public function run() { Utils::checkLogin(); $msg = array(); if (!empty($_POST['oldpassword'])) { if (!empty($_POST['newpassword']) && $_POST['newpassword'] == $_POST['confirmpassword']) { $password = '******' . Utils::encryptPassword($_POST['newpassword']); $sql = "\n UPDATE " . USERS . "\n SET password = '******'\n WHERE id ='" . $_SESSION['userid'] . "'"; if (mysql_query($sql)) { $msg[] = array("text" => "Password updated successfully!"); $to = $_SESSION['username']; $subject = "Password Change"; $body = "<p>Congratulations!</p>"; $body .= "<p>You have successfully updated your password with " . SERVER_NAME . "."; $body .= "</p><p>Love,<br/>Philip and Ryan</p>"; if (!Utils::send_email($to, $subject, $body)) { error_log("PasswordController: Utils::send_email failed"); } } else { $msg[] = array("text" => "Failed to update your password"); } } else { $msg[] = array("text" => "New passwords don't match!"); } } $this->write('msg', $msg); parent::run(); }
public function setPaid($id, $paid) { try { $user = User::find(Session::uid()); // Check if we have a payer if (!$user->isPayer()) { throw new Exception('Nothing to see here. Move along!'); } // Get clean data $paid = $paid ? true : false; $notes = trim($_POST['notes']); if (!$notes) { throw new Exception('You must write a note!'); } $fund_id = Fee::getFundId($id); // Exit of this script if (!Fee::markPaidById($id, $user->getId(), $notes, $paid, false, $fund_id)) { throw new Exception('Payment Failed!'); } /* Only send the email when marking as paid. */ if ($paid) { $fee = Fee::getFee($fee_id); $workitem = new WorkItem($fee['worklist_id']); $summary = $workitem->getSummary(); $fee_user = User::find($fee['user_id']); $subject = "Worklist.net paid you " . $fee['amount'] . " for " . $summary; $body = "Your Fee was marked paid.<br/>" . "Job <a href='" . SERVER_URL . $fee['worklist_id'] . "'>#" . $fee['worklist_id'] . ': ' . $summary . '</a><br/>' . "Fee Description : " . nl2br($fee['desc']) . "<br/>" . "Paid Notes : " . nl2br($notes) . "<br/><br/>" . "Contact the job Designer with any questions<br/><br/>Worklist.net<br/>"; if (!Utils::send_email($fee_user->getUsername(), $subject, $body)) { error_log("FeeController::setPaid: Utils::send_email failed"); } } return $this->setOutput(array('success' => true, 'notes' => 'Payment has been saved!')); } catch (Exception $e) { return $this->setOutput(array('success' => false, 'notes' => $e->getMessage())); } }
public function run() { extract($_REQUEST); if (!empty($_POST['username'])) { $res = mysql_query("select id, confirm, confirm_string from " . USERS . " where username ='******'username']) . "'"); if (mysql_num_rows($res) > 0) { $row = mysql_fetch_array($res); $to = $_POST['username']; // Email user $subject = "Worklist Registration Confirmation"; $body = "<p>You are only one click away from completing your registration with Worklist!</p><p>Click the link below or copy into your browser's window to verify your email address and activate your account. <br/>"; $body .= " " . SECURE_SERVER_URL . "confirmation?cs=" . $row['confirm_string'] . "&str=" . base64_encode($_POST['username']) . "</p>"; $body .= "<p>Looking forward to seeing you in the Workroom! :)</p>"; if (!Utils::send_email($to, $subject, $body)) { error_log("ResendController: Utils::send_email failed"); } $msg = "An email containing a link to confirm your email address is being sent to " . $to; } else { $msg = "Sorry, your email address doesn't match"; } } $this->write('msg', $msg); parent::run(); }
private function sendBudgetcloseOutEmail($options) { $subject = "Closed - Budget "; if ($options["seed"] == 1) { $subject = "Closed - Seed Budget "; } $subject .= $options["budget_id"] . " (For " . $options["reason"] . ")"; $link = SECURE_SERVER_URL . "team?showUser="******"receiver_id"] . "&tab=tabBudgetHistory"; $body = '<p>Hello ' . $options["receiver_nickname"] . '</p>'; $body .= '<p>Your budget has been closed out:</p>'; $body .= "<p>Budget " . $options["budget_id"] . " for " . $options["reason"] . "</p>"; $body .= "<p>Requested Amount : \$" . $options["original_amount"] . "</p>"; $body .= "<p>Allocated Amount : \$" . $options["amount"] . "</p>"; if ($options["remainingFunds"] > 0) { $body .= "<p>Congrats! You had a budget surplus of \$" . $options["remainingFunds"] . "</p>"; } else { if ($options["remainingFunds"] == 0) { $body .= "<p>Good job! Your budget was right on target!</p>"; } else { $body .= "<p>Your budget balance was over by \$" . $options["remainingFunds"] . "</p>"; } } $body .= '<p>Click <a href="' . $link . '">here</a> to see this budget.</p>'; $body .= '<p>- Worklist.net</p>'; $plain = 'Hello ' . $options["receiver_nickname"] . '\\n\\n'; $plain .= 'Your budget has been closed out:\\n\\n'; $plain .= "Budget " . $options["budget_id"] . " for " . $options["reason"] . "\n\n"; $plain .= "Requested Amount : \$" . $options["original_amount"] . "\n\n"; $plain .= "Allocated Amount : \$" . $options["amount"] . "\n\n"; if ($options["remainingFunds"] > 0) { $plain .= "Congrats! You had a budget surplus of \$" . $options["remainingFunds"] . "\n\n"; } else { if ($options["remainingFunds"] == 0) { $plain .= "Good job! Your budget was right on target!\n\n"; } else { $plain .= "Your budget balance was over by \$" . $options["remainingFunds"] . "\n\n"; } } $plain .= 'Click ' . $link . ' to see this budget.\\n\\n'; $plain .= '- Worklist.net\\n\\n'; if (!Utils::send_email($options["receiver_email"], $subject, $body, $plain)) { error_log("BudgetInfo: Utils::send_email failed on closed out budget"); } if ($options["remainingFunds"] < 0 || $options["seed"] == 1) { if (!Utils::send_email($options["giver_email"], $subject, $body, $plain)) { error_log("BudgetInfo: Utils::send_email failed on closed out budget"); } } }
/** * Sends a notification email that a project was checked out for a user * */ private function notifyCheckout($username, $unixusername, $project, $job_number) { $subject = "Project Checkout"; $sandbox = "https://" . SANDBOX_SERVER . "/~" . $unixusername . "/" . $project . "_" . $job_number; $body = file_get_contents(PROJECT_CHECKOUT_EMAIL_TEMPATE); // Make sure we have proper line breaks in HTML $body = nl2br($body); $body = str_replace("{PROJECT}", $project, $body); $body = str_replace("{SANDBOX}", $sandbox, $body); if (!Utils::send_email($username, $subject, $body)) { error_log("SandBoxUtil.class.php: Utils::send_email failed"); } }
function pingTask() { Utils::checkLogin(); // Get sender Nickname $id = Session::uid(); $user = User::find($id); $nickname = $user->getNickname(); $email = $user->getUsername(); $msg = $_REQUEST['msg']; $send_cc = isset($_REQUEST['cc']) ? (int) $_REQUEST['cc'] : false; // Get Receiver Info $receiver = User::find(intval($_REQUEST['userid'])); $receiver_nick = $receiver->getNickname(); $receiver_email = $receiver->getUsername(); $mail_subject = $nickname . " sent you a message on Worklist"; $mail_msg = "<p><a href='" . WORKLIST_URL . 'user/' . $id . "'>" . $nickname . "</a>"; $mail_msg .= " sent you a message: "; $mail_msg .= "</p><p>----------<br/>" . nl2br($msg) . "<br />----------</p><p>You can reply via email to " . $email . "</p>"; $headers = array('X-tag' => 'ping', 'From' => NOREPLY_SENDER, 'Reply-To' => '"' . $nickname . '" <' . $email . '>'); if ($send_cc) { $headers['Cc'] = '"' . $nickname . '" <' . $email . '>'; } if (!Utils::send_email($receiver_email, $mail_subject, $mail_msg, '', $headers)) { error_log("pingtask.php:!id: Utils::send_email failed"); } echo json_encode(array()); }
/** * Post-AuthView process: create new accounts for new users */ public function signup() { global $countrylist; $this->view = null; $success = false; $msg = ''; try { $access_token = isset($_POST["access_token"]) ? trim($_POST["access_token"]) : ""; $country = isset($_POST["country"]) ? trim($_POST["country"]) : ""; $username = isset($_POST["username"]) ? trim($_POST["username"]) : ""; $password = isset($_POST["password"]) ? $_POST["password"] : ""; $pass2 = isset($_POST["password2"]) ? $_POST["password2"] : ""; $usernameTestUser = new User(); $tokenTestUser = new User(); $usernameTestUser->findUserByUsername($username); $tokenTestUser->findUserByAuthToken($access_token); if (empty($access_token)) { throw new Exception("Access token not provided."); } else { if (empty($country) || !array_key_exists($country, $countrylist)) { throw new Exception("Invalid country." . $country); } else { if (empty($username) || !filter_var($username, FILTER_VALIDATE_EMAIL)) { throw new Exception("Invalid username."); } else { if (empty($password) || $password != $pass2) { throw new Exception("Invalid passwords."); } else { if ($usernameTestUser->getId()) { throw new Exception("Username already taken."); } else { if ($tokenTestUser->getId()) { throw new Exception("Access token already in use."); } } } } } } $this->access_token = $access_token; $gh_user = $this->apiRequest(GITHUB_API_URL . 'user'); if (!$gh_user) { throw new Exception("Unable to read user credentials from github."); } $nicknameTestUser = new User(); $nickname = $gh_user->login; if ($nicknameTestUser->findUserByNickname($nickname)) { $nickname = preg_replace('/[^a-zA-Z0-9]/', '', $gh_user->name); } while ($nicknameTestUser->findUserByNickname($nickname)) { $rand = mt_rand(1, 99999); $nickname = $gh_user->login . $rand; if ($nicknameTestUser->findUserByNickname($nickname)) { $nickname = preg_replace('/[^a-zA-Z0-9]/', '', $gh_user->name) . $rand; } } $user = User::signup($username, $nickname, $password, $access_token, $country); $success = true; $this->sync($user, $gh_user); // Email user $subject = "Registration"; $link = SECURE_SERVER_URL . "confirmation?cs=" . $user->getConfirm_string() . "&str=" . base64_encode($user->getUsername()); $body = '<p>' . $user->getNickname() . ': </p>' . '<p>You are one click away from an account on Worklist:</p>' . '<p><a href="' . $link . '">Click to verify your email address</a> and activate your account.</p>' . '<p>Welcome aboard, <br /> Worklist / High Fidelity</p>'; $plain = $user->getNickname() . "\n\n" . "You are one click away from an account on Worklist: \n\n" . 'Click/copy following URL to verify your email address activate your account:' . $link . "\n\n" . "Welcome aboard, \n Worklist / High Fidelity\n"; $msg = "An email containing a confirmation link was sent to your email address. " . "Please click on that link to verify your email address and activate your account."; if (!Utils::send_email($user->getUsername(), $subject, $body, $plain)) { error_log("SignupController: Utils::send_email failed"); $msg = 'There was an issue sending email. Please try again or notify admin@lovemachineinc.com'; } } catch (Exception $e) { $msg = $e->getMessage(); } echo json_encode(array('success' => $success, 'msg' => $msg)); }
public function sendHipchat_notification($message, $message_format = 'html', $notify = 0) { $success = true; $room_id = 0; $token = $this->getHipchatNotificationToken(); $url = HIPCHAT_API_AUTH_URL . $token; $response = CURLHandler::Get($url, array()); $response = json_decode($response); if (count($response->rooms)) { foreach ($response->rooms as $key => $room) { if ($room->name == trim($this->getHipchatRoom())) { $room_id = $room->room_id; break; } } if ($room_id > 0) { $url = HIPCHAT_API_MESSAGE_URL . $token; $fields = array('room_id' => $room_id, 'from' => 'Worklist.net', 'message' => $message, 'message_format' => $message_format, 'notify' => $notify, 'color' => $this->getHipchatColor()); $result = CURLHandler::Post($url, $fields); $result = json_decode($result); if ($result->status != 'sent') { $success = false; $body = "Failed to send message: " . $message; } } else { $success = false; $body = "Failed to find room " . $this->getHipchatRoom() . "."; } } else { $success = false; $body = "Failed to authenticate to hipchat."; } if ($success == false) { $email = $this->getContactInfo(); $subject = "HipChat Notification Failed"; if (!Utils::send_email($email, $subject, $body, $body, array('Cc' => OPS_EMAIL))) { error_log("project-class.php: sendHipchat_notification : Utils::send_email failed"); } } }
public static function sendReviewNotification($reviewee_id, $type, $oReview) { $review = $oReview[0]['feeRange'] . " " . $oReview[0]['review']; $reviewee = new User(); $reviewee->findUserById($reviewee_id); $worklist_link = WORKLIST_URL; $to = $reviewee->getNickname() . ' <' . $reviewee->getUsername() . '>'; $body = "<p>" . $review . "</p>"; $nickname = $reviewee->getNickname(); $headers = array(); if ($type == "new") { $userinfo_link = WORKLIST_URL . 'user/?id=' . $reviewee->getId(); $headers['From'] = 'worklist<*****@*****.**>'; $subject = 'New Peer Review'; $journal = '@' . $nickname . " received a new review: " . $review; $body = '<p>Hello ' . $nickname . ',</p><br />'; $body .= '<p>You have received a review from one of your peers in the Worklist.</p><br />'; $body .= '<p>To see your current user reviews, click <a href="' . $userinfo_link . '">here</a>.</p>'; $body .= '<p><a href="' . $userinfo_link . '">' . $userinfo_link . '</a></p><br />'; $body .= '<p><a href="' . WORKLIST_URL . '"jobs>worklist' . '</a></p>'; } else { if ($type == "update") { $subject = "A review of you has been updated"; $journal = "A review of @" . $nickname . " has been updated: " . $review; } else { $subject = "One of your reviews has been deleted"; $journal = "One review of @" . $nickname . " has been deleted: " . $review; } } if (!Utils::send_email($to, $subject, $body, null, $headers)) { error_log("Utils::sendReviewNotification: Utils::send_email failed"); } Utils::systemNotification($journal); }
public function scanFile($id) { set_time_limit(15 * 60); //scan_files = array(); $sql_get_files = 'SELECT `id`, `userid`,(SELECT `username` FROM `' . USERS . '` where `id`=files.userid) AS `useremail`, files.workitem AS `worklist_id`, `url`, `title`, `description` FROM `' . FILES . '` WHERE id=' . $id; $result = mysql_query($sql_get_files); $row = mysql_fetch_assoc($result); // Get the file name. $file_name = pathinfo(parse_url($row['url'], PHP_URL_PATH), PATHINFO_BASENAME); // Get the full path and prepare it for the command line. $real_path = UPLOAD_PATH . '/' . $file_name; $safe_path = escapeshellarg($real_path); // Reset the values. $return = -1; $out = ''; $cmd = VIRUS_SCAN_CMD . ' ' . $safe_path; $fct_return = false; if (!empty($safe_path) && file_exists($real_path) && filesize($real_path) > 0) { // Execute the command. exec($cmd, $out, $return); if ($return == 0) { //if clean update db $sql = 'UPDATE `' . FILES . '` SET is_scanned = 1, scan_result = 0 WHERE `id` = ' . $id; $notify = ''; $fct_return = true; } else { $workitem = new WorkItem(); $workitem->loadById($row['worklist_id']); if ($return == 1) { // If the file contains a virus send email to the user and update db. $notify = 'virus-found'; $sql = 'UPDATE `' . FILES . '` SET is_scanned = 1, scan_result = 1 WHERE `id` = ' . $id; } else { // <unknown error $notify = 'virus-error'; $sql = 'UPDATE `' . FILES . '` SET is_scanned = 1, scan_result = 2 WHERE `id` = ' . $id; } } if (mysql_query($sql)) { // send mail if there's a problem if (!empty($notify)) { Notification::workitemNotify(array('type' => $notify, 'workitem' => $workitem, 'emails' => array($row['useremail']), 'file_name' => $file_name, 'file_title' => $row['title'])); if (!Utils::send_email($row['title'], $subject, $message)) { //Don't fail silently if we can't send the message also error_log("cron ScanAssets: Utils::send_email failed, msg: " . $message); } } } else { error_log('error SQL'); } } return $fct_return; }
public function updateBudget($amount, $budget_id = 0, $budgetDepletedMessage = true) { $budgetDepletedSent = false; if ($budget_id > 0) { $budget = new Budget(); if ($budget->loadById($budget_id)) { $remainingFunds = $budget->getRemainingFunds(); $budget->remaining = $remainingFunds; $budget->save("id"); if ($remainingFunds <= 0 && $budgetDepletedMessage == true) { $runnerNickname = $this->getNickname(); $subject = "Depleted - Budget " . $budget_id . " (For " . $budget->reason . ")"; $link = SECURE_SERVER_URL . "team?showUser="******"&tab=tabBudgetHistory"; $body = '<p>Hi ' . $runnerNickname . '</p>'; $body .= "<p>Budget " . $budget_id . " for " . $budget->reason . "<br/> is now depleted.</p>"; $body .= '<p>If your budget has gone under 0.00, you will need to ask the user who ' . 'granted you the Budget to close out this budget for you.</p>'; $body .= '<p>To go to the Team Page, click <a href="' . $link . '">here</a></p>'; $body .= '<p>- Worklist.net</p>'; $plain = 'Hi ' . $runnerNickname . '\\n\\n'; $plain .= "Budget " . $budget_id . " for " . $budget->reason . "\n is now depleted.\n\n"; $plain .= 'If your budget has gone under 0.00, you will need to ask the user who ' . 'granted you the Budget to close out this budget for you.\\n\\n'; $plain .= 'To go to the Team Page, click ' . $link . "\n\n"; $plain .= '- Worklist.net\\n\\n'; if (!Utils::send_email($this->getUsername(), $subject, $body, $plain)) { error_log("User.class.php: Utils::send_email failed on depleted Runner warning"); } $budgetDepletedSent = true; } } else { error_log("User.class.php: Utils::send_email failed on depleted budget Runner warning - invalid budget id:" . $budget_id); } } $this->setBudget($this->setRemainingFunds()); $this->save(); }
public static function sendW9Request($user, $documentUrl) { $subject = "W-9 Form from " . $user->getNickname(); $body = "\n <p>Hi there,</p>\n <p>" . $user->getNickname() . " just uploaded his/her W-9 Form.</p>\n <p>\n When it's tax time, you'll need to know that " . $user->getNickname() . "\n is " . $user->getFirst_name() . " " . $user->getLast_name() . "\n </p>\n <p>You can download and approve it from this URL:</p>\n <p><a href='" . $documentUrl . "'>Click here</a></p>"; if (!Utils::send_email(FINANCE_EMAIL, $subject, $body)) { error_log("Notification:sendW9Request: Utils::send_email to admin failed"); } // send approval email to user $subject = 'Worklist.net: W9 Received'; $body = "\n <p>Hello you!</p>\n <p>\n Thanks for uploading your W9 to our system. One of our staff will verify the receipt\n and then activate your account for bidding within the next 24 hours.\n </p>\n <p>\n Until then, you are welcome to browse the jobs list, take a look at the open source\n code via the links at the bottom of any worklist page and ask questions in our Chat.\n </p>\n <p>See you in the Worklist!</p>\n <br /><br />\n - the Worklist.net team"; if (!Utils::send_email($user->getUsername(), $subject, $body)) { error_log("Notification:sendW9Request: Utils::send_email to user failed"); } }
public function run() { Utils::checkLogin(); $userId = Session::uid(); $user = new User(); if ($userId) { $user->findUserById($userId); } $this->write('user', $user); $userSystem = new UserSystemModel(); $this->write('userSystems', $userSystem->getUserSystemsWithPlaceholder($userId)); $msg = ""; $company = ""; $saveArgs = array(); $messages = array(); $errors = 0; $error = new Error(); $settings_link = SECURE_SERVER_URL . "settings"; $worklist_link = SECURE_SERVER_URL . "jobs"; $returned_json = array(); // process updates to user's settings if (isset($_POST['save']) && $_POST['save']) { $bidding_notif = $_POST['bidding_notif']; if ($bidding_notif != $user->getBidding_notif()) { $saveArgs['bidding_notif'] = 1; } $review_notif = $_POST['review_notif']; if ($review_notif != $user->getReview_notif()) { $saveArgs['review_notif'] = 1; } $self_notif = $_POST['self_notif']; if ($self_notif != $user->getSelf_notif()) { $saveArgs['self_notif'] = 1; } if (isset($_POST['timezone'])) { $timezone = mysql_real_escape_string(trim($_POST['timezone'])); $saveArgs['timezone'] = 0; } $country = trim($_POST['country']); if ($country != $user->getCountry()) { $messages[] = "Your country has been updated."; $saveArgs['country'] = 1; } if ($user->getTimezone() != $_POST['timezone']) { $messages[] = "Your timezone has been updated."; } $about = isset($_POST['about']) ? strip_tags(substr($_POST['about'], 0, 150)) : ""; if ($about != $user->getAbout()) { $saveArgs['about'] = 1; $messages[] = "Your personal information (about) has been updated."; } $userSystem->storeUsersSystemsSettings($userId, $_POST['system_id'], $_POST['system_operating_systems'], $_POST['system_hardware'], $_POST['system_delete']); $paypal = 0; $paypal_email = ''; // defaulting to paypal at this stage $payway = 'paypal'; $paypal = 1; $paypal_email = isset($_POST['paypal_email']) ? mysql_real_escape_string($_POST['paypal_email']) : ""; if ($paypal_email != $user->getPaypal_email()) { $saveArgs = array_merge($saveArgs, array('paypal' => 0, 'paypal_email' => 0, 'payway' => 1)); $messages[] = "Your payment information has been updated."; } if (!$user->getW9_accepted() && $user->getCountry() == 'US') { $w9_accepted = 'NOW()'; $saveArgs['w9_accepted'] = 0; } $paypalPrevious = $user->getPaypal_email(); // user deleted paypal email, deactivate if (empty($paypal_email)) { $user->setPaypal_verified(false); $user->setPaypal_email(''); $user->save(); // user changed paypal address } else { if ($paypalPrevious != $paypal_email) { $paypal_hash = md5(date('r', time())); // generate email $subject = "Your payment details have changed"; $link = SECURE_SERVER_URL . "confirmation?pp=" . $paypal_hash . "&ppstr=" . base64_encode($paypal_email); $body = '<p>Dear ' . $user->getNickname() . ',</p>'; $body .= '<p>Please confirm your payment email address to activate payments on your account and enable you to start placing bids in the <a href="' . $worklist_link . '">Worklist</a>.</p>'; $body .= '<p><a href="' . $link . '">Click here to confirm your payment address</a></p>'; $plain = 'Dear ' . $user->getNickname() . ',' . "\n\n"; $plain .= 'Please confirm your payment email address to activate payments on your accounts and enable you to start placing bids in the Worklist.' . "\n\n"; $plain .= $link . "\n\n"; $confirm_txt = "An email containing a confirmation link was sent to your payment email address. Please click on that link to verify your payment email address and activate your account."; if (!Utils::send_email($paypal_email, $subject, $body, $plain)) { error_log("SettingsController: Utils::send_email failed"); $confirm_txt = 'There was an issue sending email. Please try again or notify ' . SUPPORT_EMAIL; } $user->setPaypal_verified(false); $user->setPaypal_hash($paypal_hash); $user->setPaypal_email($paypal_email); $user->save(); } } // do we have data to update? if (!empty($saveArgs)) { $sql = "UPDATE `" . USERS . "` SET "; foreach ($saveArgs as $arg => $esc) { if ($esc) { ${$arg} = mysql_real_escape_string(htmlspecialchars(${$arg})); } if (is_int(${$arg}) || $arg == "w9_accepted" && ${$arg} == 'NOW()') { $sql .= "`{$arg}` = " . ${$arg} . ","; } else { $sql .= "`{$arg}` = '" . ${$arg} . "',"; } } $sql = rtrim($sql, ','); $sql .= " WHERE id = {$_SESSION['userid']}"; $res = mysql_query($sql); if (!$res) { error_log("Error in saving settings: " . mysql_error() . ':' . $sql); die("Error in saving settings. "); } // Email user if (!empty($messages)) { $to = $_SESSION['username']; $subject = "Settings"; $body = '<p>Congratulations!</p>' . '<p>You have successfully updated your settings with Worklist: <ul>'; foreach ($messages as $msg) { $body .= '<li>' . $msg . '</li>'; } $body .= '</ul>' . '<p><br/>You can view your settings <a href=' . $settings_link . '>here</a></p>' . '<p><a href=' . $worklist_link . '>www.worklist.net</a></p>'; if (!Utils::send_email($to, $subject, $body)) { error_log("SettingsController: Utils::send_email failed"); } $msg = "Account updated successfully!"; } if (isset($_POST['timezone'])) { $_SESSION['timezone'] = trim($_POST['timezone']); } if (isset($confirm_txt) && !empty($confirm_txt)) { echo $confirm_txt; exit; } $this->view = null; // reset session data $user->findUserById($userId); $id = $user->getId(); $username = $user->getUsername(); $nickname = $user->getNickname(); Utils::setUserSession($user->getId(), $user->getUsername(), $user->getNickname(), $user->getIs_admin()); $returned_json['user_systems'] = $userSystem->getUserSystemsJSON($userId); echo json_encode($returned_json); // exit on ajax post - if we experience issues with a blank settings page, need to look at the ajax submit functions die; } } // getting userInfo to prepopulate fields $userInfo = array(); $qry = "SELECT * FROM " . USERS . " WHERE id='" . $_SESSION['userid'] . "'"; $rs = mysql_query($qry); if ($rs) { $userInfo = mysql_fetch_array($rs); } $userInfo['avatar'] = $user->getAvatar(); $this->write('userInfo', $userInfo); parent::run(); }
public function run() { //send non-payers back to the reports page. if (empty($_SESSION['is_payer'])) { $this->view = null; Utils::redirect("./reports"); } $is_runner = !empty($_SESSION['is_runner']) ? 1 : 0; $is_payer = !empty($_SESSION['is_payer']) ? 1 : 0; $userId = Session::uid(); $payer_id = $userId; // set default fund to worklist $fund_id = 3; if (isset($_REQUEST['fund_id'])) { $fund_id = mysql_real_escape_string($_REQUEST['fund_id']); // clear POST if this was just a fund change if (!isset($_REQUEST['action'])) { unset($_POST); } } //open db connection $db = @mysql_connect(DB_SERVER, DB_USER, DB_PASSWORD) or die('I cannot connect to the database because: ' . mysql_error()); $db = @mysql_select_db(DB_NAME); // get a list of projects so we can display the project name in table $sql_get_fund_projects_array = "\n SELECT\n project_id, name\n FROM\n " . PROJECTS . "\n WHERE\n fund_id = " . $fund_id; // sql sub-query for limiting fees to specific fund $sql_get_fund_projects = "\n SELECT\n project_id\n FROM\n " . PROJECTS . "\n WHERE\n fund_id = " . $fund_id; if ($fund_id == 0) { $sql_get_fund_projects = '0'; } $fund_projects = array(); $fund_projects[0] = 'none'; $fund_projects_query = mysql_query($sql_get_fund_projects_array); while ($project = mysql_fetch_array($fund_projects_query)) { $fund_projects[$project['project_id']] = $project['name']; } $this->sql_get_fee_totals = "\n SELECT\n sum(f.amount) AS total_amount,\n u.id AS mechanic_id,\n u.nickname AS mechanic_nick,\n u.paypal_email AS mechanic_paypal_email,\n wl.summary AS worklist_item, f.bonus AS bonus, 'BONUS' AS bonus_desc\n FROM\n (" . FEES . " f LEFT JOIN " . USERS . " u ON f.user_id = u.id)\n LEFT JOIN " . WORKLIST . " wl ON f.worklist_id = wl.id\n WHERE\n wl.status = 'Done'\n AND f.paid = '0'\n AND f.withdrawn = '0'\n AND f.amount > 0\n AND u.paypal_verified = '1'\n AND u.has_W2 = 0\n AND wl.project_id IN (" . $sql_get_fund_projects . ")\n GROUP BY f.user_id\n "; $this->sql_get_bonus_totals = false; // only pull bonuses for if worklist fund chosen - temporary hardcoding // until we determine further solution if ($fund_id == 3) { $this->sql_get_bonus_totals = "\n SELECT\n sum(b.amount) AS total_amount,\n b.user_id AS mechanic_id,\n b.desc AS worklist_item,\n u.nickname AS mechanic_nick,\n u.paypal_email AS mechanic_paypal_email\n FROM\n " . FEES . " b\n LEFT JOIN " . USERS . " u on u.id = b.user_id\n WHERE\n b.paid = 0\n AND b.withdrawn = 0\n AND u.paypal_verified = '1' \n AND b.bonus = 1\n AND u.has_W2 = 0\n GROUP BY b.user_id\n "; } $action = isset($_POST["action"]) ? $_POST["action"] : ''; // Initialize empty arrays if no fees or bonuses were selected if (!isset($_POST['payfee'])) { $_POST['payfee'] = array(); } if (!isset($_POST['paybonus'])) { $_POST['paybonus'] = array(); } $pp_message = $httpParsedResponseAr = $alert_msg = $message = ""; //Check action - should be confirm, pay or not set switch ($action) { case 'confirm': //$fees_csv = implode(',', $_POST["payfee"]); //pull list of payees from db based on the time span $payee_totals = $this->getUserTotalsArray(); break; case 'pay': //collect confirmed payees and run paypal transaction //include_once("../paypal-password.php"); if ($this->checkAdmin($_POST['password']) == '1') { error_log("Made it Admin!"); if (empty($_POST['pp_api_username']) || empty($_POST['pp_api_password']) || empty($_POST['pp_api_signature'])) { $alert_msg = "You need to provide all credentials!"; break; } //Get fee information for paypal transaction $num_fees = count($_POST["payfee"]); $fee_id_csv = implode(',', $_POST["payfee"]); $fees_info_sql = 'SELECT f.id AS fee_id, f.amount AS amount, f.worklist_id AS worklist_id, u.id AS mechanic_id, u.nickname AS mechanic_nick, u.paypal_email AS mechanic_paypal_email, wl.summary AS worklist_item FROM (' . FEES . ' f LEFT JOIN ' . USERS . ' u ON f.user_id = u.id) LEFT JOIN ' . WORKLIST . ' wl ON f.worklist_id = wl.id WHERE f.id in (' . $fee_id_csv . ')'; $fees_info_results = mysql_query($fees_info_sql); $num_bonuses = count($_POST["paybonus"]); $bonus_id_csv = $num_bonuses ? implode(',', $_POST["paybonus"]) : 0; $bonus_info_sql = ' SELECT b.id AS fee_id, b.amount AS amount, "BONUS" AS worklist_id, b.user_id AS mechanic_id, u.nickname AS mechanic_nick, u.paypal_email AS mechanic_paypal_email, b.desc AS worklist_item FROM ' . FEES . ' b LEFT JOIN ' . USERS . ' u on u.id = b.user_id WHERE b.id in (' . $bonus_id_csv . ') and b.bonus = 1 '; $bonus_info_results = mysql_query($bonus_info_sql) or error_log("bonussql failed: " . mysql_error() . "\n{$bonus_info_sql}"); // Set request-specific fields. $emailSubject = urlencode('You\'ve got money!'); $receiverType = urlencode('EmailAddress'); // TODO Other currency ('GBP', 'EUR', 'JPY', 'CAD', 'AUD') ? $currency = urlencode('USD'); // Add request-specific fields to the request string. $nvpStr = "&EMAILSUBJECT={$emailSubject}&RECEIVERTYPE={$receiverType}&CURRENCYCODE={$currency}"; //build payment data array $message .= "<pre>"; $receiversArray = array(); $totalFees = 0; //log data if (mysql_num_rows($fees_info_results)) { $message .= "Fees:\n"; while ($fees_data = mysql_fetch_array($fees_info_results)) { $receiversArray[] = array('receiverEmail' => $fees_data["mechanic_paypal_email"], 'amount' => $fees_data["amount"], 'uniqueID' => $fees_data["fee_id"], 'note' => 'Worklist #' . $fees_data["worklist_id"] . ' - ' . $fees_data["worklist_item"]); $totalFees = $totalFees + $fees_data["amount"]; $message .= " " . $fees_data['mechanic_paypal_email'] . " - \$" . $fees_data['amount'] . "\n"; } } if (mysql_num_rows($bonus_info_results) > 0) { $message .= "Bonuses:\n"; while ($fees_data = mysql_fetch_array($bonus_info_results)) { $receiversArray[] = array('receiverEmail' => $fees_data["mechanic_paypal_email"], 'amount' => $fees_data["amount"], 'uniqueID' => $fees_data["fee_id"], 'note' => $fees_data["worklist_id"] . ' - ' . $fees_data["worklist_item"]); $totalFees = $totalFees + $fees_data["amount"]; $message .= " " . $fees_data['mechanic_paypal_email'] . " - \$" . $fees_data['amount'] . "\n"; } } $message .= "</pre>"; //build nvp string foreach ($receiversArray as $i => $receiverData) { $receiverEmail = urlencode($receiverData['receiverEmail']); $amount = urlencode($receiverData['amount']); $uniqueID = urlencode($receiverData['uniqueID']); $note = urlencode($receiverData['note']); $nvpStr .= "&L_EMAIL{$i}={$receiverEmail}&L_Amt{$i}={$amount}&L_UNIQUEID{$i}={$uniqueID}&L_NOTE{$i}={$note}"; } // Execute the API operation; see the PPHttpPost function $httpParsedResponseAr = $this->PPHttpPost($nvpStr, $_POST); #$httpParsedResponseAr = array("ACK" => "SUCCESS"); if ("SUCCESS" == strtoupper($httpParsedResponseAr["ACK"]) || "SUCCESSWITHWARNING" == strtoupper($httpParsedResponseAr["ACK"])) { error_log('masspay success!'); $pp_message = '<p>MassPay Completed Successfully! - $' . $totalFees . ' Paid.</p>'; if (isset($_GET["debug"])) { $pp_message .= '<p><pre>' . print_r($httpParsedResponseAr, true) . '</pre></p>'; } //$fee_sql_update = "UPDATE ".FEES." SET paid=1, paid_date='".date("Y-m-d H:i:s")."' WHERE id in (".$fees_csv.")"; //$update_fees_paid = mysql_query($fee_sql_update); $summaryData = Fee::markPaidByList(explode(',', $fee_id_csv), $user_paid = 0, $paid_notes = '', $paid = 1, $fund_id); if ($bonus_id_csv) { Bonus::markPaidByList(explode(',', $bonus_id_csv), $user_paid = 0, $paid = 1, false, $fund_id); } } else { $alert_msg = "MassPay Failure"; $pp_message = '<p>MassPay failed:</p><p><pre>' . print_r($httpParsedResponseAr, true) . '</pre></p>'; if (!Utils::send_email(FINANCE_EMAIL, 'Masspay Fail', $pp_message)) { error_log("view-payments:MassPayFailure: Utils::send_email failed"); } } } else { $error_msg = 'Invalid MassPay Authentication<br />'; $error_msg .= 'IP: ' . $_SERVER['REMOTE_ADDR'] . '<br />'; $error_msg .= 'UserID: ' . $userId; if (!Utils::send_email(FINANCE_EMAIL, "Masspay Invalid Auth Attempt", $error_msg)) { error_log("view-payments:MassPayAuth: Utils::send_email failed"); } $alert_msg = "Invalid Authentication"; } break; default: //pull list of payees from db based on the time span $payee_totals = $this->getUserTotalsArray(); break; } $this->write('fund_id', $fund_id); $this->write('message', $message); $this->write('pp_message', $pp_message); $this->write('alert_msg', $alert_msg); $this->write('payee_totals', $payee_totals); $this->write('fund_projects', $fund_projects); $this->write('sql_get_fund_projects', $sql_get_fund_projects); $this->write('input', array('action' => isset($_POST['action']) ? $_POST['action'] : '', 'order' => isset($_GET["order"]) ? 'order=' . $_GET["order"] : '')); parent::run(); }
private function withdrawBid($bid_id, $withdraw_reason) { $res = mysql_query('SELECT * FROM `' . BIDS . '` WHERE `id`=' . $bid_id); $bid = mysql_fetch_object($res); // checking if is bidder or runner if (!empty($_SESSION['is_runner']) || $bid->bidder_id == $_SESSION['userid']) { // getting the job $res = mysql_query('SELECT * FROM `' . WORKLIST . '` WHERE `id` = ' . $bid->worklist_id); $job = mysql_fetch_assoc($res); if (!in_array($job['status'], array('Draft', 'Suggestion', 'Bidding', 'Done'))) { $creator_fee_desc = 'Creator'; $runner_fee_desc = 'Runner'; $WorkItem = new WorkItem($bid->worklist_id); $fees = $WorkItem->getFees($WorkItem->getId()); foreach ($fees as $fee) { if ($fee['desc'] == $creator_fee_desc) { $this->deleteFee($fee['id']); } if ($fee['desc'] == $runner_fee_desc) { $this->deleteFee($fee['id']); } } } // additional changes if status is WORKING, SVNHOLD, FUNCTIONAL or REVIEW if (($job['status'] == 'In Progress' || $job['status'] == 'Review' || $job['status'] == 'QA Ready') && $bid->accepted == 1 && (!empty($_SESSION['is_runner']) || $bid->bidder_id == $_SESSION['userid'])) { // change status of worklist item mysql_unbuffered_query("UPDATE `" . WORKLIST . "`\n SET `mechanic_id` = '0',\n `status` = 'Bidding'\n WHERE `id` = {$bid->worklist_id}\n LIMIT 1 ;"); } // set back to suggested if swb and is only bid $res = mysql_query('SELECT count(*) AS count_bids FROM `' . BIDS . '` WHERE `worklist_id` = ' . $job['id'] . ' AND `withdrawn` = 0'); $bidCount = mysql_fetch_assoc($res); if ($bidCount['count_bids'] == 1 && $job['status'] == 'Bidding' && $bid->bidder_id == $_SESSION['userid'] && ($job['runner_id'] = 0)) { mysql_unbuffered_query("UPDATE `" . WORKLIST . "` SET `status` = 'Suggestion' WHERE `id` = {$bid->worklist_id} LIMIT 1 ;"); } // change bid to withdrawn and set bids.accepted to 0 mysql_unbuffered_query('UPDATE `' . BIDS . '` SET `withdrawn` = 1 , `accepted` = 0 WHERE `id` = ' . $bid->id); // delete the fee entry for this bid mysql_unbuffered_query('UPDATE `' . FEES . '` SET `withdrawn` = 1 WHERE `worklist_id` = ' . $bid->worklist_id . ' AND `user_id` = ' . $bid->bidder_id . ' AND `bid_id` = ' . $bid->id); // Get user $user = User::find($bid->bidder_id); // Journal message $message = 'A bid was deleted from #' . $job['id']; // Journal notification Utils::systemNotification($message); // Sending email to the bidder or runner $subject = "Bid: " . $job['id'] . " (" . $job['summary'] . ")"; if (!empty($_SESSION['is_runner'])) { // Send to bidder $recipient = $user; $body = "<p>Your bid has been deleted from item #" . $job['id'] . " by: " . $_SESSION['nickname'] . "</p>"; } else { // Send to runner $recipient = User::find($job['runner_id']); $body = "<p>A bid has been deleted from item #" . $job['id'] . " by: " . $_SESSION['nickname'] . "</p>"; } if (strlen($withdraw_reason) > 0) { // nl2br is added for proper formatting in email alert 12-MAR-2011 <webdev> $body .= "<p>Reason: " . nl2br($withdraw_reason) . "</p>"; } // Continue adding text to email body $item_link = SERVER_URL . $bid->worklist_id; $body .= "<p><a href='{$item_link}'>View Item</a></p>"; $body .= "<p>If you think this has been done in error, please contact the job Runner.</p>"; if (!Utils::send_email($recipient->getUsername(), $subject, $body)) { error_log("withdrawBid: Utils::send_email failed"); } // Check if there are any active bids remaining $res = mysql_query("SELECT count(*) AS active_bids FROM `" . BIDS . "` WHERE `worklist_id` = " . $job['id'] . " AND `withdrawn` = 0 AND (NOW() < `bid_expires` OR `bid_expires`='0000-00-00 00:00:00')"); $bids = mysql_fetch_assoc($res); if ($bids['active_bids'] < 1) { // There are no active bids, so resend notifications $workitem = new WorkItem(); $workitem->loadById($job['id']); Notification::massStatusNotify($workitem); } } }