function confirmUser($_POST)
{
extract($_POST);
# validate input
require_lib("validate");
$v = new validate();
$v->isOk($oldusrnme, "string", 1, 20, "Invalid old username.");
$v->isOk($username, "string", 1, 20, "Invalid username.");
$v->isOk($chgpass, "string", 2, 3, "Tempering with 'change pass' detected.");
# change to upper case
$chgpass = strtoupper($chgpass);
# display errors, if any
if ($v->isError()) {
$theseErrors = "";
$errors = $v->getErrors();
foreach ($errors as $e) {
$theseErrors .= "<li class='err'>" . $e["msg"] . "</li>";
}
$theseErrors .= "\n\t\t\t<p>\n\t\t\t<input type='button' onClick='JavaScript:history.back();' value='« Correct submission'>\n\t\t\t<table " . TMPL_tblDflts . ">\n\t\t\t\t<tr>\n\t\t\t\t\t<th>Quick Links</th>\n\t\t\t\t</tr>\n\t\t\t\t<script>document.write(getQuicklinkSpecial());</script>\n\t\t\t</table>";
return $theseErrors;
}
$OUTPUT = "";
db_conn("cubit");
if ($chgpass == "YES") {
$v->isOk($password, "string", 1, 20, "Invalid password.");
$v->isOk($password2, "string", 1, 20, "Invalid password.");
$v->pwMatch($password, $password2, "Passwords do not match.");
# display errors, if any
if ($v->isError()) {
$theseErrors = "";
$errors = $v->getErrors();
foreach ($errors as $e) {
$theseErrors .= "<li class='err'>" . $e["msg"] . "</li>";
}
$theseErrors .= "<p><input type='button' onClick='JavaScript:history.back();' value='« Correct submission'>";
return $theseErrors;
}
# make MD#5 of new password
$MD5_PASS = md5($password);
} else {
$sql = db_exec("SELECT password FROM users WHERE username='******'");
if (pg_num_rows($sql) < 1) {
errDie("No such user :/", SELF);
}
$MD5_PASS = pg_result($sql, 0, 0);
}
$_POST['MD5_PASS'] = $MD5_PASS;
$_POST['empnum'] = $empnum;
$_POST['tool'] = $tool;
// write user
$OUTPUT .= writeUser($_POST);
db_connect();
#we only remove the department that the user selected ...
$get_dept_scripts = "SELECT script FROM deptscripts WHERE dept = '{$old_dept}'";
$run_dept_scripts = db_exec($get_dept_scripts) or errDie("Unable to get department script information.");
if (pg_numrows($run_dept_scripts) < 1) {
#no scripts for this department
} else {
while ($ddarr = pg_fetch_array($run_dept_scripts)) {
$Sql = "DELETE FROM userscripts WHERE username='******' AND script = '{$ddarr['script']}'";
$Ex = db_exec($Sql) or errDie("Unable to clear old user script permissions.");
}
}
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'top_menu.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'getimg.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'diary.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'diary-day.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'glodiary.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'glodiary-day.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'todo.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'index_die.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'index-services.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
#add permissions from this department
if (isset($perm) and $perm != '') {
foreach ($perm as $key => $value) {
$sql = "INSERT INTO userscripts (username, script, div) VALUES ('{$username}', '{$value}', '" . USER_DIV . "')";
$nwUsrRslt = db_exec($sql) or errDie("Unable to add user to database.");
}
}
#add whole department if they were selected
if (isset($deps)) {
foreach ($deps as $key => $value) {
$sql = "SELECT script FROM deptscripts WHERE dept = '{$key}'";
$depRs = db_exec($sql);
while ($depscr = pg_fetch_array($depRs)) {
$sql = "INSERT INTO userscripts (username, script, div) VALUES ('{$username}', '{$depscr['script']}', '" . USER_DIV . "')";
$nwUsrRslt = db_exec($sql) or errDie("Unable to add user to database.");
}
}
}
#remove whole departments if they were selected
if (isset($depsrem)) {
foreach ($depsrem as $key => $value) {
$sql = "SELECT script FROM deptscripts WHERE dept = '{$key}'";
$depRs = db_exec($sql);
while ($depscr = pg_fetch_array($depRs)) {
$sql = "DELETE FROM userscripts WHERE username='******' AND script='{$depscr['script']}'";
$nwUsrRslt = db_exec($sql) or errDie("Unable to add user to database.");
}
}
}
// Provide some info on status
$OUTPUT = "\n\t\t<table " . TMPL_tblDflts . " width='50%'>\n\t\t\t<tr>\n\t\t\t\t<th>Committed changes to user</th>\n\t\t\t</tr>\n\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t<td>User, {$username}, was successfully edited.</td>\n\t\t\t</tr>\n\t\t</table>";
$OUTPUT .= editUser($_POST);
return $OUTPUT;
}
#
#
#
#
#
#
# admin-usradd.php :: Module to add users to the system
##
require "settings.php";
if ($_POST) {
switch ($_POST["key"]) {
case "confirm":
$OUTPUT = confirmUser($_POST);
break;
case "write":
$OUTPUT = writeUser($_POST);
break;
default:
$OUTPUT = enterUser();
}
} elseif (isset($_GET["err"])) {
# get vars from _GET
foreach ($_GET as $key => $value) {
${$key} = $value;
}
$OUTPUT = enterUser($username, $err);
} else {
$OUTPUT = enterUser();
}
require "template.php";
##
// PASSWORD EQUAL TO LOGIN NAME
$user->utype = "User";
if (($id = existIn($user->login)) > 0) {
$user->newid = $id;
} else {
$largestId++;
$user->newid = $largestId;
}
$users[$row['userid']] = $user;
}
echo "Part 1: extract data from Bugzilla database, construct users and user_email tables</br>";
//var_dump($users);
//up to now the user data is complete and compitable with LDAP, the original
//user data in Redmine PostgreSQL.
//The next step is write the extra user data into Redmine PostgreSQL
writeUser($users);
//add content to table, email_address, which indicates the email address of
//each user
addEmail($users);
echo "Part 2: construct member table";
/* several steps are necessary in this part. the first step is importing Developer members into each project, the second
* step is importing Reporter members into each project.
*/
//step 1
$developers = array();
$sql = "SELECT DISTINCT assigned_to,login_name, product_id, name FROM bugs,products,profiles WHERE bugs.product_id = products.id and profiles.userid = assigned_to";
$result = mysqli_query($mysqlCon, $sql) or die(mysqli_error() . $sql);
while ($row = mysqli_fetch_array($result)) {
$developer = new stdClass();
$developer->id = mapuserid($row['login_name']);
$developer->projectid = mapprojectid($row['name']);
function makenews($i_args, &$o_out)
{
global $FileMaxLength;
$news = $i_args['news'];
// Ensure that news has a path:
if (false == array_key_exists('path', $news)) {
$o_out['error'] = 'News can`t be without a path.';
return;
}
$path = $news['path'];
// Path should not be an empty string:
if (strlen($path) == 0) {
$o_out['error'] = 'Path is an empty string.';
return;
}
// Ensure that the first path character is '/':
if ($path[0] != '/') {
$path = '/' . $path;
}
// Ensure that path last character is not '/' (if path is not just '/' root):
if ($path != '/' && $path[strlen($path - 1)] == '/') {
$path = substr($path, 0, $strlen($path) - 1);
}
// Process recent for current and each parent folders till root:
for ($i = 0; $i <= 100; $i++) {
// Simple loop check:
if ($i >= 100) {
error_log('News: Recent path loop.');
break;
}
//error_log('path='.$path);
$rarray = array();
// Get existing recent:
$rfile = $i_args['root'] . $path . '/' . $i_args['rufolder'] . '/' . $i_args['recent_file'];
if (is_file($rfile)) {
if ($rhandle = fopen($rfile, 'r')) {
flock($rhandle, LOCK_SH);
$rdata = fread($rhandle, $FileMaxLength);
flock($rhandle, LOCK_UN);
fclose($rhandle);
$rarray = json_decode($rdata, true);
if (is_null($rarray)) {
$rarray = array();
}
$count = count($rarray);
if ($count) {
if ($i) {
// Remove all news with the same path from all parent folders,
// so folder has only one recent from each child:
for ($j = 0; $j < $count; $j++) {
if ($rarray[$j]['path'] == $news['path']) {
array_splice($rarray, $j, 1);
$count = count($rarray);
$j--;
}
}
} else {
// Remove latest recent news if it is the same:
if ($rarray[0]['path'] == $news['path'] && $rarray[0]['title'] == $news['title'] && $rarray[0]['user'] == $news['user']) {
array_splice($rarray, 0, 1);
}
}
while (count($rarray) >= $i_args['recent_max']) {
array_pop($rarray);
}
}
}
}
// Add new recent:
array_unshift($rarray, $news);
// Save recent:
if (false == is_dir(dirname($rfile))) {
mkdir(dirname($rfile));
}
if ($rhandle = fopen($rfile, 'w')) {
flock($rhandle, LOCK_EX);
fwrite($rhandle, jsonEncode($rarray));
flock($rhandle, LOCK_UN);
fclose($rhandle);
}
// Exit cycle if path is root:
if (strlen($path) == 0) {
break;
}
// Set path to parent folder:
$path_prev = $path;
$path = substr($path, 0, strrpos($path, '/'));
// Stop cycle if can't go to parent folder:
if ($path == $path_prev) {
break;
}
}
// Process users subsriptions:
// Read users:
$users = array();
getallusers($users);
if (array_key_exists('error', $users)) {
$o_out['error'] = $users['error'];
return;
}
$users = $users['users'];
if (count($users) == 0) {
$o_out['error'] = 'No users found.';
return;
}
// User may be does not want to receive own news:
$ignore_own = false;
if (isset($i_args['ignore_own']) && $i_args['ignore_own']) {
$ignore_own = true;
}
// Get subscribed users:
$sub_users = array();
$o_out['users'] = array();
foreach ($users as &$user) {
// If this is news owner:
if ($news['user'] == $user['id']) {
// Store last news time:
$user['ntime'] = time();
writeUser($user);
// If user does not want to receive own news:
if ($ignore_own) {
continue;
}
}
if (array_key_exists('artists', $news)) {
if (in_array($user['id'], $news['artists'])) {
array_push($sub_users, $user);
if (false === array_search($user['id'], $o_out['users'])) {
array_push($o_out['users'], $user['id']);
}
continue;
}
}
if (array_key_exists('channels', $user)) {
foreach ($user['channels'] as $channel) {
if (strpos($news['path'], $channel['id']) === 0) {
array_push($sub_users, $user);
array_push($o_out['users'], $user['id']);
break;
}
}
}
}
// Add news and write files:
foreach ($sub_users as &$user) {
// Delete older news with the same path:
for ($i = 0; $i < count($user['news']); $i++) {
if ($user['news'][$i]['path'] == $news['path']) {
array_splice($user['news'], $i, 1);
break;
}
}
// Add news to the beginning of array:
array_unshift($user['news'], $news);
// Delete news above the limit:
$limit = $i_args['limit'];
if (array_key_exists('news_limit', $user)) {
if ($user['news_limit'] > 0) {
$limit = $user['news_limit'];
}
}
while (count($user['news']) > $limit) {
array_pop($user['news']);
}
// Write user file:
writeUser($user);
// Send emails
if (array_key_exists('email', $user) == false) {
continue;
}
if (array_key_exists('email_news', $user) == false) {
continue;
}
if ($user['email_news'] != true) {
continue;
}
$mail = array();
$mail['from_title'] = $i_args['email_from_title'];
$mail['address'] = $user['email'];
$mail['subject'] = $i_args['email_subject'];
$mail['body'] = $i_args['email_body'];
$out = array();
jsf_sendmail($mail, $out);
}
}
// If form was submitted, edit entry or confirm entry or write entry
if ($_GET) {
if ($_GET['username']) {
// print form for data entry
$OUTPUT = editUser($_GET['username']);
} else {
// Invalid use, display error
errDie("ERROR: Invalid use of module.", SELF);
}
} elseif ($_POST) {
if ($_POST['a'] == "confirm") {
// ask for confirmation
$OUTPUT = confirmUser($_POST['oldusrnme'], $_POST['username'], $_POST['chgpass'], $_POST['password'], $_POST['password2'], $_POST['perm'], $_POST['depart']);
} elseif ($_POST['a'] == "write") {
// write changes to database
$OUTPUT = writeUser($_POST['oldusrnme'], $_POST['username'], $_POST['MD5_PASS'], $_POST['depart']);
} else {
// Invalid use, display error
errDie("ERROR: Invalid use of module.", SELF);
}
} else {
// Invalid use, display error
errDie("ERROR: Invalid use of module.", SELF);
}
# require template
require "libs/template.php";
/*
* Functions
*
*/
// Prints a form to edit user with
