* Copyright (C) 2006-2011 Alex Lance, Clancy Malcolm, Cyber IT Solutions
* Pty. Ltd.
*
* This file is part of the allocPSA application <*****@*****.**>.
*
* allocPSA is free software: you can redistribute it and/or modify it
* under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or (at
* your option) any later version.
*
* allocPSA is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
* License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with allocPSA. If not, see <http://www.gnu.org/licenses/>.
*/
require_once "../alloc.php";
global $sess;
global $TPL;
$historyID = $_POST["historyID"] or $historyID = $_GET["historyID"];
if ($historyID) {
if (is_numeric($historyID)) {
$db = new db_alloc();
$query = prepare("SELECT * FROM history WHERE historyID = %d", $historyID);
$db->query($query);
$db->next_record();
alloc_redirect($sess->url($TPL[$db->f("the_place")] . "historyID=" . $historyID) . $db->f("the_args"));
}
}
singleton("errors_thrown", true);
if (!have_entity_perm("inbox", PERM_READ, $current_user)) {
alloc_error("Permission denied.", true);
}
$info = inbox::get_mail_info();
if (!$info["host"]) {
alloc_error("Email mailbox host not defined, assuming email function is inactive.", true);
}
if ($_REQUEST["id"] && $_REQUEST["hash"] && !inbox::verify_hash($_REQUEST["id"], $_REQUEST["hash"])) {
alloc_error("The IMAP ID for that email is no longer valid. Refresh the list and try again.");
} else {
if ($_REQUEST["id"] && $_REQUEST["hash"]) {
$_REQUEST["archive"] && inbox::archive_email($_REQUEST);
// archive the email by moving it to another folder
$_REQUEST["download"] && inbox::download_email($_REQUEST);
// download it to a mbox file
$_REQUEST["process"] && inbox::process_email($_REQUEST);
// attach it to a task etc
$_REQUEST["readmail"] && inbox::read_email($_REQUEST);
// mark the email as read
$_REQUEST["unreadmail"] && inbox::unread_email($_REQUEST);
// mark the email as unread
$_REQUEST["newtask"] && inbox::process_email_to_task($_REQUEST);
// use this email to create a new task
$_REQUEST["taskID"] && inbox::attach_email_to_existing_task($_REQUEST);
// attach email as new comment thread onto existing task
alloc_redirect($TPL["url_alloc_inbox"]);
}
}
$TPL["rows"] = inbox::get_list();
include_template("templates/inboxM.tpl");
$transactionRepeat->delete();
alloc_redirect($TPL["url_alloc_transactionRepeatList"] . "tfID=" . $_POST["tfID"]);
}
$_POST["product"] or alloc_error("Please enter a Product");
$_POST["amount"] or alloc_error("Please enter an Amount");
$_POST["fromTfID"] or alloc_error("Please select a Source TF");
$_POST["tfID"] or alloc_error("Please select a Destination TF");
$_POST["companyDetails"] or alloc_error("Please provide Company Details");
$_POST["transactionType"] or alloc_error("Please select a Transaction Type");
$_POST["transactionStartDate"] or alloc_error("You must enter the Start date in the format yyyy-mm-dd");
$_POST["transactionFinishDate"] or alloc_error("You must enter the Finish date in the format yyyy-mm-dd");
if (!$TPL["message"]) {
!$transactionRepeat->get_value("status") && $transactionRepeat->set_value("status", "pending");
$transactionRepeat->set_value("companyDetails", rtrim($transactionRepeat->get_value("companyDetails")));
$transactionRepeat->save();
alloc_redirect($TPL["url_alloc_transactionRepeat"] . "transactionRepeatID=" . $transactionRepeat->get_id());
}
$transactionRepeat->set_values();
}
$TPL["reimbursementRequired_checked"] = $transactionRepeat->get_value("reimbursementRequired") ? " checked" : "";
if ($transactionRepeat->get_value("transactionRepeatModifiedUser")) {
$db->query("select username from person where personID=%d", $transactionRepeat->get_value("transactionRepeatModifiedUser"));
$db->next_record();
$TPL["user"] = $db->f("username");
}
if (have_entity_perm("tf", PERM_READ, $current_user, false)) {
// Person can access all TF records
$q = prepare("SELECT tfID AS value, tfName AS label \n FROM tf \n WHERE tfActive = 1 \n OR tf.tfID = %d \n OR tf.tfID = %d \n ORDER BY tfName", $transactionRepeat->get_value("tfID"), $transactionRepeat->get_value("fromTfID"));
} else {
if (have_entity_perm("tf", PERM_READ, $current_user, true)) {
// Person can only read TF records that they own
}
}
}
}
}
}
alloc_redirect($url . $msg);
exit;
}
// If deleting a record
} else {
if ($_POST["delete"]) {
if ($task->can_be_deleted()) {
$task->read_globals();
$task->delete();
alloc_redirect($TPL["url_alloc_taskList"]);
} else {
alloc_error("This task cannot be deleted. You either don't have permission, or this task has history items.");
}
}
}
// Start stuff here
$task->set_values("task_");
$person = new person();
$person->set_id($task->get_value("creatorID"));
$person->select();
$TPL["task_createdBy"] = $person->get_name();
$TPL["task_createdBy_personID"] = $person->get_id();
if ($task->get_value("closerID") && $task->get_value("dateClosed")) {
$TPL["task_closed_by"] = person::get_fullname($task->get_value("closerID"));
$TPL["task_closed_when"] = $task->get_value("dateClosed");
<?php /* * Copyright (C) 2006-2011 Alex Lance, Clancy Malcolm, Cyber IT Solutions * Pty. Ltd. * * This file is part of the allocPSA application <*****@*****.**>. * * allocPSA is free software: you can redistribute it and/or modify it * under the terms of the GNU Affero General Public License as published by * the Free Software Foundation, either version 3 of the License, or (at * your option) any later version. * * allocPSA is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public * License for more details. * * You should have received a copy of the GNU Affero General Public License * along with allocPSA. If not, see <http://www.gnu.org/licenses/>. */ require_once "../alloc.php"; $sess->Destroy(); $url = $TPL["url_alloc_index"]; alloc_redirect($url);
$abc123_f = ALLOC_MOD_DIR . "patches/" . $abc123_file;
if (!in_array($abc123_file, $abc123_applied_patches)) {
apply_patch($abc123_f);
}
}
// Apply a single patch
} else {
if ($_REQUEST["apply_patch"] && $_REQUEST["patch_file"]) {
$abc123_f = ALLOC_MOD_DIR . "patches/" . $_REQUEST["patch_file"];
if (!in_array($abc123_file, $abc123_applied_patches)) {
apply_patch($abc123_f);
}
} else {
if ($_REQUEST["remove_patch"] && $_REQUEST["patch_file"]) {
$abc123_f = ALLOC_MOD_DIR . "patches/" . $_REQUEST["patch_file"];
$q = prepare("INSERT INTO patchLog (patchName, patchDesc, patchDate) \n VALUES ('%s','%s','%s')", $_REQUEST["patch_file"], "Patch not applied.", date("Y-m-d H:i:s"));
$db = new db_alloc();
$db->query($q);
}
}
}
$abc123_applied_patches = get_applied_patches();
foreach ($abc123_files as $abc123_file) {
if (!in_array($abc123_file, $abc123_applied_patches)) {
$abc123_incomplete = true;
}
}
if (!$abc123_incomplete) {
alloc_redirect($TPL["url_alloc_login"]);
}
include_template("templates/patch.tpl");
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
* License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with allocPSA. If not, see <http://www.gnu.org/licenses/>.
*/
// For use like get_attachment.php?entity=project&id=5&file=foo.bar
require_once "../alloc.php";
$id = $_GET["id"] or $id = $_POST["id"];
$file = $_GET["file"] or $file = $_POST["file"];
$entity = $_GET["entity"] or $entity = $_POST["entity"];
$id = sprintf("%d", $id);
if ($id && $file && !preg_match("/\\.\\./", $file) && !preg_match("/\\//", $file) && !preg_match("/\\.\\./", $entity) && !preg_match("/\\//", $entity)) {
$e = new $entity();
$e->set_id($id);
$e->select();
$dir = ATTACHMENTS_DIR . $entity . DIRECTORY_SEPARATOR . $id . DIRECTORY_SEPARATOR;
$file = $dir . $file;
if ($e->has_attachment_permission_delete($current_user) && file_exists($file)) {
if (dirname($file) == dirname($dir . ".")) {
// last check
unlink($file);
alloc_redirect($TPL["url_alloc_" . $entity] . $entity . "ID=" . $id . "&sbs_link=attachments");
exit;
}
}
}
// return by default
alloc_redirect($TPL["url_alloc_" . $entity] . $entity . "ID=" . $id . "&sbs_link=attachments");
header('Content-Type: text/plain; charset=utf-8');
list($h, $b) = $mail->get_raw_email_by_msg_uid($_REQUEST["uid"]);
$mail->close();
echo $h . $b;
exit;
}
//$uids = $mail->get_all_email_msg_uids();
$t = new token();
$t->select_token_by_entity_and_action($c->get_value("commentType"), $c->get_value("commentLinkID"), "add_comment_from_email");
$hash = $t->get_value("tokenHash");
// First try a messageID search
if ($c->get_value("commentEmailMessageID")) {
$str = sprintf('TEXT "%s"', $c->get_value("commentEmailMessageID"));
$uids = $mail->get_emails_UIDs_search($str);
if (count($uids) == 1) {
alloc_redirect($TPL["url_alloc_downloadEmail"] . "commentID=" . $_REQUEST["commentID"] . "&uid=" . $uids[0]);
} else {
if (count($uids) > 1) {
$all_uids += $uids;
}
}
}
// Next try a hash lookup
if ($hash) {
$str = sprintf('TEXT "%s"', $hash);
$uids = $mail->get_emails_UIDs_search($str);
$uids and $all_uids += $uids;
}
$str = sprintf('FROM "%s" ', $c->get_value("commentCreatedUserText"));
$str .= sprintf(' ON "%s"', format_date("d-M-Y", $c->get_value("commentCreatedTime")));
$uids = $mail->get_emails_UIDs_search($str);
alloc_error(get_max_alloc_users_message());
}
if (!$TPL["message"]) {
$person->set_value("availability", rtrim($person->get_value("availability")));
$person->set_value("areasOfInterest", rtrim($person->get_value("areasOfInterest")));
$person->set_value("comments", rtrim($person->get_value("comments")));
$person->set_value("emergencyContact", rtrim($person->get_value("emergencyContact")));
$person->set_value("managementComments", rtrim($person->get_value("managementComments")));
$person->currency = config::get_config_item('currency');
$person->save();
alloc_redirect($TPL["url_alloc_personList"]);
}
} else {
if ($_POST["delete"]) {
$person->delete();
alloc_redirect($TPL["url_alloc_personList"]);
}
}
#$person = new person();
#$person->set_id($personID);
#$person->select();
$person->set_values("person_");
if ($person->get_id()) {
$q = prepare("SELECT tfPerson.tfID AS value, tf.tfName AS label \n FROM tf, tfPerson \n \t\t\t\t WHERE tf.tfID = tfPerson.tfID \n AND tfPerson.personID = %d \n AND (tf.tfActive = 1 OR tf.tfID = %d)", $person->get_id(), $person->get_value("preferred_tfID"));
$TPL["preferred_tfID_options"] = page::select_options($q, $person->get_value("preferred_tfID"));
$tf = new tf();
$tf->set_id($person->get_value("preferred_tfID"));
$tf->select();
}
$TPL["absence_url"] = $TPL["url_alloc_absence"] . "personID=" . $personID;
$TPL["personActive"] = !$person->get_id() || $person->get_value("personActive") ? " checked" : "";
// Save
} else {
if (imp($_POST["amount"][$k])) {
$a = array("productCostID" => $productCostID, "productID" => $productID, "tfID" => $_POST["tfID"][$k], "amount" => $_POST["amount"][$k], "isPercentage" => $_POST["save_commissions"] ? 1 : 0, "description" => $_POST["description"][$k], "currencyTypeID" => $_POST["currencyTypeID"][$k] ? $_POST["currencyTypeID"][$k] : config::get_config_item("currency"), "tax" => $_POST["tax"][$k], "productCostActive" => 1);
// Hardcode AUD for commissions because productCost table uses percent and dollars in same field
$_POST["save_commissions"] and $a["currencyTypeID"] = "AUD";
$productCost = new productCost();
$productCost->read_array($a);
//$errs = $productCost->validate();
if (!$errs) {
$productCost->save();
}
}
}
}
alloc_redirect($TPL["url_alloc_product"] . "productID=" . $product->get_id());
}
$m = new meta("currencyType");
$ops = $m->get_assoc_array("currencyTypeID", "currencyTypeID");
$TPL["sellPriceCurrencyOptions"] = page::select_options($ops, $product->get_value("sellPriceCurrencyTypeID"));
$TPL["main_alloc_title"] = "Product: " . $product->get_value("productName") . " - " . APPLICATION_NAME;
$product->set_values();
$product->set_tpl_values();
if (!$productID) {
$TPL["main_alloc_title"] = "New Product - " . APPLICATION_NAME;
$TPL["message_help"][] = "To create a new Product enter its Name and Sell Price.";
} else {
$TPL["message_help"][] = "Every sale of this Product can result in customised Cost and Commission transactions being automatically generated. \n <br><br>Click the 'New' link in the Costs/Commissions boxes below to add fixed Costs and percentage Commissions.";
}
$TPL["taxName"] = config::get_config_item("taxName");
$TPL["taxPercent"] = config::get_config_item("taxPercent");
$invoiceItem->select();
$invoiceItem->delete();
$TPL["message_good"][] = "Invoice Item deleted.";
alloc_redirect($TPL["url_alloc_invoice"] . "invoiceID=" . $invoiceID);
}
}
}
// Displaying a record
$invoice->set_id($invoiceID);
$invoice->select();
// if someone uploads an attachment
} else {
if ($_POST["save_attachment"]) {
move_attachment("invoice", $invoiceID);
$TPL["message_good"][] = "Attachment saved.";
alloc_redirect($TPL["url_alloc_invoice"] . "invoiceID=" . $invoiceID);
}
}
}
}
if ($invoiceID && $invoiceItemIDs) {
$currency = $invoice->get_value("currencyTypeID");
$q = prepare("SELECT SUM(IF((iiTax IS NULL OR iiTax = 0) AND value,\n (value/100+1) * iiAmount * pow(10,-currencyType.numberToBasic),\n iiAmount * pow(10,-currencyType.numberToBasic)\n )) as sum_iiAmount\n FROM invoiceItem \n LEFT JOIN invoice on invoiceItem.invoiceID = invoice.invoiceID\n LEFT JOIN currencyType on invoice.currencyTypeID = currencyType.currencyTypeID\n LEFT JOIN config ON config.name = 'taxPercent'\n WHERE invoiceItem.invoiceID = %d", $invoiceID);
$db->query($q);
$db->next_record() and $TPL["invoiceTotal"] = page::money($currency, $db->f("sum_iiAmount"), "%S%m %c");
$q = prepare("SELECT sum(amount * pow(10,-currencyType.numberToBasic)) as sum_transaction_amount\n FROM transaction \n LEFT JOIN currencyType on transaction.currencyTypeID = currencyType.currencyTypeID\n WHERE status = 'approved' \n AND invoiceItemID in (%s)", $invoiceItemIDs);
$db->query($q);
$db->next_record() and $TPL["invoiceTotalPaid"] = page::money($currency, $db->f("sum_transaction_amount"), "%S%m %c");
}
$invoice->set_values();
$statii = invoice::get_invoice_statii();
} else {
if ($_POST["add_tax"] && $_POST["productSaleItemID"]) {
$productSaleItem = new productSaleItem();
$productSaleItem->set_id($_POST["productSaleItemID"]);
$productSaleItem->select();
$productSaleItem->create_transactions_tax();
} else {
if ($_POST["delete_transactions"] && $_POST["productSaleItemID"]) {
$productSaleItem = new productSaleItem();
$productSaleItem->set_id($_POST["productSaleItemID"]);
$productSaleItem->select();
$productSaleItem->delete_transactions();
} else {
if ($_POST["delete_productSale"]) {
$productSale->delete();
alloc_redirect($TPL["url_alloc_productSaleList"]);
}
}
}
}
}
}
}
if ($productSale->have_perm(PERM_APPROVE_PRODUCT_TRANSACTIONS)) {
define("CAN_APPROVE_TRANSACTIONS", 1);
} else {
define("CAN_APPROVE_TRANSACTIONS", 0);
}
$statuses = productSale::get_statii();
$statuses[$TPL["status"]] = "<b>" . $statuses[$TPL["status"]] . "</b>";
$TPL["statusText"] = implode(" | ", $statuses);
}
alloc_redirect($TPL["url_alloc_wiki"] . "target=" . urlencode($dirName));
}
// Else non-vcs save
} else {
// Creating a new directory or directories
if (!is_dir(wiki_module::get_wiki_path() . $dirName)) {
$bits = explode("/", $dirName);
$str = wiki_module::get_wiki_path();
foreach ((array) $bits as $bit) {
$str .= $slash . $bit;
mkdir($str);
$slash = "/";
}
$TPL["message_good"][] = "Directory created: " . $dirName;
alloc_redirect($TPL["url_alloc_wiki"] . "target=" . urlencode($dirName));
}
}
}
} else {
if ($_REQUEST["newDirectory"]) {
if ($_REQUEST["p"]) {
if (is_file(wiki_module::get_wiki_path() . $_REQUEST["p"])) {
$_REQUEST["p"] = dirname($_REQUEST["p"]);
$_REQUEST["p"] && substr($_REQUEST["p"], -1, 1) != DIRECTORY_SEPARATOR and $_REQUEST["p"] .= "/";
$_REQUEST["p"] == "." . DIRECTORY_SEPARATOR and $_REQUEST["p"] = "";
}
$TPL["dirName"] = $_REQUEST["p"];
}
include_template("templates/newDirectoryM.tpl");
} else {
}
// Write out all of the attachments and generated files to the local filesystem
foreach ((array) $files as $k => $f) {
$fullpath = $dir . DIRECTORY_SEPARATOR . $f["name"];
if ($f["blob"]) {
file_put_contents($fullpath, $f["blob"]);
} else {
if ($f["tmp_name"]) {
rename($f["tmp_name"], $fullpath);
}
}
$files[$k]["fullpath"] = $fullpath;
}
if ($files) {
comment::update_mime_parts($commentID, $files);
}
// Re-email the comment out, including any attachments
if (!comment::send_comment($commentID, $emailRecipients, false, $files)) {
alloc_error("Email failed to send.");
}
foreach ((array) $files as $k => $f) {
if (file_exists($f["fullpath"])) {
unlink($f["fullpath"]);
}
}
rmdir_if_empty($dir);
// Re-direct browser back home
$TPL["message_good"][] = $message_good;
$extra .= "&sbs_link=comments";
alloc_redirect($TPL["url_alloc_" . $_REQUEST["commentMaster"]] . $_REQUEST["commentMaster"] . "ID=" . $_REQUEST["commentMasterID"] . $extra);
#.prepare(" LEFT JOIN projectPerson on projectPerson.projectID = project.projectID ")
#.prepare("WHERE projectPerson.personID = '%d' ORDER BY projectName", $current_user->get_id());
} else {
$query = prepare("SELECT * FROM project ORDER by projectName");
}
// This needs to be just above the newTimeSheet_projectID logic
$projectID = $timeSheet->get_value("projectID");
// If we are entering the page from a project link: New time sheet
if ($_GET["newTimeSheet_projectID"] && !$projectID) {
$_GET["taskID"] and $tid = "&taskID=" . $_GET["taskID"];
$projectID = $_GET["newTimeSheet_projectID"];
$db = new db_alloc();
$q = prepare("SELECT * FROM timeSheet WHERE status = 'edit' AND personID = %d AND projectID = %d", $current_user->get_id(), $projectID);
$db->query($q);
if ($db->next_record()) {
alloc_redirect($TPL["url_alloc_timeSheet"] . "timeSheetID=" . $db->f("timeSheetID") . $tid);
}
}
if ($_GET["newTimeSheet_projectID"] && !$db->qr("SELECT * FROM projectPerson WHERE personID = %d AND projectID = %d", $current_user->get_id(), $_GET["newTimeSheet_projectID"])) {
alloc_error("You are not a member of the project (id:" . page::htmlentities($_GET["newTimeSheet_projectID"]) . "), please get a manager to add you to the project.");
}
$db->query($query);
while ($db->row()) {
$project_array[$db->f("projectID")] = $db->f("projectName");
}
$TPL["timeSheet_projectName"] = $project_array[$projectID];
$TPL["timeSheet_projectID"] = $projectID;
$TPL["taskID"] = $_GET["taskID"];
// Get the project record to determine which button for the edit status.
if ($projectID != 0) {
$project = new project();
$timeSheet = new timeSheet();
$timeSheet->set_id($timeSheetID);
$timeSheet->select();
$timeSheet->load_pay_info();
$timeSheetItem = new timeSheetItem();
if ($timeSheetItemID) {
$timeSheetItem->set_id($timeSheetItemID);
$timeSheetItem->select();
}
$timeSheetItem->read_globals();
$timeSheetItem->read_globals("timeSheetItem_");
if ($_POST["timeSheetItem_save"]) {
$timeSheetItem->read_globals();
$timeSheetItem->read_globals("timeSheetItem_");
$rtn = $timeSheetItem->save();
$rtn and $TPL["message_good"][] = "Time Sheet Item saved.";
$_POST["timeSheetItem_taskID"] and $t = "&taskID=" . $_POST["timeSheetItem_taskID"];
alloc_redirect($TPL["url_alloc_timeSheet"] . "timeSheetID=" . $timeSheetID . $t);
} else {
if ($_POST["timeSheetItem_edit"]) {
alloc_redirect($TPL["url_alloc_timeSheet"] . "timeSheetID=" . $timeSheetID . "&timeSheetItem_edit=true&timeSheetItemID=" . $timeSheetItem->get_id());
} else {
if ($_POST["timeSheetItem_delete"]) {
$timeSheetItem->select();
$timeSheetItem->delete();
$TPL["message_good"][] = "Time Sheet Item deleted.";
alloc_redirect($TPL["url_alloc_timeSheet"] . "timeSheetID=" . $timeSheetID);
}
}
}
}
$_POST["commit_msg"] .= "File deleted: " . $file;
if (!$errors && !is_dir(wiki_module::get_wiki_path() . $file)) {
// If we're using version control
if (is_object($vcs)) {
wiki_module::file_delete(wiki_module::get_wiki_path() . $file);
$vcs->rm(wiki_module::get_wiki_path() . $file, $_POST["commit_msg"]);
$TPL["message_good"][] = "File deleted: " . $file;
$TPL["file"] = $file;
$TPL["str"] = $text;
$TPL["commit_msg"] = $_POST["commit_msg"];
alloc_redirect($TPL["url_alloc_wiki"] . "target=" . urlencode(dirname($file)));
// Else non-vcs save
} else {
wiki_module::file_delete(wiki_module::get_wiki_path() . $file);
$TPL["message_good"][] = "File deleted: " . $file;
alloc_redirect($TPL["url_alloc_wiki"] . "target=" . urlencode(dirname($file)));
}
}
} else {
if ($_REQUEST["newFile"]) {
if ($_REQUEST["p"]) {
if (is_file(wiki_module::get_wiki_path() . $_REQUEST["p"])) {
$_REQUEST["p"] = dirname($_REQUEST["p"]);
$_REQUEST["p"] && substr($_REQUEST["p"], -1, 1) != DIRECTORY_SEPARATOR and $_REQUEST["p"] .= "/";
$_REQUEST["p"] == "." . DIRECTORY_SEPARATOR and $_REQUEST["p"] = "";
}
$TPL["editName"] = $_REQUEST["p"];
}
if ($_REQUEST["file"]) {
$TPL["editName"] = $_REQUEST["file"];
}
//$creator = implode(" ",array_shift(array_shift(explode(" ",$d->getFieldValue('creator')))));
$row["title"] = $d->getFieldValue('id') . " " . sprintf("<a href='%stimeSheetID=%d'>%s</a>", $TPL["url_alloc_timeSheet"], $d->getFieldValue('id'), "Time Sheet for " . page::htmlentities($d->getFieldValue('project')) . " by " . page::htmlentities($creator));
$row["related"] = sprintf("<a href='%sprojectID=%d'>%s</a>", $TPL["url_alloc_project"], $d->getFieldValue('pid'), page::htmlentities($d->getFieldValue('project')));
$row["desc"] = page::htmlentities($d->getFieldValue('desc'));
$TPL["search_results"][] = $row;
}
}
// Comment Search
} else {
if ($search && $needle && $category == "search_comment") {
$TPL["search_title"] = "Comment Search";
if (!$noRedirect && is_numeric($needle)) {
$query = prepare("SELECT commentID FROM comment WHERE commentID = %d", $needle);
$db->query($query);
if ($db->next_record()) {
alloc_redirect($TPL["url_alloc_comment"] . "commentID=" . $db->f("commentID"));
}
} else {
$index = new Zend_Search_Lucene(ATTACHMENTS_DIR . 'search/comment');
$query = Zend_Search_Lucene_Search_QueryParser::parse($needle);
$hits = $index->find($needle);
$TPL["index_count"] = $index->count();
$TPL["hits_count"] = count($hits);
foreach ($hits as $hit) {
$d = $hit->getDocument();
$row = array();
$row["idx"] = $hit->id;
$row["score"] = sprintf('%d%%', $hit->score * 100);
$row["title"] = page::htmlentities($d->getFieldValue('name'));
$row["related"] = sprintf("<a href='%s%sID=%d'>%s</a>", $TPL["url_alloc_" . $d->getFieldValue('type')], $d->getFieldValue('type'), $d->getFieldValue('typeid'), page::htmlentities($d->getFieldValue('typename')));
$row["desc"] = page::htmlentities($d->getFieldValue('desc'));
/*
* Copyright (C) 2006-2011 Alex Lance, Clancy Malcolm, Cyber IT Solutions
* Pty. Ltd.
*
* This file is part of the allocPSA application <*****@*****.**>.
*
* allocPSA is free software: you can redistribute it and/or modify it
* under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or (at
* your option) any later version.
*
* allocPSA is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
* License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with allocPSA. If not, see <http://www.gnu.org/licenses/>.
*/
require_once "../alloc.php";
if ($_REQUEST["entity"] && $_REQUEST["entityID"]) {
$stars = $current_user->prefs["stars"];
if ($stars[$_REQUEST["entity"]][$_REQUEST["entityID"]]) {
unset($stars[$_REQUEST["entity"]][$_REQUEST["entityID"]]);
} else {
$stars[$_REQUEST["entity"]][$_REQUEST["entityID"]] = true;
}
$current_user->prefs["stars"] = $stars;
$current_user->store_prefs();
alloc_redirect($TPL["url_alloc_" . $_REQUEST["entity"] . "List"]);
}
}
}
if ($_POST["returnItem"]) {
$dbTemp = new db_alloc();
$dbTemp->query("select * from loan where itemID=%d and dateReturned='0000-00-00'", $itemID);
$db = new db_alloc();
$db->query("select * from loan where loan.itemID=%d and dateBorrowed>dateReturned", $itemID);
$db->next_record();
$loan->set_id($db->f("loanID"));
if ($loan->select()) {
$loan->set_value("dateReturned", $today);
$loan->set_value("itemID", $itemID);
// check to see if admin/manager returning someone elses item, and sent email
if ($loan->get_value("personID") != $current_user->get_id()) {
if ($current_user->have_role("admin") || $current_user->have_role("manage")) {
$person = new person();
$person->set_id($loan->get_value("personID"));
$person->select();
$loan->save();
}
} else {
$loan->save();
}
}
alloc_redirect($TPL["url_alloc_loanAndReturn"]);
}
if ($_GET["return"]) {
include_template("templates/itemReturnM.tpl");
} else {
include_template("templates/itemBorrowM.tpl");
}
$reminder->set_value('reminderRecuringValue', $_POST["reminder_recuring_value"]);
}
$reminder->set_value('reminderAdvNoticeSent', '0');
if (!$_POST["reminder_advnotice_value"]) {
$reminder->set_value('reminderAdvNoticeInterval', 'No');
$reminder->set_value('reminderAdvNoticeValue', '0');
} else {
$reminder->set_value('reminderAdvNoticeInterval', $_POST["reminder_advnotice_interval"]);
$reminder->set_value('reminderAdvNoticeValue', $_POST["reminder_advnotice_value"]);
}
$reminder->set_value('reminderSubject', $_POST["reminder_subject"]);
$reminder->set_value('reminderContent', rtrim($_POST["reminder_content"]));
$reminder->set_value('reminderActive', sprintf("%d", $_POST["reminderActive"]));
$reminder->save();
$reminder->update_recipients($recipient_keys);
$returnToParent = "reminder";
$reminderID = $reminder->get_id();
$TPL["message_good"][] = "Reminder saved.";
} else {
if ($_POST["reminder_delete"] && $_POST["reminder_id"]) {
$reminder = new reminder();
$reminder->set_id($_POST["reminder_id"]);
$reminder->delete();
}
}
$headers = array("client" => $TPL["url_alloc_client"] . "clientID=" . $parentID . "&sbs_link=reminders", "project" => $TPL["url_alloc_project"] . "projectID=" . $parentID . "&sbs_link=reminders", "task" => $TPL["url_alloc_task"] . "taskID=" . $parentID . "&sbs_link=reminders", "home" => $TPL["url_alloc_home"], "calendar" => $TPL["url_alloc_taskCalendar"] . "personID=" . $_POST["personID"], "list" => $TPL["url_alloc_reminderList"], "reminder" => $TPL["url_alloc_reminder"] . "reminderID=" . $reminderID . "&step=3", "" => $TPL["url_alloc_reminderList"]);
alloc_redirect($headers[$returnToParent]);
break;
default:
alloc_error("Unrecognized state");
}
// Create an object to hold a commentTemplate
$commentTemplate = new commentTemplate();
// Load the commentTemplate from the database
$commentTemplateID = $_POST["commentTemplateID"] or $commentTemplateID = $_GET["commentTemplateID"];
if ($commentTemplateID) {
$commentTemplate->set_id($commentTemplateID);
$commentTemplate->select();
}
// Process submission of the form using the save button
if ($_POST["save"]) {
$commentTemplate->read_globals();
$commentTemplate->save();
alloc_redirect($TPL["url_alloc_commentTemplateList"]);
// Process submission of the form using the delete button
} else {
if ($_POST["delete"]) {
$commentTemplate->delete();
alloc_redirect($TPL["url_alloc_commentTemplateList"]);
exit;
}
}
// Load data for display in the template
$commentTemplate->set_values();
$ops = array("" => "Comment Template Type", "task" => "Task", "timeSheet" => "Time Sheet", "project" => "Project", "client" => "Client", "invoice" => "Invoice", "productSale" => "Sale");
$TPL["commentTemplateTypeOptions"] = page::select_options($ops, $commentTemplate->get_value("commentTemplateType"));
$TPL["main_alloc_title"] = "Edit Comment Template - " . APPLICATION_NAME;
// Invoke the page's main template
include_template("templates/commentTemplateM.tpl");
?>
if ($expenseForm->get_value("reimbursementRequired") == 0 || $expenseForm->get_value("reimbursementRequired") == 1) {
$expenseForm->set_value("paymentMethod", "");
}
$expenseForm->set_value("seekClientReimbursement", $_POST["seekClientReimbursement"] ? 1 : 0);
$expenseForm->set_value("expenseFormFinalised", 1);
$expenseForm->set_value("expenseFormComment", rtrim($expenseForm->get_value("expenseFormComment")));
$expenseForm->save();
alloc_redirect($TPL["url_alloc_expenseForm"] . "expenseFormID=" . $expenseForm->get_id());
exit;
} else {
if ($_POST["unfinalise"]) {
$expenseForm->read_globals();
$expenseForm->set_value("expenseFormFinalised", 0);
$expenseForm->set_value("expenseFormComment", rtrim($expenseForm->get_value("expenseFormComment")));
$expenseForm->save();
alloc_redirect($TPL["url_alloc_expenseForm"] . "expenseFormID=" . $expenseForm->get_id());
exit;
} else {
if ($_POST["attach_transactions_to_invoice"] && $current_user->have_role("admin")) {
$expenseForm->save_to_invoice($_POST["attach_to_invoiceID"]);
}
}
}
}
}
}
}
}
if (is_object($expenseForm) && $expenseForm->get_value("expenseFormFinalised") && $current_user->get_id() == $expenseForm->get_value("expenseFormCreatedUser")) {
$TPL["message_help"][] = "Step 4/4: Print out the Expense Form using the Printer Friendly Version link, attach receipts and hand in to office admin.";
} else {
if ($transaction->save()) {
// need to check this again as transaction->save might have triggered an error
$TPL["message_good"][] = "Transaction Saved";
if ($_POST["saveAndNew"]) {
alloc_redirect($TPL["url_alloc_transaction"] . "new=true");
}
if ($_POST["saveGoTf"]) {
alloc_redirect($TPL["url_alloc_transactionList"] . "tfID=" . $transaction->get_value("tfID"));
}
alloc_redirect($TPL["url_alloc_transaction"] . "transactionID=" . $transaction->get_id());
}
}
} else {
if ($_POST["delete"]) {
$transaction->delete();
alloc_redirect($TPL["url_alloc_transactionList"] . "tfID=" . $transaction->get_value("tfID"));
}
}
$transaction->set_tpl_values();
$t = new meta("currencyType");
$currency_array = $t->get_assoc_array("currencyTypeID", "currencyTypeID");
$TPL["currencyOptions"] = page::select_options($currency_array, $transaction->get_value("currencyTypeID"));
$TPL["product"] = page::htmlentities($transaction->get_value("product"));
$TPL["statusOptions"] = page::select_options(array("pending" => "Pending", "rejected" => "Rejected", "approved" => "Approved"), $transaction->get_value("status"));
$transactionTypes = transaction::get_transactionTypes();
$TPL["transactionTypeOptions"] = page::select_options($transactionTypes, $transaction->get_value("transactionType"));
is_object($transaction) and $TPL["transactionTypeLink"] = $transaction->get_transaction_type_link();
$db = new db_alloc();
$tf = new tf();
$options = $tf->get_assoc_array("tfID", "tfName");
// Special cases for the current tfID and fromTfID
<?php /* * Copyright (C) 2006-2011 Alex Lance, Clancy Malcolm, Cyber IT Solutions * Pty. Ltd. * * This file is part of the allocPSA application <*****@*****.**>. * * allocPSA is free software: you can redistribute it and/or modify it * under the terms of the GNU Affero General Public License as published by * the Free Software Foundation, either version 3 of the License, or (at * your option) any later version. * * allocPSA is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public * License for more details. * * You should have received a copy of the GNU Affero General Public License * along with allocPSA. If not, see <http://www.gnu.org/licenses/>. */ require_once "./alloc.php"; alloc_redirect($TPL["url_alloc_home"]);
}
// Displaying a record
$project->set_id($projectID);
$project->select() || alloc_error("Could not load project {$projectID}");
} else {
// Creating a new record
$project->read_globals();
$projectID = $project->get_id();
$project->select();
}
// Comments
$TPL["comment_buttons"] = "<input type=\"submit\" name=\"comment_save\" value=\"Save Comment\">";
// if someone uploads an attachment
if ($_POST["save_attachment"]) {
move_attachment("project", $projectID);
alloc_redirect($TPL["url_alloc_project"] . "projectID=" . $projectID . "&sbs_link=attachments");
}
$project->set_values("project_");
$db = new db_alloc();
$clientID = $project->get_value("clientID") or $clientID = $_GET["clientID"];
$client = new client();
$client->set_id($clientID);
$client->select();
$client->set_tpl_values("client_");
// If a client has been chosen
if ($clientID) {
$query = prepare("SELECT * \n FROM clientContact\n WHERE clientContact.clientID = %d AND clientContact.primaryContact = true", $clientID);
$db->query($query);
$cc = new clientContact();
$cc->read_db_record($db);
$one = $client->format_address("postal");
} else {
if ($_POST["save_attachment"]) {
move_attachment("client", $clientID);
alloc_redirect($TPL["url_alloc_client"] . "clientID=" . $clientID . "&sbs_link=attachments");
} else {
if ($_GET["get_vcard"]) {
$clientContact = new clientContact();
$clientContact->set_id($_GET["clientContactID"]);
$clientContact->select();
$clientContact->output_vcard();
return;
} else {
if ($_POST["delete"]) {
$client->read_globals();
$client->delete();
alloc_redirect($TPL["url_alloc_clientList"]);
} else {
$client->set_id($clientID);
$client->select();
}
$client->set_values("client_");
}
}
}
$m = new meta("clientStatus");
$clientStatus_array = $m->get_assoc_array("clientStatusID", "clientStatusID");
$TPL["clientStatusOptions"] = page::select_options($clientStatus_array, $client->get_value("clientStatus"));
$clientCategories = config::get_config_item("clientCategories") or $clientCategories = array();
foreach ($clientCategories as $k => $v) {
$cc[$v["value"]] = $v["label"];
}
// The default From: email address
if (config::get_config_item("AllocFromEmailAddress")) {
define("ALLOC_DEFAULT_FROM_ADDRESS", add_brackets(config::get_config_item("AllocFromEmailAddress")));
}
// The default email bounce address
define("ALLOC_DEFAULT_RETURN_PATH_ADDRESS", config::get_config_item("allocEmailAdmin"));
// If a script has NO_AUTH enabled, then it will perform its own
// authentication. And will be responsible for setting up any of:
// $current_user and $sess.
if (!defined("NO_AUTH")) {
$current_user =& singleton("current_user", new person());
$sess = new session();
// If session hasn't been started re-direct to login page
if (!$sess->Started()) {
defined("NO_REDIRECT") && exit("Session expired. Please <a href='" . $TPL["url_alloc_login"] . "'>log in</a> again.");
alloc_redirect($TPL["url_alloc_login"] . ($_SERVER['REQUEST_URI'] != '/' ? '?forward=' . urlencode($_SERVER['REQUEST_URI']) : ''));
// Else load up the current_user and continue
} else {
if ($sess->Get("personID")) {
$current_user->load_current_user($sess->Get("personID"));
}
}
}
// Setup all the urls
require_once ALLOC_MOD_DIR . "shared" . DIRECTORY_SEPARATOR . "global_tpl_values.inc.php";
$TPL = get_alloc_urls($TPL, $sess);
// Add user's navigation to quick list dropdown
if (is_object($current_user) && $current_user->get_id()) {
$history = new history();
$history->save_history();
$TPL["current_user"] =& $current_user;
foreach ($ops as $v) {
$table_name_options[$v] = $v;
}
$TPL["tableNameOptions"] = page::select_options($table_name_options, $permission->get_value("tableName"));
include_template("templates/permissionTableM.tpl");
exit;
}
if ($_POST["save"]) {
$permission->set_value("actions", $actions);
$permission->set_value("comment", rtrim($permission->get_value("comment")));
$permission->save();
alloc_redirect($TPL["url_alloc_permissionList"]);
} else {
if ($_POST["delete"]) {
$permission->delete();
alloc_redirect($TPL["url_alloc_permissionList"]);
}
}
// necessary
$permission->select();
$TPL["roleNameOptions"] = page::select_options(permission::get_roles(), $permission->get_value("roleName"));
$table_name = $_POST["tableName"] or $table_name = $permission->get_value("tableName");
$entity = new $table_name();
foreach ($entity->permissions as $value => $label) {
if (($permission->get_value("actions") & $value) == $value) {
$sel[] = $value;
}
}
$TPL["actionOptions"] = page::select_options($entity->permissions, $sel);
$TPL["main_alloc_title"] = "Edit Permission - " . APPLICATION_NAME;
include_template("templates/permissionM.tpl");
$transaction->delete();
$deleted .= $commar1 . $transactionID;
$commar1 = ", ";
// Save
} else {
if ($_POST["amount"][$k]) {
$a = array("amount" => $_POST["amount"][$k], "tfID" => $_POST["tfID"][$k], "fromTfID" => $_POST["fromTfID"][$k], "product" => $_POST["product"][$k], "description" => $_POST["description"][$k], "transactionType" => $_POST["transactionType"][$k], "transactionDate" => $_POST["transactionDate"][$k], "status" => $_POST["status"][$k], "transactionGroupID" => $transactionGroupID, "transactionID" => $_POST["transactionID"][$k]);
$transaction = new transaction();
if ($_POST["transactionID"][$k]) {
$transaction->set_id($_POST["transactionID"][$k]);
$transaction->select();
}
$transaction->read_array($a);
$v = $transaction->validate();
if ($v == "") {
$transaction->save();
$saved .= $commar2 . $transaction->get_id();
$commar2 = ", ";
} else {
alloc_error(implode("<br>", $v));
}
}
}
}
}
$saved and $TPL["message_good"][] = "Transaction " . $saved . " saved.";
$deleted and $TPL["message_good"][] = "Transaction " . $deleted . " deleted.";
alloc_redirect($TPL["url_alloc_transactionGroup"] . "transactionGroupID=" . $transactionGroupID);
}
$TPL["main_alloc_title"] = "Edit Transactions - " . APPLICATION_NAME;
include_template("templates/transactionGroupM.tpl");