } if ($unknown_user != false) { $stmt .= ", '" . Misc::escapeString($unknown_user) . "'"; } $stmt .= "\n )"; $res = $GLOBALS["db_api"]->dbh->query($stmt); if (PEAR::isError($res)) { Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); return -1; } else { $new_note_id = $GLOBALS["db_api"]->get_last_insert_id(); Issue::markAsUpdated($issue_id, 'note'); if ($log) { // need to save a history entry for this History::add($issue_id, $usr_id, History::getTypeID('note_added'), 'Note added by ' . User::getFullName($usr_id)); } // send notifications for the issue being updated if ($send_notification) { $internal_only = true; if (@$HTTP_POST_VARS['add_extra_recipients'] != 'yes' && @count($HTTP_POST_VARS['note_cc']) > 0) { Notification::notify($issue_id, 'notes', $new_note_id, $internal_only, $HTTP_POST_VARS['note_cc']); } else { Notification::notify($issue_id, 'notes', $new_note_id, $internal_only); } Workflow::handleNewNote(Issue::getProjectID($issue_id), $issue_id, $usr_id, $closing); } // need to return the new note id here so it can // be re-used to associate internal-only attachments return $new_note_id; } }
/** * Method used to update a canned email response in the system. * * @return integer 1 if the update worked, -1 otherwise */ public static function update() { if (Validation::isWhitespace($_POST['title'])) { return -2; } $stmt = 'UPDATE {{%email_response}} SET ere_title=?, ere_response_body=? WHERE ere_id=?'; try { DB_Helper::getInstance()->query($stmt, array($_POST['title'], $_POST['response_body'], $_POST['id'])); } catch (DbException $e) { return -1; } // remove all of the associations with projects, then add them all again self::removeProjectAssociations($_POST['id']); foreach ($_POST['projects'] as $prj_id) { self::addProjectAssociation($_POST['id'], $prj_id); } return 1; }
/** * Authorize request. * TODO: translations * TODO: ip based control */ function authorizeRequest() { // try current auth cookie $usr_id = Auth::getUserID(); if (!$usr_id) { // otherwise setup HTTP Auth headers $authData = getAuthData(); if ($authData === null) { sendAuthenticateHeader(); echo 'Error: You are required to authenticate in order to access the requested RSS feed.'; exit; } list($authUser, $authPassword) = $authData; // check the authentication if (Validation::isWhitespace($authUser)) { sendAuthenticateHeader(); echo 'Error: Please provide your email address.'; exit; } if (Validation::isWhitespace($authPassword)) { sendAuthenticateHeader(); echo 'Error: Please provide your password.'; exit; } // check if user exists if (!Auth::userExists($authUser)) { sendAuthenticateHeader(); echo 'Error: The user specified does not exist.'; exit; } // check if the password matches if (!Auth::isCorrectPassword($authUser, $authPassword)) { sendAuthenticateHeader(); echo 'Error: The provided email address/password combo is not correct.'; exit; } // check if this user did already confirm his account if (Auth::isPendingUser($authUser)) { sendAuthenticateHeader(); echo 'Error: The provided user still needs to have its account confirmed.'; exit; } // check if this user is really an active one if (!Auth::isActiveUser($authUser)) { sendAuthenticateHeader(); echo 'Error: The provided user is currently set as an inactive user.'; exit; } $usr_id = User::getUserIDByEmail($authUser); Auth::createFakeCookie($usr_id); } // check if the required parameter 'custom_id' is really being passed if (empty($_GET['custom_id'])) { rssError("Error: The required 'custom_id' parameter was not provided."); exit; } // check if the passed 'custom_id' parameter is associated with the usr_id if (!Filter::isGlobal($_GET['custom_id']) && !Filter::isOwner($_GET['custom_id'], $usr_id)) { rssError('Error: The provided custom filter ID is not associated with the given email address.'); exit; } }
/** * Method used to add a new time tracking category * * @access public * @return integer 1 if the update worked, -1 otherwise */ function insert() { global $HTTP_POST_VARS; if (Validation::isWhitespace($HTTP_POST_VARS["title"])) { return -2; } $stmt = "INSERT INTO\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "time_tracking_category\n (\n ttc_title,\n ttc_created_date\n ) VALUES (\n '" . Misc::escapeString($HTTP_POST_VARS["title"]) . "',\n '" . Date_API::getCurrentDateGMT() . "'\n )"; $res = $GLOBALS["db_api"]->dbh->query($stmt); if (PEAR::isError($res)) { Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); return -1; } else { return 1; } }
$HTTP_SERVER_VARS['PHP_AUTH_USER'] = $pieces[0]; $HTTP_SERVER_VARS['PHP_AUTH_PW'] = $pieces[1]; } } if (!isset($HTTP_SERVER_VARS['PHP_AUTH_USER'])) { authenticate(); echo 'Error: You are required to authenticate in order to access the requested RSS feed.'; exit; } else { // check the authentication if (Validation::isWhitespace($HTTP_SERVER_VARS['PHP_AUTH_USER'])) { authenticate(); echo 'Error: Please provide your email address.'; exit; } if (Validation::isWhitespace($HTTP_SERVER_VARS['PHP_AUTH_PW'])) { authenticate(); echo 'Error: Please provide your password.'; exit; } // check if user exists if (!Auth::userExists($HTTP_SERVER_VARS['PHP_AUTH_USER'])) { authenticate(); echo 'Error: The user specified does not exist.'; exit; } // check if the password matches if (!Auth::isCorrectPassword($HTTP_SERVER_VARS['PHP_AUTH_USER'], $HTTP_SERVER_VARS['PHP_AUTH_PW'])) { authenticate(); echo 'Error: The provided email address/password combo is not correct.'; exit;
/** * Method used to add a new severity to the application. * * @return integer 1 if the update worked properly, any other value otherwise */ public static function insert($prj_id, $title, $description, $rank) { if (Validation::isWhitespace($title)) { return -2; } $sql = 'INSERT INTO {{%project_severity}} SET sev_prj_id = ?, sev_title=?, sev_description=?, sev_rank=?'; try { DB_Helper::getInstance()->query($sql, array($prj_id, $title, $description, $rank)); } catch (DbException $e) { return -1; } return 1; }
/** * Method used to add a FAQ entry to the system. * * @return integer 1 if the insert worked, -1 otherwise */ public static function insert() { if (Validation::isWhitespace($_POST['title'])) { return -2; } if (Validation::isWhitespace($_POST['message'])) { return -3; } $stmt = 'INSERT INTO {{%faq}} ( faq_prj_id, faq_usr_id, faq_created_date, faq_title, faq_message, faq_rank ) VALUES ( ?, ?, ?, ?, ?, ? )'; $params = array($_POST['project'], Auth::getUserID(), Date_Helper::getCurrentDateGMT(), $_POST['title'], $_POST['message'], $_POST['rank']); try { DB_Helper::getInstance()->query($stmt, $params); } catch (DbException $e) { return -1; } $new_faq_id = DB_Helper::get_last_insert_id(); if (isset($_POST['support_levels']) && count($_POST['support_levels']) > 0) { // now populate the faq-support level mapping table foreach ($_POST['support_levels'] as $support_level_id) { self::addSupportLevelAssociation($new_faq_id, $support_level_id); } } return 1; }
/** * Method used to update a canned email response in the system. * * @access public * @return integer 1 if the update worked, -1 otherwise */ function update() { global $HTTP_POST_VARS; $HTTP_POST_VARS['id'] = Misc::escapeInteger($HTTP_POST_VARS['id']); if (Validation::isWhitespace($HTTP_POST_VARS["title"])) { return -2; } $stmt = "UPDATE\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "email_response\n SET\n ere_title='" . Misc::escapeString($HTTP_POST_VARS["title"]) . "',\n ere_response_body='" . Misc::escapeString($HTTP_POST_VARS["response_body"]) . "'\n WHERE\n ere_id=" . $HTTP_POST_VARS["id"]; $res = $GLOBALS["db_api"]->dbh->query($stmt); if (PEAR::isError($res)) { Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); return -1; } else { // remove all of the associations with projects, then add them all again Email_Response::removeProjectAssociations($HTTP_POST_VARS['id']); foreach ($HTTP_POST_VARS['projects'] as $prj_id) { Email_Response::addProjectAssociation($HTTP_POST_VARS['id'], $prj_id); } return 1; } }
/** * Method used to add a new project to the system. * * @access public * @return integer 1 if the update worked, -1 or -2 otherwise */ function insert() { global $HTTP_POST_VARS; if (Validation::isWhitespace($HTTP_POST_VARS["title"])) { return -2; } $stmt = "INSERT INTO\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "project\n (\n prj_created_date,\n prj_title,\n prj_status,\n prj_lead_usr_id,\n prj_initial_sta_id,\n prj_outgoing_sender_name,\n prj_outgoing_sender_email,\n prj_remote_invocation,\n prj_customer_backend,\n prj_workflow_backend\n ) VALUES (\n '" . Date_API::getCurrentDateGMT() . "',\n '" . Misc::escapeString($HTTP_POST_VARS["title"]) . "',\n '" . Misc::escapeString($HTTP_POST_VARS["status"]) . "',\n " . Misc::escapeInteger($HTTP_POST_VARS["lead_usr_id"]) . ",\n " . Misc::escapeInteger($HTTP_POST_VARS["initial_status"]) . ",\n '" . Misc::escapeString($HTTP_POST_VARS["outgoing_sender_name"]) . "',\n '" . Misc::escapeString($HTTP_POST_VARS["outgoing_sender_email"]) . "',\n '" . Misc::escapeString($HTTP_POST_VARS["remote_invocation"]) . "',\n '" . Misc::escapeString($HTTP_POST_VARS["customer_backend"]) . "',\n '" . Misc::escapeString($HTTP_POST_VARS["workflow_backend"]) . "'\n )"; $res = $GLOBALS["db_api"]->dbh->query($stmt); if (PEAR::isError($res)) { Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); return -1; } else { $new_prj_id = $GLOBALS["db_api"]->get_last_insert_id(); for ($i = 0; $i < count($HTTP_POST_VARS["users"]); $i++) { if ($HTTP_POST_VARS["users"][$i] == $HTTP_POST_VARS["lead_usr_id"]) { $role_id = User::getRoleID("Manager"); } else { $role_id = User::getRoleID("Standard User"); } Project::associateUser($new_prj_id, $HTTP_POST_VARS["users"][$i], $role_id); } foreach ($HTTP_POST_VARS['statuses'] as $sta_id) { Status::addProjectAssociation($sta_id, $new_prj_id); } Display_Column::setupNewProject($new_prj_id); return 1; } }
/** * Method used to add a new time tracking category * * @param integer $prj_id The project ID * @param string $title The title of the time tracking category * @return integer 1 if the update worked, -1 otherwise */ public static function insertCategory($prj_id, $title) { if (Validation::isWhitespace($title)) { return -2; } $stmt = 'INSERT INTO {{%time_tracking_category}} ( ttc_prj_id, ttc_title, ttc_created_date ) VALUES ( ?, ?, ? )'; try { DB_Helper::getInstance()->query($stmt, array($prj_id, $title, Date_Helper::getCurrentDateGMT())); } catch (DbException $e) { return -1; } return 1; }
/** * Method used to add a new resolution by using the administrative * interface of the system. * * @return integer 1 if the update worked, -1 or -2 otherwise */ public static function insert() { if (Validation::isWhitespace($_POST['title'])) { return -2; } $stmt = 'INSERT INTO {{%resolution}} ( res_title, res_rank, res_created_date ) VALUES ( ?, ?, ? )'; $params = array($_POST['title'], $_POST['rank'], Date_Helper::getCurrentDateGMT()); try { DB_Helper::getInstance()->query($stmt, $params); } catch (DbException $e) { return -1; } return 1; }
/** * Method used to update the details of a given custom status. * * @return integer 1 if the update worked properly, any other value otherwise */ public static function updateFromPost() { if (Validation::isWhitespace($_POST['title'])) { return -2; } $color = $_POST['color']; // validate that it is valid RGB hex color if (!preg_match('/^#[a-f\\d]{6}$/i', $color)) { return -3; } $stmt = 'UPDATE {{%status}} SET sta_title=?, sta_abbreviation=?, sta_rank=?, sta_color=?, sta_is_closed=? WHERE sta_id=?'; $params = array($_POST['title'], $_POST['abbreviation'], $_POST['rank'], $color, $_POST['is_closed'], $_POST['id']); try { DB_Helper::getInstance()->query($stmt, $params); } catch (DbException $e) { return -1; } $projects = self::getAssociatedProjects($_POST['id']); $current_projects = array_keys($projects); // remove all of the associations with projects, then add them all again self::removeProjectAssociations($_POST['id']); foreach ($_POST['projects'] as $prj_id) { self::addProjectAssociation($_POST['id'], $prj_id); } // need to update all issues that are not supposed to have the changed sta_id to '0' $removed_projects = array(); foreach ($current_projects as $project_id) { if (!in_array($project_id, $_POST['projects'])) { $removed_projects[] = $project_id; } } if (count($removed_projects) > 0) { $stmt = 'UPDATE {{%issue}} SET iss_sta_id=0 WHERE iss_sta_id=? AND iss_prj_id IN (' . implode(', ', $removed_projects) . ')'; try { DB_Helper::getInstance()->query($stmt, array($_POST['id'])); } catch (DbException $e) { // FIXME: why no error handling? } } return 1; }
/** * Method used to add a new release by using the administrative * interface of the system. * * @return integer 1 if the update worked, -1 or -2 otherwise */ public static function insert() { if (Validation::isWhitespace($_POST['title'])) { return -2; } $scheduled_date = $_POST['scheduled_date']['Year'] . '-' . $_POST['scheduled_date']['Month'] . '-' . $_POST['scheduled_date']['Day']; $stmt = 'INSERT INTO {{%project_release}} ( pre_prj_id, pre_title, pre_scheduled_date, pre_status ) VALUES ( ?, ?, ?, ? )'; $params = array($_POST['prj_id'], $_POST['title'], $scheduled_date, $_POST['status']); try { DB_Helper::getInstance()->query($stmt, $params); } catch (DbException $e) { return -1; } return 1; }
/** * Method used to add a new project to the system. * * @return integer 1 if the update worked, -1 or -2 otherwise */ public static function insert() { if (Validation::isWhitespace($_POST['title'])) { return -2; } $stmt = 'INSERT INTO {{%project}} ( prj_created_date, prj_title, prj_status, prj_lead_usr_id, prj_initial_sta_id, prj_outgoing_sender_name, prj_outgoing_sender_email, prj_mail_aliases, prj_remote_invocation, prj_customer_backend, prj_workflow_backend ) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? )'; try { DB_Helper::getInstance()->query($stmt, array(Date_Helper::getCurrentDateGMT(), $_POST['title'], $_POST['status'], $_POST['lead_usr_id'], $_POST['initial_status'], $_POST['outgoing_sender_name'], $_POST['outgoing_sender_email'], $_POST['mail_aliases'], $_POST['remote_invocation'], $_POST['customer_backend'], $_POST['workflow_backend'])); } catch (DbException $e) { return -1; } $new_prj_id = DB_Helper::get_last_insert_id(); foreach ($_POST['users'] as $user) { if ($user == $_POST['lead_usr_id']) { $role_id = User::getRoleID('Manager'); } else { $role_id = User::getRoleID('Standard User'); } self::associateUser($new_prj_id, $user, $role_id); } foreach ($_POST['statuses'] as $sta_id) { Status::addProjectAssociation($sta_id, $new_prj_id); } Display_Column::setupNewProject($new_prj_id); // insert default timetracking categories Time_Tracking::addProjectDefaults($new_prj_id); return 1; }
/** * Method used to add a FAQ entry to the system. * * @access public * @return integer 1 if the insert worked, -1 otherwise */ function insert() { global $HTTP_POST_VARS; if (Validation::isWhitespace($HTTP_POST_VARS["title"])) { return -2; } if (Validation::isWhitespace($HTTP_POST_VARS["message"])) { return -3; } $stmt = "INSERT INTO\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "faq\n (\n faq_prj_id,\n faq_usr_id,\n faq_created_date,\n faq_title,\n faq_message,\n faq_rank\n ) VALUES (\n " . $HTTP_POST_VARS['project'] . ",\n " . Auth::getUserID() . ",\n '" . Date_API::getCurrentDateGMT() . "',\n '" . Misc::escapeString($HTTP_POST_VARS["title"]) . "',\n '" . Misc::escapeString($HTTP_POST_VARS["message"]) . "',\n " . $HTTP_POST_VARS['rank'] . "\n )"; $res = $GLOBALS["db_api"]->dbh->query($stmt); if (PEAR::isError($res)) { Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); return -1; } else { $new_faq_id = $GLOBALS["db_api"]->get_last_insert_id(); if (Customer::doesBackendUseSupportLevels(Misc::escapeInteger($HTTP_POST_VARS['project']))) { // now populate the faq-support level mapping table foreach ($HTTP_POST_VARS['support_levels'] as $support_level_id) { FAQ::addSupportLevelAssociation($new_faq_id, $support_level_id); } } return 1; } }
/** * Method used to add a new release by using the administrative * interface of the system. * * @access public * @return integer 1 if the update worked, -1 or -2 otherwise */ function insert() { global $HTTP_POST_VARS; if (Validation::isWhitespace($HTTP_POST_VARS["title"])) { return -2; } $scheduled_date = $HTTP_POST_VARS["scheduled_date"]["Year"] . "-" . $HTTP_POST_VARS["scheduled_date"]["Month"] . "-" . $HTTP_POST_VARS["scheduled_date"]["Day"]; $stmt = "INSERT INTO\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "project_release\n (\n pre_prj_id,\n pre_title,\n pre_scheduled_date,\n pre_status\n ) VALUES (\n " . Misc::escapeInteger($HTTP_POST_VARS["prj_id"]) . ",\n '" . Misc::escapeString($HTTP_POST_VARS["title"]) . "',\n '" . Misc::escapeString($scheduled_date) . "',\n '" . Misc::escapeString($HTTP_POST_VARS["status"]) . "'\n )"; $res = $GLOBALS["db_api"]->dbh->query($stmt); if (PEAR::isError($res)) { Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); return -1; } else { return 1; } }