function newProductBacklog()
{
global $agilemantis_au;
// Check if team-user name fits into MantisBT regulations
if (!(utf8_strlen($this->name) < 22 && user_is_name_valid($this->name) && user_is_name_unique($this->name))) {
return null;
}
$p_username = $this->generateTeamUser($this->name);
$p_email = $this->email;
$p_email = trim($p_email);
$t_seed = $p_email . $p_username;
$t_password = auth_generate_random_password($t_seed);
if (user_is_name_unique($p_username) === true) {
user_create($p_username, $t_password, $p_email, 55, false, true, 'Team-User-' . $_POST['pbl_name']);
} else {
$t_user_id = $this->getUserIdByName($p_username);
user_set_field($t_user_id, 'email', $p_email);
}
$user_id = $this->getLatestUser();
$agilemantis_au->setAgileMantisUserRights($user_id, 1, 0, 0);
if ($this->team == 0) {
$this->team = $this->getLatestUser();
}
$t_sql = "INSERT INTO gadiv_productbacklogs (name, description, user_id) VALUES ( " . db_param(0) . ", " . db_param(1) . ", " . db_param(2) . ") ";
$t_params = array($this->name, $this->description, $user_id);
db_query_bound($t_sql, $t_params);
$this->id = db_insert_id("gadiv_productbacklogs");
$this->user_id = $user_id;
return $this->id;
}
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('string_api.php');
require_api('user_api.php');
require_api('utility_api.php');
require_css('login.css');
$f_error = gpc_get_bool('error');
$f_cookie_error = gpc_get_bool('cookie_error');
$f_return = string_sanitize_url(gpc_get_string('return', ''));
$f_username = gpc_get_string('username', '');
$f_perm_login = gpc_get_bool('perm_login', false);
$f_secure_session = gpc_get_bool('secure_session', false);
$f_secure_session_cookie = gpc_get_cookie(config_get_global('cookie_prefix') . '_secure_session', null);
# Set username to blank if invalid to prevent possible XSS exploits
if (!user_is_name_valid($f_username)) {
$f_username = '';
}
$t_session_validation = ON == config_get_global('session_validation');
# If user is already authenticated and not anonymous
if (auth_is_user_authenticated() && !current_user_is_anonymous()) {
# If return URL is specified redirect to it; otherwise use default page
if (!is_blank($f_return)) {
print_header_redirect($f_return, false, false, true);
} else {
print_header_redirect(config_get('default_home_page'));
}
}
# Check for automatic logon methods where we want the logon to just be handled by login.php
if (auth_automatic_logon_bypass_form()) {
$t_uri = 'login.php';
/**
* Check if the username is a valid username (does not account for uniqueness)
* Trigger an error if the username is not valid
* @param string $p_username The username to check.
* @return void
*/
function user_ensure_name_valid($p_username)
{
if (!user_is_name_valid($p_username)) {
trigger_error(ERROR_USER_NAME_INVALID, ERROR);
}
}
private function validate_username($p_username, $p_rand = '')
{
$t_username = $p_username;
if (utf8_strlen($t_username . $p_rand) > DB_FIELD_SIZE_USERNAME) {
$t_username = utf8_substr($t_username, 0, DB_FIELD_SIZE_USERNAME - strlen($p_rand));
}
$t_username = $t_username . $p_rand;
if (user_is_name_valid($t_username) && user_is_name_unique($t_username)) {
return $t_username;
}
return FALSE;
}
public function post($request)
{
/**
* Creates a new user.
*
* The user will get a confirmation email, and will have the password provided
* in the incoming representation.
*
* @param $request - The Request we're responding to
*/
if (!access_has_global_level(config_get('manage_user_threshold'))) {
throw new HTTPException(403, "Access denied to create user");
}
$new_user = new User();
$new_user->populate_from_repr($request->body);
$username = $new_user->mantis_data['username'];
$password = $new_user->mantis_data['password'];
$email = email_append_domain($new_user->mantis_data['email']);
$access_level = $new_user->mantis_data['access_level'];
$protected = $new_user->mantis_data['protected'];
$enabled = $new_user->mantis_data['enabled'];
$realname = $new_user->mantis_data['realname'];
if (!user_is_name_valid($username)) {
throw new HTTPException(500, "Invalid username");
} elseif (!user_is_realname_valid($realname)) {
throw new HTTPException(500, "Invalid realname");
}
user_create($username, $password, $email, $access_level, $protected, $enabled, $realname);
$new_user_id = user_get_id_by_name($username);
$new_user_url = User::get_url_from_mantis_id($new_user_id);
$this->rsrc_data = $new_user_url;
$resp = new Response();
$resp->status = 201;
$resp->headers[] = "location: {$new_user_url}";
$resp->body = $this->_repr($request);
return $resp;
}
