function check_incident_access($id) { global $config; if ($id) { $incident = get_incident($id); if ($incident !== false) { $id_grupo = $incident['id_grupo']; } else { echo "<h1>" . __("Ticket") . "</h1>"; echo ui_print_error_message(__("There is no information for this ticket"), '', true, 'h3', true); echo "<br>"; echo "<a style='margin-left: 90px' href='index.php?sec=incidents&sec2=operation/incidents/incident_search'>" . __("Try the search form to find the ticket") . "</a>"; return false; } } if (isset($incident)) { //Incident creators must see their incidents $check_acl = enterprise_hook("incidents_check_incident_acl", array($incident)); $standalone_check = enterprise_hook("manage_standalone", array($incident)); if ($check_acl !== ENTERPRISE_NOT_HOOK && !$check_acl || $standalone_check !== ENTERPRISE_NOT_HOOK && !$standalone_check) { // Doesn't have access to this page audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to ticket (External user) " . $id); include "general/noaccess.php"; return false; } } else { if (!give_acl($config['id_user'], $id_grupo, "IR")) { // Doesn't have access to this page audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to ticket " . $id); include "general/noaccess.php"; return false; } else { //No incident but ACLs enabled echo ui_print_error_message(__("The ticket doesn't exist"), '', true, 'h3', true); return false; } } return true; }
echo safe_output($name); return; } if ($get_external_data) { $table_name = get_parameter('table_name'); $id_table = (string) get_parameter('id_table'); $element_name = get_parameter('element_name'); $id_object_type_field = get_parameter('id_object_type_field'); $id_parent_value = get_parameter('id_parent_value', 0); $id_parent_table = get_parameter('id_parent_table', ""); $external_label = get_parameter('external_label', ""); //We use MYSQL_QUERY becase we need this to fail silently to not show //SQL errors on screen $exists = mysql_query("SELECT * FROM " . $table_name . " LIMIT 1"); if (!$exists) { echo ui_print_error_message(__("External table is not present"), '', true, 'h3', true); return; } $sql_ext = "SHOW COLUMNS FROM " . $table_name; $desc_ext = get_db_all_rows_sql($sql_ext); $parent_reference_field = get_db_value_sql('SELECT parent_reference_field FROM tobject_type_field WHERE id=' . $id_object_type_field); $fields = array(); foreach ($desc_ext as $key => $ext) { if ($parent_reference_field == $ext['Field']) { continue; } $fields[$ext['Field']] = $ext['Field']; } if ($id_parent_value) { $id_parent = get_parameter("id_parent", 0); $table_name_parent = get_db_value_sql("SELECT parent_table_name FROM tobject_type_field WHERE id=" . $id_object_type_field);
$result = delete_tag($id); $crud_operation['result'] = $result; // Result can be 0 if the target does not exist if ($result !== false) { $result = true; // Prepare the values for another creation $id = 0; $name = ''; $colour = ''; } $crud_operation['message'] .= ui_print_result_message($result, __('Tag deleted successsfully'), __('There was an error deleting the tag'), '', true); } catch (Exception $e) { $crud_operation['message'] .= ui_print_error_message($e->getMessage(), '', true); } } else { $crud_operation['message'] .= ui_print_error_message(__('Some required values are missing'), '', true); } } } } // Echo the result of the CRUD operation if (isset($crud_operation)) { echo $crud_operation['message']; } $table->width = '98%'; $table->class = 'search-table'; $table->style = array(); $table->colspan = array(); $table->style[0] = 'font-weight: bold; text-align: right;'; $table->style[1] = 'text-align: left;'; $table->style[2] = 'font-weight: bold; text-align: right;';
$id = false; } } if ($update) { $values['name'] = (string) get_parameter ('name'); $values['sql'] = (string) get_parameter ('sql'); $values['id_group'] = get_parameter('id_group'); $result = false; if (! empty ($values['name'])) $result = process_sql_update ('tinventory_reports', $values, array ('id' => $id)); if ($result) { $result_msg = ui_print_success_message (__("Successfully updated"), '', true, 'h3', true); } else { $result_msg = ui_print_error_message (__('Could not be updated'), '', true, 'h3', true); } } if ($id) { clean_cache_db(); $report = get_db_row ('tinventory_reports', 'id', $id); if ($report === false) return; $name = $report['name']; $sql = $report['sql']; $id_group = $report['id_group']; } $render = get_parameter ("render",0);
// but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. if (check_login () != 0) { audit_db ("Noauth", $config["REMOTE_ADDR"], "No authenticated access","Trying to access ticket viewer"); require ("general/noaccess.php"); exit; } $id_incident = (int) get_parameter ('id'); $incidents = incidents_get_incident_childs ($id_incident, false); if (count ($incidents) == 0) { echo ui_print_error_message (__('There\'s no tickets associated to this ticket'), '', true, 'h3', true); } else { $table = new StdClass(); $table->class = 'listing'; $table->width = '100%'; $table->head = array (); $table->head[0] = __('ID'); $table->head[1] = __('Name'); $table->head[2] = __('Group'); $table->head[3] = __('Status'); $table->head[4] = __('Creator'); $table->head[5] = __('Owner'); $table->size = array (); $table->size[0] = '40px';
$five_daysonly = (int) get_parameter ("five_daysonly", 0); $time_from = (int) get_parameter ("time_from", 0); $time_to = (int) get_parameter ("time_to", 0); $max_inactivity = (float) get_parameter ('max_inactivity'); $no_holidays = (int) get_parameter ('no_holidays', 0); $id_sla_type = (int) get_parameter ('id_sla_type', 0); $sql = sprintf ('UPDATE tsla SET max_inactivity = %.2f, enforced = %d, description = "%s", name = "%s", max_incidents = %d, min_response = %.2f, max_response = %.2f, id_sla_base = %d, five_daysonly = %d, time_from = %d, time_to = %d, no_holidays = %d, id_sla_type = %d WHERE id = %d', $max_inactivity, $enforced, $description, $name, $max_incidents, $min_response, $max_response, $id_sla_base, $five_daysonly, $time_from, $time_to, $no_holidays, $id_sla_type, $id); $result = process_sql ($sql); if (! $result) echo ui_print_error_message (__('Could not be updated'), '', true, 'h3', true); else { echo ui_print_success_message (__('Successfully updated'), '', true, 'h3', true); audit_db ($config["id_user"], $config["REMOTE_ADDR"], "SLA Modified", "Updated SLA ($name)", $sql); } $id = 0; } // DELETE // ================== if ($delete_sla) { $name = get_db_value ('name', 'tsla', 'id', $id); $sql = sprintf ('DELETE FROM tsla WHERE id = %d', $id); $result = process_sql ($sql); audit_db ($config["id_user"], $config["REMOTE_ADDR"], "SLA Deleted",
$read = check_crm_acl ('other', 'cr', $config['id_user'], $contact['id_company']); if (!$read) { audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation","Trying to access to contact tickets without permission"); include ("general/noaccess.php"); exit; } $email = safe_output($contact["email"]); $email = trim($email); $email = safe_input($email); $incidents = incidents_get_by_notified_email ($email); if (!$incidents) { echo ui_print_error_message (__("This contact doesn't have any ticket associated"), '', true, 'h3', true); } else { $table->class = "listing"; $table->width = "99%"; $table->head[0] = __("ID"); $table->head[1] = __("Ticket"); $table->head[2] = __("Status"); $table->head[3] = __("Priority"); $table->head[4] = __("Updated"); $table->data = array(); foreach ($incidents as $inc) { $data = array(); if (give_acl($config["id_user"], 0, "IR")) {
if ($id_workunit !== false) { $sql = sprintf ('INSERT INTO tworkunit_task (id_task, id_workunit) VALUES (%d, %d)', $id_task, $id_workunit); $result = process_sql ($sql, 'insert_id'); if ($result !== false) { $result_output = ui_print_success_message (__('Workunit added'), '', true, 'h3', true); audit_db ($config['id_user'], $config["REMOTE_ADDR"], "Spare work unit added", 'Workunit for '.$config['id_user'].' added to Task ID #'.$id_task); mail_project (0, $config['id_user'], $id_workunit, $id_task); } else { $result_output = ui_print_error_message (__('Problemd adding workunit.'), '', true, 'h3', true); } } else { $result_output = ui_print_error_message (__('Problemd adding workunit.'), '', true, 'h3', true); } } } } if ($id_workunit !== false) { set_task_completion ($id_task); } audit_db ($config["id_user"], $config["REMOTE_ADDR"], "PWU", "Inserted PWU. Task: $id_task. Desc: $description"); } if ($operation == "delete") { $success = delete_task_workunit ($id_workunit); if (! $success) {
// This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // CHECK LOGIN AND ACLs check_login(); // SET VARS $width = '99%'; if (!give_acl($config['id_user'], 0, "IR")) { audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access ticket viewer"); require "general/noaccess.php"; exit; } $incident_id = get_parameter('incident_id', 0); if ($incident_id == 0) { ui_print_error_message(__('Unable to load ticket')); exit; } // GET THE FILES $incident['files'] = get_incident_files($incident_id, true); if ($incident['files'] === false) { $incident['files'] = array(); } // SHOW THE FILES $table->class = 'result_table listing'; $table->width = $width; $table->id = 'incident_search_result_table'; $separator_style = 'border-bottom: 1px solid rgb(204, 204, 204);border-top: 1px solid rgb(204, 204, 204);'; $table->style = array(); $table->data = array(); $table->rowstyle = array();
} else { echo ui_print_error_message (__('Could not load custom filter'), '', true, 'h3', true); } } /* Delete a custom saved search via AJAX */ if ($delete_custom_search) { $sql = sprintf ('DELETE FROM tcustom_search WHERE id_user = "******" AND id = %d', $config['id_user'], $id_search); $result = process_sql ($sql); if ($result === false) { echo ui_print_error_message (__('Could not delete custom filter'), '', true, 'h3', true); } else { echo ui_print_success_message (__('Custom filter deleted'), '', true, 'h3', true); } } //FORM AND TABLE TO MANAGE CUSTOM SEARCHES $table = new stdClass; $table->id = 'saved_searches_table'; $table->width = '100%'; $table->class = 'search-table-button'; $table->size = array (); $table->style = array (); $table->style[0] = 'font-weight: bold'; $table->style[1] = 'font-weight: bold';
$grant_access = $group["grant_access"]; $send_welcome = $group["send_welcome"]; $default_company = $group["default_company"]; $welcome_email = $group["welcome_email"]; $email_queue = $group["email_queue"]; $default_profile = $group["default_profile"]; $user_level = $group["nivel"]; $incident_type = $group["id_incident_type"]; $email_from = $group["email_from"]; $email_group = $group["email_group"]; //Inventory == zero is an empty string if ($id_inventory == 0) { $id_inventory = ""; } } else { echo ui_print_error_message(__('There was a problem loading group'), '', true, 'h3', true); include "general/footer.php"; exit; } } echo '<h2>' . __('Group management') . '</h2>'; if ($id) { echo '<h4>' . __('Update group') . '</h4>'; } else { echo '<h4>' . __('New group') . '</h4>'; } $table = new StdClass(); $table->width = '100%'; $table->class = 'search-table-button'; $table->colspan = array(); $table->rowspan = array();
if (!isset($incident)){ echo ui_print_error_message (__("Invalid ticket ID"), '', true, 'h3', true); audit_db ($config['id_user'], $config["REMOTE_ADDR"], "Ticket score hack", "Trying to access ticket score on a invalid ticket"); no_permission(); return; } if ($incident["id_creator"] != $config["id_user"]){ echo ui_print_error_message (__("Non authorized ticket score review"), '', true, 'h3', true); audit_db ($config['id_user'], $config["REMOTE_ADDR"], "Ticket score hack", "Trying to access ticket score on a non-authorship ticket"); no_permission(); return; } if (($incident["estado"] !=6) AND ($incident["estado"] != 7)){ echo ui_print_error_message (__("Ticket cannot be scored until be closed"), '', true, 'h3', true); audit_db ($config['id_user'], $config["REMOTE_ADDR"], "Ticket score hack", "Trying to access ticket score before closing ticket"); no_permission(); return; } // Score it ! $sql = "UPDATE tincidencia SET score = $score WHERE id_incidencia = $id"; process_sql ($sql); echo "<h1>".__("Ticket scoring")."</h1>"; echo "<br><br>"; echo __("Thanks for your feedback, this help us to keep improving our job");
$active_tab = 'files'; } if($add_workunit) { $note = get_parameter('note'); $public = 1; $timeused = "0.05"; $result = create_workunit ($incident_id, $note, $config["id_user"], $timeused, 0, "", $public, 0); if($result) { ui_print_success_message(__('Workunit added')); } else { ui_print_error_message(__('There was a problem adding workunit')); } $active_tab = 'workunits'; } // GET INCIDENT FROM DATABASE $incident = get_full_incident($incident_id); // TABS ?> <ul style="height: 30px;" class="ui-tabs-nav"> <li class="ui-tabs" id="li_files"> <a href='javascript:' id='tab_files' class='tab'><span><?php echo __('Files') ?></span></a> </li> <li class="ui-tabs" id="li_workunits">
$id = 0; } // --------------- // DELETE template // --------------- // TODO: ACL Check. Should be only able to delete templates of their company or child companies if ($operation == "delete") { $id = get_parameter ("id"); $sql_delete= "DELETE FROM tcrm_template WHERE id = $id"; $result=mysql_query($sql_delete); if (! $result) echo ui_print_error_message (__('Not deleted. Error deleting data'), '', true, 'h3', true); else echo ui_print_success_message (__("Successfully deleted"), '', true, 'h3', true); $operation = ""; } // --------------- // CREATE (form) // --------------- if (($operation == "create") || ($operation == "edit")){ echo "<h2>".__('CRM Template management')."</h2>"; if ($operation == "create"){ echo "<h4>".__('Create CRM Template')."</h4>"; $name = "";
$current_hours += $duration; $expected_completion = round_number (floor ($current_hours * 100 / $task['hours'])); $sql = sprintf ('UPDATE ttask SET completion = %d WHERE id = %d', $expected_completion, $id_task); process_sql ($sql); } } else { mail_project (1, $config['id_user'], $id_workunit, $id_task); $result_output = ui_print_success_message (__('Workunit updated'), '', true, 'h3', true); audit_db ($config["id_user"], $config["REMOTE_ADDR"], "PWU", "Updated PWU. $description"); } } else { $result_output = ui_print_error_message (__('There was a problem adding workunit'), '', true, 'h3', true); } $operation = "view"; } // DELETE Workunit if ($operation == "delete") { // ACL if (! $task_permission["write"]){ // Doesn't have access to this page audit_db ($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to delete a workunit in a task without permission"); no_permission(); } $success = delete_task_workunit ($id_workunit);
$end_date = get_parameter ('end_date'); $id_project_group = get_parameter ("id_project_group"); $cc = get_parameter('cc', ''); $sql = sprintf ('UPDATE tproject SET name = "%s", description = "%s", id_project_group = %d, start = "%s", end = "%s", id_owner = "%s", cc = "%s" WHERE id = %d', $name, $description, $id_project_group, $start_date, $end_date, $user, $cc, $id_project); $result = process_sql ($sql); audit_db ($config["id_user"], $config["REMOTE_ADDR"], "Project updated", "Project $name"); if ($result !== false) { project_tracking ($id_project, PROJECT_UPDATED); $result_output = ui_print_success_message (__('The project successfully updated'), '', true, 'h3', true); } else { $result_output = ui_print_error_message (__('Could not update project'), '', true, 'h3', true); } } // Edition / View mode if ($id_project) { $project = get_db_row ('tproject', 'id', $id_project); $name = $project["name"]; $description = $project["description"]; $start_date = $project["start"]; $end_date = $project["end"]; $owner = $project["id_owner"]; $id_project_group = $project["id_project_group"]; $cc = $project["cc"]; }
$sql_label = "SELECT `label` FROM `tincident_type_field` WHERE id_incident_type = {$id_incident_type}"; $labels = get_db_all_rows_sql($sql_label); if ($labels === false) { $labels = array(); } foreach ($labels as $label) { $id_incident_field = get_db_value_filter('id', 'tincident_type_field', array('id_incident_type' => $id_incident_type, 'label' => $label['label']), 'AND'); $values_insert['id_incident'] = $id; $values_insert['data'] = get_parameter(base64_encode($label['label'])); $values_insert['id_incident_field'] = $id_incident_field; $id_incident_field = get_db_value('id', 'tincident_type_field', 'id_incident_type', $id_incident_type); process_sql_insert('tincident_field_data', $values_insert); } } } else { $result_msg = ui_print_error_message(__('Could not be created'), '', true); } echo $result_msg; // ATTACH A FILE IF IS PROVIDED $upfile = get_parameter('upfile'); $file_description = get_parameter('file_description'); if ($upfile != '') { $filename = get_parameter('upfile'); $file_description = get_parameter('file_description', __('No description available')); $file_temp = sys_get_temp_dir() . "/{$filename}"; $result = attach_incident_file($id, $file_temp, $file_description); echo $result; $active_tab = 'files'; } } echo '<h1>' . __('My tickets') . '</h1>';
$data[1] = get_invoice_amount($cost["id"]);// Check $id_invoice = $cost["id"]; $filename = get_db_sql ("SELECT filename FROM tattachment WHERE id_attachment = ". $cost["id_attachment"]); $data[2] = "<a href='".$config["base_url"]."/attachment/".$cost["id_attachment"]."_".$filename."'>$filename</a>"; if (($config["id_user"] = $cost["id_user"]) OR (project_manager_check ($id_project))){ $data[3] = "<a href='index.php?sec=projects&sec2=operation/projects/task_cost&id_task=$id_task&id_project=$id_project&operation=delete&id_invoice=$id_invoice '><img src='images/cross.png'></a>"; } array_push ($table->data, $data); } print_table ($table); } else { echo ui_print_error_message(__('No data found'), '', true, 'h3', true); } echo "</div>"; echo "</div>"; } if ($operation == ""){ //~ echo "<h2>"; //~ echo __('Add cost unit')."</h2><h4>". __('Task') .": ".$task_name."</h4>"; //~ echo "<div id='' class='divform'>"; //~ echo "<form method='POST' action='index.php?sec=projects&sec2=operation/projects/task_cost&id_task=$id_task&id_project=$id_project' enctype='multipart/form-data' >"; //~ $action = "index.php?sec=projects&sec2=operation/projects/task_cost&id_task=$id_task&id_project=$id_project";
/** * Evaluates a result using empty() and then prints an error or success message * * @param mixed The results to evaluate. 0, NULL, false, '' or * array() is bad, the rest is good * @param string The string to be displayed if the result was good * @param string The string to be displayed if the result was bad * @param string Any other attributes to be set for the h3 * @param bool Whether to output the string or return it * @param string What tag to use (you could specify something else than * h3 like div or h2) * @param boolean Add a cancel button or not * * @return string HTML code if return parameter is true. */ function ui_print_result_message($result, $good = '', $bad = '', $attributes = '', $return = false, $tag = 'h3', $cancel_button = true) { if ($good == '' || $good === false) { $good = __('Request successfully processed'); } if ($bad == '' || $bad === false) { $bad = __('Error processing request'); } if (empty($result)) { return ui_print_error_message($bad, $attributes, $return, $tag, $cancel_button); } return ui_print_success_message($good, $attributes, $return, $tag, $cancel_button); }
} $sql_delete= "DELETE FROM tkb_data WHERE id = $id"; $result=mysql_query($sql_delete); if ($result=mysql_query("SELECT * FROM tattachment WHERE id_kb = $id")) { while ($row=mysql_fetch_array($result)){ $nombre_archivo = $config["homedir"]."attachment/".$row["id_attachment"]."_".$row["filename"]; unlink ($nombre_archivo); } $sql = " DELETE FROM tattachment WHERE id_kb = ".$id; mysql_query($sql); } //insert_event ("KB ITEM DELETED", $id, 0, "Deleted KB $kb_title"); audit_db ($config["id_user"], $config["REMOTE_ADDR"], "KB", "Deleted kb item $id - $kb_title"); ui_print_error_message (__('Successfully deleted'), '', true, 'h3', true); } if (isset($_GET["update2"])){ $_GET["update"]= $id; } // CREATE form if ((isset($_GET["create"]) OR (isset($_GET["update"])))) { if (isset($_GET["create"])){ $data = ""; $title = ""; $id = -1; $id_product = 1; $id_category = 1;
$offset = 0; $data[4] = ''; // Disable or delete if ($project['id'] != -1 && $project_permission['manage']) { $table->head[4] = __('Delete/Unarchive'); $data[4] = "<a href='#' onClick='javascript: show_validation_delete_general(\"delete_project\",".$project['id'].",0,".$offset.",\"".$search_params."\");'><img src='images/icons/icono_papelera.png' title='".__('Delete')."'></a>"; $data[4] .= '<a href="index.php?sec=projects&sec2=operation/projects/project&view_disabled=1&activate_project=1&id='.$project['id'].'"> <img src="images/upload.png" /></a>'; } array_push ($table->data, $data); } echo "<div class='divresult'>"; if(empty($table->data)) { echo ui_print_error_message(__('No projects found'), '', true, 'h3', true); } else { print_table ($table); } echo "</div>"; echo "<div class= 'dialog ui-dialog-content' title='".__("Delete")."' id='item_delete_window'></div>"; ?> <script type="text/javascript" src="include/js/jquery.validation.functions.js"></script> <script type="text/javascript" src="include/js/integria.js"></script> <script type="text/javascript"> trim_element_on_submit("#text-search_text"); </script>
function user_search_result($filter, $ajax, $size_page, $offset, $clickin, $search_text, $disabled_user, $level, $group, $from_tickets = false) { global $config; if ($filter != 0) { $offset = $filter['offset']; $search_text = $filter['search_text']; $disabled_user = $filter['disabled_user']; $level = $filter['level']; $group = $filter['group']; } $search = "WHERE 1=1 "; if ($search_text != "") { $search .= " AND (id_usuario LIKE '%{$search_text}%' OR comentarios LIKE '%{$search_text}%' OR nombre_real LIKE '%{$search_text}%' OR direccion LIKE '%{$search_text}%')"; } if ($disabled_user > -1) { $search .= " AND disabled = {$disabled_user}"; } if ($level > -10) { $search .= " AND nivel = {$level}"; } if ($group == -1) { $search .= " AND tusuario.id_usuario NOT IN (select id_usuario from tusuario_perfil)"; } else { if ($group > 0) { $search .= " AND tusuario.id_usuario = ANY (SELECT id_usuario FROM tusuario_perfil WHERE id_grupo = {$group})"; } } $query1 = "SELECT * FROM tusuario {$search} ORDER BY id_usuario"; if ($from_tickets) { $query1 = users_get_allowed_users_query($config['id_user'], $filter); } $count = get_db_sql("SELECT COUNT(id_usuario) FROM tusuario {$search} "); $sql1 = "{$query1} LIMIT {$offset}, " . $size_page; echo "<div class='divresult'>"; pagination($count, "index.php?sec=users&sec2=godmode/usuarios/lista_usuarios&search_text=" . $search_text . "&disabled_user="******"&level=" . $level . "&group=" . $group, $offset, true); $resq1 = process_sql($sql1); if (!$resq1) { echo ui_print_error_message(__("No users"), '', true, 'h3', true); } else { echo '<table width="100%" class="listing">'; if ($filter == 0) { echo '<th>' . print_checkbox('all_user_checkbox', 1, false, true); echo '<th title="' . __('Enabled/Disabled') . '">' . __('E/D'); echo '<th title="' . __('Enabled login') . '">' . __('Enabled login'); } echo '<th>' . __('User ID'); echo '<th>' . __('Name'); echo '<th>' . __('Company'); echo '<th>' . __('Last contact'); echo '<th>' . __('Profile'); if ($filter == 0) { echo '<th>' . __('Delete'); } // Init vars $nombre = ""; $nivel = ""; $comentarios = ""; $fecha_registro = ""; if ($resq1) { foreach ($resq1 as $rowdup) { $nombre = $rowdup["id_usuario"]; $nivel = $rowdup["nivel"]; $realname = $rowdup["nombre_real"]; $fecha_registro = $rowdup["fecha_registro"]; $avatar = $rowdup["avatar"]; if ($rowdup["nivel"] == 0) { $nivel = "<img src='images/group.png' title='" . __("Grouped user") . "'>"; } elseif ($rowdup["nivel"] == 1) { $nivel = "<img src='images/integria_mini_logo.png' title='" . __("Administrator") . "'>"; } else { $nivel = "<img src='images/user_gray.png' title='" . __("Standalone user") . "'>"; } $disabled = $rowdup["disabled"]; $id_company = $rowdup["id_company"]; $enabled_login = $rowdup["enable_login"]; echo "<tr>"; if ($filter == 0) { echo "<td>"; echo print_checkbox_extended("user-" . $rowdup["id_usuario"], $rowdup["id_usuario"], false, false, "", "class='user_checkbox'", true); echo "<td>"; if ($disabled == 1) { echo "<img src='images/lightbulb_off.png' title='" . __("Disabled") . "'> "; } echo "<td>"; if ($enabled_login == 1) { echo "<img src='images/accept.png' title='" . __("Enabled login") . "'> "; } else { echo "<img src='images/fail.png' title='" . __("Disabled login") . "'> "; } } echo "<td>"; if ($filter == 0) { echo "<a href='index.php?sec=users&sec2=godmode/usuarios/configurar_usuarios&update_user="******"'>" . ucfirst($nombre) . "</a>"; } else { $url = "javascript:loadContactUser(\"" . $nombre . "\",\"" . $clickin . "\");"; echo "<a href='" . $url . "'>" . ucfirst($nombre) . "</a>"; } echo "<td style=''>" . $realname; $company_name = (string) get_db_value('name', 'tcompany', 'id', $id_company); echo "<td>" . $company_name . "</td>"; echo "<td style=''>" . human_time_comparation($fecha_registro); echo "<td>"; print_user_avatar($nombre, true); echo " "; if ($config["enteprise"] == 1) { $sql1 = 'SELECT * FROM tusuario_perfil WHERE id_usuario = "' . $nombre . '"'; $result = mysql_query($sql1); echo "<a href='#' class='tip'> <span>"; if (mysql_num_rows($result)) { while ($row = mysql_fetch_array($result)) { echo dame_perfil($row["id_perfil"]) . "/ "; echo dame_grupo($row["id_grupo"]) . "<br>"; } } else { echo __('This user doesn\'t have any assigned profile/group'); } echo "</span></a>"; } echo $nivel; if ($filter == 0) { echo '<td align="center">'; echo '<a href="index.php?sec=users&sec2=godmode/usuarios/lista_usuarios&borrar_usuario=' . $nombre . '" onClick="if (!confirm(\'' . __('Are you sure?') . '\')) return false;"><img src="images/cross.png"></a>'; echo '</td>'; } } } echo "</table>"; } echo "</div>"; }
$table->head[1] = __('Description'); $table->head[2] = __('Size'); $table->head[3] = __('Date'); $table->head[4] = __('Ops.'); foreach ($files as $file) { $data = array (); $data[0] = "<a href='operation/common/download_file.php?id_attachment=".$file["id_attachment"]."&type=lead'>".$file["filename"] . "</a>"; $data[1] = $file["description"]; $data[2] = format_numeric($file["size"]); $data[3] = $file["timestamp"]; // Todo. Delete files owner of lead and admins only if ( (dame_admin($config["id_user"])) || ($file["id_usuario"] == $config["id_user"]) ){ $data[4] = "<a href='index.php?sec=customers&sec2=operation/leads/lead_detail&id=$id&op=files&deletef=".$file["id_attachment"]."'><img src='images/cross.png'></a>"; } array_push ($table->data, $data); array_push ($table->rowstyle, $style); } print_table ($table); } else { echo ui_print_error_message (__('There is no files attached for this lead'), '', true, 'h3', true); } echo "</div>"; echo "</div>"; ?>
else $description = "No description available"; // Insert into database $file_temp = $filename['tmp_name']; $filesize = $filename['size']; $sql = " INSERT INTO tattachment (id_task, id_usuario, filename, description, size ) VALUES (".$id_task.", '".$id_user." ','".$filename_safe."','".$description."',".$filesize.") "; $id_attachment = process_sql ($sql, 'insert_id'); //project_tracking ( $id_inc, $id_usuario, 3); $result_output = ui_print_success_message (__('File added'), '', true, 'h3', true); // Copy file to directory and change name $file_target = $config["homedir"]."/attachment/".$id_attachment."_".$filename_safe; if (! copy($file_temp, $file_target)) { $result_output = ui_print_error_message (__('File cannot be saved. Please contact Integria administrator about this error'), '', true, 'h3', true); $sql = "DELETE FROM tattachment WHERE id_attachment =".$id_attachment; process_sql ($sql); } else { // Delete temporal file unlink ($file_temp); } } } // ----------- // Delete file // ----------- if ($operation == "delete") { // ACL
function print_project_timegraph($id_project, $start_date = false, $end_date = false, $id_user_filter = "") { if ($id_user_filter == "") { $users = get_users_project($id_project); } else { $sql = "SELECT *\n FROM trole_people_project\n WHERE id_project = {$id_project} AND id_user = '******'"; $users = get_db_all_rows_sql($sql); } $tasks = get_db_all_rows_field_filter('ttask', 'id_project', $id_project); $data = array(); foreach ($tasks as $task) { foreach ($users as $user) { $user_name = get_db_value('nombre_real', 'tusuario', 'id_usuario', $user['id_user']); $hours = get_task_workunit_hours_user($task['id'], $user['id_user'], 0, $start_date, $end_date); if (empty($hours)) { continue; } $data[$task['id']][$user['id_user']] = array('parent_name' => safe_output($task['name']), 'name' => safe_output($user_name), 'value' => $hours, 'tooltip' => "<b>" . __('Task:') . "</b> " . $task['name'] . "<br />" . "<b>" . __('User:'******'Hours:') . "</b> " . $hours, 'id' => $task['id'] . "_" . $user['id_user']); } } if (empty($data)) { ui_print_error_message(__('There are not tasks with hours in this period.')); return; } graph_print_d3js_treemap($data); }
} } array_push ($table->data, $data); } print_table ($table); if (!empty($final_total)) { echo __("Subtotals for each currency: "); foreach ($final_total as $key => $value) { echo " - $key : ". format_numeric ($value,2); } } } else { echo ui_print_error_message (__("No invoices"), '', true, 'h3', true); } if (($write || $manage) AND ($clean_output == 0)) { echo '<form method="post" action="index.php?sec=customers&sec2=operation/invoices/invoices">'; echo '<div class="button-form" style="width: '.$table->width.'">'; print_submit_button (__('Create'), 'new_btn', false, 'class="sub next"'); print_input_hidden ('new_invoice', 1); echo '</div>'; echo '</form>'; } echo "<div class= 'dialog ui-dialog-content' title='".__("Delete")."' id='item_delete_window'></div>"; ?>
} else { echo ui_print_error_message (__("Error deleting inventory relationship"), '', true, 'h3', true); } } if ($add_link) { $id_dst = get_parameter('link', 0); $id_src = get_parameter('id_src'); $sql = "INSERT INTO tinventory_relationship (id_object_src, id_object_dst) VALUES ($id_src, $id_dst)"; $result = process_sql($sql); if ($result) { echo ui_print_success_message (__("Inventory relationship added"), '', true, 'h3', true); } else { echo ui_print_error_message (__("Error adding inventory relationship"), '', true, 'h3', true); } } $sql_links = "SELECT * FROM tinventory_relationship WHERE `id_object_src`=$id OR `id_object_dst`=$id"; $all_links = get_db_all_rows_sql($sql_links); if ($all_links == false) { $all_links = array(); } $table = new stdClass; $table->width = '100%'; $table->class = 'listing';
break; default: break; } // Delete Field if ($delete_object_type_field) { $id_object_type_field = (int) get_parameter ('id_object_type_field'); $sql = sprintf ('DELETE FROM tobject_type_field WHERE id = %d', $id_object_type_field); $result = process_sql ($sql); if ($result) echo ui_print_success_message (__("Successfully deleted"), '', true, 'h3', true); else echo ui_print_error_message (__("Could not be deleted"), '', true, 'h3', true); $id = 0; } //********************************************************************** // List fields //********************************************************************** $objects_type_fields = get_db_all_rows_field_filter ('tobject_type_field', 'id_object_type', $id_object_type, 'id'); $table = new StdClass; $table->width = '99%'; echo '<div class="divresult">'; if ($objects_type_fields !== false) { //echo "<h3>".__('Defined objects types fields')."</h3>";
print_input_hidden ("search_".$key, $value); } print_input_hidden ('sec2', 'operation/reporting/incidents_html'); print_input_hidden ('clean_output', 1); echo "</form>"; /* Add a form to generate HTML reports */ echo '<form id="pdf_report_form" method="post" target="_blank" action="index.php" style="clear: both">'; foreach ($filter as $key => $value) { print_input_hidden ("search_".$key, $value); } print_input_hidden ('sec2', 'operation/reporting/incidents_html'); print_input_hidden ('clean_output', 1); print_input_hidden ('pdf_output', 1); echo '</form>'; if ($incidents == false) { echo ui_print_error_message (__('Nothing was found'), '', true, 'h3', true); } else { $simple_mode = true; if ($show_stats) { $simple_mode = false; } print_incidents_stats_simply ($incidents, false, $simple_mode); } ?>
// Delete workunit with ACL / Project manager check $id_workunit = get_parameter ("id_workunit"); $sql = "SELECT * FROM tworkunit WHERE id = $id_workunit"; if ($res = mysql_query($sql)) $row=mysql_fetch_array($res); else return; $id_user_wu = $row["id_user"]; if (($id_user_wu == $config["id_user"]) OR (give_acl($config["id_user"], 0,"PM") ==1 ) OR (project_manager_check($id_project) == 1)){ mysql_query ("DELETE FROM tworkunit where id = '$id_workunit'"); if (mysql_query ("DELETE FROM tworkunit_task where id_workunit = '$id_workunit'")){ $result_output = ui_print_success_message (__('Successfully deleted'), '', true, 'h3', true); audit_db ($id_user, $config["REMOTE_ADDR"], "Work unit deleted", "Workunit for $id_user"); } else { $result_output = ui_print_error_message (__('Not deleted. Error deleting data'), '', true, 'h3', true); } } else { audit_db($id_user, $config["REMOTE_ADDR"], "ACL Violation","Trying to delete WU $id_workunit without rigths"); include ("general/noaccess.php"); exit; } } // -------------------- // Workunit report // -------------------- $ahora = date("Y-m-d H:i:s"); if ($timestamp_h == "") $timestamp_h == $ahora ;