function login_POST(Web &$w)
{
if ($_POST['login'] && $_POST['password']) {
$client_timezone = "Australia/Sydney";
//$_POST['user_timezone'];
$user = $w->Auth->login($_POST['login'], $_POST['password'], $client_timezone);
if ($user) {
if ($w->session('orig_path') != "auth/login") {
$url = $w->session('orig_path');
$w->Log->debug("Original path: " . $url);
// If no url specified, go to the users defined url
if (empty($url) || $url == "/") {
$url = $user->redirect_url;
}
$w->sessionUnset('orig_path');
$w->redirect($w->localUrl($url));
} else {
$w->redirect(!empty($user->redirect_url) ? $w->localUrl($user->redirect_url) : $w->localUrl());
}
} else {
$w->error("Login or Password incorrect", "/auth/login");
}
} else {
$w->error("Please enter your login and password", "/auth/login");
}
}
function profile_GET(Web &$w)
{
$p = $w->pathMatch("box");
$user = $w->Auth->user();
$contact = $user->getContact();
if ($user) {
$w->ctx("title", "Administration - Profile - " . $user->login);
} else {
$w->error("User does not exist.");
}
$lines = array();
$lines[] = array("Change Password", "section");
$lines[] = array("Password", "password", "password", "");
$lines[] = array("Repeat Password", "password", "password2", "");
$lines[] = array("Contact Details", "section");
$lines[] = array("First Name", "text", "firstname", $contact ? $contact->firstname : "");
$lines[] = array("Last Name", "text", "lastname", $contact ? $contact->lastname : "");
$lines[] = array("Communication", "section");
$lines[] = array("Home Phone", "text", "homephone", $contact ? $contact->homephone : "");
$lines[] = array("Work Phone", "text", "workphone", $contact ? $contact->workphone : "");
$lines[] = array("Private Mobile", "text", "priv_mobile", $contact ? $contact->priv_mobile : "");
$lines[] = array("Work Mobile", "text", "mobile", $contact ? $contact->mobile : "");
$lines[] = array("Fax", "text", "fax", $contact ? $contact->fax : "");
$lines[] = array("Email", "text", "email", $contact ? $contact->email : "");
$lines[] = array("Redirect URL", "text", "redirect_url", $user->redirect_url);
$f = Html::form($lines, $w->localUrl("/auth/profile"), "POST", "Update");
if ($p['box']) {
$w->setLayout(null);
$f = "<h2>Edit Profile</h2>" . $f;
}
$w->out($f);
}
function taskAjaxSelectbyTaskGroup_ALL(Web $w)
{
$p = $w->pathMatch("taskgroup_id");
$taskgroup = $w->Task->getTaskGroup($p['taskgroup_id']);
if (empty($taskgroup->id)) {
return;
}
$tasktypes = $taskgroup != "" ? $w->Task->getTaskTypes($taskgroup->task_group_type) : array();
$priority = $taskgroup != "" ? $w->Task->getTaskPriority($taskgroup->task_group_type) : array();
$members = $taskgroup != "" ? $w->Task->getMembersBeAssigned($taskgroup->id) : array();
sort($members);
$typetitle = $taskgroup != "" ? $taskgroup->getTypeTitle() : "";
$typedesc = $taskgroup != "" ? $taskgroup->getTypeDescription() : "";
// if user cannot assign tasks in this group, leave 'first_assignee' blank for owner/member to delegate
$members = $taskgroup->getCanIAssign() ? $members : array(array("Default", ""));
// create dropdowns loaded with respective data
$ttype = Html::select("task_type", $tasktypes, null);
$prior = Html::select("priority", $priority, null);
$mem = Html::select("assignee_id", $members, null);
// first_
$taskgroup_link = $taskgroup->isOwner($w->Auth->user()) ? "<a href=\"" . $w->localUrl("task-group/viewmembergroup/" . $taskgroup->id) . "\">" . $taskgroup->title . "</a>" : $taskgroup->title;
$tasktext = "<table style='width: 100%;'>" . "<tr><td class=section colspan=2>Task Group Description</td></tr>" . "<tr><td><b>Task Group</td><td>" . $taskgroup_link . "</td></tr>" . "<tr><td><b>Task Type</b></td><td>" . $typetitle . "</td></tr>" . "<tr valign=top><td><b>Description</b></td><td>" . $typedesc . "</td></tr>" . "</table>";
// return as array of arrays
$result = array($ttype, $prior, $mem, $tasktext, Html::select("status", $taskgroup->getTypeStatus(), null, null, null, null));
$w->setLayout(null);
$w->out(json_encode($result));
}
function resetpassword_GET(Web $w)
{
$email = $w->request('email');
// email
$token = $w->request('token');
// token
$user = $w->Auth->getUserForToken($token);
//this->getObject("User", array("password_reset_token", $token));
$validData = false;
if (!empty($user->id)) {
// Check that the password reset hasn't expired
$w->Log->setLogger("AUTH")->debug("USER: "******" TIME: " . time() . " USER_RESET: " . $user->dt_password_reset_at . " RESULT: " . (time() - $user->dt_password_reset_at));
if (time() - $user->dt_password_reset_at > 86400) {
$w->msg("Your token has expired (max 24 hours), please submit for a new one", "/auth/forgotpassword");
return;
}
$user_contact = $user->getContact();
if (!empty($user_contact)) {
if ($user_contact->email == $email) {
// We have passed the test
$password_form = Html::form(array(array("Enter new password", "section"), array("New password", "password", "password"), array("Confirm password", "password", "password_confirm")), $w->localUrl("auth/resetpassword?email={$email}&token={$token}"), "POST", "Reset");
$w->out($password_form);
$validData = true;
}
}
}
if (!$validData) {
$w->Log->warn("Password reset attempt failed with email: {$email}, token: {$token}");
$w->out("Invalid email or token, this incident has been logged");
}
}
function logout_GET(Web &$w)
{
if ($w->Auth->loggedIn()) {
// Unset all of the session variables.
$w->sessionDestroy();
}
$w->redirect($w->localUrl("/auth/login"));
}
/**
* Display an edit form for either creating a new
* record for ExampleData or edit an existing form.
*
* Url:
*
* /kickstart/edit/{id}
*
* @param Web $w
*/
function new_GET(Web $w)
{
// parse the url into parameters
$p = $w->pathMatch("id");
// create the edit form
$f = Html::form(array(array("New Module", "section"), array("Module Name", "text", "module_name", ""), array("Module Author", "text", "module_author", ""), array("Module Title", "text", "module_title", ""), array("Actions - one per line", "textarea", "actions", "index", null, null, "basic"), array("SQL Structure", "textarea", "sql", "", null, null, "basic")), $w->localUrl("/kickstart/new/" . $p['id']), "POST", " Save");
// circumvent the template and print straight into the layout
$w->out($f);
}
function results_GET(Web $w)
{
$response = array("success" => true, "data" => "");
$w->setLayout(null);
$q = $w->request('q');
// query
$idx = $w->request('idx');
// index
$p = $w->request('p');
// page
$ps = $w->request('ps');
// pageSize
$tr = $w->request('tr');
// total results
if ($q && strlen($q) >= 3) {
$results = $w->Search->getResults($q, $idx, $p, $ps);
if (empty($p) && empty($ps) && empty($tr)) {
$buffer = "";
if (!empty($results[0])) {
// Group results by class_name
$filter_results = array();
foreach ($results[0] as $res) {
$searchobject = $w->Search->getObject($res['class_name'], $res['object_id']);
if (!empty($searchobject)) {
$filter_results[$res['class_name']][] = $searchobject;
}
}
foreach ($filter_results as $class => $objects) {
// Transform class into readable text
$t_class = preg_replace('/(?<=\\w)(?=[A-Z])/', " \$1", $class);
$buffer .= "<div class='row search-class'><h4 style='padding-top: 10px; font-weight: lighter;'>{$t_class}</h4>";
if (!empty($objects)) {
foreach ($objects as $object) {
if ($object->canList($w->Auth->user())) {
$buffer .= '<div class="panel search-result">';
if ($object->canView($w->Auth->user())) {
$buffer .= "<a class=\"row search-title\" href=\"" . $w->localUrl($object->printSearchUrl()) . "\">{$object->printSearchTitle()}</a>" . "<div class=\"row search-listing\">{$object->printSearchListing()}</div>";
} else {
$buffer .= "<div class=\"small-12 columns search-title\">{$object->printSearchTitle()}</div><div class=\"row search-listing\">(restricted)</div>";
}
$buffer .= "</div>";
}
}
}
$buffer .= "</div>";
}
}
$response["data"] = $buffer;
}
} else {
$response["success"] = false;
$response["data"] = "Please enter at least 3 characters for searching.";
}
echo json_encode($response);
}
function editmember_GET(Web &$w)
{
$p = $w->pathMatch("repid", "userid");
// get member details for edit
$member = $w->Report->getReportMember($p['repid'], $p['userid']);
// build editable form for a member allowing change of membership type
$f = Html::form(array(array("Member Details", "section"), array("", "hidden", "report_id", $p['repid']), array("Name", "static", "name", $w->Report->getUserById($member->user_id)), array("Role", "select", "role", $member->role, $w->Report->getReportPermissions())), $w->localUrl("/report/editmember/" . $p['userid']), "POST", " Update ");
// display form
$w->setLayout(null);
$w->ctx("editmember", $f);
}
function editlookup_GET(Web &$w)
{
$p = $w->pathMatch("id", "type");
$lookup = $w->Admin->getLookupbyId($p['id']);
if ($lookup) {
$types = $w->Admin->getLookupTypes();
$f = Html::form(array(array("Edit an Existing Entry", "section"), array("Type", "select", "type", $lookup->type, $types), array("Key", "text", "code", $lookup->code), array("Value", "text", "title", $lookup->title)), $w->localUrl("/admin/editlookup/" . $lookup->id . "/" . $p['type']), "POST", " Update ");
$w->setLayout(null);
$w->out($f);
} else {
$w->msg("No such Lookup Item?", "/admin/lookup/");
}
}
function forgotpassword_GET(Web $w)
{
// Check if logged in already
$user = $w->Auth->user();
if ($w->Auth->loggedIn() && $w->Auth->allowed($user->redirect_url)) {
$w->redirect($w->localUrl(!empty($user->redirect_url) ? $user->redirect_url : "/main"));
}
// $loginform = Html::form(array(
// array("Reset Password","section"),
// array("Your Login","text","login"),
// ),$w->localUrl("auth/forgotpassword"),"POST","Reset");
// $w->out($loginform);
$w->ctx("pagetitle", "Forgot Password");
}
function deletemember_GET(Web &$w)
{
$p = $w->pathMatch("report_id", "user_id");
// get details of member to be deleted
$member = $w->Report->getReportMember($p['report_id'], $p['user_id']);
if ($member) {
// build a static form displaying members details for confirmation of delete
$f = Html::form(array(array("Confirm Delete Member", "section"), array("", "hidden", "is_deleted", "1"), array("Name", "static", "name", $w->Report->getUserById($member->user_id))), $w->localUrl("/report/deletemember/" . $member->report_id . "/" . $member->user_id), "POST", " Delete ");
} else {
$f = "No such member?";
}
// display form
$w->setLayout(null);
$w->ctx("deletemember", $f);
}
/**
* Display an edit form for either creating a new
* record for ExampleData or edit an existing form.
*
* Url:
*
* /example/edit/{id}
*
* @param Web $w
*/
function edit_GET(Web $w)
{
// parse the url into parameters
$p = $w->pathMatch("id");
// create either a new or existing object
if (isset($p['id'])) {
$data = $w->Example->getDataForId($p['id']);
} else {
$data = new ExampleData($w);
}
// create the edit form
$f = Html::form(array(array("Edit Example Data", "section"), array("Title", "text", "title", $data->title), array("Data", "text", "data", $data->data)), $w->localUrl("/example/edit/" . $p['id']), "POST", " Save ");
// circumvent the template and print straight into the layout
$w->out($f);
}
function comment_POST(Web $w)
{
$p = $w->pathMatch("comment_id", "tablename", "object_id");
$comment_id = intval($p["comment_id"]);
$comment = $comment_id > 0 ? $w->Comment->getComment($comment_id) : new Comment($w);
if ($comment === null) {
$comment = new Comment($w);
}
$comment->obj_table = $p["tablename"];
$comment->obj_id = $p["object_id"];
$comment->comment = strip_tags($w->request("comment"));
$comment->insertOrUpdate();
$redirectUrl = $w->request("redirect_url");
if (!empty($redirectUrl)) {
$w->msg("Comment saved", urldecode($redirectUrl));
} else {
$w->msg("Comment saved", $w->localUrl($_SERVER["REQUEST_URI"]));
}
}
function addmembers_GET(Web &$w)
{
$p = $w->pathMatch("id");
// get the list of report editors and admins
$members1 = $w->Auth->getUsersForRole("report_editor");
$members2 = $w->Auth->getUsersForRole("report_user");
// merge into single array
$members12 = array_merge($members1, $members2);
// strip the dumplicates. dealing with an object so no quick solution
$members = array();
foreach ($members12 as $member) {
if (!in_array($member, $members)) {
$members[] = $member;
}
}
// build form
$addUserForm = array(array("", "hidden", "report_id", $p['id']), array("Add Member", "select", "member", null, $members), array("With Role", "select", "role", "", $w->Report->getReportPermissions()));
$w->setLayout(null);
$w->ctx("addmembers", Html::form($addUserForm, $w->localUrl("/report/updatemembers/"), "POST", " Submit "));
}
function updateusergroupnotify_GET(Web &$w)
{
$p = $w->pathMatch("id");
// get task title
$title = $w->Task->getTaskGroupTitleById($p['id']);
// get member
$member = $w->Task->getMemberGroupById($p['id'], $_SESSION['user_id']);
// get user notify settings for Task Group
$notify = $w->Task->getTaskGroupUserNotify($_SESSION['user_id'], $p['id']);
if ($notify) {
foreach ($notify as $n) {
$v[$n->role][$n->type] = $n->value;
$task_creation = $n->task_creation;
$task_details = $n->task_details;
$task_comments = $n->task_comments;
$time_log = $n->time_log;
$task_documents = $n->task_documents;
$task_pages = $n->task_pages;
}
} else {
$notify = $w->Task->getTaskGroupNotify($p['id']);
if ($notify) {
foreach ($notify as $n) {
$v[$n->role][$n->type] = $n->value;
$task_creation = 1;
$task_details = 1;
$task_comments = 1;
$time_log = 1;
$task_documents = 1;
$task_pages = 1;
}
}
}
// if no user notifications and no group defaults
// set blank form - all task events on - so user can create their user notifications
if (!$v) {
$v['guest']['creator'] = 0;
$v['member']['creator'] = 0;
$v['member']['assignee'] = 0;
$v['owner']['creator'] = 0;
$v['owner']['assignee'] = 0;
$v['owner']['other'] = 0;
$task_creation = 1;
$task_details = 1;
$task_comments = 1;
$time_log = 1;
$task_documents = 1;
$task_pages = 1;
}
$f = array(array($title . " - Notifications", "section"));
// so foreach role/type lets get the values and create checkboxes
foreach ($v as $role => $types) {
if ($role == strtolower($member->role)) {
foreach ($types as $type => $value) {
$f[] = array(ucfirst($type), "checkbox", $role . "_" . $type, $value);
}
}
}
// add Task Events to form
$f[] = array("For which events should you receive Notification?", "section");
$f[] = array("Task Creation", "checkbox", "task_creation", $task_creation);
$f[] = array("Task Details Update", "checkbox", "task_details", $task_details);
$f[] = array("Comments Added", "checkbox", "task_comments", $task_comments);
$f[] = array("Time Log Entry", "checkbox", "time_log", $time_log);
$f[] = array("Documents Added", "checkbox", "task_documents", $task_documents);
$f[] = array("Pages Added", "checkbox", "task_pages", $task_pages);
$f = Html::form($f, $w->localUrl("/task/updateusergroupnotify/" . $p['id']), "POST", "Save");
$w->setLayout(null);
$w->out($f);
}
function deletegroupmember_GET(Web &$w)
{
$p = $w->pathMatch("id");
// get details of member to be deleted
$member = $w->Task->getMemberById($p['id']);
// build a static form displaying members details for confirmation of delete
$f = Html::form(array(array("Member Details", "section"), array("", "hidden", "is_active", "1"), array("Name", "static", "name", $w->Task->getUserById($member->user_id)), array("Role", "static", "role", $member->role)), $w->localUrl("/task-group/deletegroupmember/" . $member->id), "POST", " Delete ");
// display form
$w->setLayout(null);
$w->ctx("deletegroupmember", $f);
}
