function guess_mime_type($type_code)
{
$sql = "SELECT mime_type FROM attachment_type WHERE type_code = ?; ";
$qry = new PgQuery($sql, $type_code);
if ($qry->Exec("guess-mime-type") && $qry->rows > 0) {
$row = $qry->Fetch();
return $row->mime_type;
}
return "application/octet-stream";
}
function add_system_data($sql, $column)
{
global $systems;
$qry = new PgQuery($sql);
if (!$qry->Exec("rqchange") || $qry->rows == 0) {
return;
}
while ($row = $qry->Fetch()) {
$systems[$row->key]->{$column} = $row->data;
if (isset($row->system_desc)) {
$systems[$row->key]->{'system_desc'} = $row->system_desc;
}
}
}
function send_newnodes_block()
{
global $theme;
$qry = new PgQuery("SELECT * FROM wu JOIN infonode USING(node_id) JOIN usr ON ( wu_by = user_no ) ORDER BY wu_on DESC LIMIT 20;");
if (!$qry->Exec("newnodes") || $qry->rows == 0) {
return;
}
$theme->BlockOpen();
$theme->BlockTitle("New Nodes");
$i = 0;
while ($wu = $qry->Fetch()) {
if ($i++ > 0) {
echo "<br>\n";
}
echo "<a class=blockhead href=\"/wu.php?node_id={$wu->node_id}\" class=block>{$wu->nodename}</a> by {$wu->username}\n";
}
echo "<img src=\"/images/clear.gif\" width=\"155\" height=\"50\" hspace=\"0\" vspace=\"2\" border=\"0\">\n";
$theme->BlockClose();
}
<?php
switch ($action) {
case "edit":
case "delete":
// Read the record first and set the screen values so the user can edit it and re-add it.
$sql = "SELECT * FROM lookup_code WHERE source_table=? AND source_field=? AND lookup_code=?;";
$q = new PgQuery($sql, $table, $field, $lookup_code);
if ($q->Exec("lookwrite") && $q->rows > 0 && ($old = $q->Fetch())) {
$lookup_seq = $old->lookup_seq;
$lookup_desc = $old->lookup_desc;
$lookup_misc = $old->lookup_misc;
}
if ("{$action}" == "delete") {
$sql = "DELETE FROM lookup_code WHERE source_table=? AND source_field=? AND lookup_code=?;";
$q = new PgQuery($sql, $table, $field, $lookup_code);
if ($q->Exec("lookwrite")) {
$client_messages[] = "Lookup Code deleted.";
}
}
break;
case "insert":
$sql = "INSERT INTO lookup_code (source_table, source_field, lookup_code, ";
$sql .= " lookup_seq, lookup_desc, lookup_misc) VALUES(?, ?, ?, ?, ?, ?);";
$q = new PgQuery($sql, $table, $field, $lookup_code, $lookup_seq, $lookup_desc, $lookup_misc);
if ($q->Exec("lookwrite")) {
$client_messages[] = "Lookup Code added.";
}
break;
case "update":
$sql = "UPDATE lookup_code SET lookup_code=?, lookup_seq=?, lookup_desc=?, lookup_misc=? ";
/**
* Do what must be done with time zones from on file. Attempt to turn
* them into something that PostgreSQL can understand...
*
* @deprecated This function is deprecated and will be removed eventually.
* @todo Remove this function.
*/
function DealWithTimeZones()
{
global $c;
dbg_error_log("LOG", " iCalendar: Call to deprecated method '%s'", 'DealWithTimeZones');
$tzid = $this->Get('TZID');
if (isset($c->save_time_zone_defs) && $c->save_time_zone_defs) {
$qry = new PgQuery("SELECT tz_locn FROM time_zone WHERE tz_id = ?;", $tzid);
if ($qry->Exec('iCalendar') && $qry->rows == 1) {
$row = $qry->Fetch();
$this->tz_locn = $row->tz_locn;
}
dbg_error_log("icalendar", " TZCrap2: TZID '%s', DB Rows=%d, Location '%s'", $tzid, $qry->rows, $this->tz_locn);
}
if ((!isset($this->tz_locn) || $this->tz_locn == '') && $tzid != '') {
/**
* In case there was no X-LIC-LOCATION defined, let's hope there is something in the TZID
* that we can use. We are looking for a string like "Pacific/Auckland" if possible.
*/
$tzname = preg_replace('#^(.*[^a-z])?([a-z]+/[a-z]+)$#i', '$1', $tzid);
/**
* Unfortunately this kind of thing will never work well :-(
*
if ( strstr( $tzname, ' ' ) ) {
$words = preg_split('/\s/', $tzname );
$tzabbr = '';
foreach( $words AS $i => $word ) {
$tzabbr .= substr( $word, 0, 1);
}
$this->tz_locn = $tzabbr;
}
*/
if (preg_match('#\\S+/\\S+#', $tzname)) {
$this->tz_locn = $tzname;
}
dbg_error_log("icalendar", " TZCrap3: TZID '%s', Location '%s', Perhaps: %s", $tzid, $this->tz_locn, $tzname);
}
if ($tzid != '' && isset($c->save_time_zone_defs) && $c->save_time_zone_defs && $qry->rows != 1 && isset($this->vtimezone) && $this->vtimezone != "") {
$qry2 = new PgQuery("INSERT INTO time_zone (tz_id, tz_locn, tz_spec) VALUES( ?, ?, ? );", $tzid, $this->tz_locn, $this->vtimezone);
$qry2->Exec("iCalendar");
}
if ((!isset($this->tz_locn) || $this->tz_locn == "") && isset($c->local_tzid)) {
$this->tz_locn = $c->local_tzid;
}
}
$qry = new PgQuery($sql);
if ($qry->Exec("indexsupport") && $qry->rows > 0) {
// Can't just let anyone type in a where clause on the command line!
if (!is_member_of('Admin')) {
$where_clause = "";
}
// Internal column names (some have 'nice' alternatives defined in header_row() )
// The order of these defines the ordering when columns are chosen
$available_columns = array("request_id" => "WR #", "lby_fullname" => "Created By", "lfull" => "Request For", "request_on" => "Request On", "lbrief" => "Description", "request_type_desc" => "Type", "request_tags" => "Tags", "status_desc" => "Status", "system_code" => "System Code", "system_desc" => "System Name", "request.last_activity" => "Last Chng", "urgency" => "Urgency", "importance" => "Importance", "active" => "Active");
/**
* The hours column is not visible to clients.
*/
if ($session->AllowedTo("Support") || $session->AllowedTo("Admin")) {
$available_columns["request_hours"] = "Hours";
}
$saved_qry_row = $qry->Fetch();
$search_query = $saved_qry_row->query_sql;
// $style = 'stripped';
$query_params = unserialize($saved_qry_row->query_params);
$columns = $query_params["columns"];
if (!isset($columns) || !is_array($columns)) {
if ($format == "edit") {
$columns = array("request_id", "lfull", "request_on", "lbrief", "status_desc", "active", "request_type_desc", "request.last_activity");
} else {
$columns = array("request_id", "lfull", "request_on", "lbrief", "status_desc", "request_type_desc", "request.last_activity");
}
}
// If the maxresults they saved was non-default, use that, otherwise we
// increase the default anyway, because saved queries are more carefully
// crafted, and less likely to list the whole database
$mr = 1000;
$ts_id = $row->ts_id;
$sql = <<<EOSQL
{$tzset}
INSERT INTO request_timesheet ( timesheet_id, request_id, work_on, work_duration, work_by_id, work_description, work_units )
VALUES( {$ts_id}, ?, ?::timestamp, (?::timestamp - ?::timestamp), {$session->user_no}, ?, 'hours' );
UPDATE request_timesheet
SET work_quantity = (extract( 'hours' from work_duration)::numeric + extract( 'minutes' from work_duration )::numeric / 60::numeric),
dav_etag = md5(timesheet_id||request_id||work_on||work_duration||work_by_id||COALESCE(charged_details,'')||work_description)
WHERE timesheet_id={$ts_id};
EOSQL;
$qry = new PgQuery($sql, $request_id, $ev->Get('dtstart'), $ev->Get('dtend'), $ev->Get('dtstart'), $ev->Get('summary'));
$qry->Exec("PUT");
}
$qry = new PgQuery("SELECT dav_etag FROM request_timesheet WHERE timesheet_id = {$ts_id};");
$qry->Exec("PUT");
$row = $qry->Fetch();
$etag = $row->dav_etag;
$qry = new PgQuery("COMMIT;");
$qry->Exec("PUT");
header("HTTP/1.1 201 {$action}");
/**
* From draft 13, 5.3.4 we find:
* "In the case where the data stored by a server as a result of a PUT
* request is not equivalent by octet equality to the submitted calendar
* object resource, the behavior of the ETag response header is not
* specified here, with the exception that a strong entity tag MUST NOT be
* returned in the response. As a result, clients may need to retrieve the
* modified calendar object resource (and ETag) as a basis for further
* changes, rather than use the calendar object resource it had sent with
* the PUT request."
*
header("Content-type: text/plain");
dbg_error_log("DELETE", "Access denied: User: %d, Path: %s", $qry->rows, $session->user_no, $delete_path);
echo "Access Denied";
exit(0);
}
}
if ((!isset($etag_match) || $etag_match == '*' || $etag_match == '') && ("/" . $session->username . "/{$ts_id}" . ".ics" == "{$delete_path}" || "/" . $session->username . "/{$ts_id}@" . $_SERVER['SERVER_NAME'] . ".ics" == "{$delete_path}")) {
// It really looks like we are deleting an existing timesheet
$qry = new PgQuery("SELECT dav_etag FROM request_timesheet WHERE timesheet_id={$ts_id};");
$qry->Exec("PUT");
if ($qry->rows != 1) {
header("HTTP/1.1 500 Infernal Server Error");
dbg_error_log("ERROR", "Found %d rows matching request %d, timesheet %d for user %s(%d)", $request_id, $ts_id, $delete_user_name, $delete_user_no);
exit(0);
} elseif ($qry->rows == 1) {
$dav_event = $qry->Fetch();
$etag_match = $dav_event->dav_etag;
}
}
if (isset($etag_match) && $etag_match != '*' && $etag_match != '' && ("/" . $session->username . "/{$ts_id}" . ".ics" == "{$delete_path}" || "/" . $session->username . "/{$ts_id}@" . $_SERVER['SERVER_NAME'] . ".ics" == "{$delete_path}")) {
$qry = new PgQuery("SELECT * FROM request_timesheet WHERE work_by_id=? AND dav_etag=? AND timesheet_id=?", $session->user_no, $etag_match, $ts_id);
if ($qry->Exec("DELETE") && $qry->rows == 1) {
$qry = new PgQuery("DELETE FROM request_timesheet WHERE work_by_id=? AND dav_etag=? AND timesheet_id=?", $session->user_no, $etag_match, $ts_id);
if ($qry->Exec("DELETE")) {
header("HTTP/1.1 200 OK");
dbg_error_log("DELETE", "DELETE: User: %d, ETag: %s, Path: %s", $session->user_no, $etag_none_match, $delete_path);
} else {
header("HTTP/1.1 500 Infernal Server Error");
dbg_error_log("DELETE", "DELETE failed: User: %d, ETag: %s, Path: %s, SQL: %s", $session->user_no, $etag_none_match, $delete_path, $qry->querystring);
}
} else {
/**
* Returns the locked row, either from the cache or from the database
*
* @param string $dav_name The resource which we want to know the lock status for
*/
function GetLockRow($lock_token)
{
if (isset($this->_locks_found) && isset($this->_locks_found[$lock_token])) {
return $this->_locks_found[$lock_token];
}
$sql = "SELECT * FROM locks WHERE opaquelocktoken = ?;";
$qry = new PgQuery($sql, $lock_token);
if ($qry->Exec("caldav", __LINE__, __FILE__)) {
$lock_row = $qry->Fetch();
$this->_locks_found = array($lock_token => $lock_row);
return $this->_locks_found[$lock_token];
} else {
$request->DoResponse(500, translate("Database Error"));
}
return false;
// Nothing matched
}
/** Save the request to the database. This is a QAMS-specific DB save
* method, just catering for the data we need to setup up the basic
* WRMS records.
*/
function save_request()
{
$saved = false;
// We do this thing with the _POST array so that our class
// vars get saved. This is to cater to WRMS Write() logic..
foreach ($this->post_fields as $posted_name) {
$_POST["{$posted_name}"] = $this->{$posted_name};
}
// Whether to let WRMS do its e-mail thing. Normally we do
// emails directly from QAMS..
if ($this->send_no_email) {
$_POST["send_no_email"] = "on";
}
if ($this->Validate(true)) {
$saved = $this->Write(true);
if ($saved && $this->new_request) {
// Fetch the request_id for this record.
$q = "SELECT currval('request_request_id_seq');";
$qry = new PgQuery($q);
$qry->Exec("WR::Write");
$row = $qry->Fetch(true);
// Fetch results as array
$this->request_id = $row[0];
// Not new anymore..
$this->new_request = false;
}
}
return $saved;
}
/**
* Get XML response for a single item. Depth is irrelevant for this.
*/
function get_item($item_path)
{
global $session;
$responses = array();
dbg_error_log("PROPFIND", "Getting item: Path: %s", $item_path);
$sql = "SELECT caldav_data.dav_name, caldav_data, caldav_data.dav_etag ";
$sql .= "FROM caldav_data WHERE dav_name = ?";
$qry = new PgQuery($sql, PgQuery::Plain(iCalendar::HttpDateFormat()), PgQuery::Plain(iCalendar::HttpDateFormat()), $item_path);
if ($qry->Exec("PROPFIND", __LINE__, __FILE__) && $qry->rows > 0) {
while ($item = $qry->Fetch()) {
$responses[] = item_to_xml($item);
}
}
return $responses;
}
<?php
/**
*
* Now we build the statement that will find those requests...
*/
$search_query = "";
if (!isset($_POST['submit']) && isset($_GET['saved_query'])) {
$sql = "SELECT * FROM saved_queries ";
$sql .= "WHERE (user_no = '{$session->user_no}' OR public ) ";
$sql .= "AND query_name = ?;";
$qry = new PgQuery($sql, $saved_query);
$qry->Exec("WRSearch::Build");
$thisquery = $qry->Fetch();
$search_query = $thisquery->query_sql;
$saved_columns = unserialize($thisquery->query_params);
$saved_columns = $saved_columns["columns"];
if (isset($saved_columns) && is_array($saved_columns)) {
$columns = $saved_columns;
}
// If the maxresults they saved was non-default, use that, otherwise we
// increase the default anyway, because saved queries are more carefully
// crafted, and less likely to list the whole database
$mr = 1000;
if ((!isset($maxresults) || intval($maxresults) == 0 || $maxresults == 100) && intval($thisquery->maxresults) != 100 && intval($thisquery->maxresults) != 100) {
$mr = $thisquery->maxresults;
}
$maxresults = $mr;
if ($thisquery->rlsort && !isset($_GET['rlsort'])) {
$rlsort = $thisquery->rlsort;
$rlseq = $thisquery->rlseq;
function RenderSearchForm($target_url)
{
global $session, $theme, $search_record;
$html = "";
$search_record = (object) array();
$org_code = intval($GLOBALS['org_code']);
if ($org_code > 0) {
$search_record->org_code = $org_code;
}
// $session->Log( 'DBG: isset($_POST[submit])=%s isset($_GET[saved_query])=%s', isset($_POST[submit]), isset($_GET['saved_query'] ) );
if (!isset($_POST['submit']) && isset($_GET['saved_query'])) {
$qry = new PgQuery("SELECT query_params FROM saved_queries WHERE (user_no = ? OR public ) AND lower(query_name) = lower(?);", $session->user_no, $_GET['saved_query']);
if ($qry->Exec('RenderSearchForm') && $qry->rows == 1 && ($row = $qry->Fetch())) {
$_POST = unserialize($row->query_params);
}
}
$ef = new EntryForm($REQUEST_URI, $search_record, true);
// We do the formatting fairly carefully here...
$ef->SimpleForm('<span style="white-space: nowrap"><span class="srchp">%s:</span><span class="srchf">%s</span></span> ');
$html .= $ef->StartForm(array("autocomplete" => "off", "onsubmit" => "return CheckSearchForm();"));
$html .= "<table border=0 cellspacing=2 cellpadding=0 align=center class=row0 width=100% style=\"border: 1px dashed #aaaaaa;\">\n";
$html .= "<tr><td width=100%><table border=0 cellspacing=0 cellpadding=0 width=100%><tr valign=middle><td width=100%>\n";
if (isset($_GET['search_for']) && !isset($_POST['search_for'])) {
$_POST['search_for'] = $_GET['search_for'];
}
$html .= $ef->DataEntryLine("Find", "%s", "text", "search_for", array("size" => 10, "class" => "srchf", "title" => "Search for free text in the request or notes. Regular expressions are OK too."));
// Organisation drop-down
if ($session->AllowedTo("Admin") || $session->AllowedTo("Support") || $session->AllowedTo("Contractor")) {
$html .= $ef->DataEntryLine("Organisation", "", "lookup", "org_code", array("_sql" => SqlSelectOrganisations($org_code), "_null" => "-- All Organisations --", "onchange" => "OrganisationChanged();", "title" => "The organisation that this work will be done for.", "class" => "srchf", "style" => "width: 18em"));
}
// System (within Organisation) drop-down
$html .= $ef->DataEntryLine("System", "", "lookup", "system_id", array("_sql" => SqlSelectSystems($org_code), "_null" => "-- All Systems --", "onchange" => "SystemChanged();", "title" => "The business system that this request applies to.", "class" => "srchf", "style" => "width: 18em"));
$html .= $ef->DataEntryLine("Requester", "", "lookup", "requested_by", array("_sql" => SqlSelectRequesters($org_code), "_null" => "-- Any Requester --", "onchange" => "PersonChanged();", "title" => "The client who is requesting this, or who is in charge of ensuring it happens.", "class" => "srchf", "style" => "width: 12em"));
$html .= $ef->DataEntryLine("Watching", "", "lookup", "interested_in", array("_sql" => SqlSelectSubscribers($org_code), "_null" => "-- Any Interested User --", "title" => "The client who is requesting this, or who is in charge of ensuring it happens.", "class" => "srchf", "style" => "width: 12em"));
// Person Assigned to W/R
$html .= $ef->DataEntryLine("ToDo", "", "lookup", "allocated_to", array("_sql" => SqlSelectSubscribers($org_code), "_null" => "-- Any Assigned User --", "_nobody" => "-- Not Yet Allocated --", "class" => "srchf", "title" => "A person who has been assigned to work on requests.", "style" => "width: 12em"));
// Date range
$html .= $ef->DataEntryLine("Last Action", "%s", "date", "from_date", array("size" => 10, "class" => "srchf", "title" => "Only show requests with action after this date."));
$html .= "<a href=\"javascript:show_calendar('forms.form.from_date');\" onmouseover=\"window.status='Date Picker';return true;\" onmouseout=\"window.status='';return true;\">" . $theme->Image("date-picker.gif") . "</a> \n";
$html .= $ef->DataEntryLine("To", "%s", "date", "to_date", array("size" => 10, "class" => "srchf", "title" => "Only show requests with action before this date."));
$html .= "<a href=\"javascript:show_calendar('forms.form.to_date');\" onmouseover=\"window.status='Date Picker';return true;\" onmouseout=\"window.status='';return true;\">" . $theme->Image("date-picker.gif") . "</a> \n";
// Type of Request
$html .= $ef->DataEntryLine("Type", "%s", "lookup", "type_code", array("_type" => "request|request_type", "_null" => "-- All Types --", "class" => "srchf", "style" => "width: 8em", "title" => "Only show this type of request"));
if ($session->AllowedTo("Admin")) {
// $html .= "<div id=\"whereclause\">";
$html .= $ef->DataEntryLine("Where", "%s", "text", "where_clause", array("size" => 60, "class" => "srchf", "title" => "Add an SQL 'WHERE' clause to further refine the search - you will need to know what you are doing..."));
// $html .= "</div>";
}
$html .= "<table border='0' cellspacing='0' cellpadding='0' width='100%'><tr>";
$html .= "<td style=\"vertical-align: top; padding-top: 0.3em; white-space:wrap;\"><span class=\"srchp\">Status:</span></td><td valign='top'>\n";
$sql = "SELECT * FROM lookup_code WHERE source_table='request' ";
$sql .= " AND source_field='status_code' ";
$sql .= " ORDER BY source_table, source_field, lookup_seq, lookup_code ";
$qry = new PgQuery($sql);
if ($qry->Exec("RenderSearchForm") && $qry->rows > 0) {
$i = 0;
while ($status = $qry->Fetch()) {
$ef->record->incstat[$status->lookup_code] = strpos($GLOBALS['default_search_statuses'], $status->lookup_code) != false ? 1 : '';
if ($i++ > 0) {
$html .= " ";
}
$html .= $ef->DataEntryField("%s", "checkbox", "incstat[{$status->lookup_code}]", array("_label" => $status->lookup_desc, "class" => "srchf", "value" => 1));
// if ( $i++ == round($qry->rows / 2) ) $html .= "<br />";
}
$html .= $ef->DataEntryField("%s", "checkbox", "inactive", array("_label" => "inactive", "class" => "srchf", "value" => 1));
$html .= "</td>\n";
}
$html .= "</tr></table>\n";
$html .= RenderTagsPanel($ef);
$html .= RenderColumnSelections($ef);
// style="display: block; float:right; clear: left;"
$html .= '<div id="savesearch">';
$html .= $ef->DataEntryLine("Save as", "%s", "text", "savelist", array("size" => 20, "class" => "srchf", "title" => "A name to use to refer to this query in the future."));
$html .= $ef->DataEntryField("%s", "checkbox", "save_query_order", array("_label" => "With Order?", "class" => "srchf", "value" => 1));
$html .= $ef->DataEntryField("%s", "checkbox", "save_public", array("_label" => "Public?", "class" => "srchf", "value" => 1));
$search_record->save_hotlist = 't';
$html .= $ef->DataEntryField("%s", "checkbox", "save_hotlist", array("_label" => "In my menu?", "class" => "srchf", "value" => 1));
$html .= $ef->SubmitButton("submit", "Save Query", array("title" => "Save this query so you can run it again."));
$html .= "</div>";
$html .= $ef->DataEntryLine("Max results", "%s", "text", "maxresults", array("size" => 6, "class" => "srchf", "title" => "The maximum number of rows to show in the listing"));
$html .= $ef->SubmitButton("submit", "Run Query", array("title" => "Run a query with these settings"));
$html .= "</td></tr></table>\n";
$html .= "</td></tr></table>\n";
$html .= $ef->EndForm();
return $html;
}
if ($qry->Exec("UsrSearch")) {
// Build table of usrs found
echo "<p> " . $qry->rows . " users found</p>";
echo "<table border=\"0\" cellpadding=2 cellspacing=1 align=center width=100%>\n<tr>\n";
echo "<th class=cols>User ID</th><th class=cols>Full Name</th>\n";
if (!isset($org_code) || $org_code == 0) {
echo "<th class=cols>Organisation</th>\n";
}
echo "<th class=cols>Email</th>\n";
if (isset($system_id) && $system_id > 0) {
echo "<th class=cols>User Role</th>\n";
}
echo "<th class=cols>Accessed</th>\n";
echo "<th class=cols>Actions</th>\n";
echo "</tr>\n";
while ($thisusr = $qry->Fetch()) {
printf("<tr class=row%1d>\n", $qry->rownum % 2);
echo "<td class=sml><a href=\"user.php?user_no={$thisusr->user_no}\">{$thisusr->username}</a></td>\n";
echo "<td class=sml><a href=\"user.php?user_no={$thisusr->user_no}\">{$thisusr->fullname}</a></td>\n";
if (!isset($org_code) || $org_code == 0) {
echo "<td class=sml><a href=\"org.php?org_code={$thisusr->org_code}\">{$thisusr->org_name}</a></td>\n";
}
echo "<td class=sml><a href=\"mailto:{$thisusr->email}\">{$thisusr->email}</a> </td>\n";
if (isset($system_id) && $system_id > 0) {
echo "<td class=sml>{$thisusr->lookup_desc} ({$thisusr->role}) </td>\n";
}
echo "<td class=sml>{$thisusr->last_used} </td>\n";
echo "<td class=sml><a class=submit href=\"requestlist.php?user_no={$thisusr->user_no}\">Requested</a>\n";
if (is_member_of('Admin', 'Support')) {
echo "<a class=submit href=\"requestlist.php?allocated_to={$thisusr->user_no}\">Allocated</a>\n";
echo "<a class=submit href=\"form.php?user_no={$thisusr->user_no}&form=timelist&uncharged=1\">Work</a>\n";
$ef->TempLineFormat('<span class="srchf" style="white-space: nowrap">%s%s</span>');
$btn_clients = $ef->DataEntryLine("", "", "button", "apply_clients", array("value" => "Client", "onclick" => "ApplyToRoles('client');", "title" => "Click to apply the default to unassigned users for this system.", "class" => "fsubmit"));
$btn_contractors = $ef->DataEntryLine("", "", "button", "apply_contractors", array("value" => "Contractor", "onclick" => "ApplyToRoles('ext');", "title" => "Click to apply the default to unassigned users for this system.", "class" => "fsubmit"));
$btn_internal = $ef->DataEntryLine("", "", "button", "apply_internal", array("value" => "Internal", "onclick" => "ApplyToRoles('int');", "title" => "Click to apply the default to unassigned users for this system.", "class" => "fsubmit"));
$ef->RevertLineFormat();
$html .= "Choose a default and apply to unassigned {$btn_clients} / {$btn_contractors} / {$btn_internal} users</th>";
$html .= '<td class="entry" align="center">';
$options = array_merge($roles, array("title" => "Select the default role people have in relation to this system"));
$html .= $ef->DataEntryField("", "select", "default_role", $options);
$html .= "</td></tr>";
echo $html;
}
$options = array_merge($roles, array("title" => "Select the role this person has in relation to this system"));
$fld_format = '<span style="background-color: %s;"> %s </span>';
$i = 0;
while ($row = $q->Fetch()) {
$search_record->role[$row->user_no] = $row->role;
$colour = '#e8ffe0';
$type = "This is a client";
$id = "client_{$i}";
if ($row->internal_role == 't') {
$id = "int_{$i}";
$colour = '#ffe8e0';
$type = "This is an internal person";
} else {
if ($row->contractor_role == 't') {
$id = "ext_{$i}";
$colour = '#e0e8ff';
$type = "This is an external support person";
}
}
if (isset($report[$i]['properties']['GETETAG'])) {
$prop->NewElement("getetag", '"' . $ts->dav_etag . '"');
}
$status = new XMLElement("status", "HTTP/1.1 200 OK");
$response->NewElement("propstat", array($prop, $status));
$responses[] = $response;
dbg_error_log("REPORT", "TS Response: ETag >>%s<< >>%s<<", $ts->dav_etag, $url);
}
}
/**
* We also include _all_ caldav_data entries in there, since these
* are events which failed to parse into timesheets.
*/
$qry = new PgQuery("SELECT * FROM caldav_data WHERE user_no = ?", $report_user_no);
if ($qry->Exec() && $qry->rows > 0) {
while ($dav = $qry->Fetch()) {
$response = new XMLElement("response");
$prop = new XMLElement("prop");
$url = sprintf("http://%s:%d%s%s", $_SERVER['SERVER_NAME'], $_SERVER['SERVER_PORT'], $_SERVER['SCRIPT_NAME'], $dav->dav_name);
if (isset($report[$i]['include_href']) && $report[$i]['include_href'] > 0) {
$response->NewElement("href", $url);
}
if (isset($report[$i]['include_data']) && $report[$i]['include_data'] > 0) {
$prop->NewElement("calendar-data", $dav->caldav_data, array("xmlns" => "urn:ietf:params:xml:ns:caldav"));
}
if (isset($report[$i]['properties']['GETETAG'])) {
$prop->NewElement("getetag", '"' . $dav->dav_etag . '"');
}
$status = new XMLElement("status", "HTTP/1.1 200 OK");
$response->NewElement("propstat", array($prop, $status));
$responses[] = $response;
if ("{$style}" != "stripped") {
echo "<p><small> " . pg_NumRows($result) . " timesheets found\n";
if (pg_NumRows($result) == $maxresults) {
echo " (limit reached)";
}
if ("{$uncharged}" != "") {
printf("<form enctype=\"multipart/form-data\" method=post action=\"%s%s\">\n", $REQUEST_URI, !strpos($REQUEST_URI, "uncharged") ? "&uncharged=1" : "");
}
}
echo "<table border=\"0\" cellspacing=1 align=center>\n";
header_row();
$grand_total = 0.0;
$total_hours = 0.0;
$requests = array();
// Build table of organisations found
while ($timesheet = $qry->Fetch()) {
$grand_total += doubleval($timesheet->work_quantity * $timesheet->work_rate);
switch ($timesheet->work_units) {
case 'hours':
$total_hours += doubleval($timesheet->work_quantity);
$requests[$timesheet->request_id]['hours'] += $timesheet->work_quantity;
break;
case 'days':
$total_hours += doubleval($timesheet->work_quantity * 8);
$requests[$timesheet->request_id]['hours'] += $timesheet->work_quantity * 8;
break;
}
$requests[$timesheet->request_id]['name'] = $timesheet->brief;
printf("<tr class=row%1d>\n", $qry->row % 2);
echo "<td class=sml nowrap>{$timesheet->requester_name}</td>\n";
if ("{$GLOBALS['org_code']}" == "") {
$sql .= "AND last_org_request(org_code) IS NOT NULL ";
$sql .= "AND ( EXISTS( SELECT 1 FROM org_system os JOIN system_usr su USING(system_id) WHERE os.org_code=organisation.org_code AND su.user_no={$session->user_no} AND su.role IN ('A','S')) ";
$sql .= "OR EXISTS( SELECT 1 FROM request_interested ri JOIN request r USING(request_id) JOIN usr u ON (r.requester_id=u.user_no) WHERE r.active AND r.last_activity > (current_timestamp - '8 months'::interval) AND u.org_code=organisation.org_code AND ri.user_no={$session->user_no} ) ";
$sql .= "OR EXISTS( SELECT 1 FROM request_allocated ra JOIN request r USING(request_id) JOIN usr u ON (r.requester_id=u.user_no) WHERE r.active AND r.last_activity > (current_timestamp - '14 months'::interval) AND u.org_code=organisation.org_code AND ra.allocated_to_id={$session->user_no} ) ) ";
$sql .= "AND active_org_requests(org_code) > 0 ";
$sql .= "ORDER BY LOWER(organisation.org_name) ";
$sql .= "LIMIT 100 ";
$qry = new PgQuery($sql);
if ($qry->Exec("indexsupport") && $qry->rows > 0) {
echo "<table border=\"0\" align=\"center\" width=\"100%\"><tr>\n";
echo "<th class=\"cols\" align=\"left\">Organisation Name</th>";
echo "<th class=\"cols\" align=\"center\">Requests</th>";
echo "<th class=\"cols\" align=\"center\">Last Request</th>";
echo "<th class=\"cols\" align=\"center\">Show:</th></tr>";
// Build table of rows
while ($thisorganisation = $qry->Fetch()) {
$i = !isset($i) || $i == 0 ? 1 : 0;
printf("<tr class=\"row%1d\">", $i);
echo "<td class=\"sml\"> <a href=\"requestlist.php?org_code={$thisorganisation->org_code}\">{$thisorganisation->org_name}";
if ("{$thisorganisation->org_name}" == "") {
echo "-- no description --";
}
echo "</a> </td>\n";
echo "<td class=\"sml\" align=\"right\"> {$thisorganisation->active_org_requests}</td>\n";
echo "<td class=\"sml\" align=\"center\"> {$thisorganisation->last_request_date}</td>\n";
echo "<td class=\"sml\" align=\"center\"><a class=\"submit\" href=\"org.php?org_code={$thisorganisation->org_code}\">Organisation</a>";
echo " <a class=\"submit\" href=\"usrsearch.php?org_code={$thisorganisation->org_code}\">Users</a>";
echo " <a class=\"submit\" href=\"form.php?org_code={$thisorganisation->org_code}&form=timelist&uncharged=1\">Work</a>";
echo "</td></tr>\n";
}
echo "</table>\n";
include_once "qams-project-defs.php";
// -----------------------------------------------------------------------------------------------
// MAIN CONTENT
$s = "";
// DOCUMENTS ASSOCIATED WITH QA STEPS
// Let's see if we can do this bit with a single query..
$q = "SELECT p.*, s.*, d.*, m.*, md.path_to_template, md.path_to_example";
$q .= " FROM qa_phase p, qa_step s, qa_document d, qa_model m, qa_model_documents md";
$q .= " WHERE s.qa_phase=p.qa_phase";
$q .= " AND md.qa_model_id=m.qa_model_id";
$q .= " AND md.qa_document_id=s.qa_document_id";
$q .= " AND d.qa_document_id=s.qa_document_id";
$q .= " ORDER BY p.qa_phase_order, s.qa_step_order, m.qa_model_order";
$qry = new PgQuery($q);
if ($qry->Exec("qams-refdoc-index.php:get documents") && $qry->rows > 0) {
while ($row = $qry->Fetch(true)) {
$phase = $row["qa_phase_desc"];
$qa_model_name = $row["qa_model_name"];
$qa_document_id = $row["qa_document_id"];
$qa_document_title = $row["qa_document_title"];
$qa_document_desc = $row["qa_document_desc"];
$template = $row["path_to_template"];
$example = $row["path_to_example"];
// Only interested if we actually have a URL..
if ($template != "" || $example != "") {
$id = "{$phase}|{$qa_document_id}";
$doc[$id] = $qa_document_title;
$docdesc[$id] = $qa_document_desc;
if ($template != "") {
$doc_template[$id][$qa_model_name] = $template;
}
/**
* Save this approval record into the approval history set. If the ID
* is still zero then we assume a new record needs to be inserted, else
* we update the existing one.
* @return boolean True if the approval was safely saved.
*/
function save()
{
$ok = false;
// Fields which we want to NULL if not set, or nullstring..
$assigned_to_usr = isset($this->assigned_to_usr) && $this->assigned_to_usr != "" ? $this->assigned_to_usr : "******";
$approval_by_usr = isset($this->approval_by_usr) && $this->approval_by_usr != "" ? $this->approval_by_usr : "******";
$assigned_datetime = isset($this->assigned_datetime) && $this->assigned_datetime != "" ? "'{$this->assigned_datetime}'" : "NULL";
$approval_datetime = isset($this->approval_datetime) && $this->approval_datetime != "" ? "'{$this->approval_datetime}'" : "NULL";
$approval_status = isset($this->approval_status) && $this->approval_status != "" ? "'{$this->approval_status}'" : "NULL";
if ($this->qa_approval_id == 0) {
// New record - grab next sequence value..
$qry = new PgQuery("SELECT NEXTVAL('qa_project_approval_qa_approval_id_seq')");
if ($qry->Exec()) {
$row = $qry->Fetch(true);
$this->qa_approval_id = $row[0];
}
// Create new approval..
$q = "INSERT INTO qa_project_approval (";
$q .= " qa_approval_id, project_id, qa_step_id, qa_approval_type_id,";
$q .= " approval_status, assigned_to_usr, approval_by_usr, comment,";
$q .= " approval_datetime, assigned_datetime";
$q .= ") ";
$q .= "VALUES(";
$q .= "{$this->qa_approval_id},";
$q .= "{$this->project_id},";
$q .= "{$this->qa_step_id},";
$q .= "{$this->qa_approval_type_id},";
$q .= "{$approval_status},";
$q .= "{$assigned_to_usr},";
$q .= "{$approval_by_usr},";
$q .= "'" . addslashes($this->comment) . "',";
$q .= "{$approval_datetime},";
$q .= "{$assigned_datetime}";
$q .= ")";
$qry = new PgQuery($q);
$ok = $qry->Exec("qa_project_approval::save");
} else {
// Existing record update..
$q = "UPDATE qa_project_approval SET ";
$q .= " project_id={$this->project_id},";
$q .= " qa_step_id={$this->qa_step_id},";
$q .= " qa_approval_type_id={$this->qa_approval_type_id},";
$q .= " approval_status={$approval_status},";
$q .= " assigned_to_usr={$assigned_to_usr},";
$q .= " approval_by_usr={$approval_by_usr},";
$q .= " comment='" . addslashes($this->comment) . "',";
$q .= " approval_datetime={$approval_datetime},";
$q .= " assigned_datetime={$assigned_datetime}";
$q .= " WHERE qa_approval_id={$this->qa_approval_id}";
$qry = new PgQuery($q);
$ok = $qry->Exec("qa_project_approval::save");
}
return $ok;
}
/**
* Internal function used to get the user's system roles from the database.
*/
function GetSystemRoles()
{
$this->system_roles = array();
$this->system_codes = array();
$qry = new PgQuery('SELECT system_usr.system_id, role, system_code FROM system_usr JOIN work_system USING (system_id) WHERE user_no = ? ', $this->user_no);
if ($qry->Exec('Session::GetRoles') && $qry->rows > 0) {
while ($role = $qry->Fetch()) {
$this->system_roles[$role->system_id] = $role->role;
$this->system_codes[$role->system_id] = $role->system_code;
}
}
}
echo "</tr></table>\n";
}
echo "<table border=\"0\" width=\"100%\">\n";
$show_notes = $format == "ultimate" || $format == "detailed";
$show_details = $format == "ultimate" || $format == "detailed" || "{$format}" == "activity" || "{$format}" == "quotes";
$show_quotes = $format == "ultimate" || "{$format}" == "activity" || "{$format}" == "quotes";
$show_work = ($format == "ultimate" || "{$format}" == "activity") && is_member_of('Admin', 'Support');
if (!$show_details) {
header_row();
}
if ($result) {
$grand_total = 0.0;
$grand_qty_total = 0.0;
// Build table of requests found
$i = 0;
while ($thisrequest = $qry->Fetch()) {
if ("{$format}" == "edit") {
$thisrequest->editable = $session->AllowedTo("Support") || $session->AllowedTo("Admin") || $this->org_code == $session->org_code && strpos("`SACEO", $session->system_roles[$this->system_id]) || $session->AllowedTo("Contractor") && strpos("`SA", $session->system_roles[$this->system_id]);
}
if ($show_details) {
header_row();
}
data_row($thisrequest, $i);
if ($show_details) {
printf("<tr class=row%1d>\n", $i % 2);
echo "<td colspan=7>" . html_format($thisrequest->detailed) . "</td>\n";
echo "</tr>\n";
}
if ($show_quotes) {
$subquery = "SELECT *, to_char( quoted_on, 'DD/MM/YYYY') AS nice_date ";
$subquery .= "FROM request_quote, usr ";
list($number, $description) = split('/', $v, 2);
$number = intval($number);
if ($number > 0) {
$request_ids[$number] = $number;
}
}
}
}
// Select the user's system_role for each such system
$sql = "SELECT request.request_id, system_usr.role ";
$sql .= "FROM request LEFT OUTER JOIN system_usr ON request.system_id = system_usr.system_id AND system_usr.user_no=? ";
$sql .= "WHERE request_id IN (" . implode(",", $request_ids) . ");";
$qry = new PgQuery($sql, $session->user_no);
if ($qry->Exec("TimeSheet")) {
if ($qry->rows > 0) {
while ($row = $qry->Fetch()) {
$request_ids[$row->request_id] = $row->role;
}
foreach ($request_ids as $r_id => $role) {
if ($role == $r_id) {
$client_messages[] = "W/R {$r_id} does not exist.";
$invalid = true;
} else {
if ($role == "") {
$client_messages[] = "You may not assign time to W/R {$r_id}.";
$invalid = true;
}
}
}
}
}
if (isset($debug)) {
header("Content-Type: text/plain");
} else {
header("Content-Type: text/calendar");
}
if ($ts->invoiced != "") {
$ts->description .= "\n" . $ts->invoiced;
}
$vevent = new vEvent(array('uid' => $ts_id . "@" . $_SERVER['SERVER_NAME'], 'dtstart' => $ts->dtstart, 'duration' => $ts->duration, 'summary' => $ts->summary, 'location' => $ts->location, 'description' => $ts->description));
print $vevent->Render();
dbg_error_log("GET", "User: %d, ETag: %s, Path: /%s/%d.ics", $get_user_no, $ts->dav_etag, $get_user_name, $ts_id);
} else {
$qry = new PgQuery("SELECT * FROM caldav_data WHERE user_no = ? AND dav_name = ? ;", $get_user_no, $get_path);
dbg_error_log("get", "%s", $qry->querystring);
if ($qry->Exec("GET") && $qry->rows == 1) {
$event = $qry->Fetch();
header("HTTP/1.1 200 OK");
header("ETag: {$event->dav_etag}");
if (isset($debug)) {
header("Content-Type: text/plain");
} else {
header("Content-Type: text/calendar");
}
print $event->caldav_data;
dbg_error_log("GET", "User: %d, ETag: %s, Path: %s", $get_user_no, $event->dav_etag, $get_path);
} else {
if ($qry->rows != 1) {
header("HTTP/1.1 500 Internal Server Error");
dbg_error_log("ERROR", "Multiple rows match for User: %d, ETag: %s, Path: %s", $get_user_no, $event->dav_etag, $get_path);
} else {
header("HTTP/1.1 500 Infernal Server Error");
/**
* Get the names of the fields for a particular table
* @param string $tablename The name of the table.
* @return array of string The public fields in the table.
*/
function get_fields($tablename)
{
global $_AWL_field_cache;
if (!isset($_AWL_field_cache[$tablename])) {
dbg_error_log("DataUpdate", ":get_fields: Loaded fields for table '{$tablename}'");
$sql = "SELECT f.attname, t.typname FROM pg_attribute f ";
$sql .= "JOIN pg_class c ON ( f.attrelid = c.oid ) ";
$sql .= "JOIN pg_type t ON ( f.atttypid = t.oid ) ";
$sql .= "WHERE relname = ? AND attnum >= 0 order by f.attnum;";
$qry = new PgQuery($sql, $tablename);
$qry->Exec("DataUpdate");
$fields = array();
while ($row = $qry->Fetch()) {
$fields["{$row->attname}"] = $row->typname;
}
$_AWL_field_cache[$tablename] = $fields;
}
return $_AWL_field_cache[$tablename];
}
/**
* Internal function used to get the user's roles from the database.
*/
function GetRoles()
{
$this->roles = array();
$qry = new PgQuery('SELECT role_name FROM role_member m join roles r ON r.role_no = m.role_no WHERE user_no = ? ', $this->user_no);
if ($qry->Exec('BasicAuthSession') && $qry->rows > 0) {
while ($role = $qry->Fetch()) {
$this->roles[$role->role_name] = true;
}
}
}
function show_sidebar_menu()
{
global $PHP_SELF, $session, $c, $theme, $hurl, $lsid, $help_url, $qams_enabled;
if ($qams_enabled && strstr($PHP_SELF, "qams")) {
menu_break_line();
menu_url_line("/", "Go to the WRMS Work Request Management System", "WRMS", "head");
menu_break_line();
// QAMS MENU ITEMS..
menu_url_line("/qams-project.php?edit=1", "Create a new project", "New Project", "head");
// Not yet implemented..
//menu_url_line("/qams-project-search.php", "Search for projects", "Search Projects", "head");
if (isset($lsid)) {
menu_url_line("/?logout=1&forget=1{$hurl}", "Log me out and stop logging me in automatically", "Forget Me", "head");
} else {
menu_url_line("/?logout=1{$hurl}", "Au revoir!", "Log Off", "head");
}
menu_break_line();
echo '<form method="get" action="/qams-project.php" name="quickwr" id="quickwr" style="display:inline">';
printf(' <b>PROJ:</b><input type="text" size="7" title="%s" value="%d" name="request_id">', 'Enter a Project Number and press [Enter] to go to it directly.', $GLOBALS['request_id']);
echo "</form><br >";
menu_break_line();
menu_url_line("/qams.php?filter=my", "Show projects I am involved in", "My Projects");
menu_url_line("/qams.php?filter=recent", "Show the most recent projects", "Recent Projects");
menu_break_line();
menu_url_line("/qams-refdoc-index.php", "Quality Assurance Documents Index", "Documents");
} else {
// WRMS MENU ITEMS..
menu_url_line("/wr.php", "Enter a new work request into the system.", "New Request", "head");
$tooltip = "A comprehensive search facility for reporting on work requests.";
menu_url_line("/wrsearch.php", $tooltip, "Search Requests", "head");
if (is_member_of('Admin', 'Support', 'Contractor')) {
menu_url_line("/timesheet.php", "", "Timesheet Entry", "head");
}
if ($qams_enabled) {
menu_url_line("/qams.php", "Go to the QAMS Quality Assurance Management System", "Quality System", "head");
}
if (isset($lsid)) {
menu_url_line("/?logout=1&forget=1{$hurl}", "Log me out and stop logging me in automatically", "Forget Me", "head");
} else {
menu_url_line("/?logout=1{$hurl}", "Au revoir!", "Log Off", "head");
}
menu_break_line();
printf(<<<EOFORM
<form method="get" action="/wr.php" name="quickwr" id="quickwr" style="display:inline">
<b>W/R:</b><input type="text" size="7" title="%s" value="%d" name="request_id">
</form><br >
EOFORM
, 'Enter a W/R number and press [Enter] to go to it directly.', $GLOBALS['request_id']);
$tooltip = "Run this saved search";
$tooltip2 = "Edit this saved search";
$qry = new PgQuery("SELECT * FROM saved_queries WHERE user_no = '{$session->user_no}' AND in_menu ORDER BY query_name");
if ($qry->Exec("block-menu") && $qry->rows > 0) {
menu_break_line();
while ($thisquery = $qry->Fetch()) {
echo " <a href=\"/wrsearch.php?style=plain&saved_query=" . urlencode($thisquery->query_name) . "\" class=\"block\" title=\"{$tooltip}\" alt=\"{$tooltip}\"><b>»</b>{$thisquery->query_name}</a>";
if ($thisquery->query_params != "") {
echo " <a href=\"/wrsearch.php?saved_query=" . urlencode($thisquery->query_name) . "\" class=\"block\" title=\"{$tooltip2}\"><b>«e»</b></a>";
}
echo "<br >\n";
}
echo " <a href=\"/saved_searches.php\">...more</a><br >\n";
} else {
menu_break_line();
$tooltip = "List, run and edit all of your saved searches.";
menu_url_line("/saved_searches.php", $tooltip, "Saved Searches");
}
menu_break_line();
menu_url_line($help_url, "Help on this screen", "Help");
$tooltip = "Maintain your name, phone and e-mail details, or change your password";
menu_url_line("user.php?edit=1&user_no={$session->user_no}", $tooltip, "Edit My Info");
if (is_member_of('Admin', 'Support', 'OrgMgr')) {
// menu_break_line();
$tooltip = "Review and update details about your organisation.";
menu_url_line("/org.php?org_code={$session->org_code}", $tooltip, "My Organisation");
$tooltip = "List the WRMS users for your organisation.";
menu_url_line("/usrsearch.php?org_code={$session->org_code}", $tooltip, "Our Users");
$tooltip = "Create a new WRMS user for your organisation.";
menu_url_line("/user.php?org_code={$session->org_code}", $tooltip, "New User");
$tooltip = "List the 'Systems' your organisation may create Work Requests for.";
menu_url_line("/form.php?form=syslist&org_code={$session->org_code}", $tooltip, "Our Systems");
if (is_member_of('Admin')) {
menu_url_line("/lookups.php", "", "Lookup Codes");
menu_url_line("/form.php?form=attachment_type", "", "Attachment Types");
menu_url_line("/form.php?form=sessionlist", "", "Sessions");
}
}
if (is_member_of('Admin', 'Support')) {
menu_break_line();
menu_url_line("/form.php?f=orglist", "", "All Organisations");
menu_url_line("/form.php?f=syslist", "", "General Systems");
menu_url_line("/new_organisation.php", "Add a new organisation, with a general system and primary user", "New Organisation");
menu_url_line("/form.php?user_no={$session->user_no}&form=timelist&uncharged=1", "", "My Uncharged Work");
menu_url_line("/form.php?f=timelist&uncharged=1", "", "All Work");
menu_url_line("/form.php?f=simpletimelist", "", "Work by Person");
menu_url_line("/form.php?f=timelist&uncharged=1&charge=1", "", "Work To Charge");
$tooltip = "A report showing the activity in the WRMS.";
menu_url_line("/requestchange.php", $tooltip, "WRMS Activity");
}
if (is_member_of('Admin', 'Support') || $GLOBALS['rank_report_anyone']) {
$tooltip = "A ranked list of work requests, most important and urgent at the top";
menu_url_line("/requestrank.php?qs=complex", $tooltip, "Request Ranking");
}
}
if (is_member_of('Admin', 'Support')) {
menu_url_line("/statuspie.php", 'A pie chart of request statuses for a period / system / organisation', "Status Pie");
}
if (is_member_of('Admin', 'Accounts')) {
menu_url_line("/work_summary.php", 'Show work summary for an Organisation / System / Person etc.', "Work Summary");
}
$theme->BlockClose();
}
$sql = "SELECT * FROM request_attachment, lookup_code ";
$sql .= "WHERE attachment_id = {$id} ";
$sql .= "AND source_table='request' ";
$sql .= "AND source_field='attach_type' ";
$sql .= "AND lookup_code = att_type ; ";
$qry = new PgQuery($sql);
if ($qry->Exec("attachment") && $qry->rows > 0) {
$attachment = $qry->Fetch();
} else {
$qry = new PgQuery("SELECT * FROM request_attachment WHERE attachment_id = {$id};");
if (!$qry->Exec("attachment") || $qry->rows == 0) {
error_log("{$sysabbr} attachment: DBG: id [{$id}] not found", 0);
echo "<html><head><title>Error - invalid attachment ID [{$id}]</title><body><h1>Invalid attachment ID [{$id}]</h1></body></html>";
exit;
}
$attachment = $qry->Fetch();
include_once "guess-file-type.php";
$attachment->lookup_code = guess_file_type($attachment->att_filename, "{$attachment_dir}/{$id}");
$attachment->lookup_misc = guess_mime_type($attachment->lookup_code);
}
if (!isset($attachment_dir)) {
$attachment_dir = "attachments";
}
header("Content-type: {$attachment->lookup_misc}");
header("Content-Disposition: filename={$attachment->att_filename}");
$bytes = filesize("{$attachment_dir}/{$id}");
header("Content-length: {$bytes}");
// dump the file
$fp = fopen("{$attachment_dir}/{$id}", 'rb');
fpassthru($fp);
error_log("{$sysabbr} attachment: DBG: Served '{$attachment->att_filename}' as '{$attachment->lookup_misc}' ({$attachment->lookup_code}), {$bytes} bytes");
/**
*
*/
function Write()
{
global $c, $session;
if (parent::Write()) {
if ($this->new_record) {
$qry = new PgQuery("SELECT currval('organisation_org_code_seq');");
$qry->Exec("OrganisationPlus::Write: Retrieve org_code");
$sequence_value = $qry->Fetch(true);
// Fetch as an array
$org_code = $sequence_value[0];
$GLOBALS['id'] = $org_code;
$c->messages[] = "Organisation, System and User records created.";
if (isset($_POST['invite']) && $_POST['invite'] == 'on') {
$username = $this->Get('username');
$fullname = $this->Get('fullname');
$invitation_template = <<<EOINVITE
Hi {$fullname},
Welcome to @@system_name@@!
Your access has now been configured by {$session->fullname} with the
following details:
Username: {$username}
Password: @@password@@
This is a temporary password which will be valid for 24 hours. To
log on, please visit:
{$c->base_dns}/
Once you have logged on, you will need to use the "Edit My Info"
option to set a permanent password.
If you have any problems, please contact {$session->fullname} or the
system administrator.
Thanks.
EOINVITE;
$session->Dbg("OrganisationPlus", "Inviting '%s' to join.", $username);
$session->EmailTemporaryPassword($username, null, $invitation_template);
$c->messages[] = "Invitation and password sent to " . $username;
} else {
$session->Dbg("OrganisationPlus", "Invite is >>%s<<", $_POST['invite']);
}
} else {
$c->messages[] = "Organisation, System and User details updated.";
}
return true;
}
return false;
// Looks like we screwed up somewhere
}
$ts_until = date('Y-M-d', $sow + 14 * 86400);
$sql = <<<EOQRY
SELECT rt.request_id, abbreviation, system_desc, brief, sum(work_quantity) AS work_quantity
FROM request_timesheet rt
JOIN request ON (request.request_id = rt.request_id)
JOIN usr ON (request.requester_id = usr.user_no)
JOIN organisation USING (org_code)
JOIN work_system USING (system_id)
WHERE rt.work_by_id = ?
AND work_on >= ?
AND work_on < ?
GROUP BY rt.request_id, abbreviation, system_desc, brief
ORDER BY rt.request_id ASC;
EOQRY;
$qry = new PgQuery($sql, $ts_user, $ts_from, $ts_until);
if ($qry->Exec("TimeSheet") && $qry->rows > 0) {
echo "<h3>Recent Requests You Have Worked On</h3>\n";
echo '<table width="100%" border="0" cellpadding="1" cellspacing="2">';
echo "<tr class=\"row1\"><th class=\"cols\">WR #</th><th class=\"cols\" align=\"left\">For</th><th class=\"cols\" align=\"left\">System</th><th class=\"cols\" align=\"left\">Request</th></tr>\n";
while ($wr = $qry->Fetch()) {
echo "<tr class=\"row" . $i % 2 . "\">";
echo "<th><a href=\"wr.php?request_id={$wr->request_id}\">{$wr->request_id}</a></th>";
echo "<td>{$wr->abbreviation}</td>";
echo "<td>{$wr->system_desc}</td>";
echo "<td>{$wr->brief}</td>";
echo "</tr>\n";
}
echo "</table>\n";
}
// Close off page and write the $settings out
include "page-footer.php";
