 function find_by_partial_name($name = false, $projectID = false)
     $stack1 = array();
     $people = array();
     $db = new db_alloc();
     if ($projectID) {
         $db->query("SELECT clientID FROM project WHERE projectID = %d", $projectID);
         $row = $db->qr();
         if ($row["clientID"]) {
             $extra = prepare("AND clientID = %d", $row["clientID"]);
     $q = prepare("SELECT clientContactID, clientContactName\n                    FROM clientContact\n                   WHERE 1=1\n                     AND clientContactName like '%s%%'" . $extra, $name);
     while ($row = $db->row()) {
         $people[$db->f("clientContactID")] = $row;
     foreach ($people as $personID => $row) {
         similar_text(strtolower($row["clientContactName"]), strtolower($name), $percent1);
         $stack1[$personID] = $percent1;
     $probable1_clientContactID = key($stack1);
     $person_percent1 = current($stack1);
     if ($probable1_clientContactID) {
         return $probable1_clientContactID;
 function add_interested_parties($commentID, $ip = array(), $op = array())
     // We send this email to the default from address, so that a copy of the
     // original email is kept. The receiveEmail.php script will see that this
     // email is *from* the same address, and will then skip over it, when going
     // through the new emails.
         list($from_address, $from_name) = parse_email_address(ALLOC_DEFAULT_FROM_ADDRESS);
         $emailRecipients[] = $from_address;
     interestedParty::make_interested_parties("comment", $commentID, $ip);
     $emailRecipients[] = "interested";
     // Other parties that are added on-the-fly
     foreach ((array) $op as $email => $info) {
         if ($email && in_str("@", $email)) {
             unset($lt, $gt);
             // used above
             $str = $info["name"];
             $str and $str .= " ";
             $str and $lt = "<";
             $str and $gt = ">";
             $str .= $lt . str_replace(array("<", ">"), "", $email) . $gt;
             $emailRecipients[] = $str;
             // Add a new client contact
             if ($info["addContact"] && $info["clientID"]) {
                 $q = prepare("SELECT * FROM clientContact WHERE clientID = %d AND clientContactEmail = '%s'", $info["clientID"], trim($email));
                 $db = new db_alloc();
                 if (!$db->qr($q)) {
                     $cc = new clientContact();
                     $cc->set_value("clientContactName", trim($info["name"]));
                     $cc->set_value("clientContactEmail", trim($email));
                     $cc->set_value("clientID", sprintf("%d", $info["clientID"]));
             // Add the person to the interested parties list
             if ($info["addIP"] && !interestedParty::exists("comment", $commentID, trim($email))) {
                 $interestedParty = new interestedParty();
                 $interestedParty->set_value("fullName", trim($info["name"]));
                 $interestedParty->set_value("emailAddress", trim($email));
                 $interestedParty->set_value("entityID", $commentID);
                 $interestedParty->set_value("entity", "comment");
                 $interestedParty->set_value("external", $info["internal"] ? "0" : "1");
                 $interestedParty->set_value("interestedPartyActive", "1");
                 if (is_object($cc) && $cc->get_id()) {
                     $interestedParty->set_value("clientContactID", $cc->get_id());
     return $emailRecipients;
 function get_interested_parties_string($entity, $entityID)
     $q = prepare("SELECT get_interested_parties_string('%s',%d) as parties", $entity, $entityID);
     $db = new db_alloc();
     $row = $db->qr($q);
     return $row["parties"];
 } else {
     if ($_POST["save"]) {
         if ($expenseForm->get_value("reimbursementRequired") == 0 || $expenseForm->get_value("reimbursementRequired") == 1) {
             $expenseForm->set_value("paymentMethod", "");
         $expenseForm->set_value("seekClientReimbursement", $_POST["seekClientReimbursement"] ? 1 : 0);
         $expenseForm->set_value("expenseFormComment", rtrim($expenseForm->get_value("expenseFormComment")));
         alloc_redirect($TPL["url_alloc_expenseForm"] . "expenseFormID=" . $expenseForm->get_id());
     } else {
         if ($_POST["finalise"]) {
             $db = new db_alloc();
             $hasItems = $db->qr("SELECT * FROM transaction WHERE expenseFormID = %d", $expenseForm->get_id());
             if (!$hasItems) {
                 alloc_error("Unable to submit expense form, no items have been added.");
                 alloc_redirect($TPL["url_alloc_expenseForm"] . "expenseFormID=" . $expenseForm->get_id());
             if ($expenseForm->get_value("reimbursementRequired") == 0 || $expenseForm->get_value("reimbursementRequired") == 1) {
                 $expenseForm->set_value("paymentMethod", "");
             $expenseForm->set_value("seekClientReimbursement", $_POST["seekClientReimbursement"] ? 1 : 0);
             $expenseForm->set_value("expenseFormFinalised", 1);
             $expenseForm->set_value("expenseFormComment", rtrim($expenseForm->get_value("expenseFormComment")));
             alloc_redirect($TPL["url_alloc_expenseForm"] . "expenseFormID=" . $expenseForm->get_id());
                         $TPL["reminder_default_subject"] = commentTemplate::populate_string(config::get_config_item("emailSubject_reminderOther"), "");
     $TPL["reminder_default_content"] .= "\n" . $reminder->get_value('reminderContent');
     $TPL["parentType"] = $parentType;
     $TPL["parentID"] = $parentID;
     $TPL["reminderActive"] = $reminder->get_value("reminderActive");
     if (!is_object($reminder) || !$reminder->get_id()) {
         $TPL["reminderActive"] = true;
     if ($reminder->get_value("reminderHash")) {
         $db = new db_alloc();
         $r = $db->qr("SELECT tokenAction\n                    FROM token \n               LEFT JOIN tokenAction ON token.tokenActionID = tokenAction.tokenActionID\n                   WHERE token.tokenHash = '%s'", $reminder->get_value("reminderHash"));
         $TPL["tokenName"] = $r["tokenAction"];
 case 4:
     // save and return to list
     if ($_POST["reminder_save"] || $_POST["reminder_update"]) {
         $recipient_keys = $_POST["reminder_recipient"];
         // make 24 hour with 12am = 0 -> 11am = 11 -> 12pm = 12 -> 11pm = 23
         if ($_POST["reminder_hour"] == 12) {
             $_POST["reminder_hour"] = 0;
         if ($_POST["reminder_meridian"] == "pm") {
             $_POST["reminder_hour"] += 12;

// This nightmare of a patch just captures any comments created using the alloc-cli
// that didn't get stuck into the correct imap folder
function e($str)
    echo "<br>" . htmlentities($str);
$db = new db_alloc();
$row = $db->qr("SELECT count(*) AS sum FROM sentEmailLog WHERE sentEmailLogCreatedTime >= '2012-05-12 00:00:00'");
//e(sprintf("Found %d emails sent.",$row["sum"]));
$row = $db->qr("SELECT count(*) AS sum FROM comment WHERE commentCreatedTime >= '2012-05-12 00:00:00'");
//e(sprintf("Found %d comments created.",$row["sum"]));
$info["host"] = config::get_config_item("allocEmailHost");
$info["port"] = config::get_config_item("allocEmailPort");
$info["username"] = config::get_config_item("allocEmailUsername");
$info["password"] = config::get_config_item("allocEmailPassword");
$info["protocol"] = config::get_config_item("allocEmailProtocol");
$qid = $db->query("SELECT * FROM comment WHERE commentCreatedTime >= '2012-05-12 00:00:00'");
while ($row = $db->row($qid)) {
    // For each comment, ascertain the taskID
    $entity = $row["commentMaster"];
    $entityID = $row["commentMasterID"];
    // Use the taskID to query the mbox.taskID for all its emails
    $mail = new email_receive($info);
    $created = $mail->create_mailbox("INBOX/" . $entity . $entityID);
    $created or $created = $mail->create_mailbox("INBOX." . $entity . $entityID);
    $opened = $mail->open_mailbox("INBOX/" . $entity . $entityID);
    $uids = $mail->get_all_email_msg_uids();
    //e("Entity: ".$entity.$entityID." comment: ".$row["commentID"]." uids: ".print_r($uids,1));
 function moved_from_pending_to_open()
     if (is_object($this) && $this->get_id()) {
         if (substr($this->get_value("taskStatus"), 0, 4) == 'open') {
             $db = new db_alloc();
             $q = prepare("SELECT *\n                        FROM audit\n                       WHERE taskID = %d\n                         AND field = 'taskStatus'\n                    ORDER BY dateChanged DESC\n                       LIMIT 2,1", $this->get_id());
             $row = $db->qr($q);
             return substr($row["value"], 0, 7) == "pending";
    $query = prepare("SELECT * FROM project ORDER by projectName");
// This needs to be just above the newTimeSheet_projectID logic
$projectID = $timeSheet->get_value("projectID");
// If we are entering the page from a project link: New time sheet
if ($_GET["newTimeSheet_projectID"] && !$projectID) {
    $_GET["taskID"] and $tid = "&taskID=" . $_GET["taskID"];
    $projectID = $_GET["newTimeSheet_projectID"];
    $db = new db_alloc();
    $q = prepare("SELECT * FROM timeSheet WHERE status = 'edit' AND personID = %d AND projectID = %d", $current_user->get_id(), $projectID);
    if ($db->next_record()) {
        alloc_redirect($TPL["url_alloc_timeSheet"] . "timeSheetID=" . $db->f("timeSheetID") . $tid);
if ($_GET["newTimeSheet_projectID"] && !$db->qr("SELECT * FROM projectPerson WHERE personID = %d AND projectID = %d", $current_user->get_id(), $_GET["newTimeSheet_projectID"])) {
    alloc_error("You are not a member of the project (id:" . page::htmlentities($_GET["newTimeSheet_projectID"]) . "), please get a manager to add you to the project.");
while ($db->row()) {
    $project_array[$db->f("projectID")] = $db->f("projectName");
$TPL["timeSheet_projectName"] = $project_array[$projectID];
$TPL["timeSheet_projectID"] = $projectID;
$TPL["taskID"] = $_GET["taskID"];
// Get the project record to determine which button for the edit status.
if ($projectID != 0) {
    $project = new project();
    $projectManagers = $project->get_timeSheetRecipients();
 function move_forwards()
     $current_user =& singleton("current_user");
     global $TPL;
     $status = $this->get_value("status");
     $db = new db_alloc();
     if ($this->get_value("clientID")) {
         $c = $this->get_foreign_object("client");
         $extra = " for " . $c->get_value("clientName");
         $taskDesc[] = "";
     $taskname1 = "Sale " . $this->get_id() . ": raise an invoice" . $extra;
     $taskname2 = "Sale " . $this->get_id() . ": place an order to the supplier";
     $taskname3 = "Sale " . $this->get_id() . ": pay the supplier";
     $taskname4 = "Sale " . $this->get_id() . ": deliver the goods / action the work";
     $cyberadmin = 59;
     $taskDesc[] = "Sale items:";
     $taskDesc[] = "";
     foreach ((array) $this->get_productSaleItems() as $psiID => $psi_row) {
         $p = new product();
         $taskDesc[] = "  " . page::money($psi_row["sellPriceCurrencyTypeID"], $psi_row["sellPrice"], "%S%mo") . " for " . $psi_row["quantity"] . " x " . $p->get_name();
         $hasItems = true;
     if (!$hasItems) {
         return alloc_error("No sale items have been added.");
     $amounts = $this->get_amounts();
     $taskDesc[] = "";
     $taskDesc[] = "Total: " . $amounts["total_sellPrice"];
     $taskDesc[] = "Total inc " . config::get_config_item("taxName") . ": " . $amounts["total_sellPrice_plus_gst"];
     $taskDesc[] = "";
     $taskDesc[] = "Refer to the sale in alloc for up-to-date information:";
     $taskDesc[] = config::get_config_item("allocURL") . "sale/productSale.php?productSaleID=" . $this->get_id();
     $taskDesc = implode("\n", $taskDesc);
     if ($status == "edit") {
         $this->set_value("status", "allocate");
         $items = $this->get_productSaleItems();
         foreach ($items as $r) {
             $psi = new productSaleItem();
             if (!$db->qr("SELECT transactionID FROM transaction WHERE productSaleItemID = %d", $psi->get_id())) {
     } else {
         if ($status == "allocate") {
             $this->set_value("status", "admin");
             // 1. from salesperson to admin
             $q = prepare("SELECT * FROM task WHERE projectID = %d AND taskName = '%s'", $cyberadmin, $taskname1);
             if (config::for_cyber() && !$db->qr($q)) {
                 $task = new task();
                 $task->set_value("projectID", $cyberadmin);
                 // Cyber Admin Project
                 $task->set_value("taskName", $taskname1);
                 $task->set_value("managerID", $this->get_value("personID"));
                 // salesperson
                 $task->set_value("personID", 67);
                 // Cyber Support people (jane)
                 $task->set_value("priority", 3);
                 $task->set_value("taskTypeID", "Task");
                 $task->set_value("taskDescription", $taskDesc);
                 $task->set_value("dateTargetStart", date("Y-m-d"));
                 $task->set_value("dateTargetCompletion", date("Y-m-d", date("U") + 60 * 60 * 24 * 7));
                 $TPL["message_good"][] = "Task created: " . $task->get_id() . " " . $task->get_value("taskName");
                 $p1 = new person();
                 $p2 = new person();
                 $recipients[$p1->get_value("emailAddress")] = array("name" => $p1->get_name(), "addIP" => true, "internal" => true);
                 $recipients[$p2->get_value("emailAddress")] = array("name" => $p2->get_name(), "addIP" => true, "internal" => true);
                 $comment = $p2->get_name() . ",\n\n" . $taskname1 . "\n\n" . $taskDesc;
                 $commentID = comment::add_comment("task", $task->get_id(), $comment, "task", $task->get_id());
                 $emailRecipients = comment::add_interested_parties($commentID, null, $recipients);
                 // Re-email the comment out, including any attachments
                 if (!comment::send_comment($commentID, $emailRecipients)) {
                     alloc_error("Email failed to send.");
                 } else {
                     $TPL["message_good"][] = "Emailed task comment to " . $p1->get_value("emailAddress") . ", " . $p2->get_value("emailAddress") . ".";
         } else {
             if ($status == "admin" && $this->have_perm(PERM_APPROVE_PRODUCT_TRANSACTIONS)) {
                 $this->set_value("status", "finished");
                 if ($_REQUEST["changeTransactionStatus"]) {
                     $rows = $this->get_productSaleItems();
                     foreach ($rows as $row) {
                         $ids[] = $row["productSaleItemID"];
                     if ($ids) {
                         $q = prepare("UPDATE transaction SET status = '%s' WHERE productSaleItemID in (%s)", $_REQUEST["changeTransactionStatus"], $ids);
                         $db = new db_alloc();
                 // 2. from admin to salesperson
                 $q = prepare("SELECT * FROM task WHERE projectID = %d AND taskName = '%s'", $cyberadmin, $taskname2);
                 if (config::for_cyber() && !$db->qr($q)) {
                     $task = new task();
                     $task->set_value("projectID", $cyberadmin);
                     // Cyber Admin Project
                     $task->set_value("taskName", $taskname2);
                     $task->set_value("managerID", 67);
                     // Cyber Support people (jane)
                     $task->set_value("personID", $this->get_value("personID"));
                     // salesperson
                     $task->set_value("priority", 3);
                     $task->set_value("taskTypeID", "Task");
                     $task->set_value("taskDescription", $taskDesc);
                     $task->set_value("dateTargetStart", date("Y-m-d"));
                     $task->set_value("dateTargetCompletion", date("Y-m-d", date("U") + 60 * 60 * 24 * 7));
                     $q = prepare("SELECT * FROM task WHERE projectID = %d AND taskName = '%s'", $cyberadmin, $taskname1);
                     $rai_row = $db->qr($q);
                     if ($rai_row) {
                     $order_the_hardware_taskID = $task->get_id();
                     $TPL["message_good"][] = "Task created: " . $task->get_id() . " " . $task->get_value("taskName");
                     $task->add_notification(3, 1, "Task " . $task->get_id() . " " . $taskname2, "Task status moved from pending to open.", array(array("field" => "metaPersonID", "who" => -2)));
                 // 3. from salesperson to admin
                 $q = prepare("SELECT * FROM task WHERE projectID = %d AND taskName = '%s'", $cyberadmin, $taskname3);
                 if (config::for_cyber() && !$db->qr($q)) {
                     $task = new task();
                     $task->set_value("projectID", $cyberadmin);
                     // Cyber Admin Project
                     $task->set_value("taskName", $taskname3);
                     $task->set_value("managerID", $this->get_value("personID"));
                     // salesperson
                     $task->set_value("personID", 67);
                     // Cyber Support people (jane)
                     $task->set_value("priority", 3);
                     $task->set_value("taskTypeID", "Task");
                     $task->set_value("taskDescription", $taskDesc);
                     $task->set_value("dateTargetStart", date("Y-m-d"));
                     $task->set_value("dateTargetCompletion", date("Y-m-d", date("U") + 60 * 60 * 24 * 7));
                     $pay_the_supplier_taskID = $task->get_id();
                     $TPL["message_good"][] = "Task created: " . $task->get_id() . " " . $task->get_value("taskName");
                     $task->add_notification(3, 1, "Task " . $task->get_id() . " " . $taskname3, "Task status moved from pending to open.", array(array("field" => "metaPersonID", "who" => -2)));
                 // 4. from admin to salesperson
                 $q = prepare("SELECT * FROM task WHERE projectID = %d AND taskName = '%s'", $cyberadmin, $taskname4);
                 if (config::for_cyber() && !$db->qr($q)) {
                     $task = new task();
                     $task->set_value("projectID", $cyberadmin);
                     // Cyber Admin Project
                     $task->set_value("taskName", $taskname4);
                     $task->set_value("managerID", 67);
                     // Cyber Support people
                     $task->set_value("personID", $this->get_value("personID"));
                     // salesperson
                     $task->set_value("priority", 3);
                     $task->set_value("taskTypeID", "Task");
                     $task->set_value("taskDescription", $taskDesc);
                     $task->set_value("dateTargetStart", date("Y-m-d"));
                     $task->set_value("dateTargetCompletion", date("Y-m-d", date("U") + 60 * 60 * 24 * 7));
                     $TPL["message_good"][] = "Task created: " . $task->get_id() . " " . $task->get_value("taskName");
                     $task->add_notification(3, 1, "Task " . $task->get_id() . " " . $taskname4, "Task status moved from pending to open.", array(array("field" => "metaPersonID", "who" => -2)));
 function can_edit_rate()
     $current_user =& singleton("current_user");
     $db = new db_alloc();
     $row = $db->qr("SELECT can_edit_rate(%d,%d) as allow", $current_user->get_id(), $this->get_value("projectID"));
     return $row["allow"];
 function archive($mailbox = null)
     $keys = $this->get_hashes();
     $token = new token();
     if ($keys && is_array($keys) && $token->set_hash($keys[0])) {
         if ($token->get_value("tokenEntity") == "comment") {
             $db = new db_alloc();
             $row = $db->qr("SELECT commentMaster,commentMasterID \n                          FROM comment\n                         WHERE commentID = %d", $token->get_value("tokenEntityID"));
             $m = $row["commentMaster"];
             $mID = $row["commentMasterID"];
             $mailbox = "INBOX/" . $m . $mID;
         } else {
             $m = $token->get_value("tokenEntity");
             $mID = $token->get_value("tokenEntityID");
             $mailbox = "INBOX/" . $m . $mID;
     $mailbox or $mailbox = "INBOX";
     // Some IMAP servers like dot-separated mail folders, some like slash-separated
     if ($mailbox) {
         if ($this->msg_uid) {
             $this->move_mail($this->msg_uid, $mailbox);
         } else {
             if ($this->msg_text) {
                 $this->append($mailbox, $this->msg_text);
 function can_move($direction)
     $newstatus = $this->next_status($direction);
     if ($direction == "forwards" && $newstatus == "finished") {
         if ($this->has_pending_transactions()) {
             alloc_error("There are still Invoice Items pending. This Invoice cannot be marked completed.");
             return false;
     if ($direction == "forwards" && $newstatus == "reconcile") {
         $db = new db_alloc();
         $hasItems = $db->qr("SELECT * FROM invoiceItem WHERE invoiceID = %d", $this->get_id());
         if (!$hasItems) {
             alloc_error("Unable to submit invoice, no items have been added.");
             return false;
     return true;

define("NO_REDIRECT", 1);
require_once "../alloc.php";
if ($_REQUEST["taskID"]) {
    $q = prepare("SELECT taskID, taskName FROM task WHERE taskID = %d", $_REQUEST["taskID"]);
    $db = new db_alloc();
    $row = $db->qr($q);
    echo page::htmlentities($row["taskID"] . " " . $row["taskName"]);