Merge pull request #2086 from department-of-veterans-affairs/rc/2023-…

…08-15/Sprint-58-c2

Rc/2023 08 15/sprint 58 c2

LEAF_Nexus/scripts/updateDatabase.php

@@ -64,7 +64,8 @@ function updateDB($thisVer, $updateList, $folder, $db)
         $res = $db->prepared_query('SELECT * FROM settings WHERE setting="dbversion"', array());
         if ($res[0]['data'] == $thisVer)
         {
-            echo 'Update failed.' . BR;
+            echo PORTAL_PATH . BR;
+            echo 'Nexus DB Update failed.' . BR;
         }
         else
         {

LEAF_Nexus/sources/Employee.php

@@ -562,7 +562,7 @@ private function getEmployeeDataByEmpUID(array $empUID, Db $db): array
     private function updateEmployeeByUserName(string $user_name, array $national_user, Db $db): array
     {
         $vars = array(
-            ':userName' => $national_user['user_name'],
+            ':userName' => $national_user['userName'],
             ':lastName' => $national_user['lastName'],
             ':firstName' => $national_user['firstName'],
             ':midInit' => $national_user['middleName'],

LEAF_Nexus/sources/Login.php

@@ -237,6 +237,7 @@ public function logout()
 //        $https = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ? true : false;
         $https = true;
         setcookie('PHPSESSID', '', time() - 3600, $cookie['path'], $cookie['domain'], $https, true);
+        setcookie('REMOTE_USER', '', time() - 3600, $cookie['path'], $cookie['domain'], $https, true);
     }
 
     public function isLogin()

LEAF_Request_Portal/api/controllers/TemplateFileHistoryController.php

@@ -69,7 +69,6 @@ public function post($act)
             });
 
             $this->index['POST']->register('templateEmailHistoryMergeFile/[text]', function ($args) use ($templateFileHistory) {
-                error_log(print_r('Controller ', true));
                 return $templateFileHistory->setEmailMergeTemplate($args[0]);
             });
 

LEAF_Request_Portal/dynicons/index.php

@@ -19,9 +19,22 @@
 include_once LIB_PATH .  '/php-commons/Dynicon.php';
 include_once LIB_PATH .  '/php-commons/XSSHelpers.php';
 
-if (isset($_GET['w']) && isset($_GET['img'])) {
-    $image = new \Leaf\Dynicon(\Leaf\XSSHelpers::scrubFilename($_GET['img']), $_GET['w']);
-} else {
+if (!isset($_GET['w']) && !isset($_GET['img'])) {
     // want to see what is being sent to here if anything.
     error_log(print_r($_GET, true));
+} else {
+    if (!isset($_GET['w']) && isset($_GET['img'])) {
+        // some apps are sending an array with img only and that value is
+        // system-users.svg;w=16
+        // create two variables here extracted from this value
+        $index = strpos($_GET['img'], ';w=');
+        $img = substr($_GET['img'], 0, $index);
+
+        $width = substr($_GET['img'], $index + 3);
+    } else {
+        $img = $_GET['img'];
+        $width = $_GET['w'];
+    }
+
+    $image = new \Leaf\Dynicon(\Leaf\XSSHelpers::scrubFilename($img), $width);
 }

LEAF_Request_Portal/scripts/automated_email.php

@@ -46,7 +46,7 @@
     $daysago = $eventDataArray['AutomatedEmailReminders']['DaysSelected'];
 
     // pass ?current=asdasd to get the present time for testing purposes
-    $intialDaysAgoTimestamp = time() - ($daysago * $timeAdjustment);
+    $intialDaysAgoTimestamp = time() - ((int) $daysago * $timeAdjustment);
 
     echo "Working on step: {$workflowStep['stepID']}, Initial Notification: ".date('Y-m-d H:i:s',$intialDaysAgoTimestamp)."\r\n";
 

LEAF_Request_Portal/scripts/updateDatabase.php

@@ -62,7 +62,8 @@ function updateDB($thisVer, $updateList, $folder, $db)
         $res = $db->prepared_query('SELECT * FROM settings WHERE setting="dbversion"', array());
         if ($res[0]['data'] == $thisVer)
         {
-            echo 'Update failed.' . BR;
+            echo PORTAL_PATH . BR;
+            echo 'Portal DB Update failed.' . BR;
         }
         else
         {

LEAF_Request_Portal/sources/Email.php

@@ -41,6 +41,8 @@ class Email
 
     private object $nexus_db;
 
+    private object $login;
+
     private bool $orgchartInitialized = false;
 
     private int $recordID;
@@ -370,12 +372,12 @@ private function logEmailSent(int $recordID): void
     private function initOrgchart(): void
     {
         // set up org chart assets
-        $oc_db = new \Leaf\Db(\DIRECTORY_HOST, \DIRECTORY_USER, \DIRECTORY_PASS, \ORGCHART_DB);
-        $oc_login = new \Orgchart\Login($oc_db, $oc_db);
+        $oc_login = new \Orgchart\Login($this->nexus_db, $this->nexus_db);
         $oc_login->loginUser();
-        $this->employee = new \Orgchart\Employee($oc_db, $oc_login);
-        $this->position = new \Orgchart\Position($oc_db, $oc_login);
-        $this->group = new \Orgchart\Group($oc_db, $oc_login);
+        $this->login = $oc_login;
+        $this->employee = new \Orgchart\Employee($this->nexus_db, $oc_login);
+        $this->position = new \Orgchart\Position($this->nexus_db, $oc_login);
+        $this->group = new \Orgchart\Group($this->nexus_db, $oc_login);
         $this->orgchartInitialized = true;
     }
 
@@ -457,14 +459,15 @@ function getTemplateIDByLabel(string $emailTemplateLabel): int
     function setTemplateByID(int $emailTemplateID): void
     {
         $vars = array(':emailTemplateID' => $emailTemplateID);
-        $strSQL = "SELECT `emailTo`, `emailCc`,`subject`, `body` FROM `email_templates` ".
-            "WHERE emailTemplateID = :emailTemplateID;";
+        $strSQL = "SELECT `emailTo`, `emailCc`,`subject`, `body`
+                FROM `email_templates`
+                WHERE `emailTemplateID` = :emailTemplateID";
         $res = $this->portal_db->prepared_query($strSQL, $vars);
 
-        $this->setEmailToCcWithTemplate(\Leaf\XSSHelpers::xscrub($res[0]['emailTo']));
-        $this->setEmailToCcWithTemplate(\Leaf\XSSHelpers::xscrub($res[0]['emailCc']), true);
-        $this->setSubjectWithTemplate(\Leaf\XSSHelpers::xscrub($res[0]['subject']));
-        $this->setBodyWithTemplate(\Leaf\XSSHelpers::xscrub($res[0]['body']));
+        $this->setEmailToCcWithTemplate(\Leaf\XSSHelpers::xscrub($res[0]['emailTo'] == null ? '' : $res[0]['emailTo']));
+        $this->setEmailToCcWithTemplate(\Leaf\XSSHelpers::xscrub($res[0]['emailCc'] == null ? '' : $res[0]['emailCc']), true);
+        $this->setSubjectWithTemplate(\Leaf\XSSHelpers::xscrub($res[0]['subject'] == null ? '' : $res[0]['subject']));
+        $this->setBodyWithTemplate(\Leaf\XSSHelpers::xscrub($res[0]['body'] == null ? '' : $res[0]['body']));
     }
 
     /**
@@ -578,12 +581,12 @@ private function getFields(int $recordID): array
             JOIN `indicators` USING (`indicatorID`)
             WHERE `recordID` = :recordID';
 
-        $fields = $this->db->prepared_query($strSQL, $vars);
-        
+        $fields = $this->portal_db->prepared_query($strSQL, $vars);
+
         $formattedFields = array();
 
-        foreach($fields as $field) 
-        {   
+        foreach($fields as $field)
+        {
             if ($field["is_sensitive"] == 1) {
                 $formattedFields[$field['indicatorID']] = "**********";
                 continue;
@@ -626,14 +629,14 @@ private function getFields(int $recordID): array
 
         return $formattedFields;
     }
-    
+
     // method for building grid
     private function buildGrid(array $data): string
     {
         // get the grid in the form of array
         $cells = $data['cells'];
         $headers = $data['names'];
-        
+
         // build the grid
         $grid = "<table><tr>";
 
@@ -682,19 +685,27 @@ private function buildFileLink(string $data, string $id, string $series): string
         return $formattedData;
     }
 
+    private function getOrgchartEmployee(int $data): string
+    {
+        $employeeData = $this->employee->lookupEmpUID($data)[0];
+        $employeeName = $employeeData["firstName"]." ".$employeeData["lastName"];
+
+        return $employeeName;
+    }
+
     // method for building orgchart group, position, employee
     private function getOrgchartGroup(int $data): string
     {
         // reference the group by id
-        $group = new Group($this->db, $this->login);
+        $group = new Group($this->portal_db, $this->login);
         $groupName = $group->getGroupName($data);
-        
+
         return $groupName;
     }
 
     private function getOrgchartPosition(int $data): string
     {
-        $position = new \Orgchart\Position($this->oc_db, $this->login);
+        $position = new \Orgchart\Position($this->nexus_db, $this->login);
         $positionName = $position->getTitle($data);
 
         return $positionName;

LEAF_Request_Portal/sources/Form.php

@@ -501,7 +501,11 @@ public function getIndicator($indicatorID, $series, $recordID = null, $parseTemp
                 && !empty($data[0]['data']))
             {
                 $empRes = $this->employee->lookupEmpUID($data[0]['data']);
-                $form[$idx]['displayedValue'] = "{$empRes[0]['firstName']} {$empRes[0]['lastName']}";
+                if (!empty($empRes)) {
+                    $form[$idx]['displayedValue'] = "{$empRes[0]['firstName']} {$empRes[0]['lastName']}";
+                } else {
+                    $form[$idx]['displayedValue'] = '';
+                }
             }
             if ($data[0]['format'] == 'orgchart_position'
                 && isset($data[0]['data']))
@@ -806,7 +810,7 @@ public function deleteAttachment(int $recordID, int $indicatorID, int $series, s
 
             $uploadDir = isset(Config::$uploadDir) ? Config::$uploadDir : UPLOAD_DIR;
 
-            if (isset($value[$index])) {
+            if (is_array($value) && isset($value[$index])) {
                 $_POST['overwrite'] = true;
                 $_POST['series'] = 1;
                 $_POST[$indicatorID] = '';
@@ -2083,7 +2087,7 @@ public function checkReadAccess($records)
                     }
                 }
 
-                if($countPurged > 0) {
+                if($countPurged > 0 && !headers_sent()) {
                     header('LEAF-Query: continue');
                 }
 

LEAF_Request_Portal/sources/FormWorkflow.php

@@ -1223,12 +1223,15 @@ private function getFields(): array
 
             switch(true) {
                 case (str_starts_with($format, "grid") != false):
-                    $data = $this->buildGrid(unserialize($data));
+                    if ($this->isJsonString($data) && is_array(json_decode($data))) {
+                        $data = $this->buildGrid(json_decode($data));
+                    }
                     break;
                 case (str_starts_with($format, "checkboxes") != false):
-                case (str_starts_with($format, "multiselect") != false && is_array($data)):
-                    error_log(print_r($data, true));
-                    $data = $this->buildMultiselect(unserialize($data));
+                case (str_starts_with($format, "multiselect") != false):
+                    if ($this->isJsonString($data) && is_array(json_decode($data))) {
+                        $data = $this->buildMultiselect(json_decode($data));
+                    }
                     break;
                 case (str_starts_with($format, "radio") != false):
                 case (str_starts_with($format, "checkbox") != false):
@@ -1257,6 +1260,13 @@ private function getFields(): array
         return $formattedFields;
     }
 
+    private function isJsonString(mixed $data): bool
+    {
+        json_decode($data);
+
+        return json_last_error() === 0;
+    }
+
     // method for building grid
     private function buildGrid(array $data): string
     {

LEAF_Request_Portal/sources/Group.php

@@ -139,33 +139,23 @@ public function removeGroup($groupID): bool|string
      *
      * Created at: 9/15/2022, 8:51:59 AM (America/New_York)
      */
-    public function removeUser(string $userID, int $groupID, string|null $backupID): array
+    public function removeUser(string $userID, int $groupID, string $backupID = ""): array
     {
         $this->dataActionLogger->logAction(\Leaf\DataActions::DELETE, \Leaf\LoggableTypes::EMPLOYEE, [
                 new \Leaf\LogItem("users", "userID", $userID, $this->getEmployeeDisplay($userID)),
                 new \Leaf\LogItem("users", "groupID", $groupID, $this->getGroupName($groupID))
             ]);
 
-        if ($backupID == null) {
-            $sql_vars = array(':userID' => $userID,
-                            ':groupID' => $groupID,);
+        $vars = array(':userID' => $userID,
+                    ':groupID' => $groupID,
+                    ':backupID' => $backupID);
+        $sql = 'DELETE
+                FROM `users`
+                WHERE `userID` = :userID
+                AND `groupID` = :groupID
+                AND `backupID` = :backupID';
 
-            $result = $this->db->prepared_query('DELETE FROM users
-                                WHERE userID=:userID
-                                AND groupID=:groupID
-                                AND backupID IS NULL',
-                                $sql_vars);
-        } else {
-            $sql_vars = array(':userID' => $userID,
-                            ':groupID' => $groupID,
-                            ':backupID' => $backupID, );
-
-            $result = $this->db->prepared_query('DELETE FROM users
-                                WHERE userID=:userID
-                                AND groupID=:groupID
-                                AND backupID=:backupID',
-                                $sql_vars);
-        }
+        $result = $this->db->prepared_query($sql, $vars);
 
         return (array) $result;
     }

LEAF_Request_Portal/sources/Login.php

@@ -173,6 +173,7 @@ public function logout()
 //        $https = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ? true : false;
         $https = true;
         setcookie('PHPSESSID', '', time() - 3600, $cookie['path'], $cookie['domain'], $https, true);
+        setcookie('REMOTE_USER', '', time() - 3600, $cookie['path'], $cookie['domain'], $https, true);
     }
 
     public function isLogin()