function install_step_5()
{
include_config('inc_connect_install');
include_lcm('inc_meta');
include_lcm('inc_access');
global $lcm_lang_left, $lcm_lang_right;
// Either leave the form completely empty, or fill in everything
if (_request('username') || _request('name_first') || _request('name_last') || _request('email')) {
$_SESSION['form_data']['name_first'] = _request('name_first');
$_SESSION['form_data']['name_middle'] = _request('name_middle');
$_SESSION['form_data']['name_last'] = _request('name_last');
$_SESSION['form_data']['username'] = _request('username');
$_SESSION['form_data']['password'] = _request('password');
$_SESSION['form_data']['password_confirm'] = _request('password_confirm');
$_SESSION['form_data']['email'] = _request('email');
$_SESSION['form_data']['getnews'] = _request('getnews');
// Test mandatory fields, sorry for the ugly code
$mandatory = array('name_first' => 'person_input', 'name_last' => 'person_input', 'username' => 'authoredit_input', 'password' => 'authorconf_input', 'password_confirm' => 'authorconf_input', 'getnews' => 'install_input');
foreach ($mandatory as $mn => $str) {
if (!_request($mn)) {
$_SESSION['errors'][$mn] = _T($str . '_' . $mn) . ' ' . _T('warning_field_mandatory');
}
}
if (_session('password') != _session('password_confirm')) {
$_SESSION['errors']['password'] = _T('login_warning_password_dont_match');
}
if (count($_SESSION['errors'])) {
return install_step_4();
}
$query = "SELECT id_author FROM lcm_author WHERE username='******'username') . "'";
$result = lcm_query($query);
unset($id_author);
while ($row = lcm_fetch_array($result)) {
$id_author = $row['id_author'];
}
// If user exists, allow to reset a forgotten password, which is possible
// by deleting inc_connect.php and re-installing (it does not affect the DB).
if ($id_author) {
$query = "UPDATE lcm_author " . "SET name_first = '" . _session('name_first') . "', \n\t\t\t\t\tname_middle = '" . _session('name_middle') . "', \n\t\t\t\t\tname_last = '" . _session('name_last') . "', \n\t\t\t\t\tusername = '******'username') . "', \n\t\t\t\t\tdate_update = NOW(),\n\t\t\t\t\talea_actuel = '', \n\t\t\t\t\talea_futur = FLOOR(32000*RAND()), \n\t\t\t\t\tstatus = 'admin'\n\t\t\t\t WHERE id_author = " . $id_author;
lcm_query_db($query);
} else {
$query = "INSERT INTO lcm_author " . "(name_first, name_middle, name_last, username, prefs, cookie_recall, pgp, " . "password, alea_actuel, alea_futur, status, date_update, date_creation)" . "VALUES (" . "'" . _session('name_first') . "'," . "'" . _session('name_middle') . "'," . "'" . _session('name_last') . "'," . "'" . _session('username') . "'," . "'', '', '', " . "'temp'," . "''," . "FLOOR(32000*RAND())," . "'admin'," . "NOW()," . "NOW()" . ")";
lcm_query_db($query);
$id_author = lcm_insert_id('lcm_author', 'id_author');
}
//
// Set password
//
$class_auth = 'Auth_db';
include_lcm('inc_auth_db');
$auth = new $class_auth();
if (!$auth->init()) {
lcm_log("pass change: failed auth init: " . $auth->error);
$_SESSION['errors']['password'] = $auth->error;
return install_step_4();
}
if (!$auth->newpass($id_author, _session('username'), _session('password'))) {
$_SESSION['errors']['password'] = $auth->error;
}
if (count($_SESSION['errors'])) {
return install_step_4();
}
//
// Set e-mail for author
//
if (_session('email')) {
include_lcm('inc_contacts');
if (!is_existing_contact('author', $id_author, 'email_main', _session('email'))) {
add_contact('author', $id_author, 'email_main', _session('email'));
}
// Insert email as main system administrator
write_meta('email_sysadmin', _session('email'));
}
} else {
// Test if an administrator already exists
$number_admins = get_number_admins();
if (!$number_admins) {
$_SESSION['errors']['generic'] = _T('install_warning_no_admins_exist');
return install_step_4();
}
}
$site_address = read_meta('site_address');
if (!$site_address) {
global $HTTP_SERVER_VARS, $HTTP_HOST;
// Replace www.site.net/foo/name.php -> www.site.net/foo/
$site_address = $_SERVER['REQUEST_URI'];
if (!$site_address) {
$site_address = $_ENV['PHP_SELF'];
}
// [ML] unsure
$site_address = preg_replace("/\\/[^\\/]+\\.php\$/", "/", $site_address);
$site_address = 'http://' . $_SERVER['HTTP_HOST'] . $site_address;
write_meta('site_address', $site_address);
}
// Force regeneration of metas, just in case..
$lcm_meta_cache = 'inc_meta_cache.php';
if (isset($_SERVER['LcmDataDir'])) {
$lcm_meta_cache = $_SERVER['LcmDataDir'] . '/' . $lcm_meta_cache;
} else {
$lcm_meta_cache = 'inc/data/' . $lcm_meta_cache;
}
@unlink($lcm_meta_cache);
write_metas();
// Finalise installation
$lcm_config_prefix = isset($_SERVER['LcmConfigDir']) ? $_SERVER['LcmConfigDir'] : 'inc/config';
if (!@rename($lcm_config_prefix . '/inc_connect_install.php', $lcm_config_prefix . '/inc_connect.php')) {
copy($lcm_config_prefix . '/inc_connect_install.php', $lcm_config_prefix . '/inc_connect.php');
@unlink($lcm_config_prefix . '/inc_connect_install.php');
}
// If requested, send registration request to News mailing-list
if (_request('getnews') == 'yes') {
if (_session('email') && is_valid_email(_session('email'))) {
send_email("*****@*****.**", "subscribe", "subscribe", _session('email'));
send_email("*****@*****.**", "[lcm-news] subscribe " . _session('email'), "[lcm-news] subscribe " . _session('email'));
}
}
install_html_start('AUTO', '', 5);
echo "<h3><small>" . _T('install_step_last') . "</small></h3>\n";
echo "<div class='box_success'>\n";
echo "<p><b>" . _T('install_info_application_ready') . "</b></p>\n";
echo '<p align="center">' . _T('install_info_do_not_forget') . "</p>\n";
if (_request('getnews') == 'yes') {
echo '<p align="' . $lcm_lang_left . '">' . _T('install_info_subscribe_may_fail') . "</p>\n";
}
echo '<p align="' . $lcm_lang_left . '">' . _T('install_info_more_about_software', array("url" => '<a class="content_link" href="http://www.lcm.ngo-bg.org">www.lcm.ngo-bg.org</a>')) . "</p>\n";
echo "</div>\n";
echo "<form action='index.php' method='post'>\n";
echo "<div align='" . $lcm_lang_right . "'>" . "<button type='submit' name='Next'>" . _T('button_next') . " >></button> " . "</div>\n";
echo "</form>\n";
install_html_end();
}
function save()
{
$errors = $this->validate();
if (count($errors)) {
return $errors;
}
//
// Update record in database
//
if ($this->getDataInt('id_comment') > 0) {
$q = "UPDATE lcm_expense_comment SET \n\t\t\t\t\tdate_update = NOW(),\n\t\t\t\t\tcomment = '" . $this->getDataString('comment') . "'\n\t\t\t\t\tWHERE id_expense = " . $this->getDataInt('id_expense') . "\n\t\t\t\t\t AND id_comment = " . $this->getDataInt('id_comment');
lcm_query($q);
} else {
$q = "INSERT INTO lcm_expense_comment " . "(id_expense, id_author, date_creation, date_update, comment) " . "VALUES " . "(" . $this->getDataInt('id_expense') . ", " . $this->getDataInt('id_author') . ", " . "NOW()," . "NOW()," . "'" . $this->getDataString('comment') . "'" . ")";
lcm_query($q);
$this->data['id_comment'] = lcm_insert_id('lcm_expense_comment', 'id_comment');
}
// Update date_update for associated expense
$query = "UPDATE lcm_expense\n\t\t\t\t\tSET date_update = NOW()\n\t\t\t\t\tWHERE id_expense = " . $this->getDataInt('id_expense', '__ASSERT__');
lcm_query($query);
return $errors;
}
// Only admin or appointment author itself could change it
if (!($GLOBALS['author_session']['status'] === 'admin')) {
$q .= " AND id_author = " . $GLOBALS['author_session']['id_author'];
}
$result = lcm_query($q);
} else {
// Add the new appointment
$q = "INSERT INTO lcm_app SET ";
// Add case ID if available
$q .= _session('id_case') ? 'id_case=' . _session('id_case') . ',' : '';
// Add ID of the creator
$q .= 'id_author = ' . $GLOBALS['author_session']['id_author'] . ',';
// Add the rest of the fields
$q .= "{$fl}, date_update = NOW(), date_creation = NOW()";
$result = lcm_query($q);
$id_app = lcm_insert_id('lcm_app', 'id_app');
$_SESSION['form_data']['id_app'] = $id_app;
// Add relationship with the creator
lcm_query("INSERT INTO lcm_author_app SET id_app={$id_app},id_author=" . $GLOBALS['author_session']['id_author']);
// Add relationship with the parent followup (if any)
if (!empty($_SESSION['form_data']['id_followup'])) {
lcm_query("INSERT INTO lcm_app_fu SET id_app={$id_app},id_followup=" . $_SESSION['form_data']['id_followup'] . ",relation='parent'");
}
}
// Add/update appointment participants (authors)
if (_session('author')) {
$q = "INSERT INTO lcm_author_app SET id_app = {$id_app}, id_author = " . _session('author');
lcm_query($q, true);
// ignore errors
$_SESSION['errors']['author_added'] = "An author was added to the participants of this appointment.";
// TRAD
function save()
{
$errors = $this->validate();
if (count($errors)) {
return $errors;
}
//
// Update record in database
//
$cl = "name_first = '" . clean_input($this->getDataString('name_first')) . "',\n\t\t\t name_middle = '" . clean_input($this->getDataString('name_middle')) . "',\n\t\t\t name_last = '" . clean_input($this->getDataString('name_last')) . "',\n\t\t\t gender = '" . clean_input($this->getDataString('gender')) . "',\n\t\t\t notes = '" . clean_input($this->getDataString('notes')) . "'";
// ,
if ($this->getDataString('date_birth')) {
$cl .= ", date_birth = '" . $this->getDataString('date_birth') . "'";
}
$cl .= ", citizen_number = '" . clean_input($this->getDataString('citizen_number')) . "'";
$cl .= ", civil_status = '" . clean_input($this->getDataString('civil_status')) . "'";
$cl .= ", income = '" . clean_input($this->getDataString('income')) . "'";
if ($this->getDataInt('id_client') > 0) {
$q = "UPDATE lcm_client\n\t\t\t\tSET date_update = NOW(), \n\t\t\t\t\t{$cl} \n\t\t\t\tWHERE id_client = " . $this->getDataInt('id_client', '__ASSERT__');
lcm_query($q);
} else {
$q = "INSERT INTO lcm_client\n\t\t\t\t\tSET date_creation = NOW(),\n\t\t\t\t\t\tdate_update = NOW(),\n\t\t\t\t\t\t{$cl}";
$result = lcm_query($q);
$this->data['id_client'] = lcm_insert_id('lcm_client', 'id_client');
}
// Keywords
update_keywords_request('client', $this->getDataInt('id_client'));
if ($_SESSION['errors']) {
$errors = array_merge($_SESSION['errors'], $errors);
}
// Insert/update client contacts
include_lcm('inc_contacts');
update_contacts_request('client', $this->getDataInt('id_client'));
if ($_SESSION['errors']) {
$errors = array_merge($_SESSION['errors'], $errors);
}
return $errors;
}
function save()
{
$errors = $this->validate();
if (count($errors)) {
return $errors;
}
//
// Update
//
$fl = " date_start = '" . $this->getDataString('date_start') . "',\n\t\t\t\tdate_end = '" . $this->getDataString('date_end') . "',\n\t\t\t\ttype = '" . $this->getDataString('type') . "',\n\t\t\t\tsumbilled = " . $this->getDataFloat('sumbilled', 0.0);
if ($this->getDataString('type') == 'stage_change') {
// [ML] To be honest, we should "assert" most of the
// following values, but "new_stage" is the most important.
lcm_assert_value($this->getDataString('new_stage', '__ASSERT__'));
$desc = array('description' => $this->getDataString('description'), 'result' => $this->getDataString('result'), 'conclusion' => $this->getDataString('conclusion'), 'sentence' => $this->getDataString('sentence'), 'sentence_val' => $this->getDataString('sentence_val'), 'new_stage' => $this->getDataString('new_stage'));
$fl .= ", description = '" . serialize($desc) . "'";
} elseif (is_status_change($this->getDataString('type'))) {
$desc = array('description' => $this->getDataString('description'), 'result' => $this->getDataString('result'), 'conclusion' => $this->getDataString('conclusion'), 'sentence' => $this->getDataString('sentence'), 'sentence_val' => $this->getDataString('sentence_val'));
$fl .= ", description = '" . serialize($desc) . "'";
} else {
$fl .= ", description = '" . $this->getDataString('description') . "'";
}
if ($this->getDataInt('id_followup') > 0) {
// Edit of existing follow-up
$id_followup = $this->getDataInt('id_followup');
if (!allowed($this->getDataInt('id_case'), 'e')) {
lcm_panic("You don't have permission to modify this case's information. (" . $this->getDataInt('id_case') . ")");
}
// TODO: check if hiding this FU is allowed
if (allowed($this->getDataInt('id_case'), 'a') && !(is_status_change($this->getDataString('type')) || $this->getDataString('type') == 'assignment' || $this->getDataString('type') == 'unassignment')) {
if ($this->getDataString('delete')) {
$fl .= ", hidden = 'Y'";
} else {
$fl .= ", hidden = 'N'";
}
} else {
$fl .= ", hidden = 'N'";
}
$q = "UPDATE lcm_followup SET {$fl} WHERE id_followup = {$id_followup}";
$result = lcm_query($q);
// Get stage of the follow-up entry
$q = "SELECT id_stage, case_stage FROM lcm_followup WHERE id_followup = {$id_followup}";
$result = lcm_query($q);
if ($row = lcm_fetch_array($result)) {
$case_stage = lcm_assert_value($row['case_stage']);
} else {
lcm_panic("There is no such follow-up (" . $id_followup . ")");
}
// Update the related lcm_stage entry
$q = "UPDATE lcm_stage SET\n\t\t\t\t\tdate_conclusion = '" . $this->getDataString('date_end') . "',\n\t\t\t\t\tkw_result = '" . $this->getDataString('result') . "',\n\t\t\t\t\tkw_conclusion = '" . $this->getDataString('conclusion') . "',\n\t\t\t\t\tkw_sentence = '" . $this->getDataString('sentence') . "',\n\t\t\t\t\tsentence_val = '" . $this->getDataString('sentence_val') . "',\n\t\t\t\t\tdate_agreement = '" . $this->getDataString('date_end') . "'\n\t\t\t\tWHERE id_case = " . $this->getDataInt('id_case') . "\n\t\t\t\t AND kw_case_stage = '" . $case_stage . "'";
lcm_query($q);
} else {
// New follow-up
if (!allowed($this->getDataInt('id_case'), 'w')) {
lcm_panic("You don't have permission to add information to this case. (" . $this->getDataInt('id_case') . ")");
}
// Get the current case stage
$q = "SELECT id_stage, stage FROM lcm_case WHERE id_case=" . $this->getDataInt('id_case', '__ASSERT__');
$result = lcm_query($q);
if ($row = lcm_fetch_array($result)) {
$case_stage = lcm_assert_value($row['stage']);
$case_stage_id = lcm_assert_value($row['id_stage']);
} else {
lcm_panic("There is no such case (" . $this->getDataInt('id_case') . ")");
}
// Add the new follow-up
$q = "INSERT INTO lcm_followup\n\t\t\t\t\tSET id_case=" . $this->getDataInt('id_case') . ",\n\t\t\t\t\t\tid_author=" . $GLOBALS['author_session']['id_author'] . ",\n\t\t\t\t\t\t{$fl},\n\t\t\t\t\t\tid_stage = {$case_stage_id},\n\t\t\t\t\t\tcase_stage='{$case_stage}'";
lcm_query($q);
$this->data['id_followup'] = lcm_insert_id('lcm_followup', 'id_followup');
// Set relation to the parent appointment, if any
if ($this->getDataInt('id_app')) {
$q = "INSERT INTO lcm_app_fu \n\t\t\t\t\t\tSET id_app=" . $this->getDataInt('id_app') . ",\n\t\t\t\t\t\t\tid_followup=" . $this->getDataInt('id_followup', '__ASSERT__') . ",\n\t\t\t\t\t\t\trelation='child'";
$result = lcm_query($q);
}
// Update case status
$status = '';
$stage = '';
switch ($this->getDataString('type')) {
case 'conclusion':
$status = 'closed';
break;
case 'suspension':
$status = 'suspended';
break;
case 'opening':
case 'resumption':
case 'reopening':
$status = 'open';
break;
case 'merge':
$status = 'merged';
break;
case 'deletion':
$status = 'deleted';
break;
case 'stage_change':
$stage = lcm_assert_value($this->getDataString('new_stage'));
break;
}
if ($status || $stage) {
$q = "UPDATE lcm_case\n\t\t\t\t\t\tSET " . ($status ? "status='{$status}'" : '') . ($status && $stage ? ',' : '') . ($stage ? "stage='{$stage}'" : '') . "\n\t\t\t\t\t\tWHERE id_case=" . $this->getDataInt('id_case');
lcm_query($q);
// Close the lcm_stage
// XXX for now, date_agreement is not used
if ($status == 'open') {
// case is being re-opened, so erase previously entered info
$q = "UPDATE lcm_stage\n\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\tdate_conclusion = '0000-00-00 00:00:00',\n\t\t\t\t\t\t\t\tid_fu_conclusion = 0,\n\t\t\t\t\t\t\t\tkw_result = '',\n\t\t\t\t\t\t\t\tkw_conclusion = '',\n\t\t\t\t\t\t\t\tkw_sentence = '',\n\t\t\t\t\t\t\t\tsentence_val = '',\n\t\t\t\t\t\t\t\tdate_agreement = '0000-00-00 00:00:0'\n\t\t\t\t\t\t\tWHERE id_case = " . $this->getDataInt('id_case') . "\n\t\t\t\t\t\t\t AND kw_case_stage = '" . $case_stage . "'";
} else {
$q = "UPDATE lcm_stage\n\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\tdate_conclusion = '" . $this->getDataString('date_end') . "',\n\t\t\t\t\t\t\t\tid_fu_conclusion = " . $this->getDataInt('id_followup') . ",\n\t\t\t\t\t\t\t\tkw_result = '" . $this->getDataString('result') . "',\n\t\t\t\t\t\t\t\tkw_conclusion = '" . $this->getDataString('conclusion') . "',\n\t\t\t\t\t\t\t\tkw_sentence = '" . $this->getDataString('sentence') . "',\n\t\t\t\t\t\t\t\tsentence_val = '" . $this->getDataString('sentence_val') . "',\n\t\t\t\t\t\t\t\tdate_agreement = '" . $this->getDataString('date_end') . "'\n\t\t\t\t\t\t\tWHERE id_case = " . $this->getDataInt('id_case', '__ASSERT__') . "\n\t\t\t\t\t\t\t AND kw_case_stage = '" . $case_stage . "'";
}
lcm_query($q);
}
// If creating a new case stage, make new lcm_stage entry
if ($stage) {
$q = "INSERT INTO lcm_stage SET\n\t\t\t\t\t\t\tid_case = " . $this->getDataInt('id_case', '__ASSERT__') . ",\n\t\t\t\t\t\t\tkw_case_stage = '" . lcm_assert_value($stage) . "',\n\t\t\t\t\t\t\tdate_creation = NOW(),\n\t\t\t\t\t\t\tid_fu_creation = " . $this->getDataInt('id_followup');
lcm_query($q);
}
}
// Keywords
update_keywords_request('followup', $this->getDataInt('id_followup'));
return $errors;
}
function send_registration_by_email()
{
global $lcm_lang_left;
$_SESSION['form_data'] = array();
$_SESSION['errors'] = array();
$kwg_email = get_kwg_from_name('+email_main');
$form_items = array('name_first' => 'person_input_name_first', 'name_last' => 'person_input_name_last', 'email' => 'input_email', 'username' => 'authoredit_input_username');
foreach ($form_items as $field => $trad) {
$_SESSION['form_data'][$field] = _request($field);
if (!_session($field)) {
$_SESSION['errors'][$field] = _Ti($trad) . _T('warning_field_mandatory');
}
}
if (count($_SESSION['errors'])) {
lcm_header("Location: lcm_pass.php?register=yes");
exit;
}
install_html_start(_T('pass_title_register'), 'login');
// There is a risk that an author changes his e-mail after his account
// is created, to the e-mail of another person, and therefore block the
// other person from registering. But then.. this would allow the other
// person to hijack the account, so it would be a stupid DoS.
$query = "SELECT id_of_person, status FROM lcm_contact as c, lcm_author as a\n\t\tWHERE c.id_of_person = a.id_author\n\t\tAND value = '" . _session('email') . "'\n\t\tAND type_person = 'author'\n\t\tAND type_contact = " . $kwg_email['id_group'];
$result = lcm_query($query);
// Test if the user already exists
if ($row = lcm_fetch_array($result)) {
$id_author = $row['id_of_person'];
$status = $row['status'];
// TODO: if status = 'pending for validation by admin', show message
if ($status == 'trash') {
echo "<br />\n";
echo "<div class='box_error'>" . _T('pass_registration_denied') . "</div>\n";
} else {
echo "<br />\n";
echo "<div class=\"box_error\" align=\"{$lcm_lang_left}\">" . _T('pass_warning_already_registered') . "</div>\n";
return;
}
}
//
// Send identifiers by e-mail
//
include_lcm('inc_access');
include_lcm('inc_mail');
$username = get_unique_username(_session('username'));
$pass = create_random_password(8, $username);
$mdpass = md5($pass);
$open_subscription = read_meta("site_open_subscription");
if (!($open_subscription == 'yes' || $open_subscription == 'moderated')) {
lcm_panic("Subscriptions not permitted.");
}
$status = 'waiting';
if ($open_subscription == 'yes') {
$status = 'normal';
}
lcm_query("INSERT INTO lcm_author (name_first, name_last, username, password, status, date_creation, date_update) " . "VALUES ('" . _session('name_first') . "', '" . _session('name_last') . "', '{$username}', '{$mdpass}', 'normal', NOW(), NOW())");
$id_author = lcm_insert_id('lcm_author', 'id_author');
// Add e-mail to lcm_contact
lcm_query("INSERT INTO lcm_contact (type_person, type_contact, id_of_person, value)\n\t\t\tVALUES ('author', " . $kwg_email['id_group'] . ", {$id_author}, '" . _session('email') . "')");
// Prepare the e-mail to send to the user
$site_name = _T(read_meta('site_name'));
$site_address = read_meta('site_address');
$message = _T('info_greetings') . ",\n\n";
$message .= _T('pass_info_here_info', array('site_name' => $site_name, 'site_address' => $site_address)) . "\n\n";
$message .= "- " . _Ti('login_login') . " {$username}\n";
$message .= "- " . _Ti('login_password') . " {$pass}\n\n";
if ($open_subscription == 'moderated') {
$message .= _T('pass_info_moderated') . "\n\n";
}
$message .= _T('pass_info_automated_msg') . "\n\n";
if (send_email(_session('email'), "[{$site_name}] " . _T('pass_title_personal_identifier'), $message)) {
echo "<p>" . _T('pass_info_identifier_mail') . "</p>\n";
} else {
$email_admin = read_meta('email_sysadmin');
echo "<div class=\"box_error\"><p>" . _T('pass_warning_mail_failure', array('email_admin' => $email_admin)) . "</p></div>\n";
}
// If moderated, send copy to site admin
if ($open_subscription == 'moderated') {
$email_admin = read_meta('email_sysadmin');
send_email($email_admin, "[{$site_name}] " . _T('pass_title_personal_identifier'), $message);
}
}
if ($type != 'merge') {
die("This module is used for case merging only!");
}
if (!($case > 0)) {
die("Which case?");
}
// Check access rights
if (!allowed($case, 'w')) {
die("You don't have permission to add information to this case!");
}
// Create new case if $destination is 0
if ($destination == 0) {
// Create new case
$q = "INSERT INTO lcm_case SET\n\t\t\tid_case=0,\n\t\t\tdate_creation=NOW(),\n\t\t\tstatus='open'";
$result = lcm_query($q);
$destination = lcm_insert_id('lcm_case', 'id_case');
// Insert new case_author relation
$q = "INSERT INTO lcm_case_author SET\n\t\t\tid_case={$destination},\n\t\t\tid_author={$id_author},\n\t\t\tac_read=1,\n\t\t\tac_write=1,\n\t\t\tac_admin=1";
$result = lcm_query($q);
}
// Add "merged to" follow-up to the old case
$q = "INSERT INTO lcm_followup SET id_followup=0,\n\t\tid_case={$case},\n\t\tid_author={$id_author},\n\t\tdate_start=NOW(),\n\t\tdate_end=NOW(),\n\t\ttype='{$type}',\n\t\tsumbilled={$sumbilled},\n\t\tdescription='Merged to case ID:{$destination}\\n{$description}'";
$result = lcm_query($q);
// Add "merged from" follow-up to the new case
$q = "INSERT INTO lcm_followup SET\n\t\tid_followup=0,\n\t\tid_case={$destination},\n\t\tid_author={$id_author},\n\t\tdate_start=NOW(),\n\t\tdate_end=NOW(),\n\t\ttype='{$type}',\n\t\tdescription='Case ID:{$case} merged in. \\n{$description}'";
// That would cause double counting the sumbilled
// sumbilled=$sumbilled";
$result = lcm_query($q);
//
// Copy authors from the old to the new case
//
// else
// $public_access_rights .= ", pub_write=0";
if (_session('id_report') > 0) {
// Check access rights
// if (!allowed($id_report,'e')) die("You don't have permission to change this case's information!");
// If admin access is allowed, set all fields
if (true) {
$q = "UPDATE lcm_report SET {$fl} WHERE id_report = " . _session('id_report');
} else {
$q = "UPDATE lcm_report SET {$fl} WHERE id_report = " . _session('id_report');
}
lcm_query($q);
} else {
$q = "INSERT INTO lcm_report\n\t\t\tSET date_creation=NOW(),\n\t\t\t\tline_src_type = '',\n\t\t\t\tline_src_name = '',\n\t\t\t\tcol_src_type = '',\n\t\t\t\tcol_src_name = '',\n\t\t\t\tfilecustom = '',\n\t\t\t\t{$fl}";
$result = lcm_query($q);
$_SESSION['form_data']['id_report'] = lcm_insert_id('lcm_report', 'id_report');
// Insert new case_author relation
//$q = "INSERT INTO lcm_case_author SET
// id_case=$id_case,
// id_author=$id_author,
// ac_read=1,
// ac_write=1,
// ac_admin=1";
}
// Some advanced ideas for future use
//$q="INSERT INTO lcm_case SET id_case=$id_case,$fl ON DUPLICATE KEY UPDATE $fl";
//$q="INSERT INTO lcm_case $cl VALUES $vl ON DUPLICATE KEY UPDATE $fl";
// $result = lcm_query($q);
// Forward to upd_rep_field.php if custom_report
if (_session('filecustom')) {
lcm_header("Location: upd_rep_field.php?" . "rep=" . _session('id_report') . "&filecustom=" . _session('filecustom'));
function save()
{
$errors = $this->validate();
if (count($errors)) {
return $errors;
}
//
// Update record in database
//
// Record data in database
$ol = "name='" . clean_input($this->getDataString('name')) . "', " . "court_reg='" . clean_input($this->getDataString('court_reg')) . "', " . "tax_number='" . clean_input($this->getDataString('tax_number')) . "', " . "stat_number='" . clean_input($this->getDataString('stat_number')) . "', " . "notes='" . clean_input($this->getDataString('notes')) . "'";
if ($this->getDataInt('id_org') > 0) {
$q = "UPDATE lcm_org SET date_update=NOW(),{$ol} WHERE id_org = " . $this->getDataInt('id_org');
$result = lcm_query($q);
} else {
$q = "INSERT INTO lcm_org SET date_update = NOW(), date_creation = NOW(), {$ol}";
$result = lcm_query($q);
$this->setDataInt('id_org', lcm_insert_id('lcm_org', 'id_org'));
// Just by precaution
$_SESSION['form_data']['id_org'] = $this->getDataInt('id_org');
// If there is an error (ex: in contacts), we should send back to 'org_det.php?org=XX'
// not to 'org_det.php?org=0'.
$ref_upd_org = 'edit_org.php?org=' . $this->getDataInt('id_org');
}
// Keywords
update_keywords_request('org', $this->getDataInt('id_org'));
if ($_SESSION['errors']) {
$errors = array_merge($_SESSION['errors'], $errors);
}
// Insert/update client contacts
include_lcm('inc_contacts');
update_contacts_request('org', $this->getDataInt('id_org'));
if ($_SESSION['errors']) {
$errors = array_merge($_SESSION['errors'], $errors);
}
return $errors;
}
function save()
{
global $author_session;
$errors = $this->validate();
if (count($errors)) {
return $errors;
}
//
// Create the case in the database
//
/* [ML] Note: the 'case_notes' field is refered to as only 'notes'
* since the constructor of the class strips 'case_' prefixes
*/
$fl = "title='" . $this->getDataString('title') . "',\n\t\t\t\tdate_assignment = '" . $this->getDataString('date_assignment') . "',\n\t\t\t\tlegal_reason='" . $this->getDataString('legal_reason') . "',\n\t\t\t\talledged_crime='" . $this->getDataString('alledged_crime') . "',\n\t\t\t\tnotes = '" . $this->getDataString('notes') . "',\n\t\t\t status='" . $this->getDataString('status') . "',\n\t\t\t stage='" . $this->getDataString('stage') . "'";
// Put public access rights settings in a separate string
$public_access_rights = '';
/*
* [ML] Important note: the meta 'case_*_always' defines whether the user
* has the choice of whether read/write should be allowed or not. If not,
* we take the system default value in 'case_default_*'.
*/
if (read_meta('case_read_always') == 'yes' && $author_session['status'] != 'admin') {
// impose system setting
$public_access_rights .= "public=" . (int) (read_meta('case_default_read') == 'yes');
} else {
// write user selection
$public_access_rights .= "public=" . (int) ($this->getDataString('public') == 'yes');
}
if (read_meta('case_write_always') == 'yes' && $author_session['status'] != 'admin') {
// impose system setting
$public_access_rights .= ", pub_write=" . (int) (read_meta('case_default_write') == 'yes');
} else {
// write user selection
$public_access_rights .= ", pub_write=" . (int) ($this->getDataString('pub_write') == 'yes');
}
if ($this->getDataInt('id_case') > 0) {
// This is modification of existing case
$id_case = $this->getDataInt('id_case');
// Check access rights
if (!allowed($id_case, 'e')) {
lcm_panic("You don't have permission to change this case's information!");
}
// If admin access is allowed, set all fields
if (allowed($id_case, 'a')) {
$q = "UPDATE lcm_case SET {$fl},{$public_access_rights} WHERE id_case={$id_case}";
} else {
$q = "UPDATE lcm_case SET {$fl} WHERE id_case={$id_case}";
}
lcm_query($q);
// Update lcm_stage entry for case creation (of first stage!)
// [ML] This doesn't make so much sense, but better than nothing imho..
$q = "SELECT min(id_entry) as id_entry FROM lcm_stage WHERE id_case = {$id_case}";
$tmp_result = lcm_query($q);
if ($tmp_row = lcm_fetch_array($tmp_result)) {
$q = "UPDATE lcm_stage\n\t\t\t\t\tSET date_creation = '" . $this->getDataString('date_assignment') . "'\n\t\t\t\t\tWHERE id_entry = " . $tmp_row['id_entry'];
lcm_query($q);
}
} else {
// This is new case
$q = "INSERT INTO lcm_case SET id_stage = 0, date_creation = NOW(), date_update = NOW(), {$fl},{$public_access_rights}";
$result = lcm_query($q);
$id_case = lcm_insert_id('lcm_case', 'id_case');
$id_author = $author_session['id_author'];
$this->data['id_case'] = $id_case;
// Insert new case_author relation
// [AG] The user creating case should always have 'admin' access right, otherwise only admin could add new user(s) to the case
$q = "INSERT INTO lcm_case_author SET\n\t\t\t\tid_case = {$id_case},\n\t\t\t\tid_author = {$id_author},\n\t\t\t\tac_read=1,\n\t\t\t\tac_write=1,\n\t\t\t\tac_edit=" . (int) (read_meta('case_allow_modif') == 'yes') . ",\n\t\t\t\tac_admin=1";
$result = lcm_query($q);
// Get author information
$q = "SELECT *\n\t\t\t\tFROM lcm_author\n\t\t\t\tWHERE id_author={$id_author}";
$result = lcm_query($q);
$author_data = lcm_fetch_array($result);
// Add 'assignment' followup to the case
$q = "INSERT INTO lcm_followup\n\t\t\t\tSET id_case = {$id_case}, \n\t\t\t\t\tid_stage = 0,\n\t\t\t\t\tid_author = {$id_author},\n\t\t\t\t\ttype = 'assignment',\n\t\t\t\t\tcase_stage = '" . $this->getDataString('stage') . "',\n\t\t\t\t\tdate_start = NOW(),\n\t\t\t\t\tdate_end = NOW(),\n\t\t\t\t\tsumbilled = 0,\n\t\t\t\t\tdescription='" . $id_author . "'";
lcm_query($q);
$id_followup = lcm_insert_id('lcm_followup', 'id_followup');
// Add lcm_stage entry
$q = "INSERT INTO lcm_stage SET\n\t\t\t\tid_case = {$id_case},\n\t\t\t\t\t\tkw_case_stage = '" . $this->getDataString('stage') . "',\n\t\t\t\t\t\tdate_creation = '" . $this->getDataString('date_assignment') . "',\n\t\t\t\t\t\tid_fu_creation = {$id_followup}";
lcm_query($q);
$id_stage = lcm_insert_id('lcm_stage', 'id_entry');
// Update the id_stage entry for lcm_case
lcm_query("UPDATE lcm_case SET id_stage = {$id_stage} WHERE id_case = {$id_case}");
lcm_query("UPDATE lcm_followup SET id_stage = {$id_stage} WHERE id_followup = {$id_followup}");
}
// Keywords
update_keywords_request('case', $this->getDataInt('id_case'));
$stage = get_kw_from_name('stage', $this->getDataString('stage'));
$id_stage = $stage['id_keyword'];
update_keywords_request('stage', $id_case, $id_stage);
return $errors;
}
function update_keyword($id_keyword)
{
$kw_title = _request('kw_title');
$kw_name = _request('kw_name');
// only for new keyword
$kw_desc = _request('kw_desc');
$kw_ac_author = _request('kw_ac_author');
// show/hide keyword
$kw_hasvalue = _request('kw_hasvalue');
// show field to enter text value
$kw_idgroup = intval(_request('id_group'));
//
// Check for errors
//
if (!$id_keyword) {
// new keyword
global $system_kwg;
if (!$kw_idgroup) {
lcm_panic("update_keyword: missing or badly formatted id_keyword or id_group");
}
$kwg_info = get_kwg_from_id($kw_idgroup);
if (!$kw_name) {
$_SESSION['errors']['name'] = _Ti('keywords_input_name') . _T('warning_field_mandatory');
}
if (isset($system_kwg[$kwg_info['name']]['keywords'][$kw_name])) {
// XXX [ML] what about user keywords?
$_SESSION['errors']['name'] = _Ti('keywords_input_name') . _T('keywords_warning_kw_code_exists');
}
}
if (!$kw_title) {
$_SESSION['errors']['title'] = _Ti('keywords_input_name') . _T('warning_field_mandatory');
}
if (count($_SESSION['errors'])) {
lcm_header("Location: " . $_SERVER['HTTP_REFERER']);
exit;
}
//
// Apply to database
//
$fl = "description = '{$kw_desc}',\n\t\t\ttitle = '{$kw_title}' ";
if ($kw_ac_author == 'Y' || $kw_ac_author == 'N') {
$fl .= ", ac_author = '{$kw_ac_author}'";
}
if ($kw_hasvalue == 'Y' || $kw_hasvalue == 'N') {
$query .= ", hasvalue = '{$kw_hasvalue}'";
}
if (!$id_keyword) {
// new
$query = "INSERT INTO lcm_keyword\n\t\t\t\tSET id_group = {$kw_idgroup}, \n\t\t\t\t\tname = '{$kw_name}',\n\t\t\t\t\t{$fl} ";
lcm_query($query);
$id_keyword = lcm_insert_id('lcm_keyword', 'id_keyword');
$kw_info = get_kw_from_id($id_keyword);
// for redirection later
} else {
// Get current info about keyword (don't trust the user)
$kw_info = get_kw_from_id($id_keyword);
$query = "UPDATE lcm_keyword\n\t\t\t\t\tSET {$fl}\n\t\t\t\t\tWHERE id_keyword = " . $id_keyword;
lcm_query($query);
}
write_metas();
// update inc_meta_cache.php
$tab = $kw_info['type'] == 'system' ? 'system' : 'user';
lcm_header("Location: keywords.php?tab=" . $tab . "#" . $kw_info['kwg_name']);
exit;
}
}
// Author status can only be changed by admins
if ($author_session['status'] == 'admin') {
$fl .= ", status = '" . _session('status') . "'";
}
if (_session('id_author') > 0) {
$q = "UPDATE lcm_author \n\t\t\tSET {$fl} \n\t\t\tWHERE id_author = " . _session('id_author');
$result = lcm_query($q);
} else {
if (count($errors)) {
header("Location: edit_author.php?author=0");
exit;
}
$q = "INSERT INTO lcm_author SET date_creation = NOW(), username = '', password = '', {$fl}";
$result = lcm_query($q);
$_SESSION['form_data']['id_author'] = lcm_insert_id('lcm_author', 'id_author');
$_SESSION['form_data']['id_author'] = _session('id_author');
}
//
// Change password (if requested)
//
if (_session('usr_new_passwd') || !_session('username_old')) {
change_password();
}
//
// Change username
//
if (_session('username') != _session('username_old') || !_session('username_old')) {
change_username(_session('id_author'), _session('username_old'), _session('username'));
}
//
