function save() { $current_user =& singleton("current_user"); global $TPL; $errors = $this->validate(); if ($errors) { alloc_error($errors); } else { $existing = $this->all_row_fields; if ($existing["taskStatus"] != $this->get_value("taskStatus")) { $db = new db_alloc(); $db->query("call change_task_status(%d,'%s')", $this->get_id(), $this->get_value("taskStatus")); $row = $db->qr("SELECT taskStatus\n ,dateActualCompletion\n ,dateActualStart\n ,dateClosed\n ,closerID\n FROM task\n WHERE taskID = %d", $this->get_id()); // Changing a task's status changes these fields. // Unfortunately the call to save() below erroneously nukes these fields. // So we manually set them to whatever change_task_status() has dictated. $this->set_value("taskStatus", $row["taskStatus"]); $this->set_value("dateActualCompletion", $row["dateActualCompletion"]); $this->set_value("dateActualStart", $row["dateActualStart"]); $this->set_value("dateClosed", $row["dateClosed"]); $this->set_value("closerID", $row["closerID"]); } return parent::save(); } }
function save() { $current_user =& singleton("current_user"); $timeSheet = new timeSheet(); $timeSheet->set_id($this->get_value("timeSheetID")); $timeSheet->select(); $timeSheet->load_pay_info(); list($amount_used, $amount_allocated) = $timeSheet->get_amount_allocated("%mo"); $this->currency = $timeSheet->get_value("currencyTypeID"); $this->set_value("comment", rtrim($this->get_value("comment"))); $amount_of_item = $this->calculate_item_charge($timeSheet->get_value("currencyTypeID"), $timeSheet->get_value("customerBilledDollars")); if ($amount_allocated && $amount_of_item + $amount_used > $amount_allocated) { alloc_error("Adding this Time Sheet Item would exceed the amount allocated on the Pre-paid invoice. Time Sheet Item not saved."); } // If unit is changed via CLI if ($this->get_value("timeSheetItemDurationUnitID") && $timeSheet->pay_info["project_rateUnitID"] && $timeSheet->pay_info["project_rateUnitID"] != $this->get_value("timeSheetItemDurationUnitID") && !$timeSheet->can_edit_rate()) { alloc_error("Not permitted to edit time sheet item unit."); } if (!$this->get_value("timeSheetItemDurationUnitID") && $timeSheet->pay_info["project_rateUnitID"]) { $this->set_value("timeSheetItemDurationUnitID", $timeSheet->pay_info["project_rateUnitID"]); } // Last ditch perm checking - useful for the CLI if (!is_object($timeSheet) || !$timeSheet->get_id()) { alloc_error("Unknown time sheet."); } if ($timeSheet->get_value("status") != "edit" && !$this->skip_tsi_status_check) { alloc_error("Time sheet is not at status edit"); } if (!$this->is_owner()) { alloc_error("Time sheet is not editable for you."); } $rtn = parent::save(); $timeSheet->update_related_invoices(); return $rtn; }
function get_balance($where = array(), $debug = "") { $current_user =& singleton("current_user"); // If no status is requested then default to approved. $where["status"] or $where["status"] = "approved"; if (!$this->is_owner() && !$current_user->have_role("admin")) { return false; } // Get belance $db = new db_alloc(); $query = prepare("SELECT sum( if(fromTfID=%d,-amount,amount) * pow(10,-currencyType.numberToBasic) * exchangeRate) AS balance \n FROM transaction \n LEFT JOIN currencyType ON transaction.currencyTypeID = currencyType.currencyTypeID\n WHERE (tfID = %d or fromTfID = %d) ", $this->get_id(), $this->get_id(), $this->get_id()); // Build up the rest of the WHERE sql foreach ($where as $column_name => $value) { $op = " = "; if (is_array($value)) { $op = $value[0]; $value = $value[1]; } $query .= " AND " . $column_name . $op . " '" . db_esc($value) . "'"; } #echo "<br>".$debug." q: ".$query; $db->query($query); $db->next_record() || alloc_error("TF {$tfID} not found in tf::get_balance"); return $db->f("balance"); }
function get_value($dest = DST_VARIABLE, $parent = null) { if ($dest == DST_DATABASE) { if (isset($this->value) && imp($this->value) || $this->empty_to_null == false) { return "'" . db_esc($this->value) . "'"; } else { return "NULL"; } } else { if ($dest == DST_HTML_DISPLAY) { if ($this->type == "money" && imp($this->value)) { $c = $parent->currency; if ($this->currency && isset($parent->data_fields[$this->currency])) { $c = $parent->get_value($this->currency); } if (!$c) { alloc_error("db_field::get_value(): No currency specified for " . $parent->classname . "." . $this->name . " (currency:" . $c . ")"); } else { if ($this->value == $parent->all_row_fields[$this->name]) { return page::money($c, $this->value, "%mo"); } } } return page::htmlentities($this->value); } else { return $this->value; } } }
function apply_patch($f) { global $TPL; static $files; // Should never attempt to apply the same patch twice.. in case // there are function declarations in the .php patches. if ($files[$f]) { return; } $files[$f] = true; $db = new db_alloc(); $file = basename($f); $failed = false; $comments = array(); // This is an important patch that converts money from 120.34 to 12034. // We MUST ensure that the user has a currency set before applying this patch. if ($file == "patch-00188-alla.sql") { if (!config::get_config_item('currency')) { alloc_error("No default currency is set! Login to alloc (ignore any errors, you may need to manually change the url to config/config.php after logging in) go to Setup -> Finance and select a Main Currency. And then click the 'Update Transactions That Have No Currency' button. Then return here and apply this patch (patch-188). IT IS REALLY IMPORTANT THAT YOU FOLLOW THESE INSTRUCTIONS as the storage format for monetary amounts has changed.", true); } } // Try for sql file if (strtolower(substr($file, -4)) == ".sql") { list($sql, $comments) = parse_sql_file($f); foreach ($sql as $query) { if (!$db->query($query)) { #$TPL["message"][] = "<b style=\"color:red\">Error:</b> ".$f."<br>".$db->get_error(); $failed = true; alloc_error("<b style=\"color:red\">Error:</b> " . $f . "<br>" . $db->get_error()); } } if (!$failed) { $TPL["message_good"][] = "Successfully Applied: " . $f; } // Try for php file } else { if (strtolower(substr($file, -4)) == ".php") { $str = execute_php_file("../patches/" . $file); if ($str && !defined("FORCE_PATCH_SUCCEED_" . $file)) { #$TPL["message"][] = "<b style=\"color:red\">Error:</b> ".$f."<br>".$str; $failed = true; ob_end_clean(); alloc_error("<b style=\"color:red\">Error:</b> " . $f . "<br>" . $str); } else { $TPL["message_good"][] = "Successfully Applied: " . $f; } } } if (!$failed) { $q = prepare("INSERT INTO patchLog (patchName, patchDesc, patchDate) \n VALUES ('%s','%s','%s')", $file, implode(" ", $comments), date("Y-m-d H:i:s")); $db->query($q); } }
function save() { // Just ensure multiple 0 entries cannot be saved. if ($this->get_value("commissionPercent") == 0) { $q = prepare("SELECT * FROM projectCommissionPerson WHERE projectID = %d AND commissionPercent = 0 AND projectCommissionPersonID != %d", $this->get_value("projectID"), $this->get_id()); $db = new db_alloc(); $db->query($q); if ($db->next_record()) { $fail = true; alloc_error("Only one Time Sheet Commission is allowed to be set to 0%"); } } if (!$fail) { parent::save(); } }
function add_tsiHint($stuff) { $current_user =& singleton("current_user"); $errstr = "Failed to record new time sheet item hint. "; $username = $stuff["username"]; $people = person::get_people_by_username(); $personID = $people[$username]["personID"]; $personID or alloc_error("Person " . $username . " not found."); $taskID = $stuff["taskID"]; $projectID = $stuff["projectID"]; $duration = $stuff["duration"]; $comment = $stuff["comment"]; $date = $stuff["date"]; if ($taskID) { $task = new task(); $task->set_id($taskID); $task->select(); $projectID = $task->get_value("projectID"); $extra = " for task " . $taskID; } $projectID or alloc_error(sprintf($errstr . "No project found%s.", $extra)); $row_projectPerson = projectPerson::get_projectPerson_row($projectID, $current_user->get_id()); $row_projectPerson or alloc_error($errstr . "The person(" . $current_user->get_id() . ") has not been added to the project(" . $projectID . ")."); if ($row_projectPerson && $projectID) { // Add new time sheet item $tsiHint = new tsiHint(); $d = $date or $d = date("Y-m-d"); $tsiHint->set_value("date", $d); $tsiHint->set_value("duration", $duration); if (is_object($task)) { $tsiHint->set_value("taskID", sprintf("%d", $taskID)); } $tsiHint->set_value("personID", $personID); $tsiHint->set_value("comment", $comment); $tsiHint->save(); $ID = $tsiHint->get_id(); } if ($ID) { return array("status" => "yay", "message" => $ID); } else { alloc_error($errstr . "Time hint not added."); } }
function save() { // These need to be in here instead of validate(), because // validate is called after save() and we need these values set for save(). $this->get_value("currencyTypeID") or $this->set_value("currencyTypeID", config::get_config_item("currency")); $this->get_value("destCurrencyTypeID") or $this->set_value("destCurrencyTypeID", config::get_config_item("currency")); // The data prior to the save $old = $this->all_row_fields; if ($old["status"] != $this->get_value("status") && $this->get_value("status") == "approved") { $this->set_value("dateApproved", date("Y-m-d")); $field_changed = true; } else { if ($this->get_value("status") != "approved") { $this->set_value("dateApproved", ""); } } if ($old["currencyTypeID"] != $this->get_value("currencyTypeID")) { $field_changed = true; } if ($old["destCurrencyTypeID"] != $this->get_value("destCurrencyTypeID")) { $field_changed = true; } $db = new db_alloc(); // If there already is an exchange rate set for an approved // transaction, then there's no need to update the exchange rate if ($this->get_value("exchangeRate") && $this->get_value("dateApproved") && !$field_changed) { // Else update the transaction's exchange rate } else { $this->get_value("transactionCreatedTime") and $date = format_date("Y-m-d", $this->get_value("transactionCreatedTime")); $this->get_value("transactionModifiedTime") and $date = format_date("Y-m-d", $this->get_value("transactionModifiedTime")); $this->get_value("transactionDate") and $date = $this->get_value("transactionDate"); $this->get_value("dateApproved") and $date = $this->get_value("dateApproved"); $er = exchangeRate::get_er($this->get_value("currencyTypeID"), $this->get_value("destCurrencyTypeID"), $date); if (!$er) { alloc_error("Unable to determine exchange rate for " . $this->get_value("currencyTypeID") . " to " . $this->get_value("destCurrencyTypeID") . " for date: " . $date); } else { $this->set_value("exchangeRate", $er); } } return parent::save(); }
function PclZip($p_zipname) { //--(MAGIC-PclTrace)--//PclTraceFctStart(__FILE__, __LINE__, 'PclZip::PclZip', "zipname=$p_zipname"); // ----- Tests the zlib if (!function_exists('gzopen')) { //--(MAGIC-PclTrace)--//PclTraceFctMessage(__FILE__, __LINE__, 1, "zlib extension seems to be missing"); alloc_error('Abort ' . basename(__FILE__) . ' : Missing zlib extensions'); } // ----- Set the attributes $this->zipname = $p_zipname; $this->zip_fd = 0; $this->magic_quotes_status = -1; // ----- Return //--(MAGIC-PclTrace)--//PclTraceFctEnd(__FILE__, __LINE__, 1); return; }
* allocPSA is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public * License for more details. * * You should have received a copy of the GNU Affero General Public License * along with allocPSA. If not, see <http://www.gnu.org/licenses/>. */ require_once "../alloc.php"; if (!config::get_config_item("mainTfID")) { alloc_error("This functionality will not work until you set a Finance TF on the Setup -> Finance screen."); } $field_map = array("date" => 0, "account" => 1, "num" => 2, "description" => 3, "memo" => 4, "category" => 5, "clr" => 6, "amount" => 7); if ($_POST["upload"]) { $db = new db_alloc(); is_uploaded_file($_FILES["expenses_file"]["tmp_name"]) || alloc_error("File referred to was not an uploaded file", true); // Prevent attacks by setting $expenses_file in URL $lines = file($_FILES["expenses_file"]["tmp_name"]); reset($lines); while (list(, $line) = each($lines)) { // Ignore blank lines if (trim($line) == "") { continue; } // Read field values from the line $fields = explode("\t", $line); $date = trim($fields[$field_map["date"]]); $account = trim($fields[$field_map["account"]]); $num = trim($fields[$field_map["num"]]); $description = trim($fields[$field_map["description"]]); $memo = trim($fields[$field_map["memo"]]);
function add_comment_from_email($email_receive, $entity) { $current_user =& singleton("current_user"); $commentID = comment::add_comment($entity->classname, $entity->get_id(), $email_receive->get_converted_encoding()); $commentID or alloc_error("Unable to create an alloc comment (" . $entity->classname . ":" . $entity->get_id() . ") from email."); $comment = new comment(); $comment->set_id($commentID); $comment->select(); $comment->set_value("commentEmailUID", $email_receive->msg_uid); $comment->set_value("commentEmailMessageID", $email_receive->mail_headers["message-id"]); $comment->rename_email_attachment_dir($email_receive->dir); // Try figure out and populate the commentCreatedUser/commentCreatedUserClientContactID fields list($from_address, $from_name) = parse_email_address($email_receive->mail_headers["from"]); list($personID, $clientContactID, $from_name) = comment::get_person_and_client($from_address, $from_name, $entity->get_project_id()); $personID and $comment->set_value('commentCreatedUser', $personID); $clientContactID and $comment->set_value('commentCreatedUserClientContactID', $clientContactID); $comment->set_value("commentCreatedUserText", $email_receive->mail_headers["from"]); $comment->set_value("commentEmailMessageID", $email_receive->mail_headers["message-id"]); $comment->updateSearchIndexLater = true; $comment->skip_modified_fields = true; $comment->save(); if ($email_receive->mimebits) { comment::update_mime_parts($comment->get_id(), $email_receive->mimebits); } // CYBER-ONLY: Re-open task, if comment has been made by an external party. if (config::for_cyber() && !$comment->get_value('commentCreatedUser')) { $e = $entity->get_parent_object(); if ($e->classname == "task" && substr($e->get_value("taskStatus"), 0, 4) != "open") { $tmp = $current_user; $current_user = new person(); $personID = $e->get_value("managerID") or $personID = $e->get_value("personID") or $personID = $e->get_value("creatorID"); $current_user->load_current_user($personID); // fake identity singleton("current_user", $current_user); $e->set_value("taskStatus", "open_inprogress"); $e->save(); $current_user = $tmp; } } return $comment; }
if ($_POST["save"]) { $expenseForm->read_globals(); if ($expenseForm->get_value("reimbursementRequired") == 0 || $expenseForm->get_value("reimbursementRequired") == 1) { $expenseForm->set_value("paymentMethod", ""); } $expenseForm->set_value("seekClientReimbursement", $_POST["seekClientReimbursement"] ? 1 : 0); $expenseForm->set_value("expenseFormComment", rtrim($expenseForm->get_value("expenseFormComment"))); $expenseForm->save(); alloc_redirect($TPL["url_alloc_expenseForm"] . "expenseFormID=" . $expenseForm->get_id()); exit; } else { if ($_POST["finalise"]) { $db = new db_alloc(); $hasItems = $db->qr("SELECT * FROM transaction WHERE expenseFormID = %d", $expenseForm->get_id()); if (!$hasItems) { alloc_error("Unable to submit expense form, no items have been added."); alloc_redirect($TPL["url_alloc_expenseForm"] . "expenseFormID=" . $expenseForm->get_id()); exit; } $expenseForm->read_globals(); if ($expenseForm->get_value("reimbursementRequired") == 0 || $expenseForm->get_value("reimbursementRequired") == 1) { $expenseForm->set_value("paymentMethod", ""); } $expenseForm->set_value("seekClientReimbursement", $_POST["seekClientReimbursement"] ? 1 : 0); $expenseForm->set_value("expenseFormFinalised", 1); $expenseForm->set_value("expenseFormComment", rtrim($expenseForm->get_value("expenseFormComment"))); $expenseForm->save(); alloc_redirect($TPL["url_alloc_expenseForm"] . "expenseFormID=" . $expenseForm->get_id()); exit; } else { if ($_POST["unfinalise"]) {
function add_remove_ips($ip, $entity, $entityID, $projectID = null) { $parties = explode(",", $ip); foreach ($parties as $party) { $party = trim($party); // remove an ip if ($party[0] == "%") { list($personID, $name, $email) = interestedParty::expand_ip(implode("", array_slice(str_split($party), 1)), $projectID); interestedParty::delete_interested_party($entity, $entityID, $email); // add an ip } else { list($personID, $name, $email) = interestedParty::expand_ip($party, $projectID); if (!$email || strpos($email, "@") === false) { alloc_error("Unable to add interested party: " . $party); } else { interestedParty::add_interested_party(array("entity" => $entity, "entityID" => $entityID, "fullName" => $name, "emailAddress" => $email, "personID" => $personID)); } } } }
function get_value($field_name, $dest = DST_VARIABLE) { $field = $this->data_fields[$field_name]; if (!is_object($field)) { $msg = "Field {$field_name} does not exist in " . $this->data_table; alloc_error($msg); return $msg; } if (!$this->can_read_field($field_name)) { return "Permission denied to " . $this->permissions[$this->data_fields[$field_name]->read_perm_name] . " of " . $this->data_table . "." . $field_name; } $c = $this->currency; if (isset($this->data_fields["currencyTypeID"]) && imp($this->data_fields["currencyTypeID"]->get_value())) { $c = $this->data_fields["currencyTypeID"]->get_value(); } $c and $this->currency = $c; return $field->get_value($dest, $this); }
function add_timeSheetItem($stuff) { $current_user =& singleton("current_user"); $errstr = "Failed to record new time sheet item. "; $taskID = $stuff["taskID"]; $projectID = $stuff["projectID"]; $duration = $stuff["duration"]; $comment = $stuff["comment"]; $emailUID = $stuff["msg_uid"]; $emailMessageID = $stuff["msg_id"]; $date = $stuff["date"]; $unit = $stuff["unit"]; $multiplier = $stuff["multiplier"]; if ($taskID) { $task = new task(); $task->set_id($taskID); $task->select(); $projectID = $task->get_value("projectID"); $extra = " for task " . $taskID; } $projectID or alloc_error(sprintf($errstr . "No project found%s.", $extra)); $row_projectPerson = projectPerson::get_projectPerson_row($projectID, $current_user->get_id()); $row_projectPerson or alloc_error($errstr . "The person(" . $current_user->get_id() . ") has not been added to the project(" . $projectID . ")."); if ($row_projectPerson && $projectID) { if ($stuff["timeSheetID"]) { $q = prepare("SELECT *\n FROM timeSheet\n WHERE status = 'edit'\n AND personID = %d\n AND timeSheetID = %d\n ORDER BY dateFrom\n LIMIT 1\n ", $current_user->get_id(), $stuff["timeSheetID"]); $db = new db_alloc(); $db->query($q); $row = $db->row(); $row or alloc_error("Couldn't find an editable time sheet with that ID."); } else { $q = prepare("SELECT *\n FROM timeSheet\n WHERE status = 'edit'\n AND projectID = %d\n AND personID = %d\n ORDER BY dateFrom\n LIMIT 1\n ", $projectID, $current_user->get_id()); $db = new db_alloc(); $db->query($q); $row = $db->row(); } // If no timeSheets add a new one if (!$row) { $project = new project(); $project->set_id($projectID); $project->select(); $timeSheet = new timeSheet(); $timeSheet->set_value("projectID", $projectID); $timeSheet->set_value("status", "edit"); $timeSheet->set_value("personID", $current_user->get_id()); $timeSheet->set_value("recipient_tfID", $current_user->get_value("preferred_tfID")); $timeSheet->set_value("customerBilledDollars", page::money($project->get_value("currencyTypeID"), $project->get_value("customerBilledDollars"), "%mo")); $timeSheet->set_value("currencyTypeID", $project->get_value("currencyTypeID")); $timeSheet->save(); $timeSheetID = $timeSheet->get_id(); // Else use the first timesheet we found } else { $timeSheetID = $row["timeSheetID"]; } $timeSheetID or alloc_error($errstr . "Couldn't locate an existing, or create a new Time Sheet."); // Add new time sheet item if ($timeSheetID) { $timeSheet = new timeSheet(); $timeSheet->set_id($timeSheetID); $timeSheet->select(); $tsi = new timeSheetItem(); $tsi->currency = $timeSheet->get_value("currencyTypeID"); $tsi->set_value("timeSheetID", $timeSheetID); $d = $date or $d = date("Y-m-d"); $tsi->set_value("dateTimeSheetItem", $d); $tsi->set_value("timeSheetItemDuration", $duration); $tsi->set_value("timeSheetItemDurationUnitID", $unit); if (is_object($task)) { $tsi->set_value("description", $task->get_name()); $tsi->set_value("taskID", sprintf("%d", $taskID)); $_POST["timeSheetItem_taskID"] = sprintf("%d", $taskID); // this gets used in timeSheetItem->save(); } $tsi->set_value("personID", $current_user->get_id()); $tsi->set_value("rate", page::money($timeSheet->get_value("currencyTypeID"), $row_projectPerson["rate"], "%mo")); $tsi->set_value("multiplier", $multiplier); $tsi->set_value("comment", $comment); $tsi->set_value("emailUID", $emailUID); $tsi->set_value("emailMessageID", $emailMessageID); $tsi->save(); $id = $tsi->get_id(); $tsi = new timeSheetItem(); $tsi->set_id($id); $tsi->select(); $ID = $tsi->get_value("timeSheetID"); } } if ($ID) { return array("status" => "yay", "message" => $ID); } else { alloc_error($errstr . "Time not added."); } }
<?php /* * Copyright (C) 2006-2011 Alex Lance, Clancy Malcolm, Cyber IT Solutions * Pty. Ltd. * * This file is part of the allocPSA application <*****@*****.**>. * * allocPSA is free software: you can redistribute it and/or modify it * under the terms of the GNU Affero General Public License as published by * the Free Software Foundation, either version 3 of the License, or (at * your option) any later version. * * allocPSA is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public * License for more details. * * You should have received a copy of the GNU Affero General Public License * along with allocPSA. If not, see <http://www.gnu.org/licenses/>. */ require_once "../alloc.php"; if (!$current_user->is_employee()) { alloc_error("You do not have permission to access invoices", true); } $invoiceID = $_POST["invoiceID"] or $invoiceID = $_GET["invoiceID"]; $verbose = $_GET["verbose"]; $invoice = new invoice(); $invoice->set_id($invoiceID); $invoice->select(); $invoice->generate_invoice_file($verbose);
/** * getSendArray() returns the arguments required for Mail::send() * used to build the arguments for a mail::send() call * * Usage: * $mailtext = Full email (for example generated by a template) * $decoder = new Mail_mimeDecode($mailtext); * $parts = $decoder->getSendArray(); * if (!PEAR::isError($parts) { * list($recipents,$headers,$body) = $parts; * $mail = Mail::factory('smtp'); * $mail->send($recipents,$headers,$body); * } else { * echo $parts->message; * } * @return mixed array of recipeint, headers,body or Pear_Error * @access public * @author Alan Knowles <*****@*****.**> */ function getSendArray() { // prevent warning if this is not set $this->_decode_headers = FALSE; $headerlist = $this->_parseHeaders($this->_header); $to = ""; if (!$headerlist) { alloc_error("Mail_mimeDecode::getSendArray() message did not contain headers"); } foreach ($headerlist as $item) { $header[$item['name']] = $item['value']; switch (strtolower($item['name'])) { case "to": case "cc": case "bcc": $to .= "," . $item['value']; default: break; } } if ($to == "") { alloc_error("Mail_mimeDecode::getSendArray() message did not contain any recipents"); } $to = substr($to, 1); return array($to, $header, $this->_body); }
* under the terms of the GNU Affero General Public License as published by * the Free Software Foundation, either version 3 of the License, or (at * your option) any later version. * * allocPSA is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public * License for more details. * * You should have received a copy of the GNU Affero General Public License * along with allocPSA. If not, see <http://www.gnu.org/licenses/>. */ require_once "../alloc.php"; $info["host"] = config::get_config_item("allocEmailHost"); $info["port"] = config::get_config_item("allocEmailPort"); $info["username"] = config::get_config_item("allocEmailUsername"); $info["password"] = config::get_config_item("allocEmailPassword"); $info["protocol"] = config::get_config_item("allocEmailProtocol"); if (!$info["host"]) { alloc_error("Email mailbox host not defined, assuming email function is inactive.", true); } $email_receive = new email_receive($info); $email_receive->open_mailbox(config::get_config_item("allocEmailFolder"), OP_HALFOPEN | OP_READONLY); $email_receive->set_msg($_REQUEST["id"]); $new_nums = $email_receive->get_new_email_msg_uids(); in_array($_REQUEST["id"], (array) $new_nums) and $new = true; $mail_text = $email_receive->fetch_mail_text(); $new and $email_receive->set_unread(); // might have to "unread" the email, if it was new, i.e. set it back to new $email_receive->close(); echo nl2br(trim(page::htmlentities($mail_text)));
} $TPL["reimbursementRequired_checked"] = $transactionRepeat->get_value("reimbursementRequired") ? " checked" : ""; if ($transactionRepeat->get_value("transactionRepeatModifiedUser")) { $db->query("select username from person where personID=%d", $transactionRepeat->get_value("transactionRepeatModifiedUser")); $db->next_record(); $TPL["user"] = $db->f("username"); } if (have_entity_perm("tf", PERM_READ, $current_user, false)) { // Person can access all TF records $q = prepare("SELECT tfID AS value, tfName AS label \n FROM tf \n WHERE tfActive = 1 \n OR tf.tfID = %d \n OR tf.tfID = %d \n ORDER BY tfName", $transactionRepeat->get_value("tfID"), $transactionRepeat->get_value("fromTfID")); } else { if (have_entity_perm("tf", PERM_READ, $current_user, true)) { // Person can only read TF records that they own $q = prepare("SELECT tf.tfID AS value, tf.tfName AS label\n FROM tf, tfPerson \n WHERE tfPerson.personID=%d \n AND tf.tfID=tfPerson.tfID \n AND (tf.tfActive = 1 OR tf.tfID = %d OR tf.tfID = %d)\n ORDER BY tfName", $current_user->get_id(), $transactionRepeat->get_value("tfID"), $transactionRepeat->get_value("fromTfID")); } else { alloc_error("No permissions to generate TF list"); } } //special case for disabled TF. Include it in the list, but also add a warning message. $tf = new tf(); $tf->set_id($transactionRepeat->get_value("tfID")); if ($tf->select() && !$tf->get_value("tfActive")) { $TPL["message_help"][] = "This expense is allocated to an inactive TF. It will not create transactions."; } $tf = new tf(); $tf->set_id($transactionRepeat->get_value("fromTfID")); if ($tf->select() && !$tf->get_value("tfActive")) { $TPL["message_help"][] = "This expense is sourced from an inactive TF. It will not create transactions."; } $m = new meta("currencyType"); $currencyOps = $m->get_assoc_array("currencyTypeID", "currencyTypeID");
} // This needs to be just above the newTimeSheet_projectID logic $projectID = $timeSheet->get_value("projectID"); // If we are entering the page from a project link: New time sheet if ($_GET["newTimeSheet_projectID"] && !$projectID) { $_GET["taskID"] and $tid = "&taskID=" . $_GET["taskID"]; $projectID = $_GET["newTimeSheet_projectID"]; $db = new db_alloc(); $q = prepare("SELECT * FROM timeSheet WHERE status = 'edit' AND personID = %d AND projectID = %d", $current_user->get_id(), $projectID); $db->query($q); if ($db->next_record()) { alloc_redirect($TPL["url_alloc_timeSheet"] . "timeSheetID=" . $db->f("timeSheetID") . $tid); } } if ($_GET["newTimeSheet_projectID"] && !$db->qr("SELECT * FROM projectPerson WHERE personID = %d AND projectID = %d", $current_user->get_id(), $_GET["newTimeSheet_projectID"])) { alloc_error("You are not a member of the project (id:" . page::htmlentities($_GET["newTimeSheet_projectID"]) . "), please get a manager to add you to the project."); } $db->query($query); while ($db->row()) { $project_array[$db->f("projectID")] = $db->f("projectName"); } $TPL["timeSheet_projectName"] = $project_array[$projectID]; $TPL["timeSheet_projectID"] = $projectID; $TPL["taskID"] = $_GET["taskID"]; // Get the project record to determine which button for the edit status. if ($projectID != 0) { $project = new project(); $project->set_id($projectID); $project->select(); $projectManagers = $project->get_timeSheetRecipients(); if (!$projectManagers) {
function move_forwards() { $current_user =& singleton("current_user"); global $TPL; $status = $this->get_value("status"); $db = new db_alloc(); if ($this->get_value("clientID")) { $c = $this->get_foreign_object("client"); $extra = " for " . $c->get_value("clientName"); $taskDesc[] = ""; } $taskname1 = "Sale " . $this->get_id() . ": raise an invoice" . $extra; $taskname2 = "Sale " . $this->get_id() . ": place an order to the supplier"; $taskname3 = "Sale " . $this->get_id() . ": pay the supplier"; $taskname4 = "Sale " . $this->get_id() . ": deliver the goods / action the work"; $cyberadmin = 59; $taskDesc[] = "Sale items:"; $taskDesc[] = ""; foreach ((array) $this->get_productSaleItems() as $psiID => $psi_row) { $p = new product(); $p->set_id($psi_row["productID"]); $taskDesc[] = " " . page::money($psi_row["sellPriceCurrencyTypeID"], $psi_row["sellPrice"], "%S%mo") . " for " . $psi_row["quantity"] . " x " . $p->get_name(); $hasItems = true; } if (!$hasItems) { return alloc_error("No sale items have been added."); } $amounts = $this->get_amounts(); $taskDesc[] = ""; $taskDesc[] = "Total: " . $amounts["total_sellPrice"]; $taskDesc[] = "Total inc " . config::get_config_item("taxName") . ": " . $amounts["total_sellPrice_plus_gst"]; $taskDesc[] = ""; $taskDesc[] = "Refer to the sale in alloc for up-to-date information:"; $taskDesc[] = config::get_config_item("allocURL") . "sale/productSale.php?productSaleID=" . $this->get_id(); $taskDesc = implode("\n", $taskDesc); if ($status == "edit") { $this->set_value("status", "allocate"); $items = $this->get_productSaleItems(); foreach ($items as $r) { $psi = new productSaleItem(); $psi->set_id($r["productSaleItemID"]); $psi->select(); if (!$db->qr("SELECT transactionID FROM transaction WHERE productSaleItemID = %d", $psi->get_id())) { $psi->create_transactions(); } } } else { if ($status == "allocate") { $this->set_value("status", "admin"); // 1. from salesperson to admin $q = prepare("SELECT * FROM task WHERE projectID = %d AND taskName = '%s'", $cyberadmin, $taskname1); if (config::for_cyber() && !$db->qr($q)) { $task = new task(); $task->set_value("projectID", $cyberadmin); // Cyber Admin Project $task->set_value("taskName", $taskname1); $task->set_value("managerID", $this->get_value("personID")); // salesperson $task->set_value("personID", 67); // Cyber Support people (jane) $task->set_value("priority", 3); $task->set_value("taskTypeID", "Task"); $task->set_value("taskDescription", $taskDesc); $task->set_value("dateTargetStart", date("Y-m-d")); $task->set_value("dateTargetCompletion", date("Y-m-d", date("U") + 60 * 60 * 24 * 7)); $task->save(); $TPL["message_good"][] = "Task created: " . $task->get_id() . " " . $task->get_value("taskName"); $p1 = new person(); $p1->set_id($this->get_value("personID")); $p1->select(); $p2 = new person(); $p2->set_id(67); $p2->select(); $recipients[$p1->get_value("emailAddress")] = array("name" => $p1->get_name(), "addIP" => true, "internal" => true); $recipients[$p2->get_value("emailAddress")] = array("name" => $p2->get_name(), "addIP" => true, "internal" => true); $comment = $p2->get_name() . ",\n\n" . $taskname1 . "\n\n" . $taskDesc; $commentID = comment::add_comment("task", $task->get_id(), $comment, "task", $task->get_id()); $emailRecipients = comment::add_interested_parties($commentID, null, $recipients); // Re-email the comment out, including any attachments if (!comment::send_comment($commentID, $emailRecipients)) { alloc_error("Email failed to send."); } else { $TPL["message_good"][] = "Emailed task comment to " . $p1->get_value("emailAddress") . ", " . $p2->get_value("emailAddress") . "."; } } } else { if ($status == "admin" && $this->have_perm(PERM_APPROVE_PRODUCT_TRANSACTIONS)) { $this->set_value("status", "finished"); if ($_REQUEST["changeTransactionStatus"]) { $rows = $this->get_productSaleItems(); foreach ($rows as $row) { $ids[] = $row["productSaleItemID"]; } if ($ids) { $q = prepare("UPDATE transaction SET status = '%s' WHERE productSaleItemID in (%s)", $_REQUEST["changeTransactionStatus"], $ids); $db = new db_alloc(); $db->query($q); } } // 2. from admin to salesperson $q = prepare("SELECT * FROM task WHERE projectID = %d AND taskName = '%s'", $cyberadmin, $taskname2); if (config::for_cyber() && !$db->qr($q)) { $task = new task(); $task->set_value("projectID", $cyberadmin); // Cyber Admin Project $task->set_value("taskName", $taskname2); $task->set_value("managerID", 67); // Cyber Support people (jane) $task->set_value("personID", $this->get_value("personID")); // salesperson $task->set_value("priority", 3); $task->set_value("taskTypeID", "Task"); $task->set_value("taskDescription", $taskDesc); $task->set_value("dateTargetStart", date("Y-m-d")); $task->set_value("dateTargetCompletion", date("Y-m-d", date("U") + 60 * 60 * 24 * 7)); $task->save(); $q = prepare("SELECT * FROM task WHERE projectID = %d AND taskName = '%s'", $cyberadmin, $taskname1); $rai_row = $db->qr($q); if ($rai_row) { $task->add_pending_tasks($rai_row["taskID"]); } $order_the_hardware_taskID = $task->get_id(); $TPL["message_good"][] = "Task created: " . $task->get_id() . " " . $task->get_value("taskName"); $task->add_notification(3, 1, "Task " . $task->get_id() . " " . $taskname2, "Task status moved from pending to open.", array(array("field" => "metaPersonID", "who" => -2))); } // 3. from salesperson to admin $q = prepare("SELECT * FROM task WHERE projectID = %d AND taskName = '%s'", $cyberadmin, $taskname3); if (config::for_cyber() && !$db->qr($q)) { $task = new task(); $task->set_value("projectID", $cyberadmin); // Cyber Admin Project $task->set_value("taskName", $taskname3); $task->set_value("managerID", $this->get_value("personID")); // salesperson $task->set_value("personID", 67); // Cyber Support people (jane) $task->set_value("priority", 3); $task->set_value("taskTypeID", "Task"); $task->set_value("taskDescription", $taskDesc); $task->set_value("dateTargetStart", date("Y-m-d")); $task->set_value("dateTargetCompletion", date("Y-m-d", date("U") + 60 * 60 * 24 * 7)); $task->save(); $task->add_pending_tasks($order_the_hardware_taskID); $pay_the_supplier_taskID = $task->get_id(); $TPL["message_good"][] = "Task created: " . $task->get_id() . " " . $task->get_value("taskName"); $task->add_notification(3, 1, "Task " . $task->get_id() . " " . $taskname3, "Task status moved from pending to open.", array(array("field" => "metaPersonID", "who" => -2))); } // 4. from admin to salesperson $q = prepare("SELECT * FROM task WHERE projectID = %d AND taskName = '%s'", $cyberadmin, $taskname4); if (config::for_cyber() && !$db->qr($q)) { $task = new task(); $task->set_value("projectID", $cyberadmin); // Cyber Admin Project $task->set_value("taskName", $taskname4); $task->set_value("managerID", 67); // Cyber Support people $task->set_value("personID", $this->get_value("personID")); // salesperson $task->set_value("priority", 3); $task->set_value("taskTypeID", "Task"); $task->set_value("taskDescription", $taskDesc); $task->set_value("dateTargetStart", date("Y-m-d")); $task->set_value("dateTargetCompletion", date("Y-m-d", date("U") + 60 * 60 * 24 * 7)); $task->save(); $task->add_pending_tasks($pay_the_supplier_taskID); $TPL["message_good"][] = "Task created: " . $task->get_id() . " " . $task->get_value("taskName"); $task->add_notification(3, 1, "Task " . $task->get_id() . " " . $taskname4, "Task status moved from pending to open.", array(array("field" => "metaPersonID", "who" => -2))); } } } } }
if (stripos("tfID", $field) !== FALSE) { $result = tf::get_name($db->f($field)); } else { $result = $db->f($field); } } $TPL["result_row"] .= $start_field_separator; $TPL["result_row"] .= $quotes . $result . $quotes; if (isset($fields[$k + 1]) || !$_POST["generate_file"]) { $TPL["result_row"] .= $end_field_separator; } } $TPL["result_row"] .= $end_row_separator; $counter++; } $TPL["counter"] = "Number of rows(s): " . $counter; if ($_POST["generate_file"]) { // write to file header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header('Content-Type: application/octet-stream'); header('Content-Size: ' . strlen($TPL["result_row"])); header('Content-Disposition: attachment; filename="csv_' . mktime() . '.csv"'); echo $TPL["result_row"]; exit; } } else { alloc_error("Please select some Fields using the checkboxes."); } } $TPL["main_alloc_title"] = "Reports - " . APPLICATION_NAME; include_template("templates/reportM.tpl");
// Errors from previous iterations shouldn't affect processing of the next email db_alloc::$stop_doing_queries = false; $email_receive->set_msg($num); $email_receive->get_msg_header(); $keys = $email_receive->get_hashes(); try { // If no keys if (!$keys) { // If email sent from a known staff member $from_staff = inbox::change_current_user($email_receive->mail_headers["from"]); if ($from_staff) { inbox::convert_email_to_new_task($email_receive, true); } else { $email_receive->mark_seen(); // mark it seen so we don't poll for it again alloc_error("Could not create a task from this email. Email was not sent by a staff member. Email resides in INBOX."); } // Else if we have a key, append to comment } else { // Skip over emails that are from alloc. These emails are kept only for // posterity and should not be parsed and downloaded and re-emailed etc. if (same_email_address($email_receive->mail_headers["from"], ALLOC_DEFAULT_FROM_ADDRESS)) { $email_receive->mark_seen(); $email_receive->archive(); } else { inbox::process_one_email($email_receive); } } } catch (Exception $e) { // There may have been a database error, so let the database know it can run this next bit db_alloc::$stop_doing_queries = false;
$reminder->set_value('reminderRecuringValue', $_POST["reminder_recuring_value"]); } $reminder->set_value('reminderAdvNoticeSent', '0'); if (!$_POST["reminder_advnotice_value"]) { $reminder->set_value('reminderAdvNoticeInterval', 'No'); $reminder->set_value('reminderAdvNoticeValue', '0'); } else { $reminder->set_value('reminderAdvNoticeInterval', $_POST["reminder_advnotice_interval"]); $reminder->set_value('reminderAdvNoticeValue', $_POST["reminder_advnotice_value"]); } $reminder->set_value('reminderSubject', $_POST["reminder_subject"]); $reminder->set_value('reminderContent', rtrim($_POST["reminder_content"])); $reminder->set_value('reminderActive', sprintf("%d", $_POST["reminderActive"])); $reminder->save(); $reminder->update_recipients($recipient_keys); $returnToParent = "reminder"; $reminderID = $reminder->get_id(); $TPL["message_good"][] = "Reminder saved."; } else { if ($_POST["reminder_delete"] && $_POST["reminder_id"]) { $reminder = new reminder(); $reminder->set_id($_POST["reminder_id"]); $reminder->delete(); } } $headers = array("client" => $TPL["url_alloc_client"] . "clientID=" . $parentID . "&sbs_link=reminders", "project" => $TPL["url_alloc_project"] . "projectID=" . $parentID . "&sbs_link=reminders", "task" => $TPL["url_alloc_task"] . "taskID=" . $parentID . "&sbs_link=reminders", "home" => $TPL["url_alloc_home"], "calendar" => $TPL["url_alloc_taskCalendar"] . "personID=" . $_POST["personID"], "list" => $TPL["url_alloc_reminderList"], "reminder" => $TPL["url_alloc_reminder"] . "reminderID=" . $reminderID . "&step=3", "" => $TPL["url_alloc_reminderList"]); alloc_redirect($headers[$returnToParent]); break; default: alloc_error("Unrecognized state"); }
* License for more details. * * You should have received a copy of the GNU Affero General Public License * along with allocPSA. If not, see <http://www.gnu.org/licenses/>. */ require_once "../alloc.php"; singleton("errors_thrown", true); if (!have_entity_perm("inbox", PERM_READ, $current_user)) { alloc_error("Permission denied.", true); } $info = inbox::get_mail_info(); if (!$info["host"]) { alloc_error("Email mailbox host not defined, assuming email function is inactive.", true); } if ($_REQUEST["id"] && $_REQUEST["hash"] && !inbox::verify_hash($_REQUEST["id"], $_REQUEST["hash"])) { alloc_error("The IMAP ID for that email is no longer valid. Refresh the list and try again."); } else { if ($_REQUEST["id"] && $_REQUEST["hash"]) { $_REQUEST["archive"] && inbox::archive_email($_REQUEST); // archive the email by moving it to another folder $_REQUEST["download"] && inbox::download_email($_REQUEST); // download it to a mbox file $_REQUEST["process"] && inbox::process_email($_REQUEST); // attach it to a task etc $_REQUEST["readmail"] && inbox::read_email($_REQUEST); // mark the email as read $_REQUEST["unreadmail"] && inbox::unread_email($_REQUEST); // mark the email as unread $_REQUEST["newtask"] && inbox::process_email_to_task($_REQUEST); // use this email to create a new task $_REQUEST["taskID"] && inbox::attach_email_to_existing_task($_REQUEST);
} } } } alloc_redirect($url . $msg); exit; } // If deleting a record } else { if ($_POST["delete"]) { if ($task->can_be_deleted()) { $task->read_globals(); $task->delete(); alloc_redirect($TPL["url_alloc_taskList"]); } else { alloc_error("This task cannot be deleted. You either don't have permission, or this task has history items."); } } } // Start stuff here $task->set_values("task_"); $person = new person(); $person->set_id($task->get_value("creatorID")); $person->select(); $TPL["task_createdBy"] = $person->get_name(); $TPL["task_createdBy_personID"] = $person->get_id(); if ($task->get_value("closerID") && $task->get_value("dateClosed")) { $TPL["task_closed_by"] = person::get_fullname($task->get_value("closerID")); $TPL["task_closed_when"] = $task->get_value("dateClosed"); } $person = new person();
$_FORM["showInvoiceAmountPaid"] = true; $_FORM["showInvoiceDate"] = true; $_FORM["showInvoiceStatus"] = true; $_FORM["clientID"] = $clientID; // Restrict non-admin users records if (!$current_user->have_role("admin")) { $_FORM["personID"] = $current_user->get_id(); } $rows = invoice::get_list($_FORM); echo invoice::get_list_html($rows, $_FORM); } $client = new client(); $clientID = $_POST["clientID"] or $clientID = $_GET["clientID"]; if ($_POST["save"]) { if (!$_POST["clientName"]) { alloc_error("Please enter a Client Name."); } $client->read_globals(); $client->set_value("clientModifiedTime", date("Y-m-d")); $clientID = $client->get_id(); $client->set_values("client_"); if (!$client->get_id()) { // New client. $client->set_value("clientCreatedTime", date("Y-m-d")); $new_client = true; } if (!$TPL["message"]) { $client->save(); $clientID = $client->get_id(); $client->set_values("client_"); }
function save_invoice_timeSheet($invoiceID, $timeSheetID) { global $TPL; $invoice = new invoice($invoiceID); if ($invoice->get_value("invoiceStatus") != "finished") { $timeSheet = new timeSheet(); $timeSheet->set_id($timeSheetID); $timeSheet->select(); $timeSheet->load_pay_info(); $project = $timeSheet->get_foreign_object("project"); $date = $timeSheet->get_value("dateFrom") or $date = date("Y-m-d"); // customerBilledDollars will not be set if the actual field is blank, // and thus there won't be a usable total_customerBilledDollars. if (isset($timeSheet->pay_info["customerBilledDollars"])) { $amount = $timeSheet->pay_info["total_customerBilledDollars"]; $iiUnitPrice = $timeSheet->pay_info["customerBilledDollars"]; $iiQuantity = $timeSheet->pay_info["total_duration"]; } else { $amount = $timeSheet->pay_info["total_dollars"]; $iiUnitPrice = $amount; $iiQuantity = 1; } $q = prepare("SELECT * FROM invoiceItem WHERE invoiceID = %d AND timeSheetID = %d AND timeSheetItemID IS NULL\n ", $invoiceID, $timeSheetID); $db = new db_alloc(); $db->query($q); $row = $db->row(); $ii = new invoiceItem(); if ($row) { $ii->set_id($row["invoiceItemID"]); } $ii->set_value("invoiceID", $invoiceID); $ii->set_value("timeSheetID", $timeSheet->get_id()); $ii->set_value("iiMemo", "Time Sheet #" . $timeSheet->get_id() . " for " . person::get_fullname($timeSheet->get_value("personID")) . ", Project: " . $project->get_value("projectName")); $ii->set_value("iiQuantity", $iiQuantity); $ii->set_value("iiUnitPrice", $iiUnitPrice); $ii->set_value("iiAmount", $amount); $ii->set_value("iiDate", $date); $ii->set_value("iiTax", config::get_config_item("taxPercent")); $ii->currency = $timeSheet->get_value("currencyTypeID"); $ii->save(); } else { alloc_error("Unable to update related Invoice (ID:" . $invoiceID . ")."); } }
$c->set_id(config::get_config_item_id('rssShowProject')); $c->select(); $c->set_value("value", '0'); $c->save(); } $TPL["message"] or $TPL["message_good"] = "Saved configuration."; } else { if ($_POST["delete_logo"]) { foreach (array(ALLOC_LOGO, ALLOC_LOGO_SMALL) as $logo) { if (file_exists($logo)) { if (unlink($logo)) { $TPL["message_good"][] = "Deleted " . $logo; } } if (file_exists($logo)) { alloc_error("Unable to delete " . $logo); } } } } get_cached_table("config", true); // flush cache if (has("finance")) { $tf = new tf(); $options = $tf->get_assoc_array("tfID", "tfName"); } $TPL["mainTfOptions"] = page::select_options($options, config::get_config_item("mainTfID")); $TPL["outTfOptions"] = page::select_options($options, config::get_config_item("outTfID")); $TPL["inTfOptions"] = page::select_options($options, config::get_config_item("inTfID")); $TPL["taxTfOptions"] = page::select_options($options, config::get_config_item("taxTfID")); $TPL["expenseFormTfOptions"] = page::select_options($options, config::get_config_item("expenseFormTfID"));
function prepare() { $args = func_get_args(); if (count($args) == 1) { return $args[0]; } // First element of $args get assigned to zero index of $clean_args // Array_shift removes the first value and returns it.. $clean_args[] = array_shift($args); // The rest of $args are escaped and then assigned to $clean_args foreach ($args as $arg) { if (is_array($arg)) { foreach ((array) $arg as $v) { $str .= $comma . "'" . db_esc($v) . "'"; $comma = ","; } $clean_args[] = $str; } else { $clean_args[] = db_esc($arg); } } // Have to use this coz we don't know how many args we're gonna pass to sprintf.. $query = @call_user_func_array("sprintf", $clean_args); // Trackdown poorly formulated queries $err = error_get_last(); if ($err["type"] == 2 && in_str("sprintf", $err["message"])) { $e = new Exception(); alloc_error("Error in prepared query: \n" . $e->getTraceAsString() . "\n" . print_r($err, 1) . "\n" . print_r($clean_args, 1)); } return $query; }