You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
59 Temple Place, Suite 330, Boston, MA 02111-1307, USA
$Id: lcm_upgrade.php,v 1.16 2006/06/01 13:19:27 mlutfy Exp $
*/
include 'inc/inc_version.php';
include_lcm('inc_presentation');
include_lcm('inc_meta');
include_lcm('inc_auth');
global $lcm_db_version;
// Check dir permissions: if we upgrade the LCM files, the permissions
// of the directories may have changed.
// c.f. Mateusz Hołysz (1148727224.9101.18.camel@localhost.localdomain)
if (_request('dirs_ok') != 1) {
lcm_header('Location: lcm_test_dirs.php?url=' . urlencode("lcm_upgrade.php?dirs_ok=1"));
exit;
}
// Usually done in inc.php, but we cannot include it otherwise
// it will loop on "please upgrade your database".
if (!include_data_exists('inc_meta_cache')) {
write_metas();
}
$current_version = read_meta('lcm_db_version');
// Quite unlikely to happen, because it would cause warnings
// But let's be paranoid, nothing to loose..
if (!$current_version) {
lcm_log("lcm_upgrade: meta is misbehaving, searching in DB");
$query = "SELECT value FROM lcm_meta WHERE name = 'lcm_db_version'";
$result = lcm_query($query);
if ($row = lcm_fetch_array($result)) {
$_SESSION['form_data']['id_org'] = intval(_session('id_org', 0));
$ref_upd_org = 'edit_org.php?org=' . _session('id_org');
if ($_SERVER['HTTP_REFERER']) {
$ref_upd_org = $_SERVER['HTTP_REFERER'];
}
//
// Update data
//
$obj_org = new LcmOrg(_session('id_org'));
$errs = $obj_org->save();
if (count($errs)) {
$_SESSION['errors'] = array_merge($_SESSION['errors'], $errs);
lcm_header("Location: " . $ref_upd_org);
exit;
}
//
// Attach to case
//
if (_session('attach_case')) {
lcm_query("INSERT INTO lcm_case_client_org\n\t\t\t\tSET id_case = " . _session('attach_case') . ",\n\t\t\t\t\tid_org = " . $obj_org->getDataInt('id_org'));
}
//
// Go to the 'view details' page of the organisation
//
// small reminder, if the client was created from the "add client to case" (Case details)
$attach = "";
if (_session('attach_case')) {
$attach = "&attach_case=" . _session('attach_case');
}
lcm_header('Location: org_det.php?org=' . $obj_org->getDataInt('id_org', '__ASSERT__') . $attach);
if (include_custom_report_exists(_request('filecustom'))) {
include_custom_report(_request('filecustom'));
$obj = new CustomReportSpecs();
$do_update = false;
$query = "UPDATE lcm_report SET ";
if ($info = $obj->getReportLine()) {
$query .= "line_src_type = '" . $info['type'] . "',\n\t\t\t\t\t\tline_src_name = '" . $info['name'] . "'";
$do_update = true;
}
if ($info = $obj->getReportCol()) {
if ($do_update) {
$query .= ", ";
}
$query .= " col_src_type = '" . $info['type'] . "'";
// Ignore if name not set, or name restricts the choice (ex: keyword that applies to 'case')
if (!$info['name'] || substr($info['name'], 0, 4) == 'FOR:') {
$query .= ", col_src_name = '' ";
} else {
$query .= ", col_src_name = '" . $info['name'] . "' ";
}
$do_update = true;
}
if ($do_update) {
lcm_query($query);
}
} else {
$_SESSION['errors']['filecustom'] = "Custom report file does not exist: " . htmlspecialchars(_request('filecustom'));
}
}
lcm_header("Location: rep_det.php?rep=" . $rep . $ref_tag);
lcm_query($q);
}
} else {
lcm_panic("Query returned no results.");
}
///////////////////////////////////////////////////////////////////////
// Consequent appointment information update
///////////////////////////////////////////////////////////////////////
if (isset($_SESSION['form_data']['add_appointment'])) {
// No errors, proceed with database update
$fl = "\ttype\t\t= '" . clean_input($_SESSION['form_data']['app_type']) . "',\n\t\ttitle\t\t= '" . clean_input($_SESSION['form_data']['app_title']) . "',\n\t\tdescription\t= '" . clean_input($_SESSION['form_data']['app_description']) . "',\n\t\tstart_time\t= '" . $_SESSION['form_data']['app_start_time'] . "',\n\t\tend_time\t= '" . $_SESSION['form_data']['app_end_time'] . "',\n\t\treminder\t= '" . $_SESSION['form_data']['app_reminder'] . "'\n\t\t";
// Add the new appointment
$q = "INSERT INTO lcm_app SET ";
// Add case ID
$q .= 'id_case = ' . $_SESSION['form_data']['id_case'] . ',';
// Add ID of the creator
$q .= 'id_author = ' . $GLOBALS['author_session']['id_author'] . ',';
// Add the rest of the fields
$q .= "{$fl}, date_creation = NOW()";
$result = lcm_query($q);
// Get new appointment's ID
$id_app = lcm_insert_id('lcm_app', 'id_app');
$_SESSION['form_data']['id_app'] = $id_app;
// Add relationship with the creator
lcm_query("INSERT INTO lcm_author_app SET id_app={$id_app},id_author=" . $GLOBALS['author_session']['id_author']);
// Add followup relation
lcm_query("INSERT INTO lcm_app_fu SET id_app={$id_app},id_followup={$id_followup},relation='parent'");
}
// Send user back to add/edit page's referer or (default) to followup detail page
lcm_header('Location: fu_det.php?followup=' . $id_followup);
exit;
@chmod($my_dir, 0700);
}
// I doubt this will work, if above failed, but try anyway
if (!test_write($my_dir)) {
@chmod($my_dir, 0770);
}
if (!test_write($my_dir)) {
@chmod($my_dir, 0777);
}
if (!test_write($my_dir)) {
array_push($bad_dirs, "<li>" . $my_dir . "</li>\n");
}
} else {
array_push($absent_dirs, "<li>" . $my_dir . "</li>\n");
}
}
if (!empty($bad_dirs)) {
$bad_dirs = join(" ", $bad_dirs);
bad_dirs($bad_dirs, $test_dir, $install);
} else {
if (!empty($absent_dirs)) {
$absent_dirs = join(" ", $absent_dirs);
absent_dirs($absent_dirs, $test_dir);
} else {
if ($install) {
lcm_header("Location: install.php?step=1");
} else {
lcm_header("Location: " . $dest_url);
}
}
}
$rep = intval(_request('rep', 0));
if (!$rep) {
lcm_header('Location: listreps.php');
exit;
}
//
// Show title and description of the report
//
$q = "SELECT *\n\t\tFROM lcm_report\n\t\tWHERE id_report = " . $rep;
$result = lcm_query($q);
if (!($rep_info = lcm_fetch_array($result))) {
lcm_panic("Report # " . $rep . " doest not exist.");
}
if (!$rep_info['line_src_name'] && !$rep_info['filecustom']) {
$_SESSION['errors']['rep_line'] = _T('rep_warning_atleastlineinfo');
lcm_header('Location: rep_det.php?rep=' . $rep);
exit;
}
if ($rep_info['filecustom']) {
include_custom_report($rep_info['filecustom']);
$report = new CustomReportGen(intval(_request('rep')), _request('export', 'html'), _request('debug'));
} else {
$report = new LcmReportGenUI(intval(_request('rep')), _request('export', 'html'), _request('debug'));
}
$report->printStartDoc($rep_info['title'], $rep_info['description'], 'report_intro');
if ($rep_info['line_src_type'] == 'table') {
$my_line_table = "lcm_" . $rep_info['line_src_name'];
} else {
$my_line_table = $rep_info['line_src_name'];
}
//
$ret['html'] .= "</p>\n";
$ret['html'] .= "</form>\n";
return $ret;
}
global $prefs;
global $author_session;
$author = intval(_request('author'));
if (!($author > 0)) {
lcm_header("Location: listauthors.php");
exit;
}
// Get author data
$q = "SELECT *\n\t\tFROM lcm_author\n\t\tWHERE id_author = {$author}";
$result = lcm_query($q);
if (!($author_data = lcm_fetch_array($result))) {
lcm_header("Location: listauthors.php");
exit;
}
$fullname = get_person_name($author_data);
lcm_page_start(_T('title_author_view') . ' ' . $fullname, '', '', 'authors_intro');
// Show tabs
if ($author == $author_session['id_author'] || $author_session['status'] == 'admin') {
$groups = array('general' => array('name' => _T('generic_tab_general'), 'tooltip' => _T('generic_subtitle_general', array('author' => $fullname))), 'cases' => array('name' => _T('generic_tab_cases'), 'tooltip' => _T('author_subtitle_cases', array('author' => $fullname))), 'followups' => array('name' => _T('generic_tab_followups'), 'tooltip' => _T('author_subtitle_followups', array('author' => $fullname))), 'appointments' => array('name' => _T('generic_tab_agenda'), 'tooltip' => _T('author_subtitle_appointments', array('author' => $fullname))), 'times' => array('name' => _T('generic_tab_reports'), 'tooltip' => _T('author_subtitle_reports', array('author' => $fullname))), 'attachments' => array('name' => _T('generic_tab_documents'), 'tooltip' => _T('author_subtitle_attachments', array('author' => $fullname))));
} else {
$groups = array('general' => array('name' => _T('generic_tab_general'), 'tooltip' => _T('generic_subtitle_general', array('author' => $fullname))), 'cases' => array('name' => _T('generic_tab_cases'), 'tooltip' => _T('author_subtitle_cases', array('author' => $fullname))));
}
$tab = isset($_GET['tab']) ? $_GET['tab'] : 'general';
// [ML] $_SERVER['REQUEST_URI']);
// [ML] Forcing 'author_det.php' else some vars really get carried for nothing (see fu tab + dates)
show_tabs($groups, $tab, "author_det.php?author={$author}");
echo '<fieldset class="info_box">';
}
$_SESSION['errors'] = array();
if (isset($_POST['rem_file']) && is_array($_POST['rem_file']) && count($_POST['rem_file']) > 0) {
$rem_files = join(',', $_POST['rem_file']);
$result = lcm_query("UPDATE lcm_{$type}_attachment\n\t\t\t\tSET date_removed=NOW(),content=NULL\n\t\t\t\tWHERE id_{$type}={$id_type}\n\t\t\t\tAND id_attachment IN ({$rem_files})");
}
if (strlen($_FILES['filename']['name']) > 0) {
$_SESSION['user_file'] = $_FILES['filename'];
$_SESSION['user_file']['description'] = _request('description');
$filename = $_SESSION['user_file']['tmp_name'];
if (is_uploaded_file($filename) && $_SESSION['user_file']['size'] > 0) {
$file = fopen($filename, "r");
$file_contents = fread($file, filesize($filename));
$file_contents = addslashes($file_contents);
$q = "INSERT INTO lcm_{$type}_attachment\n\t\t\tSET\tid_{$type}={$id_type},\n\t\t\t\tid_author=" . $GLOBALS['author_session']['id_author'] . ",\n\t\t\t\tfilename='" . $_SESSION['user_file']['name'] . "',\n\t\t\t\ttype='" . $_SESSION['user_file']['type'] . "',\n\t\t\t\tsize=" . $_SESSION['user_file']['size'] . ",\n\t\t\t\tdescription='" . $_SESSION['user_file']['description'] . "',\n\t\t\t\tcontent='{$file_contents}',\n\t\t\t\tdate_attached=NOW()\n\t\t\t";
$result = lcm_query($q);
$user_file = array();
} else {
// Handle errors
if ($_SESSION['user_file']['error'] > 0) {
$cause = array(UPLOAD_ERR_OK => 'The file was uploaded successfully!', UPLOAD_ERR_INI_SIZE => 'The file size exceeds the "upload_max_filesize" directive in php.ini.', UPLOAD_ERR_FORM_SIZE => 'The file size exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.', UPLOAD_ERR_PARTIAL => 'The file was uploaded only partially.', UPLOAD_ERR_NO_FILE => 'No file was uploaded!', UPLOAD_ERR_NO_TMP_DIR => 'Missing a temporary folder.');
// TRAD
$_SESSION['errors']['file'] = $cause[$_SESSION['user_file']['error']];
} else {
$_SESSION['errors']['file'] = 'Empty file or access denied!';
// TRAD
}
}
}
lcm_header("Location: " . $_SERVER['HTTP_REFERER']);
}
}
}
// Add organisation to case
if (isset($_REQUEST['orgs'])) {
foreach ($_REQUEST['orgs'] as $key => $value) {
$orgs[$key] = intval($value);
}
if ($orgs) {
foreach ($orgs as $org) {
$q = "INSERT INTO lcm_case_client_org\n\t\t\t\t\tSET id_case = {$case},\n\t\t\t\t\t\tid_org = {$org}";
lcm_query($q);
}
}
}
// Remove client from case
if (isset($_REQUEST['id_del_client'])) {
foreach ($_REQUEST['id_del_client'] as $id_client) {
$q = "DELETE FROM lcm_case_client_org\n\t\t\tWHERE id_case = {$case}\n\t\t\tAND id_client = {$id_client}";
$result = lcm_query($q);
}
}
// Remove organisation from case
if (isset($_REQUEST['id_del_org'])) {
foreach ($_REQUEST['id_del_org'] as $id_org) {
$q = "DELETE FROM lcm_case_client_org\n\t\t\tWHERE id_case = {$case}\n\t\t\tAND id_org = {$id_org}";
$result = lcm_query($q);
}
}
lcm_header("Location: " . $destination . "#clients");
function show_login($cible, $prive = 'prive', $message_login = '')
{
$error = '';
$login = _request('var_login');
$logout = _request('var_logout');
// If the cookie fails, inc_auth tried to redirect to lcm_cookie who
// then tried to put a cookie. If it is not there, it is "cookie failed"
// who is there, and it's probably a bookmark on privet=yes and not
// a cookie failure.
$cookie_failed = "";
if (_request('var_cookie_failed')) {
$cookie_failed = $_COOKIE['lcm_session'] != 'cookie_test_failed';
}
global $author_session;
global $lcm_session;
global $clean_link;
if (!$cible) {
// cible = destination
$cible = new Link(_request('var_url', 'index.php'));
}
$cible->delVar('var_erreur');
$cible->delVar('var_url');
$cible->delVar('var_cookie_failed');
$clean_link->delVar('var_erreur');
$clean_link->delVar('var_login');
$clean_link->delVar('var_cookie_failed');
$url = $cible->getUrl();
// This populates the $author_session variable
include_lcm('inc_session');
verifier_visiteur();
if ($author_session and !$logout and ($author_session['status'] == 'admin' or $author_session['status'] == 'normal')) {
if ($url != $GLOBALS['clean_link']->getUrl()) {
lcm_header("Location: " . $cible->getUrlForHeader());
}
// [ML] This is making problems for no reason, we use login only
// for one mecanism (entering the system).
// echo "<a href='$url'>"._T('login_this_way')."</a>\n";
echo "<a class='content_link' href='index.php'>" . _T('login_this_way') . "</a>\n";
return;
}
if (_request('var_erreur') == 'pass') {
$error = _T('login_password_incorrect');
}
// The login is memorized in the cookie for a possible future admin login
if (!$login && isset($_COOKIE['lcm_admin'])) {
if (preg_match("/^@(.*)\$/", $_COOKIE['lcm_admin'], $regs)) {
$login = $regs[1];
}
} else {
if ($login == '-1') {
$login = '';
}
}
// other sources for authentication
$flag_autres_sources = isset($GLOBALS['ldap_present']) ? $GLOBALS['ldap_present'] : '';
// What informations to pass?
if ($login) {
$status_login = 0;
// unknown status
$login = clean_input($login);
$query = "SELECT id_author, status, password, prefs, alea_actuel, alea_futur \n\t\t\t\t\tFROM lcm_author \n\t\t\t\t\tWHERE username='******'";
$result = lcm_query($query);
if ($row = lcm_fetch_array($result)) {
if ($row['status'] == 'trash' or $row['password'] == '') {
$status_login = -1;
// deny
} else {
$status_login = 1;
// known login
// Which infos to pass for the javascript ?
$id_author = $row['id_author'];
$alea_actuel = $row['alea_actuel'];
// for MD5
$alea_futur = $row['alea_futur'];
// Button for lenght of connection
if ($row['prefs']) {
$prefs = unserialize($row['prefs']);
$rester_checked = $prefs['cnx'] == 'perma' ? ' checked=\'checked\'' : '';
}
}
}
// Unknown login (except LDAP) or refused
if ($status_login == -1 or $status_login == 0 and !$flag_autres_sources) {
$error = _T('login_identifier_unknown', array('login' => htmlspecialchars(clean_output($login))));
$login = '';
// [ML] Not sure why this was here, but headers are already sent
// therefore it causes an error message (which is not shown, but
// might make a mess, knowing how PHP runs differently everywhere..)
// @lcm_setcookie('lcm_admin', '', time() - 3600);
}
}
// Javascript for the focus
if ($login) {
$js_focus = 'document.form_login.session_password.focus();';
} else {
$js_focus = 'document.form_login.var_login.focus();';
}
// [ML] we should probably add a help link here, since tech, but let's see
// how many users complain first, since this should affect only tech users
if ($cookie_failed == "yes") {
$error = _T('login_warning_cookie');
}
echo open_login();
// [ML] Looks like there is no reason why to use $clean_link (defined in inc_version.php)
// It would cause very strange bugs when the "feed_globals()" were removed from inc_version
// and in the end, well, it looks rather useless.
//
// Strange bugs were caused because $action would be "./" and therefore it
// would call index.php -> listcases.php -> includes inc_auth.php who then
// calls auth(), who redirects to the login page.
$action = $clean_link->getUrl();
// $action = "lcm_login.php";
if ($login) {
// Shows the login form, including the MD5 javascript
$flag_challenge_md5 = true;
if ($flag_challenge_md5) {
echo '<script type="text/javascript" src="inc/md5.js"></script>';
}
echo "\n";
echo '<form name="form_login" action="lcm_cookie.php" method="post"';
if ($flag_challenge_md5) {
echo " onsubmit='if (this.session_password.value) {\n\t\t\t\tthis.session_password_md5.value = calcMD5(\"{$alea_actuel}\" + this.session_password.value);\n\t\t\t\tthis.next_session_password_md5.value = calcMD5(\"{$alea_futur}\" + this.session_password.value);\n\t\t\t\tthis.session_password.value = \"\"; }'";
}
echo ">\n";
echo "<div class='main_login_box' style='text-align:" . $GLOBALS["lcm_lang_left"] . ";'>\n";
if ($error) {
echo "<div style='color:red;'><b>" . _T('login_access_denied') . " {$error}</b></div><br />\n";
}
if ($flag_challenge_md5) {
// This is printed with javascript so that it is hidden from navigators not
// using JS, since they will see the username field anyway.
echo "<script type=\"text/javascript\"><!--\n" . "document.write('" . addslashes(_T('login_login')) . " <b>{$login}</b><br/>" . "<font size=\\'2\\'><a href=\\'lcm_cookie.php?cookie_admin=no&url=" . rawurlencode($action) . "\\' class=\\'link_btn\\'>" . _T('login_other_identifier') . "</a></font>');\n" . "//--></script>\n";
// If javascript is active, we pass the login in the hidden field
echo "<input type='hidden' name='session_login_hidden' value='{$login}' />";
// If javascript is not active, the login is still modifiable
// (since the challenge is not used)
echo "<noscript>";
}
echo "\t<label for='session_login'><b>" . _T('login_login') . "</b> (" . _T('login_info_login') . ")<br /></label>";
echo "\t<input type='text' name='session_login' id='session_login' class='forml' value=\"{$login}\" size='40' />\n";
if ($flag_challenge_md5) {
echo "</noscript>\n";
}
echo "\t<p />\n";
echo "\t<label for='session_password'><b>" . _T('login_password') . "</b><br /></label>";
echo "\t<input type='password' name='session_password' id='session_password' class='forml' value=\"\" size='40' />\n";
echo "\t<input type='hidden' name='essai_login' value='oui' />\n";
echo "\t<br /> <input type='checkbox' name='session_remember' value='yes' id='session_remember'{$rester_checked} /> ";
echo "\t<label for='session_remember'>" . _T('login_remain_logged_on') . "</label>";
echo "\t<input type='hidden' name='url' value='{$url}' />\n";
echo "\t<input type='hidden' name='session_password_md5' value='' />\n";
echo "\t<input type='hidden' name='next_session_password_md5' value='' />\n";
echo "<div align='right'><input class='button_login' type='submit' value='" . _T('button_validate') . "' /></div>\n";
echo "</div>";
echo "</form>";
} else {
// Ask only for the login/username
$action = quote_amp($action);
echo "<form name='form_login' action='{$action}' method='post'>\n";
echo "<div class='main_login_box' style='text-align:" . $GLOBALS["lcm_lang_left"] . ";'>";
if ($error) {
echo "<span style='color:red;'><b>" . _T('login_access_denied') . " {$error}</b></span><p />";
}
echo "<label><b>" . _T('login_login') . '</b> (' . _T('login_info_login') . ')' . "<br /></label>";
echo "<input type='text' name='var_login' class='forml' value=\"\" size='40' />\n";
echo "<input type='hidden' name='var_url' value='{$url}' />\n";
echo "<div align='right'><input class='button_login' type='submit' value='" . _T('button_validate') . "' /></div>\n";
echo "</div>";
echo "</form>";
}
// Focus management
echo "<script type=\"text/javascript\"><!--\n" . $js_focus . "\n//--></script>\n";
// Start the login footer
echo "<div align='left' style='font-size: 12px;' >";
echo "<div class='lang_combo_box'>" . menu_languages() . "</div>\n";
// button for "forgotten password"
include_lcm('inc_mail');
if (server_can_send_email()) {
echo '<a href="lcm_pass.php?pass_forgotten=yes" target="lcm_pass" onclick="' . "javascript:window.open(this.href, 'lcm_pass', 'scrollbars=yes, resizable=yes, width=640, height=280'); return false;\" class=\"link_btn\">" . _T('login_password_forgotten') . '</a>';
}
$register_popup = 'href="lcm_pass.php?register=yes" target="lcm_pass" ' . ' onclick="' . "javascript:window.open('lcm_pass.php?register=yes', 'lcm_pass', 'scrollbars=yes, resizable=yes, width=640, height=500'); return false;\"";
$open_subscription = read_meta("site_open_subscription");
if ($open_subscription == 'yes' || $open_subscription == 'moderated') {
echo " <a {$register_popup} class=\"link_btn\">" . _T('login_register') . '</a>';
}
echo "</div>\n";
echo close_login();
}
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
59 Temple Place, Suite 330, Boston, MA 02111-1307, USA
$Id: client_det.php,v 1.56 2007/01/12 17:37:04 mlutfy Exp $
*/
include 'inc/inc.php';
include_lcm('inc_contacts');
include_lcm('inc_obj_client');
$client = intval(_request('client'));
if (!($client > 0)) {
lcm_header("Location: listclients.php");
exit;
}
$q = "SELECT *\n\t\tFROM lcm_client as c\n\t\tWHERE c.id_client = {$client}";
$result = lcm_query($q);
if (!($row = lcm_fetch_array($result))) {
die("ERROR: There is no such client in the database.");
}
lcm_page_start(_T('title_client_view') . ' ' . get_person_name($row), '', '', 'clients_intro');
/* Saved for future use
// Check for access rights
if (!($row['public'] || allowed($client,'r'))) {
die("You don't have permission to view this client details!");
}
$edit = allowed($client,'w');
*/
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
59 Temple Place, Suite 330, Boston, MA 02111-1307, USA
$Id: org_det.php,v 1.36 2007/01/12 17:36:15 mlutfy Exp $
*/
include 'inc/inc.php';
include_lcm('inc_acc');
include_lcm('inc_contacts');
include_lcm('inc_obj_org');
$org = intval(_request('org'));
if (!($org > 0)) {
lcm_header("Location: listorgs.php");
exit;
}
$q = "SELECT *\n\t\tFROM lcm_org\n\t\tWHERE id_org = {$org}";
$result = lcm_query($q);
if (!($row = lcm_fetch_array($result))) {
die("ERROR: There is no such organisation in the database.");
}
lcm_page_start(_T('title_org_view') . ' ' . $row['name'], '', '', 'clients_intro');
//
// Access control
//
$ac = get_ac_org($org);
if (!$ac['r']) {
die("Access denied");
}
function update_keyword($id_keyword)
{
$kw_title = _request('kw_title');
$kw_name = _request('kw_name');
// only for new keyword
$kw_desc = _request('kw_desc');
$kw_ac_author = _request('kw_ac_author');
// show/hide keyword
$kw_hasvalue = _request('kw_hasvalue');
// show field to enter text value
$kw_idgroup = intval(_request('id_group'));
//
// Check for errors
//
if (!$id_keyword) {
// new keyword
global $system_kwg;
if (!$kw_idgroup) {
lcm_panic("update_keyword: missing or badly formatted id_keyword or id_group");
}
$kwg_info = get_kwg_from_id($kw_idgroup);
if (!$kw_name) {
$_SESSION['errors']['name'] = _Ti('keywords_input_name') . _T('warning_field_mandatory');
}
if (isset($system_kwg[$kwg_info['name']]['keywords'][$kw_name])) {
// XXX [ML] what about user keywords?
$_SESSION['errors']['name'] = _Ti('keywords_input_name') . _T('keywords_warning_kw_code_exists');
}
}
if (!$kw_title) {
$_SESSION['errors']['title'] = _Ti('keywords_input_name') . _T('warning_field_mandatory');
}
if (count($_SESSION['errors'])) {
lcm_header("Location: " . $_SERVER['HTTP_REFERER']);
exit;
}
//
// Apply to database
//
$fl = "description = '{$kw_desc}',\n\t\t\ttitle = '{$kw_title}' ";
if ($kw_ac_author == 'Y' || $kw_ac_author == 'N') {
$fl .= ", ac_author = '{$kw_ac_author}'";
}
if ($kw_hasvalue == 'Y' || $kw_hasvalue == 'N') {
$query .= ", hasvalue = '{$kw_hasvalue}'";
}
if (!$id_keyword) {
// new
$query = "INSERT INTO lcm_keyword\n\t\t\t\tSET id_group = {$kw_idgroup}, \n\t\t\t\t\tname = '{$kw_name}',\n\t\t\t\t\t{$fl} ";
lcm_query($query);
$id_keyword = lcm_insert_id('lcm_keyword', 'id_keyword');
$kw_info = get_kw_from_id($id_keyword);
// for redirection later
} else {
// Get current info about keyword (don't trust the user)
$kw_info = get_kw_from_id($id_keyword);
$query = "UPDATE lcm_keyword\n\t\t\t\t\tSET {$fl}\n\t\t\t\t\tWHERE id_keyword = " . $id_keyword;
lcm_query($query);
}
write_metas();
// update inc_meta_cache.php
$tab = $kw_info['type'] == 'system' ? 'system' : 'user';
lcm_header("Location: keywords.php?tab=" . $tab . "#" . $kw_info['kwg_name']);
exit;
}
$obj_client = new LcmClient(_session('id_client'));
$errs = $obj_client->save();
if (count($errs)) {
$_SESSION['errors'] = array_merge($_SESSION['errors'], $errs);
lcm_header("Location: " . $ref_upd_client);
exit;
}
//
// Attach to case
//
if (_session('attach_case')) {
lcm_query("INSERT INTO lcm_case_client_org\n\t\t\t\tSET id_case = " . _session('attach_case') . ",\n\t\t\t\t\tid_client = " . $obj_client->getDataInt('id_client'));
}
//
// Add organisation
// [ML] 2007-01-11: not clear what this does. probably w.r.t "client represents orgs".
//
if (_session('new_org')) {
$q = "REPLACE INTO lcm_client_org\n\t\tVALUES (" . _session('id_client') . ',' . _session('new_org') . ")";
$result = lcm_query($q);
}
//
// Go to the 'view details' page of the author
//
// small reminder, if the client was created from the "add client to case" (Case details)
$attach = "";
if (_session('attach_case')) {
$attach = "&attach_case=" . _session('attach_case');
}
lcm_header('Location: client_det.php?client=' . $obj_client->getDataInt('id_client', '__ASSERT__') . $attach);
//
// Create or update case data
//
$case = new LcmCase($id_case);
$errs = $case->save();
if (count($errs)) {
$_SESSION['errors'] = array_merge($_SESSION['errors'], $errs);
lcm_header("Location: " . $_SERVER['HTTP_REFERER']);
exit;
}
//
// Create follow-up data
//
if (_request('add_fu')) {
include_lcm('inc_obj_fu');
$fu = new LcmFollowup(0, $case->getDataInt('id_case'));
$errs = $fu->save();
if (count($errs)) {
$_SESSION['errors'] = array_merge($_SESSION['errors'], $errs);
lcm_header("Location: " . $_SERVER['HTTP_REFERER']);
exit;
}
}
$send_to = _request('ref_edit_case', "case_det.php?case=" . $case->getDataInt('id_case'));
// Send to add_client if any client/org to attach
if (_session('attach_client') || _session('attach_org')) {
lcm_header("Location: add_client.php?case=" . $case->getDataInt('id_case') . (_session('attach_client') ? "&clients[]=" . _session('attach_client') : '') . (_session('attach_org') ? "&orgs[]=" . _session('attach_org') : '') . "&ref_sel_client=" . rawurlencode($send_to));
exit;
}
lcm_header("Location: " . $send_to);
$id_expense = _request('id_expense', 0);
$id_comment = _request('id_comment', 0);
$edit_comment = _request('edit_comment', 0);
$ref_url = "edit_exp.php?expense={$id_expense}&edit_comment={$edit_comment}&c={$id_comment}";
if ($_SERVER['HTTP_REFERER']) {
$ref_url = $_SERVER['HTTP_REFERER'];
}
//
// Update data
//
if ($id_comment || $edit_comment) {
$obj = new LcmExpenseComment($id_expense, $id_comment);
$errs = $obj->save($true);
if (!count($errs) && _request('new_exp_status')) {
$obj = new LcmExpense($id_expense);
$errs = $obj->setStatus(_request('new_exp_status'));
}
} else {
$obj = new LcmExpense($id_expense);
$errs = $obj->save();
}
if (count($errs)) {
$_SESSION['errors'] = array_merge($_SESSION['errors'], $errs);
lcm_header("Location: " . $ref_url);
exit;
}
//
// Go to the 'view details' page
//
lcm_header('Location: exp_det.php?expense=' . $obj->getDataInt('id_expense', '__ASSERT__'));
// Check access rights
// if (!allowed($id_report,'e')) die("You don't have permission to change this case's information!");
// If admin access is allowed, set all fields
if (true) {
$q = "UPDATE lcm_report SET {$fl} WHERE id_report = " . _session('id_report');
} else {
$q = "UPDATE lcm_report SET {$fl} WHERE id_report = " . _session('id_report');
}
lcm_query($q);
} else {
$q = "INSERT INTO lcm_report\n\t\t\tSET date_creation=NOW(),\n\t\t\t\tline_src_type = '',\n\t\t\t\tline_src_name = '',\n\t\t\t\tcol_src_type = '',\n\t\t\t\tcol_src_name = '',\n\t\t\t\tfilecustom = '',\n\t\t\t\t{$fl}";
$result = lcm_query($q);
$_SESSION['form_data']['id_report'] = lcm_insert_id('lcm_report', 'id_report');
// Insert new case_author relation
//$q = "INSERT INTO lcm_case_author SET
// id_case=$id_case,
// id_author=$id_author,
// ac_read=1,
// ac_write=1,
// ac_admin=1";
}
// Some advanced ideas for future use
//$q="INSERT INTO lcm_case SET id_case=$id_case,$fl ON DUPLICATE KEY UPDATE $fl";
//$q="INSERT INTO lcm_case $cl VALUES $vl ON DUPLICATE KEY UPDATE $fl";
// $result = lcm_query($q);
// Forward to upd_rep_field.php if custom_report
if (_session('filecustom')) {
lcm_header("Location: upd_rep_field.php?" . "rep=" . _session('id_report') . "&filecustom=" . _session('filecustom'));
} else {
lcm_header("Location: rep_det.php?rep=" . _session('id_report'));
}
$params[$k] = $k . '=' . urlencode($v);
}
lcm_header('Location: edit_app.php?' . join('&', $params));
exit;
}
// Send user back to add/edit page's referer or (default) to appointment detail page
switch (_session('submit')) {
case 'add_author':
case 'add_client':
// Go back to edit the same appointment. Save the original referer
lcm_header('Location: ' . $_SERVER['HTTP_REFERER']);
break;
case 'add':
// Go back to the edit page's referer
unset($_SESSION['errors']);
lcm_header('Location: ' . _session('ref_edit_app', "app_det.php?app={$id_app}"));
break;
case 'addnew':
// Open new appointment. Save the original referer
unset($_SESSION['errors']);
lcm_header('Location: edit_app.php?app=0&ref=' . _session('ref_edit_app', "app_det.php?app={$id_app}"));
break;
case 'adddet':
case 'submit':
default:
// Go to appointment details
unset($_SESSION['errors']);
lcm_header("Location: app_det.php?app={$id_app}");
}
exit;
}
function send_registration_by_email()
{
global $lcm_lang_left;
$_SESSION['form_data'] = array();
$_SESSION['errors'] = array();
$kwg_email = get_kwg_from_name('+email_main');
$form_items = array('name_first' => 'person_input_name_first', 'name_last' => 'person_input_name_last', 'email' => 'input_email', 'username' => 'authoredit_input_username');
foreach ($form_items as $field => $trad) {
$_SESSION['form_data'][$field] = _request($field);
if (!_session($field)) {
$_SESSION['errors'][$field] = _Ti($trad) . _T('warning_field_mandatory');
}
}
if (count($_SESSION['errors'])) {
lcm_header("Location: lcm_pass.php?register=yes");
exit;
}
install_html_start(_T('pass_title_register'), 'login');
// There is a risk that an author changes his e-mail after his account
// is created, to the e-mail of another person, and therefore block the
// other person from registering. But then.. this would allow the other
// person to hijack the account, so it would be a stupid DoS.
$query = "SELECT id_of_person, status FROM lcm_contact as c, lcm_author as a\n\t\tWHERE c.id_of_person = a.id_author\n\t\tAND value = '" . _session('email') . "'\n\t\tAND type_person = 'author'\n\t\tAND type_contact = " . $kwg_email['id_group'];
$result = lcm_query($query);
// Test if the user already exists
if ($row = lcm_fetch_array($result)) {
$id_author = $row['id_of_person'];
$status = $row['status'];
// TODO: if status = 'pending for validation by admin', show message
if ($status == 'trash') {
echo "<br />\n";
echo "<div class='box_error'>" . _T('pass_registration_denied') . "</div>\n";
} else {
echo "<br />\n";
echo "<div class=\"box_error\" align=\"{$lcm_lang_left}\">" . _T('pass_warning_already_registered') . "</div>\n";
return;
}
}
//
// Send identifiers by e-mail
//
include_lcm('inc_access');
include_lcm('inc_mail');
$username = get_unique_username(_session('username'));
$pass = create_random_password(8, $username);
$mdpass = md5($pass);
$open_subscription = read_meta("site_open_subscription");
if (!($open_subscription == 'yes' || $open_subscription == 'moderated')) {
lcm_panic("Subscriptions not permitted.");
}
$status = 'waiting';
if ($open_subscription == 'yes') {
$status = 'normal';
}
lcm_query("INSERT INTO lcm_author (name_first, name_last, username, password, status, date_creation, date_update) " . "VALUES ('" . _session('name_first') . "', '" . _session('name_last') . "', '{$username}', '{$mdpass}', 'normal', NOW(), NOW())");
$id_author = lcm_insert_id('lcm_author', 'id_author');
// Add e-mail to lcm_contact
lcm_query("INSERT INTO lcm_contact (type_person, type_contact, id_of_person, value)\n\t\t\tVALUES ('author', " . $kwg_email['id_group'] . ", {$id_author}, '" . _session('email') . "')");
// Prepare the e-mail to send to the user
$site_name = _T(read_meta('site_name'));
$site_address = read_meta('site_address');
$message = _T('info_greetings') . ",\n\n";
$message .= _T('pass_info_here_info', array('site_name' => $site_name, 'site_address' => $site_address)) . "\n\n";
$message .= "- " . _Ti('login_login') . " {$username}\n";
$message .= "- " . _Ti('login_password') . " {$pass}\n\n";
if ($open_subscription == 'moderated') {
$message .= _T('pass_info_moderated') . "\n\n";
}
$message .= _T('pass_info_automated_msg') . "\n\n";
if (send_email(_session('email'), "[{$site_name}] " . _T('pass_title_personal_identifier'), $message)) {
echo "<p>" . _T('pass_info_identifier_mail') . "</p>\n";
} else {
$email_admin = read_meta('email_sysadmin');
echo "<div class=\"box_error\"><p>" . _T('pass_warning_mail_failure', array('email_admin' => $email_admin)) . "</p></div>\n";
}
// If moderated, send copy to site admin
if ($open_subscription == 'moderated') {
$email_admin = read_meta('email_sysadmin');
send_email($email_admin, "[{$site_name}] " . _T('pass_title_personal_identifier'), $message);
}
}
function auth()
{
global $INSECURE, $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_COOKIE_VARS, $REMOTE_USER, $PHP_AUTH_USER, $PHP_AUTH_PW;
global $auth_can_disconnect;
global $connect_id_auteur, $connect_nom, $connect_bio, $connect_email;
global $connect_nom_site, $connect_url_site, $connect_login, $connect_pass;
global $connect_activer_imessage, $connect_activer_messagerie;
global $connect_status;
global $author_session, $prefs;
global $clean_link;
// This reloads $GLOBALS['db_ok'], just in case
include_config('inc_connect');
// If there is not SQL connection, quit.
if (!$GLOBALS['db_ok']) {
include_lcm('inc_presentation');
lcm_html_start("Technical problem", "install");
// annoy sql_errno()
echo "\n<!-- \n";
echo "\t* Flag connect: " . $GLOBALS['flag_connect'] . "\n\t";
lcm_query("SELECT count(*) from lcm_meta");
echo "\n-->\n\n";
echo "<div align='left' style='width: 600px;' class='box_error'>\n";
echo "\t<h3>" . _T('title_technical_problem') . "</h3>\n";
echo "\t<p>" . _T('info_technical_problem_database') . "</p>\n";
if (lcm_sql_errno()) {
echo "\t<p><tt>" . lcm_sql_errno() . " " . lcm_sql_error() . "</tt></p>\n";
} else {
echo "\t<p><tt>No error diagnostic was provided.</tt></p>\n";
}
echo "</div>\n";
lcm_html_end();
return false;
}
// Initialise variables (avoid URL hacks)
$auth_login = "";
$auth_pass = "";
$auth_pass_ok = false;
$auth_can_disconnect = false;
// Fetch identification data from authentication session
if (isset($_COOKIE['lcm_session'])) {
if (verifier_session($_COOKIE['lcm_session'])) {
if ($author_session['status'] == 'admin' or $author_session['status'] == 'normal') {
$auth_login = $author_session['username'];
$auth_pass_ok = true;
$auth_can_disconnect = true;
}
}
} else {
if ($_REQUEST['privet'] == 'yes') {
// Failed login attempt: cookie failed
$link = new Link("lcm_cookie.php?cookie_test_failed=yes");
$clean_link->delVar('privet');
$url = str_replace('/./', '/', $clean_link->getUrl());
$link->addVar('var_url', $url);
@header("Location: " . $link->getUrl());
exit;
}
}
// If not authenticated, ask for login / password
if (!$auth_login) {
$url = $clean_link->getUrl();
@header("Location: lcm_login.php?var_url=" . urlencode($url));
exit;
}
//
// Search for the login in the authors' table
//
$auth_login = addslashes($auth_login);
$query = "SELECT * FROM lcm_author WHERE username='******' AND status !='external' AND status !='6forum'";
$result = @lcm_query($query);
if ($row = lcm_fetch_array($result)) {
$connect_id_auteur = $row['id_author'];
$connect_nom = $row['name_first'];
$connect_login = $row['username'];
$connect_pass = $row['password'];
$connect_status = $row['status'];
$connect_activer_messagerie = "non";
//$row["messagerie"];
$connect_activer_imessage = "non ";
//$row["imessage"];
// Set the users' preferences
$prefs = unserialize(get_magic_quotes_runtime() ? stripslashes($row['prefs']) : $row['prefs']);
//
// Default values for some possibly unset preferences
//
if (!isset($prefs['page_rows']) || intval($prefs['page_rows']) < 1) {
$prefs['page_rows'] = 15;
}
if (!isset($prefs['theme']) || !$prefs['theme']) {
$prefs['theme'] = 'green';
}
if (!isset($prefs['screen']) || !$prefs['screen']) {
$prefs['screen'] = 'wide';
}
if (!isset($prefs['font_size']) || !$prefs['font_size']) {
$prefs['font_size'] = 'medium_font';
}
if (!isset($prefs['case_owner']) || !$prefs['case_owner']) {
$prefs['case_owner'] = 'my';
}
if (!isset($prefs['case_period']) || !$prefs['case_period']) {
$prefs['case_period'] = '91';
}
if (!isset($prefs['mode']) || !$prefs['mode']) {
$prefs['mode'] = 'simple';
}
if (!isset($prefs['time_intervals']) || !$prefs['time_intervals']) {
$prefs['time_intervals'] = 'relative';
$prefs['time_intervals_notation'] = 'hours_only';
}
} else {
// This case is a strange possibility: the author is authentified
// OK, but he does not exist in the authors table. Possible cause:
// the database was restaured and the author does not exist (and
// the user was authentified by another source, such as LDAP).
// Note: we use to show a strange error message which would advice
// to logout, but since it occurs only after db upgrade, just logout
// brutally (with cookie_admin=no to forget the username).
lcm_header('Location: lcm_cookie.php?cookie_admin=no&logout=' . $auth_login);
exit;
}
if (!$auth_pass_ok) {
@header("Location: lcm_login.php?var_erreur=pass");
exit;
}
// [ML] Again, not sure how this is used, but we can ignore it for now
// TODO (note: nouveau == new)
if ($connect_status == 'nouveau') {
$query = "UPDATE lcm_author SET status = 'normal' WHERE id_author = {$connect_id_auteur}";
$result = lcm_query($query);
$connect_status = 'normal';
}
// PHP sessions are started here, and stopped at logout
session_start();
return true;
}
// Change password (if requested)
//
if (_session('usr_new_passwd') || !_session('username_old')) {
change_password();
}
//
// Change username
//
if (_session('username') != _session('username_old') || !_session('username_old')) {
change_username(_session('id_author'), _session('username_old'), _session('username'));
}
//
// Insert/update author contacts
//
include_lcm('inc_contacts');
update_contacts_request('author', _session('id_author'));
if (count($_SESSION['errors'])) {
lcm_header("Location: edit_author.php?author=" . _session('id_author'));
exit;
}
$dest_link = new Link('author_det.php');
$dest_link->addVar('author', _session('id_author'));
// [ML] Not used at the moment, but could be useful eventually to send user
// back to where he was (but as a choice, not automatically, see author_det.php).
if (_session('ref_edit_author')) {
$dest_link->addVar('ref', _session('ref_edit_author'));
}
// Delete session (of form data will become ghosts)
$_SESSION['form_data'] = array();
lcm_header('Location: ' . $dest_link->getUrlForHeader());