// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +---------------------------------------------------------------------------+
//
require_once "../lib-common.php";
// Path to your lib-common.php
require_once $_CONF['path'] . 'plugins/nexcontent/debug.php';
// Common Debug Code
require_once $_CONF['path'] . 'plugins/nexcontent/library.php';
// Common Debug Code
$SE_SHOWBLOCK = true;
$myvars = array('topic', 'page');
ppGetData($myvars, true);
/* Add .. check to see user has access to this page */
$sql = "SELECT id FROM {$_TABLES['nexcontent_pages']} WHERE (id='{$page}' OR sid='{$page}') AND is_draft=0";
$sql .= COM_getPermSQL('AND');
$query = DB_query($sql);
if ($page != '' and DB_numRows($query) > 0) {
list($page) = DB_fetchArray($query);
$pageview = new Template($_CONF['path_layout'] . 'nexcontent');
$query = DB_query("SELECT pid,type,name,heading,pagetitle,blockformat,heading,content,show_submenu,submenu_item, show_breadcrumbs FROM {$_TABLES['nexcontent_pages']} WHERE id='{$page}'");
list($pid, $type, $title, $heading, $pagetitle, $blkformat, $heading, $content, $show_submenu, $submenu_item, $show_breadcrumbs) = DB_fetchArray($query);
// Check if user has permissions to edit this page
$sql = "SELECT id FROM {$_TABLES['nexcontent_pages']} WHERE id='{$page}' ";
$sql .= COM_getPermSQL('AND', 0, 3);
$bquery = DB_query($sql);
if (DB_numRows($bquery) > 0) {
$editperms = true;
array_shift($tokens);
$val = implode('=', $tokens);
$pluginLangLabels[$key] = trim($val);
}
echo $pluginLangLabels['add_project'];
echo COM_siteHeader(array('custom_showBlocks', $_PRJCONF['leftblocks']));
$_CLEAN = array();
$mytextvars = array('showUsers', 'showGroups', 'showUsersVal', 'showGroupsVal', 'op', 'usersandgroups');
$_CLEAN = array_merge($_CLEAN, ppGetData($mytextvars, false, 'POST', 'text'));
// Integer only Variables
if ($_POST['pid'] == '') {
$myintvars = array('pid', 'edit', 'del', 'checkView', 'checkWrite', 'checkFull', 'rid');
$_CLEAN = array_merge($_CLEAN, ppGetData($myintvars, false, 'GET', 'int'));
} else {
$myintvars = array('pid', 'edit', 'del', 'checkView', 'checkWrite', 'checkFull', 'rid');
$_CLEAN = array_merge($_CLEAN, ppGetData($myintvars, false, 'POST', 'int'));
}
$pid = $_CLEAN['pid'];
if ($_USER['uid'] == '') {
$uid = 1;
} else {
$uid = $_USER['uid'];
}
$ret = prj_getProjectPermissions($pid, $uid);
if ($ret['full'] == TRUE) {
//who cares about anything else, if you're not allowed to do anything, why bother showing it at all....
//this is the main routine for those who should be here..
$op = $_CLEAN['op'];
switch ($op) {
case 'add':
//add a permission
$pid = DB_getItem($_TABLES['prj_tasks'], 'pid', "tid={$tid}");
}
$protoken = prj_getProjectPermissions($pid, $uid);
if ($protoken['teammember'] != 0 || $protoken['full'] != 0) {
// Filter Incoming Variables and make them global
// Text Variables which may contain quote's or other special characters
$newrec = array();
$newrec['pid'] = $pid;
$mytextvars = array('name', 'description', 'keywords');
$newrec = array_merge($newrec, ppGetData($mytextvars, false, 'POST', 'text'));
// Integer only Variables
$myintvars = array('priority_id', 'duration', 'duration_type_id', 'status_id', 'progress_id', 'progress', 'resource', 'parent_task');
$newrec = array_merge($newrec, ppGetData($myintvars, false, 'POST', 'int'));
// Basic Text Variables which should not contain quote's or other special characters
$myvars = array('start_date', 'estimated_end_date', 'actual_end_date', 'planned_end_date', 'last_updated_date', 'notification_enabled_flag', 'make_private_enabled_flag');
$newrec = array_merge($newrec, ppGetData($myvars, false, 'POST'));
// Convert Date to a timestamp
$newrec['start_date'] = pm_convertdate($newrec['start_date']);
$newrec['estimated_end_date'] = pm_convertdate($newrec['estimated_end_date']);
if ($newrec['actual_end_date'] == '') {
$newrec['actual_end_date'] = $newrec['estimated_end_date'];
} else {
$newrec['actual_end_date'] = pm_convertdate($newrec['actual_end_date']);
}
$newrec['planned_end_date'] = pm_convertdate($newrec['planned_end_date']);
$newrec['create_date'] = pm_getdate();
$newrec['last_updated_date'] = pm_getdate();
if ($newrec['actual_end_date'] < $newrec['start_date']) {
$newrec['actual_end_date'] = $newrec['start_date'] + 604800;
//add 1 week to the start date...
}
prg_updateAuditLog($logentry);
$msg = 'removeProject';
}
break;
case 'create':
// Filter Incoming Variables and make them global
// Text Variables which may contain quote's or other special characters
$_CLEAN = array();
$mytextvars = array('name', 'description', 'keywords');
$_CLEAN = array_merge($_CLEAN, ppGetData($mytextvars, false, 'POST', 'text'));
// Integer only Variables
$myintvars = array('priority', 'status', 'progress', 'objective', 'percent', 'location', 'department', 'category', 'resources', 'department');
$_CLEAN = array_merge($_CLEAN, ppGetData($myintvars, false, 'POST', 'int'));
// Basic Text Variables which should not contain quote's or other special characters
$myvars = array('start_date', 'estimated_end_date', 'actual_end_date', 'notification', 'document', 'forum', 'private', 'template');
$_CLEAN = array_merge($_CLEAN, ppGetData($myvars, false, 'POST'));
$uid = $_USER['uid'];
$_CLEAN['percent'] = $_CLEAN['percent'] < 0 ? 0 : $_CLEAN['percent'] > 100 ? 100 : $_CLEAN['percent'];
$_CLEAN['createdate'] = pm_getdate();
$_CLEAN['startdate'] = pm_convertdate($_CLEAN['start_date']);
$_CLEAN['estimateddate'] = pm_convertdate($_CLEAN['estimated_end_date']);
if ($_CLEAN['actual_end_date'] == '') {
$_CLEAN['actual_end_date'] = $_CLEAN['estimated_end_date'];
} else {
$_CLEAN['actual_end_date'] = pm_convertdate($_CLEAN['actual_end_date']);
}
if ($_CLEAN['actual_end_date'] < $_CLEAN['startdate']) {
$_CLEAN['actual_end_date'] = $_CLEAN['startdate'] + 604800;
//add 1 week to the start date...
}
if ($_CLEAN['estimateddate'] < $_CLEAN['startdate']) {