function access_denied() { if (!auth_is_user_authenticated()) { if (basename($_SERVER['SCRIPT_NAME']) != 'login_page.php') { $t_return_page = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $t_return_page .= '?' . $_SERVER['QUERY_STRING']; } $t_return_page = string_url(string_sanitize_url($t_return_page)); print_header_redirect('login_page.php?return=' . $t_return_page); } } else { if (auth_get_current_user_id() == user_get_id_by_name(config_get_global('anonymous_account'))) { if (basename($_SERVER['SCRIPT_NAME']) != 'login_page.php') { $t_return_page = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $t_return_page .= '?' . $_SERVER['QUERY_STRING']; } $t_return_page = string_url(string_sanitize_url($t_return_page)); echo '<center>'; echo '<p>' . error_string(ERROR_ACCESS_DENIED) . '</p>'; print_bracket_link('login_page.php?return=' . $t_return_page, lang_get('click_to_login')); echo '<p></p>'; print_bracket_link('main_page.php', lang_get('proceed')); echo '</center>'; } } else { echo '<center>'; echo '<p>' . error_string(ERROR_ACCESS_DENIED) . '</p>'; print_bracket_link('main_page.php', lang_get('proceed')); echo '</center>'; } } exit; }
/** * Function to be called when a user is attempting to access a page that * he/she is not authorised to. This outputs an access denied message then * re-directs to the mainpage. */ function access_denied() { if (!auth_is_user_authenticated()) { if (basename($_SERVER['SCRIPT_NAME']) != 'login_page.php') { $t_return_page = $_SERVER['SCRIPT_NAME']; if (isset($_SERVER['QUERY_STRING'])) { $t_return_page .= '?' . $_SERVER['QUERY_STRING']; } $t_return_page = string_url(string_sanitize_url($t_return_page)); print_header_redirect('login_page.php' . '?return=' . $t_return_page); } } else { if (current_user_is_anonymous()) { if (basename($_SERVER['SCRIPT_NAME']) != 'login_page.php') { $t_return_page = $_SERVER['SCRIPT_NAME']; if (isset($_SERVER['QUERY_STRING'])) { $t_return_page .= '?' . $_SERVER['QUERY_STRING']; } $t_return_page = string_url(string_sanitize_url($t_return_page)); echo '<p class="center">' . error_string(ERROR_ACCESS_DENIED) . '</p><p class="center">'; print_bracket_link(helper_mantis_url('login_page.php') . '?return=' . $t_return_page, lang_get('click_to_login')); echo '</p><p class="center">'; print_bracket_link(helper_mantis_url('main_page.php'), lang_get('proceed')); echo '</p>'; } } else { echo '<p class="center">' . error_string(ERROR_ACCESS_DENIED) . '</p>'; echo '<p class="center">'; print_bracket_link(helper_mantis_url('main_page.php'), lang_get('proceed')); echo '</p>'; } } exit; }
/** * Check that there is a user logged-in and authenticated * If the user's account is disabled they will be logged out * If there is no user logged in, redirect to the login page * If parameter is given it is used as a URL to redirect to following * successful login. If none is given, the URL of the current page is used * @param string $p_return_page Page to redirect to following successful logon, defaults to current page * @access public */ function auth_ensure_user_authenticated($p_return_page = '') { # if logged in if (auth_is_user_authenticated()) { # check for access enabled # This also makes sure the cookie is valid if (OFF == current_user_get_field('enabled')) { print_header_redirect('logout_page.php'); } } else { # not logged in if (is_blank($p_return_page)) { if (!isset($_SERVER['REQUEST_URI'])) { $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING']; } $p_return_page = $_SERVER['REQUEST_URI']; } $p_return_page = string_url($p_return_page); print_header_redirect('login_page.php?return=' . $p_return_page); } }
function access_denied() { if (!php_version_at_least('4.1.0')) { global $_SERVER; } if (!auth_is_user_authenticated()) { if (basename($_SERVER['SCRIPT_NAME']) != 'login_page.php') { if (!isset($_SERVER['REQUEST_URI'])) { if (!isset($_SERVER['QUERY_STRING'])) { $_SERVER['QUERY_STRING'] = ''; } $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING']; } $t_return_page = string_url($_SERVER['REQUEST_URI']); print_header_redirect('login_page.php?return=' . $t_return_page); } } else { echo '<center>'; echo '<p>' . error_string(ERROR_ACCESS_DENIED) . '</p>'; print_bracket_link('main_page.php', lang_get('proceed')); echo '</center>'; } exit; }
$f_os_build = gpc_get_string('os_build'); $f_description = gpc_get_string('description'); if (profile_is_global($f_profile_id)) { access_ensure_global_level(config_get('manage_global_profile_threshold')); profile_update(ALL_USERS, $f_profile_id, $f_platform, $f_os, $f_os_build, $f_description); form_security_purge('profile_update'); print_header_redirect('manage_prof_menu_page.php'); } else { profile_update(auth_get_current_user_id(), $f_profile_id, $f_platform, $f_os, $f_os_build, $f_description); form_security_purge('profile_update'); print_header_redirect('account_prof_menu_page.php'); } break; case 'delete': if (profile_is_global($f_profile_id)) { access_ensure_global_level(config_get('manage_global_profile_threshold')); profile_delete(ALL_USERS, $f_profile_id); form_security_purge('profile_update'); print_header_redirect('manage_prof_menu_page.php'); } else { profile_delete(auth_get_current_user_id(), $f_profile_id); form_security_purge('profile_update'); print_header_redirect('account_prof_menu_page.php'); } break; case 'make_default': current_user_set_pref('default_profile', $f_profile_id); form_security_purge('profile_update'); print_header_redirect('account_prof_menu_page.php'); break; }
if ($f_manage_page && $t_dst_project_id != ALL_PROJECTS) { access_ensure_project_level(MANAGER, $t_dst_project_id); } # user should only be able to set columns for a project that is accessible. if ($t_dst_project_id != ALL_PROJECTS) { access_ensure_project_level(VIEWER, $t_dst_project_id); } # Calculate the user id to set the configuration for. if ($f_manage_page) { $t_user_id = NO_USER; } else { $t_user_id = auth_get_current_user_id(); } $t_all_columns = columns_get_all(); $t_default = null; $t_view_issues_page_columns = config_get('view_issues_page_columns', $t_default, $t_user_id, $t_src_project_id); $t_view_issues_page_columns = columns_remove_invalid($t_view_issues_page_columns, $t_all_columns); $t_print_issues_page_columns = config_get('print_issues_page_columns', $t_default, $t_user_id, $t_src_project_id); $t_print_issues_page_columns = columns_remove_invalid($t_print_issues_page_columns, $t_all_columns); $t_csv_columns = config_get('csv_columns', $t_default, $t_user_id, $t_src_project_id); $t_csv_columns = columns_remove_invalid($t_csv_columns, $t_all_columns); $t_excel_columns = config_get('excel_columns', $t_default, $t_user_id, $t_src_project_id); $t_excel_columns = columns_remove_invalid($t_excel_columns, $t_all_columns); config_set('view_issues_page_columns', $t_view_issues_page_columns, $t_user_id, $t_dst_project_id); config_set('print_issues_page_columns', $t_print_issues_page_columns, $t_user_id, $t_dst_project_id); config_set('csv_columns', $t_csv_columns, $t_user_id, $t_dst_project_id); config_set('excel_columns', $t_excel_columns, $t_user_id, $t_dst_project_id); form_security_purge('manage_columns_copy'); $t_redirect_url = $f_manage_page ? 'manage_config_columns_page.php' : 'account_manage_columns_page.php'; print_header_redirect($t_redirect_url);
require_api('authentication_api.php'); require_api('constant_inc.php'); require_api('current_user_api.php'); require_api('gpc_api.php'); require_api('html_api.php'); require_api('lang_api.php'); require_api('print_api.php'); require_api('string_api.php'); auth_ensure_user_authenticated(); $f_ref = string_sanitize_url(gpc_get_string('ref', '')); if (count(current_user_get_accessible_projects()) == 1) { $t_project_ids = current_user_get_accessible_projects(); $t_project_id = (int) $t_project_ids[0]; if (count(current_user_get_accessible_subprojects($t_project_id)) == 0) { $t_ref_urlencoded = string_url($f_ref); print_header_redirect("set_project.php?project_id={$t_project_id}&ref={$t_ref_urlencoded}", true); /* print_header_redirect terminates script execution */ } } html_page_top(lang_get('select_project_button')); ?> <!-- Project Select Form BEGIN --> <div id="select-project-div" class="form-container"> <form id="select-project-form" method="post" action="set_project.php"> <?php # CSRF protection not required here - form does not result in modifications ?> <fieldset> <legend><span><?php echo lang_get('choose_project');
require_once 'string_api.php'; news_ensure_enabled(); $f_news_id = gpc_get_int('news_id'); $f_action = gpc_get_string('action', ''); # If deleting item redirect to delete script if ('delete' == $f_action) { form_security_validate('news_delete'); $row = news_get_row($f_news_id); # This check is to allow deleting of news items that were left orphan due to bug #3723 if (project_exists($row['project_id'])) { access_ensure_project_level(config_get('manage_news_threshold'), $row['project_id']); } helper_ensure_confirmed(lang_get('delete_news_sure_msg'), lang_get('delete_news_item_button')); news_delete($f_news_id); form_security_purge('news_delete'); print_header_redirect('news_menu_page.php', true); } # Retrieve news item data and prefix with v_ $row = news_get_row($f_news_id); if ($row) { extract($row, EXTR_PREFIX_ALL, 'v'); } access_ensure_project_level(config_get('manage_news_threshold'), $v_project_id); $v_headline = string_attribute($v_headline); $v_body = string_textarea($v_body); html_page_top(lang_get('edit_news_title')); # Edit News Form BEGIN ?> <br /> <div align="center"> <form method="post" action="news_update.php">
# $Id: bug_report_page.php,v 1.64.2.1 2007-10-13 22:32:53 giallu Exp $ # -------------------------------------------------------- # This file POSTs data to report_bug.php $g_allow_browser_cache = 1; require_once 'core.php'; $t_core_path = config_get('core_path'); require_once $t_core_path . 'file_api.php'; require_once $t_core_path . 'custom_field_api.php'; require_once $t_core_path . 'last_visited_api.php'; $f_master_bug_id = gpc_get_int('m_id', 0); # this page is invalid for the 'All Project' selection except if this is a clone if (ALL_PROJECTS == helper_get_current_project() && 0 == $f_master_bug_id) { print_header_redirect('login_select_proj_page.php?ref=bug_report_page.php'); } if (ADVANCED_ONLY == config_get('show_report')) { print_header_redirect('bug_report_advanced_page.php' . (0 == $f_master_bug_id) ? '' : '?m_id=' . $f_master_bug_id); } if ($f_master_bug_id > 0) { # master bug exists... bug_ensure_exists($f_master_bug_id); # master bug is not read-only... if (bug_is_readonly($f_master_bug_id)) { error_parameters($f_master_bug_id); trigger_error(ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR); } $t_bug = bug_prepare_edit(bug_get($f_master_bug_id, true)); # the user can at least update the master bug (needed to add the relationship)... access_ensure_bug_level(config_get('update_bug_threshold', null, $t_bug->project_id), $f_master_bug_id); #@@@ (thraxisp) Note that the master bug is cloned into the same project as the master, independent of # what the current project is set to. if ($t_bug->project_id != helper_get_current_project()) {
<?php # Mantis - a php based bugtracking system # Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org # Copyright (C) 2002 - 2004 Mantis Team - mantisbt-dev@lists.sourceforge.net # This program is distributed under the terms and conditions of the GPL # See the README and LICENSE files for details # -------------------------------------------------------- # $Id: logout_page.php,v 1.17 2004/05/30 01:49:31 vboctor Exp $ # -------------------------------------------------------- require_once 'core.php'; auth_logout(); if (HTTP_AUTH == config_get('login_method')) { auth_http_set_logout_pending(true); } print_header_redirect(config_get('logout_redirect_page'));
$f_query_name = strip_tags(gpc_get_string('query_name')); $f_is_public = gpc_get_bool('is_public'); $f_all_projects = gpc_get_bool('all_projects'); $t_query_redirect_url = 'query_store_page.php'; # We can't have a blank name if (is_blank($f_query_name)) { $t_query_redirect_url = $t_query_redirect_url . '?error_msg=' . urlencode(lang_get('query_blank_name')); print_header_redirect($t_query_redirect_url); } # Check and make sure they don't already have a # query with the same name $t_query_arr = filter_db_get_available_queries(); foreach ($t_query_arr as $t_id => $t_name) { if ($f_query_name == $t_name) { $t_query_redirect_url = $t_query_redirect_url . '?error_msg=' . urlencode(lang_get('query_dupe_name')); print_header_redirect($t_query_redirect_url); exit; } } $t_project_id = helper_get_current_project(); if ($f_all_projects) { $t_project_id = 0; } $t_filter_string = filter_db_get_filter(gpc_get_cookie(config_get('view_all_cookie'), '')); $t_new_row_id = filter_db_set_for_current_user($t_project_id, $f_is_public, $f_query_name, $t_filter_string); if ($t_new_row_id == -1) { $t_query_redirect_url = $t_query_redirect_url . '?error_msg=' . urlencode(lang_get('query_store_error')); print_header_redirect($t_query_redirect_url); } else { print_header_redirect('view_all_bug_page.php'); }
# but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with MantisBT. If not, see <http://www.gnu.org/licenses/>. /** * @package MantisBT * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright (C) 2002 - 2013 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org */ /** * MantisBT Core API's */ require_once 'core.php'; form_security_validate('manage_user_proj_add'); auth_reauthenticate(); $f_user_id = gpc_get_int('user_id'); $f_access_level = gpc_get_int('access_level'); $f_project_id = gpc_get_int_array('project_id', array()); $t_manage_user_threshold = config_get('manage_user_threshold'); user_ensure_exists($f_user_id); foreach ($f_project_id as $t_proj_id) { if (access_has_project_level($t_manage_user_threshold, $t_proj_id) && access_has_project_level($f_access_level, $t_proj_id)) { project_add_user($t_proj_id, $f_user_id, $f_access_level); } } form_security_purge('manage_user_proj_add'); print_header_redirect('manage_user_edit_page.php?user_id=' . $f_user_id);
require_api('authentication_api.php'); require_api('config_api.php'); require_api('constant_inc.php'); require_api('gpc_api.php'); require_api('print_api.php'); require_api('user_api.php'); # check if at least one way to get here is enabled if (OFF == config_get('allow_signup') && OFF == config_get('lost_password_feature') && OFF == config_get('send_reset_password')) { trigger_error(ERROR_LOST_PASSWORD_NOT_ENABLED, ERROR); } $f_user_id = gpc_get_string('id'); $f_confirm_hash = gpc_get_string('confirm_hash'); # force logout on the current user if already authenticated if (auth_is_user_authenticated()) { auth_logout(); # reload the page after logout print_header_redirect('verify.php?id=' . $f_user_id . '&confirm_hash=' . $f_confirm_hash); } $t_calculated_confirm_hash = auth_generate_confirm_hash($f_user_id); if ($f_confirm_hash != $t_calculated_confirm_hash) { trigger_error(ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID, ERROR); } # set a temporary cookie so the login information is passed between pages. auth_set_cookies($f_user_id, false); user_reset_failed_login_count_to_zero($f_user_id); user_reset_lost_password_in_progress_count_to_zero($f_user_id); # fake login so the user can set their password auth_attempt_script_login(user_get_field($f_user_id, 'username')); user_increment_login_count($f_user_id); define('ACCOUNT_VERIFICATION_INC', true); include dirname(__FILE__) . '/account_page.php';
$client->setAccessToken($_SESSION['access_token']); } if ($client->getAccessToken()) { $userData = $objOAuthService->userinfo->get(); $data['userData'] = $userData; $_SESSION['access_token'] = $client->getAccessToken(); } $user_id = user_get_id_by_email($userData->email); # check for disabled account if (!user_is_enabled($user_id)) { echo "<p>Your email didn't to registration on this web site. Please register new account first. "; return false; } # max. failed login attempts achieved... if (!user_is_login_request_allowed($user_id)) { echo "<p>Your email didn't to registration on this web site. Please register new account first. "; return false; } # check for anonymous login if (user_is_anonymous($user_id)) { echo "<p>Your email didn't to registration on this web site. Please register new account first. "; return false; } user_increment_login_count($user_id); user_reset_failed_login_count_to_zero($user_id); user_reset_lost_password_in_progress_count_to_zero($user_id); # set the cookies auth_set_cookies($user_id, false); auth_set_tokens($user_id); print_header_redirect('../../../my_view_page.php');
require_once $t_core_path . 'custom_field_api.php'; require_once $t_core_path . 'date_api.php'; require_once $t_core_path . 'last_visited_api.php'; require_once $t_core_path . 'projax_api.php'; $f_bug_id = gpc_get_int('bug_id'); $t_bug = bug_prepare_edit(bug_get($f_bug_id, true)); if ($t_bug->project_id != helper_get_current_project()) { # in case the current project is not the same project of the bug we are viewing... # ... override the current project. This to avoid problems with categories and handlers lists etc. $g_project_override = $t_bug->project_id; $t_changed_project = true; } else { $t_changed_project = false; } if (SIMPLE_ONLY == config_get('show_update')) { print_header_redirect('bug_update_page.php?bug_id=' . $f_bug_id); } if (bug_is_readonly($f_bug_id)) { error_parameters($f_bug_id); trigger_error(ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR); } access_ensure_bug_level(config_get('update_bug_threshold'), $f_bug_id); html_page_top1(bug_format_summary($f_bug_id, SUMMARY_CAPTION)); html_page_top2(); print_recently_visited(); ?> <br /> <form method="post" action="bug_update.php"> <?php echo form_security_field('bug_update');
# check if at least one way to get here is enabled if ( OFF == config_get( 'allow_signup' ) && OFF == config_get( 'lost_password_feature' ) && OFF == config_get( 'send_reset_password' ) ) { trigger_error( ERROR_LOST_PASSWORD_NOT_ENABLED, ERROR ); } $f_user_id = gpc_get_string('id'); $f_confirm_hash = gpc_get_string('confirm_hash'); # force logout on the current user if already authenticated if( auth_is_user_authenticated() ) { auth_logout(); # reload the page after logout print_header_redirect( "verify.php?id=$f_user_id&confirm_hash=$f_confirm_hash" ); } $t_calculated_confirm_hash = auth_generate_confirm_hash( $f_user_id ); if ( $f_confirm_hash != $t_calculated_confirm_hash ) { trigger_error( ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID, ERROR ); } # set a temporary cookie so the login information is passed between pages. auth_set_cookies( $f_user_id, false ); user_reset_failed_login_count_to_zero( $f_user_id ); user_reset_lost_password_in_progress_count_to_zero( $f_user_id ); # fake login so the user can set their password
if (!is_blank($f_return)) { print_header_redirect($f_return, false, false, true); } else { print_header_redirect(config_get('default_home_page')); } } # Check for automatic logon methods where we want the logon to just be handled by login.php if (auth_automatic_logon_bypass_form()) { $t_uri = 'login.php'; if (ON == config_get('allow_anonymous_login')) { $t_uri = 'login_anon.php'; } if (!is_blank($f_return)) { $t_uri .= '?return=' . string_url($f_return); } print_header_redirect($t_uri); exit; } # Determine if secure_session should default on or off? # - If no errors, and no cookies set, default to on. # - If no errors, but cookie is set, use the cookie value. # - If errors, use the value passed in. if ($t_session_validation) { if (!$f_error && !$f_cookie_error) { $t_default_secure_session = is_null($f_secure_session_cookie) ? true : $f_secure_session_cookie; } else { $t_default_secure_session = $f_secure_session; } } # Determine whether the username or password field should receive automatic focus. $t_username_field_autofocus = 'autofocus';
case 'bug_view_page.php': case 'bug_view_advanced_page.php': case 'bug_update_page.php': case 'bug_change_status_page.php': $t_path = $t_home_page; break; default: $t_path = $t_referrer_page . $t_param; break; } $t_redirect_url = $t_path; } else { if ($t_referrer_page == 'plugin.php') { $t_redirect_url = $t_referrer_page . $t_param; # redirect to same plugin page } else { $t_redirect_url = $t_home_page; } } } } else { $t_redirect_url = $t_home_page; } } } print_header_redirect($t_redirect_url, true, true); html_page_top1(); html_meta_redirect($t_redirect_url); html_page_top1(); html_operation_successful($t_redirect_url); html_page_bottom();
* @uses event_api.php * @uses form_api.php * @uses gpc_api.php * @uses print_api.php * @uses project_api.php */ require_once 'core.php'; require_api('access_api.php'); require_api('authentication_api.php'); require_api('config_api.php'); require_api('event_api.php'); require_api('form_api.php'); require_api('gpc_api.php'); require_api('print_api.php'); require_api('project_api.php'); form_security_validate('manage_proj_update'); auth_reauthenticate(); $f_project_id = gpc_get_int('project_id'); $f_name = gpc_get_string('name'); $f_description = gpc_get_string('description'); $f_status = gpc_get_int('status'); $f_view_state = gpc_get_int('view_state'); $f_file_path = gpc_get_string('file_path', ''); $f_enabled = gpc_get_bool('enabled'); $f_inherit_global = gpc_get_bool('inherit_global', 0); access_ensure_project_level(config_get('manage_project_threshold'), $f_project_id); project_update($f_project_id, $f_name, $f_description, $f_status, $f_view_state, $f_file_path, $f_enabled, $f_inherit_global); event_signal('EVENT_MANAGE_PROJECT_UPDATE', array($f_project_id)); form_security_purge('manage_proj_update'); print_header_redirect('manage_proj_page.php');
# # You should have received a copy of the GNU General Public License # along with MantisBT. If not, see <http://www.gnu.org/licenses/>. /** * login_anon.php logs a user in anonymously without having to enter a username * or password. * * Depends on two global configuration variables: * allow_anonymous_login - bool which must be true to allow anonymous login. * anonymous_account - name of account to login with. * * TODO: * Check how manage account is impacted. * Might be extended to allow redirects for bug links etc. * @package MantisBT * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright (C) 2002 - 2014 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org */ /** * MantisBT Core API's */ require_once 'core.php'; $f_return = gpc_get_string('return', ''); $t_anonymous_account = config_get('anonymous_account'); if ($f_return !== '') { $t_return = string_url(string_sanitize_url($f_return)); print_header_redirect("login.php?username={$t_anonymous_account}&perm_login=false&return={$t_return}"); } else { print_header_redirect("login.php?username={$t_anonymous_account}&perm_login=false"); }
form_security_validate('signup'); $f_username = strip_tags(gpc_get_string('username')); $f_email = strip_tags(gpc_get_string('email')); $f_captcha = gpc_get_string('captcha', ''); $f_username = trim($f_username); $f_email = email_append_domain(trim($f_email)); $f_captcha = utf8_strtolower(trim($f_captcha)); # Retrieve captcha key now, as session might get cleared by logout $t_form_key = session_get_int(CAPTCHA_KEY, null); # force logout on the current user if already authenticated if (auth_is_user_authenticated()) { auth_logout(); } # Check to see if signup is allowed if (OFF == config_get_global('allow_signup')) { print_header_redirect('login_page.php'); exit; } if (ON == config_get('signup_use_captcha') && get_gd_version() > 0 && helper_call_custom_function('auth_can_change_password', array())) { # captcha image requires GD library and related option to ON $t_key = utf8_strtolower(utf8_substr(md5(config_get('password_confirm_hash_magic_string') . $t_form_key), 1, 5)); if ($t_key != $f_captcha) { trigger_error(ERROR_SIGNUP_NOT_MATCHING_CAPTCHA, ERROR); } # Clear captcha cache session_delete(CAPTCHA_IMG); } email_ensure_not_disposable($f_email); # notify the selected group a new user has signed-up if (user_signup($f_username, $f_email)) { email_notify_new_account($f_username, $f_email);
* @package MantisBT * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright (C) 2002 - 2013 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org */ /** * MantisBT Core API's */ require_once 'core.php'; form_security_validate('account_delete'); auth_ensure_user_authenticated(); current_user_ensure_unprotected(); # Only allow users to delete their own accounts if allow_account_delete = ON or # the user has permission to manage user accounts. if (OFF == config_get('allow_account_delete') && !access_has_global_level(config_get('manage_user_threshold'))) { print_header_redirect('account_page.php'); } # check that we are not deleting the last administrator account $t_admin_threshold = config_get_global('admin_site_threshold'); if (current_user_is_administrator() && user_count_level($t_admin_threshold) <= 1) { trigger_error(ERROR_USER_CHANGE_LAST_ADMIN, ERROR); } helper_ensure_confirmed(lang_get('confirm_delete_msg'), lang_get('delete_account_button')); form_security_purge('account_delete'); $t_user_id = auth_get_current_user_id(); auth_logout(); user_delete($t_user_id); html_page_top1(); html_page_top2a(); ?>
$t_current_project = helper_get_current_project(); $t_project_id = gpc_get_int('project_id', $t_current_project); # If all projects, use default project if set $t_default_project = user_pref_get_pref(auth_get_current_user_id(), 'default_project'); if (ALL_PROJECTS == $t_project_id && ALL_PROJECTS != $t_default_project) { $t_project_id = $t_default_project; } if ((ALL_PROJECTS == $t_project_id || project_exists($t_project_id)) && $t_project_id != $t_current_project) { helper_set_current_project($t_project_id); # Reloading the page is required so that the project browser # reflects the new current project print_header_redirect($_SERVER['REQUEST_URI'], true, false, true); } # New issues cannot be reported for the 'All Project' selection if (ALL_PROJECTS == $t_current_project) { print_header_redirect('login_select_proj_page.php?ref=bug_report_page.php'); } access_ensure_project_level(config_get('report_bug_threshold')); $f_build = gpc_get_string('build', ''); $f_platform = gpc_get_string('platform', ''); $f_os = gpc_get_string('os', ''); $f_os_build = gpc_get_string('os_build', ''); $f_product_version = gpc_get_string('product_version', ''); $f_target_version = gpc_get_string('target_version', ''); $f_profile_id = gpc_get_int('profile_id', 0); $f_handler_id = gpc_get_int('handler_id', 0); $f_category_id = gpc_get_int('category_id', 0); $f_reproducibility = gpc_get_int('reproducibility', (int) config_get('default_bug_reproducibility')); $f_eta = gpc_get_int('eta', (int) config_get('default_bug_eta')); $f_severity = gpc_get_int('severity', (int) config_get('default_bug_severity')); $f_priority = gpc_get_int('priority', (int) config_get('default_bug_priority'));
# the Free Software Foundation, either version 2 of the License, or # (at your option) any later version. # # Mantis is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Mantis. If not, see <http://www.gnu.org/licenses/>. # -------------------------------------------------------- # $Id: manage_custom_field_proj_add.php,v 1.2.2.1 2007-10-13 22:33:29 giallu Exp $ # -------------------------------------------------------- require_once 'core.php'; form_security_validate('manage_custom_field_proj_add'); auth_reauthenticate(); $f_field_id = gpc_get_int('field_id'); $f_project_id = gpc_get_int_array('project_id', array()); $f_sequence = gpc_get_int('sequence'); $t_manage_project_threshold = config_get('manage_project_threshold'); foreach ($f_project_id as $t_proj_id) { if (access_has_project_level($t_manage_project_threshold, $t_proj_id)) { if (!custom_field_is_linked($f_field_id, $t_proj_id)) { custom_field_link($f_field_id, $t_proj_id); } custom_field_set_sequence($f_field_id, $t_proj_id, $f_sequence); } } form_security_purge('manage_custom_field_proj_add'); print_header_redirect('manage_custom_field_edit_page.php?field_id=' . $f_field_id);
function print_successful_redirect($p_redirect_to) { if (helper_log_to_page()) { html_page_top(null, $p_redirect_to); echo '<br /><div class="center">'; echo lang_get('operation_successful') . '<br />'; print_bracket_link($p_redirect_to, lang_get('proceed')); echo '</div>'; html_page_bottom(); } else { print_header_redirect($p_redirect_to); } }
require_once $t_core_path . 'date_api.php'; require_once $t_core_path . 'relationship_api.php'; require_once $t_core_path . 'last_visited_api.php'; require_once $t_core_path . 'tag_api.php'; $f_bug_id = gpc_get_int('bug_id'); $f_history = gpc_get_bool('history', config_get('history_default_visible')); bug_ensure_exists($f_bug_id); access_ensure_bug_level(VIEWER, $f_bug_id); $t_bug = bug_prepare_display(bug_get($f_bug_id, true)); if ($t_bug->project_id != helper_get_current_project()) { # in case the current project is not the same project of the bug we are viewing... # ... override the current project. This to avoid problems with categories and handlers lists etc. $g_project_override = $t_bug->project_id; } if (SIMPLE_ONLY == config_get('show_view')) { print_header_redirect('bug_view_page.php?bug_id=' . $f_bug_id); } compress_enable(); html_page_top1(bug_format_summary($f_bug_id, SUMMARY_CAPTION)); html_page_top2(); print_recently_visited(); $t_access_level_needed = config_get('view_history_threshold'); $t_can_view_history = access_has_bug_level($t_access_level_needed, $f_bug_id); $t_bugslist = gpc_get_cookie(config_get('bug_list_cookie'), false); ?> <br /> <table class="width100" cellspacing="1"> <tr>
# Delete the users who have never logged in and are older than 1 week $days_old = (int)7 * SECONDS_PER_DAY; $query = "SELECT id, access_level FROM $t_user_table WHERE ( login_count = 0 ) AND ( date_created = last_visit ) AND " . db_helper_compare_days( 0, "date_created", "> $days_old" ); $result = db_query_bound($query, Array( db_now() ) ); if ( !$result ) { trigger_error( ERROR_GENERIC, ERROR ); } $count = db_num_rows( $result ); if ( $count > 0 ) { helper_ensure_confirmed( lang_get( 'confirm_account_pruning' ), lang_get( 'prune_accounts_button' ) ); } for ($i=0; $i < $count; $i++) { $row = db_fetch_array( $result ); # Don't prune accounts with a higher global access level than the current user if ( access_has_global_level( $row['access_level'] ) ) { user_delete($row['id']); } } form_security_purge( 'manage_user_prune' ); print_header_redirect( 'manage_user_page.php' );
*/ # don't auto-login when trying to verify new user $g_login_anonymous = false; /** * MantisBT Core API's */ require_once 'core.php'; # check if at least one way to get here is enabled if (OFF == config_get('allow_signup') && OFF == config_get('lost_password_feature') && OFF == config_get('send_reset_password')) { trigger_error(ERROR_LOST_PASSWORD_NOT_ENABLED, ERROR); } $f_user_id = gpc_get_string('id'); $f_confirm_hash = gpc_get_string('confirm_hash'); # force logout on the current user if already authenticated if (auth_is_user_authenticated()) { auth_logout(); # reload the page after logout print_header_redirect("verify.php?id={$f_user_id}&confirm_hash={$f_confirm_hash}"); } $t_calculated_confirm_hash = auth_generate_confirm_hash($f_user_id); if ($f_confirm_hash != $t_calculated_confirm_hash) { trigger_error(ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID, ERROR); } # set a temporary cookie so the login information is passed between pages. auth_set_cookies($f_user_id, false); user_reset_failed_login_count_to_zero($f_user_id); user_reset_lost_password_in_progress_count_to_zero($f_user_id); # fake login so the user can set their password auth_attempt_script_login(user_get_field($f_user_id, 'username')); user_increment_login_count($f_user_id); include dirname(__FILE__) . DIRECTORY_SEPARATOR . 'account_page.php';
$f_search = gpc_get_string(FILTER_PROPERTY_FREE_TEXT, false); /** @todo need a better default */ $f_offset = gpc_get_int('offset', 0); $t_cookie_value_id = gpc_get_cookie(config_get('view_all_cookie'), ''); $t_cookie_value = filter_db_get_filter($t_cookie_value_id); $f_highlight_changed = 0; $f_sort = null; $f_dir = null; $t_project_id = 0; $t_columns = helper_get_columns_to_view(COLUMNS_TARGET_PRINT_PAGE); $t_num_of_columns = count($t_columns); # check to see if the cookie exists if (!is_blank($t_cookie_value)) { # check to see if new cookie is needed if (!filter_is_cookie_valid()) { print_header_redirect('view_all_set.php?type=0&print=1'); } $t_setting_arr = explode('#', $t_cookie_value, 2); $t_filter_cookie_arr = unserialize($t_setting_arr[1]); $f_highlight_changed = $t_filter_cookie_arr[FILTER_PROPERTY_HIGHLIGHT_CHANGED]; $f_sort = $t_filter_cookie_arr[FILTER_PROPERTY_SORT_FIELD_NAME]; $f_dir = $t_filter_cookie_arr[FILTER_PROPERTY_SORT_DIRECTION]; $t_project_id = helper_get_current_project(); } # This replaces the actual search that used to be here $f_page_number = gpc_get_int('page_number', 1); $t_per_page = -1; $t_bug_count = null; $t_page_count = null; $result = filter_get_bug_rows($f_page_number, $t_per_page, $t_page_count, $t_bug_count); $row_count = count($result);
* @uses print_api.php * @uses project_api.php */ /** * MantisBT Core API's */ require_once 'core.php'; require_api('access_api.php'); require_api('authentication_api.php'); require_api('config_api.php'); require_api('form_api.php'); require_api('gpc_api.php'); require_api('print_api.php'); require_api('project_api.php'); form_security_validate('manage_proj_user_add'); auth_reauthenticate(); $f_project_id = gpc_get_int('project_id'); $f_user_id = gpc_get_int_array('user_id', array()); $f_access_level = gpc_get_int('access_level'); # We should check both since we are in the project section and an # admin might raise the first threshold and not realize they need # to raise the second access_ensure_project_level(config_get('manage_project_threshold'), $f_project_id); access_ensure_project_level(config_get('project_user_threshold'), $f_project_id); # Add user(s) to the current project foreach ($f_user_id as $t_user_id) { project_add_user($f_project_id, $t_user_id, $f_access_level); } form_security_purge('manage_proj_user_add'); print_header_redirect('manage_proj_edit_page.php?project_id=' . $f_project_id);