function bugCreateHelper($reproducibility, $severity, $priority, $summary, $description, $project_id, $reporter_id) { # Change this path to point to the Mantis installation core.php file require_once '../core.php'; $t_core_path = config_get('core_path'); require_once $t_core_path . 'bug_api.php'; access_ensure_project_level(config_get('report_bug_threshold')); $t_bug_data = new BugData(); $t_bug_data->view_state = config_get('default_bug_view_status'); $t_bug_data->reproducibility = $reproducibility; $t_bug_data->severity = $severity; $t_bug_data->priority = $priority; $t_bug_data->summary = $summary; $t_bug_data->description = $description; $t_bug_data->project_id = $project_id; $t_bug_data->reporter_id = user_get_id_by_name($reporter_id); if ($t_bug_data->reporter_id == "") { $tmp = "Reported by: " . $reporter_id . "\n---------------------------------------------------\n\n"; $tmp .= $t_bug_data->description; $t_bug_data->description = $tmp; } $t_bug_data->summary = trim($t_bug_data->summary); # Create the bug $t_bug_id = bug_create($t_bug_data); email_new_bug($t_bug_id); return $t_bug_id; }
function access_denied() { if (!auth_is_user_authenticated()) { if (basename($_SERVER['SCRIPT_NAME']) != 'login_page.php') { $t_return_page = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $t_return_page .= '?' . $_SERVER['QUERY_STRING']; } $t_return_page = string_url(string_sanitize_url($t_return_page)); print_header_redirect('login_page.php?return=' . $t_return_page); } } else { if (auth_get_current_user_id() == user_get_id_by_name(config_get_global('anonymous_account'))) { if (basename($_SERVER['SCRIPT_NAME']) != 'login_page.php') { $t_return_page = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $t_return_page .= '?' . $_SERVER['QUERY_STRING']; } $t_return_page = string_url(string_sanitize_url($t_return_page)); echo '<center>'; echo '<p>' . error_string(ERROR_ACCESS_DENIED) . '</p>'; print_bracket_link('login_page.php?return=' . $t_return_page, lang_get('click_to_login')); echo '<p></p>'; print_bracket_link('main_page.php', lang_get('proceed')); echo '</center>'; } } else { echo '<center>'; echo '<p>' . error_string(ERROR_ACCESS_DENIED) . '</p>'; print_bracket_link('main_page.php', lang_get('proceed')); echo '</center>'; } } exit; }
function autologin() { if (auth_is_user_authenticated()) { return; } $t_login_method = config_get('login_method'); if ($t_login_method != BASIC_AUTH) { trigger_error("Invalid login method. ({$t_login_method})", ERROR); } $t_user_id = user_get_id_by_name($_SERVER['REMOTE_USER']); if (!$t_user_id) { trigger_error('Invalid user.', ERROR); } user_increment_login_count($t_user_id); user_reset_failed_login_count_to_zero($t_user_id); user_reset_lost_password_in_progress_count_to_zero($t_user_id); auth_set_cookies($t_user_id, true); auth_set_tokens($t_user_id); }
function ERP_update_check() { $t_config_version = plugin_config_get('config_version'); if ($t_config_version === 0) { $t_username = plugin_config_get('mail_reporter', ''); if (strlen($t_username) > 0) { $t_user_id = user_get_id_by_name($t_username); if ($t_user_id !== FALSE) { $t_user_email = user_get_email($t_user_id); if ($t_user_email === 'nomail') { plugin_require_api('core/config_api.php'); # We need to allow blank emails for a sec ERP_set_temporary_overwrite('allow_blank_email', ON); user_set_email($t_user_id, ''); } } } $t_schema = plugin_config_get('schema'); $t_reset_schema = plugin_config_get('reset_schema'); if ($t_schema !== -1 && $t_reset_schema === 0) { plugin_config_set('schema', -1); plugin_config_set('reset_schema', 1); } plugin_config_set('config_version', 1); } if ($t_config_version <= 1) { $t_mail_reporter = plugin_config_get('mail_reporter', ''); if (strlen($t_mail_reporter) > 0) { $t_mail_reporter_id = user_get_id_by_name($t_mail_reporter); plugin_config_set('mail_reporter_id', $t_mail_reporter_id); } plugin_config_delete('mail_directory'); plugin_config_delete('mail_reporter'); plugin_config_delete('mail_additional'); plugin_config_delete('random_user_number'); plugin_config_delete('mail_bug_priority_default'); plugin_config_set('config_version', 2); } if ($t_config_version <= 2) { plugin_config_delete('mail_cronjob_present'); plugin_config_delete('mail_check_timer'); plugin_config_delete('mail_last_check'); plugin_config_set('config_version', 3); } if ($t_config_version <= 3) { $t_mailboxes = plugin_config_get('mailboxes', array()); $t_indexes = array('mailbox_project' => 'mailbox_project_id', 'mailbox_global_category' => 'mailbox_global_category_id'); foreach ($t_mailboxes as $t_key => $t_array) { if (isset($t_array['mailbox_hostname'])) { # Correct the hostname if it is stored in an older format $t_hostname = $t_array['mailbox_hostname']; if (!is_array($t_hostname)) { // ipv6 also uses : so we need to work around that if (substr_count($t_hostname, ':') === 1) { $t_hostname = explode(':', $t_hostname, 2); } else { $t_hostname = array($t_hostname); } $t_hostname = array('hostname' => $t_hostname[0], 'port' => isset($t_hostname[1]) ? $t_hostname[1] : ''); $t_array['mailbox_hostname'] = $t_hostname; } } $t_mailboxes[$t_key] = $this->ERP_update_indexes($t_array, $t_indexes); } plugin_config_set('mailboxes', $t_mailboxes); plugin_config_set('config_version', 4); } if ($t_config_version <= 4) { $t_mail_remove_mantis_email = plugin_config_get('mail_remove_mantis_email', -1); $t_mail_identify_reply = plugin_config_get('mail_identify_reply', $t_mail_remove_mantis_email); if ($t_mail_remove_mantis_email !== -1 && $t_mail_identify_reply !== $t_mail_remove_mantis_email) { plugin_config_set('mail_remove_mantis_email', $t_mail_identify_reply); } plugin_config_delete('mail_identify_reply'); plugin_config_set('config_version', 5); } if ($t_config_version <= 5) { plugin_config_delete('mail_parse_mime'); plugin_config_set('config_version', 6); } if ($t_config_version <= 6) { $t_mailboxes = plugin_config_get('mailboxes', array()); $t_indexes = array('mailbox_enabled' => 'enabled', 'mailbox_description' => 'description', 'mailbox_type' => 'type', 'mailbox_hostname' => 'hostname', 'mailbox_encryption' => 'encryption', 'mailbox_username' => 'username', 'mailbox_password' => 'password', 'mailbox_auth_method' => 'auth_method', 'mailbox_project_id' => 'project_id', 'mailbox_global_category_id' => 'global_category_id', 'mailbox_basefolder' => 'basefolder', 'mailbox_createfolderstructure' => 'createfolderstructure'); foreach ($t_mailboxes as $t_key => $t_array) { $t_mailboxes[$t_key] = $this->ERP_update_indexes($t_array, $t_indexes); } plugin_config_set('mailboxes', $t_mailboxes); plugin_config_set('config_version', 7); } if ($t_config_version <= 7) { $t_mailboxes = plugin_config_get('mailboxes', array()); foreach ($t_mailboxes as $t_key => $t_array) { if (isset($t_array['hostname'])) { $t_hostname = $t_array['hostname']; if (is_array($t_hostname)) { $t_array['hostname'] = $t_hostname['hostname']; $t_array['port'] = $t_hostname['port']; } $t_mailboxes[$t_key] = $t_array; } } plugin_config_set('mailboxes', $t_mailboxes); plugin_config_set('config_version', 8); } if ($t_config_version <= 8) { plugin_config_delete('mail_tmp_directory'); plugin_config_set('config_version', 9); } if ($t_config_version <= 9) { $t_mailboxes = plugin_config_get('mailboxes', array()); $t_indexes = array('type' => 'mailbox_type', 'basefolder' => 'imap_basefolder', 'createfolderstructure' => 'imap_createfolderstructure'); foreach ($t_mailboxes as $t_key => $t_array) { $t_mailboxes[$t_key] = $this->ERP_update_indexes($t_array, $t_indexes); } plugin_config_set('mailboxes', $t_mailboxes); plugin_config_set('config_version', 10); } if ($t_config_version <= 10) { plugin_config_delete('mail_rule_system'); plugin_config_set('config_version', 11); } if ($t_config_version <= 11) { $t_mailboxes = plugin_config_get('mailboxes', array()); $t_indexes = array('username' => 'erp_username', 'password' => 'erp_password'); foreach ($t_mailboxes as $t_key => $t_array) { $t_mailboxes[$t_key] = $this->ERP_update_indexes($t_array, $t_indexes); } plugin_config_set('mailboxes', $t_mailboxes); plugin_config_delete('rules'); plugin_config_delete('mail_encoding'); plugin_config_set('config_version', 12); } if ($t_config_version <= 12) { plugin_config_set('reset_schema', 1); plugin_config_set('config_version', 13); } if ($t_config_version <= 13) { plugin_config_delete('mail_fetch_max'); plugin_config_set('config_version', 14); } if ($t_config_version <= 14) { $t_mail_reporter_id = plugin_config_get('mail_reporter_id', 'Mail'); $t_report_bug_threshold = config_get_global('report_bug_threshold'); if ($t_mail_reporter_id !== 'Mail' && user_exists($t_mail_reporter_id)) { if (!access_has_global_level($t_report_bug_threshold, $t_mail_reporter_id)) { user_set_field($t_mail_reporter_id, 'access_level', $t_report_bug_threshold); } } plugin_config_set('config_version', 15); } }
/** * Sets the changeset's user id by looking up email address or name * Generic code for both Author and Committer, based on the given properties * @param object $p_changeset * @param string $p_user_type 'author' or 'committer' */ function Source_set_changeset_user(&$p_changeset, $p_user_type) { static $s_vcs_names; static $s_names = array(); static $s_emails = array(); # Set the fields switch ($p_user_type) { case 'committer': list($t_id_prop, $t_name_prop, $t_email_prop) = explode(' ', 'committer_id committer committer_email'); break; case 'author': default: list($t_id_prop, $t_name_prop, $t_email_prop) = explode(' ', 'user_id author author_email'); break; } # The user's id is already set, nothing to do if ($p_changeset->{$t_id_prop}) { return; } # cache the vcs username mappings if (is_null($s_vcs_names)) { $s_vcs_names = SourceUser::load_mappings(); } # Check username associations if (isset($s_vcs_names[$p_changeset->{$t_name_prop}])) { $p_changeset->{$t_id_prop} = $s_vcs_names[$p_changeset->{$t_name_prop}]; return; } # Look up the email address if given if ($t_email = $p_changeset->{$t_email_prop}) { if (isset($s_emails[$t_email])) { $p_changeset->{$t_id_prop} = $s_emails[$t_email]; return; } else { if (false !== ($t_email_id = user_get_id_by_email($t_email))) { $s_emails[$t_email] = $p_changeset->{$t_id_prop} = $t_email_id; return; } } } # Look up the name if the email failed if ($t_name = $p_changeset->{$t_name_prop}) { if (isset($s_names[$t_name])) { $p_changeset->{$t_id_prop} = $s_names[$t_name]; return; } else { if (false !== ($t_user_id = user_get_id_by_realname($t_name))) { $s_names[$t_name] = $p_changeset->{$t_id_prop} = $t_user_id; return; } else { if (false !== ($t_user_id = user_get_id_by_name($p_changeset->{$t_name_prop}))) { $s_names[$t_name] = $p_changeset->{$t_id_prop} = $t_user_id; return; } } } } }
/** * return all data associated with a particular user name * return false if the username does not exist * * @param integer $p_username The username to retrieve data for. * @return array */ function user_get_row_by_name($p_username) { $t_user_id = user_get_id_by_name($p_username); if (false === $t_user_id) { return false; } $t_row = user_get_row($t_user_id); return $t_row; }
* @package MantisBT * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright (C) 2002 - 2013 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org */ /** * MantisBT Core API's */ require_once 'core.php'; auth_reauthenticate(); access_ensure_global_level(config_get('manage_user_threshold')); $f_username = gpc_get_string('username', ''); if (is_blank($f_username)) { $t_user_id = gpc_get_int('user_id'); } else { $t_user_id = user_get_id_by_name($f_username); if ($t_user_id === false) { # If we can't find the user by name, attempt to find by email. $t_user_id = user_get_id_by_email($f_username); if ($t_user_id === false) { error_parameters($f_username); trigger_error(ERROR_USER_BY_NAME_NOT_FOUND, ERROR); } } } $t_user = user_get_row($t_user_id); # Ensure that the account to be updated is of equal or lower access to the # current user. access_ensure_global_level($t_user['access_level']); $t_ldap = LDAP == config_get('login_method'); html_page_top();
$frequency = (int) 1; $base = (string) date('Y-m-d\\TH:i:sO'); # add missing : in the O part of the date. PHP 5 supports a 'c' format which will output the format # exactly as we want it. # // 2002-10-02T10:00:00-0500 -> // 2002-10-02T10:00:00-05:00 $base = utf8_substr($base, 0, 22) . ':' . utf8_substr($base, -2); $rssfile->addSYdata($period, $frequency, $base); $t_page_number = 1; $t_issues_per_page = 25; $t_page_count = 0; $t_issues_count = 0; $t_project_id = $f_project_id; if ($f_username !== null) { $t_user_id = user_get_id_by_name($f_username); } else { $t_user_id = user_get_id_by_name(config_get('anonymous_account')); } $t_show_sticky = null; if ($f_filter_id == 0) { $t_custom_filter = filter_get_default(); $t_custom_filter['sort'] = $c_sort_field; } else { # null will be returned if the user doesn't have access right to access the filter. $t_custom_filter = filter_db_get_filter($f_filter_id, $t_user_id); if (null === $t_custom_filter) { access_denied(); } $t_custom_filter = filter_deserialize($t_custom_filter); } $t_issues = filter_get_bug_rows($t_page_number, $t_issues_per_page, $t_page_count, $t_issues_count, $t_custom_filter, $t_project_id, $t_user_id, $t_show_sticky); $t_issues_count = count($t_issues);
/** * return rss news feed url * @param int $p_project_id * @param string $p_username * @param bool $p_relative * @return string */ function rss_get_news_feed_url($p_project_id = null, $p_username = null, $p_relative = true) { if ($p_username === null) { $t_username = current_user_get_field('username'); } else { $t_username = $p_username; } if ($p_project_id === null) { $t_project_id = helper_get_current_project(); } else { $t_project_id = (int) $p_project_id; } if ($p_relative) { $t_rss_link = ''; } else { $t_rss_link = config_get('path'); } $t_user_id = user_get_id_by_name($t_username); // If we have a logged in user then they can be given a 'proper' feed, complete with auth string. if (user_is_anonymous($t_user_id)) { $t_rss_link .= "news_rss.php"; if ($t_project_id != ALL_PROJECTS) { $t_rss_link .= "?project_id={$t_project_id}"; } } else { $t_rss_link .= "news_rss.php?username={$t_username}&key=" . rss_calculate_key($t_user_id); if ($t_project_id != ALL_PROJECTS) { $t_rss_link .= "&project_id={$t_project_id}"; } } return $t_rss_link; }
/** * Return the user id in the destination tracker * * Current logic is: try to find the same user by username; * if it fails, use $squash_userid * * @param $field string bugdata filed to update * @param $username string username as imported * @param $squash_userid integer fallback userid */ private function get_user_id($username, $squash_userid = 0) { $t_user_id = user_get_id_by_name($username); if ($t_user_id === false) { //not found $t_user_id = $squash_userid; } return $t_user_id; }
/** * Validate a plain token for the specified user. * @param string $p_username The user name. * @param string $p_token The plain token. * @return boolean true valid username and token, false otherwise. * @access public */ function api_token_validate($p_username, $p_token) { # If the supplied token doesn't look like a valid one, then fail the check w/o doing db lookups. # This is likely called from code that supports both tokens and passwords. if (is_blank($p_token) || utf8_strlen($p_token) != API_TOKEN_LENGTH) { return false; } $t_user_id = user_get_id_by_name($p_username); # If user is not found in the database, they don't have api tokens, we won't bother with worrying about # auto-creation scenario here. if ($t_user_id === false) { return false; } $t_encrypted_token = api_token_hash($p_token); $t_query = 'SELECT * FROM {api_token} WHERE user_id=' . db_param() . ' AND hash=' . db_param(); $t_result = db_query($t_query, array($t_user_id, $t_encrypted_token)); $t_row = db_fetch_array($t_result); if ($t_row) { api_token_touch($t_row['id']); return true; } return false; }
function getUserIdByName($p_username) { return user_get_id_by_name($p_username); }
function event_update_bug($p_bug_event, $p_bug_data, $p_bug_id) { global $agilemantis_pb; global $agilemantis_commonlib; $t_product_owner = ""; $t_handler_id = 0; $t_product_backlog_id = 0; $t_team_id = 0; $f_bug_id = 0; // Only projects with agilMantis backlog if (!$agilemantis_commonlib->projectHasBacklogs(helper_get_current_project())) { return; } $request = array_merge($_GET, $_POST); if ($_SESSION['AGILEMANTIS_ISMANTISADMIN'] == 1 || $_SESSION['AGILEMANTIS_ISMANTISUSER'] == 1) { if (isset($_POST['backlog']) || isset($_POST['storypoints']) || isset($_POST['businessValue']) || isset($_POST['rankingorder']) || isset($_POST['technical']) || isset($_POST['presentable']) || isset($_POST['inReleaseDocu']) || isset($_POST['sprint'])) { $f_bug_id = (int) $_POST['bug_id']; $agilemantis_pb->setCustomFieldValues($f_bug_id); # change Product Backlog if ($_POST['old_product_backlog'] != $_POST['backlog'] && $_POST['backlog'] != "") { $p_bug_data->handler_id = $_SESSION['tracker_handler']; $p_bug_data->status = 50; } # change back to Team User if no Product Backlog is selected if ($_POST['old_product_backlog'] != $_POST['backlog'] && $_POST['backlog'] == "") { $t_product_backlog_id = $agilemantis_pb->get_product_backlog_id($_POST['old_product_backlog']); if ($agilemantis_pb->count_productbacklog_teams($t_product_backlog_id) > 0) { $t_team_id = $agilemantis_pb->getTeamIdByBacklog($t_product_backlog_id); $t_product_owner = $agilemantis_pb->getProductOwner($t_team_id); $t_handler_id = user_get_id_by_name($t_product_owner); } $p_bug_data->handler_id = $t_handler_id; } } } return $p_bug_data; }
function get_user_id() { $t_user_id = user_get_id_by_name('acra_reporter'); if ($t_user_id === false) { user_create("acra_reporter", date("YzHis", time()), $p_email = '*****@*****.**'); } $t_user_id = user_get_id_by_name('acra_reporter'); return $t_user_id; }
function auth_attempt_script_login($p_username, $p_password = null) { global $g_script_login_cookie, $g_cache_current_user_id; $t_user_id = user_get_id_by_name($p_username); $t_user = user_get_row($t_user_id); # check for disabled account if (OFF == $t_user['enabled']) { return false; } # validate password if supplied if (null !== $p_password) { if (!auth_does_password_match($t_user_id, $p_password)) { return false; } } # ok, we're good to login now # increment login count user_increment_login_count($t_user_id); # set the cookies $g_script_login_cookie = $t_user['cookie_string']; # cache user id for future reference $g_cache_current_user_id = $t_user_id; return true; }
/** * Allows scripts to login using a login name or ( login name + password ) * * There are multiple scenarios where this is used: * - Anonymous login (blank username supplied). * - Anonymous login with anonymous user name specified. * - Anonymous login with account not existing or disabled. * - Pre-authenticated user via some secret hash from email verify or rss feed, where username * is specified but password is null. * - Standard authentication with username and password specified. * * @param string $p_username Username. * @param string $p_password Password. * @return boolean indicates if authentication was successful * @access public */ function auth_attempt_script_login($p_username, $p_password = null) { global $g_script_login_cookie, $g_cache_current_user_id; $t_username = $p_username; $t_password = $p_password; $t_anon_allowed = config_get('allow_anonymous_login'); if ($t_anon_allowed == ON) { $t_anonymous_account = config_get('anonymous_account'); } else { $t_anonymous_account = ''; } # if no user name supplied, then attempt to login as anonymous user. if (is_blank($t_username) || strcasecmp($t_username, $t_anonymous_account) == 0) { if ($t_anon_allowed == OFF) { return false; } $t_username = $t_anonymous_account; # do not use password validation. $t_password = null; } $t_user_id = user_get_id_by_name($t_username); if (false === $t_user_id) { return false; } $t_user = user_get_row($t_user_id); # check for disabled account if (OFF == $t_user['enabled']) { return false; } # validate password if supplied if (null !== $t_password) { if (!auth_does_password_match($t_user_id, $t_password)) { return false; } } # ok, we're good to login now # With cases like RSS feeds and MantisConnect there is a login per operation, hence, there is no # real significance of incrementing login count. # increment login count # user_increment_login_count( $t_user_id ); # set the cookies $g_script_login_cookie = $t_user['cookie_string']; # cache user id for future reference $g_cache_current_user_id = $t_user_id; return true; }
/** * Given a login username provided by the user via the web UI or our API, * get the user id. The login username can be a username or an email address. * The email address will work as long there is a single enabled account with * such address and it is not blank. * * @param string $p_login_name The login name. * @return integer|boolean user id or false. */ function auth_get_user_id_from_login_name($p_login_name) { $t_user_id = user_get_id_by_name($p_login_name); # If user is not found by name, check by email as long as there is only # a single match. if ($t_user_id === false && !is_blank($p_login_name) && config_get_global('email_login_enabled') && email_is_valid($p_login_name)) { $t_user_ids_by_email = user_get_enabled_ids_by_email($p_login_name); if (count($t_user_ids_by_email) == 1) { $t_user_id = $t_user_ids_by_email[0]; } } return $t_user_id; }
public function post($request) { /** * Creates a new user. * * The user will get a confirmation email, and will have the password provided * in the incoming representation. * * @param $request - The Request we're responding to */ if (!access_has_global_level(config_get('manage_user_threshold'))) { throw new HTTPException(403, "Access denied to create user"); } $new_user = new User(); $new_user->populate_from_repr($request->body); $username = $new_user->mantis_data['username']; $password = $new_user->mantis_data['password']; $email = email_append_domain($new_user->mantis_data['email']); $access_level = $new_user->mantis_data['access_level']; $protected = $new_user->mantis_data['protected']; $enabled = $new_user->mantis_data['enabled']; $realname = $new_user->mantis_data['realname']; if (!user_is_name_valid($username)) { throw new HTTPException(500, "Invalid username"); } elseif (!user_is_realname_valid($realname)) { throw new HTTPException(500, "Invalid realname"); } user_create($username, $password, $email, $access_level, $protected, $enabled, $realname); $new_user_id = user_get_id_by_name($username); $new_user_url = User::get_url_from_mantis_id($new_user_id); $this->rsrc_data = $new_user_url; $resp = new Response(); $resp->status = 201; $resp->headers[] = "location: {$new_user_url}"; $resp->body = $this->_repr($request); return $resp; }
/** * Allows scripts to login using a login name or ( login name + password ) * @param string $p_username username * @param string $p_password username * @return bool indicates if authentication was successful * @access public */ function auth_attempt_script_login($p_username, $p_password = null) { global $g_script_login_cookie, $g_cache_current_user_id; $t_user_id = user_get_id_by_name($p_username); if (false === $t_user_id) { return false; } $t_user = user_get_row($t_user_id); # check for disabled account if (OFF == $t_user['enabled']) { return false; } # validate password if supplied if (null !== $p_password) { if (!auth_does_password_match($t_user_id, $p_password)) { return false; } } # ok, we're good to login now # With cases like RSS feeds and MantisConnect there is a login per operation, hence, there is no # real significance of incrementing login count. # increment login count # user_increment_login_count( $t_user_id ); # set the cookies $g_script_login_cookie = $t_user['cookie_string']; # cache user id for future reference $g_cache_current_user_id = $t_user_id; return true; }
# GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with MantisBT. If not, see <http://www.gnu.org/licenses/>. # See the README and LICENSE files for details global $g_bypass_headers; $g_bypass_headers = 1; require_once dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'core.php'; # Make sure this script doesn't run via the webserver if (php_sapi_name() != 'cli') { echo "checkin.php is not allowed to run through the webserver.\n"; exit(1); } # Check that the username is set and exists $t_username = config_get('source_control_account'); if (is_blank($t_username) || user_get_id_by_name($t_username) === false) { echo "Invalid source control account ('{$t_username}').\n"; exit(1); } if (!defined("STDIN")) { define("STDIN", fopen('php://stdin', 'r')); } # Detect references to issues + concat all lines to have the comment log. $t_commit_regexp = config_get('source_control_regexp'); $t_commit_fixed_regexp = config_get('source_control_fixed_regexp'); $t_comment = ''; $t_issues = array(); $t_fixed_issues = array(); while ($t_line = fgets(STDIN, 1024)) { $t_comment .= $t_line; if (preg_match_all($t_commit_regexp, $t_line, $t_matches)) {
/** * Return user id * @param stdClass $p_user User. * @return integer user id */ function mci_get_user_id(stdClass $p_user) { $p_user = SoapObjectsFactory::unwrapObject($p_user); $t_user_id = 0; if (isset($p_user['id']) && (int) $p_user['id'] != 0) { $t_user_id = (int) $p_user['id']; } elseif (isset($p_user['name'])) { $t_user_id = user_get_id_by_name($p_user['name']); } elseif (isset($p_user['email'])) { $t_user_id = user_get_id_by_email($p_user['email']); } return $t_user_id; }
function mci_get_user_id(&$p_user) { if (!isset($p_user)) { return 0; } $t_user_id = 0; if ((int) $p_user['id'] != 0) { $t_user_id = (int) $p_user['id']; } else { if (isset($p_user['name'])) { $t_user_id = user_get_id_by_name($p_user['name']); } } return $t_user_id; }
$t_anonymous_account = config_get_global( 'anonymous_account' ); check_print_test_row( 'anonymous_account configuration option is specified', $t_anonymous_account !== '', array( true => 'The account currently being used for anonymous access is: ' . htmlentities( $t_anonymous_account ), false => 'The anonymous_account configuration option must specify the username of an account to use for anonymous logins.' ) ); if( $t_anonymous_account === '' ) { return; } $t_anonymous_user_id = user_get_id_by_name( $t_anonymous_account ); check_print_test_row( 'anonymous_account is a valid user account', $t_anonymous_user_id !== false, array( false => 'You need to specify a valid user account to use with the anonymous_account configuration options.' ) ); check_print_test_row( 'anonymous_account user has the enabled flag set', user_is_enabled( $t_anonymous_user_id ), array( false => 'The anonymous user account must be enabled before it can be used.' ) ); check_print_test_row( 'anonymous_account user has the protected flag set', user_get_field( $t_anonymous_user_id, 'protected' ),
/** * Given a string find the @ mentioned users. The return list is a valid * list of valid mentioned users. The list will be empty if the mentions * feature is disabled. * * @param string $p_text The text to process. * @return array with valid usernames as keys and their ids as values. */ function mention_get_users($p_text) { if (!mention_enabled()) { return array(); } $t_matches = mention_get_candidates($p_text); if (empty($t_matches)) { return array(); } $t_mentioned_users = array(); foreach ($t_matches as $t_candidate) { if ($t_user_id = user_get_id_by_name($t_candidate)) { if (false === $t_user_id) { continue; } $t_mentioned_users[$t_candidate] = $t_user_id; } } return $t_mentioned_users; }
} if (print_test_row('check mssql textsize in php.ini...', ini_get('mssql.textlimit') != 4096, ini_get('mssql.textlimit'))) { print_test_warn_row('check mssql textsize in php.ini...', ini_get('mssql.textsize') == 2147483647, ini_get('mssql.textsize')); } } print_test_row('check variables_order includes GPCS', stristr(ini_get('variables_order'), 'G') && stristr(ini_get('variables_order'), 'P') && stristr(ini_get('variables_order'), 'C') && stristr(ini_get('variables_order'), 'S'), ini_get('variables_order')); test_bug_download_threshold(); test_bug_attachments_allow_flags(); print_test_row('check mail configuration: send_reset_password = ON requires allow_blank_email = OFF', OFF == config_get_global('send_reset_password') || OFF == config_get_global('allow_blank_email')); print_test_row('check mail configuration: send_reset_password = ON requires enable_email_notification = ON', OFF == config_get_global('send_reset_password') || ON == config_get_global('enable_email_notification')); print_test_row('check mail configuration: allow_signup = ON requires enable_email_notification = ON', OFF == config_get_global('allow_signup') || ON == config_get_global('enable_email_notification')); print_test_row('check mail configuration: allow_signup = ON requires send_reset_password = ON', OFF == config_get_global('allow_signup') || ON == config_get_global('send_reset_password')); print_test_row('check language configuration: fallback_language is not \'auto\'', 'auto' != config_get_global('fallback_language')); print_test_row('check configuration: allow_anonymous_login = ON requires anonymous_account to be set', OFF == config_get_global('allow_anonymous_login') || strlen(config_get_global('anonymous_account')) > 0); $t_anon_user = false; print_test_row('check configuration: anonymous_account is a valid username if set', strlen(config_get_global('anonymous_account')) > 0 ? ($t_anon_user = user_get_id_by_name(config_get_global('anonymous_account'))) !== false : TRUE); print_test_row('check configuration: anonymous_account should not be an administrator', $t_anon_user ? !user_is_administrator($t_anon_user) : TRUE); print_test_row('$g_bug_link_tag is not empty ("' . config_get_global('bug_link_tag') . '")', '' != config_get_global('bug_link_tag')); print_test_row('$g_bugnote_link_tag is not empty ("' . config_get_global('bugnote_link_tag') . '")', '' != config_get_global('bugnote_link_tag')); print_test_row('filters: dhtml_filters = ON requires use_javascript = ON', OFF == config_get_global('dhtml_filters') || ON == config_get_global('use_javascript')); print_test_row('Phpmailer sendmail configuration requires escapeshellcmd. Please use a different phpmailer method if this is blocked.', PHPMAILER_METHOD_SENDMAIL != config_get('phpMailer_method') || PHPMAILER_METHOD_SENDMAIL == config_get('phpMailer_method') && function_exists('escapeshellcmd')); print_test_row('Phpmailer sendmail configuration requires escapeshellarg. Please use a different phpmailer method if this is blocked.', PHPMAILER_METHOD_SENDMAIL != config_get('phpMailer_method') || PHPMAILER_METHOD_SENDMAIL == config_get('phpMailer_method') && function_exists('escapeshellarg')); check_zend_optimiser_version(); if (plugin_is_installed('MantisGraph')) { plugin_push_current('MantisGraph'); print_test_row('checking gd is enabled, and version 2...', get_gd_version() == 2); if (plugin_config_get('eczlibrary', ON) == OFF) { $t_jpgraph_path = config_get('absolute_path') . 'library' . DIRECTORY_SEPARATOR . 'jpgraph' . DIRECTORY_SEPARATOR; if (!file_exists($t_jpgraph_path . 'jpgraph.php')) { print_test_row('checking we can find jpgraph class files...', false); } else {
function mci_get_user_id($p_user) { $t_user_id = 0; if (isset($p_user['id']) && (int) $p_user['id'] != 0) { $t_user_id = (int) $p_user['id']; } elseif (isset($p_user['name'])) { $t_user_id = user_get_id_by_name($p_user['name']); } elseif (isset($p_user['email'])) { $t_user_id = user_get_id_by_email($p_user['email']); } return $t_user_id; }
/** * Return the user id in the destination tracker * * Current logic is: try to find the same user by username; * if it fails, use $p_squash_userid * * @param string $p_username username as imported * @param int $p_squash_userid fallback userid * @return int */ private function get_user_id($p_username, $p_squash_userid = 0) { $t_user_id = user_get_id_by_name($p_username); if ($t_user_id === false) { // user not found by username -> check real name // keep in mind that the setting config_get( 'show_user_realname_threshold' ) may differ between import and export system! $t_user_id = user_get_id_by_realname($p_username); if ($t_user_id === false) { //not found $t_user_id = $p_squash_userid; } } return $t_user_id; }
/** * Authenticates an user via LDAP given the username and password. * * @param string $p_username The user name. * @param string $p_password The password. * @return true: authenticated, false: failed to authenticate. */ function ldap_authenticate_by_username($p_username, $p_password) { if (ldap_simulation_is_enabled()) { log_event(LOG_LDAP, "Authenticating via LDAP simulation"); $t_authenticated = ldap_simulation_authenticate_by_username($p_username, $p_password); } else { $c_username = ldap_escape_string($p_username); $t_ldap_organization = config_get('ldap_organization'); $t_ldap_root_dn = config_get('ldap_root_dn'); $t_ldap_uid_field = config_get('ldap_uid_field', 'uid'); $t_search_filter = "(&{$t_ldap_organization}({$t_ldap_uid_field}={$c_username}))"; $t_search_attrs = array($t_ldap_uid_field, 'dn'); # Bind log_event(LOG_LDAP, "Binding to LDAP server"); $t_ds = ldap_connect_bind(); if ($t_ds === false) { ldap_log_error($t_ds); trigger_error(ERROR_LDAP_AUTH_FAILED, ERROR); } # Search for the user id log_event(LOG_LDAP, "Searching for {$t_search_filter}"); $t_sr = ldap_search($t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs); if ($t_sr === false) { ldap_log_error($t_ds); ldap_unbind($t_ds); log_event(LOG_LDAP, "ldap search failed"); trigger_error(ERROR_LDAP_AUTH_FAILED, ERROR); } $t_info = @ldap_get_entries($t_ds, $t_sr); if ($t_info === false) { ldap_log_error($t_ds); ldap_free_result($t_sr); ldap_unbind($t_ds); trigger_error(ERROR_LDAP_AUTH_FAILED, ERROR); } $t_authenticated = false; if ($t_info['count'] > 0) { # Try to authenticate to each until we get a match for ($i = 0; $i < $t_info['count']; $i++) { $t_dn = $t_info[$i]['dn']; log_event(LOG_LDAP, "Checking {$t_info[$i]['dn']}"); # Attempt to bind with the DN and password if (@ldap_bind($t_ds, $t_dn, $p_password)) { $t_authenticated = true; break; } } } else { log_event(LOG_LDAP, "No matching entries found"); } log_event(LOG_LDAP, "Unbinding from LDAP server"); ldap_free_result($t_sr); ldap_unbind($t_ds); } # If user authenticated successfully then update the local DB with information # from LDAP. This will allow us to use the local data after login without # having to go back to LDAP. This will also allow fallback to DB if LDAP is down. if ($t_authenticated) { $t_user_id = user_get_id_by_name($p_username); if (false !== $t_user_id) { $t_fields_to_update = array('password' => md5($p_password)); if (ON == config_get('use_ldap_realname')) { $t_fields_to_update['realname'] = ldap_realname($t_user_id); } if (ON == config_get('use_ldap_email')) { $t_fields_to_update['email'] = ldap_email_from_username($p_username); } user_set_fields($t_user_id, $t_fields_to_update); } log_event(LOG_LDAP, "User '{$p_username}' authenticated"); } else { log_event(LOG_LDAP, "Authentication failed"); } return $t_authenticated; }
# echo lang_get( 'login_page_info' ) . '<br />'; # Only echo error message if error variable is set if ($f_error) { echo '<li>' . lang_get('login_error') . '</li>'; } if ($f_cookie_error) { echo '<li>' . lang_get('login_cookies_disabled') . '</li>'; } echo '</ul>'; echo '</div>'; } $t_warnings = array(); $t_upgrade_required = false; if (config_get_global('admin_checks') == ON && file_exists(dirname(__FILE__) . '/admin')) { # Generate a warning if default user administrator/root is valid. $t_admin_user_id = user_get_id_by_name('administrator'); if ($t_admin_user_id !== false) { if (user_is_enabled($t_admin_user_id) && auth_does_password_match($t_admin_user_id, 'root')) { $t_warnings[] = lang_get('warning_default_administrator_account_present'); } } /** * Display Warnings for enabled debugging / developer settings * @param string $p_type Message Type. * @param string $p_setting Setting. * @param string $p_value Value. * @return string */ function debug_setting_message($p_type, $p_setting, $p_value) { return sprintf(lang_get('warning_change_setting'), $p_setting, $p_value) . sprintf(lang_get('word_separator')) . sprintf(lang_get("warning_{$p_type}_hazard"));
private function get_userid_from_email($p_email_address) { $t_reporter_id = FALSE; if ($this->_use_ldap_email) { $t_username = $this->ldap_get_username_from_email($p_email_address); if ($t_username !== NULL && user_is_name_valid($t_username)) { $t_reporter_id = user_get_id_by_name($t_username); } } if (!$t_reporter_id) { $t_reporter_id = user_get_id_by_email($p_email_address); } return $t_reporter_id; }