// | https://www.anuko.com/time_tracker/credits.htm
// +----------------------------------------------------------------------+
-import('ttUser');
import('ttRoleHelper');
// ttAdmin class is used to perform admin tasks.
+// Used as namespace, as it is a collection of static functions that we call
+// from admin pages to administer the site as a whole.
class ttAdmin {
- var $err = null; // Error object, passed to us as reference.
- // We use it to communicate errors to caller.
-
- // Constructor.
- function __construct(&$err = null) {
- $this->err = $err;
- }
-
// getSubgroups rerurns an array of subgroups for a group.
static function getSubgroups($group_id) {
$mdb2 = getConnection();
// Mark group deleted.
global $user;
- $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id);
+ $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id;
$sql = "update tt_groups set status = null $modified_part where id = $group_id";
$affected = $mdb2->exec($sql);
if (is_a($affected, 'PEAR_Error')) return false;
$mdb2 = getConnection();
global $user;
- $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id);
+ $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id;
// Update group name if it changed.
if ($fields['old_group_name'] != $fields['new_group_name']) {
return true;
}
- // validateUserInfo validates account information entered by user.
- function validateUserInfo($fields) {
- global $i18n;
+ // updateSelf updates admin account with new information.
+ static function updateSelf($fields) {
global $user;
- global $auth;
-
- $result = true;
-
- if (!ttValidString($fields['name'])) {
- $this->err->add($i18n->get('error.field'), $i18n->get('label.person_name'));
- $result = false;
- }
- if (!ttValidString($fields['login'])) {
- $this->err->add($i18n->get('error.field'), $i18n->get('label.login'));
- $result = false;
- }
- // If we change login, it must be unique.
- if ($fields['login'] != $user->login) {
- if (ttUserHelper::getUserByLogin($fields['login'])) {
- $this->err->add($i18n->get('error.user_exists'));
- $result = false;
- }
- }
- if (!$auth->isPasswordExternal() && ($fields['password1'] || $fields['password2'])) {
- if (!ttValidString($fields['password1'])) {
- $this->err->add($i18n->get('error.field'), $i18n->get('label.password'));
- $result = false;
- }
- if (!ttValidString($fields['password2'])) {
- $this->err->add($i18n->get('error.field'), $i18n->get('label.confirm_password'));
- $result = false;
- }
- if ($fields['password1'] !== $fields['password2']) {
- $this->err->add($i18n->get('error.not_equal'), $i18n->get('label.password'), $i18n->get('label.confirm_password'));
- $result = false;
- }
- }
- if (!ttValidEmail($fields['email'], true)) {
- $this->err->add($i18n->get('error.field'), $i18n->get('label.email'));
- $result = false;
- }
-
- return $result;
- }
-
- // updateSelf validates user input and updates admin account with new information.
- function updateSelf($fields) {
- if (!$this->validateUserInfo($fields)) return false; // Can't continue as user input is invalid.
-
- global $user;
- global $i18n;
$mdb2 = getConnection();
// Update self.
$password_part = ', password = md5('.$mdb2->quote($fields['password1']).')';
$name_part = ', name = '.$mdb2->quote($fields['name']);
$email_part = ', email = '.$mdb2->quote($fields['email']);
- $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id);
- $sql = 'update tt_users set '.$login_part.$password_part.$name_part.$email_part.$modified_part.'where id = '.$user_id;
+ $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id;
+ $sql = 'update tt_users set '.$login_part.$password_part.$name_part.$email_part.$modified_part.' where id = '.$user_id;
$affected = $mdb2->exec($sql);
- if (is_a($affected, 'PEAR_Error')) {
- $this->err->add($i18n->get('error.db'));
- return false;
- }
-
- return true;
+ return (!is_a($affected, 'PEAR_Error'));
}
// getGroupName obtains group name.
// Add modified info to sql for some tables, depending on table name.
if ($table_name == 'tt_users') {
global $user;
- $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id);
+ $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id;
}
$sql = "update $table_name set status = null $modified_part where group_id = $group_id";
}
// Handle time records.
- $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id);
+ $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id;
if ($delete_client_entries) {
$sql = 'update tt_log set status = NULL'.$modified_part." where client_id = $id";
$affected = $mdb2->exec($sql);
$invoice_id = $fields['invoice_id'];
$status = $fields['status'];
$paid = (int) $fields['paid'];
- $created = ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$mdb2->quote($user->id);
+ $created = ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$user->id;
$sql = "insert into tt_expense_items".
" (date, user_id, group_id, org_id, client_id, project_id, name, cost, invoice_id, paid, created, created_ip, created_by, status)".
if ($user->can('manage_invoices') && $user->isPluginEnabled('ps')) {
$paid_part = $fields['paid'] ? ', paid = 1' : ', paid = 0';
}
- $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id);
+ $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id;
$sql = "UPDATE tt_expense_items set date = ".$mdb2->quote($date).", user_id = $user_id, client_id = ".$mdb2->quote($client_id).
", project_id = ".$mdb2->quote($project_id).", name = ".$mdb2->quote($name).
$values .= ', '.$mdb2->quote($attrs['lock_spec']);
$values .= ', '.(int)$attrs['workday_minutes'];
$values .= ', '.$mdb2->quote($attrs['config']);
- $values .= ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$mdb2->quote($user->id);
+ $values .= ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$user->id;
$values .= ')';
$sql = 'insert into tt_groups '.$columns.$values;
}
// Mark group deleted.
- $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id);
+ $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id;
$sql = "update tt_groups set status = null $modified_part where id = $group_id and org_id = $org_id";
$affected = $mdb2->exec($sql);
if (is_a($affected, 'PEAR_Error')) return false;
// Add modified info to sql for some tables, depending on table name.
if ($table_name == 'tt_users') {
- $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id);
+ $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id;
}
$org_id = $user->org_id; // The only security measure we use here for match.
$values .= ', '.$mdb2->quote($fields['lock_spec']);
$values .= ', '.(int)$fields['workday_minutes'];
$values .= ', '.$mdb2->quote($fields['config']);
- $values .= ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$mdb2->quote($user->id);
+ $values .= ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$user->id;
$values .= ')';
$sql = 'insert into tt_groups '.$columns.$values;
$invoice_id = $fields['invoice_id'];
$status = $fields['status'];
$paid = (int) $fields['paid'];
- $created = ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$mdb2->quote($user->id);
+ $created = ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$user->id;
$sql = "insert into tt_expense_items".
" (date, user_id, group_id, org_id, client_id, project_id, name, cost, invoice_id, paid, created, created_ip, created_by, status)".
", ".$mdb2->quote($invoice_id).
", ".$mdb2->quote($comment).
", $billable, $paid".
- ", now(), ".$mdb2->quote($_SERVER['REMOTE_ADDR']).", ".$mdb2->quote($user->id).
+ ", now(), ".$mdb2->quote($_SERVER['REMOTE_ADDR']).", ".$user->id.
", ". $mdb2->quote($status).")";
$affected = $mdb2->exec($sql);
if (is_a($affected, 'PEAR_Error')) {
if (!$val['id'] || !$val['role_id'])
return false;
- $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id);
+ $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id;
// Promote user.
$sql = "update tt_users set role_id = $user->role_id".$modified_part." where id = $user_id and group_id = $user->group_id";
if ('00:00' == $finish) $finish = '24:00';
}
- $created_v = ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$mdb2->quote($user->id);
+ $created_v = ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$user->id;
if (!$billable) $billable = 0;
if (!$paid) $paid = 0;
if ($user->can('manage_invoices') && $user->isPluginEnabled('ps')) {
$paid_part = $fields['paid'] ? ', paid = 1' : ', paid = 0';
}
- $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id);
+ $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id;
$start = ttTimeHelper::to24HourFormat($start);
$finish = ttTimeHelper::to24HourFormat($finish);
$status_v = ', '.$mdb2->quote($fields['status']);
}
$created_ip_v = ', '.$mdb2->quote($_SERVER['REMOTE_ADDR']);
- $created_by_v = ', '.$mdb2->quote($user->id);
+ $created_by_v = ', '.$user->id;
$sql = "insert into tt_users (name, login, password, group_id, org_id, role_id, client_id, rate, email, created, created_ip, created_by $status_f) values (".
$mdb2->quote($fields['name']).", ".$mdb2->quote($fields['login']).
$status_part = ", status = $status";
}
- $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id);
+ $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id;
$sql = "update tt_users set login = ".$mdb2->quote($fields['login']).
"$pass_part, name = ".$mdb2->quote($fields['name']).
<br>
<table cellspacing="0" cellpadding="4" width="100%" border="0">
<tr>
- <td align="center"> Anuko Time Tracker 1.18.28.4538 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+ <td align="center"> Anuko Time Tracker 1.18.28.4539 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
<a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
<a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
<a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
require_once('initialize.php');
import('form.Form');
import('ttUserHelper');
+import('ttAdmin');
// Access check.
if (!ttAccessAllowed('administer_site')) {
$form->addInput(array('type'=>'submit','name'=>'btn_submit','value'=>$i18n->get('button.submit')));
if ($request->isPost()) {
- // Create fields array for ttAdmin instance.
- $fields = array(
- 'name' => $cl_name,
+ // Validate user input.
+ if (!ttValidString($cl_name))
+ $err->add($i18n->get('error.field'), $i18n->get('label.person_name'));
+ if (!ttValidString($cl_login))
+ $err->add($i18n->get('error.field'), $i18n->get('label.login'));
+ // If we change login, it must be unique.
+ if ($cl_login != $user->login && ttUserHelper::getUserByLogin($cl_login))
+ $err->add($i18n->get('error.user_exists'));
+ if (!$auth->isPasswordExternal() && ($cl_password1 || $cl_password2)) {
+ if (!ttValidString($cl_password1))
+ $err->add($i18n->get('error.field'), $i18n->get('label.password'));
+ if (!ttValidString($cl_password2))
+ $err->add($i18n->get('error.field'), $i18n->get('label.confirm_password'));
+ if ($cl_password1 !== $cl_password2)
+ $err->add($i18n->get('error.not_equal'), $i18n->get('label.password'), $i18n->get('label.confirm_password'));
+ }
+ if (!ttValidEmail($cl_email, true))
+ $err->add($i18n->get('error.field'), $i18n->get('label.email'));
+
+ if ($err->no() && ttAdmin::updateSelf(array('name' => $cl_name,
'login' => $cl_login,
'password1' => $cl_password1,
'password2' => $cl_password2,
- 'email' => $cl_email);
-
- import('ttAdmin');
- $admin = new ttAdmin($err);
- $result = $admin->updateSelf($fields);
- if ($result) {
+ 'email' => $cl_email))) {
header('Location: admin_groups.php');
exit();
}