function AuthUser($loginname, $passwd)
{
global $feedback;
if (!$loginname) {
return false;
}
$u = user_get_object_by_name($loginname);
if ($u) {
// User exists in DB
if ($u->getStatus() == 'A') {
//we check if it's active
$user_id = $u->getID();
session_set_new($user_id);
//create session cookie
$GLOBALS['aselect_auth_failed'] = false;
return true;
} else {
$GLOBALS['aselect_auth_failed'] = true;
return false;
}
} else {
$GLOBALS['aselect_auth_failed'] = true;
return false;
}
}
function session_login_valid($form_loginname, $form_pw, $allowpending = 0)
{
global $session_hash, $feedback;
if (!$form_loginname || !$form_pw) {
$feedback = 'Missing Password Or users Name';
return false;
}
//get the users from the database using user_id and password
$res = db_query("SELECT user_id,status FROM users WHERE " . "user_name='{$form_loginname}' " . "AND user_pw='" . md5($form_pw) . "'");
if (!$res || db_numrows($res) < 1) {
//invalid password or user_name
$feedback = 'Invalid Password Or user Name';
return false;
} else {
// check status of this user
$usr = db_fetch_array($res);
// if allowpending (for verify.php) then allow
if ($allowpending && $usr['status'] == 'P') {
//1;
} else {
if ($usr['status'] == 'S') {
//acount suspended
$feedback = 'Account Suspended';
return false;
}
if ($usr['status'] == 'P') {
//account pending
$feedback = 'Account Pending';
return false;
}
if ($usr['status'] == 'D') {
//account deleted
$feedback = 'Account Deleted';
return false;
}
if ($usr['status'] != 'A') {
//unacceptable account flag
$feedback = 'Account Not Active';
return false;
}
}
//create a new session
session_set_new(db_result($res, 0, 'user_id'));
return true;
}
}
/**
* Checks if the commit it's possible and parse arguments
* Checks if repository, group and user_name are right.
* It extract group from cvsroot, and check if the plugin
* is availabe. It checks if the user exists.
*
* @param array $Config Config
*
* @return array Returns 'check'=true if check passed, group, group_id
*/
function parseConfig($Config)
{
global $sys_cvsroot_path, $cvs_tracker_debug;
$Result = array();
$Result['check'] = true;
$Repository = $Config['Repository'];
$UserName = $Config['UserName'];
// add a trailing / if needed
if ($sys_cvsroot_path[strlen($sys_cvsroot_path) - 1] != '/') {
$sys_cvsroot_path .= '/';
}
if (strncmp($Repository, $sys_cvsroot_path, strlen($sys_cvsroot_path)) == 0) {
$GroupName = substr($Repository, strlen($sys_cvsroot_path));
} else {
$GroupName = $Repository;
}
if ($cvs_tracker_debug) {
echo "GroupName = " . $GroupName . "\n";
echo "CVSRootPath = " . $sys_cvsroot_path . "\n";
}
$Result['user'] = user_get_object_by_name($UserName);
if (!$Result['user'] || !is_object($Result['user']) || $Result['user']->isError() || !$Result['user']->isActive()) {
$Result['check'] = false;
$Result['error'] = 'Invalid User';
return $Result;
}
session_set_new($Result['user']->getID());
$Result['group'] = group_get_object_by_name($GroupName);
if (!$Result['group'] || !is_object($Result['group']) || $Result['group']->isError() || !$Result['group']->isActive()) {
$Result['check'] = false;
$Result['error'] = 'Group Not Found';
} else {
$Result['group_id'] = $Result['group']->getID();
if (!$Result['group']->usesPlugin('cvstracker')) {
$Result['check'] = false;
$Result['error'] = 'Plugin not enabled for this Group';
}
}
return $Result;
}
require_once $gfcommon . 'frs/FRSPackage.class.php';
//
// Set up this script to run as the site admin
//
$res = db_query("SELECT user_id FROM user_group WHERE admin_flags='A' AND group_id='1'");
if (!$res) {
//echo db_error();
exit(1);
}
if (db_numrows($res) == 0) {
// There are no Admins yet, aborting without failing
//echo "SUCCESS\n";
exit(0);
}
$id = db_result($res, 0, 0);
session_set_new($id);
$res = db_query("SELECT group_id FROM groups WHERE status != 'P'");
$groups =& group_get_objects(util_result_column_to_array($res));
for ($g = 0; $g < count($groups); $g++) {
//make group dirs
$newdirlocation = $GLOBALS['sys_upload_dir'] . '/' . $groups[$g]->getUnixName();
$cmd = "/bin/mkdir {$newdirlocation}";
//echo "\n$cmd";
if (!is_dir($newdirlocation)) {
exec($cmd, $out);
}
$frsps =& get_frs_packages($groups[$g]);
//echo count($frsps);
for ($p = 0; $p < count($frsps); $p++) {
if (!is_object($frsps[$p])) {
continue;
# User rules
# 1. Must only contain alphanumeric chars or _ or -
# 2. Must be 3 - 15 chars
preg_match("/[[:alnum:]_-]{3,15}/", $env_user, $matches2);
if (count($matches) == 0) {
exit_error('', 'Invalid CVS repository : ' . $env_group);
} else {
if (count($matches2) == 0) {
exit_error('', 'Invalid username : '******'', 'User "' . $userName . '"not found');
}
session_set_new($User->getID());
$projectName = $matches[count($matches) - 1];
$Group =& group_get_object_by_name($projectName);
if (!$Group || !is_object($Group) || $Group->isError()) {
exit_no_group();
}
$perm =& permission_get_object($Group, $User);
if (!$perm || !is_object($perm) || !$perm->isCVSWriter()) {
exit_permission_denied();
}
}
exit(0);
// Local Variables:
// mode: php
// c-file-style: "bsd"
// End:
/**
* Insert data into the forum db
*
* @return - true or false
*/
function addMessage()
{
//
// get user_id
//
$user_id = $this->getUserId();
if ($user_id) {
//
// Set up this user's session before posting
//
session_set_new($user_id);
}
//DBG( "AddMessage 1\n");
$Forum =& $this->getForum();
if (!$Forum || !is_object($Forum)) {
$this->setError("Could Not Get Forum");
return false;
} elseif ($Forum->isError()) {
$this->setError("Forum Error: " . $Forum->getErrorMessage());
return false;
}
if (!$user_id && !$Forum->AllowAnonymous()) {
$this->setError("Could Not Match Sender Email Address to User and Forum Does Not Allow Anonymous Posts");
return false;
}
//DBG( "AddMessage 2\n");
//
// Create a blank forum message
//
$ForumMessage = new ForumMessage($Forum);
if (!$ForumMessage || !is_object($Forum)) {
$this->setError("Could Not Get Forum Message");
return false;
} elseif ($ForumMessage->isError()) {
$this->setError("ForumMessage Error: " . $ForumMessage->getErrorMessage());
return false;
}
//DBG( "AddMessage 3\n");
if ($this->Message != "") {
if (!$ForumMessage->create($this->Subject, $this->Message, $this->ThreadId, $this->Parent)) {
//DBG( "AddMessage 4.".$ForumMessage->getErrorMessage()."\n");
$this->setError("ForumMessage Create Error: " . $ForumMessage->getErrorMessage());
return false;
} else {
//DBG( "AddMessage 5.".$ForumMessage->getErrorMessage()."\n");
return true;
}
} else {
return true;
}
}
/**
* Insert data into the tracker db
*
* @return - true or false
*/
function addMessage()
{
//
// get user_id
//
$user_id = $this->getUserId();
if ($user_id) {
//
// Set up this user's session before posting
//
session_set_new($user_id);
}
$Artifact =& $this->getArtifact();
if (!$Artifact || !is_object($Artifact)) {
$this->setError("Could Not Get Artifact");
return false;
}
if (!$user_id && !$Artifact->ArtifactType->allowsAnon()) {
$this->setError("Could Not Match Sender Email Address to User and Tracker Does Not Allow Anonymous Posts");
return false;
}
//
// Create artifact message
//
if (!$Artifact->addMessage($this->Message, $this->FromName, true)) {
$this->setError("ArtifactMessage Error:" . $Artifact->getErrorMessage());
return false;
}
return true;
}
function session_login_valid_dbonly($loginname, $passwd, $allowpending)
{
global $feedback, $userstatus;
// Try to get the users from the database using user_id and (MD5) user_pw
$res = db_query("\n\t\tSELECT user_id,status,unix_pw\n\t\tFROM users\n\t\tWHERE user_name='{$loginname}' \n\t\tAND user_pw='" . md5($passwd) . "'\n\t");
if (!$res || db_numrows($res) < 1) {
// No user whose MD5 passwd matches the MD5 of the provided passwd
// Selecting by user_name only
$res = db_query("SELECT user_id,status,unix_pw\n\t\t\t\t\tFROM users\n\t\t\t\t\tWHERE user_name='{$loginname}'");
if (!$res || db_numrows($res) < 1) {
// No user by that name
$feedback = _('Invalid Password Or User Name');
return false;
} else {
// There is a user with the provided user_name, but the MD5 passwds do not match
// We'll have to try checking the (crypt) unix_pw
$usr = db_fetch_array($res);
if (crypt($passwd, $usr['unix_pw']) != $usr['unix_pw']) {
// Even the (crypt) unix_pw does not patch
// This one has clearly typed a bad passwd
$feedback = _('Invalid Password Or User Name');
return false;
}
// User exists, (crypt) unix_pw matches
// Update the (MD5) user_pw and retry authentication
// It should work, except for status errors
$res = db_query("UPDATE users\n\t\t\t\tSET user_pw='" . md5($passwd) . "'\n\t\t\t\tWHERE user_id='" . $usr['user_id'] . "'");
return session_login_valid_dbonly($loginname, $passwd, $allowpending);
}
} else {
// If we're here, then the user has typed a password matching the (MD5) user_pw
// Let's check whether it also matches the (crypt) unix_pw
$usr = db_fetch_array($res);
/*
if (crypt ($passwd, $usr['unix_pw']) != $usr['unix_pw']) {
// The (crypt) unix_pw does not match
if ($usr['unix_pw'] == '') {
// Empty unix_pw, we'll take the MD5 as authoritative
// Update the (crypt) unix_pw and retry authentication
// It should work, except for status errors
$res = db_query ("UPDATE users
SET unix_pw='" . account_genunixpw($passwd) . "'
WHERE user_id='".$usr['user_id']."'");
return session_login_valid_dbonly($loginname, $passwd, $allowpending) ;
} else {
// Invalidate (MD5) user_pw, refuse authentication
$res = db_query ("UPDATE users
SET user_pw='OUT OF DATE'
WHERE user_id='".$usr['user_id']."'");
$feedback=_('Invalid Password Or User Name');
return false;
}
}
*/
// Yay. The provided password matches both fields in the database.
// Let's check the status of this user
// if allowpending (for verify.php) then allow
$userstatus = $usr['status'];
if ($allowpending && $usr['status'] == 'P') {
//1;
} else {
if ($usr['status'] == 'S') {
//acount suspended
$feedback = _('Account Suspended');
return false;
}
if ($usr['status'] == 'P') {
//account pending
$feedback = _('Account Pending');
return false;
}
if ($usr['status'] == 'D') {
//account deleted
$feedback = _('Account Deleted');
return false;
}
if ($usr['status'] != 'A') {
//unacceptable account flag
$feedback = _('Account Not Active');
return false;
}
}
//create a new session
session_set_new(db_result($res, 0, 'user_id'));
return true;
}
}
