/**
* prepares the name of the user given the id. also makes it an email link.
* @param int $p_user_id
* @return string
*/
function prepare_user_name($p_user_id)
{
# Catch a user_id of NO_USER (like when a handler hasn't been assigned)
if (NO_USER == $p_user_id) {
return '';
}
$t_username = user_get_name($p_user_id);
if (user_exists($p_user_id) && user_get_field($p_user_id, 'enabled')) {
$t_username = string_display_line($t_username);
// WK/BFE: Original-Zeile auskommentiert: , LB/BFE 2015
// return '<a href="' . string_sanitize_url( 'view_user_page.php?id=' . $p_user_id, true ) . '">' . $t_username . '</a>';
// ersetzt durch: (Link auf view_user_page nur wenn globale Rolle mindestens $g_manage_user_threshold
if (user_is_administrator(auth_get_current_user_id())) {
return '<a href="' . string_sanitize_url('view_user_page.php?id=' . $p_user_id, true) . '">' . $t_username . '</a>';
} else {
return $t_username;
}
// WK/BFE: Ende der Modifikation
} else {
$t_result = '<font STYLE="text-decoration: line-through">';
$t_result .= string_display_line($t_username);
$t_result .= '</font>';
return $t_result;
}
}
function displayResultsCore($query, $fields)
{
$result = db_query_bound($query);
$nbRows = 0;
while ($row = db_fetch_array($result)) {
$nbRows++;
$t_bug = bug_get($row['id']);
print "<tr> \n";
print '<td><a href="' . string_get_bug_view_url($row['id']) . '">' . bug_format_id($row['id']) . '</a></td>';
//print "<td> ".string_get_bug_view_url( ))." </td>\n";
print "<td> " . string_display_line(get_enum_element('status', $t_bug->status)) . " </td>\n";
print "<td> " . category_get_row($t_bug->category_id)['name'] . " </td>\n";
print "<td> " . $t_bug->summary . " </td>\n";
print "<td> " . user_get_field($t_bug->reporter_id, 'username') . " </td>\n";
if ($t_bug->handler_id != null) {
print "<td> " . user_get_field($t_bug->handler_id, 'username') . " </td>\n";
}
if (sizeof($fields) > 0) {
for ($i = 0; $i < sizeof($fields); $i++) {
print "<td> " . $row[$fields[$i]] . " </td>\n";
}
}
print "</tr>\n";
}
return $nbRows;
}
/**
* Get username, realname and email from for a given user id
* @param integer $p_user_id A valid user identifier.
* @return array
*/
function mci_account_get_array_by_id($p_user_id)
{
$t_result = array();
$t_result['id'] = $p_user_id;
if (user_exists($p_user_id)) {
$t_current_user_id = auth_get_current_user_id();
$t_access_level = user_get_field($t_current_user_id, 'access_level');
$t_can_manage = access_has_global_level(config_get('manage_user_threshold')) && access_has_global_level($t_access_level);
# this deviates from the behaviour of view_user_page.php, but it is more intuitive
$t_is_same_user = $t_current_user_id === $p_user_id;
$t_can_see_realname = access_has_project_level(config_get('show_user_realname_threshold'));
$t_can_see_email = access_has_project_level(config_get('show_user_email_threshold'));
$t_result['name'] = user_get_field($p_user_id, 'username');
if ($t_is_same_user || $t_can_manage || $t_can_see_realname) {
$t_realname = user_get_realname($p_user_id);
if (!empty($t_realname)) {
$t_result['real_name'] = $t_realname;
}
}
if ($t_is_same_user || $t_can_manage || $t_can_see_email) {
$t_email = user_get_email($p_user_id);
if (!empty($t_email)) {
$t_result['email'] = $t_email;
}
}
}
return $t_result;
}
/**
* Calculates a key to be used for RSS authentication based on user name, cookie and password.
* if the user changes his user name or password, then the key becomes invalid.
* @param int $p_user_id
* @return string
*/
function rss_calculate_key($p_user_id = null)
{
if ($p_user_id === null) {
$t_user_id = auth_get_current_user_id();
} else {
$t_user_id = $p_user_id;
}
$t_seed = config_get_global('rss_key_seed');
$t_username = user_get_field($t_user_id, 'username');
$t_password = user_get_field($t_user_id, 'password');
$t_cookie = user_get_field($t_user_id, 'cookie_string');
return md5($t_seed . $t_username . $t_cookie . $t_password);
}
function email_group_reminder($p_user_id, $issues)
{
$t_username = user_get_field($p_user_id, 'username');
$t_email = user_get_email($p_user_id);
$t_message = $issues;
$t_subject = config_get('plugin_Reminder_reminder_subject');
if (!is_blank($t_email)) {
email_store($t_email, $t_subject, $t_message);
if (OFF == config_get('email_send_using_cronjob')) {
email_send_all();
}
}
}
/**
* prepares the name of the user given the id. also makes it an email link.
* @param int $p_user_id
* @return string
*/
function prepare_user_name( $p_user_id ) {
# Catch a user_id of NO_USER (like when a handler hasn't been assigned)
if( NO_USER == $p_user_id ) {
return '';
}
$t_username = user_get_name( $p_user_id );
$t_username = string_display_line( $t_username );
if( user_exists( $p_user_id ) && user_get_field( $p_user_id, 'enabled' ) ) {
return '<a class="user" href="' . string_sanitize_url( 'view_user_page.php?id=' . $p_user_id, true ) . '">' . $t_username . '</a>';
} else {
return '<del class="user">' . $t_username . '</del>';
}
}
/**
* Calculates a key to be used for RSS authentication based on user name,
* cookie and password. If the user changes their user name or password, this
* RSS authentication key will become invalidated.
* @param integer $p_user_id User ID for the user which the key is being calculated for.
* @return string RSS authentication key (384bit) encoded according to the base64 with URI safe alphabet approach described in RFC4648.
*/
function rss_calculate_key($p_user_id = null)
{
if ($p_user_id === null) {
$t_user_id = auth_get_current_user_id();
} else {
$t_user_id = $p_user_id;
}
$t_username = user_get_field($t_user_id, 'username');
$t_password = user_get_field($t_user_id, 'password');
$t_cookie = user_get_field($t_user_id, 'cookie_string');
$t_key_raw = hash('whirlpool', 'rss_key' . config_get_global('crypto_master_salt') . $t_username . $t_password . $t_cookie, true);
# Note: We truncate the last 8 bits from the hash output so that base64
# encoding can be performed without any trailing padding.
$t_key_base64_encoded = base64_encode(substr($t_key_raw, 0, 63));
$t_key = strtr($t_key_base64_encoded, '+/', '-_');
return $t_key;
}
/**
* prepares the name of the user given the id. also makes it an email link.
* @param int $p_user_id
* @return string
*/
function prepare_user_name($p_user_id)
{
# Catch a user_id of NO_USER (like when a handler hasn't been assigned)
if (NO_USER == $p_user_id) {
return '';
}
$t_username = user_get_name($p_user_id);
if (user_exists($p_user_id) && user_get_field($p_user_id, 'enabled')) {
$t_username = string_display_line($t_username);
return '<a href="' . string_sanitize_url('view_user_page.php?id=' . $p_user_id, true) . '">' . $t_username . '</a>';
} else {
$t_result = '<font STYLE="text-decoration: line-through">';
$t_result .= string_display_line($t_username);
$t_result .= '</font>';
return $t_result;
}
}
/**
* Get username, realname and email from for a given user id
* @param integer $p_user_id A valid user identifier.
* @return array
*/
function mci_account_get_array_by_id($p_user_id)
{
$t_result = array();
$t_result['id'] = $p_user_id;
if (user_exists($p_user_id)) {
$t_result['name'] = user_get_field($p_user_id, 'username');
$t_dummy = user_get_field($p_user_id, 'realname');
if (!empty($t_dummy)) {
$t_result['real_name'] = $t_dummy;
}
$t_dummy = user_get_field($p_user_id, 'email');
if (!empty($t_dummy)) {
$t_result['email'] = $t_dummy;
}
}
return $t_result;
}
function addExtraBugData($bug)
{
$bug["project_name"] = project_get_name($bug["project_id"]);
if ($bug["reporter_id"] != "") {
$bug["reporter_name"] = user_get_field($bug["reporter_id"], 'username');
}
$bug["severity_name"] = get_enum_element('severity', $bug["severity"]);
$bug["priority_name"] = get_enum_element('priority', $bug["priority"]);
$bug["status_name"] = get_enum_element('status', $bug["status"]);
$bug["reproducibility_name"] = get_enum_element('reproducibility', $bug["reproducibility"]);
if ($bug["handler_id"] == "") {
$bug["handler_name"] = user_get_field($bug["handler_id"], 'username');
}
$bug["projection_name"] = get_enum_element('projection', $bug["projection"]);
$bug["eta_name"] = get_enum_element('eta', $bug["eta"]);
$bug["resolution_name"] = get_enum_element('resolution', $bug["resolution"]);
$bug["description"] = bug_get_text_field($bug["id"], 'description');
return $bug;
}
function prepare_user_name($p_user_id)
{
# Catch a user_id of NO_USER (like when a handler hasn't been assigned)
if (NO_USER == $p_user_id) {
return '';
}
$t_username = user_get_name($p_user_id);
if (user_exists($p_user_id) && user_get_field($p_user_id, 'enabled')) {
$t_email = user_get_email($p_user_id);
if (!is_blank($t_email)) {
return prepare_email_link($t_email, $t_username);
} else {
return string_display($t_username);
}
} else {
$t_result = '<font STYLE="text-decoration: line-through">';
$t_result .= string_display($t_username);
$t_result .= '</font>';
return $t_result;
}
}
/**
* Reset the user's password
* Take into account the 'send_reset_password' setting
* - if it is ON, generate a random password and send an email
* (unless the second parameter is false)
* - if it is OFF, set the password to blank
* Return false if the user is protected, true if the password was
* successfully reset
*
* @param integer $p_user_id A valid user identifier.
* @param boolean $p_send_email Whether to send confirmation email.
* @return boolean
*/
function user_reset_password($p_user_id, $p_send_email = true)
{
$t_protected = user_get_field($p_user_id, 'protected');
# Go with random password and email it to the user
if (ON == $t_protected) {
return false;
}
# @@@ do we want to force blank password instead of random if
# email notifications are turned off?
# How would we indicate that we had done this with a return value?
# Should we just have two functions? (user_reset_password_random()
# and user_reset_password() )?
if (ON == config_get('send_reset_password') && ON == config_get('enable_email_notification')) {
$t_email = user_get_field($p_user_id, 'email');
if (is_blank($t_email)) {
trigger_error(ERROR_LOST_PASSWORD_NO_EMAIL_SPECIFIED, ERROR);
}
# Create random password
$t_password = auth_generate_random_password();
$t_password2 = auth_process_plain_password($t_password);
user_set_field($p_user_id, 'password', $t_password2);
# Send notification email
if ($p_send_email) {
$t_confirm_hash = auth_generate_confirm_hash($p_user_id);
email_send_confirm_hash_url($p_user_id, $t_confirm_hash);
}
} else {
# use blank password, no emailing
$t_password = auth_process_plain_password('');
user_set_field($p_user_id, 'password', $t_password);
# reset the failed login count because in this mode there is no emailing
user_reset_failed_login_count_to_zero($p_user_id);
}
return true;
}
/**
* Returns the specified field of the currently logged in user
*
* @param field_name Name of user property as in the table definition.
* @return Get the value of the specified field for current user.
* @access public
*/
function current_user_get_field($p_field_name)
{
return user_get_field(auth_get_current_user_id(), $p_field_name);
}
return; } $t_anonymous_user_id = user_get_id_by_name( $t_anonymous_account ); check_print_test_row( 'anonymous_account is a valid user account', $t_anonymous_user_id !== false, array( false => 'You need to specify a valid user account to use with the anonymous_account configuration options.' ) ); check_print_test_row( 'anonymous_account user has the enabled flag set', user_is_enabled( $t_anonymous_user_id ), array( false => 'The anonymous user account must be enabled before it can be used.' ) ); check_print_test_row( 'anonymous_account user has the protected flag set', user_get_field( $t_anonymous_user_id, 'protected' ), array( false => 'The anonymous user account needs to have the protected flag set to prevent anonymous users modifying the account.' ) ); check_print_test_row( 'anonymous_account user does not have administrator permissions', !user_is_administrator( $t_anonymous_user_id ), array( true => 'The anonymous user account currently has an access level of: ' . htmlentities( get_enum_element( 'access_levels', user_get_access_level( $t_anonymous_user_id ) ) ), false => 'The anonymous user account should not have administrator level permissions.' ) );
$t_bug = $t_issues[$i];
$about = $link = $t_path . "view.php?id=" . $t_bug->id;
$title = bug_format_id($t_bug->id) . ': ' . $t_bug->summary;
if ($t_bug->view_state == VS_PRIVATE) {
$title .= ' [' . lang_get('private') . ']';
}
$description = string_rss_links($t_bug->description);
# subject is category.
$subject = category_full_name($t_bug->category_id, false);
# optional DC value
$date = $t_bug->last_updated;
# author of item
$author = '';
if (access_has_global_level(config_get('show_user_email_threshold'))) {
$t_author_name = user_get_name($t_bug->reporter_id);
$t_author_email = user_get_field($t_bug->reporter_id, 'email');
if (!is_blank($t_author_email)) {
if (!is_blank($t_author_name)) {
$author = $t_author_name . ' <' . $t_author_email . '>';
} else {
$author = $t_author_email;
}
}
}
# $comments = 'http://www.example.com/sometext.php?somevariable=somevalue&comments=1'; # url to comment page rss 2.0 value
$comments = $t_path . 'view.php?id=' . $t_bug->id . '#bugnotes';
# optional mod_im value for dispaying a different pic for every item
$image = '';
$rssfile->addRSSItem($about, $title, $link, $description, $subject, $date, $author, $comments, $image);
}
/** @todo consider making this a configuration option - 0.91 / 1.0 / 2.0 */
user_ensure_name_valid($f_username);
user_ensure_realname_valid($f_realname);
user_ensure_realname_unique($f_username, $f_realname);
$f_email = email_append_domain($f_email);
email_ensure_valid($f_email);
$c_email = db_prepare_string($f_email);
$c_username = db_prepare_string($f_username);
$c_realname = db_prepare_string($f_realname);
$c_protected = db_prepare_bool($f_protected);
$c_enabled = db_prepare_bool($f_enabled);
$c_user_id = db_prepare_int($f_user_id);
$c_access_level = db_prepare_int($f_access_level);
$t_user_table = config_get('mantis_user_table');
$t_old_protected = user_get_field($f_user_id, 'protected');
# check that we are not downgrading the last administrator
$t_old_access = user_get_field($f_user_id, 'access_level');
if (ADMINISTRATOR == $t_old_access && $t_old_access != $f_access_level && 1 >= user_count_level(ADMINISTRATOR)) {
trigger_error(ERROR_USER_CHANGE_LAST_ADMIN, ERROR);
}
# Project specific access rights override global levels, hence, for users who are changed
# to be administrators, we have to remove project specific rights.
if ($c_access_level >= ADMINISTRATOR && !user_is_administrator($c_user_id)) {
user_delete_project_specific_access_levels($c_user_id);
}
# if the user is already protected and the admin is not removing the
# protected flag then don't update the access level and enabled flag.
# If the user was unprotected or the protected flag is being turned off
# then proceed with a full update.
if ($f_protected && $t_old_protected) {
$query = "UPDATE {$t_user_table}\n\t \t\tSET username='******', email='{$c_email}',\n\t \t\t\tprotected='{$c_protected}', realname='{$c_realname}'\n\t \t\tWHERE id='{$c_user_id}'";
} else {
/**
* Send confirm_hash url to user forgets the password
* @param int $p_user_id
* @param string $p_confirm_hash
* @return null
*/
function email_send_confirm_hash_url($p_user_id, $p_confirm_hash)
{
if (OFF == config_get('send_reset_password') || OFF == config_get('enable_email_notification')) {
return;
}
lang_push(user_pref_get_language($p_user_id));
# retrieve the username and email
$t_username = user_get_field($p_user_id, 'username');
$t_email = user_get_email($p_user_id);
$t_subject = '[' . config_get('window_title') . '] ' . lang_get('lost_password_subject');
$t_message = lang_get('reset_request_msg') . " \n\n" . string_get_confirm_hash_url($p_user_id, $p_confirm_hash) . " \n\n" . lang_get('new_account_username') . ' ' . $t_username . " \n" . lang_get('new_account_IP') . ' ' . $_SERVER["REMOTE_ADDR"] . " \n\n" . lang_get('new_account_do_not_reply');
# Send password reset regardless of mail notification prefs
# or else users won't be able to receive their reset pws
if (!is_blank($t_email)) {
email_store($t_email, $t_subject, $t_message);
log_event(LOG_EMAIL, sprintf('Password reset for email = %s', $t_email));
if (OFF == config_get('email_send_using_cronjob')) {
email_send_all();
}
}
lang_pop();
}
/**
* Print the reporter field
* @return void
*/
function print_filter_reporter_id()
{
global $g_select_modifier, $g_filter;
?>
<select<?php
echo $g_select_modifier;
?>
name="<?php
echo FILTER_PROPERTY_REPORTER_ID;
?>
[]">
<?php
# if current user is a reporter, and limited reports set to ON, only display that name
# @@@ thraxisp - access_has_project_level checks greater than or equal to,
# this assumed that there aren't any holes above REPORTER where the limit would apply
#
if (ON === config_get('limit_reporters') && !access_has_project_level(config_get('report_bug_threshold') + 1)) {
$t_id = auth_get_current_user_id();
$t_username = user_get_field($t_id, 'username');
$t_realname = user_get_field($t_id, 'realname');
$t_display_name = string_attribute($t_username);
if (isset($t_realname) && $t_realname > '' && ON == config_get('show_realname')) {
$t_display_name = string_attribute($t_realname);
}
echo '<option value="' . $t_id . '" selected="selected">' . $t_display_name . '</option>';
} else {
?>
<option value="<?php
echo META_FILTER_ANY;
?>
"<?php
check_selected($g_filter[FILTER_PROPERTY_REPORTER_ID], META_FILTER_ANY);
?>
>[<?php
echo lang_get('any');
?>
]</option>
<?php
if (access_has_project_level(config_get('report_bug_threshold'))) {
echo '<option value="' . META_FILTER_MYSELF . '" ';
check_selected($g_filter[FILTER_PROPERTY_REPORTER_ID], META_FILTER_MYSELF);
echo '>[' . lang_get('myself') . ']</option>';
}
print_reporter_option_list($g_filter[FILTER_PROPERTY_REPORTER_ID]);
}
?>
</select>
<?php
}
function ldap_authenticate($p_user_id, $p_password)
{
# if password is empty and ldap allows anonymous login, then
# the user will be able to login, hence, we need to check
# for this special case.
if (is_blank($p_password)) {
return false;
}
$t_ldap_organization = config_get('ldap_organization');
$t_ldap_root_dn = config_get('ldap_root_dn');
$t_username = user_get_field($p_user_id, 'username');
$t_ldap_uid_field = config_get('ldap_uid_field', 'uid');
$t_search_filter = "(&{$t_ldap_organization}({$t_ldap_uid_field}={$t_username}))";
$t_search_attrs = array($t_ldap_uid_field, 'dn');
$t_ds = ldap_connect_bind();
# Search for the user id
$t_sr = ldap_search($t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs);
$t_info = ldap_get_entries($t_ds, $t_sr);
$t_authenticated = false;
if ($t_info) {
# Try to authenticate to each until we get a match
for ($i = 0; $i < $t_info['count']; $i++) {
$t_dn = $t_info[$i]['dn'];
# Attempt to bind with the DN and password
if (@ldap_bind($t_ds, $t_dn, $p_password)) {
$t_authenticated = true;
break;
# Don't need to go any further
}
}
}
ldap_free_result($t_sr);
ldap_unbind($t_ds);
return $t_authenticated;
}
* @link http://www.mantisbt.org
*
* @uses check_api.php
* @uses config_api.php
* @uses user_api.php
*/
if (!defined('CHECK_ANONYMOUS_INC_ALLOW')) {
return;
}
/**
* MantisBT Check API
*/
require_once 'check_api.php';
require_api('config_api.php');
require_api('user_api.php');
check_print_section_header_row('Anonymous access');
$t_anonymous_access_enabled = config_get_global('allow_anonymous_login');
check_print_info_row('Anonymous access is enabled', $t_anonymous_access_enabled ? 'Yes' : 'No');
if (!$t_anonymous_access_enabled) {
return;
}
$t_anonymous_account = config_get_global('anonymous_account');
check_print_test_row('anonymous_account configuration option is specified', $t_anonymous_account !== '', array(true => 'The account currently being used for anonymous access is: ' . htmlentities($t_anonymous_account), false => 'The anonymous_account configuration option must specify the username of an account to use for anonymous logins.'));
if ($t_anonymous_account === '') {
return;
}
$t_anonymous_user_id = user_get_id_by_name($t_anonymous_account);
check_print_test_row('anonymous_account is a valid user account', $t_anonymous_user_id !== false, array(false => 'You need to specify a valid user account to use with the anonymous_account configuration options.'));
check_print_test_row('anonymous_account user has the enabled flag set', user_is_enabled($t_anonymous_user_id), array(false => 'The anonymous user account must be enabled before it can be used.'));
check_print_test_row('anonymous_account user has the protected flag set', user_get_field($t_anonymous_user_id, 'protected'), array(false => 'The anonymous user account needs to have the protected flag set to prevent anonymous users modifying the account.'));
check_print_test_row('anonymous_account user does not have administrator permissions', !user_is_administrator($t_anonymous_user_id), array(true => 'The anonymous user account currently has an access level of: ' . htmlentities(get_enum_element('access_levels', user_get_access_level($t_anonymous_user_id))), false => 'The anonymous user account should not have administrator level permissions.'));
/**
* Check for authentication tokens, and display re-authentication page if needed.
* Currently, if using BASIC or HTTP authentication methods, or if logged in anonymously,
* this function will always "authenticate" the user (do nothing).
*
* @return bool
* @access public
*/
function auth_reauthenticate()
{
if (config_get_global('reauthentication') == OFF || BASIC_AUTH == config_get('login_method') || HTTP_AUTH == config_get('login_method')) {
return true;
}
$t_auth_token = token_get(TOKEN_AUTHENTICATED);
if (null != $t_auth_token) {
token_touch($t_auth_token['id'], config_get_global('reauthentication_expiry'));
return true;
} else {
$t_anon_account = config_get('anonymous_account');
$t_anon_allowed = config_get('allow_anonymous_login');
$t_user_id = auth_get_current_user_id();
$t_username = user_get_field($t_user_id, 'username');
# check for anonymous login
if (ON == $t_anon_allowed && $t_anon_account == $t_username) {
return true;
}
return auth_reauthenticate_page($t_user_id, $t_username);
}
}
continue;
}
$v_headline = string_rss_links($v_headline);
$v_body = string_rss_links($v_body);
$v_date_posted = date('Y-m-d\\TH:i:sO', $v_date_posted);
$about = $link = config_get('path') . "news_view_page.php?news_id={$v_id}";
$title = $v_headline;
$description = $v_body;
# optional DC value
$subject = $title;
# optional DC value
$date = $v_date_posted;
# author of item
$author = string_rss_links(user_get_name($v_poster_id));
if (access_has_global_level(config_get('show_user_email_threshold'))) {
$t_author_email = user_get_field($v_poster_id, 'email');
if (is_blank($t_author_email)) {
$t_author_email = $author . '@example.com';
}
} else {
$t_author_email = $author . '@example.com';
}
$author .= ' <' . $t_author_email . '>';
# $comments = 'http://www.example.com/sometext.php?somevariable=somevalue&comments=1'; # url to comment page rss 2.0 value
$comments = '';
# optional mod_im value for dispaying a different pic for every item
$image = '';
$rssfile->addItem($about, $title, $link, $description, $subject, $date, $author, $comments, $image);
}
# @@@ consider making this a configuration option.
# 0.91 / 1.0 / 2.0
?>
</td>
</tr>
<?php
}
test_bug_download_threshold();
test_bug_attachments_allow_flags();
print_test_row('check mail configuration: send_reset_password = ON requires allow_blank_email = OFF', OFF == config_get_global('send_reset_password') || OFF == config_get_global('allow_blank_email'));
print_test_row('check mail configuration: send_reset_password = ON requires enable_email_notification = ON', OFF == config_get_global('send_reset_password') || ON == config_get_global('enable_email_notification'));
print_test_row('check mail configuration: allow_signup = ON requires enable_email_notification = ON', OFF == config_get_global('allow_signup') || ON == config_get_global('enable_email_notification'));
print_test_row('check mail configuration: allow_signup = ON requires send_reset_password = ON', OFF == config_get_global('allow_signup') || ON == config_get_global('send_reset_password'));
print_test_row('check language configuration: fallback_language is not \'auto\'', 'auto' != config_get_global('fallback_language'));
print_test_row('check configuration: allow_anonymous_login = ON requires anonymous_account to be set', OFF == config_get_global('allow_anonymous_login') || strlen(config_get_global('anonymous_account')) > 0);
$t_anon_user = false;
print_test_row('check configuration: anonymous_account is a valid username if set', strlen(config_get_global('anonymous_account')) > 0 ? ($t_anon_user = user_get_id_by_name(config_get_global('anonymous_account'))) !== false : TRUE);
print_test_row('check configuration: anonymous_account should not be an administrator', $t_anon_user ? !access_compare_level(user_get_field($t_anon_user, 'access_level'), ADMINISTRATOR) : TRUE);
print_test_row('$g_bug_link_tag is not empty ("' . config_get_global('bug_link_tag') . '")', '' != config_get_global('bug_link_tag'));
print_test_row('$g_bugnote_link_tag is not empty ("' . config_get_global('bugnote_link_tag') . '")', '' != config_get_global('bugnote_link_tag'));
print_test_row('filters: dhtml_filters = ON requires use_javascript = ON', OFF == config_get_global('dhtml_filters') || ON == config_get_global('use_javascript'));
?>
</table>
<!-- register_globals check -->
<?php
if (ini_get_bool('register_globals')) {
?>
<br />
<table width="100%" bgcolor="#222222" border="0" cellpadding="20" cellspacing="1">
<tr>
<td bgcolor="#ffcc22">
$t_realname_updated = false;
/** @todo Listing what fields were updated is not standard behaviour of MantisBT - it also complicates the code. */
if (OFF == config_get('use_ldap_email')) {
$f_email = email_append_domain($f_email);
email_ensure_valid($f_email);
email_ensure_not_disposable($f_email);
if ($f_email != user_get_email($t_user_id)) {
user_set_email($t_user_id, $f_email);
$t_email_updated = true;
}
}
# strip extra spaces from real name
$t_realname = string_normalize($f_realname);
if ($t_realname != user_get_field($t_user_id, 'realname')) {
# checks for problems with realnames
$t_username = user_get_field($t_user_id, 'username');
user_ensure_realname_unique($t_username, $t_realname);
user_set_realname($t_user_id, $t_realname);
$t_realname_updated = true;
}
# Update password if the two match and are not empty
if (!is_blank($f_password)) {
if ($f_password != $f_password_confirm) {
trigger_error(ERROR_USER_CREATE_PASSWORD_MISMATCH, ERROR);
} else {
if (!auth_does_password_match($t_user_id, $f_password)) {
user_set_password($t_user_id, $f_password);
$t_password_updated = true;
}
}
}
$f_user_id = gpc_get_string('id');
$f_confirm_hash = gpc_get_string('confirm_hash');
# force logout on the current user if already authenticated
if( auth_is_user_authenticated() ) {
auth_logout();
# reload the page after logout
print_header_redirect( "verify.php?id=$f_user_id&confirm_hash=$f_confirm_hash" );
}
$t_calculated_confirm_hash = auth_generate_confirm_hash( $f_user_id );
if ( $f_confirm_hash != $t_calculated_confirm_hash ) {
trigger_error( ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID, ERROR );
}
# set a temporary cookie so the login information is passed between pages.
auth_set_cookies( $f_user_id, false );
user_reset_failed_login_count_to_zero( $f_user_id );
user_reset_lost_password_in_progress_count_to_zero( $f_user_id );
# fake login so the user can set their password
auth_attempt_script_login( user_get_field( $f_user_id, 'username' ) );
user_increment_failed_login_count( $f_user_id );
include ( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'account_page.php' );
function print_user_with_subject($p_user_id, $p_bug_id)
{
$c_user_id = db_prepare_int($p_user_id);
if (NO_USER == $p_user_id) {
return;
}
$t_username = user_get_name($p_user_id);
if (user_exists($p_user_id) && user_get_field($p_user_id, 'enabled')) {
$t_email = user_get_email($p_user_id);
print_email_link_with_subject($t_email, $t_username, $p_bug_id);
} else {
echo '<span style="text-decoration: line-through">';
echo $t_username;
echo '</span>';
}
}
/**
* This function only checks the user's global access level, ignoring any
* overrides they might have at a project level
* @param int|null $p_user_id integer representing user id, defaults to null to use current user
* @return int global access level
* @access public
*/
function access_get_global_level($p_user_id = null)
{
if ($p_user_id === null) {
$p_user_id = auth_get_current_user_id();
}
# Deal with not logged in silently in this case
# @@@ we may be able to remove this and just error
# and once we default to anon login, we can remove it for sure
if (empty($p_user_id) && !auth_is_user_authenticated()) {
return false;
}
return user_get_field($p_user_id, 'access_level');
}
private function get_user($p_parsed_from)
{
if ($this->_mail_use_reporter) {
// Always report as mail_reporter
$t_reporter_id = $this->_mail_reporter_id;
} else {
// Try to get the reporting users id
$t_reporter_id = $this->get_userid_from_email($p_parsed_from['email']);
if (!$t_reporter_id) {
if ($this->_mail_auto_signup) {
// So, we have to sign up a new user...
$t_new_reporter_name = $this->prepare_username($p_parsed_from);
if ($t_new_reporter_name !== FALSE && $this->validate_email_address($p_parsed_from['email'])) {
if (user_signup($t_new_reporter_name, $p_parsed_from['email'])) {
# notify the selected group a new user has signed-up
email_notify_new_account($t_new_reporter_name, $p_parsed_from['email']);
$t_reporter_id = user_get_id_by_email($p_parsed_from['email']);
$t_reporter_name = $t_new_reporter_name;
$t_realname = $this->prepare_realname($p_parsed_from, $t_reporter_name);
if ($t_realname !== FALSE) {
user_set_realname($t_reporter_id, $t_realname);
}
}
}
if (!$t_reporter_id) {
$this->custom_error('Failed to create user based on: ' . $p_parsed_from['From']);
}
}
}
if ((!$t_reporter_id || !user_is_enabled($t_reporter_id)) && $this->_mail_fallback_mail_reporter) {
// Fall back to the default mail_reporter
$t_reporter_id = $this->_mail_reporter_id;
}
}
if ($t_reporter_id && user_is_enabled($t_reporter_id)) {
if (!isset($t_reporter_name)) {
$t_reporter_name = user_get_field($t_reporter_id, 'username');
}
$t_authattemptresult = auth_attempt_script_login($t_reporter_name);
# last attempt for fallback
if ($t_authattemptresult === FALSE && $this->_mail_fallback_mail_reporter && $t_reporter_id != $this->_mail_reporter_id && user_is_enabled($this->_mail_reporter_id)) {
$t_reporter_id = $this->_mail_reporter_id;
$t_reporter_name = user_get_field($t_reporter_id, 'username');
$t_authattemptresult = auth_attempt_script_login($t_reporter_name);
}
if ($t_authattemptresult === TRUE) {
user_update_last_visit($t_reporter_id);
return (int) $t_reporter_id;
}
}
// Normally this function does not get here unless all else failed
$this->custom_error('Could not get a valid reporter. Email will be ignored');
return FALSE;
}
<textarea id="reminder" name="body" cols="85" rows="10"></textarea>
</span>
<span class="label-style"></span>
</div>
<span class="info-text">
<?php
echo lang_get('reminder_explain') . ' ';
if (ON == config_get('reminder_recipients_monitor_bug')) {
echo lang_get('reminder_monitor') . ' ';
}
if (ON == config_get('store_reminders')) {
echo lang_get('reminder_store');
}
if (mention_enabled()) {
echo '<br /><br />', sprintf(lang_get('reminder_mentions'), '<strong>' . mentions_tag() . user_get_field(auth_get_current_user_id(), 'username') . '</strong>');
}
?>
</span>
<span class="submit-button">
<input type="submit" class="button" value="<?php
echo lang_get('bug_send_button');
?>
" />
</span>
</fieldset>
</form>
</div>
/**
* Attempt to authenticate the user against the LDAP directory
* return true on successful authentication, false otherwise
* @param int $p_user_id
* @param string $p_password
* @return bool
*/
function ldap_authenticate($p_user_id, $p_password)
{
# if password is empty and ldap allows anonymous login, then
# the user will be able to login, hence, we need to check
# for this special case.
if (is_blank($p_password)) {
return false;
}
$t_username = user_get_field($p_user_id, 'username');
return ldap_authenticate_by_username($t_username, $p_password);
}
