$lead = get_db_row('tlead','id',$id);
$user = get_db_row("tusuario", "id_usuario", $config["id_user"]);
$company_user = get_db_sql ("select name FROM tcompany where id = ". $user["id_company"]);
$from = get_parameter ("from", $user["direccion"]);
$to = get_parameter ("to", "");
$subject = get_parameter ("subject", "");
$mail = get_parameter ("mail", "");
$send = (int) get_parameter ("send",0);
$cco = get_parameter ("cco", "");
// Send mail
if ($send) {
if (($subject != "") AND ($from != "") AND ($to != "")) {
echo ui_print_success_message (__('Mail queued'), '', true, 'h3', true);
integria_sendmail ($to, $subject, $mail, false, "", $from, true);
if ($cco != "")
integria_sendmail ($cco, $subject, $mail, false, "", $from, true);
$datetime = date ("Y-m-d H:i:s");
// Update tracking
$sql = sprintf ('INSERT INTO tlead_history (id_lead, id_user, timestamp, description) VALUES (%d, "%s", "%s", "%s")', $id, $config["id_user"], $datetime, "Forwarded lead by mail to $to");
process_sql ($sql);
// Update activity
$comments = __("Forwarded lead by mail to $to"). "
" . $mail; // this adds 

$sql = sprintf ('INSERT INTO tlead_activity (id_lead, written_by, creation, description) VALUES (%d, "%s", "%s", "%s")', $id, $config["id_user"], $datetime, $comments);
process_sql ($sql);
} else {
$result_msg = ui_print_error_message (__('Could not be created'), '', true, 'h3', true);
$id = false;
}
}
if ($update) {
$values['name'] = (string) get_parameter ('name');
$values['sql'] = (string) get_parameter ('sql');
$values['id_group'] = get_parameter('id_group');
$result = false;
if (! empty ($values['name']))
$result = process_sql_update ('tinventory_reports', $values, array ('id' => $id));
if ($result) {
$result_msg = ui_print_success_message (__("Successfully updated"), '', true, 'h3', true);
} else {
$result_msg = ui_print_error_message (__('Could not be updated'), '', true, 'h3', true);
}
}
if ($id) {
clean_cache_db();
$report = get_db_row ('tinventory_reports', 'id', $id);
if ($report === false)
return;
$name = $report['name'];
$sql = $report['sql'];
$id_group = $report['id_group'];
}
update_config_token("access_public", $config["access_public"]);
update_config_token("loginhash_pwd", $config["loginhash_pwd"]);
update_config_token("csv_standard_encoding", $config["csv_standard_encoding"]);
update_config_token("enable_update_manager", $config["enable_update_manager"]);
update_config_token("max_direct_download", $config["max_direct_download"]);
if ($is_enterprise) {
update_config_token("enable_pass_policy", $config["enable_pass_policy"]);
update_config_token("pass_size", $config["pass_size"]);
update_config_token("pass_needs_numbers", $config["pass_needs_numbers"]);
update_config_token("pass_needs_symbols", $config["pass_needs_symbols"]);
update_config_token("pass_expire", $config["pass_expire"]);
update_config_token("first_login", $config["first_login"]);
update_config_token("mins_fail_pass", $config["mins_fail_pass"]);
update_config_token("number_attempts", $config["number_attempts"]);
}
echo ui_print_success_message(__('Successfully updated'), '', true, 'h3', true);
}
// Render SYSTEM language code, not current language.
$table = new StdClass();
$table->width = '100%';
$table->class = 'search-table-button';
$table->colspan = array();
$table->data = array();
$incident_reporter_options[0] = __('Disabled');
$incident_reporter_options[1] = __('Enabled');
$language_config = get_db_value('value', 'tconfig', 'token', 'language_code');
$table->data[0][0] = print_select_from_sql('SELECT id_language, name FROM tlanguage ORDER BY name', 'language_code', $language_config, '', '', '', true, false, false, __('Language'));
$table->data[0][1] = print_input_text("sitename", $config["sitename"], '', 30, 50, true, __('Sitename'));
$error_log_options[0] = __('Disabled');
$error_log_options[1] = __('Enabled');
$table->data[1][0] = print_checkbox("error_log", $error_log_options, $config["error_log"], true, __('Enable error log') . print_help_tip(__("This errorlog is on /integria.log"), true));
work_home = %d
WHERE id = %d',
$timestamp, $duration, $description, $have_cost,
$id_profile, $public, $wu_user, $work_home, $id_workunit);
$result = process_sql ($sql);
if ($id_task !=0) {
// Old old association
process_sql ("DELETE FROM tworkunit_task WHERE id_workunit = $id_workunit");
// Create new one
$sql = sprintf ('INSERT INTO tworkunit_task
(id_task, id_workunit) VALUES (%d, %d)',
$id_task, $id_workunit);
$result = process_sql ($sql, 'insert_id');
}
$result_output = ui_print_success_message (__('Workunit updated'), '', true, 'h3', true);
audit_db ($config["id_user"], $config["REMOTE_ADDR"], "PWU", "Updated PWU. $description");
if ($result !== false) {
set_task_completion ($id_task);
}
}
$multiple_wu_report = array();
if ($operation == 'multiple_wu_insert') {
//Walk post array looking for
$i = 1;
while(true) {
echo ui_print_success_message (__('Successfully updated'), '', true, 'h3', true);
audit_db ($config["id_user"], $config["REMOTE_ADDR"], "SLA Modified",
"Updated SLA ($name)", $sql);
}
$id = 0;
}
// DELETE
// ==================
if ($delete_sla) {
$name = get_db_value ('name', 'tsla', 'id', $id);
$sql = sprintf ('DELETE FROM tsla WHERE id = %d', $id);
$result = process_sql ($sql);
audit_db ($config["id_user"], $config["REMOTE_ADDR"], "SLA Deleted",
"Delete SLA ($name)", $sql);
echo ui_print_success_message (__("Successfully deleted"), '', true, 'h3', true);
$id = 0;
}
// FORM (Update / Create)
if ($id || $new_sla) {
if ($new_sla) {
$name = "";
$description = "";
$min_response = 48.0;
$max_response = 480.0;
$max_incidents = 10;
$max_inactivity = 96.0;
$id_sla_base = 0;
$enforced = 1;
$five_daysonly = 1;
// ---------------
if ($operation == "delete"){
// Delete workunit with ACL / Project manager check
$id_workunit = get_parameter ("id_workunit");
$sql = "SELECT * FROM tworkunit WHERE id = $id_workunit";
if ($res = mysql_query($sql))
$row=mysql_fetch_array($res);
else
return;
$id_user_wu = $row["id_user"];
if (($id_user_wu == $config["id_user"]) OR (give_acl($config["id_user"], 0,"PM") ==1 ) OR (project_manager_check($id_project) == 1)){
mysql_query ("DELETE FROM tworkunit where id = '$id_workunit'");
if (mysql_query ("DELETE FROM tworkunit_task where id_workunit = '$id_workunit'")){
$result_output = ui_print_success_message (__('Successfully deleted'), '', true, 'h3', true);
audit_db ($id_user, $config["REMOTE_ADDR"], "Work unit deleted", "Workunit for $id_user");
} else {
$result_output = ui_print_error_message (__('Not deleted. Error deleting data'), '', true, 'h3', true);
}
} else {
audit_db($id_user, $config["REMOTE_ADDR"], "ACL Violation","Trying to delete WU $id_workunit without rigths");
include ("general/noaccess.php");
exit;
}
}
// --------------------
// Workunit report
// --------------------
'id_incident_type' => $id_incident_type,
'id_parent' => $idParentValue,
'sla_disabled' => $sla_disabled,
'email_copy' => $email_copy,
'editor' => $editor,
'id_group_creator' => $id_group_creator,
'blocked' => $blocked,
'old_status' => $old_status,
'old_resolution' => $old_resolution
);
$id = process_sql_insert ('tincidencia', $values);
if ($id !== false) {
/* Update inventory objects in incident */
update_incident_inventories ($id, get_parameter ('inventories'));
$result_msg = ui_print_success_message (__('Successfully created'), '', true, 'h3', true);
$result_msg .= '<h4><a href="index.php?sec=incidents&sec2=operation/incidents/incident_dashboard_detail&id='.$id.'">'.__('Please click here to continue working with incident #').$id."</a></h4>";
//Add traces and statistic information
incidents_set_tracking ($id, 'create', $priority, $estado, $resolution, $usuario, $grupo);
audit_db ($config["id_user"], $config["REMOTE_ADDR"],
"Ticket created",
"User ".$config['id_user']." created incident #".$id);
// Create automatically a WU with the editor ?
if ($config["incident_creation_wu"] == 1){
$wu_text = __("WU automatically created by the editor on the incident creation.");
// Do not send mail in this WU
create_workunit ($id, $wu_text, $editor, $config["iwu_defaultime"], 0, "", 1, 0);
}
// Database DELETE
// ==================
if (isset($_GET["delete_cat"])){ // if delete
$id = get_parameter ("delete_cat",0);
// First delete from tagente_modulo
$sql_delete= "DELETE FROM tkb_category WHERE id = $id";
// Move parent who has this product to 0
mysql_query("UPDATE tkb_category SET parent = 0 WHERE parent = $id");
$result = mysql_query($sql_delete);
if ($result)
echo ui_print_error_message (__('Successfully deleted'), '', true, 'h3', true);
else
echo ui_print_success_message (__('Cannot be deteled'), '', true, 'h3', true);
}
// CREATE form
if ((isset($_GET["create"]) OR (isset($_GET["update"])))) {
if (isset($_GET["create"])){
$icon = "";
$description = "";
$name = "";
$id = -1;
$parent = -1;
} else {
$id = get_parameter ("update",-1);
$row = get_db_row ("tkb_category", "id", $id);
$workunit_data = get_workunit_data($workunit["id_workunit"]);
echo '<div class="comment">';
show_workunit_data ($workunit_data, $title);
echo '</div>';
}
}
}
if ($is_enterprise) {
incidents_run_realtime_workflow_rules ($id_incident);
}
return;
}
else {
$result_msg = ui_print_success_message (__('Comment added successfully'), '', true, 'h3', true);
echo $result_msg;
}
if ($is_enterprise) {
incidents_run_realtime_workflow_rules ($id_incident);
}
}
$table = new StdClass();
$table->width = '100%';
$table->class = 'search-table';
$table->colspan = array ();
$table->colspan[1][0] = 6;
$table->colspan[2][0] = 6;
$table->data = array ();
}
/* Delete a custom saved search */
if ($id_search && $delete_custom_search) {
$sql = sprintf ('DELETE FROM tcustom_search
WHERE id_user = "******"
AND id = %d',
$config['id_user'], $id_search);
$result = process_sql ($sql);
if ($result === false) {
echo ui_print_error_message (__('Could not delete custom search'), '', true, 'h3', true);
}
else {
$id_search = false;
echo ui_print_success_message (__('Custom search deleted'), '', true, 'h3', true);
}
}
// FORM (Update / Create)
if ($id || $new) {
if ($new) {
if (!$section_write_permission && !$section_manage_permission) {
audit_db ($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to create a lead");
require ("general/noaccess.php");
exit;
}
$id = 0;
}
echo "<br>";
print_button (__('OK'), 'OK', false, '', 'class="sub blank"');
}
}
if ($delete_agenda_entry) {
if (!empty($id) && !$permission) {
// Doesn't have access to this page
audit_db ($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to delete an agenda entry");
include ("general/noaccess.php");
exit;
}
$result = process_sql_delete('tagenda', array('id' => $id));
if ($result !== false) {
echo ui_print_success_message (__('The event was deleted'), '', true, 'h3', true);
echo "<br>";
print_button (__('OK'), 'OK', false, '', 'class="sub blank"');
} else {
echo ui_print_error_message (__('An error ocurred. Event not deleted'), '', true, 'h3', true);
echo "<br>";
print_button (__('OK'), 'OK', false, '', 'class="sub blank"');
}
}
?>
function db_update_schema()
{
global $config;
$dir = $config["homedir"] . "extras/mr";
$message = '';
if (file_exists($dir) && is_dir($dir)) {
if (is_readable($dir)) {
$files = scandir($dir);
// Get all the files from the directory ordered by asc
if ($files !== false) {
$pattern = "/^\\d+\\.sql\$/";
$sqlfiles = preg_grep($pattern, $files);
// Get the name of the correct files
$files = null;
$pattern = "/\\.sql\$/";
$replacement = "";
$sqlfiles_num = preg_replace($pattern, $replacement, $sqlfiles);
// Get the number of the file
$sqlfiles = null;
if ($sqlfiles_num) {
foreach ($sqlfiles_num as $sqlfile_num) {
$file = "{$dir}/{$sqlfile_num}.sql";
if ($config["minor_release"] >= $sqlfile_num) {
if (!file_exists($dir . "/updated") || !is_dir($dir . "/updated")) {
mkdir($dir . "/updated");
}
$file_dest = "{$dir}/updated/{$sqlfile_num}.sql";
if (copy($file, $file_dest)) {
unlink($file);
}
} else {
$result = db_run_sql_file($file);
if ($result) {
update_config_token("minor_release", $sqlfile_num);
if ($config["minor_release"] == $sqlfile_num) {
if (!file_exists($dir . "/updated") || !is_dir($dir . "/updated")) {
mkdir($dir . "/updated");
}
$file_dest = "{$dir}/updated/{$sqlfile_num}.sql";
if (copy($file, $file_dest)) {
unlink($file);
}
}
$message = ui_print_success_message(__('The database schema has been updated to the minor release') . $sqlfile_num, '', true, 'h3', true);
} else {
$message = ui_print_error_message(__('An error occurred while updating the database schema to the minor release ') . $sqlfile_num, '', true, 'h3', true);
break;
}
}
}
}
}
} else {
$message = ui_print_error_message(__('The directory ') . $dir . __(' should have read permissions in order to update the database schema'), '', true, 'h3', true);
}
} else {
$message = ui_print_error_message(__('The directory ') . $dir . __(' does not exist'), '', true, 'h3', true);
}
return $message;
}
$id_user = get_parameter ("id_user", $config["id_user"]);
$id_role = get_parameter ("roles", 0);
if (isset($_POST["tasks"])){
$tasks = (array) $_POST["tasks"];
}
$delete = get_parameter ("delete", 0);
if ($delete) {
$id_project = get_db_value ('id_project', 'ttask', 'id', $delete);
$project_access = get_project_access ($config['id_user'], $id_project);
$task_access = get_project_access ($config['id_user'], $id_project, $delete);
// ACL - To delete a task, you should have TW permission and belong to the task or be project manager
if ($project_access['manage'] || $task_access['manage']) {
$id_task = $delete;
$sql = "DELETE FROM trole_people_task WHERE id_task = $id_task AND id_user = '******'";
$resq1=mysql_query($sql);
echo ui_print_success_message (__("Assigment removed succesfully"), '', true, 'h3', true);
} else {
audit_db ($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to delete the task $delete");
echo ui_print_error_message (__("You do not have permission to delete this task"), '', true, 'h3', true);
}
}
$add = get_parameter ("add", 0);
if ($add && $id_role) {
foreach ($tasks as $id_task) {
$id_project = get_db_value ('id_project', 'ttask', 'id', $id_task);
$task = get_db_value ('name', 'ttask', 'id', $id_task);
if (!$id_project) {
echo ui_print_error_message (__('Error. Task is not assigned to a project.'), '', true, 'h3', true);
$key = get_parameter('key');
if ($fields == false) {
$fields = array();
}
foreach ($fields as $field) {
if ($field['Field'] != $key) {
$values[$field['Field']] = get_parameter($field['Field']);
}
}
$result_insert = process_sql_insert ($external_table, $values);
if ($result_insert) {
echo ui_print_success_message (__('Inserted row'), '', true, 'h3', true);
} else {
echo ui_print_error_message (__('There was a problem inserting row'), '', true, 'h3', true);
}
}
echo "<h1>".__('External table management')."</h1>";
$table = new stdClass;
$table->width = '98%';
$table->class = 'search-table';
$table->id = "external-editor";
$table->data = array ();
function user_delete_user($id_user)
{
global $config;
// Delete user
// Delete cols from table tgrupo_usuario
if ($config["enteprise"] == 1) {
$query_del1 = "DELETE FROM tusuario_perfil WHERE id_usuario = '" . $id_user . "'";
$resq1 = mysql_query($query_del1);
}
// Delete trole_people_task entries
mysql_query("DELETE FROM trole_people_task WHERE id_user = '******'");
// Delete trole_people_project entries
mysql_query("DELETE FROM trole_people_project WHERE id_user = '******'");
$query_del2 = "DELETE FROM tusuario WHERE id_usuario = '" . $id_user . "'";
$resq2 = mysql_query($query_del2);
//Delet custom fields
$query_del3 = "DELETE FROM tuser_field_data WHERE id_user = '******'";
$resq3 = mysql_query($query_del3);
if (!$resq2) {
echo ui_print_error_message(__('Could not be deleted'), '', true, 'h3', true);
} else {
echo ui_print_success_message(__('Successfully deleted'), '', true, 'h3', true);
}
return;
}
function inventories_load_file($objects_file)
{
$file_handle = fopen($objects_file, "r");
global $config;
while (!feof($file_handle)) {
$create = true;
$line = fgets($file_handle);
if ($line == '' || !isset($line)) {
continue;
}
preg_match_all('/(.*),/', $line, $matches);
$values = explode(',', $line);
$name = $values[0];
$owner = $values[1];
$id_parent = $values[2];
$id_object_type = $values[3];
$id_manufacturer = $values[4];
$id_contract = $values[5];
$status = $values[6];
$receipt_date = $values[7];
$issue_date = $values[8];
$value = array('id_object_type' => $id_object_type, 'owner' => $owner, 'name' => safe_input($name), 'id_contract' => $id_contract, 'id_manufacturer' => $id_manufacturer, 'id_parent' => $id_parent, 'status' => $status, 'receipt_date' => $receipt_date, 'issue_date' => $issue_date, 'last_update' => date("Y/m/d", get_system_time()));
if ($name == '') {
echo ui_print_error_message(__('Inventory name empty'), '', true, 'h3', true);
$create = false;
} else {
$inventory_id = get_db_value('id', 'tinventory', 'name', $name);
if ($inventory_id != false) {
echo ui_print_error_message(__('Inventory ') . $name . __(' already exists'), '', true, 'h3', true);
$create = false;
}
}
if ($id_contract != 0 && $id_contract != '') {
$exists = get_db_value('id', 'tcontract', 'id', $id_contract);
if (!$exists) {
echo ui_print_error_message(__('Contract ') . $id_contract . __(' doesn\'t exist'), '', true, 'h3', true);
$create = false;
}
}
if ($id_manufacturer != 0 && $id_manufacturer != '') {
$exists = get_db_value('id', 'tmanufacturer', 'id', $id_manufacturer);
if (!$exists) {
echo ui_print_error_message(__('Manufacturer ') . $id_manufacturer . __(' doesn\'t exist'), '', true, 'h3', true);
$create = false;
}
}
if ($id_object_type != 0 && $id_object_type != '') {
$exists_object_type = get_db_value('id', 'tobject_type', 'id', $id_object_type);
if (!$exists_object_type) {
echo ui_print_error_message(__('Object type ') . $id_object_type . __(' doesn\'t exist'), '', true, 'h3', true);
$create = false;
} else {
//~ $all_fields = inventories_get_all_type_field ($id_object_type);
$sql = "SELECT * FROM tobject_type_field WHERE id_object_type=" . $id_object_type;
$all_fields = get_db_all_rows_sql($sql);
if ($all_fields == false) {
$all_fields = array();
}
$value_data = array();
$i = 9;
$j = 0;
foreach ($all_fields as $key => $field) {
$data = $values[$i];
switch ($field['type']) {
case 'combo':
$combo_val = explode(",", $field['combo_value']);
$k = array_search($data, $combo_val);
if ($k === false) {
echo ui_print_error_message(__('Field ') . $field['label'] . __(' doesn\'t match. Valid values: ') . $field['combo_value'], '', true, 'h3', true);
$create = false;
}
break;
case 'numeric':
$res = is_numeric($data);
if (!$res) {
echo ui_print_error_message(__('Field ') . $field['label'] . __(' must be numeric'), '', true, 'h3', true);
$create = false;
}
break;
case 'external':
$table_ext = $field['external_table_name'];
$exists_table = get_db_sql("SHOW TABLES LIKE '{$table_ext}'");
if (!$exists_table) {
echo ui_print_error_message(__('External table ') . $table_ext . __(' doesn\'t exist'), '', true, 'h3', true);
$create = false;
}
$id = $field['external_reference_field'];
$exists_id = get_db_sql("SELECT {$id} FROM {$table_ext}");
if (!$exists_id) {
echo ui_print_error_message(__('Id ') . $id . __(' doesn\'t exist'), '', true, 'h3', true);
$create = false;
}
break;
}
if ($field['inherit']) {
$ok = inventories_check_unique_field($data, $field['type']);
if (!$ok) {
echo ui_print_error_message(__('Field ') . $field['label'] . __(' must be unique'), '', true, 'h3', true);
$create = false;
}
}
$value_data[$j]['id_object_type_field'] = $field['id'];
$value_data[$j]['data'] = safe_input($data);
$i++;
$j++;
}
}
}
if ($create) {
$result_id = process_sql_insert('tinventory', $value);
if ($result_id) {
foreach ($value_data as $k => $val_data) {
$val_data['id_inventory'] = $result_id;
process_sql_insert('tobject_field_data', $val_data);
}
if (!empty($id_companies_arr)) {
foreach ($id_companies_arr as $id_company) {
$values_company['id_inventory'] = $result_id;
$values_company['id_reference'] = $id_company;
$values_company['type'] = 'company';
process_sql_insert('tinventory_acl', $values_company);
}
}
if (!empty($id_users_arr)) {
foreach ($id_users_arr as $id_user) {
$values_user['id_inventory'] = $result_id;
$values_user['id_reference'] = $id_user;
$values_user['type'] = 'user';
process_sql_insert('tinventory_acl', $values_user);
}
}
}
}
}
//end while
fclose($file_handle);
echo ui_print_success_message(__('File loaded'), '', true, 'h3', true);
return;
}
$search_params = "&search_text=$search_text&search_invoice_status=$search_invoice_status&search_last_date=$search_last_date&search_date_end=$search_date_end&search_date_begin=$search_date_begin&search_exp_date=$search_exp_date&search_exp_end=$search_exp_end&search_exp_begin=$search_exp_begin&order_by=$order_by&search_invoice_type=$search_invoice_type&search_company_role=$search_company_role&search_company_manager=$search_company_manager";
include_once('include/functions_crm.php');
$read = check_crm_acl ('company', 'cr');
$write = check_crm_acl ('company', 'cw');
$manage = check_crm_acl ('company', 'cm');
if (!$read) {
include ("general/noaccess.php");
exit;
}
$message = get_parameter('message', '');
if ($message != '') {
echo ui_print_success_message (__($message), '', true, 'h3', true);
}
if ($id_invoice || $id) {
if ($id_invoice) {
$id_company = get_db_value('id_company', 'tinvoice', 'id', $id_invoice);
} elseif ($id) {
$id_company = get_db_value('id_company', 'tinvoice', 'id_company', $id);
}
$permission = check_crm_acl ('invoice', '', $config['id_user'], $id_company);
if (!$permission) {
include ("general/noaccess.php");
exit;
}
$error_msg = ui_print_err_message (__('Project manager user does not exist'), '', true, 'h3', true);
$id_project = false;
}
else {
$sql = sprintf ('INSERT INTO tproject
(name, description, start, end, id_owner, id_project_group, cc)
VALUES ("%s", "%s", "%s", "%s", "%s", %d, "%s")',
$name, $description, $start_date, $end_date, $id_owner,
$id_project_group, $cc);
$id_project = process_sql ($sql, 'insert_id');
}
if ($id_project === false) {
echo ui_print_err_message (__('Project cannot be created, problem found.').$error_msg, '', true, 'h3', true);
} else {
echo ui_print_success_message (__('The project successfully created.').' #'.$id_project, '', true, 'h3', true);
audit_db ($id_owner, $REMOTE_ADDR, "Project created", "User ".$config['id_user']." created project '$name'");
project_tracking ($id_project, PROJECT_CREATED);
// Add this user as profile 1 (project manager) automatically
$sql = sprintf ('INSERT INTO trole_people_project
(id_project, id_user, id_role)
VALUES ("%s", "%s", 1)',
$id_project, $id_owner, 1);
process_sql ($sql);
// If current user is different than owner, add also current user
if ($config['id_user'] != $id_owner) {
$sql = sprintf ('INSERT INTO trole_people_project
(id_project, id_user, id_role)
VALUES (%d, "%s", 1)',
$description = get_parameter ('description');
$start_date = get_parameter ('start_date');
$end_date = get_parameter ('end_date');
$id_project_group = get_parameter ("id_project_group");
$cc = get_parameter('cc', '');
$sql = sprintf ('UPDATE tproject SET
name = "%s", description = "%s", id_project_group = %d,
start = "%s", end = "%s", id_owner = "%s", cc = "%s"
WHERE id = %d',
$name, $description, $id_project_group,
$start_date, $end_date, $user, $cc, $id_project);
$result = process_sql ($sql);
audit_db ($config["id_user"], $config["REMOTE_ADDR"], "Project updated", "Project $name");
if ($result !== false) {
project_tracking ($id_project, PROJECT_UPDATED);
$result_output = ui_print_success_message (__('The project successfully updated'), '', true, 'h3', true);
} else {
$result_output = ui_print_error_message (__('Could not update project'), '', true, 'h3', true);
}
}
// Edition / View mode
if ($id_project) {
$project = get_db_row ('tproject', 'id', $id_project);
$name = $project["name"];
$description = $project["description"];
$start_date = $project["start"];
$end_date = $project["end"];
$owner = $project["id_owner"];
$id_project_group = $project["id_project_group"];
/**
* Copy and insert in database a new file into incident
*
* @param int incident id
* @param string file full path
* @param string file description
*
*/
function attach_incident_file($id, $file_temp, $file_description, $email_notify = false, $file_name = "")
{
global $config;
$file_temp = safe_output($file_temp);
// Decoding HTML entities
$filesize = filesize($file_temp);
// In bytes
if ($file_name != "") {
$filename = $file_name;
} else {
$filename = basename($file_temp);
}
$filename = str_replace(array(" ", "(", ")"), "_", $filename);
// Replace blank spaces
$filename = filter_var($filename, FILTER_SANITIZE_URL);
// Replace conflictive characters
$sql = sprintf('INSERT INTO tattachment (id_incidencia, id_usuario,
filename, description, size)
VALUES (%d, "%s", "%s", "%s", %d)', $id, $config['id_user'], $filename, $file_description, $filesize);
$id_attachment = process_sql($sql, 'insert_id');
incident_tracking($id, INCIDENT_FILE_ADDED);
$result_msg = ui_print_success_message(__('File added'), '', true);
// Email notify to all people involved in this incident
if ($email_notify) {
if ($config["email_on_incident_update"] == 1) {
mail_incident($id, $config['id_user'], 0, 0, 2);
}
}
// Copy file to directory and change name
$file_target = $config["homedir"] . "attachment/" . $id_attachment . "_" . $filename;
$copy = copy($file_temp, $file_target);
if (!$copy) {
$result_msg = ui_print_error_message(__('File cannot be saved. Please contact Integria administrator about this error'), '', true);
$sql = sprintf('DELETE FROM tattachment
WHERE id_attachment = %d', $id_attachment);
process_sql($sql);
} else {
// Delete temporal file
unlink($file_temp);
// Adding a WU noticing about this
$link = "<a target='_blank' href='operation/common/download_file.php?type=incident&id_attachment=" . $id_attachment . "'>" . $filename . "</a>";
$note = "Automatic WU: Added a file to this issue. Filename uploaded: " . $link;
$public = 1;
$timeused = 0;
create_workunit($id, $note, $config["id_user"], $timeused, 0, "", $public);
$timestamp = print_mysql_timestamp();
$sql = sprintf('UPDATE tincidencia SET actualizacion = "%s" WHERE id_incidencia = %d', $timestamp, $id);
process_sql($sql);
}
return $result_msg;
}
}
// DONT use MySQL NOW() or UNIXTIME_NOW() because
// Integria can override localtime zone by a user-specified timezone.
$timestamp = print_mysql_timestamp();
$sql = sprintf('INSERT INTO tincidencia
(inicio, actualizacion, titulo, descripcion,
id_usuario, estado, prioridad,
id_grupo, id_creator, notify_email, id_task,
resolution, id_incident_type, sla_disabled, email_copy, epilog)
VALUES ("%s", "%s", "%s", "%s", "%s", %d, %d, %d, "%s",
%d, %d, %d, %d, %d, "%s", "%s")', $timestamp, $timestamp, $title, $description, $id_user_responsible, $estado, $priority, $group_id, $id_creator, $email_notify, $id_task, $resolution, $id_incident_type, $sla_disabled, $email_copy, $epilog);
$id = process_sql($sql, 'insert_id');
if ($id !== false) {
/* Update inventory objects in incident */
update_incident_inventories($id, array($id_inventory));
$result_msg = ui_print_success_message(__('Successfully created') . ' (id #' . $id . ')', '', true);
$result_msg .= '<h4><a href="index.php?sec=incidents&sec2=operation/incidents_simple/incident&id=' . $id . '">' . __('Please click here to continue working with ticket #') . $id . "</a></h4>";
audit_db($config["id_user"], $config["REMOTE_ADDR"], "Ticket created", "User " . $config['id_user'] . " created ticket #" . $id);
incident_tracking($id, INCIDENT_CREATED);
//Add traces and statistic information
incidents_set_tracking($id, 'create', $priority, $estado, $resolution, $id_user_responsible, $group_id);
// Email notify to all people involved in this incident
if ($email_notify) {
mail_incident($id, $id_user_responsible, "", 0, 1);
}
//insert data to incident type fields
if ($id_incident_type > 0) {
$sql_label = "SELECT `label` FROM `tincident_type_field` WHERE id_incident_type = {$id_incident_type}";
$labels = get_db_all_rows_sql($sql_label);
if ($labels === false) {
$labels = array();
$value_update['type'] = get_parameter('type');
$value_update['combo_value'] = get_parameter('combo_value', '');
$error_update = false;
if ($value_update['type'] == "combo") {
if ($value_update['combo_value'] == '') {
$error_update = true;
}
}
if ($error_update) {
echo ui_print_error_message(__('Field could not be updated. Empty combo value'), '', true, 'h3', true);
} else {
$result_update = process_sql_update('tuser_field', $value_update, array('id' => $id_field));
if ($result_update === false) {
echo ui_print_error_message(__('Field could not be updated'), '', true, 'h3', true);
} else {
echo ui_print_success_message(__('Field updated successfully'), '', true, 'h3', true);
}
}
}
echo "<h2>" . __("User fields") . "</h2>";
echo "<h4>" . __("List fields") . "</h4>";
$user_fields = get_db_all_rows_sql("SELECT * FROM tuser_field");
if ($user_fields === false) {
$user_fields = array();
}
$table = new StdClass();
$table->width = '100%';
$table->class = 'listing';
$table->data = array();
$table->head = array();
$table->style = array();
/**
* Evaluates a result using empty() and then prints an error or success message
*
* @param mixed The results to evaluate. 0, NULL, false, '' or
* array() is bad, the rest is good
* @param string The string to be displayed if the result was good
* @param string The string to be displayed if the result was bad
* @param string Any other attributes to be set for the h3
* @param bool Whether to output the string or return it
* @param string What tag to use (you could specify something else than
* h3 like div or h2)
* @param boolean Add a cancel button or not
*
* @return string HTML code if return parameter is true.
*/
function ui_print_result_message($result, $good = '', $bad = '', $attributes = '', $return = false, $tag = 'h3', $cancel_button = true)
{
if ($good == '' || $good === false) {
$good = __('Request successfully processed');
}
if ($bad == '' || $bad === false) {
$bad = __('Error processing request');
}
if (empty($result)) {
return ui_print_error_message($bad, $attributes, $return, $tag, $cancel_button);
}
return ui_print_success_message($good, $attributes, $return, $tag, $cancel_button);
}
$result = attach_incident_file ($incident_id, clean_output($file_temp), $file_description);
echo $result;
$active_tab = 'files';
}
if($add_workunit) {
$note = get_parameter('note');
$public = 1;
$timeused = "0.05";
$result = create_workunit ($incident_id, $note, $config["id_user"], $timeused, 0, "", $public, 0);
if($result) {
ui_print_success_message(__('Workunit added'));
}
else {
ui_print_error_message(__('There was a problem adding workunit'));
}
$active_tab = 'workunits';
}
// GET INCIDENT FROM DATABASE
$incident = get_full_incident($incident_id);
// TABS
?>
<ul style="height: 30px;" class="ui-tabs-nav">
<li class="ui-tabs" id="li_files">
$size = filesize ($file_tmp);
$description = get_parameter ("description", "");
$sql = sprintf("INSERT INTO tattachment (id_lead, id_usuario, filename, description, timestamp, size) VALUES (%d, '%s', '%s', '%s', '%s', %d)", $id, $config["id_user"], $filename, $description, date('Y-m-d H:i:s'), $size);
$id_attach = process_sql ($sql, 'insert_id');
$filename_encoded = $id_attach . "_" . $filename;
// Copy file to directory and change name
$file_target = $config["homedir"]."/attachment/".$filename_encoded;
if (!(copy($file_tmp, $file_target))){
echo ui_print_error_message (__("Could not be attached"), '', true, 'h3', true);
} else {
// Delete temporal file
echo ui_print_success_message (__("Successfully attached"), '', true, 'h3', true);
$location = $file_target;
unlink ($file_tmp);
}
// Create record in tattachment
}
}
// Control to upload file
echo '<div class="divform">';
}
}
/* Delete a custom saved search via AJAX */
if ($delete_custom_search) {
$sql = sprintf ('DELETE FROM tcustom_search
WHERE id_user = "******"
AND id = %d',
$config['id_user'], $id_search);
$result = process_sql ($sql);
if ($result === false) {
echo ui_print_error_message (__('Could not delete custom filter'), '', true, 'h3', true);
}
else {
echo ui_print_success_message (__('Custom filter deleted'), '', true, 'h3', true);
}
}
//FORM AND TABLE TO MANAGE CUSTOM SEARCHES
$table = new stdClass;
$table->id = 'saved_searches_table';
$table->width = '100%';
$table->class = 'search-table-button';
$table->size = array ();
$table->style = array ();
$table->style[0] = 'font-weight: bold';
$table->style[1] = 'font-weight: bold';
$table->data = array ();
$sql = sprintf ('SELECT id, name FROM tcustom_search
WHERE id_user = "******"
if ($result) {
echo ui_print_success_message (__("Inventory relationship deleted"), '', true, 'h3', true);
} else {
echo ui_print_error_message (__("Error deleting inventory relationship"), '', true, 'h3', true);
}
}
if ($add_link) {
$id_dst = get_parameter('link', 0);
$id_src = get_parameter('id_src');
$sql = "INSERT INTO tinventory_relationship (id_object_src, id_object_dst) VALUES ($id_src, $id_dst)";
$result = process_sql($sql);
if ($result) {
echo ui_print_success_message (__("Inventory relationship added"), '', true, 'h3', true);
} else {
echo ui_print_error_message (__("Error adding inventory relationship"), '', true, 'h3', true);
}
}
$sql_links = "SELECT * FROM tinventory_relationship
WHERE `id_object_src`=$id OR `id_object_dst`=$id";
$all_links = get_db_all_rows_sql($sql_links);
if ($all_links == false) {
$all_links = array();
}
$table = new stdClass;
audit_db ($config["id_user"], $config["REMOTE_ADDR"], "KB", "Updated kb item $id - $title");
}
if ( $_FILES['userfile']['name'] != "" ){ //if file
$tipo = $_FILES['userfile']['type'];
// Insert into database
$filename = $_FILES['userfile']['name'];
$filesize = $_FILES['userfile']['size'];
$attach_description = get_parameter ("attach_description");
$sql = "INSERT INTO tattachment (id_kb, id_usuario, filename, description, size ) VALUES (".$id.", '".$config["id_user"]. "','".$filename."','$attach_description', $filesize )";
mysql_query($sql);
$id_attachment=mysql_insert_id();
echo ui_print_success_message (__('File added'), '', true, 'h3', true);
// Copy file to directory and change name
$nombre_archivo = $config["homedir"]."attachment/".$id_attachment."_".$filename;
if (!(copy($_FILES['userfile']['tmp_name'], $nombre_archivo ))){
$result_msg = ui_print_error_message (__('File cannot be saved. Please contact Integria administrator about this error'), '', true, 'h3', true);
$sql = " DELETE FROM tattachment WHERE id_attachment =".$id_attachment;
mysql_query($sql);
unlink ($_FILES['userfile']['tmp_name']);
} else {
// Delete temporal file
//insert_event ("KB ITEM UPDATED", $id, 0, "File $filename added");
audit_db ($config["id_user"], $config["REMOTE_ADDR"], "KB", "Created kb item $id - $filename");
}
echo $result_msg;
$task_permission = get_project_access ($config["id_user"], $id_project, $id_task, false, true);
if (!$task_permission["manage"]) {
audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to task email report without permission");
no_permission();
}
if ($operation == "generate_email") {
$task_participants = get_db_all_rows_sql ("SELECT direccion, nombre_real FROM tusuario, trole_people_task WHERE tusuario.id_usuario = trole_people_task.id_user AND trole_people_task.id_task = $id_task");
$participants ="";
foreach ($task_participants as $participant){
$participant["direccion"];
$text = ascii_output ($description);
$subject = ascii_output ($title);
integria_sendmail ($participant["direccion"], $subject, $text);
}
echo ui_print_success_message (__("Operation successfully completed"), '', true, 'h3', true);
}
// Get names
if ($id_project)
$project_name = get_db_value ('name', 'tproject', 'id', $id_project);
else
$project_name = '';
if ($id_task)
$task = get_db_row ('ttask', 'id', $id_task);
$task_days = $task["hours"] / $config["hours_perday"];
$task_cost = $task['estimated_cost']. $config["currency"];
$prio_array = get_priorities();
$sql = sprintf('INSERT INTO trole_people_task (id_user, id_role, id_task)
VALUES ("%s", %d, %d)', $owner, $role, $id_task);
$result2 = process_sql($sql);
if (! $result2) {
echo ui_print_error_message (__('An error ocurred setting the permissions for the task'), '', true, 'h3', true);
}
}
else {
echo ui_print_error_message (__('The task could not be created'), '', true, 'h3', true);
}
}
}
echo ui_print_success_message (__('Project created successfully'), '', true, 'h3', true);
}
}
$project_name = get_db_value ("name", "tproject", "id", $id_project);
// Print title and menu.
$section_title = __('Project management');
$section_subtitle =__("Task planning")." » $project_name";
$p_menu = print_project_tabs();
print_title_with_menu ($section_title, $section_subtitle, "task_planning", 'projects', $p_menu, 'task_plan');
//Calculate task summary stats!
//Draw task status statistics by hand!
$sql = sprintf("SELECT id, completion FROM ttask WHERE id_project = %d", $id_project);
