/** * Lists the reports. * * @param int $page */ public function index($page = 1) { // If user doesn't have access, redirect to dashboard if (!admin::permissions($this->user, "reports_view")) { url::redirect(url::site() . 'admin/dashboard'); } $this->template->content = new View('admin/reports'); $this->template->content->title = Kohana::lang('ui_admin.reports'); //hook into the event for the reports::fetch_incidents() method Event::add('ushahidi_filter.fetch_incidents_set_params', array($this, '_add_incident_filters')); $status = "0"; if (!empty($_GET['status'])) { $status = $_GET['status']; if (strtolower($status) == 'a') { array_push($this->params, 'i.incident_active = 0'); } elseif (strtolower($status) == 'v') { array_push($this->params, 'i.incident_verified = 0'); } else { $status = "0"; } } // Get Search Keywords (If Any) if (isset($_GET['k'])) { // Brute force input sanitization // Phase 1 - Strip the search string of all non-word characters $keyword_raw = isset($_GET['k']) ? preg_replace('#/\\w+/#', '', $_GET['k']) : ""; // Strip any HTML tags that may have been missed in Phase 1 $keyword_raw = strip_tags($keyword_raw); // Phase 3 - Invoke Kohana's XSS cleaning mechanism just incase an outlier wasn't caught // in the first 2 steps $keyword_raw = $this->input->xss_clean($keyword_raw); $filter = " (" . $this->_get_searchstring($keyword_raw) . ")"; array_push($this->params, $filter); } else { $keyword_raw = ""; } // Check, has the form been submitted? $form_error = FALSE; $form_saved = FALSE; $form_action = ""; if ($_POST) { $post = Validation::factory($_POST); // Add some filters $post->pre_filter('trim', TRUE); // Add some rules, the input field, followed by a list of checks, carried out in order $post->add_rules('action', 'required', 'alpha', 'length[1,1]'); $post->add_rules('incident_id.*', 'required', 'numeric'); if ($post->validate()) { // Approve Action if ($post->action == 'a') { foreach ($post->incident_id as $item) { $update = new Incident_Model($item); if ($update->loaded == TRUE) { $update->incident_active = $update->incident_active == 0 ? '1' : '0'; // Tag this as a report that needs to be sent out as an alert if ($update->incident_alert_status != '2') { // 2 = report that has had an alert sent $update->incident_alert_status = '1'; } $update->save(); $verify = new Verify_Model(); $verify->incident_id = $item; $verify->verified_status = '1'; // Record 'Verified By' Action $verify->user_id = $_SESSION['auth_user']->id; $verify->verified_date = date("Y-m-d H:i:s", time()); $verify->save(); // Action::report_approve - Approve a Report Event::run('ushahidi_action.report_approve', $update); } } $form_action = strtoupper(Kohana::lang('ui_admin.approved')); } elseif ($post->action == 'u') { foreach ($post->incident_id as $item) { $update = new Incident_Model($item); if ($update->loaded == TRUE) { $update->incident_active = '0'; // If Alert hasn't been sent yet, disable it if ($update->incident_alert_status == '1') { $update->incident_alert_status = '0'; } $update->save(); $verify = new Verify_Model(); $verify->incident_id = $item; $verify->verified_status = '0'; // Record 'Verified By' Action $verify->user_id = $_SESSION['auth_user']->id; $verify->verified_date = date("Y-m-d H:i:s", time()); $verify->save(); // Action::report_unapprove - Unapprove a Report Event::run('ushahidi_action.report_unapprove', $update); } } $form_action = strtoupper(Kohana::lang('ui_admin.unapproved')); } elseif ($post->action == 'v') { foreach ($post->incident_id as $item) { $update = new Incident_Model($item); $verify = new Verify_Model(); if ($update->loaded == TRUE) { if ($update->incident_verified == '1') { $update->incident_verified = '0'; $verify->verified_status = '0'; } else { $update->incident_verified = '1'; $verify->verified_status = '2'; } $update->save(); $verify->incident_id = $item; // Record 'Verified By' Action $verify->user_id = $_SESSION['auth_user']->id; $verify->verified_date = date("Y-m-d H:i:s", time()); $verify->save(); } } // Set the form action $form_action = strtoupper(Kohana::lang('ui_admin.verified_unverified')); } elseif ($post->action == 'd') { foreach ($post->incident_id as $item) { $update = new Incident_Model($item); if ($update->loaded == TRUE) { $incident_id = $update->id; $location_id = $update->location_id; $update->delete(); // Delete Location ORM::factory('location')->where('id', $location_id)->delete_all(); // Delete Categories ORM::factory('incident_category')->where('incident_id', $incident_id)->delete_all(); // Delete Translations ORM::factory('incident_lang')->where('incident_id', $incident_id)->delete_all(); // Delete Photos From Directory foreach (ORM::factory('media')->where('incident_id', $incident_id)->where('media_type', 1) as $photo) { deletePhoto($photo->id); } // Delete Media ORM::factory('media')->where('incident_id', $incident_id)->delete_all(); // Delete Sender ORM::factory('incident_person')->where('incident_id', $incident_id)->delete_all(); // Delete relationship to SMS message $updatemessage = ORM::factory('message')->where('incident_id', $incident_id)->find(); if ($updatemessage->loaded == TRUE) { $updatemessage->incident_id = 0; $updatemessage->save(); } // Delete Comments ORM::factory('comment')->where('incident_id', $incident_id)->delete_all(); // Delete form responses ORM::factory('form_response')->where('incident_id', $incident_id)->delete_all(); // Action::report_delete - Deleted a Report Event::run('ushahidi_action.report_delete', $incident_id); } } $form_action = strtoupper(Kohana::lang('ui_admin.deleted')); } $form_saved = TRUE; } else { $form_error = TRUE; } } // Fetch all incidents $all_incidents = reports::fetch_incidents(); // Pagination $pagination = new Pagination(array('style' => 'front-end-reports', 'query_string' => 'page', 'items_per_page' => (int) Kohana::config('settings.items_per_page'), 'total_items' => $all_incidents->count())); Event::run('ushahidi_filter.pagination', $pagination); // Reports $incidents = Incident_Model::get_incidents(reports::$params, $pagination); Event::run('ushahidi_filter.filter_incidents', $incidents); $this->template->content->countries = Country_Model::get_countries_list(); $this->template->content->incidents = $incidents; $this->template->content->pagination = $pagination; $this->template->content->form_error = $form_error; $this->template->content->form_saved = $form_saved; $this->template->content->form_action = $form_action; // Total Reports $this->template->content->total_items = $pagination->total_items; // Status Tab $this->template->content->status = $status; // Javascript Header $this->template->js = new View('admin/reports_js'); }
/** * Lists the reports. * * @param int $page */ public function index($page = 1) { // If user doesn't have access, redirect to dashboard if (!$this->auth->has_permission("reports_view")) { url::redirect(url::site() . 'admin/dashboard'); } $this->template->content = new View('admin/reports/main'); $this->template->content->title = Kohana::lang('ui_admin.reports'); // Database table prefix $table_prefix = Kohana::config('database.default.table_prefix'); // Hook into the event for the reports::fetch_incidents() method Event::add('ushahidi_filter.fetch_incidents_set_params', array($this, '_add_incident_filters')); $status = "0"; if (!empty($_GET['status'])) { $status = $_GET['status']; if (strtolower($status) == 'a') { array_push($this->params, 'i.incident_active = 0'); } elseif (strtolower($status) == 'v') { array_push($this->params, 'i.incident_verified = 0'); } elseif (strtolower($status) == 'o') { array_push($this->params, '(ic.category_id IS NULL)'); } elseif (strtolower($status) != 'search') { $status = "0"; } } // Get Search Keywords (If Any) if (isset($_GET['k'])) { // Brute force input sanitization // Phase 1 - Strip the search string of all non-word characters $keyword_raw = isset($_GET['k']) ? preg_replace('#/\\w+/#', '', $_GET['k']) : ""; // Strip any HTML tags that may have been missed in Phase 1 $keyword_raw = strip_tags($keyword_raw); // Phase 3 - Invoke Kohana's XSS cleaning mechanism just incase an outlier wasn't caught // in the first 2 steps $keyword_raw = $this->input->xss_clean($keyword_raw); $filter = " (" . $this->_get_searchstring($keyword_raw) . ")"; array_push($this->params, $filter); } else { $keyword_raw = ""; } $this->template->content->search_form = $this->_search_form(); $this->template->content->search_form->keywords = $keyword_raw; // Handler sort/order fields $order_field = 'date'; $sort = 'DESC'; if (isset($_GET['order'])) { $order_field = html::escape($_GET['order']); } if (isset($_GET['sort'])) { $sort = strtoupper($_GET['sort']) == 'ASC' ? 'ASC' : 'DESC'; } // Check, has the form been submitted? $form_error = FALSE; $errors = array(); $form_saved = FALSE; $form_action = ""; if ($_POST) { $post = Validation::factory($_POST); // Add some filters $post->pre_filter('trim', TRUE); // Add some rules, the input field, followed by a list of checks, // carried out in order $post->add_rules('action', 'required', 'alpha', 'length[1,1]'); $post->add_rules('incident_id.*', 'required', 'numeric'); if (in_array($post->action, array('a', 'u')) and !Auth::instance()->has_permission('reports_approve')) { $post->add_error('action', 'permission'); } if ($post->action == 'v' and !Auth::instance()->has_permission('reports_verify')) { $post->add_error('action', 'permission'); } if ($post->action == 'd' and !Auth::instance()->has_permission('reports_edit')) { $post->add_error('action', 'permission'); } if ($post->action == 'a') { // sanitize the incident_ids $post->incident_id = array_map('intval', $post->incident_id); // Query to check if this report is uncategorized i.e categoryless $query = "SELECT i.* FROM " . $table_prefix . "incident i " . "LEFT JOIN " . $table_prefix . "incident_category ic ON i.id=ic.incident_id " . "LEFT JOIN " . $table_prefix . "category c ON c.id = ic.category_id " . "WHERE c.id IS NULL " . "AND i.id IN :incidentids"; $result = Database::instance()->query($query, array(':incidentids' => $post->incident_id)); // We enly approve the report IF it's categorized // throw an error if any incidents aren't categorized foreach ($result as $incident) { $post->add_error('incident_id', 'categories_required', $incident->incident_title); } } if ($post->validate()) { // Approve Action if ($post->action == 'a') { foreach ($post->incident_id as $item) { $update = new Incident_Model($item); if ($update->loaded == TRUE) { $update->incident_active = '1'; // Tag this as a report that needs to be sent out as an alert if ($update->incident_alert_status != '2') { // 2 = report that has had an alert sent $update->incident_alert_status = '1'; } $update->save(); // Record 'Verified By' Action reports::verify_approve($update); // Action::report_approve - Approve a Report Event::run('ushahidi_action.report_approve', $update); } $form_action = utf8::strtoupper(Kohana::lang('ui_admin.approved')); } } elseif ($post->action == 'u') { foreach ($post->incident_id as $item) { $update = new Incident_Model($item); if ($update->loaded == TRUE) { $update->incident_active = '0'; // If Alert hasn't been sent yet, disable it if ($update->incident_alert_status == '1') { $update->incident_alert_status = '0'; } $update->save(); // Record 'Verified By' Action reports::verify_approve($update); // Action::report_unapprove - Unapprove a Report Event::run('ushahidi_action.report_unapprove', $update); } } $form_action = utf8::strtoupper(Kohana::lang('ui_admin.unapproved')); } elseif ($post->action == 'v') { foreach ($post->incident_id as $item) { $update = new Incident_Model($item); $verify = new Verify_Model(); if ($update->loaded == TRUE) { if ($update->incident_verified == '1') { $update->incident_verified = '0'; $verify->verified_status = '0'; } else { $update->incident_verified = '1'; $verify->verified_status = '2'; } $update->save(); // Record 'Verified By' Action reports::verify_approve($update); } } // Set the form action $form_action = utf8::strtoupper(Kohana::lang('ui_admin.verified_unverified')); } elseif ($post->action == 'd') { foreach ($post->incident_id as $item) { $update = new Incident_Model($item); if ($update->loaded) { $update->delete(); } } $form_action = utf8::strtoupper(Kohana::lang('ui_admin.deleted')); } $form_saved = TRUE; } else { // Repopulate the form fields //$form = arr::overwrite($form, $post->as_array()); // Populate the error fields, if any $errors = $post->errors('reports'); $form_error = TRUE; } } // Fetch all incidents $incidents = reports::fetch_incidents(TRUE, Kohana::config('settings.items_per_page_admin')); Event::run('ushahidi_filter.filter_incidents', $incidents); $this->template->content->countries = Country_Model::get_countries_list(); $this->template->content->incidents = $incidents; $this->template->content->pagination = reports::$pagination; $this->template->content->form_error = $form_error; $this->template->content->errors = $errors; $this->template->content->form_saved = $form_saved; $this->template->content->form_action = $form_action; // Total Reports $this->template->content->total_items = reports::$pagination->total_items; // Status Tab $this->template->content->status = $status; $this->template->content->order_field = $order_field; $this->template->content->sort = $sort; $this->themes->map_enabled = TRUE; $this->themes->json2_enabled = TRUE; $this->themes->treeview_enabled = TRUE; // Javascript Header $this->themes->js = new View('admin/reports/reports_js'); }
/** * Lists the reports. * * @param int $page */ public function index($page = 1) { // If user doesn't have access, redirect to dashboard if (!admin::permissions($this->user, "reports_view")) { url::redirect(url::site() . 'admin/dashboard'); } $this->template->content = new View('admin/reports'); $this->template->content->title = Kohana::lang('ui_admin.reports'); // Database table prefix $table_prefix = Kohana::config('database.default.table_prefix'); // Hook into the event for the reports::fetch_incidents() method Event::add('ushahidi_filter.fetch_incidents_set_params', array($this, '_add_incident_filters')); $status = "0"; if (!empty($_GET['status'])) { $status = $_GET['status']; if (strtolower($status) == 'a') { array_push($this->params, 'i.incident_active = 0'); } elseif (strtolower($status) == 'v') { array_push($this->params, 'i.incident_verified = 0'); } elseif (strtolower($status) == 'o') { array_push($this->params, 'ic.category_id = 5'); } else { $status = "0"; } } // Get Search Keywords (If Any) if (isset($_GET['k'])) { // Brute force input sanitization // Phase 1 - Strip the search string of all non-word characters $keyword_raw = isset($_GET['k']) ? preg_replace('#/\\w+/#', '', $_GET['k']) : ""; // Strip any HTML tags that may have been missed in Phase 1 $keyword_raw = strip_tags($keyword_raw); // Phase 3 - Invoke Kohana's XSS cleaning mechanism just incase an outlier wasn't caught // in the first 2 steps $keyword_raw = $this->input->xss_clean($keyword_raw); $filter = " (" . $this->_get_searchstring($keyword_raw) . ")"; array_push($this->params, $filter); } else { $keyword_raw = ""; } // Check, has the form been submitted? $form_error = FALSE; $form_saved = FALSE; $form_action = ""; if ($_POST) { $post = Validation::factory($_POST); // Add some filters $post->pre_filter('trim', TRUE); // Add some rules, the input field, followed by a list of checks, // carried out in order $post->add_rules('action', 'required', 'alpha', 'length[1,1]'); $post->add_rules('incident_id.*', 'required', 'numeric'); if ($post->validate()) { // Approve Action if ($post->action == 'a') { foreach ($post->incident_id as $item) { // Database instance $db = new Database(); // Query to check if this report is uncategorized i.e categoryless $query = "SELECT ic.* FROM " . $table_prefix . "incident_category ic " . "INNER JOIN " . $table_prefix . "category c ON c.id = ic.category_id " . "INNER JOIN " . $table_prefix . "incident i ON i.id=ic.incident_id " . "WHERE c.category_title =\"NONE\" AND c.category_trusted = '1' " . "AND ic.incident_id = {$item}"; $result = $db->query($query); // Only approve the report IF it's not uncategorized // i.e the query returns a null set if (count($result) == 0) { $update = new Incident_Model($item); if ($update->loaded == TRUE) { $update->incident_active = $update->incident_active == 0 ? '1' : '0'; // Tag this as a report that needs to be sent out as an alert if ($update->incident_alert_status != '2') { // 2 = report that has had an alert sent $update->incident_alert_status = '1'; } $update->save(); $verify = new Verify_Model(); $verify->incident_id = $item; $verify->verified_status = '1'; // Record 'Verified By' Action $verify->user_id = $_SESSION['auth_user']->id; $verify->verified_date = date("Y-m-d H:i:s", time()); $verify->save(); // Action::report_approve - Approve a Report Event::run('ushahidi_action.report_approve', $update); } } $form_action = strtoupper(Kohana::lang('ui_admin.approved')); } } elseif ($post->action == 'u') { foreach ($post->incident_id as $item) { $update = new Incident_Model($item); if ($update->loaded == TRUE) { $update->incident_active = '0'; // If Alert hasn't been sent yet, disable it if ($update->incident_alert_status == '1') { $update->incident_alert_status = '0'; } $update->save(); $verify = new Verify_Model(); $verify->incident_id = $item; $verify->verified_status = '0'; // Record 'Verified By' Action $verify->user_id = $_SESSION['auth_user']->id; $verify->verified_date = date("Y-m-d H:i:s", time()); $verify->save(); // Action::report_unapprove - Unapprove a Report Event::run('ushahidi_action.report_unapprove', $update); } } $form_action = strtoupper(Kohana::lang('ui_admin.unapproved')); } elseif ($post->action == 'v') { foreach ($post->incident_id as $item) { $update = new Incident_Model($item); $verify = new Verify_Model(); if ($update->loaded == TRUE) { if ($update->incident_verified == '1') { $update->incident_verified = '0'; $verify->verified_status = '0'; } else { $update->incident_verified = '1'; $verify->verified_status = '2'; } $update->save(); $verify->incident_id = $item; // Record 'Verified By' Action $verify->user_id = $_SESSION['auth_user']->id; $verify->verified_date = date("Y-m-d H:i:s", time()); $verify->save(); } } // Set the form action $form_action = strtoupper(Kohana::lang('ui_admin.verified_unverified')); } elseif ($post->action == 'd') { foreach ($post->incident_id as $item) { $update = new Incident_Model($item); if ($update->loaded) { $update->delete(); } } $form_action = strtoupper(Kohana::lang('ui_admin.deleted')); } $form_saved = TRUE; } else { $form_error = TRUE; } } // Fetch all incidents $all_incidents = reports::fetch_incidents(); // Pagination $pagination = new Pagination(array('style' => 'front-end-reports', 'query_string' => 'page', 'items_per_page' => (int) Kohana::config('settings.items_per_page'), 'total_items' => $all_incidents->count())); Event::run('ushahidi_filter.pagination', $pagination); // Reports $incidents = Incident_Model::get_incidents(reports::$params, $pagination); Event::run('ushahidi_filter.filter_incidents', $incidents); $this->template->content->countries = Country_Model::get_countries_list(); $this->template->content->incidents = $incidents; $this->template->content->pagination = $pagination; $this->template->content->form_error = $form_error; $this->template->content->form_saved = $form_saved; $this->template->content->form_action = $form_action; // Total Reports $this->template->content->total_items = $pagination->total_items; // Status Tab $this->template->content->status = $status; // Javascript Header $this->template->js = new View('admin/reports_js'); }