-
Notifications
You must be signed in to change notification settings - Fork 0
/
task_action.php
77 lines (61 loc) · 2.56 KB
/
task_action.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
<?php
// $Header: /cvsroot/tsheet/timesheet.php/task_action.php,v 1.7 2005/05/23 07:32:00 vexil Exp $
// Authenticate
require("class.AuthenticationManager.php");
require("class.CommandMenu.php");
if (!$authenticationManager->isLoggedIn() || !$authenticationManager->hasClearance(CLEARANCE_ADMINISTRATOR)) {
Header("Location: login.php?redirect=$_SERVER[PHP_SELF]&clearanceRequired=Administrator");
exit;
}
// Connect to database.
$dbh = dbConnect();
$contextUser = strtolower($_SESSION['contextUser']);
//load local vars from superglobals
$action = $_REQUEST["action"];
$task_id = isset($_REQUEST["task_id"]) ? $_REQUEST["task_id"]: 0;
$proj_id = $_REQUEST["proj_id"];
if ($action == "add" || $action == "edit") {
$name = $_REQUEST["name"];
$description = $_REQUEST["description"];
$assigned = isset($_REQUEST["assigned"]) ? $_REQUEST['assigned']: array();
$task_status = $_REQUEST["task_status"];
}
if (!isset($action))
Header("Location: $HTTP_REFERER");
elseif ($action == "add") {
$name = addslashes($name);
$description = addslashes($description);
//create a time string for >>now<<
$time_string = date("Y-m-d H:i:00");
list($qh, $num) = dbQuery("INSERT INTO $TASK_TABLE (proj_id, name, description, assigned, started, status) VALUES ".
"('$proj_id', '$name','$description', ".
"'$time_string', '$time_string', '$task_status')");
$task_id = dbLastID($dbh);
if (isset($assigned)) {
while (list(,$username) = each($assigned))
dbQuery("INSERT INTO $TASK_ASSIGNMENTS_TABLE (proj_id, task_id, username) VALUES ($proj_id, $task_id, '$username')");
}
// redirect to the task management page (we're done)
Header("Location: task_maint.php?proj_id=$proj_id");
}
elseif ($action == "edit") {
$name = addslashes($name);
$description = addslashes($description);
$query = "UPDATE $TASK_TABLE set name='$name',description='$description',".
" status='$task_status' ".
" where task_id=$task_id";
list($qh,$num) = dbquery($query);
if ($assigned) {
dbQuery("Delete from $TASK_ASSIGNMENTS_TABLE where task_id = $task_id");
while (list(,$username) = each($assigned))
dbQuery("INSERT INTO $TASK_ASSIGNMENTS_TABLE(proj_id, task_id, username) VALUES ($proj_id, $task_id, '$username')");
}
// we're done so redirect to the task management page
Header("Location: task_maint.php?proj_id=$proj_id");
}
elseif ($action == 'delete') {
dbQuery("delete from $TASK_TABLE where task_id = $task_id");
dbQuery("delete from $TASK_ASSIGNMENTS_TABLE where task_id = $task_id");
Header("Location: task_maint.php?proj_id=$proj_id");
}
?>