function login($user, $password)
{
$logger = Logger::getLogger('login');
// WARN: if logger is LoggerAppenderEcho, then logs will break the login Ajax call !
try {
$appenders = $logger->getParent()->getAllAppenders();
$isLog = true;
foreach ($appenders as $appender) {
if ('LoggerAppenderEcho' === get_class($appender)) {
$isLog = false;
break;
}
}
} catch (Exception $e) {
// logs should never break application
$isLog = false;
}
$password = md5($password);
$formattedUser = SqlWrapper::sql_real_escape_string($user);
$formattedPass = SqlWrapper::sql_real_escape_string($password);
$query = "SELECT id, username, realname FROM `mantis_user_table` WHERE username = '******' AND password = '******' AND enabled = 1;";
$result = SqlWrapper::getInstance()->sql_query($query);
if ($result && SqlWrapper::getInstance()->sql_num_rows($result) == 1 && ($row_login = SqlWrapper::getInstance()->sql_fetch_object($result))) {
$_SESSION['userid'] = $row_login->id;
$_SESSION['username'] = $row_login->username;
$_SESSION['realname'] = $row_login->realname;
try {
$user = UserCache::getInstance()->getUser($row_login->id);
$locale = $user->getDefaultLanguage();
if (NULL != $locale) {
$_SESSION['locale'] = $locale;
}
$teamid = $user->getDefaultTeam();
if (0 != $teamid) {
$_SESSION['teamid'] = $teamid;
}
$projid = $user->getDefaultProject();
if (0 != $projid) {
$_SESSION['projectid'] = $projid;
}
} catch (Exception $e) {
if ($isLog && self::$logger->isDebugEnabled()) {
$logger->debug("could not load preferences for user {$row_login->id}");
}
}
if ($isLog) {
$ua = Tools::getBrowser();
$browserStr = $ua['name'] . ' ' . $ua['version'] . ' (' . $ua['platform'] . ')';
$logger->info('user ' . $row_login->id . ' ' . $row_login->username . ' (' . $row_login->realname . '), Team ' . $user->getDefaultTeam() . ', ' . $browserStr);
}
return TRUE;
} else {
#$error = 'login failed !';
return FALSE;
}
}
/**
* @param int $blogPost_id
* @param int $user_id
* @param string $action
* @param int $date
*
* @return int activity id or '0' if failed
*/
public static function addActivity($blogPost_id, $user_id, $action, $date)
{
// check if $blogPost_id exists (foreign keys do not exist in MyISAM)
$fPostId = SqlWrapper::sql_real_escape_string($blogPost_id);
$query = "SELECT id FROM `codev_blog_table` where id = " . $fPostId . ";";
$result = SqlWrapper::getInstance()->sql_query($query);
if (!$result) {
echo "<span style='color:red'>ERROR: Query FAILED</span>";
exit;
}
if (0 == SqlWrapper::getInstance()->sql_num_rows($result)) {
self::$logger->error("addActivity: blogPost '{$fPostId}' does not exist !");
return 0;
}
// add activity
$fUserId = SqlWrapper::sql_real_escape_string($user_id);
$fAction = SqlWrapper::sql_real_escape_string($action);
$fDate = SqlWrapper::sql_real_escape_string($date);
$query = "INSERT INTO `codev_blog_activity_table` " . "(`blog_id`, `user_id`, `action`, `date`) " . "VALUES ('{$fPostId}','{$fUserId}','{$fAction}','{$fDate}')";
$result = SqlWrapper::getInstance()->sql_query($query);
if (!$result) {
echo "<span style='color:red'>ERROR: Query FAILED</span>";
return 0;
}
return SqlWrapper::getInstance()->sql_insert_id();
}
/**
* @param string $name
* @return int the team id or -1 if not found
*/
public static function getIdFromName($name)
{
$formattedName = SqlWrapper::sql_real_escape_string($name);
$query = "SELECT id FROM `codev_team_table` WHERE name = '" . $formattedName . "';";
$result = SqlWrapper::getInstance()->sql_query($query);
if (!$result) {
echo "<span style='color:red'>ERROR: Query FAILED</span>";
exit;
}
return 0 != SqlWrapper::getInstance()->sql_num_rows($result) ? SqlWrapper::getInstance()->sql_result($result, 0) : -1;
}
/**
* Add to email queue
* @param EmailData $p_email_data Email Data structure.
*/
private function email_queue_add(EmailData $emailData)
{
# email cannot be blank
if (Tools::is_blank($emailData->email)) {
self::$logger->error('Recipient email is missing');
return FALSE;
}
# subject cannot be blank
if (Tools::is_blank($emailData->subject)) {
self::$logger->error('email subject is blank');
return FALSE;
}
# body cannot be blank
if (Tools::is_blank($emailData->body)) {
self::$logger->error('email body is blank');
return FALSE;
}
if (Tools::is_blank($emailData->submitted)) {
$emailData->submitted = time();
}
$sqlWrapper = SqlWrapper::getInstance();
$c_email = SqlWrapper::sql_real_escape_string($emailData->email);
$c_subject = SqlWrapper::sql_real_escape_string($emailData->subject);
$c_body = SqlWrapper::sql_real_escape_string($emailData->body);
$c_metadata = serialize($emailData->metadata);
$query = "INSERT INTO `mantis_email_table` (`email`, `subject`, `body`, `submitted`, `metadata`) " . "VALUES ('{$c_email}', '{$c_subject}', '{$c_body}', " . $emailData->submitted . ", '{$c_metadata}');";
#echo "queue email: $query<br>";
$result = SqlWrapper::getInstance()->sql_query($query);
if (!$result) {
echo "<span style='color:red'>ERROR: Query FAILED</span>";
exit;
}
#self::$logger->error('email sent to '.$emailData->email);
return TRUE;
}
/**
* Escapes special characters in a string
* @static
* @param string $unescaped_string The string that is to be escaped.
* @return string the escaped string, or false on error.
*/
public static function escape_string($unescaped_string)
{
return SqlWrapper::sql_real_escape_string($unescaped_string);
}
/**
* Parse plugin direcories to find plugins and update the database.
*
* Note: Directory name must be SAME AS plugin className
* Plugin must implement IndicatorPlugin interface
*
* removed plugins must be marked too.
*/
public function discoverNewPlugins()
{
$validPlugins = array();
// foreach directory
$dirContent = array_diff(scandir(self::$pluginsDir), array('..', '.'));
foreach ($dirContent as $file) {
// remove files
if (!is_dir(self::$pluginsDir . DIRECTORY_SEPARATOR . $file)) {
continue;
}
// remove Dir that do not contain a Plugin class implementing IndicatorPluginInterface
$pluginClassFilename = self::$pluginsDir . DIRECTORY_SEPARATOR . $file . DIRECTORY_SEPARATOR . $file . '.class.php';
if (!is_file($pluginClassFilename)) {
// remove & warn
#echo "plugin class not found -------- $pluginClassFilename<br>";
continue;
} else {
$interfaceList = class_implements($file);
#echo "interfaces: ".var_export($interfaceList, true).'<br>';
if (NULL == $interfaceList || !in_array('IndicatorPluginInterface', $interfaceList)) {
// remove & warn
#echo "no plugin interface -------- ".$file."<br>";
continue;
}
}
$validPlugins[$file] = 0;
// '0' means not yet checked with DB
}
self::$logger->debug("validPlugins: " . var_export($validPlugins, true));
// compare with DB list
$query = "SELECT * FROM `codev_plugin_table`;";
$result = SqlWrapper::getInstance()->sql_query($query);
if (!$result) {
echo "<span style='color:red'>ERROR: Query FAILED</span>";
exit;
}
$hasChanged = false;
while ($row = SqlWrapper::getInstance()->sql_fetch_object($result)) {
// if not found in validPlugins, set as REMOVED
if (!array_key_exists($row->name, $validPlugins)) {
if (self::PLUGIN_STATUS_REMOVED != $row->status) {
#echo "must set as removed: $row->name<br>";
$query2 = "UPDATE `codev_plugin_table` SET `status`=" . self::PLUGIN_STATUS_REMOVED . " WHERE `name` = '" . $row->name . "';";
$result2 = SqlWrapper::getInstance()->sql_query($query2);
if (!$result2) {
echo "<span style='color:red'>ERROR: Query FAILED</span>";
exit;
}
$hasChanged = true;
}
} else {
// if found, 'REMOVED' => 'DISABLED' & update other fields.
#echo "must be updated: $row->name<br>";
// do not disable an already enabled plugin
$pStatus = self::PLUGIN_STATUS_REMOVED == $row->status ? self::PLUGIN_STATUS_DISABLED : $row->status;
$reflectionMethod = new ReflectionMethod($row->name, 'getDesc');
$pDesc = $reflectionMethod->invoke(NULL);
$pDesc = SqlWrapper::sql_real_escape_string($pDesc);
$reflectionMethod = new ReflectionMethod($row->name, 'getDomains');
$pDomains = implode(',', $reflectionMethod->invoke(NULL));
$reflectionMethod = new ReflectionMethod($row->name, 'getCategories');
$pCat = implode(',', $reflectionMethod->invoke(NULL));
$reflectionMethod = new ReflectionMethod($row->name, 'getVersion');
$pVersion = $reflectionMethod->invoke(NULL);
$query3 = "UPDATE `codev_plugin_table` SET " . "`status`='{$pStatus}', " . "`domains`='{$pDomains}', " . "`categories`='{$pCat}', " . "`version`='{$pVersion}', " . "`description`='{$pDesc}' " . "WHERE `name` = '" . $row->name . "';";
$result3 = SqlWrapper::getInstance()->sql_query($query3);
if (!$result3) {
echo "<span style='color:red'>ERROR: Query FAILED</span>";
exit;
}
// DB was updated, but the classmap does not need an update
// (unless the plugin Dir has changed...)
//$hasChanged = true;
}
$validPlugins[$row->name] = 1;
// checked with DB
}
// if not found in DB, add new as DISABLED
foreach ($validPlugins as $pName => $checkedWithDB) {
if (0 == $checkedWithDB) {
#echo "new plugin found: $pName<br>";
$reflectionMethod = new ReflectionMethod($pName, 'getDesc');
$pDesc = $reflectionMethod->invoke(NULL);
$pDesc = SqlWrapper::sql_real_escape_string($pDesc);
$reflectionMethod = new ReflectionMethod($pName, 'getDomains');
$pDomains = implode(',', $reflectionMethod->invoke(NULL));
$reflectionMethod = new ReflectionMethod($pName, 'getCategories');
$pCat = implode(',', $reflectionMethod->invoke(NULL));
$reflectionMethod = new ReflectionMethod($pName, 'getVersion');
$pVersion = $reflectionMethod->invoke(NULL);
$query4 = "INSERT INTO `codev_plugin_table` (`name`, `description`, `status`, `domains`, `categories`, `version`) " . "VALUES ('{$pName}', '{$pDesc}', '" . self::PLUGIN_STATUS_DISABLED . "', '{$pDomains}', '{$pCat}', '{$pVersion}');";
#echo "new plugin query: $query4<br>";
$result4 = SqlWrapper::getInstance()->sql_query($query4);
if (!$result4) {
echo "<span style='color:red'>ERROR: Query FAILED</span>";
exit;
}
$hasChanged = true;
}
}
// if plugin status changed, re-generate the classmap.ser
if (true == $hasChanged) {
//$this->updateClassmap();
}
}
/**
* Get the version date
* @param int $target_version The target version
* @return int The version date
*/
public function getVersionDate($target_version)
{
if (NULL == $this->versionDateCache) {
$this->versionDateCache = array();
}
$sqlWrapper = SqlWrapper::getInstance();
if (!array_key_exists($target_version, $this->versionDateCache)) {
$query = "SELECT date_order FROM `mantis_project_version_table` " . "WHERE project_id={$this->id} " . "AND version='" . SqlWrapper::sql_real_escape_string($target_version) . "';";
$result = SqlWrapper::getInstance()->sql_query($query);
if (!$result) {
echo "<span style='color:red'>ERROR: Query FAILED</span>";
exit;
}
$targetVersionDate = 0 != $sqlWrapper->sql_num_rows($result) ? $sqlWrapper->sql_result($result, 0) : 0;
if (self::$logger->isDebugEnabled()) {
self::$logger->debug("{$this->id} target_version date = " . date("Y-m-d", $targetVersionDate));
}
$this->versionDateCache[$target_version] = $targetVersionDate <= 1 ? NULL : $targetVersionDate;
}
return $this->versionDateCache[$target_version];
}
/**
* Add or update an Item (in DB and Cache)
* Note: update does not change the type.
* @static
* @param string $id
* @param string $value
* @param int $type
* @param string $desc
* @param int $project_id
* @param int $user_id
* @param int $team_id
* @param int $command_id
* @param int $commandset_id
* @param int $servicecontract_id
*/
public static function setValue($id, $value, $type, $desc = NULL, $project_id = 0, $user_id = 0, $team_id = 0, $command_id = 0, $cset_id = 0, $service_id = 0)
{
$formattedValue = SqlWrapper::sql_real_escape_string($value);
$formattedDesc = SqlWrapper::sql_real_escape_string($desc);
// add/update DB
$query = "SELECT * FROM `codev_config_table` " . "WHERE config_id = '{$id}' " . "AND project_id = {$project_id} " . "AND user_id = {$user_id} " . "AND team_id = {$team_id} " . "AND command_id = {$command_id} " . "AND commandset_id = {$cset_id} " . "AND servicecontract_id = {$service_id} ";
$result = SqlWrapper::getInstance()->sql_query($query);
if (!$result) {
echo "<span style='color:red'>ERROR: Query FAILED</span>";
exit;
}
if (0 != SqlWrapper::getInstance()->sql_num_rows($result)) {
$query = "UPDATE `codev_config_table` " . "SET value = '{$formattedValue}' " . "WHERE config_id = '{$id}' " . "AND project_id = {$project_id} " . "AND user_id = {$user_id} " . "AND team_id = {$team_id} " . "AND command_id = {$command_id} " . "AND commandset_id = {$cset_id} " . "AND servicecontract_id = {$service_id} ";
if (self::$logger->isDebugEnabled()) {
self::$logger->debug("UPDATE setValue {$id}: {$value} (t={$type}) {$desc}");
self::$logger->debug("UPDATE query = {$query}");
}
} else {
$query = "INSERT INTO `codev_config_table` " . "(`config_id`, `value`, `type`, `description`, `project_id`, `user_id`, `team_id`, `command_id`, `commandset_id`, `servicecontract_id`) " . "VALUES ('{$id}', '{$formattedValue}', '{$type}', '{$formattedDesc}', {$project_id}, {$user_id}, {$team_id}, {$command_id}, {$cset_id}, {$service_id});";
if (self::$logger->isDebugEnabled()) {
self::$logger->debug("INSERT Config::setValue {$id}: {$value} (t={$type}) {$desc}");
self::$logger->debug("INSERT query = {$query}");
}
}
$result = SqlWrapper::getInstance()->sql_query($query);
if (!$result) {
echo "<span style='color:red'>ERROR: Query FAILED</span>";
exit;
}
$new_id = $id . "_" . $user_id . $project_id . $team_id . $service_id . $cset_id . $command_id;
// add/replace Cache
self::$configVariables[$new_id] = new ConfigItem($id, $value, $type);
}
/**
* @param type $text
* @param type $user_id
* @param type $timestamp
* @return int revision_id
*/
private function revisionAdd($text, $user_id, $timestamp)
{
$query = "INSERT INTO `mantis_bug_revision_table` (bug_id, bugnote_id, user_id, timestamp, type, value) " . "VALUES ({$this->bug_id}, {$this->id}, {$user_id}, {$timestamp}, " . self::rev_type_bugnote . ", '" . SqlWrapper::sql_real_escape_string($text) . "')";
$result = SqlWrapper::getInstance()->sql_query($query);
if (!$result) {
echo "<span style='color:red'>ERROR: Query FAILED</span>";
exit;
}
$revision_id = SqlWrapper::getInstance()->sql_insert_id();
return $revision_id;
}
public function update()
{
$query = "UPDATE `codev_wbs_table` SET " . "`title` = '" . SqlWrapper::sql_real_escape_string($this->title) . "'" . ", `order` = " . $this->order . ", `parent_id` = " . (is_null($this->parentId) ? "NULL" : $this->parentId) . ", `icon` = " . (is_null($this->icon) ? "NULL" : $this->icon) . ", `font` = " . (is_null($this->font) ? "NULL" : $this->font) . ", `color` = " . (is_null($this->color) ? "NULL" : $this->color) . ", `expand` = " . ($this->expand ? '1' : '0') . " WHERE `id` = " . $this->id;
$result = SqlWrapper::getInstance()->sql_query($query);
if (!$result) {
echo "<span style='color:red'>ERROR: Query FAILED</span>";
exit;
}
}