/**
* Update project hierarchy
* @param int $p_child_id Child project ID
* @param int $p_parent_id Parent project ID
* @param bool $p_inherit_parent Whether or not the child project inherits from the parent project
* @return null
*/
function project_hierarchy_update($p_child_id, $p_parent_id, $p_inherit_parent = true)
{
$t_project_hierarchy_table = db_get_table('project_hierarchy');
$c_child_id = db_prepare_int($p_child_id);
$c_parent_id = db_prepare_int($p_parent_id);
$c_inherit_parent = db_prepare_bool($p_inherit_parent);
$query = "UPDATE {$t_project_hierarchy_table}\n\t\t\t\t\tSET inherit_parent=" . db_param() . '
WHERE child_id=' . db_param() . '
AND parent_id=' . db_param();
db_query_bound($query, array($c_inherit_parent, $c_child_id, $c_parent_id));
}
function news_update($p_news_id, $p_project_id, $p_view_state, $p_announcement, $p_headline, $p_body)
{
$c_news_id = db_prepare_int($p_news_id);
$c_project_id = db_prepare_int($p_project_id);
$c_view_state = db_prepare_int($p_view_state);
$c_announcement = db_prepare_bool($p_announcement);
if (is_blank($p_headline)) {
error_parameters(lang_get('headline'));
trigger_error(ERROR_EMPTY_FIELD, ERROR);
}
if (is_blank($p_body)) {
error_parameters(lang_get('body'));
trigger_error(ERROR_EMPTY_FIELD, ERROR);
}
$t_news_table = db_get_table('mantis_news_table');
# Update entry
$query = "UPDATE {$t_news_table}\n\t\t\t\t SET view_state=" . db_param() . ",\n\t\t\t\t\tannouncement=" . db_param() . ",\n\t\t\t\t\theadline=" . db_param() . ",\n\t\t\t\t\tbody=" . db_param() . ",\n\t\t\t\t\tproject_id=" . db_param() . ",\n\t\t\t\t\tlast_modified= " . db_param() . "\n\t\t\t\t WHERE id=" . db_param();
db_query_bound($query, array($c_view_state, $c_announcement, $p_headline, $p_body, $c_project_id, db_now(), $c_news_id));
# db_query errors on failure so:
return true;
}
function bugnote_add($p_bug_id, $p_bugnote_text, $p_private = false, $p_type = 0, $p_attr = '', $p_user_id = null)
{
$c_bug_id = db_prepare_int($p_bug_id);
$c_bugnote_text = db_prepare_string($p_bugnote_text);
$c_private = db_prepare_bool($p_private);
$c_type = db_prepare_int($p_type);
$c_attr = db_prepare_string($p_attr);
$t_bugnote_text_table = config_get('mantis_bugnote_text_table');
$t_bugnote_table = config_get('mantis_bugnote_table');
# insert bugnote text
$query = "INSERT INTO {$t_bugnote_text_table}\n\t\t \t\t( note )\n\t\t \t VALUES\n\t\t \t\t( '{$c_bugnote_text}' )";
db_query($query);
# retrieve bugnote text id number
$t_bugnote_text_id = db_insert_id($t_bugnote_text_table);
# get user information
if ($p_user_id === null) {
$c_user_id = auth_get_current_user_id();
} else {
$c_user_id = db_prepare_int($p_user_id);
}
# Check for private bugnotes.
# @@@ VB: Should we allow users to report private bugnotes, and possibly see only their own private ones
if ($p_private && access_has_bug_level(config_get('private_bugnote_threshold'), $p_bug_id, $c_user_id)) {
$t_view_state = VS_PRIVATE;
} else {
$t_view_state = VS_PUBLIC;
}
# insert bugnote info
$query = "INSERT INTO {$t_bugnote_table}\n\t\t \t\t(bug_id, reporter_id, bugnote_text_id, view_state, date_submitted, last_modified, note_type, note_attr )\n\t\t \t VALUES\n\t\t \t\t('{$c_bug_id}', '{$c_user_id}','{$t_bugnote_text_id}', '{$t_view_state}', " . db_now() . "," . db_now() . ", '{$c_type}', '{$c_attr}')";
db_query($query);
# get bugnote id
$t_bugnote_id = db_insert_id($t_bugnote_table);
# update bug last updated
bug_update_date($p_bug_id);
# log new bug
history_log_event_special($p_bug_id, BUGNOTE_ADDED, bugnote_format_id($t_bugnote_id));
return $t_bugnote_id;
}
function news_update($p_news_id, $p_project_id, $p_view_state, $p_announcement, $p_headline, $p_body)
{
$c_news_id = db_prepare_int($p_news_id);
$c_project_id = db_prepare_int($p_project_id);
$c_view_state = db_prepare_int($p_view_state);
$c_announcement = db_prepare_bool($p_announcement);
$c_headline = db_prepare_string($p_headline);
$c_body = db_prepare_string($p_body);
if (is_blank($c_headline)) {
error_parameters(lang_get('headline'));
trigger_error(ERROR_EMPTY_FIELD, ERROR);
}
if (is_blank($c_body)) {
error_parameters(lang_get('body'));
trigger_error(ERROR_EMPTY_FIELD, ERROR);
}
$t_news_table = config_get('mantis_news_table');
# Update entry
$query = "UPDATE {$t_news_table}\r\n\t\t\t\t SET view_state='{$c_view_state}',\r\n\t\t\t\t\tannouncement='{$c_announcement}',\r\n\t\t\t\t\theadline='{$c_headline}',\r\n\t\t\t\t\tbody='{$c_body}',\r\n\t\t\t\t\tproject_id='{$c_project_id}',\r\n\t\t\t\t\tlast_modified= " . db_now() . "\r\n\t\t\t\t WHERE id='{$c_news_id}'";
db_query($query);
# db_query() errors on failure so:
return true;
}
/**
* Return all versions for the specified project
* @param int $p_project_id project id
* @param int $p_released include released
* @param bool $p_obsolete include obsolete
* @param bool $p_inherit inherit versions
* @return array Array of version rows (in array format)
*/
function version_get_all_rows($p_project_id, $p_released = null, $p_obsolete = false, $p_inherit = null)
{
global $g_cache_versions, $g_cache_versions_project;
if ($p_inherit === null) {
$t_inherit = ON == config_get('subprojects_inherit_versions');
} else {
$t_inherit = $p_inherit;
}
if ($t_inherit) {
$t_project_ids = project_hierarchy_inheritance($p_project_id);
} else {
$t_project_ids[] = $p_project_id;
}
$t_is_cached = true;
foreach ($t_project_ids as $t_project_id) {
if (!isset($g_cache_versions_project[$t_project_id])) {
$t_is_cached = false;
break;
}
}
if ($t_is_cached) {
$t_versions = array();
foreach ($t_project_ids as $t_project_id) {
if (!empty($g_cache_versions_project[$t_project_id])) {
foreach ($g_cache_versions_project[$t_project_id] as $t_id) {
$t_versions[] = version_cache_row($t_id);
}
}
}
return $t_versions;
}
$t_project_version_table = db_get_table('project_version');
$t_project_where = version_get_project_where_clause($p_project_id, $p_inherit);
$query = "SELECT *\n\t\t\t\t FROM {$t_project_version_table}\n\t\t\t\t WHERE {$t_project_where}";
$query_params = array();
if ($p_released !== null) {
$c_released = db_prepare_int($p_released);
$query .= " AND released = " . db_param();
$query_params[] = $c_released;
}
if ($p_obsolete !== null) {
$c_obsolete = db_prepare_bool($p_obsolete);
$query .= " AND obsolete = " . db_param();
$query_params[] = $c_obsolete;
}
$query .= " ORDER BY date_order DESC";
$t_result = db_query_bound($query, $query_params);
$t_rows = array();
while ($t_row = db_fetch_array($t_result)) {
$g_cache_versions[(int) $t_row['id']] = $t_row;
$t_rows[] = $t_row;
}
return $t_rows;
}
function filter_db_get_available_queries($p_project_id = null, $p_user_id = null)
{
$t_filters_table = config_get('mantis_filters_table');
$t_overall_query_arr = array();
if (null === $p_project_id) {
$t_project_id = helper_get_current_project();
} else {
$t_project_id = db_prepare_int($p_project_id);
}
if (null === $p_user_id) {
$t_user_id = auth_get_current_user_id();
} else {
$t_user_id = db_prepare_int($p_user_id);
}
# If the user doesn't have access rights to stored queries, just return
if (!access_has_project_level(config_get('stored_query_use_threshold'))) {
return $t_overall_query_arr;
}
# Get the list of available queries. By sorting such that public queries are
# first, we can override any query that has the same name as a private query
# with that private one
$query = "SELECT * FROM {$t_filters_table}\r\n\t\t\t\t\tWHERE (project_id='{$t_project_id}'\r\n\t\t\t\t\tOR project_id='0')\r\n\t\t\t\t\tAND name!=''\r\n\t\t\t\t\tORDER BY is_public DESC, name ASC";
$result = db_query($query);
$query_count = db_num_rows($result);
for ($i = 0; $i < $query_count; $i++) {
$row = db_fetch_array($result);
if ($row['user_id'] == $t_user_id || db_prepare_bool($row['is_public'])) {
$t_overall_query_arr[$row['id']] = $row['name'];
}
}
$t_overall_query_arr = array_unique($t_overall_query_arr);
asort($t_overall_query_arr);
return $t_overall_query_arr;
}
/**
* Update a project
* @param integer $p_project_id The project identifier being updated.
* @param string $p_name The project name.
* @param string $p_description A description of the project.
* @param integer $p_status The current status of the project.
* @param integer $p_view_state The view state of the project - public or private.
* @param string $p_file_path The attachment file path for the project, if not storing in the database.
* @param boolean $p_enabled Whether the project is enabled.
* @param boolean $p_inherit_global Whether the project inherits global categories.
* @return void
*/
function project_update($p_project_id, $p_name, $p_description, $p_status, $p_view_state, $p_file_path, $p_enabled, $p_inherit_global)
{
$p_project_id = (int) $p_project_id;
$c_enabled = db_prepare_bool($p_enabled);
$c_inherit_global = db_prepare_bool($p_inherit_global);
if (is_blank($p_name)) {
trigger_error(ERROR_PROJECT_NAME_INVALID, ERROR);
}
$t_old_name = project_get_field($p_project_id, 'name');
# If project is becoming private, save current user's access level
# so we can add them to the project afterwards so they don't lock
# themselves out
$t_old_view_state = project_get_field($p_project_id, 'view_state');
$t_is_becoming_private = VS_PRIVATE == $p_view_state && VS_PRIVATE != $t_old_view_state;
if ($t_is_becoming_private) {
$t_user_id = auth_get_current_user_id();
$t_access_level = user_get_access_level($t_user_id, $p_project_id);
$t_manage_project_threshold = config_get('manage_project_threshold');
}
if (strcasecmp($p_name, $t_old_name) != 0) {
project_ensure_name_unique($p_name);
}
if (DATABASE !== config_get('file_upload_method', null, null, $p_project_id)) {
$p_file_path = validate_project_file_path($p_file_path);
}
$t_query = 'UPDATE {project}
SET name=' . db_param() . ',
status=' . db_param() . ',
enabled=' . db_param() . ',
view_state=' . db_param() . ',
file_path=' . db_param() . ',
description=' . db_param() . ',
inherit_global=' . db_param() . '
WHERE id=' . db_param();
db_query($t_query, array($p_name, (int) $p_status, $c_enabled, (int) $p_view_state, $p_file_path, $p_description, $c_inherit_global, $p_project_id));
project_clear_cache($p_project_id);
# User just locked themselves out of the project by making it private,
# so we add them to the project with their previous access level
if ($t_is_becoming_private && !access_has_project_level($t_manage_project_threshold, $p_project_id)) {
project_add_user($p_project_id, $t_user_id, $t_access_level);
}
}
function user_create($p_username, $p_password, $p_email = '', $p_access_level = null, $p_protected = false, $p_enabled = true, $p_realname = '', $p_admin_name = '', $p_role = null, $p_agency = null, $p_unit_department = null)
{
if (null === $p_access_level) {
$p_access_level = config_get('default_new_account_access_level');
}
#added
if (null === $p_role) {
$p_role = config_get('default_new_account_role');
}
##
#added
if (null === $p_agency) {
$p_agency = config_get('default_new_account_agency');
}
##
#added
if (null === $p_unit_department) {
$p_unit_department = config_get('default_new_account_unit_department');
}
##
$t_password = auth_process_plain_password($p_password);
$c_access_level = db_prepare_int($p_access_level);
#added
$c_role = db_prepare_int($p_role);
$c_agency = db_prepare_int($p_agency);
$c_unit_department = db_prepare_int($p_unit_department);
##
$c_protected = db_prepare_bool($p_protected);
$c_enabled = db_prepare_bool($p_enabled);
user_ensure_name_valid($p_username);
user_ensure_name_unique($p_username);
user_ensure_realname_valid($p_realname);
user_ensure_realname_unique($p_username, $p_realname);
email_ensure_valid($p_email);
$t_seed = $p_email . $p_username;
$t_cookie_string = auth_generate_unique_cookie_string($t_seed);
$t_user_table = db_get_table('mantis_user_table');
#modification effectuée le 10/08/2012##
##############################################################################################
/*$query = "INSERT INTO $t_user_table
( username, email, password, date_created, last_visit,
enabled, access_level, login_count, cookie_string, realname )
VALUES
( " . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ",
" . db_param() . ',' . db_param() . ',' . db_param() . ',' . db_param() . ', ' . db_param() . ')';
db_query_bound( $query, Array( $p_username, $p_email, $t_password, db_now(), db_now(), $c_enabled, $c_access_level, 0, $t_cookie_string, $p_realname ) );
*/
$query = "INSERT INTO {$t_user_table}\n\t\t\t\t ( username, email, password, date_created, last_visit,\n\t\t\t\t enabled, access_level, login_count, cookie_string, realname, role, agency, unit_department)\n\t\t\t\t VALUES\n\t\t\t\t ( " . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ",\n\t\t\t\t " . db_param() . ',' . db_param() . ',' . db_param() . ',' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ')';
db_query_bound($query, array($p_username, $p_email, $t_password, db_now(), db_now(), $c_enabled, $c_access_level, 0, $t_cookie_string, $p_realname, $p_role, $p_agency, $p_unit_department));
##############################################################################################
##end##
# Create preferences for the user
$t_user_id = db_insert_id($t_user_table);
# Users are added with protected set to FALSE in order to be able to update
# preferences. Now set the real value of protected.
if ($c_protected) {
user_set_field($t_user_id, 'protected', 1);
}
# Send notification email
if (!is_blank($p_email)) {
$t_confirm_hash = auth_generate_confirm_hash($t_user_id);
email_signup($t_user_id, $p_password, $t_confirm_hash, $p_admin_name);
}
return $t_cookie_string;
}
function user_create($p_username, $p_password, $p_email = '', $p_access_level = null, $p_protected = false, $p_enabled = true, $p_realname = '')
{
if (null === $p_access_level) {
$p_access_level = config_get('default_new_account_access_level');
}
$t_password = auth_process_plain_password($p_password);
$c_username = db_prepare_string($p_username);
$c_realname = db_prepare_string($p_realname);
$c_password = db_prepare_string($t_password);
$c_email = db_prepare_string($p_email);
$c_access_level = db_prepare_int($p_access_level);
$c_protected = db_prepare_bool($p_protected);
$c_enabled = db_prepare_bool($p_enabled);
user_ensure_name_valid($p_username);
user_ensure_name_unique($p_username);
user_ensure_realname_valid($p_realname);
user_ensure_realname_unique($p_username, $p_realname);
email_ensure_valid($p_email);
$t_seed = $p_email . $p_username;
$t_cookie_string = auth_generate_unique_cookie_string($t_seed);
$t_user_table = config_get('mantis_user_table');
$query = "INSERT INTO {$t_user_table}\n\t\t\t\t ( username, email, password, date_created, last_visit,\n\t\t\t\t enabled, access_level, login_count, cookie_string, realname )\n\t\t\t\t VALUES\n\t\t\t\t ( '{$c_username}', '{$c_email}', '{$c_password}', " . db_now() . "," . db_now() . ",\n\t\t\t\t {$c_enabled}, {$c_access_level}, 0, '{$t_cookie_string}', '{$c_realname}')";
db_query($query);
# Create preferences for the user
$t_user_id = db_insert_id($t_user_table);
user_pref_set_default($t_user_id);
# Users are added with protected set to FALSE in order to be able to update
# preferences. Now set the real value of protected.
if ($c_protected) {
user_set_field($t_user_id, 'protected', 1);
}
# Send notification email
if (!is_blank($p_email)) {
$t_confirm_hash = auth_generate_confirm_hash($t_user_id);
email_signup($t_user_id, $p_password, $t_confirm_hash);
}
return $t_cookie_string;
}
function project_update($p_project_id, $p_name, $p_description, $p_status, $p_view_state, $p_file_path, $p_enabled, $p_inherit_global)
{
$p_project_id = (int) $p_project_id;
$c_enabled = db_prepare_bool($p_enabled);
$c_inherit_global = db_prepare_bool($p_inherit_global);
if (is_blank($p_name)) {
trigger_error(ERROR_PROJECT_NAME_INVALID, ERROR);
}
$t_old_name = project_get_field($p_project_id, 'name');
if (strcasecmp($p_name, $t_old_name) != 0) {
project_ensure_name_unique($p_name);
}
if (DATABASE !== config_get('file_upload_method', null, null, $p_project_id)) {
$p_file_path = validate_project_file_path($p_file_path);
}
$t_project_table = db_get_table('project');
$query = "UPDATE {$t_project_table}\n\t\t\t\t SET name=" . db_param() . ",\n\t\t\t\t\tstatus=" . db_param() . ",\n\t\t\t\t\tenabled=" . db_param() . ",\n\t\t\t\t\tview_state=" . db_param() . ",\n\t\t\t\t\tfile_path=" . db_param() . ",\n\t\t\t\t\tdescription=" . db_param() . ",\n\t\t\t\t\tinherit_global=" . db_param() . "\n\t\t\t\t WHERE id=" . db_param();
db_query_bound($query, array($p_name, (int) $p_status, $c_enabled, (int) $p_view_state, $p_file_path, $p_description, $c_inherit_global, $p_project_id));
project_clear_cache($p_project_id);
# db_query errors on failure so:
return true;
}
/**
* Return an array of ids of custom fields bound to the specified project
*
* The ids will be sorted based on the sequence number associated with the binding
* @param integer $p_project_id A project identifier.
* @return array
* @access public
*/
function custom_field_get_linked_ids($p_project_id = ALL_PROJECTS)
{
global $g_cache_cf_linked;
if (!isset($g_cache_cf_linked[$p_project_id])) {
db_param_push();
if (ALL_PROJECTS == $p_project_id) {
$t_user_id = auth_get_current_user_id();
# Select only the ids of custom fields in projects the user has access to
# - all custom fields in public projects,
# - those in private projects where the user is listed
# - in private projects where the user is implicitly listed
$t_query = 'SELECT DISTINCT cft.id
FROM {custom_field} cft
JOIN {custom_field_project} cfpt ON cfpt.field_id = cft.id
JOIN {project} pt
ON pt.id = cfpt.project_id AND pt.enabled = ' . db_prepare_bool(true) . '
LEFT JOIN {project_user_list} pult
ON pult.project_id = cfpt.project_id AND pult.user_id = ' . db_param() . '
, {user} ut
WHERE ut.id = ' . db_param() . '
AND ( pt.view_state = ' . VS_PUBLIC . '
OR pult.user_id = ut.id
';
$t_params = array($t_user_id, $t_user_id);
# Add private access clause and related parameter
$t_private_access = config_get('private_project_threshold');
if (is_array($t_private_access)) {
if (1 == count($t_private_access)) {
$t_access_clause = '= ' . db_param();
$t_params[] = array_shift($t_private_access);
} else {
$t_access_clause = 'IN (';
foreach ($t_private_access as $t_elem) {
$t_access_clause .= db_param() . ',';
$t_params[] = $t_elem;
}
$t_access_clause = rtrim($t_access_clause, ',') . ')';
}
} else {
$t_access_clause = '>=' . db_param();
$t_params[] = $t_private_access;
}
$t_query .= 'OR ( pult.user_id IS NULL AND ut.access_level ' . $t_access_clause . ' ) )';
} else {
if (is_array($p_project_id)) {
if (1 == count($p_project_id)) {
$t_project_clause = '= ' . db_param();
$t_params[] = array_shift($p_project_id);
} else {
$t_project_clause = 'IN (';
foreach ($p_project_id as $t_project) {
$t_project_clause .= db_param() . ',';
$t_params[] = $t_project;
}
$t_project_clause = rtrim($t_project_clause, ',') . ')';
}
} else {
$t_project_clause = '= ' . db_param();
$t_params[] = $p_project_id;
}
$t_query = 'SELECT cft.id
FROM {custom_field} cft
JOIN {custom_field_project} cfpt ON cfpt.field_id = cft.id
WHERE cfpt.project_id ' . $t_project_clause . '
ORDER BY sequence ASC, name ASC';
}
$t_result = db_query($t_query, $t_params);
$t_ids = array();
while ($t_row = db_fetch_array($t_result)) {
array_push($t_ids, $t_row['id']);
}
custom_field_cache_array_rows($t_ids);
$g_cache_cf_linked[$p_project_id] = $t_ids;
} else {
$t_ids = $g_cache_cf_linked[$p_project_id];
}
return $t_ids;
}
/**
* Note: any changes made in this function should be reflected in
* mci_filter_db_get_available_queries())
* @param integer $p_project_id A valid project identifier.
* @param integer $p_user_id A valid user identifier.
* @return mixed
*/
function filter_db_get_available_queries($p_project_id = null, $p_user_id = null)
{
$t_overall_query_arr = array();
if (null === $p_project_id) {
$t_project_id = helper_get_current_project();
} else {
$t_project_id = (int) $p_project_id;
}
if (null === $p_user_id) {
$t_user_id = auth_get_current_user_id();
} else {
$t_user_id = (int) $p_user_id;
}
# If the user doesn't have access rights to stored queries, just return
if (!access_has_project_level(config_get('stored_query_use_threshold'))) {
return $t_overall_query_arr;
}
# Get the list of available queries. By sorting such that public queries are
# first, we can override any query that has the same name as a private query
# with that private one
$t_query = 'SELECT * FROM {filters}
WHERE (project_id=' . db_param() . '
OR project_id=0)
AND name!=\'\'
AND (is_public = ' . db_param() . '
OR user_id = ' . db_param() . ')
ORDER BY is_public DESC, name ASC';
$t_result = db_query($t_query, array($t_project_id, db_prepare_bool(true), $t_user_id));
while ($t_row = db_fetch_array($t_result)) {
$t_overall_query_arr[$t_row['id']] = $t_row['name'];
}
$t_overall_query_arr = array_unique($t_overall_query_arr);
asort($t_overall_query_arr);
return $t_overall_query_arr;
}
/**
* Return an array of ids of custom fields bound to the specified project
*
* The ids will be sorted based on the sequence number associated with the binding
* @param int $p_project_id project id
* @return array
* @access public
*/
function custom_field_get_linked_ids($p_project_id = ALL_PROJECTS)
{
global $g_cache_cf_linked, $g_cache_custom_field;
if (!isset($g_cache_cf_linked[$p_project_id])) {
$t_custom_field_table = db_get_table('custom_field');
$t_custom_field_project_table = db_get_table('custom_field_project');
if (ALL_PROJECTS == $p_project_id) {
$t_project_user_list_table = db_get_table('project_user_list');
$t_project_table = db_get_table('project');
$t_user_table = db_get_table('user');
$t_user_id = auth_get_current_user_id();
# Select only the ids of custom fields in projects the user has access to
# - all custom fields in public projects,
# - those in private projects where the user is listed
# - in private projects where the user is implicitly listed
$t_query = "\n\t\t\t\tSELECT DISTINCT cft.id\n\t\t\t\tFROM {$t_custom_field_table} cft\n\t\t\t\t\tJOIN {$t_custom_field_project_table} cfpt ON cfpt.field_id = cft.id\n\t\t\t\t\tJOIN {$t_project_table} pt\n\t\t\t\t\t\tON pt.id = cfpt.project_id AND pt.enabled = " . db_prepare_bool(true) . "\n\t\t\t\t\tLEFT JOIN {$t_project_user_list_table} pult\n\t\t\t\t\t\tON pult.project_id = cfpt.project_id AND pult.user_id = " . db_param() . "\n\t\t\t\t\t, {$t_user_table} ut\n\t\t\t\tWHERE ut.id = " . db_param() . "\n\t\t\t\t\tAND ( pt.view_state = " . VS_PUBLIC . "\n\t\t\t\t\t\tOR pult.user_id = ut.id\n\t\t\t\t\t\t";
$t_params = array($t_user_id, $t_user_id);
# Add private access clause and related parameter
$t_private_access = config_get('private_project_threshold');
if (is_array($t_private_access)) {
if (1 == count($t_private_access)) {
$t_access_clause = '= ' . db_param();
$t_params[] = array_shift($t_private_access);
} else {
$t_access_clause = 'IN (';
foreach ($t_private_access as $t_elem) {
$t_access_clause .= db_param() . ',';
$t_params[] = $t_elem;
}
$t_access_clause = rtrim($t_access_clause, ',') . ')';
}
} else {
$t_access_clause = '>=' . db_param();
$t_params[] = $t_private_access;
}
$t_query .= "OR ( pult.user_id IS NULL AND ut.access_level {$t_access_clause} ) )";
} else {
if (is_array($p_project_id)) {
if (1 == count($p_project_id)) {
$t_project_clause = '= ' . db_param();
$t_params[] = array_shift($p_project_id);
} else {
$t_project_clause = 'IN (';
foreach ($p_project_id as $t_project) {
$t_project_clause .= db_param() . ',';
$t_params[] = $t_project;
}
$t_project_clause = rtrim($t_project_clause, ',') . ')';
}
} else {
$t_project_clause = '= ' . db_param();
$t_params[] = $p_project_id;
}
$t_query = "\n\t\t\t\tSELECT cft.id\n\t\t\t\tFROM {$t_custom_field_table} cft\n\t\t\t\t\tJOIN {$t_custom_field_project_table} cfpt ON cfpt.field_id = cft.id\n\t\t\t\tWHERE cfpt.project_id {$t_project_clause}\n\t\t\t\tORDER BY sequence ASC, name ASC";
}
$result = db_query_bound($t_query, $t_params);
$t_row_count = db_num_rows($result);
$t_ids = array();
for ($i = 0; $i < $t_row_count; $i++) {
$row = db_fetch_array($result);
array_push($t_ids, $row['id']);
}
custom_field_cache_array_rows($t_ids);
$g_cache_cf_linked[$p_project_id] = $t_ids;
} else {
$t_ids = $g_cache_cf_linked[$p_project_id];
}
return $t_ids;
}
/**
* Create a user.
* returns false if error, the generated cookie string if valid
*
* @param string $p_username A valid username.
* @param string $p_password The password to set for the user.
* @param string $p_email The Email Address of the user.
* @param integer $p_access_level The global access level for the user.
* @param boolean $p_protected Whether the account is protected from modifications (default false).
* @param boolean $p_enabled Whether the account is enabled.
* @param string $p_realname The realname of the user.
* @param string $p_admin_name The name of the administrator creating the account.
* @return string Cookie String
*/
function user_create($p_username, $p_password, $p_email = '', $p_access_level = null, $p_protected = false, $p_enabled = true, $p_realname = '', $p_admin_name = '')
{
if (null === $p_access_level) {
$p_access_level = config_get('default_new_account_access_level');
}
$t_password = auth_process_plain_password($p_password);
$c_enabled = db_prepare_bool($p_enabled);
user_ensure_name_valid($p_username);
user_ensure_name_unique($p_username);
user_ensure_realname_unique($p_username, $p_realname);
email_ensure_valid($p_email);
$t_cookie_string = auth_generate_unique_cookie_string();
$t_query = 'INSERT INTO {user}
( username, email, password, date_created, last_visit,
enabled, access_level, login_count, cookie_string, realname )
VALUES
( ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ',
' . db_param() . ',' . db_param() . ',' . db_param() . ',' . db_param() . ', ' . db_param() . ')';
db_query($t_query, array($p_username, $p_email, $t_password, db_now(), db_now(), $c_enabled, (int) $p_access_level, 0, $t_cookie_string, $p_realname));
# Create preferences for the user
$t_user_id = db_insert_id(db_get_table('user'));
# Users are added with protected set to FALSE in order to be able to update
# preferences. Now set the real value of protected.
if ($p_protected) {
user_set_field($t_user_id, 'protected', db_prepare_bool($p_protected));
}
# Send notification email
if (!is_blank($p_email)) {
$t_confirm_hash = auth_generate_confirm_hash($t_user_id);
email_signup($t_user_id, $p_password, $t_confirm_hash, $p_admin_name);
}
return $t_cookie_string;
}
function user_pref_update($p_user_id, $p_project_id, $p_prefs)
{
$c_user_id = db_prepare_int($p_user_id);
$c_project_id = db_prepare_int($p_project_id);
user_ensure_unprotected($p_user_id);
$t_user_pref_table = config_get('mantis_user_pref_table');
$t_vars = get_object_vars($p_prefs);
$t_pairs = array();
foreach ($t_vars as $var => $val) {
if (is_bool($p_prefs->{$var})) {
array_push($t_pairs, "{$var} = " . db_prepare_bool($p_prefs->Get($var)));
} else {
if (is_int($p_prefs->{$var})) {
array_push($t_pairs, "{$var} = " . db_prepare_int($p_prefs->Get($var)));
} else {
array_push($t_pairs, "{$var} = '" . db_prepare_string($p_prefs->Get($var)) . '\'');
}
}
}
$t_pairs_string = implode(', ', $t_pairs);
$query = "UPDATE {$t_user_pref_table}\r\n\t\t\t\t SET {$t_pairs_string}\r\n\t\t\t\t WHERE user_id={$c_user_id} AND project_id={$c_project_id}";
db_query($query);
user_pref_clear_cache($p_user_id, $p_project_id);
# db_query() errors on failure so:
return true;
}
/**
* Return a copy of the version structure with all the variables prepared for database insertion
* @param VersionData $p_version_info A version data structure.
* @return VersionData
*/
function version_prepare_db(VersionData $p_version_info)
{
$p_version_info->id = (int) $p_version_info->id;
$p_version_info->project_id = (int) $p_version_info->project_id;
$p_version_info->released = db_prepare_bool($p_version_info->released);
$p_version_info->obsolete = db_prepare_bool($p_version_info->obsolete);
return $p_version_info;
}
$t_where = db_helper_compare_days("" . db_now() . "", "date_created", "<= {$days_old}");
} else {
$c_prefix = db_prepare_string($f_filter);
$t_where = "(UPPER(username) LIKE '{$c_prefix}%')";
}
}
}
$p_per_page = 50;
$t_offset = ($f_page_number - 1) * $p_per_page;
$total_user_count = 0;
# Get the user data in $c_sort order
$result = '';
if (1 == $c_show_disabled) {
$t_show_disabled_cond = '';
} else {
$t_show_disabled_cond = ' AND enabled = ' . db_prepare_bool(true);
}
if (0 == $c_hide_inactive) {
$query = "SELECT count(*) as usercnt\n\t\t\t\tFROM {$t_user_table}\n\t\t\t\tWHERE {$t_where}\n\t\t\t\t{$t_show_disabled_cond}";
$result = db_query_bound($query, $t_where_params);
$row = db_fetch_array($result);
$total_user_count = $row['usercnt'];
} else {
$query = "SELECT count(*) as usercnt\n\t\t\t\tFROM {$t_user_table}\n\t\t\t\tWHERE {$t_where} AND " . db_helper_compare_days("" . db_now() . "", "last_visit", "< {$days_old}") . $t_show_disabled_cond;
$result = db_query_bound($query, $t_where_params);
$row = db_fetch_array($result);
$total_user_count = $row['usercnt'];
}
$t_page_count = ceil($total_user_count / $p_per_page);
if ($t_page_count < 1) {
$t_page_count = 1;
function bugnote_add($p_bug_id, $p_bugnote_text, $p_time_tracking = '0:00', $p_private = false, $p_type = 0, $p_attr = '', $p_user_id = null, $p_send_email = TRUE)
{
$c_bug_id = db_prepare_int($p_bug_id);
$c_bugnote_text = db_prepare_string($p_bugnote_text);
$c_time_tracking = db_prepare_time($p_time_tracking);
$c_private = db_prepare_bool($p_private);
$c_type = db_prepare_int($p_type);
$c_attr = db_prepare_string($p_attr);
$t_bugnote_text_table = config_get('mantis_bugnote_text_table');
$t_bugnote_table = config_get('mantis_bugnote_table');
$t_time_tracking_enabled = config_get('time_tracking_enabled');
$t_time_tracking_without_note = config_get('time_tracking_without_note');
if (ON == $t_time_tracking_enabled && $c_time_tracking > 0) {
if (is_blank($p_bugnote_text) && OFF == $t_time_tracking_without_note) {
error_parameters(lang_get('bugnote'));
trigger_error(ERROR_EMPTY_FIELD, ERROR);
}
$c_type = TIME_TRACKING;
} else {
if (is_blank($p_bugnote_text)) {
return false;
}
}
# insert bugnote text
$query = "INSERT INTO {$t_bugnote_text_table}\r\n\t\t \t\t( note )\r\n\t\t \t VALUES\r\n\t\t \t\t( '{$c_bugnote_text}' )";
db_query($query);
# retrieve bugnote text id number
$t_bugnote_text_id = db_insert_id($t_bugnote_text_table);
# get user information
if ($p_user_id === null) {
$c_user_id = auth_get_current_user_id();
} else {
$c_user_id = db_prepare_int($p_user_id);
}
# Check for private bugnotes.
# @@@ VB: Should we allow users to report private bugnotes, and possibly see only their own private ones
if ($p_private && access_has_bug_level(config_get('private_bugnote_threshold'), $p_bug_id, $c_user_id)) {
$t_view_state = VS_PRIVATE;
} else {
$t_view_state = VS_PUBLIC;
}
# insert bugnote info
$query = "INSERT INTO {$t_bugnote_table}\r\n\t\t\t\t\t(bug_id, reporter_id, bugnote_text_id, view_state, date_submitted, last_modified, note_type, note_attr, time_tracking )\r\n\t\t \t VALUES\r\n\t\t\t\t\t('{$c_bug_id}', '{$c_user_id}','{$t_bugnote_text_id}', '{$t_view_state}', " . db_now() . "," . db_now() . ", '{$c_type}', '{$c_attr}', '{$c_time_tracking}' )";
db_query($query);
# get bugnote id
$t_bugnote_id = db_insert_id($t_bugnote_table);
# update bug last updated
bug_update_date($p_bug_id);
# log new bug
history_log_event_special($p_bug_id, BUGNOTE_ADDED, bugnote_format_id($t_bugnote_id));
# only send email if the text is not blank, otherwise, it is just recording of time without a comment.
if ($p_send_email && !is_blank($p_bugnote_text)) {
email_bugnote_add($p_bug_id);
}
return $t_bugnote_id;
}
/**
* Return all versions for the specified project, including subprojects
* @param int $p_project_id
* @param int $p_released
* @param bool $p_obsolete
* @return array
*/
function version_get_all_rows_with_subs($p_project_id, $p_released = null, $p_obsolete = false)
{
$t_project_where = helper_project_specific_where($p_project_id);
$t_param_count = 0;
$t_query_params = array();
if ($p_released === null) {
$t_released_where = '';
} else {
$c_released = db_prepare_int($p_released);
$t_released_where = "AND ( released = " . db_param($t_param_count++) . " )";
$t_query_params[] = $c_released;
}
if ($p_obsolete === null) {
$t_obsolete_where = '';
} else {
$c_obsolete = db_prepare_bool($p_obsolete);
$t_obsolete_where = "AND ( obsolete = " . db_param($t_param_count++) . " )";
$t_query_params[] = $c_obsolete;
}
$t_project_version_table = db_get_table('project_version');
$query = "SELECT *\n\t\t\t\t FROM {$t_project_version_table}\n\t\t\t\t WHERE {$t_project_where} {$t_released_where} {$t_obsolete_where}\n\t\t\t\t ORDER BY date_order DESC";
$result = db_query_bound($query, $t_query_params);
$count = db_num_rows($result);
$rows = array();
for ($i = 0; $i < $count; $i++) {
$row = db_fetch_array($result);
$rows[] = $row;
}
return $rows;
}
function project_update($p_project_id, $p_name, $p_description, $p_status, $p_view_state, $p_file_path, $p_enabled)
{
# Make sure file path has trailing slash
$p_file_path = terminate_directory_path($p_file_path);
$c_project_id = db_prepare_int($p_project_id);
$c_name = db_prepare_string($p_name);
$c_description = db_prepare_string($p_description);
$c_status = db_prepare_int($p_status);
$c_view_state = db_prepare_int($p_view_state);
$c_file_path = db_prepare_string($p_file_path);
$c_enabled = db_prepare_bool($p_enabled);
if (is_blank($p_name)) {
trigger_error(ERROR_PROJECT_NAME_INVALID, ERROR);
}
$t_old_name = project_get_field($p_project_id, 'name');
if (strcasecmp($p_name, $t_old_name) != 0) {
project_ensure_name_unique($p_name);
}
if (!is_blank($p_file_path)) {
file_ensure_valid_upload_path($p_file_path);
}
$t_project_table = config_get('mantis_project_table');
$query = "UPDATE {$t_project_table}\r\n\t\t\t\t SET name='{$c_name}',\r\n\t\t\t\t\tstatus='{$c_status}',\r\n\t\t\t\t\tenabled='{$c_enabled}',\r\n\t\t\t\t\tview_state='{$c_view_state}',\r\n\t\t\t\t\tfile_path='{$c_file_path}',\r\n\t\t\t\t\tdescription='{$c_description}'\r\n\t\t\t\t WHERE id='{$c_project_id}'";
db_query($query);
project_clear_cache($p_project_id);
# db_query errors on failure so:
return true;
}
/**
* Basically this is a copy of core/filter_api.php#filter_db_get_available_queries().
* The only difference is that the result of this function is not an array of filter
* names but an array of filter structures.
*/
function mci_filter_db_get_available_queries($p_project_id = null, $p_user_id = null)
{
$t_filters_table = db_get_table('filters');
$t_overall_query_arr = array();
if (null === $p_project_id) {
$t_project_id = helper_get_current_project();
} else {
$t_project_id = db_prepare_int($p_project_id);
}
if (null === $p_user_id) {
$t_user_id = auth_get_current_user_id();
} else {
$t_user_id = db_prepare_int($p_user_id);
}
# If the user doesn't have access rights to stored queries, just return
if (!access_has_project_level(config_get('stored_query_use_threshold'))) {
return $t_overall_query_arr;
}
# Get the list of available queries. By sorting such that public queries are
# first, we can override any query that has the same name as a private query
# with that private one
$query = "SELECT * FROM {$t_filters_table}\n\t\t\t\t\tWHERE (project_id=" . db_param() . "\n\t\t\t\t\t\tOR project_id=0)\n\t\t\t\t\tAND name!=''\n\t\t\t\t\tAND (is_public = " . db_prepare_bool(true) . "\n\t\t\t\t\t\tOR user_id = " . db_param() . ")\n\t\t\t\t\tORDER BY is_public DESC, name ASC";
$result = db_query_bound($query, array($t_project_id, $t_user_id));
$query_count = db_num_rows($result);
for ($i = 0; $i < $query_count; $i++) {
$row = db_fetch_array($result);
$t_filter_detail = explode('#', $row['filter_string'], 2);
if (!isset($t_filter_detail[1])) {
continue;
}
$t_filter = unserialize($t_filter_detail[1]);
$t_filter = filter_ensure_valid_filter($t_filter);
$row['url'] = filter_get_url($t_filter);
$t_overall_query_arr[$row['name']] = $row;
}
return array_values($t_overall_query_arr);
}
/**
* Update the field definition
* return true on success, false on failure
* @param int $p_field_id custom field id
* @param array custom field definition
* @return bool
* @access public
*/
function custom_field_update( $p_field_id, $p_def_array ) {
$c_field_id = db_prepare_int( $p_field_id );
$c_name = db_prepare_string( trim( $p_def_array['name'] ) );
$c_type = db_prepare_int( $p_def_array['type'] );
$c_possible_values = db_prepare_string( $p_def_array['possible_values'] );
$c_default_value = db_prepare_string( $p_def_array['default_value'] );
$c_valid_regexp = db_prepare_string( $p_def_array['valid_regexp'] );
$c_access_level_r = db_prepare_int( $p_def_array['access_level_r'] );
$c_access_level_rw = db_prepare_int( $p_def_array['access_level_rw'] );
$c_length_min = db_prepare_int( $p_def_array['length_min'] );
$c_length_max = db_prepare_int( $p_def_array['length_max'] );
$c_filter_by = db_prepare_bool( $p_def_array['filter_by'] );
$c_display_report = db_prepare_bool( $p_def_array['display_report'] );
$c_display_update = db_prepare_bool( $p_def_array['display_update'] );
$c_display_resolved = db_prepare_bool( $p_def_array['display_resolved'] );
$c_display_closed = db_prepare_bool( $p_def_array['display_closed'] );
$c_require_report = db_prepare_bool( $p_def_array['require_report'] );
$c_require_update = db_prepare_bool( $p_def_array['require_update'] );
$c_require_resolved = db_prepare_bool( $p_def_array['require_resolved'] );
$c_require_closed = db_prepare_bool( $p_def_array['require_closed'] );
if( is_blank( $c_name ) ) {
error_parameters( 'name' );
trigger_error( ERROR_EMPTY_FIELD, ERROR );
}
if(( $c_access_level_rw < $c_access_level_r ) || ( $c_length_min < 0 ) || (( $c_length_max != 0 ) && ( $c_length_min > $c_length_max ) ) ) {
trigger_error( ERROR_CUSTOM_FIELD_INVALID_DEFINITION, ERROR );
}
if( !custom_field_is_name_unique( $c_name, $c_field_id ) ) {
trigger_error( ERROR_CUSTOM_FIELD_NAME_NOT_UNIQUE, ERROR );
}
$t_update_something = false;
$t_mantis_custom_field_table = db_get_table( 'custom_field' );
$query = "UPDATE $t_mantis_custom_field_table
SET ";
if( array_key_exists( 'name', $p_def_array ) ) {
if( !$t_update_something ) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "name='$c_name'";
}
if( array_key_exists( 'type', $p_def_array ) ) {
if( !$t_update_something ) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "type='$c_type'";
}
if( array_key_exists( 'possible_values', $p_def_array ) ) {
if( !$t_update_something ) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "possible_values='$c_possible_values'";
}
if( array_key_exists( 'default_value', $p_def_array ) ) {
if( !$t_update_something ) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "default_value='$c_default_value'";
}
if( array_key_exists( 'valid_regexp', $p_def_array ) ) {
if( !$t_update_something ) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "valid_regexp='$c_valid_regexp'";
}
if( array_key_exists( 'access_level_r', $p_def_array ) ) {
if( !$t_update_something ) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "access_level_r='$c_access_level_r'";
}
if( array_key_exists( 'access_level_rw', $p_def_array ) ) {
if( !$t_update_something ) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "access_level_rw='$c_access_level_rw'";
}
if( array_key_exists( 'length_min', $p_def_array ) ) {
if( !$t_update_something ) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "length_min='$c_length_min'";
}
if( array_key_exists( 'length_max', $p_def_array ) ) {
if( !$t_update_something ) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "length_max='$c_length_max'";
}
if( array_key_exists( 'filter_by', $p_def_array ) ) {
if( !$t_update_something ) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "filter_by='$c_filter_by'";
}
if( array_key_exists( 'display_report', $p_def_array ) ) {
if( !$t_update_something ) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "display_report='$c_display_report'";
}
if( array_key_exists( 'display_update', $p_def_array ) ) {
if( !$t_update_something ) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "display_update='$c_display_update'";
}
if( array_key_exists( 'display_resolved', $p_def_array ) ) {
if( !$t_update_something ) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "display_resolved='$c_display_resolved'";
}
if( array_key_exists( 'display_closed', $p_def_array ) ) {
if( !$t_update_something ) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "display_closed='$c_display_closed'";
}
if( array_key_exists( 'require_report', $p_def_array ) ) {
if( !$t_update_something ) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "require_report='$c_require_report'";
}
if( array_key_exists( 'require_update', $p_def_array ) ) {
if( !$t_update_something ) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "require_update='$c_require_update'";
}
if( array_key_exists( 'require_resolved', $p_def_array ) ) {
if( !$t_update_something ) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "require_resolved='$c_require_resolved'";
}
if( array_key_exists( 'require_closed', $p_def_array ) ) {
if( !$t_update_something ) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "require_closed='$c_require_closed'";
}
$query .= " WHERE id='$c_field_id'";
if( $t_update_something ) {
db_query( $query );
custom_field_clear_cache( $p_field_id );
} else {
return false;
# there is nothing to update...
}
# db_query errors on failure so:
return true;
}
$f_username = trim($f_username);
$t_old_username = user_get_field($f_user_id, 'username');
# check that the username is unique
if (0 != strcasecmp($t_old_username, $f_username) && false == user_is_name_unique($f_username)) {
trigger_error(ERROR_USER_NAME_NOT_UNIQUE, ERROR);
}
user_ensure_name_valid($f_username);
user_ensure_realname_valid($f_realname);
user_ensure_realname_unique($f_username, $f_realname);
$f_email = email_append_domain($f_email);
email_ensure_valid($f_email);
$c_email = db_prepare_string($f_email);
$c_username = db_prepare_string($f_username);
$c_realname = db_prepare_string($f_realname);
$c_protected = db_prepare_bool($f_protected);
$c_enabled = db_prepare_bool($f_enabled);
$c_user_id = db_prepare_int($f_user_id);
$c_access_level = db_prepare_int($f_access_level);
$t_user_table = config_get('mantis_user_table');
$t_old_protected = user_get_field($f_user_id, 'protected');
# check that we are not downgrading the last administrator
$t_old_access = user_get_field($f_user_id, 'access_level');
if (ADMINISTRATOR == $t_old_access && $t_old_access != $f_access_level && 1 >= user_count_level(ADMINISTRATOR)) {
trigger_error(ERROR_USER_CHANGE_LAST_ADMIN, ERROR);
}
# Project specific access rights override global levels, hence, for users who are changed
# to be administrators, we have to remove project specific rights.
if ($c_access_level >= ADMINISTRATOR && !user_is_administrator($c_user_id)) {
user_delete_project_specific_access_levels($c_user_id);
}
# if the user is already protected and the admin is not removing the
/**
* Add a bugnote to a bug
* return the ID of the new bugnote
* @param int $p_bug_id bug id
* @param string $p_bugnote_text bugnote text
* @param string $p_time_tracking hh:mm string
* @param bool $p_private whether bugnote is private
* @param int $p_type bugnote type
* @param string $p_attr
* @param int $p_user_id user id
* @param bool $p_send_email generate email?
* @param int $p_date_submitted date submitted (defaults to now())
* @param int $p_last_modified last modification date (defaults to now())
* @param bool $p_skip_bug_update skip bug last modification update (useful when importing bugs/bugnotes)
* @return false|int false or indicating bugnote id added
* @access public
*/
function bugnote_add($p_bug_id, $p_bugnote_text, $p_time_tracking = '0:00', $p_private = false, $p_type = 0, $p_attr = '', $p_user_id = null, $p_send_email = TRUE, $p_date_submitted = 0, $p_last_modified = 0, $p_skip_bug_update = FALSE)
{
$c_bug_id = db_prepare_int($p_bug_id);
$c_time_tracking = helper_duration_to_minutes($p_time_tracking);
$c_private = db_prepare_bool($p_private);
$c_type = db_prepare_int($p_type);
$c_date_submitted = $p_date_submitted <= 0 ? db_now() : db_prepare_int($p_date_submitted);
$c_last_modified = $p_last_modified <= 0 ? db_now() : db_prepare_int($p_last_modified);
$t_bugnote_text_table = db_get_table('bugnote_text');
$t_bugnote_table = db_get_table('bugnote');
$t_time_tracking_enabled = config_get('time_tracking_enabled');
$t_time_tracking_without_note = config_get('time_tracking_without_note');
if (ON == $t_time_tracking_enabled && $c_time_tracking > 0) {
if (is_blank($p_bugnote_text) && OFF == $t_time_tracking_without_note) {
error_parameters(lang_get('bugnote'));
trigger_error(ERROR_EMPTY_FIELD, ERROR);
}
$c_type = TIME_TRACKING;
} else {
if (is_blank($p_bugnote_text)) {
return false;
}
}
$t_bugnote_text = $p_bugnote_text;
# Event integration
$t_bugnote_text = event_signal('EVENT_BUGNOTE_DATA', $t_bugnote_text, $c_bug_id);
# insert bugnote text
$query = 'INSERT INTO ' . $t_bugnote_text_table . ' ( note ) VALUES ( ' . db_param() . ' )';
db_query_bound($query, array($t_bugnote_text));
# retrieve bugnote text id number
$t_bugnote_text_id = db_insert_id($t_bugnote_text_table);
# get user information
if ($p_user_id === null) {
$c_user_id = auth_get_current_user_id();
} else {
$c_user_id = db_prepare_int($p_user_id);
}
# Check for private bugnotes.
if ($c_private && access_has_bug_level(config_get('set_view_status_threshold'), $p_bug_id, $c_user_id)) {
$t_view_state = VS_PRIVATE;
} else {
$t_view_state = VS_PUBLIC;
}
# insert bugnote info
$query = "INSERT INTO {$t_bugnote_table}\n\t\t\t\t(bug_id, reporter_id, bugnote_text_id, view_state, date_submitted, last_modified, note_type, note_attr, time_tracking )\n\t\t\tVALUES\n\t\t\t\t(" . db_param() . ', ' . db_param() . ',' . db_param() . ', ' . db_param() . ', ' . db_param() . ',' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ' )';
db_query_bound($query, array($c_bug_id, $c_user_id, $t_bugnote_text_id, $t_view_state, $c_date_submitted, $c_last_modified, $c_type, $p_attr, $c_time_tracking));
# get bugnote id
$t_bugnote_id = db_insert_id($t_bugnote_table);
# update bug last updated
if (!$p_skip_bug_update) {
bug_update_date($p_bug_id);
}
# log new bug
history_log_event_special($p_bug_id, BUGNOTE_ADDED, bugnote_format_id($t_bugnote_id));
# Event integration
event_signal('EVENT_BUGNOTE_ADD', array($p_bug_id, $t_bugnote_id));
# only send email if the text is not blank, otherwise, it is just recording of time without a comment.
if (TRUE == $p_send_email && !is_blank($t_bugnote_text)) {
email_bugnote_add($p_bug_id);
}
return $t_bugnote_id;
}
function custom_field_update($p_field_id, $p_def_array)
{
if (string_contains_scripting_chars($p_def_array['name'])) {
trigger_error(ERROR_CUSTOM_FIELD_INVALID_DEFINITION, ERROR);
}
$c_field_id = db_prepare_int($p_field_id);
$c_name = db_prepare_string(trim($p_def_array['name']));
$c_type = db_prepare_int($p_def_array['type']);
$c_possible_values = db_prepare_string($p_def_array['possible_values']);
$c_default_value = db_prepare_string($p_def_array['default_value']);
$c_valid_regexp = db_prepare_string($p_def_array['valid_regexp']);
$c_access_level_r = db_prepare_int($p_def_array['access_level_r']);
$c_access_level_rw = db_prepare_int($p_def_array['access_level_rw']);
$c_length_min = db_prepare_int($p_def_array['length_min']);
$c_length_max = db_prepare_int($p_def_array['length_max']);
$c_advanced = db_prepare_bool($p_def_array['advanced']);
$c_display_report = db_prepare_bool($p_def_array['display_report']);
$c_display_update = db_prepare_bool($p_def_array['display_update']);
$c_display_resolved = db_prepare_bool($p_def_array['display_resolved']);
$c_display_closed = db_prepare_bool($p_def_array['display_closed']);
$c_require_report = db_prepare_bool($p_def_array['require_report']);
$c_require_update = db_prepare_bool($p_def_array['require_update']);
$c_require_resolved = db_prepare_bool($p_def_array['require_resolved']);
$c_require_closed = db_prepare_bool($p_def_array['require_closed']);
if (is_blank($c_name)) {
error_parameters('name');
trigger_error(ERROR_EMPTY_FIELD, ERROR);
}
if ($c_access_level_rw < $c_access_level_r || $c_length_min < 0 || $c_length_max != 0 && $c_length_min > $c_length_max) {
trigger_error(ERROR_CUSTOM_FIELD_INVALID_DEFINITION, ERROR);
}
if ($c_advanced == true && ($c_require_report == true || $c_require_update)) {
trigger_error(ERROR_CUSTOM_FIELD_INVALID_DEFINITION, ERROR);
}
if (!custom_field_is_name_unique($c_name, $c_field_id)) {
trigger_error(ERROR_CUSTOM_FIELD_NAME_NOT_UNIQUE, ERROR);
}
$t_update_something = false;
$t_mantis_custom_field_table = config_get('mantis_custom_field_table');
$query = "UPDATE {$t_mantis_custom_field_table}\r\n\t\t\t\t SET ";
if (array_key_exists('name', $p_def_array)) {
if (!$t_update_something) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "name='{$c_name}'";
}
if (array_key_exists('type', $p_def_array)) {
if (!$t_update_something) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "type='{$c_type}'";
}
if (array_key_exists('possible_values', $p_def_array)) {
if (!$t_update_something) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "possible_values='{$c_possible_values}'";
}
if (array_key_exists('default_value', $p_def_array)) {
if (!$t_update_something) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "default_value='{$c_default_value}'";
}
if (array_key_exists('valid_regexp', $p_def_array)) {
if (!$t_update_something) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "valid_regexp='{$c_valid_regexp}'";
}
if (array_key_exists('access_level_r', $p_def_array)) {
if (!$t_update_something) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "access_level_r='{$c_access_level_r}'";
}
if (array_key_exists('access_level_rw', $p_def_array)) {
if (!$t_update_something) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "access_level_rw='{$c_access_level_rw}'";
}
if (array_key_exists('length_min', $p_def_array)) {
if (!$t_update_something) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "length_min='{$c_length_min}'";
}
if (array_key_exists('length_max', $p_def_array)) {
if (!$t_update_something) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "length_max='{$c_length_max}'";
}
if (array_key_exists('advanced', $p_def_array)) {
if (!$t_update_something) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "advanced='{$c_advanced}'";
}
if (array_key_exists('display_report', $p_def_array)) {
if (!$t_update_something) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "display_report='{$c_display_report}'";
}
if (array_key_exists('display_update', $p_def_array)) {
if (!$t_update_something) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "display_update='{$c_display_update}'";
}
if (array_key_exists('display_resolved', $p_def_array)) {
if (!$t_update_something) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "display_resolved='{$c_display_resolved}'";
}
if (array_key_exists('display_closed', $p_def_array)) {
if (!$t_update_something) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "display_closed='{$c_display_closed}'";
}
if (array_key_exists('require_report', $p_def_array)) {
if (!$t_update_something) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "require_report='{$c_require_report}'";
}
if (array_key_exists('require_update', $p_def_array)) {
if (!$t_update_something) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "require_update='{$c_require_update}'";
}
if (array_key_exists('require_resolved', $p_def_array)) {
if (!$t_update_something) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "require_resolved='{$c_require_resolved}'";
}
if (array_key_exists('require_closed', $p_def_array)) {
if (!$t_update_something) {
$t_update_something = true;
} else {
$query .= ', ';
}
$query .= "require_closed='{$c_require_closed}'";
}
$query .= " WHERE id='{$c_field_id}'";
if ($t_update_something) {
db_query($query);
custom_field_clear_cache($p_field_id);
} else {
return false;
# there is nothing to update...
}
# db_query() errors on failure so:
return true;
}
public function put($request)
{
/**
* Updates the user.
*
* @param $request - The Request we're responding to
*/
$this->user_id = User::get_mantis_id_from_url($request->url);
if (!access_has_global_level(config_get('manage_user_threshold')) && auth_get_current_user_id() != $this->user_id) {
throw new HTTPException(403, "Access denied to edit user {$this->user_id}'s info");
}
$this->populate_from_repr($request->body);
# Do some validation on the inputs (from Mantis's user_create())
$username = db_prepare_string($this->rsrc_data['username']);
$realname = db_prepare_string($this->rsrc_data['realname']);
$password = db_prepare_string($this->rsrc_data['password']);
$email = db_prepare_string($this->rsrc_data['email']);
$access_level = db_prepare_int(get_string_to_enum(config_get('access_levels_enum_string'), $this->rsrc_data['access_level']));
$protected = db_prepare_bool($this->rsrc_data['protected']);
$enabled = db_prepare_bool($this->rsrc_data['enabled']);
user_ensure_name_valid($username);
user_ensure_realname_valid($realname);
user_ensure_realname_unique($username, $realname);
email_ensure_valid($email);
# The cookie string is based on email and username, so if either of those changed,
# we have to change the cookie string.
$user_row = user_get_row($this->user_id);
$username_key = array_key_exists('username', $user_row) ? 'username' : 1;
$email_key = array_key_exists('email', $user_row) ? 'email' : 3;
$cookie_string_key = array_key_exists('cookie_string', $user_row) ? 'cookie_string' : 13;
if ($user_row[$username_key] != $username || $user_row[$email_key] != $email) {
$seed = $email . $username;
$cookie_string = auth_generate_unique_cookie_string($seed);
} else {
$cookie_string = $user_row[$cookie_string_key];
}
$password_hash = auth_process_plain_password($password);
$user_table = config_get('mantis_user_table');
$query = "UPDATE {$user_table}\n\t\t\t\tSET username = '******',\n\t\t\t\t realname = '{$realname}',\n\t\t\t\t email = '{$email}',\n\t\t\t\t password = '******',\n\t\t\t\t enabled = {$enabled},\n\t\t\t\t protected = {$protected},\n\t\t\t\t access_level = {$access_level},\n\t\t\t\t cookie_string = '{$cookie_string}'\n\t\t\t\tWHERE id = {$this->user_id};";
db_query($query);
$resp = new Response();
$resp->status = 204;
return $resp;
}