/**
* Modifies an Issue's Reporter.
*
* @param integer $issue_id The id of the issue.
* @param string $fullname The id of the user.
* @param boolean $add_history If this should be logged.
* @return int
*/
public static function update($issue_id, $email, $add_history = true)
{
$email = strtolower(Mail_Helper::getEmailAddress($email));
$usr_id = User::getUserIDByEmail($email, true);
// If no valid user found reset to system account
if (!$usr_id) {
$usr_id = APP_SYSTEM_USER_ID;
}
$sql = 'UPDATE
{{%issue}}
SET
iss_usr_id = ?
WHERE
iss_id = ?';
try {
DB_Helper::getInstance()->query($sql, array($usr_id, $issue_id));
} catch (DbException $e) {
return -1;
}
if ($add_history) {
// TRANSLATORS: %1: email, %2: full name
$current_usr_id = Auth::getUserID();
History::add($issue_id, $current_usr_id, 'issue_updated', 'Reporter was changed to {email} by {user}', array('email' => $email, 'user' => User::getFullName($current_usr_id)));
}
// Add new user to notification list
if ($usr_id > 0) {
Notification::subscribeEmail($usr_id, $issue_id, $email, Notification::getDefaultActions());
}
return 1;
}
/**
* Adds an email to the outgoing mail queue.
*
* @param string $recipient The recipient of this email
* @param array $headers The list of headers that should be sent with this email
* @param string $body The body of the message
* @param integer $save_email_copy Whether to send a copy of this email to a configurable address or not (eventum_sent@)
* @param integer $issue_id The ID of the issue. If false, email will not be associated with issue.
* @param string $type The type of message this is.
* @param integer $sender_usr_id The id of the user sending this email.
* @param integer $type_id The ID of the event that triggered this notification (issue_id, sup_id, not_id, etc)
* @return true, or a PEAR_Error object
*/
public static function add($recipient, $headers, $body, $save_email_copy = 0, $issue_id = false, $type = '', $sender_usr_id = false, $type_id = false)
{
Workflow::modifyMailQueue(Auth::getCurrentProject(false), $recipient, $headers, $body, $issue_id, $type, $sender_usr_id, $type_id);
// avoid sending emails out to users with inactive status
$recipient_email = Mail_Helper::getEmailAddress($recipient);
$usr_id = User::getUserIDByEmail($recipient_email);
if (!empty($usr_id)) {
$user_status = User::getStatusByEmail($recipient_email);
// if user is not set to an active status, then silently ignore
if (!User::isActiveStatus($user_status) && !User::isPendingStatus($user_status)) {
return false;
}
}
$to_usr_id = User::getUserIDByEmail($recipient_email);
$recipient = Mail_Helper::fixAddressQuoting($recipient);
$reminder_addresses = Reminder::_getReminderAlertAddresses();
// add specialized headers
if (!empty($issue_id) && (!empty($to_usr_id) && User::getRoleByUser($to_usr_id, Issue::getProjectID($issue_id)) != User::getRoleID('Customer')) || @in_array(Mail_Helper::getEmailAddress($recipient), $reminder_addresses)) {
$headers += Mail_Helper::getSpecializedHeaders($issue_id, $type, $headers, $sender_usr_id);
}
// try to prevent triggering absence auto responders
$headers['precedence'] = 'bulk';
// the 'classic' way, works with e.g. the unix 'vacation' tool
$headers['Auto-submitted'] = 'auto-generated';
// the RFC 3834 way
if (empty($issue_id)) {
$issue_id = 'null';
}
// if the Date: header is missing, add it.
if (empty($headers['Date'])) {
$headers['Date'] = Mime_Helper::encode(date('D, j M Y H:i:s O'));
}
if (!empty($headers['To'])) {
$headers['To'] = Mail_Helper::fixAddressQuoting($headers['To']);
}
// encode headers and add special mime headers
$headers = Mime_Helper::encodeHeaders($headers);
$res = Mail_Helper::prepareHeaders($headers);
if (Misc::isError($res)) {
Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
return $res;
}
// convert array of headers into text headers
list(, $text_headers) = $res;
$params = array('maq_save_copy' => $save_email_copy, 'maq_queued_date' => Date_Helper::getCurrentDateGMT(), 'maq_sender_ip_address' => !empty($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '', 'maq_recipient' => $recipient, 'maq_headers' => $text_headers, 'maq_body' => $body, 'maq_iss_id' => $issue_id, 'maq_subject' => $headers['Subject'], 'maq_type' => $type);
if ($sender_usr_id) {
$params['maq_usr_id'] = $sender_usr_id;
}
if ($type_id) {
$params['maq_type_id'] = $type_id;
}
$stmt = 'INSERT INTO {{%mail_queue}} SET ' . DB_Helper::buildSet($params);
try {
DB_Helper::getInstance()->query($stmt, $params);
} catch (DbException $e) {
return $res;
}
return true;
}
/**
* Adds an email to the outgoing mail queue.
*
* @access public
* @param string $recipient The recipient of this email
* @param array $headers The list of headers that should be sent with this email
* @param string $body The body of the message
* @param integer $save_email_copy Whether to send a copy of this email to a configurable address or not (eventum_sent@)
* @param integer $issue_id The ID of the issue. If false, email will not be associated with issue.
* @param string $type The type of message this is.
* @param integer $sender_usr_id The id of the user sending this email.
* @param integer $type_id The ID of the event that triggered this notification (issue_id, sup_id, not_id, etc)
* @return true, or a PEAR_Error object
*/
function add($recipient, $headers, $body, $save_email_copy = 0, $issue_id = false, $type = '', $sender_usr_id = false, $type_id = false)
{
// avoid sending emails out to users with inactive status
$recipient_email = Mail_API::getEmailAddress($recipient);
$usr_id = User::getUserIDByEmail($recipient_email);
if (!empty($usr_id)) {
$user_status = User::getStatusByEmail($recipient_email);
// if user is not set to an active status, then silently ignore
if (!User::isActiveStatus($user_status) && !User::isPendingStatus($user_status)) {
return false;
}
}
$to_usr_id = User::getUserIDByEmail($recipient_email);
$recipient = Mail_API::fixAddressQuoting($recipient);
$reminder_addresses = Reminder::_getReminderAlertAddresses();
// add specialized headers
if (!empty($issue_id) && (!empty($to_usr_id) && User::getRoleByUser($to_usr_id, Issue::getProjectID($issue_id)) > User::getRoleID("Customer")) || @in_array(Mail_API::getEmailAddress($to), $reminder_addresses)) {
$headers += Mail_API::getSpecializedHeaders($issue_id, $type, $headers, $sender_usr_id);
}
if (empty($issue_id)) {
$issue_id = 'null';
}
// if the Date: header is missing, add it.
if (!in_array('Date', array_keys($headers))) {
$headers['Date'] = MIME_Helper::encode(date('D, j M Y H:i:s O'));
}
if (!empty($headers['To'])) {
$headers['To'] = Mail_API::fixAddressQuoting($headers['To']);
}
list(, $text_headers) = Mail_API::prepareHeaders($headers);
$stmt = "INSERT INTO\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "mail_queue\n (\n maq_save_copy,\n maq_queued_date,\n maq_sender_ip_address,\n maq_recipient,\n maq_headers,\n maq_body,\n maq_iss_id,\n maq_subject,\n maq_type";
if ($sender_usr_id != false) {
$stmt .= ",\nmaq_usr_id";
}
if ($type_id != false) {
$stmt .= ",\nmaq_type_id";
}
$stmt .= ") VALUES (\n {$save_email_copy},\n '" . Date_API::getCurrentDateGMT() . "',\n '" . getenv("REMOTE_ADDR") . "',\n '" . Misc::escapeString($recipient) . "',\n '" . Misc::escapeString($text_headers) . "',\n '" . Misc::escapeString($body) . "',\n " . Misc::escapeInteger($issue_id) . ",\n '" . Misc::escapeString($headers["Subject"]) . "',\n '{$type}'";
if ($sender_usr_id != false) {
$stmt .= ",\n" . $sender_usr_id;
}
if ($type_id != false) {
$stmt .= ",\n" . $type_id;
}
$stmt .= ")";
$res = $GLOBALS["db_api"]->dbh->query($stmt);
if (PEAR::isError($res)) {
Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
return $res;
} else {
return true;
}
}
/**
* Method to check if the user has a valid auth cookie.
* The cookie contents is validated for hash matching and user id from database.
*
* @return boolean
*/
public static function hasAuthCookie()
{
$cookie = self::getDecodedCookie(APP_COOKIE);
if (!$cookie || empty($cookie['email']) || empty($cookie['hash'])) {
return false;
}
$hash = self::generateHash($cookie['login_time'], $cookie['email']);
if ($cookie['hash'] != $hash) {
return false;
}
$usr_id = User::getUserIDByEmail($cookie['email']);
return !!$usr_id;
}
public static function isTokenValidForEmail($token, $email)
{
try {
$usr_id = User::getUserIDByEmail($email, true);
$active_tokens = self::getTokensForUser($usr_id);
foreach ($active_tokens as $row) {
if ($row['token'] == $token) {
return true;
}
}
return false;
} catch (AuthException $e) {
return false;
}
}
/**
* Gets the current user ID.
*
* @access public
* @return integer The ID of the user
*/
function getUserID()
{
$info = Auth::getCookieInfo(APP_COOKIE);
if (empty($info)) {
return '';
} else {
return @User::getUserIDByEmail($info["email"]);
}
}
public function getUserIDByLogin($login)
{
$usr_id = User::getUserIDByEmail($login, true);
if (!$usr_id) {
// the login is not a local email address, try external id
$usr_id = User::getUserIDByExternalID($login);
}
if ($usr_id) {
$local_user_info = User::getDetails($usr_id);
}
if (!empty($local_user_info) && empty($local_user_info['usr_external_id'])) {
// local user exists and is not associated with LDAP, don't try to update.
return $usr_id;
}
// try to create or update local user from ldap info
$created = $this->updateLocalUserFromBackend($login);
return $created;
}
public function getUserIDByLogin($login)
{
return User::getUserIDByEmail($login, true);
}
<?php
/*
* Runonce script to set the sup_usr_id field in support_email
*/
include_once "../../../config.inc.php";
include_once APP_INC_PATH . "db_access.php";
$stmt = "SELECT\n sup_id,\n sup_from\n FROM\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "support_email\n WHERE\n sup_usr_id IS NULL AND\n sup_iss_id != 0";
$res = $GLOBALS["db_api"]->dbh->getAssoc($stmt);
foreach ($res as $sup_id => $email) {
$usr_id = User::getUserIDByEmail(Mail_API::getEmailAddress($email));
if (!empty($usr_id)) {
$stmt = "UPDATE\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "support_email\n SET\n sup_usr_id = {$usr_id}\n WHERE\n sup_id = {$sup_id}";
$update = $GLOBALS["db_api"]->dbh->query($stmt);
if (PEAR::isError($update)) {
echo "<pre>";
var_dump($update);
echo "</pre>";
exit(1);
}
}
}
echo "complete";
/**
* Creates an issue with the given email information.
*
* @param integer $prj_id The project ID
* @param integer $usr_id The user responsible for this action
* @param string $sender The original sender of this email
* @param string $summary The issue summary
* @param string $description The issue description
* @param integer $category The category ID
* @param integer $priority The priority ID
* @param array $assignment The list of users to assign this issue to
* @param string $date The date the email was originally sent.
* @param string $msg_id The message ID of the email we are creating this issue from.
* @param integer $severity
* @param string $customer_id
* @param string $contact_id
* @param string $contract_id
* @return int
*/
public static function createFromEmail($prj_id, $usr_id, $sender, $summary, $description, $category, $priority, $assignment, $date, $msg_id, $severity, $customer_id, $contact_id, $contract_id)
{
$exclude_list = array();
$managers = array();
$sender_email = Mail_Helper::getEmailAddress($sender);
$sender_usr_id = User::getUserIDByEmail($sender_email, true);
if (!empty($sender_usr_id)) {
$reporter = $sender_usr_id;
$exclude_list[] = $sender_usr_id;
}
$data = array('category' => $category, 'priority' => $priority, 'severity' => $severity, 'description' => $description, 'summary' => $summary, 'msg_id' => $msg_id, 'customer' => false, 'contact' => false, 'contract' => false, 'contact_person_lname' => '', 'contact_person_fname' => '', 'contact_email' => '', 'contact_phone' => '', 'contact_timezone' => '');
if (CRM::hasCustomerIntegration($prj_id)) {
$crm = CRM::getInstance($prj_id);
try {
if ($contact_id != false) {
$contact = $crm->getContact($contact_id);
} else {
$contact = $crm->getContactByEmail($sender_email);
}
// overwrite the reporter with the customer contact
$reporter = User::getUserIDByContactID($contact->getContactID());
$data['contact'] = $contact->getContactID();
$data['contact_person_lname'] = $contact['last_name'];
$data['contact_person_fname'] = $contact['first_name'];
$data['contact_email'] = $sender_email;
$data['contact_phone'] = $contact['phone'];
$data['contact_timezone'] = Date_Helper::getPreferredTimezone($reporter);
} catch (ContactNotFoundException $e) {
}
try {
if ($contract_id != false) {
$contract = $crm->getContract($contract_id);
$data['contract'] = $contract->getContractID();
} elseif (isset($contact)) {
// Just use first contract / customer for now.
$contracts = $contact->getContracts(array('active' => true));
$contract = $contracts[0];
$data['contract'] = $contract->getContractID();
}
} catch (ContractNotFoundException $e) {
}
try {
if ($customer_id != false) {
$customer = $crm->getCustomer($customer_id);
$data['customer'] = $customer->getCustomerID();
} elseif (isset($contract)) {
$customer = $contract->getCustomer();
$data['customer'] = $customer->getCustomerID();
}
} catch (CustomerNotFoundException $e) {
}
} else {
}
if (empty($reporter)) {
$reporter = APP_SYSTEM_USER_ID;
}
$data['reporter'] = $reporter;
$issue_id = self::insertIssue($prj_id, $data);
if ($issue_id == -1) {
return -1;
}
$has_RR = false;
// log the creation of the issue
History::add($issue_id, $usr_id, 'issue_opened', 'Issue opened by {sender}', array('sender' => $sender));
$emails = array();
// if there are any technical account managers associated with this customer, add these users to the notification list
if ($data['customer']) {
$managers = CRM::getAccountManagers($prj_id, $data['customer']);
foreach ($managers as $manager) {
$emails[] = $manager['usr_email'];
}
}
// add the reporter to the notification list
$emails[] = $sender;
$emails = array_unique($emails);
$actions = Notification::getDefaultActions($issue_id, false, 'issue_from_email');
foreach ($emails as $address) {
Notification::subscribeEmail($reporter, $issue_id, $address, $actions);
}
// only assign the issue to an user if the associated customer has any technical account managers
$users = array();
$has_TAM = false;
if (CRM::hasCustomerIntegration($prj_id) && count($managers) > 0) {
foreach ($managers as $manager) {
if ($manager['cam_type'] == 'intpart') {
continue;
}
$users[] = $manager['cam_usr_id'];
self::addUserAssociation($usr_id, $issue_id, $manager['cam_usr_id'], false);
History::add($issue_id, $usr_id, 'issue_auto_assigned', 'Issue auto-assigned to {assignee} (TAM)', array('assignee' => User::getFullName($manager['cam_usr_id'])));
}
$has_TAM = true;
}
// now add the user/issue association
if (@count($assignment) > 0) {
foreach ($assignment as $ass_usr_id) {
Notification::subscribeUser($reporter, $issue_id, $ass_usr_id, $actions);
self::addUserAssociation(APP_SYSTEM_USER_ID, $issue_id, $ass_usr_id);
if ($ass_usr_id != $usr_id) {
$users[] = $ass_usr_id;
}
}
} else {
// only use the round-robin feature if this new issue was not
// already assigned to a customer account manager
if (count($managers) < 1) {
$assignee = Round_Robin::getNextAssignee($prj_id);
// assign the issue to the round robin person
if (!empty($assignee)) {
self::addUserAssociation(APP_SYSTEM_USER_ID, $issue_id, $assignee, false);
History::add($issue_id, APP_SYSTEM_USER_ID, 'rr_issue_assigned', 'Issue auto-assigned to {assignee} (RR)', array('assignee' => User::getFullName($assignee)));
$users[] = $assignee;
$has_RR = true;
}
}
}
Workflow::handleNewIssue($prj_id, $issue_id, $has_TAM, $has_RR);
// send special 'an issue was auto-created for you' notification back to the sender
Notification::notifyAutoCreatedIssue($prj_id, $issue_id, $sender, $date, $summary);
// also notify any users that want to receive emails anytime a new issue is created
Notification::notifyNewIssue($prj_id, $issue_id, $exclude_list);
return $issue_id;
}
/**
* Method used to update the details of a given subscription.
*
* @param $issue_id
* @param integer $sub_id The subscription ID
* @param $email
* @return integer 1 if the update worked, -1 otherwise
*/
public static function update($issue_id, $sub_id, $email)
{
$usr_id = User::getUserIDByEmail(strtolower(Mail_Helper::getEmailAddress($email)), true);
if (!empty($usr_id)) {
$email = '';
} else {
$usr_id = 0;
}
$prj_id = Issue::getProjectID($issue_id);
// call workflow to modify actions or cancel adding this user.
$actions = array();
$subscriber_usr_id = false;
$workflow = Workflow::handleSubscription($prj_id, $issue_id, $subscriber_usr_id, $email, $actions);
if ($workflow === false) {
// cancel subscribing the user
return -2;
}
// always set the type of notification to issue-level
$stmt = "UPDATE\n {{%subscription}}\n SET\n sub_level='issue',\n sub_email=?,\n sub_usr_id=?\n WHERE\n sub_id=?";
try {
DB_Helper::getInstance()->query($stmt, array($email, $usr_id, $sub_id));
} catch (DbException $e) {
return -1;
}
$stmt = 'DELETE FROM
{{%subscription_type}}
WHERE
sbt_sub_id=?';
DB_Helper::getInstance()->query($stmt, array($sub_id));
// now add them all again
foreach ($_POST['actions'] as $sbt_type) {
// FIXME: $sbt_type not validated for sane values
self::addType($sub_id, $sbt_type);
}
// need to mark the issue as updated
Issue::markAsUpdated($issue_id);
$current_usr_id = Auth::getUserID();
History::add($issue_id, $current_usr_id, 'notification_updated', "Notification list entry ('{subscriber}') updated by {user}", array('subscriber' => self::getSubscriber($sub_id), 'user' => User::getFullName($current_usr_id)));
return 1;
}
/**
* Gets the current user ID.
*
* @return integer The ID of the user
*/
public static function getUserID()
{
$info = self::getCookieInfo(APP_COOKIE);
if (empty($info)) {
return '';
}
return User::getUserIDByEmail($info['email']);
}
/**
* Method used to add a customized warning message to the body
* of outgoing emails.
*
* @param integer $issue_id The issue ID
* @param string $to The recipient of the message
* @param string $body The body of the message
* @param array $headers The headers of the message
* @return string The body of the message with the warning message, if appropriate
*/
public static function addWarningMessage($issue_id, $to, $body, $headers)
{
$setup = Setup::load();
if (@$setup['email_routing']['status'] == 'enabled' && $setup['email_routing']['warning']['status'] == 'enabled') {
// check if the recipient can send emails to the customer
$recipient_email = self::getEmailAddress($to);
$recipient_usr_id = User::getUserIDByEmail($recipient_email);
// don't add the warning message if the recipient is an unknown email address
if (empty($recipient_usr_id)) {
return $body;
} else {
// don't add anything if the recipient is a known customer contact
$recipient_role_id = User::getRoleByUser($recipient_usr_id, Issue::getProjectID($issue_id));
if ($recipient_role_id == User::getRoleID('Customer')) {
return $body;
} else {
if (!Support::isAllowedToEmail($issue_id, $recipient_email)) {
$warning = self::getWarningMessage('blocked');
} else {
$warning = self::getWarningMessage('allowed');
}
if (@$headers['Content-Transfer-Encoding'] == 'base64') {
return base64_encode($warning . "\n\n" . trim(base64_decode($body)));
} else {
return $warning . "\n\n" . $body;
}
}
}
} else {
return $body;
}
}
/**
* Authorize request.
* TODO: translations
* TODO: ip based control
*/
function authorizeRequest()
{
// try current auth cookie
$usr_id = Auth::getUserID();
if (!$usr_id) {
// otherwise setup HTTP Auth headers
$authData = getAuthData();
if ($authData === null) {
sendAuthenticateHeader();
echo 'Error: You are required to authenticate in order to access the requested RSS feed.';
exit;
}
list($authUser, $authPassword) = $authData;
// check the authentication
if (Validation::isWhitespace($authUser)) {
sendAuthenticateHeader();
echo 'Error: Please provide your email address.';
exit;
}
if (Validation::isWhitespace($authPassword)) {
sendAuthenticateHeader();
echo 'Error: Please provide your password.';
exit;
}
// check if user exists
if (!Auth::userExists($authUser)) {
sendAuthenticateHeader();
echo 'Error: The user specified does not exist.';
exit;
}
// check if the password matches
if (!Auth::isCorrectPassword($authUser, $authPassword)) {
sendAuthenticateHeader();
echo 'Error: The provided email address/password combo is not correct.';
exit;
}
// check if this user did already confirm his account
if (Auth::isPendingUser($authUser)) {
sendAuthenticateHeader();
echo 'Error: The provided user still needs to have its account confirmed.';
exit;
}
// check if this user is really an active one
if (!Auth::isActiveUser($authUser)) {
sendAuthenticateHeader();
echo 'Error: The provided user is currently set as an inactive user.';
exit;
}
$usr_id = User::getUserIDByEmail($authUser);
Auth::createFakeCookie($usr_id);
}
// check if the required parameter 'custom_id' is really being passed
if (empty($_GET['custom_id'])) {
rssError("Error: The required 'custom_id' parameter was not provided.");
exit;
}
// check if the passed 'custom_id' parameter is associated with the usr_id
if (!Filter::isGlobal($_GET['custom_id']) && !Filter::isOwner($_GET['custom_id'], $usr_id)) {
rssError('Error: The provided custom filter ID is not associated with the given email address.');
exit;
}
}
/**
* Check if this email needs to be blocked and if so, block it.
*
*
*/
public static function blockEmailIfNeeded($email)
{
if (empty($email['issue_id'])) {
return false;
}
$issue_id = $email['issue_id'];
$prj_id = Issue::getProjectID($issue_id);
$sender_email = strtolower(Mail_Helper::getEmailAddress($email['from']));
list($text_headers, $body) = Mime_Helper::splitHeaderBody($email['full_email']);
if (Mail_Helper::isVacationAutoResponder($email['headers']) || Notification::isBounceMessage($sender_email) || !self::isAllowedToEmail($issue_id, $sender_email)) {
// add the message body as a note
$_POST = array('full_message' => $email['full_email'], 'title' => @$email['headers']['subject'], 'note' => Mail_Helper::getCannedBlockedMsgExplanation($issue_id) . $email['body'], 'message_id' => Mail_Helper::getMessageID($text_headers, $body));
// avoid having this type of message re-open the issue
if (Mail_Helper::isVacationAutoResponder($email['headers'])) {
$closing = true;
$notify = false;
} else {
$closing = false;
$notify = true;
}
$res = Note::insertFromPost(Auth::getUserID(), $issue_id, $email['headers']['from'], false, $closing, $notify, true);
// associate the email attachments as internal-only files on this issue
if ($res != -1) {
self::extractAttachments($issue_id, $email['full_email'], true, $res);
}
$_POST['issue_id'] = $issue_id;
$_POST['from'] = $sender_email;
// avoid having this type of message re-open the issue
if (Mail_Helper::isVacationAutoResponder($email['headers'])) {
$email_type = 'vacation-autoresponder';
} else {
$email_type = 'routed';
}
Workflow::handleBlockedEmail($prj_id, $issue_id, $_POST, $email_type);
// try to get usr_id of sender, if not, use system account
$usr_id = User::getUserIDByEmail(Mail_Helper::getEmailAddress($email['from']), true);
if (!$usr_id) {
$usr_id = APP_SYSTEM_USER_ID;
}
History::add($issue_id, $usr_id, 'email_blocked', "Email from '{from}' blocked", array('from' => $email['from']));
return true;
}
return false;
}
/**
* Returns if the specified user is authorized to reply to this issue.
*
* @access public
* @param integer $issue_id The id of the issue.
* @param string $email The email address to check.
* @return boolean If the specified user is allowed to reply to the issue.
*/
function isAuthorizedReplier($issue_id, $email)
{
$email = strtolower(Mail_API::getEmailAddress($email));
// first check if this is an actual user or just an email address
$user_emails = User::getAssocEmailList();
if (in_array($email, array_keys($user_emails))) {
// real user, get id
$usr_id = User::getUserIDByEmail($email);
return Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id);
} else {
// not a real user
$stmt = "SELECT\n COUNT(*) AS total\n FROM\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "issue_user_replier\n WHERE\n iur_iss_id=" . Misc::escapeInteger($issue_id) . " AND\n iur_email='" . Misc::escapeString($email) . "'";
$res = $GLOBALS["db_api"]->dbh->getOne($stmt);
if (PEAR::isError($res)) {
Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
return false;
} else {
if ($res > 0) {
return true;
} else {
return false;
}
}
}
}
/**
* Format is "clock [in|out]"
*
* @param Net_SmartIRC $irc
* @param Net_SmartIRC_data $data
*/
public final function clock(Net_SmartIRC $irc, Net_SmartIRC_data $data)
{
if (!$this->isAuthenticated($data)) {
return;
}
switch (count($data->messageex)) {
case 1:
break;
case 2:
if (in_array($data->messageex[1], array('in', 'out'))) {
break;
}
// fall through to an error
// fall through to an error
default:
$this->sendResponse($data->nick, 'Error: wrong parameter count for "CLOCK" command. Format is "!clock [in|out]".');
return;
}
$command = isset($data->messageex[1]) ? $data->messageex[1] : null;
// FIXME: handle if $email is empty
$email = $this->bot->getEmailByNickname($data->nick);
$usr_id = User::getUserIDByEmail($email);
if ($command == 'in') {
$res = User::clockIn($usr_id);
} elseif ($command == 'out') {
$res = User::clockOut($usr_id);
} else {
if (User::isClockedIn($usr_id)) {
$msg = 'clocked in';
} else {
$msg = 'clocked out';
}
$this->sendResponse($data->nick, "You are currently {$msg}.");
return;
}
if ($res == 1) {
$this->sendResponse($data->nick, "Thank you, you are now clocked {$command}.");
} else {
$this->sendResponse($data->nick, "Error clocking {$command}.");
}
}
exit;
}
// check if the required parameter 'custom_id' is really being passed
if (empty($HTTP_GET_VARS['custom_id'])) {
returnError("Error: The required 'custom_id' parameter was not provided.");
exit;
}
$usr_id = User::getUserIDByEmail($HTTP_SERVER_VARS['PHP_AUTH_USER']);
// check if the passed 'custom_id' parameter is associated with the usr_id
if (!Filter::isGlobal($HTTP_GET_VARS['custom_id']) && !Filter::isOwner($HTTP_GET_VARS['custom_id'], $usr_id)) {
returnError('Error: The provided custom filter ID is not associated with the given email address.');
exit;
}
}
$filter = Filter::getDetails($HTTP_GET_VARS["custom_id"], FALSE);
Auth::createFakeCookie(User::getUserIDByEmail($HTTP_SERVER_VARS['PHP_AUTH_USER']), $filter['cst_prj_id']);
$options = array('users' => $filter['cst_users'], 'keywords' => $filter['cst_keywords'], 'priority' => $filter['cst_iss_pri_id'], 'category' => $filter['cst_iss_prc_id'], 'status' => $filter['cst_iss_sta_id'], 'hide_closed' => $filter['cst_hide_closed'], 'hide_answered' => $filter['cst_hide_answered'], 'sort_by' => $filter['cst_sort_by'], 'sort_order' => $filter['cst_sort_order']);
$issues = Issue::getListing($filter['cst_prj_id'], $options, 0, 'ALL', TRUE);
$issues = $issues['list'];
$project_title = Project::getName($filter['cst_prj_id']);
Issue::getDescriptionByIssues($issues);
Header("Content-Type: text/xml; charset=" . APP_CHARSET);
echo '<?xml version="1.0" encoding="' . APP_CHARSET . '"?>' . "\n";
?>
<rss version="2.0"
>
<channel>
<title><?php
echo htmlspecialchars($setup['tool_caption']);
?>
- <?php
/**
* Method used to add a customized warning message to the body
* of outgoing emails.
*
* @access public
* @param integer $issue_id The issue ID
* @param string $to The recipient of the message
* @param string $body The body of the message
* @return string The body of the message with the warning message, if appropriate
*/
function addWarningMessage($issue_id, $to, $body)
{
$setup = Setup::load();
if (@$setup['email_routing']['status'] == 'enabled' && $setup['email_routing']['warning']['status'] == 'enabled') {
// check if the recipient can send emails to the customer
$recipient_email = Mail_API::getEmailAddress($to);
$recipient_usr_id = User::getUserIDByEmail($recipient_email);
// don't add the warning message if the recipient is an unknown email address
if (empty($recipient_usr_id)) {
return $body;
} else {
// don't add anything if the recipient is a known customer contact
$recipient_role_id = User::getRoleByUser($recipient_usr_id, Issue::getProjectID($issue_id));
if ($recipient_role_id == User::getRoleID('Customer')) {
return $body;
} else {
if (!Support::isAllowedToEmail($issue_id, $recipient_email)) {
return Mail_API::getWarningMessage('blocked') . "\n\n" . $body;
} else {
return Mail_API::getWarningMessage('allowed') . "\n\n" . $body;
}
}
}
} else {
return $body;
}
}
/**
* Gets the current user ID.
*
* @return integer The ID of the user
*/
public static function getUserID()
{
$info = AuthCookie::getAuthCookie();
if (!$info) {
return '';
}
return User::getUserIDByEmail($info['email']);
}
public function updateLocalUserFromBackend($remote)
{
$setup = self::loadSetup();
$usr_id = User::getUserIDByEmail($remote['mail'], true);
$data = array('password' => '', 'full_name' => $remote['firstname'] . ' ' . $remote['lastname'], 'external_id' => $remote['uid']);
if (!empty($setup['customer_id_attribute'])) {
$data['customer_id'] = $remote[$setup['customer_id_attribute']];
}
if (!empty($setup['contact_id_attribute'])) {
$data['contact_id'] = $remote[$setup['contact_id_attribute']];
}
// if local user found, update it and return usr id
if ($usr_id) {
// do not reset user password, it maybe be set locally before this
unset($data['password']);
// perspective what is main address and what is alias may be different in CAS and in eventum
$emails = array($remote['mail']);
$email = User::getEmail($usr_id);
if (($key = array_search($email, $emails)) !== false) {
unset($emails[$key]);
$data['email'] = $email;
} else {
if (count($emails) < 1) {
throw new AuthException('E-mail is required');
}
// just use first email
$data['email'] = array_shift($emails);
}
// do not clear full name if for some reason it is empty
if (empty($data['full_name'])) {
unset($data['full_name']);
}
$update = User::update($usr_id, $data, false);
if ($update > 0) {
$this->updateAliases($usr_id, $emails);
}
return $usr_id;
} else {
// create new local user
$setup = self::loadSetup();
if ($setup['create_users'] == false) {
throw new AuthException('User does not exist and will not be created.');
}
$data['role'] = $setup['default_role'];
$emails = array($remote['mail']);
if (count($emails) < 1) {
throw new AuthException('E-mail is required');
}
$data['email'] = array_shift($emails);
if (!empty($data['customer_id']) && !empty($data['contact_id'])) {
foreach ($data['role'] as $prj_id => $role) {
if ($role > 0) {
$data['role'][$prj_id] = User::ROLE_CUSTOMER;
}
}
}
$usr_id = User::insert($data);
if ($usr_id > 0 && $emails) {
$this->updateAliases($usr_id, $emails);
}
}
return $usr_id;
}
// +----------------------------------------------------------------------+
// | Authors: João Prado Maia <*****@*****.**> |
// +----------------------------------------------------------------------+
//
// @(#) $Id: s.forgot_password.php 1.8 03/12/12 19:09:43-00:00 jpradomaia $
//
include_once "config.inc.php";
include_once APP_INC_PATH . "class.template.php";
include_once APP_INC_PATH . "class.user.php";
include_once APP_INC_PATH . "class.mail.php";
include_once APP_INC_PATH . "db_access.php";
$tpl = new Template_API();
$tpl->setTemplate("forgot_password.tpl.html");
if (@$HTTP_POST_VARS["cat"] == "reset_password") {
if (empty($HTTP_POST_VARS["email"])) {
$tpl->assign("result", 4);
}
$usr_id = User::getUserIDByEmail($HTTP_POST_VARS["email"]);
if (empty($usr_id)) {
$tpl->assign("result", 5);
} else {
$info = User::getDetails($usr_id);
if (!User::isActiveStatus($info["usr_status"])) {
$tpl->assign("result", 3);
} else {
User::sendPasswordConfirmationEmail($usr_id);
$tpl->assign("result", 1);
}
}
}
$tpl->displayTemplate();
/**
* Returns the status of the user associated with the given email address.
*
* @param string $email The email address
* @return string The user status
*/
public static function getStatusByEmail($email)
{
static $returns;
if (isset($returns[$email])) {
return $returns[$email];
}
$email = User::getEmail(User::getUserIDByEmail($email, true));
$stmt = 'SELECT
usr_status
FROM
{{%user}}
WHERE
usr_email=?';
try {
$res = DB_Helper::getInstance()->getOne($stmt, array($email));
} catch (DbException $e) {
return '';
}
$returns[$email] = $res;
return $res;
}
/**
* Creates an issue with the given email information.
*
* @access public
* @param integer $prj_id The project ID
* @param integer $usr_id The user responsible for this action
* @param string $sender The original sender of this email
* @param string $summary The issue summary
* @param string $description The issue description
* @param integer $category The category ID
* @param integer $priority The priority ID
* @param array $assignment The list of users to assign this issue to
* @param string $date The date the email was originally sent.
* @param string $msg_id The message ID of the email we are creating this issue from.
* @return void
*/
function createFromEmail($prj_id, $usr_id, $sender, $summary, $description, $category, $priority, $assignment, $date, $msg_id)
{
$exclude_list = array();
$sender_email = Mail_API::getEmailAddress($sender);
$sender_usr_id = User::getUserIDByEmail($sender_email);
if (!empty($sender_usr_id)) {
$reporter = $sender_usr_id;
$exclude_list[] = $sender_usr_id;
} else {
$reporter = APP_SYSTEM_USER_ID;
}
if (Customer::hasCustomerIntegration($prj_id)) {
list($customer_id, $customer_contact_id) = Customer::getCustomerIDByEmails($prj_id, array($sender_email));
if (!empty($customer_id)) {
$contact = Customer::getContactDetails($prj_id, $customer_contact_id);
// overwrite the reporter with the customer contact
$reporter = User::getUserIDByContactID($customer_contact_id);
$contact_timezone = Date_API::getPreferredTimezone($reporter);
}
} else {
$customer_id = FALSE;
}
$initial_status = Project::getInitialStatus($prj_id);
// add new issue
$stmt = "INSERT INTO\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "issue\n (\n iss_prj_id,\n";
if (!empty($category)) {
$stmt .= "iss_prc_id,\n";
}
$stmt .= "iss_pri_id,\n iss_usr_id,";
if (!empty($initial_status)) {
$stmt .= "iss_sta_id,";
}
if (!empty($customer_id)) {
$stmt .= "\n iss_customer_id,\n iss_customer_contact_id,\n iss_contact_person_lname,\n iss_contact_person_fname,\n iss_contact_email,\n iss_contact_phone,\n iss_contact_timezone,";
}
$stmt .= "\n iss_created_date,\n iss_last_public_action_date,\n iss_last_public_action_type,\n iss_summary,\n iss_description,\n iss_root_message_id\n ) VALUES (\n " . $prj_id . ",\n";
if (!empty($category)) {
$stmt .= Misc::escapeInteger($category) . ",\n";
}
$stmt .= Misc::escapeInteger($priority) . ",\n " . Misc::escapeInteger($reporter) . ",";
if (!empty($initial_status)) {
$stmt .= Misc::escapeInteger($initial_status) . ",";
}
if (!empty($customer_id)) {
$stmt .= "\n " . Misc::escapeInteger($customer_id) . ",\n " . Misc::escapeInteger($customer_contact_id) . ",\n '" . Misc::escapeString($contact['last_name']) . "',\n '" . Misc::escapeString($contact['first_name']) . "',\n '" . Misc::escapeString($sender_email) . "',\n '" . Misc::escapeString($contact['phone']) . "',\n '" . Misc::escapeString($contact_timezone) . "',";
}
$stmt .= "\n '" . Date_API::getCurrentDateGMT() . "',\n '" . Date_API::getCurrentDateGMT() . "',\n 'created',\n '" . Misc::escapeString($summary) . "',\n '" . Misc::escapeString($description) . "',\n '" . Misc::escapeString($msg_id) . "'\n )";
$res = $GLOBALS["db_api"]->dbh->query($stmt);
if (PEAR::isError($res)) {
Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
return -1;
} else {
$new_issue_id = $GLOBALS["db_api"]->get_last_insert_id();
$has_TAM = false;
$has_RR = false;
// log the creation of the issue
History::add($new_issue_id, $usr_id, History::getTypeID('issue_opened'), 'Issue opened by ' . $sender);
$emails = array();
$manager_usr_ids = array();
if (Customer::hasCustomerIntegration($prj_id) && !empty($customer_id)) {
// if there are any technical account managers associated with this customer, add these users to the notification list
$managers = Customer::getAccountManagers($prj_id, $customer_id);
$manager_usr_ids = array_keys($managers);
$manager_emails = array_values($managers);
$emails = array_merge($emails, $manager_emails);
}
// add the reporter to the notification list
$emails[] = $sender;
$emails = array_unique($emails);
// COMPAT: version >= 4.0.1
$actions = Notification::getDefaultActions();
foreach ($emails as $address) {
Notification::subscribeEmail($reporter, $new_issue_id, $address, $actions);
}
// only assign the issue to an user if the associated customer has any technical account managers
$users = array();
if (Customer::hasCustomerIntegration($prj_id) && count($manager_usr_ids) > 0) {
foreach ($manager_usr_ids as $manager_usr_id) {
$users[] = $manager_usr_id;
Issue::addUserAssociation(APP_SYSTEM_USER_ID, $new_issue_id, $manager_usr_id, false);
History::add($new_issue_id, $usr_id, History::getTypeID('issue_auto_assigned'), 'Issue auto-assigned to ' . User::getFullName($manager_usr_id) . ' (TAM)');
}
$has_TAM = true;
}
// now add the user/issue association
if (@count($assignment) > 0) {
for ($i = 0; $i < count($assignment); $i++) {
Notification::subscribeUser($reporter, $new_issue_id, $assignment[$i], $actions);
Issue::addUserAssociation(APP_SYSTEM_USER_ID, $new_issue_id, $assignment[$i]);
if ($assignment[$i] != $usr_id) {
$users[] = $assignment[$i];
}
}
} else {
// only use the round-robin feature if this new issue was not
// already assigned to a customer account manager
if (@count($manager_usr_ids) < 1) {
$assignee = Round_Robin::getNextAssignee($prj_id);
// assign the issue to the round robin person
if (!empty($assignee)) {
Issue::addUserAssociation(APP_SYSTEM_USER_ID, $new_issue_id, $assignee, false);
History::add($new_issue_id, APP_SYSTEM_USER_ID, History::getTypeID('rr_issue_assigned'), 'Issue auto-assigned to ' . User::getFullName($assignee) . ' (RR)');
$users[] = $assignee;
$has_RR = true;
}
}
}
if (count($users) > 0) {
$has_assignee = true;
}
// send special 'an issue was auto-created for you' notification back to the sender
Notification::notifyAutoCreatedIssue($prj_id, $new_issue_id, $sender, $date, $summary);
// also notify any users that want to receive emails anytime a new issue is created
Notification::notifyNewIssue($prj_id, $new_issue_id, $exclude_list);
Workflow::handleNewIssue($prj_id, $new_issue_id, $has_TAM, $has_RR);
return $new_issue_id;
}
}
/**
* @param int $issue_id
* @param int $project_id
* @param string $new_replier
* @return string
* @access protected
*/
public function addAuthorizedReplier($issue_id, $project_id, $new_replier)
{
$usr_id = Auth::getUserID();
$replier_usr_id = User::getUserIDByEmail($new_replier);
// if this is an actual user, not just an email address check permissions
if (!empty($replier_usr_id)) {
// check if the assignee is even allowed to be in the given project
$projects = Project::getRemoteAssocListByUser($replier_usr_id);
if (!in_array($project_id, array_keys($projects))) {
throw new RemoteApiException("The given user is not permitted in the project associated with issue #{$issue_id}");
}
}
// check if user is already authorized
if (Authorized_Replier::isAuthorizedReplier($issue_id, $new_replier)) {
throw new RemoteApiException("The given user is already an authorized replier on issue #{$issue_id}");
}
$res = Authorized_Replier::remoteAddAuthorizedReplier($issue_id, $usr_id, $new_replier);
if ($res == -1) {
throw new RemoteApiException("Could not add '{$new_replier}' as an authorized replier to issue #{$issue_id}");
}
return 'OK';
}
/**
* Check if this email needs to be blocked and if so, block it.
*
*
*/
function blockEmailIfNeeded($email)
{
global $HTTP_POST_VARS;
if (empty($email['issue_id'])) {
return false;
}
$issue_id = $email['issue_id'];
$prj_id = Issue::getProjectID($issue_id);
$sender_email = strtolower(Mail_API::getEmailAddress($email['headers']['from']));
if (Mail_API::isVacationAutoResponder($email['headers']) || Notification::isBounceMessage($sender_email) || !Support::isAllowedToEmail($issue_id, $sender_email)) {
// add the message body as a note
$HTTP_POST_VARS = array('blocked_msg' => $email['full_email'], 'title' => @$email['headers']['subject'], 'note' => Mail_API::getCannedBlockedMsgExplanation($issue_id) . $email['body']);
// avoid having this type of message re-open the issue
if (Mail_API::isVacationAutoResponder($email['headers'])) {
$closing = true;
} else {
$closing = false;
}
$res = Note::insert(Auth::getUserID(), $issue_id, $email['headers']['from'], false, $closing);
// associate the email attachments as internal-only files on this issue
if ($res != -1) {
Support::extractAttachments($issue_id, $email['full_email'], true, $res);
}
$HTTP_POST_VARS['issue_id'] = $issue_id;
$HTTP_POST_VARS['from'] = $sender_email;
// avoid having this type of message re-open the issue
if (Mail_API::isVacationAutoResponder($email['headers'])) {
$email_type = 'vacation-autoresponder';
} else {
$email_type = 'routed';
}
Workflow::handleBlockedEmail($prj_id, $issue_id, $HTTP_POST_VARS, $email_type);
// try to get usr_id of sender, if not, use system account
$usr_id = User::getUserIDByEmail(Mail_API::getEmailAddress($email['from']));
if (!$usr_id) {
$usr_id = APP_SYSTEM_USER_ID;
}
// log blocked email
History::add($issue_id, $usr_id, History::getTypeID('email_blocked'), "Email from '" . $email['from'] . "' blocked.");
return true;
}
return false;
}
$prj_id = Issue::getProjectID($HTTP_GET_VARS['issue']);
if (Customer::hasCustomerIntegration($prj_id)) {
// check if the selected emails all have sender email addresses that are associated with the issue' customer
$senders = Support::getSender($HTTP_GET_VARS['item']);
$sender_emails = array();
for ($i = 0; $i < count($senders); $i++) {
$email = Mail_API::getEmailAddress($senders[$i]);
$sender_emails[$email] = $senders[$i];
}
$customer_id = Issue::getCustomerID($HTTP_GET_VARS['issue']);
if (!empty($customer_id)) {
$contact_emails = array_keys(Customer::getContactEmailAssocList($prj_id, $customer_id));
$unknown_contacts = array();
foreach ($sender_emails as $email => $address) {
if (!@in_array($email, $contact_emails)) {
$usr_id = User::getUserIDByEmail($email);
if (empty($usr_id)) {
$unknown_contacts[] = $address;
} else {
// if we got a real user ID, check if the customer user is the correct one
// (i.e. a contact from the customer associated with the selected issue)
if (User::getRoleByUser($usr_id, $prj_id) == User::getRoleID('Customer')) {
// also check if the associated customer ID, if any, matches the one in the issue
$user_customer_id = User::getCustomerID($usr_id);
if ($user_customer_id != $customer_id) {
$unknown_contacts[] = $address;
}
}
}
}
}
public function clockUser(&$irc, &$data)
{
if (!$this->_isAuthenticated($irc, $data)) {
return;
}
$email = $this->_getEmailByNickname($data->nick);
$pieces = explode(' ', $data->message);
if (count($pieces) == 2 && $pieces[1] != 'in' && $pieces[1] != 'out') {
$this->sendResponse($irc, $data->nick, 'Error: wrong parameter count for "CLOCK" command. Format is "!clock [in|out]".');
return;
}
if (@$pieces[1] == 'in') {
$res = User::clockIn(User::getUserIDByEmail($email));
} elseif (@$pieces[1] == 'out') {
$res = User::clockOut(User::getUserIDByEmail($email));
} else {
if (User::isClockedIn(User::getUserIDByEmail($email))) {
$msg = 'clocked in';
} else {
$msg = 'clocked out';
}
$this->sendResponse($irc, $data->nick, "You are currently {$msg}.");
return;
}
if ($res == 1) {
$this->sendResponse($irc, $data->nick, 'Thank you, you are now clocked ' . $pieces[1] . '.');
} else {
$this->sendResponse($irc, $data->nick, 'Error clocking ' . $pieces[1] . '.');
}
}
/**
* Returns if the specified user is authorized to reply to this issue.
*
* @param integer $issue_id The id of the issue.
* @param string $email The email address to check.
* @return boolean If the specified user is allowed to reply to the issue.
*/
public static function isAuthorizedReplier($issue_id, $email)
{
// XXX: Add caching
$email = strtolower(Mail_Helper::getEmailAddress($email));
// first check if this is an actual user or just an email address
$usr_id = User::getUserIDByEmail($email, true);
if (!empty($usr_id)) {
// real user, get id
$is_usr_authorized = self::isUserAuthorizedReplier($issue_id, $usr_id);
if ($is_usr_authorized) {
return true;
}
// if user is not authorized by user ID, continue to check by email in case the user account was added
// after the email address was added to authorized repliers list.
}
// not a real user
$stmt = 'SELECT
COUNT(*) AS total
FROM
{{%issue_user_replier}}
WHERE
iur_iss_id=? AND
iur_email=?';
try {
$res = DB_Helper::getInstance()->getOne($stmt, array($issue_id, $email));
} catch (DbException $e) {
return false;
}
if ($res > 0) {
return true;
} else {
return false;
}
}
function timeClock($p)
{
$email = XML_RPC_decode($p->getParam(0));
$password = XML_RPC_decode($p->getParam(1));
$auth = authenticate($email, $password);
if (is_object($auth)) {
return $auth;
}
$action = XML_RPC_decode($p->getParam(2));
if ($action == "in") {
$res = User::clockIn(User::getUserIDByEmail($email));
} elseif ($action == "out") {
$res = User::clockOut(User::getUserIDByEmail($email));
} else {
if (User::isClockedIn(User::getUserIDByEmail($email))) {
$msg = "is clocked in";
} else {
$msg = "is clocked out";
}
return new XML_RPC_Response(XML_RPC_Encode("{$email} " . $msg . ".\n"));
}
if ($res == 1) {
return new XML_RPC_Response(XML_RPC_Encode("{$email} successfully clocked " . $action . ".\n"));
} else {
return new XML_RPC_Response(0, $XML_RPC_erruser + 1, "Error clocking " . $action . ".\n");
}
}
