/**
* prepares the name of the user given the id. also makes it an email link.
* @param int $p_user_id
* @return string
*/
function prepare_user_name($p_user_id)
{
# Catch a user_id of NO_USER (like when a handler hasn't been assigned)
if (NO_USER == $p_user_id) {
return '';
}
$t_username = user_get_name($p_user_id);
if (user_exists($p_user_id) && user_get_field($p_user_id, 'enabled')) {
$t_username = string_display_line($t_username);
// WK/BFE: Original-Zeile auskommentiert: , LB/BFE 2015
// return '<a href="' . string_sanitize_url( 'view_user_page.php?id=' . $p_user_id, true ) . '">' . $t_username . '</a>';
// ersetzt durch: (Link auf view_user_page nur wenn globale Rolle mindestens $g_manage_user_threshold
if (user_is_administrator(auth_get_current_user_id())) {
return '<a href="' . string_sanitize_url('view_user_page.php?id=' . $p_user_id, true) . '">' . $t_username . '</a>';
} else {
return $t_username;
}
// WK/BFE: Ende der Modifikation
} else {
$t_result = '<font STYLE="text-decoration: line-through">';
$t_result .= string_display_line($t_username);
$t_result .= '</font>';
return $t_result;
}
}
function user_delete($username_to_delete)
{
if (!$username_to_delete) {
redirect('/');
}
if (($username_to_delete == $_SERVER['USER'] || user_is_administrator()) && user_is_valid($_SERVER['USERINFO_ARRAY']['username'], $_SERVER['USERINFO_ARRAY']['userpass'])) {
$userdir = "{$_SERVER['PWUSERS_DIR']}/{$username_to_delete}";
exec("rm -fR {$userdir}", $delresults);
exec("grep -rli {$username_to_delete} {$_SERVER['PWUSERS_DIR']}/*/watchedlist.txt", $watchedlists);
foreach ($watchedlists as $watched) {
$data = file_get_contents($watched);
if (strstr($data, "!{$planowner}")) {
preg_match("|(!{$planowner}.*!)|", $data, $matches);
$remove = $matches[0];
} else {
$remove = "\n{$planowner}\n";
}
// remove whatever we found
$data = str_replace($remove, '', $data);
// break down multiple linebreaks so the list doesn't look weird in the edit view
$data = str_replace("\n\n", "\n", $data);
file_put_contents($watched, $data);
}
} else {
output("Error deleting {$username_to_delete}", "\n\t<div class='alert'>\n\tYou can't delete {$username_to_delete}. Talk to an\n\t<a href='mailto:help@planwatch.org'>admin</a>.\n\tClick <a href='{$_SERVER['WEB_ROOT']}/'>here</a> to go back to the main page.\n\t</div>\n\t");
}
if ($username_to_delete == $user) {
logout("{$username_to_delete} has been deleted.");
} else {
redirect('/');
}
}
/**
* @param $types
*/
function print_document_selection($types)
{
$project_id = gpc_get_int('project_id', helper_get_current_project());
$specmanagement_database_api = new specmanagement_database_api();
echo '<select name="version_id">';
foreach ($types as $type) {
$type_string = string_html_specialchars($type);
$type_id = $specmanagement_database_api->get_type_id($type);
$version_id_array = get_version_ids($type_id, $project_id);
foreach ($version_id_array as $version_id) {
$version_spec_project_id = version_get_field($version_id, 'project_id');
if (project_includes_user($version_spec_project_id, auth_get_current_user_id()) || user_is_administrator(auth_get_current_user_id())) {
$version_string = version_full_name($version_id);
echo '<option value="' . $version_id . '">';
echo $type_string . " - " . $version_string;
echo '</option>';
}
}
}
echo '</select>';
}
function menu()
{
if (plugin_config_get('show_menu')) {
require_once __DIR__ . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'wmApi.php';
$projectId = helper_get_current_project();
$userId = auth_get_current_user_id();
$userAccessLevel = user_get_access_level($userId, $projectId);
$whiteboardPlugins = wmApi::getWhiteboardPlugins();
$showMenu = false;
foreach ($whiteboardPlugins as $whiteboardPlugin) {
$pluginAccessLevel = $whiteboardPlugin[2];
if (user_is_administrator($userId) || $userAccessLevel >= $pluginAccessLevel) {
$showMenu = true;
break;
}
}
if ($showMenu) {
return '<a href="' . plugin_page('whiteboard_menu') . '">' . plugin_lang_get('menu_title') . '</a>';
}
}
return null;
}
function users_get_list()
{
$list = array();
if (user_is_administrator()) {
$list_fn = "{$_SERVER['FILE_ROOT']}/stats/userlist_all.txt";
} else {
$list_fn = "{$_SERVER['FILE_ROOT']}/stats/userlist_public.txt";
}
if (file_exists($list_fn) && @filemtime($list_fn) > time() - 3600 * 12) {
$list = @file($list_fn);
} else {
exec("ls -d {$_SERVER['PWUSERS_DIR']}/" . "*" . "/", $ulist);
foreach ($ulist as $listuser) {
parse_str(user_read_info(basename($listuser)), $tempuser);
if ($tempuser['rlpref'] == 1) {
$list[] = basename($listuser);
}
if (is_dir("{$_SERVER['PWUSERS_DIR']}/" . basename($listuser))) {
$list_all[] = basename($listuser);
}
}
file_put_contents("{$_SERVER['FILE_ROOT']}/stats/userlist.txt", implode("\n", $list));
file_put_contents("{$_SERVER['FILE_ROOT']}/stats/userlist_all.txt", implode("\n", $list_all));
if (user_is_administrator()) {
$list = $list_all;
}
}
return $list;
}
form_security_validate('manage_user_delete');
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_user_threshold' ) );
$f_user_id = gpc_get_int( 'user_id' );
$t_user = user_get_row( $f_user_id );
# Ensure that the account to be deleted is of equal or lower access to the
# current user.
access_ensure_global_level( $t_user['access_level'] );
# check that we are not deleting the last administrator account
$t_admin_threshold = config_get_global( 'admin_site_threshold' );
if ( user_is_administrator( $f_user_id ) &&
user_count_level( $t_admin_threshold ) <= 1 ) {
trigger_error( ERROR_USER_CHANGE_LAST_ADMIN, ERROR );
}
# If an administrator is trying to delete their own account, use
# account_delete.php instead as it is handles logging out and redirection
# of users who have just deleted their own accounts.
if ( auth_get_current_user_id() == $f_user_id ) {
form_security_purge( 'manage_user_delete' );
print_header_redirect( 'account_delete.php?account_delete_token=' . form_security_token( 'account_delete' ), true, false );
}
helper_ensure_confirmed( lang_get( 'delete_account_sure_msg' ) .
'<br/>' . lang_get( 'username_label' ) . lang_get( 'word_separator' ) . $t_user['username'],
lang_get( 'delete_account_button' ) );
/**
* Check if the current user has permissions to delete the stored query
* @param $p_filter_id
* @return bool
*/
function filter_db_can_delete_filter($p_filter_id)
{
$t_filters_table = db_get_table('filters');
$c_filter_id = db_prepare_int($p_filter_id);
$t_user_id = auth_get_current_user_id();
# Administrators can delete any filter
if (user_is_administrator($t_user_id)) {
return true;
}
$query = "SELECT id\n\t\t\t\t FROM {$t_filters_table}\n\t\t\t\t WHERE id=" . db_param() . "\n\t\t\t\t AND user_id=" . db_param() . "\n\t\t\t\t AND project_id!=" . db_param();
$result = db_query_bound($query, array($c_filter_id, $t_user_id, -1));
if (db_num_rows($result) > 0) {
return true;
}
return false;
}
function plan_write_journaling($edit, $plandata, $private, $nolinebreaks = FALSE, $writer = FALSE)
{
include_once 'plan_read.php';
include_once 'snoop.php';
include_once 'spiel.php';
include_once 'send.php';
$planowner = $writer;
// make sure all the timecodes are the same
$time = time();
// find the character encoding of the plan entry, convert it to something
// more universal
mb_detect_order("UTF-8, UTF-8, Windows-1252");
if (mb_detect_encoding($plandata) == "Windows-1252") {
$plandata = mb_convert_encoding($plandata, UTF - 8, Windows - 1252);
}
// make sure no one can post an update to someone else's plan
// this will need to be smarter if we ever implement group plans
// but probably we won't, so no biggie.
if ($planowner != $_SERVER['USER'] && !user_is_administrator()) {
$planowner = $_SERVER['USER'];
}
$plan_dir = "{$_SERVER['PWUSERS_DIR']}/{$planowner}/plan";
// Find the old snoops. We have to masquerade briefly as 'cacheuser' to do
// this without leaving a spurious snitch or getting private entries.
// We remain 'cacheuser' until after snoop_add() below.
$_SERVER['USER'] = '******';
// find old snoops, for later clearing
$old_snoop_array = snoop_find(plan_read_local($planowner, $_SERVER['USERINFO_ARRAY']['defaultdays'] + 3 . 'd'), $planowner);
// delete the (now-invalid) cache files
cache_clear($planowner);
// leave a reminder to plan_read_local to ignore linebreaks.
if ($nolinebreaks) {
$plandata .= "<!--nolinebreaks-->";
}
if ($_POST['title']) {
$plandata .= "<!--title {$_POST['title']} -->";
}
if ($_POST['tags']) {
$plandata .= "<!--tags {$_POST['tags']} -->";
}
// if we weren't editing an existing (already-posted) entry, set the filename for the current time.
if (!$_POST['edit'] || $_POST['edit'] == $_POST['draft_edit']) {
$_POST['edit'] = ".{$time}";
}
$plan_fn = "{$plan_dir}/plan{$_POST['edit']}.txt{$_POST['private']}";
if (!file_exists($plan_fn)) {
file_put_contents("{$_SERVER['PWUSERS_DIR']}/{$planowner}/stats/lastupdate", $time);
}
if ($_FILES['attached_file']['tmp_name']) {
rename("{$_FILES['attached_file']['tmp_name']}", "{$_SERVER['USER_ROOT']}/files/{$_FILES['attached_file']['name']}");
if (strstr($_FILES['attached_file']['name'], 'jpg') || strstr($_FILES['attached_file']['name'], 'gif') || strstr($_FILES['attached_file']['name'], 'png')) {
$plandata .= "<img src='/userfiles/view/{$writer}/{$_FILES['attached_file']['name']}' />";
} else {
$plandata .= "\n<a href='/userfiles/view/{$writer}/{$_FILES['attached_file']['name']}'>{$_FILES['attached_file']['name']}</a>";
}
}
// else trigger_error("No Files Uploaded");
$plandata .= $_POST['markdown'];
$plandata .= $_POST['nofeed'];
// save old headers and footers.
if (strstr($plan_fn, 'header') || strstr($plan_fn, 'footer')) {
exec("mv {$plan_fn} {$plan_fn}.{$time}");
}
// write the update to disk.
file_put_contents($plan_fn, $plandata);
// new feature: SPIEL
// here's the part where spiels are found
// TODO(v4.5): replace spiel syntax with hashtags
if (!$private && !$edit) {
spiel_find($plandata, $planowner, $time);
}
// here's the part where sends are found
if (!$private && !$edit) {
send_find($plandata, $planowner, $time);
}
if (file_exists($plan_fn)) {
if ($private && file_exists("{$plan_dir}/plan{$edit}.txt")) {
exec("mv {$plan_dir}/plan{$edit}.txt {$plan_dir}/rem.plan{$edit}.txt");
}
if (!$private && file_exists("{$plan_dir}/plan{$edit}.txt.p")) {
exec("mv {$plan_dir}/plan{$edit}.txt.p {$plan_dir}/rem.plan{$edit}.txt.p");
}
if ($_POST['draft_edit'] && file_exists("{$plan_dir}/draft{$_POST['draft_edit']}.txt")) {
unlink("{$plan_dir}/draft{$_POST['draft_edit']}.txt");
}
// clean up old drafts
if ($drafts = files_list("{$plan_dir}/", "draft*.txt")) {
foreach ($drafts as $draft) {
if (filemtime("{$plan_dir}/{$draft}") < time() - 7 * 24 * 3600) {
unlink("{$plan_dir}/{$draft}");
}
}
}
}
@chmod($plan_fn, 0755);
// clean old snoops and add new ones
$new_snoop_array = snoop_find(plan_read_local($planowner), $planowner);
$snoops_to_remove = array_unique(array_diff($old_snoop_array, $new_snoop_array));
$snoops_to_set = array_unique(array_diff($new_snoop_array, $old_snoop_array));
$remove_status = snoop_clean($snoops_to_remove, $planowner);
$add_status = snoop_add($snoops_to_set, $planowner);
$_SERVER['USER'] = $_SERVER['USERINFO_ARRAY']['username'];
// done masquerading
// report the good news if we wrote the post to disk.
if (file_exists($plan_fn)) {
if ($_SERVER['AJAX_POST']) {
return $plandata;
}
if (!$_SERVER['BLOGPOST']) {
if ($_COOKIE[$_SERVER['AUTH_COOKIE']]) {
if ($_SERVER['AJAX_POST']) {
return $plandata;
} else {
redirect("/read/{$planowner}");
}
} elseif (user_is_valid($_SERVER['USERINFO_ARRAY']['username'], $_SERVER['USERINFO_ARRAY']['userpass'])) {
if ($_POST['mailpost']) {
echo "posted";
exit;
} else {
// If the writer's cookie expired while updating, log her back in.
login($_SERVER['USERINFO_ARRAY']['username'], $_SERVER['USERINFO_ARRAY']['userpass'], 0, "/read/{$planowner}");
exit;
}
}
} else {
return ".{$time}";
}
} else {
if ($_SERVER['BLOGPOST']) {
return FALSE;
} else {
output('Error Updating', "<div class='alert'>There was an error writing {$_SERVER['USER']}'s plan entry to {$plan_fn} {$edit}. <a href='{$_SERVER['WEB_ROOT']}/feature'>File a bug</a> so we know about this problem. Here's your plan text for safekeeping:<br /><br />{$plandata}</div>", '', ' had an error');
}
}
}
/**
* print menu entrys for each plugin
*/
public static function printWhiteboardMenu()
{
$projectId = helper_get_current_project();
$userId = auth_get_current_user_id();
$userAccessLevel = user_get_access_level($userId, $projectId);
$whiteboardPlugins = self::getWhiteboardPlugins();
$whiteboardPluginCount = count($whiteboardPlugins);
echo '<div class="table">';
for ($index = 0; $index < $whiteboardPluginCount; $index++) {
$whiteboardPlugin = $whiteboardPlugins[$index];
$plugin = $whiteboardPlugin[1];
$pluginAccessLevel = $whiteboardPlugin[2];
$pluginShowMenu = $whiteboardPlugin[3];
if ((user_is_administrator($userId) || $userAccessLevel >= $pluginAccessLevel) && $pluginShowMenu == 1) {
if ($index > 0) {
echo '<div class="item"> | </div>';
}
$pluginLink = $whiteboardPlugin[4];
echo '<div class="item"><a href="' . $pluginLink . '">' . plugin_lang_get('menu_title', $plugin) . '</a></div>';
}
}
echo '</div>';
}
if (print_test_row('check mssql textsize in php.ini...', ini_get('mssql.textlimit') != 4096, ini_get('mssql.textlimit'))) {
print_test_warn_row('check mssql textsize in php.ini...', ini_get('mssql.textsize') == 2147483647, ini_get('mssql.textsize'));
}
}
print_test_row('check variables_order includes GPCS', stristr(ini_get('variables_order'), 'G') && stristr(ini_get('variables_order'), 'P') && stristr(ini_get('variables_order'), 'C') && stristr(ini_get('variables_order'), 'S'), ini_get('variables_order'));
test_bug_download_threshold();
test_bug_attachments_allow_flags();
print_test_row('check mail configuration: send_reset_password = ON requires allow_blank_email = OFF', OFF == config_get_global('send_reset_password') || OFF == config_get_global('allow_blank_email'));
print_test_row('check mail configuration: send_reset_password = ON requires enable_email_notification = ON', OFF == config_get_global('send_reset_password') || ON == config_get_global('enable_email_notification'));
print_test_row('check mail configuration: allow_signup = ON requires enable_email_notification = ON', OFF == config_get_global('allow_signup') || ON == config_get_global('enable_email_notification'));
print_test_row('check mail configuration: allow_signup = ON requires send_reset_password = ON', OFF == config_get_global('allow_signup') || ON == config_get_global('send_reset_password'));
print_test_row('check language configuration: fallback_language is not \'auto\'', 'auto' != config_get_global('fallback_language'));
print_test_row('check configuration: allow_anonymous_login = ON requires anonymous_account to be set', OFF == config_get_global('allow_anonymous_login') || strlen(config_get_global('anonymous_account')) > 0);
$t_anon_user = false;
print_test_row('check configuration: anonymous_account is a valid username if set', strlen(config_get_global('anonymous_account')) > 0 ? ($t_anon_user = user_get_id_by_name(config_get_global('anonymous_account'))) !== false : TRUE);
print_test_row('check configuration: anonymous_account should not be an administrator', $t_anon_user ? !user_is_administrator($t_anon_user) : TRUE);
print_test_row('$g_bug_link_tag is not empty ("' . config_get_global('bug_link_tag') . '")', '' != config_get_global('bug_link_tag'));
print_test_row('$g_bugnote_link_tag is not empty ("' . config_get_global('bugnote_link_tag') . '")', '' != config_get_global('bugnote_link_tag'));
print_test_row('filters: dhtml_filters = ON requires use_javascript = ON', OFF == config_get_global('dhtml_filters') || ON == config_get_global('use_javascript'));
print_test_row('Phpmailer sendmail configuration requires escapeshellcmd. Please use a different phpmailer method if this is blocked.', PHPMAILER_METHOD_SENDMAIL != config_get('phpMailer_method') || PHPMAILER_METHOD_SENDMAIL == config_get('phpMailer_method') && function_exists('escapeshellcmd'));
print_test_row('Phpmailer sendmail configuration requires escapeshellarg. Please use a different phpmailer method if this is blocked.', PHPMAILER_METHOD_SENDMAIL != config_get('phpMailer_method') || PHPMAILER_METHOD_SENDMAIL == config_get('phpMailer_method') && function_exists('escapeshellarg'));
check_zend_optimiser_version();
if (plugin_is_installed('MantisGraph')) {
plugin_push_current('MantisGraph');
print_test_row('checking gd is enabled, and version 2...', get_gd_version() == 2);
if (plugin_config_get('eczlibrary', ON) == OFF) {
$t_jpgraph_path = config_get('absolute_path') . 'library' . DIRECTORY_SEPARATOR . 'jpgraph' . DIRECTORY_SEPARATOR;
if (!file_exists($t_jpgraph_path . 'jpgraph.php')) {
print_test_row('checking we can find jpgraph class files...', false);
} else {
require_once $t_jpgraph_path . 'jpgraph.php';
/**
* Check if the current user has permissions to delete the stored query
* @param integer $p_filter_id Filter id.
* @return boolean
*/
function filter_db_can_delete_filter($p_filter_id)
{
$c_filter_id = (int) $p_filter_id;
$t_user_id = auth_get_current_user_id();
# Administrators can delete any filter
if (user_is_administrator($t_user_id)) {
return true;
}
$t_query = 'SELECT id
FROM {filters}
WHERE id=' . db_param() . '
AND user_id=' . db_param() . '
AND project_id!=' . db_param();
$t_result = db_query($t_query, array($c_filter_id, $t_user_id, -1));
if (db_result($t_result) > 0) {
return true;
}
return false;
}
$c_username = db_prepare_string($f_username);
$c_realname = db_prepare_string($f_realname);
$c_protected = db_prepare_bool($f_protected);
$c_enabled = db_prepare_bool($f_enabled);
$c_user_id = db_prepare_int($f_user_id);
$c_access_level = db_prepare_int($f_access_level);
$t_user_table = config_get('mantis_user_table');
$t_old_protected = user_get_field($f_user_id, 'protected');
# check that we are not downgrading the last administrator
$t_old_access = user_get_field($f_user_id, 'access_level');
if (ADMINISTRATOR == $t_old_access && $t_old_access != $f_access_level && 1 >= user_count_level(ADMINISTRATOR)) {
trigger_error(ERROR_USER_CHANGE_LAST_ADMIN, ERROR);
}
# Project specific access rights override global levels, hence, for users who are changed
# to be administrators, we have to remove project specific rights.
if ($c_access_level >= ADMINISTRATOR && !user_is_administrator($c_user_id)) {
user_delete_project_specific_access_levels($c_user_id);
}
# if the user is already protected and the admin is not removing the
# protected flag then don't update the access level and enabled flag.
# If the user was unprotected or the protected flag is being turned off
# then proceed with a full update.
if ($f_protected && $t_old_protected) {
$query = "UPDATE {$t_user_table}\n\t \t\tSET username='******', email='{$c_email}',\n\t \t\t\tprotected='{$c_protected}', realname='{$c_realname}'\n\t \t\tWHERE id='{$c_user_id}'";
} else {
$query = "UPDATE {$t_user_table}\n\t \t\tSET username='******', email='{$c_email}',\n\t \t\t\taccess_level='{$c_access_level}', enabled='{$c_enabled}',\n\t \t\t\tprotected='{$c_protected}', realname='{$c_realname}'\n\t \t\tWHERE id='{$c_user_id}'";
}
$result = db_query($query);
$t_redirect_url = 'manage_user_page.php';
html_page_top1();
if ($result) {
/**
* Returns true if the currently logged in user is has a role of administrator
* or higher, false otherwise
*
* @return true: administrator; false: otherwise.
* @access public
*/
function current_user_is_administrator()
{
return user_is_administrator(auth_get_current_user_id());
}
function is_admin_user($p_user_id)
{
return user_is_administrator($p_user_id);
}
function output_build_reader_toolbar_mobile($content)
{
if ($_SERVER['URL_ARRAY'][3] == 'bio') {
$is_bio = TRUE;
} elseif ($_SERVER['URL_ARRAY'][1] == 'send') {
$is_send = TRUE;
} elseif (in_array('archives', $_SERVER['URL_ARRAY'])) {
$is_archives = TRUE;
} else {
$is_plan = TRUE;
}
$planwatchlist = file_get_contents("{$_SERVER['USER_ROOT']}/watchedlist.txt");
if ($is_send) {
$_SERVER['PLANOWNER'] = $_SERVER['URL_ARRAY'][2];
plan_get_owner_info($_SERVER['PLANOWNER']);
}
if (user_is_valid($_SERVER['USERINFO_ARRAY']['username'], $_SERVER['USERINFO_ARRAY']['userpass']) && $_SERVER['PLANOWNER'] && !strstr($content, '<h1>Plan Read Failed</h1>')) {
profile('reader_toolbar', 'begin');
if ($is_plan || $is_bio || $is_archives || $is_send && $_SERVER['URL_ARRAY'][2]) {
// bio
if ((file_exists("{$_SERVER['PWUSERS_DIR']}/{$_SERVER['PLANOWNER']}/bio.txt") || (strpos($_SERVER['PLANOWNER_REAL_LOCATION'], 'diaryland') || strpos($_SERVER['PLANOWNER_REAL_LOCATION'], 'livejournal'))) && !$is_bio) {
$readertoolbar[] = "<a href='{$_SERVER['WEB_ROOT']}/read/{$_SERVER['PLANOWNER_REAL_LOCATION']}/bio'>bio</a>";
}
// send
if ((strpos($_SERVER['PLANOWNER_REAL_LOCATION'], 'planworld.net') || strpos($_SERVER['PLANOWNER_REAL_LOCATION'], 'amherst.edu') || plan_is_local($_SERVER['PLANOWNER'])) && $_SERVER['PLANOWNER'] != $_SERVER['USER'] && !$is_send) {
$send_files = files_list("{$_SERVER['USER_ROOT']}/sends", files_encode_safe_name("{$_SERVER['PLANOWNER']}") . "*");
if (is_array($send_files)) {
$lastsend = formattime(filemtime("{$_SERVER['USER_ROOT']}/sends/" . end($send_files)));
if (strstr(end($send_files), '.new')) {
$lastsend .= " <b>NEW</b>";
}
$lastsend = "({$lastsend})";
}
$readertoolbar[] = "<a href='{$_SERVER['WEB_ROOT']}/send/{$_SERVER['PLANOWNER_REAL_LOCATION']}/'>send</a>";
}
// planread
if ($is_send || $is_bio) {
$readertoolbar[] = "<a href='{$_SERVER['WEB_ROOT']}/read/{$_SERVER['PLANOWNER_REAL_LOCATION']}/'>plan</a>";
}
// archives
if (plan_has_archives($_SERVER['PLANOWNER_REAL_LOCATION'])) {
if (!$is_archives) {
$readertoolbar[] = "<a href='{$_SERVER['WEB_ROOT']}/read/{$_SERVER['PLANOWNER']}/archives' >archives</a>";
} else {
$readertoolbar[] = "<a href='{$_SERVER['WEB_ROOT']}/read/{$_SERVER['PLANOWNER']}' >plan</a>";
}
}
// If the reader isn't watching the writer, offer the option
if (!stristr($planwatchlist, $_SERVER['PLANOWNER']) && $is_plan) {
$readertoolbar[] = "<span id='watch_link'><a href=\"javascript:loadXMLDoc('{$_SERVER['WEB_ROOT']}/lists/add_ajax/watched/!{$_SERVER['PLANOWNER_REAL_LOCATION']}:{$_SERVER['PLANOWNER_DISPLAY_NAME']}!',null,'planwatch');void(null);\" title='add {$_SERVER['PLANOWNER_DISPLAY_NAME']} to your watched list' >watch</a></span>";
}
// if writer isn't a blog or the same as reader, offer the option of
// blocking, unblocking, allowing, or disallowing access to reader's plan
if ($_SERVER['PLANOWNER'] != $_SERVER['USER'] && !strpos($_SERVER['PLANOWNER'], '://')) {
// offer administrators a link to masquerade as writer
// this is so it's easy to follow up on plan-reported bugs
if (user_is_administrator() && file_exists("{$_SERVER['PWUSERS_DIR']}/{$_SERVER['PLANOWNER']}/userinfo.dat")) {
$readertoolbar[] = "<a href='{$_SERVER['WEB_ROOT']}/masq/on/{$_SERVER['PLANOWNER']}'>masq</a>";
}
if ($is_plan) {
$readertoolbar[] = "<a href='/lists/unread/{$_SERVER['PLANOWNER']}'>unread</a>";
}
if ($is_send) {
$readertoolbar[] = "<a href='/send/{$_SERVER['PLANOWNER']}/unread'>unread</a>";
}
}
// make the links into a string for output.
$readertoolbar = "<li class='toolbutton'>" . implode("</li><li class='toolbutton'>", $readertoolbar) . "</li>\n";
$readertoolbar = str_replace("<li class='toolbutton'></li>", "", $readertoolbar);
if (($lasttime = plan_get_last_update($_SERVER['PLANOWNER'])) && $is_plan) {
$readertoolbar = "<li class='plan_data_block'>Last Update: " . formattime($lasttime) . "</li>" . $readertoolbar;
}
if ($lastlogin = plan_get_last_login($_SERVER['PLANOWNER'])) {
if ($lastlogin > 1) {
$readertoolbar = "<li class='plan_data_block' id='lastaction'>Last Action: " . formattime($lastlogin) . "</li>" . $readertoolbar;
}
}
}
profile('reader_toolbar', 'end');
}
return $readertoolbar;
}
<?php if( !$t_ldap ) { ?>
<div class="important-msg">
<?php
if ( ( ON == config_get( 'send_reset_password' ) ) && ( ON == config_get( 'enable_email_notification' ) ) ) {
echo lang_get( 'reset_password_msg' );
} else {
echo lang_get( 'reset_password_msg2' );
}
?>
</div>
<?php } ?>
<!-- PROJECT ACCESS (if permissions allow) and user is not ADMINISTRATOR -->
<?php if ( access_has_global_level( config_get( 'manage_user_threshold' ) ) &&
!user_is_administrator( $t_user_id ) ) {
?>
<div class="form-container">
<h2><?php echo lang_get( 'add_user_title' ) ?></h2>
<div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>">
<span class="display-label"><span><?php echo lang_get( 'assigned_projects_label' ) ?></span></span>
<div class="input"><?php print_project_user_list( $t_user['id'] ) ?></div>
<span class="label-style"></span>
</div>
<form id="manage-user-project-add-form" method="post" action="manage_user_proj_add.php">
<fieldset>
<?php echo form_security_field( 'manage_user_proj_add' ) ?>
<input type="hidden" name="user_id" value="<?php echo $t_user['id'] ?>" />
<div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>">
<label for="add-user-project-id"><span><?php echo lang_get( 'unassigned_projects_label' ) ?></span></label>
<span class="select">
function displayfeature($featurename = '')
{
if (file_exists("{$_SERVER['FILE_ROOT']}/features/{$featurename}")) {
parse_str(file_get_contents("{$_SERVER['FILE_ROOT']}/features/{$featurename}", 'r'));
$real = 1;
}
if (!$response) {
$response = 'none yet';
}
$content .= stripslashes("\n\t<h1>{$title}</h1>\n\tStatus:\t<b>{$status}</b><br />\n\tPriority: <b>{$priority}</b><br />\n\tTime Noticed: <b>{$time_noticed}</b><br />\n\tSubmitted by: <b>{$submitter}</b><br />\n\tIP: <b>{$ip}</b><br /><br />\n\tBrowser Used: <b>{$user_agent}</b><br /><br />\n\n\t<b>Description:</b><br />\n\t" . nl2br($note) . "\n\t<br /><br />\n\n\t<b>Response:</b><br />\n\t" . nl2br($response) . "\n\t<br /><br />\n");
if (user_is_administrator() || $_SERVER['USER'] == $submitter) {
$content .= "\t[ <a href='{$_SERVER['WEB_ROOT']}/feature/edit/{$featurename}'>edit</a> ]";
}
if ($real) {
return $content;
} else {
return "<div class='alert'>We can't find a feature request or bug report by the name <i>{$featurename}</i>.</div>";
}
}
function menus_populate($button, $content = FALSE)
{
switch ($button) {
case "view":
$links .= "<li>\n<!--\nTHE VIEW MENUBOX\n-->\n\n\t\t<i>read your own plan. you know, in case you forgot.</i></li>\n\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/view'>view your plan</a></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/read/{$_SERVER['USER']}/bio'>view your bio</a></li>\n";
if (plan_has_archives($_SERVER['USER'])) {
$links .= "<li><a href='{$_SERVER['WEB_ROOT']}/read/{$_SERVER['USER']}/archives'>view your archives</a></li>\n";
}
if (plan_is_journaling($_SERVER['USER'])) {
$links .= "<li><hr /><a href='{$_SERVER['WEB_ROOT']}/view/all_hidden'>view your hidden entries</a></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/view/all_private'>view your private entries</a></li>\n";
}
break;
case "write":
$links .= "\n<!--\nTHE WRITE MENUBOX\n-->\n\n\t\t<li><i>write a plan update. you know you want to.</i></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/write'>update your plan</a></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/write/bio'>edit your bio</a></li>\n";
if (user_is_administrator()) {
$links .= "<li><a href='{$_SERVER['WEB_ROOT']}/write/system'>update the system plan</a></li>\n";
}
$links .= "<li><hr/>\n</li>\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/write/css'>change plan styles</a></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/write/header'>change plan header</a></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/write/footer'>change plan footer</a></li>\n";
if (plan_is_journaling($_SERVER['USER'])) {
$links .= "<li><a href='{$_SERVER['WEB_ROOT']}/write/divider'>change your divider</a></li>\n";
}
$links .= "<li><hr/></li>\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/send'>write a send</a></li>\n";
if ($content && plan_is_journaling($_SERVER['USER']) && strstr($_SERVER['REQUEST_URI'], "/read/{$_SERVER['USER']}")) {
preg_match_all('|entry_content_([0-9]+)|', $content, $matches);
$matches = $matches[1];
if (is_array($matches)) {
$links .= "<li><hr/>edit recent entries...</li>\n";
foreach ($matches as $match) {
$links .= "<li><a href='{$_SERVER['WEB_ROOT']}/write/.{$match}'>" . formattime($match) . "</a></li>\n";
}
}
}
break;
case "snitch":
$links .= "\n<!--\nTHE SNITCH MENUBOX\n-->\n\n\t\t<li><i>snitch and other s-words.</i></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/snitch'>snitch</a></li>\n";
$links .= "<li><hr/>\n</li>\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/snoop'>snoop</a></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/send'>send</a></li>\n";
break;
case "tools":
$links .= "\n<!--\nTHE TOOLS MENUBOX\n-->\n";
$links .= "<li><i>tools to maintain and customize your account</i></li>";
$links .= "\n\t\t\t<li><a href='{$_SERVER['WEB_ROOT']}/feature/' title='report a bug or request a feature'>report a bug</a><br/><hr/></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/slogans/add' title='add your own pw.o slogan to the random selection'>add a new slogan</a><br/>\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/smileys/add' title='upload a new smiley for people to use on their plans'>add a new smiley</a><br/>\n\t\t\t<hr/></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/lists/edit/allowed' title='change who can read your private entries'>edit your allowed list</a><br/>\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/lists/edit/blocked' title='change who is prevented from reading you'>edit your blocked list</a><br/>\n\t\t\t<hr/>\n</li>" . "<li><a href='{$_SERVER['WEB_ROOT']}/prefs/styles'>customize colors</a></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/prefs/fonts'>customize fonts</a></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/prefs/custom_css' title='add custom css'>customize css</a></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/prefs/skin' title='pick a skin'>pick a skin</a></li>\n" . "<li><hr/></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/prefs/userinfo'>user settings</a></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/prefs/interface'>interface prefs</a></li>\n";
// ."<li>skin preview:<br/> <!--SKIN_SELECTOR--></li>\n"
break;
case "<!--TIME-->":
$links .= "<!--LOADTIME-->";
break;
case "watched":
$links .= "\n\t\t\t<li><a href='{$_SERVER['WEB_ROOT']}/lists/edit/watched' title='edit your watched list'>edit</a></li>\n\t\t\t<li class='listheader'>move\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/lists/move/watched/top'>top</a>\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/lists/move/watched/left'>left</a>\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/lists/move/watched/right'>right</a></li>\n\t\t\t<!--<b>move AJAX</b>\n\t\t\t<li><a href=\"javascript:list_move('top');void(null);\">top</a></li>\n\t\t\t<li><a href=\"javascript:list_move('left');void(null);\">left</a></li>\n\t\t\t<li><a href=\"javascript:list_move('right');void(null);\">right</a></li>\n\t\t\t-->\n\t\t\t<li class='listheader'>sort\n\t\t\t<a href=\"javascript:loadXMLDoc('{$_SERVER['WEB_ROOT']}/lists/resort/name/ajax','','planwatch');void(null);\" title='sort alphabetically by name'>abc</a>\n\t\t\t<a href=\"javascript:loadXMLDoc('{$_SERVER['WEB_ROOT']}/lists/resort/time/ajax','','planwatch');void(null);\" title='sort by date and time'>321</a>\n\t\t\t<a href=\"javascript:loadXMLDoc('{$_SERVER['WEB_ROOT']}/lists/resort/inorder/ajax','','planwatch');void(null);\" title='do not sort, use in the order listed'>zfq</a></li>\n\t\t\t<li class='listheader'>status\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/lists/planwatch_mark_all_read' title='mark all plans as read'>update</a>\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/lists/planwatch_mark_all_unread' title='mark all plans as unread'>reset</a></li>\n\t\t\t<!--<li><b>lists</b></li>\n\t\t\t<li><a href='{$_SERVER['WEB_ROOT']}/lists/advertised_users' title='advertised users'>advertised users</a> </li>\n\t\t\t<li><a href='{$_SERVER['WEB_ROOT']}/lists/registered_users' title='registered users'>registered users</a></li>-->\n";
break;
}
return $links;
}
function filter_get_bug_rows(&$p_page_number, &$p_per_page, &$p_page_count, &$p_bug_count, $p_custom_filter = null, $p_project_id = null, $p_user_id = null, $p_show_sticky = null)
{
$t_bug_table = config_get('mantis_bug_table');
$t_bug_text_table = config_get('mantis_bug_text_table');
$t_bugnote_table = config_get('mantis_bugnote_table');
$t_custom_field_string_table = config_get('mantis_custom_field_string_table');
$t_bugnote_text_table = config_get('mantis_bugnote_text_table');
$t_project_table = config_get('mantis_project_table');
$t_bug_monitor_table = config_get('mantis_bug_monitor_table');
$t_limit_reporters = config_get('limit_reporters');
$t_bug_relationship_table = config_get('mantis_bug_relationship_table');
$t_report_bug_threshold = config_get('report_bug_threshold');
$t_current_user_id = auth_get_current_user_id();
if (null === $p_user_id) {
$t_user_id = $t_current_user_id;
} else {
$t_user_id = $p_user_id;
}
$c_user_id = db_prepare_int($t_user_id);
if (null === $p_project_id) {
$t_project_id = helper_get_current_project();
} else {
$t_project_id = $p_project_id;
}
if ($p_custom_filter === null) {
# Prefer current_user_get_bug_filter() over user_get_filter() when applicable since it supports
# cookies set by previous version of the code.
if ($t_user_id == $t_current_user_id) {
$t_filter = current_user_get_bug_filter();
} else {
$t_filter = user_get_bug_filter($t_user_id, $t_project_id);
}
} else {
$t_filter = $p_custom_filter;
}
$t_filter = filter_ensure_valid_filter($t_filter);
if (false === $t_filter) {
return false;
# signify a need to create a cookie
#@@@ error instead?
}
$t_where_clauses = array("{$t_project_table}.enabled = 1", "{$t_project_table}.id = {$t_bug_table}.project_id");
$t_select_clauses = array("{$t_bug_table}.*");
$t_join_clauses = array();
$t_from_clauses = array();
if (ALL_PROJECTS == $t_project_id) {
if (!user_is_administrator($t_user_id)) {
$t_topprojects = $t_projects = user_get_accessible_projects($t_user_id);
foreach ($t_topprojects as $t_project) {
$t_projects = array_merge($t_projects, user_get_all_accessible_subprojects($t_user_id, $t_project));
}
$t_projects = array_unique($t_projects);
if (0 == count($t_projects)) {
return array();
# no accessible projects, return an empty array
} else {
if (1 == count($t_projects)) {
$t_project = $t_projects[0];
array_push($t_where_clauses, "( {$t_bug_table}.project_id={$t_project} )");
} else {
array_push($t_where_clauses, "( {$t_bug_table}.project_id in (" . implode(', ', $t_projects) . ") )");
}
}
}
} else {
access_ensure_project_level(VIEWER, $t_project_id, $t_user_id);
$t_projects = user_get_all_accessible_subprojects($t_user_id, $t_project_id);
$t_projects[] = $t_project_id;
$t_projects = array_unique($t_projects);
if (1 == count($t_projects)) {
$t_project = $t_projects[0];
array_push($t_where_clauses, "( {$t_bug_table}.project_id={$t_project} )");
} else {
array_push($t_where_clauses, "( {$t_bug_table}.project_id in (" . implode(', ', $t_projects) . ") )");
}
}
# private bug selection
if (!access_has_project_level(config_get('private_bug_threshold'), $t_project_id, $t_user_id)) {
$t_public = VS_PUBLIC;
$t_private = VS_PRIVATE;
switch ($t_filter['view_state']) {
case VS_PUBLIC:
array_push($t_where_clauses, "({$t_bug_table}.view_state='{$t_public}')");
break;
case VS_PRIVATE:
array_push($t_where_clauses, "({$t_bug_table}.view_state='{$t_private}' AND {$t_bug_table}.reporter_id='{$t_user_id}')");
break;
case META_FILTER_ANY:
default:
array_push($t_where_clauses, "({$t_bug_table}.view_state='{$t_public}' OR {$t_bug_table}.reporter_id='{$t_user_id}')");
break;
}
} else {
$t_view_state = db_prepare_int($t_filter['view_state']);
if ($t_filter['view_state'] !== META_FILTER_ANY && !is_blank($t_filter['view_state'])) {
array_push($t_where_clauses, "({$t_bug_table}.view_state='{$t_view_state}')");
}
}
# reporter
$t_any_found = false;
foreach ($t_filter['reporter_id'] as $t_filter_member) {
if (META_FILTER_ANY === $t_filter_member || 0 === $t_filter_member) {
$t_any_found = true;
}
}
if (count($t_filter['reporter_id']) == 0) {
$t_any_found = true;
}
if (!$t_any_found) {
$t_clauses = array();
foreach ($t_filter['reporter_id'] as $t_filter_member) {
if (META_FILTER_NONE == $t_filter_member) {
array_push($t_clauses, "0");
} else {
$c_reporter_id = db_prepare_int($t_filter_member);
if (META_FILTER_MYSELF == $c_reporter_id) {
array_push($t_clauses, $c_user_id);
} else {
array_push($t_clauses, $c_reporter_id);
}
}
}
if (1 < count($t_clauses)) {
array_push($t_where_clauses, "( {$t_bug_table}.reporter_id in (" . implode(', ', $t_clauses) . ") )");
} else {
array_push($t_where_clauses, "( {$t_bug_table}.reporter_id={$t_clauses['0']} )");
}
}
# limit reporter
# @@@ thraxisp - access_has_project_level checks greater than or equal to,
# this assumed that there aren't any holes above REPORTER where the limit would apply
#
if (ON === $t_limit_reporters && !access_has_project_level(REPORTER + 1, $t_project_id, $t_user_id)) {
$c_reporter_id = $c_user_id;
array_push($t_where_clauses, "({$t_bug_table}.reporter_id='{$c_reporter_id}')");
}
# handler
$t_any_found = false;
foreach ($t_filter['handler_id'] as $t_filter_member) {
if (META_FILTER_ANY === $t_filter_member || 0 === $t_filter_member) {
$t_any_found = true;
}
}
if (count($t_filter['handler_id']) == 0) {
$t_any_found = true;
}
if (!$t_any_found) {
$t_clauses = array();
foreach ($t_filter['handler_id'] as $t_filter_member) {
if (META_FILTER_NONE == $t_filter_member) {
array_push($t_clauses, 0);
} else {
$c_handler_id = db_prepare_int($t_filter_member);
if (META_FILTER_MYSELF == $c_handler_id) {
array_push($t_clauses, $c_user_id);
} else {
array_push($t_clauses, $c_handler_id);
}
}
}
if (1 < count($t_clauses)) {
array_push($t_where_clauses, "( {$t_bug_table}.handler_id in (" . implode(', ', $t_clauses) . ") )");
} else {
array_push($t_where_clauses, "( {$t_bug_table}.handler_id={$t_clauses['0']} )");
}
}
# category
$t_any_found = false;
foreach ($t_filter['show_category'] as $t_filter_member) {
if (META_FILTER_ANY == $t_filter_member && is_numeric($t_filter_member)) {
$t_any_found = true;
}
}
if (count($t_filter['show_category']) == 0) {
$t_any_found = true;
}
if (!$t_any_found) {
$t_clauses = array();
foreach ($t_filter['show_category'] as $t_filter_member) {
$t_filter_member = stripslashes($t_filter_member);
if (META_FILTER_NONE == $t_filter_member) {
array_push($t_clauses, "''");
} else {
$c_show_category = db_prepare_string($t_filter_member);
array_push($t_clauses, "'{$c_show_category}'");
}
}
if (1 < count($t_clauses)) {
array_push($t_where_clauses, "( {$t_bug_table}.category in (" . implode(', ', $t_clauses) . ") )");
} else {
array_push($t_where_clauses, "( {$t_bug_table}.category={$t_clauses['0']} )");
}
}
# severity
$t_any_found = false;
foreach ($t_filter['show_severity'] as $t_filter_member) {
if (META_FILTER_ANY == $t_filter_member || 0 === $t_filter_member) {
$t_any_found = true;
}
}
if (count($t_filter['show_severity']) == 0) {
$t_any_found = true;
}
if (!$t_any_found) {
$t_clauses = array();
foreach ($t_filter['show_severity'] as $t_filter_member) {
$c_show_severity = db_prepare_int($t_filter_member);
array_push($t_clauses, $c_show_severity);
}
if (1 < count($t_clauses)) {
array_push($t_where_clauses, "( {$t_bug_table}.severity in (" . implode(', ', $t_clauses) . ") )");
} else {
array_push($t_where_clauses, "( {$t_bug_table}.severity={$t_clauses['0']} )");
}
}
# show / hide status
# take a list of all available statuses then remove the ones that we want hidden, then make sure
# the ones we want shown are still available
$t_status_arr = explode_enum_string(config_get('status_enum_string'));
$t_available_statuses = array();
$t_desired_statuses = array();
foreach ($t_status_arr as $t_this_status) {
$t_this_status_arr = explode_enum_arr($t_this_status);
$t_available_statuses[] = $t_this_status_arr[0];
}
if ('simple' == $t_filter['_view_type']) {
# simple filtering: if showing any, restrict by the hide status value, otherwise ignore the hide
$t_any_found = false;
$t_this_status = $t_filter['show_status'][0];
$t_this_hide_status = $t_filter['hide_status'][0];
if (META_FILTER_ANY == $t_this_status || is_blank($t_this_status) || 0 === $t_this_status) {
$t_any_found = true;
}
if ($t_any_found) {
foreach ($t_available_statuses as $t_this_available_status) {
if ($t_this_hide_status > $t_this_available_status) {
$t_desired_statuses[] = $t_this_available_status;
}
}
} else {
$t_desired_statuses[] = $t_this_status;
}
} else {
# advanced filtering: ignore the hide
$t_any_found = false;
foreach ($t_filter['show_status'] as $t_this_status) {
$t_desired_statuses[] = $t_this_status;
if (META_FILTER_ANY == $t_this_status || is_blank($t_this_status) || 0 === $t_this_status) {
$t_any_found = true;
}
}
if ($t_any_found) {
$t_desired_statuses = array();
}
}
if (count($t_desired_statuses) > 0) {
$t_clauses = array();
foreach ($t_desired_statuses as $t_filter_member) {
$c_show_status = db_prepare_int($t_filter_member);
array_push($t_clauses, $c_show_status);
}
if (1 < count($t_clauses)) {
array_push($t_where_clauses, "( {$t_bug_table}.status in (" . implode(', ', $t_clauses) . ") )");
} else {
array_push($t_where_clauses, "( {$t_bug_table}.status={$t_clauses['0']} )");
}
}
# resolution
$t_any_found = false;
foreach ($t_filter['show_resolution'] as $t_filter_member) {
if (META_FILTER_ANY == $t_filter_member) {
$t_any_found = true;
}
}
if (count($t_filter['show_resolution']) == 0) {
$t_any_found = true;
}
if (!$t_any_found) {
$t_clauses = array();
foreach ($t_filter['show_resolution'] as $t_filter_member) {
$c_show_resolution = db_prepare_int($t_filter_member);
array_push($t_clauses, $c_show_resolution);
}
if (1 < count($t_clauses)) {
array_push($t_where_clauses, "( {$t_bug_table}.resolution in (" . implode(', ', $t_clauses) . ") )");
} else {
array_push($t_where_clauses, "( {$t_bug_table}.resolution={$t_clauses['0']} )");
}
}
# priority
$t_any_found = false;
foreach ($t_filter['show_priority'] as $t_filter_member) {
if (META_FILTER_ANY == $t_filter_member || 0 === $t_filter_member) {
$t_any_found = true;
}
}
if (count($t_filter['show_priority']) == 0) {
$t_any_found = true;
}
if (!$t_any_found) {
$t_clauses = array();
foreach ($t_filter['show_priority'] as $t_filter_member) {
$c_show_priority = db_prepare_int($t_filter_member);
array_push($t_clauses, $c_show_priority);
}
if (1 < count($t_clauses)) {
array_push($t_where_clauses, "( {$t_bug_table}.priority in (" . implode(', ', $t_clauses) . ") )");
} else {
array_push($t_where_clauses, "( {$t_bug_table}.priority={$t_clauses['0']} )");
}
}
# product build
$t_any_found = false;
foreach ($t_filter['show_build'] as $t_filter_member) {
if (META_FILTER_ANY == $t_filter_member && is_numeric($t_filter_member)) {
$t_any_found = true;
}
}
if (count($t_filter['show_build']) == 0) {
$t_any_found = true;
}
if (!$t_any_found) {
$t_clauses = array();
foreach ($t_filter['show_build'] as $t_filter_member) {
$t_filter_member = stripslashes($t_filter_member);
if (META_FILTER_NONE == $t_filter_member) {
array_push($t_clauses, "''");
} else {
$c_show_build = db_prepare_string($t_filter_member);
array_push($t_clauses, "'{$c_show_build}'");
}
}
if (1 < count($t_clauses)) {
array_push($t_where_clauses, "( {$t_bug_table}.build in (" . implode(', ', $t_clauses) . ") )");
} else {
array_push($t_where_clauses, "( {$t_bug_table}.build={$t_clauses['0']} )");
}
}
# product version
$t_any_found = false;
foreach ($t_filter['show_version'] as $t_filter_member) {
if (META_FILTER_ANY == $t_filter_member && is_numeric($t_filter_member)) {
$t_any_found = true;
}
}
if (count($t_filter['show_version']) == 0) {
$t_any_found = true;
}
if (!$t_any_found) {
$t_clauses = array();
foreach ($t_filter['show_version'] as $t_filter_member) {
$t_filter_member = stripslashes($t_filter_member);
if (META_FILTER_NONE == $t_filter_member) {
array_push($t_clauses, "''");
} else {
$c_show_version = db_prepare_string($t_filter_member);
array_push($t_clauses, "'{$c_show_version}'");
}
}
if (1 < count($t_clauses)) {
array_push($t_where_clauses, "( {$t_bug_table}.version in (" . implode(', ', $t_clauses) . ") )");
} else {
array_push($t_where_clauses, "( {$t_bug_table}.version={$t_clauses['0']} )");
}
}
# profile
$t_any_found = false;
foreach ($t_filter['show_profile'] as $t_filter_member) {
if (META_FILTER_ANY == $t_filter_member && is_numeric($t_filter_member)) {
$t_any_found = true;
}
}
if (count($t_filter['show_profile']) == 0) {
$t_any_found = true;
}
if (!$t_any_found) {
$t_clauses = array();
foreach ($t_filter['show_profile'] as $t_filter_member) {
$t_filter_member = stripslashes($t_filter_member);
if (META_FILTER_NONE == $t_filter_member) {
array_push($t_clauses, "0");
} else {
$c_show_profile = db_prepare_int($t_filter_member);
array_push($t_clauses, "{$c_show_profile}");
}
}
if (1 < count($t_clauses)) {
array_push($t_where_clauses, "( {$t_bug_table}.profile_id in (" . implode(', ', $t_clauses) . ") )");
} else {
array_push($t_where_clauses, "( {$t_bug_table}.profile_id={$t_clauses['0']} )");
}
}
# date filter
if ('on' == $t_filter['do_filter_by_date'] && is_numeric($t_filter['start_month']) && is_numeric($t_filter['start_day']) && is_numeric($t_filter['start_year']) && is_numeric($t_filter['end_month']) && is_numeric($t_filter['end_day']) && is_numeric($t_filter['end_year'])) {
$t_start_string = db_prepare_string($t_filter['start_year'] . "-" . $t_filter['start_month'] . "-" . $t_filter['start_day'] . " 00:00:00");
$t_end_string = db_prepare_string($t_filter['end_year'] . "-" . $t_filter['end_month'] . "-" . $t_filter['end_day'] . " 23:59:59");
array_push($t_where_clauses, "({$t_bug_table}.date_submitted BETWEEN '{$t_start_string}' AND '{$t_end_string}' )");
}
# fixed in version
$t_any_found = false;
foreach ($t_filter['fixed_in_version'] as $t_filter_member) {
if (META_FILTER_ANY == $t_filter_member && is_numeric($t_filter_member)) {
$t_any_found = true;
}
}
if (count($t_filter['fixed_in_version']) == 0) {
$t_any_found = true;
}
if (!$t_any_found) {
$t_clauses = array();
foreach ($t_filter['fixed_in_version'] as $t_filter_member) {
$t_filter_member = stripslashes($t_filter_member);
if (META_FILTER_NONE == $t_filter_member) {
array_push($t_clauses, "''");
} else {
$c_fixed_in_version = db_prepare_string($t_filter_member);
array_push($t_clauses, "'{$c_fixed_in_version}'");
}
}
if (1 < count($t_clauses)) {
array_push($t_where_clauses, "( {$t_bug_table}.fixed_in_version in (" . implode(', ', $t_clauses) . ") )");
} else {
array_push($t_where_clauses, "( {$t_bug_table}.fixed_in_version={$t_clauses['0']} )");
}
}
# users monitoring a bug
$t_any_found = false;
foreach ($t_filter['user_monitor'] as $t_filter_member) {
if (META_FILTER_ANY == $t_filter_member || 0 === $t_filter_member) {
$t_any_found = true;
}
}
if (count($t_filter['user_monitor']) == 0) {
$t_any_found = true;
}
if (!$t_any_found) {
$t_clauses = array();
$t_table_name = 'user_monitor';
array_push($t_from_clauses, $t_bug_monitor_table);
array_push($t_join_clauses, "LEFT JOIN {$t_bug_monitor_table} {$t_table_name} ON {$t_table_name}.bug_id = {$t_bug_table}.id");
foreach ($t_filter['user_monitor'] as $t_filter_member) {
$c_user_monitor = db_prepare_int($t_filter_member);
if (META_FILTER_MYSELF == $c_user_monitor) {
array_push($t_clauses, $c_user_id);
} else {
array_push($t_clauses, $c_user_monitor);
}
}
if (1 < count($t_clauses)) {
array_push($t_where_clauses, "( {$t_table_name}.user_id in (" . implode(', ', $t_clauses) . ") )");
} else {
array_push($t_where_clauses, "( {$t_table_name}.user_id={$t_clauses['0']} )");
}
}
# bug relationship
$t_any_found = false;
$c_rel_type = $t_filter['relationship_type'];
$c_rel_bug = $t_filter['relationship_bug'];
if (-1 == $c_rel_type || 0 == $c_rel_bug) {
$t_any_found = true;
}
if (!$t_any_found) {
# use the complementary type
$c_rel_type = relationship_get_complementary_type($c_rel_type);
$t_clauses = array();
$t_table_name = 'relationship';
array_push($t_from_clauses, $t_bug_relationship_table);
array_push($t_join_clauses, "LEFT JOIN {$t_bug_relationship_table} {$t_table_name} ON {$t_table_name}.destination_bug_id = {$t_bug_table}.id");
// get reverse relationships
if ($c_rel_type == 1) {
array_push($t_join_clauses, "LEFT JOIN {$t_bug_relationship_table} {$t_table_name}" . "2 ON {$t_table_name}" . "2.source_bug_id = {$t_bug_table}.id");
}
array_push($t_clauses, "({$t_table_name}.relationship_type='{$c_rel_type}' AND {$t_table_name}.source_bug_id='{$c_rel_bug}')");
// get reverse relationships
if ($c_rel_type == 1) {
array_push($t_clauses, "({$t_table_name}" . "2.relationship_type='{$c_rel_type}' AND {$t_table_name}" . "2.destination_bug_id='{$c_rel_bug}')");
}
array_push($t_where_clauses, '(' . implode(' OR ', $t_clauses) . ')');
}
# custom field filters
if (ON == config_get('filter_by_custom_fields')) {
# custom field filtering
$t_custom_fields = custom_field_get_linked_ids($t_project_id);
foreach ($t_custom_fields as $t_cfid) {
$t_first_time = true;
$t_custom_where_clause = '';
# Ignore all custom filters that are not set, or that are set to '' or "any"
$t_any_found = false;
foreach ($t_filter['custom_fields'][$t_cfid] as $t_filter_member) {
if (META_FILTER_ANY == $t_filter_member && is_numeric($t_filter_member)) {
$t_any_found = true;
}
}
if (!isset($t_filter['custom_fields'][$t_cfid])) {
$t_any_found = true;
}
if (!$t_any_found) {
$t_def = custom_field_get_definition($t_cfid);
$t_table_name = $t_custom_field_string_table . '_' . $t_cfid;
# We need to filter each joined table or the result query will explode in dimensions
# Each custom field will result in a exponential growth like Number_of_Issues^Number_of_Custom_Fields
# and only after this process ends (if it is able to) the result query will be filtered
# by the WHERE clause and by the DISTINCT clause
$t_cf_join_clause = "LEFT JOIN {$t_custom_field_string_table} {$t_table_name} ON {$t_table_name}.bug_id = {$t_bug_table}.id AND {$t_table_name}.field_id = {$t_cfid} ";
if ($t_def['type'] == CUSTOM_FIELD_TYPE_DATE) {
switch ($t_filter['custom_fields'][$t_cfid][0]) {
case CUSTOM_FIELD_DATE_ANY:
break;
case CUSTOM_FIELD_DATE_NONE:
array_push($t_join_clauses, $t_cf_join_clause);
$t_custom_where_clause = '(( ' . $t_table_name . '.bug_id is null) OR ( ' . $t_table_name . '.value = 0)';
break;
case CUSTOM_FIELD_DATE_BEFORE:
array_push($t_join_clauses, $t_cf_join_clause);
$t_custom_where_clause = '(( ' . $t_table_name . '.value != 0 AND (' . $t_table_name . '.value+0) < ' . $t_filter['custom_fields'][$t_cfid][2] . ')';
break;
case CUSTOM_FIELD_DATE_AFTER:
array_push($t_join_clauses, $t_cf_join_clause);
$t_custom_where_clause = '(( ' . $t_table_name . '.field_id = ' . $t_cfid . ' AND (' . $t_table_name . '.value+0) > ' . ($t_filter['custom_fields'][$t_cfid][1] + 1) . ')';
break;
default:
array_push($t_join_clauses, $t_cf_join_clause);
$t_custom_where_clause = '(( ' . $t_table_name . '.field_id = ' . $t_cfid . ' AND (' . $t_table_name . '.value+0) BETWEEN ' . $t_filter['custom_fields'][$t_cfid][1] . ' AND ' . $t_filter['custom_fields'][$t_cfid][2] . ')';
break;
}
} else {
array_push($t_join_clauses, $t_cf_join_clause);
foreach ($t_filter['custom_fields'][$t_cfid] as $t_filter_member) {
$t_filter_member = stripslashes($t_filter_member);
if (META_FILTER_NONE === $t_filter_member) {
# coerce filter value if selecting META_FILTER_NONE
$t_filter_member = '';
}
if ($t_first_time) {
$t_first_time = false;
$t_custom_where_clause = '(';
} else {
$t_custom_where_clause .= ' OR ';
}
$t_custom_where_clause .= "{$t_table_name}.value ";
switch ($t_def['type']) {
case CUSTOM_FIELD_TYPE_MULTILIST:
case CUSTOM_FIELD_TYPE_CHECKBOX:
$t_custom_where_clause .= "LIKE '%|";
$t_custom_where_clause_closing = "|%'";
break;
default:
$t_custom_where_clause .= "= '";
$t_custom_where_clause_closing = "'";
}
$t_custom_where_clause .= db_prepare_string($t_filter_member);
$t_custom_where_clause .= $t_custom_where_clause_closing;
}
}
if (!is_blank($t_custom_where_clause)) {
array_push($t_where_clauses, $t_custom_where_clause . ')');
}
}
}
}
$t_textsearch_where_clause = '';
$t_textsearch_wherejoin_clause = '';
# Simple Text Search - Thanks to Alan Knowles
if (!is_blank($t_filter['search'])) {
$c_search = db_prepare_string($t_filter['search']);
$c_search_int = db_prepare_int($t_filter['search']);
$t_textsearch_where_clause = "((summary LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bug_text_table}.description LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bug_text_table}.steps_to_reproduce LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bug_text_table}.additional_information LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bug_table}.id = '{$c_search_int}'))";
$t_textsearch_wherejoin_clause = "((summary LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bug_text_table}.description LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bug_text_table}.steps_to_reproduce LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bug_text_table}.additional_information LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bug_table}.id LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bugnote_text_table}.note LIKE '%{$c_search}%'))";
array_push($t_where_clauses, "({$t_bug_text_table}.id = {$t_bug_table}.bug_text_id)");
$t_from_clauses = array($t_bug_text_table, $t_project_table, $t_bug_table);
} else {
$t_from_clauses = array($t_project_table, $t_bug_table);
}
$t_select = implode(', ', array_unique($t_select_clauses));
$t_from = 'FROM ' . implode(', ', array_unique($t_from_clauses));
$t_join = implode(' ', $t_join_clauses);
if (count($t_where_clauses) > 0) {
$t_where = 'WHERE ' . implode(' AND ', $t_where_clauses);
} else {
$t_where = '';
}
# Possibly do two passes. First time, grab the IDs of issues that match the filters. Second time, grab the IDs of issues that
# have bugnotes that match the text search if necessary.
$t_id_array = array();
for ($i = 0; $i < 2; $i++) {
$t_id_where = $t_where;
$t_id_join = $t_join;
if ($i == 0) {
if (!is_blank($t_id_where) && !is_blank($t_textsearch_where_clause)) {
$t_id_where = $t_id_where . ' AND ' . $t_textsearch_where_clause;
}
} else {
if (!is_blank($t_textsearch_wherejoin_clause)) {
$t_id_where = $t_id_where . ' AND ' . $t_textsearch_wherejoin_clause;
$t_id_join = $t_id_join . " INNER JOIN {$t_bugnote_table} ON {$t_bugnote_table}.bug_id = {$t_bug_table}.id";
$t_id_join = $t_id_join . " INNER JOIN {$t_bugnote_text_table} ON {$t_bugnote_text_table}.id = {$t_bugnote_table}.bugnote_text_id";
}
}
$query = "SELECT DISTINCT {$t_bug_table}.id AS id\n\t\t\t\t\t\t{$t_from}\n\t\t\t\t\t\t{$t_id_join}\n\t\t\t\t\t\t{$t_id_where}";
if ($i == 0 || !is_blank($t_textsearch_wherejoin_clause)) {
$result = db_query($query);
$row_count = db_num_rows($result);
for ($j = 0; $j < $row_count; $j++) {
$row = db_fetch_array($result);
$t_id_array[] = db_prepare_int($row['id']);
}
}
}
$t_id_array = array_unique($t_id_array);
if (count($t_id_array) > 0) {
$t_where = "WHERE {$t_bug_table}.id in (" . implode(", ", $t_id_array) . ")";
} else {
$t_where = "WHERE 1 != 1";
}
$t_from = 'FROM ' . $t_bug_table;
# Get the total number of bugs that meet the criteria.
$bug_count = count($t_id_array);
# write the value back in case the caller wants to know
$p_bug_count = $bug_count;
if (null === $p_per_page) {
$p_per_page = (int) $t_filter['per_page'];
} else {
if (-1 == $p_per_page) {
$p_per_page = $bug_count;
}
}
# Guard against silly values of $f_per_page.
if (0 == $p_per_page) {
$p_per_page = 1;
}
$p_per_page = (int) abs($p_per_page);
# Use $bug_count and $p_per_page to determine how many pages
# to split this list up into.
# For the sake of consistency have at least one page, even if it
# is empty.
$t_page_count = ceil($bug_count / $p_per_page);
if ($t_page_count < 1) {
$t_page_count = 1;
}
# write the value back in case the caller wants to know
$p_page_count = $t_page_count;
# Make sure $p_page_number isn't past the last page.
if ($p_page_number > $t_page_count) {
$p_page_number = $t_page_count;
}
# Make sure $p_page_number isn't before the first page
if ($p_page_number < 1) {
$p_page_number = 1;
}
# Now add the rest of the criteria i.e. sorting, limit.
# if sort is blank then default the sort and direction. This is to fix the
# symptoms of #3953. Note that even if the main problem is fixed, we may
# have to keep this code for a while to handle filters saved with this blank field.
if (is_blank($t_filter['sort'])) {
$t_filter['sort'] = 'last_updated';
$t_filter['dir'] = 'DESC';
}
$t_order_array = array();
$t_sort_fields = split(',', $t_filter['sort']);
$t_dir_fields = split(',', $t_filter['dir']);
if ('on' == $t_filter['sticky_issues'] && NULL !== $p_show_sticky) {
$t_order_array[] = "sticky DESC";
}
for ($i = 0; $i < count($t_sort_fields); $i++) {
$c_sort = db_prepare_string($t_sort_fields[$i]);
if (!in_array($t_sort_fields[$i], array_slice($t_sort_fields, $i + 1))) {
# if sorting by a custom field
if (strpos($c_sort, 'custom_') === 0) {
$t_custom_field = substr($c_sort, strlen('custom_'));
$t_custom_field_id = custom_field_get_id_from_name($t_custom_field);
$t_join .= " LEFT JOIN {$t_custom_field_string_table} ON ( ( {$t_custom_field_string_table}.bug_id = {$t_bug_table}.id ) AND ( {$t_custom_field_string_table}.field_id = {$t_custom_field_id} ) )";
$c_sort = "{$t_custom_field_string_table}.value";
$t_select_clauses[] = "{$t_custom_field_string_table}.value";
}
if ('DESC' == $t_dir_fields[$i]) {
$c_dir = 'DESC';
} else {
$c_dir = 'ASC';
}
$t_order_array[] = "{$c_sort} {$c_dir}";
}
}
# add basic sorting if necessary
if (!in_array('last_updated', $t_sort_fields)) {
$t_order_array[] = 'last_updated DESC';
}
if (!in_array('date_submitted', $t_sort_fields)) {
$t_order_array[] = 'date_submitted DESC';
}
$t_order = " ORDER BY " . implode(', ', $t_order_array);
$t_select = implode(', ', array_unique($t_select_clauses));
$query2 = "SELECT DISTINCT {$t_select}\n\t\t\t\t\t{$t_from}\n\t\t\t\t\t{$t_join}\n\t\t\t\t\t{$t_where}\n\t\t\t\t\t{$t_order}";
# Figure out the offset into the db query
#
# for example page number 1, per page 5:
# t_offset = 0
# for example page number 2, per page 5:
# t_offset = 5
$c_per_page = db_prepare_int($p_per_page);
$c_page_number = db_prepare_int($p_page_number);
$t_offset = ($c_page_number - 1) * $c_per_page;
# perform query
$result2 = db_query($query2, $c_per_page, $t_offset);
$row_count = db_num_rows($result2);
$rows = array();
for ($i = 0; $i < $row_count; $i++) {
$row = db_fetch_array($result2);
$row['date_submitted'] = db_unixtimestamp($row['date_submitted']);
$row['last_updated'] = db_unixtimestamp($row['last_updated']);
array_push($rows, $row);
bug_add_to_cache($row);
}
return $rows;
}
<?php
/*
PT.php
runs regularly (2 minute intervals) from a cron job
to get plan times for all relevant plans
*/
header("Content-type: text/plain");
$_SERVER['PWUSERS_DIR'] = "/home/planwatc/pwusers";
$_SERVER['FILE_ROOT'] = "/home/planwatc/public_html";
// limited security -- other users on our host could get a reg. users list, but
// that's a minor risk. it would be nice to make this a bit better, though.
// TODO:(v4.1) adjust the server's cron job to use system's fingerprint
if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR'] && !user_is_administrator()) {
redirect();
}
$debug = $_GET['debug'];
echo "DEBUG: {$debug}\n\n\n";
/*
// MAIL_SUBMIT =================================================================
turned off until it gets fixed
----
TODO:(v4.5) fix mail submission. maybe get a gmail POP account for this?
TODO:(v5) add SMS to mail gateway if there's any user interest http://
$lastmail_fn="$_SERVER[FILE_ROOT]/stats/lastmail";
if (!file_exists($lastmail_fn) || (@fileatime($lastmail_fn) < time() - 600))
{
echo "<b>checking for email plan posts...</b>\n";
//include_once('mail_submit.php');
touch($lastmail_fn);
$c_enabled = db_prepare_bool($f_enabled);
$c_user_id = db_prepare_int($f_user_id);
$c_access_level = db_prepare_int($f_access_level);
$t_user_table = db_get_table('user');
$t_old_protected = $t_user['protected'];
# Ensure that users aren't escalating privileges of accounts beyond their
# own global access level.
access_ensure_global_level($f_access_level);
# check that we are not downgrading the last administrator
$t_admin_threshold = config_get_global('admin_site_threshold');
if (user_is_administrator($f_user_id) && $f_access_level < $t_admin_threshold && user_count_level($t_admin_threshold) <= 1) {
trigger_error(ERROR_USER_CHANGE_LAST_ADMIN, ERROR);
}
# Project specific access rights override global levels, hence, for users who are changed
# to be administrators, we have to remove project specific rights.
if ($f_access_level >= $t_admin_threshold && !user_is_administrator($f_user_id)) {
user_delete_project_specific_access_levels($f_user_id);
}
# if the user is already protected and the admin is not removing the
# protected flag then don't update the access level and enabled flag.
# If the user was unprotected or the protected flag is being turned off
# then proceed with a full update.
$query_params = array();
if ($f_protected && $t_old_protected) {
$query = "UPDATE {$t_user_table}\n\t\t\tSET username="******", email=" . db_param() . ",\n\t\t\t\tprotected=" . db_param() . ", realname=" . db_param() . "\n\t\t\tWHERE id=" . db_param();
$query_params = array($c_username, $c_email, $c_protected, $c_realname, $c_user_id);
} else {
$query = "UPDATE {$t_user_table}\n\t\t\tSET username="******", email=" . db_param() . ",\n\t\t\t\taccess_level=" . db_param() . ", enabled=" . db_param() . ",\n\t\t\t\tprotected=" . db_param() . ", realname=" . db_param() . "\n\t\t\tWHERE id=" . db_param();
$query_params = array($c_username, $c_email, $c_access_level, $c_enabled, $c_protected, $c_realname, $c_user_id);
}
$result = db_query_bound($query, $query_params);
*
* @uses check_api.php
* @uses config_api.php
* @uses user_api.php
*/
if (!defined('CHECK_ANONYMOUS_INC_ALLOW')) {
return;
}
/**
* MantisBT Check API
*/
require_once 'check_api.php';
require_api('config_api.php');
require_api('user_api.php');
check_print_section_header_row('Anonymous access');
$t_anonymous_access_enabled = config_get_global('allow_anonymous_login');
check_print_info_row('Anonymous access is enabled', $t_anonymous_access_enabled ? 'Yes' : 'No');
if (!$t_anonymous_access_enabled) {
return;
}
$t_anonymous_account = config_get_global('anonymous_account');
check_print_test_row('anonymous_account configuration option is specified', $t_anonymous_account !== '', array(true => 'The account currently being used for anonymous access is: ' . htmlentities($t_anonymous_account), false => 'The anonymous_account configuration option must specify the username of an account to use for anonymous logins.'));
if ($t_anonymous_account === '') {
return;
}
$t_anonymous_user_id = user_get_id_by_name($t_anonymous_account);
check_print_test_row('anonymous_account is a valid user account', $t_anonymous_user_id !== false, array(false => 'You need to specify a valid user account to use with the anonymous_account configuration options.'));
check_print_test_row('anonymous_account user has the enabled flag set', user_is_enabled($t_anonymous_user_id), array(false => 'The anonymous user account must be enabled before it can be used.'));
check_print_test_row('anonymous_account user has the protected flag set', user_get_field($t_anonymous_user_id, 'protected'), array(false => 'The anonymous user account needs to have the protected flag set to prevent anonymous users modifying the account.'));
check_print_test_row('anonymous_account user does not have administrator permissions', !user_is_administrator($t_anonymous_user_id), array(true => 'The anonymous user account currently has an access level of: ' . htmlentities(get_enum_element('access_levels', user_get_access_level($t_anonymous_user_id))), false => 'The anonymous user account should not have administrator level permissions.'));
return; } $t_anonymous_user_id = user_get_id_by_name( $t_anonymous_account ); check_print_test_row( 'anonymous_account is a valid user account', $t_anonymous_user_id !== false, array( false => 'You need to specify a valid user account to use with the anonymous_account configuration options.' ) ); check_print_test_row( 'anonymous_account user has the enabled flag set', user_is_enabled( $t_anonymous_user_id ), array( false => 'The anonymous user account must be enabled before it can be used.' ) ); check_print_test_row( 'anonymous_account user has the protected flag set', user_get_field( $t_anonymous_user_id, 'protected' ), array( false => 'The anonymous user account needs to have the protected flag set to prevent anonymous users modifying the account.' ) ); check_print_test_row( 'anonymous_account user does not have administrator permissions', !user_is_administrator( $t_anonymous_user_id ), array( true => 'The anonymous user account currently has an access level of: ' . htmlentities( get_enum_element( 'access_levels', user_get_access_level( $t_anonymous_user_id ) ) ), false => 'The anonymous user account should not have administrator level permissions.' ) );
}
// URL Authentication
// used by people who are doing looks from different users than their
// logged in users (this includes basically josh and johnnie)
//-------------------------------------------------------------------
$urlarray = explode('/', $_SERVER['REQUEST_URI']);
$urlarray_count = count($urlarray);
// if we haven't found a fingerprint so far, we check for a fingerprint in the url
if (user_verify_fingerprint($urlarray[$urlarray_count - 1])) {
// FINGERPRINT IS LAST ITEM IN URL ARRAY
} elseif (user_verify_fingerprint(user_get_fingerprint($urlarray[$urlarray_count - 2], $urlarray[$urlarray_count - 1]))) {
// USER AND PASS ARE LAST TWO ITEMS IN URL ARRAY
} else {
if (user_verify_fingerprint($_COOKIE[$_SERVER['AUTH_COOKIE']])) {
// VALID USER COOKIE FOUND
if (user_is_administrator() && user_verify_fingerprint($_COOKIE['mau'])) {
// MASQUERADING IS ON
$_SERVER['MASQUERADE'] = TRUE;
} else {
$_SERVER['MASQUERADE'] = FALSE;
}
} elseif (user_verify_fingerprint($sid)) {
// VALID SESSION ID FOUND
$_SERVER["SESSION_ID"] = $sid;
} elseif (user_verify_fingerprint($_POST[$_SERVER['AUTH_COOKIE']])) {
// VALID FINGERPRINT VIA POST
// this is so the write form can't expire even if the user leaves it
// up past cookie expiry.
}
}
// Cookie Updates
if (ON == config_get('send_reset_password') && ON == config_get('enable_email_notification')) {
echo lang_get('reset_password_msg');
} else {
echo lang_get('reset_password_msg2');
}
?>
</div>
<?php
}
}
?>
<!-- PROJECT ACCESS (if permissions allow) and user is not ADMINISTRATOR -->
<?php
if (access_has_global_level(config_get('manage_user_threshold')) && !user_is_administrator($t_user_id)) {
?>
<br />
<div align="center">
<table class="width75" cellspacing="1">
<!-- Title -->
<tr>
<td class="form-title" colspan="2">
<?php
echo lang_get('add_user_title');
?>
</td>
</tr>
<!-- Assigned Projects -->
<tr <?php
function filter_get_bug_rows(&$p_page_number, &$p_per_page, &$p_page_count, &$p_bug_count, $p_custom_filter = null, $p_project_id = null, $p_user_id = null, $p_show_sticky = null)
{
log_event(LOG_FILTERING, 'FILTERING: START NEW FILTER QUERY');
$t_bug_table = config_get('mantis_bug_table');
$t_bug_text_table = config_get('mantis_bug_text_table');
$t_bugnote_table = config_get('mantis_bugnote_table');
$t_custom_field_string_table = config_get('mantis_custom_field_string_table');
$t_bugnote_text_table = config_get('mantis_bugnote_text_table');
$t_project_table = config_get('mantis_project_table');
$t_bug_monitor_table = config_get('mantis_bug_monitor_table');
$t_limit_reporters = config_get('limit_reporters');
$t_bug_relationship_table = config_get('mantis_bug_relationship_table');
$t_report_bug_threshold = config_get('report_bug_threshold');
$t_current_user_id = auth_get_current_user_id();
if (null === $p_user_id) {
$t_user_id = $t_current_user_id;
} else {
$t_user_id = $p_user_id;
}
$c_user_id = db_prepare_int($t_user_id);
if (null === $p_project_id) {
# @@@ If project_id is not specified, then use the project id(s) in the filter if set, otherwise, use current project.
$t_project_id = helper_get_current_project();
} else {
$t_project_id = $p_project_id;
}
if ($p_custom_filter === null) {
# Prefer current_user_get_bug_filter() over user_get_filter() when applicable since it supports
# cookies set by previous version of the code.
if ($t_user_id == $t_current_user_id) {
$t_filter = current_user_get_bug_filter();
} else {
$t_filter = user_get_bug_filter($t_user_id, $t_project_id);
}
} else {
$t_filter = $p_custom_filter;
}
$t_filter = filter_ensure_valid_filter($t_filter);
if (false === $t_filter) {
return false;
# signify a need to create a cookie
#@@@ error instead?
}
$t_view_type = $t_filter['_view_type'];
$t_where_clauses = array("{$t_project_table}.enabled = 1", "{$t_project_table}.id = {$t_bug_table}.project_id");
$t_select_clauses = array("{$t_bug_table}.*");
$t_join_clauses = array();
$t_from_clauses = array();
// normalize the project filtering into an array $t_project_ids
if ('simple' == $t_view_type) {
log_event(LOG_FILTERING, 'FILTERING: Simple Filter');
$t_project_ids = array($t_project_id);
$t_include_sub_projects = true;
} else {
log_event(LOG_FILTERING, 'FILTERING: Advanced Filter');
if (!is_array($t_filter['project_id'])) {
$t_project_ids = array(db_prepare_int($t_filter['project_id']));
} else {
$t_project_ids = array_map('db_prepare_int', $t_filter['project_id']);
}
$t_include_sub_projects = count($t_project_ids) == 1 && $t_project_ids[0] == META_FILTER_CURRENT;
}
log_event(LOG_FILTERING, 'FILTERING: project_ids = ' . implode(',', $t_project_ids));
log_event(LOG_FILTERING, 'FILTERING: include sub-projects = ' . ($t_include_sub_projects ? '1' : '0'));
// if the array has ALL_PROJECTS, then reset the array to only contain ALL_PROJECTS.
// replace META_FILTER_CURRENT with the actualy current project id.
$t_all_projects_found = false;
$t_new_project_ids = array();
foreach ($t_project_ids as $t_pid) {
if ($t_pid == META_FILTER_CURRENT) {
$t_pid = $t_project_id;
}
if ($t_pid == ALL_PROJECTS) {
$t_all_projects_found = true;
log_event(LOG_FILTERING, 'FILTERING: all projects selected');
break;
}
// filter out inaccessible projects.
if (!access_has_project_level(VIEWER, $t_pid, $t_user_id)) {
continue;
}
$t_new_project_ids[] = $t_pid;
}
$t_projects_query_required = true;
if ($t_all_projects_found) {
if (user_is_administrator($t_user_id)) {
log_event(LOG_FILTERING, 'FILTERING: all projects + administrator, hence no project filter.');
$t_projects_query_required = false;
} else {
$t_project_ids = user_get_accessible_projects($t_user_id);
}
} else {
$t_project_ids = $t_new_project_ids;
}
if ($t_projects_query_required) {
// expand project ids to include sub-projects
if ($t_include_sub_projects) {
$t_top_project_ids = $t_project_ids;
foreach ($t_top_project_ids as $t_pid) {
log_event(LOG_FILTERING, 'FILTERING: Getting sub-projects for project id ' . $t_pid);
$t_project_ids = array_merge($t_project_ids, user_get_all_accessible_subprojects($t_user_id, $t_pid));
}
$t_project_ids = array_unique($t_project_ids);
}
// if no projects are accessible, then return an empty array.
if (count($t_project_ids) == 0) {
log_event(LOG_FILTERING, 'FILTERING: no accessible projects');
return array();
}
log_event(LOG_FILTERING, 'FILTERING: project_ids after including sub-projects = ' . implode(',', $t_project_ids));
// this array is to be populated with project ids for which we only want to show public issues. This is due to the limited
// access of the current user.
$t_public_only_project_ids = array();
// this array is populated with project ids that the current user has full access to.
$t_private_and_public_project_ids = array();
$t_access_required_to_view_private_bugs = config_get('private_bug_threshold');
foreach ($t_project_ids as $t_pid) {
if (access_has_project_level($t_access_required_to_view_private_bugs, $t_pid, $t_user_id)) {
$t_private_and_public_project_ids[] = $t_pid;
} else {
$t_public_only_project_ids[] = $t_pid;
}
}
log_event(LOG_FILTERING, 'FILTERING: project_ids (with public/private access) = ' . implode(',', $t_private_and_public_project_ids));
log_event(LOG_FILTERING, 'FILTERING: project_ids (with public access) = ' . implode(',', $t_public_only_project_ids));
$t_count_private_and_public_project_ids = count($t_private_and_public_project_ids);
if ($t_count_private_and_public_project_ids == 1) {
$t_private_and_public_query = "( {$t_bug_table}.project_id = " . $t_private_and_public_project_ids[0] . " )";
} else {
if ($t_count_private_and_public_project_ids > 1) {
$t_private_and_public_query = "( {$t_bug_table}.project_id in (" . implode(', ', $t_private_and_public_project_ids) . ") )";
} else {
$t_private_and_public_query = null;
}
}
$t_count_public_only_project_ids = count($t_public_only_project_ids);
$t_public_view_state_check = "( ( {$t_bug_table}.view_state = " . VS_PUBLIC . " ) OR ( {$t_bug_table}.reporter_id = {$t_user_id} ) )";
if ($t_count_public_only_project_ids == 1) {
$t_public_only_query = "( ( {$t_bug_table}.project_id = " . $t_public_only_project_ids[0] . " ) AND {$t_public_view_state_check} )";
} else {
if ($t_count_public_only_project_ids > 1) {
$t_public_only_query = "( ( {$t_bug_table}.project_id in (" . implode(', ', $t_public_only_project_ids) . ") ) AND {$t_public_view_state_check} )";
} else {
$t_public_only_query = null;
}
}
// both queries can't be null, so we either have one of them or both.
if ($t_private_and_public_query === null) {
$t_project_query = $t_public_only_query;
} else {
if ($t_public_only_query === null) {
$t_project_query = $t_private_and_public_query;
} else {
$t_project_query = "( {$t_public_only_query} OR {$t_private_and_public_query} )";
}
}
log_event(LOG_FILTERING, 'FILTERING: project query = ' . $t_project_query);
array_push($t_where_clauses, $t_project_query);
}
# view state
$t_view_state = db_prepare_int($t_filter['view_state']);
if ($t_filter['view_state'] !== META_FILTER_ANY && !is_blank($t_filter['view_state'])) {
$t_view_state_query = "({$t_bug_table}.view_state='{$t_view_state}')";
log_event(LOG_FILTERING, 'FILTERING: view_state query = ' . $t_view_state_query);
array_push($t_where_clauses, $t_view_state_query);
} else {
log_event(LOG_FILTERING, 'FILTERING: no view_state query');
}
# reporter
$t_any_found = false;
foreach ($t_filter['reporter_id'] as $t_filter_member) {
if (META_FILTER_ANY === $t_filter_member || 0 === $t_filter_member) {
$t_any_found = true;
}
}
if (count($t_filter['reporter_id']) == 0) {
$t_any_found = true;
}
if (!$t_any_found) {
$t_clauses = array();
foreach ($t_filter['reporter_id'] as $t_filter_member) {
if (META_FILTER_NONE == $t_filter_member) {
array_push($t_clauses, "0");
} else {
$c_reporter_id = db_prepare_int($t_filter_member);
if (META_FILTER_MYSELF == $c_reporter_id) {
array_push($t_clauses, $c_user_id);
} else {
array_push($t_clauses, $c_reporter_id);
}
}
}
if (1 < count($t_clauses)) {
$t_reporter_query = "( {$t_bug_table}.reporter_id in (" . implode(', ', $t_clauses) . ") )";
} else {
$t_reporter_query = "( {$t_bug_table}.reporter_id={$t_clauses['0']} )";
}
log_event(LOG_FILTERING, 'FILTERING: reporter query = ' . $t_reporter_query);
array_push($t_where_clauses, $t_reporter_query);
} else {
log_event(LOG_FILTERING, 'FILTERING: no reporter query');
}
# limit reporter
# @@@ thraxisp - access_has_project_level checks greater than or equal to,
# this assumed that there aren't any holes above REPORTER where the limit would apply
#
if (ON === $t_limit_reporters && !access_has_project_level(REPORTER + 1, $t_project_id, $t_user_id)) {
$c_reporter_id = $c_user_id;
array_push($t_where_clauses, "({$t_bug_table}.reporter_id='{$c_reporter_id}')");
}
# handler
$t_any_found = false;
foreach ($t_filter['handler_id'] as $t_filter_member) {
if (META_FILTER_ANY === $t_filter_member || 0 === $t_filter_member) {
$t_any_found = true;
}
}
if (count($t_filter['handler_id']) == 0) {
$t_any_found = true;
}
if (!$t_any_found) {
$t_clauses = array();
foreach ($t_filter['handler_id'] as $t_filter_member) {
if (META_FILTER_NONE == $t_filter_member) {
array_push($t_clauses, 0);
} else {
$c_handler_id = db_prepare_int($t_filter_member);
if (META_FILTER_MYSELF == $c_handler_id) {
array_push($t_clauses, $c_user_id);
} else {
array_push($t_clauses, $c_handler_id);
}
}
}
if (1 < count($t_clauses)) {
$t_handler_query = "( {$t_bug_table}.handler_id in (" . implode(', ', $t_clauses) . ") )";
} else {
$t_handler_query = "( {$t_bug_table}.handler_id={$t_clauses['0']} )";
}
log_event(LOG_FILTERING, 'FILTERING: handler query = ' . $t_handler_query);
array_push($t_where_clauses, $t_handler_query);
} else {
log_event(LOG_FILTERING, 'FILTERING: no handler query');
}
# category
if (!_filter_is_any($t_filter['show_category'])) {
$t_clauses = array();
foreach ($t_filter['show_category'] as $t_filter_member) {
$t_filter_member = stripslashes($t_filter_member);
if (META_FILTER_NONE == $t_filter_member) {
array_push($t_clauses, "''");
} else {
$c_show_category = db_prepare_string($t_filter_member);
array_push($t_clauses, "'{$c_show_category}'");
}
}
if (1 < count($t_clauses)) {
array_push($t_where_clauses, "( {$t_bug_table}.category in (" . implode(', ', $t_clauses) . ") )");
} else {
array_push($t_where_clauses, "( {$t_bug_table}.category={$t_clauses['0']} )");
}
}
# severity
$t_any_found = false;
foreach ($t_filter['show_severity'] as $t_filter_member) {
if (META_FILTER_ANY == $t_filter_member || 0 === $t_filter_member) {
$t_any_found = true;
}
}
if (count($t_filter['show_severity']) == 0) {
$t_any_found = true;
}
if (!$t_any_found) {
$t_clauses = array();
foreach ($t_filter['show_severity'] as $t_filter_member) {
$c_show_severity = db_prepare_int($t_filter_member);
array_push($t_clauses, $c_show_severity);
}
if (1 < count($t_clauses)) {
array_push($t_where_clauses, "( {$t_bug_table}.severity in (" . implode(', ', $t_clauses) . ") )");
} else {
array_push($t_where_clauses, "( {$t_bug_table}.severity={$t_clauses['0']} )");
}
}
# show / hide status
# take a list of all available statuses then remove the ones that we want hidden, then make sure
# the ones we want shown are still available
$t_status_arr = explode_enum_string(config_get('status_enum_string'));
$t_available_statuses = array();
$t_desired_statuses = array();
foreach ($t_status_arr as $t_this_status) {
$t_this_status_arr = explode_enum_arr($t_this_status);
$t_available_statuses[] = $t_this_status_arr[0];
}
if ('simple' == $t_filter['_view_type']) {
# simple filtering: if showing any, restrict by the hide status value, otherwise ignore the hide
$t_any_found = false;
$t_this_status = $t_filter['show_status'][0];
$t_this_hide_status = $t_filter['hide_status'][0];
if (META_FILTER_ANY == $t_this_status || is_blank($t_this_status) || 0 === $t_this_status) {
$t_any_found = true;
}
if ($t_any_found) {
foreach ($t_available_statuses as $t_this_available_status) {
if ($t_this_hide_status > $t_this_available_status) {
$t_desired_statuses[] = $t_this_available_status;
}
}
} else {
$t_desired_statuses[] = $t_this_status;
}
} else {
# advanced filtering: ignore the hide
$t_any_found = false;
foreach ($t_filter['show_status'] as $t_this_status) {
$t_desired_statuses[] = $t_this_status;
if (META_FILTER_ANY == $t_this_status || is_blank($t_this_status) || 0 === $t_this_status) {
$t_any_found = true;
}
}
if ($t_any_found) {
$t_desired_statuses = array();
}
}
if (count($t_desired_statuses) > 0) {
$t_clauses = array();
foreach ($t_desired_statuses as $t_filter_member) {
$c_show_status = db_prepare_int($t_filter_member);
array_push($t_clauses, $c_show_status);
}
if (1 < count($t_clauses)) {
array_push($t_where_clauses, "( {$t_bug_table}.status in (" . implode(', ', $t_clauses) . ") )");
} else {
array_push($t_where_clauses, "( {$t_bug_table}.status={$t_clauses['0']} )");
}
}
# resolution
$t_any_found = false;
foreach ($t_filter['show_resolution'] as $t_filter_member) {
if (META_FILTER_ANY == $t_filter_member) {
$t_any_found = true;
}
}
if (count($t_filter['show_resolution']) == 0) {
$t_any_found = true;
}
if (!$t_any_found) {
$t_clauses = array();
foreach ($t_filter['show_resolution'] as $t_filter_member) {
$c_show_resolution = db_prepare_int($t_filter_member);
array_push($t_clauses, $c_show_resolution);
}
if (1 < count($t_clauses)) {
array_push($t_where_clauses, "( {$t_bug_table}.resolution in (" . implode(', ', $t_clauses) . ") )");
} else {
array_push($t_where_clauses, "( {$t_bug_table}.resolution={$t_clauses['0']} )");
}
}
# priority
$t_any_found = false;
foreach ($t_filter['show_priority'] as $t_filter_member) {
if (META_FILTER_ANY == $t_filter_member || 0 === $t_filter_member) {
$t_any_found = true;
}
}
if (count($t_filter['show_priority']) == 0) {
$t_any_found = true;
}
if (!$t_any_found) {
$t_clauses = array();
foreach ($t_filter['show_priority'] as $t_filter_member) {
$c_show_priority = db_prepare_int($t_filter_member);
array_push($t_clauses, $c_show_priority);
}
if (1 < count($t_clauses)) {
array_push($t_where_clauses, "( {$t_bug_table}.priority in (" . implode(', ', $t_clauses) . ") )");
} else {
array_push($t_where_clauses, "( {$t_bug_table}.priority={$t_clauses['0']} )");
}
}
# product build
$t_any_found = false;
foreach ($t_filter['show_build'] as $t_filter_member) {
if (META_FILTER_ANY == $t_filter_member && is_numeric($t_filter_member)) {
$t_any_found = true;
}
}
if (count($t_filter['show_build']) == 0) {
$t_any_found = true;
}
if (!$t_any_found) {
$t_clauses = array();
foreach ($t_filter['show_build'] as $t_filter_member) {
$t_filter_member = stripslashes($t_filter_member);
if (META_FILTER_NONE == $t_filter_member) {
array_push($t_clauses, "''");
} else {
$c_show_build = db_prepare_string($t_filter_member);
array_push($t_clauses, "'{$c_show_build}'");
}
}
if (1 < count($t_clauses)) {
array_push($t_where_clauses, "( {$t_bug_table}.build in (" . implode(', ', $t_clauses) . ") )");
} else {
array_push($t_where_clauses, "( {$t_bug_table}.build={$t_clauses['0']} )");
}
}
# product version
if (!_filter_is_any($t_filter['show_version'])) {
$t_clauses = array();
foreach ($t_filter['show_version'] as $t_filter_member) {
$t_filter_member = stripslashes($t_filter_member);
if (META_FILTER_NONE == $t_filter_member) {
array_push($t_clauses, "''");
} else {
$c_show_version = db_prepare_string($t_filter_member);
array_push($t_clauses, "'{$c_show_version}'");
}
}
if (1 < count($t_clauses)) {
array_push($t_where_clauses, "( {$t_bug_table}.version in (" . implode(', ', $t_clauses) . ") )");
} else {
array_push($t_where_clauses, "( {$t_bug_table}.version={$t_clauses['0']} )");
}
}
# profile
if (!_filter_is_any($t_filter['show_profile'])) {
$t_clauses = array();
foreach ($t_filter['show_profile'] as $t_filter_member) {
$t_filter_member = stripslashes($t_filter_member);
if (META_FILTER_NONE == $t_filter_member) {
array_push($t_clauses, "0");
} else {
$c_show_profile = db_prepare_int($t_filter_member);
array_push($t_clauses, "{$c_show_profile}");
}
}
if (1 < count($t_clauses)) {
array_push($t_where_clauses, "( {$t_bug_table}.profile_id in (" . implode(', ', $t_clauses) . ") )");
} else {
array_push($t_where_clauses, "( {$t_bug_table}.profile_id={$t_clauses['0']} )");
}
}
# platform
if (!_filter_is_any($t_filter['platform'])) {
$t_clauses = array();
foreach ($t_filter['platform'] as $t_filter_member) {
$t_filter_member = stripslashes($t_filter_member);
if (META_FILTER_NONE == $t_filter_member) {
array_push($t_clauses, '');
} else {
$c_platform = db_prepare_string($t_filter_member);
array_push($t_clauses, "'{$c_platform}'");
}
}
if (1 < count($t_clauses)) {
array_push($t_where_clauses, "( {$t_bug_table}.platform in (" . implode(', ', $t_clauses) . ") )");
} else {
array_push($t_where_clauses, "( {$t_bug_table}.platform = {$t_clauses['0']} )");
}
}
# os
if (!_filter_is_any($t_filter['os'])) {
$t_clauses = array();
foreach ($t_filter['os'] as $t_filter_member) {
$t_filter_member = stripslashes($t_filter_member);
if (META_FILTER_NONE == $t_filter_member) {
array_push($t_clauses, '');
} else {
$c_os = db_prepare_string($t_filter_member);
array_push($t_clauses, "'{$c_os}'");
}
}
if (1 < count($t_clauses)) {
array_push($t_where_clauses, "( {$t_bug_table}.os in (" . implode(', ', $t_clauses) . ") )");
} else {
array_push($t_where_clauses, "( {$t_bug_table}.os = {$t_clauses['0']} )");
}
}
# os_build
if (!_filter_is_any($t_filter['os_build'])) {
$t_clauses = array();
foreach ($t_filter['os_build'] as $t_filter_member) {
$t_filter_member = stripslashes($t_filter_member);
if (META_FILTER_NONE == $t_filter_member) {
array_push($t_clauses, '');
} else {
$c_os_build = db_prepare_string($t_filter_member);
array_push($t_clauses, "'{$c_os_build}'");
}
}
if (1 < count($t_clauses)) {
array_push($t_where_clauses, "( {$t_bug_table}.os_build in (" . implode(', ', $t_clauses) . ") )");
} else {
array_push($t_where_clauses, "( {$t_bug_table}.os_build = {$t_clauses['0']} )");
}
}
# date filter
if ('on' == $t_filter['do_filter_by_date'] && is_numeric($t_filter['start_month']) && is_numeric($t_filter['start_day']) && is_numeric($t_filter['start_year']) && is_numeric($t_filter['end_month']) && is_numeric($t_filter['end_day']) && is_numeric($t_filter['end_year'])) {
$t_start_string = db_prepare_string($t_filter['start_year'] . "-" . $t_filter['start_month'] . "-" . $t_filter['start_day'] . " 00:00:00");
$t_end_string = db_prepare_string($t_filter['end_year'] . "-" . $t_filter['end_month'] . "-" . $t_filter['end_day'] . " 23:59:59");
array_push($t_where_clauses, "({$t_bug_table}.date_submitted BETWEEN '{$t_start_string}' AND '{$t_end_string}' )");
}
# fixed in version
if (!_filter_is_any($t_filter['fixed_in_version'])) {
$t_clauses = array();
foreach ($t_filter['fixed_in_version'] as $t_filter_member) {
$t_filter_member = stripslashes($t_filter_member);
if (META_FILTER_NONE == $t_filter_member) {
array_push($t_clauses, "''");
} else {
$c_fixed_in_version = db_prepare_string($t_filter_member);
array_push($t_clauses, "'{$c_fixed_in_version}'");
}
}
if (1 < count($t_clauses)) {
array_push($t_where_clauses, "( {$t_bug_table}.fixed_in_version in (" . implode(', ', $t_clauses) . ") )");
} else {
array_push($t_where_clauses, "( {$t_bug_table}.fixed_in_version={$t_clauses['0']} )");
}
}
# target version
if (!_filter_is_any($t_filter['target_version'])) {
$t_clauses = array();
foreach ($t_filter['target_version'] as $t_filter_member) {
$t_filter_member = stripslashes($t_filter_member);
if (META_FILTER_NONE == $t_filter_member) {
array_push($t_clauses, "''");
} else {
$c_target_version = db_prepare_string($t_filter_member);
array_push($t_clauses, "'{$c_target_version}'");
}
}
#echo var_dump( $t_clauses ); exit;
if (1 < count($t_clauses)) {
array_push($t_where_clauses, "( {$t_bug_table}.target_version in (" . implode(', ', $t_clauses) . ") )");
} else {
array_push($t_where_clauses, "( {$t_bug_table}.target_version={$t_clauses['0']} )");
}
}
# users monitoring a bug
$t_any_found = false;
foreach ($t_filter['user_monitor'] as $t_filter_member) {
if (META_FILTER_ANY == $t_filter_member || 0 === $t_filter_member) {
$t_any_found = true;
}
}
if (count($t_filter['user_monitor']) == 0) {
$t_any_found = true;
}
if (!$t_any_found) {
$t_clauses = array();
$t_table_name = 'user_monitor';
array_push($t_from_clauses, $t_bug_monitor_table);
array_push($t_join_clauses, "LEFT JOIN {$t_bug_monitor_table} {$t_table_name} ON {$t_table_name}.bug_id = {$t_bug_table}.id");
foreach ($t_filter['user_monitor'] as $t_filter_member) {
$c_user_monitor = db_prepare_int($t_filter_member);
if (META_FILTER_MYSELF == $c_user_monitor) {
array_push($t_clauses, $c_user_id);
} else {
array_push($t_clauses, $c_user_monitor);
}
}
if (1 < count($t_clauses)) {
array_push($t_where_clauses, "( {$t_table_name}.user_id in (" . implode(', ', $t_clauses) . ") )");
} else {
array_push($t_where_clauses, "( {$t_table_name}.user_id={$t_clauses['0']} )");
}
}
# bug relationship
$t_any_found = false;
$c_rel_type = $t_filter['relationship_type'];
$c_rel_bug = $t_filter['relationship_bug'];
if (-1 == $c_rel_type || 0 == $c_rel_bug) {
$t_any_found = true;
}
if (!$t_any_found) {
# use the complementary type
$t_comp_type = relationship_get_complementary_type($c_rel_type);
$t_clauses = array();
$t_table_name = 'relationship';
array_push($t_from_clauses, $t_bug_relationship_table);
array_push($t_join_clauses, "LEFT JOIN {$t_bug_relationship_table} {$t_table_name} ON {$t_table_name}.destination_bug_id = {$t_bug_table}.id");
array_push($t_join_clauses, "LEFT JOIN {$t_bug_relationship_table} {$t_table_name}2 ON {$t_table_name}2.source_bug_id = {$t_bug_table}.id");
// get reverse relationships
array_push($t_clauses, "({$t_table_name}.relationship_type='{$t_comp_type}' AND {$t_table_name}.source_bug_id='{$c_rel_bug}')");
array_push($t_clauses, "({$t_table_name}" . "2.relationship_type='{$c_rel_type}' AND {$t_table_name}" . "2.destination_bug_id='{$c_rel_bug}')");
array_push($t_where_clauses, '(' . implode(' OR ', $t_clauses) . ')');
}
# tags
$c_tag_string = trim($t_filter['tag_string']);
if (!is_blank($c_tag_string)) {
$t_tags = tag_parse_filters($c_tag_string);
if (count($t_tags)) {
$t_tags_all = array();
$t_tags_any = array();
$t_tags_none = array();
foreach ($t_tags as $t_tag_row) {
switch ($t_tag_row['filter']) {
case 1:
$t_tags_all[] = $t_tag_row;
break;
case 0:
$t_tags_any[] = $t_tag_row;
break;
case -1:
$t_tags_none[] = $t_tag_row;
break;
}
}
if (0 < $t_filter['tag_select'] && tag_exists($t_filter['tag_select'])) {
$t_tags_any[] = tag_get($t_filter['tag_select']);
}
$t_bug_tag_table = config_get('mantis_bug_tag_table');
if (count($t_tags_all)) {
$t_clauses = array();
foreach ($t_tags_all as $t_tag_row) {
array_push($t_clauses, "{$t_bug_table}.id IN ( SELECT bug_id FROM {$t_bug_tag_table} WHERE {$t_bug_tag_table}.tag_id = {$t_tag_row['id']} )");
}
array_push($t_where_clauses, '(' . implode(' AND ', $t_clauses) . ')');
}
if (count($t_tags_any)) {
$t_clauses = array();
foreach ($t_tags_any as $t_tag_row) {
array_push($t_clauses, "{$t_bug_tag_table}.tag_id = {$t_tag_row['id']}");
}
array_push($t_where_clauses, "{$t_bug_table}.id IN ( SELECT bug_id FROM {$t_bug_tag_table} WHERE ( " . implode(' OR ', $t_clauses) . ') )');
}
if (count($t_tags_none)) {
$t_clauses = array();
foreach ($t_tags_none as $t_tag_row) {
array_push($t_clauses, "{$t_bug_tag_table}.tag_id = {$t_tag_row['id']}");
}
array_push($t_where_clauses, "{$t_bug_table}.id NOT IN ( SELECT bug_id FROM {$t_bug_tag_table} WHERE ( " . implode(' OR ', $t_clauses) . ') )');
}
}
}
# custom field filters
if (ON == config_get('filter_by_custom_fields')) {
# custom field filtering
# @@@ At the moment this gets the linked fields relating to the current project
# It should get the ones relating to the project in the filter or all projects
# if multiple projects.
$t_custom_fields = custom_field_get_linked_ids($t_project_id);
foreach ($t_custom_fields as $t_cfid) {
$t_custom_where_clause = '';
# Ignore all custom filters that are not set, or that are set to '' or "any"
$t_any_found = false;
foreach ($t_filter['custom_fields'][$t_cfid] as $t_filter_member) {
if (META_FILTER_ANY == $t_filter_member && is_numeric($t_filter_member)) {
$t_any_found = true;
}
}
if (!isset($t_filter['custom_fields'][$t_cfid])) {
$t_any_found = true;
}
if (!$t_any_found) {
$t_def = custom_field_get_definition($t_cfid);
$t_table_name = $t_custom_field_string_table . '_' . $t_cfid;
# We need to filter each joined table or the result query will explode in dimensions
# Each custom field will result in a exponential growth like Number_of_Issues^Number_of_Custom_Fields
# and only after this process ends (if it is able to) the result query will be filtered
# by the WHERE clause and by the DISTINCT clause
$t_cf_join_clause = "LEFT JOIN {$t_custom_field_string_table} {$t_table_name} ON {$t_table_name}.bug_id = {$t_bug_table}.id AND {$t_table_name}.field_id = {$t_cfid} ";
if ($t_def['type'] == CUSTOM_FIELD_TYPE_DATE) {
switch ($t_filter['custom_fields'][$t_cfid][0]) {
case CUSTOM_FIELD_DATE_ANY:
break;
case CUSTOM_FIELD_DATE_NONE:
array_push($t_join_clauses, $t_cf_join_clause);
$t_custom_where_clause = '(( ' . $t_table_name . '.bug_id is null) OR ( ' . $t_table_name . '.value = 0)';
break;
case CUSTOM_FIELD_DATE_BEFORE:
array_push($t_join_clauses, $t_cf_join_clause);
$t_custom_where_clause = '(( ' . $t_table_name . '.value != 0 AND (' . $t_table_name . '.value+0) < ' . $t_filter['custom_fields'][$t_cfid][2] . ')';
break;
case CUSTOM_FIELD_DATE_AFTER:
array_push($t_join_clauses, $t_cf_join_clause);
$t_custom_where_clause = '( (' . $t_table_name . '.value+0) > ' . ($t_filter['custom_fields'][$t_cfid][1] + 1);
break;
default:
array_push($t_join_clauses, $t_cf_join_clause);
$t_custom_where_clause = '( (' . $t_table_name . '.value+0) BETWEEN ' . $t_filter['custom_fields'][$t_cfid][1] . ' AND ' . $t_filter['custom_fields'][$t_cfid][2];
break;
}
} else {
array_push($t_join_clauses, $t_cf_join_clause);
$t_filter_array = array();
foreach ($t_filter['custom_fields'][$t_cfid] as $t_filter_member) {
$t_filter_member = stripslashes($t_filter_member);
if (META_FILTER_NONE == $t_filter_member) {
# coerce filter value if selecting META_FILTER_NONE so it will match empty fields
$t_filter_member = '';
# but also add those _not_ present in the custom field string table
array_push($t_filter_array, "{$t_bug_table}.id NOT IN (SELECT bug_id FROM {$t_custom_field_string_table} WHERE field_id={$t_cfid})");
}
switch ($t_def['type']) {
case CUSTOM_FIELD_TYPE_MULTILIST:
case CUSTOM_FIELD_TYPE_CHECKBOX:
array_push($t_filter_array, db_helper_like("{$t_table_name}.value", '%|' . db_prepare_string($t_filter_member) . '|%'));
break;
default:
array_push($t_filter_array, "{$t_table_name}.value = '" . db_prepare_string($t_filter_member) . "'");
}
}
$t_custom_where_clause .= '(' . implode(' OR ', $t_filter_array);
}
if (!is_blank($t_custom_where_clause)) {
array_push($t_where_clauses, $t_custom_where_clause . ')');
}
}
}
}
$t_textsearch_where_clause = '';
$t_textsearch_wherejoin_clause = '';
# Simple Text Search - Thanks to Alan Knowles
if (!is_blank($t_filter['search'])) {
$c_search = db_prepare_string($t_filter['search']);
$c_search_int = db_prepare_int($t_filter['search']);
$t_textsearch_where_clause = '(' . db_helper_like('summary', "%{$c_search}%") . ' OR ' . db_helper_like("{$t_bug_text_table}.description", "%{$c_search}%") . ' OR ' . db_helper_like("{$t_bug_text_table}.steps_to_reproduce", "%{$c_search}%") . ' OR ' . db_helper_like("{$t_bug_text_table}.additional_information", "%{$c_search}%") . " OR ( {$t_bug_table}.id = '{$c_search_int}' ) )";
$t_textsearch_wherejoin_clause = '(' . db_helper_like('summary', "%{$c_search}%") . ' OR ' . db_helper_like("{$t_bug_text_table}.description", "%{$c_search}%") . ' OR ' . db_helper_like("{$t_bug_text_table}.steps_to_reproduce", "%{$c_search}%") . ' OR ' . db_helper_like("{$t_bug_text_table}.additional_information", "%{$c_search}%") . ' OR ' . db_helper_like("{$t_bug_table}.id", "%{$c_search}%") . ' OR ' . db_helper_like("{$t_bugnote_text_table}.note", "%{$c_search}%") . ' )';
array_push($t_where_clauses, "({$t_bug_text_table}.id = {$t_bug_table}.bug_text_id)");
$t_from_clauses = array($t_bug_text_table, $t_project_table, $t_bug_table);
} else {
$t_from_clauses = array($t_project_table, $t_bug_table);
}
$t_select = implode(', ', array_unique($t_select_clauses));
$t_from = 'FROM ' . implode(', ', array_unique($t_from_clauses));
$t_join = implode(' ', $t_join_clauses);
if (count($t_where_clauses) > 0) {
$t_where = 'WHERE ' . implode(' AND ', $t_where_clauses);
} else {
$t_where = '';
}
# Possibly do two passes. First time, grab the IDs of issues that match the filters. Second time, grab the IDs of issues that
# have bugnotes that match the text search if necessary.
$t_id_array = array();
for ($i = 0; $i < 2; $i++) {
$t_id_where = $t_where;
$t_id_join = $t_join;
if ($i == 0) {
if (!is_blank($t_id_where) && !is_blank($t_textsearch_where_clause)) {
$t_id_where = $t_id_where . ' AND ' . $t_textsearch_where_clause;
}
} else {
if (!is_blank($t_textsearch_wherejoin_clause)) {
$t_id_where = $t_id_where . ' AND ' . $t_textsearch_wherejoin_clause;
$t_id_join = $t_id_join . " INNER JOIN {$t_bugnote_table} ON {$t_bugnote_table}.bug_id = {$t_bug_table}.id";
$t_id_join = $t_id_join . " INNER JOIN {$t_bugnote_text_table} ON {$t_bugnote_text_table}.id = {$t_bugnote_table}.bugnote_text_id";
}
}
$query = "SELECT DISTINCT {$t_bug_table}.id AS id\r\n\t\t\t\t\t\t{$t_from}\r\n\t\t\t\t\t\t{$t_id_join}\r\n\t\t\t\t\t\t{$t_id_where}";
if ($i == 0 || !is_blank($t_textsearch_wherejoin_clause)) {
$result = db_query($query);
$row_count = db_num_rows($result);
for ($j = 0; $j < $row_count; $j++) {
$row = db_fetch_array($result);
$t_id_array[] = db_prepare_int($row['id']);
}
}
}
$t_id_array = array_unique($t_id_array);
# Get the total number of bugs that meet the criteria.
$bug_count = count($t_id_array);
$rows = array();
if ($bug_count > 0) {
$t_where = "WHERE {$t_bug_table}.id in (" . implode(", ", $t_id_array) . ")";
} else {
return $rows;
}
$t_from = 'FROM ' . $t_bug_table;
# write the value back in case the caller wants to know
$p_bug_count = $bug_count;
if (null === $p_per_page) {
$p_per_page = (int) $t_filter['per_page'];
} else {
if (-1 == $p_per_page) {
$p_per_page = $bug_count;
}
}
# Guard against silly values of $f_per_page.
if (0 == $p_per_page) {
$p_per_page = $bug_count;
// 0 - means show all
}
$p_per_page = (int) abs($p_per_page);
# Use $bug_count and $p_per_page to determine how many pages
# to split this list up into.
# For the sake of consistency have at least one page, even if it
# is empty.
$t_page_count = ceil($bug_count / $p_per_page);
if ($t_page_count < 1) {
$t_page_count = 1;
}
# write the value back in case the caller wants to know
$p_page_count = $t_page_count;
# Make sure $p_page_number isn't past the last page.
if ($p_page_number > $t_page_count) {
$p_page_number = $t_page_count;
}
# Make sure $p_page_number isn't before the first page
if ($p_page_number < 1) {
$p_page_number = 1;
}
# Now add the rest of the criteria i.e. sorting, limit.
# if sort is blank then default the sort and direction. This is to fix the
# symptoms of #3953. Note that even if the main problem is fixed, we may
# have to keep this code for a while to handle filters saved with this blank field.
if (is_blank($t_filter['sort'])) {
$t_filter['sort'] = 'last_updated';
$t_filter['dir'] = 'DESC';
}
$t_order_array = array();
$t_sort_fields = split(',', $t_filter['sort']);
$t_dir_fields = split(',', $t_filter['dir']);
if ('on' == $t_filter['sticky_issues'] && NULL !== $p_show_sticky) {
$t_order_array[] = "sticky DESC";
}
$t_join = '';
for ($i = 0; $i < count($t_sort_fields); $i++) {
$c_sort = db_prepare_string($t_sort_fields[$i]);
if (!in_array($t_sort_fields[$i], array_slice($t_sort_fields, $i + 1))) {
# if sorting by a custom field
if (strpos($c_sort, 'custom_') === 0) {
$t_custom_field = substr($c_sort, strlen('custom_'));
$t_custom_field_id = custom_field_get_id_from_name($t_custom_field);
$t_join .= " LEFT JOIN {$t_custom_field_string_table} ON ( ( {$t_custom_field_string_table}.bug_id = {$t_bug_table}.id ) AND ( {$t_custom_field_string_table}.field_id = {$t_custom_field_id} ) )";
$c_sort = "{$t_custom_field_string_table}.value";
$t_select_clauses[] = "{$t_custom_field_string_table}.value";
}
if ('DESC' == $t_dir_fields[$i]) {
$c_dir = 'DESC';
} else {
$c_dir = 'ASC';
}
$t_order_array[] = "{$c_sort} {$c_dir}";
}
}
# add basic sorting if necessary
if (!in_array('last_updated', $t_sort_fields)) {
$t_order_array[] = 'last_updated DESC';
}
if (!in_array('date_submitted', $t_sort_fields)) {
$t_order_array[] = 'date_submitted DESC';
}
$t_order = " ORDER BY " . implode(', ', $t_order_array);
$t_select = implode(', ', array_unique($t_select_clauses));
$query2 = "SELECT DISTINCT {$t_select}\r\n\t\t\t\t\t{$t_from}\r\n\t\t\t\t\t{$t_join}\r\n\t\t\t\t\t{$t_where}\r\n\t\t\t\t\t{$t_order}";
# Figure out the offset into the db query
#
# for example page number 1, per page 5:
# t_offset = 0
# for example page number 2, per page 5:
# t_offset = 5
$c_per_page = db_prepare_int($p_per_page);
$c_page_number = db_prepare_int($p_page_number);
$t_offset = ($c_page_number - 1) * $c_per_page;
# perform query
$result2 = db_query($query2, $c_per_page, $t_offset);
$row_count = db_num_rows($result2);
$t_id_array_lastmod = array();
for ($i = 0; $i < $row_count; $i++) {
$row = db_fetch_array($result2);
$t_id_array_lastmod[] = db_prepare_int($row['id']);
$row['date_submitted'] = db_unixtimestamp($row['date_submitted']);
$row['last_updated'] = db_unixtimestamp($row['last_updated']);
array_push($rows, $row);
}
$t_id_array_lastmod = array_unique($t_id_array_lastmod);
// paulr: it should be impossible for t_id_array_lastmod to be array():
// that would imply that $t_id_array is null which aborts this function early
//if ( count( $t_id_array_lastmod ) > 0 ) {
$t_where = "WHERE {$t_bugnote_table}.bug_id in (" . implode(", ", $t_id_array_lastmod) . ")";
$query3 = "SELECT DISTINCT bug_id,MAX(last_modified) as last_modified, COUNT(last_modified) as count FROM {$t_bugnote_table} {$t_where} GROUP BY bug_id";
# perform query
$result3 = db_query($query3);
$row_count = db_num_rows($result3);
for ($i = 0; $i < $row_count; $i++) {
$row = db_fetch_array($result3);
$t_stats[$row['bug_id']] = $row;
}
foreach ($rows as $row) {
if (!isset($t_stats[$row['id']])) {
bug_cache_database_result($row, false);
} else {
bug_cache_database_result($row, $t_stats[$row['id']]);
}
}
return $rows;
}
/**
* return the user's access level
* account for private project and the project user lists
*
* @param integer $p_user_id A valid user identifier.
* @param integer $p_project_id A valid project identifier.
* @return integer
*/
function user_get_access_level($p_user_id, $p_project_id = ALL_PROJECTS)
{
$t_access_level = user_get_field($p_user_id, 'access_level');
if (user_is_administrator($p_user_id)) {
return $t_access_level;
}
$t_project_access_level = project_get_local_user_access_level($p_project_id, $p_user_id);
if (false === $t_project_access_level) {
return $t_access_level;
} else {
return $t_project_access_level;
}
}
}
if ($_POST['action'] == 'sendmessage') {
include_once 'send.php';
send_find($_POST['message'], $user, $_POST['recipient']);
redirect("/send/{$_POST['recipient']}");
exit;
}
if ($_POST['action'] == 'login') {
login($_POST['user'], $_POST['pass'], $_POST['remember']);
exit;
}
if ($_GET['action'] == 'login_ajax') {
login($_GET['user'], $_GET['pass'], $_GET['remember'], "/watched/{$_GET['user']}");
exit;
}
if ($_POST['data'] && $_POST['filename'] && user_is_administrator()) {
file_put_contents($_POST['filename'], stripslashes($_POST['data']));
redirect('/');
exit;
}
//if ($_SERVER['USER']=='jwdavidson') print_r($_POST['action']);
if ($_POST['action'] == 'snitch_archive') {
redirect("/snitch/{$_POST['reverse']}{$_POST['threshhold']}{$_POST['units']}/{$_POST['begindate']}");
exit;
}
//if ($_SERVER['USER']=='jwdavidson') print_r($_POST);
if ($_POST['action'] == 'write_css') {
file_put_contents("{$_SERVER['USER_ROOT']}/user_css.txt", '$extra_css="' . $_POST['css_data'] . '";');
redirect('/');
exit;
}
/**
* This function checks the project access level first (for the current project
* if none is specified) and if the user is not listed, it falls back on the
* user's global access level.
* @param int $p_project_id integer representing project id to check access against
* @param int|null $p_user_id integer representing user id, defaults to null to use current user
* @return int access level user has to given project
* @access public
*/
function access_get_project_level($p_project_id = null, $p_user_id = null)
{
if (null === $p_user_id) {
$p_user_id = auth_get_current_user_id();
}
# Deal with not logged in silently in this case
/** @todo we may be able to remove this and just error and once we default to anon login, we can remove it for sure */
if (empty($p_user_id) && !auth_is_user_authenticated()) {
return ANYBODY;
}
if (null === $p_project_id) {
$p_project_id = helper_get_current_project();
}
$t_global_access_level = access_get_global_level($p_user_id);
if (ALL_PROJECTS == $p_project_id || user_is_administrator($p_user_id)) {
return $t_global_access_level;
} else {
$t_project_access_level = access_get_local_level($p_user_id, $p_project_id);
$t_project_view_state = project_get_field($p_project_id, 'view_state');
# Try to use the project access level.
# If the user is not listed in the project, then try to fall back
# to the global access level
if (false === $t_project_access_level) {
# If the project is private and the user isn't listed, then they
# must have the private_project_threshold access level to get in.
if (VS_PRIVATE == $t_project_view_state) {
if (access_compare_level($t_global_access_level, config_get('private_project_threshold', null, null, ALL_PROJECTS))) {
return $t_global_access_level;
} else {
return ANYBODY;
}
} else {
# project access not set, but the project is public
return $t_global_access_level;
}
} else {
# project specific access was set
return $t_project_access_level;
}
}
}
require_api('helper_api.php');
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('user_api.php');
form_security_validate('manage_user_delete');
auth_reauthenticate();
access_ensure_global_level(config_get('manage_user_threshold'));
$f_user_id = gpc_get_int('user_id');
$t_user = user_get_row($f_user_id);
# Ensure that the account to be deleted is of equal or lower access to the
# current user.
access_ensure_global_level($t_user['access_level']);
# check that we are not deleting the last administrator account
$t_admin_threshold = config_get_global('admin_site_threshold');
if (user_is_administrator($f_user_id) && user_count_level($t_admin_threshold) <= 1) {
trigger_error(ERROR_USER_CHANGE_LAST_ADMIN, ERROR);
}
# If an administrator is trying to delete their own account, use
# account_delete.php instead as it is handles logging out and redirection
# of users who have just deleted their own accounts.
if (auth_get_current_user_id() == $f_user_id) {
form_security_purge('manage_user_delete');
print_header_redirect('account_delete.php?account_delete_token=' . form_security_token('account_delete'), true, false);
}
helper_ensure_confirmed(lang_get('delete_account_sure_msg') . '<br/>' . lang_get('username_label') . lang_get('word_separator') . $t_user['username'], lang_get('delete_account_button'));
user_delete($f_user_id);
form_security_purge('manage_user_delete');
html_page_top(null, 'manage_user_page.php');
html_operation_successful('manage_user_page.php');
html_page_bottom();
