TaskFloor/action.php

<?php

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/**
 * Make things happen when buttons are pressed and forms submitted.
 */
require_once __DIR__ . "/required.php";


if ($VARS['action'] !== "signout") {
    dieifnotloggedin();
}

/**
 * Redirects back to the page ID in $_POST/$_GET['source'] with the given message ID.
 * The message will be displayed by the app.
 * @param string $msg message ID (see lang/messages.php)
 * @param string $arg If set, replaces "{arg}" in the message string when displayed to the user.
 */
function returnToSender($msg, $arg = "") {
    global $VARS;
    if ($arg == "") {
        header("Location: app.php?page=" . urlencode($VARS['source']) . "&msg=" . $msg);
    } else {
        header("Location: app.php?page=" . urlencode($VARS['source']) . "&msg=$msg&arg=$arg");
    }
    die();
}

if ($VARS['action'] != "signout" && !(new User($_SESSION['uid']))->hasPermission("TASKFLOOR")) {
    returnToSender("no_permission");
}

switch ($VARS['action']) {
    case "signout":
        session_destroy();
        header('Location: index.php');
        die("Logged out.");
    case "sendmsg":
        header("HTTP/1.1 204 No Content");
        $msg = strip_tags($VARS['msg']);
        if (is_empty($VARS['to'])) {
            $to = null;
            die(); // TODO: add some kind of permission thing to allow this
        } else if (User::byUsername($VARS['to'])->exists()) {
            $to = User::byUsername($VARS['to'])->getUID();
        } else {
            die();
        }
        if (is_empty($msg)) {
            die();
        }
        $database->insert('messages', ['messagetext' => $msg, 'messagedate' => date("Y-m-d H:i:s"), 'from' => $_SESSION['uid'], 'to' => $to]);
        if (!is_null($to)) {
            $touser = new User($to);
            Notifications::add($touser, $Strings->get("TaskFloor: New message"), "$msg\nFrom: " . (new User($_SESSION['uid']))->getName());
        }
        break;
    case "delmsg":
        header('HTTP/1.0 204 No Content');
        if (is_empty($VARS['msgid'])) {
            die();
        }
        if (!$database->has('messages', ['messageid' => $VARS['msgid']])) {
            die();
        }
        $msg = $database->select('messages', ['to', 'from'], ['messageid' => $VARS['msgid']])[0];
        $me = new User($_SESSION['uid']);
        if ($msg['to'] == $_SESSION['uid'] ||
                $msg['from'] == $_SESSION['uid'] ||
                $me->isManagerOf(new User($msg['to'])) ||
                $me->isManagerOf(new User($msg['from']))) {
            $database->update('messages', ['deleted' => 1], ['messageid' => $VARS['msgid']]);
        }
        break;
    case "start":
        if (!$database->has('assigned_tasks', ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $_SESSION['uid']]])) {
            die('You are not assigned to this task!');
        }
        header('HTTP/1.0 204 No Content');
        $database->update('assigned_tasks', ['starttime' => date("Y-m-d H:i:s"), 'statusid' => 1], ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $_SESSION['uid']]]);
        break;
    case "resume":
        if (!$database->has('assigned_tasks', ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $_SESSION['uid'], 'starttime[!]' => null]])) {
            die('Invalid operation.');
        }
        header('HTTP/1.0 204 No Content');
        if ($database->get('assigned_tasks', 'statusid', ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $_SESSION['uid']]]) == 4) {
            $owneruid = $database->get('tasks', 'taskcreatoruid', ['taskid' => $VARS['taskid']]);
            $tasktitle = $database->get('tasks', 'tasktitle', ['taskid' => $VARS['taskid']]);
            Notifications::add(new User($owneruid), $Strings->get("TaskFloor: Problem resolved"), (new User($_SESSION['uid']))->getName() . " has resolved their problem with task $tasktitle.");
        }
        $database->update('assigned_tasks', ['statusid' => 1], ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $_SESSION['uid']]]);
        break;
    case "finish":
        header('HTTP/1.0 204 No Content');
        if (!$database->has('assigned_tasks', ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $_SESSION['uid']]])) {
            die('You are not assigned to this task!');
        }
        $database->update('assigned_tasks', ['endtime' => date("Y-m-d H:i:s"), 'statusid' => 2], ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $_SESSION['uid']]]);
        $owneruid = $database->get('tasks', 'taskcreatoruid', ['taskid' => $VARS['taskid']]);
        $tasktitle = $database->get('tasks', 'tasktitle', ['taskid' => $VARS['taskid']]);
        Notifications::add(new User($owneruid), $Strings->get("TaskFloor: Task finished"), (new User($_SESSION['uid']))->getName() . " has finished task $tasktitle.");
        break;
    case "pause":
        if (!$database->has('assigned_tasks', ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $_SESSION['uid']]])) {
            die('You are not assigned to this task!');
        }
        header('HTTP/1.0 204 No Content');
        $database->update('assigned_tasks', ['statusid' => 3], ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $_SESSION['uid']]]);
        break;
    case "problem":
        if (!$database->has('assigned_tasks', ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $_SESSION['uid']]])) {
            die('You are not assigned to this task!');
        }
        header('HTTP/1.0 204 No Content');
        $database->update('assigned_tasks', ['statusid' => 4], ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $_SESSION['uid']]]);
        $owneruid = $database->get('tasks', 'taskcreatoruid', ['taskid' => $VARS['taskid']]);
        $tasktitle = $database->get('tasks', 'tasktitle', ['taskid' => $VARS['taskid']]);
        Notifications::add(new User($owneruid), $Strings->get("TaskFloor: Problem reported"), (new User($_SESSION['uid']))->getName() . " has reported a problem with task $tasktitle.");
        break;
    case "edittask":
        if (is_empty($VARS['tasktitle'])) {
            header('HTTP/1.0 204 No Content');
            die();
        }

        $config = HTMLPurifier_Config::createDefault();
        $purifier = new HTMLPurifier($config);
        $taskdesc = $purifier->purify($VARS['taskdesc']);
        //$taskdesc = $VARS['taskdesc'];

        if (is_empty($VARS['taskid'])) {
            $database->insert('tasks', ['tasktitle' => $VARS['tasktitle'], 'taskdesc' => $taskdesc, 'taskcreatoruid' => $_SESSION['uid']]);
            $VARS['taskid'] = $database->id();
            header('Location: app.php?page=edittask&taskid=' . $database->id() . '&msg=task_saved');
        } else {
            $database->update('tasks', ['tasktitle' => $VARS['tasktitle'], 'taskdesc' => $taskdesc], ['taskid' => $VARS['taskid']]);
            header('Location: app.php?page=edittask&taskid=' . $VARS['taskid'] . '&msg=task_saved');
        }

        if (checkIsAValidDate($VARS['taskassignedon'])) {
            $assigneddate = date('Y-m-d H:i:s', strtotime($VARS['taskassignedon']));
            $database->update('tasks', ['taskassignedon' => $assigneddate], ['taskid' => $VARS['taskid']]);
        }
        if (checkIsAValidDate($VARS['taskdueby'])) {
            $duedate = date('Y-m-d H:i:s', strtotime($VARS['taskdueby']));
            $database->update('tasks', ['taskdueby' => $duedate], ['taskid' => $VARS['taskid']]);
        } else if ($VARS['taskdueby'] == "") {
            $database->update('tasks', ['taskdueby' => null], ['taskid' => $VARS['taskid']]);
        }
        if (!is_empty($VARS['assignedto']) && User::byUsername($VARS['assignedto'])->exists()) {
            $uid = User::byUsername($VARS['assignedto'])->getUID();
            $managed_users = (new User($_SESSION['uid']))->getManagedUsers();
            $managed_uids = [];
            foreach ($managed_users as $m) {
                $managed_uids[] = $m->getUID();
            }
            // allow self-assignment
            if (!in_array($uid, $managed_uids) && $uid != $_SESSION['uid']) {
                header('Location: app.php?page=edittask&taskid=' . $VARS['taskid'] . '&msg=user_not_managed');
                die(lang("user not managed", false));
            }
            if ($database->has('assigned_tasks', ['taskid' => $VARS['taskid']])) {
                $database->update('assigned_tasks', ['userid' => $uid, 'starttime' => null, 'endtime' => null, 'statusid' => 0], ['taskid' => $VARS['taskid']]);
                Notifications::add(new User($uid), SITE_TITLE . ": " . $Strings->get("Task assigned", false), "You have been assigned task " . strip_tags($VARS['tasktitle']) . ".");
            } else {
                $database->insert('assigned_tasks', ['taskid' => $VARS['taskid'], 'userid' => $uid, 'starttime' => null, 'endtime' => null, 'statusid' => 0]);
                Notifications::add(new User($uid), SITE_TITLE . ": " . $Strings->get("Task assigned"), "You have been assigned task " . strip_tags($VARS['tasktitle']) . ".");
            }
        } else if (is_empty($VARS['assignedto'])) {
            $database->delete('assigned_tasks', ['taskid' => $VARS['taskid']]);
        }
        break;
    case "deltask":
        if (is_empty($VARS['taskid'])) {
            die('Missing taskid.');
        }

        $managed_users = (new User($_SESSION['uid']))->getManagedUsers();
        $managed_uids = [];
        foreach ($managed_users as $m) {
            $managed_uids[] = $m->getUID();
        }
        // There needs to be at least one entry otherwise the SQL query craps itself
        if (count($managed_uids) < 1) {
            $managed_uids = [-1];
        }
        $allowed = $database->has('tasks', [
            '[>]assigned_tasks' => [
                'taskid' => 'taskid'
            ]
                ], [
            "AND" => [
                "OR" => [
                    'tasks.taskcreatoruid' => $_SESSION['uid'],
                    'assigned_tasks.userid' => $managed_uids
                ],
                "tasks.taskid" => $VARS['taskid']
        ]]);

        if (!$allowed) {
            header("Location: app.php?page=taskman&msg=task_delete_not_allowed");
            die(lang("task delete not allowed", false));
        }

        if ($VARS['assigned']) {
            $database->delete('assigned_tasks', ['taskid' => $VARS['taskid']]);
        } else {
            $database->update('tasks', ['deleted' => 1], ['taskid' => $VARS['taskid']]);
        }
        header("Location: app.php?page=taskman&msg=task_deleted");
        break;
    case "autocomplete":
        header("Content-Type: application/json");
        $client = new GuzzleHttp\Client();

        $response = $client
                ->request('POST', PORTAL_API, [
            'form_params' => [
                'key' => PORTAL_KEY,
                'action' => "usersearch",
                'search' => $VARS['q']
            ]
        ]);

        if ($response->getStatusCode() != 200) {
            exit("[]");
        }

        $resp = json_decode($response->getBody(), TRUE);
        if ($resp['status'] == "OK") {
            exit(json_encode($resp['result']));
        } else {
            exit("[]");
        }
        break;
    default:
        die("Invalid request.");
}
Create template based on SSO code 2017-04-24 17:13:08 -06:00			`<?php`

Implement MPL-2.0 license 2017-12-16 14:25:31 -07:00			`/* This Source Code Form is subject to the terms of the Mozilla Public`
			`* License, v. 2.0. If a copy of the MPL was not distributed with this`
			`* file, You can obtain one at http://mozilla.org/MPL/2.0/. */`

Create template based on SSO code 2017-04-24 17:13:08 -06:00			`/**`
			`* Make things happen when buttons are pressed and forms submitted.`
			`*/`
			`require_once __DIR__ . "/required.php";`
Add task manager, message system, more security, dozens of improvements 2017-05-05 17:17:39 -06:00
Create template based on SSO code 2017-04-24 17:13:08 -06:00
Fix expired session logout error (Business/CommonBugs#1) 2017-10-10 12:29:10 -06:00			`if ($VARS['action'] !== "signout") {`
			`dieifnotloggedin();`
			`}`
Create template based on SSO code 2017-04-24 17:13:08 -06:00
Add a bit of cleanup and comments 2017-05-07 00:30:25 -06:00			`/**`
			`* Redirects back to the page ID in $_POST/$_GET['source'] with the given message ID.`
			`* The message will be displayed by the app.`
			`* @param string $msg message ID (see lang/messages.php)`
			`* @param string $arg If set, replaces "{arg}" in the message string when displayed to the user.`
			`*/`
Create template based on SSO code 2017-04-24 17:13:08 -06:00			`function returnToSender($msg, $arg = "") {`
			`global $VARS;`
			`if ($arg == "") {`
			`header("Location: app.php?page=" . urlencode($VARS['source']) . "&msg=" . $msg);`
			`} else {`
			`header("Location: app.php?page=" . urlencode($VARS['source']) . "&msg=$msg&arg=$arg");`
			`}`
			`die();`
			`}`

Merge BusinessAppTemplate # Conflicts: # api.php # composer.lock # lang/en_us.php # lib/login.php # mobile/index.php 2018-09-07 19:19:07 -06:00			`if ($VARS['action'] != "signout" && !(new User($_SESSION['uid']))->hasPermission("TASKFLOOR")) {`
Add permissions checks 2017-05-28 23:52:39 -06:00			`returnToSender("no_permission");`
			`}`

Create template based on SSO code 2017-04-24 17:13:08 -06:00			`switch ($VARS['action']) {`
			`case "signout":`
			`session_destroy();`
			`header('Location: index.php');`
			`die("Logged out.");`
Add task manager, message system, more security, dozens of improvements 2017-05-05 17:17:39 -06:00			`case "sendmsg":`
			`header("HTTP/1.1 204 No Content");`
			`$msg = strip_tags($VARS['msg']);`
			`if (is_empty($VARS['to'])) {`
			`$to = null;`
			`die(); // TODO: add some kind of permission thing to allow this`
Merge BusinessAppTemplate # Conflicts: # api.php # composer.lock # lang/en_us.php # lib/login.php # mobile/index.php 2018-09-07 19:19:07 -06:00			`} else if (User::byUsername($VARS['to'])->exists()) {`
			`$to = User::byUsername($VARS['to'])->getUID();`
Add task manager, message system, more security, dozens of improvements 2017-05-05 17:17:39 -06:00			`} else {`
			`die();`
			`}`
			`if (is_empty($msg)) {`
			`die();`
			`}`
Use PHP date() instead of SQL NOW() 2017-05-22 02:58:12 -06:00			`$database->insert('messages', ['messagetext' => $msg, 'messagedate' => date("Y-m-d H:i:s"), 'from' => $_SESSION['uid'], 'to' => $to]);`
Merge BusinessAppTemplate # Conflicts: # api.php # composer.lock # lang/en_us.php # lib/login.php # mobile/index.php 2018-09-07 19:19:07 -06:00			`if (!is_null($to)) {`
			`$touser = new User($to);`
			`Notifications::add($touser, $Strings->get("TaskFloor: New message"), "$msg\nFrom: " . (new User($_SESSION['uid']))->getName());`
			`}`
Add task manager, message system, more security, dozens of improvements 2017-05-05 17:17:39 -06:00			`break;`
			`case "delmsg":`
			`header('HTTP/1.0 204 No Content');`
			`if (is_empty($VARS['msgid'])) {`
			`die();`
			`}`
			`if (!$database->has('messages', ['messageid' => $VARS['msgid']])) {`
			`die();`
			`}`
			`$msg = $database->select('messages', ['to', 'from'], ['messageid' => $VARS['msgid']])[0];`
Merge BusinessAppTemplate # Conflicts: # api.php # composer.lock # lang/en_us.php # lib/login.php # mobile/index.php 2018-09-07 19:19:07 -06:00			`$me = new User($_SESSION['uid']);`
Add task manager, message system, more security, dozens of improvements 2017-05-05 17:17:39 -06:00			`if ($msg['to'] == $_SESSION['uid'] \|\|`
			`$msg['from'] == $_SESSION['uid'] \|\|`
Merge BusinessAppTemplate # Conflicts: # api.php # composer.lock # lang/en_us.php # lib/login.php # mobile/index.php 2018-09-07 19:19:07 -06:00			`$me->isManagerOf(new User($msg['to'])) \|\|`
			`$me->isManagerOf(new User($msg['from']))) {`
Add task manager, message system, more security, dozens of improvements 2017-05-05 17:17:39 -06:00			`$database->update('messages', ['deleted' => 1], ['messageid' => $VARS['msgid']]);`
			`}`
			`break;`
			`case "start":`
			`if (!$database->has('assigned_tasks', ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $_SESSION['uid']]])) {`
			`die('You are not assigned to this task!');`
			`}`
Add start and finish dates to task cards, change assigned/due icons, add resume action that doesn't overwrite starttime 2017-05-06 00:42:02 -06:00			`header('HTTP/1.0 204 No Content');`
Use PHP date() instead of SQL NOW() 2017-05-22 02:58:12 -06:00			`$database->update('assigned_tasks', ['starttime' => date("Y-m-d H:i:s"), 'statusid' => 1], ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $_SESSION['uid']]]);`
Add task manager, message system, more security, dozens of improvements 2017-05-05 17:17:39 -06:00			`break;`
Add start and finish dates to task cards, change assigned/due icons, add resume action that doesn't overwrite starttime 2017-05-06 00:42:02 -06:00			`case "resume":`
			`if (!$database->has('assigned_tasks', ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $_SESSION['uid'], 'starttime[!]' => null]])) {`
			`die('Invalid operation.');`
			`}`
			`header('HTTP/1.0 204 No Content');`
Merge BusinessAppTemplate # Conflicts: # api.php # composer.lock # lang/en_us.php # lib/login.php # mobile/index.php 2018-09-07 19:19:07 -06:00			`if ($database->get('assigned_tasks', 'statusid', ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $_SESSION['uid']]]) == 4) {`
			`$owneruid = $database->get('tasks', 'taskcreatoruid', ['taskid' => $VARS['taskid']]);`
			`$tasktitle = $database->get('tasks', 'tasktitle', ['taskid' => $VARS['taskid']]);`
			`Notifications::add(new User($owneruid), $Strings->get("TaskFloor: Problem resolved"), (new User($_SESSION['uid']))->getName() . " has resolved their problem with task $tasktitle.");`
			`}`
Add start and finish dates to task cards, change assigned/due icons, add resume action that doesn't overwrite starttime 2017-05-06 00:42:02 -06:00			`$database->update('assigned_tasks', ['statusid' => 1], ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $_SESSION['uid']]]);`
			`break;`
Add task manager, message system, more security, dozens of improvements 2017-05-05 17:17:39 -06:00			`case "finish":`
			`header('HTTP/1.0 204 No Content');`
			`if (!$database->has('assigned_tasks', ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $_SESSION['uid']]])) {`
			`die('You are not assigned to this task!');`
			`}`
Use PHP date() instead of SQL NOW() 2017-05-22 02:58:12 -06:00			`$database->update('assigned_tasks', ['endtime' => date("Y-m-d H:i:s"), 'statusid' => 2], ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $_SESSION['uid']]]);`
Merge BusinessAppTemplate # Conflicts: # api.php # composer.lock # lang/en_us.php # lib/login.php # mobile/index.php 2018-09-07 19:19:07 -06:00			`$owneruid = $database->get('tasks', 'taskcreatoruid', ['taskid' => $VARS['taskid']]);`
			`$tasktitle = $database->get('tasks', 'tasktitle', ['taskid' => $VARS['taskid']]);`
			`Notifications::add(new User($owneruid), $Strings->get("TaskFloor: Task finished"), (new User($_SESSION['uid']))->getName() . " has finished task $tasktitle.");`
Add task manager, message system, more security, dozens of improvements 2017-05-05 17:17:39 -06:00			`break;`
Add pause, resume, and problem buttons 2017-05-06 00:23:31 -06:00			`case "pause":`
			`if (!$database->has('assigned_tasks', ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $_SESSION['uid']]])) {`
			`die('You are not assigned to this task!');`
			`}`
Add start and finish dates to task cards, change assigned/due icons, add resume action that doesn't overwrite starttime 2017-05-06 00:42:02 -06:00			`header('HTTP/1.0 204 No Content');`
Add pause, resume, and problem buttons 2017-05-06 00:23:31 -06:00			`$database->update('assigned_tasks', ['statusid' => 3], ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $_SESSION['uid']]]);`
			`break;`
			`case "problem":`
			`if (!$database->has('assigned_tasks', ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $_SESSION['uid']]])) {`
			`die('You are not assigned to this task!');`
			`}`
Add start and finish dates to task cards, change assigned/due icons, add resume action that doesn't overwrite starttime 2017-05-06 00:42:02 -06:00			`header('HTTP/1.0 204 No Content');`
Add pause, resume, and problem buttons 2017-05-06 00:23:31 -06:00			`$database->update('assigned_tasks', ['statusid' => 4], ["AND" => ['taskid' => $VARS['taskid'], 'userid' => $_SESSION['uid']]]);`
Merge BusinessAppTemplate # Conflicts: # api.php # composer.lock # lang/en_us.php # lib/login.php # mobile/index.php 2018-09-07 19:19:07 -06:00			`$owneruid = $database->get('tasks', 'taskcreatoruid', ['taskid' => $VARS['taskid']]);`
			`$tasktitle = $database->get('tasks', 'tasktitle', ['taskid' => $VARS['taskid']]);`
			`Notifications::add(new User($owneruid), $Strings->get("TaskFloor: Problem reported"), (new User($_SESSION['uid']))->getName() . " has reported a problem with task $tasktitle.");`
Add pause, resume, and problem buttons 2017-05-06 00:23:31 -06:00			`break;`
Add task manager, message system, more security, dozens of improvements 2017-05-05 17:17:39 -06:00			`case "edittask":`
			`if (is_empty($VARS['tasktitle'])) {`
			`header('HTTP/1.0 204 No Content');`
			`die();`
			`}`

Add rich input sanitization with htmlpurifier 2017-07-05 22:38:31 -06:00			`$config = HTMLPurifier_Config::createDefault();`
			`$purifier = new HTMLPurifier($config);`
			`$taskdesc = $purifier->purify($VARS['taskdesc']);`
			`//$taskdesc = $VARS['taskdesc'];`

Add task manager, message system, more security, dozens of improvements 2017-05-05 17:17:39 -06:00			`if (is_empty($VARS['taskid'])) {`
Add rich input sanitization with htmlpurifier 2017-07-05 22:38:31 -06:00			`$database->insert('tasks', ['tasktitle' => $VARS['tasktitle'], 'taskdesc' => $taskdesc, 'taskcreatoruid' => $_SESSION['uid']]);`
Add task manager, message system, more security, dozens of improvements 2017-05-05 17:17:39 -06:00			`$VARS['taskid'] = $database->id();`
			`header('Location: app.php?page=edittask&taskid=' . $database->id() . '&msg=task_saved');`
			`} else {`
Add rich input sanitization with htmlpurifier 2017-07-05 22:38:31 -06:00			`$database->update('tasks', ['tasktitle' => $VARS['tasktitle'], 'taskdesc' => $taskdesc], ['taskid' => $VARS['taskid']]);`
Add task manager, message system, more security, dozens of improvements 2017-05-05 17:17:39 -06:00			`header('Location: app.php?page=edittask&taskid=' . $VARS['taskid'] . '&msg=task_saved');`
			`}`

			`if (checkIsAValidDate($VARS['taskassignedon'])) {`
			`$assigneddate = date('Y-m-d H:i:s', strtotime($VARS['taskassignedon']));`
			`$database->update('tasks', ['taskassignedon' => $assigneddate], ['taskid' => $VARS['taskid']]);`
			`}`
			`if (checkIsAValidDate($VARS['taskdueby'])) {`
			`$duedate = date('Y-m-d H:i:s', strtotime($VARS['taskdueby']));`
			`$database->update('tasks', ['taskdueby' => $duedate], ['taskid' => $VARS['taskid']]);`
Fix unsetting task due date 2017-11-19 01:39:47 -07:00			`} else if ($VARS['taskdueby'] == "") {`
			`$database->update('tasks', ['taskdueby' => null], ['taskid' => $VARS['taskid']]);`
Add task manager, message system, more security, dozens of improvements 2017-05-05 17:17:39 -06:00			`}`
Fix regression where tasks could not be assigned 2018-09-07 19:22:06 -06:00			`if (!is_empty($VARS['assignedto']) && User::byUsername($VARS['assignedto'])->exists()) {`
Merge BusinessAppTemplate # Conflicts: # api.php # composer.lock # lang/en_us.php # lib/login.php # mobile/index.php 2018-09-07 19:19:07 -06:00			`$uid = User::byUsername($VARS['assignedto'])->getUID();`
			`$managed_users = (new User($_SESSION['uid']))->getManagedUsers();`
			`$managed_uids = [];`
			`foreach ($managed_users as $m) {`
			`$managed_uids[] = $m->getUID();`
			`}`
Add task manager, message system, more security, dozens of improvements 2017-05-05 17:17:39 -06:00			`// allow self-assignment`
			`if (!in_array($uid, $managed_uids) && $uid != $_SESSION['uid']) {`
			`header('Location: app.php?page=edittask&taskid=' . $VARS['taskid'] . '&msg=user_not_managed');`
			`die(lang("user not managed", false));`
			`}`
			`if ($database->has('assigned_tasks', ['taskid' => $VARS['taskid']])) {`
			`$database->update('assigned_tasks', ['userid' => $uid, 'starttime' => null, 'endtime' => null, 'statusid' => 0], ['taskid' => $VARS['taskid']]);`
Add notification when task assigned 2018-09-07 19:30:07 -06:00			`Notifications::add(new User($uid), SITE_TITLE . ": " . $Strings->get("Task assigned", false), "You have been assigned task " . strip_tags($VARS['tasktitle']) . ".");`
Add task manager, message system, more security, dozens of improvements 2017-05-05 17:17:39 -06:00			`} else {`
			`$database->insert('assigned_tasks', ['taskid' => $VARS['taskid'], 'userid' => $uid, 'starttime' => null, 'endtime' => null, 'statusid' => 0]);`
Add notification when task assigned 2018-09-07 19:30:07 -06:00			`Notifications::add(new User($uid), SITE_TITLE . ": " . $Strings->get("Task assigned"), "You have been assigned task " . strip_tags($VARS['tasktitle']) . ".");`
Add task manager, message system, more security, dozens of improvements 2017-05-05 17:17:39 -06:00			`}`
			`} else if (is_empty($VARS['assignedto'])) {`
			`$database->delete('assigned_tasks', ['taskid' => $VARS['taskid']]);`
			`}`
			`break;`
			`case "deltask":`
			`if (is_empty($VARS['taskid'])) {`
			`die('Missing taskid.');`
			`}`
Add pause, resume, and problem buttons 2017-05-06 00:23:31 -06:00
Merge BusinessAppTemplate # Conflicts: # api.php # composer.lock # lang/en_us.php # lib/login.php # mobile/index.php 2018-09-07 19:19:07 -06:00			`$managed_users = (new User($_SESSION['uid']))->getManagedUsers();`
			`$managed_uids = [];`
			`foreach ($managed_users as $m) {`
			`$managed_uids[] = $m->getUID();`
			`}`
Add task manager, message system, more security, dozens of improvements 2017-05-05 17:17:39 -06:00			`// There needs to be at least one entry otherwise the SQL query craps itself`
			`if (count($managed_uids) < 1) {`
			`$managed_uids = [-1];`
			`}`
			`$allowed = $database->has('tasks', [`
			`'[>]assigned_tasks' => [`
			`'taskid' => 'taskid'`
			`]`
			`], [`
			`"AND" => [`
			`"OR" => [`
			`'tasks.taskcreatoruid' => $_SESSION['uid'],`
			`'assigned_tasks.userid' => $managed_uids`
			`],`
			`"tasks.taskid" => $VARS['taskid']`
			`]]);`

			`if (!$allowed) {`
			`header("Location: app.php?page=taskman&msg=task_delete_not_allowed");`
			`die(lang("task delete not allowed", false));`
			`}`
Add pause, resume, and problem buttons 2017-05-06 00:23:31 -06:00
Add task manager, message system, more security, dozens of improvements 2017-05-05 17:17:39 -06:00			`if ($VARS['assigned']) {`
			`$database->delete('assigned_tasks', ['taskid' => $VARS['taskid']]);`
			`} else {`
			`$database->update('tasks', ['deleted' => 1], ['taskid' => $VARS['taskid']]);`
			`}`
			`header("Location: app.php?page=taskman&msg=task_deleted");`
			`break;`
			`case "autocomplete":`
			`header("Content-Type: application/json");`
			`$client = new GuzzleHttp\Client();`

			`$response = $client`
			`->request('POST', PORTAL_API, [`
			`'form_params' => [`
			`'key' => PORTAL_KEY,`
			`'action' => "usersearch",`
			`'search' => $VARS['q']`
			`]`
			`]);`

			`if ($response->getStatusCode() != 200) {`
			`exit("[]");`
			`}`

			`$resp = json_decode($response->getBody(), TRUE);`
			`if ($resp['status'] == "OK") {`
			`exit(json_encode($resp['result']));`
			`} else {`
			`exit("[]");`
			`}`
			`break;`
			`default:`
			`die("Invalid request.");`
Merge Business/BusinessAppTemplate: BS v4.1, include Roboto font 2018-04-13 01:53:16 -06:00			`}`