Exemplo n.º 1
0
	You should have received a copy of the GNU General Public License along 
	with this program; if not, write to the Free Software Foundation, Inc.,
    59 Temple Place, Suite 330, Boston, MA  02111-1307, USA

	$Id: lcm_upgrade.php,v 1.16 2006/06/01 13:19:27 mlutfy Exp $
*/
include 'inc/inc_version.php';
include_lcm('inc_presentation');
include_lcm('inc_meta');
include_lcm('inc_auth');
global $lcm_db_version;
// Check dir permissions: if we upgrade the LCM files, the permissions
// of the directories may have changed.
// c.f. Mateusz Hołysz (1148727224.9101.18.camel@localhost.localdomain)
if (_request('dirs_ok') != 1) {
    lcm_header('Location: lcm_test_dirs.php?url=' . urlencode("lcm_upgrade.php?dirs_ok=1"));
    exit;
}
// Usually done in inc.php, but we cannot include it otherwise
// it will loop on "please upgrade your database".
if (!include_data_exists('inc_meta_cache')) {
    write_metas();
}
$current_version = read_meta('lcm_db_version');
// Quite unlikely to happen, because it would cause warnings
// But let's be paranoid, nothing to loose..
if (!$current_version) {
    lcm_log("lcm_upgrade: meta is misbehaving, searching in DB");
    $query = "SELECT value FROM lcm_meta WHERE name = 'lcm_db_version'";
    $result = lcm_query($query);
    if ($row = lcm_fetch_array($result)) {
Exemplo n.º 2
0
$_SESSION['form_data']['id_org'] = intval(_session('id_org', 0));
$ref_upd_org = 'edit_org.php?org=' . _session('id_org');
if ($_SERVER['HTTP_REFERER']) {
    $ref_upd_org = $_SERVER['HTTP_REFERER'];
}
//
// Update data
//
$obj_org = new LcmOrg(_session('id_org'));
$errs = $obj_org->save();
if (count($errs)) {
    $_SESSION['errors'] = array_merge($_SESSION['errors'], $errs);
    lcm_header("Location: " . $ref_upd_org);
    exit;
}
//
// Attach to case
//
if (_session('attach_case')) {
    lcm_query("INSERT INTO lcm_case_client_org\n\t\t\t\tSET id_case = " . _session('attach_case') . ",\n\t\t\t\t\tid_org = " . $obj_org->getDataInt('id_org'));
}
//
// Go to the 'view details' page of the organisation
//
// small reminder, if the client was created from the "add client to case" (Case details)
$attach = "";
if (_session('attach_case')) {
    $attach = "&attach_case=" . _session('attach_case');
}
lcm_header('Location: org_det.php?org=' . $obj_org->getDataInt('id_org', '__ASSERT__') . $attach);
Exemplo n.º 3
0
    if (include_custom_report_exists(_request('filecustom'))) {
        include_custom_report(_request('filecustom'));
        $obj = new CustomReportSpecs();
        $do_update = false;
        $query = "UPDATE lcm_report SET ";
        if ($info = $obj->getReportLine()) {
            $query .= "line_src_type = '" . $info['type'] . "',\n\t\t\t\t\t\tline_src_name = '" . $info['name'] . "'";
            $do_update = true;
        }
        if ($info = $obj->getReportCol()) {
            if ($do_update) {
                $query .= ", ";
            }
            $query .= " col_src_type = '" . $info['type'] . "'";
            // Ignore if name not set, or name restricts the choice (ex:  keyword that applies to 'case')
            if (!$info['name'] || substr($info['name'], 0, 4) == 'FOR:') {
                $query .= ", col_src_name = '' ";
            } else {
                $query .= ", col_src_name = '" . $info['name'] . "' ";
            }
            $do_update = true;
        }
        if ($do_update) {
            lcm_query($query);
        }
    } else {
        $_SESSION['errors']['filecustom'] = "Custom report file does not exist: " . htmlspecialchars(_request('filecustom'));
    }
}
lcm_header("Location: rep_det.php?rep=" . $rep . $ref_tag);
Exemplo n.º 4
0
        lcm_query($q);
    }
} else {
    lcm_panic("Query returned no results.");
}
///////////////////////////////////////////////////////////////////////
//	Consequent appointment information update
///////////////////////////////////////////////////////////////////////
if (isset($_SESSION['form_data']['add_appointment'])) {
    // No errors, proceed with database update
    $fl = "\ttype\t\t= '" . clean_input($_SESSION['form_data']['app_type']) . "',\n\t\ttitle\t\t= '" . clean_input($_SESSION['form_data']['app_title']) . "',\n\t\tdescription\t= '" . clean_input($_SESSION['form_data']['app_description']) . "',\n\t\tstart_time\t= '" . $_SESSION['form_data']['app_start_time'] . "',\n\t\tend_time\t= '" . $_SESSION['form_data']['app_end_time'] . "',\n\t\treminder\t= '" . $_SESSION['form_data']['app_reminder'] . "'\n\t\t";
    // Add the new appointment
    $q = "INSERT INTO lcm_app SET ";
    // Add case ID
    $q .= 'id_case = ' . $_SESSION['form_data']['id_case'] . ',';
    // Add ID of the creator
    $q .= 'id_author = ' . $GLOBALS['author_session']['id_author'] . ',';
    // Add the rest of the fields
    $q .= "{$fl}, date_creation = NOW()";
    $result = lcm_query($q);
    // Get new appointment's ID
    $id_app = lcm_insert_id('lcm_app', 'id_app');
    $_SESSION['form_data']['id_app'] = $id_app;
    // Add relationship with the creator
    lcm_query("INSERT INTO lcm_author_app SET id_app={$id_app},id_author=" . $GLOBALS['author_session']['id_author']);
    // Add followup relation
    lcm_query("INSERT INTO lcm_app_fu SET id_app={$id_app},id_followup={$id_followup},relation='parent'");
}
// Send user back to add/edit page's referer or (default) to followup detail page
lcm_header('Location: fu_det.php?followup=' . $id_followup);
exit;
Exemplo n.º 5
0
            @chmod($my_dir, 0700);
        }
        // I doubt this will work, if above failed, but try anyway
        if (!test_write($my_dir)) {
            @chmod($my_dir, 0770);
        }
        if (!test_write($my_dir)) {
            @chmod($my_dir, 0777);
        }
        if (!test_write($my_dir)) {
            array_push($bad_dirs, "<li>" . $my_dir . "</li>\n");
        }
    } else {
        array_push($absent_dirs, "<li>" . $my_dir . "</li>\n");
    }
}
if (!empty($bad_dirs)) {
    $bad_dirs = join(" ", $bad_dirs);
    bad_dirs($bad_dirs, $test_dir, $install);
} else {
    if (!empty($absent_dirs)) {
        $absent_dirs = join(" ", $absent_dirs);
        absent_dirs($absent_dirs, $test_dir);
    } else {
        if ($install) {
            lcm_header("Location: install.php?step=1");
        } else {
            lcm_header("Location: " . $dest_url);
        }
    }
}
Exemplo n.º 6
0
$rep = intval(_request('rep', 0));
if (!$rep) {
    lcm_header('Location: listreps.php');
    exit;
}
//
// Show title and description of the report
//
$q = "SELECT *\n\t\tFROM lcm_report\n\t\tWHERE id_report = " . $rep;
$result = lcm_query($q);
if (!($rep_info = lcm_fetch_array($result))) {
    lcm_panic("Report # " . $rep . " doest not exist.");
}
if (!$rep_info['line_src_name'] && !$rep_info['filecustom']) {
    $_SESSION['errors']['rep_line'] = _T('rep_warning_atleastlineinfo');
    lcm_header('Location: rep_det.php?rep=' . $rep);
    exit;
}
if ($rep_info['filecustom']) {
    include_custom_report($rep_info['filecustom']);
    $report = new CustomReportGen(intval(_request('rep')), _request('export', 'html'), _request('debug'));
} else {
    $report = new LcmReportGenUI(intval(_request('rep')), _request('export', 'html'), _request('debug'));
}
$report->printStartDoc($rep_info['title'], $rep_info['description'], 'report_intro');
if ($rep_info['line_src_type'] == 'table') {
    $my_line_table = "lcm_" . $rep_info['line_src_name'];
} else {
    $my_line_table = $rep_info['line_src_name'];
}
//
Exemplo n.º 7
0
    $ret['html'] .= "</p>\n";
    $ret['html'] .= "</form>\n";
    return $ret;
}
global $prefs;
global $author_session;
$author = intval(_request('author'));
if (!($author > 0)) {
    lcm_header("Location: listauthors.php");
    exit;
}
// Get author data
$q = "SELECT *\n\t\tFROM lcm_author\n\t\tWHERE id_author = {$author}";
$result = lcm_query($q);
if (!($author_data = lcm_fetch_array($result))) {
    lcm_header("Location: listauthors.php");
    exit;
}
$fullname = get_person_name($author_data);
lcm_page_start(_T('title_author_view') . ' ' . $fullname, '', '', 'authors_intro');
// Show tabs
if ($author == $author_session['id_author'] || $author_session['status'] == 'admin') {
    $groups = array('general' => array('name' => _T('generic_tab_general'), 'tooltip' => _T('generic_subtitle_general', array('author' => $fullname))), 'cases' => array('name' => _T('generic_tab_cases'), 'tooltip' => _T('author_subtitle_cases', array('author' => $fullname))), 'followups' => array('name' => _T('generic_tab_followups'), 'tooltip' => _T('author_subtitle_followups', array('author' => $fullname))), 'appointments' => array('name' => _T('generic_tab_agenda'), 'tooltip' => _T('author_subtitle_appointments', array('author' => $fullname))), 'times' => array('name' => _T('generic_tab_reports'), 'tooltip' => _T('author_subtitle_reports', array('author' => $fullname))), 'attachments' => array('name' => _T('generic_tab_documents'), 'tooltip' => _T('author_subtitle_attachments', array('author' => $fullname))));
} else {
    $groups = array('general' => array('name' => _T('generic_tab_general'), 'tooltip' => _T('generic_subtitle_general', array('author' => $fullname))), 'cases' => array('name' => _T('generic_tab_cases'), 'tooltip' => _T('author_subtitle_cases', array('author' => $fullname))));
}
$tab = isset($_GET['tab']) ? $_GET['tab'] : 'general';
// [ML] $_SERVER['REQUEST_URI']);
// [ML] Forcing 'author_det.php' else some vars really get carried for nothing (see fu tab + dates)
show_tabs($groups, $tab, "author_det.php?author={$author}");
echo '<fieldset class="info_box">';
Exemplo n.º 8
0
}
$_SESSION['errors'] = array();
if (isset($_POST['rem_file']) && is_array($_POST['rem_file']) && count($_POST['rem_file']) > 0) {
    $rem_files = join(',', $_POST['rem_file']);
    $result = lcm_query("UPDATE lcm_{$type}_attachment\n\t\t\t\tSET date_removed=NOW(),content=NULL\n\t\t\t\tWHERE id_{$type}={$id_type}\n\t\t\t\tAND id_attachment IN ({$rem_files})");
}
if (strlen($_FILES['filename']['name']) > 0) {
    $_SESSION['user_file'] = $_FILES['filename'];
    $_SESSION['user_file']['description'] = _request('description');
    $filename = $_SESSION['user_file']['tmp_name'];
    if (is_uploaded_file($filename) && $_SESSION['user_file']['size'] > 0) {
        $file = fopen($filename, "r");
        $file_contents = fread($file, filesize($filename));
        $file_contents = addslashes($file_contents);
        $q = "INSERT INTO lcm_{$type}_attachment\n\t\t\tSET\tid_{$type}={$id_type},\n\t\t\t\tid_author=" . $GLOBALS['author_session']['id_author'] . ",\n\t\t\t\tfilename='" . $_SESSION['user_file']['name'] . "',\n\t\t\t\ttype='" . $_SESSION['user_file']['type'] . "',\n\t\t\t\tsize=" . $_SESSION['user_file']['size'] . ",\n\t\t\t\tdescription='" . $_SESSION['user_file']['description'] . "',\n\t\t\t\tcontent='{$file_contents}',\n\t\t\t\tdate_attached=NOW()\n\t\t\t";
        $result = lcm_query($q);
        $user_file = array();
    } else {
        // Handle errors
        if ($_SESSION['user_file']['error'] > 0) {
            $cause = array(UPLOAD_ERR_OK => 'The file was uploaded successfully!', UPLOAD_ERR_INI_SIZE => 'The file size exceeds the "upload_max_filesize" directive in php.ini.', UPLOAD_ERR_FORM_SIZE => 'The file size exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.', UPLOAD_ERR_PARTIAL => 'The file was uploaded only partially.', UPLOAD_ERR_NO_FILE => 'No file was uploaded!', UPLOAD_ERR_NO_TMP_DIR => 'Missing a temporary folder.');
            // TRAD
            $_SESSION['errors']['file'] = $cause[$_SESSION['user_file']['error']];
        } else {
            $_SESSION['errors']['file'] = 'Empty file or access denied!';
            // TRAD
        }
    }
}
lcm_header("Location: " . $_SERVER['HTTP_REFERER']);
Exemplo n.º 9
0
        }
    }
}
// Add organisation to case
if (isset($_REQUEST['orgs'])) {
    foreach ($_REQUEST['orgs'] as $key => $value) {
        $orgs[$key] = intval($value);
    }
    if ($orgs) {
        foreach ($orgs as $org) {
            $q = "INSERT INTO lcm_case_client_org\n\t\t\t\t\tSET id_case = {$case},\n\t\t\t\t\t\tid_org = {$org}";
            lcm_query($q);
        }
    }
}
// Remove client from case
if (isset($_REQUEST['id_del_client'])) {
    foreach ($_REQUEST['id_del_client'] as $id_client) {
        $q = "DELETE FROM lcm_case_client_org\n\t\t\tWHERE id_case = {$case}\n\t\t\tAND id_client = {$id_client}";
        $result = lcm_query($q);
    }
}
// Remove organisation from case
if (isset($_REQUEST['id_del_org'])) {
    foreach ($_REQUEST['id_del_org'] as $id_org) {
        $q = "DELETE FROM lcm_case_client_org\n\t\t\tWHERE id_case = {$case}\n\t\t\tAND id_org = {$id_org}";
        $result = lcm_query($q);
    }
}
lcm_header("Location: " . $destination . "#clients");
Exemplo n.º 10
0
function show_login($cible, $prive = 'prive', $message_login = '')
{
    $error = '';
    $login = _request('var_login');
    $logout = _request('var_logout');
    // If the cookie fails, inc_auth tried to redirect to lcm_cookie who
    // then tried to put a cookie. If it is not there, it is "cookie failed"
    // who is there, and it's probably a bookmark on privet=yes and not
    // a cookie failure.
    $cookie_failed = "";
    if (_request('var_cookie_failed')) {
        $cookie_failed = $_COOKIE['lcm_session'] != 'cookie_test_failed';
    }
    global $author_session;
    global $lcm_session;
    global $clean_link;
    if (!$cible) {
        // cible = destination
        $cible = new Link(_request('var_url', 'index.php'));
    }
    $cible->delVar('var_erreur');
    $cible->delVar('var_url');
    $cible->delVar('var_cookie_failed');
    $clean_link->delVar('var_erreur');
    $clean_link->delVar('var_login');
    $clean_link->delVar('var_cookie_failed');
    $url = $cible->getUrl();
    // This populates the $author_session variable
    include_lcm('inc_session');
    verifier_visiteur();
    if ($author_session and !$logout and ($author_session['status'] == 'admin' or $author_session['status'] == 'normal')) {
        if ($url != $GLOBALS['clean_link']->getUrl()) {
            lcm_header("Location: " . $cible->getUrlForHeader());
        }
        // [ML] This is making problems for no reason, we use login only
        // for one mecanism (entering the system).
        // echo "<a href='$url'>"._T('login_this_way')."</a>\n";
        echo "<a class='content_link' href='index.php'>" . _T('login_this_way') . "</a>\n";
        return;
    }
    if (_request('var_erreur') == 'pass') {
        $error = _T('login_password_incorrect');
    }
    // The login is memorized in the cookie for a possible future admin login
    if (!$login && isset($_COOKIE['lcm_admin'])) {
        if (preg_match("/^@(.*)\$/", $_COOKIE['lcm_admin'], $regs)) {
            $login = $regs[1];
        }
    } else {
        if ($login == '-1') {
            $login = '';
        }
    }
    // other sources for authentication
    $flag_autres_sources = isset($GLOBALS['ldap_present']) ? $GLOBALS['ldap_present'] : '';
    // What informations to pass?
    if ($login) {
        $status_login = 0;
        // unknown status
        $login = clean_input($login);
        $query = "SELECT id_author, status, password, prefs, alea_actuel, alea_futur \n\t\t\t\t\tFROM lcm_author \n\t\t\t\t\tWHERE username='******'";
        $result = lcm_query($query);
        if ($row = lcm_fetch_array($result)) {
            if ($row['status'] == 'trash' or $row['password'] == '') {
                $status_login = -1;
                // deny
            } else {
                $status_login = 1;
                // known login
                // Which infos to pass for the javascript ?
                $id_author = $row['id_author'];
                $alea_actuel = $row['alea_actuel'];
                // for MD5
                $alea_futur = $row['alea_futur'];
                // Button for lenght of connection
                if ($row['prefs']) {
                    $prefs = unserialize($row['prefs']);
                    $rester_checked = $prefs['cnx'] == 'perma' ? ' checked=\'checked\'' : '';
                }
            }
        }
        // Unknown login (except LDAP) or refused
        if ($status_login == -1 or $status_login == 0 and !$flag_autres_sources) {
            $error = _T('login_identifier_unknown', array('login' => htmlspecialchars(clean_output($login))));
            $login = '';
            // [ML] Not sure why this was here, but headers are already sent
            // therefore it causes an error message (which is not shown, but
            // might make a mess, knowing how PHP runs differently everywhere..)
            // @lcm_setcookie('lcm_admin', '', time() - 3600);
        }
    }
    // Javascript for the focus
    if ($login) {
        $js_focus = 'document.form_login.session_password.focus();';
    } else {
        $js_focus = 'document.form_login.var_login.focus();';
    }
    // [ML] we should probably add a help link here, since tech, but let's see
    // how many users complain first, since this should affect only tech users
    if ($cookie_failed == "yes") {
        $error = _T('login_warning_cookie');
    }
    echo open_login();
    // [ML] Looks like there is no reason why to use $clean_link (defined in inc_version.php)
    // It would cause very strange bugs when the "feed_globals()" were removed from inc_version
    // and in the end, well, it looks rather useless.
    //
    // Strange bugs were caused because $action would be "./" and therefore it
    // would call index.php -> listcases.php -> includes inc_auth.php who then
    // calls auth(), who redirects to the login page.
    $action = $clean_link->getUrl();
    // $action = "lcm_login.php";
    if ($login) {
        // Shows the login form, including the MD5 javascript
        $flag_challenge_md5 = true;
        if ($flag_challenge_md5) {
            echo '<script type="text/javascript" src="inc/md5.js"></script>';
        }
        echo "\n";
        echo '<form name="form_login" action="lcm_cookie.php" method="post"';
        if ($flag_challenge_md5) {
            echo " onsubmit='if (this.session_password.value) {\n\t\t\t\tthis.session_password_md5.value = calcMD5(\"{$alea_actuel}\" + this.session_password.value);\n\t\t\t\tthis.next_session_password_md5.value = calcMD5(\"{$alea_futur}\" + this.session_password.value);\n\t\t\t\tthis.session_password.value = \"\"; }'";
        }
        echo ">\n";
        echo "<div class='main_login_box' style='text-align:" . $GLOBALS["lcm_lang_left"] . ";'>\n";
        if ($error) {
            echo "<div style='color:red;'><b>" . _T('login_access_denied') . " {$error}</b></div><br />\n";
        }
        if ($flag_challenge_md5) {
            // This is printed with javascript so that it is hidden from navigators not
            // using JS, since they will see the username field anyway.
            echo "<script type=\"text/javascript\"><!--\n" . "document.write('" . addslashes(_T('login_login')) . " <b>{$login}</b><br/>" . "<font size=\\'2\\'><a href=\\'lcm_cookie.php?cookie_admin=no&amp;url=" . rawurlencode($action) . "\\' class=\\'link_btn\\'>" . _T('login_other_identifier') . "</a></font>');\n" . "//--></script>\n";
            // If javascript is active, we pass the login in the hidden field
            echo "<input type='hidden' name='session_login_hidden' value='{$login}' />";
            // If javascript is not active, the login is still modifiable
            // (since the challenge is not used)
            echo "<noscript>";
        }
        echo "\t<label for='session_login'><b>" . _T('login_login') . "</b> (" . _T('login_info_login') . ")<br /></label>";
        echo "\t<input type='text' name='session_login' id='session_login' class='forml' value=\"{$login}\" size='40' />\n";
        if ($flag_challenge_md5) {
            echo "</noscript>\n";
        }
        echo "\t<p />\n";
        echo "\t<label for='session_password'><b>" . _T('login_password') . "</b><br /></label>";
        echo "\t<input type='password' name='session_password' id='session_password' class='forml' value=\"\" size='40' />\n";
        echo "\t<input type='hidden' name='essai_login' value='oui' />\n";
        echo "\t<br />&nbsp;&nbsp;&nbsp;&nbsp;<input type='checkbox' name='session_remember' value='yes' id='session_remember'{$rester_checked} /> ";
        echo "\t<label for='session_remember'>" . _T('login_remain_logged_on') . "</label>";
        echo "\t<input type='hidden' name='url' value='{$url}' />\n";
        echo "\t<input type='hidden' name='session_password_md5' value='' />\n";
        echo "\t<input type='hidden' name='next_session_password_md5' value='' />\n";
        echo "<div align='right'><input class='button_login' type='submit' value='" . _T('button_validate') . "' /></div>\n";
        echo "</div>";
        echo "</form>";
    } else {
        // Ask only for the login/username
        $action = quote_amp($action);
        echo "<form name='form_login' action='{$action}' method='post'>\n";
        echo "<div class='main_login_box' style='text-align:" . $GLOBALS["lcm_lang_left"] . ";'>";
        if ($error) {
            echo "<span style='color:red;'><b>" . _T('login_access_denied') . " {$error}</b></span><p />";
        }
        echo "<label><b>" . _T('login_login') . '</b> (' . _T('login_info_login') . ')' . "<br /></label>";
        echo "<input type='text' name='var_login' class='forml' value=\"\" size='40' />\n";
        echo "<input type='hidden' name='var_url' value='{$url}' />\n";
        echo "<div align='right'><input class='button_login' type='submit' value='" . _T('button_validate') . "' /></div>\n";
        echo "</div>";
        echo "</form>";
    }
    // Focus management
    echo "<script type=\"text/javascript\"><!--\n" . $js_focus . "\n//--></script>\n";
    // Start the login footer
    echo "<div align='left' style='font-size: 12px;' >";
    echo "<div class='lang_combo_box'>" . menu_languages() . "</div>\n";
    // button for "forgotten password"
    include_lcm('inc_mail');
    if (server_can_send_email()) {
        echo '<a href="lcm_pass.php?pass_forgotten=yes" target="lcm_pass" onclick="' . "javascript:window.open(this.href, 'lcm_pass', 'scrollbars=yes, resizable=yes, width=640, height=280'); return false;\" class=\"link_btn\">" . _T('login_password_forgotten') . '</a>';
    }
    $register_popup = 'href="lcm_pass.php?register=yes" target="lcm_pass" ' . ' onclick="' . "javascript:window.open('lcm_pass.php?register=yes', 'lcm_pass', 'scrollbars=yes, resizable=yes, width=640, height=500'); return false;\"";
    $open_subscription = read_meta("site_open_subscription");
    if ($open_subscription == 'yes' || $open_subscription == 'moderated') {
        echo "&nbsp;&nbsp;&nbsp;<a {$register_popup} class=\"link_btn\">" . _T('login_register') . '</a>';
    }
    echo "</div>\n";
    echo close_login();
}
Exemplo n.º 11
0
	WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
	for more details.

	You should have received a copy of the GNU General Public License along
	with this program; if not, write to the Free Software Foundation, Inc.,
	59 Temple Place, Suite 330, Boston, MA  02111-1307, USA

	$Id: client_det.php,v 1.56 2007/01/12 17:37:04 mlutfy Exp $
*/
include 'inc/inc.php';
include_lcm('inc_contacts');
include_lcm('inc_obj_client');
$client = intval(_request('client'));
if (!($client > 0)) {
    lcm_header("Location: listclients.php");
    exit;
}
$q = "SELECT *\n\t\tFROM lcm_client as c\n\t\tWHERE c.id_client = {$client}";
$result = lcm_query($q);
if (!($row = lcm_fetch_array($result))) {
    die("ERROR: There is no such client in the database.");
}
lcm_page_start(_T('title_client_view') . ' ' . get_person_name($row), '', '', 'clients_intro');
/* Saved for future use
			// Check for access rights
			if (!($row['public'] || allowed($client,'r'))) {
				die("You don't have permission to view this client details!");
			}
			$edit = allowed($client,'w');
		*/
Exemplo n.º 12
0
	or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
	for more details.

	You should have received a copy of the GNU General Public License along
	with this program; if not, write to the Free Software Foundation, Inc.,
	59 Temple Place, Suite 330, Boston, MA  02111-1307, USA

	$Id: org_det.php,v 1.36 2007/01/12 17:36:15 mlutfy Exp $
*/
include 'inc/inc.php';
include_lcm('inc_acc');
include_lcm('inc_contacts');
include_lcm('inc_obj_org');
$org = intval(_request('org'));
if (!($org > 0)) {
    lcm_header("Location: listorgs.php");
    exit;
}
$q = "SELECT *\n\t\tFROM lcm_org\n\t\tWHERE id_org = {$org}";
$result = lcm_query($q);
if (!($row = lcm_fetch_array($result))) {
    die("ERROR: There is no such organisation in the database.");
}
lcm_page_start(_T('title_org_view') . ' ' . $row['name'], '', '', 'clients_intro');
//
// Access control
//
$ac = get_ac_org($org);
if (!$ac['r']) {
    die("Access denied");
}
Exemplo n.º 13
0
function update_keyword($id_keyword)
{
    $kw_title = _request('kw_title');
    $kw_name = _request('kw_name');
    // only for new keyword
    $kw_desc = _request('kw_desc');
    $kw_ac_author = _request('kw_ac_author');
    // show/hide keyword
    $kw_hasvalue = _request('kw_hasvalue');
    // show field to enter text value
    $kw_idgroup = intval(_request('id_group'));
    //
    // Check for errors
    //
    if (!$id_keyword) {
        // new keyword
        global $system_kwg;
        if (!$kw_idgroup) {
            lcm_panic("update_keyword: missing or badly formatted id_keyword or id_group");
        }
        $kwg_info = get_kwg_from_id($kw_idgroup);
        if (!$kw_name) {
            $_SESSION['errors']['name'] = _Ti('keywords_input_name') . _T('warning_field_mandatory');
        }
        if (isset($system_kwg[$kwg_info['name']]['keywords'][$kw_name])) {
            // XXX [ML] what about user keywords?
            $_SESSION['errors']['name'] = _Ti('keywords_input_name') . _T('keywords_warning_kw_code_exists');
        }
    }
    if (!$kw_title) {
        $_SESSION['errors']['title'] = _Ti('keywords_input_name') . _T('warning_field_mandatory');
    }
    if (count($_SESSION['errors'])) {
        lcm_header("Location: " . $_SERVER['HTTP_REFERER']);
        exit;
    }
    //
    // Apply to database
    //
    $fl = "description = '{$kw_desc}',\n\t\t\ttitle = '{$kw_title}' ";
    if ($kw_ac_author == 'Y' || $kw_ac_author == 'N') {
        $fl .= ", ac_author = '{$kw_ac_author}'";
    }
    if ($kw_hasvalue == 'Y' || $kw_hasvalue == 'N') {
        $query .= ", hasvalue = '{$kw_hasvalue}'";
    }
    if (!$id_keyword) {
        // new
        $query = "INSERT INTO lcm_keyword\n\t\t\t\tSET id_group = {$kw_idgroup}, \n\t\t\t\t\tname = '{$kw_name}',\n\t\t\t\t\t{$fl} ";
        lcm_query($query);
        $id_keyword = lcm_insert_id('lcm_keyword', 'id_keyword');
        $kw_info = get_kw_from_id($id_keyword);
        // for redirection later
    } else {
        // Get current info about keyword (don't trust the user)
        $kw_info = get_kw_from_id($id_keyword);
        $query = "UPDATE lcm_keyword\n\t\t\t\t\tSET {$fl}\n\t\t\t\t\tWHERE id_keyword = " . $id_keyword;
        lcm_query($query);
    }
    write_metas();
    // update inc_meta_cache.php
    $tab = $kw_info['type'] == 'system' ? 'system' : 'user';
    lcm_header("Location: keywords.php?tab=" . $tab . "#" . $kw_info['kwg_name']);
    exit;
}
Exemplo n.º 14
0
$obj_client = new LcmClient(_session('id_client'));
$errs = $obj_client->save();
if (count($errs)) {
    $_SESSION['errors'] = array_merge($_SESSION['errors'], $errs);
    lcm_header("Location: " . $ref_upd_client);
    exit;
}
//
// Attach to case
//
if (_session('attach_case')) {
    lcm_query("INSERT INTO lcm_case_client_org\n\t\t\t\tSET id_case = " . _session('attach_case') . ",\n\t\t\t\t\tid_client = " . $obj_client->getDataInt('id_client'));
}
//
// Add organisation
// [ML] 2007-01-11: not clear what this does. probably w.r.t "client represents orgs".
//
if (_session('new_org')) {
    $q = "REPLACE INTO lcm_client_org\n\t\tVALUES (" . _session('id_client') . ',' . _session('new_org') . ")";
    $result = lcm_query($q);
}
//
// Go to the 'view details' page of the author
//
// small reminder, if the client was created from the "add client to case" (Case details)
$attach = "";
if (_session('attach_case')) {
    $attach = "&attach_case=" . _session('attach_case');
}
lcm_header('Location: client_det.php?client=' . $obj_client->getDataInt('id_client', '__ASSERT__') . $attach);
Exemplo n.º 15
0
//
// Create or update case data
//
$case = new LcmCase($id_case);
$errs = $case->save();
if (count($errs)) {
    $_SESSION['errors'] = array_merge($_SESSION['errors'], $errs);
    lcm_header("Location: " . $_SERVER['HTTP_REFERER']);
    exit;
}
//
// Create follow-up data
//
if (_request('add_fu')) {
    include_lcm('inc_obj_fu');
    $fu = new LcmFollowup(0, $case->getDataInt('id_case'));
    $errs = $fu->save();
    if (count($errs)) {
        $_SESSION['errors'] = array_merge($_SESSION['errors'], $errs);
        lcm_header("Location: " . $_SERVER['HTTP_REFERER']);
        exit;
    }
}
$send_to = _request('ref_edit_case', "case_det.php?case=" . $case->getDataInt('id_case'));
// Send to add_client if any client/org to attach
if (_session('attach_client') || _session('attach_org')) {
    lcm_header("Location: add_client.php?case=" . $case->getDataInt('id_case') . (_session('attach_client') ? "&clients[]=" . _session('attach_client') : '') . (_session('attach_org') ? "&orgs[]=" . _session('attach_org') : '') . "&ref_sel_client=" . rawurlencode($send_to));
    exit;
}
lcm_header("Location: " . $send_to);
Exemplo n.º 16
0
$id_expense = _request('id_expense', 0);
$id_comment = _request('id_comment', 0);
$edit_comment = _request('edit_comment', 0);
$ref_url = "edit_exp.php?expense={$id_expense}&edit_comment={$edit_comment}&c={$id_comment}";
if ($_SERVER['HTTP_REFERER']) {
    $ref_url = $_SERVER['HTTP_REFERER'];
}
//
// Update data
//
if ($id_comment || $edit_comment) {
    $obj = new LcmExpenseComment($id_expense, $id_comment);
    $errs = $obj->save($true);
    if (!count($errs) && _request('new_exp_status')) {
        $obj = new LcmExpense($id_expense);
        $errs = $obj->setStatus(_request('new_exp_status'));
    }
} else {
    $obj = new LcmExpense($id_expense);
    $errs = $obj->save();
}
if (count($errs)) {
    $_SESSION['errors'] = array_merge($_SESSION['errors'], $errs);
    lcm_header("Location: " . $ref_url);
    exit;
}
//
// Go to the 'view details' page
//
lcm_header('Location: exp_det.php?expense=' . $obj->getDataInt('id_expense', '__ASSERT__'));
Exemplo n.º 17
0
    // Check access rights
    // if (!allowed($id_report,'e')) die("You don't have permission to change this case's information!");
    // If admin access is allowed, set all fields
    if (true) {
        $q = "UPDATE lcm_report SET {$fl} WHERE id_report = " . _session('id_report');
    } else {
        $q = "UPDATE lcm_report SET {$fl} WHERE id_report = " . _session('id_report');
    }
    lcm_query($q);
} else {
    $q = "INSERT INTO lcm_report\n\t\t\tSET date_creation=NOW(),\n\t\t\t\tline_src_type = '',\n\t\t\t\tline_src_name = '',\n\t\t\t\tcol_src_type = '',\n\t\t\t\tcol_src_name = '',\n\t\t\t\tfilecustom = '',\n\t\t\t\t{$fl}";
    $result = lcm_query($q);
    $_SESSION['form_data']['id_report'] = lcm_insert_id('lcm_report', 'id_report');
    // Insert new case_author relation
    //$q = "INSERT INTO lcm_case_author SET
    //		id_case=$id_case,
    //		id_author=$id_author,
    //		ac_read=1,
    //		ac_write=1,
    //		ac_admin=1";
}
// Some advanced ideas for future use
//$q="INSERT INTO lcm_case SET id_case=$id_case,$fl ON DUPLICATE KEY UPDATE $fl";
//$q="INSERT INTO lcm_case $cl VALUES $vl ON DUPLICATE KEY UPDATE $fl";
// $result = lcm_query($q);
// Forward to upd_rep_field.php if custom_report
if (_session('filecustom')) {
    lcm_header("Location: upd_rep_field.php?" . "rep=" . _session('id_report') . "&filecustom=" . _session('filecustom'));
} else {
    lcm_header("Location: rep_det.php?rep=" . _session('id_report'));
}
Exemplo n.º 18
0
            $params[$k] = $k . '=' . urlencode($v);
        }
        lcm_header('Location: edit_app.php?' . join('&', $params));
        exit;
    }
    // Send user back to add/edit page's referer or (default) to appointment detail page
    switch (_session('submit')) {
        case 'add_author':
        case 'add_client':
            // Go back to edit the same appointment. Save the original referer
            lcm_header('Location: ' . $_SERVER['HTTP_REFERER']);
            break;
        case 'add':
            // Go back to the edit page's referer
            unset($_SESSION['errors']);
            lcm_header('Location: ' . _session('ref_edit_app', "app_det.php?app={$id_app}"));
            break;
        case 'addnew':
            // Open new appointment. Save the original referer
            unset($_SESSION['errors']);
            lcm_header('Location: edit_app.php?app=0&ref=' . _session('ref_edit_app', "app_det.php?app={$id_app}"));
            break;
        case 'adddet':
        case 'submit':
        default:
            // Go to appointment details
            unset($_SESSION['errors']);
            lcm_header("Location: app_det.php?app={$id_app}");
    }
    exit;
}
Exemplo n.º 19
0
function send_registration_by_email()
{
    global $lcm_lang_left;
    $_SESSION['form_data'] = array();
    $_SESSION['errors'] = array();
    $kwg_email = get_kwg_from_name('+email_main');
    $form_items = array('name_first' => 'person_input_name_first', 'name_last' => 'person_input_name_last', 'email' => 'input_email', 'username' => 'authoredit_input_username');
    foreach ($form_items as $field => $trad) {
        $_SESSION['form_data'][$field] = _request($field);
        if (!_session($field)) {
            $_SESSION['errors'][$field] = _Ti($trad) . _T('warning_field_mandatory');
        }
    }
    if (count($_SESSION['errors'])) {
        lcm_header("Location: lcm_pass.php?register=yes");
        exit;
    }
    install_html_start(_T('pass_title_register'), 'login');
    // There is a risk that an author changes his e-mail after his account
    // is created, to the e-mail of another person, and therefore block the
    // other person from registering. But then.. this would allow the other
    // person to hijack the account, so it would be a stupid DoS.
    $query = "SELECT id_of_person, status FROM lcm_contact as c, lcm_author as a\n\t\tWHERE c.id_of_person = a.id_author\n\t\tAND value = '" . _session('email') . "'\n\t\tAND type_person = 'author'\n\t\tAND type_contact = " . $kwg_email['id_group'];
    $result = lcm_query($query);
    // Test if the user already exists
    if ($row = lcm_fetch_array($result)) {
        $id_author = $row['id_of_person'];
        $status = $row['status'];
        // TODO: if status = 'pending for validation by admin', show message
        if ($status == 'trash') {
            echo "<br />\n";
            echo "<div class='box_error'>" . _T('pass_registration_denied') . "</div>\n";
        } else {
            echo "<br />\n";
            echo "<div class=\"box_error\" align=\"{$lcm_lang_left}\">" . _T('pass_warning_already_registered') . "</div>\n";
            return;
        }
    }
    //
    // Send identifiers by e-mail
    //
    include_lcm('inc_access');
    include_lcm('inc_mail');
    $username = get_unique_username(_session('username'));
    $pass = create_random_password(8, $username);
    $mdpass = md5($pass);
    $open_subscription = read_meta("site_open_subscription");
    if (!($open_subscription == 'yes' || $open_subscription == 'moderated')) {
        lcm_panic("Subscriptions not permitted.");
    }
    $status = 'waiting';
    if ($open_subscription == 'yes') {
        $status = 'normal';
    }
    lcm_query("INSERT INTO lcm_author (name_first, name_last, username, password, status, date_creation, date_update) " . "VALUES ('" . _session('name_first') . "', '" . _session('name_last') . "', '{$username}', '{$mdpass}', 'normal', NOW(), NOW())");
    $id_author = lcm_insert_id('lcm_author', 'id_author');
    // Add e-mail to lcm_contact
    lcm_query("INSERT INTO lcm_contact (type_person, type_contact, id_of_person, value)\n\t\t\tVALUES ('author', " . $kwg_email['id_group'] . ", {$id_author}, '" . _session('email') . "')");
    // Prepare the e-mail to send to the user
    $site_name = _T(read_meta('site_name'));
    $site_address = read_meta('site_address');
    $message = _T('info_greetings') . ",\n\n";
    $message .= _T('pass_info_here_info', array('site_name' => $site_name, 'site_address' => $site_address)) . "\n\n";
    $message .= "- " . _Ti('login_login') . " {$username}\n";
    $message .= "- " . _Ti('login_password') . " {$pass}\n\n";
    if ($open_subscription == 'moderated') {
        $message .= _T('pass_info_moderated') . "\n\n";
    }
    $message .= _T('pass_info_automated_msg') . "\n\n";
    if (send_email(_session('email'), "[{$site_name}] " . _T('pass_title_personal_identifier'), $message)) {
        echo "<p>" . _T('pass_info_identifier_mail') . "</p>\n";
    } else {
        $email_admin = read_meta('email_sysadmin');
        echo "<div class=\"box_error\"><p>" . _T('pass_warning_mail_failure', array('email_admin' => $email_admin)) . "</p></div>\n";
    }
    // If moderated, send copy to site admin
    if ($open_subscription == 'moderated') {
        $email_admin = read_meta('email_sysadmin');
        send_email($email_admin, "[{$site_name}] " . _T('pass_title_personal_identifier'), $message);
    }
}
Exemplo n.º 20
0
function auth()
{
    global $INSECURE, $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_COOKIE_VARS, $REMOTE_USER, $PHP_AUTH_USER, $PHP_AUTH_PW;
    global $auth_can_disconnect;
    global $connect_id_auteur, $connect_nom, $connect_bio, $connect_email;
    global $connect_nom_site, $connect_url_site, $connect_login, $connect_pass;
    global $connect_activer_imessage, $connect_activer_messagerie;
    global $connect_status;
    global $author_session, $prefs;
    global $clean_link;
    // This reloads $GLOBALS['db_ok'], just in case
    include_config('inc_connect');
    // If there is not SQL connection, quit.
    if (!$GLOBALS['db_ok']) {
        include_lcm('inc_presentation');
        lcm_html_start("Technical problem", "install");
        // annoy sql_errno()
        echo "\n<!-- \n";
        echo "\t* Flag connect: " . $GLOBALS['flag_connect'] . "\n\t";
        lcm_query("SELECT count(*) from lcm_meta");
        echo "\n-->\n\n";
        echo "<div align='left' style='width: 600px;' class='box_error'>\n";
        echo "\t<h3>" . _T('title_technical_problem') . "</h3>\n";
        echo "\t<p>" . _T('info_technical_problem_database') . "</p>\n";
        if (lcm_sql_errno()) {
            echo "\t<p><tt>" . lcm_sql_errno() . " " . lcm_sql_error() . "</tt></p>\n";
        } else {
            echo "\t<p><tt>No error diagnostic was provided.</tt></p>\n";
        }
        echo "</div>\n";
        lcm_html_end();
        return false;
    }
    // Initialise variables (avoid URL hacks)
    $auth_login = "";
    $auth_pass = "";
    $auth_pass_ok = false;
    $auth_can_disconnect = false;
    // Fetch identification data from authentication session
    if (isset($_COOKIE['lcm_session'])) {
        if (verifier_session($_COOKIE['lcm_session'])) {
            if ($author_session['status'] == 'admin' or $author_session['status'] == 'normal') {
                $auth_login = $author_session['username'];
                $auth_pass_ok = true;
                $auth_can_disconnect = true;
            }
        }
    } else {
        if ($_REQUEST['privet'] == 'yes') {
            // Failed login attempt: cookie failed
            $link = new Link("lcm_cookie.php?cookie_test_failed=yes");
            $clean_link->delVar('privet');
            $url = str_replace('/./', '/', $clean_link->getUrl());
            $link->addVar('var_url', $url);
            @header("Location: " . $link->getUrl());
            exit;
        }
    }
    // If not authenticated, ask for login / password
    if (!$auth_login) {
        $url = $clean_link->getUrl();
        @header("Location: lcm_login.php?var_url=" . urlencode($url));
        exit;
    }
    //
    // Search for the login in the authors' table
    //
    $auth_login = addslashes($auth_login);
    $query = "SELECT * FROM lcm_author WHERE username='******' AND status !='external' AND status !='6forum'";
    $result = @lcm_query($query);
    if ($row = lcm_fetch_array($result)) {
        $connect_id_auteur = $row['id_author'];
        $connect_nom = $row['name_first'];
        $connect_login = $row['username'];
        $connect_pass = $row['password'];
        $connect_status = $row['status'];
        $connect_activer_messagerie = "non";
        //$row["messagerie"];
        $connect_activer_imessage = "non ";
        //$row["imessage"];
        // Set the users' preferences
        $prefs = unserialize(get_magic_quotes_runtime() ? stripslashes($row['prefs']) : $row['prefs']);
        //
        // Default values for some possibly unset preferences
        //
        if (!isset($prefs['page_rows']) || intval($prefs['page_rows']) < 1) {
            $prefs['page_rows'] = 15;
        }
        if (!isset($prefs['theme']) || !$prefs['theme']) {
            $prefs['theme'] = 'green';
        }
        if (!isset($prefs['screen']) || !$prefs['screen']) {
            $prefs['screen'] = 'wide';
        }
        if (!isset($prefs['font_size']) || !$prefs['font_size']) {
            $prefs['font_size'] = 'medium_font';
        }
        if (!isset($prefs['case_owner']) || !$prefs['case_owner']) {
            $prefs['case_owner'] = 'my';
        }
        if (!isset($prefs['case_period']) || !$prefs['case_period']) {
            $prefs['case_period'] = '91';
        }
        if (!isset($prefs['mode']) || !$prefs['mode']) {
            $prefs['mode'] = 'simple';
        }
        if (!isset($prefs['time_intervals']) || !$prefs['time_intervals']) {
            $prefs['time_intervals'] = 'relative';
            $prefs['time_intervals_notation'] = 'hours_only';
        }
    } else {
        // This case is a strange possibility: the author is authentified
        // OK, but he does not exist in the authors table. Possible cause:
        // the database was restaured and the author does not exist (and
        // the user was authentified by another source, such as LDAP).
        // Note: we use to show a strange error message which would advice
        // to logout, but since it occurs only after db upgrade, just logout
        // brutally (with cookie_admin=no to forget the username).
        lcm_header('Location: lcm_cookie.php?cookie_admin=no&logout=' . $auth_login);
        exit;
    }
    if (!$auth_pass_ok) {
        @header("Location: lcm_login.php?var_erreur=pass");
        exit;
    }
    // [ML] Again, not sure how this is used, but we can ignore it for now
    // TODO (note: nouveau == new)
    if ($connect_status == 'nouveau') {
        $query = "UPDATE lcm_author SET status = 'normal' WHERE id_author = {$connect_id_auteur}";
        $result = lcm_query($query);
        $connect_status = 'normal';
    }
    // PHP sessions are started here, and stopped at logout
    session_start();
    return true;
}
Exemplo n.º 21
0
// Change password (if requested)
//
if (_session('usr_new_passwd') || !_session('username_old')) {
    change_password();
}
//
// Change username
//
if (_session('username') != _session('username_old') || !_session('username_old')) {
    change_username(_session('id_author'), _session('username_old'), _session('username'));
}
//
// Insert/update author contacts
//
include_lcm('inc_contacts');
update_contacts_request('author', _session('id_author'));
if (count($_SESSION['errors'])) {
    lcm_header("Location: edit_author.php?author=" . _session('id_author'));
    exit;
}
$dest_link = new Link('author_det.php');
$dest_link->addVar('author', _session('id_author'));
// [ML] Not used at the moment, but could be useful eventually to send user
// back to where he was (but as a choice, not automatically, see author_det.php).
if (_session('ref_edit_author')) {
    $dest_link->addVar('ref', _session('ref_edit_author'));
}
// Delete session (of form data will become ghosts)
$_SESSION['form_data'] = array();
lcm_header('Location: ' . $dest_link->getUrlForHeader());