From 6854cb3f4d8219cf1829e32122eb2502a916eae9 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Sat, 1 Feb 2020 09:05:48 +0100 Subject: initial checkin --- scripts/activity.php | 64 ++++ scripts/admin.php | 185 +++++++++++ scripts/authenticate.php | 104 +++++++ scripts/depends.php | 196 ++++++++++++ scripts/details.php | 768 ++++++++++++++++++++++++++++++++++++++++++++++ scripts/editcomment.php | 28 ++ scripts/index.php | 534 ++++++++++++++++++++++++++++++++ scripts/langdiff.php | 192 ++++++++++++ scripts/langedit.php | 329 ++++++++++++++++++++ scripts/lostpw.php | 32 ++ scripts/myprofile.php | 41 +++ scripts/newmultitasks.php | 20 ++ scripts/newtask.php | 53 ++++ scripts/oauth.php | 201 ++++++++++++ scripts/pm.php | 61 ++++ scripts/register.php | 63 ++++ scripts/reports.php | 122 ++++++++ scripts/roadmap.php | 84 +++++ scripts/toplevel.php | 103 +++++++ scripts/user.php | 43 +++ 20 files changed, 3223 insertions(+) create mode 100644 scripts/activity.php create mode 100644 scripts/admin.php create mode 100644 scripts/authenticate.php create mode 100644 scripts/depends.php create mode 100644 scripts/details.php create mode 100644 scripts/editcomment.php create mode 100644 scripts/index.php create mode 100644 scripts/langdiff.php create mode 100644 scripts/langedit.php create mode 100644 scripts/lostpw.php create mode 100644 scripts/myprofile.php create mode 100644 scripts/newmultitasks.php create mode 100644 scripts/newtask.php create mode 100644 scripts/oauth.php create mode 100644 scripts/pm.php create mode 100644 scripts/register.php create mode 100644 scripts/reports.php create mode 100644 scripts/roadmap.php create mode 100644 scripts/toplevel.php create mode 100644 scripts/user.php (limited to 'scripts') diff --git a/scripts/activity.php b/scripts/activity.php new file mode 100644 index 0000000..7968c19 --- /dev/null +++ b/scripts/activity.php @@ -0,0 +1,64 @@ +can_view_project(Get::num('project_id'))) { + $today = date('Y-m-d'); + $thirtyone_days = date('U' , strtotime("-31 day", strtotime($today))); + $sixtyone_days = date('U' , strtotime("-61 day", strtotime($today))); + + //look 30 + days and if found scale + $projectCheck = Project::getActivityProjectCount($sixtyone_days, $thirtyone_days, Get::num('project_id')); + + if($projectCheck > 0) { + $data = Project::getDayActivityByProject($sixtyone_days, date('U', strtotime(date('Y-m-d'))), Get::num('project_id')); + } else { + $data = Project::getDayActivityByProject($thirtyone_days, date('U', strtotime(date('Y-m-d'))), Get::num('project_id')); + } + + $data = implode(',', $data); + } else { + # and make the zero-line 'invisible' + $_GET['line']='fff'; + } +# User Graph +} else if(Get::has('user_id') && Get::has('project_id') && Get::val('graph') == 'user') { + if ($user->can_view_project(Get::num('project_id'))) { + $today = date('Y-m-d'); + $thirtyone_days = date('U' , strtotime("-31 day", strtotime($today))); + $sixtyone_days = date('U' , strtotime("-61 day", strtotime($today))); + + //look 30 + days and if found scale + $projectCheck = Project::getActivityProjectCount($sixtyone_days, $thirtyone_days, Get::num('project_id')); + + if($projectCheck > 0) { + $data = User::getDayActivityByUser($sixtyone_days, date('U', strtotime(date('Y-m-d'))), Get::num('project_id'), Get::num('user_id')); + } else { + $data = User::getDayActivityByUser($thirtyone_days, date('U', strtotime(date('Y-m-d'))), Get::num('project_id'), Get::num('user_id')); + } + + $data = implode(',', $data); + } else { + # and make the zero-line 'invisible' + $_GET['line']='fff'; + } +} else { + # make the zero-line 'invisible' + $_GET['line']='fff'; +} + +// Not pretty but gets the job done. +$_SERVER['QUERY_STRING'] = 'size=160x25&data='. $data; +$_GET['size'] = '160x25'; +$_GET['data'] = $data; +require dirname(__DIR__) . '/vendor/jamiebicknell/Sparkline/sparkline.php'; diff --git a/scripts/admin.php b/scripts/admin.php new file mode 100644 index 0000000..08c0caa --- /dev/null +++ b/scripts/admin.php @@ -0,0 +1,185 @@ +perms('is_admin')) { + Flyspray::show_error(4); +} + +$proj = new Project(0); +#I $proj->setCookie(); + +$page->pushTpl('admin.menu.tpl'); + +switch ($area = Req::val('area', 'prefs')) { + case 'users': + $id = Flyspray::usernameToId(Req::val('user_name')); + if (!$id) { + $id = is_numeric(Req::val('user_id')) ? Req::val('user_id') : 0; + } + $theuser = new User($id, $proj); + if ($theuser->isAnon()) { + Flyspray::show_error(5, true, null, $_SESSION['prev_page']); + } + $page->assign('theuser', $theuser); + case 'cat': + case 'editgroup': + // yeah, utterly stupid, is changed in 1.0 already + if (Req::val('area') == 'editgroup') { + $group_details = Flyspray::getGroupDetails(Req::num('id')); + if (!$group_details || $group_details['project_id'] != $proj->id) { + Flyspray::show_error(L('groupnotexist')); + Flyspray::redirect(createURL('pm', 'groups', $proj->id)); + } + $page->uses('group_details'); + } + case 'groups': + case 'newuser': + case 'newuserbulk': + case 'editallusers': + $page->assign('groups', Flyspray::listGroups()); + case 'userrequest': + $sql = $db->query("SELECT * + FROM {admin_requests} + WHERE request_type = 3 AND project_id = 0 AND resolved_by = 0 + ORDER BY time_submitted ASC"); + + $page->assign('pendings', $db->fetchAllArray($sql)); + case 'newproject': + case 'os': + case 'prefs': + case 'resolution': + case 'tasktype': + case 'tag': + case 'status': + case 'version': + case 'newgroup': + $page->setTitle($fs->prefs['page_title'] . L('admintoolboxlong')); + $page->pushTpl('admin.'.$area.'.tpl'); + break; + + case 'translations': + require_once(BASEDIR.'/scripts/langdiff.php'); + break; + + case 'checks': + $hashtypes=$db->query(' + SELECT COUNT(*) c, LENGTH(user_pass) l, + CASE WHEN SUBSTRING(user_pass FROM 1 FOR 1)=\'$\' THEN 1 ELSE 0 END AS s, + SUM(CASE WHEN (SUBSTRING(user_pass FROM 1 FOR 2)=\'$2\' AND SUBSTRING(user_pass FROM 3 FOR 1)=\'$\' ) THEN 1 ELSE 0 END) cr, + SUM(CASE WHEN (SUBSTRING(user_pass FROM 1 FOR 2)=\'$2\' AND SUBSTRING(user_pass FROM 3 FOR 1) IN( \'a\', \'x\', \'y\' ) ) THEN 1 ELSE 0 END) bcr, + SUM(CASE WHEN SUBSTRING(user_pass FROM 1 FOR 3)=\'$1$\' THEN 1 ELSE 0 END) md5crypt, + SUM(CASE WHEN SUBSTRING(user_pass FROM 1 FOR 8)=\'$argon2i\' THEN 1 ELSE 0 END) argon2i + FROM {users} + GROUP BY LENGTH(user_pass), CASE WHEN SUBSTRING(user_pass FROM 1 FOR 1)=\'$\' THEN 1 ELSE 0 END + ORDER BY l ASC, s ASC'); + $hashlengths=''; + $warnhash=0; + $warnhash2=0; + while ($r = $db->fetchRow($hashtypes)){ + $alert=''; + if( $r['l']==32 && $r['s']==0){ $maybe='md5'; $warnhash+=$r['c']; $alert=' style="background-color:#f99"';} + elseif($r['l']==13 && $r['s']==0){ $maybe='CRYPT_STD_DES'; $r['s']=2; $warnhash2+=$r['c']; $alert=' style="background-color:#fc9"';} + elseif($r['l']==40 && $r['s']==0){ $maybe='sha1'; $warnhash+=$r['c']; $alert=' style="background-color:#f99"';} + elseif($r['l']==128 && $r['s']==0){ $maybe='sha512'; $warnhash+=$r['c']; $alert=' style="background-color:#f99"';} + elseif($r['l']==34 && $r['s']==1){ $maybe='CRYPT_MD5';$warnhash2+=$r['c'];$alert=' style="background-color:#fc9"';} + elseif($r['l']==60){$maybe='CRYPT_BLOWFISH';} + elseif($r['s']==1){ + $maybe='other pw hashes'; + if($r['argon2i']>0){$maybe.=': '.$r['argon2i'].' argon2i'; } + }else{$maybe='not detected';} + $hashlengths.=''; + } + $hashlengths.='
strlencountsalted?optionshash algo
'.$r['l'].' '.$r['c'].''.$r['s'].''.$r['bcr'].' '.$r['cr'].' '.$r['md5crypt'].' '.$r['argon2i'].''.$maybe.'
'; + if($warnhash>0){ + $hashlengths.='
'.$warnhash." users with unsalted password hashes.
"; + } + if($warnhash2>0){ + $hashlengths.='
'.$warnhash2." users with salted password hashes, but considered bad algorithms for password hashing.
"; + } + $page->assign('passwdcrypt', $conf['general']['passwdcrypt']); + $page->assign('hashlengths', $hashlengths); + + # info of old temporary unfinished user registration entries, for insights into register bot pattern or for cleanup old entries to free unused usernames as available again. + $statregistrations=$db->query('SELECT COUNT(*) FROM {registrations}'); + $regcount=$db->fetchOne($statregistrations); + $page->assign('regcount', $regcount); + + # show oldest unfinished user registrations + $registrations=$db->query('SELECT reg_time, user_name, email_address FROM {registrations} + ORDER BY reg_time ASC + LIMIT 50'); + $page->assign('registrations', $db->fetchAllArray($registrations)); + + $sinfo=$db->dblink->serverInfo(); + if( ($db->dbtype=='mysqli' || $db->dbtype=='mysql') && isset($sinfo['version'])){ + $fsdb=$db->query("SELECT default_character_set_name, default_collation_name + FROM INFORMATION_SCHEMA.SCHEMATA + WHERE SCHEMA_NAME=?", array($db->dblink->database) + ); + $page->assign('fsdb', $db->fetchRow($fsdb)); + + # TODO Test if Flyspray tables really have default charset utf8mb4 and default collation utf8mb4_unicode_ci. + # TODO Test if the TEXT/CHAR/VARCHAR fields that should have utf8mb_unicode_ci really have it. + # TODO Test if the TEXT/CHAR/VARCHAR fields that should have other collations really have that other collation. + # utf8mb4_unicode_ci may be not optimal for every TEXT/CHAR/VARCHAR field of Flyspray. + # Must be defined explicit for fields that differs from the default in the xmlschemas in the setup/upgrade/* files. + # At the moment (in 2019) the current ADODB 5.20.14 release does not handle that stuff yet. + + if(version_compare($sinfo['version'], '5.5.3')>=0 ){ + $page->assign('utf8mb4upgradable', "Your MySQL supports full utf-8 since 5.5.3. You are using ".$sinfo['version']." and Flyspray tables could be upgraded."); + } else{ + $page->assign('oldmysqlversion', "Your MySQL version ".$sinfo['version']." does not support full utf-8, only up to 3 Byte chars. No emojis for instance. Consider upgrading your MySQL server version."); + } + + $fstables=$db->query("SELECT table_name, table_collation, engine as table_type, create_options, table_comment + FROM INFORMATION_SCHEMA.tables + WHERE table_schema=? AND table_name LIKE '".$db->dbprefix."%' + ORDER BY table_name ASC", array($db->dblink->database) + ); + $page->assign('fstables', $db->fetchAllArray($fstables)); + + $fsfields=$db->query(" + SELECT table_name, column_name, column_default, data_type, character_set_name, collation_name, column_type, column_comment + FROM INFORMATION_SCHEMA.columns + WHERE table_schema=? AND table_name LIKE '".$db->dbprefix."%' + ORDER BY table_name ASC, ordinal_position ASC", array($db->dblink->database) + ); + $page->assign('fsfields', $db->fetchAllArray($fsfields)); + + } elseif($db->dbtype=='pgsql'){ + $fstables=$db->query("SELECT table_name, '' AS table_collation, table_type, '' AS create_options, '-' AS table_comment + FROM INFORMATION_SCHEMA.tables + WHERE table_catalog=? AND table_name LIKE '".$db->dbprefix."%' + ORDER BY table_name ASC", array($db->dblink->database) + ); + $page->assign('fstables', $db->fetchAllArray($fstables)); + + $fsfields=$db->query(" + SELECT table_name, column_name, column_default, data_type as column_type, character_set_name, collation_name, '-' AS column_comment + FROM INFORMATION_SCHEMA.columns + WHERE table_catalog=? AND table_name LIKE '".$db->dbprefix."%' + ORDER BY table_name ASC, ordinal_position ASC", array($db->dblink->database) + ); + $page->assign('fsfields', $db->fetchAllArray($fsfields)); + } + $page->assign('adodbversion', $db->dblink->version()); + $page->assign('htmlpurifierversion', HTMLPurifier::VERSION); + $page->pushTpl('admin.'.$area.'.tpl'); + break; + default: + Flyspray::show_error(6); +} + +?> diff --git a/scripts/authenticate.php b/scripts/authenticate.php new file mode 100644 index 0000000..dbcd882 --- /dev/null +++ b/scripts/authenticate.php @@ -0,0 +1,104 @@ +logout(); + Flyspray::redirect($baseurl); +} + +if (Req::val('user_name') != '' && Req::val('password') != '') { + // Otherwise, they requested login. See if they provided the correct credentials... + // FIXME: Do not do clean_username. Should not autostrip stuff + // $username = Backend::clean_username(Req::val('user_name')); + $username = Req::val('user_name'); + $password = Req::val('password'); + + // Run the username and password through the login checker + if (($user_id = Flyspray::checkLogin($username, $password)) < 1) { + $_SESSION['failed_login'] = Req::val('user_name'); + if($user_id === -2) { + Flyspray::show_error(L('usernotexist')); + }elseif ($user_id === -1) { + Flyspray::show_error(23); + } else /* $user_id == 0 */ { + // just some extra check here so that never ever an account can get locked when it's already disabled + // ... that would make it easy to get enabled + $db->query('UPDATE {users} SET login_attempts = login_attempts+1 WHERE account_enabled = 1 AND user_name = ?', + array($username)); + // Lock account if failed too often for a limited amount of time + $db->query('UPDATE {users} SET lock_until = ?, account_enabled = 0 WHERE login_attempts > ? AND user_name = ?', + array(time() + 60 * $fs->prefs['lock_for'], LOGIN_ATTEMPTS, $username)); + + if ($db->affectedRows()) { + Flyspray::show_error(sprintf(L('error71'), $fs->prefs['lock_for'])); + Flyspray::redirect($baseurl); + } else { + Flyspray::show_error(7); + } + } + } else { + // Determine if the user should be remembered on this machine + if (Req::has('remember_login')) { + $cookie_time = time() + (60 * 60 * 24 * 30); // Set cookies for 30 days + } else { + $cookie_time = 0; // Set cookies to expire when session ends (browser closes) + } + + $user = new User($user_id); + + # check if user still has an outdated password hash and upgrade it + if( $conf['general']['passwdcrypt']!='md5' + && $conf['general']['passwdcrypt']!='sha1' + && $conf['general']['passwdcrypt']!='sha512' + ){ + if( substr($user->infos['user_pass'],0,1)!='$' + && ( strlen($user->infos['user_pass'])==32 + || strlen($user->infos['user_pass'])==40 + || strlen($user->infos['user_pass'])==128 + ) + ){ + # upgrade from unsalted md5 or unsalted sha1 or unsalted sha512 to better + if($conf['general']['passwdcrypt']=='argon2i'){ + $newhash=password_hash($password, PASSWORD_ARGON2I); + }else{ + $cryptoptions=array('cost'=>12); + $newhash=password_hash($password, PASSWORD_BCRYPT, $cryptoptions); + } + # save the new hash + $db->query("UPDATE {users} SET user_pass=? WHERE user_id=?", array($newhash, $user_id)); + # reload the user with updated data + $user= new User($user_id); + } + } + + // Set a couple of cookies + $passweirded = crypt($user->infos['user_pass'], $conf['general']['cookiesalt']); + Flyspray::setCookie('flyspray_userid', $user->id, $cookie_time,null,null,null,true); + Flyspray::setCookie('flyspray_passhash', $passweirded, $cookie_time,null,null,null,true); + // If the user had previously requested a password change, remove the magic url + $remove_magic = $db->query("UPDATE {users} SET magic_url = '' WHERE user_id = ?", + array($user->id)); + // Save for displaying + if ($user->infos['login_attempts'] > 0) { + $_SESSION['login_attempts'] = $user->infos['login_attempts']; + } + $db->query('UPDATE {users} SET login_attempts = 0, last_login = ? WHERE user_id = ?', array(time(), $user->id)); + + $_SESSION['SUCCESS'] = L('loginsuccessful'); + } +} +else { + // If the user didn't provide both a username and a password, show this error: + Flyspray::show_error(8); +} + +Flyspray::redirect(Req::val('return_to')); +?> diff --git a/scripts/depends.php b/scripts/depends.php new file mode 100644 index 0000000..0621a4a --- /dev/null +++ b/scripts/depends.php @@ -0,0 +1,196 @@ +can_view_task($task_details)) +{ + Flyspray::show_error(9); +} + +$id = Req::num('task_id'); +$page->assign('task_id', $id); + +$prunemode = Req::num('prune', 0); +$selfurl = createURL('depends', $id); +$pmodes = array(L('none'), L('pruneclosedlinks'), L('pruneclosedtasks')); + +foreach ($pmodes as $mode => $desc) { + if ($mode == $prunemode) { + $strlist[] = $desc; + } else { + $strlist[] = "$desc\n"; + } +} + +$page->uses('strlist'); + +$starttime = microtime(); + +$sql= 'SELECT t1.task_id AS id1, t1.item_summary AS sum1, + t1.percent_complete AS pct1, t1.is_closed AS clsd1, + lst1.status_name AS stat1, t1.task_severity AS sev1, + t1.task_priority AS pri1, + t1.closure_comment AS com1, u1c.real_name AS clsdby1, + r1.resolution_name as res1, + t2.task_id AS id2, t2.item_summary AS sum2, + t2.percent_complete AS pct2, t2.is_closed AS clsd2, + lst2.status_name AS stat2, t2.task_severity AS sev2, + t2.task_priority AS pri2, + t2.closure_comment AS com2, u2c.real_name AS clsdby2, + r2.resolution_name as res2 + FROM {dependencies} AS d + JOIN {tasks} AS t1 ON d.task_id=t1.task_id + LEFT JOIN {users} AS u1c ON t1.closed_by=u1c.user_id + LEFT JOIN {list_status} AS lst1 ON t1.item_status = lst1.status_id + LEFT JOIN {list_resolution} AS r1 ON t1.resolution_reason=r1.resolution_id + JOIN {tasks} AS t2 ON d.dep_task_id=t2.task_id + LEFT JOIN {list_status} AS lst2 ON t2.item_status = lst2.status_id + LEFT JOIN {users} AS u2c ON t2.closed_by=u2c.user_id + LEFT JOIN {list_resolution} AS r2 ON t2.resolution_reason=r2.resolution_id + WHERE t1.project_id= ? + ORDER BY d.task_id, d.dep_task_id'; + +$get_edges = $db->query($sql, array($proj->id)); + +$edge_list = array(); +$rvrs_list = array(); +$node_list = array(); +while ($row = $db->fetchRow($get_edges)) { + extract($row, EXTR_REFS); + $edge_list[$id1][] = $id2; + $rvrs_list[$id2][] = $id1; + if (!isset($node_list[$id1])) { + $node_list[$id1] = + array('id'=>$id1, 'sum'=>$sum1, 'pct'=>$pct1, 'clsd'=>$clsd1, + 'status_name'=>$stat1, 'sev'=>$sev1, 'pri'=>$pri1, + 'com'=>$com1, 'clsdby'=>$clsdby1, 'res'=>$res1); + } + if (!isset($node_list[$id2])) { + $node_list[$id2] = + array('id'=>$id2, 'sum'=>$sum2, 'pct'=>$pct2, 'clsd'=>$clsd2, + 'status_name'=>$stat2, 'sev'=>$sev2, 'pri'=>$pri2, + 'com'=>$com2, 'clsdby'=>$clsdby2, 'res'=>$res2); + } +} + +// Now we have our lists of nodes and edges, along with a helper +// list of reverse edges. Time to do the graph coloring, so we know +// which ones are in our particular connected graph. We'll set up a +// list and fill it up as we visit nodes that are connected to our +// main task. + +$connected = array(); +$levelsdown = 0; +$levelsup = 0; +function connectsTo($id, $down, $up) { + global $connected, $edge_list, $rvrs_list, $levelsdown, $levelsup; + global $prunemode, $node_list; + if (!isset($connected[$id])) { $connected[$id]=1; } + if ($down > $levelsdown) { $levelsdown = $down; } + if ($up > $levelsup ) { $levelsup = $up ; } + +/* +echo '
';
+echo "$id ($down d, $up u) => $levelsdown d $levelsup u
\n"; +echo 'nodes:';print_r($node_list); +echo 'edges:';print_r($edge_list); +echo 'rvrs:';print_r($rvrs_list); +echo 'levelsdown:';print_r($levelsdown); +echo "\n".'levelsup';print_r($levelsup); +echo '
'; +*/ + if (empty($node_list)){ return; } + if (!isset($node_list[$id])){ return; } + $selfclosed = $node_list[$id]['clsd']; + if (isset($edge_list[$id])) { + foreach ($edge_list[$id] as $neighbor) { + $neighborclosed = $node_list[$neighbor]['clsd']; + if (!isset($connected[$neighbor]) && + !($prunemode==1 && $selfclosed && $neighborclosed) && + !($prunemode==2 && $neighborclosed)) { + connectsTo($neighbor, $down, $up+1); + } + } + } + if (isset($rvrs_list[$id])) { + foreach ($rvrs_list[$id] as $neighbor) { + $neighborclosed = $node_list[$neighbor]['clsd']; + if (!isset($connected[$neighbor]) && + !($prunemode==1 && $selfclosed && $neighborclosed) && + !($prunemode==2 && $neighborclosed)) { + connectsTo($neighbor, $down+1, $up); + } + } + } +} + +connectsTo($id, 0, 0); +$connected_nodes = array_keys($connected); +sort($connected_nodes); + +// Now lets get rid of the extra junk in our arrays. +// In prunemode 0, we know we're only going to have to get rid of +// whole lists, and not elements in the lists, because if they were +// in the list, they'd be connected, so we wouldn't be removing them. +// In prunemode 1 or 2, we may have to remove stuff from the list, because +// you can have an edge to a node that didn't end up connected. +foreach (array("edge_list", "rvrs_list", "node_list") as $l) { + foreach (${$l} as $n => $list) { + if (!isset($connected[$n])) { + unset(${$l}[$n]); + } + if ($prunemode!=0 && $l!="node_list" && isset(${$l}[$n])) { + // Only keep entries that appear in the $connected_nodes list + ${$l}[$n] = array_intersect(${$l}[$n], $connected_nodes); + } + } +} + +// Now we've got everything we need... prepare JSON data +$resultData = array(); +foreach ($node_list as $task_id => $taskInfo) { + $adjacencies = array(); + if (isset($edge_list[$task_id])) { + foreach ($edge_list[$task_id] as $dst) { + array_push($adjacencies, array('nodeTo' => $dst, 'nodeFrom' => $task_id)); + } + } + + if ($task_id == $id) { + $color = '#5F9729'; + } else if ($taskInfo['clsd']) { + $color = '#808080'; + } else { + $color = '#83548B'; + } + + $newTask = array('id' => $task_id, + 'name' => tpl_tasklink($task_id), + 'data' => array('$color' => $color, + '$type' => 'circle', + '$dim' => 15), + 'adjacencies' => $adjacencies); + + array_push($resultData, $newTask); +} + +$jasonData = json_encode($resultData); +$page->assign('jasonData', $jasonData); +$page->assign('task_id', $id); + +$page->setTitle(sprintf('FS#%d : %s', $id, L('dependencygraph'))); +$page->pushTpl('depends.tpl'); +?> diff --git a/scripts/details.php b/scripts/details.php new file mode 100644 index 0000000..421a68a --- /dev/null +++ b/scripts/details.php @@ -0,0 +1,768 @@ +can_view_task($task_details)) { + Flyspray::show_error( $user->isAnon() ? 102 : 101, false); +} else{ + + require_once(BASEDIR . '/includes/events.inc.php'); + + if($proj->prefs['use_effort_tracking']){ + require_once(BASEDIR . '/includes/class.effort.php'); + $effort = new effort($task_id,$user->id); + $effort->populateDetails(); + $page->assign('effort',$effort); + } + + $page->uses('task_details'); + + // Send user variables to the template + $page->assign('assigned_users', $task_details['assigned_to']); + $page->assign('old_assigned', implode(' ', $task_details['assigned_to'])); + $page->assign('tags', $task_details['tags']); + + $page->setTitle(sprintf('FS#%d : %s', $task_details['task_id'], $task_details['item_summary'])); + + + if ((Get::val('edit') || (Post::has('item_summary') && !isset($_SESSION['SUCCESS']))) && $user->can_edit_task($task_details)) { + + if(isset($move) && $move==1){ + if( !$user->perms('modify_all_tasks', $toproject->id)){ + Flyspray::show_error('invalidtargetproject'); + } + } + + $result = $db->query(' + SELECT g.project_id, u.user_id, u.user_name, u.real_name, g.group_id, g.group_name + FROM {users} u + JOIN {users_in_groups} uig ON u.user_id = uig.user_id + JOIN {groups} g ON g.group_id = uig.group_id + WHERE (g.show_as_assignees = 1 OR g.is_admin = 1) + AND (g.project_id = 0 OR g.project_id = ?) + AND u.account_enabled = 1 + ORDER BY g.project_id ASC, g.group_name ASC, u.user_name ASC', + ($proj->id ? $proj->id : -1) + ); // FIXME: -1 is a hack. when $proj->id is 0 the query fails + + $userlist = array(); + $userids = array(); + while ($row = $db->fetchRow($result)) { + if( !in_array($row['user_id'], $userids) ){ + $userlist[$row['group_id']][] = array( + 0 => $row['user_id'], + 1 => sprintf('%s (%s)', $row['user_name'], $row['real_name']), + 2 => $row['project_id'], + 3 => $row['group_name'] + ); + $userids[]=$row['user_id']; + } else{ + # user is probably in a global group with assignee permission listed, so no need to show second time in a project group. + } + } + + if (is_array(Post::val('rassigned_to'))) { + $page->assign('assignees', Post::val('rassigned_to')); + } else { + $assignees = $db->query('SELECT user_id FROM {assigned} WHERE task_id = ?', $task_details['task_id']); + $page->assign('assignees', $db->fetchCol($assignees)); + } + $page->assign('userlist', $userlist); + + # Build the select arrays, for 'move task' or normal taskedit + # Then in the template just use tpl_select($xxxselect); + + # keep last selections + $catselected=Req::val('product_category', $task_details['product_category']); + $osselected=Req::val('operating_system', $task_details['operating_system']); + $ttselected=Req::val('task_type', $task_details['task_type']); + $stselected=Req::val('item_status', $task_details['item_status']); + $repverselected=Req::val('reportedver', $task_details['product_version']); + $dueverselected=Req::val('closedby_version', $task_details['closedby_version']); + if(isset($move) && $move==1){ + # get global categories + $gcats=$proj->listCategories(0); + if( count($gcats)>0){ + foreach($gcats as $cat){ + $gcatopts[]=array('value'=>$cat['category_id'], 'label'=>$cat['category_name']); + if($catselected==$cat['category_id']){ + $gcatopts[count($gcatopts)-1]['selected']=1; + } + } + #$catsel['options'][]=array('optgroup'=>1, 'label'=>L('categoriesglobal'), 'options'=>$gcatopts); + $catsel['options'][]=array('optgroup'=>1, 'label'=>L('globaloptions'), 'options'=>$gcatopts); + } + # get project categories + $pcats=$proj->listCategories($proj->id); + if( count($pcats)>0){ + foreach($pcats as $cat){ + $pcatopts[]=array('value'=>$cat['category_id'], 'label'=>$cat['category_name']); + if($catselected==$cat['category_id']){ + $pcatopts[count($pcatopts)-1]['selected']=1; + } + } + #$catsel['options'][]=array('optgroup'=>1, 'label'=>L('categoriesproject').' '.$proj->prefs['project_title'], 'options'=>$pcatopts); + $catsel['options'][]=array('optgroup'=>1, 'label'=>L('currentproject').' '.$proj->prefs['project_title'], 'options'=>$pcatopts); + } + # get target categories + $tcats=$toproject->listCategories($toproject->id); + if( count($tcats)>0){ + foreach($tcats as $cat){ + $tcatopts[]=array('value'=>$cat['category_id'], 'label'=>$cat['category_name']); + if($catselected==$cat['category_id']){ + $tcatopts[count($tcatopts)-1]['selected']=1; + } + } + #$catsel['options'][]=array('optgroup'=>1, 'label'=>L('categoriestarget').' '.$toproject->prefs['project_title'], 'options'=>$tcatopts); + $catsel['options'][]=array('optgroup'=>1, 'label'=>L('targetproject').' '.$toproject->prefs['project_title'], 'options'=>$tcatopts); + } + + + # get global task statuses + $resgst=$db->query("SELECT status_id, status_name, list_position, show_in_list FROM {list_status} WHERE project_id=0 ORDER BY list_position"); + $gsts=$db->fetchAllArray($resgst); + if(count($gsts)>0){ + foreach($gsts as $gst){ + $gstopts[]=array('value'=>$gst['status_id'], 'label'=>$gst['status_name']); + if($stselected==$gst['status_id']){ + $gstopts[count($gstopts)-1]['selected']=1; + } + if($gst['show_in_list']==0){ + $gstopts[count($gstopts)-1]['disabled']=1; + } + } + $statussel['options'][]=array('optgroup'=>1, 'label'=>L('globaloptions'), 'options'=>$gstopts); + } + # get current project task statuses + $rescst=$db->query("SELECT status_id, status_name, list_position, show_in_list FROM {list_status} WHERE project_id=? ORDER BY list_position", array($proj->id)); + $csts=$db->fetchAllArray($rescst); + if(count($csts)>0){ + foreach($csts as $cst){ + $cstopts[]=array('value'=>$cst['status_id'], 'label'=>$cst['status_name']); + if($stselected==$cst['status_id']){ + $cstopts[count($cstopts)-1]['selected']=1; + } + if($cst['show_in_list']==0){ + $cstopts[count($cstopts)-1]['disabled']=1; + } + } + $statussel['options'][]=array('optgroup'=>1, 'label'=>L('currentproject').' '.$proj->prefs['project_title'], 'options'=>$cstopts); + } + # get target project task statuses + $restst=$db->query("SELECT status_id, status_name, list_position, show_in_list FROM {list_status} WHERE project_id=? ORDER BY list_position", array($toproject->id)); + $tsts=$db->fetchAllArray($restst); + if(count($tsts)>0){ + foreach($tsts as $tst){ + $tstopts[]=array('value'=>$tst['status_id'], 'label'=>$tst['status_name']); + if($stselected==$tst['status_id']){ + $tstopts[count($tstopts)-1]['selected']=1; + } + if($tst['show_in_list']==0){ + $tstopts[count($tstopts)-1]['disabled']=1; + } + } + $statussel['options'][]=array('optgroup'=>1, 'label'=>L('targetproject').' '.$toproject->prefs['project_title'], 'options'=>$tstopts); + } + + + # get list global tasktypes + $resgtt=$db->query("SELECT tasktype_id, tasktype_name, list_position, show_in_list FROM {list_tasktype} WHERE project_id=0 ORDER BY list_position"); + $gtts=$db->fetchAllArray($resgtt); + if(count($gtts)>0){ + foreach($gtts as $gtt){ + $gttopts[]=array('value'=>$gtt['tasktype_id'], 'label'=>$gtt['tasktype_name']); + if($ttselected==$gtt['tasktype_id']){ + $gttopts[count($gttopts)-1]['selected']=1; + } + } + $tasktypesel['options'][]=array('optgroup'=>1, 'label'=>L('globaloptions'), 'options'=>$gttopts); + } + # get current project tasktypes + $resctt=$db->query("SELECT tasktype_id, tasktype_name, list_position, show_in_list FROM {list_tasktype} WHERE project_id=? ORDER BY list_position", array($proj->id)); + $ctts=$db->fetchAllArray($resctt); + if(count($ctts)>0){ + foreach($ctts as $ctt){ + $cttopts[]=array('value'=>$ctt['tasktype_id'], 'label'=>$ctt['tasktype_name']); + if($ttselected==$ctt['tasktype_id']){ + $cttopts[count($cttopts)-1]['selected']=1; + } + } + $tasktypesel['options'][]=array('optgroup'=>1, 'label'=>L('currentproject').' '.$proj->prefs['project_title'], 'options'=>$cttopts); + } + # get target project tasktypes + $resttt=$db->query("SELECT tasktype_id, tasktype_name, list_position, show_in_list FROM {list_tasktype} WHERE project_id=? ORDER BY list_position", array($toproject->id)); + $ttts=$db->fetchAllArray($resttt); + if(count($ttts)>0){ + foreach($ttts as $ttt){ + $tttopts[]=array('value'=>$ttt['tasktype_id'], 'label'=>$ttt['tasktype_name']); + if($ttselected==$ttt['tasktype_id']){ + $tttopts[count($tttopts)-1]['selected']=1; + } + } + $tasktypesel['options'][]=array('optgroup'=>1, 'label'=>L('targetproject').' '.$toproject->prefs['project_title'], 'options'=>$tttopts); + } + + + # allow unset (0) value (field os_id currently defined with NOT NULL by flyspray-install.xml, so must use 0 instead null) + $osfound=0; + $ossel['options'][]=array('value'=>0, 'label'=>L('undecided')); + # get global operating systems + $resgos=$db->query("SELECT os_id, os_name, list_position, show_in_list FROM {list_os} WHERE project_id=0 AND show_in_list=1 ORDER BY list_position"); + $goses=$db->fetchAllArray($resgos); + if(count($goses)>0){ + foreach($goses as $gos){ + $gosopts[]=array('value'=>$gos['os_id'], 'label'=>$gos['os_name']); + if($osselected==$gos['os_id']){ + $gosopts[count($gosopts)-1]['selected']=1; + $osfound=1; + } + } + $ossel['options'][]=array('optgroup'=>1, 'label'=>L('globaloptions'), 'options'=>$gosopts); + } + # get current project operating systems + $rescos=$db->query("SELECT os_id, os_name, list_position, show_in_list FROM {list_os} WHERE project_id=? AND show_in_list=1 ORDER BY list_position", array($proj->id)); + $coses=$db->fetchAllArray($rescos); + if(count($coses)>0){ + foreach($coses as $cos){ + $cosopts[]=array('value'=>$cos['os_id'], 'label'=>$cos['os_name']); + if($osselected==$cos['os_id']){ + $cosopts[count($cosopts)-1]['selected']=1; + $osfound=1; + } + } + $ossel['options'][]=array('optgroup'=>1, 'label'=>L('currentproject').' '.$proj->prefs['project_title'], 'options'=>$cosopts); + } + # get target project operating systems + $restos=$db->query("SELECT os_id, os_name, list_position, show_in_list FROM {list_os} WHERE project_id=? AND show_in_list=1 ORDER BY list_position", array($toproject->id)); + $toses=$db->fetchAllArray($restos); + if(count($toses)>0){ + foreach($toses as $tos){ + $tosopts[]=array('value'=>$tos['os_id'], 'label'=>$tos['os_name']); + if($osselected==$tos['os_id']){ + $tosopts[count($tosopts)-1]['selected']=1; + $osfound=1; + } + } + $ossel['options'][]=array('optgroup'=>1, 'label'=>L('targetproject').' '.$toproject->prefs['project_title'], 'options'=>$tosopts); + } + # keep existing operating_system entry choosable even if would not currently selectable by current settings + if($osfound==0 && $task_details['operating_system']>0){ + # get operating_system of that existing old entry, even if show_in_list=0 or other project + $resexistos=$db->query(" + SELECT os.os_id, os.os_name, os.list_position, os.show_in_list, os.project_id, p.project_id AS p_project_id FROM {list_os} os + LEFT JOIN {projects} p ON p.project_id=os.project_id + WHERE os.os_id=?", array($task_details['operating_system'])); + $existos=$db->fetchRow($resexistos); + if($existos['project_id']==$proj->id){ + $existosgrouplabel=$proj->prefs['project_title'].': existing reported version'; + } elseif($existos['project_id']==$toproject->id){ + $existosgrouplabel=$toproject->prefs['project_title'].': existing reported version'; + } else{ + # maybe version_id from other/hidden/forbidden/deleted project, so only show project_id as hint. + # if user has view permission of this other project, then showing project_title would be ok -> extra sql required + $existosgrouplabel='existing os of project '.($existos['p_project_id']->id); + } + $existosopts[]=array('value'=>$task_details['operating_system'], 'label'=>$existos['os_name']); + if($osselected==$task_details['operating_system']){ + $existosopts[count($existosopts)-1]['selected']=1; + } + + #$ossel['options'][]=array('optgroup'=>1, 'label'=>$existosgrouplabel, 'options'=>$existosopts); + # put existing at beginning + $ossel['options']=array_merge(array(array('optgroup'=>1, 'label'=>$existosgrouplabel, 'options'=>$existosopts)), $ossel['options']); + } + + + + # get list global reported versions + # FIXME/TODO: Should we use 'show_in_list' list setting here to filter them out here? Or distinguish between editor/projectmanager/admin roles? + # FIXME/TODO: All Flyspray version up to 1.0-rc8 only versions with tense=2 were shown for edit. + # But what if someone edits an old tasks (maybe reopened an old closed), and that old task is connected with an old reported version (tense=1) + # Or that {list_version} entry has now show_in_list=0 set ? + # In both cases that version would not be selectable for editing the task, although it is the correct reported version. + $reportedversionfound=0; + $repversel['options'][]=array('value'=>0, 'label'=>L('undecided')); + $resgrepver=$db->query("SELECT version_id, version_name, list_position, show_in_list FROM {list_version} + WHERE project_id=0 + AND version_tense=2 + AND show_in_list=1 + ORDER BY list_position"); + $grepvers=$db->fetchAllArray($resgrepver); + if(count($grepvers)>0){ + foreach($grepvers as $grepver){ + $grepveropts[]=array('value'=>$grepver['version_id'], 'label'=>$grepver['version_name']); + if($repverselected==$grepver['version_id']){ + $grepveropts[count($grepveropts)-1]['selected']=1; + $reportedversionfound=1; + } + } + $repversel['options'][]=array('optgroup'=>1, 'label'=>L('globaloptions'), 'options'=>$grepveropts); + } + # get current project reported versions + $rescrepver=$db->query("SELECT version_id, version_name, list_position, show_in_list FROM {list_version} + WHERE project_id=? + AND version_tense=2 + AND show_in_list=1 + ORDER BY list_position", array($proj->id)); + $crepvers=$db->fetchAllArray($rescrepver); + if(count($crepvers)>0){ + foreach($crepvers as $crepver){ + $crepveropts[]=array('value'=>$crepver['version_id'], 'label'=>$crepver['version_name']); + if($repverselected==$crepver['version_id']){ + $crepveropts[count($crepveropts)-1]['selected']=1; + $reportedversionfound=1; + } + } + $repversel['options'][]=array('optgroup'=>1, 'label'=>L('currentproject').' '.$proj->prefs['project_title'], 'options'=>$crepveropts); + } + # get target project reported versions + $restrepver=$db->query("SELECT version_id, version_name, list_position, show_in_list FROM {list_version} + WHERE project_id=? + AND version_tense=2 + AND show_in_list=1 + ORDER BY list_position", array($toproject->id)); + $trepvers=$db->fetchAllArray($restrepver); + if(count($trepvers)>0){ + foreach($trepvers as $trepver){ + $trepveropts[]=array('value'=>$trepver['version_id'], 'label'=>$trepver['version_name']); + if($repverselected==$trepver['version_id']){ + $trepveropts[count($trepveropts)-1]['selected']=1; + $reportedversionfound=1; + } + } + $repversel['options'][]=array('optgroup'=>1, 'label'=>L('targetproject').' '.$toproject->prefs['project_title'], 'options'=>$trepveropts); + } + # keep existing reportedversion(product_version) choosable even if would not currently selectable by current settings + if($reportedversionfound==0 && $task_details['product_version']>0){ + # get version_name of that existing old entry, even if tense is past or show_in_list=0 or other project + $resexistrepver=$db->query(" + SELECT v.version_id, v.version_name, v.list_position, v.show_in_list, v.project_id, p.project_id AS p_project_id FROM {list_version} v + LEFT JOIN {projects} p ON p.project_id=v.project_id + WHERE v.version_id=?", array($task_details['product_version'])); + $existrepver=$db->fetchRow($resexistrepver); + if($existrepver['project_id']==$proj->id){ + $existgrouplabel=$proj->prefs['project_title'].': existing reported version'; + } elseif($existrepver['project_id']==$toproject->id){ + $existgrouplabel=$toproject->prefs['project_title'].': existing reported version'; + } else{ + # maybe version_id from other/hidden/forbidden/deleted project, so only show project_id as hint. + # if user has view permission of this other project, then showing project_title would be ok -> extra sql required + $existgrouplabel='existing reported version of project '.($existrepver['p_project_id']); + } + $existrepveropts[]=array('value'=>$task_details['product_version'], 'label'=>$existrepver['version_name']); + if($repverselected==$task_details['product_version']){ + $existrepveropts[count($existrepveropts)-1]['selected']=1; + } + + #$repversel['options'][]=array('optgroup'=>1, 'label'=>$existgrouplabel, 'options'=>$existrepveropts); + # put existing at beginning + $repversel['options']=array_merge(array(array('optgroup'=>1, 'label'=>$existgrouplabel, 'options'=>$existrepveropts)), $repversel['options']); + } + + + # get list global due versions + # FIXME/TODO: Should we use 'show_in_list' list setting here to filter them out here? Or distinguish between editor/projectmanager/admin roles? + $dueversel['options'][]=array('value'=>0, 'label'=>L('undecided')); + $resgduever=$db->query("SELECT version_id, version_name, list_position, show_in_list FROM {list_version} + WHERE project_id=0 + AND version_tense=3 + AND show_in_list=1 + ORDER BY list_position"); + $gduevers=$db->fetchAllArray($resgduever); + if(count($gduevers)>0){ + foreach($gduevers as $gduever){ + $gdueveropts[]=array('value'=>$gduever['version_id'], 'label'=>$gduever['version_name']); + if($dueverselected==$gduever['version_id']){ + $gdueveropts[count($gdueveropts)-1]['selected']=1; + } + } + $dueversel['options'][]=array('optgroup'=>1, 'label'=>L('globaloptions'), 'options'=>$gdueveropts); + } + # get current project due versions + $rescduever=$db->query("SELECT version_id, version_name, list_position, show_in_list FROM {list_version} + WHERE project_id=? + AND version_tense=3 + AND show_in_list=1 + ORDER BY list_position", array($proj->id)); + $cduevers=$db->fetchAllArray($rescduever); + if(count($cduevers)>0){ + foreach($cduevers as $cduever){ + $cdueveropts[]=array('value'=>$cduever['version_id'], 'label'=>$cduever['version_name']); + if($dueverselected==$cduever['version_id']){ + $cdueveropts[count($cdueveropts)-1]['selected']=1; + } + } + $dueversel['options'][]=array('optgroup'=>1, 'label'=>L('currentproject').' '.$proj->prefs['project_title'], 'options'=>$cdueveropts); + } + # get target project due versions + $restduever=$db->query("SELECT version_id, version_name, list_position, show_in_list FROM {list_version} + WHERE project_id=? + AND version_tense=3 + AND show_in_list=1 + ORDER BY list_position", array($toproject->id)); + $tduevers=$db->fetchAllArray($restduever); + if(count($tduevers)>0){ + foreach($tduevers as $tduever){ + $tdueveropts[]=array('value'=>$tduever['version_id'], 'label'=>$tduever['version_name']); + if($dueverselected==$tduever['version_id']){ + $tdueveropts[count($tdueveropts)-1]['selected']=1; + } + } + $dueversel['options'][]=array('optgroup'=>1, 'label'=>L('targetproject').' '.$toproject->prefs['project_title'], 'options'=>$tdueveropts); + } + + + }else{ + # just the normal merged global/project categories + $cats=$proj->listCategories(); + if( count($cats)>0){ + foreach($cats as $cat){ + $catopts[]=array('value'=>$cat['category_id'], 'label'=>$cat['category_name']); + if($catselected==$cat['category_id']){ + $catopts[count($catopts)-1]['selected']=1; + } + } + $catsel['options']=$catopts; + } + + # just the normal merged global/project statuses + $sts=$proj->listTaskStatuses(); + if( count($sts)>0){ + foreach($sts as $st){ + $stopts[]=array('value'=>$st['status_id'], 'label'=>$st['status_name']); + if($stselected==$st['status_id']){ + $stopts[count($stopts)-1]['selected']=1; + } + } + $statussel['options']=$stopts; + } + + # just the normal merged global/project tasktypes + $tts=$proj->listTaskTypes(); + if( count($tts)>0){ + foreach($tts as $tt){ + $ttopts[]=array('value'=>$tt['tasktype_id'], 'label'=>$tt['tasktype_name']); + if($ttselected==$tt['tasktype_id']){ + $ttopts[count($ttopts)-1]['selected']=1; + } + } + $tasktypesel['options']=$ttopts; + } + + # just the normal merged global/project os + $osses=$proj->listOs(); + # also allow unsetting operating system entry + $osopts[]=array('value'=>0, 'label'=>L('undecided')); + if( count($osses)>0){ + foreach($osses as $os){ + $osopts[]=array('value'=>$os['os_id'], 'label'=>$os['os_name']); + if($osselected==$os['os_id']){ + $osopts[count($osopts)-1]['selected']=1; + } + } + $ossel['options']=$osopts; + } + + # just the normal merged global/project reported version + $repversions=$proj->listVersions(false, 2, $task_details['product_version']); + # also allow unsetting dueversion system entry + $repveropts[]=array('value'=>0, 'label'=>L('undecided')); + if( count($repversions)>0){ + foreach($repversions as $repver){ + $repveropts[]=array('value'=>$repver['version_id'], 'label'=>$repver['version_name']); + if($repverselected==$repver['version_id']){ + $repveropts[count($repveropts)-1]['selected']=1; + } + } + $repversel['options']=$repveropts; + } + + # just the normal merged global/project dueversion + $dueversions=$proj->listVersions(false, 3); # future (tense=3) with 'shown_in_list' set + # also allow unsetting dueversion system entry + $dueveropts[]=array('value'=>0, 'label'=>L('undecided')); + if( count($dueversions)>0){ + foreach($dueversions as $duever){ + $dueveropts[]=array('value'=>$duever['version_id'], 'label'=>$duever['version_name']); + if($dueverselected==$duever['version_id']){ + $dueveropts[count($dueveropts)-1]['selected']=1; + } + } + $dueversel['options']=$dueveropts; + } + } + $catsel['name']='product_category'; + $catsel['attr']['id']='category'; + $page->assign('catselect', $catsel); + + $statussel['name']='item_status'; + $statussel['attr']['id']='status'; + $page->assign('statusselect', $statussel); + + $tasktypesel['name']='task_type'; + $tasktypesel['attr']['id']='tasktype'; + $page->assign('tasktypeselect', $tasktypesel); + + $ossel['name']='operating_system'; + $ossel['attr']['id']='os'; + $page->assign('osselect', $ossel); + + $repversel['name']='reportedver'; + $repversel['attr']['id']='reportedver'; + $page->assign('reportedversionselect', $repversel); + + $dueversel['name']='closedby_version'; + $dueversel['attr']['id']='dueversion'; + $page->assign('dueversionselect', $dueversel); + + # user tries to move a task to a different project: + if(isset($move) && $move==1){ + $page->assign('move', 1); + $page->assign('toproject', $toproject); + } + $page->pushTpl('details.edit.tpl'); + } else { + $prev_id = $next_id = 0; + + if (isset($_SESSION['tasklist']) && ($id_list = $_SESSION['tasklist']) + && ($i = array_search($task_id, $id_list)) !== false) { + $prev_id = isset($id_list[$i - 1]) ? $id_list[$i - 1] : ''; + $next_id = isset($id_list[$i + 1]) ? $id_list[$i + 1] : ''; + } + + // Sub-Tasks + $subtasks = $db->query('SELECT t.*, p.project_title + FROM {tasks} t + LEFT JOIN {projects} p ON t.project_id = p.project_id + WHERE t.supertask_id = ?', + array($task_id)); + $subtasks_cleaned = Flyspray::weedOutTasks($user, $db->fetchAllArray($subtasks)); + + for($i=0;$iquery('SELECT * + FROM {list_category} + WHERE lft < ? AND rgt > ? AND project_id = ? AND lft != 1 + ORDER BY lft ASC', + array($task_details['lft'], $task_details['rgt'], $task_details['cproj'])); + // Check for task dependencies that block closing this task + $check_deps = $db->query('SELECT t.*, s.status_name, r.resolution_name, d.depend_id, p.project_title + FROM {dependencies} d + LEFT JOIN {tasks} t on d.dep_task_id = t.task_id + LEFT JOIN {list_status} s ON t.item_status = s.status_id + LEFT JOIN {list_resolution} r ON t.resolution_reason = r.resolution_id + LEFT JOIN {projects} p ON t.project_id = p.project_id + WHERE d.task_id = ?', array($task_id)); + $check_deps_cleaned = Flyspray::weedOutTasks($user, $db->fetchAllArray($check_deps)); + + + for($i=0;$iquery('SELECT t.*, s.status_name, r.resolution_name, d.depend_id, p.project_title + FROM {dependencies} d + LEFT JOIN {tasks} t on d.task_id = t.task_id + LEFT JOIN {list_status} s ON t.item_status = s.status_id + LEFT JOIN {list_resolution} r ON t.resolution_reason = r.resolution_id + LEFT JOIN {projects} p ON t.project_id = p.project_id + WHERE d.dep_task_id = ?', array($task_id)); + $check_blocks_cleaned = Flyspray::weedOutTasks($user, $db->fetchAllArray($check_blocks)); + + + for($i=0;$iquery("SELECT * + FROM {admin_requests} + WHERE task_id = ? AND resolved_by = 0", + array($task_id)); + + // Get info on the dependencies again + $open_deps = $db->query('SELECT COUNT(*) - SUM(is_closed) + FROM {dependencies} d + LEFT JOIN {tasks} t on d.dep_task_id = t.task_id + WHERE d.task_id = ?', array($task_id)); + + $watching = $db->query('SELECT COUNT(*) + FROM {notifications} + WHERE task_id = ? AND user_id = ?', + array($task_id, $user->id)); + + // Check if task has been reopened some time + $reopened = $db->query('SELECT COUNT(*) + FROM {history} + WHERE task_id = ? AND event_type = 13', + array($task_id)); + + // Check for cached version + $cached = $db->query("SELECT content, last_updated + FROM {cache} + WHERE topic = ? AND type = 'task'", + array($task_details['task_id'])); + $cached = $db->fetchRow($cached); + + // List of votes + $get_votes = $db->query('SELECT u.user_id, u.user_name, u.real_name, v.date_time + FROM {votes} v + LEFT JOIN {users} u ON v.user_id = u.user_id + WHERE v.task_id = ? + ORDER BY v.date_time DESC', + array($task_id)); + + if ($task_details['last_edited_time'] > $cached['last_updated'] || !defined('FLYSPRAY_USE_CACHE')) { + $task_text = TextFormatter::render($task_details['detailed_desc'], 'task', $task_details['task_id']); + } else { + $task_text = TextFormatter::render($task_details['detailed_desc'], 'task', $task_details['task_id'], $cached['content']); + } + + $page->assign('prev_id', $prev_id); + $page->assign('next_id', $next_id); + $page->assign('task_text', $task_text); + $page->assign('subtasks', $subtasks_cleaned); + $page->assign('deps', $check_deps_cleaned); + $page->assign('parent', $db->fetchAllArray($parent)); + $page->assign('blocks', $check_blocks_cleaned); + $page->assign('votes', $db->fetchAllArray($get_votes)); + $page->assign('penreqs', $db->fetchAllArray($get_pending)); + $page->assign('d_open', $db->fetchOne($open_deps)); + $page->assign('watched', $db->fetchOne($watching)); + $page->assign('reopened', $db->fetchOne($reopened)); + $page->pushTpl('details.view.tpl'); + + /////////////// + // tabbed area + + // Comments + cache + $sql = $db->query('SELECT * FROM {comments} c + LEFT JOIN {cache} ca ON (c.comment_id = ca.topic AND ca.type = ?) + WHERE task_id = ? + ORDER BY date_added ASC', + array('comm', $task_id)); + $page->assign('comments', $db->fetchAllArray($sql)); + + // Comment events + $sql = get_events($task_id, ' AND (event_type = 3 OR event_type = 14)'); + $comment_changes = array(); + while ($row = $db->fetchRow($sql)) { + $comment_changes[$row['event_date']][] = $row; + } + $page->assign('comment_changes', $comment_changes); + + // Comment attachments + $attachments = array(); + $sql = $db->query('SELECT * + FROM {attachments} a, {comments} c + WHERE c.task_id = ? AND a.comment_id = c.comment_id', + array($task_id)); + while ($row = $db->fetchRow($sql)) { + $attachments[$row['comment_id']][] = $row; + } + $page->assign('comment_attachments', $attachments); + + // Comment links + $links = array(); + $sql = $db->query('SELECT * + FROM {links} l, {comments} c + WHERE c.task_id = ? AND l.comment_id = c.comment_id', + array($task_id)); + while ($row = $db->fetchRow($sql)) { + $links[$row['comment_id']][] = $row; + } + $page->assign('comment_links', $links); + + // Relations, notifications and reminders + $sql = $db->query('SELECT t.*, r.*, s.status_name, res.resolution_name + FROM {related} r + LEFT JOIN {tasks} t ON (r.related_task = t.task_id AND r.this_task = ? OR r.this_task = t.task_id AND r.related_task = ?) + LEFT JOIN {list_status} s ON t.item_status = s.status_id + LEFT JOIN {list_resolution} res ON t.resolution_reason = res.resolution_id + WHERE t.task_id is NOT NULL AND is_duplicate = 0 AND ( t.mark_private = 0 OR ? = 1 ) + ORDER BY t.task_id ASC', + array($task_id, $task_id, $user->perms('manage_project'))); + $related_cleaned = Flyspray::weedOutTasks($user, $db->fetchAllArray($sql)); + $page->assign('related', $related_cleaned); + + $sql = $db->query('SELECT t.*, r.*, s.status_name, res.resolution_name + FROM {related} r + LEFT JOIN {tasks} t ON r.this_task = t.task_id + LEFT JOIN {list_status} s ON t.item_status = s.status_id + LEFT JOIN {list_resolution} res ON t.resolution_reason = res.resolution_id + WHERE is_duplicate = 1 AND r.related_task = ? + ORDER BY t.task_id ASC', + array($task_id)); + $duplicates_cleaned = Flyspray::weedOutTasks($user, $db->fetchAllArray($sql)); + $page->assign('duplicates', $duplicates_cleaned); + + $sql = $db->query('SELECT * + FROM {notifications} n + LEFT JOIN {users} u ON n.user_id = u.user_id + WHERE n.task_id = ?', array($task_id)); + $page->assign('notifications', $db->fetchAllArray($sql)); + + $sql = $db->query('SELECT * + FROM {reminders} r + LEFT JOIN {users} u ON r.to_user_id = u.user_id + WHERE task_id = ? + ORDER BY reminder_id', array($task_id)); + $page->assign('reminders', $db->fetchAllArray($sql)); + + $page->pushTpl('details.tabs.tpl'); + + if ($user->perms('view_comments') || $proj->prefs['others_view'] || ($user->isAnon() && $task_details['task_token'] && Get::val('task_token') == $task_details['task_token'])) { + $page->pushTpl('details.tabs.comment.tpl'); + } + + $page->pushTpl('details.tabs.related.tpl'); + + if ($user->perms('manage_project')) { + $page->pushTpl('details.tabs.notifs.tpl'); + $page->pushTpl('details.tabs.remind.tpl'); + } + + if ($proj->prefs['use_effort_tracking']) { + $page->pushTpl('details.tabs.efforttracking.tpl'); + } + + $page->pushTpl('details.tabs.history.tpl'); + + } # endif can_edit_task + +} # endif can_view_task +?> diff --git a/scripts/editcomment.php b/scripts/editcomment.php new file mode 100644 index 0000000..a74ee30 --- /dev/null +++ b/scripts/editcomment.php @@ -0,0 +1,28 @@ +query("SELECT c.*, u.real_name + FROM {comments} c + INNER JOIN {users} u ON c.user_id = u.user_id + WHERE comment_id = ? AND task_id = ?", + array(Get::num('id', 0), Get::num('task_id', 0))); + +$page->assign('comment', $comment = $db->fetchRow($sql)); + +if (!$user->can_edit_comment($comment)) { + Flyspray::show_error(11); +} + +$page->pushTpl('editcomment.tpl'); + +?> diff --git a/scripts/index.php b/scripts/index.php new file mode 100644 index 0000000..28e194e --- /dev/null +++ b/scripts/index.php @@ -0,0 +1,534 @@ +can_select_project($proj->id)) { + $proj = new Project(0); +} + +$perpage = '50'; +if (isset($user->infos['tasks_perpage']) && $user->infos['tasks_perpage'] > 0) { + $perpage = $user->infos['tasks_perpage']; +} + +$pagenum = Get::num('pagenum', 1); +if ($pagenum < 1) { + $pagenum = 1; +} +$offset = $perpage * ($pagenum - 1); + +// Get the visibility state of all columns +$visible = explode(' ', trim($proj->id ? $proj->prefs['visible_columns'] : $fs->prefs['visible_columns'])); +if (!is_array($visible) || !count($visible) || !$visible[0]) { + $visible = array('id'); +} + +// Remove columns the user is not allowed to see +if (in_array('estimated_effort', $visible) && !$user->perms('view_estimated_effort')) { + unset($visible[array_search('estimated_effort', $visible)]); +} +if (in_array('effort', $visible) && !$user->perms('view_current_effort_done')) { + unset($visible[array_search('effort', $visible)]); +} + +# for csv export no paging limits +if (Get::has('export_list')) { + $offset = -1; + $perpage = -1; +} + +list($tasks, $id_list, $totalcount, $forbiddencount) = Backend::get_task_list($_GET, $visible, $offset, $perpage); + +if (Get::has('export_list')) { + export_task_list(); +} + +$page->uses('tasks', 'offset', 'perpage', 'pagenum', 'visible'); + +// List of task IDs for next/previous links +# Mmh the result is persistent in $_SESSION a bit for the length of each user session and can lead to a DOS quite fast on bigger installs? +# Do we really need prev-next on task details view or can we find an alternative solution? +# And using the $_SESSION for that is currently not working correct if someone uses 2 browser tabs for 2 different projects. +$_SESSION['tasklist'] = $id_list; + +$page->assign('total', $totalcount); +$page->assign('forbiddencount', $forbiddencount); + +// Send user variables to the template + +$result = $db->query('SELECT DISTINCT u.user_id, u.user_name, u.real_name, g.group_name, g.project_id + FROM {users} u + LEFT JOIN {users_in_groups} uig ON u.user_id = uig.user_id + LEFT JOIN {groups} g ON g.group_id = uig.group_id + WHERE (g.show_as_assignees = 1 OR g.is_admin = 1) + AND (g.project_id = 0 OR g.project_id = ?) AND u.account_enabled = 1 + ORDER BY g.project_id ASC, g.group_name ASC, u.user_name ASC', ($proj->id || -1)); // FIXME: -1 is a hack. when $proj->id is 0 the query fails +$userlist = array(); +while ($row = $db->fetchRow($result)) { + $userlist[$row['group_name']][] = array(0 => $row['user_id'], + 1 => sprintf('%s (%s)', $row['user_name'], $row['real_name'])); +} + +$page->assign('userlist', $userlist); + +/** + * tpl function that Displays a header cell for report list + */ +function tpl_list_heading($colname, $format = "%s") +{ + global $proj, $page; + $imgbase = '%s'; + $class = $colname; + $html = eL($colname); +/* + if ($colname == 'comments' || $colname == 'attachments') { + $html = sprintf($imgbase, $page->get_image(substr($colname, 0, -1)), $html); + } +*/ + if ($colname == 'attachments') { + $html=''; + } + if ($colname == 'comments') { + $html=''; + } + if ($colname == 'votes') { + $html=''; + } + + if (Get::val('order') == $colname) { + $class .= ' orderby'; + $sort1 = Get::safe('sort', 'desc') == 'desc' ? 'asc' : 'desc'; + $sort2 = Get::safe('sort2', 'desc'); + $order2 = Get::safe('order2'); + $html .= '  '.sprintf($imgbase, $page->get_image(Get::val('sort')), Get::safe('sort')); + } + else { + $sort1 = 'desc'; + if (in_array($colname, + array('project', 'tasktype', 'category', 'openedby', 'assignedto'))) + { + $sort1 = 'asc'; + } + $sort2 = Get::safe('sort', 'desc'); + $order2 = Get::safe('order'); + } + + + $new_order = array('order' => $colname, 'sort' => $sort1, 'order2' => $order2, 'sort2' => $sort2); + # unneeded params from $_GET for the sort links + $params=array_merge($_GET, $new_order); + unset($params['do']); + unset($params['project']); + unset($params['switch']); + $html = sprintf('%s', + eL('sortthiscolumn'), Filters::noXSS(createURL('tasklist', $proj->id, null, $params )), $html); + + return sprintf($format, ' class="'.$class.'"', $html); +} + + +/** + * tpl function that draws a cell + */ +function tpl_draw_cell($task, $colname, $format = "%s") { + global $fs, $db, $proj, $page, $user; + + $indexes = array ( + 'id' => 'task_id', + 'project' => 'project_title', + 'tasktype' => 'task_type', + 'tasktypename'=> 'tasktype_name', + 'category' => 'category_name', + 'severity' => '', + 'priority' => '', + 'summary' => 'item_summary', + 'dateopened' => 'date_opened', + 'status' => 'status_name', + 'openedby' => 'opened_by', + 'openedbyname'=> 'opened_by_name', + 'assignedto' => 'assigned_to_name', + 'lastedit' => 'max_date', + 'editedby' => 'last_edited_by', + 'reportedin' => 'product_version_name', + 'dueversion' => 'closedby_version_name', + 'duedate' => 'due_date', + 'comments' => 'num_comments', + 'votes' => 'num_votes', + 'attachments'=> 'num_attachments', + 'dateclosed' => 'date_closed', + 'closedby' => 'closed_by', + 'commentedby'=> 'commented_by', + 'progress' => '', + 'os' => 'os_name', + 'private' => 'mark_private', + 'parent' => 'supertask_id', + 'estimatedeffort' => 'estimated_effort', + ); + + //must be an array , must contain elements and be alphanumeric (permitted "_") + if(!is_array($task) || empty($task) || preg_match('![^A-Za-z0-9_]!', $colname)) { + //run away.. + return ''; + } + $class= 'task_'.$colname; + + switch ($colname) { + case 'id': + $value = tpl_tasklink($task, $task['task_id']); + break; + case 'summary': + $value = tpl_tasklink($task, utf8_substr($task['item_summary'], 0, 55)); + if (utf8_strlen($task['item_summary']) > 55) { + $value .= '...'; + } + + if($task['tagids']!=''){ + #$tags=explode(',', $task['tags']); + $tagids=explode(',', $task['tagids']); + #$tagclass=explode(',', $task['tagclass']); + $tgs=''; + for($i=0;$i< count($tagids); $i++){ + $tgs.=tpl_tag($tagids[$i]); + } + $value.=$tgs; + } + break; + + case 'tasktype': + $value = htmlspecialchars($task['tasktype_name'], ENT_QUOTES, 'utf-8'); + $class.=' typ'.$task['task_type']; + break; + + case 'severity': + $value = $task['task_severity']==0 ? '' : $fs->severities[$task['task_severity']]; + $class.=' sev'.$task['task_severity']; + break; + + case 'priority': + $value = $task['task_priority']==0 ? '' : $fs->priorities[$task['task_priority']]; + $class.=' pri'.$task['task_priority']; + break; + + case 'attachments': + case 'comments': + case 'votes': + $value = $task[$indexes[$colname]]>0 ? $task[$indexes[$colname]]:''; + break; + + case 'lastedit': + case 'duedate': + case 'dateopened': + case 'dateclosed': + $value = formatDate($task[$indexes[$colname]]); + break; + + case 'status': + if ($task['is_closed']) { + $value = eL('closed'); + } else { + $value = htmlspecialchars($task[$indexes[$colname]], ENT_QUOTES, 'utf-8'); + } + $class.=' sta'.$task['item_status']; + break; + + case 'progress': + $value = tpl_img($page->get_image('percent-' . $task['percent_complete'], false), + $task['percent_complete'] . '%'); + break; + + case 'assignedto': + # group_concat-ed for mysql/pgsql + #$value = htmlspecialchars($task[$indexes[$colname]], ENT_QUOTES, 'utf-8'); + $value=''; + $anames=explode(',',$task[$indexes[$colname]]); + $aids=explode(',',$task['assignedids']); + $aimages=explode(',',$task['assigned_image']); + for($a=0;$a < count($anames);$a++){ + if($aids[$a]){ + # deactivated: avatars looks too ugly in the tasklist, user's name needs to be visible on a first look here, without needed mouse hovering.. + #if ($fs->prefs['enable_avatars']==1 && $aimages[$a]){ + # $value.=tpl_userlinkavatar($aids[$a],30); + #} else{ + $value.=tpl_userlink($aids[$a]); + #} + #$value.=''.htmlspecialchars($anames[$a], ENT_QUOTES, 'utf-8').''; + } + } + + # fallback for DBs we haven't written sql string aggregation yet (currently with group_concat() mysql and array_agg() postgresql) + if( ('postgres' != $db->dblink->dataProvider) && ('mysql' != $db->dblink->dataProvider) && ($task['num_assigned'] > 1)) { + $value .= ', +' . ($task['num_assigned'] - 1); + } + break; + + case 'private': + $value = $task[$indexes[$colname]] ? L('yes') : L('no'); + break; + + case 'commentedby': + case 'openedby': + case 'editedby': + case 'closedby': + $value = ''; + # a bit expensive! tpl_userlinkavatar() an additional sql query for each new user in the output table + # at least tpl_userlink() uses a $cache array so query for repeated users + if ($task[$indexes[$colname]] > 0) { + # deactivated: avatars looks too ugly in the tasklist, user's name needs to be visible on a first look here, without needed mouse hovering.. + #if ($fs->prefs['enable_avatars']==1){ + # $value = tpl_userlinkavatar($task[$indexes[$colname]],30); + #} else{ + $value = tpl_userlink($task[$indexes[$colname]]); + #} + } + break; + + case 'parent': + $value = ''; + if ($task['supertask_id'] > 0) { + $value = tpl_tasklink($task, $task['supertask_id']); + } + break; + + case 'estimatedeffort': + $value = ''; + if ($user->perms('view_estimated_effort')) { + if ($task['estimated_effort'] > 0){ + $value = effort::secondsToString($task['estimated_effort'], $proj->prefs['hours_per_manday'], $proj->prefs['estimated_effort_format']); + } + } + break; + + case 'effort': + $value = ''; + if ($user->perms('view_current_effort_done')) { + if ($task['effort'] > 0){ + $value = effort::secondsToString($task['effort'], $proj->prefs['hours_per_manday'], $proj->prefs['current_effort_done_format']); + } + } + break; + + default: + $value = ''; + // $colname here is NOT column name in database but a name that can appear + // both in a projects visible fields and as a key in language translation + // file, which is also used to draw a localized heading. Column names in + // database customarily use _ t to separate words, translation file entries + // instead do not and can be also be quite different. If you do see an empty + // value when you expected something, check your usage, what visible fields + // in database actually constains, and maybe add a mapping from $colname to + // to the database column name to array $indexes at the beginning of this + // function. Note that inconsistencies between $colname, database column + // name, translation entry key and name in visible fields do occur sometimes + // during development phase. + if (array_key_exists($colname, $indexes)) { + $value = htmlspecialchars($task[$indexes[$colname]], ENT_QUOTES, 'utf-8'); + } + break; + } + return sprintf($format, $class, $value); +} + +$sort; +$orderby; + +/** + * + * comparison function used by export_task_list + * + */ +function do_cmp($a, $b) +{ + global $sort,$orderby; + + if ($a[ $orderby ] == $b[ $orderby ]) { return 0; } + + if ($sort == 'asc') + return ($a[ $orderby ] < $b[ $orderby ]) ? -1 : 1; + else + return ($a[ $orderby ] > $b[ $orderby ]) ? -1 : 1; +} + +/** +* workaround fputcsv() bug https://bugs.php.net/bug.php?id=43225 +*/ +function my_fputcsv($handle, $fields) +{ + $out = array(); + + foreach ($fields as $field) { + if (empty($field)) { + $out[] = ''; + } + elseif (preg_match('/^\d+(\.\d+)?$/', $field)) { + $out[] = $field; + } + else { + $out[] = '"' . preg_replace('/"/', '""', $field) . '"'; + } + } + + return fwrite($handle, implode(',', $out) . "\n"); +} + + +/** + * Export the tasks as a .csv file + * Currently only a fixed list of task fields + */ +function export_task_list() +{ + global $tasks, $fs, $user, $sort, $orderby, $proj; + + if (!is_array($tasks)){ + return; + } + + # TODO enforcing user permissions on allowed fields + # TODO Flyspray 1.1 or later: selected fields by user request, saved user settings, tasklist settings or project defined list which fields should appear in an export + # TODO Flyspray 1.1 or later: export in .ods open document spreadsheet, .xml .... + $indexes = array ( + 'id' => 'task_id', + 'project' => 'project_title', + 'tasktype' => 'task_type', + 'category' => 'category_name', + 'severity' => 'task_severity', + 'priority' => 'task_priority', + 'summary' => 'item_summary', + 'dateopened' => 'date_opened', + 'status' => 'status_name', + 'openedby' => 'opened_by_name', + 'assignedto' => 'assigned_to_name', + 'lastedit' => 'max_date', + 'reportedin' => 'product_version', + 'dueversion' => 'closedby_version', + 'duedate' => 'due_date', + 'comments' => 'num_comments', + 'votes' => 'num_votes', + 'attachments'=> 'num_attachments', + 'dateclosed' => 'date_closed', + 'progress' => 'percent_complete', + 'os' => 'os_name', + 'private' => 'mark_private', + 'supertask' => 'supertask_id', + 'detailed_desc'=>'detailed_desc', + ); + + + # we can put this info also in the filename ... + #$projectinfo = array('Project ', $tasks[0]['project_title'], date("H:i:s d-m-Y") ); + + // sort the tasks into the order selected by the user. Set + // global vars for use by sort comparison function + + $sort = Get::safe('sort','desc') == 'desc' ? 'desc' : 'asc'; + $field = Get::safe('order', 'id'); + + if ($field == '') $field = 'id'; + $orderby = $indexes[ $field ]; + + usort($tasks, "do_cmp"); + + $outfile = str_replace(' ', '_', $proj->prefs['project_title']).'_'.date("Y-m-d").'.csv'; + + #header('Content-Type: application/csv'); + header('Content-Type: text/csv'); + header('Content-Disposition: attachment; filename='.$outfile); + header('Content-Transfer-Encoding: text'); + header('Expires: 0'); + header('Cache-Control: must-revalidate'); + #header('Pragma: public'); + #header('Content-Length: '.strlen($result)); # unknown at this time.. + ob_clean(); + flush(); + + $output = fopen('php://output', 'w'); + $headings= array( + 'ID', + 'Category', + 'Task Type', + 'Severity', + 'Summary', + 'Status', + 'Progress', + 'date_opened', + 'date_closed', + 'due_date', + 'supertask_id' + ); + if($user->perms('view_estimated_effort') && $proj->id>0 && $proj->prefs['use_effort_tracking']){ + $headings[]='Estimated Effort'; + } + $headings[]='Description'; + //if($user->perms('view_current_effort_done') && $proj->id>0 && $proj->prefs['use_effort_tracking']){ $headings[]='Done Effort'; } + + #fputcsv($output, $headings); + my_fputcsv($output, $headings); # fixes 'SYLK' FS#2123 Excel problem + foreach ($tasks as $task) { + $row = array( + $task['task_id'], + $task['category_name'], + $task['task_type'], + $fs->severities[ $task['task_severity'] ], + $task['item_summary'], + $task['status_name'], + $task['percent_complete'], + $task['date_opened'], + $task['date_closed'], + $task['due_date'], + $task['supertask_id'] + ); + if( $user->perms('view_estimated_effort') && $proj->id>0 && $proj->prefs['use_effort_tracking']){ + $row[]=$task['estimated_effort']; + } + $row[]=$task['detailed_desc']; + //if( $user->perms('view_current_effort_done') && $proj->id>0 && $proj->prefs['use_effort_tracking']){ $row=$task['effort']; } + + my_fputcsv($output, $row); # fputcsv() is buggy + } + fclose($output); + exit(); +} + +// Javascript replacement +if (Get::val('toggleadvanced')) { + $advanced_search = intval(!Req::val('advancedsearch')); + Flyspray::setCookie('advancedsearch', $advanced_search, time()+60*60*24*30); + $_COOKIE['advancedsearch'] = $advanced_search; +} + +/** + * Update check + */ +if(Get::has('hideupdatemsg')) { + unset($_SESSION['latest_version']); +} else if ($conf['general']['update_check'] + && $user->perms('is_admin') + && $fs->prefs['last_update_check'] < time()-60*60*24*3) { + if (!isset($_SESSION['latest_version'])) { + $latest = Flyspray::remote_request('http://www.flyspray.org/version.txt', GET_CONTENTS); + # if for some silly reason we get an empty response, we use the actual version + $_SESSION['latest_version'] = empty($latest) ? $fs->version : $latest ; + $db->query('UPDATE {prefs} SET pref_value = ? WHERE pref_name = ?', array(time(), 'last_update_check')); + } +} +if (isset($_SESSION['latest_version']) && version_compare($fs->version, $_SESSION['latest_version'] , '<') ) { + $page->assign('updatemsg', true); +} + + +$page->setTitle($fs->prefs['page_title'] . $proj->prefs['project_title'] . ': ' . L('tasklist')); +$page->pushTpl('index.tpl'); + +?> diff --git a/scripts/langdiff.php b/scripts/langdiff.php new file mode 100644 index 0000000..f004b54 --- /dev/null +++ b/scripts/langdiff.php @@ -0,0 +1,192 @@ +perms('manage_project')) { + Flyspray::show_error(28); +} + +ob_start(); + +?> + +Diff report for language ',$lang,'',"\n"; + echo '

The following translation keys are missing in the translation:

'; + echo ''; + $i = 0; + foreach ($orig_language as $key => $val) { + if (!isset($translation[$key])) { + echo '',"\n"; + $i++; + } + + } + echo '
',$key,''.htmlspecialchars($val).'
'; + if ( $i > 0 ){ + echo '

',$i,' out of ',sizeof($language),' keys to translate.

'; + } + echo '

The following translation keys should be deleted from the translation:

'; + echo ''; + $i = 0; + foreach ($translation as $key => $val) { + if ( !isset($orig_language[$key])) { + echo '',"\n"; + $i++; + } + } + echo '
',$key,'
\'',$val,'\'
'; + if ( $i > 0 ){ + echo '

'.$i.' entries can be removed from this translation.

'; + } else{ + echo '

None

'; + } + echo '

Direct comparision between english and '.htmlspecialchars($lang).'

'; + echo ' + + + + + + + + '; + $i = 0; + foreach ($orig_language as $key => $val) { + if (!isset($translation[$key])) { + echo ''."\n"; + }else{ + echo ' + + + + '."\n"; + } + $i++; + } + echo '
translation keyen'.htmlspecialchars($lang).'
',$key,''.htmlspecialchars($val).'
',$key,''.htmlspecialchars($val).''.htmlspecialchars($translation[$key]).'
'; +} else { + # TODO show all existing translations overview and selection + # readdir + $english=$language; + $max=count($english); + $langfiles=array(); + $workfiles=array(); + if ($handle = opendir('lang')) { + $languages=array(); + while (false !== ($file = readdir($handle))) { + if ($file != "." + && $file != ".." + && $file!='.langdiff.php' + && $file!='.langedit.php' + && !(substr($file,-4)=='.bak') + && !(substr($file,-5)=='.safe') ) { + # if a .$lang.php.work file but no $lang.php exists yet + if( substr($file,-5)=='.work'){ + if(!is_file('lang/'.substr($file,1,-5)) ){ + $workfiles[]=$file; + } + } else{ + $langfiles[]=$file; + } + } + } + asort($langfiles); + asort($workfiles); + echo ' + + '; + foreach($langfiles as $lang){ + unset($translation); + require('lang/'.$lang); # file $language variable + $i=0; $empty=0; + foreach ($orig_language as $key => $val) { + if (!isset($translation[$key])) { + $i++; + }else{ + if($val==''){ + $empty++; + } + } + } + $progress=floor(($max-$i)*100/$max*10)/10; + if($lang!='en.php'){ + echo ' + + + + +'; + }else{ + echo ''; + } + } + foreach($workfiles as $workfile){ + echo ' + + + + '; + } + closedir($handle); + echo '
'.L('file').''.L('progress').'
'.$lang.' +'.$progress.' % + +'.L('translate').' '.substr($lang,0,-4).'
en.phpis reference and fallbackTranslate '.substr($lang,0,-4).'
'.$workfile.''.L('translate').' '.substr($workfile,1,-9).'
'; + } +} + +$content = ob_get_contents(); +ob_end_clean(); + +$page->uses('content'); +$page->pushTpl('admin.translation.tpl'); + +?> diff --git a/scripts/langedit.php b/scripts/langedit.php new file mode 100644 index 0000000..20ba4a8 --- /dev/null +++ b/scripts/langedit.php @@ -0,0 +1,329 @@ + +perms('manage_project')) { + Flyspray::show_error(28); +} + +// Make it possible to reload page after updating language +// Don't want to send form data again if user reloads the page +ob_start(); +?> + +\n"; +} +if(!file_exists('en.php')) { + $fail .= "The english language file en.php is missing. Make sure this script is run from the same directory as the language files .../flyspray/lang/
\n"; +} +if($fail) { + die($fail."Usage: <lang code> where <lang code> should be replaced by your language, e.g. de for German."); +} +// Read english language file in array $language (assumed to be UTF-8 encoded) +require('en.php'); +if(!is_array(@$language)){ + die("Invalid language file for english"); +} +$count = count($language); + +// Read the translation file in array $translation (assumed to be UTF-8 encoded) +$working_copy = false; +if(!file_exists($lang.'.php') && !file_exists('.'.$lang.'.php.work')) { + echo '

A new language file will be created: '.$lang.'.php

'; +} else { + if($lang != 'en') { + if(file_exists('.'.$lang.'.php.work')) { + $working_copy = true; + include_once('.'.$lang.'.php.work'); // Read the translation array (work in progress) + } else{ + include($lang.'.php'); // Read the original translation array - maybe again, no _once here! + } + } else if(file_exists('.en.php.work')){ + $working_copy = true; + $tmp = $language; + include_once('.en.php.work'); // Read the language array (work in progress) + $translation = $language; // Edit the english language file + $language = $tmp; + } else{ + $translation = $language; // Edit the english language file + } + + if(!is_array(@$translation)){ + echo "Warning: the translation file does not contain the \$translation array, a new file will be created: $lang.php\n"; + } +} + +$limit = 30; +$begin = isset($_GET['begin']) ? (int)($_GET['begin'] / $limit) * $limit : 0; + +// Was show missing pressed? +$show_empty = (!isset($_POST['search']) && isset($_REQUEST['empty'])); // Either POST or URL +// Any text in search box? +if(!$show_empty && isset($_POST['search_for'])) { + $search = trim($_POST['search_for']); +} else if(!$show_empty && isset($_GET['search_for'])) { + $search = trim(urldecode($_GET['search_for'])); +} else { + $search = ""; +} +// Path to this file +$self = "{$_SERVER['SCRIPT_NAME']}?do=langedit&lang=$lang"; + +if(isset($_POST['confirm'])) { + // Make a backup + unlink(".$lang.php.bak"); + rename("$lang.php", ".$lang.php.bak"); + rename(".$lang.php.work", "$lang.php"); + // Reload page, so that form data won't get posted again on refresh + header("location: $self&begin=$begin" . ($search? "&search_for=".urlencode($search): "") . ($show_empty? "&empty=": "")); + exit; +} else if(isset($_POST['submit']) && isset($_POST['L'])) { + // Save button was pressed + update_language($lang, $_POST['L'], @$_POST['E']); + // Reload page, so that form data won't get posted again on refresh + header("location: $self&begin=$begin" . ($search? "&search_for=".urlencode($search): "") . ($show_empty? "&empty=": "")); + exit; +} + +// One form for all buttons and inputs +echo 'Overview'; +echo "
\n"; +echo "\n + + $val){ + $trans = @$translation[$key]; + if((!$search && !$show_empty && $i >= $begin) || + ($search && (stristr($key, $search) || stristr($val, $search) || stristr($trans, $search))) || + ($show_empty && !$trans)){ + $bg = ($j++ & 1)? '#fff': '#eed'; + // Key + echo ''; + // English (underline leading and trailing spaces) + $space = '_'; + echo '\n"; + echo '\n"; + + if(--$limit == 0 && !$search && !$show_empty){ + break; + } + } + $i++; +} +?> +
"; +// Make page links +for($p = 0; $p < $count; $p += $limit){ + if($p){ + echo " | "; + } + $bgn = $p+1; + $end = min($p+$limit, $count); + if($p != $begin || $search || $show_empty) { + echo "$bgn…$end\n"; // Show all links when searching or display all missing strings + } else { + echo "$bgn…$end\n"; + } +} +?> + + + title="Confirm all changes and replace the original language file"> +
+.$lang.php.work until you press 'Confirm all changes'
"; +} +// Search +echo ''; +// List empty +if($lang != 'en') { + echo ''; +} +?> +
KeyEnglishTranslation:
'.($i+1).''.$key.''. (preg_match("/^[ \t]/",$val)? $space: "") . nl2br(htmlentities($val)). (preg_match("/[ \t]$/",$val)? $space: "") ."'; + echo ''; + echo ''; + // Count lines in both english and translation + $lines = 1 + max(preg_match_all("/\n/", $val, $matches), preg_match_all("/\n/", $trans, $matches)); + // Javascript call on some input events + $onchange = 'onchange="set(\''.$key.'\');" onkeypress="set(\''.$key.'\');"'; + // \ is displayed as \\ in edit fields to allow \n as line feed + $trans = str_replace("\\", "\\\\", $trans); + if($lines > 1 || strlen(utf8_decode($val)) > 60 || strlen(utf8_decode($trans)) > 60){ + // Format long texts for '; + } else{ + // Format short texts for + $trans = str_replace(array("\n", "\""), array("\\n", """), $trans); + echo ''; + } + echo "
+
+ + + + + +
The language files are UTF-8 encoded, avoid manual editing if You are not sure that your editor supports UTF-8
+Syntax for \ is \\ and for line feed type \\n in single line edit fields
langedit by larserik@softpoint.nu
+uses('content'); +$page->pushTpl('admin.translation.tpl'); + +// Parse string for \n and \\ to be replaced by and \ +function parseNL($str) { + $pos = 0; + while(($pos = strpos($str, "\\", $pos)) !== false){ + switch(substr($str, $pos, 2)){ + case "\\n": + $str = substr_replace($str, "\n", $pos, 2); + break; + case "\\\\": + $str = substr_replace($str, "\\", $pos, 2); + break; + } + $pos++; + } + return $str; +} + +function update_language($lang, &$strings, $edit) { + global $language, $translation; + + if(!is_array($edit)) { + return; + } + // Form data contains UTF-8 encoded text + foreach($edit as $key => $dummy){ + if(@$strings[$key]) { + $translation[$key] = parseNL($strings[$key]); + } else { + unset($translation[$key]); + } + } + // Make a backup just in case! + if(!file_exists(".$lang.php.safe")){ + // Make one safe backup that will NOT be changed by this script + copy("$lang.php", ".$lang.php.safe"); + } + if(file_exists(".$lang.php.work")){ + // Then make ordinary backups + copy(".$lang.php.work", ".$lang.php.bak"); + } + // Write the translation array to file with UNIX style line endings + $file = fopen(".$lang.php.work", "w"); + // Write the UTF-8 BOM, Byte Order Marker + //fprintf($file, chr(0xef).chr(0xbb).chr(0xbf)); + // Header + fprintf($file, " \\ + // " => \" + // $ => \$ + // => \n + // are removed if any + $pattern = array("\\", "\"", "\$", "\n", "\r"); + $replace = array("\\\\", "\\\"", "\\\$", "\\n", ""); + // Write the array to the file, ordered as the english language file + foreach($language as $key => $val){ + $trans = @$translation[$key]; + if(!$trans) { + continue; + } + if(strstr($trans, "\n")) { // Use double quotes for multiline + fprintf($file, "%-26s=> \"%s\",\n", "'$key'", str_replace($pattern, $replace, $trans)); + } else { // Use single quotes for single lines, only \ and ' needs escaping + fprintf($file, "%-26s=> '%s',\n", "'$key'", str_replace(array("\\","'"), array("\\\\", "\\'"), $trans)); + } + } + fprintf($file, ");\n\n?".">\n"); // PHP end tag currupts some syntax color coders + fclose($file); +} + +?> diff --git a/scripts/lostpw.php b/scripts/lostpw.php new file mode 100644 index 0000000..ce2a78d --- /dev/null +++ b/scripts/lostpw.php @@ -0,0 +1,32 @@ +setTitle($fs->prefs['page_title'] . L('lostpw')); + +if (!Req::has('magic_url') && $user->isAnon()) { + // Step One: user requests magic url + $page->pushTpl('lostpw.step1.tpl'); +} +elseif (Req::has('magic_url') && $user->isAnon()) { + # Step Two: user enters new password + # First as link from email (GET), form could be repeated as POST + # when user misrepeats the new password. so GET and POST possible here! + $check_magic = $db->query('SELECT * FROM {users} WHERE magic_url = ?', + array(Req::val('magic_url'))); + + if (!$db->countRows($check_magic)) { + Flyspray::show_error(12); + } + $page->pushTpl('lostpw.step2.tpl'); +} else { + Flyspray::redirect($baseurl); +} +?> diff --git a/scripts/myprofile.php b/scripts/myprofile.php new file mode 100644 index 0000000..bd9bd22 --- /dev/null +++ b/scripts/myprofile.php @@ -0,0 +1,41 @@ +isAnon()) { + Flyspray::show_error(13); +} + +# maybe add some checks for output if a task or project or user changed permissions +# for example the user is moved from developer to basic +# or a task is changed to private modus +# or a task is closed now +# maybe add 'AND t.is_closed<>1' if we want only show votes of active tasks, that are taken for the votes limit. +# How can a user unvote such now unvisible tasks to get back under his voting limit for the project? +$votes=$db->query(' + SELECT v.*, t.project_id, t.item_summary, t.task_type, t.is_closed, p.project_title + FROM {votes} v + JOIN {tasks} t ON t.task_id=v.task_id + LEFT JOIN {projects} p ON p.project_id=t.project_id + WHERE user_id = ? + ORDER BY t.project_id, t.task_id', + $user->id +); +$votes=$db->fetchAllArray($votes); + +$page->assign('votes', $votes); +$page->assign('groups', Flyspray::listGroups()); +$page->assign('project_groups', Flyspray::listGroups($proj->id)); +$page->assign('theuser', $user); + +$page->setTitle($fs->prefs['page_title'] . L('editmydetails')); +$page->pushTpl('myprofile.tpl'); + +?> diff --git a/scripts/newmultitasks.php b/scripts/newmultitasks.php new file mode 100644 index 0000000..741ea81 --- /dev/null +++ b/scripts/newmultitasks.php @@ -0,0 +1,20 @@ +can_open_task($proj) && !$user->perms('add_multiple_tasks')) { + Flyspray::show_error(15); +} + +$page->setTitle($fs->prefs['page_title'] . $proj->prefs['project_title'] . ': ' . L('newtask')); + +$page->assign('old_assigned', ''); +$page->pushTpl('newmultitasks.tpl'); + +?> \ No newline at end of file diff --git a/scripts/newtask.php b/scripts/newtask.php new file mode 100644 index 0000000..8cd3dc2 --- /dev/null +++ b/scripts/newtask.php @@ -0,0 +1,53 @@ +can_open_task($proj)) { + Flyspray::show_error(15); +} + +$page->setTitle($fs->prefs['page_title'] . $proj->prefs['project_title'] . ': ' . L('newtask')); + +$result = $db->query(' + SELECT u.user_id, u.user_name, u.real_name, g.group_id, g.group_name, g.project_id + FROM {users} u + JOIN {users_in_groups} uig ON u.user_id = uig.user_id + JOIN {groups} g ON g.group_id = uig.group_id + WHERE (g.show_as_assignees = 1 OR g.is_admin = 1) + AND (g.project_id = 0 OR g.project_id = ?) AND u.account_enabled = 1 + ORDER BY g.project_id ASC, g.group_name ASC, u.user_name ASC', $proj->id); + +$userlist = array(); +$userids=array(); +while ($row = $db->fetchRow($result)) { + if (!in_array($row['user_id'], $userids)){ + $userlist[$row['group_id']][] = array( + 0 => $row['user_id'], + 1 => sprintf('%s (%s)', $row['user_name'], $row['real_name']), + 2 => $row['project_id'], + 3 => $row['group_name'] + ); + $userids[]=$row['user_id']; + } else{ + # user is probably in a global group with assignee permission listed, so no need to show second time in a project group. + } +} + +$assignees = array(); +if (is_array(Post::val('rassigned_to'))) { + $assignees = Post::val('rassigned_to'); +} + +$page->assign('assignees', $assignees); +$page->assign('userlist', $userlist); +$page->assign('old_assigned', ''); +$page->pushTpl('newtask.tpl'); + +?> diff --git a/scripts/oauth.php b/scripts/oauth.php new file mode 100644 index 0000000..48dface --- /dev/null +++ b/scripts/oauth.php @@ -0,0 +1,201 @@ + function() use ($conf) { + if (empty($conf['oauth']['github_secret']) || + empty($conf['oauth']['github_id']) || + empty($conf['oauth']['github_redirect'])) { + + throw new Exception('Config error make sure the github_* variables are set.'); + } + return new GithubProvider(array( + 'clientId' => $conf['oauth']['github_id'], + 'clientSecret' => $conf['oauth']['github_secret'], + 'redirectUri' => $conf['oauth']['github_redirect'], + 'scopes' => array('user:email') + )); + }, + 'google' => function() use ($conf) { + if (empty($conf['oauth']['google_secret']) || + empty($conf['oauth']['google_id']) || + empty($conf['oauth']['google_redirect'])) { + + throw new Exception('Config error make sure the google_* variables are set.'); + } + return new League\OAuth2\Client\Provider\Google(array( + 'clientId' => $conf['oauth']['google_id'], + 'clientSecret' => $conf['oauth']['google_secret'], + 'redirectUri' => $conf['oauth']['google_redirect'], + 'scopes' => array('email', 'profile') + )); + }, + 'facebook' => function() use ($conf) { + if (empty($conf['oauth']['facebook_secret']) || + empty($conf['oauth']['facebook_id']) || + empty($conf['oauth']['facebook_redirect'])) { + + throw new Exception('Config error make sure the facebook_* variables are set.'); + } + return new League\OAuth2\Client\Provider\Facebook(array( + 'clientId' => $conf['oauth']['facebook_id'], + 'clientSecret' => $conf['oauth']['facebook_secret'], + 'redirectUri' => $conf['oauth']['facebook_redirect'], + )); + }, + 'microsoft' => function() use ($conf) { + if (empty($conf['oauth']['microsoft_secret']) || + empty($conf['oauth']['microsoft_id']) || + empty($conf['oauth']['microsoft_redirect'])) { + + throw new Exception('Config error make sure the microsoft_* variables are set.'); + } + return new League\OAuth2\Client\Provider\Microsoft(array( + 'clientId' => $conf['oauth']['microsoft_id'], + 'clientSecret' => $conf['oauth']['microsoft_secret'], + 'redirectUri' => $conf['oauth']['microsoft_redirect'], + )); + }, + 'instagram' => function() use ($conf) { + if (empty($conf['oauth']['instagram_secret']) || + empty($conf['oauth']['instagram_id']) || + empty($conf['oauth']['instagram_redirect'])) { + + throw new Exception('Config error make sure the instagram_* variables are set.'); + } + return new League\OAuth2\Client\Provider\Instagram(array( + 'clientId' => $conf['oauth']['instagram_id'], + 'clientSecret' => $conf['oauth']['instagram_secret'], + 'redirectUri' => $conf['oauth']['instagram_redirect'], + )); + }, + 'eventbrite' => function() use ($conf) { + if (empty($conf['oauth']['eventbrite_secret']) || + empty($conf['oauth']['eventbrite_id']) || + empty($conf['oauth']['eventbrite_redirect'])) { + + throw new Exception('Config error make sure the eventbrite_* variables are set.'); + } + return new League\OAuth2\Client\Provider\Eventbrite(array( + 'clientId' => $conf['oauth']['eventbrite_id'], + 'clientSecret' => $conf['oauth']['eventbrite_secret'], + 'redirectUri' => $conf['oauth']['eventbrite_redirect'], + )); + }, + 'linkedin' => function() use ($conf) { + if (empty($conf['oauth']['linkedin_secret']) || + empty($conf['oauth']['linkedin_id']) || + empty($conf['oauth']['linkedin_redirect'])) { + + throw new Exception('Config error make sure the linkedin_* variables are set.'); + } + return new League\OAuth2\Client\Provider\LinkedIn(array( + 'clientId' => $conf['oauth']['linkedin_id'], + 'clientSecret' => $conf['oauth']['linkedin_secret'], + 'redirectUri' => $conf['oauth']['linkedin_redirect'], + )); + }, + 'vkontakte' => function() use ($conf) { + if (empty($conf['oauth']['vkontakte_secret']) || + empty($conf['oauth']['vkontakte_id']) || + empty($conf['oauth']['vkontakte_redirect'])) { + + throw new Exception('Config error make sure the vkontakte_* variables are set.'); + } + return new League\OAuth2\Client\Provider\Vkontakte(array( + 'clientId' => $conf['oauth']['vkontakte_id'], + 'clientSecret' => $conf['oauth']['vkontakte_secret'], + 'redirectUri' => $conf['oauth']['vkontakte_redirect'], + )); + }, +); + +if (! isset($_SESSION['return_to'])) { + $_SESSION['return_to'] = base64_decode(Get::val('return_to', '')); + $_SESSION['return_to'] = $_SESSION['return_to'] ?: $baseurl; +} + +$provider = isset($_SESSION['oauth_provider']) ? $_SESSION['oauth_provider'] : 'none'; +$provider = strtolower(Get::val('provider', $provider)); +unset($_SESSION['oauth_provider']); + +$active_oauths = explode(' ', $fs->prefs['active_oauths']); +if (!in_array($provider, $active_oauths)) { + Flyspray::show_error(26); +} + +$obj = $providers[$provider](); + +if ( ! Get::has('code') && ! Post::has('username')) { + // get authorization code + header('Location: '.$obj->getAuthorizationUrl()); + exit; +} + +if (isset($_SESSION['oauth_token'])) { + $token = unserialize($_SESSION['oauth_token']); + unset($_SESSION['oauth_token']); +} else { + // Try to get an access token + try { + $token = $obj->getAccessToken('authorization_code', array('code' => $_GET['code'])); + } catch (\League\OAuth2\Client\Exception\IDPException $e) { + throw new Exception($e->getMessage()); + } +} + +$user_details = $obj->getUserDetails($token); +$uid = $user_details->uid; + +if (Post::has('username')) { + $username = Post::val('username'); +} else { + $username = $user_details->nickname; +} + +// First time logging in +if (! Flyspray::checkForOauthUser($uid, $provider)) { + if (! $user_details->email) { + Flyspray::show_error(27); + } + + $success = false; + + if ($username) { + $group_in = $fs->prefs['anon_group']; + $name = $user_details->name ?: $username; + $success = Backend::create_user($username, null, $name, '', $user_details->email, 0, 0, $group_in, 1, $uid, $provider); + } + + // username taken or not provided, ask for it + if (!$success) { + $_SESSION['oauth_token'] = serialize($token); + $_SESSION['oauth_provider'] = $provider; + $page->assign('provider', ucfirst($provider)); + $page->assign('username', $username); + $page->pushTpl('register.oauth.tpl'); + return; + } +} + +if (($user_id = Flyspray::checkLogin($user_details->email, null, 'oauth')) < 1) { + Flyspray::show_error(23); // account disabled +} + +$user = new User($user_id); + +// Set a couple of cookies +$passweirded = crypt($user->infos['user_pass'], $conf['general']['cookiesalt']); +Flyspray::setCookie('flyspray_userid', $user->id, 0,null,null,null,true); +Flyspray::setCookie('flyspray_passhash', $passweirded, 0,null,null,null,true); +$_SESSION['SUCCESS'] = L('loginsuccessful'); +$db->query("UPDATE {users} SET last_login = ? WHERE user_id=?", array(time(), $user->id)); + +$return_to = $_SESSION['return_to']; +unset($_SESSION['return_to']); + +Flyspray::redirect($return_to); +?> diff --git a/scripts/pm.php b/scripts/pm.php new file mode 100644 index 0000000..c9884e8 --- /dev/null +++ b/scripts/pm.php @@ -0,0 +1,61 @@ +perms('manage_project') || !$proj->id) { + Flyspray::show_error(16); +} + +switch ($area = Req::val('area', 'prefs')) { + case 'pendingreq': + $sql = $db->query("SELECT * + FROM {admin_requests} ar + LEFT JOIN {tasks} t ON ar.task_id = t.task_id + LEFT JOIN {users} u ON ar.submitted_by = u.user_id + WHERE ar.project_id = ? AND resolved_by = 0 + ORDER BY ar.time_submitted ASC", array($proj->id)); + + $page->assign('pendings', $db->fetchAllArray($sql)); + + case 'prefs': + case 'groups': + $page->assign('globalgroups', Flyspray::listGroups(0)); # global user groups + $page->assign('groups', Flyspray::listGroups($proj->id)); # project specific user groups + case 'editgroup': + // yeah, utterly stupid, is changed in 1.0 already + if (Req::val('area') == 'editgroup') { + $group_details = Flyspray::getGroupDetails(Req::num('id')); + if (!$group_details || $group_details['project_id'] != $proj->id) { + Flyspray::show_error(L('groupnotexist')); + Flyspray::redirect(createURL('pm', 'groups', $proj->id)); + } + $page->uses('group_details'); + } + case 'tasktype': + case 'tag': + case 'resolution': + case 'os': + case 'version': + case 'cat': + case 'status': + case 'newgroup': + + $page->setTitle($fs->prefs['page_title'] . L('pmtoolbox')); + $page->pushTpl('pm.menu.tpl'); + $page->pushTpl('pm.'.$area.'.tpl'); + break; + + default: + Flyspray::show_error(17); +} +?> diff --git a/scripts/register.php b/scripts/register.php new file mode 100644 index 0000000..34b62d4 --- /dev/null +++ b/scripts/register.php @@ -0,0 +1,63 @@ +setTitle($fs->prefs['page_title'] . L('registernewuser')); + +if (!$user->isAnon()) { + Flyspray::redirect($baseurl); +} + +if ($user->can_register()) { + // 32 is the length of the magic_url + if (Req::has('magic_url') && strlen(Req::val('magic_url')) == 32) { + // If the user came here from their notification link + $sql = $db->query('SELECT * FROM {registrations} WHERE magic_url = ?', + array(Get::val('magic_url'))); + + if (!$db->countRows($sql)) { + Flyspray::show_error(18); + } + + $page->pushTpl('register.magic.tpl'); + } else { + if($fs->prefs['captcha_securimage']){ + $captchaoptions = array( + 'input_name' => 'captcha_code', + 'show_image_url' => 'securimage.php', + 'show_refresh_button' => false, + 'show_audio_button' => false, + 'disable_flash_fallback' => true + ); + $captcha_securimage_html=Securimage::getCaptchaHtml($captchaoptions); + $page->assign('captcha_securimage_html', $captcha_securimage_html); + } + + $page->pushTpl('register.no-magic.tpl'); + } +} elseif ($user->can_self_register()) { + if($fs->prefs['captcha_securimage']){ + $captchaoptions = array( + 'input_name' => 'captcha_code', + 'show_image_url' => 'securimage.php', + 'show_refresh_button' => false, + 'show_audio_button' => false, + 'disable_flash_fallback' => true, + 'image_attributes' =>array('style'=>'') + ); + $captcha_securimage_html=Securimage::getCaptchaHtml($captchaoptions); + $page->assign('captcha_securimage_html', $captcha_securimage_html); + } + + $page->pushTpl('common.newuser.tpl'); +} else { + Flyspray::show_error(22); +} +?> diff --git a/scripts/reports.php b/scripts/reports.php new file mode 100644 index 0000000..7870291 --- /dev/null +++ b/scripts/reports.php @@ -0,0 +1,122 @@ +perms('view_reports')) { + Flyspray::redirect($baseurl); +} + +require_once(BASEDIR . '/includes/events.inc.php'); +$page->setTitle($fs->prefs['page_title'] . L('reports')); + +/**********************\ +* Event reports * +\**********************/ + +$events = array(1 => L('opened'), + 13 => L('reopened'), + 2 => L('closed'), + 3 => L('edited'), + 14 => L('assignmentchanged'), + 29 => L('events.useraddedtoassignees'), + 4 => L('commentadded'), + 5 => L('commentedited'), + 6 => L('commentdeleted'), + 7 => L('attachmentadded'), + 8 => L('attachmentdeleted'), + 11 => L('relatedadded'), + 12 => L('relateddeleted'), + 9 => L('notificationadded'), + 10 => L('notificationdeleted'), + 17 => L('reminderadded'), + 18 => L('reminderdeleted'), + 15 => L('addedasrelated'), + 16 => L('deletedasrelated'), + 19 => L('ownershiptaken'), + 20 => L('closerequestmade'), + 21 => L('reopenrequestmade'), + 22 => L('depadded'), + 23 => L('depaddedother'), + 24 => L('depremoved'), + 25 => L('depremovedother'), + 28 => L('pmreqdenied'), + 32 => L('subtaskadded'), + 33 => L('subtaskremoved'), + 34 => L('supertaskadded'), + 35 => L('supertaskremoved'), + ); + +// Should events 19, 20, 21, 29 be here instead? +$user_events = array(30 => L('created'), + 31 => L('deleted')); + +$page->assign('events', $events); +$page->assign('user_events', $user_events); +$page->assign('theuser', $user); + +$sort = strtoupper(Req::enum('sort', array('desc', 'asc'))); + +$where = array(); +$params = array(); +$orderby = ''; + +switch (Req::val('order')) { + case 'type': + $orderby = "h.event_type {$sort}, h.event_date {$sort}"; + break; + case 'user': + $orderby = "user_id {$sort}, h.event_date {$sort}"; + break; + case 'date': default: + $orderby = "h.event_date {$sort}, h.event_type {$sort}"; +} + +if( is_array(Req::val('events')) ){ + foreach (Req::val('events') as $eventtype) { + $where[] = 'h.event_type = ?'; + $params[] = $eventtype; + } + $where = '(' . implode(' OR ', $where) . ')'; + + if ($proj->id) { + $where = $where . 'AND (t.project_id = ? OR h.event_type IN(30, 31)) '; + $params[] = $proj->id; + } + + if ( Req::val('fromdate') || Req::val('todate')) { + $where .= ' AND '; + $fromdate = Req::val('fromdate'); + $todate = Req::val('todate'); + + if ($fromdate) { + $where .= ' h.event_date > ?'; + $params[] = Flyspray::strtotime($fromdate) + 0; + } + if ($todate && $fromdate) { + $where .= ' AND h.event_date < ?'; + $params[] = Flyspray::strtotime($todate) + 86400; + } else if ($todate) { + $where .= ' h.event_date < ?'; + $params[] = Flyspray::strtotime($todate) + 86400; + } + } + + $histories = $db->query("SELECT h.* + FROM {history} h + LEFT JOIN {tasks} t ON h.task_id = t.task_id + WHERE $where + ORDER BY $orderby", $params, Req::num('event_number', -1)); + $histories = $db->fetchAllArray($histories); +} + +$page->uses('histories', 'sort'); + +$page->pushTpl('reports.tpl'); +?> diff --git a/scripts/roadmap.php b/scripts/roadmap.php new file mode 100644 index 0000000..709a0a5 --- /dev/null +++ b/scripts/roadmap.php @@ -0,0 +1,84 @@ +id) { + Flyspray::show_error(25); +} + +if ((!$user->isAnon() && !$user->perms('view_roadmap')) || ($user->isAnon() && $proj->prefs['others_viewroadmap'] !=1)) { + # better set redirect to false to avoid endless loops + Flyspray::show_error(28, false); +} else{ + + if($proj->prefs['use_effort_tracking']){ + require_once(BASEDIR . '/includes/class.effort.php'); + } + + + $page->setTitle($fs->prefs['page_title'] . L('roadmap')); + + // Get milestones + $milestones = $db->query('SELECT version_id, version_name + FROM {list_version} + WHERE (project_id = ? OR project_id=0) AND version_tense = 3 + ORDER BY list_position ASC', + array($proj->id)); + + $data = array(); + +while ($row = $db->fetchRow($milestones)) { + // Get all tasks related to a milestone + $all_tasks = $db->query('SELECT percent_complete, is_closed + FROM {tasks} + WHERE closedby_version = ? AND project_id = ?', + array($row['version_id'], $proj->id)); + $all_tasks = $db->fetchAllArray($all_tasks); + + $percent_complete = 0; + foreach($all_tasks as $task) { + if($task['is_closed']) { + $percent_complete += 100; + } else { + $percent_complete += $task['percent_complete']; + } + } + $percent_complete = round($percent_complete/max(count($all_tasks), 1)); + + $tasks = $db->query('SELECT task_id, item_summary, detailed_desc, item_status, task_severity, task_priority, task_type, mark_private, opened_by, content, task_token, t.project_id,estimated_effort + FROM {tasks} t + LEFT JOIN {cache} ca ON (t.task_id = ca.topic AND ca.type = \'rota\' AND t.last_edited_time <= ca.last_updated) + WHERE closedby_version = ? AND t.project_id = ? AND is_closed = 0', + array($row['version_id'], $proj->id)); + $tasks = $db->fetchAllArray($tasks); + + $count = count($tasks); + for ($i = 0; $i < $count; $i++) { + if (!$user->can_view_task($tasks[$i])) { + unset($tasks[$i]); + } + } + + $data[] = array('id' => $row['version_id'], 'open_tasks' => $tasks, 'percent_complete' => $percent_complete, + 'all_tasks' => $all_tasks, 'name' => $row['version_name']); +} # end while + + if (Get::val('txt')) { + $page = new FSTpl; + header('Content-Type: text/plain; charset=UTF-8'); + $page->uses('data', 'page'); + $page->display('roadmap.text.tpl'); + exit(); + } else { + $page->uses('data', 'page'); + $page->pushTpl('roadmap.tpl'); + } + +} # end if allowed roadmap view +?> diff --git a/scripts/toplevel.php b/scripts/toplevel.php new file mode 100644 index 0000000..f370cde --- /dev/null +++ b/scripts/toplevel.php @@ -0,0 +1,103 @@ +id && $user->can_select_project($proj->prefs)) { + $projects = array( + 0 => array( + 'project_id' => $proj->id, + 'project_title' => $proj->prefs['project_title'], + 'project_is_active' => $proj->prefs['project_is_active'] + ) + ); +} else { + $projects = $fs->projects; + # anon users should not see details of a restricted project but anon tasks creation allowed + # but in /index.php we filter now by 'can_select_project', not 'can_view_project' anymore. + $projects= array_filter($projects, array($user, 'can_select_project')); +} + +if(count($projects)>0){ + + $most_wanted = array(); + $stats = array(); + $assigned_to_myself = array(); + $projprefs = array(); + + # Most wanted tasks for each project + foreach ($projects as $project) { + # means 'can view tasks' .. + if($user->can_view_project($project['project_id'])){ + $sql = $db->query('SELECT v.task_id, count(*) AS num_votes + FROM {votes} v + LEFT JOIN {tasks} t ON v.task_id = t.task_id AND t.project_id = ? + WHERE t.is_closed = 0 + GROUP BY v.task_id + ORDER BY num_votes DESC', + array($project['project_id']), 5 + ); + + if ($db->countRows($sql)) { + $most_wanted[$project['project_id']] = $db->fetchAllArray($sql); + } + } + } + + # Project stats + foreach ($projects as $project) { + $sql = $db->query('SELECT count(*) FROM {tasks} WHERE project_id = ?', array($project['project_id'])); + $stats[$project['project_id']]['all'] = $db->fetchOne($sql); + + $sql = $db->query('SELECT count(*) FROM {tasks} WHERE project_id = ? AND is_closed = 0', array($project['project_id'])); + $stats[$project['project_id']]['open'] = $db->fetchOne($sql); + + $sql = $db->query('SELECT avg(percent_complete) FROM {tasks} WHERE project_id = ? AND is_closed = 0', array($project['project_id'])); + $stats[$project['project_id']]['average_done'] = round($db->fetchOne($sql), 0); + + if ($proj->id) { + $prefs = $proj->prefs; + } else { + $currentproj = new Project($project['project_id']); + $prefs = $currentproj->prefs; + } + + $projprefs[$project['project_id']] = $prefs; + + if($user->perms('view_estimated_effort', $project['project_id']) ){ + if ($prefs['use_effort_tracking']) { + $sql = $db->query(' + SELECT t.task_id, t.estimated_effort + FROM {tasks} t + WHERE project_id = ? AND is_closed = 0', + array($project['project_id']) + ); + $stats[$project['project_id']]['tasks'] = $db->fetchAllArray($sql); + } + } + } + + # Assigned to myself + foreach ($projects as $project) { + $sql = $db->query(' + SELECT a.task_id + FROM {assigned} a + LEFT JOIN {tasks} t ON a.task_id = t.task_id AND t.project_id = ? + WHERE t.is_closed = 0 and a.user_id = ?', + array($project['project_id'], $user->id), 5 + ); + if ($db->countRows($sql)) { + $assigned_to_myself[$project['project_id']] = $db->fetchAllArray($sql); + } + } + $page->uses('most_wanted', 'stats', 'projects', 'assigned_to_myself', 'projprefs'); + $page->setTitle($fs->prefs['page_title'] . $proj->prefs['project_title'] . ': ' . L('toplevel')); + $page->pushTpl('toplevel.tpl'); +} else{ + # mmh what we want to show anon users with only the 'create anon task' permission enabled?... +} +?> diff --git a/scripts/user.php b/scripts/user.php new file mode 100644 index 0000000..9993d9a --- /dev/null +++ b/scripts/user.php @@ -0,0 +1,43 @@ +assign('groups', Flyspray::listGroups()); + +if ($proj->id) { + $page->assign('project_groups', Flyspray::listGroups($proj->id)); +} + +$id = Flyspray::validUserId(Get::val('id', Get::val('uid'))); +if (!$id) { + $id = Flyspray::usernameToId(Get::val('user_name')); +} + +$theuser = new User($id); +if ($theuser->isAnon()) { + Flyspray::show_error(19); +} + +// Some possibly interesting information about the user +$sql = $db->query('SELECT count(*) FROM {comments} WHERE user_id = ?', array($theuser->id)); +$page->assign('comments', $db->fetchOne($sql)); + +$sql = $db->query('SELECT count(*) FROM {tasks} WHERE opened_by = ?', array($theuser->id)); +$page->assign('tasks', $db->fetchOne($sql)); + +$sql = $db->query('SELECT count(*) FROM {assigned} WHERE user_id = ?', array($theuser->id)); +$page->assign('assigned', $db->fetchOne($sql)); + +$page->assign('theuser', $theuser); + +$page->setTitle($fs->prefs['page_title'] . L('viewprofile')); +$page->pushTpl('profile.tpl'); + +?> -- cgit v1.2.3-70-g09d2