/*
* This file is part of the Eventum (Issue Tracking System) package.
*
* @copyright (c) Eventum Team
* @license GNU General Public License, version 2 or later (GPL-2+)
*
* For the full copyright and license information,
* please see the COPYING and AUTHORS files
* that were distributed with this source code.
*/
require_once __DIR__ . '/../../init.php';
// handle ajax upload
// FIXME: no identity logged who added the file.
try {
// check if logged in. if not, just give error
if (!AuthCookie::hasAuthCookie()) {
throw new BadFunctionCallException(ev_gettext('Must be logged in'));
}
if (!isset($_GET['file'])) {
// TRANSLATORS: this is technical error and should not be displayed to end users
throw new InvalidArgumentException(ev_gettext('No file argument'));
}
$file = (string) $_GET['file'];
if (!isset($_FILES[$file])) {
throw new InvalidArgumentException(ev_gettext('No files uploaded'));
}
$iaf_id = Attachment::addFiles($_FILES[$file]);
$res = array('error' => 0, 'iaf_id' => $iaf_id);
} catch (Exception $e) {
$code = $e->getCode();
$res = array('error' => $code ? $code : -1, 'message' => $e->getMessage());
/**
* Method used to get the system-wide defaults.
*
* @return string array of the default parameters
*/
public static function getDefaults()
{
$defaults = array('host' => 'localhost', 'port' => 443, 'context' => '/cas', 'customer_id_attribute' => '', 'contact_id_attribute' => '', 'create_users' => null, 'default_role' => array());
if (AuthCookie::hasAuthCookie()) {
// ensure there is entry for current project
$prj_id = Auth::getCurrentProject();
$defaults['default_role'][$prj_id] = 0;
}
return $defaults;
}
/**
* Method used to check for the appropriate authentication for a specific
* page. It will check for the cookie name provided and redirect the user
* to another page if needed.
*
* @param string $failed_url The URL to redirect to if the user is not authenticated
* @param boolean $is_popup Flag to tell the function if the current page is a popup window or not
* @return void
*/
public static function checkAuthentication($failed_url = null, $is_popup = false)
{
try {
self::getAuthBackend()->checkAuthentication();
if ($failed_url == null) {
$failed_url = APP_RELATIVE_URL . 'index.php?err=5';
}
$failed_url .= '&url=' . urlencode($_SERVER['REQUEST_URI']);
if (!AuthCookie::hasAuthCookie()) {
if (APP_ANON_USER) {
$anon_usr_id = User::getUserIDByEmail(APP_ANON_USER);
$prj_id = reset(array_keys(Project::getAssocList($anon_usr_id)));
AuthCookie::setAuthCookie(APP_ANON_USER, false);
AuthCookie::setProjectCookie($prj_id);
Session::init($anon_usr_id);
} else {
// check for valid HTTP_BASIC params
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
if (self::isCorrectPassword($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
$usr_id = User::getUserIDByEmail($_SERVER['PHP_AUTH_USER'], true);
$prj_id = reset(array_keys(Project::getAssocList($usr_id)));
AuthCookie::setAuthCookie(APP_ANON_USER);
AuthCookie::setProjectCookie($prj_id);
} else {
header('WWW-Authenticate: Basic realm="Eventum"');
header('HTTP/1.0 401 Unauthorized');
echo 'Login Failed';
return;
}
} else {
self::redirect($failed_url, $is_popup);
}
}
}
$cookie = AuthCookie::getAuthCookie();
if (!$cookie) {
AuthCookie::removeAuthCookie();
self::redirect($failed_url, $is_popup);
}
if (self::isPendingUser($cookie['email'])) {
AuthCookie::removeAuthCookie();
self::redirect('index.php?err=9', $is_popup);
}
if (!self::isActiveUser($cookie['email'])) {
AuthCookie::removeAuthCookie();
self::redirect('index.php?err=7', $is_popup);
}
$usr_id = self::getUserID();
// check the session
Session::verify($usr_id);
if (!defined('SKIP_LANGUAGE_INIT')) {
Language::setPreference();
}
// check whether the project selection is set or not
$prj_id = self::getCurrentProject();
if (empty($prj_id)) {
// redirect to select project page
self::redirect(APP_RELATIVE_URL . 'select_project.php?url=' . urlencode($_SERVER['REQUEST_URI']), $is_popup);
}
// check the expiration date for a 'Customer' type user
$contact_id = User::getCustomerContactID($usr_id);
if (!empty($contact_id) && CRM::hasCustomerIntegration($prj_id)) {
$crm = CRM::getInstance($prj_id);
$crm->authenticateCustomer();
}
// auto switch project
if (isset($_GET['switch_prj_id'])) {
AuthCookie::setProjectCookie($_GET['switch_prj_id']);
self::redirect($_SERVER['PHP_SELF'] . '?' . str_replace('switch_prj_id=' . $_GET['switch_prj_id'], '', $_SERVER['QUERY_STRING']));
}
// if the current session is still valid, then renew the expiration
AuthCookie::setAuthCookie($cookie['email'], $cookie['permanent']);
// renew the project cookie as well
AuthCookie::setProjectCookie($prj_id);
} catch (AuthException $e) {
$tpl = new Template_Helper();
$tpl->setTemplate('authentication_error.tpl.html');
$tpl->assign('error_message', $e->getMessage());
$tpl->displayTemplate();
exit;
}
}
