public static function start($save_path, $session_name) { Session::$sid = session_id(); //This is a core PHP function. Save that a session has been started in the default server log. //error_log('Starting Session ' . $session_name . " ". $this->sid);//DEBUG// /* * Get the userID of the saved session (if exists). * If the query returns no valid rows (ie: this is a NEW session), * $data will be a blank array, thus never tripping the foreach and preserving $this->uid as FALSE. */ $rs = Typeframe::Database()->prepare("SELECT `uid`\r\n FROM #__sessions\r\n WHERE `sid` = ? AND `ip_addr` = ? LIMIT 1"); $rs->execute(Session::$sid, REMOTE_IP); /** * The session is NEW. Create it. */ if ($rs->recordcount() == 0) { $rs2 = Typeframe::Database()->prepare("INSERT INTO #__sessions\r\n (`sid`, `ip_addr`, `uid`, `expires`)\r\n VALUES\r\n (?, ?, ?, ?)"); $rs2->execute(Session::$sid, REMOTE_IP, 0, Session::$ttl + time()); } else { $data = $rs->fetch_array(); Session::$uid = $data['uid']; $rs2 = Typeframe::Database()->prepare("UPDATE #__sessions\r\n SET `expires` = ?\r\n WHERE `sid` = ? AND `ip_addr` = ?"); $rs2->execute(Session::$ttl + time(), Session::$sid, REMOTE_IP); } }
public function runners() { $active = $this->read('activeUsers'); $runners = User::getUserList(Session::uid(), $active, 1, true); $ret = array(); $default = isset($_REQUEST['runner']) ? $_REQUEST['runner'] : null; foreach ($runners as $runner) { $ret[] = array('id' => $runner->getId(), 'nickname' => $runner->getNickname(), 'selected' => $default === $runner->getId()); } return $ret; }
public function __construct() { parent::__construct(); $this->name = strtolower(preg_replace('/Layout$/', '', get_class($this))); $user_id = Session::uid(); $user = User::find($user_id); $this->currentUser['id'] = $user_id; $this->currentUser['username'] = $user_id ? $user->getUsername() : ''; $this->currentUser['nickname'] = $user_id ? $user->getNickname() : ''; $this->currentUser['is_runner'] = empty($_SESSION['is_runner']) ? false : true; $this->currentUser['runningProjects'] = json_encode($user->getProjectsAsRunner()); $this->currentUser['is_payer'] = empty($_SESSION['is_payer']) ? false : true; $this->currentUser['is_admin'] = !$user->getIs_admin() ? false : true; if ($user_id) { Utils::initUserById($user_id); $user->findUserById($user_id); $this->currentUser['budget'] = array('feeSums' => Fee::getSums(), 'totalManaged' => money_format('$ %i', $user->getTotalManaged()), 'remainingFunds' => money_format('$ %i', $user->setRemainingFunds()), 'allocated' => money_format('$ %i', $user->getAllocated()), 'submitted' => money_format('$ %i', $user->getSubmitted()), 'paid' => money_format('$ %i', $user->getPaid()), 'transfered' => money_format('$ %i', $user->getTransfered()), 'transfersDetails' => $user->getBudgetTransfersDetails(), 'available' => $user->getBudget()); $this->currentUser['can'] = array('addProject' => $user->getIs_admin() || $user->isRunner() || $user->isPaypalVerified()); $this->currentUser['is_internal'] = $user->isInternal(); $this->currentUser['budgetAuthorized'] = strpos(BUDGET_AUTHORIZED_USERS, "," . $user_id . ",") !== false; } }
public function setPaid($id, $paid) { try { $user = User::find(Session::uid()); // Check if we have a payer if (!$user->isPayer()) { throw new Exception('Nothing to see here. Move along!'); } // Get clean data $paid = $paid ? true : false; $notes = trim($_POST['notes']); if (!$notes) { throw new Exception('You must write a note!'); } $fund_id = Fee::getFundId($id); // Exit of this script if (!Fee::markPaidById($id, $user->getId(), $notes, $paid, false, $fund_id)) { throw new Exception('Payment Failed!'); } /* Only send the email when marking as paid. */ if ($paid) { $fee = Fee::getFee($fee_id); $workitem = new WorkItem($fee['worklist_id']); $summary = $workitem->getSummary(); $fee_user = User::find($fee['user_id']); $subject = "Worklist.net paid you " . $fee['amount'] . " for " . $summary; $body = "Your Fee was marked paid.<br/>" . "Job <a href='" . SERVER_URL . $fee['worklist_id'] . "'>#" . $fee['worklist_id'] . ': ' . $summary . '</a><br/>' . "Fee Description : " . nl2br($fee['desc']) . "<br/>" . "Paid Notes : " . nl2br($notes) . "<br/><br/>" . "Contact the job Designer with any questions<br/><br/>Worklist.net<br/>"; if (!Utils::send_email($fee_user->getUsername(), $subject, $body)) { error_log("FeeController::setPaid: Utils::send_email failed"); } } return $this->setOutput(array('success' => true, 'notes' => 'Payment has been saved!')); } catch (Exception $e) { return $this->setOutput(array('success' => false, 'notes' => $e->getMessage())); } }
public static function getSums() { $sum = array(); if (Session::uid()) { $r = mysql_query("SELECT SUM(`amount`) AS `sum_amount` FROM `" . FEES . "` WHERE `user_id` = {$_SESSION['userid']} AND\n `worklist_id` IN (SELECT `id` FROM `" . WORKLIST . "` WHERE `status` = 'Done') AND YEAR(DATE) = YEAR(NOW()) AND\n MONTH(`date`) = MONTH(NOW()) AND withdrawn != 1;") or exit(mysql_error()); $sum['month'] = mysql_fetch_object($r)->sum_amount; if (is_numeric($sum['month'])) { $sum['month'] = money_format('%i', $sum['month']); } else { $sum['month'] = '0.00'; } $r = mysql_query("SELECT SUM(`amount`) AS `sum_amount` FROM `" . FEES . "` WHERE `user_id` = {$_SESSION['userid']} AND\n `worklist_id` IN (SELECT `id` FROM `" . WORKLIST . "` WHERE `status` = 'Done') AND YEAR(DATE) = YEAR(NOW()) AND\n WEEK(`date`) = WEEK(NOW()) AND withdrawn != 1;") or exit(mysql_error()); $sum['week'] = mysql_fetch_object($r)->sum_amount; if (is_numeric($sum['week'])) { $sum['week'] = money_format('%i', $sum['week']); } else { $sum['week'] = '0.00'; } } else { $sum['month'] = '0.00'; $sum['week'] = '0.00'; } return $sum; }
/** * Used on github authorization between projects and users (see github.js) * Code moved from the old /GitHub.php file */ public function connect() { $GitHub = new User(Session::uid()); $workitem = new WorkItem(); $workitem->loadById((int) $_GET['job']); $projectId = $workitem->getProjectId(); $project = new Project($projectId); $connectResponse = $GitHub->processConnectResponse($project); if (!$connectResponse['error']) { if ($GitHub->storeCredentials($connectResponse['data']['access_token'], $project->getGithubId())) { $journal_message = sprintf("%s has been validated for project ##%s##", $GitHub->getNickname(), $project->getName()); Utils::systemNotification($journal_message); Utils::redirect('./' . $workitem->getId()); } else { // Something went wrong updating the users details, close this window and // display a proper error message to the user $message = 'Something went wrong and we could not complete the authorization process with GitHub. Please try again.'; } } else { // We have an error on the response, close this window and display an error message // to the user $message = 'We received an error when trying to complete the authorization process with GitHub. Please notify a member of the O-Team for assistance.'; } echo $message; }
public function deleteCodeReviewer($codeReviewer_id) { try { $team_id = $this->codeReviewersGitHubTeamId(); if (!$team_id) { return false; } $user = User::find(Session::uid()); $token = $user->authTokenForGitHubId(GITHUB_OAUTH2_CLIENT_ID); $client = new Github\Client(new Github\HttpClient\CachedHttpClient(array('cache_dir' => TEMP_DIR . DIRECTORY_SEPARATOR . 'github'))); $client->authenticate($token, '', Github\Client::AUTH_URL_TOKEN); $user = User::find($codeReviewer_id); $gh_user = $user->getGitHubUserDetails($this); $nickname = $gh_user['data']['login']; $ret = $client->api('organizations')->teams()->removeMember($team_id, $nickname); return true; } catch (Exception $e) { return false; } }
public static function checkLogin() { if (!Session::uid()) { $_SESSION = array(); session_destroy(); if (!empty($_POST)) { $request_ip = $_SERVER['REMOTE_ADDR']; $request_uri = $_SERVER['REQUEST_URI']; error_log('Possible hack attempt from ' . $request_ip . ' on: ' . $request_uri); error_log(json_encode($_REQUEST)); die('You are not authorized to post to this URL. Click ' . '<a href="' . SERVER_URL . '">here</a> to go to the main page. ' . "\n"); } Utils::redirect('./github/login?expired=1&redir=' . urlencode($_SERVER['REQUEST_URI'])); exit; } }
public function close($id) { try { $user = User::find(Session::uid()); if (!$user->getId()) { throw new Exception('You have to be logged in to access user info!'); } $budget_id = (int) $id; $budget = new Budget(); if (!$budget->loadById($budget_id)) { throw new Exception('Invalid budget id'); } if ($budget->active != 1) { throw new Exception('This budget is already closed.'); } if ($user->getId() != $budget->receiver_id && $budget->giver_id != $user->getId()) { throw new Exception('Not enough rights'); } $budgetGiver = new User(); if (!$budgetGiver->findUserById($budget->giver_id)) { throw new Exception('Invalid giver id.'); } $budgetReceiver = new User(); if (!$budgetReceiver->findUserById($budget->receiver_id)) { throw new Exception('Invalid receiver id.'); } // all the child budgets are closed ? $childrenNotClosed = $budget->getChildrenNotClosed($budget->id); if ($childrenNotClosed != 0) { throw new Exception("This budget has one or more sub-allocated budget that are still active. " . "You may not close out this budget until the other budgets are closed out."); } // all the budgeted jobs are paid ? $feeAmountNotPaid = $this->getSumOfFeeNotPaidByBudget($budget->id); if ($feeAmountNotPaid !== null) { throw new Exception('Some fees are not paid.'); } $remainingFunds = $budget->getRemainingFunds(); if ($remainingFunds >= 0) { $budget->original_amount = $budget->amount; $budget->amount = $budget->original_amount - $remainingFunds; $budget->active = 0; $budgetReceiver->updateBudget(-$remainingFunds, $budget->id, false); $this->closeOutBudgetSource($remainingFunds, $budget, $budgetReceiver, $budgetGiver); if (!$budget->save('id')) { throw new Exception('Error in update budget.'); } } else { if ($user->getId() == $budget->receiver_id) { throw new Exception('Your budget is spent. Please contact the grantor (' . $budgetGiver->getNickname() . ') for additional funds.'); } $budget->original_amount = $budget->amount; $budget->amount = $budget->original_amount - $remainingFunds; $budget->active = 0; $budgetReceiver->updateBudget(-$remainingFunds, $budget->id, false); $this->closeOutBudgetSource($remainingFunds, $budget, $budgetReceiver, $budgetGiver); if (!$budget->save('id')) { throw new Exception('Error in update budget.'); } } $this->setOutput(array('success' => true, 'message' => 'Budget closed')); } catch (Exception $e) { return $this->setOutput(array('success' => false, 'message' => $e->getMessage())); } }
function pingTask() { Utils::checkLogin(); // Get sender Nickname $id = Session::uid(); $user = User::find($id); $nickname = $user->getNickname(); $email = $user->getUsername(); $msg = $_REQUEST['msg']; $send_cc = isset($_REQUEST['cc']) ? (int) $_REQUEST['cc'] : false; // Get Receiver Info $receiver = User::find(intval($_REQUEST['userid'])); $receiver_nick = $receiver->getNickname(); $receiver_email = $receiver->getUsername(); $mail_subject = $nickname . " sent you a message on Worklist"; $mail_msg = "<p><a href='" . WORKLIST_URL . 'user/' . $id . "'>" . $nickname . "</a>"; $mail_msg .= " sent you a message: "; $mail_msg .= "</p><p>----------<br/>" . nl2br($msg) . "<br />----------</p><p>You can reply via email to " . $email . "</p>"; $headers = array('X-tag' => 'ping', 'From' => NOREPLY_SENDER, 'Reply-To' => '"' . $nickname . '" <' . $email . '>'); if ($send_cc) { $headers['Cc'] = '"' . $nickname . '" <' . $email . '>'; } if (!Utils::send_email($receiver_email, $mail_subject, $mail_msg, '', $headers)) { error_log("pingtask.php:!id: Utils::send_email failed"); } echo json_encode(array()); }
/** * This function notifies selected recipients about updates of workitems * except for currently logged in user * * @param Array $options - Array with options: * type - type of notification to send out * workitem - workitem object with updated data * recipients - array of recipients of the message ('creator', 'runner', 'mechanic') * emails - send message directly to list of emails (array) - * if 'emails' is passed - 'recipients' option is ignored * @param Array $data - Array with additional data that needs to be passed on * @param boolean $includeSelf - force user receive email from self generated action * example: 'who' and 'comment' - if we send notification about new comment */ public static function workitemNotify($options, $data = null, $includeSelf = true) { $recipients = isset($options['recipients']) ? $options['recipients'] : null; $emails = isset($options['emails']) ? $options['emails'] : array(); $workitem = $options['workitem']; $current_user = User::find(Session::uid()); if (isset($options['project_name'])) { $project_name = $options['project_name']; } else { try { $project = new Project(); $project->loadById($workitem->getProjectId()); $project_name = $project->getName(); } catch (Exception $e) { error_log($e->getMessage() . " Workitem: #" . $workitem->getId() . " " . " has an invalid project id:" . $workitem->getProjectId()); $project_name = ""; } } $revision = isset($options['revision']) ? $options['revision'] : null; $itemId = $workitem->getId(); $itemLink = '<a href="' . WORKLIST_URL . $itemId . '">#' . $itemId . '</a>'; $itemTitle = '#' . $itemId . ' (' . $workitem->getSummary() . ')'; $itemTitleWithProject = '#' . $itemId . ': ' . $project_name . ': (' . $workitem->getSummary() . ')'; $itemLinkTitle = '<a href="' . WORKLIST_URL . $itemId . '">#' . $itemId . ' - ' . $workitem->getSummary() . '</a>'; $body = ''; $subject = '#' . $itemId . ' ' . html_entity_decode($workitem->getSummary(), ENT_QUOTES); $from_address = '<noreply-' . $project_name . '@worklist.net>'; $headers = array('From' => '"' . $project_name . '-' . strtolower($workitem->getStatus()) . '" ' . $from_address); switch ($options['type']) { case 'comment': $headers['From'] = '"' . $project_name . '-comment" ' . $from_address; $headers['Reply-To'] = '"' . $_SESSION['nickname'] . '" <' . $_SESSION['username'] . '>'; $commentUrl = WORKLIST_URL . $workitem->getId() . '#comment-' . $data['comment-id']; $commentLink = ' <a href="' . $commentUrl . '">commented</a> '; $body .= $data['who'] . $commentLink . ' on ' . $itemLink . ':<br>' . nl2br($data['comment']) . '<br /><br />'; if ($current_user->getSelf_notif()) { array_push($emails, $current_user->getUsername()); } break; case 'fee_added': if ($workitem->getStatus() != 'Draft') { $headers['From'] = '"' . $project_name . '-fee added" ' . $from_address; $body = 'New fee was added to the item ' . $itemLink . '.<br>' . 'Who: ' . $data['fee_adder'] . '<br/>' . 'Amount: ' . $data['fee_amount'] . '<br/>' . '<div>Fee Notes:<br/> ' . nl2br(stripslashes($data['fee_desc'])) . '</div><br/><br/>' . 'Project: ' . $project_name . '<br/>' . 'Creator: ' . $workitem->getCreator()->getNickname() . '<br />'; if ($workitem->getRunner() != '') { $body .= 'Designer: ' . $workitem->getRunner()->getNickname() . '<br />'; } if ($workitem->getMechanic() != '') { $body .= 'Developer: ' . $workitem->getMechanic()->getNickname() . '<br /><br />'; } $body .= 'Notes:<br/> ' . nl2br($workitem->getNotes()) . '<br /><br />' . 'You can view the job <a href="' . WORKLIST_URL . $itemId . '">here</a>.' . '<br /><br />' . '<a href="' . SERVER_URL . '">www.worklist.net</a>'; } break; case 'fee_deleted': if ($workitem->getStatus() != 'Draft') { $headers['From'] = '"' . $project_name . '-fee deleted" ' . $from_address; $body = "<p>Your fee has been deleted by: " . $_SESSION['nickname'] . "<br/><br/>"; $body .= "If you think this has been done in error, please contact the job Designer.</p>"; $body .= 'Project: ' . $project_name . '<br />' . 'Creator: ' . $workitem->getCreator()->getNickname() . '<br />'; if ($workitem->getRunner() != '') { $body .= 'Designer: ' . $workitem->getRunner()->getNickname() . '<br />'; } if ($workitem->getMechanic() != '') { $body .= 'Developer: ' . $workitem->getMechanic()->getNickname() . '<br /><br />'; } $body .= 'Notes:<br/> ' . nl2br($workitem->getNotes()) . '<br /><br />' . 'You can view the job <a href="' . WORKLIST_URL . $itemId . '">here</a>.' . '<br /><br />' . '<a href="' . SERVER_URL . '">www.worklist.net</a>'; } break; case 'tip_added': $headers['From'] = '"' . $project_name . '-tip added" ' . $from_address; $body = $data['tip_adder'] . ' tipped you $' . $data['tip_amount'] . ' on job ' . $itemLink . ' for:<br><br>' . $data['tip_desc'] . '<br><br>Yay!' . '<br /><br />' . 'Project: ' . $project_name . '<br />' . 'Creator: ' . $workitem->getCreator()->getNickname() . '<br />'; if ($workitem->getRunner() != '') { $body .= 'Designer: ' . $workitem->getRunner()->getNickname() . '<br />'; } if ($workitem->getMechanic() != '') { $body .= 'Developer: ' . $workitem->getMechanic()->getNickname() . '<br /><br />'; } $body .= 'Notes:<br/> ' . nl2br($workitem->getNotes()) . '<br /><br />' . 'You can view the job <a href="' . WORKLIST_URL . $itemId . '">here</a>.' . '<br /><br />' . '<a href="' . SERVER_URL . '">www.worklist.net</a>'; break; case 'bid_accepted': $headers['From'] = '"' . $project_name . '-bid accepted" ' . $from_address; $body = 'Your bid was accepted for ' . $itemLink . '<br/><br />' . 'If this job requires you to create code, please read through and then follow our coding ' . 'standards which are found <a href="https://github.com/highfidelity/hifi/wiki/Coding-Standard">here</a>.<br/><br/>' . 'Promised by: ' . $_SESSION['nickname'] . '<br /><br />' . 'Project: ' . $project_name . '<br />' . 'Creator: ' . $workitem->getCreator()->getNickname() . '<br />'; if ($workitem->getRunner() != '') { $body .= 'Designer: ' . $workitem->getRunner()->getNickname() . '<br />'; } if ($workitem->getMechanic() != '') { $body .= 'Developer: ' . $workitem->getMechanic()->getNickname() . '<br /><br />'; } $body .= 'Notes:<br/> ' . nl2br($workitem->getNotes()) . '<br /><br />' . 'The job can be viewed <a href="' . WORKLIST_URL . $itemId . '">here</a><br /><br />'; // render the github branch-created-sub template if necessary if (!empty($data) && array_key_exists('branch_name', $data)) { $template = 'branch-created-sub'; include APP_PATH . '/email/en.php'; $replacedTemplate = !empty($data) ? Utils::templateReplace($emailTemplates[$template], $data) : $emailTemplates[$template]; $body .= $replacedTemplate['body']; } $body .= '<br /><a href="' . SERVER_URL . '">www.worklist.net</a>'; break; case 'bid_placed': $projectId = $workitem->getProjectId(); $jobsInfo = $options['jobsInfo']; $lastThreeJobs = $jobsInfo['joblist']; $workItemUrl = '<a href="' . WORKLIST_URL; //create the last three jobs and link them to those Jobs. foreach ($lastThreeJobs as $row) { $jobs .= $workItemUrl; $jobs .= $row['id'] . '">#' . $row['id'] . '</a>' . ' - ' . $row['summary'] . '<br /><br />'; } //if no Jobs then display 'None' if (!$jobs) { $jobs = 'None <br />'; } //now get total jobs and total jobs and create links $totalJobs = $workItemUrl; $totalJobs .= $workitem->getId() . '?action=view&userinfotoshow=' . $_SESSION['userid'] . '">' . $options['totalJobs'] . ' jobs in total</a><br />'; $totalActiveJobs = $workItemUrl; $totalActiveJobs .= $workitem->getId() . '?action=view&userinfotoshow=' . $_SESSION['userid'] . '">' . $options['activeJobs'] . ' jobs currently active</a>'; $urlAcceptBid = $workItemUrl; $urlAcceptBid .= $itemId . '?bid_id=' . $data['bid_id'] . '&action=view_bid">Accept ' . $_SESSION['nickname'] . '\'s bid</a>'; $body .= $urlAcceptBid; $bidder_address = '<' . $_SESSION['username'] . '>'; $headers['From'] = '"' . $project_name . '-new bid" ' . $bidder_address; $body = ' New bid from <a href="' . SERVER_URL . 'user/' . $_SESSION['userid'] . '">' . $_SESSION['nickname'] . '</a> on: <br />' . $itemLink . ' ' . $workitem->getSummary() . '<br />' . '----------------------------------------------------------------<br /><br />' . 'Amount: $' . number_format($data['bid_amount'], 2) . '<br />' . 'Functioning in: ' . $data['done_in'] . '<br />' . '----<br />' . 'Notes: ' . '<br />' . ' ' . nl2br(stripslashes($data['notes'])) . '<br />' . '----<br />' . $urlAcceptBid . ' / reply to this email to ask questions or <a href="https://gitter.im/highfidelity/worklist">chat via Gitter</a><br /><br />' . '----------------------------------------------------------------<br />' . '<a href="' . SERVER_URL . 'user/' . $_SESSION['userid'] . '">' . $_SESSION['nickname'] . '\'s profile</a> / ' . $totalActiveJobs . ' / ' . $totalJobs . '<br />' . '----------------------------------------------------------------'; break; case 'bid_updated': $projectId = $workitem->getProjectId(); $jobsInfo = $options['jobsInfo']; $lastThreeJobs = $jobsInfo['joblist']; $workItemUrl = '<a href="' . WORKLIST_URL; //create the last three jobs and link them to those Jobs. foreach ($lastThreeJobs as $row) { $jobs .= $workItemUrl; $jobs .= $row['id'] . '">#' . $row['id'] . '</a>' . ' - ' . $row['summary'] . '<br /><br />'; } //if no Jobs then display 'None' if (!$jobs) { $jobs = 'None <br />'; } //now get total jobs and total jobs and create link $totalJobs = $workItemUrl; $totalJobs .= $workitem->getId() . '?action=view&userinfotoshow=' . $_SESSION['userid'] . '">' . $options['totalJobs'] . ' jobs in total</a><br />'; $totalActiveJobs = $workItemUrl; $totalActiveJobs .= $workitem->getId() . '?action=view&userinfotoshow=' . $_SESSION['userid'] . '">' . $options['activeJobs'] . ' jobs currently active</a>'; $urlAcceptBid = $workItemUrl; $urlAcceptBid .= $itemId . '?bid_id=' . $data['bid_id'] . '&action=view_bid">Accept ' . $_SESSION['nickname'] . '\'s bid</a>'; $body .= $urlAcceptBid; $bidder_address = '<' . $_SESSION['username'] . '>'; $headers['From'] = '"' . $project_name . '-bid updated" ' . $bidder_address; $body = 'Bid updated by <a href="' . SERVER_URL . 'user/' . $_SESSION['userid'] . '">' . $_SESSION['nickname'] . '</a> on: <br />' . $itemLink . ' ' . $workitem->getSummary() . '<br />' . '----------------------------------------------------------------<br /><br />' . 'Amount: $' . number_format($data['bid_amount'], 2) . '<br />' . 'Functioning in: ' . $data['done_in'] . '<br />' . '----<br />' . 'Notes: ' . '<br />' . ' ' . nl2br(stripslashes($data['notes'])) . '<br />' . '----<br />' . $urlAcceptBid . ' / reply to this email to ask questions or <a href="https://gitter.im/highfidelity/worklist">chat via Gitter</a><br /><br />' . '----------------------------------------------------------------<br />' . '<a href="' . SERVER_URL . 'user/' . $_SESSION['userid'] . '">' . $_SESSION['nickname'] . '\'s profile</a> / ' . $totalActiveJobs . ' / ' . $totalJobs . '<br />' . '----------------------------------------------------------------'; break; case 'bid_discarded': $headers['From'] = '"' . $project_name . '-bid not accepted" ' . $from_address; $body = "<p>Hello " . $data['who'] . ",</p>"; $body .= "<p>Thanks for adding your bid to <a href='" . WORKLIST_URL . $itemId . "'>#" . $itemId . "</a> '" . $workitem->getSummary() . "'. This job has just been filled by another developer.</br></p>"; $body .= "There is lots of work to be done so please keep checking the <a href='" . SERVER_URL . "'>worklist</a> and bid on another job soon!</p>"; $body .= "<p>Hope to see you in the Worklist soon. :)</p>"; break; case 'modified': if ($workitem->getStatus() != 'Draft') { $from_changes = ""; if (!empty($options['status_change']) && $workitem->getStatus() == 'QA Ready') { $status_change = '-' . strtolower($workitem->getStatus()); $headers['From'] = '"' . $project_name . $status_change . '" ' . $from_address; $body = $_SESSION['nickname'] . ' set ' . $itemLink . ' to QA Ready.<br /><br />' . 'Check out the work: ' . $workitem->getSandbox() . '<br /><br />' . 'Checkout the branch created for this job: git checkout ' . $workitem->getSandbox() . ' .<br /><br />' . '<a href="' . WORKLIST_URL . $itemId . '">Leave a comment on the Job</a>'; } else { if (!empty($options['status_change'])) { $from_changes = $options['status_change']; } if (isset($options['job_changes'])) { if (count($options['job_changes']) > 0) { $from_changes .= $options['job_changes'][0]; if (count($options['job_changes']) > 1) { $from_changes .= ' +other changes'; } } } if (!empty($from_changes)) { $headers['From'] = '"' . $project_name . $from_changes . '" ' . $from_address; } else { $status_change = '-' . strtolower($workitem->getStatus()); $headers['From'] = '"' . $project_name . $status_change . '" ' . $from_address; } $body = $_SESSION['nickname'] . ' updated item ' . $itemLink . '<br>' . $data['changes'] . '<br /><br />' . 'Project: ' . $project_name . '<br />' . 'Creator: ' . $workitem->getCreator()->getNickname() . '<br />'; if ($workitem->getRunner() != '') { $body .= 'Designer: ' . $workitem->getRunner()->getNickname() . '<br />'; } if ($workitem->getMechanic() != '') { $body .= 'Developer: ' . $workitem->getMechanic()->getNickname() . '<br /><br />'; } $body .= 'Notes:<br/> ' . nl2br($workitem->getNotes()) . '<br /><br />' . 'You can view the job <a href="' . WORKLIST_URL . $itemId . '">here</a>.' . '<br /><br />' . '<a href="' . SERVER_URL . '">www.worklist.net</a>'; } } break; case 'new_bidding': $urlPlacebid = '<a href="' . WORKLIST_URL . $itemId . '?placeBid">Submit a bid</a>'; $body = "Now accepting bids: <br />" . $itemLink . ' ' . $workitem->getSummary() . '<br />' . '----------------------------------------------------------------<br />' . 'Project: ' . '<a href="' . SERVER_URL . $project_name . '">' . $project_name . '</a>' . ' / Creator: ' . '<a href="' . SERVER_URL . 'user/' . $workitem->getCreator()->getNickname() . '">' . $workitem->getCreator()->getNickname() . '<a>'; if ($workitem->getRunner() != '') { $body .= ' / Designer: ' . '<a href="' . SERVER_URL . 'user/' . $workitem->getRunner()->getNickname() . '">' . $workitem->getCreator()->getNickname() . '<a> <br />' . '----------------------------------------------------------------<br />'; } $body .= 'Notes:<br /> ' . nl2br(stripslashes($workitem->getNotes())) . '<br />' . '----------------------------------------------------------------<br />' . '<a href="' . WORKLIST_URL . $itemId . '">View the job</a>' . ' / ' . $urlPlacebid; break; case 'new_qa': $body = $_SESSION['nickname'] . ' set ' . $itemLink . ' to QA Ready.<br /><br />' . 'Check out the work: ' . $workitem->getSandbox() . '<br /><br />' . 'Checkout the branch created for this job: git checkout ' . $workitem->getSandbox() . ' .<br /><br />' . '<a href="' . WORKLIST_URL . $itemId . '">Leave a comment on the Job</a>'; break; case 'new_review': $body = "Now ready for a code review: " . $itemLinkTitle . ' <br /><br />'; break; case 'suggested': $body = 'Summary: ' . $itemLink . '<br /><br />' . 'Project: ' . $project_name . '<br />' . 'Creator: ' . $workitem->getCreator()->getNickname() . '<br />'; if ($workitem->getRunner() != '') { $body .= 'Designer: ' . $workitem->getRunner()->getNickname() . '<br />'; } if ($workitem->getMechanic() != '') { $body .= 'Developer: ' . $workitem->getMechanic()->getNickname() . '<br /><br />'; } $body .= 'Notes:<br/> ' . nl2br($workitem->getNotes()) . '<br /><br />' . 'You can view the job <a href="' . WORKLIST_URL . $itemId . '">here</a>.' . '<br /><br />' . '<a href="' . SERVER_URL . '">www.worklist.net</a>'; break; case 'code-review-completed': $headers['From'] = '"' . $project_name . '-review complete" ' . $from_address; $body = '<p>Hello,</p>'; $body .= '<p>The code review on task ' . $itemLink . ' has been completed by ' . $_SESSION['nickname'] . '</p>'; $body .= '<br>'; $body .= '<p>Project: ' . $project_name . '<br />'; $body .= 'Creator: ' . $workitem->getCreator()->getNickname() . '<br />'; $body .= 'Designer: ' . $workitem->getRunner()->getNickname() . '<br />'; $body .= 'Developer: ' . $workitem->getMechanic()->getNickname() . '</p>'; $body .= '<p>Notes:<br/> ' . nl2br($workitem->getNotes()) . '<br /></p>'; $body .= '<p>You can view the job <a href="' . WORKLIST_URL . $itemId . '">here</a>.' . '<br /></p>'; $body .= '<p><a href="' . SERVER_URL . '">www.worklist.net</a></p>'; break; case 'expired_bid': $headers['From'] = '"' . $project_name . '-expired bid" ' . $from_address; $body = "<p>Job " . $itemLink . "<br />"; $body .= "Your Bid on #" . $itemId . " has expired and this task is still available for Bidding.</p>"; $body .= "<p>Bidder: " . $data['bidder_nickname'] . "<br />"; $body .= "Bid Amount : \$" . $data['bid_amount'] . "</p>"; $body .= '<p>Project: ' . $project_name . '<br />'; $body .= 'Creator: ' . $workitem->getCreator()->getNickname() . '<br />'; if ($workitem->getRunnerId()) { $body .= 'Designer: ' . $workitem->getRunner()->getNickname() . '<br />'; } $body .= '<p>Notes:<br/> ' . nl2br($workitem->getNotes()) . '<br /></p>'; $body .= '<p>You can view the job '; $body .= '<a href="' . WORKLIST_URL . $itemId . '">here</a>.<br /></p>'; $body .= '<p><a href="' . SERVER_URL . '">www.worklist.net</a></p>'; break; case 'auto-pass': $headers['From'] = '"' . $project_name . "- Auto PASSED" . '" ' . $from_address; if (isset($data['prev_status']) && $data['prev_status'] == 'Bidding') { $headers['From'] = '"' . $project_name . "- BIDDING Item Auto PASSED" . '" ' . $from_address; $body = "Otto has triggered an auto-PASS for job #" . $itemId . ". You may reactivate this job by updating the status or contacting an admin." . '<br/><br/>'; } else { $body = "Otto has triggered an auto-PASS for your suggested job. You may reactivate this job by updating the status or contacting an admin." . '<br/><br/>'; } $body .= "Summary: " . $itemLink . ": " . $workitem->getSummary() . '<br/>' . 'Project: ' . $project_name . '<br />' . 'Creator: ' . $workitem->getCreator()->getNickname() . '<br />' . 'Notes:<br/> ' . nl2br($workitem->getNotes()) . '<br /><br />' . 'You can view the job <a href="' . WORKLIST_URL . $itemId . '">here</a>.' . '<br /><br />' . '<a href="' . SERVER_URL . '">www.worklist.net</a>'; break; case 'virus-found': $headers['From'] = '"' . $project_name . '-upload error" ' . $from_address; $body = '<p>Hello, <br /><br /> The file ' . $options['file_name'] . ' (' . $options['file_title'] . ') ' . 'that you uploaded for this workitem was scanned and found to be containing a virus and will be quarantined. <br /><br />' . 'Please upload a clean copy of the file.</p>'; $body .= '<p>Project: ' . $project_name . '<br />'; $body .= 'Creator: ' . $workitem->getCreator()->getNickname() . '<br />'; if ($workitem->getRunnerId()) { $body .= 'Designer: ' . $workitem->getRunner()->getNickname() . '<br />'; } $body .= '<p>Notes:<br/> ' . nl2br($workitem->getNotes()) . '<br /></p>'; $body .= '<p>You can view the job '; $body .= '<a href="' . WORKLIST_URL . $itemId . '">here</a>.<br /></p>'; $body .= '<p><a href="' . SERVER_URL . '">www.worklist.net</a></p>'; break; case 'virus-error': $headers['From'] = '"' . $project_name . '-upload error" ' . $from_address; $body = '<p>Hello, <br /><br /> The file ' . $options['file_name'] . ' (' . $options['file_title'] . ') ' . 'that you uploaded for this workitem caused an unknown error during scanning. <br /><br />' . 'Please upload a clean copy of the file.</p>'; $body .= '<p>Project: ' . $project_name . '<br />'; $body .= 'Creator: ' . $workitem->getCreator()->getNickname() . '<br />'; if ($workitem->getRunnerId()) { $body .= 'Designer: ' . $workitem->getRunner()->getNickname() . '<br />'; } $body .= '<p>Notes:<br/> ' . nl2br($workitem->getNotes()) . '<br /></p>'; $body .= '<p>You can view the job '; $body .= '<a href="' . WORKLIST_URL . $itemId . '">here</a>.<br /></p>'; $body .= '<p><a href="' . SERVER_URL . '">www.worklist.net</a></p>'; break; case 'change-designer': $headers['From'] = '"' . $project_name . '-designer reassigned" ' . $from_address; $body = "<p>Hi there,</p>"; $body .= "<p>I just wanted to let you know that the Job #" . $workitem->getId() . " (" . $workitem->getSummary() . ") has been reassigned to Designer " . $data['runner_nickname'] . ".</p>"; $body .= "<p>See you in the Worklist!</p>"; break; } if ($recipients) { foreach ($recipients as $recipient) { /** * If there is need to get a new list of users * just add a get[IDENTIFIER]Id function to * workitem.class.php that returns a single user id * or an array with user ids */ $method = 'get' . ucfirst($recipient) . 'Id'; $recipientUsers = $workitem->{$method}(); if (!is_array($recipientUsers)) { $recipientUsers = array($recipientUsers); } foreach ($recipientUsers as $recipientUser) { if ($recipientUser > 0) { //Does the recipient exists $rUser = new User(); $rUser->findUserById($recipientUser); $sendNotification = ($workitem->isInternal() ? $rUser->isInternal() : true) && ($options['type'] == 'comment' && $rUser->getId() == Session::uid() ? $rUser->getSelf_notif() : true); if ($sendNotification) { if ($username = $rUser->getUsername()) { array_push($emails, $username); } } } } } } $emails = array_unique($emails); if (count($emails) > 0) { foreach ($emails as $email) { // Small tweak for mails to followers on bid acceptance if ($options['type'] == 'bid_accepted' && strcmp($email, $workitem->getMechanic()->getUsername())) { $body = str_replace('Your', $workitem->getMechanic()->getNickname() . "'s", $body); } if (!Utils::send_email($email, $subject, $body, null, $headers)) { error_log("Notification:workitem: Utils::send_email failed " . json_encode(error_get_last())); } } } }
public function listForJob($job_id) { try { $files = File::fetchAllFilesForWorkitem($job_id); $user = User::find(Session::uid()); if (!$user->getId()) { throw new Exception('Not enough rights'); } $job = WorkItem::getById($job_id); $data = array(); foreach ($files as $file) { if (!File::isAllowed($file->getStatus(), $user) || !$file->getIs_scanned()) { continue; } $fileUrl = $file->getUrl(); $iconUrl = $file->getUrl(); $userInvolved = $user->getId() == $file->getUserid() || $user->getId() == $job->getCreatorId() || $user->getId() == $job->getMechanicId() || $user->getId() == $job->getRunnerId(); $icon = File::getIconFromMime($file->getMime()); $data[] = array('fileid' => $file->getId(), 'url' => $fileUrl, 'can_delete' => $user->isRunner() || $user->isPayer() || $userInvolved, 'title' => $file->getTitle(), 'description' => $file->getDescription()); } return $this->setOutput(array('success' => true, 'data' => $data)); } catch (Exception $e) { return $this->setOutput(array('success' => false, 'message' => $e->getMessage())); } }
public function run() { Utils::checkLogin(); $userId = Session::uid(); $user = new User(); if ($userId) { $user->findUserById($userId); } $this->write('user', $user); $userSystem = new UserSystemModel(); $this->write('userSystems', $userSystem->getUserSystemsWithPlaceholder($userId)); $msg = ""; $company = ""; $saveArgs = array(); $messages = array(); $errors = 0; $error = new Error(); $settings_link = SECURE_SERVER_URL . "settings"; $worklist_link = SECURE_SERVER_URL . "jobs"; $returned_json = array(); // process updates to user's settings if (isset($_POST['save']) && $_POST['save']) { $bidding_notif = $_POST['bidding_notif']; if ($bidding_notif != $user->getBidding_notif()) { $saveArgs['bidding_notif'] = 1; } $review_notif = $_POST['review_notif']; if ($review_notif != $user->getReview_notif()) { $saveArgs['review_notif'] = 1; } $self_notif = $_POST['self_notif']; if ($self_notif != $user->getSelf_notif()) { $saveArgs['self_notif'] = 1; } if (isset($_POST['timezone'])) { $timezone = mysql_real_escape_string(trim($_POST['timezone'])); $saveArgs['timezone'] = 0; } $country = trim($_POST['country']); if ($country != $user->getCountry()) { $messages[] = "Your country has been updated."; $saveArgs['country'] = 1; } if ($user->getTimezone() != $_POST['timezone']) { $messages[] = "Your timezone has been updated."; } $about = isset($_POST['about']) ? strip_tags(substr($_POST['about'], 0, 150)) : ""; if ($about != $user->getAbout()) { $saveArgs['about'] = 1; $messages[] = "Your personal information (about) has been updated."; } $userSystem->storeUsersSystemsSettings($userId, $_POST['system_id'], $_POST['system_operating_systems'], $_POST['system_hardware'], $_POST['system_delete']); $paypal = 0; $paypal_email = ''; // defaulting to paypal at this stage $payway = 'paypal'; $paypal = 1; $paypal_email = isset($_POST['paypal_email']) ? mysql_real_escape_string($_POST['paypal_email']) : ""; if ($paypal_email != $user->getPaypal_email()) { $saveArgs = array_merge($saveArgs, array('paypal' => 0, 'paypal_email' => 0, 'payway' => 1)); $messages[] = "Your payment information has been updated."; } if (!$user->getW9_accepted() && $user->getCountry() == 'US') { $w9_accepted = 'NOW()'; $saveArgs['w9_accepted'] = 0; } $paypalPrevious = $user->getPaypal_email(); // user deleted paypal email, deactivate if (empty($paypal_email)) { $user->setPaypal_verified(false); $user->setPaypal_email(''); $user->save(); // user changed paypal address } else { if ($paypalPrevious != $paypal_email) { $paypal_hash = md5(date('r', time())); // generate email $subject = "Your payment details have changed"; $link = SECURE_SERVER_URL . "confirmation?pp=" . $paypal_hash . "&ppstr=" . base64_encode($paypal_email); $body = '<p>Dear ' . $user->getNickname() . ',</p>'; $body .= '<p>Please confirm your payment email address to activate payments on your account and enable you to start placing bids in the <a href="' . $worklist_link . '">Worklist</a>.</p>'; $body .= '<p><a href="' . $link . '">Click here to confirm your payment address</a></p>'; $plain = 'Dear ' . $user->getNickname() . ',' . "\n\n"; $plain .= 'Please confirm your payment email address to activate payments on your accounts and enable you to start placing bids in the Worklist.' . "\n\n"; $plain .= $link . "\n\n"; $confirm_txt = "An email containing a confirmation link was sent to your payment email address. Please click on that link to verify your payment email address and activate your account."; if (!Utils::send_email($paypal_email, $subject, $body, $plain)) { error_log("SettingsController: Utils::send_email failed"); $confirm_txt = 'There was an issue sending email. Please try again or notify ' . SUPPORT_EMAIL; } $user->setPaypal_verified(false); $user->setPaypal_hash($paypal_hash); $user->setPaypal_email($paypal_email); $user->save(); } } // do we have data to update? if (!empty($saveArgs)) { $sql = "UPDATE `" . USERS . "` SET "; foreach ($saveArgs as $arg => $esc) { if ($esc) { ${$arg} = mysql_real_escape_string(htmlspecialchars(${$arg})); } if (is_int(${$arg}) || $arg == "w9_accepted" && ${$arg} == 'NOW()') { $sql .= "`{$arg}` = " . ${$arg} . ","; } else { $sql .= "`{$arg}` = '" . ${$arg} . "',"; } } $sql = rtrim($sql, ','); $sql .= " WHERE id = {$_SESSION['userid']}"; $res = mysql_query($sql); if (!$res) { error_log("Error in saving settings: " . mysql_error() . ':' . $sql); die("Error in saving settings. "); } // Email user if (!empty($messages)) { $to = $_SESSION['username']; $subject = "Settings"; $body = '<p>Congratulations!</p>' . '<p>You have successfully updated your settings with Worklist: <ul>'; foreach ($messages as $msg) { $body .= '<li>' . $msg . '</li>'; } $body .= '</ul>' . '<p><br/>You can view your settings <a href=' . $settings_link . '>here</a></p>' . '<p><a href=' . $worklist_link . '>www.worklist.net</a></p>'; if (!Utils::send_email($to, $subject, $body)) { error_log("SettingsController: Utils::send_email failed"); } $msg = "Account updated successfully!"; } if (isset($_POST['timezone'])) { $_SESSION['timezone'] = trim($_POST['timezone']); } if (isset($confirm_txt) && !empty($confirm_txt)) { echo $confirm_txt; exit; } $this->view = null; // reset session data $user->findUserById($userId); $id = $user->getId(); $username = $user->getUsername(); $nickname = $user->getNickname(); Utils::setUserSession($user->getId(), $user->getUsername(), $user->getNickname(), $user->getIs_admin()); $returned_json['user_systems'] = $userSystem->getUserSystemsJSON($userId); echo json_encode($returned_json); // exit on ajax post - if we experience issues with a blank settings page, need to look at the ajax submit functions die; } } // getting userInfo to prepopulate fields $userInfo = array(); $qry = "SELECT * FROM " . USERS . " WHERE id='" . $_SESSION['userid'] . "'"; $rs = mysql_query($qry); if ($rs) { $userInfo = mysql_fetch_array($rs); } $userInfo['avatar'] = $user->getAvatar(); $this->write('userInfo', $userInfo); parent::run(); }
public function run() { //send non-payers back to the reports page. if (empty($_SESSION['is_payer'])) { $this->view = null; Utils::redirect("./reports"); } $is_runner = !empty($_SESSION['is_runner']) ? 1 : 0; $is_payer = !empty($_SESSION['is_payer']) ? 1 : 0; $userId = Session::uid(); $payer_id = $userId; // set default fund to worklist $fund_id = 3; if (isset($_REQUEST['fund_id'])) { $fund_id = mysql_real_escape_string($_REQUEST['fund_id']); // clear POST if this was just a fund change if (!isset($_REQUEST['action'])) { unset($_POST); } } //open db connection $db = @mysql_connect(DB_SERVER, DB_USER, DB_PASSWORD) or die('I cannot connect to the database because: ' . mysql_error()); $db = @mysql_select_db(DB_NAME); // get a list of projects so we can display the project name in table $sql_get_fund_projects_array = "\n SELECT\n project_id, name\n FROM\n " . PROJECTS . "\n WHERE\n fund_id = " . $fund_id; // sql sub-query for limiting fees to specific fund $sql_get_fund_projects = "\n SELECT\n project_id\n FROM\n " . PROJECTS . "\n WHERE\n fund_id = " . $fund_id; if ($fund_id == 0) { $sql_get_fund_projects = '0'; } $fund_projects = array(); $fund_projects[0] = 'none'; $fund_projects_query = mysql_query($sql_get_fund_projects_array); while ($project = mysql_fetch_array($fund_projects_query)) { $fund_projects[$project['project_id']] = $project['name']; } $this->sql_get_fee_totals = "\n SELECT\n sum(f.amount) AS total_amount,\n u.id AS mechanic_id,\n u.nickname AS mechanic_nick,\n u.paypal_email AS mechanic_paypal_email,\n wl.summary AS worklist_item, f.bonus AS bonus, 'BONUS' AS bonus_desc\n FROM\n (" . FEES . " f LEFT JOIN " . USERS . " u ON f.user_id = u.id)\n LEFT JOIN " . WORKLIST . " wl ON f.worklist_id = wl.id\n WHERE\n wl.status = 'Done'\n AND f.paid = '0'\n AND f.withdrawn = '0'\n AND f.amount > 0\n AND u.paypal_verified = '1'\n AND u.has_W2 = 0\n AND wl.project_id IN (" . $sql_get_fund_projects . ")\n GROUP BY f.user_id\n "; $this->sql_get_bonus_totals = false; // only pull bonuses for if worklist fund chosen - temporary hardcoding // until we determine further solution if ($fund_id == 3) { $this->sql_get_bonus_totals = "\n SELECT\n sum(b.amount) AS total_amount,\n b.user_id AS mechanic_id,\n b.desc AS worklist_item,\n u.nickname AS mechanic_nick,\n u.paypal_email AS mechanic_paypal_email\n FROM\n " . FEES . " b\n LEFT JOIN " . USERS . " u on u.id = b.user_id\n WHERE\n b.paid = 0\n AND b.withdrawn = 0\n AND u.paypal_verified = '1' \n AND b.bonus = 1\n AND u.has_W2 = 0\n GROUP BY b.user_id\n "; } $action = isset($_POST["action"]) ? $_POST["action"] : ''; // Initialize empty arrays if no fees or bonuses were selected if (!isset($_POST['payfee'])) { $_POST['payfee'] = array(); } if (!isset($_POST['paybonus'])) { $_POST['paybonus'] = array(); } $pp_message = $httpParsedResponseAr = $alert_msg = $message = ""; //Check action - should be confirm, pay or not set switch ($action) { case 'confirm': //$fees_csv = implode(',', $_POST["payfee"]); //pull list of payees from db based on the time span $payee_totals = $this->getUserTotalsArray(); break; case 'pay': //collect confirmed payees and run paypal transaction //include_once("../paypal-password.php"); if ($this->checkAdmin($_POST['password']) == '1') { error_log("Made it Admin!"); if (empty($_POST['pp_api_username']) || empty($_POST['pp_api_password']) || empty($_POST['pp_api_signature'])) { $alert_msg = "You need to provide all credentials!"; break; } //Get fee information for paypal transaction $num_fees = count($_POST["payfee"]); $fee_id_csv = implode(',', $_POST["payfee"]); $fees_info_sql = 'SELECT f.id AS fee_id, f.amount AS amount, f.worklist_id AS worklist_id, u.id AS mechanic_id, u.nickname AS mechanic_nick, u.paypal_email AS mechanic_paypal_email, wl.summary AS worklist_item FROM (' . FEES . ' f LEFT JOIN ' . USERS . ' u ON f.user_id = u.id) LEFT JOIN ' . WORKLIST . ' wl ON f.worklist_id = wl.id WHERE f.id in (' . $fee_id_csv . ')'; $fees_info_results = mysql_query($fees_info_sql); $num_bonuses = count($_POST["paybonus"]); $bonus_id_csv = $num_bonuses ? implode(',', $_POST["paybonus"]) : 0; $bonus_info_sql = ' SELECT b.id AS fee_id, b.amount AS amount, "BONUS" AS worklist_id, b.user_id AS mechanic_id, u.nickname AS mechanic_nick, u.paypal_email AS mechanic_paypal_email, b.desc AS worklist_item FROM ' . FEES . ' b LEFT JOIN ' . USERS . ' u on u.id = b.user_id WHERE b.id in (' . $bonus_id_csv . ') and b.bonus = 1 '; $bonus_info_results = mysql_query($bonus_info_sql) or error_log("bonussql failed: " . mysql_error() . "\n{$bonus_info_sql}"); // Set request-specific fields. $emailSubject = urlencode('You\'ve got money!'); $receiverType = urlencode('EmailAddress'); // TODO Other currency ('GBP', 'EUR', 'JPY', 'CAD', 'AUD') ? $currency = urlencode('USD'); // Add request-specific fields to the request string. $nvpStr = "&EMAILSUBJECT={$emailSubject}&RECEIVERTYPE={$receiverType}&CURRENCYCODE={$currency}"; //build payment data array $message .= "<pre>"; $receiversArray = array(); $totalFees = 0; //log data if (mysql_num_rows($fees_info_results)) { $message .= "Fees:\n"; while ($fees_data = mysql_fetch_array($fees_info_results)) { $receiversArray[] = array('receiverEmail' => $fees_data["mechanic_paypal_email"], 'amount' => $fees_data["amount"], 'uniqueID' => $fees_data["fee_id"], 'note' => 'Worklist #' . $fees_data["worklist_id"] . ' - ' . $fees_data["worklist_item"]); $totalFees = $totalFees + $fees_data["amount"]; $message .= " " . $fees_data['mechanic_paypal_email'] . " - \$" . $fees_data['amount'] . "\n"; } } if (mysql_num_rows($bonus_info_results) > 0) { $message .= "Bonuses:\n"; while ($fees_data = mysql_fetch_array($bonus_info_results)) { $receiversArray[] = array('receiverEmail' => $fees_data["mechanic_paypal_email"], 'amount' => $fees_data["amount"], 'uniqueID' => $fees_data["fee_id"], 'note' => $fees_data["worklist_id"] . ' - ' . $fees_data["worklist_item"]); $totalFees = $totalFees + $fees_data["amount"]; $message .= " " . $fees_data['mechanic_paypal_email'] . " - \$" . $fees_data['amount'] . "\n"; } } $message .= "</pre>"; //build nvp string foreach ($receiversArray as $i => $receiverData) { $receiverEmail = urlencode($receiverData['receiverEmail']); $amount = urlencode($receiverData['amount']); $uniqueID = urlencode($receiverData['uniqueID']); $note = urlencode($receiverData['note']); $nvpStr .= "&L_EMAIL{$i}={$receiverEmail}&L_Amt{$i}={$amount}&L_UNIQUEID{$i}={$uniqueID}&L_NOTE{$i}={$note}"; } // Execute the API operation; see the PPHttpPost function $httpParsedResponseAr = $this->PPHttpPost($nvpStr, $_POST); #$httpParsedResponseAr = array("ACK" => "SUCCESS"); if ("SUCCESS" == strtoupper($httpParsedResponseAr["ACK"]) || "SUCCESSWITHWARNING" == strtoupper($httpParsedResponseAr["ACK"])) { error_log('masspay success!'); $pp_message = '<p>MassPay Completed Successfully! - $' . $totalFees . ' Paid.</p>'; if (isset($_GET["debug"])) { $pp_message .= '<p><pre>' . print_r($httpParsedResponseAr, true) . '</pre></p>'; } //$fee_sql_update = "UPDATE ".FEES." SET paid=1, paid_date='".date("Y-m-d H:i:s")."' WHERE id in (".$fees_csv.")"; //$update_fees_paid = mysql_query($fee_sql_update); $summaryData = Fee::markPaidByList(explode(',', $fee_id_csv), $user_paid = 0, $paid_notes = '', $paid = 1, $fund_id); if ($bonus_id_csv) { Bonus::markPaidByList(explode(',', $bonus_id_csv), $user_paid = 0, $paid = 1, false, $fund_id); } } else { $alert_msg = "MassPay Failure"; $pp_message = '<p>MassPay failed:</p><p><pre>' . print_r($httpParsedResponseAr, true) . '</pre></p>'; if (!Utils::send_email(FINANCE_EMAIL, 'Masspay Fail', $pp_message)) { error_log("view-payments:MassPayFailure: Utils::send_email failed"); } } } else { $error_msg = 'Invalid MassPay Authentication<br />'; $error_msg .= 'IP: ' . $_SERVER['REMOTE_ADDR'] . '<br />'; $error_msg .= 'UserID: ' . $userId; if (!Utils::send_email(FINANCE_EMAIL, "Masspay Invalid Auth Attempt", $error_msg)) { error_log("view-payments:MassPayAuth: Utils::send_email failed"); } $alert_msg = "Invalid Authentication"; } break; default: //pull list of payees from db based on the time span $payee_totals = $this->getUserTotalsArray(); break; } $this->write('fund_id', $fund_id); $this->write('message', $message); $this->write('pp_message', $pp_message); $this->write('alert_msg', $alert_msg); $this->write('payee_totals', $payee_totals); $this->write('fund_projects', $fund_projects); $this->write('sql_get_fund_projects', $sql_get_fund_projects); $this->write('input', array('action' => isset($_POST['action']) ? $_POST['action'] : '', 'order' => isset($_GET["order"]) ? 'order=' . $_GET["order"] : '')); parent::run(); }
public function sendLove($to) { $this->view = null; try { if (!Session::uid()) { throw new Exception('Must be logged in to Send Love!'); } $from = User::find(Session::uid()); $to = User::find($to); if (!$to->getId()) { throw new Exception('Not a valid user'); } $love_message = $_POST['love_message']; if (empty($love_message)) { throw new Exception('Message field is mandatory'); } if (!$from->sendLove($to, $love_message)) { throw new Exception('Could not send love'); } $from_nickname = $from->getNickname(); $message = $_POST['love_message']; Utils::sendTemplateEmail($to->getUsername(), 'love-received', array('from_nickname' => $from_nickname, 'message' => $message)); echo json_encode(array('success' => true, 'message' => 'Love sent')); } catch (Exception $e) { echo json_encode(array('success' => false, 'message' => $e->getMessage())); } }
define('USER_NAME', 'REMOTE_USER'); $tpl =& initFastTemplate(); $cache = new Cache(); $ses = new Session(true); $tpl->assign('MESSAGE', $ses->msg()); if ($ses->url()) { $target_url = $ses->url(); } else { $target_url = '/'; } if (isset($_POST['USERNAME']) || isset($_SERVER[USER_NAME])) { $ses->dispose('uid'); $usr = new User5(isset($_POST['USERNAME']) ? $_POST['USERNAME'] : $_SERVER[USER_NAME]); if ($usr->count > 0) { if (isset($_SERVER[USER_NAME]) || $_POST['PASS'] && strlen($_POST['PASS']) > 0 && $usr->checkPass($_POST['PASS'])) { $ses->uid($usr->samaccountname); $ses->login($usr->samaccountname); $ses->valueOf('cn', $usr->cn); $tar = array(); if ($usr->directreports) { $tar = $usr->fullName2account($usr->directreports); } else { $tar[] = $usr->samaccountname; } $ses->valueOf('filter.targetusers', $tar); } else { $ses->msg('В доступе отказано: неверное имя пользователя или пароль.'); $target_url = LOGIN_URL; } } else { $ses->msg('В доступе отказано: неверное имя пользователя или пароль.');
public function removeCodeReviewer($id) { $this->view = null; try { $data = array(); $project = Project::find($id); if (!$project->getProjectId()) { throw new Exception('Not a project in our system'); } $request_user = User::find(Session::uid()); if (!$project->isCodeReviewAdmin($request_user)) { throw new Exception('Not enough rights'); } $codeReviewers = array_slice(func_get_args(), 1); $deleted_codeReviewers = array(); foreach ($codeReviewers as $codeReviewer) { if ($project->deleteCodeReviewer($codeReviewer)) { $deleted_codeReviewers[] = $codeReviewer; $user = User::find($codeReviewer); $founder = User::find($project->getOwnerId()); $founderUrl = SECURE_SERVER_URL . 'user/' . $founder->getId(); $data = array('nickname' => $user->getNickname(), 'projectName' => $project->getName(), 'projectUrl' => Project::getProjectUrl($project->getProjectId()), 'projectFounder' => $founder->getNickname(), 'projectFounderUrl' => $founderUrl); if (!Utils::sendTemplateEmail($user->getUsername(), 'project-codereview-removed', $data)) { error_log("ProjectController::removeCodeReviewer: Utils::send_email to user failed"); } } } echo json_encode(array('success' => true, 'data' => array('deleted_codereviewers' => $deleted_codeReviewers))); } catch (Exception $e) { $error = $e->getMessage(); echo json_encode(array('success' => false, 'data' => $error)); } }
/** * @param $gitHubId * @return bool if user has authorized the app with github, false otherwise */ public function isGithub_connected($gitHubId = GITHUB_OAUTH2_CLIENT_ID) { $userId = Session::uid(); if ($userId == 0) { return false; } $sql = "SELECT COUNT(*) AS count FROM `" . USERS_AUTH_TOKENS . "`\n WHERE user_id = " . (int) $userId . " AND github_id = '" . mysql_real_escape_string($gitHubId) . "'"; $result = mysql_query($sql); if ($result && mysql_num_rows($result) > 0) { $row = mysql_fetch_assoc($result); return (int) $row['count'] > 0; } else { return false; } }
public static function searchStats($query = null, $conds = array(), $subConds = array()) { $userId = Session::uid(); if (count($subConds)) { $subQuery = ' `w`.`id` IN ( SELECT `sub_w`.`id` FROM `' . WORKLIST . '` `sub_w` LEFT JOIN `' . COMMENTS . '` AS `sub_com` ON `sub_w`.`id` = `sub_com`.`worklist_id` LEFT JOIN `' . FEES . '` AS `sub_f` ON `sub_w`.`id` = `sub_f`.`worklist_id` AND `sub_f`.`withdrawn` = 0 WHERE ' . implode(' AND ', $subConds) . ' )'; $conds[] = $subQuery; } $whereConds = count($conds) ? implode(' AND ', $conds) : '1'; $sql = "\n SELECT\n `proj`.`name` AS `project`,\n `status`,\n COUNT(*) AS `jobsCount`\n FROM `" . WORKLIST . "` AS `w`\n INNER JOIN `" . PROJECTS . "` AS `proj`\n ON `w`.`project_id` = `proj`.`project_id`\n AND `proj`.`internal` = 1\n AND `proj`.`active` = 1\n WHERE {$whereConds}\n GROUP BY `w`.`project_id`, `w`.`status`\n ORDER BY `w`.`project_id` DESC"; $results = array(); $resultQuery = mysql_query($sql) or error_log('getworklist mysql error: ' . mysql_error()); while ($resultQuery && ($row = mysql_fetch_assoc($resultQuery))) { array_push($results, $row); } return array("search_stats" => $results); }
public function __construct() { $this->user_id = Session::uid(); }
public function activeUsers() { $users = User::getUserList(Session::uid(), 1, 0, true); $ret = array(); $ret[] = array('id' => 0, 'nickname' => 'None', 'selected' => true); foreach ($users as $user) { $ret[] = array('id' => $user->getId(), 'nickname' => $user->getNickname(), 'selected' => false); } return $ret; }
public function listView($projectName = null, $filterName = null) { $this->view = new JobsView(); // $nick is setup above.. and then overwritten here -- lithium $nick = ''; $userId = Session::uid(); if ($userId > 0) { Utils::initUserById($userId); $user = new User(); $user->findUserById($userId); // @TODO: this is overwritten below.. -- lithium $nick = $user->getNickname(); $userbudget = $user->getBudget(); $budget = number_format($userbudget); $this->is_internal = $user->isInternal(); } $this->is_runner = !empty($_SESSION['is_runner']) ? 1 : 0; $is_payer = !empty($_SESSION['is_payer']) ? 1 : 0; $is_admin = !empty($_SESSION['is_admin']) ? 1 : 0; $workitem = new WorkItem(); $queryFilter = empty($_REQUEST['query']) ? '' : $_REQUEST['query']; $this->write('queryFilter', $queryFilter); $this->write('followingFilter', $filterName != null && $filterName == "following" ? true : false); if ($projectName != null && $projectName != "all") { $project = Project::find($projectName); $this->write('projectFilter', $project ? $project->getProjectId() : 0); } else { $this->write('projectFilter', 0); } if ($filterName != null && $filterName != "following") { $this->write('statusFilter', $filterName); } else { $this->write('statusFilter', empty($queryFilter) ? 'Active' : 'All'); } $this->write('labelsFilter', array_slice(func_get_args(), 2)); // Prevent reposts on refresh if (!empty($_POST)) { unset($_POST); $this->view = null; Utils::redirect('./jobs'); exit; } $worklist_id = isset($_REQUEST['job_id']) ? intval($_REQUEST['job_id']) : 0; $this->write('req_status', isset($_GET['status']) ? $_GET['status'] : ''); $this->write('review_only', isset($_GET['status']) && $_GET['status'] == 'needs-review' ? 'true' : 'false'); parent::run(); }