/** * prepares the name of the user given the id. also makes it an email link. * @param int $p_user_id * @return string */ function prepare_user_name($p_user_id) { # Catch a user_id of NO_USER (like when a handler hasn't been assigned) if (NO_USER == $p_user_id) { return ''; } $t_username = user_get_name($p_user_id); if (user_exists($p_user_id) && user_get_field($p_user_id, 'enabled')) { $t_username = string_display_line($t_username); // WK/BFE: Original-Zeile auskommentiert: , LB/BFE 2015 // return '<a href="' . string_sanitize_url( 'view_user_page.php?id=' . $p_user_id, true ) . '">' . $t_username . '</a>'; // ersetzt durch: (Link auf view_user_page nur wenn globale Rolle mindestens $g_manage_user_threshold if (user_is_administrator(auth_get_current_user_id())) { return '<a href="' . string_sanitize_url('view_user_page.php?id=' . $p_user_id, true) . '">' . $t_username . '</a>'; } else { return $t_username; } // WK/BFE: Ende der Modifikation } else { $t_result = '<font STYLE="text-decoration: line-through">'; $t_result .= string_display_line($t_username); $t_result .= '</font>'; return $t_result; } }
function displayResultsCore($query, $fields) { $result = db_query_bound($query); $nbRows = 0; while ($row = db_fetch_array($result)) { $nbRows++; $t_bug = bug_get($row['id']); print "<tr> \n"; print '<td><a href="' . string_get_bug_view_url($row['id']) . '">' . bug_format_id($row['id']) . '</a></td>'; //print "<td> ".string_get_bug_view_url( ))." </td>\n"; print "<td> " . string_display_line(get_enum_element('status', $t_bug->status)) . " </td>\n"; print "<td> " . category_get_row($t_bug->category_id)['name'] . " </td>\n"; print "<td> " . $t_bug->summary . " </td>\n"; print "<td> " . user_get_field($t_bug->reporter_id, 'username') . " </td>\n"; if ($t_bug->handler_id != null) { print "<td> " . user_get_field($t_bug->handler_id, 'username') . " </td>\n"; } if (sizeof($fields) > 0) { for ($i = 0; $i < sizeof($fields); $i++) { print "<td> " . $row[$fields[$i]] . " </td>\n"; } } print "</tr>\n"; } return $nbRows; }
/** * Get username, realname and email from for a given user id * @param integer $p_user_id A valid user identifier. * @return array */ function mci_account_get_array_by_id($p_user_id) { $t_result = array(); $t_result['id'] = $p_user_id; if (user_exists($p_user_id)) { $t_current_user_id = auth_get_current_user_id(); $t_access_level = user_get_field($t_current_user_id, 'access_level'); $t_can_manage = access_has_global_level(config_get('manage_user_threshold')) && access_has_global_level($t_access_level); # this deviates from the behaviour of view_user_page.php, but it is more intuitive $t_is_same_user = $t_current_user_id === $p_user_id; $t_can_see_realname = access_has_project_level(config_get('show_user_realname_threshold')); $t_can_see_email = access_has_project_level(config_get('show_user_email_threshold')); $t_result['name'] = user_get_field($p_user_id, 'username'); if ($t_is_same_user || $t_can_manage || $t_can_see_realname) { $t_realname = user_get_realname($p_user_id); if (!empty($t_realname)) { $t_result['real_name'] = $t_realname; } } if ($t_is_same_user || $t_can_manage || $t_can_see_email) { $t_email = user_get_email($p_user_id); if (!empty($t_email)) { $t_result['email'] = $t_email; } } } return $t_result; }
/** * Calculates a key to be used for RSS authentication based on user name, cookie and password. * if the user changes his user name or password, then the key becomes invalid. * @param int $p_user_id * @return string */ function rss_calculate_key($p_user_id = null) { if ($p_user_id === null) { $t_user_id = auth_get_current_user_id(); } else { $t_user_id = $p_user_id; } $t_seed = config_get_global('rss_key_seed'); $t_username = user_get_field($t_user_id, 'username'); $t_password = user_get_field($t_user_id, 'password'); $t_cookie = user_get_field($t_user_id, 'cookie_string'); return md5($t_seed . $t_username . $t_cookie . $t_password); }
function email_group_reminder($p_user_id, $issues) { $t_username = user_get_field($p_user_id, 'username'); $t_email = user_get_email($p_user_id); $t_message = $issues; $t_subject = config_get('plugin_Reminder_reminder_subject'); if (!is_blank($t_email)) { email_store($t_email, $t_subject, $t_message); if (OFF == config_get('email_send_using_cronjob')) { email_send_all(); } } }
/** * prepares the name of the user given the id. also makes it an email link. * @param int $p_user_id * @return string */ function prepare_user_name( $p_user_id ) { # Catch a user_id of NO_USER (like when a handler hasn't been assigned) if( NO_USER == $p_user_id ) { return ''; } $t_username = user_get_name( $p_user_id ); $t_username = string_display_line( $t_username ); if( user_exists( $p_user_id ) && user_get_field( $p_user_id, 'enabled' ) ) { return '<a class="user" href="' . string_sanitize_url( 'view_user_page.php?id=' . $p_user_id, true ) . '">' . $t_username . '</a>'; } else { return '<del class="user">' . $t_username . '</del>'; } }
/** * Calculates a key to be used for RSS authentication based on user name, * cookie and password. If the user changes their user name or password, this * RSS authentication key will become invalidated. * @param integer $p_user_id User ID for the user which the key is being calculated for. * @return string RSS authentication key (384bit) encoded according to the base64 with URI safe alphabet approach described in RFC4648. */ function rss_calculate_key($p_user_id = null) { if ($p_user_id === null) { $t_user_id = auth_get_current_user_id(); } else { $t_user_id = $p_user_id; } $t_username = user_get_field($t_user_id, 'username'); $t_password = user_get_field($t_user_id, 'password'); $t_cookie = user_get_field($t_user_id, 'cookie_string'); $t_key_raw = hash('whirlpool', 'rss_key' . config_get_global('crypto_master_salt') . $t_username . $t_password . $t_cookie, true); # Note: We truncate the last 8 bits from the hash output so that base64 # encoding can be performed without any trailing padding. $t_key_base64_encoded = base64_encode(substr($t_key_raw, 0, 63)); $t_key = strtr($t_key_base64_encoded, '+/', '-_'); return $t_key; }
/** * prepares the name of the user given the id. also makes it an email link. * @param int $p_user_id * @return string */ function prepare_user_name($p_user_id) { # Catch a user_id of NO_USER (like when a handler hasn't been assigned) if (NO_USER == $p_user_id) { return ''; } $t_username = user_get_name($p_user_id); if (user_exists($p_user_id) && user_get_field($p_user_id, 'enabled')) { $t_username = string_display_line($t_username); return '<a href="' . string_sanitize_url('view_user_page.php?id=' . $p_user_id, true) . '">' . $t_username . '</a>'; } else { $t_result = '<font STYLE="text-decoration: line-through">'; $t_result .= string_display_line($t_username); $t_result .= '</font>'; return $t_result; } }
/** * Get username, realname and email from for a given user id * @param integer $p_user_id A valid user identifier. * @return array */ function mci_account_get_array_by_id($p_user_id) { $t_result = array(); $t_result['id'] = $p_user_id; if (user_exists($p_user_id)) { $t_result['name'] = user_get_field($p_user_id, 'username'); $t_dummy = user_get_field($p_user_id, 'realname'); if (!empty($t_dummy)) { $t_result['real_name'] = $t_dummy; } $t_dummy = user_get_field($p_user_id, 'email'); if (!empty($t_dummy)) { $t_result['email'] = $t_dummy; } } return $t_result; }
function addExtraBugData($bug) { $bug["project_name"] = project_get_name($bug["project_id"]); if ($bug["reporter_id"] != "") { $bug["reporter_name"] = user_get_field($bug["reporter_id"], 'username'); } $bug["severity_name"] = get_enum_element('severity', $bug["severity"]); $bug["priority_name"] = get_enum_element('priority', $bug["priority"]); $bug["status_name"] = get_enum_element('status', $bug["status"]); $bug["reproducibility_name"] = get_enum_element('reproducibility', $bug["reproducibility"]); if ($bug["handler_id"] == "") { $bug["handler_name"] = user_get_field($bug["handler_id"], 'username'); } $bug["projection_name"] = get_enum_element('projection', $bug["projection"]); $bug["eta_name"] = get_enum_element('eta', $bug["eta"]); $bug["resolution_name"] = get_enum_element('resolution', $bug["resolution"]); $bug["description"] = bug_get_text_field($bug["id"], 'description'); return $bug; }
function prepare_user_name($p_user_id) { # Catch a user_id of NO_USER (like when a handler hasn't been assigned) if (NO_USER == $p_user_id) { return ''; } $t_username = user_get_name($p_user_id); if (user_exists($p_user_id) && user_get_field($p_user_id, 'enabled')) { $t_email = user_get_email($p_user_id); if (!is_blank($t_email)) { return prepare_email_link($t_email, $t_username); } else { return string_display($t_username); } } else { $t_result = '<font STYLE="text-decoration: line-through">'; $t_result .= string_display($t_username); $t_result .= '</font>'; return $t_result; } }
/** * Reset the user's password * Take into account the 'send_reset_password' setting * - if it is ON, generate a random password and send an email * (unless the second parameter is false) * - if it is OFF, set the password to blank * Return false if the user is protected, true if the password was * successfully reset * * @param integer $p_user_id A valid user identifier. * @param boolean $p_send_email Whether to send confirmation email. * @return boolean */ function user_reset_password($p_user_id, $p_send_email = true) { $t_protected = user_get_field($p_user_id, 'protected'); # Go with random password and email it to the user if (ON == $t_protected) { return false; } # @@@ do we want to force blank password instead of random if # email notifications are turned off? # How would we indicate that we had done this with a return value? # Should we just have two functions? (user_reset_password_random() # and user_reset_password() )? if (ON == config_get('send_reset_password') && ON == config_get('enable_email_notification')) { $t_email = user_get_field($p_user_id, 'email'); if (is_blank($t_email)) { trigger_error(ERROR_LOST_PASSWORD_NO_EMAIL_SPECIFIED, ERROR); } # Create random password $t_password = auth_generate_random_password(); $t_password2 = auth_process_plain_password($t_password); user_set_field($p_user_id, 'password', $t_password2); # Send notification email if ($p_send_email) { $t_confirm_hash = auth_generate_confirm_hash($p_user_id); email_send_confirm_hash_url($p_user_id, $t_confirm_hash); } } else { # use blank password, no emailing $t_password = auth_process_plain_password(''); user_set_field($p_user_id, 'password', $t_password); # reset the failed login count because in this mode there is no emailing user_reset_failed_login_count_to_zero($p_user_id); } return true; }
/** * Returns the specified field of the currently logged in user * * @param field_name Name of user property as in the table definition. * @return Get the value of the specified field for current user. * @access public */ function current_user_get_field($p_field_name) { return user_get_field(auth_get_current_user_id(), $p_field_name); }
return; } $t_anonymous_user_id = user_get_id_by_name( $t_anonymous_account ); check_print_test_row( 'anonymous_account is a valid user account', $t_anonymous_user_id !== false, array( false => 'You need to specify a valid user account to use with the anonymous_account configuration options.' ) ); check_print_test_row( 'anonymous_account user has the enabled flag set', user_is_enabled( $t_anonymous_user_id ), array( false => 'The anonymous user account must be enabled before it can be used.' ) ); check_print_test_row( 'anonymous_account user has the protected flag set', user_get_field( $t_anonymous_user_id, 'protected' ), array( false => 'The anonymous user account needs to have the protected flag set to prevent anonymous users modifying the account.' ) ); check_print_test_row( 'anonymous_account user does not have administrator permissions', !user_is_administrator( $t_anonymous_user_id ), array( true => 'The anonymous user account currently has an access level of: ' . htmlentities( get_enum_element( 'access_levels', user_get_access_level( $t_anonymous_user_id ) ) ), false => 'The anonymous user account should not have administrator level permissions.' ) );
$t_bug = $t_issues[$i]; $about = $link = $t_path . "view.php?id=" . $t_bug->id; $title = bug_format_id($t_bug->id) . ': ' . $t_bug->summary; if ($t_bug->view_state == VS_PRIVATE) { $title .= ' [' . lang_get('private') . ']'; } $description = string_rss_links($t_bug->description); # subject is category. $subject = category_full_name($t_bug->category_id, false); # optional DC value $date = $t_bug->last_updated; # author of item $author = ''; if (access_has_global_level(config_get('show_user_email_threshold'))) { $t_author_name = user_get_name($t_bug->reporter_id); $t_author_email = user_get_field($t_bug->reporter_id, 'email'); if (!is_blank($t_author_email)) { if (!is_blank($t_author_name)) { $author = $t_author_name . ' <' . $t_author_email . '>'; } else { $author = $t_author_email; } } } # $comments = 'http://www.example.com/sometext.php?somevariable=somevalue&comments=1'; # url to comment page rss 2.0 value $comments = $t_path . 'view.php?id=' . $t_bug->id . '#bugnotes'; # optional mod_im value for dispaying a different pic for every item $image = ''; $rssfile->addRSSItem($about, $title, $link, $description, $subject, $date, $author, $comments, $image); } /** @todo consider making this a configuration option - 0.91 / 1.0 / 2.0 */
user_ensure_name_valid($f_username); user_ensure_realname_valid($f_realname); user_ensure_realname_unique($f_username, $f_realname); $f_email = email_append_domain($f_email); email_ensure_valid($f_email); $c_email = db_prepare_string($f_email); $c_username = db_prepare_string($f_username); $c_realname = db_prepare_string($f_realname); $c_protected = db_prepare_bool($f_protected); $c_enabled = db_prepare_bool($f_enabled); $c_user_id = db_prepare_int($f_user_id); $c_access_level = db_prepare_int($f_access_level); $t_user_table = config_get('mantis_user_table'); $t_old_protected = user_get_field($f_user_id, 'protected'); # check that we are not downgrading the last administrator $t_old_access = user_get_field($f_user_id, 'access_level'); if (ADMINISTRATOR == $t_old_access && $t_old_access != $f_access_level && 1 >= user_count_level(ADMINISTRATOR)) { trigger_error(ERROR_USER_CHANGE_LAST_ADMIN, ERROR); } # Project specific access rights override global levels, hence, for users who are changed # to be administrators, we have to remove project specific rights. if ($c_access_level >= ADMINISTRATOR && !user_is_administrator($c_user_id)) { user_delete_project_specific_access_levels($c_user_id); } # if the user is already protected and the admin is not removing the # protected flag then don't update the access level and enabled flag. # If the user was unprotected or the protected flag is being turned off # then proceed with a full update. if ($f_protected && $t_old_protected) { $query = "UPDATE {$t_user_table}\n\t \t\tSET username='******', email='{$c_email}',\n\t \t\t\tprotected='{$c_protected}', realname='{$c_realname}'\n\t \t\tWHERE id='{$c_user_id}'"; } else {
/** * Send confirm_hash url to user forgets the password * @param int $p_user_id * @param string $p_confirm_hash * @return null */ function email_send_confirm_hash_url($p_user_id, $p_confirm_hash) { if (OFF == config_get('send_reset_password') || OFF == config_get('enable_email_notification')) { return; } lang_push(user_pref_get_language($p_user_id)); # retrieve the username and email $t_username = user_get_field($p_user_id, 'username'); $t_email = user_get_email($p_user_id); $t_subject = '[' . config_get('window_title') . '] ' . lang_get('lost_password_subject'); $t_message = lang_get('reset_request_msg') . " \n\n" . string_get_confirm_hash_url($p_user_id, $p_confirm_hash) . " \n\n" . lang_get('new_account_username') . ' ' . $t_username . " \n" . lang_get('new_account_IP') . ' ' . $_SERVER["REMOTE_ADDR"] . " \n\n" . lang_get('new_account_do_not_reply'); # Send password reset regardless of mail notification prefs # or else users won't be able to receive their reset pws if (!is_blank($t_email)) { email_store($t_email, $t_subject, $t_message); log_event(LOG_EMAIL, sprintf('Password reset for email = %s', $t_email)); if (OFF == config_get('email_send_using_cronjob')) { email_send_all(); } } lang_pop(); }
/** * Print the reporter field * @return void */ function print_filter_reporter_id() { global $g_select_modifier, $g_filter; ?> <select<?php echo $g_select_modifier; ?> name="<?php echo FILTER_PROPERTY_REPORTER_ID; ?> []"> <?php # if current user is a reporter, and limited reports set to ON, only display that name # @@@ thraxisp - access_has_project_level checks greater than or equal to, # this assumed that there aren't any holes above REPORTER where the limit would apply # if (ON === config_get('limit_reporters') && !access_has_project_level(config_get('report_bug_threshold') + 1)) { $t_id = auth_get_current_user_id(); $t_username = user_get_field($t_id, 'username'); $t_realname = user_get_field($t_id, 'realname'); $t_display_name = string_attribute($t_username); if (isset($t_realname) && $t_realname > '' && ON == config_get('show_realname')) { $t_display_name = string_attribute($t_realname); } echo '<option value="' . $t_id . '" selected="selected">' . $t_display_name . '</option>'; } else { ?> <option value="<?php echo META_FILTER_ANY; ?> "<?php check_selected($g_filter[FILTER_PROPERTY_REPORTER_ID], META_FILTER_ANY); ?> >[<?php echo lang_get('any'); ?> ]</option> <?php if (access_has_project_level(config_get('report_bug_threshold'))) { echo '<option value="' . META_FILTER_MYSELF . '" '; check_selected($g_filter[FILTER_PROPERTY_REPORTER_ID], META_FILTER_MYSELF); echo '>[' . lang_get('myself') . ']</option>'; } print_reporter_option_list($g_filter[FILTER_PROPERTY_REPORTER_ID]); } ?> </select> <?php }
function ldap_authenticate($p_user_id, $p_password) { # if password is empty and ldap allows anonymous login, then # the user will be able to login, hence, we need to check # for this special case. if (is_blank($p_password)) { return false; } $t_ldap_organization = config_get('ldap_organization'); $t_ldap_root_dn = config_get('ldap_root_dn'); $t_username = user_get_field($p_user_id, 'username'); $t_ldap_uid_field = config_get('ldap_uid_field', 'uid'); $t_search_filter = "(&{$t_ldap_organization}({$t_ldap_uid_field}={$t_username}))"; $t_search_attrs = array($t_ldap_uid_field, 'dn'); $t_ds = ldap_connect_bind(); # Search for the user id $t_sr = ldap_search($t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs); $t_info = ldap_get_entries($t_ds, $t_sr); $t_authenticated = false; if ($t_info) { # Try to authenticate to each until we get a match for ($i = 0; $i < $t_info['count']; $i++) { $t_dn = $t_info[$i]['dn']; # Attempt to bind with the DN and password if (@ldap_bind($t_ds, $t_dn, $p_password)) { $t_authenticated = true; break; # Don't need to go any further } } } ldap_free_result($t_sr); ldap_unbind($t_ds); return $t_authenticated; }
* @link http://www.mantisbt.org * * @uses check_api.php * @uses config_api.php * @uses user_api.php */ if (!defined('CHECK_ANONYMOUS_INC_ALLOW')) { return; } /** * MantisBT Check API */ require_once 'check_api.php'; require_api('config_api.php'); require_api('user_api.php'); check_print_section_header_row('Anonymous access'); $t_anonymous_access_enabled = config_get_global('allow_anonymous_login'); check_print_info_row('Anonymous access is enabled', $t_anonymous_access_enabled ? 'Yes' : 'No'); if (!$t_anonymous_access_enabled) { return; } $t_anonymous_account = config_get_global('anonymous_account'); check_print_test_row('anonymous_account configuration option is specified', $t_anonymous_account !== '', array(true => 'The account currently being used for anonymous access is: ' . htmlentities($t_anonymous_account), false => 'The anonymous_account configuration option must specify the username of an account to use for anonymous logins.')); if ($t_anonymous_account === '') { return; } $t_anonymous_user_id = user_get_id_by_name($t_anonymous_account); check_print_test_row('anonymous_account is a valid user account', $t_anonymous_user_id !== false, array(false => 'You need to specify a valid user account to use with the anonymous_account configuration options.')); check_print_test_row('anonymous_account user has the enabled flag set', user_is_enabled($t_anonymous_user_id), array(false => 'The anonymous user account must be enabled before it can be used.')); check_print_test_row('anonymous_account user has the protected flag set', user_get_field($t_anonymous_user_id, 'protected'), array(false => 'The anonymous user account needs to have the protected flag set to prevent anonymous users modifying the account.')); check_print_test_row('anonymous_account user does not have administrator permissions', !user_is_administrator($t_anonymous_user_id), array(true => 'The anonymous user account currently has an access level of: ' . htmlentities(get_enum_element('access_levels', user_get_access_level($t_anonymous_user_id))), false => 'The anonymous user account should not have administrator level permissions.'));
/** * Check for authentication tokens, and display re-authentication page if needed. * Currently, if using BASIC or HTTP authentication methods, or if logged in anonymously, * this function will always "authenticate" the user (do nothing). * * @return bool * @access public */ function auth_reauthenticate() { if (config_get_global('reauthentication') == OFF || BASIC_AUTH == config_get('login_method') || HTTP_AUTH == config_get('login_method')) { return true; } $t_auth_token = token_get(TOKEN_AUTHENTICATED); if (null != $t_auth_token) { token_touch($t_auth_token['id'], config_get_global('reauthentication_expiry')); return true; } else { $t_anon_account = config_get('anonymous_account'); $t_anon_allowed = config_get('allow_anonymous_login'); $t_user_id = auth_get_current_user_id(); $t_username = user_get_field($t_user_id, 'username'); # check for anonymous login if (ON == $t_anon_allowed && $t_anon_account == $t_username) { return true; } return auth_reauthenticate_page($t_user_id, $t_username); } }
continue; } $v_headline = string_rss_links($v_headline); $v_body = string_rss_links($v_body); $v_date_posted = date('Y-m-d\\TH:i:sO', $v_date_posted); $about = $link = config_get('path') . "news_view_page.php?news_id={$v_id}"; $title = $v_headline; $description = $v_body; # optional DC value $subject = $title; # optional DC value $date = $v_date_posted; # author of item $author = string_rss_links(user_get_name($v_poster_id)); if (access_has_global_level(config_get('show_user_email_threshold'))) { $t_author_email = user_get_field($v_poster_id, 'email'); if (is_blank($t_author_email)) { $t_author_email = $author . '@example.com'; } } else { $t_author_email = $author . '@example.com'; } $author .= ' <' . $t_author_email . '>'; # $comments = 'http://www.example.com/sometext.php?somevariable=somevalue&comments=1'; # url to comment page rss 2.0 value $comments = ''; # optional mod_im value for dispaying a different pic for every item $image = ''; $rssfile->addItem($about, $title, $link, $description, $subject, $date, $author, $comments, $image); } # @@@ consider making this a configuration option. # 0.91 / 1.0 / 2.0
?> </td> </tr> <?php } test_bug_download_threshold(); test_bug_attachments_allow_flags(); print_test_row('check mail configuration: send_reset_password = ON requires allow_blank_email = OFF', OFF == config_get_global('send_reset_password') || OFF == config_get_global('allow_blank_email')); print_test_row('check mail configuration: send_reset_password = ON requires enable_email_notification = ON', OFF == config_get_global('send_reset_password') || ON == config_get_global('enable_email_notification')); print_test_row('check mail configuration: allow_signup = ON requires enable_email_notification = ON', OFF == config_get_global('allow_signup') || ON == config_get_global('enable_email_notification')); print_test_row('check mail configuration: allow_signup = ON requires send_reset_password = ON', OFF == config_get_global('allow_signup') || ON == config_get_global('send_reset_password')); print_test_row('check language configuration: fallback_language is not \'auto\'', 'auto' != config_get_global('fallback_language')); print_test_row('check configuration: allow_anonymous_login = ON requires anonymous_account to be set', OFF == config_get_global('allow_anonymous_login') || strlen(config_get_global('anonymous_account')) > 0); $t_anon_user = false; print_test_row('check configuration: anonymous_account is a valid username if set', strlen(config_get_global('anonymous_account')) > 0 ? ($t_anon_user = user_get_id_by_name(config_get_global('anonymous_account'))) !== false : TRUE); print_test_row('check configuration: anonymous_account should not be an administrator', $t_anon_user ? !access_compare_level(user_get_field($t_anon_user, 'access_level'), ADMINISTRATOR) : TRUE); print_test_row('$g_bug_link_tag is not empty ("' . config_get_global('bug_link_tag') . '")', '' != config_get_global('bug_link_tag')); print_test_row('$g_bugnote_link_tag is not empty ("' . config_get_global('bugnote_link_tag') . '")', '' != config_get_global('bugnote_link_tag')); print_test_row('filters: dhtml_filters = ON requires use_javascript = ON', OFF == config_get_global('dhtml_filters') || ON == config_get_global('use_javascript')); ?> </table> <!-- register_globals check --> <?php if (ini_get_bool('register_globals')) { ?> <br /> <table width="100%" bgcolor="#222222" border="0" cellpadding="20" cellspacing="1"> <tr> <td bgcolor="#ffcc22">
$t_realname_updated = false; /** @todo Listing what fields were updated is not standard behaviour of MantisBT - it also complicates the code. */ if (OFF == config_get('use_ldap_email')) { $f_email = email_append_domain($f_email); email_ensure_valid($f_email); email_ensure_not_disposable($f_email); if ($f_email != user_get_email($t_user_id)) { user_set_email($t_user_id, $f_email); $t_email_updated = true; } } # strip extra spaces from real name $t_realname = string_normalize($f_realname); if ($t_realname != user_get_field($t_user_id, 'realname')) { # checks for problems with realnames $t_username = user_get_field($t_user_id, 'username'); user_ensure_realname_unique($t_username, $t_realname); user_set_realname($t_user_id, $t_realname); $t_realname_updated = true; } # Update password if the two match and are not empty if (!is_blank($f_password)) { if ($f_password != $f_password_confirm) { trigger_error(ERROR_USER_CREATE_PASSWORD_MISMATCH, ERROR); } else { if (!auth_does_password_match($t_user_id, $f_password)) { user_set_password($t_user_id, $f_password); $t_password_updated = true; } } }
$f_user_id = gpc_get_string('id'); $f_confirm_hash = gpc_get_string('confirm_hash'); # force logout on the current user if already authenticated if( auth_is_user_authenticated() ) { auth_logout(); # reload the page after logout print_header_redirect( "verify.php?id=$f_user_id&confirm_hash=$f_confirm_hash" ); } $t_calculated_confirm_hash = auth_generate_confirm_hash( $f_user_id ); if ( $f_confirm_hash != $t_calculated_confirm_hash ) { trigger_error( ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID, ERROR ); } # set a temporary cookie so the login information is passed between pages. auth_set_cookies( $f_user_id, false ); user_reset_failed_login_count_to_zero( $f_user_id ); user_reset_lost_password_in_progress_count_to_zero( $f_user_id ); # fake login so the user can set their password auth_attempt_script_login( user_get_field( $f_user_id, 'username' ) ); user_increment_failed_login_count( $f_user_id ); include ( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'account_page.php' );
function print_user_with_subject($p_user_id, $p_bug_id) { $c_user_id = db_prepare_int($p_user_id); if (NO_USER == $p_user_id) { return; } $t_username = user_get_name($p_user_id); if (user_exists($p_user_id) && user_get_field($p_user_id, 'enabled')) { $t_email = user_get_email($p_user_id); print_email_link_with_subject($t_email, $t_username, $p_bug_id); } else { echo '<span style="text-decoration: line-through">'; echo $t_username; echo '</span>'; } }
/** * This function only checks the user's global access level, ignoring any * overrides they might have at a project level * @param int|null $p_user_id integer representing user id, defaults to null to use current user * @return int global access level * @access public */ function access_get_global_level($p_user_id = null) { if ($p_user_id === null) { $p_user_id = auth_get_current_user_id(); } # Deal with not logged in silently in this case # @@@ we may be able to remove this and just error # and once we default to anon login, we can remove it for sure if (empty($p_user_id) && !auth_is_user_authenticated()) { return false; } return user_get_field($p_user_id, 'access_level'); }
private function get_user($p_parsed_from) { if ($this->_mail_use_reporter) { // Always report as mail_reporter $t_reporter_id = $this->_mail_reporter_id; } else { // Try to get the reporting users id $t_reporter_id = $this->get_userid_from_email($p_parsed_from['email']); if (!$t_reporter_id) { if ($this->_mail_auto_signup) { // So, we have to sign up a new user... $t_new_reporter_name = $this->prepare_username($p_parsed_from); if ($t_new_reporter_name !== FALSE && $this->validate_email_address($p_parsed_from['email'])) { if (user_signup($t_new_reporter_name, $p_parsed_from['email'])) { # notify the selected group a new user has signed-up email_notify_new_account($t_new_reporter_name, $p_parsed_from['email']); $t_reporter_id = user_get_id_by_email($p_parsed_from['email']); $t_reporter_name = $t_new_reporter_name; $t_realname = $this->prepare_realname($p_parsed_from, $t_reporter_name); if ($t_realname !== FALSE) { user_set_realname($t_reporter_id, $t_realname); } } } if (!$t_reporter_id) { $this->custom_error('Failed to create user based on: ' . $p_parsed_from['From']); } } } if ((!$t_reporter_id || !user_is_enabled($t_reporter_id)) && $this->_mail_fallback_mail_reporter) { // Fall back to the default mail_reporter $t_reporter_id = $this->_mail_reporter_id; } } if ($t_reporter_id && user_is_enabled($t_reporter_id)) { if (!isset($t_reporter_name)) { $t_reporter_name = user_get_field($t_reporter_id, 'username'); } $t_authattemptresult = auth_attempt_script_login($t_reporter_name); # last attempt for fallback if ($t_authattemptresult === FALSE && $this->_mail_fallback_mail_reporter && $t_reporter_id != $this->_mail_reporter_id && user_is_enabled($this->_mail_reporter_id)) { $t_reporter_id = $this->_mail_reporter_id; $t_reporter_name = user_get_field($t_reporter_id, 'username'); $t_authattemptresult = auth_attempt_script_login($t_reporter_name); } if ($t_authattemptresult === TRUE) { user_update_last_visit($t_reporter_id); return (int) $t_reporter_id; } } // Normally this function does not get here unless all else failed $this->custom_error('Could not get a valid reporter. Email will be ignored'); return FALSE; }
<textarea id="reminder" name="body" cols="85" rows="10"></textarea> </span> <span class="label-style"></span> </div> <span class="info-text"> <?php echo lang_get('reminder_explain') . ' '; if (ON == config_get('reminder_recipients_monitor_bug')) { echo lang_get('reminder_monitor') . ' '; } if (ON == config_get('store_reminders')) { echo lang_get('reminder_store'); } if (mention_enabled()) { echo '<br /><br />', sprintf(lang_get('reminder_mentions'), '<strong>' . mentions_tag() . user_get_field(auth_get_current_user_id(), 'username') . '</strong>'); } ?> </span> <span class="submit-button"> <input type="submit" class="button" value="<?php echo lang_get('bug_send_button'); ?> " /> </span> </fieldset> </form> </div>
/** * Attempt to authenticate the user against the LDAP directory * return true on successful authentication, false otherwise * @param int $p_user_id * @param string $p_password * @return bool */ function ldap_authenticate($p_user_id, $p_password) { # if password is empty and ldap allows anonymous login, then # the user will be able to login, hence, we need to check # for this special case. if (is_blank($p_password)) { return false; } $t_username = user_get_field($p_user_id, 'username'); return ldap_authenticate_by_username($t_username, $p_password); }