function newProductBacklog() { global $agilemantis_au; // Check if team-user name fits into MantisBT regulations if (!(utf8_strlen($this->name) < 22 && user_is_name_valid($this->name) && user_is_name_unique($this->name))) { return null; } $p_username = $this->generateTeamUser($this->name); $p_email = $this->email; $p_email = trim($p_email); $t_seed = $p_email . $p_username; $t_password = auth_generate_random_password($t_seed); if (user_is_name_unique($p_username) === true) { user_create($p_username, $t_password, $p_email, 55, false, true, 'Team-User-' . $_POST['pbl_name']); } else { $t_user_id = $this->getUserIdByName($p_username); user_set_field($t_user_id, 'email', $p_email); } $user_id = $this->getLatestUser(); $agilemantis_au->setAgileMantisUserRights($user_id, 1, 0, 0); if ($this->team == 0) { $this->team = $this->getLatestUser(); } $t_sql = "INSERT INTO gadiv_productbacklogs (name, description, user_id) VALUES ( " . db_param(0) . ", " . db_param(1) . ", " . db_param(2) . ") "; $t_params = array($this->name, $this->description, $user_id); db_query_bound($t_sql, $t_params); $this->id = db_insert_id("gadiv_productbacklogs"); $this->user_id = $user_id; return $this->id; }
require_api('html_api.php'); require_api('lang_api.php'); require_api('print_api.php'); require_api('string_api.php'); require_api('user_api.php'); require_api('utility_api.php'); require_css('login.css'); $f_error = gpc_get_bool('error'); $f_cookie_error = gpc_get_bool('cookie_error'); $f_return = string_sanitize_url(gpc_get_string('return', '')); $f_username = gpc_get_string('username', ''); $f_perm_login = gpc_get_bool('perm_login', false); $f_secure_session = gpc_get_bool('secure_session', false); $f_secure_session_cookie = gpc_get_cookie(config_get_global('cookie_prefix') . '_secure_session', null); # Set username to blank if invalid to prevent possible XSS exploits if (!user_is_name_valid($f_username)) { $f_username = ''; } $t_session_validation = ON == config_get_global('session_validation'); # If user is already authenticated and not anonymous if (auth_is_user_authenticated() && !current_user_is_anonymous()) { # If return URL is specified redirect to it; otherwise use default page if (!is_blank($f_return)) { print_header_redirect($f_return, false, false, true); } else { print_header_redirect(config_get('default_home_page')); } } # Check for automatic logon methods where we want the logon to just be handled by login.php if (auth_automatic_logon_bypass_form()) { $t_uri = 'login.php';
/** * Check if the username is a valid username (does not account for uniqueness) * Trigger an error if the username is not valid * @param string $p_username The username to check. * @return void */ function user_ensure_name_valid($p_username) { if (!user_is_name_valid($p_username)) { trigger_error(ERROR_USER_NAME_INVALID, ERROR); } }
private function validate_username($p_username, $p_rand = '') { $t_username = $p_username; if (utf8_strlen($t_username . $p_rand) > DB_FIELD_SIZE_USERNAME) { $t_username = utf8_substr($t_username, 0, DB_FIELD_SIZE_USERNAME - strlen($p_rand)); } $t_username = $t_username . $p_rand; if (user_is_name_valid($t_username) && user_is_name_unique($t_username)) { return $t_username; } return FALSE; }
public function post($request) { /** * Creates a new user. * * The user will get a confirmation email, and will have the password provided * in the incoming representation. * * @param $request - The Request we're responding to */ if (!access_has_global_level(config_get('manage_user_threshold'))) { throw new HTTPException(403, "Access denied to create user"); } $new_user = new User(); $new_user->populate_from_repr($request->body); $username = $new_user->mantis_data['username']; $password = $new_user->mantis_data['password']; $email = email_append_domain($new_user->mantis_data['email']); $access_level = $new_user->mantis_data['access_level']; $protected = $new_user->mantis_data['protected']; $enabled = $new_user->mantis_data['enabled']; $realname = $new_user->mantis_data['realname']; if (!user_is_name_valid($username)) { throw new HTTPException(500, "Invalid username"); } elseif (!user_is_realname_valid($realname)) { throw new HTTPException(500, "Invalid realname"); } user_create($username, $password, $email, $access_level, $protected, $enabled, $realname); $new_user_id = user_get_id_by_name($username); $new_user_url = User::get_url_from_mantis_id($new_user_id); $this->rsrc_data = $new_user_url; $resp = new Response(); $resp->status = 201; $resp->headers[] = "location: {$new_user_url}"; $resp->body = $this->_repr($request); return $resp; }