/**
* Create a new profile for the user, return the ID of the new profile
* @param integer $p_user_id A valid user identifier.
* @param string $p_platform Value for profile platform.
* @param string $p_os Value for profile operating system.
* @param string $p_os_build Value for profile operation system build.
* @param string $p_description Description of profile.
* @return integer
*/
function profile_create($p_user_id, $p_platform, $p_os, $p_os_build, $p_description)
{
$p_user_id = (int) $p_user_id;
if (ALL_USERS != $p_user_id) {
user_ensure_unprotected($p_user_id);
}
# platform cannot be blank
if (is_blank($p_platform)) {
error_parameters(lang_get('platform'));
trigger_error(ERROR_EMPTY_FIELD, ERROR);
}
# os cannot be blank
if (is_blank($p_os)) {
error_parameters(lang_get('os'));
trigger_error(ERROR_EMPTY_FIELD, ERROR);
}
# os_build cannot be blank
if (is_blank($p_os_build)) {
error_parameters(lang_get('version'));
trigger_error(ERROR_EMPTY_FIELD, ERROR);
}
# Add profile
db_param_push();
$t_query = 'INSERT INTO {user_profile}
( user_id, platform, os, os_build, description )
VALUES
( ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ' )';
db_query($t_query, array($p_user_id, $p_platform, $p_os, $p_os_build, $p_description));
return db_insert_id(db_get_table('user_profile'));
}
/**
* Add a news item
*
* @param integer $p_project_id A project identifier.
* @param integer $p_poster_id The user id of poster.
* @param integer $p_view_state View state.
* @param boolean $p_announcement Whether article is an announcement.
* @param string $p_headline News Headline.
* @param string $p_body News Body.
* @return integer news article id
*/
function news_create($p_project_id, $p_poster_id, $p_view_state, $p_announcement, $p_headline, $p_body)
{
if (is_blank($p_headline)) {
error_parameters(lang_get('headline'));
trigger_error(ERROR_EMPTY_FIELD, ERROR);
}
if (is_blank($p_body)) {
error_parameters(lang_get('body'));
trigger_error(ERROR_EMPTY_FIELD, ERROR);
}
db_param_push();
$t_query = 'INSERT INTO {news}
( project_id, poster_id, date_posted, last_modified,
view_state, announcement, headline, body )
VALUES
( ' . db_param() . ',
' . db_param() . ',
' . db_param() . ',
' . db_param() . ',
' . db_param() . ',
' . db_param() . ',
' . db_param() . ',
' . db_param() . '
)';
db_query($t_query, array((int) $p_project_id, (int) $p_poster_id, db_now(), db_now(), (int) $p_view_state, $p_announcement, $p_headline, $p_body));
$t_news_id = db_insert_id(db_get_table('news'));
return $t_news_id;
}
function renderIssues($status)
{
$content = array();
$t_bug_table = db_get_table('mantis_bug_table');
$t_user_id = auth_get_current_user_id();
$specific_where = helper_project_specific_where($this->project_id, $t_user_id);
if ($this->severity) {
$severityCond = '= ' . $this->severity;
} else {
$severityCond = '> -1';
}
if ($this->version) {
$versionCon = '= ' . $this->version;
} else {
$versionCon = '> -1';
}
$query = "SELECT *\n\t\t\tFROM {$t_bug_table}\n\t\t\tWHERE {$specific_where}\n\t\t\tAND status = {$status}\n\t\t\tAND severity {$severityCond}\n AND version {$versionCon}\n\t\t\tORDER BY last_updated DESC\n\t\t\tLIMIT 20";
$result = db_query_bound($query);
$category_count = db_num_rows($result);
for ($i = 0; $i < $category_count; $i++) {
$row = db_fetch_array($result);
$content[] = '<div class="portlet ui-helper-clearfix" id="' . $row['id'] . '">
<div class="portlet-header">' . icon_get_status_icon($row['priority']) . ' ' . string_get_bug_view_link($row['id']) . ': ' . $row['summary'] . '</div>
<div class="portlet-content">' . ($row['handler_id'] ? '<strong>Assigned:</strong> ' . user_get_name($row['handler_id']) . BR : '') . '</div></div>';
}
if ($row) {
//pre_var_dump(array_keys($row));
}
return $content;
}
function get_bug_id_from_artas_id($t_artas_id)
{
# ATR or ACP
if (substr($t_artas_id, 0, 3) == "ATR") {
$t_cstm_field = 55;
$t_artas_id = str_replace("ATR", "", $t_artas_id);
} else {
if (substr($t_artas_id, 0, 3) == "ACP") {
$t_cstm_field = 56;
$t_artas_id = str_replace("ACP", "", $t_artas_id);
} else {
return "null";
}
}
list($t_artas_id_number, $t_version) = split("-", $t_artas_id);
$t_version = str_replace("_", " ", $t_version);
$t_custom_table = db_get_table('mantis_custom_field_string_table');
$t_bug_table = db_get_table('mantis_bug_table');
$query = 'SELECT bug_id FROM ' . $t_custom_table . ',' . $t_bug_table . ' WHERE ' . $t_custom_table . '.bug_id = ' . $t_bug_table . '.id and field_id = ' . $t_cstm_field . ' AND value = ' . $t_artas_id_number . ' and version = "' . $t_version . '"';
$result = db_query_bound($query, null);
$rows = array();
$i = 0;
while ($row = db_fetch_array($result)) {
$rows[] = $row['bug_id'];
$i++;
}
if ($i == 1) {
return $rows[0];
} else {
return "null";
}
}
function getUserStorySprintHistory($bug_id)
{
$t_mantis_bug_history_table = db_get_table('mantis_bug_history_table');
$t_sql = "SELECT date_modified \n\t\t\t\t\tFROM {$t_mantis_bug_history_table} \n\t\t\t\t\tWHERE bug_id = " . db_param(0) . " \n\t\t\t\t\tAND field_name = 'Sprint' \n\t\t\t\t\tORDER BY date_modified DESC";
$t_params = array($bug_id);
$sprint = $this->executeQuery($t_sql, $t_params);
return $sprint[0]['date_modified'];
}
/**
* @param $table
* @return string
*/
private function get_mantis_plugin_table($table)
{
if ($this->get_mantis_version() == '1.2.') {
$mantis_plugin_table = plugin_table($table, 'SpecManagement');
} else {
$mantis_plugin_table = db_get_table('plugin_SpecManagement_' . $table);
}
return $mantis_plugin_table;
}
/**
* Gets a specific mantis database table
*
* @param $table
* @return string
*/
private function get_mantis_table($table)
{
if ($this->get_mantis_version() == '1.2.') {
$mantis_table = db_get_table('mantis_' . $table . '_table');
} else {
$mantis_table = db_get_table($table);
}
return $mantis_table;
}
function getNumberOfUserStories($project_id, $version)
{
$t_mantis_custom_field_string_table = db_get_table('mantis_custom_field_string_table');
$t_mantis_bug_table = db_get_table('mantis_bug_table');
$this->getAdditionalProjectFields();
$t_sql = "SELECT count(*) AS userstories \n\t\t\t\t\tFROM {$t_mantis_bug_table} \n\t\t\t\t\tINNER JOIN {$t_mantis_custom_field_string_table} ON id = bug_id \n\t\t\t\t\tWHERE project_id=" . db_param(0) . " \n\t\t\t\t\tAND target_version = " . db_param(1) . " \n\t\t\t\t\tAND status < 80 \n\t\t\t\t\tAND field_id=" . db_param(2) . " \n\t\t\t\t\tAND value != ''" . " \n\t\t\t\t\tGROUP BY field_id";
$t_params = array($project_id, $version, $this->pb);
$total = $this->executeQuery($t_sql, $t_params);
return 0 + $total[0]['userstories'];
}
function profile_exists($p_platform, $p_os, $p_os_build)
{
$t_user_profile_table = db_get_table('mantis_user_profile_table');
$query_where = 'platform = ' . db_param() . ' and os = ' . db_param() . ' and os_build = ' . db_param();
$query = "SELECT *\n\t\t\t\t FROM {$t_user_profile_table}\n\t\t\t\t WHERE {$query_where}\n\t\t\t\t ORDER BY platform, os, os_build LIMIT 0,1";
$result = db_query_bound($query, array($p_platform, $p_os, $p_os_build));
$result = db_fetch_array($result);
if ($result === false) {
return false;
}
return $result['id'];
}
function bug_get_attachments($p_bug_id)
{
$c_bug_id = db_prepare_int($p_bug_id);
$t_bug_file_table = db_get_table('mantis_bug_file_table');
$query = "SELECT id, title, diskfile, filename, filesize, file_type, date_added, user_id\n FROM {$t_bug_file_table}\n WHERE bug_id=" . db_param() . "\n ORDER BY date_added";
$db_result = db_query_bound($query, array($c_bug_id));
$num_files = db_num_rows($db_result);
$t_result = array();
for ($i = 0; $i < $num_files; $i++) {
$t_result[] = db_fetch_array($db_result);
}
return $t_result;
}
function update_bug_summary_by_version($t_version, $map_file)
{
$db_table = db_get_table('mantis_bug_table');
$query = "SELECT `id`, `summary`, `project_id` FROM {$db_table} WHERE `version` = '" . mysql_real_escape_string($t_version) . "'";
$result = db_query_bound($query);
$rows = array();
while (true) {
$row = db_fetch_array($result);
if ($row == false) {
break;
}
$rows[] = $row;
}
if (count($rows) === 0) {
return;
}
require_once "ProjectAcraExt.php";
$app_packages = get_project_package_list($rows[0]['project_id']);
foreach ($rows as $row) {
$bug_id = $row['id'];
$stacktrace = bug_get_text_field($bug_id, 'description');
$info = get_stack_map($stacktrace);
$exception = $info->exception;
$method = "";
$suffix = "";
$size = count($info->stack);
if ($size > 0) {
foreach ($info->stack as $entry) {
$func = $entry->method;
foreach ($app_packages as $pack => $len) {
if (strncmp($func, $pack, $len) === 0) {
$method = $entry->method;
$suffix = $entry->suffix;
break;
}
}
if (strlen($method) > 0) {
break;
}
}
}
if (strlen($exception) > 0) {
$line = build_summary_text($exception, $method . $suffix);
} else {
$line = 'Acra report crash ' . $method . $suffix;
}
$line = mysql_real_escape_string($line);
$query = "UPDATE `{$db_table}` SET `summary` = '{$line}' WHERE `id` = {$bug_id}; ";
db_query_bound($query);
}
}
/**
* Get username.
*/
function get_username($user_id)
{
$user_table = db_get_table('mantis_user_table');
$query_rep_user_name = "SELECT realname, username FROM {$user_table} WHERE id = {$user_id};";
$res_rep_user_name = db_query($query_rep_user_name);
while ($row_rep_user_name = db_fetch_array($res_rep_user_name)) {
if ($row_rep_user_name['realname'] == '') {
$user_name = $row_rep_user_name['username'];
} else {
$user_name = $row_rep_user_name['realname'];
}
}
return $user_name;
}
/**
* Returns an array of time tracking stats
* @param int $p_project_id project id
* @param string $p_from Starting date (yyyy-mm-dd) inclusive, if blank, then ignored.
* @param string $p_to Ending date (yyyy-mm-dd) inclusive, if blank, then ignored.
* @return array array of bugnote stats
* @access public
*/
function plugin_TimeTracking_stats_get_project_array($p_project_id, $p_from, $p_to)
{
$c_project_id = db_prepare_int($p_project_id);
$c_to = "'" . date("Y-m-d", strtotime("{$p_to}") + SECONDS_PER_DAY - 1) . "'";
$c_from = "'" . $p_from . "'";
//strtotime( $p_from )
if ($c_to === false || $c_from === false) {
error_parameters(array($p_form, $p_to));
trigger_error(ERROR_GENERIC, ERROR);
}
$t_timereport_table = plugin_table('data', 'TimeTracking');
$t_bug_table = db_get_table('mantis_bug_table');
$t_user_table = db_get_table('mantis_user_table');
$t_project_table = db_get_table('mantis_project_table');
if (!is_blank($c_from)) {
$t_from_where = " AND expenditure_date >= {$c_from}";
} else {
$t_from_where = '';
}
if (!is_blank($c_to)) {
$t_to_where = " AND expenditure_date <= {$c_to}";
} else {
$t_to_where = '';
}
if (ALL_PROJECTS != $c_project_id) {
$t_project_where = " AND b.project_id = '{$c_project_id}' ";
} else {
$t_project_where = '';
}
if (!access_has_global_level(plugin_config_get('view_others_threshold'))) {
$t_user_id = auth_get_current_user_id();
$t_user_where = " AND user = '******' ";
} else {
$t_user_where = '';
}
$t_results = array();
$query = "SELECT u.username, p.name as project_name, bug_id, expenditure_date, hours, timestamp, info \nFROM {$t_timereport_table} tr, {$t_bug_table} b, {$t_user_table} u, {$t_project_table} p\nWHERE tr.bug_id=b.id and tr.user=u.id AND p.id = b.project_id\n{$t_project_where} {$t_from_where} {$t_to_where} {$t_user_where}\nORDER BY user, expenditure_date, bug_id";
$result = db_query($query);
while ($row = db_fetch_array($result)) {
$t_results[] = $row;
}
return $t_results;
}
/**
* Add a new revision to a bug history.
* @param integer $p_bug_id A bug identifier.
* @param integer $p_user_id User ID.
* @param integer $p_type Revision Type.
* @param string $p_value Value.
* @param integer $p_bugnote_id A Bugnote ID.
* @param integer $p_timestamp Integer Timestamp.
* @return int Revision ID
*/
function bug_revision_add($p_bug_id, $p_user_id, $p_type, $p_value, $p_bugnote_id = 0, $p_timestamp = null)
{
if ($p_type <= REV_ANY) {
return null;
}
$t_last = bug_revision_last($p_bug_id, $p_type);
# Don't save a revision twice if nothing has changed
if (!is_null($t_last) && $p_value == $t_last['value']) {
return $t_last['id'];
}
if ($p_timestamp === null) {
$t_timestamp = db_now();
} else {
$t_timestamp = $p_timestamp;
}
$t_query = 'INSERT INTO {bug_revision} (
bug_id, bugnote_id, user_id,
timestamp, type, value
) VALUES ( ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ' )';
db_query($t_query, array($p_bug_id, $p_bugnote_id, $p_user_id, $t_timestamp, $p_type, $p_value));
return db_insert_id(db_get_table('bug_revision'));
}
function print_users_in_group_option_list($usergroup_id)
{
if (plugin_config_get('assign_to_groups', '') == 1 && plugin_config_get('assign_group_threshold', '') <= user_get_access_level(auth_get_current_user_id())) {
$show_groups = 1;
} else {
$show_groups = 0;
}
$t_table_users = plugin_table('users');
$t_user_table = db_get_table('mantis_user_table');
$query = "SELECT * FROM (";
$query .= " SELECT u.id, u.username, u.realname, ug.group_user_id";
$query .= " FROM {$t_user_table} AS u";
$query .= " LEFT JOIN {$t_table_users} AS ug ON (u.id=ug.user)";
//if( plugin_config_get('assign_to_groups', '') == 0 || plugin_config_get('assign_group_threshold','') > user_get_access_level( auth_get_current_user_id() ) )
if ($show_groups == 0) {
$query .= " WHERE u.username NOT LIKE " . db_param();
}
$query .= ") AS t1 WHERE group_user_id=" . db_param() . " OR group_user_id IS NULL ORDER BY username ASC";
if ($show_groups == 0) {
$result = db_query_bound($query, array(plugin_config_get('group_prefix') . '%', (int) $usergroup_id));
} else {
$result = db_query_bound($query, array((int) $usergroup_id));
}
$count = db_num_rows($result);
for ($i = 0; $i < $count; $i++) {
$row = db_fetch_array($result);
if ($row['id'] == $usergroup_id) {
continue;
//usergroup must not be nested with itself
}
echo '<option value="' . $row['id'] . '" ';
if (!is_null($row['group_user_id'])) {
echo 'selected="selected"';
} else {
echo '';
}
echo '>' . $row['username'] . '</option>';
}
}
function getBugsInfoJSONPResponse($bugsString)
{
$t_bug_table = db_get_table('mantis_bug_table');
$t_statuses = MantisEnum::getAssocArrayIndexedByValues(config_get('status_enum_string'));
$statuses = '';
foreach ($t_statuses as $t_state => $t_label) {
$statuses .= '"' . $t_label . '": "' . get_status_color($t_state) . '", ';
}
$bugs_list = array_unique(str_split($bugsString, 7));
$bugs_list = "'" . implode("', '", $bugs_list) . "'";
$query = "SELECT id, status, summary\r\n\t\t\t FROM `" . $t_bug_table . "`\r\n\t\t\t WHERE id IN (" . $bugs_list . ")\r\n\t\t\t ORDER BY FIELD(id, " . $bugs_list . ")";
$results = db_query_bound($query);
if ($results) {
$json = '';
while ($row = db_fetch_array($results)) {
$id = $row['id'];
$statusId = $row['status'];
$summary = $row['summary'];
$json .= '"' . $id . '": { "status": "' . $t_statuses[$statusId] . '", "summary": "' . htmlspecialchars($summary) . '" }, ';
}
}
header("Content-Type: application/javascript; charset=utf-8");
echo 'bugtrackerConnection_callback( { "offset": "' . $_REQUEST['offset'] . '", "length": "' . $_REQUEST['length'] . '", "statuses": { ' . substr($statuses, 0, -2) . ' }, "bugsInfo" : { ' . substr($json, 0, -2) . ' } } );';
}
* @uses print_api.php
*/
/** @ignore */
define('PLUGINS_DISABLED', true);
require_once 'core.php';
require_api('access_api.php');
require_api('authentication_api.php');
require_api('config_api.php');
require_api('database_api.php');
require_api('form_api.php');
require_api('gpc_api.php');
require_api('print_api.php');
form_security_validate('manage_plugin_update');
auth_reauthenticate();
access_ensure_global_level(config_get('manage_plugin_threshold'));
$t_plugin_table = db_get_table('plugin');
$t_query = "SELECT basename FROM {$t_plugin_table}";
$t_result = db_query_bound($t_query);
while ($t_row = db_fetch_array($t_result)) {
$t_basename = $t_row['basename'];
$f_change = gpc_get_bool('change_' . $t_basename, 0);
if (!$f_change) {
continue;
}
$f_priority = gpc_get_int('priority_' . $t_basename, 3);
$f_protected = gpc_get_bool('protected_' . $t_basename, 0);
$t_query = "UPDATE {$t_plugin_table} SET priority=" . db_param() . ', protected=' . db_param() . ' WHERE basename=' . db_param();
db_query_bound($t_query, array($f_priority, $f_protected, $t_basename));
}
form_security_purge('manage_plugin_update');
print_successful_redirect('manage_plugin_page.php');
require_api( 'config_api.php' );
require_api( 'constant_inc.php' );
require_api( 'database_api.php' );
require_api( 'form_api.php' );
require_api( 'helper_api.php' );
require_api( 'lang_api.php' );
require_api( 'print_api.php' );
require_api( 'user_api.php' );
form_security_validate( 'manage_user_prune' );
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_user_threshold' ) );
$t_user_table = db_get_table( 'user' );
# Delete the users who have never logged in and are older than 1 week
$days_old = (int)7 * SECONDS_PER_DAY;
$query = "SELECT id, access_level
FROM $t_user_table
WHERE ( login_count = 0 ) AND ( date_created = last_visit ) AND " . db_helper_compare_days( 0, "date_created", "> $days_old" );
$result = db_query_bound($query, Array( db_now() ) );
if ( !$result ) {
trigger_error( ERROR_GENERIC, ERROR );
}
$count = db_num_rows( $result );
function cfdef_prepare_list_distinct_values($p_field_def)
{
$t_custom_field_table = db_get_table('custom_field');
$query = "SELECT possible_values\n\t\t\t FROM {$t_custom_field_table}\n\t\t\t WHERE id=" . db_param();
$result = db_query_bound($query, array($p_field_def['id']));
$t_row_count = db_num_rows($result);
if (0 == $t_row_count) {
return false;
}
$row = db_fetch_array($result);
$t_possible_values = custom_field_prepare_possible_values($row['possible_values']);
$t_values_arr = explode('|', $t_possible_values);
$t_return_arr = array();
foreach ($t_values_arr as $t_option) {
array_push($t_return_arr, $t_option);
}
return $t_return_arr;
}
/**
* Prints the preview of a text file attachment.
* @param array $p_attachment An attachment arrray from within the array returned by the file_get_visible_attachments() function
*/
function print_bug_attachment_preview_text($p_attachment)
{
if (!$p_attachment['exists']) {
return;
}
echo "\n<pre class=\"bug-attachment-preview-text\">";
switch (config_get('file_upload_method')) {
case DISK:
if (file_exists($p_attachment['diskfile'])) {
$t_content = file_get_contents($p_attachment['diskfile']);
}
break;
case FTP:
if (file_exists($p_attachment['diskfile'])) {
$t_content = file_get_contents($p_attachment['diskfile']);
} else {
$t_ftp = file_ftp_connect();
file_ftp_get($t_ftp, $p_attachment['diskfile'], $p_attachment['diskfile']);
file_ftp_disconnect($t_ftp);
if (file_exists($p_attachment['diskfile'])) {
$t_content = file_get_contents($p_attachment['diskfile']);
}
}
break;
default:
$t_bug_file_table = db_get_table('bug_file');
$c_attachment_id = db_prepare_int($p_attachment['id']);
$t_query = "SELECT * FROM {$t_bug_file_table} WHERE id=" . db_param();
$t_result = db_query_bound($t_query, array($c_attachment_id));
$t_row = db_fetch_array($t_result);
$t_content = $t_row['content'];
}
echo htmlspecialchars($t_content);
echo '</pre>';
}
}
$f_page_number = 1;
$t_per_page = -1;
$t_bug_count = null;
$t_page_count = 0;
$t_filter = current_user_get_bug_filter();
$t_filter['_view_type'] = 'advanced';
$t_filter['show_status'] = array(META_FILTER_ANY);
$t_filter['sort'] = '';
$rows = filter_get_bug_rows($f_page_number, $t_per_page, $t_page_count, $t_bug_count, $t_filter, null, null, true);
if (count($rows) == 0) {
// no data to graph
exit;
}
$t_bug_table = db_get_table('mantis_bug_table');
$t_bug_hist_table = db_get_table('mantis_bug_history_table');
$t_marker = array();
$t_data = array();
$t_ptr = 0;
$t_end = $t_interval->get_end_timestamp();
$t_start = $t_interval->get_start_timestamp();
if ($t_end == false || $t_start == false) {
return;
}
// grab all status levels
$t_status_arr = MantisEnum::getAssocArrayIndexedByValues(config_get('status_enum_string'));
$t_status_labels = MantisEnum::getAssocArrayIndexedByValues(lang_get('status_enum_string'));
$t_default_bug_status = config_get('bug_submit_status');
$t_bug = array();
$t_view_status = array();
// walk through all issues and grab their status for 'now'
/**
* Retrieve a list of changes to a bug of the same type as the
* given revision ID.
* @param int $p_rev_id Revision ID
* @return array|null Array of Revision rows
*/
function bug_revision_like( $p_rev_id ) {
$t_bug_rev_table = db_get_table( 'bug_revision' );
$t_query = "SELECT bug_id, bugnote_id, type FROM $t_bug_rev_table WHERE id=" . db_param();
$t_result = db_query_bound( $t_query, array( $p_rev_id ) );
if ( db_num_rows( $t_result ) < 1 ) {
trigger_error( ERROR_BUG_REVISION_NOT_FOUND, ERROR );
}
$t_row = db_fetch_array( $t_result );
$t_bug_id = $t_row['bug_id'];
$t_bugnote_id = $t_row['bugnote_id'];
$t_type = $t_row['type'];
$t_params = array( $t_bug_id );
$t_query = "SELECT * FROM $t_bug_rev_table
WHERE bug_id=" . db_param();
if ( REV_ANY < $t_type ) {
$t_query .= ' AND type=' . db_param();
$t_params[] = $t_type;
}
if ( $t_bugnote_id > 0 ) {
$t_query .= ' AND bugnote_id=' . db_param();
$t_params[] = $t_bugnote_id;
} else {
$t_query .= ' AND bugnote_id=0';
}
$t_query .= ' ORDER BY timestamp ASC';
$t_result = db_query_bound( $t_query, $t_params );
$t_revisions = array();
while( $t_row = db_fetch_array( $t_result ) ) {
$t_revisions[$t_row['id']] = $t_row;
}
return $t_revisions;
}
/**
* retrieves and returns access matrix for a user from cache or caching if required.
* @param int $p_user_id integer representing user id
* @return array returns an array of projects->accesslevel for the given user
* @access private
*/
function access_cache_matrix_user($p_user_id)
{
global $g_cache_access_matrix, $g_cache_access_matrix_user_ids;
if (!in_array((int) $p_user_id, $g_cache_access_matrix_user_ids)) {
$t_project_user_list_table = db_get_table('project_user_list');
$t_query = "SELECT project_id, access_level\n\t\t\t\t\t FROM {$t_project_user_list_table}\n\t\t\t\t\t WHERE user_id=" . db_param();
$t_result = db_query_bound($t_query, array((int) $p_user_id));
# make sure we always have an array to return
$g_cache_access_matrix[(int) $p_user_id] = array();
while ($t_row = db_fetch_array($t_result)) {
$g_cache_access_matrix[(int) $p_user_id][(int) $t_row['project_id']] = (int) $t_row['access_level'];
}
$g_cache_access_matrix_user_ids[] = (int) $p_user_id;
}
return $g_cache_access_matrix[(int) $p_user_id];
}
function print_bug_attachments_list($p_bug_id)
{
$t_attachments = file_get_visible_attachments($p_bug_id);
$t_attachments_count = count($t_attachments);
$i = 0;
$image_previewed = false;
foreach ($t_attachments as $t_attachment) {
$t_file_display_name = string_display_line($t_attachment['display_name']);
$t_filesize = number_format($t_attachment['size']);
$t_date_added = date(config_get('normal_date_format'), $t_attachment['date_added']);
if ($image_previewed) {
$image_previewed = false;
echo '<br />';
}
if ($t_attachment['can_download']) {
$t_href_start = '<a href="' . string_attribute($t_attachment['download_url']) . '">';
$t_href_end = '</a>';
$t_href_clicket = " [<a href=\"file_download.php?file_id={$t_attachment['id']}&type=bug\" target=\"_blank\">^</a>]";
} else {
$t_href_start = '';
$t_href_end = '';
$t_href_clicket = '';
}
if (!$t_attachment['exists']) {
print_file_icon($t_file_display_name);
echo ' <span class="strike">' . $t_file_display_name . '</span>' . lang_get('word_separator') . '(' . lang_get('attachment_missing') . ')';
} else {
echo $t_href_start;
print_file_icon($t_file_display_name);
echo $t_href_end . ' ' . $t_href_start . $t_file_display_name . $t_href_end . $t_href_clicket . ' (' . $t_filesize . ' ' . lang_get('bytes') . ') ' . '<span class="italic">' . $t_date_added . '</span>';
}
if ($t_attachment['can_delete']) {
echo ' [';
print_link('bug_file_delete.php?file_id=' . $t_attachment['id'] . form_security_param('bug_file_delete'), lang_get('delete_link'), false, 'small');
echo ']';
}
if ($t_attachment['exists']) {
if (FTP == config_get('file_upload_method') && $t_attachment['exists']) {
echo ' (' . lang_get('cached') . ')';
}
if ($t_attachment['preview'] && $t_attachment['type'] == 'text') {
$c_id = db_prepare_int($t_attachment['id']);
$t_bug_file_table = db_get_table('mantis_bug_file_table');
echo "<script type=\"text/javascript\" language=\"JavaScript\">\n<!--\nfunction swap_content( span ) {\ndisplayType = ( document.getElementById( span ).style.display == 'none' ) ? '' : 'none';\ndocument.getElementById( span ).style.display = displayType;\n}\n\n -->\n </script>";
echo " <span id=\"hideSection_{$c_id}\">[<a class=\"small\" href='#' id='attmlink_" . $c_id . "' onclick='swap_content(\"hideSection_" . $c_id . "\");swap_content(\"showSection_" . $c_id . "\");return false;'>" . lang_get('show_content') . "</a>]</span>";
echo " <span style='display:none' id=\"showSection_{$c_id}\">[<a class=\"small\" href='#' id='attmlink_" . $c_id . "' onclick='swap_content(\"hideSection_" . $c_id . "\");swap_content(\"showSection_" . $c_id . "\");return false;'>" . lang_get('hide_content') . "</a>]";
echo "<pre>";
/** @todo Refactor into a method that gets contents for download / preview. */
switch (config_get('file_upload_method')) {
case DISK:
if ($t_attachment['exists']) {
$v_content = file_get_contents($t_attachment['diskfile']);
}
break;
case FTP:
if (file_exists($t_attachment['exists'])) {
file_get_contents($t_attachment['diskfile']);
} else {
$ftp = file_ftp_connect();
file_ftp_get($ftp, $t_attachment['diskfile'], $t_attachment['diskfile']);
file_ftp_disconnect($ftp);
$v_content = file_get_contents($t_attachment['diskfile']);
}
break;
default:
$query = "SELECT *\n\t \t\t\t\t\tFROM {$t_bug_file_table}\n\t\t\t\t \t\t\tWHERE id=" . db_param();
$result = db_query_bound($query, array($c_id));
$row = db_fetch_array($result);
$v_content = $row['content'];
}
echo htmlspecialchars($v_content);
echo "</pre></span>\n";
}
if ($t_attachment['can_download'] && $t_attachment['preview'] && $t_attachment['type'] == 'image') {
$t_preview_style = 'border: 0;';
$t_max_width = config_get('preview_max_width');
if ($t_max_width > 0) {
$t_preview_style .= ' max-width:' . $t_max_width . 'px;';
}
$t_max_height = config_get('preview_max_height');
if ($t_max_height > 0) {
$t_preview_style .= ' max-height:' . $t_max_height . 'px;';
}
$t_preview_style = 'style="' . $t_preview_style . '"';
$t_title = file_get_field($t_attachment['id'], 'title');
$t_image_url = $t_attachment['download_url'] . '&show_inline=1' . form_security_param('file_show_inline');
echo "\n<br />{$t_href_start}<img alt=\"{$t_title}\" {$t_preview_style} src=\"{$t_image_url}\" />{$t_href_end}";
$image_previewed = true;
}
}
if ($i != $t_attachments_count - 1) {
echo "<br />\n";
$i++;
}
}
}
/**
* delete all preferences for a project for all users (part of deleting the project)
* returns true if the prefs were successfully deleted
*
* It is far more efficient to delete them all in one query than to
* call user_pref_delete() for each one and the code is short so that's
* what we do
* @param $p_project_id
* @return true
*/
function user_pref_delete_project( $p_project_id ) {
$c_project_id = db_prepare_int( $p_project_id );
$t_user_pref_table = db_get_table( 'user_pref' );
$query = 'DELETE FROM ' . $t_user_pref_table . ' WHERE project_id=' . db_param();
db_query_bound( $query, Array( $c_project_id ) );
# db_query errors on failure so:
return true;
}
require_api('form_api.php');
require_api('gpc_api.php');
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('string_api.php');
require_api('utility_api.php');
# Check if project documentation feature is enabled.
if (OFF == config_get('enable_project_documentation') || !file_is_uploading_enabled() || !file_allow_project_upload()) {
access_denied();
}
$f_file_id = gpc_get_int('file_id');
$c_file_id = db_prepare_int($f_file_id);
$t_project_id = file_get_field($f_file_id, 'project_id', 'project');
access_ensure_project_level(config_get('upload_project_file_threshold'), $t_project_id);
$t_proj_file_table = db_get_table('project_file');
$query = "SELECT *\n\t\tFROM {$t_proj_file_table}\n\t\tWHERE id=" . db_param();
$result = db_query_bound($query, array($c_file_id));
$row = db_fetch_array($result);
extract($row, EXTR_PREFIX_ALL, 'v');
$v_title = string_attribute($v_title);
$v_description = string_textarea($v_description);
$t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
html_page_top();
?>
<br />
<div>
<form method="post" enctype="multipart/form-data" action="proj_doc_update.php">
<?php
echo form_security_field('proj_doc_update');
/**
* Returns the attachment contents
*
* @param int $p_file_id
* @param string $p_type The file type, bug or doc
* @param int $p_user_id
* @return string|soap_fault the string contents, or a soap_fault
*/
function mci_file_get($p_file_id, $p_type, $p_user_id)
{
# we handle the case where the file is attached to a bug
# or attached to a project as a project doc.
$query = '';
switch ($p_type) {
case 'bug':
$t_bug_file_table = db_get_table('bug_file');
$query = "SELECT *\n\t\t\t\tFROM {$t_bug_file_table}\n\t\t\t\tWHERE id='{$p_file_id}'";
break;
case 'doc':
$t_project_file_table = db_get_table('project_file');
$query = "SELECT *\n\t\t\t\tFROM {$t_project_file_table}\n\t\t\t\tWHERE id='{$p_file_id}'";
break;
default:
return new soap_fault('Server', '', 'Invalid file type ' . $p_type . ' .');
}
$result = db_query($query);
if ($result->EOF) {
return new soap_fault('Client', '', 'Unable to find an attachment with type ' . $p_type . ' and id ' . $p_file_id . ' .');
}
$row = db_fetch_array($result);
if ($p_type == 'doc') {
$t_project_id = $row['project_id'];
} else {
if ($p_type == 'bug') {
$t_bug_id = $row['bug_id'];
$t_project_id = bug_get_field($t_bug_id, 'project_id');
}
}
$t_diskfile = file_normalize_attachment_path($row['diskfile'], $t_project_id);
$t_content = $row['content'];
# Check access rights
switch ($p_type) {
case 'bug':
if (!mci_file_can_download_bug_attachments($t_bug_id, $p_user_id)) {
return mci_soap_fault_access_denied($p_user_id);
}
break;
case 'doc':
# Check if project documentation feature is enabled.
if (OFF == config_get('enable_project_documentation')) {
return mci_soap_fault_access_denied($p_user_id);
}
if (!access_has_project_level(config_get('view_proj_doc_threshold'), $t_project_id, $p_user_id)) {
return mci_soap_fault_access_denied($p_user_id);
}
break;
}
# dump file content to the connection.
switch (config_get('file_upload_method')) {
case DISK:
if (file_exists($t_diskfile)) {
return mci_file_read_local($t_diskfile);
} else {
return new soap_fault('Client', '', 'Unable to find an attachment with type ' . $p_type . ' and id ' . $p_file_id . ' .');
}
case FTP:
if (file_exists($t_diskfile)) {
return mci_file_read_local($t_diskfile);
} else {
$ftp = file_ftp_connect();
file_ftp_get($ftp, $t_diskfile, $t_diskfile);
file_ftp_disconnect($ftp);
return mci_file_read_local($t_diskfile);
}
default:
return $t_content;
}
}
/**
* Purge all expired tokens.
* @param integer Token type
* @return always true.
*/
function token_purge_expired($p_token_type = null)
{
global $g_tokens_purged;
$t_tokens_table = db_get_table('mantis_tokens_table');
$t_query = "DELETE FROM {$t_tokens_table} WHERE " . db_param() . " > expiry";
if (!is_null($p_token_type)) {
$c_token_type = db_prepare_int($p_token_type);
$t_query .= " AND type=" . db_param();
db_query_bound($t_query, array(db_now(), $c_token_type));
} else {
db_query_bound($t_query, array(db_now()));
}
$g_tokens_purged = true;
return true;
}
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
/**
* @package MantisBT
* @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright (C) 2002 - 2014 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*/
/**
* MantisBT Core API's
*/
require_once 'core.php';
form_security_validate('manage_user_prune');
auth_reauthenticate();
access_ensure_global_level(config_get('manage_user_threshold'));
$t_user_table = db_get_table('mantis_user_table');
# Delete the users who have never logged in and are older than 1 week
$days_old = (int) 7 * SECONDS_PER_DAY;
$query = "SELECT id, access_level\n\t\t\tFROM {$t_user_table}\n\t\t\tWHERE ( login_count = 0 ) AND ( date_created = last_visit ) AND " . db_helper_compare_days(0, "date_created", "> {$days_old}");
$result = db_query_bound($query, array(db_now()));
if (!$result) {
trigger_error(ERROR_GENERIC, ERROR);
}
$count = db_num_rows($result);
if ($count > 0) {
helper_ensure_confirmed(lang_get('confirm_account_pruning'), lang_get('prune_accounts_button'));
}
for ($i = 0; $i < $count; $i++) {
$row = db_fetch_array($result);
# Don't prune accounts with a higher global access level than the current user
if (access_has_global_level($row['access_level'])) {
function news_get_limited_rows($p_offset, $p_project_id = null)
{
if ($p_project_id === null) {
$p_project_id = helper_get_current_project();
}
$c_offset = db_prepare_int($p_offset);
$t_projects = current_user_get_all_accessible_subprojects($p_project_id);
$t_projects[] = (int) $p_project_id;
if (ALL_PROJECTS != $p_project_id) {
$t_projects[] = ALL_PROJECTS;
}
$t_news_table = db_get_table('mantis_news_table');
$t_news_view_limit = config_get('news_view_limit');
$t_news_view_limit_days = config_get('news_view_limit_days') * SECONDS_PER_DAY;
switch (config_get('news_limit_method')) {
case 0:
# BY_LIMIT - Select the news posts
$query = "SELECT *\n\t\t\t\t\t\tFROM {$t_news_table}";
if (1 == count($t_projects)) {
$c_project_id = $t_projects[0];
$query .= " WHERE project_id='{$c_project_id}'";
} else {
$query .= ' WHERE project_id IN (' . join($t_projects, ',') . ')';
}
$query .= ' ORDER BY announcement DESC, id DESC';
$result = db_query($query, $t_news_view_limit, $c_offset);
break;
case 1:
# BY_DATE - Select the news posts
$query = "SELECT *\n\t\t\t\t\t\tFROM {$t_news_table} WHERE\n\t\t\t\t\t\t( " . db_helper_compare_days(0, 'date_posted', "< {$t_news_view_limit_days}") . "\n\t\t\t\t\t\t OR announcement = " . db_param() . " ) ";
$t_params = array(db_now(), 1);
if (1 == count($t_projects)) {
$c_project_id = $t_projects[0];
$query .= " AND project_id=" . db_param();
$t_params[] = $c_project_id;
} else {
$query .= ' AND project_id IN (' . join($t_projects, ',') . ')';
}
$query .= " ORDER BY announcement DESC, id DESC";
$result = db_query_bound($query, $t_params, $t_news_view_limit, $c_offset);
break;
}
# end switch
$t_row_count = db_num_rows($result);
$t_rows = array();
for ($i = 0; $i < $t_row_count; $i++) {
$row = db_fetch_array($result);
array_push($t_rows, $row);
}
return $t_rows;
}
