function bugCreateHelper($reproducibility, $severity, $priority, $summary, $description, $project_id, $reporter_id)
{
# Change this path to point to the Mantis installation core.php file
require_once '../core.php';
$t_core_path = config_get('core_path');
require_once $t_core_path . 'bug_api.php';
access_ensure_project_level(config_get('report_bug_threshold'));
$t_bug_data = new BugData();
$t_bug_data->view_state = config_get('default_bug_view_status');
$t_bug_data->reproducibility = $reproducibility;
$t_bug_data->severity = $severity;
$t_bug_data->priority = $priority;
$t_bug_data->summary = $summary;
$t_bug_data->description = $description;
$t_bug_data->project_id = $project_id;
$t_bug_data->reporter_id = user_get_id_by_name($reporter_id);
if ($t_bug_data->reporter_id == "") {
$tmp = "Reported by: " . $reporter_id . "\n---------------------------------------------------\n\n";
$tmp .= $t_bug_data->description;
$t_bug_data->description = $tmp;
}
$t_bug_data->summary = trim($t_bug_data->summary);
# Create the bug
$t_bug_id = bug_create($t_bug_data);
email_new_bug($t_bug_id);
return $t_bug_id;
}
function access_denied()
{
if (!auth_is_user_authenticated()) {
if (basename($_SERVER['SCRIPT_NAME']) != 'login_page.php') {
$t_return_page = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$t_return_page .= '?' . $_SERVER['QUERY_STRING'];
}
$t_return_page = string_url(string_sanitize_url($t_return_page));
print_header_redirect('login_page.php?return=' . $t_return_page);
}
} else {
if (auth_get_current_user_id() == user_get_id_by_name(config_get_global('anonymous_account'))) {
if (basename($_SERVER['SCRIPT_NAME']) != 'login_page.php') {
$t_return_page = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$t_return_page .= '?' . $_SERVER['QUERY_STRING'];
}
$t_return_page = string_url(string_sanitize_url($t_return_page));
echo '<center>';
echo '<p>' . error_string(ERROR_ACCESS_DENIED) . '</p>';
print_bracket_link('login_page.php?return=' . $t_return_page, lang_get('click_to_login'));
echo '<p></p>';
print_bracket_link('main_page.php', lang_get('proceed'));
echo '</center>';
}
} else {
echo '<center>';
echo '<p>' . error_string(ERROR_ACCESS_DENIED) . '</p>';
print_bracket_link('main_page.php', lang_get('proceed'));
echo '</center>';
}
}
exit;
}
function autologin()
{
if (auth_is_user_authenticated()) {
return;
}
$t_login_method = config_get('login_method');
if ($t_login_method != BASIC_AUTH) {
trigger_error("Invalid login method. ({$t_login_method})", ERROR);
}
$t_user_id = user_get_id_by_name($_SERVER['REMOTE_USER']);
if (!$t_user_id) {
trigger_error('Invalid user.', ERROR);
}
user_increment_login_count($t_user_id);
user_reset_failed_login_count_to_zero($t_user_id);
user_reset_lost_password_in_progress_count_to_zero($t_user_id);
auth_set_cookies($t_user_id, true);
auth_set_tokens($t_user_id);
}
function ERP_update_check()
{
$t_config_version = plugin_config_get('config_version');
if ($t_config_version === 0) {
$t_username = plugin_config_get('mail_reporter', '');
if (strlen($t_username) > 0) {
$t_user_id = user_get_id_by_name($t_username);
if ($t_user_id !== FALSE) {
$t_user_email = user_get_email($t_user_id);
if ($t_user_email === 'nomail') {
plugin_require_api('core/config_api.php');
# We need to allow blank emails for a sec
ERP_set_temporary_overwrite('allow_blank_email', ON);
user_set_email($t_user_id, '');
}
}
}
$t_schema = plugin_config_get('schema');
$t_reset_schema = plugin_config_get('reset_schema');
if ($t_schema !== -1 && $t_reset_schema === 0) {
plugin_config_set('schema', -1);
plugin_config_set('reset_schema', 1);
}
plugin_config_set('config_version', 1);
}
if ($t_config_version <= 1) {
$t_mail_reporter = plugin_config_get('mail_reporter', '');
if (strlen($t_mail_reporter) > 0) {
$t_mail_reporter_id = user_get_id_by_name($t_mail_reporter);
plugin_config_set('mail_reporter_id', $t_mail_reporter_id);
}
plugin_config_delete('mail_directory');
plugin_config_delete('mail_reporter');
plugin_config_delete('mail_additional');
plugin_config_delete('random_user_number');
plugin_config_delete('mail_bug_priority_default');
plugin_config_set('config_version', 2);
}
if ($t_config_version <= 2) {
plugin_config_delete('mail_cronjob_present');
plugin_config_delete('mail_check_timer');
plugin_config_delete('mail_last_check');
plugin_config_set('config_version', 3);
}
if ($t_config_version <= 3) {
$t_mailboxes = plugin_config_get('mailboxes', array());
$t_indexes = array('mailbox_project' => 'mailbox_project_id', 'mailbox_global_category' => 'mailbox_global_category_id');
foreach ($t_mailboxes as $t_key => $t_array) {
if (isset($t_array['mailbox_hostname'])) {
# Correct the hostname if it is stored in an older format
$t_hostname = $t_array['mailbox_hostname'];
if (!is_array($t_hostname)) {
// ipv6 also uses : so we need to work around that
if (substr_count($t_hostname, ':') === 1) {
$t_hostname = explode(':', $t_hostname, 2);
} else {
$t_hostname = array($t_hostname);
}
$t_hostname = array('hostname' => $t_hostname[0], 'port' => isset($t_hostname[1]) ? $t_hostname[1] : '');
$t_array['mailbox_hostname'] = $t_hostname;
}
}
$t_mailboxes[$t_key] = $this->ERP_update_indexes($t_array, $t_indexes);
}
plugin_config_set('mailboxes', $t_mailboxes);
plugin_config_set('config_version', 4);
}
if ($t_config_version <= 4) {
$t_mail_remove_mantis_email = plugin_config_get('mail_remove_mantis_email', -1);
$t_mail_identify_reply = plugin_config_get('mail_identify_reply', $t_mail_remove_mantis_email);
if ($t_mail_remove_mantis_email !== -1 && $t_mail_identify_reply !== $t_mail_remove_mantis_email) {
plugin_config_set('mail_remove_mantis_email', $t_mail_identify_reply);
}
plugin_config_delete('mail_identify_reply');
plugin_config_set('config_version', 5);
}
if ($t_config_version <= 5) {
plugin_config_delete('mail_parse_mime');
plugin_config_set('config_version', 6);
}
if ($t_config_version <= 6) {
$t_mailboxes = plugin_config_get('mailboxes', array());
$t_indexes = array('mailbox_enabled' => 'enabled', 'mailbox_description' => 'description', 'mailbox_type' => 'type', 'mailbox_hostname' => 'hostname', 'mailbox_encryption' => 'encryption', 'mailbox_username' => 'username', 'mailbox_password' => 'password', 'mailbox_auth_method' => 'auth_method', 'mailbox_project_id' => 'project_id', 'mailbox_global_category_id' => 'global_category_id', 'mailbox_basefolder' => 'basefolder', 'mailbox_createfolderstructure' => 'createfolderstructure');
foreach ($t_mailboxes as $t_key => $t_array) {
$t_mailboxes[$t_key] = $this->ERP_update_indexes($t_array, $t_indexes);
}
plugin_config_set('mailboxes', $t_mailboxes);
plugin_config_set('config_version', 7);
}
if ($t_config_version <= 7) {
$t_mailboxes = plugin_config_get('mailboxes', array());
foreach ($t_mailboxes as $t_key => $t_array) {
if (isset($t_array['hostname'])) {
$t_hostname = $t_array['hostname'];
if (is_array($t_hostname)) {
$t_array['hostname'] = $t_hostname['hostname'];
$t_array['port'] = $t_hostname['port'];
}
$t_mailboxes[$t_key] = $t_array;
}
}
plugin_config_set('mailboxes', $t_mailboxes);
plugin_config_set('config_version', 8);
}
if ($t_config_version <= 8) {
plugin_config_delete('mail_tmp_directory');
plugin_config_set('config_version', 9);
}
if ($t_config_version <= 9) {
$t_mailboxes = plugin_config_get('mailboxes', array());
$t_indexes = array('type' => 'mailbox_type', 'basefolder' => 'imap_basefolder', 'createfolderstructure' => 'imap_createfolderstructure');
foreach ($t_mailboxes as $t_key => $t_array) {
$t_mailboxes[$t_key] = $this->ERP_update_indexes($t_array, $t_indexes);
}
plugin_config_set('mailboxes', $t_mailboxes);
plugin_config_set('config_version', 10);
}
if ($t_config_version <= 10) {
plugin_config_delete('mail_rule_system');
plugin_config_set('config_version', 11);
}
if ($t_config_version <= 11) {
$t_mailboxes = plugin_config_get('mailboxes', array());
$t_indexes = array('username' => 'erp_username', 'password' => 'erp_password');
foreach ($t_mailboxes as $t_key => $t_array) {
$t_mailboxes[$t_key] = $this->ERP_update_indexes($t_array, $t_indexes);
}
plugin_config_set('mailboxes', $t_mailboxes);
plugin_config_delete('rules');
plugin_config_delete('mail_encoding');
plugin_config_set('config_version', 12);
}
if ($t_config_version <= 12) {
plugin_config_set('reset_schema', 1);
plugin_config_set('config_version', 13);
}
if ($t_config_version <= 13) {
plugin_config_delete('mail_fetch_max');
plugin_config_set('config_version', 14);
}
if ($t_config_version <= 14) {
$t_mail_reporter_id = plugin_config_get('mail_reporter_id', 'Mail');
$t_report_bug_threshold = config_get_global('report_bug_threshold');
if ($t_mail_reporter_id !== 'Mail' && user_exists($t_mail_reporter_id)) {
if (!access_has_global_level($t_report_bug_threshold, $t_mail_reporter_id)) {
user_set_field($t_mail_reporter_id, 'access_level', $t_report_bug_threshold);
}
}
plugin_config_set('config_version', 15);
}
}
/**
* Sets the changeset's user id by looking up email address or name
* Generic code for both Author and Committer, based on the given properties
* @param object $p_changeset
* @param string $p_user_type 'author' or 'committer'
*/
function Source_set_changeset_user(&$p_changeset, $p_user_type)
{
static $s_vcs_names;
static $s_names = array();
static $s_emails = array();
# Set the fields
switch ($p_user_type) {
case 'committer':
list($t_id_prop, $t_name_prop, $t_email_prop) = explode(' ', 'committer_id committer committer_email');
break;
case 'author':
default:
list($t_id_prop, $t_name_prop, $t_email_prop) = explode(' ', 'user_id author author_email');
break;
}
# The user's id is already set, nothing to do
if ($p_changeset->{$t_id_prop}) {
return;
}
# cache the vcs username mappings
if (is_null($s_vcs_names)) {
$s_vcs_names = SourceUser::load_mappings();
}
# Check username associations
if (isset($s_vcs_names[$p_changeset->{$t_name_prop}])) {
$p_changeset->{$t_id_prop} = $s_vcs_names[$p_changeset->{$t_name_prop}];
return;
}
# Look up the email address if given
if ($t_email = $p_changeset->{$t_email_prop}) {
if (isset($s_emails[$t_email])) {
$p_changeset->{$t_id_prop} = $s_emails[$t_email];
return;
} else {
if (false !== ($t_email_id = user_get_id_by_email($t_email))) {
$s_emails[$t_email] = $p_changeset->{$t_id_prop} = $t_email_id;
return;
}
}
}
# Look up the name if the email failed
if ($t_name = $p_changeset->{$t_name_prop}) {
if (isset($s_names[$t_name])) {
$p_changeset->{$t_id_prop} = $s_names[$t_name];
return;
} else {
if (false !== ($t_user_id = user_get_id_by_realname($t_name))) {
$s_names[$t_name] = $p_changeset->{$t_id_prop} = $t_user_id;
return;
} else {
if (false !== ($t_user_id = user_get_id_by_name($p_changeset->{$t_name_prop}))) {
$s_names[$t_name] = $p_changeset->{$t_id_prop} = $t_user_id;
return;
}
}
}
}
}
/**
* return all data associated with a particular user name
* return false if the username does not exist
*
* @param integer $p_username The username to retrieve data for.
* @return array
*/
function user_get_row_by_name($p_username)
{
$t_user_id = user_get_id_by_name($p_username);
if (false === $t_user_id) {
return false;
}
$t_row = user_get_row($t_user_id);
return $t_row;
}
* @package MantisBT
* @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright (C) 2002 - 2013 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*/
/**
* MantisBT Core API's
*/
require_once 'core.php';
auth_reauthenticate();
access_ensure_global_level(config_get('manage_user_threshold'));
$f_username = gpc_get_string('username', '');
if (is_blank($f_username)) {
$t_user_id = gpc_get_int('user_id');
} else {
$t_user_id = user_get_id_by_name($f_username);
if ($t_user_id === false) {
# If we can't find the user by name, attempt to find by email.
$t_user_id = user_get_id_by_email($f_username);
if ($t_user_id === false) {
error_parameters($f_username);
trigger_error(ERROR_USER_BY_NAME_NOT_FOUND, ERROR);
}
}
}
$t_user = user_get_row($t_user_id);
# Ensure that the account to be updated is of equal or lower access to the
# current user.
access_ensure_global_level($t_user['access_level']);
$t_ldap = LDAP == config_get('login_method');
html_page_top();
$frequency = (int) 1;
$base = (string) date('Y-m-d\\TH:i:sO');
# add missing : in the O part of the date. PHP 5 supports a 'c' format which will output the format
# exactly as we want it.
# // 2002-10-02T10:00:00-0500 -> // 2002-10-02T10:00:00-05:00
$base = utf8_substr($base, 0, 22) . ':' . utf8_substr($base, -2);
$rssfile->addSYdata($period, $frequency, $base);
$t_page_number = 1;
$t_issues_per_page = 25;
$t_page_count = 0;
$t_issues_count = 0;
$t_project_id = $f_project_id;
if ($f_username !== null) {
$t_user_id = user_get_id_by_name($f_username);
} else {
$t_user_id = user_get_id_by_name(config_get('anonymous_account'));
}
$t_show_sticky = null;
if ($f_filter_id == 0) {
$t_custom_filter = filter_get_default();
$t_custom_filter['sort'] = $c_sort_field;
} else {
# null will be returned if the user doesn't have access right to access the filter.
$t_custom_filter = filter_db_get_filter($f_filter_id, $t_user_id);
if (null === $t_custom_filter) {
access_denied();
}
$t_custom_filter = filter_deserialize($t_custom_filter);
}
$t_issues = filter_get_bug_rows($t_page_number, $t_issues_per_page, $t_page_count, $t_issues_count, $t_custom_filter, $t_project_id, $t_user_id, $t_show_sticky);
$t_issues_count = count($t_issues);
/**
* return rss news feed url
* @param int $p_project_id
* @param string $p_username
* @param bool $p_relative
* @return string
*/
function rss_get_news_feed_url($p_project_id = null, $p_username = null, $p_relative = true)
{
if ($p_username === null) {
$t_username = current_user_get_field('username');
} else {
$t_username = $p_username;
}
if ($p_project_id === null) {
$t_project_id = helper_get_current_project();
} else {
$t_project_id = (int) $p_project_id;
}
if ($p_relative) {
$t_rss_link = '';
} else {
$t_rss_link = config_get('path');
}
$t_user_id = user_get_id_by_name($t_username);
// If we have a logged in user then they can be given a 'proper' feed, complete with auth string.
if (user_is_anonymous($t_user_id)) {
$t_rss_link .= "news_rss.php";
if ($t_project_id != ALL_PROJECTS) {
$t_rss_link .= "?project_id={$t_project_id}";
}
} else {
$t_rss_link .= "news_rss.php?username={$t_username}&key=" . rss_calculate_key($t_user_id);
if ($t_project_id != ALL_PROJECTS) {
$t_rss_link .= "&project_id={$t_project_id}";
}
}
return $t_rss_link;
}
/**
* Return the user id in the destination tracker
*
* Current logic is: try to find the same user by username;
* if it fails, use $squash_userid
*
* @param $field string bugdata filed to update
* @param $username string username as imported
* @param $squash_userid integer fallback userid
*/
private function get_user_id($username, $squash_userid = 0)
{
$t_user_id = user_get_id_by_name($username);
if ($t_user_id === false) {
//not found
$t_user_id = $squash_userid;
}
return $t_user_id;
}
/**
* Validate a plain token for the specified user.
* @param string $p_username The user name.
* @param string $p_token The plain token.
* @return boolean true valid username and token, false otherwise.
* @access public
*/
function api_token_validate($p_username, $p_token)
{
# If the supplied token doesn't look like a valid one, then fail the check w/o doing db lookups.
# This is likely called from code that supports both tokens and passwords.
if (is_blank($p_token) || utf8_strlen($p_token) != API_TOKEN_LENGTH) {
return false;
}
$t_user_id = user_get_id_by_name($p_username);
# If user is not found in the database, they don't have api tokens, we won't bother with worrying about
# auto-creation scenario here.
if ($t_user_id === false) {
return false;
}
$t_encrypted_token = api_token_hash($p_token);
$t_query = 'SELECT * FROM {api_token} WHERE user_id=' . db_param() . ' AND hash=' . db_param();
$t_result = db_query($t_query, array($t_user_id, $t_encrypted_token));
$t_row = db_fetch_array($t_result);
if ($t_row) {
api_token_touch($t_row['id']);
return true;
}
return false;
}
function getUserIdByName($p_username)
{
return user_get_id_by_name($p_username);
}
function event_update_bug($p_bug_event, $p_bug_data, $p_bug_id)
{
global $agilemantis_pb;
global $agilemantis_commonlib;
$t_product_owner = "";
$t_handler_id = 0;
$t_product_backlog_id = 0;
$t_team_id = 0;
$f_bug_id = 0;
// Only projects with agilMantis backlog
if (!$agilemantis_commonlib->projectHasBacklogs(helper_get_current_project())) {
return;
}
$request = array_merge($_GET, $_POST);
if ($_SESSION['AGILEMANTIS_ISMANTISADMIN'] == 1 || $_SESSION['AGILEMANTIS_ISMANTISUSER'] == 1) {
if (isset($_POST['backlog']) || isset($_POST['storypoints']) || isset($_POST['businessValue']) || isset($_POST['rankingorder']) || isset($_POST['technical']) || isset($_POST['presentable']) || isset($_POST['inReleaseDocu']) || isset($_POST['sprint'])) {
$f_bug_id = (int) $_POST['bug_id'];
$agilemantis_pb->setCustomFieldValues($f_bug_id);
# change Product Backlog
if ($_POST['old_product_backlog'] != $_POST['backlog'] && $_POST['backlog'] != "") {
$p_bug_data->handler_id = $_SESSION['tracker_handler'];
$p_bug_data->status = 50;
}
# change back to Team User if no Product Backlog is selected
if ($_POST['old_product_backlog'] != $_POST['backlog'] && $_POST['backlog'] == "") {
$t_product_backlog_id = $agilemantis_pb->get_product_backlog_id($_POST['old_product_backlog']);
if ($agilemantis_pb->count_productbacklog_teams($t_product_backlog_id) > 0) {
$t_team_id = $agilemantis_pb->getTeamIdByBacklog($t_product_backlog_id);
$t_product_owner = $agilemantis_pb->getProductOwner($t_team_id);
$t_handler_id = user_get_id_by_name($t_product_owner);
}
$p_bug_data->handler_id = $t_handler_id;
}
}
}
return $p_bug_data;
}
function get_user_id()
{
$t_user_id = user_get_id_by_name('acra_reporter');
if ($t_user_id === false) {
user_create("acra_reporter", date("YzHis", time()), $p_email = '*****@*****.**');
}
$t_user_id = user_get_id_by_name('acra_reporter');
return $t_user_id;
}
function auth_attempt_script_login($p_username, $p_password = null)
{
global $g_script_login_cookie, $g_cache_current_user_id;
$t_user_id = user_get_id_by_name($p_username);
$t_user = user_get_row($t_user_id);
# check for disabled account
if (OFF == $t_user['enabled']) {
return false;
}
# validate password if supplied
if (null !== $p_password) {
if (!auth_does_password_match($t_user_id, $p_password)) {
return false;
}
}
# ok, we're good to login now
# increment login count
user_increment_login_count($t_user_id);
# set the cookies
$g_script_login_cookie = $t_user['cookie_string'];
# cache user id for future reference
$g_cache_current_user_id = $t_user_id;
return true;
}
/**
* Allows scripts to login using a login name or ( login name + password )
*
* There are multiple scenarios where this is used:
* - Anonymous login (blank username supplied).
* - Anonymous login with anonymous user name specified.
* - Anonymous login with account not existing or disabled.
* - Pre-authenticated user via some secret hash from email verify or rss feed, where username
* is specified but password is null.
* - Standard authentication with username and password specified.
*
* @param string $p_username Username.
* @param string $p_password Password.
* @return boolean indicates if authentication was successful
* @access public
*/
function auth_attempt_script_login($p_username, $p_password = null)
{
global $g_script_login_cookie, $g_cache_current_user_id;
$t_username = $p_username;
$t_password = $p_password;
$t_anon_allowed = config_get('allow_anonymous_login');
if ($t_anon_allowed == ON) {
$t_anonymous_account = config_get('anonymous_account');
} else {
$t_anonymous_account = '';
}
# if no user name supplied, then attempt to login as anonymous user.
if (is_blank($t_username) || strcasecmp($t_username, $t_anonymous_account) == 0) {
if ($t_anon_allowed == OFF) {
return false;
}
$t_username = $t_anonymous_account;
# do not use password validation.
$t_password = null;
}
$t_user_id = user_get_id_by_name($t_username);
if (false === $t_user_id) {
return false;
}
$t_user = user_get_row($t_user_id);
# check for disabled account
if (OFF == $t_user['enabled']) {
return false;
}
# validate password if supplied
if (null !== $t_password) {
if (!auth_does_password_match($t_user_id, $t_password)) {
return false;
}
}
# ok, we're good to login now
# With cases like RSS feeds and MantisConnect there is a login per operation, hence, there is no
# real significance of incrementing login count.
# increment login count
# user_increment_login_count( $t_user_id );
# set the cookies
$g_script_login_cookie = $t_user['cookie_string'];
# cache user id for future reference
$g_cache_current_user_id = $t_user_id;
return true;
}
/**
* Given a login username provided by the user via the web UI or our API,
* get the user id. The login username can be a username or an email address.
* The email address will work as long there is a single enabled account with
* such address and it is not blank.
*
* @param string $p_login_name The login name.
* @return integer|boolean user id or false.
*/
function auth_get_user_id_from_login_name($p_login_name)
{
$t_user_id = user_get_id_by_name($p_login_name);
# If user is not found by name, check by email as long as there is only
# a single match.
if ($t_user_id === false && !is_blank($p_login_name) && config_get_global('email_login_enabled') && email_is_valid($p_login_name)) {
$t_user_ids_by_email = user_get_enabled_ids_by_email($p_login_name);
if (count($t_user_ids_by_email) == 1) {
$t_user_id = $t_user_ids_by_email[0];
}
}
return $t_user_id;
}
public function post($request)
{
/**
* Creates a new user.
*
* The user will get a confirmation email, and will have the password provided
* in the incoming representation.
*
* @param $request - The Request we're responding to
*/
if (!access_has_global_level(config_get('manage_user_threshold'))) {
throw new HTTPException(403, "Access denied to create user");
}
$new_user = new User();
$new_user->populate_from_repr($request->body);
$username = $new_user->mantis_data['username'];
$password = $new_user->mantis_data['password'];
$email = email_append_domain($new_user->mantis_data['email']);
$access_level = $new_user->mantis_data['access_level'];
$protected = $new_user->mantis_data['protected'];
$enabled = $new_user->mantis_data['enabled'];
$realname = $new_user->mantis_data['realname'];
if (!user_is_name_valid($username)) {
throw new HTTPException(500, "Invalid username");
} elseif (!user_is_realname_valid($realname)) {
throw new HTTPException(500, "Invalid realname");
}
user_create($username, $password, $email, $access_level, $protected, $enabled, $realname);
$new_user_id = user_get_id_by_name($username);
$new_user_url = User::get_url_from_mantis_id($new_user_id);
$this->rsrc_data = $new_user_url;
$resp = new Response();
$resp->status = 201;
$resp->headers[] = "location: {$new_user_url}";
$resp->body = $this->_repr($request);
return $resp;
}
/**
* Allows scripts to login using a login name or ( login name + password )
* @param string $p_username username
* @param string $p_password username
* @return bool indicates if authentication was successful
* @access public
*/
function auth_attempt_script_login($p_username, $p_password = null)
{
global $g_script_login_cookie, $g_cache_current_user_id;
$t_user_id = user_get_id_by_name($p_username);
if (false === $t_user_id) {
return false;
}
$t_user = user_get_row($t_user_id);
# check for disabled account
if (OFF == $t_user['enabled']) {
return false;
}
# validate password if supplied
if (null !== $p_password) {
if (!auth_does_password_match($t_user_id, $p_password)) {
return false;
}
}
# ok, we're good to login now
# With cases like RSS feeds and MantisConnect there is a login per operation, hence, there is no
# real significance of incrementing login count.
# increment login count
# user_increment_login_count( $t_user_id );
# set the cookies
$g_script_login_cookie = $t_user['cookie_string'];
# cache user id for future reference
$g_cache_current_user_id = $t_user_id;
return true;
}
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
# See the README and LICENSE files for details
global $g_bypass_headers;
$g_bypass_headers = 1;
require_once dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'core.php';
# Make sure this script doesn't run via the webserver
if (php_sapi_name() != 'cli') {
echo "checkin.php is not allowed to run through the webserver.\n";
exit(1);
}
# Check that the username is set and exists
$t_username = config_get('source_control_account');
if (is_blank($t_username) || user_get_id_by_name($t_username) === false) {
echo "Invalid source control account ('{$t_username}').\n";
exit(1);
}
if (!defined("STDIN")) {
define("STDIN", fopen('php://stdin', 'r'));
}
# Detect references to issues + concat all lines to have the comment log.
$t_commit_regexp = config_get('source_control_regexp');
$t_commit_fixed_regexp = config_get('source_control_fixed_regexp');
$t_comment = '';
$t_issues = array();
$t_fixed_issues = array();
while ($t_line = fgets(STDIN, 1024)) {
$t_comment .= $t_line;
if (preg_match_all($t_commit_regexp, $t_line, $t_matches)) {
/**
* Return user id
* @param stdClass $p_user User.
* @return integer user id
*/
function mci_get_user_id(stdClass $p_user)
{
$p_user = SoapObjectsFactory::unwrapObject($p_user);
$t_user_id = 0;
if (isset($p_user['id']) && (int) $p_user['id'] != 0) {
$t_user_id = (int) $p_user['id'];
} elseif (isset($p_user['name'])) {
$t_user_id = user_get_id_by_name($p_user['name']);
} elseif (isset($p_user['email'])) {
$t_user_id = user_get_id_by_email($p_user['email']);
}
return $t_user_id;
}
function mci_get_user_id(&$p_user)
{
if (!isset($p_user)) {
return 0;
}
$t_user_id = 0;
if ((int) $p_user['id'] != 0) {
$t_user_id = (int) $p_user['id'];
} else {
if (isset($p_user['name'])) {
$t_user_id = user_get_id_by_name($p_user['name']);
}
}
return $t_user_id;
}
$t_anonymous_account = config_get_global( 'anonymous_account' );
check_print_test_row(
'anonymous_account configuration option is specified',
$t_anonymous_account !== '',
array(
true => 'The account currently being used for anonymous access is: ' . htmlentities( $t_anonymous_account ),
false => 'The anonymous_account configuration option must specify the username of an account to use for anonymous logins.'
)
);
if( $t_anonymous_account === '' ) {
return;
}
$t_anonymous_user_id = user_get_id_by_name( $t_anonymous_account );
check_print_test_row(
'anonymous_account is a valid user account',
$t_anonymous_user_id !== false,
array( false => 'You need to specify a valid user account to use with the anonymous_account configuration options.' )
);
check_print_test_row(
'anonymous_account user has the enabled flag set',
user_is_enabled( $t_anonymous_user_id ),
array( false => 'The anonymous user account must be enabled before it can be used.' )
);
check_print_test_row(
'anonymous_account user has the protected flag set',
user_get_field( $t_anonymous_user_id, 'protected' ),
/**
* Given a string find the @ mentioned users. The return list is a valid
* list of valid mentioned users. The list will be empty if the mentions
* feature is disabled.
*
* @param string $p_text The text to process.
* @return array with valid usernames as keys and their ids as values.
*/
function mention_get_users($p_text)
{
if (!mention_enabled()) {
return array();
}
$t_matches = mention_get_candidates($p_text);
if (empty($t_matches)) {
return array();
}
$t_mentioned_users = array();
foreach ($t_matches as $t_candidate) {
if ($t_user_id = user_get_id_by_name($t_candidate)) {
if (false === $t_user_id) {
continue;
}
$t_mentioned_users[$t_candidate] = $t_user_id;
}
}
return $t_mentioned_users;
}
}
if (print_test_row('check mssql textsize in php.ini...', ini_get('mssql.textlimit') != 4096, ini_get('mssql.textlimit'))) {
print_test_warn_row('check mssql textsize in php.ini...', ini_get('mssql.textsize') == 2147483647, ini_get('mssql.textsize'));
}
}
print_test_row('check variables_order includes GPCS', stristr(ini_get('variables_order'), 'G') && stristr(ini_get('variables_order'), 'P') && stristr(ini_get('variables_order'), 'C') && stristr(ini_get('variables_order'), 'S'), ini_get('variables_order'));
test_bug_download_threshold();
test_bug_attachments_allow_flags();
print_test_row('check mail configuration: send_reset_password = ON requires allow_blank_email = OFF', OFF == config_get_global('send_reset_password') || OFF == config_get_global('allow_blank_email'));
print_test_row('check mail configuration: send_reset_password = ON requires enable_email_notification = ON', OFF == config_get_global('send_reset_password') || ON == config_get_global('enable_email_notification'));
print_test_row('check mail configuration: allow_signup = ON requires enable_email_notification = ON', OFF == config_get_global('allow_signup') || ON == config_get_global('enable_email_notification'));
print_test_row('check mail configuration: allow_signup = ON requires send_reset_password = ON', OFF == config_get_global('allow_signup') || ON == config_get_global('send_reset_password'));
print_test_row('check language configuration: fallback_language is not \'auto\'', 'auto' != config_get_global('fallback_language'));
print_test_row('check configuration: allow_anonymous_login = ON requires anonymous_account to be set', OFF == config_get_global('allow_anonymous_login') || strlen(config_get_global('anonymous_account')) > 0);
$t_anon_user = false;
print_test_row('check configuration: anonymous_account is a valid username if set', strlen(config_get_global('anonymous_account')) > 0 ? ($t_anon_user = user_get_id_by_name(config_get_global('anonymous_account'))) !== false : TRUE);
print_test_row('check configuration: anonymous_account should not be an administrator', $t_anon_user ? !user_is_administrator($t_anon_user) : TRUE);
print_test_row('$g_bug_link_tag is not empty ("' . config_get_global('bug_link_tag') . '")', '' != config_get_global('bug_link_tag'));
print_test_row('$g_bugnote_link_tag is not empty ("' . config_get_global('bugnote_link_tag') . '")', '' != config_get_global('bugnote_link_tag'));
print_test_row('filters: dhtml_filters = ON requires use_javascript = ON', OFF == config_get_global('dhtml_filters') || ON == config_get_global('use_javascript'));
print_test_row('Phpmailer sendmail configuration requires escapeshellcmd. Please use a different phpmailer method if this is blocked.', PHPMAILER_METHOD_SENDMAIL != config_get('phpMailer_method') || PHPMAILER_METHOD_SENDMAIL == config_get('phpMailer_method') && function_exists('escapeshellcmd'));
print_test_row('Phpmailer sendmail configuration requires escapeshellarg. Please use a different phpmailer method if this is blocked.', PHPMAILER_METHOD_SENDMAIL != config_get('phpMailer_method') || PHPMAILER_METHOD_SENDMAIL == config_get('phpMailer_method') && function_exists('escapeshellarg'));
check_zend_optimiser_version();
if (plugin_is_installed('MantisGraph')) {
plugin_push_current('MantisGraph');
print_test_row('checking gd is enabled, and version 2...', get_gd_version() == 2);
if (plugin_config_get('eczlibrary', ON) == OFF) {
$t_jpgraph_path = config_get('absolute_path') . 'library' . DIRECTORY_SEPARATOR . 'jpgraph' . DIRECTORY_SEPARATOR;
if (!file_exists($t_jpgraph_path . 'jpgraph.php')) {
print_test_row('checking we can find jpgraph class files...', false);
} else {
function mci_get_user_id($p_user)
{
$t_user_id = 0;
if (isset($p_user['id']) && (int) $p_user['id'] != 0) {
$t_user_id = (int) $p_user['id'];
} elseif (isset($p_user['name'])) {
$t_user_id = user_get_id_by_name($p_user['name']);
} elseif (isset($p_user['email'])) {
$t_user_id = user_get_id_by_email($p_user['email']);
}
return $t_user_id;
}
/**
* Return the user id in the destination tracker
*
* Current logic is: try to find the same user by username;
* if it fails, use $p_squash_userid
*
* @param string $p_username username as imported
* @param int $p_squash_userid fallback userid
* @return int
*/
private function get_user_id($p_username, $p_squash_userid = 0)
{
$t_user_id = user_get_id_by_name($p_username);
if ($t_user_id === false) {
// user not found by username -> check real name
// keep in mind that the setting config_get( 'show_user_realname_threshold' ) may differ between import and export system!
$t_user_id = user_get_id_by_realname($p_username);
if ($t_user_id === false) {
//not found
$t_user_id = $p_squash_userid;
}
}
return $t_user_id;
}
/**
* Authenticates an user via LDAP given the username and password.
*
* @param string $p_username The user name.
* @param string $p_password The password.
* @return true: authenticated, false: failed to authenticate.
*/
function ldap_authenticate_by_username($p_username, $p_password)
{
if (ldap_simulation_is_enabled()) {
log_event(LOG_LDAP, "Authenticating via LDAP simulation");
$t_authenticated = ldap_simulation_authenticate_by_username($p_username, $p_password);
} else {
$c_username = ldap_escape_string($p_username);
$t_ldap_organization = config_get('ldap_organization');
$t_ldap_root_dn = config_get('ldap_root_dn');
$t_ldap_uid_field = config_get('ldap_uid_field', 'uid');
$t_search_filter = "(&{$t_ldap_organization}({$t_ldap_uid_field}={$c_username}))";
$t_search_attrs = array($t_ldap_uid_field, 'dn');
# Bind
log_event(LOG_LDAP, "Binding to LDAP server");
$t_ds = ldap_connect_bind();
if ($t_ds === false) {
ldap_log_error($t_ds);
trigger_error(ERROR_LDAP_AUTH_FAILED, ERROR);
}
# Search for the user id
log_event(LOG_LDAP, "Searching for {$t_search_filter}");
$t_sr = ldap_search($t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs);
if ($t_sr === false) {
ldap_log_error($t_ds);
ldap_unbind($t_ds);
log_event(LOG_LDAP, "ldap search failed");
trigger_error(ERROR_LDAP_AUTH_FAILED, ERROR);
}
$t_info = @ldap_get_entries($t_ds, $t_sr);
if ($t_info === false) {
ldap_log_error($t_ds);
ldap_free_result($t_sr);
ldap_unbind($t_ds);
trigger_error(ERROR_LDAP_AUTH_FAILED, ERROR);
}
$t_authenticated = false;
if ($t_info['count'] > 0) {
# Try to authenticate to each until we get a match
for ($i = 0; $i < $t_info['count']; $i++) {
$t_dn = $t_info[$i]['dn'];
log_event(LOG_LDAP, "Checking {$t_info[$i]['dn']}");
# Attempt to bind with the DN and password
if (@ldap_bind($t_ds, $t_dn, $p_password)) {
$t_authenticated = true;
break;
}
}
} else {
log_event(LOG_LDAP, "No matching entries found");
}
log_event(LOG_LDAP, "Unbinding from LDAP server");
ldap_free_result($t_sr);
ldap_unbind($t_ds);
}
# If user authenticated successfully then update the local DB with information
# from LDAP. This will allow us to use the local data after login without
# having to go back to LDAP. This will also allow fallback to DB if LDAP is down.
if ($t_authenticated) {
$t_user_id = user_get_id_by_name($p_username);
if (false !== $t_user_id) {
$t_fields_to_update = array('password' => md5($p_password));
if (ON == config_get('use_ldap_realname')) {
$t_fields_to_update['realname'] = ldap_realname($t_user_id);
}
if (ON == config_get('use_ldap_email')) {
$t_fields_to_update['email'] = ldap_email_from_username($p_username);
}
user_set_fields($t_user_id, $t_fields_to_update);
}
log_event(LOG_LDAP, "User '{$p_username}' authenticated");
} else {
log_event(LOG_LDAP, "Authentication failed");
}
return $t_authenticated;
}
# echo lang_get( 'login_page_info' ) . '<br />';
# Only echo error message if error variable is set
if ($f_error) {
echo '<li>' . lang_get('login_error') . '</li>';
}
if ($f_cookie_error) {
echo '<li>' . lang_get('login_cookies_disabled') . '</li>';
}
echo '</ul>';
echo '</div>';
}
$t_warnings = array();
$t_upgrade_required = false;
if (config_get_global('admin_checks') == ON && file_exists(dirname(__FILE__) . '/admin')) {
# Generate a warning if default user administrator/root is valid.
$t_admin_user_id = user_get_id_by_name('administrator');
if ($t_admin_user_id !== false) {
if (user_is_enabled($t_admin_user_id) && auth_does_password_match($t_admin_user_id, 'root')) {
$t_warnings[] = lang_get('warning_default_administrator_account_present');
}
}
/**
* Display Warnings for enabled debugging / developer settings
* @param string $p_type Message Type.
* @param string $p_setting Setting.
* @param string $p_value Value.
* @return string
*/
function debug_setting_message($p_type, $p_setting, $p_value)
{
return sprintf(lang_get('warning_change_setting'), $p_setting, $p_value) . sprintf(lang_get('word_separator')) . sprintf(lang_get("warning_{$p_type}_hazard"));
private function get_userid_from_email($p_email_address)
{
$t_reporter_id = FALSE;
if ($this->_use_ldap_email) {
$t_username = $this->ldap_get_username_from_email($p_email_address);
if ($t_username !== NULL && user_is_name_valid($t_username)) {
$t_reporter_id = user_get_id_by_name($t_username);
}
}
if (!$t_reporter_id) {
$t_reporter_id = user_get_id_by_email($p_email_address);
}
return $t_reporter_id;
}
