function show()
{
global $page, $db, $user, $fs, $proj;
$page->setTitle($fs->prefs['page_title'] . L('reports'));
$events = array(1 => L('taskopened'), 13 => L('taskreopened'), 2 => L('taskclosed'), 3 => L('taskedited'), 14 => L('assignmentchanged'), 29 => L('events.useraddedtoassignees'), 4 => L('commentadded'), 5 => L('commentedited'), 6 => L('commentdeleted'), 7 => L('attachmentadded'), 8 => L('attachmentdeleted'), 11 => L('relatedadded'), 12 => L('relateddeleted'), 9 => L('notificationadded'), 10 => L('notificationdeleted'), 17 => L('reminderadded'), 18 => L('reminderdeleted'));
$user_events = array(30 => L('created'), 31 => L('deleted'));
$page->assign('events', $events);
$page->assign('user_events', $user_events);
$sort = strtoupper(Get::enum('sort', array('desc', 'asc')));
$where = array();
$params = array();
$orderby = '';
switch (Get::val('order')) {
case 'type':
$orderby = "h.event_type {$sort}, h.event_date {$sort}";
break;
case 'user':
$orderby = "user_id {$sort}, h.event_date {$sort}";
break;
case 'date':
default:
$orderby = "h.event_date {$sort}, h.event_type {$sort}";
}
foreach (Get::val('events', array()) as $eventtype) {
$where[] = 'h.event_type = ?';
$params[] = $eventtype;
}
$where = '(' . implode(' OR ', $where) . ')';
if ($proj->id) {
$where = $where . 'AND (t.project_id = ? OR h.event_type > 29) ';
$params[] = $proj->id;
}
if (($fromdate = Req::val('fromdate')) || Req::val('todate')) {
$where .= ' AND ';
$todate = Req::val('todate');
if ($fromdate) {
$where .= ' h.event_date > ?';
$params[] = Flyspray::strtotime($fromdate) + 0;
}
if ($todate && $fromdate) {
$where .= ' AND h.event_date < ?';
$params[] = Flyspray::strtotime($todate) + 86400;
} else {
if ($todate) {
$where .= ' h.event_date < ?';
$params[] = Flyspray::strtotime($todate) + 86400;
}
}
}
$histories = array();
if (count(Get::val('events'))) {
if (Get::num('event_number') > 0) {
$db->setLimit(Get::num('event_number'));
}
$histories = $db->x->getAll("SELECT h.*, t.*, p.project_prefix\n FROM {history} h\n LEFT JOIN {tasks} t ON h.task_id = t.task_id\n LEFT JOIN {projects} p ON t.project_id = p.project_id\n WHERE {$where}\n ORDER BY {$orderby}", null, $params);
}
$page->assign('histories', $histories);
$page->assign('sort', $sort);
$page->pushTpl('reports.tpl');
}
function _onsubmit()
{
global $proj;
// only meant for global fields...
if (!count(Get::val('ids', array()))) {
return array(ERROR_RECOVER, L('notasksselected'), CreateUrl('index'));
}
$proj = new Project(0);
$return = $this->handle('action', Req::val('action'));
$proj = new Project(0);
return $return;
}
function show($area = null)
{
global $page, $fs, $db, $proj, $user, $conf;
$perpage = '20';
if (isset($user->infos['tasks_perpage'])) {
$perpage = $user->infos['tasks_perpage'];
}
$pagenum = max(1, Get::num('pagenum', 1));
$offset = $perpage * ($pagenum - 1);
// Get the visibility state of all columns
$visible = explode(' ', trim($proj->id ? $proj->prefs['visible_columns'] : $fs->prefs['visible_columns']));
if (!is_array($visible) || !count($visible) || !$visible[0]) {
$visible = array('id');
}
list($tasks, $id_list) = Backend::get_task_list($_GET, $visible, $offset, $perpage);
$page->assign('tasks', $tasks);
$page->assign('offset', $offset);
$page->assign('perpage', $perpage);
$page->assign('pagenum', $pagenum);
$page->assign('visible', $visible);
// List of task IDs for next/previous links
$_SESSION['tasklist'] = $id_list;
$page->assign('total', count($id_list));
// Javascript replacement
if (Get::val('toggleadvanced')) {
$advanced_search = intval(!Req::val('advancedsearch'));
Flyspray::setCookie('advancedsearch', $advanced_search, time() + 60 * 60 * 24 * 30);
$_COOKIE['advancedsearch'] = $advanced_search;
}
// Update check {{{
if (Get::has('hideupdatemsg')) {
unset($_SESSION['latest_version']);
} else {
if ($conf['general']['update_check'] && $user->perms('is_admin') && $fs->prefs['last_update_check'] < time() - 60 * 60 * 24 * 3) {
if (!isset($_SESSION['latest_version'])) {
$latest = Flyspray::remote_request('http://flyspray.org/version.txt', GET_CONTENTS);
//if for some silly reason we get and empty response, we use the actual version
$_SESSION['latest_version'] = empty($latest) ? $fs->version : $latest;
$db->x->execParam('UPDATE {prefs} SET pref_value = ? WHERE pref_name = ?', array(time(), 'last_update_check'));
}
}
}
if (isset($_SESSION['latest_version']) && version_compare($fs->version, $_SESSION['latest_version'], '<')) {
$page->assign('updatemsg', true);
}
// }}}
$page->setTitle($fs->prefs['page_title'] . $proj->prefs['project_title'] . ': ' . L('tasklist'));
$page->pushTpl('index.tpl');
}
define('IN_FS', true);
define('IN_FEED', true);
require_once dirname(__FILE__) . '/header.php';
$page = new FSTpl();
// Set up the basic XML head
header('Content-type: text/html; charset=utf-8');
$max_items = Req::num('num', 10) == 10 ? 10 : 20;
$sql_project = ' 1=1 ';
if ($proj->id) {
$sql_project = sprintf(' p.project_id = %d', $proj->id);
}
$feed_type = Req::val('feed_type', 'rss2');
if ($feed_type != 'rss1' && $feed_type != 'rss2') {
$feed_type = 'atom';
}
switch (Req::val('topic')) {
case 'clo':
$orderby = 'date_closed';
$closed = 't.is_closed = 1 ';
$topic = 1;
$title = 'Recently closed tasks';
break;
case 'edit':
$orderby = 'last_edited_time';
$closed = '1=1';
$topic = 2;
$title = 'Recently edited tasks';
break;
default:
$orderby = 'date_opened';
$closed = '1=1';
header('Content-Type: application/csv');
header('Content-Disposition: attachment; filename=' . $outfile);
header('Content-Transfer-Encoding: text');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . strlen($result));
ob_clean();
flush();
// finally send out our data
printf("%s", $result);
}
// } }}
// Javascript replacement
if (Get::val('toggleadvanced')) {
$advanced_search = intval(!Req::val('advancedsearch'));
Flyspray::setCookie('advancedsearch', $advanced_search, time() + 60 * 60 * 24 * 30);
$_COOKIE['advancedsearch'] = $advanced_search;
}
// Update check {{{
if (Get::has('hideupdatemsg')) {
unset($_SESSION['latest_version']);
} else {
if ($conf['general']['update_check'] && $user->perms('is_admin') && $fs->prefs['last_update_check'] < time() - 60 * 60 * 24 * 3) {
if (!isset($_SESSION['latest_version'])) {
$latest = Flyspray::remote_request('http://flyspray.org/version.txt', GET_CONTENTS);
//if for some silly reason we get and empty response, we use the actual version
$_SESSION['latest_version'] = empty($latest) ? $fs->version : $latest;
$db->Query('UPDATE {prefs} SET pref_value = ? WHERE pref_name = ?', array(time(), 'last_update_check'));
}
}
private function &get_command_from_url()
{
$out = new FlySprayCommand();
if (($action = Req::val('action', false)) === false) {
$null = null;
return $null;
}
$out->action = $action;
$out->id = Req::val('id');
switch ($out->action) {
case 'close_task':
$out->ids['comment'] = Req::val('comment', '');
$out->ids['mark100'] = intval(Req::val('mark100', 1));
break;
case 'add_comment':
$out->ids[0] = Req::val('text');
break;
case 'edit_task':
$out->ids[Req::val('param', '___')] = Req::val('value');
break;
case 'assign_to_me':
$ids_str = Req::val('task_ids', '');
$ids_arr = explode(',', $ids_str);
$out->ids = $ids_arr;
break;
case 'get_task_details':
break;
}
return $out;
}
// ##################
// denying a PM request
// ##################
// ##################
// denying a PM request
// ##################
case 'denypmreq':
$result = $db->Query("SELECT task_id, project_id\n FROM {admin_requests}\n WHERE request_id = ?", array(Req::val('req_id')));
$req_details = $db->FetchRow($result);
if (!$user->perms('manage_project', $req_details['project_id'])) {
break;
}
// Mark the PM request as 'resolved'
$db->Query("UPDATE {admin_requests}\n SET resolved_by = ?, time_resolved = ?, deny_reason = ?\n WHERE request_id = ?", array($user->id, time(), Req::val('deny_reason'), Req::val('req_id')));
Flyspray::logEvent($req_details['task_id'], 28, Req::val('deny_reason'));
$notify->Create(NOTIFY_PM_DENY_REQUEST, $req_details['task_id'], Req::val('deny_reason'));
$_SESSION['SUCCESS'] = L('pmreqdeniedmsg');
break;
// ##################
// adding a dependency
// ##################
// ##################
// adding a dependency
// ##################
case 'details.newdep':
if (!$user->can_edit_task($task)) {
break;
}
if (!Post::val('dep_task_id')) {
Flyspray::show_error(L('formnotcomplete'));
break;
function _onsubmit()
{
global $fs, $db, $proj, $user;
$proj = new Project(0);
return $this->handle('action', Req::val('action'));
}
box-shadow: 0 1px 1px #ddd;
color: #565656;
cursor: pointer;
display: inline-block;
font-family: sans-serif;
font-size: 100%;
font-weight: bold;
line-height: 130%;
padding: 8px 13px 8px 10px;
text-decoration: none;
">Remove the folder ' . DIRECTORY_SEPARATOR . 'setup</a> before you start using Flyspray</p>
');
}
// Any "do" mode that accepts a task_id or id field should be added here.
if (in_array(Req::val('do'), array('details', 'depends', 'editcomment'))) {
if (Req::num('task_id')) {
$result = $db->Query('SELECT project_id
FROM {tasks} WHERE task_id = ?', array(Req::num('task_id')));
$project_id = $db->FetchOne($result);
}
}
if (!isset($project_id)) {
// Determine which project we want to see
if (($project_id = Cookie::val('flyspray_project')) == '') {
$project_id = $fs->prefs['default_project'];
}
$project_id = Req::val('project', Req::val('project_id', $project_id));
}
$proj = new Project($project_id);
# no more project cookie!
#$proj->setCookie();
/**
* Returns (safe) HTML which displays a field to edit a value
* @access public
* @param bool $use_default use default field value or not
* @param bool $lock lock the field depending on the users perms ornot
* @param array $task task data
* @param array $add_options add options to the select?
* @param array $attrs add attributes to the select
* @return string
*/
function edit($use_default = true, $lock = false, $task = array(), $add_options = array(), $attrs = array(), $prefix = '')
{
global $user, $proj;
if ($use_default) {
$task['field' . $this->id] = $this->prefs['default_value'];
} else {
if (!isset($task['field' . $this->id])) {
$task['field' . $this->id] = '';
}
}
// determine whether or not to lock inputs
$lock = $lock && $this->prefs['force_default'] && (count($task) > 3 && !$user->can_edit_task($task) || !$user->perms('modify_all_tasks'));
$html = '';
switch ($this->prefs['field_type']) {
case FIELD_LIST:
if (!$this->prefs['list_id']) {
return '';
}
$html .= sprintf('<select id="%sfield%d" name="%sfield%d%s" %s ', $prefix, $this->id, $prefix, $this->id, isset($attrs['multiple']) ? '[]' : '', join_attrs($attrs));
$html .= tpl_disableif($lock) . '>';
$html .= tpl_options(array_merge($add_options, $proj->get_list($this->prefs, $task['field' . $this->id])), Req::val('field' . $this->id, $task['field' . $this->id]));
$html .= '</select>';
break;
case FIELD_DATE:
$attrs = array();
if ($lock) {
$attrs = array('readonly' => 'readonly');
}
$html .= tpl_datepicker($prefix . 'field' . $this->id, '', Req::val('field' . $this->id, $task['field' . $this->id]), $attrs);
break;
case FIELD_TEXT:
$html .= sprintf('<input type="text" class="text" id="%sfield%d" name="%sfield%d" value="%s"/>', $prefix, $this->id, $prefix, $this->id, Filters::noXSS(Req::val('field' . $this->id, $task['field' . $this->id])));
break;
case FIELD_USER:
$html .= tpl_userselect($prefix . 'field' . $this->id, Req::val('field' . $this->id, $task['field' . $this->id]));
break;
}
return $html;
}
/*******************************************************************************/
/* Here begins the deep flyspray : html rendering */
/*******************************************************************************/
# no cache headers are now in header.php!
// see http://www.w3.org/TR/html401/present/styles.html#h-14.2.1
header('Content-Style-Type: text/css');
header('Content-type: text/html; charset=utf-8');
if ($conf['general']['output_buffering'] == 'gzip' && extension_loaded('zlib')) {
// Start Output Buffering and gzip encoding if setting is present.
ob_start('ob_gzhandler');
} else {
ob_start();
}
$page = new FSTpl();
// make sure people are not attempting to manually fiddle with projects they are not allowed to play with
if (Req::has('project') && Req::val('project') != 0 && !$user->can_view_project(Req::val('project'))) {
Flyspray::show_error(L('nopermission'));
exit;
}
if ($show_task = Get::val('show_task')) {
// If someone used the 'show task' form, redirect them
if (is_numeric($show_task)) {
Flyspray::Redirect(CreateURL('details', $show_task));
} else {
Flyspray::Redirect($baseurl . '?string=' . $show_task);
}
}
if (Flyspray::requestDuplicated()) {
// Check that this page isn't being submitted twice
Flyspray::show_error(3);
}
define('IN_FS', true);
header('Content-type: text/html; charset=utf-8');
require_once '../../header.php';
$baseurl = dirname(dirname($baseurl)) . '/';
if (Cookie::has('flyspray_userid') && Cookie::has('flyspray_passhash')) {
$user = new User(Cookie::val('flyspray_userid'));
$user->check_account_ok();
} else {
$user = new User(0, $proj);
}
// don't allow anonymous users to access this page at all
if ($user->isAnon()) {
die;
}
if (Req::has('name')) {
$searchterm = strtolower(Req::val('name'));
}
// Get the list of users from the global groups above
$get_users = $db->Query(' SELECT count(u.user_name) AS anz_u_user,
count(r.user_name) AS anz_r_user
FROM {users} u
LEFT JOIN {registrations} r ON u.user_name = r.user_name
WHERE Lower(u.user_name) = ?
OR
Lower(r.user_name) = ?', array($searchterm, $searchterm));
while ($row = $db->FetchRow($get_users)) {
if ($row['anz_u_user'] > '0' || $row['anz_r_user'] > '0') {
$html = 'false|' . eL('usernametaken');
} else {
$html = 'true';
}
/**
* show
*
* @access public
* @return void
*/
function show()
{
global $page, $fs, $db;
$page->setTitle($fs->prefs['page_title'] . L('lostpw'));
if (!Req::has('magic_url')) {
// Step One: user requests magic url
$page->pushTpl('lostpw.step1.tpl');
} else {
// Step Two: user enters new password
$check_magic = $db->x->getRow('SELECT user_id, user_name FROM {users} WHERE magic_url = ?', null, array(Req::val('magic_url')));
if ($check_magic) {
$page->assign('userinfo', $check_magic);
$page->pushTpl('lostpw.step2.tpl');
} else {
$page->pushTpl('lostpw.step1.tpl');
}
}
}
function isAlnum($key)
{
return Filters::isAlnum(Req::val($key));
}
function show()
{
global $page, $db, $user, $fs;
$page->setTitle($fs->prefs['page_title'] . L('registernewuser'));
if (Get::val('regdone')) {
$page->pushTpl('register.ok.tpl');
} else {
if ($user->can_register()) {
// 32 is the length of the magic_url
if (Req::has('magic_url')) {
// If the user came here from their notification link
$sql = $db->x->GetOne('SELECT reg_id FROM {registrations} WHERE magic_url = ?', null, Req::val('magic_url'));
if (!$sql) {
FlysprayDo::error(array(ERROR_INPUT, L('error18')));
}
$page->pushTpl('register.magic.tpl');
} else {
$page->pushTpl('register.no-magic.tpl');
}
} else {
$page->pushTpl('common.newuser.tpl');
}
}
}
<?php
/*********************************************************\
| Register a new user (when confirmation codes is used) |
| ~~~~~~~~~~~~~~~~~~~ |
\*********************************************************/
if (!defined('IN_FS')) {
die('Do not access this file directly.');
}
$page->setTitle($fs->prefs['page_title'] . L('registernewuser'));
if (!$user->isAnon()) {
Flyspray::Redirect($baseurl);
}
if ($user->can_register()) {
// 32 is the length of the magic_url
if (Req::has('magic_url') && strlen(Req::val('magic_url')) == 32) {
// If the user came here from their notification link
$sql = $db->Query('SELECT * FROM {registrations} WHERE magic_url = ?', array(Get::val('magic_url')));
if (!$db->CountRows($sql)) {
Flyspray::show_error(18);
}
$page->pushTpl('register.magic.tpl');
} else {
$page->pushTpl('register.no-magic.tpl');
}
} elseif ($user->can_self_register()) {
$page->pushTpl('common.newuser.tpl');
} else {
Flyspray::show_error(22);
}
$page->pushTpl('admin.menu.tpl');
switch ($area = Req::val('area', 'prefs')) {
case 'users':
$id = Flyspray::UserNameToId(Req::val('user_name'));
if (!$id) {
$id = Req::val('user_id');
}
$theuser = new User($id, $proj);
if ($theuser->isAnon()) {
Flyspray::show_error(5, true, null, $_SESSION['prev_page']);
}
$page->assign('theuser', $theuser);
case 'cat':
case 'editgroup':
// yeah, utterly stupid, is changed in 1.0 already
if (Req::val('area') == 'editgroup') {
$group_details = Flyspray::getGroupDetails(Req::num('id'));
if (!$group_details || $group_details['project_id'] != $proj->id) {
Flyspray::show_error(L('groupnotexist'));
Flyspray::Redirect(CreateURL('pm', 'groups', $proj->id));
}
$page->uses('group_details');
}
case 'groups':
case 'newuser':
case 'newuserbulk':
case 'editallusers':
$page->assign('groups', Flyspray::ListGroups());
case 'userrequest':
$sql = $db->Query("SELECT *\n FROM {admin_requests}\n WHERE request_type = 3 AND project_id = 0 AND resolved_by = 0\n ORDER BY time_submitted ASC");
$page->assign('pendings', $db->fetchAllArray($sql));
function tpl_datepicker($name, $label = '', $value = 0)
{
global $user, $page;
$date = '';
if ($value) {
if (!is_numeric($value)) {
$value = strtotime($value);
}
if (!$user->isAnon()) {
$st = date('Z') / 3600;
// server GMT timezone
$value += ($user->infos['time_zone'] - $st) * 60 * 60;
}
$date = date('Y-m-d', intval($value));
/* It must "look" as a date..
* XXX : do not blindly copy this code to validate other dates
* this is mostly a tongue-in-cheek validation
* 1. it will fail on 32 bit systems on dates < 1970
* 2. it will produce different results bewteen 32 and 64 bit systems for years < 1970
* 3. it will not work when year > 2038 on 32 bit systems (see http://en.wikipedia.org/wiki/Year_2038_problem)
*
* Fortunately tasks are never opened to be dated on 1970 and maybe our sons or the future flyspray
* coders may be willing to fix the 2038 issue ( in the strange case 32 bit systems are still used by that year) :-)
*/
} elseif (Req::has($name) && strlen(Req::val($name))) {
//strtotime sadly returns -1 on faliure in php < 5.1 instead of false
$ts = strtotime(Req::val($name));
foreach (array('m', 'd', 'Y') as $period) {
//checkdate only accepts arguments of type integer
${$period} = intval(date($period, $ts));
}
// $ts has to be > 0 to get around php behavior change
// false is casted to 0 by the ZE
$date = $ts > 0 && checkdate($m, $d, $Y) ? Req::val($name) : '';
}
$subPage = new FSTpl();
$subPage->setTheme($page->getTheme());
$subPage->assign('name', $name);
$subPage->assign('date', $date);
$subPage->assign('label', $label);
$subPage->assign('dateformat', '%Y-%m-%d');
$subPage->display('common.datepicker.tpl');
}
/**
* area_list
*
* @access public
* @return void
*/
function area_list()
{
global $fs, $db, $proj, $user, $page;
if (!Req::val('list_id')) {
FlysprayDo::error(array(ERROR_INPUT));
return;
}
$row = $db->x->getRow('SELECT list_type, list_name FROM {lists} WHERE list_id = ?', null, Req::val('list_id'));
if ($row['list_type'] != LIST_CATEGORY) {
$page->assign('rows', $proj->get_edit_list(Req::val('list_id')));
}
$page->assign('list_type', $row['list_type']);
$page->assign('list_name', $row['list_name']);
}
function _onsubmit()
{
$action = Req::val('action');
list($type, $msg, $url) = $this->handle('action', $action, $this->task);
if ($type != NO_SUBMIT) {
$this->task = Flyspray::GetTaskDetails(Req::num('task_id'));
}
return array($type, $msg, $url);
}
$userids[] = $row['user_id'];
} else {
# user is probably in a global group with assignee permission listed, so no need to show second time in a project group.
}
}
if (is_array(Post::val('rassigned_to'))) {
$page->assign('assignees', Post::val('rassigned_to'));
} else {
$assignees = $db->Query('SELECT user_id FROM {assigned} WHERE task_id = ?', $task_details['task_id']);
$page->assign('assignees', $db->FetchCol($assignees));
}
$page->assign('userlist', $userlist);
# Build the category select array, a movetask or normal taskedit
# then in the template just use tpl_select($catselect);
# keep last category selection
$catselected = Req::val('product_category', $task_details['product_category']);
if (isset($move) && $move == 1) {
# listglobalcats
$gcats = $proj->listCategories(0);
if (count($gcats) > 0) {
foreach ($gcats as $cat) {
$gcatopts[] = array('value' => $cat['category_id'], 'label' => $cat['category_name']);
if ($catselected == $cat['category_id']) {
$gcatopts[count($gcatopts) - 1]['selected'] = 1;
}
}
$catsel['options'][] = array('optgroup' => 1, 'label' => L('categoriesglobal'), 'options' => $gcatopts);
}
# listprojectcats
$pcats = $proj->listCategories($proj->id);
if (count($pcats) > 0) {
$where[] = 'h.event_type = ?';
$params[] = $eventtype;
}
$where = '(' . implode(' OR ', $where) . ')';
if ($proj->id) {
$where = $where . 'AND (t.project_id = ? OR h.event_type > 29) ';
$params[] = $proj->id;
}
if (($fromdate = Req::val('fromdate')) || Req::val('todate')) {
$where .= ' AND ';
$todate = Req::val('todate');
if ($fromdate) {
$where .= ' h.event_date > ?';
$params[] = Flyspray::strtotime($fromdate) + 0;
}
if ($todate && $fromdate) {
$where .= ' AND h.event_date < ?';
$params[] = Flyspray::strtotime($todate) + 86400;
} else {
if ($todate) {
$where .= ' h.event_date < ?';
$params[] = Flyspray::strtotime($todate) + 86400;
}
}
}
if (count(Req::val('events'))) {
$histories = $db->Query("SELECT h.*\n FROM {history} h\n LEFT JOIN {tasks} t ON h.task_id = t.task_id\n WHERE {$where}\n ORDER BY {$orderby}", $params, Req::num('event_number', -1));
$histories = $db->FetchAllArray($histories);
}
$page->uses('histories', 'sort');
$page->pushTpl('reports.tpl');
$db->Query("UPDATE {admin_requests}\n SET resolved_by = ?, time_resolved = ?, deny_reason = ?\n WHERE request_id = ?", array($user->id, time(), Req::val('deny_reason'), Req::val('req_id')));
Flyspray::logEvent($req_details['task_id'], 28, Req::val('deny_reason'));
$notify->Create(NOTIFY_PM_DENY_REQUEST, $req_details['task_id'], Req::val('deny_reason'), null, NOTIFY_BOTH, $proj->prefs['lang_code']);
$_SESSION['SUCCESS'] = L('pmreqdeniedmsg');
break;
// ##################
// deny a new user request
// ##################
// ##################
// deny a new user request
// ##################
case 'denyuserreq':
if ($user->perms('is_admin')) {
$db->Query("UPDATE {admin_requests}\n SET resolved_by = ?, time_resolved = ?, deny_reason = ?\n WHERE request_id = ?", array($user->id, time(), Req::val('deny_reason'), Req::val('req_id')));
// Wrong event constant
Flyspray::logEvent(0, 28, Req::val('deny_reason'));
//nee a new event number. need notification. fix smtp first
// Missing notification constant, can't notify yet...
$_SESSION['SUCCESS'] = "New user register request denied";
}
break;
// ##################
// adding a dependency
// ##################
// ##################
// adding a dependency
// ##################
case 'details.newdep':
if (!$user->can_edit_task($task)) {
Flyspray::show_error(L('nopermission'));
//TODO: create a better error message
$amails = $db->x->getCol('SELECT email_address
FROM {users} u
LEFT JOIN {users_in_groups} g ON u.user_id = g.user_id
WHERE g.group_id = 1');
$amails = array_map(create_function('$x', 'return str_replace("@", "#", $x);'), $amails);
$page->assign('admin_emails', $amails);
}
// default title
$page->setTitle($fs->prefs['page_title'] . $proj->prefs['project_title']);
$page->setTheme($proj->prefs['theme_style']);
$page->assign('do', $do);
$page->pushTpl('header.tpl');
if (Flyspray::requestDuplicated()) {
// Check that this page isn't being submitted twice
FlysprayDo::error(array(ERROR_INPUT, L('error3')));
}
/* XXX:
* there is something fishy in the new design, users actions
* should never require the admin specific class.
*/
$class = 'FlysprayDo' . $do;
$mode = new $class();
$mode->show(Req::val('area'));
if (isset($_SESSION)) {
// remove dupe data on error, since no submission happened
if (isset($_SESSION['ERROR']) && isset($_SESSION['requests_hash'])) {
$currentrequest = md5(serialize($_POST));
unset($_SESSION['requests_hash'][$currentrequest]);
}
}
$page->finish('footer.tpl');
}
}
} else {
// Determine if the user should be remembered on this machine
if (Req::has('remember_login')) {
$cookie_time = time() + 60 * 60 * 24 * 30;
// Set cookies for 30 days
} else {
$cookie_time = 0;
// Set cookies to expire when session ends (browser closes)
}
$user = new User($user_id);
// Set a couple of cookies
$passweirded = md5($user->infos['user_pass'] . $conf['general']['cookiesalt']);
Flyspray::setcookie('flyspray_userid', $user->id, $cookie_time);
Flyspray::setcookie('flyspray_passhash', $passweirded, $cookie_time);
// If the user had previously requested a password change, remove the magic url
$remove_magic = $db->Query("UPDATE {users} SET magic_url = '' WHERE user_id = ?", array($user->id));
// Save for displaying
if ($user->infos['login_attempts'] > 0) {
$_SESSION['login_attempts'] = $user->infos['login_attempts'];
}
$db->Query('UPDATE {users} SET login_attempts = 0 WHERE user_id = ?', array($user->id));
$_SESSION['SUCCESS'] = L('loginsuccessful');
}
} else {
// If the user didn't provide both a username and a password, show this error:
Flyspray::show_error(8);
}
Flyspray::Redirect(Req::val('return_to'));
/*
This is the main script that everything else is included
in. Mostly what it does is check the user permissions
to see what they have access to.
*/
define('IN_FS', true);
require_once dirname(__FILE__) . '/header.php';
// Get available do-modes
$modes = str_replace('.php', '', array_map('basename', glob_compat(BASEDIR . "/scripts/*.php")));
$do = Req::enum('do', $modes, $proj->prefs['default_entry']);
if ($do == 'admin' && Req::has('switch') && Req::val('project') != '0') {
$do = 'pm';
} elseif ($do == 'pm' && Req::has('switch') && Req::val('project') == '0') {
$do = 'admin';
} elseif (Req::has('show') || Req::has('switch') && $do == 'details' || $do == 'newtask' && Req::val('project') == '0') {
$do = 'index';
}
/* permission stuff */
if (Cookie::has('flyspray_userid') && Cookie::has('flyspray_passhash')) {
$user = new User(Cookie::val('flyspray_userid'), $proj);
$user->check_account_ok();
$user->save_search($do);
} else {
$user = new User(0, $proj);
}
if (Get::val('getfile')) {
// If a file was requested, deliver it
$result = $db->Query("SELECT t.project_id,\n a.orig_name, a.file_name, a.file_type, t.*\n FROM {attachments} a\n INNER JOIN {tasks} t ON a.task_id = t.task_id\n WHERE attachment_id = ?", array(Get::val('getfile')));
$task = $db->FetchRow($result);
list($proj_id, $orig_name, $file_name, $file_type) = $task;