/* * This file is part of the Eventum (Issue Tracking System) package. * * @copyright (c) Eventum Team * @license GNU General Public License, version 2 or later (GPL-2+) * * For the full copyright and license information, * please see the COPYING and AUTHORS files * that were distributed with this source code. */ require_once __DIR__ . '/../../init.php'; // handle ajax upload // FIXME: no identity logged who added the file. try { // check if logged in. if not, just give error if (!AuthCookie::hasAuthCookie()) { throw new BadFunctionCallException(ev_gettext('Must be logged in')); } if (!isset($_GET['file'])) { // TRANSLATORS: this is technical error and should not be displayed to end users throw new InvalidArgumentException(ev_gettext('No file argument')); } $file = (string) $_GET['file']; if (!isset($_FILES[$file])) { throw new InvalidArgumentException(ev_gettext('No files uploaded')); } $iaf_id = Attachment::addFiles($_FILES[$file]); $res = array('error' => 0, 'iaf_id' => $iaf_id); } catch (Exception $e) { $code = $e->getCode(); $res = array('error' => $code ? $code : -1, 'message' => $e->getMessage());
/** * Method used to get the system-wide defaults. * * @return string array of the default parameters */ public static function getDefaults() { $defaults = array('host' => 'localhost', 'port' => 443, 'context' => '/cas', 'customer_id_attribute' => '', 'contact_id_attribute' => '', 'create_users' => null, 'default_role' => array()); if (AuthCookie::hasAuthCookie()) { // ensure there is entry for current project $prj_id = Auth::getCurrentProject(); $defaults['default_role'][$prj_id] = 0; } return $defaults; }
/** * Method used to check for the appropriate authentication for a specific * page. It will check for the cookie name provided and redirect the user * to another page if needed. * * @param string $failed_url The URL to redirect to if the user is not authenticated * @param boolean $is_popup Flag to tell the function if the current page is a popup window or not * @return void */ public static function checkAuthentication($failed_url = null, $is_popup = false) { try { self::getAuthBackend()->checkAuthentication(); if ($failed_url == null) { $failed_url = APP_RELATIVE_URL . 'index.php?err=5'; } $failed_url .= '&url=' . urlencode($_SERVER['REQUEST_URI']); if (!AuthCookie::hasAuthCookie()) { if (APP_ANON_USER) { $anon_usr_id = User::getUserIDByEmail(APP_ANON_USER); $prj_id = reset(array_keys(Project::getAssocList($anon_usr_id))); AuthCookie::setAuthCookie(APP_ANON_USER, false); AuthCookie::setProjectCookie($prj_id); Session::init($anon_usr_id); } else { // check for valid HTTP_BASIC params if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) { if (self::isCorrectPassword($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) { $usr_id = User::getUserIDByEmail($_SERVER['PHP_AUTH_USER'], true); $prj_id = reset(array_keys(Project::getAssocList($usr_id))); AuthCookie::setAuthCookie(APP_ANON_USER); AuthCookie::setProjectCookie($prj_id); } else { header('WWW-Authenticate: Basic realm="Eventum"'); header('HTTP/1.0 401 Unauthorized'); echo 'Login Failed'; return; } } else { self::redirect($failed_url, $is_popup); } } } $cookie = AuthCookie::getAuthCookie(); if (!$cookie) { AuthCookie::removeAuthCookie(); self::redirect($failed_url, $is_popup); } if (self::isPendingUser($cookie['email'])) { AuthCookie::removeAuthCookie(); self::redirect('index.php?err=9', $is_popup); } if (!self::isActiveUser($cookie['email'])) { AuthCookie::removeAuthCookie(); self::redirect('index.php?err=7', $is_popup); } $usr_id = self::getUserID(); // check the session Session::verify($usr_id); if (!defined('SKIP_LANGUAGE_INIT')) { Language::setPreference(); } // check whether the project selection is set or not $prj_id = self::getCurrentProject(); if (empty($prj_id)) { // redirect to select project page self::redirect(APP_RELATIVE_URL . 'select_project.php?url=' . urlencode($_SERVER['REQUEST_URI']), $is_popup); } // check the expiration date for a 'Customer' type user $contact_id = User::getCustomerContactID($usr_id); if (!empty($contact_id) && CRM::hasCustomerIntegration($prj_id)) { $crm = CRM::getInstance($prj_id); $crm->authenticateCustomer(); } // auto switch project if (isset($_GET['switch_prj_id'])) { AuthCookie::setProjectCookie($_GET['switch_prj_id']); self::redirect($_SERVER['PHP_SELF'] . '?' . str_replace('switch_prj_id=' . $_GET['switch_prj_id'], '', $_SERVER['QUERY_STRING'])); } // if the current session is still valid, then renew the expiration AuthCookie::setAuthCookie($cookie['email'], $cookie['permanent']); // renew the project cookie as well AuthCookie::setProjectCookie($prj_id); } catch (AuthException $e) { $tpl = new Template_Helper(); $tpl->setTemplate('authentication_error.tpl.html'); $tpl->assign('error_message', $e->getMessage()); $tpl->displayTemplate(); exit; } }