$t_user_id = gpc_get_int('user_id'); } else { $t_user_id = user_get_id_by_name($f_username); if ($t_user_id === false) { # If we can't find the user by name, attempt to find by email. $t_user_id = user_get_id_by_email($f_username); if ($t_user_id === false) { error_parameters($f_username); trigger_error(ERROR_USER_BY_NAME_NOT_FOUND, ERROR); } } } $t_user = user_get_row($t_user_id); # Ensure that the account to be updated is of equal or lower access to the # current user. access_ensure_global_level($t_user['access_level']); $t_ldap = LDAP == config_get('login_method'); html_page_top(); print_manage_menu(); ?> <br /> <!-- USER INFO --> <div align="center"> <form method="post" action="manage_user_update.php"> <?php echo form_security_field('manage_user_update'); ?> <table class="width75" cellspacing="1">
* @uses lang_api.php * @uses print_api.php */ require_once 'core.php'; require_api('access_api.php'); require_api('authentication_api.php'); require_api('config_api.php'); require_api('current_user_api.php'); require_api('event_api.php'); require_api('form_api.php'); require_api('gpc_api.php'); require_api('html_api.php'); require_api('lang_api.php'); require_api('print_api.php'); auth_reauthenticate(); access_ensure_global_level(config_get('create_project_threshold')); html_page_top(); print_manage_menu('manage_proj_create_page.php'); $f_parent_id = gpc_get('parent_id', null); if (project_table_empty()) { echo '<br />'; echo '<div id="create-first-project" class="important-msg">'; echo '<ul>'; echo '<li>' . lang_get('create_first_project') . '</li>'; echo '</ul>'; echo '</div>'; } ?> <div id="manage-project-create-div" class="form-container"> <form method="post" id="manage-project-create-form" action="manage_proj_create.php">
<?php # Copyright (c) 2012 John Reese # Licensed under the MIT license require_once config_get('plugin_path') . 'Source/Source.ViewAPI.php'; access_ensure_global_level(plugin_config_get('view_threshold')); $f_offset = gpc_get_int('offset', 1); $f_perpage = 25; require_once config_get('plugin_path') . 'Source' . DIRECTORY_SEPARATOR . 'Source.FilterAPI.php'; # Generate listing list($t_filter, $t_permalink) = Source_Generate_Filter(); list($t_changesets, $t_count) = $t_filter->find($f_offset); $t_repos = SourceRepo::load_by_changesets($t_changesets); html_page_top1(plugin_lang_get('title')); html_page_top2(); ?> <br/> <table class="width100" align="center" cellspacing="1"> <tr> <td class="form-title" colspan="2"><?php echo plugin_lang_get('search_changesets'); ?> </td> <td class="right" colspan="2"> <?php print_bracket_link(plugin_page('search') . $t_permalink, plugin_lang_get('permalink')); print_bracket_link(plugin_page('search_page') . $t_permalink, plugin_lang_get('modify_search')); print_bracket_link(plugin_page('search_page'), plugin_lang_get('new_search')); ?>
$t_email = email_append_domain(trim($f_email)); email_ensure_valid($t_email); email_ensure_not_disposable($t_email); } $c_email = $t_email; $c_username = $f_username; $c_realname = $t_realname; $c_protected = db_prepare_bool($f_protected); $c_enabled = db_prepare_bool($f_enabled); $c_user_id = db_prepare_int($f_user_id); $c_access_level = db_prepare_int($f_access_level); $t_user_table = db_get_table('user'); $t_old_protected = $t_user['protected']; # Ensure that users aren't escalating privileges of accounts beyond their # own global access level. access_ensure_global_level($f_access_level); # check that we are not downgrading the last administrator $t_admin_threshold = config_get_global('admin_site_threshold'); if (user_is_administrator($f_user_id) && $f_access_level < $t_admin_threshold && user_count_level($t_admin_threshold) <= 1) { trigger_error(ERROR_USER_CHANGE_LAST_ADMIN, ERROR); } # Project specific access rights override global levels, hence, for users who are changed # to be administrators, we have to remove project specific rights. if ($f_access_level >= $t_admin_threshold && !user_is_administrator($f_user_id)) { user_delete_project_specific_access_levels($f_user_id); } # if the user is already protected and the admin is not removing the # protected flag then don't update the access level and enabled flag. # If the user was unprotected or the protected flag is being turned off # then proceed with a full update. $query_params = array();
$f_os_build = gpc_get_string('os_build'); $f_description = gpc_get_string('description'); if (profile_is_global($f_profile_id)) { access_ensure_global_level(config_get('manage_global_profile_threshold')); profile_update(ALL_USERS, $f_profile_id, $f_platform, $f_os, $f_os_build, $f_description); form_security_purge('profile_update'); print_header_redirect('manage_prof_menu_page.php'); } else { profile_update(auth_get_current_user_id(), $f_profile_id, $f_platform, $f_os, $f_os_build, $f_description); form_security_purge('profile_update'); print_header_redirect('account_prof_menu_page.php'); } break; case 'delete': if (profile_is_global($f_profile_id)) { access_ensure_global_level(config_get('manage_global_profile_threshold')); profile_delete(ALL_USERS, $f_profile_id); form_security_purge('profile_update'); print_header_redirect('manage_prof_menu_page.php'); } else { profile_delete(auth_get_current_user_id(), $f_profile_id); form_security_purge('profile_update'); print_header_redirect('account_prof_menu_page.php'); } break; case 'make_default': current_user_set_pref('default_profile', $f_profile_id); form_security_purge('profile_update'); print_header_redirect('account_prof_menu_page.php'); break; }
<?php /************************************************************************** MantisBT Seeder Plugin Copyright (c) MantisHub - Victor Boctor All rights reserved. MIT License **************************************************************************/ access_ensure_global_level(ADMINISTRATOR); require_once dirname(dirname(__FILE__)) . '/core/Seeder.php'; html_page_top1(); html_meta_redirect(plugin_page('config_page')); html_page_top2(); $f_create_issues = gpc_isset('create_issues'); $g_enable_email_notification = OFF; $t_seeder = new Seeder(); if ($f_create_issues !== OFF) { $t_project_ids = $t_seeder->createProjects(); $t_seeder->createIssues($t_project_ids); } echo '<div class="success-msg">'; echo lang_get('operation_successful'); echo '</div>'; html_page_bottom();
/** * Delete a tag with the given ID. * @param integer Tag ID */ function tag_delete($p_tag_id) { tag_ensure_exists($p_tag_id); access_ensure_global_level(config_get('tag_edit_threshold')); $t_bugs = tag_get_bugs_attached($p_tag_id); foreach ($t_bugs as $t_bug_id) { tag_bug_detach($p_tag_id, $t_bug_id); } $c_tag_id = db_prepare_int($p_tag_id); $t_tag_table = config_get('mantis_tag_table'); $t_bug_tag_table = config_get('mantis_bug_tag_table'); $query = "DELETE FROM {$t_tag_table}\r\n\t\t\t\t\tWHERE id='{$c_tag_id}'"; db_query($query); return true; }
# -------------------------------------------------------- # This page stores the reported bug require_once 'core.php'; $t_core_path = config_get('core_path'); # helper_ensure_post(); $f_user_id = gpc_get_int('user_id'); $f_project_id = gpc_get_int('project_id'); $f_config_option = gpc_get_string('config_option'); $f_type = gpc_get_string('type'); $f_value = gpc_get_string('value'); if (is_blank($f_config_option)) { error_parameters('config_option'); trigger_error(ERROR_EMPTY_FIELD, ERROR); } if ($f_project_id == ALL_PROJECTS) { access_ensure_global_level(config_get('set_configuration_threshold')); } else { access_ensure_project_level(config_get('set_configuration_threshold'), $f_project_id); } # make sure that configuration option specified is a valid one. $t_not_found_value = '***CONFIG OPTION NOT FOUND***'; if (config_get_global($f_config_option, $t_not_found_value) === $t_not_found_value) { error_parameters($f_config_option); trigger_error(ERROR_CONFIG_OPT_NOT_FOUND, ERROR); } # make sure that configuration option specified can be stored in the database if (!config_can_set_in_database($f_config_option)) { error_parameters($f_config_option); trigger_error(ERROR_CONFIG_OPT_CANT_BE_SET_IN_DB, ERROR); } if ($f_type === 'default') {
/** * Uninstall a plugin from the database. * @param MantisPlugin $p_plugin Plugin basename. * @return void */ function plugin_uninstall(MantisPlugin $p_plugin) { access_ensure_global_level(config_get_global('manage_plugin_threshold')); if (!plugin_is_installed($p_plugin->basename) || plugin_protected($p_plugin->basename)) { return; } db_param_push(); $t_query = 'DELETE FROM {plugin} WHERE basename=' . db_param(); db_query($t_query, array($p_plugin->basename)); plugin_push_current($p_plugin->basename); $p_plugin->uninstall(); plugin_pop_current(); }
<?php require_once __DIR__ . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'uvConst.php'; require_once __DIR__ . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'userprojectapi.php'; auth_reauthenticate(); access_ensure_global_level(plugin_config_get('UserProjectAccessLevel')); html_page_top1(plugin_lang_get('config_title')); html_page_top2(); print_manage_menu(); echo '<script type="text/javascript" src="plugins/UserProjectView/javascript/jscolor/jscolor.js"></script>'; echo '<br/>'; echo '<form action="' . plugin_page('config_update') . '" method="post">'; echo form_security_field('plugin_UserProjectView_config_update'); if (userprojectapi::is_mantis_rel()) { echo '<table align="center" class="width75" cellspacing="1">'; } else { echo '<div class="form-container">'; echo '<table>'; } print_config_table_title_row(5, 'config_caption'); print_config_table_row(); echo '<td class="category" colspan="2">'; echo '<span class="required">*</span>' . plugin_lang_get('config_accesslevel'); echo '</td>'; echo '<td width="100px" colspan="5">'; echo '<select name="UserProjectAccessLevel">'; print_enum_string_option_list('access_levels', plugin_config_get('UserProjectAccessLevel', PLUGINS_USERPROJECTVIEW_THRESHOLD_LEVEL_DEFAULT)); echo '</select>'; echo '</td>'; echo '</tr>'; print_config_table_row();
/** * Delete a tag with the given ID. * @param integer $p_tag_id The tag ID to delete. * @return boolean */ function tag_delete($p_tag_id) { tag_ensure_exists($p_tag_id); access_ensure_global_level(config_get('tag_edit_threshold')); $t_bugs = tag_get_bugs_attached($p_tag_id); foreach ($t_bugs as $t_bug_id) { tag_bug_detach($p_tag_id, $t_bug_id); } $t_query = 'DELETE FROM {tag} WHERE id=' . db_param(); db_query($t_query, array($p_tag_id)); return true; }
* @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses core.php * @uses access_api.php * @uses config_api.php * @uses constant_inc.php * @uses html_api.php * @uses lang_api.php */ require_once 'core.php'; require_api('access_api.php'); require_api('config_api.php'); require_api('constant_inc.php'); require_api('html_api.php'); require_api('lang_api.php'); if (!config_get('time_tracking_enabled')) { trigger_error(ERROR_ACCESS_DENIED, ERROR); } access_ensure_global_level(config_get('time_tracking_reporting_threshold')); html_page_top(lang_get('time_tracking_billing_link')); ?> <br /> <?php # Work break-down define('BILLING_INC_ALLOW', true); include dirname(__FILE__) . DIRECTORY_SEPARATOR . 'billing_inc.php'; html_page_bottom();
<?php auth_reauthenticate(); access_ensure_global_level(config_get('AccessLevel')); form_security_validate('plugin_StoryBoard_config_update'); require_once STORYBOARD_CORE_URI . 'storyboard_constant_api.php'; require_once STORYBOARD_CORE_URI . 'storyboard_config_api.php'; require_once STORYBOARD_CORE_URI . 'storyboard_db_api.php'; $storyboard_config_api = new storyboard_config_api(); $storyboard_db_api = new storyboard_db_api(); $option_change = gpc_get_bool('change', false); $option_addtype = gpc_get_bool('addtype', false); $option_deltype = gpc_get_bool('deletetype', false); $option_changetype = gpc_get_bool('changetype', false); /** * Submit configuration changes */ if ($option_change) { $storyboard_config_api->updateValue('AccessLevel', ADMINISTRATOR); $storyboard_config_api->updateButton('ShowInFooter'); if (!empty($_POST['status_cols'])) { foreach ($_POST['status_cols'] as $status_cols) { $status_cols = gpc_get_int_array('status_cols'); if (plugin_config_get('status_cols') != $status_cols) { plugin_config_set('status_cols', $status_cols); } } } } /** * Add a type
# MantisBT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with MantisBT. If not, see <http://www.gnu.org/licenses/>. /** * Display warning to users before upgrading MantisBT * @package MantisBT * @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org */ require_once dirname(dirname(__FILE__)) . '/core.php'; access_ensure_global_level(config_get_global('admin_site_threshold')); $g_error_send_page_header = false; # suppress page headers in the error handler # @@@ upgrade list moved to the bottom of upgrade_inc.php $f_advanced = gpc_get_bool('advanced', false); html_begin(); ?> <head> <title>MantisBT Administration - Check Installation </title> <link rel="stylesheet" type="text/css" href="admin.css" /> </head> <body> <table width="100%" cellspacing="0" cellpadding="0" bgcolor="#ffffff"> <tr class="top-bar"> <td class="links">
<?php require_once 'core/json_api.php'; set_error_handler('json_error_handler'); access_ensure_global_level(plugin_config_get('manage_customers_threshold')); form_security_validate('manage_customers'); $contents = ''; switch ($_POST['action']) { case 'deleteGroup': CustomerManagementDao::deleteGroup(gpc_get_int('customerGroupId')); break; case 'deleteService': CustomerManagementDao::deleteService(gpc_get_int('serviceId')); break; case 'deleteCustomer': CustomerManagementDao::deleteCustomer(gpc_get_int('customerId')); break; case 'saveGroup': CustomerManagementDao::saveGroup(gpc_get_int('id', null), gpc_get_string('name')); break; case 'saveService': CustomerManagementDao::saveService(gpc_get_int('id', null), gpc_get_string('name')); break; case 'saveCustomer': CustomerManagementDao::saveCustomer(gpc_get_int('id', null), gpc_get_string('name'), gpc_get_int('customer_group_id'), gpc_get_string('email'), gpc_get_int_array('service_id', array())); break; case 'sendNotification': CustomerNotifier::notifyCustomers(gpc_get_int_array('customer_id'), gpc_get_string('from'), gpc_get_string('to')); break; case 'previewNotification': $contents = CustomerNotifier::buildNotificationEmails(gpc_get_int_array('customer_id'), gpc_get_string('from'), gpc_get_string('to'));
* @uses user_api.php */ require_once 'core.php'; require_api('access_api.php'); require_api('compress_api.php'); require_api('config_api.php'); require_api('database_api.php'); require_api('form_api.php'); require_api('gpc_api.php'); require_api('helper_api.php'); require_api('html_api.php'); require_api('lang_api.php'); require_api('print_api.php'); require_api('string_api.php'); require_api('user_api.php'); access_ensure_global_level(config_get('tag_edit_threshold')); compress_enable(); $t_can_edit = access_has_global_level(config_get('tag_edit_threshold')); $f_filter = utf8_strtoupper(gpc_get_string('filter', config_get('default_manage_tag_prefix'))); $f_page_number = gpc_get_int('page_number', 1); # Start Index Menu $t_prefix_array = array('ALL'); for ($i = 'A'; $i != 'AA'; $i++) { $t_prefix_array[] = $i; } for ($i = 0; $i <= 9; $i++) { $t_prefix_array[] = (string) $i; } if ($f_filter === 'ALL') { $t_name_filter = ''; } else {
/** * Delete a tag with the given ID. * @param integer Tag ID */ function tag_delete($p_tag_id) { tag_ensure_exists($p_tag_id); access_ensure_global_level(config_get('tag_edit_threshold')); $t_bugs = tag_get_bugs_attached($p_tag_id); foreach ($t_bugs as $t_bug_id) { tag_bug_detach($p_tag_id, $t_bug_id); } $c_tag_id = db_prepare_int($p_tag_id); $t_tag_table = db_get_table('tag'); $t_bug_tag_table = db_get_table('bug_tag'); $query = "DELETE FROM {$t_tag_table}\n\t\t\t\t\tWHERE id=" . db_param(); db_query_bound($query, array($c_tag_id)); return true; }
*/ /** * MantisBT Core API's */ require_once 'core.php'; require_api('access_api.php'); require_api('authentication_api.php'); require_api('config_api.php'); require_api('custom_field_api.php'); require_api('form_api.php'); require_api('helper_api.php'); require_api('html_api.php'); require_api('lang_api.php'); require_api('string_api.php'); auth_reauthenticate(); access_ensure_global_level(config_get('manage_custom_fields_threshold')); html_page_top(lang_get('manage_custom_field_link')); print_manage_menu('manage_custom_field_page.php'); ?> <div class="table-container"> <h2><?php echo lang_get('custom_fields_setup'); ?> </h2> <table cellspacing="1" cellpadding="5" border="1"> <tr> <th class="category"><?php echo lang_get('custom_field_name'); ?> </th>
/** * Uninstall a plugin from the database. * @param string Plugin basename */ function plugin_uninstall($p_plugin) { access_ensure_global_level(config_get_global('manage_plugin_threshold')); if (!plugin_is_installed($p_plugin->basename) || plugin_protected($p_plugin->basename)) { return; } $t_plugin_table = db_get_table('plugin'); $t_query = "DELETE FROM {$t_plugin_table} WHERE basename=" . db_param(); db_query_bound($t_query, array($p_plugin->basename)); plugin_push_current($p_plugin->basename); $p_plugin->uninstall(); plugin_pop_current(); }
* @uses gpc_api.php * @uses print_api.php */ /** @ignore */ define('PLUGINS_DISABLED', true); require_once 'core.php'; require_api('access_api.php'); require_api('authentication_api.php'); require_api('config_api.php'); require_api('database_api.php'); require_api('form_api.php'); require_api('gpc_api.php'); require_api('print_api.php'); form_security_validate('manage_plugin_update'); auth_reauthenticate(); access_ensure_global_level(config_get('manage_plugin_threshold')); $t_plugin_table = db_get_table('plugin'); $t_query = "SELECT basename FROM {$t_plugin_table}"; $t_result = db_query_bound($t_query); while ($t_row = db_fetch_array($t_result)) { $t_basename = $t_row['basename']; $f_change = gpc_get_bool('change_' . $t_basename, 0); if (!$f_change) { continue; } $f_priority = gpc_get_int('priority_' . $t_basename, 3); $f_protected = gpc_get_bool('protected_' . $t_basename, 0); $t_query = "UPDATE {$t_plugin_table} SET priority=" . db_param() . ', protected=' . db_param() . ' WHERE basename=' . db_param(); db_query_bound($t_query, array($f_priority, $f_protected, $t_basename)); } form_security_purge('manage_plugin_update');
<?php require_once __DIR__ . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'uvConst.php'; require_once __DIR__ . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'databaseapi.php'; require_once __DIR__ . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'userprojectapi.php'; auth_reauthenticate(); access_ensure_global_level(config_get('UserProjectAccessLevel', ADMINISTRATOR)); form_security_validate('plugin_UserProjectView_config_update'); $option_reset = gpc_get_bool('reset', false); $option_change = gpc_get_bool('change', false); if ($option_reset) { $databaseapi = new databaseapi(); $databaseapi->reset_plugin(); } if ($option_change) { update_single_value('UserProjectAccessLevel', ADMINISTRATOR); userprojectapi::editPluginInWhiteboardMenu('plugin_access_level', gpc_get_int('UserProjectAccessLevel', ADMINISTRATOR)); update_button('ShowMenu'); userprojectapi::editPluginInWhiteboardMenu('plugin_show_menu', gpc_get_int('ShowMenu')); update_button('ShowInFooter'); update_button('ShowAvatar'); update_button('IAUHighlighting'); update_color('IAUHBGColor', '#E67C7C'); update_button('URIUHighlighting'); update_color('URIUHBGColor', '#E67C7C'); update_button('NUIHighlighting'); update_color('NUIHBGColor', '#FCBDBD'); update_button('ShowZIU'); update_button('ZIHighlighting'); update_color('ZIHBGColor', '#F8FFCC'); update_button('layer_one_name');