function check_incident_access($id)
{
global $config;
if ($id) {
$incident = get_incident($id);
if ($incident !== false) {
$id_grupo = $incident['id_grupo'];
} else {
echo "<h1>" . __("Ticket") . "</h1>";
echo ui_print_error_message(__("There is no information for this ticket"), '', true, 'h3', true);
echo "<br>";
echo "<a style='margin-left: 90px' href='index.php?sec=incidents&sec2=operation/incidents/incident_search'>" . __("Try the search form to find the ticket") . "</a>";
return false;
}
}
if (isset($incident)) {
//Incident creators must see their incidents
$check_acl = enterprise_hook("incidents_check_incident_acl", array($incident));
$standalone_check = enterprise_hook("manage_standalone", array($incident));
if ($check_acl !== ENTERPRISE_NOT_HOOK && !$check_acl || $standalone_check !== ENTERPRISE_NOT_HOOK && !$standalone_check) {
// Doesn't have access to this page
audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to ticket (External user) " . $id);
include "general/noaccess.php";
return false;
}
} else {
if (!give_acl($config['id_user'], $id_grupo, "IR")) {
// Doesn't have access to this page
audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to ticket " . $id);
include "general/noaccess.php";
return false;
} else {
//No incident but ACLs enabled
echo ui_print_error_message(__("The ticket doesn't exist"), '', true, 'h3', true);
return false;
}
}
return true;
}
echo safe_output($name);
return;
}
if ($get_external_data) {
$table_name = get_parameter('table_name');
$id_table = (string) get_parameter('id_table');
$element_name = get_parameter('element_name');
$id_object_type_field = get_parameter('id_object_type_field');
$id_parent_value = get_parameter('id_parent_value', 0);
$id_parent_table = get_parameter('id_parent_table', "");
$external_label = get_parameter('external_label', "");
//We use MYSQL_QUERY becase we need this to fail silently to not show
//SQL errors on screen
$exists = mysql_query("SELECT * FROM " . $table_name . " LIMIT 1");
if (!$exists) {
echo ui_print_error_message(__("External table is not present"), '', true, 'h3', true);
return;
}
$sql_ext = "SHOW COLUMNS FROM " . $table_name;
$desc_ext = get_db_all_rows_sql($sql_ext);
$parent_reference_field = get_db_value_sql('SELECT parent_reference_field FROM tobject_type_field WHERE id=' . $id_object_type_field);
$fields = array();
foreach ($desc_ext as $key => $ext) {
if ($parent_reference_field == $ext['Field']) {
continue;
}
$fields[$ext['Field']] = $ext['Field'];
}
if ($id_parent_value) {
$id_parent = get_parameter("id_parent", 0);
$table_name_parent = get_db_value_sql("SELECT parent_table_name FROM tobject_type_field WHERE id=" . $id_object_type_field);
$result = delete_tag($id);
$crud_operation['result'] = $result;
// Result can be 0 if the target does not exist
if ($result !== false) {
$result = true;
// Prepare the values for another creation
$id = 0;
$name = '';
$colour = '';
}
$crud_operation['message'] .= ui_print_result_message($result, __('Tag deleted successsfully'), __('There was an error deleting the tag'), '', true);
} catch (Exception $e) {
$crud_operation['message'] .= ui_print_error_message($e->getMessage(), '', true);
}
} else {
$crud_operation['message'] .= ui_print_error_message(__('Some required values are missing'), '', true);
}
}
}
}
// Echo the result of the CRUD operation
if (isset($crud_operation)) {
echo $crud_operation['message'];
}
$table->width = '98%';
$table->class = 'search-table';
$table->style = array();
$table->colspan = array();
$table->style[0] = 'font-weight: bold; text-align: right;';
$table->style[1] = 'text-align: left;';
$table->style[2] = 'font-weight: bold; text-align: right;';
$id = false;
}
}
if ($update) {
$values['name'] = (string) get_parameter ('name');
$values['sql'] = (string) get_parameter ('sql');
$values['id_group'] = get_parameter('id_group');
$result = false;
if (! empty ($values['name']))
$result = process_sql_update ('tinventory_reports', $values, array ('id' => $id));
if ($result) {
$result_msg = ui_print_success_message (__("Successfully updated"), '', true, 'h3', true);
} else {
$result_msg = ui_print_error_message (__('Could not be updated'), '', true, 'h3', true);
}
}
if ($id) {
clean_cache_db();
$report = get_db_row ('tinventory_reports', 'id', $id);
if ($report === false)
return;
$name = $report['name'];
$sql = $report['sql'];
$id_group = $report['id_group'];
}
$render = get_parameter ("render",0);
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
if (check_login () != 0) {
audit_db ("Noauth", $config["REMOTE_ADDR"], "No authenticated access","Trying to access ticket viewer");
require ("general/noaccess.php");
exit;
}
$id_incident = (int) get_parameter ('id');
$incidents = incidents_get_incident_childs ($id_incident, false);
if (count ($incidents) == 0) {
echo ui_print_error_message (__('There\'s no tickets associated to this ticket'), '', true, 'h3', true);
}
else {
$table = new StdClass();
$table->class = 'listing';
$table->width = '100%';
$table->head = array ();
$table->head[0] = __('ID');
$table->head[1] = __('Name');
$table->head[2] = __('Group');
$table->head[3] = __('Status');
$table->head[4] = __('Creator');
$table->head[5] = __('Owner');
$table->size = array ();
$table->size[0] = '40px';
$five_daysonly = (int) get_parameter ("five_daysonly", 0);
$time_from = (int) get_parameter ("time_from", 0);
$time_to = (int) get_parameter ("time_to", 0);
$max_inactivity = (float) get_parameter ('max_inactivity');
$no_holidays = (int) get_parameter ('no_holidays', 0);
$id_sla_type = (int) get_parameter ('id_sla_type', 0);
$sql = sprintf ('UPDATE tsla SET max_inactivity = %.2f, enforced = %d, description = "%s",
name = "%s", max_incidents = %d, min_response = %.2f, max_response = %.2f,
id_sla_base = %d, five_daysonly = %d, time_from = %d, time_to = %d, no_holidays = %d, id_sla_type = %d WHERE id = %d', $max_inactivity,
$enforced, $description, $name, $max_incidents, $min_response,
$max_response, $id_sla_base, $five_daysonly, $time_from, $time_to, $no_holidays, $id_sla_type, $id);
$result = process_sql ($sql);
if (! $result)
echo ui_print_error_message (__('Could not be updated'), '', true, 'h3', true);
else {
echo ui_print_success_message (__('Successfully updated'), '', true, 'h3', true);
audit_db ($config["id_user"], $config["REMOTE_ADDR"], "SLA Modified",
"Updated SLA ($name)", $sql);
}
$id = 0;
}
// DELETE
// ==================
if ($delete_sla) {
$name = get_db_value ('name', 'tsla', 'id', $id);
$sql = sprintf ('DELETE FROM tsla WHERE id = %d', $id);
$result = process_sql ($sql);
audit_db ($config["id_user"], $config["REMOTE_ADDR"], "SLA Deleted",
$read = check_crm_acl ('other', 'cr', $config['id_user'], $contact['id_company']);
if (!$read) {
audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation","Trying to access to contact tickets without permission");
include ("general/noaccess.php");
exit;
}
$email = safe_output($contact["email"]);
$email = trim($email);
$email = safe_input($email);
$incidents = incidents_get_by_notified_email ($email);
if (!$incidents) {
echo ui_print_error_message (__("This contact doesn't have any ticket associated"), '', true, 'h3', true);
} else {
$table->class = "listing";
$table->width = "99%";
$table->head[0] = __("ID");
$table->head[1] = __("Ticket");
$table->head[2] = __("Status");
$table->head[3] = __("Priority");
$table->head[4] = __("Updated");
$table->data = array();
foreach ($incidents as $inc) {
$data = array();
if (give_acl($config["id_user"], 0, "IR")) {
if ($id_workunit !== false) {
$sql = sprintf ('INSERT INTO tworkunit_task
(id_task, id_workunit) VALUES (%d, %d)',
$id_task, $id_workunit);
$result = process_sql ($sql, 'insert_id');
if ($result !== false) {
$result_output = ui_print_success_message (__('Workunit added'), '', true, 'h3', true);
audit_db ($config['id_user'], $config["REMOTE_ADDR"], "Spare work unit added",
'Workunit for '.$config['id_user'].' added to Task ID #'.$id_task);
mail_project (0, $config['id_user'], $id_workunit, $id_task);
}
else {
$result_output = ui_print_error_message (__('Problemd adding workunit.'), '', true, 'h3', true);
}
} else {
$result_output = ui_print_error_message (__('Problemd adding workunit.'), '', true, 'h3', true);
}
}
}
}
if ($id_workunit !== false) {
set_task_completion ($id_task);
}
audit_db ($config["id_user"], $config["REMOTE_ADDR"], "PWU", "Inserted PWU. Task: $id_task. Desc: $description");
}
if ($operation == "delete") {
$success = delete_task_workunit ($id_workunit);
if (! $success) {
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// CHECK LOGIN AND ACLs
check_login();
// SET VARS
$width = '99%';
if (!give_acl($config['id_user'], 0, "IR")) {
audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access ticket viewer");
require "general/noaccess.php";
exit;
}
$incident_id = get_parameter('incident_id', 0);
if ($incident_id == 0) {
ui_print_error_message(__('Unable to load ticket'));
exit;
}
// GET THE FILES
$incident['files'] = get_incident_files($incident_id, true);
if ($incident['files'] === false) {
$incident['files'] = array();
}
// SHOW THE FILES
$table->class = 'result_table listing';
$table->width = $width;
$table->id = 'incident_search_result_table';
$separator_style = 'border-bottom: 1px solid rgb(204, 204, 204);border-top: 1px solid rgb(204, 204, 204);';
$table->style = array();
$table->data = array();
$table->rowstyle = array();
}
else {
echo ui_print_error_message (__('Could not load custom filter'), '', true, 'h3', true);
}
}
/* Delete a custom saved search via AJAX */
if ($delete_custom_search) {
$sql = sprintf ('DELETE FROM tcustom_search
WHERE id_user = "******"
AND id = %d',
$config['id_user'], $id_search);
$result = process_sql ($sql);
if ($result === false) {
echo ui_print_error_message (__('Could not delete custom filter'), '', true, 'h3', true);
}
else {
echo ui_print_success_message (__('Custom filter deleted'), '', true, 'h3', true);
}
}
//FORM AND TABLE TO MANAGE CUSTOM SEARCHES
$table = new stdClass;
$table->id = 'saved_searches_table';
$table->width = '100%';
$table->class = 'search-table-button';
$table->size = array ();
$table->style = array ();
$table->style[0] = 'font-weight: bold';
$table->style[1] = 'font-weight: bold';
$grant_access = $group["grant_access"];
$send_welcome = $group["send_welcome"];
$default_company = $group["default_company"];
$welcome_email = $group["welcome_email"];
$email_queue = $group["email_queue"];
$default_profile = $group["default_profile"];
$user_level = $group["nivel"];
$incident_type = $group["id_incident_type"];
$email_from = $group["email_from"];
$email_group = $group["email_group"];
//Inventory == zero is an empty string
if ($id_inventory == 0) {
$id_inventory = "";
}
} else {
echo ui_print_error_message(__('There was a problem loading group'), '', true, 'h3', true);
include "general/footer.php";
exit;
}
}
echo '<h2>' . __('Group management') . '</h2>';
if ($id) {
echo '<h4>' . __('Update group') . '</h4>';
} else {
echo '<h4>' . __('New group') . '</h4>';
}
$table = new StdClass();
$table->width = '100%';
$table->class = 'search-table-button';
$table->colspan = array();
$table->rowspan = array();
if (!isset($incident)){
echo ui_print_error_message (__("Invalid ticket ID"), '', true, 'h3', true);
audit_db ($config['id_user'], $config["REMOTE_ADDR"], "Ticket score hack", "Trying to access ticket score on a invalid ticket");
no_permission();
return;
}
if ($incident["id_creator"] != $config["id_user"]){
echo ui_print_error_message (__("Non authorized ticket score review"), '', true, 'h3', true);
audit_db ($config['id_user'], $config["REMOTE_ADDR"], "Ticket score hack", "Trying to access ticket score on a non-authorship ticket");
no_permission();
return;
}
if (($incident["estado"] !=6) AND ($incident["estado"] != 7)){
echo ui_print_error_message (__("Ticket cannot be scored until be closed"), '', true, 'h3', true);
audit_db ($config['id_user'], $config["REMOTE_ADDR"], "Ticket score hack", "Trying to access ticket score before closing ticket");
no_permission();
return;
}
// Score it !
$sql = "UPDATE tincidencia SET score = $score WHERE id_incidencia = $id";
process_sql ($sql);
echo "<h1>".__("Ticket scoring")."</h1>";
echo "<br><br>";
echo __("Thanks for your feedback, this help us to keep improving our job");
$active_tab = 'files';
}
if($add_workunit) {
$note = get_parameter('note');
$public = 1;
$timeused = "0.05";
$result = create_workunit ($incident_id, $note, $config["id_user"], $timeused, 0, "", $public, 0);
if($result) {
ui_print_success_message(__('Workunit added'));
}
else {
ui_print_error_message(__('There was a problem adding workunit'));
}
$active_tab = 'workunits';
}
// GET INCIDENT FROM DATABASE
$incident = get_full_incident($incident_id);
// TABS
?>
<ul style="height: 30px;" class="ui-tabs-nav">
<li class="ui-tabs" id="li_files">
<a href='javascript:' id='tab_files' class='tab'><span><?php echo __('Files') ?></span></a>
</li>
<li class="ui-tabs" id="li_workunits">
$id = 0;
}
// ---------------
// DELETE template
// ---------------
// TODO: ACL Check. Should be only able to delete templates of their company or child companies
if ($operation == "delete") {
$id = get_parameter ("id");
$sql_delete= "DELETE FROM tcrm_template WHERE id = $id";
$result=mysql_query($sql_delete);
if (! $result)
echo ui_print_error_message (__('Not deleted. Error deleting data'), '', true, 'h3', true);
else
echo ui_print_success_message (__("Successfully deleted"), '', true, 'h3', true);
$operation = "";
}
// ---------------
// CREATE (form)
// ---------------
if (($operation == "create") || ($operation == "edit")){
echo "<h2>".__('CRM Template management')."</h2>";
if ($operation == "create"){
echo "<h4>".__('Create CRM Template')."</h4>";
$name = "";
$current_hours += $duration;
$expected_completion = round_number (floor ($current_hours * 100 / $task['hours']));
$sql = sprintf ('UPDATE ttask
SET completion = %d
WHERE id = %d',
$expected_completion, $id_task);
process_sql ($sql);
}
} else {
mail_project (1, $config['id_user'], $id_workunit, $id_task);
$result_output = ui_print_success_message (__('Workunit updated'), '', true, 'h3', true);
audit_db ($config["id_user"], $config["REMOTE_ADDR"], "PWU", "Updated PWU. $description");
}
} else {
$result_output = ui_print_error_message (__('There was a problem adding workunit'), '', true, 'h3', true);
}
$operation = "view";
}
// DELETE Workunit
if ($operation == "delete") {
// ACL
if (! $task_permission["write"]){
// Doesn't have access to this page
audit_db ($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to delete a workunit in a task without permission");
no_permission();
}
$success = delete_task_workunit ($id_workunit);
$end_date = get_parameter ('end_date');
$id_project_group = get_parameter ("id_project_group");
$cc = get_parameter('cc', '');
$sql = sprintf ('UPDATE tproject SET
name = "%s", description = "%s", id_project_group = %d,
start = "%s", end = "%s", id_owner = "%s", cc = "%s"
WHERE id = %d',
$name, $description, $id_project_group,
$start_date, $end_date, $user, $cc, $id_project);
$result = process_sql ($sql);
audit_db ($config["id_user"], $config["REMOTE_ADDR"], "Project updated", "Project $name");
if ($result !== false) {
project_tracking ($id_project, PROJECT_UPDATED);
$result_output = ui_print_success_message (__('The project successfully updated'), '', true, 'h3', true);
} else {
$result_output = ui_print_error_message (__('Could not update project'), '', true, 'h3', true);
}
}
// Edition / View mode
if ($id_project) {
$project = get_db_row ('tproject', 'id', $id_project);
$name = $project["name"];
$description = $project["description"];
$start_date = $project["start"];
$end_date = $project["end"];
$owner = $project["id_owner"];
$id_project_group = $project["id_project_group"];
$cc = $project["cc"];
}
$sql_label = "SELECT `label` FROM `tincident_type_field` WHERE id_incident_type = {$id_incident_type}";
$labels = get_db_all_rows_sql($sql_label);
if ($labels === false) {
$labels = array();
}
foreach ($labels as $label) {
$id_incident_field = get_db_value_filter('id', 'tincident_type_field', array('id_incident_type' => $id_incident_type, 'label' => $label['label']), 'AND');
$values_insert['id_incident'] = $id;
$values_insert['data'] = get_parameter(base64_encode($label['label']));
$values_insert['id_incident_field'] = $id_incident_field;
$id_incident_field = get_db_value('id', 'tincident_type_field', 'id_incident_type', $id_incident_type);
process_sql_insert('tincident_field_data', $values_insert);
}
}
} else {
$result_msg = ui_print_error_message(__('Could not be created'), '', true);
}
echo $result_msg;
// ATTACH A FILE IF IS PROVIDED
$upfile = get_parameter('upfile');
$file_description = get_parameter('file_description');
if ($upfile != '') {
$filename = get_parameter('upfile');
$file_description = get_parameter('file_description', __('No description available'));
$file_temp = sys_get_temp_dir() . "/{$filename}";
$result = attach_incident_file($id, $file_temp, $file_description);
echo $result;
$active_tab = 'files';
}
}
echo '<h1>' . __('My tickets') . '</h1>';
$data[1] = get_invoice_amount($cost["id"]);// Check
$id_invoice = $cost["id"];
$filename = get_db_sql ("SELECT filename FROM tattachment WHERE id_attachment = ". $cost["id_attachment"]);
$data[2] = "<a href='".$config["base_url"]."/attachment/".$cost["id_attachment"]."_".$filename."'>$filename</a>";
if (($config["id_user"] = $cost["id_user"]) OR (project_manager_check ($id_project))){
$data[3] = "<a href='index.php?sec=projects&sec2=operation/projects/task_cost&id_task=$id_task&id_project=$id_project&operation=delete&id_invoice=$id_invoice '><img src='images/cross.png'></a>";
}
array_push ($table->data, $data);
}
print_table ($table);
} else {
echo ui_print_error_message(__('No data found'), '', true, 'h3', true);
}
echo "</div>";
echo "</div>";
}
if ($operation == ""){
//~ echo "<h2>";
//~ echo __('Add cost unit')."</h2><h4>". __('Task') .": ".$task_name."</h4>";
//~ echo "<div id='' class='divform'>";
//~ echo "<form method='POST' action='index.php?sec=projects&sec2=operation/projects/task_cost&id_task=$id_task&id_project=$id_project' enctype='multipart/form-data' >";
//~ $action = "index.php?sec=projects&sec2=operation/projects/task_cost&id_task=$id_task&id_project=$id_project";
/**
* Evaluates a result using empty() and then prints an error or success message
*
* @param mixed The results to evaluate. 0, NULL, false, '' or
* array() is bad, the rest is good
* @param string The string to be displayed if the result was good
* @param string The string to be displayed if the result was bad
* @param string Any other attributes to be set for the h3
* @param bool Whether to output the string or return it
* @param string What tag to use (you could specify something else than
* h3 like div or h2)
* @param boolean Add a cancel button or not
*
* @return string HTML code if return parameter is true.
*/
function ui_print_result_message($result, $good = '', $bad = '', $attributes = '', $return = false, $tag = 'h3', $cancel_button = true)
{
if ($good == '' || $good === false) {
$good = __('Request successfully processed');
}
if ($bad == '' || $bad === false) {
$bad = __('Error processing request');
}
if (empty($result)) {
return ui_print_error_message($bad, $attributes, $return, $tag, $cancel_button);
}
return ui_print_success_message($good, $attributes, $return, $tag, $cancel_button);
}
}
$sql_delete= "DELETE FROM tkb_data WHERE id = $id";
$result=mysql_query($sql_delete);
if ($result=mysql_query("SELECT * FROM tattachment WHERE id_kb = $id")) {
while ($row=mysql_fetch_array($result)){
$nombre_archivo = $config["homedir"]."attachment/".$row["id_attachment"]."_".$row["filename"];
unlink ($nombre_archivo);
}
$sql = " DELETE FROM tattachment WHERE id_kb = ".$id;
mysql_query($sql);
}
//insert_event ("KB ITEM DELETED", $id, 0, "Deleted KB $kb_title");
audit_db ($config["id_user"], $config["REMOTE_ADDR"], "KB", "Deleted kb item $id - $kb_title");
ui_print_error_message (__('Successfully deleted'), '', true, 'h3', true);
}
if (isset($_GET["update2"])){
$_GET["update"]= $id;
}
// CREATE form
if ((isset($_GET["create"]) OR (isset($_GET["update"])))) {
if (isset($_GET["create"])){
$data = "";
$title = "";
$id = -1;
$id_product = 1;
$id_category = 1;
$offset = 0;
$data[4] = '';
// Disable or delete
if ($project['id'] != -1 && $project_permission['manage']) {
$table->head[4] = __('Delete/Unarchive');
$data[4] = "<a href='#' onClick='javascript: show_validation_delete_general(\"delete_project\",".$project['id'].",0,".$offset.",\"".$search_params."\");'><img src='images/icons/icono_papelera.png' title='".__('Delete')."'></a>";
$data[4] .= '<a href="index.php?sec=projects&sec2=operation/projects/project&view_disabled=1&activate_project=1&id='.$project['id'].'">
<img src="images/upload.png" /></a>';
}
array_push ($table->data, $data);
}
echo "<div class='divresult'>";
if(empty($table->data)) {
echo ui_print_error_message(__('No projects found'), '', true, 'h3', true);
}
else {
print_table ($table);
}
echo "</div>";
echo "<div class= 'dialog ui-dialog-content' title='".__("Delete")."' id='item_delete_window'></div>";
?>
<script type="text/javascript" src="include/js/jquery.validation.functions.js"></script>
<script type="text/javascript" src="include/js/integria.js"></script>
<script type="text/javascript">
trim_element_on_submit("#text-search_text");
</script>
function user_search_result($filter, $ajax, $size_page, $offset, $clickin, $search_text, $disabled_user, $level, $group, $from_tickets = false)
{
global $config;
if ($filter != 0) {
$offset = $filter['offset'];
$search_text = $filter['search_text'];
$disabled_user = $filter['disabled_user'];
$level = $filter['level'];
$group = $filter['group'];
}
$search = "WHERE 1=1 ";
if ($search_text != "") {
$search .= " AND (id_usuario LIKE '%{$search_text}%' OR comentarios LIKE '%{$search_text}%' OR nombre_real LIKE '%{$search_text}%' OR direccion LIKE '%{$search_text}%')";
}
if ($disabled_user > -1) {
$search .= " AND disabled = {$disabled_user}";
}
if ($level > -10) {
$search .= " AND nivel = {$level}";
}
if ($group == -1) {
$search .= " AND tusuario.id_usuario NOT IN (select id_usuario from tusuario_perfil)";
} else {
if ($group > 0) {
$search .= " AND tusuario.id_usuario = ANY (SELECT id_usuario FROM tusuario_perfil WHERE id_grupo = {$group})";
}
}
$query1 = "SELECT * FROM tusuario {$search} ORDER BY id_usuario";
if ($from_tickets) {
$query1 = users_get_allowed_users_query($config['id_user'], $filter);
}
$count = get_db_sql("SELECT COUNT(id_usuario) FROM tusuario {$search} ");
$sql1 = "{$query1} LIMIT {$offset}, " . $size_page;
echo "<div class='divresult'>";
pagination($count, "index.php?sec=users&sec2=godmode/usuarios/lista_usuarios&search_text=" . $search_text . "&disabled_user="******"&level=" . $level . "&group=" . $group, $offset, true);
$resq1 = process_sql($sql1);
if (!$resq1) {
echo ui_print_error_message(__("No users"), '', true, 'h3', true);
} else {
echo '<table width="100%" class="listing">';
if ($filter == 0) {
echo '<th>' . print_checkbox('all_user_checkbox', 1, false, true);
echo '<th title="' . __('Enabled/Disabled') . '">' . __('E/D');
echo '<th title="' . __('Enabled login') . '">' . __('Enabled login');
}
echo '<th>' . __('User ID');
echo '<th>' . __('Name');
echo '<th>' . __('Company');
echo '<th>' . __('Last contact');
echo '<th>' . __('Profile');
if ($filter == 0) {
echo '<th>' . __('Delete');
}
// Init vars
$nombre = "";
$nivel = "";
$comentarios = "";
$fecha_registro = "";
if ($resq1) {
foreach ($resq1 as $rowdup) {
$nombre = $rowdup["id_usuario"];
$nivel = $rowdup["nivel"];
$realname = $rowdup["nombre_real"];
$fecha_registro = $rowdup["fecha_registro"];
$avatar = $rowdup["avatar"];
if ($rowdup["nivel"] == 0) {
$nivel = "<img src='images/group.png' title='" . __("Grouped user") . "'>";
} elseif ($rowdup["nivel"] == 1) {
$nivel = "<img src='images/integria_mini_logo.png' title='" . __("Administrator") . "'>";
} else {
$nivel = "<img src='images/user_gray.png' title='" . __("Standalone user") . "'>";
}
$disabled = $rowdup["disabled"];
$id_company = $rowdup["id_company"];
$enabled_login = $rowdup["enable_login"];
echo "<tr>";
if ($filter == 0) {
echo "<td>";
echo print_checkbox_extended("user-" . $rowdup["id_usuario"], $rowdup["id_usuario"], false, false, "", "class='user_checkbox'", true);
echo "<td>";
if ($disabled == 1) {
echo "<img src='images/lightbulb_off.png' title='" . __("Disabled") . "'> ";
}
echo "<td>";
if ($enabled_login == 1) {
echo "<img src='images/accept.png' title='" . __("Enabled login") . "'> ";
} else {
echo "<img src='images/fail.png' title='" . __("Disabled login") . "'> ";
}
}
echo "<td>";
if ($filter == 0) {
echo "<a href='index.php?sec=users&sec2=godmode/usuarios/configurar_usuarios&update_user="******"'>" . ucfirst($nombre) . "</a>";
} else {
$url = "javascript:loadContactUser(\"" . $nombre . "\",\"" . $clickin . "\");";
echo "<a href='" . $url . "'>" . ucfirst($nombre) . "</a>";
}
echo "<td style=''>" . $realname;
$company_name = (string) get_db_value('name', 'tcompany', 'id', $id_company);
echo "<td>" . $company_name . "</td>";
echo "<td style=''>" . human_time_comparation($fecha_registro);
echo "<td>";
print_user_avatar($nombre, true);
echo " ";
if ($config["enteprise"] == 1) {
$sql1 = 'SELECT * FROM tusuario_perfil WHERE id_usuario = "' . $nombre . '"';
$result = mysql_query($sql1);
echo "<a href='#' class='tip'> <span>";
if (mysql_num_rows($result)) {
while ($row = mysql_fetch_array($result)) {
echo dame_perfil($row["id_perfil"]) . "/ ";
echo dame_grupo($row["id_grupo"]) . "<br>";
}
} else {
echo __('This user doesn\'t have any assigned profile/group');
}
echo "</span></a>";
}
echo $nivel;
if ($filter == 0) {
echo '<td align="center">';
echo '<a href="index.php?sec=users&sec2=godmode/usuarios/lista_usuarios&borrar_usuario=' . $nombre . '" onClick="if (!confirm(\'' . __('Are you sure?') . '\')) return false;"><img src="images/cross.png"></a>';
echo '</td>';
}
}
}
echo "</table>";
}
echo "</div>";
}
$table->head[1] = __('Description');
$table->head[2] = __('Size');
$table->head[3] = __('Date');
$table->head[4] = __('Ops.');
foreach ($files as $file) {
$data = array ();
$data[0] = "<a href='operation/common/download_file.php?id_attachment=".$file["id_attachment"]."&type=lead'>".$file["filename"] . "</a>";
$data[1] = $file["description"];
$data[2] = format_numeric($file["size"]);
$data[3] = $file["timestamp"];
// Todo. Delete files owner of lead and admins only
if ( (dame_admin($config["id_user"])) || ($file["id_usuario"] == $config["id_user"]) ){
$data[4] = "<a href='index.php?sec=customers&sec2=operation/leads/lead_detail&id=$id&op=files&deletef=".$file["id_attachment"]."'><img src='images/cross.png'></a>";
}
array_push ($table->data, $data);
array_push ($table->rowstyle, $style);
}
print_table ($table);
} else {
echo ui_print_error_message (__('There is no files attached for this lead'), '', true, 'h3', true);
}
echo "</div>";
echo "</div>";
?>
else
$description = "No description available";
// Insert into database
$file_temp = $filename['tmp_name'];
$filesize = $filename['size'];
$sql = " INSERT INTO tattachment (id_task, id_usuario, filename, description, size ) VALUES (".$id_task.", '".$id_user." ','".$filename_safe."','".$description."',".$filesize.") ";
$id_attachment = process_sql ($sql, 'insert_id');
//project_tracking ( $id_inc, $id_usuario, 3);
$result_output = ui_print_success_message (__('File added'), '', true, 'h3', true);
// Copy file to directory and change name
$file_target = $config["homedir"]."/attachment/".$id_attachment."_".$filename_safe;
if (! copy($file_temp, $file_target)) {
$result_output = ui_print_error_message (__('File cannot be saved. Please contact Integria administrator about this error'), '', true, 'h3', true);
$sql = "DELETE FROM tattachment WHERE id_attachment =".$id_attachment;
process_sql ($sql);
} else {
// Delete temporal file
unlink ($file_temp);
}
}
}
// -----------
// Delete file
// -----------
if ($operation == "delete") {
// ACL
function print_project_timegraph($id_project, $start_date = false, $end_date = false, $id_user_filter = "")
{
if ($id_user_filter == "") {
$users = get_users_project($id_project);
} else {
$sql = "SELECT *\n FROM trole_people_project\n WHERE id_project = {$id_project} AND id_user = '******'";
$users = get_db_all_rows_sql($sql);
}
$tasks = get_db_all_rows_field_filter('ttask', 'id_project', $id_project);
$data = array();
foreach ($tasks as $task) {
foreach ($users as $user) {
$user_name = get_db_value('nombre_real', 'tusuario', 'id_usuario', $user['id_user']);
$hours = get_task_workunit_hours_user($task['id'], $user['id_user'], 0, $start_date, $end_date);
if (empty($hours)) {
continue;
}
$data[$task['id']][$user['id_user']] = array('parent_name' => safe_output($task['name']), 'name' => safe_output($user_name), 'value' => $hours, 'tooltip' => "<b>" . __('Task:') . "</b> " . $task['name'] . "<br />" . "<b>" . __('User:'******'Hours:') . "</b> " . $hours, 'id' => $task['id'] . "_" . $user['id_user']);
}
}
if (empty($data)) {
ui_print_error_message(__('There are not tasks with hours in this period.'));
return;
}
graph_print_d3js_treemap($data);
}
}
}
array_push ($table->data, $data);
}
print_table ($table);
if (!empty($final_total)) {
echo __("Subtotals for each currency: ");
foreach ($final_total as $key => $value) {
echo " - $key : ". format_numeric ($value,2);
}
}
} else {
echo ui_print_error_message (__("No invoices"), '', true, 'h3', true);
}
if (($write || $manage) AND ($clean_output == 0)) {
echo '<form method="post" action="index.php?sec=customers&sec2=operation/invoices/invoices">';
echo '<div class="button-form" style="width: '.$table->width.'">';
print_submit_button (__('Create'), 'new_btn', false, 'class="sub next"');
print_input_hidden ('new_invoice', 1);
echo '</div>';
echo '</form>';
}
echo "<div class= 'dialog ui-dialog-content' title='".__("Delete")."' id='item_delete_window'></div>";
?>
} else {
echo ui_print_error_message (__("Error deleting inventory relationship"), '', true, 'h3', true);
}
}
if ($add_link) {
$id_dst = get_parameter('link', 0);
$id_src = get_parameter('id_src');
$sql = "INSERT INTO tinventory_relationship (id_object_src, id_object_dst) VALUES ($id_src, $id_dst)";
$result = process_sql($sql);
if ($result) {
echo ui_print_success_message (__("Inventory relationship added"), '', true, 'h3', true);
} else {
echo ui_print_error_message (__("Error adding inventory relationship"), '', true, 'h3', true);
}
}
$sql_links = "SELECT * FROM tinventory_relationship
WHERE `id_object_src`=$id OR `id_object_dst`=$id";
$all_links = get_db_all_rows_sql($sql_links);
if ($all_links == false) {
$all_links = array();
}
$table = new stdClass;
$table->width = '100%';
$table->class = 'listing';
break;
default:
break;
}
// Delete Field
if ($delete_object_type_field) {
$id_object_type_field = (int) get_parameter ('id_object_type_field');
$sql = sprintf ('DELETE FROM tobject_type_field WHERE id = %d', $id_object_type_field);
$result = process_sql ($sql);
if ($result)
echo ui_print_success_message (__("Successfully deleted"), '', true, 'h3', true);
else
echo ui_print_error_message (__("Could not be deleted"), '', true, 'h3', true);
$id = 0;
}
//**********************************************************************
// List fields
//**********************************************************************
$objects_type_fields = get_db_all_rows_field_filter ('tobject_type_field', 'id_object_type', $id_object_type, 'id');
$table = new StdClass;
$table->width = '99%';
echo '<div class="divresult">';
if ($objects_type_fields !== false) {
//echo "<h3>".__('Defined objects types fields')."</h3>";
print_input_hidden ("search_".$key, $value);
}
print_input_hidden ('sec2', 'operation/reporting/incidents_html');
print_input_hidden ('clean_output', 1);
echo "</form>";
/* Add a form to generate HTML reports */
echo '<form id="pdf_report_form" method="post" target="_blank" action="index.php" style="clear: both">';
foreach ($filter as $key => $value) {
print_input_hidden ("search_".$key, $value);
}
print_input_hidden ('sec2', 'operation/reporting/incidents_html');
print_input_hidden ('clean_output', 1);
print_input_hidden ('pdf_output', 1);
echo '</form>';
if ($incidents == false) {
echo ui_print_error_message (__('Nothing was found'), '', true, 'h3', true);
} else {
$simple_mode = true;
if ($show_stats) {
$simple_mode = false;
}
print_incidents_stats_simply ($incidents, false, $simple_mode);
}
?>
// Delete workunit with ACL / Project manager check
$id_workunit = get_parameter ("id_workunit");
$sql = "SELECT * FROM tworkunit WHERE id = $id_workunit";
if ($res = mysql_query($sql))
$row=mysql_fetch_array($res);
else
return;
$id_user_wu = $row["id_user"];
if (($id_user_wu == $config["id_user"]) OR (give_acl($config["id_user"], 0,"PM") ==1 ) OR (project_manager_check($id_project) == 1)){
mysql_query ("DELETE FROM tworkunit where id = '$id_workunit'");
if (mysql_query ("DELETE FROM tworkunit_task where id_workunit = '$id_workunit'")){
$result_output = ui_print_success_message (__('Successfully deleted'), '', true, 'h3', true);
audit_db ($id_user, $config["REMOTE_ADDR"], "Work unit deleted", "Workunit for $id_user");
} else {
$result_output = ui_print_error_message (__('Not deleted. Error deleting data'), '', true, 'h3', true);
}
} else {
audit_db($id_user, $config["REMOTE_ADDR"], "ACL Violation","Trying to delete WU $id_workunit without rigths");
include ("general/noaccess.php");
exit;
}
}
// --------------------
// Workunit report
// --------------------
$ahora = date("Y-m-d H:i:s");
if ($timestamp_h == "")
$timestamp_h == $ahora ;
