function tpl_datepicker($name, $label = '', $value = 0) { global $user, $page; $date = ''; if ($value) { if (!is_numeric($value)) { $value = strtotime($value); } if (!$user->isAnon()) { $st = date('Z') / 3600; // server GMT timezone $value += ($user->infos['time_zone'] - $st) * 60 * 60; } $date = date('Y-m-d', intval($value)); /* It must "look" as a date.. * XXX : do not blindly copy this code to validate other dates * this is mostly a tongue-in-cheek validation * 1. it will fail on 32 bit systems on dates < 1970 * 2. it will produce different results bewteen 32 and 64 bit systems for years < 1970 * 3. it will not work when year > 2038 on 32 bit systems (see http://en.wikipedia.org/wiki/Year_2038_problem) * * Fortunately tasks are never opened to be dated on 1970 and maybe our sons or the future flyspray * coders may be willing to fix the 2038 issue ( in the strange case 32 bit systems are still used by that year) :-) */ } elseif (Req::has($name) && strlen(Req::val($name))) { //strtotime sadly returns -1 on faliure in php < 5.1 instead of false $ts = strtotime(Req::val($name)); foreach (array('m', 'd', 'Y') as $period) { //checkdate only accepts arguments of type integer ${$period} = intval(date($period, $ts)); } // $ts has to be > 0 to get around php behavior change // false is casted to 0 by the ZE $date = $ts > 0 && checkdate($m, $d, $Y) ? Req::val($name) : ''; } $subPage = new FSTpl(); $subPage->setTheme($page->getTheme()); $subPage->assign('name', $name); $subPage->assign('date', $date); $subPage->assign('label', $label); $subPage->assign('dateformat', '%Y-%m-%d'); $subPage->display('common.datepicker.tpl'); }
} else { // just some extra check here so that never ever an account can get locked when it's already disabled // ... that would make it easy to get enabled $db->Query('UPDATE {users} SET login_attempts = login_attempts+1 WHERE account_enabled = 1 AND user_name = ?', array($username)); // Lock account if failed too often for a limited amount of time $db->Query('UPDATE {users} SET lock_until = ?, account_enabled = 0 WHERE login_attempts > ? AND user_name = ?', array(time() + 60 * $fs->prefs['lock_for'], LOGIN_ATTEMPTS, $username)); if ($db->AffectedRows()) { Flyspray::show_error(sprintf(L('error71'), $fs->prefs['lock_for'])); Flyspray::Redirect($baseurl); } else { Flyspray::show_error(7); } } } else { // Determine if the user should be remembered on this machine if (Req::has('remember_login')) { $cookie_time = time() + 60 * 60 * 24 * 30; // Set cookies for 30 days } else { $cookie_time = 0; // Set cookies to expire when session ends (browser closes) } $user = new User($user_id); // Set a couple of cookies $passweirded = md5($user->infos['user_pass'] . $conf['general']['cookiesalt']); Flyspray::setcookie('flyspray_userid', $user->id, $cookie_time); Flyspray::setcookie('flyspray_passhash', $passweirded, $cookie_time); // If the user had previously requested a password change, remove the magic url $remove_magic = $db->Query("UPDATE {users} SET magic_url = '' WHERE user_id = ?", array($user->id)); // Save for displaying if ($user->infos['login_attempts'] > 0) {
exit; } if ($show_task = Get::val('show_task')) { // If someone used the 'show task' form, redirect them if (is_numeric($show_task)) { Flyspray::Redirect(CreateURL('details', $show_task)); } else { Flyspray::Redirect($baseurl . '?string=' . $show_task); } } if (Flyspray::requestDuplicated()) { // Check that this page isn't being submitted twice Flyspray::show_error(3); } # handle all forms request that modify data if (Req::has('action')) { # enforcing if the form sent the correct anti csrf token # only allow token by post if (!Post::has('csrftoken')) { die('missingtoken'); } elseif (Post::val('csrftoken') == $_SESSION['csrftoken']) { require_once BASEDIR . '/includes/modify.inc.php'; } else { die('wrongtoken'); } } # start collecting infos for the answer page if ($proj->id && $user->perms('manage_project')) { // Find out if there are any PM requests wanting attention $sql = $db->Query('SELECT COUNT(*) FROM {admin_requests} WHERE project_id = ? AND resolved_by = 0', array($proj->id)); list($count) = $db->fetchRow($sql);
/** * show * * @access public * @return void */ function show() { global $page, $fs, $db; $page->setTitle($fs->prefs['page_title'] . L('lostpw')); if (!Req::has('magic_url')) { // Step One: user requests magic url $page->pushTpl('lostpw.step1.tpl'); } else { // Step Two: user enters new password $check_magic = $db->x->getRow('SELECT user_id, user_name FROM {users} WHERE magic_url = ?', null, array(Req::val('magic_url'))); if ($check_magic) { $page->assign('userinfo', $check_magic); $page->pushTpl('lostpw.step2.tpl'); } else { $page->pushTpl('lostpw.step1.tpl'); } } }
<?php /*********************************************************\ | Deal with lost passwords | | ~~~~~~~~~~~~~~~~~~~~~~~~ | \*********************************************************/ if (!defined('IN_FS')) { die('Do not access this file directly.'); } $page->setTitle($fs->prefs['page_title'] . L('lostpw')); if (!Req::has('magic_url') && $user->isAnon()) { // Step One: user requests magic url $page->pushTpl('lostpw.step1.tpl'); } elseif (Req::has('magic_url') && $user->isAnon()) { // Step Two: user enters new password $check_magic = $db->Query('SELECT * FROM {users} WHERE magic_url = ?', array(Get::val('magic_url'))); if (!$db->CountRows($check_magic)) { Flyspray::show_error(12); } $page->pushTpl('lostpw.step2.tpl'); } else { Flyspray::Redirect($baseurl); }
*/ define('IN_FS', true); header('Content-type: text/html; charset=utf-8'); require_once '../../header.php'; $baseurl = dirname(dirname($baseurl)) . '/'; if (Cookie::has('flyspray_userid') && Cookie::has('flyspray_passhash')) { $user = new User(Cookie::val('flyspray_userid')); $user->check_account_ok(); } else { $user = new User(0, $proj); } // don't allow anonymous users to access this page at all if ($user->isAnon()) { die; } if (Req::has('name')) { $searchterm = strtolower(Req::val('name')); } // Get the list of users from the global groups above $get_users = $db->Query(' SELECT count(u.user_name) AS anz_u_user, count(r.user_name) AS anz_r_user FROM {users} u LEFT JOIN {registrations} r ON u.user_name = r.user_name WHERE Lower(u.user_name) = ? OR Lower(r.user_name) = ?', array($searchterm, $searchterm)); while ($row = $db->FetchRow($get_users)) { if ($row['anz_u_user'] > '0' || $row['anz_r_user'] > '0') { $html = 'false|' . eL('usernametaken'); } else { $html = 'true';
function val($key, $default = null) { return Req::has($key) ? $_REQUEST[$key] : $default; }
function show() { global $page, $db, $user, $fs; $page->setTitle($fs->prefs['page_title'] . L('registernewuser')); if (Get::val('regdone')) { $page->pushTpl('register.ok.tpl'); } else { if ($user->can_register()) { // 32 is the length of the magic_url if (Req::has('magic_url')) { // If the user came here from their notification link $sql = $db->x->GetOne('SELECT reg_id FROM {registrations} WHERE magic_url = ?', null, Req::val('magic_url')); if (!$sql) { FlysprayDo::error(array(ERROR_INPUT, L('error18'))); } $page->pushTpl('register.magic.tpl'); } else { $page->pushTpl('register.no-magic.tpl'); } } else { $page->pushTpl('common.newuser.tpl'); } } }
<?php /*********************************************************\ | Register a new user (when confirmation codes is used) | | ~~~~~~~~~~~~~~~~~~~ | \*********************************************************/ if (!defined('IN_FS')) { die('Do not access this file directly.'); } $page->setTitle($fs->prefs['page_title'] . L('registernewuser')); if (!$user->isAnon()) { Flyspray::Redirect($baseurl); } if ($user->can_register()) { // 32 is the length of the magic_url if (Req::has('magic_url') && strlen(Req::val('magic_url')) == 32) { // If the user came here from their notification link $sql = $db->Query('SELECT * FROM {registrations} WHERE magic_url = ?', array(Get::val('magic_url'))); if (!$db->CountRows($sql)) { Flyspray::show_error(18); } $page->pushTpl('register.magic.tpl'); } else { $page->pushTpl('register.no-magic.tpl'); } } elseif ($user->can_self_register()) { $page->pushTpl('common.newuser.tpl'); } else { Flyspray::show_error(22); }
public function getLogDetails($dbh, $args) { $from_ts = isset($args['from_ts']) ? trim($args['from_ts']) : date("Y-m-d", mktime(0, 0, 0, date("m"), date("d") - 1, date("Y"))); $to_ts = isset($args['to_ts']) ? trim($args['to_ts']) : date("Y-m-d"); $today = date("Y-m-d"); $params[] = date("Y-m-d", strtotime($from_ts)); $params[] = date("Y-m-d", strtotime($to_ts)); if ($args['caltype'] == '0') { $str_config = " SELECT u.name as oname,u.username,oncall_to,oncall_from,'P' as octype,'US' as timezone \n\t\t\t\tFROM backupTapeopencalCalendar as btc \n\t\t\t\tLEFT JOIN opencal.user as u on (btc.user_id=u.user_id) \n\t\t\t\tWHERE oncall_to BETWEEN ? AND ?"; } else { $str_config = "SELECT \n\t\t\t\t\tu.name as oname,u.username,d.name as timezone,if(oncall_type=1,'P','S') as octype,oncall_to,oncall_from \n\t\t\t FROM backupAssigneeConfig as bac \n\t\t\t LEFT JOIN opencal.user as u on (bac.user_id=u.user_id) \n\t\t\t LEFT JOIN opencal.dictionary as d on (bac.assign_time=d.dict_id) \n\t\t\t WHERE oncall_to BETWEEN ? AND ?"; } if (trim($args['search']) != 'any' && trim($args[search]) != '') { $str_config .= " AND u.username like ?"; $params[] = "%" . trim($args['search']) . "%"; } if (isset($args[timezone]) && $args[timezone] != -1) { $str_config .= " AND bac.assign_time=?"; $params[] = $args[timezone]; } $options = array('page' => array('per_page' => Req::has('per_page') ? Req::get('per_page') : 50, 'current_page' => Req::get('page'), 'order_by' => Req::get('order_by') ? Req::get('order_by') : 'oncall_from')); $options['page']['query'] = $str_config; $options['page']['db'] = $dbh; $options['page']['params'] = $params; $recs = Pager::paginate($options['page']); return $recs; }