" . $html . '
';
}
/**
* Format the date to YYYY-mm-dd, format the datetime to YYYY-mm-dd HH:ii:ss.
*
* @param int $date
* @param string $type date|datetime|''
* @access public
* @return string
*/
public function formatDate($date, $type = '')
{
$datePattern = '\w{4}(\/|-)\w{1,2}(\/|-)\w{1,2}';
$datetimePattern = $datePattern . ' \w{1,2}\:\w{1,2}\:\w{1,2}';
if(empty($type))
{
if(!preg_match("/$datePattern/", $date) and !preg_match("/$datetimePattern/", $date)) return $date;
if(preg_match("/$datePattern/", $date) === 1) $type = 'date';
if(preg_match("/$datetimePattern/", $date) === 1) $type = 'datetime';
}
if(helper::isZeroDate($date))
{
if($type == 'date') return '0000-00-00';
if($type == 'datetime') return '0000-00-00 00:00:00';
}
if($type == 'date') $format = 'Y-m-d';
if($type == 'datetime') $format = 'Y-m-d H:i:s';
return date($format, strtotime($date));
}
/**
* Get main nav items list
*
* @param string $moduleName
*
* @static
* @access public
* @return array
*/
public static function getMainNavList($moduleName)
{
global $lang;
global $app;
$app->loadLang('my');
$menuOrder = $lang->mainNav->menuOrder;
ksort($menuOrder);
$items = array();
$lastItem = end($menuOrder);
$printDivider = false;
foreach($menuOrder as $key => $group)
{
$nav = $lang->mainNav->$group;
list($title, $currentModule, $currentMethod, $vars) = explode('|', $nav);
/* When last divider is not used in mainNav, use it next menu. */
$printDivider = ($printDivider or ($lastItem != $key) and strpos($lang->dividerMenu, ",{$group},") !== false) ? true : false;
if($printDivider and !empty($items))
{
$items[] = 'divider';
$printDivider = false;
}
/**
* Judget the module display or not.
*
*/
$display = false;
/* 1. The default rule. */
if(common::hasPriv($currentModule, $currentMethod)) $display = true;
/* 2. If the module is assetLib, need judge more methods. */
if($currentModule == 'assetlib' and $display == false)
{
$methodList = array('caselib', 'issuelib', 'risklib', 'opportunitylib', 'practicelib', 'componentlib');
foreach($methodList as $method)
{
if(common::hasPriv($currentModule, $method))
{
$display = true;
$currentMethod = $method;
break;
}
}
}
/* Check whether other preference item under the module have permissions. If yes, point to other methods. */
$moduleLinkList = $currentModule . 'LinkList';
if(!$display and isset($lang->my->$moduleLinkList))
{
foreach($lang->my->$moduleLinkList as $key => $linkList)
{
$moduleMethodList = explode('-', $key);
$method = $moduleMethodList[1];
if(common::hasPriv($currentModule, $method))
{
$display = true;
$currentMethod = $method;
break;
}
}
}
/* Check whether other methods under the module have permissions. If yes, point to other methods. */
if($display == false and isset($lang->$currentModule->menu) and !in_array($currentModule, array('program', 'product', 'project', 'execution')))
{
foreach($lang->$currentModule->menu as $menu)
{
if(!isset($menu['link'])) continue;
$linkPart = explode('|', $menu['link']);
if(!isset($linkPart[2])) continue;
$method = $linkPart[2];
/* Skip some pages that do not require permissions.*/
if($currentModule == 'report' and $method == 'annualData') continue;
if($currentModule == 'my' and $currentMethod == 'team') continue;
if(common::hasPriv($currentModule, $method))
{
$display = true;
$currentMethod = $method;
if(!isset($menu['target'])) break; // Try to jump to the method without opening a new window.
}
}
}
if(!$display) continue;
/* Assign vars. */
$item = new stdClass();
$item->group = $group;
$item->code = $group;
$item->active = zget($lang->navGroup, $moduleName, '') == $group or $moduleName != 'program' and $moduleName == $group;
$item->title = $title;
$item->moduleName = $currentModule;
$item->methodName = $currentMethod;
$item->vars = $vars;
$isTutorialMode = commonModel::isTutorialMode();
if($isTutorialMode and $currentModule == 'project')
{
if(!empty($vars)) $vars = helper::safe64Encode($vars);
$item->url = helper::createLink('tutorial', 'wizard', "module={$currentModule}&method={$currentMethod}¶ms=$vars", '', 0, 0, 1);
}
else
{
$item->url = helper::createLink($currentModule, $currentMethod, $vars, '', 0, 0, 1);
}
$items[] = $item;
}
/* Fix bug 14574. */
if(end($items) == 'divider') array_pop($items);
return $items;
}
/**
* Print the main menu.
*
* @static
* @access public
* @return string
*/
public static function printMainMenu()
{
global $app, $lang, $config;
/* Set main menu by app tab and module. */
static::replaceMenuLang();
static::setMainMenu();
static::checkMenuVarsReplaced();
$activeMenu = '';
$tab = $app->tab;
$isTutorialMode = commonModel::isTutorialMode();
$currentModule = $app->rawModule;
$currentMethod = $app->rawMethod;
if($isTutorialMode and defined('WIZARD_MODULE')) $currentModule = WIZARD_MODULE;
if($isTutorialMode and defined('WIZARD_METHOD')) $currentMethod = WIZARD_METHOD;
/* Print all main menus. */
$menu = customModel::getMainMenu();
$lastMenu = end($menu);
echo "\n";
return $activeMenu;
}
/**
* Print the search box.
*
* @static
* @access public
* @return void
*/
public static function printSearchBox()
{
global $lang;
global $config;
$searchObject = 'bug';
echo "";
echo html::hidden('searchType', $searchObject);
echo "
';
}
/**
* Print the module menu.
*
* @param string $activeMenu
* @static
* @access public
* @return void
*/
public static function printModuleMenu($activeMenu)
{
global $app, $lang;
$moduleName = $app->rawModule;
$methodName = $app->rawMethod;
$tab = $app->tab;
if(!isset($lang->$tab->menu))
{
echo "- ";
echo '
- ' . html::a(helper::createLink('misc', 'downloadClient', '', '', true), $lang->downloadClient, '', "title='$lang->downloadClient' class='iframe text-ellipsis' data-width='600'") . ' '; echo "
- " . $lang->downloadMobile . "
- ";
/* Intranet users use local pictures. */
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'https://www.zentao.net/page/appqrcode.json');
curl_setopt($curl, CURLOPT_TIMEOUT_MS, 200);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT_MS, 200);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, FALSE);
$connected = curl_exec($curl);
curl_close($curl);
if($connected)
{
echo "
- "; } else { echo "
- EOD; } /** * Build icon button. * * @param string $module * @param string $method * @param string $vars * @param object $object * @param string $type button|list * @param string $icon * @param string $target * @param string $extraClass * @param bool $onlyBody * @param string $misc * @param bool $extraEnabled * @static * @access public * @return void */ public static function buildIconButton($module, $method, $vars = '', $object = '', $type = 'button', $icon = '', $target = '', $extraClass = '', $onlyBody = false, $misc = '', $title = '', $programID = 0, $extraEnabled = '') { if(isonlybody() and strpos($extraClass, 'showinonlybody') === false) return false; /* Remove iframe for operation button in modal. Prevent pop up in modal. */ if(isonlybody() and strpos($extraClass, 'showinonlybody') !== false) $extraClass = str_replace('iframe', '', $extraClass); global $app, $lang, $config; /* Add data-app attribute. */ if(strpos($misc, 'data-app') === false) $misc .= ' data-app="' . $app->tab . '"'; /* Judge the $method of $module clickable or not, default is clickable. */ $clickable = true; if(is_bool($extraEnabled)) { $clickable = $extraEnabled; } else if(is_object($object)) { if($app->getModuleName() != $module) $app->control->loadModel($module); $modelClass = class_exists("ext{$module}Model") ? "ext{$module}Model" : $module . "Model"; if(class_exists($modelClass) and method_exists($modelClass, 'isClickable')) { //$clickable = call_user_func_array(array($modelClass, 'isClickable'), array('object' => $object, 'method' => $method)); // fix bug on php 8.0 link: https://www.php.net/manual/zh/function.call-user-func-array.php#125953 $clickable = call_user_func_array(array($modelClass, 'isClickable'), array($object, $method)); } } /* Set module and method, then create link to it. */ if(strtolower($module) == 'story' and strtolower($method) == 'createcase') ($module = 'testcase') and ($method = 'create'); if(strtolower($module) == 'bug' and strtolower($method) == 'tostory') ($module = 'story') and ($method = 'create'); if(strtolower($module) == 'bug' and strtolower($method) == 'createcase') ($module = 'testcase') and ($method = 'create'); if(!commonModel::hasPriv($module, $method, $object, $vars)) return false; $link = helper::createLink($module, $method, $vars, '', $onlyBody, $programID); /* Set the icon title, try search the $method defination in $module's lang or $common's lang. */ if(empty($title)) { $title = $method; if($method == 'create' and $icon == 'copy') $method = 'copy'; if(isset($lang->$method) and is_string($lang->$method)) $title = $lang->$method; if((isset($lang->$module->$method) or $app->loadLang($module)) and isset($lang->$module->$method)) { $title = $method == 'report' ? $lang->$module->$method->common : $lang->$module->$method; } if($icon == 'toStory') $title = $lang->bug->toStory; if($icon == 'createBug') $title = $lang->testtask->createBug; } /* set the class. */ if(!$icon) { $icon = isset($lang->icons[$method]) ? $lang->icons[$method] : $method; } if(strpos(',edit,copy,report,export,delete,', ",$method,") !== false) $module = 'common'; $class = "icon-$module-$method"; if(!$clickable) $class .= ' disabled'; if($icon) $class .= ' icon-' . $icon; /* Create the icon link. */ if($clickable) { if($app->getViewType() == 'mhtml') { return "$title"; } if($type == 'button') { if($method != 'edit' and $method != 'copy' and $method != 'delete') { return html::a($link, " " . "{$title}", $target, "class='btn btn-link $extraClass' $misc", true); } else { return html::a($link, "", $target, "class='btn btn-link $extraClass' title=\"$title\" $misc", false); } } else { return html::a($link, "", $target, "class='btn $extraClass' title=\"$title\" $misc", false) . "\n"; } } else { if($type == 'list') { return "\n"; } } } /** * Build more executions button. * * @param int $executionID * @static * @access public * @return void */ public static function buildMoreButton($executionID) { if(defined('TUTORIAL')) return; global $lang, $app; $object = $app->dbh->query('SELECT project,type FROM ' . TABLE_EXECUTION . " WHERE `id` = '$executionID'")->fetch(); if(empty($object)) return; $executionPairs = array(); $userCondition = !$app->user->admin ? " AND `id` " . helper::dbIN($app->user->view->sprints) : ''; $orderBy = $object->type == 'stage' ? 'ORDER BY `id` ASC' : 'ORDER BY `id` DESC'; $executionList = $app->dbh->query("SELECT id,name,parent,project FROM " . TABLE_EXECUTION . " WHERE `project` = '{$object->project}' AND `deleted` = '0' $userCondition $orderBy")->fetchAll(); $executions = array(); foreach($executionList as $execution) $executions[$execution->id] = $execution; $executionList = $app->control->loadModel('execution')->resetExecutionSorts($executions); foreach($executionList as $execution) { if(isset($executionPairs[$execution->parent])) unset($executionPairs[$execution->parent]); if($execution->id == $executionID) continue; $executionPairs[$execution->id] = $execution->name; } if(empty($executionPairs)) return; $html = "
v1.2"; } echo ""; echo '- ' . html::a($lang->clientHelpLink, $lang->clientHelp, '', "title='$lang->clientHelp' target='_blank'") . '
'; echo ''; } } /** * Print QR code Link. * * @param string $color * * @static * @access public * @return void */ public static function printQRCodeLink($color = '') { global $lang; echo html::a('javascript:;', "", '', "class='qrCode $color' id='qrcodeBtn' title='{$lang->user->mobileLogin}'"); echo ""; echo ''; echo ''; } /** * Print the link contains orderBy field. * * This method will auto set the orderby param according the params. Fox example, if the order by is desc, * will be changed to asc. * * @param string $fieldName the field name to sort by * @param string $orderBy the order by string * @param string $vars the vars to be passed * @param string $label the label of the link * @param string $module the module name * @param string $method the method name * * @access public * @return void */ public static function printOrderLink($fieldName, $orderBy, $vars, $label, $module = '', $method = '') { global $lang, $app; if(empty($module)) $module = isset($app->rawModule) ? $app->rawModule : $app->getModuleName(); if(empty($method)) $method = isset($app->rawMethod) ? $app->rawMethod : $app->getMethodName(); $className = 'header'; $isMobile = $app->viewType === 'mhtml'; $order = explode('_', $orderBy); $order[0] = trim($order[0], '`'); if($order[0] == $fieldName) { if(isset($order[1]) and $order[1] == 'asc') { $orderBy = "{$order[0]}_desc"; $className = $isMobile ? 'SortUp' : 'sort-up'; } else { $orderBy = "{$order[0]}_asc"; $className = $isMobile ? 'SortDown' : 'sort-down'; } } else { $orderBy = "" . trim($fieldName, '`') . "" . '_' . 'asc'; $className = 'header'; } $params = sprintf($vars, $orderBy); if($app->getModuleName() == 'my' and $app->rawMethod == 'work') $params = "mode={$app->getMethodName()}&" . $params; $link = helper::createLink($module, $method, $params); echo $isMobile ? html::a($link, $label, '', "class='$className' data-app={$app->tab}") : html::a($link, $label, '', "class='$className' data-app={$app->tab}"); } /** * * Print link to an modules' methd. * * Before printing, check the privilege first. If no privilege, return fasle. Else, print the link, return true. * * @param string $module the module name * @param string $method the method * @param string $vars vars to be passed * @param string $label the label of the link * @param string $target the target of the link * @param string $misc others * @param bool $newline * @param bool $onlyBody * @param $object * * @static * @access public * @return bool */ public static function printLink($module, $method, $vars = '', $label = '', $target = '', $misc = '', $newline = true, $onlyBody = false, $object = null) { /* Add data-app attribute. */ global $app, $config; $currentModule = strtolower($module); $currentMethod = strtolower($method); if(strpos($misc, 'data-app') === false) $misc .= ' data-app="' . $app->tab . '"'; if(!commonModel::hasPriv($module, $method, $object, $vars) and !in_array("$currentModule.$currentMethod", $config->openMethods)) return false; echo html::a(helper::createLink($module, $method, $vars, '', $onlyBody), $label, $target, $misc, $newline); return true; } /** * Print icon of split line. * * @static * @access public * @return void */ public static function printDivider() { echo " "; } /** * Print icon of comment. * * @param string $commentFormLink * @param object $object * * @static * @access public * @return mixed */ public static function printCommentIcon($commentFormLink, $object = null) { global $lang; if(!commonModel::hasPriv('action', 'comment', $object)) return false; echo html::commonButton(' ' . $lang->action->create, '', 'btn btn-link pull-right btn-comment'); echo <<{$lang->user->mobileLogin}
- {$lang->more}"; $html .= " \n"; echo $html; } /** * Build devops app button. * * @static * @access public * @return void */ public static function buildAppButton() { if(defined('TUTORIAL')) return; global $app, $config, $lang; $pipelinePairs = array(); $condition = ''; if(!$app->user->admin) { $types = ''; foreach($config->pipelineTypeList as $pipelineType) { if(commonModel::hasPriv($pipelineType, 'browse')) $types .= "'$pipelineType',"; } if(empty($types)) return; $condition .= ' AND `type` in (' . trim($types, ',') . ')'; } $pipelineList = $app->dbh->query("SELECT type,name,url FROM " . TABLE_PIPELINE . " WHERE `deleted` = '0' $condition order by type")->fetchAll(); if(empty($pipelineList)) return; $appCommon = isset($lang->db->custom['devopsMenu']['menu']['app']) ? $lang->db->custom['devopsMenu']['menu']['app'] : $lang->app->common; $html = "
- {$appCommon}"; $html .= " \n"; echo $html; } /** * Print link icon. * * @param string $module * @param string $method * @param string $vars * @param object $object * @param string $type button|list * @param string $icon * @param string $target * @param string $extraClass * @param bool $onlyBody * @param string $misc * @param string $extraEnabled * @static * @access public * @return void */ public static function printIcon($module, $method, $vars = '', $object = '', $type = 'button', $icon = '', $target = '', $extraClass = '', $onlyBody = false, $misc = '', $title = '', $programID = 0, $extraEnabled = '') { echo common::buildIconButton($module, $method, $vars, $object, $type, $icon, $target, $extraClass, $onlyBody, $misc, $title, $programID, $extraEnabled); } /** * Print backLink and preLink and nextLink. * * @param string $backLink * @param object $preAndNext * @param string $linkTemplate * * @static * @access public * @return void */ static public function printRPN($backLink, $preAndNext = '', $linkTemplate = '') { global $lang, $app; if(isonlybody()) return false; $title = $lang->goback . $lang->backShortcutKey; echo html::a($backLink, '', '', "id='back' class='btn' title={$title}"); if(isset($preAndNext->pre) and $preAndNext->pre) { $id = (isset($_SESSION['testcaseOnlyCondition']) and !$_SESSION['testcaseOnlyCondition'] and $app->getModuleName() == 'testcase' and isset($preAndNext->pre->case)) ? 'case' : 'id'; $title = isset($preAndNext->pre->title) ? $preAndNext->pre->title : $preAndNext->pre->name; $title = '#' . $preAndNext->pre->$id . ' ' . $title . ' ' . $lang->preShortcutKey; $link = $linkTemplate ? sprintf($linkTemplate, $preAndNext->pre->$id) : inLink('view', "ID={$preAndNext->pre->$id}"); echo html::a($link, '', '', "id='pre' class='btn' title='{$title}'"); } if(isset($preAndNext->next) and $preAndNext->next) { $id = (isset($_SESSION['testcaseOnlyCondition']) and !$_SESSION['testcaseOnlyCondition'] and $app->getModuleName() == 'testcase' and isset($preAndNext->next->case)) ? 'case' : 'id'; $title = isset($preAndNext->next->title) ? $preAndNext->next->title : $preAndNext->next->name; $title = '#' . $preAndNext->next->$id . ' ' . $title . ' ' . $lang->nextShortcutKey; $link = $linkTemplate ? sprintf($linkTemplate, $preAndNext->next->$id) : inLink('view', "ID={$preAndNext->next->$id}"); echo html::a($link, '', '', "id='next' class='btn' title='$title'"); } } /** * Print back link * * @param string $backLink * @param string $class * @param string $misc * @static * @access public * @return void */ static public function printBack($backLink, $class = '', $misc = '') { global $lang, $app; if(isonlybody()) return false; if(empty($class)) $class = 'btn'; $title = $lang->goback . $lang->backShortcutKey; echo html::a($backLink, ' ' . $lang->goback, '', "id='back' class='{$class}' title={$title} $misc"); } /** * Print pre and next link * * @param string $preAndNext * @param string $linkTemplate * @static * @access public * @return void */ public static function printPreAndNext($preAndNext = '', $linkTemplate = '') { global $lang, $app; if(isonlybody()) return false; $moduleName = ($app->getModuleName() == 'story' and $app->tab == 'project') ? 'projectstory' : $app->getModuleName(); echo "'; } /** * Create changes of one object. * * @param mixed $old the old object * @param mixed $new the new object * @param string $moduleName * @static * @access public * @return array */ public static function createChanges($old, $new, $moduleName = '') { global $app, $config; /** * 当主状态改变并且未设置子状态的值时把子状态的值设置为默认值并记录日志。 * Change sub status when status is changed and sub status is not set, and record the changes. */ if($config->edition != 'open') { $oldID = zget($old, 'id', ''); $oldStatus = zget($old, 'status', ''); $newStatus = zget($new, 'status', ''); $newSubStatus = zget($new, 'subStatus', ''); if(empty($moduleName)) $moduleName = $app->getModuleName(); if($oldID and $oldStatus and $newStatus and !$newSubStatus and $oldStatus != $newStatus) { $field = $app->dbh->query('SELECT options FROM ' . TABLE_WORKFLOWFIELD . " WHERE `module` = '$moduleName' AND `field` = 'subStatus'")->fetch(); if(!empty($field->options)) $field->options = json_decode($field->options, true); if(!empty($field->options[$newStatus]['default'])) { $flow = $app->dbh->query('SELECT `table` FROM ' . TABLE_WORKFLOW . " WHERE `module`='$moduleName'")->fetch(); $default = $field->options[$newStatus]['default']; $app->dbh->exec("UPDATE `$flow->table` SET `subStatus` = '$default' WHERE `id` = '$oldID'"); $new->subStatus = $default; } } $dateFields = array(); $sql = "SELECT `field` FROM " . TABLE_WORKFLOWFIELD . " WHERE `module` = '{$moduleName}' and `control` in ('date', 'datetime')"; $stmt = $app->dbh->query($sql); while($row = $stmt->fetch()) $dateFields[$row->field] = $row->field; } $changes = array(); foreach($new as $key => $value) { if(is_object($value) or is_array($value)) continue; if(strtolower($key) == 'lastediteddate') continue; if(strtolower($key) == 'lasteditedby') continue; if(strtolower($key) == 'assigneddate') continue; if(strtolower($key) == 'editedby') continue; if(strtolower($key) == 'editeddate') continue; if(strtolower($key) == 'uid') continue; if(strtolower($key) == 'finisheddate' and $value == '') continue; if(strtolower($key) == 'canceleddate' and $value == '') continue; if(strtolower($key) == 'hangupeddate' and $value == '') continue; if(strtolower($key) == 'lastcheckeddate' and $value == '') continue; if(strtolower($key) == 'activateddate' and $value == '') continue; if(strtolower($key) == 'closeddate' and $value == '') continue; if(strtolower($key) == 'actualcloseddate' and $value == '') continue; if(isset($old->$key)) { if($config->edition != 'open' && isset($dateFields[$key])) $old->$key = formatTime($old->$key); if($value != stripslashes($old->$key)) { $diff = ''; if(substr_count($value, "\n") > 1 or substr_count($old->$key, "\n") > 1 or strpos('name,title,desc,spec,steps,content,digest,verify,report,definition,analysis,summary,prevention,resolution,outline,schedule,minutes', strtolower($key)) !== false) { $diff = commonModel::diff($old->$key, $value); } $changes[] = array('field' => $key, 'old' => $old->$key, 'new' => $value, 'diff' => $diff); } } } return $changes; } /** * Diff two string. (see phpt) * * @param string $text1 * @param string $text2 * @static * @access public * @return string */ public static function diff($text1, $text2) { $text1 = str_replace(' ', '', trim($text1)); $text2 = str_replace(' ', '', trim($text2)); $w = explode("\n", $text1); $o = explode("\n", $text2); $w1 = array_diff_assoc($w,$o); $o1 = array_diff_assoc($o,$w); $w2 = array(); $o2 = array(); foreach($w1 as $idx => $val) $w2[sprintf("%03d<",$idx)] = sprintf("%03d- ", $idx+1) . "
" . trim($val) . ""; foreach($o1 as $idx => $val) $o2[sprintf("%03d>",$idx)] = sprintf("%03d+ ", $idx+1) . "" . trim($val) . ""; $diff = array_merge($w2, $o2); ksort($diff); return implode("\n", $diff); } /** * Judge Suhosin Setting whether the actual size of post data is large than the setting size. * * @param int $countInputVars * @static * @access public * @return bool */ public static function judgeSuhosinSetting($countInputVars) { if(extension_loaded('suhosin')) { $maxPostVars = ini_get('suhosin.post.max_vars'); $maxRequestVars = ini_get('suhosin.request.max_vars'); if($countInputVars > $maxPostVars or $countInputVars > $maxRequestVars) return true; } else { $maxInputVars = ini_get('max_input_vars'); if($maxInputVars and $countInputVars > (int)$maxInputVars) return true; } return false; } /** * Get the previous and next object. * * @param string $type story|task|bug|case * @param string $objectID * @access public * @return void */ public function getPreAndNextObject($type, $objectID) { /* Get SQL. */ $queryCondition = $type . 'QueryCondition'; $typeOnlyCondition = $type . 'OnlyCondition'; $queryCondition = $this->session->$queryCondition; $preAndNextObject = new stdClass(); $preAndNextObject->pre = ''; $preAndNextObject->next = ''; if(empty($queryCondition)) return $preAndNextObject; $table = $this->config->objectTables[$type]; $orderBy = $type . 'OrderBy'; $orderBy = $this->session->$orderBy; $select = ''; if($this->session->$typeOnlyCondition) { if(strpos($orderBy, 'priOrder') !== false) $select .= ", IF(`pri` = 0, {$this->config->maxPriValue}, `pri`) as priOrder"; if(strpos($orderBy, 'severityOrder') !== false) $select .= ", IF(`severity` = 0, {$this->config->maxPriValue}, `severity`) as severityOrder"; $queryCondition = str_replace('t4.status', 'status', $queryCondition); $sql = $this->dao->select("*$select")->from($table) ->where($queryCondition) ->beginIF($orderBy != false)->orderBy($orderBy)->fi() ->get(); } else { $sql = $queryCondition . (empty($orderBy) ? '' : " ORDER BY $orderBy"); } /* Get objectIDList. */ $objectIdListKey = $type . 'BrowseList'; $existsObjectList = $this->session->$objectIdListKey; if(empty($existsObjectList) or $existsObjectList['sql'] != $sql) { $queryObjects = $this->dao->query($sql); $objectList = array(); $key = 'id'; while($object = $queryObjects->fetch()) { if(!$this->session->$typeOnlyCondition and $type == 'testcase' and isset($object->case)) $key = 'case'; $id = $object->$key; $objectList[$id] = $id; } $this->session->set($objectIdListKey, array('sql' => $sql, 'idkey' => $key, 'objectList' => $objectList), $this->app->tab); $existsObjectList = $this->session->$objectIdListKey; } $preObj = false; if(isset($existsObjectList['objectList'])) { foreach($existsObjectList['objectList'] as $id) { /* Get next object. */ if($preObj === true) { $preAndNextObject->next = $id; break; } /* Get pre object. */ if($id == $objectID) { if($preObj) $preAndNextObject->pre = $preObj; $preObj = true; } if($preObj !== true) $preObj = $id; } if(empty($queryCondition) or $this->session->$typeOnlyCondition) { if(!empty($preAndNextObject->pre)) $preAndNextObject->pre = $this->dao->select('*')->from($table)->where('id')->eq($preAndNextObject->pre)->fetch(); if(!empty($preAndNextObject->next)) $preAndNextObject->next = $this->dao->select('*')->from($table)->where('id')->eq($preAndNextObject->next)->fetch(); } else { $isObject = false; $objects = array(); $key = $existsObjectList['idkey']; $queryObjects = $this->dao->query($existsObjectList['sql']); while($object = $queryObjects->fetch()) { $objects[$object->$key] = $object; if(!empty($preAndNextObject->pre) and is_numeric($preAndNextObject->pre) and $object->$key == $preAndNextObject->pre) $preAndNextObject->pre = $object; if(!empty($preAndNextObject->next) and is_numeric($preAndNextObject->next) and $object->$key == $preAndNextObject->next) $preAndNextObject->next = $object; if((empty($preAndNextObject->pre) or is_object($preAndNextObject->pre)) and (empty($preAndNextObject->next) or is_object($preAndNextObject->next))) { $isObject = true; break; } } /* If the pre object or next object is number type, then continue to find the pre or next. */ if(!$isObject) { $objectIdList = array_keys($objects); $objectIdIndex = array_search($objectID, $objectIdList); if(is_numeric($preAndNextObject->pre)) { $preAndNextObject->pre = $objectIdIndex - 1 >= 0 ? $objects[$objectIdList[$objectIdIndex - 1]] : ''; } if(is_numeric($preAndNextObject->next)) { $preAndNextObject->next = $objectIdIndex + 1 < count($objectIdList) ? $objects[$objectIdList[$objectIdIndex + 1]] : ''; } } } } return $preAndNextObject; } /** * Save one executed query. * * @param string $sql * @param string $objectType story|task|bug|testcase * @access public * @return void */ public function saveQueryCondition($sql, $objectType, $onlyCondition = true) { /* Set the query condition session. */ if($onlyCondition) { $queryCondition = explode(' WHERE ', $sql); $queryCondition = isset($queryCondition[1]) ? $queryCondition[1] : ''; if($queryCondition) { $queryCondition = explode(' ORDER BY ', $queryCondition); $queryCondition = str_replace('t1.', '', $queryCondition[0]); } } else { $queryCondition = explode(' ORDER BY ', $sql); $queryCondition = $queryCondition[0]; } $queryCondition = trim($queryCondition); if(empty($queryCondition)) $queryCondition = "1=1"; $this->session->set($objectType . 'QueryCondition', $queryCondition, $this->app->tab); $this->session->set($objectType . 'OnlyCondition', $onlyCondition, $this->app->tab); /* Set the query condition session. */ $orderBy = explode(' ORDER BY ', $sql); $orderBy = isset($orderBy[1]) ? $orderBy[1] : ''; if($orderBy) { $orderBy = explode(' LIMIT ', $orderBy); $orderBy = $orderBy[0]; if($onlyCondition) $orderBy = str_replace('t1.', '', $orderBy); } $this->session->set($objectType . 'OrderBy', $orderBy, $this->app->tab); $this->session->set($objectType . 'BrowseList', array(), $this->app->tab); } /** * Remove duplicate for story, task, bug, case, doc. * * @param string $type e.g. story task bug case doc. * @param array|object $data * @param string $condition * @access public * @return array */ public function removeDuplicate($type, $data = '', $condition = '') { $table = $this->config->objectTables[$type]; $titleField = $type == 'task' ? 'name' : 'title'; $date = date(DT_DATETIME1, time() - $this->config->duplicateTime); $dateField = $type == 'doc' ? 'addedDate' : 'openedDate'; $titles = $data->$titleField; if(empty($titles)) return false; $duplicate = $this->dao->select("id,$titleField")->from($table) ->where('deleted')->eq(0) ->andWhere($titleField)->in($titles) ->andWhere($dateField)->ge($date)->fi() ->beginIF($condition)->andWhere($condition)->fi() ->fetchPairs(); if($duplicate and is_string($titles)) return array('stop' => true, 'duplicate' => key($duplicate)); if($duplicate and is_array($titles)) { foreach($titles as $i => $title) { if(in_array($title, $duplicate)) unset($titles[$i]); } $data->$titleField = $titles; } return array('stop' => false, 'data' => $data); } /** * Append order by. * * @param string $orderBy * @param string $append * @access public * @return string */ public static function appendOrder($orderBy, $append = 'id') { if(empty($orderBy)) return $append; list($firstOrder) = explode(',', $orderBy); $sort = strpos($firstOrder, '_') === false ? '_asc' : strstr($firstOrder, '_'); return strpos($orderBy, $append) === false ? $orderBy . ',' . $append . $sort : $orderBy; } /** * Check field exists * * @param string $table * @param string $field * @access public * @return bool */ public function checkField($table, $field) { $fields = $this->dao->query("DESC $table")->fetchAll(); $hasField = false; foreach($fields as $fieldObj) { if($field == $fieldObj->Field) { $hasField = true; break; } } return $hasField; } /** * Check safe file. * * @access public * @return string|false */ public function checkSafeFile() { if($this->app->isContainer()) return false; if($this->app->getModuleName() == 'upgrade' and $this->session->upgrading) return false; $statusFile = $this->app->getAppRoot() . 'www' . DIRECTORY_SEPARATOR . 'data' . DIRECTORY_SEPARATOR . 'ok.txt'; return (!is_file($statusFile) or (time() - filemtime($statusFile)) > $this->config->safeFileTimeout) ? $statusFile : false; } /** * Check upgrade's status file is ok or not. * * @access public * @return bool */ public function checkUpgradeStatus() { $statusFile = $this->checkSafeFile(); if($statusFile) { $this->app->loadLang('upgrade'); $cmd = strtoupper(substr(PHP_OS, 0, 3)) === 'WIN' ? $this->lang->upgrade->createFileWinCMD : $this->lang->upgrade->createFileLinuxCMD; $cmd = sprintf($cmd, $statusFile); echo ""; echo "
'; return false; } return true; } /** * Check the user has permission to access this method, if not, locate to the login page or deny page. * * @access public * @return void */ public function checkPriv() { try { $module = $this->app->getModuleName(); $method = $this->app->getMethodName(); if($this->app->isFlow) { $module = $this->app->rawModule; $method = $this->app->rawMethod; } $beforeValidMethods = array( 'user' => array('deny', 'logout'), 'my' => array('changepassword'), 'message' => array('ajaxgetmessage'), ); if(!empty($this->app->user->modifyPassword) and (!isset($beforeValidMethods[$module]) or !in_array($method, $beforeValidMethods[$module]))) return print(js::locate(helper::createLink('my', 'changepassword'))); if(!$this->loadModel('user')->isLogon() and $this->server->php_auth_user) $this->user->identifyByPhpAuth(); if(!$this->loadModel('user')->isLogon() and $this->cookie->za) $this->user->identifyByCookie(); if($this->isOpenMethod($module, $method)) return true; if(isset($this->app->user)) { if($this->app->tab == 'project') { $this->resetProjectPriv(); if(commonModel::hasPriv($module, $method)) return true; } $this->app->user = $this->session->user; if(!commonModel::hasPriv($module, $method)) { if($module == 'story' and !empty($this->app->params['storyType']) and strpos(",story,requirement,", ",{$this->app->params['storyType']},") !== false) $module = $this->app->params['storyType']; $this->deny($module, $method); } } else { $uri = $this->app->getURI(true); if($module == 'message' and $method == 'ajaxgetmessage') { $uri = helper::createLink('my'); } elseif(helper::isAjaxRequest()) { die(json_encode(array('result' => false, 'message' => $this->lang->error->loginTimeout))); // Fix bug #14478. } $referer = helper::safe64Encode($uri); die(js::locate(helper::createLink('user', 'login', "referer=$referer"))); } } catch(EndResponseException $endResponseException) { die($endResponseException->getContent()); } } /** * Check current page whether is in iframe. If it is not iframe and not allowed to open independently, then redirect to index to open it in iframe * * @access public * @return void */ public function checkIframe() { if($this->app->getViewType() != 'html' or helper::isAjaxRequest() or isset($_GET['_single'])) return; if(isset($_SERVER['HTTP_SEC_FETCH_DEST']) and $_SERVER['HTTP_SEC_FETCH_DEST'] == 'iframe') { return; } elseif((isset($_SERVER['HTTP_REFERER']) and !empty($_SERVER['HTTP_REFERER'])) or strpos(strtolower($_SERVER['HTTP_USER_AGENT']), 'safari') !== false) { return; } $module = $this->app->getModuleName(); $method = $this->app->getMethodName(); if($module == 'index' or $module == 'tutorial' or $module == 'install' or $module == 'upgrade' or $module == 'sso' or ($module == 'user' and strpos('|login|deny|logout|reset|forgetpassword|resetpassword|', "|{$method}|") !== false) or ($module == 'my' and strpos('|changepassword|preference|', "|{$method}|") !== false) or ($module == 'file' and strpos('|read|download|uploadimages|ajaxwopifiles|', "|{$method}|") !== false) or ($module == 'report' && $method == 'annualdata') or ($module == 'misc' && $method == 'captcha') or ($module == 'bug' && $method == 'create') or ($module == 'execution' and $method == 'printkanban') or ($module == 'traincourse' and $method == 'ajaxuploadlargefile') or ($module == 'traincourse' and $method == 'playvideo')) { return; } $url = helper::safe64Encode($_SERVER['REQUEST_URI']); $redirectUrl = helper::createLink('index', 'index'); $redirectUrl .= strpos($redirectUrl, '?') === false ? "?open=$url" : "&open=$url"; die(header("location: $redirectUrl")); } /** * Check the user has permisson of one method of one module. * * @param string $module * @param string $method * @param object $object * @param string $vars * @static * @access public * @return bool */ public static function hasPriv($module, $method, $object = null, $vars = '') { global $app, $lang; $module = strtolower($module); $method = strtolower($method); parse_str($vars, $params); if(empty($params['storyType']) and $module == 'story' and !empty($app->params['storyType']) and strpos(",story,requirement,", ",{$app->params['storyType']},") !== false) $module = $app->params['storyType']; if($module == 'story' and !empty($params['storyType']) and strpos(",story,requirement,", ",{$params['storyType']},") !== false) $module = $params['storyType']; if($module == 'product' and $method == 'browse' and !empty($app->params['storyType']) and $app->params['storyType'] == 'requirement') $method = 'requirement'; if($module == 'product' and $method == 'browse' and !empty($params['storyType']) and $params['storyType'] == 'requirement') $method = 'requirement'; if($module == 'story' and $method == 'linkrequirements') $module = 'requirement'; /* If the user is doing a tutorial, have all tutorial privs. */ if(defined('TUTORIAL')) { $app->loadLang('tutorial'); foreach($lang->tutorial->tasks as $task) { if($task['nav']['module'] == $module and $task['nav']['method'] = $method) return true; } } /* Check the parent object is closed. */ if(!empty($method) and strpos('close|batchclose', $method) === false and !commonModel::canBeChanged($module, $object)) return false; /* Check is the super admin or not. */ if(!empty($app->user->admin) or strpos($app->company->admins, ",{$app->user->account},") !== false) return true; /* If is the program/project/product/execution admin, have all program privs. */ if($app->config->vision != 'lite') { $inProject = (isset($lang->navGroup->$module) and $lang->navGroup->$module == 'project'); if($inProject and $app->session->project and (strpos(",{$app->user->rights['projects']},", ",{$app->session->project},") !== false or strpos(",{$app->user->rights['projects']},", ',all,') !== false)) return true; $inProduct = (isset($lang->navGroup->$module) and $lang->navGroup->$module == 'product'); if($inProduct and $app->session->product and (strpos(",{$app->user->rights['products']},", ",{$app->session->product},") !== false or strpos(",{$app->user->rights['products']},", ',all,') !== false)) return true; $inProgram = (isset($lang->navGroup->$module) and $lang->navGroup->$module == 'program'); if($inProgram and $app->session->program and (strpos(",{$app->user->rights['programs']},", ",{$app->session->program},") !== false or strpos(",{$app->user->rights['programs']},", ',all,') !== false)) return true; $inExecution = (isset($lang->navGroup->$module) and $lang->navGroup->$module == 'execution'); if($inExecution and $app->session->execution and (strpos(",{$app->user->rights['executions']},", ",{$app->session->execution},") !== false or strpos(",{$app->user->rights['executions']},", ',all,') !== false)) return true; } /* If not super admin, check the rights. */ $rights = $app->user->rights['rights']; $acls = $app->user->rights['acls']; /* White list of import method. */ if(in_array($module, $app->config->importWhiteList) and $method == 'showimport') { if(isset($rights[$module]['import']) and commonModel::hasDBPriv($object, $module, 'import')) return true; } if(isset($rights[$module][$method])) { if(!commonModel::hasDBPriv($object, $module, $method)) return false; if(empty($acls['views'])) return true; $menu = isset($lang->navGroup->$module) ? $lang->navGroup->$module : $module; if($module == 'my' and $method == 'team') $menu = 'system'; // Fix bug #18642. $menu = strtolower($menu); if($menu != 'qa' and !isset($lang->$menu->menu)) return true; if(($menu == 'my' and $method != 'team')or $menu == 'index' or $module == 'tree') return true; if($module == 'company' and $method == 'dynamic') return true; if($module == 'action' and $method == 'editcomment') return true; if($module == 'action' and $method == 'comment') return true; if($module == 'report' and $method == 'export') return true; if(!isset($acls['views'][$menu])) return false; return true; } return false; } /** * Reset project priv. * * @param int $projectID * @access public * @return void */ public function resetProjectPriv($projectID = 0) { /* Get user program priv. */ if(empty($projectID) and $this->session->project) $projectID = $this->session->project; if(empty($projectID)) return; $program = $this->dao->findByID($projectID)->from(TABLE_PROJECT)->fetch(); if(empty($program)) return; $programRights = $this->dao->select('t3.module, t3.method')->from(TABLE_GROUP)->alias('t1') ->leftJoin(TABLE_USERGROUP)->alias('t2')->on('t1.id = t2.`group`') ->leftJoin(TABLE_GROUPPRIV)->alias('t3')->on('t2.`group`=t3.`group`') ->where('t1.project')->eq($program->id) ->andWhere('t2.account')->eq($this->app->user->account) ->fetchAll(); /* Group priv by module the same as rights. */ $programRightGroup = array(); foreach($programRights as $programRight) $programRightGroup[strtolower($programRight->module)][strtolower($programRight->method)] = 1; /* Reset priv by program privway. */ $this->app->user = clone $_SESSION['user']; $rights = $this->app->user->rights['rights']; if($this->app->user->account == $program->openedBy or $this->app->user->account == $program->PM) $program->auth = 'extend'; if($program->auth == 'extend') $this->app->user->rights['rights'] = array_merge_recursive($programRightGroup, $rights); if($program->auth == 'reset') { /* If priv way is reset, unset common program priv, and cover by program priv. */ $projectPrivs = $this->loadModel('project')->processProjectPrivs($program->multiple ? $program->model : 'noSprint'); foreach($projectPrivs as $module => $methods) { foreach($methods as $method => $label) { $module = strtolower($module); $method = strtolower($method); if(isset($rights[$module][$method])) unset($rights[$module][$method]); } } $recomputedRights = array_merge($rights, $programRightGroup); /* Set base priv for project. */ $projectRights = zget($this->app->user->rights['rights'], 'project', array()); if(isset($projectRights['browse']) and !isset($recomputedRights['project']['browse'])) $recomputedRights['project']['browse'] = 1; if(isset($projectRights['kanban']) and !isset($recomputedRights['project']['kanban'])) $recomputedRights['project']['kanban'] = 1; if(isset($projectRights['index']) and !isset($recomputedRights['project']['index'])) $recomputedRights['project']['index'] = 1; $this->app->user->rights['rights'] = $recomputedRights; } } /** * Check db priv. * * @param object $object * @param string $module * @param string $method * @static * @access public * @return void */ public static function hasDBPriv($object, $module = '', $method = '') { global $app; if(!empty($app->user->admin)) return true; if($module == 'todo' and ($method == 'create' or $method == 'batchcreate')) return true; if($module == 'effort' and ($method == 'batchcreate' or $method == 'createforobject')) return true; /* Limited execution. */ $limitedExecution = false; if(!empty($module) and in_array($module, array('task', 'story')) and !empty($object->execution) or !empty($module) and $module == 'execution' and !empty($object->id) ) { $objectID = ''; if($module == 'execution' and !empty($object->id)) $objectID = $object->id; if(in_array($module, array('task', 'story')) and !empty($object->execution)) $objectID = $object->execution; $limitedExecutions = !empty($_SESSION['limitedExecutions']) ? $_SESSION['limitedExecutions'] : ''; if($objectID and strpos(",{$limitedExecutions},", ",$objectID,") !== false) $limitedExecution = true; } if(empty($app->user->rights['rights']['my']['limited']) and !$limitedExecution) return true; if(!empty($method) and strpos($method, 'batch') === 0) return false; if(!empty($method) and strpos($method, 'link') === 0) return false; if(!empty($method) and strpos($method, 'create') === 0) return false; if(!empty($method) and strpos($method, 'import') === 0) return false; if(empty($object)) return true; if(!empty($object->openedBy) and $object->openedBy == $app->user->account or !empty($object->addedBy) and $object->addedBy == $app->user->account or !empty($object->account) and $object->account == $app->user->account or !empty($object->assignedTo) and $object->assignedTo == $app->user->account or !empty($object->finishedBy) and $object->finishedBy == $app->user->account or !empty($object->canceledBy) and $object->canceledBy == $app->user->account or !empty($object->closedBy) and $object->closedBy == $app->user->account or !empty($object->lastEditedBy) and $object->lastEditedBy == $app->user->account) { return true; } return false; } /** * Check whether IP in white list. * * @param string $ipWhiteList * @access public * @return bool */ public function checkIP($ipWhiteList = '') { $ip = helper::getRemoteIp(); if(!$ipWhiteList) $ipWhiteList = $this->config->ipWhiteList; /* If the ip white list is '*'. */ if($ipWhiteList == '*') return true; /* The ip is same as ip in white list. */ if($ip == $ipWhiteList) return true; /* If the ip in white list is like 192.168.1.1,192.168.1.10. */ if(strpos($ipWhiteList, ',') !== false) { $ipArr = explode(',', $ipWhiteList); foreach($ipArr as $ipRule) { if($this->checkIP($ipRule)) return true; } return false; } /* If the ip in white list is like 192.168.1.1-192.168.1.10. */ if(strpos($ipWhiteList, '-') !== false) { list($min, $max) = explode('-', $ipWhiteList); $min = ip2long(trim($min)); $max = ip2long(trim($max)); $ip = ip2long(trim($ip)); return $ip >= $min and $ip <= $max; } /* If the ip in white list is like 192.168.1.*. */ if(strpos($ipWhiteList, '*') !== false) { $regCount = substr_count($ipWhiteList, '.'); if($regCount == 3) { $min = str_replace('*', '0', $ipWhiteList); $max = str_replace('*', '255', $ipWhiteList); } elseif($regCount == 2) { $min = str_replace('*', '0.0', $ipWhiteList); $max = str_replace('*', '255.255', $ipWhiteList); } elseif($regCount == 1) { $min = str_replace('*', '0.0.0', $ipWhiteList); $max = str_replace('*', '255.255.255', $ipWhiteList); } $min = ip2long(trim($min)); $max = ip2long(trim($max)); $ip = ip2long(trim($ip)); return ($ip >= $min and $ip <= $max); } /* If the ip in white list is in IP/CIDR format eg 127.0.0.1/24. Thanks to zcat. */ if(strpos($ipWhiteList, '/') == false) $ipWhiteList .= '/32'; list($ipWhiteList, $netmask) = explode('/', $ipWhiteList, 2); $ip = ip2long($ip); $ipWhiteList = ip2long($ipWhiteList); $wildcard = pow(2, (32 - $netmask)) - 1; $netmask = ~ $wildcard; return (($ip & $netmask) == ($ipWhiteList & $netmask)); } /** * Get the full url of the system. * * @access public * @return string */ public static function getSysURL() { $httpType = (isset($_SERVER["HTTPS"]) and $_SERVER["HTTPS"] == 'on') ? 'https' : 'http'; if(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) and strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https') $httpType = 'https'; if(isset($_SERVER['REQUEST_SCHEME']) and strtolower($_SERVER['REQUEST_SCHEME']) == 'https') $httpType = 'https'; $httpHost = $_SERVER['HTTP_HOST']; return "$httpType://$httpHost"; } /** * Check whether view type is tutorial * @access public * @return boolean */ public static function isTutorialMode() { return (isset($_SESSION['tutorialMode']) and $_SESSION['tutorialMode']); } /** * Convert items to Pinyin. * * @param array $items * @static * @access public * @return array */ public static function convert2Pinyin($items) { global $app; static $allConverted = array(); static $pinyin; if(empty($pinyin)) $pinyin = $app->loadClass('pinyin'); $sign = ' aNdAnD '; $notConvertedItems = array_diff($items, array_keys($allConverted)); if($notConvertedItems) { $convertedPinYin = $pinyin->romanize(join($sign, $notConvertedItems)); $itemsPinYin = explode(trim($sign), $convertedPinYin); foreach($notConvertedItems as $item) { $itemPinYin = array_shift($itemsPinYin); $wordsPinYin = explode("\t", trim($itemPinYin)); $abbr = ''; foreach($wordsPinYin as $i => $wordPinyin) { if($wordPinyin) { $letter = $wordPinyin[0]; if(preg_match('/\w/', $letter)) $abbr .= $letter; } } $allConverted[$item] = mb_strtolower(join($wordsPinYin) . ' ' . $abbr); } } $convertedItems = array(); foreach($items as $item) $convertedItems[$item] = zget($allConverted, $item, null); return $convertedItems; } /** * Check an entry of new API. * * @access public * @return void */ private function checkNewEntry() { $entry = $this->loadModel('entry')->getByKey(session_id()); if(!$entry or !$entry->account or !$this->checkIP($entry->ip)) return false; $user = $this->dao->findByAccount($entry->account)->from(TABLE_USER)->andWhere('deleted')->eq(0)->fetch(); if(!$user) return false; $user->last = time(); $user->rights = $this->loadModel('user')->authorize($user->account); $user->groups = $this->user->getGroups($user->account); $user->view = $this->user->grantUserView($user->account, $user->rights['acls']); $user->admin = strpos($this->app->company->admins, ",{$user->account},") !== false; $this->session->set('user', $user); $this->app->user = $user; } /** * Check an entry. * * @access public * @return void */ public function checkEntry() { /* if the API is new version, goto checkNewEntry. */ if($this->app->version) return $this->checkNewEntry(); /* Old version. */ if(!isset($_GET[$this->config->moduleVar]) or !isset($_GET[$this->config->methodVar])) $this->response('EMPTY_ENTRY'); if($this->isOpenMethod($_GET[$this->config->moduleVar], $_GET[$this->config->methodVar])) return true; if(!$this->get->code) $this->response('PARAM_CODE_MISSING'); if(!$this->get->token) $this->response('PARAM_TOKEN_MISSING'); $entry = $this->loadModel('entry')->getByCode($this->get->code); if(!$entry) $this->response('EMPTY_ENTRY'); if(!$entry->key) $this->response('EMPTY_KEY'); if(!$this->checkIP($entry->ip)) $this->response('IP_DENIED'); if(!$this->checkEntryToken($entry)) $this->response('INVALID_TOKEN'); if($entry->freePasswd == 0 and empty($entry->account)) $this->response('ACCOUNT_UNBOUND'); $isFreepasswd = ($_GET['m'] == 'user' and strtolower($_GET['f']) == 'apilogin' and $_GET['account'] and $entry->freePasswd); if($isFreepasswd) $entry->account = $_GET['account']; $user = $this->dao->findByAccount($entry->account)->from(TABLE_USER)->andWhere('deleted')->eq(0)->fetch(); if(!$user) $this->response('INVALID_ACCOUNT'); $this->loadModel('user'); $user->last = time(); $user->rights = $this->user->authorize($user->account); $user->groups = $this->user->getGroups($user->account); $user->view = $this->user->grantUserView($user->account, $user->rights['acls']); $user->admin = strpos($this->app->company->admins, ",{$user->account},") !== false; $this->session->set('user', $user); $this->app->user = $user; $this->dao->update(TABLE_USER)->set('last')->eq($user->last)->where('account')->eq($user->account)->exec(); $this->loadModel('action')->create('user', $user->id, 'login'); $this->loadModel('score')->create('user', 'login'); if($isFreepasswd) die(js::locate($this->config->webRoot)); $this->session->set('ENTRY_CODE', $this->get->code); $this->session->set('VALID_ENTRY', md5(md5($this->get->code) . helper::getRemoteIp())); $this->loadModel('entry')->saveLog($entry->id, $this->server->request_uri); /* Add for task #5384. */ if($_SERVER['REQUEST_METHOD'] == 'POST' and empty($_POST)) { $post = file_get_contents("php://input"); if(!empty($post)) $post = json_decode($post, true); if(!empty($post)) $_POST = $post; } unset($_GET['code']); unset($_GET['token']); } /** * Check token of an entry. * * @param object $entry * @access public * @return bool */ public function checkEntryToken($entry) { parse_str($this->server->query_String, $queryString); unset($queryString['token']); /* Change for task #5384. */ if(isset($queryString['time'])) { $timestamp = $queryString['time']; if(strlen($timestamp) > 10) $timestamp = substr($timestamp, 0, 10); if(strlen($timestamp) != 10 or $timestamp[0] >= '4') $this->response('ERROR_TIMESTAMP'); $result = $this->get->token == md5($entry->code . $entry->key . $queryString['time']); if($result) { if($timestamp <= $entry->calledTime) $this->response('CALLED_TIME'); $this->loadModel('entry')->updateCalledTime($entry->code, $timestamp); unset($_GET['time']); return $result; } } $queryString = http_build_query($queryString); return $this->get->token == md5(md5($queryString) . $entry->key); } /** * Check Not CN Lang. * * @static * @access public * @return bool */ public static function checkNotCN() { global $app; return strpos('|zh-cn|zh-tw|', '|' . $app->getClientLang() . '|') === false; } /** * Check the object can be changed. * * @param string $module * @param object $object * @static * @access public * @return bool */ public static function canBeChanged($module, $object = null) { global $app, $config; static $productsStatus = array(); static $executionsStatus = array(); /* Check the product is closed. */ if(!empty($object->product) and is_numeric($object->product) and empty($config->CRProduct)) { if(!isset($productsStatus[$object->product])) { $product = $app->control->loadModel('product')->getByID($object->product); $productsStatus[$object->product] = $product ? $product->status : ''; } if($productsStatus[$object->product] == 'closed') return false; } elseif(!empty($object->product) and is_string($object->product) and empty($config->CRProduct)) { $products = array(0) + explode(',', $object->product); $products = $app->control->loadModel('product')->getByIdList($products); $productStatus = array(); foreach($products as $product) $productStatus[$product->status] = 1; if(!empty($productStatus['closed']) and count($productStatus) == 1) return false; } /* Check the execution is closed. */ $productModuleList = array('story', 'bug', 'testtask'); if(!in_array($module, $productModuleList) and !empty($object->execution) and is_numeric($object->execution) and empty($config->CRExecution)) { if(!isset($executionsStatus[$object->execution])) { $execution = $app->control->loadModel('execution')->getByID($object->execution); $executionsStatus[$object->execution] = $execution ? $execution->status : ''; } if($executionsStatus[$object->execution] == 'closed') return false; } return true; } /** * Check object can modify. * * @param string $type product|Execution * @param object $object * @static * @access public * @return bool */ public static function canModify($type, $object) { global $config; if(empty($object)) return true; if($type == 'product' and empty($config->CRProduct) and $object->status == 'closed') return false; if($type == 'execution' and empty($config->CRExecution) and $object->status == 'closed') return false; return true; } /** * Response. * * @param string $code * @access public * @return void */ public function response($code) { $response = new stdclass(); if(isset($this->config->entry->errcode)) { $response->errcode = $this->config->entry->errcode[$code]; $response->errmsg = urlencode($this->lang->entry->errmsg[$code]); die(urldecode(json_encode($response))); } else { $response->error = $code; die(urldecode(json_encode($response))); } } /** * Http response with header. * * @param string $url * @param string|array $data * @param array $options This is option and value pair, like CURLOPT_HEADER => true. Use curl_setopt function to set options. * @param array $headers Set request headers. * @static * @access public * @return string */ public static function httpWithHeader($url, $data = null, $options = array(), $headers = array()) { global $lang, $app; if(!extension_loaded('curl')) return json_encode(array('result' => 'fail', 'message' => $lang->error->noCurlExt)); commonModel::$requestErrors = array(); if(!is_array($headers)) $headers = (array)$headers; $headers[] = "API-RemoteIP: " . helper::getRemoteIp(); $curl = curl_init(); curl_setopt($curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); curl_setopt($curl, CURLOPT_USERAGENT, 'Sae T OAuth2 v0.1'); curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($curl, CURLOPT_TIMEOUT, 30); curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($curl, CURLOPT_ENCODING, ""); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, FALSE); curl_setopt($curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLINFO_HEADER_OUT, TRUE); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); curl_setopt($curl, CURLOPT_URL, $url); if(!empty($data)) { if(is_object($data)) $data = (array) $data; curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_POSTFIELDS, $data); } if($options) curl_setopt_array($curl, $options); $response = curl_exec($curl); $errors = curl_error($curl); $headerSize = curl_getinfo($curl, CURLINFO_HEADER_SIZE); $headerString = substr($response, 0, $headerSize); $body = substr($response, $headerSize); /* Parse header. */ $header = explode("\n", $headerString); $newHeader = array(); foreach($header as $item) { $field = explode(':', $item); if(count($field) < 2) continue; $headerkey = array_shift($field); $newHeader[$headerkey] = join('', $field); } curl_close($curl); if($app->config->debug) { $logFile = $app->getLogRoot() . 'saas.'. date('Ymd') . '.log.php'; if(!file_exists($logFile)) file_put_contents($logFile, ''); $fh = @fopen($logFile, 'a'); if($fh) { fwrite($fh, date('Ymd H:i:s') . ": " . $app->getURI() . "\n"); fwrite($fh, "url: " . $url . "\n"); if(!empty($data)) fwrite($fh, "data: " . print_r($data, true) . "\n"); fwrite($fh, "results:" . print_r($response, true) . "\n"); if(!empty($errors)) fwrite($fh, "errors: " . $errors . "\n"); fclose($fh); } } if($errors) commonModel::$requestErrors[] = $errors; return array('body' => $body, 'header' => $newHeader); } /** * Http. * * @param string $url * @param string|array $data * @param array $options This is option and value pair, like CURLOPT_HEADER => true. Use curl_setopt function to set options. * @param array $headers Set request headers. * @param string $dataType * @param string $method POST|PATCH|PUT * @param int $timeout * @param bool $httpCode * @param bool $log * @static * @access public * @return string */ public static function http($url, $data = null, $options = array(), $headers = array(), $dataType = 'data', $method = 'POST', $timeout = 30, $httpCode = false, $log = true) { global $lang, $app; if(!extension_loaded('curl')) { if($dataType == 'json') return print($lang->error->noCurlExt); return json_encode(array('result' => 'fail', 'message' => $lang->error->noCurlExt)); } commonModel::$requestErrors = array(); if(!is_array($headers)) $headers = (array)$headers; $headers[] = "API-RemoteIP: " . helper::getRemoteIp(); if($dataType == 'json') { $headers[] = 'Content-Type: application/json;charset=utf-8'; if(!empty($data)) $data = json_encode($data); } $curl = curl_init(); curl_setopt($curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); curl_setopt($curl, CURLOPT_USERAGENT, 'Sae T OAuth2 v0.1'); curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, $timeout); curl_setopt($curl, CURLOPT_TIMEOUT, $timeout); curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($curl, CURLOPT_ENCODING, ""); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, FALSE); curl_setopt($curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); curl_setopt($curl, CURLOPT_HEADER, FALSE); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 2); curl_setopt($curl, CURLINFO_HEADER_OUT, TRUE); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); curl_setopt($curl, CURLOPT_URL, $url); if(!empty($data)) { if(is_object($data)) $data = (array) $data; if($method == 'POST') curl_setopt($curl, CURLOPT_POST, true); if(in_array($method, array('PATCH', 'PUT'))) curl_setopt($curl, CURLOPT_CUSTOMREQUEST, $method); curl_setopt($curl, CURLOPT_POSTFIELDS, $data); } if($options) curl_setopt_array($curl, $options); $response = curl_exec($curl); $errors = curl_error($curl); if($httpCode) $httpCode = curl_getinfo($curl,CURLINFO_HTTP_CODE); curl_close($curl); if($log or $app->config->debug) { $logFile = $app->getLogRoot() . 'saas.'. date('Ymd') . '.log.php'; if(!file_exists($logFile)) file_put_contents($logFile, ''); $fh = @fopen($logFile, 'a'); if($fh) { fwrite($fh, date('Ymd H:i:s') . ": " . $app->getURI() . "\n"); fwrite($fh, "url: " . $url . "\n"); if(!empty($data)) fwrite($fh, "data: " . print_r($data, true) . "\n"); fwrite($fh, "results:" . print_r($response, true) . "\n"); if(!empty($errors)) fwrite($fh, "errors: " . $errors . "\n"); fclose($fh); } } if($errors) commonModel::$requestErrors[] = $errors; return $httpCode ? array($response, $httpCode) : $response; } /** * Set main menu. * * @static * @access public * @return string */ public static function setMainMenu() { global $app, $lang; $tab = $app->tab; $isTutorialMode = common::isTutorialMode(); $currentModule = $isTutorialMode ? $app->moduleName : $app->rawModule; $currentMethod = $isTutorialMode ? $app->methodName : $app->rawMethod; $currentMethod = strtolower($currentMethod); /* If homeMenu is not exists or unset, display menu. */ if(!isset($lang->$tab->homeMenu)) { $lang->menu = isset($lang->$tab->menu) ? $lang->$tab->menu : array(); $lang->menuOrder = isset($lang->$tab->menuOrder) ? $lang->$tab->menuOrder : array(); return; } if($currentModule == $tab and $currentMethod == 'create') { $lang->menu = $lang->$tab->homeMenu; return; } /* If the method is in homeMenu, display homeMenu. */ foreach($lang->$tab->homeMenu as $menu) { $link = is_array($menu) ? $menu['link'] : $menu; $params = explode('|', $link); $method = strtolower($params[2]); if($method == $currentMethod) { $lang->menu = $lang->$tab->homeMenu; return; } if(isset($menu['alias']) and in_array($currentMethod, explode(',', strtolower($menu['alias'])))) { $lang->menu = $lang->$tab->homeMenu; return; } if(isset($menu['subModule']) and strpos(",{$menu['subModule']},", ",$currentModule,") !== false) { $lang->menu = $lang->$tab->homeMenu; return; } } /* Default, display menu. */ $lang->menu = isset($lang->$tab->menu) ? $lang->$tab->menu : array(); $lang->menuOrder = isset($lang->$tab->menuOrder) ? $lang->$tab->menuOrder : array(); } /** * Get relations for two object. * * @param varchar $atype * @param int $aid * @param varchar $btype * @param int $bid * * @access public * @return string */ public function getRelations($AType = '', $AID = 0, $BType = '', $BID = 0) { return $this->dao->select('*')->from(TABLE_RELATION) ->where('AType')->eq($AType) ->andWhere('AID')->eq($AID) ->andwhere('BType')->eq($BType) ->beginif($BID)->andwhere('BID')->eq($BID)->fi() ->fetchAll(); } /** * Replace the %s of one key of a menu by objectID or $params. * * All the menus are defined in the common's language file. But there're many dynamic params, so in the defination, * we used %s as placeholder. These %s should be setted in one module. * * @param string $moduleName * @param int $objectID * @param array $params * * @access public * @return string */ static public function setMenuVars($moduleName, $objectID, $params = array()) { global $app, $lang; $menuKey = 'menu'; if($app->viewType == 'mhtml') $menuKey = 'webMenu'; foreach($lang->$moduleName->$menuKey as $label => $menu) { $lang->$moduleName->$menuKey->$label = self::setMenuVarsEx($menu, $objectID, $params); if(isset($menu['subMenu'])) { foreach($menu['subMenu'] as $key1 => $subMenu) { $lang->$moduleName->$menuKey->{$label}['subMenu']->$key1 = self::setMenuVarsEx($subMenu, $objectID, $params); } } if(!isset($menu['dropMenu'])) continue; foreach($menu['dropMenu'] as $key2 => $dropMenu) { $lang->$moduleName->$menuKey->{$label}['dropMenu']->$key2 = self::setMenuVarsEx($dropMenu, $objectID, $params); if(!isset($dropMenu['subMenu'])) continue; foreach($dropMenu['subMenu'] as $key3 => $subMenu) { $lang->$moduleName->$menuKey->{$label}['dropMenu']->$key3 = self::setMenuVarsEx($subMenu, $objectID, $params); } } } /* If objectID is set, cannot use homeMenu. */ unset($lang->$moduleName->homeMenu); } /** * Check menuVars replaced. * * @static * @access public * @return void */ public static function checkMenuVarsReplaced() { global $app, $lang; $tab = $app->tab; $varsReplaced = true; foreach($lang->menu as $menuKey => $menu) { if(isset($menu['link']) and strpos($menu['link'], '%s') !== false) $varsReplaced = false; if(!isset($menu['link']) and is_string($menu) and strpos($menu, '%s') !== false) $varsReplaced = false; if(!$varsReplaced) break; } if(!$varsReplaced and strpos("|program|product|project|execution|qa|", "|{$tab}|") !== false) { $isTutorialMode = common::isTutorialMode(); $currentModule = $isTutorialMode ? $app->moduleName : $app->rawModule; if(isset($lang->$currentModule->menu)) { $lang->menu = isset($lang->$currentModule->menu) ? $lang->$currentModule->menu : array(); $lang->menuOrder = isset($lang->$currentModule->menuOrder) ? $lang->$currentModule->menuOrder : array(); $app->tab = zget($lang->navGroup, $currentModule); } else { self::setMenuVars($tab, (int)$app->session->$tab); } } } /* * Replace the %s of one key of a menu by objectID or $params. * @param object $menu * @param int $objectID * @param array $params */ static public function setMenuVarsEx($menu, $objectID, $params = array()) { if(is_array($menu)) { if(!isset($menu['link'])) return $menu; $link = sprintf($menu['link'], $objectID); $menu['link'] = vsprintf($link, $params); } else { $menu = sprintf($menu, $objectID); $menu = vsprintf($menu, $params); } return $menu; } /** * Process markdown. * * @param string $markdown * @static * @access public * @return string */ static public function processMarkdown($markdown) { if(empty($markdown)) return false; global $app; $app->loadClass('parsedownextraplugin'); $Parsedown = new parsedownextraplugin; $Parsedown->voidElementSuffix = '>'; // HTML5 return $Parsedown->text($markdown); } /** * Sort featureBar. * * @param string $module * @param string $method * @static * @access public * @return bool */ public static function sortFeatureMenu($module = '', $method = '') { global $lang, $config, $app; $module = $module ? $module : $app->rawModule; $method = $method ? $method : $app->rawMethod; /* It will be sorted according to the workflow in the future */ if(!empty($config->featureBarSort[$module][$method])) { $featureBar = array(); if(empty($lang->$module->featureBar[$method])) return false; foreach($lang->$module->featureBar[$method] as $key => $label) { foreach($config->featureBarSort[$module][$method] as $currentKey => $afterKey) { if($key == $currentKey) continue; $featureBar[$method][$key] = $label; if($key == $afterKey && !empty($lang->$module->featureBar[$method][$currentKey])) { $featureBar[$method][$currentKey] = $lang->$module->featureBar[$method][$currentKey]; } } } $lang->$module->featureBar = $featureBar; } return true; } /** * Replace menu lang. * * @static * @access public * @return void */ public static function replaceMenuLang() { global $lang; if(empty($lang->db->custom)) return; foreach($lang->db->custom as $moduleName => $sectionMenus) { if(strpos($moduleName, 'Menu') === false) continue; $isSecondMenu = strpos($moduleName, 'SubMenu') === false; $moduleName = str_replace($isSecondMenu ? 'Menu' : 'SubMenu', '', $moduleName); foreach($sectionMenus as $section => $menus) { foreach($menus as $key => $value) { /* Get second menu. */ if($isSecondMenu) { $isDropMenu = strpos($section, 'DropMenu') !== false; if(!$isDropMenu) { if(!isset($lang->{$moduleName}->{$section})) break; if(is_object($lang->{$moduleName}->{$section}) and isset($lang->{$moduleName}->{$section}->{$key})) $settingMenu = &$lang->{$moduleName}->{$section}->{$key}; if(is_array($lang->{$moduleName}->{$section}) and isset($lang->{$moduleName}->{$section}[$key])) $settingMenu = &$lang->{$moduleName}->{$section}[$key]; } else { /* Get drop menu in second menu. */ $dropMenuKey = str_replace('DropMenu', '', $section); if(!isset($lang->{$moduleName}->menu->{$dropMenuKey}['dropMenu']->{$key})) break; $settingMenu = &$lang->{$moduleName}->menu->{$dropMenuKey}['dropMenu']->{$key}; } } /* Get third menu. */ elseif(isset($lang->{$moduleName}->menu->{$section}['subMenu'])) { $subMenu = $lang->{$moduleName}->menu->{$section}['subMenu']; if(is_object($subMenu) and isset($subMenu->{$key})) $settingMenu = &$lang->{$moduleName}->menu->{$section}['subMenu']->{$key}; if(is_array($subMenu) and isset($subMenu[$key])) $settingMenu = &$lang->{$moduleName}->menu->{$section}['subMenu'][$key]; } /* Set custom menu lang. */ if(!empty($settingMenu)) { if(is_string($settingMenu)) $settingMenu = $value . substr($settingMenu, strpos($settingMenu, '|')); if(is_array($settingMenu) and isset($settingMenu['link'])) $settingMenu['link'] = $value . substr($settingMenu['link'], strpos($settingMenu['link'], '|')); unset($settingMenu); } } } } } /** * Check valid row. * * @param string $objectType * @param array $postData * @param int $index * @access public * @return bool */ public function checkValidRow($objectType, $postData = array(), $index = 0) { if(empty($postData)) return false; foreach($postData as $key => $value) { if(!is_array($value) or strpos($this->config->$objectType->excludeCheckFileds, ",$key,") !== false) continue; if(isset($value[$index]) and !empty($value[$index]) and $value[$index] != 'ditto') return true; } return false; } } class common extends commonModel { }"; printf($this->lang->upgrade->setStatusFile, $cmd, $statusFile); echo '