/**
* Function to be called when a user is attempting to access a page that
* he/she is not authorised to. This outputs an access denied message then
* re-directs to the mainpage.
*
* @return void
*/
function access_denied()
{
if (!auth_is_user_authenticated()) {
if (basename($_SERVER['SCRIPT_NAME']) != 'login_page.php') {
$t_return_page = $_SERVER['SCRIPT_NAME'];
if (isset($_SERVER['QUERY_STRING'])) {
$t_return_page .= '?' . $_SERVER['QUERY_STRING'];
}
$t_return_page = string_url(string_sanitize_url($t_return_page));
print_header_redirect('login_page.php?return=' . $t_return_page);
}
} else {
if (current_user_is_anonymous()) {
if (basename($_SERVER['SCRIPT_NAME']) != 'login_page.php') {
$t_return_page = $_SERVER['SCRIPT_NAME'];
if (isset($_SERVER['QUERY_STRING'])) {
$t_return_page .= '?' . $_SERVER['QUERY_STRING'];
}
$t_return_page = string_url(string_sanitize_url($t_return_page));
echo '<p class="center">' . error_string(ERROR_ACCESS_DENIED) . '</p><p class="center">';
print_bracket_link(helper_mantis_url('login_page.php') . '?return=' . $t_return_page, lang_get('click_to_login'));
echo '</p><p class="center">';
print_bracket_link(helper_mantis_url(config_get('default_home_page')), lang_get('proceed'));
echo '</p>';
}
} else {
echo '<p class="center">' . error_string(ERROR_ACCESS_DENIED) . '</p>';
echo '<p class="center">';
print_bracket_link(helper_mantis_url(config_get('default_home_page')), lang_get('proceed'));
echo '</p>';
}
}
exit;
}
function access_denied()
{
if (!auth_is_user_authenticated()) {
if (basename($_SERVER['SCRIPT_NAME']) != 'login_page.php') {
$t_return_page = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$t_return_page .= '?' . $_SERVER['QUERY_STRING'];
}
$t_return_page = string_url(string_sanitize_url($t_return_page));
print_header_redirect('login_page.php?return=' . $t_return_page);
}
} else {
if (auth_get_current_user_id() == user_get_id_by_name(config_get_global('anonymous_account'))) {
if (basename($_SERVER['SCRIPT_NAME']) != 'login_page.php') {
$t_return_page = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$t_return_page .= '?' . $_SERVER['QUERY_STRING'];
}
$t_return_page = string_url(string_sanitize_url($t_return_page));
echo '<center>';
echo '<p>' . error_string(ERROR_ACCESS_DENIED) . '</p>';
print_bracket_link('login_page.php?return=' . $t_return_page, lang_get('click_to_login'));
echo '<p></p>';
print_bracket_link('main_page.php', lang_get('proceed'));
echo '</center>';
}
} else {
echo '<center>';
echo '<p>' . error_string(ERROR_ACCESS_DENIED) . '</p>';
print_bracket_link('main_page.php', lang_get('proceed'));
echo '</center>';
}
}
exit;
}
/**
* Check that there is a user logged-in and authenticated
* If the user's account is disabled they will be logged out
* If there is no user logged in, redirect to the login page
* If parameter is given it is used as a URL to redirect to following
* successful login. If none is given, the URL of the current page is used
* @param string $p_return_page Page to redirect to following successful logon, defaults to current page
* @access public
*/
function auth_ensure_user_authenticated($p_return_page = '')
{
# if logged in
if (auth_is_user_authenticated()) {
# check for access enabled
# This also makes sure the cookie is valid
if (OFF == current_user_get_field('enabled')) {
print_header_redirect('logout_page.php');
}
} else {
# not logged in
if (is_blank($p_return_page)) {
if (!isset($_SERVER['REQUEST_URI'])) {
$_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING'];
}
$p_return_page = $_SERVER['REQUEST_URI'];
}
$p_return_page = string_url($p_return_page);
print_header_redirect('login_page.php?return=' . $p_return_page);
}
}
function access_denied()
{
if (!php_version_at_least('4.1.0')) {
global $_SERVER;
}
if (!auth_is_user_authenticated()) {
if (basename($_SERVER['SCRIPT_NAME']) != 'login_page.php') {
if (!isset($_SERVER['REQUEST_URI'])) {
if (!isset($_SERVER['QUERY_STRING'])) {
$_SERVER['QUERY_STRING'] = '';
}
$_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING'];
}
$t_return_page = string_url($_SERVER['REQUEST_URI']);
print_header_redirect('login_page.php?return=' . $t_return_page);
}
} else {
echo '<center>';
echo '<p>' . error_string(ERROR_ACCESS_DENIED) . '</p>';
print_bracket_link('main_page.php', lang_get('proceed'));
echo '</center>';
}
exit;
}
<fieldset>
<legend><span><?php
echo lang_get('login_title');
?>
</span></legend>
<?php
if (!is_blank($f_return)) {
echo '<input type="hidden" name="return" value="', string_html_specialchars($f_return), '" />';
}
if ($t_upgrade_required) {
echo '<input type="hidden" name="install" value="true" />';
}
# CSRF protection not required here - form does not result in modifications
echo '<ul id="login-links">';
if (ON == config_get('allow_anonymous_login')) {
echo '<li><a href="login_anon.php?return=' . string_url($f_return) . '">' . lang_get('login_anonymously') . '</a></li>';
}
if (ON == config_get_global('allow_signup') && LDAP != config_get_global('login_method') && ON == config_get('enable_email_notification')) {
echo '<li><a href="signup_page.php">', lang_get('signup_link'), '</a></li>';
}
# lost password feature disabled or reset password via email disabled -> stop here!
if (LDAP != config_get_global('login_method') && ON == config_get('lost_password_feature') && ON == config_get('send_reset_password') && ON == config_get('enable_email_notification')) {
echo '<li><a href="lost_pwd_page.php">', lang_get('lost_password_link'), '</a></li>';
}
?>
</ul>
<div class="field-container">
<label for="username"><span><?php
echo lang_get('username');
?>
</span></label>
/**
* return the mailto: href string link instead of printing it
* add subject line
*
* @param string $p_email Email Address.
* @param string $p_text Link text to display to user.
* @param string $p_subject Email subject line.
* @return string
*/
function get_email_link_with_subject($p_email, $p_text, $p_subject)
{
# If we apply string_url() to the whole mailto: link then the @
# gets turned into a %40 and you can't right click in browsers to
# do Copy Email Address. If we don't apply string_url() to the
# subject text then an ampersand (for example) will truncate the text
$t_subject = string_url($p_subject);
$t_email = string_url($p_email);
$t_mailto = string_attribute('mailto:' . $t_email . '?subject=' . $t_subject);
$t_text = string_display($p_text);
return '<a class="user" href="' . $t_mailto . '">' . $t_text . '</a>';
}
function html_login_info()
{
$t_username = current_user_get_field('username');
$t_access_level = get_enum_element('access_levels', current_user_get_access_level());
$t_now = date(config_get('complete_date_format'));
$t_realname = current_user_get_field('realname');
print '<table class="hide">';
print '<tr>';
print '<td class="login-info-left">';
if (current_user_is_anonymous()) {
$t_return_page = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$t_return_page .= '?' . $_SERVER['QUERY_STRING'];
}
$t_return_page = string_url($t_return_page);
print lang_get('anonymous') . ' | <a href="login_page.php?return=' . $t_return_page . '">' . lang_get('login_link') . '</a>';
if (config_get('allow_signup') == ON) {
print ' | <a href="signup_page.php">' . lang_get('signup_link') . '</a>';
}
} else {
echo lang_get('logged_in_as'), ": <span class=\"italic\">", string_display($t_username), "</span> <span class=\"small\">";
echo is_blank($t_realname) ? "({$t_access_level})" : "(" . string_display($t_realname) . " - {$t_access_level})";
echo "</span>";
}
print '</td>';
print '<td class="login-info-middle">';
print "<span class=\"italic\">{$t_now}</span>";
print '</td>';
print '<td class="login-info-right">';
print '<form method="post" name="form_set_project" action="set_project.php">';
echo lang_get('email_project'), ': ';
if (ON == config_get('show_extended_project_browser')) {
print_extended_project_browser(helper_get_current_project_trace());
} else {
if (ON == config_get('use_javascript')) {
print '<select name="project_id" class="small" onchange="document.forms.form_set_project.submit();">';
} else {
print '<select name="project_id" class="small">';
}
print_project_option_list(join(';', helper_get_current_project_trace()), true, null, true);
print '</select> ';
}
print '<input type="submit" class="button-small" value="' . lang_get('switch') . '" />';
if (OFF != config_get('rss_enabled')) {
# Link to RSS issues feed for the selected project, including authentication details.
print '<a href="' . rss_get_issues_feed_url() . '">';
print '<img src="images/rss.gif" alt="' . lang_get('rss') . '" style="border-style: none; margin: 5px; vertical-align: middle;" />';
print '</a>';
}
print '</form>';
print '</td>';
print '</tr>';
print '</table>';
}
#
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
/**
* login_anon.php logs a user in anonymously without having to enter a username
* or password.
*
* Depends on two global configuration variables:
* allow_anonymous_login - bool which must be true to allow anonymous login.
* anonymous_account - name of account to login with.
*
* TODO:
* Check how manage account is impacted.
* Might be extended to allow redirects for bug links etc.
* @package MantisBT
* @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright (C) 2002 - 2014 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*/
/**
* MantisBT Core API's
*/
require_once 'core.php';
$f_return = gpc_get_string('return', '');
$t_anonymous_account = config_get('anonymous_account');
if ($f_return !== '') {
$t_return = string_url(string_sanitize_url($f_return));
print_header_redirect("login.php?username={$t_anonymous_account}&perm_login=false&return={$t_return}");
} else {
print_header_redirect("login.php?username={$t_anonymous_account}&perm_login=false");
}
* @uses session_api.php
* @uses string_api.php
*/
require_once 'core.php';
require_api('authentication_api.php');
require_api('config_api.php');
require_api('constant_inc.php');
require_api('gpc_api.php');
require_api('print_api.php');
require_api('session_api.php');
require_api('string_api.php');
$t_allow_perm_login = ON == config_get('allow_permanent_cookie');
$f_username = gpc_get_string('username', '');
$f_password = gpc_get_string('password', '');
$f_perm_login = $t_allow_perm_login && gpc_get_bool('perm_login');
$t_return = string_url(string_sanitize_url(gpc_get_string('return', config_get('default_home_page'))));
$f_from = gpc_get_string('from', '');
$f_secure_session = gpc_get_bool('secure_session', false);
$f_install = gpc_get_bool('install');
# If upgrade required, always redirect to install page.
if ($f_install) {
$t_return = 'admin/install.php';
}
$f_username = auth_prepare_username($f_username);
$f_password = auth_prepare_password($f_password);
gpc_set_cookie(config_get_global('cookie_prefix') . '_secure_session', $f_secure_session ? '1' : '0');
if (auth_attempt_login($f_username, $f_password, $f_perm_login)) {
session_set('secure_session', $f_secure_session);
if ($f_username == 'administrator' && $f_password == 'root' && (is_blank($t_return) || $t_return == 'index.php')) {
$t_return = 'account_page.php';
}
/**
* return the complete URL link to the verify page including the confirmation hash
* @param integer $p_user_id A valid user identifier.
* @param string $p_confirm_hash The confirmation hash value to include in the link.
* @return string
*/
function string_get_confirm_hash_url($p_user_id, $p_confirm_hash)
{
$t_path = config_get('path');
return $t_path . 'verify.php?id=' . string_url($p_user_id) . '&confirm_hash=' . string_url($p_confirm_hash);
}
/**
* (11) Print the user's account information
* Also print the select box where users can switch projects
* @return null
*/
function html_login_info()
{
$t_username = current_user_get_field('username');
$t_access_level = get_enum_element('access_levels', current_user_get_access_level());
$t_now = date(config_get('complete_date_format'));
$t_realname = current_user_get_field('realname');
echo '<table class="hide">';
echo '<tr>';
echo '<td class="login-info-left">';
if (current_user_is_anonymous()) {
$t_return_page = $_SERVER['SCRIPT_NAME'];
if (isset($_SERVER['QUERY_STRING'])) {
$t_return_page .= '?' . $_SERVER['QUERY_STRING'];
}
$t_return_page = string_url($t_return_page);
echo lang_get('anonymous') . ' | <a href="' . helper_mantis_url('login_page.php?return=' . $t_return_page) . '">' . lang_get('login_link') . '</a>';
if (config_get_global('allow_signup') == ON) {
echo ' | <a href="' . helper_mantis_url('signup_page.php') . '">' . lang_get('signup_link') . '</a>';
}
} else {
echo lang_get('logged_in_as'), ": <span class=\"italic\">", string_html_specialchars($t_username), "</span> <span class=\"small\">";
echo is_blank($t_realname) ? "({$t_access_level})" : "(" . string_html_specialchars($t_realname) . " - {$t_access_level})";
echo "</span>";
}
echo '</td>';
echo '<td class="login-info-middle">';
echo "<span class=\"italic\">{$t_now}</span>";
echo '</td>';
echo '<td class="login-info-right">';
# Project Selector hidden if only one project visisble to user
$t_show_project_selector = true;
$t_project_ids = current_user_get_accessible_projects();
if (count($t_project_ids) == 1) {
$t_project_id = (int) $t_project_ids[0];
if (count(current_user_get_accessible_subprojects($t_project_id)) == 0) {
$t_show_project_selector = false;
}
}
if ($t_show_project_selector) {
echo '<form method="post" name="form_set_project" action="' . helper_mantis_url('set_project.php') . '">';
# CSRF protection not required here - form does not result in modifications
echo lang_get('email_project'), ': ';
if (ON == config_get('show_extended_project_browser')) {
print_extended_project_browser(helper_get_current_project_trace());
} else {
if (ON == config_get('use_javascript')) {
echo '<select name="project_id" class="small" onchange="document.forms.form_set_project.submit();">';
} else {
echo '<select name="project_id" class="small">';
}
print_project_option_list(join(';', helper_get_current_project_trace()), true, null, true);
echo '</select> ';
}
echo '<input type="submit" class="button-small" value="' . lang_get('switch') . '" />';
echo '</form>';
} else {
# User has only one project, set it as both current and default
if (ALL_PROJECTS == helper_get_current_project()) {
helper_set_current_project($t_project_id);
if (!current_user_is_protected()) {
current_user_set_default_project($t_project_id);
}
# Force reload of current page, except if we got here after
# creating the first project
$t_redirect_url = str_replace(config_get('short_path'), '', $_SERVER['REQUEST_URI']);
if ('manage_proj_create.php' != $t_redirect_url) {
html_meta_redirect($t_redirect_url, 0, false);
}
}
}
if (OFF != config_get('rss_enabled')) {
# Link to RSS issues feed for the selected project, including authentication details.
echo '<a href="' . htmlspecialchars(rss_get_issues_feed_url()) . '">';
echo '<img src="' . helper_mantis_url('images/rss.png') . '" alt="' . lang_get('rss') . '" style="border-style: none; margin: 5px; vertical-align: middle;" />';
echo '</a>';
}
echo '</td>';
echo '</tr>';
echo '</table>';
}
/**
* (10) Print the user's account information
* Also print the select box where users can switch projects
* @return void
*/
function html_login_info()
{
$t_username = current_user_get_field('username');
$t_access_level = get_enum_element('access_levels', current_user_get_access_level());
$t_now = date(config_get('complete_date_format'));
$t_realname = current_user_get_field('realname');
# Login information
echo '<div id="login-info">' . "\n";
if (current_user_is_anonymous()) {
$t_return_page = $_SERVER['SCRIPT_NAME'];
if (isset($_SERVER['QUERY_STRING'])) {
$t_return_page .= '?' . $_SERVER['QUERY_STRING'];
}
$t_return_page = string_url($t_return_page);
echo "\t" . '<span id="logged-anon-label">' . lang_get('anonymous') . '</span>' . "\n";
echo "\t" . '<span id="login-link"><a href="' . helper_mantis_url('login_page.php?return=' . $t_return_page) . '">' . lang_get('login_link') . '</a></span>' . "\n";
if (config_get_global('allow_signup') == ON) {
echo "\t" . '<span id="signup-link"><a href="' . helper_mantis_url('signup_page.php') . '">' . lang_get('signup_link') . '</a></span>' . "\n";
}
} else {
echo "\t" . '<span id="logged-in-label">' . lang_get('logged_in_as') . '</span>' . "\n";
echo "\t" . '<span id="logged-in-user">' . string_html_specialchars($t_username) . '</span>' . "\n";
echo "\t" . '<span id="logged-in">';
echo !is_blank($t_realname) ? "\t" . '<span id="logged-in-realname">' . string_html_specialchars($t_realname) . '</span>' . "\n" : '';
echo "\t" . '<span id="logged-in-accesslevel" class="' . $t_access_level . '">' . $t_access_level . '</span>' . "\n";
echo "\t" . '</span>' . "\n";
}
echo '</div>' . "\n";
# RSS feed
if (OFF != config_get('rss_enabled')) {
echo '<div id="rss-feed">' . "\n";
# Link to RSS issues feed for the selected project, including authentication details.
echo "\t" . '<a href="' . htmlspecialchars(rss_get_issues_feed_url()) . '">' . "\n";
echo "\t" . '<img src="' . helper_mantis_url('images/rss.png') . '" alt="' . lang_get('rss') . '" title="' . lang_get('rss') . '" />' . "\n";
echo "\t" . '</a>' . "\n";
echo '</div>' . "\n";
}
# Project Selector (hidden if only one project visisble to user)
$t_show_project_selector = true;
$t_project_ids = current_user_get_accessible_projects();
if (count($t_project_ids) == 1) {
$t_project_id = (int) $t_project_ids[0];
if (count(current_user_get_accessible_subprojects($t_project_id)) == 0) {
$t_show_project_selector = false;
}
}
if ($t_show_project_selector) {
echo '<div id="project-selector-div">';
echo '<form method="post" id="form-set-project" action="' . helper_mantis_url('set_project.php') . '">';
echo '<fieldset id="project-selector">';
# CSRF protection not required here - form does not result in modifications
echo '<label for="form-set-project-id">' . lang_get('email_project') . '</label>';
echo '<select id="form-set-project-id" name="project_id">';
print_project_option_list(join(';', helper_get_current_project_trace()), true, null, true);
echo '</select> ';
echo '<input type="submit" class="button" value="' . lang_get('switch') . '" />';
echo '</fieldset>';
echo '</form>';
echo '</div>';
} else {
# User has only one project, set it as both current and default
if (ALL_PROJECTS == helper_get_current_project()) {
helper_set_current_project($t_project_id);
if (!current_user_is_protected()) {
current_user_set_default_project($t_project_id);
}
# Force reload of current page, except if we got here after
# creating the first project
$t_redirect_url = str_replace(config_get('short_path'), '', $_SERVER['REQUEST_URI']);
if ('manage_proj_create.php' != $t_redirect_url) {
html_meta_redirect($t_redirect_url, 0, false);
}
}
}
# Current time
echo '<div id="current-time">' . $t_now . '</div>';
}
<?php
if (!is_blank($f_return)) {
?>
<input type="hidden" name="return" value="<?php
echo string_html_specialchars($f_return);
?>
" />
<?php
}
echo lang_get('login_title');
?>
</td>
<td class="right">
<?php
if (ON == config_get('allow_anonymous_login')) {
print_bracket_link('login_anon.php?return=' . string_url($f_return), lang_get('login_anonymously'));
}
?>
</td>
</tr>
<tr class="row-1">
<td class="category">
<?php
echo lang_get('username');
?>
</td>
<td>
<input type="text" name="username" size="32" maxlength="<?php
echo DB_FIELD_SIZE_USERNAME;
?>
" value="<?php
require_once 'core.php';
require_api('authentication_api.php');
require_api('constant_inc.php');
require_api('current_user_api.php');
require_api('gpc_api.php');
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('string_api.php');
auth_ensure_user_authenticated();
$f_ref = string_sanitize_url(gpc_get_string('ref', ''));
if (count(current_user_get_accessible_projects()) == 1) {
$t_project_ids = current_user_get_accessible_projects();
$t_project_id = (int) $t_project_ids[0];
if (count(current_user_get_accessible_subprojects($t_project_id)) == 0) {
$t_ref_urlencoded = string_url($f_ref);
print_header_redirect("set_project.php?project_id={$t_project_id}&ref={$t_ref_urlencoded}", true);
/* print_header_redirect terminates script execution */
}
}
html_page_top(lang_get('select_project_button'));
?>
<!-- Project Select Form BEGIN -->
<div id="select-project-div" class="form-container">
<form id="select-project-form" method="post" action="set_project.php">
<?php
# CSRF protection not required here - form does not result in modifications
?>
<fieldset>
<legend><span><?php
/**
* (11) Print the user's account information
* Also print the select box where users can switch projects
* @return null
*/
function html_login_info()
{
$t_username = current_user_get_field('username');
$t_access_level = get_enum_element('access_levels', current_user_get_access_level());
$t_now = date(config_get('complete_date_format'));
$t_realname = current_user_get_field('realname');
echo '<div id="login-info">';
if (current_user_is_anonymous()) {
$t_return_page = $_SERVER['SCRIPT_NAME'];
if (isset($_SERVER['QUERY_STRING'])) {
$t_return_page .= '?' . $_SERVER['QUERY_STRING'];
}
$t_return_page = string_url($t_return_page);
echo '<span id="logged-anon-label">' . lang_get('anonymous') . '</span>';
echo '<span id="login-link"><a href="' . helper_mantis_url('login_page.php?return=' . $t_return_page) . '">' . lang_get('login_link') . '</a></span>';
if (config_get_global('allow_signup') == ON) {
echo '<span id="signup-link"><a href="' . helper_mantis_url('signup_page.php') . '">' . lang_get('signup_link') . '</a></span>';
}
} else {
echo '<span id="logged-in-label">' . lang_get('logged_in_as') . '</span>';
echo '<span id="logged-in-user">' . string_html_specialchars($t_username) . '</span>';
echo '<span id="logged-in">';
echo !is_blank($t_realname) ? '<span id="logged-in-realname">' . string_html_specialchars($t_realname) . '</span>' : '';
echo '<span id="logged-in-accesslevel" class="' . $t_access_level . '">' . $t_access_level . '</span>';
echo '</span>';
}
echo '</div>';
$t_show_project_selector = true;
if (count(current_user_get_accessible_projects()) == 1) {
// >1
$t_project_ids = current_user_get_accessible_projects();
$t_project_id = (int) $t_project_ids[0];
if (count(current_user_get_accessible_subprojects($t_project_id)) == 0) {
$t_show_project_selector = false;
}
}
if (OFF != config_get('rss_enabled')) {
echo '<div id="rss-feed">';
# Link to RSS issues feed for the selected project, including authentication details.
echo '<a href="' . htmlspecialchars(rss_get_issues_feed_url()) . '">';
echo '<img src="' . helper_mantis_url('images/rss.png') . '" alt="' . lang_get('rss') . '" title="' . lang_get('rss') . '" />';
echo '</a>';
echo '</div>';
}
if ($t_show_project_selector) {
echo '<form method="post" id="form-set-project" action="' . helper_mantis_url('set_project.php') . '">';
echo '<fieldset id="project-selector">';
# CSRF protection not required here - form does not result in modifications
echo '<label for="form-set-project-id">' . lang_get('email_project') . '</label>';
echo '<select id="form-set-project-id" name="project_id">';
print_project_option_list(join(';', helper_get_current_project_trace()), true, null, true);
echo '</select> ';
echo '<input type="submit" class="button" value="' . lang_get('switch') . '" />';
echo '</fieldset>';
echo '</form>';
echo '<div id="current-time">' . $t_now . '</div>';
} else {
echo '<div id="current-time-centered">' . $t_now . '</div>';
}
}
function get_email_link_with_subject($p_email, $p_text, $p_summary)
{
if (!access_has_project_level(config_get('show_user_email_threshold'))) {
return $p_text;
}
# If we apply string_url() to the whole mailto: link then the @
# gets turned into a %40 and you can't right click in browsers to
# do Copy Email Address. If we don't apply string_url() to the
# summary text then an ampersand (for example) will truncate the text
$t_summary = string_url($p_summary);
$t_email = string_url($p_email);
$t_mailto = string_attribute("mailto:{$t_email}?subject={$t_summary}");
$t_text = string_display($p_text);
return "<a href=\"{$t_mailto}\">{$t_text}</a>";
}
function html_login_info()
{
$t_username = current_user_get_field('username');
$t_access_level = get_enum_element('access_levels', current_user_get_access_level());
$t_now = date(config_get('complete_date_format'));
$t_realname = current_user_get_field('realname');
print '<table class="hide">';
print '<tr>';
print '<td class="login-info-left">';
if (current_user_is_anonymous()) {
if (!php_version_at_least('4.1.0')) {
global $_SERVER;
}
$t_return_page = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$t_return_page .= '?' . $_SERVER['QUERY_STRING'];
}
$t_return_page = string_url($t_return_page);
print lang_get('anonymous') . ' | <a href="login_page.php?return=' . $t_return_page . '">' . lang_get('login_link') . '</a>';
if (config_get('allow_signup') == ON) {
print ' | <a href="signup_page.php">' . lang_get('signup_link') . '</a>';
}
} else {
echo lang_get('logged_in_as'), ": <span class=\"italic\">", string_display($t_username), "</span> <span class=\"small\">";
echo is_blank($t_realname) ? "({$t_access_level})" : "(", string_display($t_realname), " - {$t_access_level})";
echo "</span>";
}
print '</td>';
print '<td class="login-info-middle">';
print "<span class=\"italic\">{$t_now}</span>";
print '</td>';
print '<td class="login-info-right">';
print '<form method="post" name="form_set_project" action="set_project.php">';
echo lang_get('email_project'), ': ';
if (ON == config_get('use_javascript')) {
print '<select name="project_id" class="small" onchange="document.forms.form_set_project.submit();">';
} else {
print '<select name="project_id" class="small">';
}
print_project_option_list(join(';', helper_get_current_project_trace()), true, null, true);
print '</select> ';
print '<input type="submit" class="button-small" value="' . lang_get('switch') . '" />';
print '</form>';
print '</td>';
print '</tr>';
print '</table>';
}
