/**
* Check the return value of the user_get_id()
*/
public function testGetValidUserId()
{
$this->ci->load->model('user_model');
$userDetail = $this->ci->user_model->getUserByUsername($this->_username);
$this->ci->session->set_userdata((array) $userDetail[0]);
$this->assertEquals($userDetail[0]->ID, user_get_id());
}
</head>
<body id="page-<?php
echo menu_get_current_area();
?>
">
<div id="hd">
<div class="container_12 top">
<div class="grid_12">
<div class="usr">
<div class="wrapper">
<?php
if (user_is_auth()) {
?>
Logged in as <strong><a href="/user/view/<?php
echo user_get_id();
?>
"><?php
echo escape(user_get_username());
?>
</a></strong> |
<a href="/user/main">Account</a> |
<a href="/user/logout">Logout</a>
<?php
} else {
?>
<a href="/user/login">Login</a> or <a href="/user/register">Register</a>
<?php
}
?>
</div>
function generate_auth_options($auth_options = array(), $options_extend = false, $return_link = false)
{
global $_CLASS, $site_file_root;
$auth_options['groups'][0] = empty($auth_options['groups'][0]) ? array() : $auth_options['groups'][0];
$auth_options['groups'][1] = empty($auth_options['groups'][1]) ? array() : $auth_options['groups'][1];
$auth_options['users'] = empty($auth_options['users']) ? array() : $auth_options['users'];
$mode = $return = false;
$checks = array('add', 'remove', 'set');
foreach ($checks as $check) {
if (isset($_POST[$check])) {
$mode = $check;
break;
}
}
if ($mode) {
require_once $site_file_root . 'includes/functions_user.php';
$ids = array('groups' => array(), 'users' => array());
switch ($mode) {
case 'add':
$setup['groups'] = get_variable('groups_add', 'POST', array(), 'array');
$setup['users'] = explode("\n", get_variable('users_add', 'POST'));
$submited_options = get_variable('auth_options', 'POST', array(), 'array');
if (count($setup['users'])) {
$setup['users'] = user_get_id($setup['users'], $null);
}
if (count($setup['groups'])) {
$sql = 'SELECT group_id
FROM ' . GROUPS_TABLE . '
WHERE group_id IN (' . implode(', ', array_map('intval', $setup['groups'])) . ')';
$result = $_CLASS['core_db']->query($sql);
$setup['groups'] = array();
while ($row = $_CLASS['core_db']->fetch_row_assoc($result)) {
$setup['groups'][] = $row['group_id'];
}
$_CLASS['core_db']->free_result($result);
}
foreach ($setup['groups'] as $id) {
$auth_options['groups'][$submited_options['core_auth_type']][$id] = array('core_status' => $submited_options['core_status']);
}
foreach ($setup['users'] as $id) {
$auth_options['users'][$id] = array('core_status' => $submited_options['core_status']);
}
unset($setup);
//print_r($auth_options); die;
break;
case 'remove':
$ids['groups'] = array_map('intval', get_variable('groups_current', 'POST', array(), 'array'));
$ids['users'] = array_map('intval', get_variable('users_current', 'POST', array(), 'array'));
$function = $mode == 'add' ? 'array_merge' : 'array_diff';
// We need to tell with is only group and with is in group.
foreach ($ids['groups'] as $groups_id) {
if (isset($auth_options['groups'][1][$groups_id])) {
unset($auth_options['groups'][1][$groups_id]);
}
if (isset($auth_options['groups'][0][$groups_id])) {
unset($auth_options['groups'][0][$groups_id]);
}
}
foreach ($auth_options['users'] as $key => $ignore) {
if (in_array($key, $ids['users'])) {
unset($auth_options['users'][$key]);
}
}
break;
case 'set':
break;
}
$return = null;
if (!empty($auth_options['users']) || !empty($auth_options['groups'][0]) || !empty($auth_options['groups'][1])) {
$return =& $auth_options;
}
}
$group_list = $allowed_group_list = $disallowed_group_list = $allowed_user_list = $disallowed_user_list = '';
if (!empty($auth_options['users'])) {
$sql = 'SELECT user_id, username, user_colour
FROM ' . USERS_TABLE . '
WHERE user_id IN (' . implode(', ', array_keys($auth_options['users'])) . ')
ORDER BY username';
$result = $_CLASS['core_db']->query($sql);
while ($row = $_CLASS['core_db']->fetch_row_assoc($result)) {
$user_list = $auth_options['users'][$row['user_id']]['core_status'] == 1 ? 'allowed_user_list' : 'disallowed_user_list';
${$user_list} .= '<option ' . ($row['user_colour'] ? ' style="color: #' . $row['user_colour'] . ';"' : '') . ' value="' . $row['user_id'] . '">' . $row['username'] . '</option>';
}
$_CLASS['core_db']->free_result($result);
}
// this can be removed, when everthing else is updated
$groups_ids = array_merge(array_keys($auth_options['groups'][0]), array_keys($auth_options['groups'][1]));
if (!empty($groups_ids)) {
$sql = 'SELECT group_id, group_name, group_type
FROM ' . GROUPS_TABLE . '
WHERE group_id IN (' . implode(', ', $groups_ids) . ')
ORDER BY group_type DESC, group_name';
$result = $_CLASS['core_db']->query($sql);
while ($row = $_CLASS['core_db']->fetch_row_assoc($result)) {
$group_auth_type = isset($auth_options['groups'][1][$row['group_id']]['core_status']) ? 1 : 0;
$group_list = $auth_options['groups'][$group_auth_type][$row['group_id']]['core_status'] ? 'allowed_group_list' : 'disallowed_group_list';
${$group_list} .= '<option' . ($group_auth_type == 1 ? ' style="color: #006699;"' : '') . ' value="' . $row['group_id'] . '">' . (isset($_CLASS['core_user']->lang['G_' . $row['group_name']]) ? $_CLASS['core_user']->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>';
}
$_CLASS['core_db']->free_result($result);
}
$sql = 'SELECT group_id, group_name, group_type
FROM ' . GROUPS_TABLE . (empty($groups_ids) ? '' : ' WHERE group_id NOT IN (' . implode(', ', $groups_ids) . ')') . '
ORDER BY group_type DESC, group_name';
$result = $_CLASS['core_db']->query($sql);
while ($row = $_CLASS['core_db']->fetch_row_assoc($result)) {
$group_list .= '<option value="' . $row['group_id'] . '">' . (isset($_CLASS['core_user']->lang['G_' . $row['group_name']]) ? $_CLASS['core_user']->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>';
}
$_CLASS['core_db']->free_result($result);
$_CLASS['core_template']->assign(array('P_ADD_GROUPS' => $group_list, 'P_CURRENT_USERS' => $allowed_user_list, 'P_DCURRENT_USERS' => $disallowed_user_list, 'P_CURRENT_GROUPS' => $allowed_group_list, 'P_DCURRENT_GROUPS' => $disallowed_group_list));
$_CLASS['core_template']->display('permission.html');
return $return;
}
<?php
$login_errors = array();
if (isset($_POST['mail'])) {
if (FALSE === filter_var($_POST['mail'], FILTER_VALIDATE_EMAIL)) {
$login_errors[] = 'Email is not valid';
}
if (strlen($_POST['pass']) === 0) {
$login_errors[] = 'Password is empty';
}
if (empty($login_errors)) {
$user_id = user_get_id($_POST['mail'], $_POST['pass']);
if ($user_id) {
$_SESSION['user_id'] = $user_id;
header('Location: index.php');
die;
}
}
}
</div>
<div class="box">
<h2>Comments</h2>
<div class="UserViewCommentDetailsControl" onclick="$('.UserViewCommentDetails').css('display', 'block'); $('.UserViewCommentDetailsControl').css('display', 'none');">(Show Details)</div>
<div class="UserViewCommentDetails" onclick="$('.UserViewCommentDetails').css('display', 'none'); $('.UserViewCommentDetailsControl').css('display', 'block');">(Hide Details)</div>
<?php
if (count($comments) == 0) {
?>
<p>No comments so far</p>
<?php
} else {
?>
<?php
foreach ($comments as $k => $v) {
if ($v->private && user_get_id() != $details[0]->ID) {
continue;
}
?>
<div class="row">
<?php
echo rating_image($v->rating, "small");
?>
<div class="UserViewCommentDetails">(<?php
echo date('d.M.Y', $v->date_made);
?>
)</div><strong><a href="/talk/view/<?php
echo $v->talk_id;
?>
#comment-<?php
echo $v->ID;
echo form_hidden('edit_comment');
?>
<label for="comment">Comment</label>
<?php
echo form_textarea(array('name' => 'comment', 'id' => 'comment', 'value' => $this->validation->comment, 'cols' => 40, 'rows' => 10));
?>
<label class="checkbox">
<?php
echo form_checkbox('private', '1');
?>
Mark as private?
</label>
<div class="clear"></div>
</div>
<?php
if (isset($claimed[0]->userid) && $claimed[0]->userid != 0 && user_get_id() == $claimed[0]->userid) {
} else {
?>
<div class="row">
<label for="rating">Rating</label>
<div class="rating">
<?php
echo rating_form('rating', $this->validation->rating);
?>
</div>
<div class="clear"></div>
</div>
<?php
}
?>
<div class="row row-buttons">
# $RCSfile: login_switch_proj.php,v $ $Revision: 1.1.1.1 $
# ------------------------------------
include_once "./api/include_api.php";
$logged_in = session_getLogged_in();
$username = $_POST['uname'];
$switch_project = $_POST['login']['switch_project'];
$redirect_page = $_POST['login']['page'];
$redirect_page_get = $_POST['login']['get'];
# If user not logged in, then redirect back to the page they tried to login from
# auth_authenticate_user() will display the login forms
if (!$logged_in) {
html_redirect($redirect_page . "?" . $redirect_page_get);
}
# Check that $switch_project is not blank and that the user has access rights to the project.
# Doing this to check access rights when loggin in from urls that contain the $_GET[project_id] variable.
if (!empty($switch_project) && user_has_rights(project_get_id($switch_project), user_get_id($username), USER)) {
$new_project_name = $switch_project;
} else {
error_report_show('login.php', PROJECT_SWITCH_FAILED);
}
session_set_new_project_name($new_project_name);
session_reset_project();
session_initialize();
session_setLogged_in(TRUE);
session_set_application_details($new_project_name, session_get_username());
if (isset($_POST['javascript_disabled'])) {
session_set_javascript_enabled(false);
} else {
session_set_javascript_enabled(true);
}
# redirect to the appropriate page
function handle_message_list_actions(&$address_list, $remove_u, $remove_g, $add_to, $add_bcc)
{
global $_REQUEST, $site_file_root;
// Delete User [TO/BCC]
if ($remove_u) {
$remove_user_id = array_keys($_REQUEST['remove_u']);
unset($address_list['u'][(int) $remove_user_id[0]]);
}
// Delete Group [TO/BCC]
if ($remove_g) {
$remove_group_id = array_keys($_REQUEST['remove_g']);
unset($address_list['g'][(int) $remove_group_id[0]]);
}
// Add User/Group [TO]
if ($add_to || $add_bcc) {
$type = $add_to ? 'to' : 'bcc';
// Add Selected Groups
$group_list = isset($_REQUEST['group_list']) ? array_map('intval', $_REQUEST['group_list']) : array();
if (!empty($group_list)) {
foreach ($group_list as $group_id) {
$address_list['g'][$group_id] = $type;
}
}
// Build usernames to add
$usernames = isset($_REQUEST['username']) ? array(request_var('username', '')) : array();
$username_list = request_var('username_list', '');
if ($username_list) {
$usernames = array_merge($usernames, explode("\n", $username_list));
}
// Reveal the correct user_ids
if (!empty($usernames)) {
require_once $site_file_root . 'includes/functions_user.php';
$user_id_ary = user_get_id($usernames, $difference);
if (!empty($user_id_ary)) {
foreach ($user_id_ary as $user_id) {
$address_list['u'][$user_id] = $type;
}
}
}
// Add Friends if specified
$friend_list = is_array($_REQUEST['add_' . $type]) ? array_map('intval', array_keys($_REQUEST['add_' . $type])) : array();
foreach ($friend_list as $user_id) {
$address_list['u'][$user_id] = $type;
}
}
}
function user_edit($username, $password, $first_name, $last_name, $email, $phone, $tempest_rights, $default_project, $project_prefs, $add_to_projects)
{
$tbl_user = USER_TBL;
$f_user_id = $tbl_user . "." . USER_ID;
$f_username = $tbl_user . "." . USER_UNAME;
$f_email = $tbl_user . "." . USER_EMAIL;
$f_first_name = $tbl_user . "." . USER_FNAME;
$f_last_name = $tbl_user . "." . USER_LNAME;
$f_phone = $tbl_user . "." . USER_PHONE;
$f_password = $tbl_user . "." . USER_PWORD;
$f_tempest_admin = $tbl_user . "." . USER_ADMIN;
$f_user_default_project = $tbl_user . "." . USER_DEFAULT_PROJECT;
global $db;
$user_id = user_get_id($username);
# Update user table
$q = "\tUPDATE {$tbl_user}\n\t\t\tSET\t{$f_username} = '{$username}',";
if (!empty($password)) {
if (LOGIN_METHOD == 'MD5') {
$password = auth_process_plain_password($password);
}
$q .= "{$f_password} = '{$password}',";
}
$q .= "\t\t{$f_first_name} = '{$first_name}',\n\t\t\t\t{$f_last_name} = '{$last_name}',\n\t\t\t\t{$f_email} = '{$email}',\n\t\t\t\t{$f_phone} = '{$phone}',\n\t\t\t\t{$f_tempest_admin} = '{$tempest_rights}',\n\t\t\t\t{$f_user_default_project} = '{$default_project}'\n\t\t\tWHERE\n\t\t\t\t{$f_user_id} = {$user_id}";
db_query($db, $q);
$tbl_proj_user_assoc = PROJECT_USER_ASSOC_TBL;
$f_proj_user_id = $tbl_proj_user_assoc . "." . PROJ_USER_ID;
$f_proj_user_proj_id = $tbl_proj_user_assoc . "." . PROJ_USER_PROJ_ID;
$f_proj_user_user_id = $tbl_proj_user_assoc . "." . PROJ_USER_USER_ID;
$f_user_rights = $tbl_proj_user_assoc . "." . PROJ_USER_PROJECT_RIGHTS;
$f_delete_rights = $tbl_proj_user_assoc . "." . PROJ_USER_DELETE_RIGHTS;
$f_email_testset = $tbl_proj_user_assoc . "." . PROJ_USER_EMAIL_TESTSET;
$f_email_discussion = $tbl_proj_user_assoc . "." . PROJ_USER_EMAIL_REQ_DISCUSSION;
$f_email_new_bug = $tbl_proj_user_assoc . "." . PROJ_USER_EMAIL_NEW_BUG;
$f_email_update_bug = $tbl_proj_user_assoc . "." . PROJ_USER_EMAIL_UPDATE_BUG;
$f_email_assigned = $tbl_proj_user_assoc . "." . PROJ_USER_EMAIL_ASSIGNED_BUG;
$f_email_bugnote = $tbl_proj_user_assoc . "." . PROJ_USER_EMAIL_BUGNOTE_BUG;
$f_email_status = $tbl_proj_user_assoc . "." . PROJ_USER_EMAIL_STATUS_BUG;
$f_qa_owner = $tbl_proj_user_assoc . "." . PROJ_USER_QA_OWNER;
$f_ba_owner = $tbl_proj_user_assoc . "." . PROJ_USER_BA_OWNER;
$tbl_project = PROJECT_TBL;
$f_proj_id = $tbl_project . "." . PROJ_ID;
$f_proj_name = $tbl_project . "." . PROJ_NAME;
# update associations
# change prefs or delete associations
foreach ($project_prefs as $project_id => $value) {
$project_id = project_get_id($value['project_name']);
if ($value['remove'] == 'N') {
$q = "\tUPDATE {$tbl_proj_user_assoc}\n\t\t\t\t\tSET\n\t\t\t\t\t\t{$f_user_rights} = '" . $value['project_rights'] . "',\n\t\t\t\t\t\t{$f_delete_rights} = '" . $value['delete_rights'] . "',\n\t\t\t\t\t\t{$f_email_testset} = '" . $value['email_testset'] . "',\n\t\t\t\t\t\t{$f_email_discussion} = '" . $value['email_discussion'] . "',\n\t\t\t\t\t\t{$f_email_new_bug} = '" . $value['email_new_bug'] . "',\n\t\t\t\t\t\t{$f_email_update_bug} = '" . $value['email_update_bug'] . "',\n\t\t\t\t\t\t{$f_email_assigned} = '" . $value['email_assigned_bug'] . "',\n\t\t\t\t\t\t{$f_email_bugnote} = '" . $value['email_bugnote_bug'] . "',\n\t\t\t\t\t\t{$f_email_status} = '" . $value['email_status_bug'] . "',\n\t\t\t\t\t\t{$f_qa_owner} = '" . $value['qa_owner'] . "',\n\t\t\t\t\t\t{$f_ba_owner} = '" . $value['ba_owner'] . "'\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t{$f_proj_user_proj_id} = {$project_id}\n\t\t\t\t\t\tAND {$f_proj_user_user_id} = {$user_id}";
} else {
$q = "\tDELETE FROM {$tbl_proj_user_assoc}\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t{$f_proj_user_proj_id} = {$project_id}\n\t\t\t\t\t\tAND {$f_proj_user_user_id} = {$user_id}";
}
db_query($db, $q);
}
# add associations
foreach ($add_to_projects as $project_name) {
$project_id = project_get_id($project_name);
$q = "\tINSERT INTO {$tbl_proj_user_assoc}\n\t\t\t\t\t(\t{$f_proj_user_user_id},\n\t\t\t\t\t\t{$f_proj_user_proj_id},\n\t\t\t\t\t\t{$f_user_rights},\n\t\t\t\t\t\t{$f_delete_rights},\n\t\t\t\t\t\t{$f_email_testset},\n\t\t\t\t\t\t{$f_email_discussion},\n\t\t\t\t\t\t{$f_qa_owner},\n\t\t\t\t\t\t{$f_ba_owner} )\n\t\t\t\tVALUES\n\t\t\t\t\t(\t{$user_id},\n\t\t\t\t\t\t{$project_id},\n\t\t\t\t\t\t'10',\n\t\t\t\t\t\t'N',\n\t\t\t\t\t\t'N',\n\t\t\t\t\t\t'N',\n\t\t\t\t\t\t'N',\n\t\t\t\t\t\t'N' )";
db_query($db, $q);
}
}
# ---------------------------------------------------------------------
include "./api/include_api.php";
include "./api/rndPass.class.php";
auth_authenticate_user();
$redirect_page = 'user_add_page.php';
$edit_page = 'user_add_page.php';
$proj_properties = session_set_properties("project_manage", $_POST);
session_validate_form_set($_POST, $edit_page);
$username = session_validate_form_get_field("username_required");
$first_name = session_validate_form_get_field("first_name_required");
$last_name = session_validate_form_get_field("last_name_required");
$email = session_validate_form_get_field("email_required");
$phone = session_validate_form_get_field("phone");
$projects = session_validate_form_get_field("user_add_to_projects_required");
# check username unique
if (user_get_id($username)) {
error_report_show($edit_page, USERNAME_NOT_UNIQUE);
}
# check if username contains blanks
$blank = ' ';
//whitespace
if (!(strstr($username, $blank) == false)) {
error_report_show($edit_page, USERNAME_CONTAINS_BLANK);
}
if (!preg_match("/^[a-zA-Z0-9\\.]+\$/", $username)) {
error_report_show($edit_page, USERNAME_CONTAINS_INVALID_CHARS);
}
# check email unique
if (user_get_info_by_email($email)) {
error_report_show($edit_page, EMAIL_NOT_UNIQUE);
}
function bug_update_field($bug_id, $field_name, $value)
{
global $db;
$bug_tbl = BUG_TBL;
$f_bug_id = BUG_ID;
$old_value = bug_get_field_value($bug_id, $field_name);
# get the current value
$project_id = session_get_project_id();
$q = "UPDATE {$bug_tbl}\n\t\t SET {$field_name} = '{$value}'\n\t\t WHERE {$f_bug_id} = '{$bug_id}'";
db_query($db, $q);
# update field
# If the user has assigned a bug
if ($field_name == BUG_ASSIGNED_TO || $field_name == BUG_ASSIGNED_TO_DEVELOPER) {
# Only add record to monitor table and email user if assigned_to array is true
if ($GLOBALS['default_notify_flags']['assigned_to']) {
$user_id = user_get_id($value);
$action = "assign_bug";
# enter user_id in bug_monitor table and gather recipients for email
bug_monitor_attach_user($bug_id, $user_id);
$recipients = bug_email_collect_recipients($bug_id, $action);
if ($recipients != '') {
bug_email($project_id, $bug_id, $recipients, $action);
}
}
}
# If the user has updated the status
if ($field_name == BUG_STATUS) {
# Only add record to monitor table and email user if status array is true
if ($GLOBALS['default_notify_flags']['status']) {
# enter user_id in bug_monitor table and gather recipients to send email
$action = "update_status";
bug_monitor_attach_user($bug_id);
$recipients = bug_email_collect_recipients($bug_id, $action);
if ($recipients != '') {
bug_email($project_id, $bug_id, $recipients, $action);
}
}
}
# LOG CHANGE IN HISTORY
bug_history_log_event($bug_id, $field_name, $old_value, $value);
}