function session_pagestart($user_ip, $thispage_id)
{
global $db, $lang, $board_config;
global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;
$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
$current_time = time();
unset($userdata);
if (isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data'])) {
$sessiondata = isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array();
$session_id = isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : '';
$sessionmethod = SESSION_METHOD_COOKIE;
} else {
$sessiondata = array();
$session_id = isset($HTTP_GET_VARS['sid']) ? $HTTP_GET_VARS['sid'] : '';
$sessionmethod = SESSION_METHOD_GET;
}
//
if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) {
$session_id = '';
}
$thispage_id = (int) $thispage_id;
//
// Does a session exist?
//
if (!empty($session_id)) {
//
// session_id exists so go ahead and attempt to grab all
// data in preparation
//
$sql = "SELECT u.*, s.*\n\t\t\tFROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u\n\t\t\tWHERE s.session_id = '{$session_id}'\n\t\t\t\tAND u.user_id = s.session_user_id";
if (!($result = $db->sql_query($sql))) {
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
}
$userdata = $db->sql_fetchrow($result);
//
// Did the session exist in the DB?
//
if (isset($userdata['user_id'])) {
// Added by FAI
// Find Public Whip user id
$logged_into_pw = user_isloggedin();
global $user_name;
// Look it up in PHPBB user account list
$result = $db->sql_query("select user_id from phpbb_users where username = '******'");
if ($result) {
$row = $db->sql_fetchrow($result);
$user_id_for_phpbb = $row['user_id'];
}
$url = !empty($HTTP_POST_VARS['redirect']) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : str_replace("/forum/", "", $_SERVER['REQUEST_URI']);
if ($logged_into_pw) {
// If user id is wrong, log into it
if ($user_id_for_phpbb && $user_id_for_phpbb != $userdata['user_id']) {
if ($userdata['user_id'] > 0) {
session_end($userdata['session_id'], $userdata['user_id']);
redirect(append_sid($url, true));
}
$session_id = session_begin($user_id_for_phpbb, $user_ip, PAGE_INDEX, FALSE, TRUE);
redirect(append_sid($url, true));
exit;
}
// Otherwise make new account
if (!$user_id_for_phpbb) {
// Log out first if logged in
if ($userdata['user_id'] > 0) {
session_end($userdata['session_id'], $userdata['user_id']);
redirect(append_sid($url, true));
exit;
}
$sql = "SELECT MAX(user_id) AS total FROM " . USERS_TABLE;
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not obtain next user_id information', '', __LINE__, __FILE__, $sql);
}
if (!($row = $db->sql_fetchrow($result))) {
message_die(GENERAL_ERROR, 'Could not obtain next user_id information', '', __LINE__, __FILE__, $sql);
}
$user_id = $row['total'] + 1;
$notifyreply = 1;
$sql = "INSERT INTO " . USERS_TABLE . "\t \nVALUES ('" . mysql_escape_string($user_id) . "',1,'" . mysql_escape_string($user_name) . "','NEVER***',0,0,0," . time() . ",0,0,0.00,1,'english','D M d, Y g:i a',0,0,0,NULL,0,1,1,1,1,1,1,1,1,1,1,0,'',0,'" . mysql_escape_string(user_getemail()) . "','','','','','','','','','','','',NULL,0,0)";
/* VALUES ($user_id, '" . str_replace("\'", "''", $user_name) . "', " . time() . ", '" . str_replace("\'", "''", "NOT VALID ***") . "', '" . str_replace("\'", "''", user_getemail()) . "', '" . str_replace("\'", "''", $icq) . "', '" . str_replace("\'", "''", $website) . "', '" . str_replace("\'", "''", $occupation) . "', '" . str_replace("\'", "''", $location) . "', '" . str_replace("\'", "''", $interests) . "', '" . str_replace("\'", "''", $signature) . "', '$signature_bbcode_uid', $avatar_sql, $viewemail, '" . str_replace("\'", "''", str_replace(' ', '+', $aim)) . "', '" . str_replace("\'", "''", $yim) . "', '" . str_replace("\'", "''", $msn) . "', $attachsig, $allowsmilies, $allowhtml, $allowbbcode, $allowviewonline, $notifyreply, $notifypm, $popup_pm, $user_timezone, '" . str_replace("\'", "''", $user_dateformat) . "', '" . str_replace("\'", "''", $user_lang) . "', $user_style, 0, 1, ";
*/
if (!($result = $db->sql_query($sql, BEGIN_TRANSACTION))) {
message_die(GENERAL_ERROR, 'Could not insert data into users table', '', __LINE__, __FILE__, $sql);
}
$sql = "INSERT INTO " . GROUPS_TABLE . " (group_name, group_description, group_single_user, group_moderator)\n\t\t\t\tVALUES ('', 'Personal User', 1, 0)";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not insert data into groups table', '', __LINE__, __FILE__, $sql);
}
$group_id = $db->sql_nextid();
$sql = "INSERT INTO " . USER_GROUP_TABLE . " (user_id, group_id, user_pending)\n\t\t\t\tVALUES ({$user_id}, {$group_id}, 0)";
if (!($result = $db->sql_query($sql, END_TRANSACTION))) {
message_die(GENERAL_ERROR, 'Could not insert data into user_group table', '', __LINE__, __FILE__, $sql);
}
$session_id = session_begin($user_id, $user_ip, PAGE_INDEX, FALSE, TRUE);
redirect(append_sid($url, true));
exit;
}
} else {
if ($userdata['user_id'] > 0) {
session_end($userdata['session_id'], $userdata['user_id']);
redirect(append_sid($url, true));
exit;
}
}
// End added by FAI
//
// Do not check IP assuming equivalence, if IPv4 we'll check only first 24
// bits ... I've been told (by vHiker) this should alleviate problems with
// load balanced et al proxies while retaining some reliance on IP security.
//
$ip_check_s = substr($userdata['session_ip'], 0, 6);
$ip_check_u = substr($user_ip, 0, 6);
if ($ip_check_s == $ip_check_u) {
$SID = $sessionmethod == SESSION_METHOD_GET || defined('IN_ADMIN') ? 'sid=' . $session_id : '';
//
// Only update session DB a minute or so after last update
//
if ($current_time - $userdata['session_time'] > 60) {
// A little trick to reset session_admin on session re-usage
$update_admin = !defined('IN_ADMIN') && $current_time - $userdata['session_time'] > $board_config['session_length'] + 60 ? ', session_admin = 0' : '';
$sql = "UPDATE " . SESSIONS_TABLE . " \n\t\t\t\t\t\tSET session_time = {$current_time}, session_page = {$thispage_id}{$update_admin}\n\t\t\t\t\t\tWHERE session_id = '" . $userdata['session_id'] . "'";
if (!$db->sql_query($sql)) {
message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql);
}
if ($userdata['user_id'] != ANONYMOUS) {
$sql = "UPDATE " . USERS_TABLE . " \n\t\t\t\t\t\t\tSET user_session_time = {$current_time}, user_session_page = {$thispage_id}\n\t\t\t\t\t\t\tWHERE user_id = " . $userdata['user_id'];
if (!$db->sql_query($sql)) {
message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql);
}
}
session_clean($userdata['session_id']);
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
}
// Add the session_key to the userdata array if it is set
if (isset($sessiondata['autologinid']) && $sessiondata['autologinid'] != '') {
$userdata['session_key'] = $sessiondata['autologinid'];
}
return $userdata;
}
}
}
//
// If we reach here then no (valid) session exists. So we'll create a new one,
// using the cookie user_id if available to pull basic user prefs.
//
$user_id = isset($sessiondata['userid']) ? intval($sessiondata['userid']) : ANONYMOUS;
if (!($userdata = session_begin($user_id, $user_ip, $thispage_id, TRUE))) {
message_die(CRITICAL_ERROR, 'Error creating user session', '', __LINE__, __FILE__, $sql);
}
return $userdata;
}
function session_require($req)
{
global $Language;
/*
Codendi admins always return true
*/
if (user_is_super_user()) {
return true;
}
if (isset($req['group']) && $req['group']) {
$query = "SELECT user_id FROM user_group WHERE user_id=" . user_getid() . " AND group_id=" . db_ei($req['group']);
if (isset($req['admin_flags']) && $req['admin_flags']) {
$query .= " AND admin_flags = '" . db_escape_string($req['admin_flags']) . "'";
}
if (db_numrows(db_query($query)) < 1 || !$req['group']) {
exit_error($Language->getText('include_session', 'insufficient_g_access'), $Language->getText('include_session', 'no_perm_to_view'));
}
} elseif (isset($req['user']) && $req['user']) {
if (user_getid() != $req['user']) {
exit_error($Language->getText('include_session', 'insufficient_u_access'), $Language->getText('include_session', 'no_perm_to_view'));
}
} elseif (isset($req['isloggedin']) && $req['isloggedin']) {
if (!user_isloggedin()) {
exit_error($Language->getText('include_session', 'required_login'), $Language->getText('include_session', 'login'));
}
} else {
exit_error($Language->getText('include_session', 'insufficient_access'), $Language->getText('include_session', 'no_access'));
}
}
function user_isadministrator()
{
if (user_isloggedin() and session_is_registered('type') and $_SESSION['type'] == 0) {
return true;
}
return false;
}
function commits_header($params)
{
global $group_id, $Language;
$params['toptab'] = 'cvs';
$params['group'] = $group_id;
$pm = ProjectManager::instance();
$project = $pm->getProject($group_id);
if (!$project->usesCVS()) {
exit_error($Language->getText('global', 'error'), $Language->getText('cvs_commit_utils', 'error_off'));
}
echo site_project_header($params);
echo '<P><B><A HREF="/cvs/?func=info&group_id=' . $group_id . '">' . $Language->getText('cvs_commit_utils', 'menu_info') . '</A>';
if ($project->isPublic() || user_isloggedin()) {
$uri = session_make_url('/cvs/viewvc.php/?root=' . $project->getUnixName(false) . '&roottype=cvs');
echo ' | <A HREF="' . $uri . '">' . $Language->getText('cvs_commit_utils', 'menu_browse') . '</A>';
}
if (user_isloggedin()) {
echo ' | <A HREF="/cvs/?func=browse&group_id=' . $group_id . '&set=my">' . $Language->getText('cvs_commit_utils', 'menu_my') . '</A>';
echo ' | <A HREF="/cvs/?func=browse&group_id=' . $group_id . '">' . $Language->getText('cvs_commit_utils', 'menu_query') . '</A>';
}
if (user_ismember($group_id, 'A')) {
echo ' | <A HREF="/cvs/?func=admin&group_id=' . $group_id . '">' . $Language->getText('cvs_commit_utils', 'menu_admin') . '</A>';
}
if (!isset($params['help'])) {
$params['help'] = "cvs.html";
}
echo ' | ' . help_button($params['help'], false, $Language->getText('global', 'help'));
echo '</B>';
echo ' <hr width="300" size="1" align="left" noshade>';
}
function user_isadministrator()
{
if (user_isloggedin() and isset($_SESSION['type']) and $_SESSION['type'] == 0) {
return true;
}
return false;
}
function patch_header($params)
{
global $group_id, $DOCUMENT_ROOT;
$params['toptab'] = 'patch';
$params['group'] = $group_id;
//only projects can use the bug tracker, and only if they have it turned on
$project = project_get_object($group_id);
if (!$project->isProject()) {
exit_error('Error', 'Only Projects Can Use The Patch Manager');
}
if (!$project->usesPatch()) {
exit_error('Error', 'This Project Has Turned Off The Patch Manager');
}
site_project_header($params);
echo '<P><B><A HREF="/patch/?func=addpatch&group_id=' . $group_id . '">Submit A Patch</A>';
if (user_isloggedin()) {
echo ' | <A HREF="/patch/?func=browse&group_id=' . $group_id . '&set=my">My Patches</A>';
}
echo ' | <A HREF="/patch/?func=browse&group_id=' . $group_id . '&set=open">Open Patches</A>';
if (user_isloggedin()) {
echo ' | <A HREF="/patch/reporting/?group_id=' . $group_id . '">Reporting</A>';
}
echo ' | <A HREF="/patch/admin/?group_id=' . $group_id . '">Admin</A>';
echo '</B>';
}
function bug_header($params)
{
global $group_id, $is_bug_page, $DOCUMENT_ROOT;
//used so the search box will add the necessary element to the pop-up box
$is_bug_page = 1;
//required params for site_project_header();
$params['group'] = $group_id;
$params['toptab'] = 'bugs';
$project = project_get_object($group_id);
//only projects can use the bug tracker, and only if they have it turned on
if (!$project->isProject()) {
exit_error('Error', 'Only Projects Can Use The Bug Tracker');
}
if (!$project->usesBugs()) {
exit_error('Error', 'This Project Has Turned Off The Bug Tracker');
}
echo site_project_header($params);
echo '<P><B><A HREF="/bugs/?func=addbug&group_id=' . $group_id . '">Submit A Bug</A>
| <A HREF="/bugs/?func=browse&group_id=' . $group_id . '&set=open">Open Bugs</A>';
if (user_isloggedin()) {
echo ' | <A HREF="/bugs/?func=browse&group_id=' . $group_id . '&set=my">My Bugs</A>';
echo ' | <A HREF="/bugs/?func=modfilters&group_id=' . $group_id . '">Filters</A>';
echo ' | <A HREF="/bugs/reporting/?group_id=' . $group_id . '">Reporting</A>';
}
echo ' | <A HREF="/bugs/admin/?group_id=' . $group_id . '">Admin</A></B>';
}
function feature_header($params)
{
global $group_id, $DOCUMENT_ROOT;
//required by new site_project_header
$params['group'] = $group_id;
$params['toptab'] = 'feature';
//only projects can use the bug tracker, and only if they have it turned on
$project = project_get_object($group_id);
if (!$project->isProject()) {
exit_error('Error', 'Only Projects Can Use The Feature Request Manager');
}
if (!$project->usesFeature()) {
exit_error('Error', 'This Project Has Turned Off The Feature Request Manager');
}
site_project_header($params);
echo '<P><B><A HREF="/feature/?func=addfeature&group_id=' . $group_id . '">Submit A Feature Request</A>';
if (user_isloggedin()) {
echo ' | <A HREF="/feature/?func=browse&group_id=' . $group_id . '&set=my">My Feature Requests</A>';
}
echo ' | <A HREF="/feature/?func=browse&group_id=' . $group_id . '&set=open">Open Feature Requests</A>';
if (user_isloggedin()) {
echo ' | <A HREF="/feature/reporting/?group_id=' . $group_id . '">Reporting</A>';
}
echo ' | <A HREF="/feature/admin/?group_id=' . $group_id . '">Admin</A>';
echo '</B><P>';
}
function support_header($params)
{
global $group_id, $DOCUMENT_ROOT;
//required by new site_project_header
$params['group'] = $group_id;
$params['toptab'] = 'support';
//only projects can use the bug tracker, and only if they have it turned on
$project = project_get_object($group_id);
if (!$project->isProject()) {
exit_error('Error', 'Only Projects Can Use The Tech Support Manager');
}
if (!$project->usesSupport()) {
exit_error('Error', 'This Project Has Turned Off The Tech Support Manager');
}
site_project_header($params);
echo '<P><B><A HREF="/support/?func=addsupport&group_id=' . $group_id . '">Submit A Request</A>';
if (user_isloggedin()) {
echo ' | <A HREF="/support/?func=browse&group_id=' . $group_id . '&set=my">My Requests</A>';
}
echo ' | <A HREF="/support/?func=browse&group_id=' . $group_id . '&set=open">Open Requests</A>';
if (user_isloggedin()) {
echo ' | <A HREF="/support/reporting/?group_id=' . $group_id . '">Reporting</A>';
}
echo ' | <A HREF="/support/admin/?group_id=' . $group_id . '">Admin</A>';
echo '</B>';
echo '<HR NoShade SIZE="1" SIZE="300">';
}
function svn_header($params)
{
global $group_id, $Language, $there_are_specific_permissions;
$params['toptab'] = 'svn';
$params['group'] = $group_id;
$project = ProjectManager::instance()->getProject($group_id);
$service = $project->getService('svn');
if (!$service) {
exit_error($Language->getText('global', 'error'), $Language->getText('svn_utils', 'svn_off'));
}
$toolbar = array();
$toolbar[] = array('title' => $Language->getText('svn_utils', 'svn_info'), 'url' => '/svn/?func=info&group_id=' . $group_id);
if ($project->isPublic() || user_isloggedin()) {
$toolbar[] = array('title' => $Language->getText('svn_utils', 'browse_tree'), 'url' => '/svn/viewvc.php/?roottype=svn&root=' . $project->getUnixName(false));
}
if (user_isloggedin()) {
$toolbar[] = array('title' => $Language->getText('svn_utils', 'my_ci'), 'url' => '/svn/?func=browse&group_id=' . $group_id . '&set=my');
$toolbar[] = array('title' => $Language->getText('svn_utils', 'svn_query'), 'url' => '/svn/?func=browse&group_id=' . $group_id);
}
if (user_ismember($group_id, 'A') || user_ismember($group_id, 'SVN_ADMIN')) {
$toolbar[] = array('title' => $Language->getText('svn_utils', 'svn_admin'), 'url' => '/svn/admin/?group_id=' . $group_id);
if (isset($params['path']) && !empty($params['path'])) {
// TODO: Validate the path
$toolbar[] = array('title' => $Language->getText('svn_utils', 'notif'), 'url' => '/svn/admin/?group_id=' . $group_id . '&func=notification&path=' . $params['path']);
}
}
if (!isset($params['help']) || !$params['help']) {
$params['help'] = "svn.html";
}
$toolbar[] = array('title' => $Language->getText('global', 'help'), 'url' => 'javascript:help_window(\'' . get_server_url() . '/doc/' . UserManager::instance()->getCurrentUser()->getShortLocale() . '/user-guide/' . $params['help'] . '\');');
$service->displayHeader($params['title'], array(array('title' => $params['title'], 'url' => '/svn/?group_id=' . $group_id)), $toolbar);
}
/**
* return a resultset of Group for the current user
*
* @return resultset
*/
function getMemberGroups()
{
global $Language;
if (!user_isloggedin()) {
$this->setError($Language->getText('include_exit', 'perm_denied'));
return false;
}
$sql = "SELECT g.group_id,g.group_name " . "FROM groups g, user_group ug " . "WHERE g.group_id <> 100 AND g.status = 'A' AND g.group_id = ug.group_id " . "AND ug.user_id=" . user_getid() . " " . "ORDER BY g.group_name ASC";
//echo $sql;
$result = db_query($sql);
$rows = db_numrows($result);
if (!$result || $rows < 1) {
$this->setError($Language->getText('include_common_groupfactory', 'none_found', db_error()));
return false;
}
return $result;
}
function pm_header($params)
{
global $group_id, $is_pm_page, $words, $group_project_id, $DOCUMENT_ROOT, $order;
//required by site_project_header
$params['group'] = $group_id;
$params['toptab'] = 'pm';
//only projects can use the bug tracker, and only if they have it turned on
$project = project_get_object($group_id);
if (!$project->isProject()) {
exit_error('Error', 'Only Projects Can Use The Task Manager');
}
if (!$project->usesPm()) {
exit_error('Error', 'This Project Has Turned Off The Task Manager');
}
site_project_header($params);
echo "<P><B>";
echo "<A HREF=\"/pm/?group_id={$group_id}\">Subproject List</A>";
$need_bar = 1;
if ($group_project_id) {
if (user_isloggedin()) {
if ($need_bar) {
echo ' | ';
}
echo "<A HREF=\"/pm/task.php?group_id={$group_id}&group_project_id={$group_project_id}&func=addtask\">Add Task</A>";
echo " | <A HREF=\"/pm/task.php?group_id={$group_id}&group_project_id={$group_project_id}&func=browse&set=my\">My Tasks</A>";
$need_bar = 1;
}
if ($need_bar) {
echo ' | ';
}
echo "<A HREF=\"/pm/task.php?group_id={$group_id}&group_project_id={$group_project_id}&func=browse&set=open\">Browse Open Tasks</A>";
$need_bar = 1;
}
if (user_isloggedin()) {
if ($need_bar) {
echo ' | ';
}
echo '<A HREF="/pm/reporting/?group_id=' . $group_id . '">Reporting</A>';
$need_bar = 1;
}
if ($need_bar) {
echo ' | ';
}
echo " <A HREF=\"/pm/admin/?group_id={$group_id}\">Admin</A>";
echo "</B>";
}
function people_add_to_skill_inventory($skill_id, $skill_level_id, $skill_year_id)
{
global $feedback, $Language;
if (user_isloggedin()) {
//check if they've already added this skill
$sql = "SELECT * FROM people_skill_inventory WHERE user_id='" . user_getid() . "' AND skill_id='{$skill_id}'";
$result = db_query($sql);
if (!$result || db_numrows($result) < 1) {
//skill not already in inventory
$sql = "INSERT INTO people_skill_inventory (user_id,skill_id,skill_level_id,skill_year_id) " . "VALUES ('" . user_getid() . "','{$skill_id}','{$skill_level_id}','{$skill_year_id}')";
$result = db_query($sql);
if (!$result || db_affected_rows($result) < 1) {
$feedback .= ' ' . $Language->getText('people_utils', 'error_inserting') . ' ';
echo db_error();
} else {
$feedback .= ' ' . $Language->getText('people_utils', 'added_skill') . ' ';
}
} else {
$feedback .= ' ' . $Language->getText('people_utils', 'error_skill_already') . ' ';
}
} else {
echo '<H1>' . $Language->getText('people_utils', 'must_be_loggin') . '</H1>';
}
}
/**
* Display the artifact
*
* @param ro: read only parameter - Display mode or update mode
* @param pv: printer version
*
* @return void
*/
function displayCopy($ro, $pv)
{
global $art_field_fact, $art_fieldset_fact, $sys_max_size_attachment, $Language;
$hp = Codendi_HTMLPurifier::instance();
$fields_per_line = 2;
// the column number is the number of field per line * 2 (label + value)
// + the number of field per line -1 (a blank column between each pair "label-value" to give more space)
$columns_number = $fields_per_line * 2 + ($fields_per_line - 1);
$max_size = 40;
$group = $this->ArtifactType->getGroup();
$group_artifact_id = $this->ArtifactType->getID();
$group_id = $group->getGroupId();
$result_fields = $art_field_fact->getAllUsedFields();
$result_fieldsets = $art_fieldset_fact->getAllFieldSetsContainingUsedFields();
// Display submit informations if any
if ($this->ArtifactType->getSubmitInstructions()) {
echo $hp->purify(util_unconvert_htmlspecialchars($this->ArtifactType->getSubmitInstructions()), CODENDI_PURIFIER_FULL);
}
// Beginning of the submission form with fixed fields
echo '<FORM ACTION="" METHOD="POST" enctype="multipart/form-data" NAME="artifact_form">
<INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="' . $sys_max_size_attachment . '">
<INPUT TYPE="HIDDEN" NAME="func" VALUE="postcopy">
<INPUT TYPE="HIDDEN" NAME="group_id" VALUE="' . (int) $group_id . '">
<INPUT TYPE="HIDDEN" NAME="group_artifact_id" VALUE="' . (int) $group_artifact_id . '">
<INPUT TYPE="HIDDEN" NAME="atid" VALUE="' . (int) $group_artifact_id . '">';
echo '<TABLE><TR><TD class="artifact">';
$summary = $this->getValue('summary');
echo "<TABLE width='100%'><TR><TD>";
echo "<H2>[ " . $hp->purify($Language->getText('tracker_include_artifact', 'copy_of', $this->ArtifactType->getItemName() . " #" . $this->getID()) . " ] " . $summary, CODENDI_PURIFIER_CONVERT_HTML) . "</H2>";
echo "</TD></TR></TABLE>";
$html = '';
$pm = ProjectManager::instance();
$html .= '
<table width="100%">
<tr><td colspan="' . (int) $columns_number . '"><B>' . $Language->getText('tracker_include_artifact', 'group') . ':</B> ' . $hp->purify(util_unconvert_htmlspecialchars($pm->getProject($group_id)->getPublicName()), CODENDI_PURIFIER_CONVERT_HTML) . '</TD></tr>';
// Now display the variable part of the field list (depend on the project)
foreach ($result_fieldsets as $fieldset_id => $result_fieldset) {
// this variable will tell us if we have to display the fieldset or not (if there is at least one field to display or not)
$display_fieldset = false;
$fieldset_html = '';
$i = 0;
$fields_in_fieldset = $result_fieldset->getAllUsedFields();
while (list($key, $field) = each($fields_in_fieldset)) {
$field_html = new ArtifactFieldHtml($field);
//echo $field_html->dumpStandard()."<br>";
// if the field is a special field (except summary and details)
// then skip it.
if ($field->userCanSubmit($group_id, $group_artifact_id) && (!$field->isSpecial() || $field->getName() == 'summary' || $field->getName() == 'details')) {
// display the artifact field
// if field size is greatest than max_size chars then force it to
// appear alone on a new line or it won't fit in the page
$display_fieldset = true;
// For multi select box, we need to retrieve all the values
if ($field->isMultiSelectBox()) {
$field_value = $field->getValues($this->getID());
} else {
if ($field->getName() == 'summary') {
$field_value = '[' . $Language->getText('tracker_include_artifact', 'copy') . '] ' . $this->getValue($field->getName());
} else {
$field_value = $this->getValue($field->getName());
}
}
list($sz, ) = explode("/", $field->getDisplaySize());
$label = $field_html->labelDisplay(false, false, !$ro);
$value = $field_html->display($this->ArtifactType->getID(), $field_value, false, false, $ro);
$star = $field->isEmptyOk() ? '' : '<span class="highlight"><big>*</big></b></span>';
// Details field must be on one row
if ($sz > $max_size || $field->getName() == 'details') {
$fieldset_html .= "\n<TR>" . '<TD valign="middle">' . $label . $star . '</td>' . '<TD valign="middle" colspan="' . ($columns_number - 1) . '">' . $value . '</TD>' . "\n</TR>";
$i = 0;
} else {
$fieldset_html .= $i % $fields_per_line ? '' : "\n<TR>";
$fieldset_html .= '<TD valign="middle">' . $label . $star . '</td>' . '<TD valign="middle">' . $value . '</TD>';
$i++;
$fieldset_html .= $i % $fields_per_line ? '<td class="artifact_spacer"> </td>' : "\n</TR>";
}
}
}
// while
// We display the fieldset only if there is at least one field inside that we can display
if ($display_fieldset) {
$html .= '<TR><TD COLSPAN="' . (int) $columns_number . '"> </TD></TR>';
$html .= '<TR class="boxtitle"><TD class="left" COLSPAN="' . (int) $columns_number . '"> <span title="' . $hp->purify(SimpleSanitizer::unsanitize($result_fieldset->getDescriptionText()), CODENDI_PURIFIER_CONVERT_HTML) . '">' . $hp->purify(SimpleSanitizer::unsanitize($result_fieldset->getLabel()), CODENDI_PURIFIER_CONVERT_HTML) . '</span></TD></TR>';
$html .= $fieldset_html;
}
}
$html .= '</TABLE>';
echo $this->_getSection('artifact_section_details', $Language->getText('tracker_include_artifact', 'details'), $html, true);
//
// Followups comments
//
$html = '';
$html .= '<div>';
if (!$ro) {
if (db_numrows($this->ArtifactType->getCannedResponses())) {
$html .= '<p><b>' . $Language->getText('tracker_include_artifact', 'use_canned') . '</b> ';
$html .= $this->ArtifactType->cannedResponseBox();
$html .= '</p>';
}
$field = $art_field_fact->getFieldFromName('comment_type_id');
if ($field && $field->isUsed() && db_numrows($field->getFieldPredefinedValues($group_artifact_id)) > 1) {
$field_html = new ArtifactFieldHtml($field);
$html .= '<P><B>' . $Language->getText('tracker_include_artifact', 'comment_type') . '</B>' . $field_html->fieldBox('', $group_artifact_id, $field->getDefaultValue(), true, $Language->getText('global', 'none')) . '<BR>';
}
// This div id used just to show the toggle of html format
$html .= '<DIV ID="follow_up_comment_label"></DIV>';
$html .= '<TEXTAREA NAME="follow_up_comment" id="tracker_artifact_comment" ROWS="10" style="width:700px;" WRAP="SOFT">';
$html .= $hp->purify($Language->getText('tracker_include_artifact', 'is_copy', array($this->ArtifactType->getItemName(), $this->ArtifactType->getItemName() . ' #' . $this->getID())), CODENDI_PURIFIER_CONVERT_HTML);
$html .= '</TEXTAREA>';
} else {
if ($pv == 0) {
$html .= '<b>' . $Language->getText('tracker_include_artifact', 'add_comment') . '</b>';
$html .= '<DIV ID="follow_up_comment_label"></DIV>';
$html .= '<TEXTAREA NAME="follow_up_comment" id="tracker_artifact_comment" ROWS="10" style="width:700px;" WRAP="SOFT">' . $hp->purify($Language->getText('tracker_include_artifact', 'is_copy', array($this->ArtifactType->getItemName(), $this->ArtifactType->getItemName() . ' #' . $this->getID())), CODENDI_PURIFIER_CONVERT_HTML) . '</TEXTAREA>';
}
}
if (!user_isloggedin() && $pv == 0) {
$html .= $Language->getText('tracker_include_artifact', 'not_logged_in', '/account/login.php?return_to=' . urlencode($_SERVER['REQUEST_URI']));
$html .= '<br><input type="text" name="email" maxsize="100" size="50"/><p>';
}
$html .= '</div>';
$html .= "<br />";
$title = $Language->getText('tracker_include_artifact', 'follow_ups') . ' ';
$title .= help_button('tracker-v3.html#comments');
echo $this->_getSection('artifact_section_followups', $title, $html, true);
//
// CC List
//
$html = '';
$html .= $Language->getText('tracker_include_artifact', 'fill_cc_list_msg');
$html .= $Language->getText('tracker_include_artifact', 'fill_cc_list_lbl');
$html .= '<textarea type="text" name="add_cc" id="tracker_cc" rows="2" cols="60" wrap="soft"></textarea>';
$html .= '<B> ' . $Language->getText('tracker_include_artifact', 'fill_cc_list_cmt') . ": </b>";
$html .= '<input type="text" name="cc_comment" size="40" maxlength="255">';
echo $this->_getSection('artifact_section_cc', $Language->getText('tracker_include_artifact', 'cc_list') . ' ' . help_button('tracker-v3.html#cc-list'), $html, true);
//
// File attachments
//
$html = '';
$html .= '<input type="file" name="input_file" size="40">';
$html .= $Language->getText('tracker_include_artifact', 'upload_file_msg', formatByteToMb($sys_max_size_attachment));
$html .= $Language->getText('tracker_include_artifact', 'upload_file_desc');
$html .= '<input type="text" name="file_description" size="60" maxlength="255">';
echo $this->_getSection('artifact_section_attachments', $Language->getText('tracker_include_artifact', 'attachment') . ' ' . help_button('tracker-v3.html#artifact-attachments'), $html, true);
//
// Artifact dependencies
//
$html = '
<P><B>' . $Language->getText('tracker_include_artifact', 'dependent_on') . '</B><BR>
<P>';
if (!$ro) {
$html .= '
<B>' . $Language->getText('tracker_include_artifact', 'aids') . '</B>
<input type="text" name="artifact_id_dependent" size="20" maxlength="255" value="' . (int) $this->getID() . '">
<span style="color:#666">' . $Language->getText('tracker_include_artifact', 'fill') . '</span><p>';
}
echo $this->_getSection('artifact_section_dependencies', $Language->getText('tracker_include_artifact', 'dependencies') . ' ' . help_button('tracker-v3.html#artifact-dependencies'), $html, true);
//
// Final submit button
//
echo '<p><B><span class="highlight">' . $Language->getText('tracker_include_artifact', 'check_already_submitted') . '</b></p>';
echo '<div style="text-align:center"><INPUT CLASS="btn btn-primary" TYPE="SUBMIT" NAME="SUBMIT" VALUE="' . $Language->getText('tracker_include_artifact', 'submit') . '"></div>';
echo '</td></tr>';
echo '</table>';
echo '</form>';
}
function outerTabs($params)
{
global $Language;
$TABS_DIRS[] = '/';
$TABS_TITLES[] = $Language->getText('menu', 'home');
if (user_isloggedin()) {
$TABS_DIRS[] = '/my/';
$TABS_TITLES[] = $Language->getText('menu', 'my_personal_page');
}
if ($GLOBALS['sys_use_trove'] != 0) {
$TABS_DIRS[] = '/softwaremap/';
$TABS_TITLES[] = $Language->getText('menu', 'projectree');
}
if ($GLOBALS['sys_use_snippet'] != 0) {
$TABS_DIRS[] = '/snippet/';
$TABS_TITLES[] = $Language->getText('menu', 'code_snippet');
}
if (user_ismember(1, 'A')) {
$TABS_DIRS[] = '/admin/';
$TABS_TITLES[] = $Language->getText('menu', 'admin');
}
$TABS_DIRS[] = '/site/';
$TABS_TITLES[] = $Language->getText('include_layout', 'Help');
/*
if (user_ismember($GLOBALS['sys_stats_group'])) {
$TABS_DIRS[]='/reporting/';
$TABS_TITLES[]=$Language->getText('menu','reporting');
}
*/
$selected_top_tab = isset($params['selected_top_tab']) ? $params['selected_top_tab'] : '';
if (isset($params['group']) && $params['group']) {
// get group info using the common result set
$pm = ProjectManager::instance();
$project = $pm->getProject($params['group']);
if ($project && is_object($project)) {
if ($project->isError()) {
} else {
$selected = array_search("/softwaremap/", $TABS_DIRS);
}
}
} else {
if (strstr(getStringFromServer('REQUEST_URI'), '/my/') || strstr(getStringFromServer('REQUEST_URI'), '/themes/') || strstr(getStringFromServer('REQUEST_URI'), '/account/')) {
$selected = array_search("/my/", $TABS_DIRS);
} elseif (strstr(getStringFromServer('REQUEST_URI'), 'softwaremap')) {
$selected = array_search("/softwaremap/", $TABS_DIRS);
} elseif (strstr(getStringFromServer('REQUEST_URI'), '/snippet/')) {
$selected = array_search("/snippet/", $TABS_DIRS);
} elseif (strstr(getStringFromServer('REQUEST_URI'), '/site/')) {
$selected = array_search("/site/", $TABS_DIRS);
} elseif (strstr(getStringFromServer('REQUEST_URI'), '/reporting/')) {
$selected = array_search('/reporting/', $TABS_DIRS);
} elseif ((strstr(getStringFromServer('REQUEST_URI'), '/admin/') || $selected_top_tab == 'admin') && user_ismember(1, 'A')) {
$selected = array_search('/admin/', $TABS_DIRS);
} elseif ($selected_top_tab && array_search($selected_top_tab, $TABS_DIRS) !== FALSE) {
$selected = array_search($selected_top_tab, $TABS_DIRS);
} else {
$selected = 0;
}
}
echo $this->tabGenerator($TABS_DIRS, $TABS_TITLES, false, $selected, null, '100%');
}
/**
* Format the changes
*
* @param changes: array of changes
* @param $field_perm an array with the permission associated to each field. false to no check perms
* @param $visible_change only needed when using permissions. Returns true if there is any change
* that the user has permission to see
*
* @return string
*/
function formatChanges($changes, $field_perm, &$visible_change)
{
global $art_field_fact, $Language;
$visible_change = false;
$out_hdr = '';
$out = '';
$out_com = '';
$out_att = '';
reset($changes);
$fmt = "%20s | %-25s | %s" . $GLOBALS['sys_lf'];
if ($this->hasFieldPermission($field_perm, 'assigned_to') || $this->hasFieldPermission($field_perm, 'multi_assigned_to') || !isset($field_perm['assigned_to']) && !isset($field_perm['multi_assigned_to'])) {
if (user_isloggedin()) {
$user_id = user_getid();
$out_hdr = $Language->getText('tracker_include_artifact', 'changes_by') . ' ' . user_getrealname($user_id) . ' <' . user_getemail($user_id) . ">" . $GLOBALS['sys_lf'] . "";
$out_hdr .= $Language->getText('tracker_import_utils', 'date') . ': ' . format_date($GLOBALS['Language']->getText('system', 'datefmt'), time()) . ' (' . user_get_timezone() . ')';
} else {
$out_hdr = $Language->getText('tracker_include_artifact', 'changes_by') . ' ' . $Language->getText('tracker_include_artifact', 'anon_user') . ' ' . $Language->getText('tracker_import_utils', 'date') . ': ' . format_date($GLOBALS['Language']->getText('system', 'datefmt'), time());
}
}
//Process special cases first: follow-up comment
if (array_key_exists('comment', $changes) && $changes['comment']) {
$visible_change = true;
$out_com = $GLOBALS['sys_lf'] . $GLOBALS['sys_lf'] . "--------------- " . $Language->getText('tracker_include_artifact', 'add_flup_comment') . " ----------------" . $GLOBALS['sys_lf'] . "";
if (isset($changes['comment']['type']) && $changes['comment']['type'] != $Language->getText('global', 'none') && $changes['comment']['type'] != '') {
$out_com .= "[" . $changes['comment']['type'] . "]" . $GLOBALS['sys_lf'];
}
$out_com .= $this->formatFollowUp(null, $changes['comment']['format'], $changes['comment']['add'], self::OUTPUT_MAIL_TEXT);
unset($changes['comment']);
}
//Process special cases first: file attachment
if (array_key_exists('attach', $changes) && $changes['attach']) {
$visible_change = true;
$out_att = "" . $GLOBALS['sys_lf'] . $GLOBALS['sys_lf'] . "--------------- " . $Language->getText('tracker_include_artifact', 'add_attachment') . " -----------------" . $GLOBALS['sys_lf'] . "";
$out_att .= sprintf($Language->getText('tracker_include_artifact', 'file_name') . " %-30s " . $Language->getText('tracker_include_artifact', 'size') . ":%d KB" . $GLOBALS['sys_lf'] . "", $changes['attach']['name'], intval($changes['attach']['size'] / 1024));
$out_att .= $changes['attach']['description'] . $GLOBALS['sys_lf'] . $changes['attach']['href'];
unset($changes['attach']);
}
// All the rest of the fields now
reset($changes);
while (list($field_name, $h) = each($changes)) {
// If both removed and added items are empty skip - Sanity check
if ((isset($h['del']) && $h['del'] || isset($h['add']) && $h['add']) && $this->hasFieldPermission($field_perm, $field_name)) {
$visible_change = true;
$label = $field_name;
$field = $art_field_fact->getFieldFromName($field_name);
if ($field) {
$label = $field->getLabel();
if (isset($h['del'])) {
$h['del'] = SimpleSanitizer::unsanitize(util_unconvert_htmlspecialchars($h['del']));
}
if (isset($h['add'])) {
$h['add'] = SimpleSanitizer::unsanitize(util_unconvert_htmlspecialchars($h['add']));
}
}
$out .= sprintf($fmt, SimpleSanitizer::unsanitize($label), isset($h['del']) ? $h['del'] : "", isset($h['add']) ? $h['add'] : "");
}
}
// while
if ($out) {
$out = $GLOBALS['sys_lf'] . $GLOBALS['sys_lf'] . sprintf($fmt, $Language->getText('tracker_include_artifact', 'what') . ' ', $Language->getText('tracker_include_artifact', 'removed'), $Language->getText('tracker_include_artifact', 'added')) . "------------------------------------------------------------------" . $GLOBALS['sys_lf'] . $out;
}
return $out_hdr . $out . $out_com . $out_att;
}
<?php
//
// SourceForge: Breaking Down the Barriers to Open Source Development
// Copyright 1999-2000 (c) The SourceForge Crew
// http://sourceforge.net
//
// $Id: edit_question.php,v 1.3 2003/11/27 15:05:42 helix Exp $
require 'pre.php';
require '../survey_utils.php';
$is_admin_page = 'y';
if ($group_id && $question_id) {
if (!user_isloggedin() || !user_ismember($group_id, 'A')) {
exit_permission_denied();
exit;
}
survey_header(array('title' => 'Edit A Question'));
if ($post_changes) {
$sql = "UPDATE survey_questions SET question='" . htmlspecialchars($question) . "', question_type='{$question_type}' where question_id='{$question_id}' AND group_id='{$group_id}'";
$result = db_query($sql);
if (db_affected_rows($result) < 1) {
$feedback .= ' UPDATE FAILED ';
} else {
$feedback .= ' UPDATE SUCCESSFUL ';
}
}
$sql = "SELECT * FROM survey_questions WHERE question_id='{$question_id}' AND group_id='{$group_id}'";
$result = db_query($sql);
if ($result) {
$question = db_result($result, 0, "question");
$question_type = db_result($result, 0, "question_type");
function _getProjectTabs($toptab, &$project)
{
global $sys_default_domain;
$pm = ProjectManager::instance();
$tabs = array();
$group_id = $project->getGroupId();
$user = UserManager::instance()->getCurrentUser();
if ($this->restrictedMemberIsNotProjectMember($user, $group_id)) {
$allowed_services = array('summary');
$this->getEventManager()->processEvent(Event::GET_SERVICES_ALLOWED_FOR_RESTRICTED, array('allowed_services' => &$allowed_services));
}
foreach ($project->getServicesData() as $short_name => $service_data) {
if ((string) $short_name == "admin") {
// for the admin service, we will check if the user is allowed to use the service
// it means : 1) to be a super user, or
// 2) to be project admin
if (!user_is_super_user()) {
if (!user_isloggedin()) {
continue;
// we don't include the service in the $tabs
} else {
if (!user_ismember($group_id, 'A')) {
continue;
// we don't include the service in the $tabs
}
}
}
}
$permissions_overrider = PermissionsOverrider_PermissionsOverriderManager::instance();
if (!$this->isProjectSuperPublic($group_id) && $this->restrictedMemberIsNotProjectMember($user, $group_id) && !$permissions_overrider->doesOverriderAllowUserToAccessProject($user, $project)) {
if (!in_array($short_name, $allowed_services)) {
continue;
}
}
if (!$service_data['is_used']) {
continue;
}
if (!$service_data['is_active']) {
continue;
}
$hp = Codendi_HTMLPurifier::instance();
// Get URL, and eval variables
//$project->services[$short_name]->getUrl(); <- to use when service will be fully served by satellite
if ($service_data['is_in_iframe']) {
$link = '/service/?group_id=' . $group_id . '&id=' . $service_data['service_id'];
} else {
$link = $hp->purify($service_data['link']);
}
if ($group_id == 100) {
if (strstr($link, '$projectname')) {
// NOTE: if you change link variables here, change them also in src/common/project/RegisterProjectStep_Confirmation.class.php and src/www/project/admin/servicebar.php
// Don't check project name if not needed.
// When it is done here, the service bar will not appear updated on the current page
$link = str_replace('$projectname', $pm->getProject($group_id)->getUnixName(), $link);
}
$link = str_replace('$sys_default_domain', $GLOBALS['sys_default_domain'], $link);
if ($GLOBALS['sys_force_ssl']) {
$sys_default_protocol = 'https';
} else {
$sys_default_protocol = 'http';
}
$link = str_replace('$sys_default_protocol', $sys_default_protocol, $link);
$link = str_replace('$group_id', $group_id, $link);
}
$enabled = is_numeric($toptab) && $toptab == $service_data['service_id'] || $short_name && $toptab == $short_name;
if ($short_name == 'summary') {
$label = '<span>';
if (ForgeConfig::get('sys_display_project_privacy_in_service_bar')) {
// Add a default tab to explain project privacy
if ($project->isPublic()) {
$privacy = 'public';
} else {
$privacy = 'private';
}
$privacy_text = $GLOBALS['Language']->getText('project_privacy', 'tooltip_' . $this->getProjectPrivacy($project));
$label .= '<span class="project-title-container project_privacy_' . $privacy . '" data-content="' . $privacy_text . '" data-placement="bottom">[';
$label .= $GLOBALS['Language']->getText('project_privacy', $privacy);
$label .= ']</span>';
$label .= ' ';
}
$label .= $hp->purify(util_unconvert_htmlspecialchars($project->getPublicName()), CODENDI_PURIFIER_CONVERT_HTML) . ' »</span>';
} else {
$label = '<span title="' . $hp->purify($service_data['description']) . '">';
$label .= $hp->purify($service_data['label']) . '</span>';
}
$name = $hp->purify($service_data['label']);
$icon = $this->getServiceIcon($short_name);
if (isset($service_data['icon'])) {
$icon = $service_data['icon'];
}
$tabs[] = array('link' => $link, 'icon' => $icon, 'name' => $name, 'label' => $label, 'enabled' => $enabled, 'description' => $hp->purify($service_data['description']), 'id' => $hp->purify('sidebar-' . $short_name));
}
return $tabs;
}
<?php
//
// Copyright (c) Xerox Corporation, Codendi Team, 2001-2009. All rights reserved
//
//
//
//
// Written for Codendi by Stephane Bouhet
//
//require_once('common/tracker/ArtifactFactory.class.php');
require_once 'include/ArtifactRulesManagerHtml.class.php';
// Check if a user can submit a new without loggin
if (!user_isloggedin() && !$ath->allowsAnon()) {
exit_not_logged_in();
return;
}
// Check if this tracker is valid (not deleted)
if (!$ath->isValid()) {
exit_error($Language->getText('global', 'error'), $Language->getText('tracker_add', 'invalid'));
}
//
// make sure this person has permission to add artifacts
//
if (!$ath->userCanSubmit()) {
exit_permission_denied();
}
// Display the menus
$ath->header(array('title' => $Language->getText('tracker_add', 'add_a') . " " . $ath->getCapsItemName(), 'titlevals' => array($ath->getName()), 'pagename' => 'tracker_browse', 'atid' => $ath->getID(), 'sectionvals' => array($group->getPublicName()), 'help' => 'ArtifactSubmission.html'));
echo '<div id="tracker_toolbar_clear"></div>';
// Display the artifact items according to all the parameters
function isAvailable()
{
return user_isloggedin() ? true : false;
}
<?php
// ## export patches for a specific project
include "pre.php";
header("Content-Type: text/plain");
print "<?xml version=\"1.0\"?>\n<!DOCTYPE bs_patches SYSTEM \"http://{$sys_default_host}/export/bs_patches_0.1.dtd\">\n<patches>\n";
if (!isset($group_id)) {
print "\t<error>Group ID Not Set</error>\n";
} else {
$project = group_get_object($group_id);
if (!user_isloggedin()) {
if (isset($login) && isset($passwd)) {
$success = session_login_valid(strtolower($login), $passwd);
if (!$success) {
print " <error>Invalid Login and/or Password</error>\n";
print "</tasks>\n";
exit;
}
} else {
print " <error>Login and/or Password missing</error>\n";
print "</tasks>\n";
exit;
}
}
if (!$project->userIsAdmin()) {
print " <error>You are not an administrator for this project</error>\n";
print "</bugs>\n";
exit;
}
$query = "SELECT \n\t\t\t\tp.*\n\t\t\t FROM \n\t\t\t\tpatch p\n\t\t\t WHERE \n\t\t\t\tp.group_id='{$group_id}'";
$res = db_query($query);
/**
* session_require() - Convenience function to easily enforce permissions
*
* Calling page will terminate with error message if current user
* fails checks.
*
* @param array Associative array specifying criteria
* @return does not return if check is failed
*
*/
function session_require($req)
{
if (!user_isloggedin()) {
exit_not_logged_in();
//exit_permission_denied();
}
if ($req['group']) {
$group =& group_get_object($req['group']);
if (!$group || !is_object($group)) {
exit_error(_('Error'), _('Error creating group object'));
} else {
if ($group->isError()) {
exit_error(_('Error'), $group->getErrorMessage());
}
}
$perm =& $group->getPermission(session_get_user());
if (!$perm || !is_object($perm)) {
exit_error(_('Error'), _('Error creating permission object'));
} else {
if ($perm->isError()) {
exit_error(_('Error'), $perm->getErrorMessage());
}
}
if ($req['admin_flags']) {
//$query .= " AND admin_flags = '$req[admin_flags]'";
if (!$perm->isAdmin()) {
exit_permission_denied();
}
} else {
if (!$perm->isMember()) {
exit_permission_denied();
}
}
} else {
if ($req['isloggedin']) {
//no need to check as long as the check is present at top of function
} else {
exit_permission_denied();
}
}
}
function session_loggedin()
{
return user_isloggedin();
}
/**
* Hook to admin graphic reports
* Used in www/tracker/admin/index.php
*
* @param params:hook parameters
*/
function tracker_graphic_report_admin($params)
{
$request = HTTPRequest::instance();
if ($request->valid(new Valid_WhiteList('func', array('reportgraphic'))) && $request->valid(new Valid_UInt('atid'))) {
$func = $request->get('func');
$atid = $request->get('atid');
if ($func == 'reportgraphic') {
require_once 'html-generators/GraphicEngineHtml.class.php';
require_once 'data-access/GraphOnTrackers_Report.class.php';
if (!user_isloggedin()) {
exit_not_logged_in();
return;
}
$user_id = UserManager::instance()->getCurrentUser()->getId();
$geh = new graphicEngineHtml($atid, $user_id, $this->getThemePath());
if ($request->exist('create_report_graphic') && $request->get('rep_name')) {
if ($GLOBALS['ath']->userIsAdmin() && $request->valid(new Valid_WhiteList('rep_scope', array('P', 'I')))) {
$rep_scope = $request->get('rep_scope');
} else {
$rep_scope = 'I';
}
if ($report = GraphOnTrackers_Report::create($atid, $user_id, $request->get('rep_name'), $request->get('rep_desc'), $rep_scope)) {
$GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('plugin_graphontrackers_include_report', 'new_created_report'));
$GLOBALS['Response']->redirect('/tracker/admin/?func=reportgraphic&group_id=' . $report->getGroupId() . '&atid=' . $report->getAtid() . '&report_graphic_id=' . $report->getId());
}
} else {
$report_graphic_id = $request->getValidated('report_graphic_id', 'uint', 0);
$gr = new GraphOnTrackers_Report($report_graphic_id);
if ($gr->getScope() != 'P' || $GLOBALS['ath']->userIsAdmin()) {
if ($request->exist('update_report')) {
if ($request->valid(new Valid_String('rep_name')) && $request->valid(new Valid_String('rep_desc')) && $request->valid(new Valid_WhiteList('rep_scope', array('I', 'P')))) {
$rep_name = $request->get('rep_name');
$rep_desc = $request->get('rep_desc');
$rep_scope = $request->get('rep_scope');
if ($rep_name != $gr->getName() || $rep_desc != $gr->getDescription() || $rep_scope != $gr->getScope()) {
$gr->setName($rep_name);
$gr->setDescription($rep_desc);
$gr->setScope($rep_scope);
$gr->setUserId(UserManager::instance()->getCurrentUser()->getId());
if ($gr->update()) {
$GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('plugin_graphontrackers_include_report', 'updated_report'));
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_graphontrackers_include_report', 'not_updated_report') . ': ' . $gr->getErrorMessage());
}
}
}
} else {
if (is_array($request->get('delete_chart'))) {
$chart_id_to_delete = (int) key($request->get('delete_chart'));
$gr->deleteChart($chart_id_to_delete);
$GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('plugin_graphontrackers_include_report', 'updated_report'));
$GLOBALS['Response']->redirect('/tracker/admin/?func=reportgraphic&group_id=' . $gr->getGroupId() . '&atid=' . $gr->getAtid() . '&report_graphic_id=' . $gr->getId());
} else {
if ($request->exist('update_chart') && is_array($request->get('chart'))) {
$row = $request->get('chart');
if (isset($row['id'])) {
$chart_to_edit = $gr->getChart($row['id']);
if ($chart_to_edit->update($row)) {
$GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('plugin_graphontrackers_include_report', 'updated_report'));
}
}
} else {
if ($request->exist('edit_chart')) {
$chart_to_edit = $gr->getChart((int) $request->get('edit_chart'));
} else {
if ($request->exist('add_chart')) {
if ($chart = $gr->createChart($request->get('add_chart'))) {
$GLOBALS['Response']->redirect('/tracker/admin/?func=reportgraphic&group_id=' . $gr->getGroupId() . '&atid=' . $gr->getAtid() . '&report_graphic_id=' . $gr->getId() . '&edit_chart=' . (int) $chart->getId());
}
} else {
if ($request->exist('delete_report_graphic')) {
$gr->delete();
$report_graphic_id = null;
$GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('plugin_graphontrackers_include_report', 'report_deleted'));
}
}
}
}
}
}
}
}
$GLOBALS['ath']->adminHeader(array('title' => $GLOBALS['Language']->getText('plugin_graphontrackers_include_report', 'report_mgmt'), 'help' => 'TrackerAdministration.html#GraphTrackerReportSetting'));
if ($request->exist('new_report_graphic')) {
$geh->createReportForm();
} else {
if ($report_graphic_id) {
if (isset($chart_to_edit)) {
$geh->showChartForm($chart_to_edit);
} else {
$geh->showReportForm($report_graphic_id);
}
} else {
// Front page
$reports = $geh->grf->getReportsAvailable($atid, user_getid());
$geh->showAvailableReports($reports);
}
}
$GLOBALS['ath']->footer(null);
exit;
}
}
}
<?php
//
// SourceForge: Breaking Down the Barriers to Open Source Development
// Copyright 1999-2000 (c) The SourceForge Crew
// http://sourceforge.net
//
// $Id: index.php,v 1.3 2004/01/13 13:15:24 helix Exp $
require 'pre.php';
require '../forum/forum_utils.php';
if ($group_id) {
forum_header(array('title' => 'Forums for ' . group_getname($group_id)));
if (user_isloggedin() && user_ismember($group_id)) {
$public_flag = '0,1';
} else {
$public_flag = '1';
}
$sql = "SELECT g.group_forum_id,g.forum_name, g.description, count(*) as total " . " FROM forum_group_list g " . " LEFT JOIN forum f USING (group_forum_id) " . " WHERE g.group_id='{$group_id}' AND g.is_public IN ({$public_flag})" . " group by g.group_forum_id, g.forum_name, g.description";
//echo "<p>$sql\n";
$result = db_query($sql);
$rows = db_numrows($result);
if (!$result || $rows < 1) {
echo '<H1>No forums found for ' . group_getname($group_id) . '</H1>';
echo db_error();
forum_footer(array());
exit;
}
echo '<H2>Discussion Forums</H2>
<P>Choose a forum and you can browse, search, and post messages.<P>';
/*
Put the result set (list of forums for this group) into a column with folders
//require_once('common/include/Error.class.php');
//require_once('common/tracker/ArtifactField.class.php');
//require_once('include/ArtifactFieldHtml.class.php');
//require_once('common/tracker/ArtifactFieldFactory.class.php');
require_once 'include/ArtifactRulesManagerHtml.class.php';
// Check if this tracker is valid (not deleted)
if (!$ath->isValid()) {
exit_error($Language->getText('global', 'error'), $Language->getText('tracker_add', 'invalid'));
}
// Create factories
$art_field_fact = new ArtifactFieldFactory($ath);
$art_fieldset_fact = new ArtifactFieldSetFactory($ath);
// Printer version ?
if (!$request->exist('pv')) {
$pv = false;
$ro = !user_isloggedin();
} else {
$pv = $request->get('pv');
if ($pv) {
$ro = true;
}
}
$GLOBALS['HTML']->addFeed($group->getPublicName() . ' ' . $ath->getName() . ' #' . $ah->getId() . ' - ' . html_entity_decode($ah->getValue('summary'), ENT_QUOTES) . ' - ' . $Language->getText('tracker_include_artifact', 'follow_ups'), '/tracker/?func=rss&aid=' . (int) $ah->getId() . '&atid=' . (int) $ath->getID() . '&group_id=' . (int) $group->getGroupId());
$params = array('title' => $group->getPublicName() . ' ' . $ath->getName() . ' #' . $ah->getID() . ' - \'' . $ah->getSummary() . '\'', 'pagename' => 'tracker', 'atid' => $ath->getID(), 'sectionvals' => array($group->getPublicName()), 'pv' => $pv, 'help' => 'tracker-v3.html#new-artifact-submission');
$ath->header($params);
// artifact object (and field values) initialized in script above (index.php)
$ah->display($ro, $pv, user_getid());
echo '<script type="text/javascript">' . "\n";
$armh = new ArtifactRulesManagerHtml($ath);
$armh->displayRulesAsJavascript();
echo "Event.observe(window, 'load', function() {\n if (\$('tracker_details')) {\n new com.xerox.codendi.FieldEditor('tracker_details', {\n edit: '" . addslashes($Language->getText('tracker_fieldeditor', 'edit')) . "',\n preview: '" . addslashes($Language->getText('tracker_fieldeditor', 'preview')) . "',\n warning: '" . addslashes($Language->getText('tracker_fieldeditor', 'warning')) . "',\n group_id:" . (int) $ath->getGroupId() . "\n });\n }\n});";
<?php
require_once "../common.inc";
# $Id: addpolicy.php,v 1.15 2006/10/23 17:16:38 publicwhip Exp $
# The Public Whip, Copyright (C) 2003 Francis Irving and Julian Todd
# This is free software, and you are welcome to redistribute it under
# certain conditions. However, it comes with ABSOLUTELY NO WARRANTY.
# For details see the file LICENSE.html in the top level of the source.
require_once "../database.inc";
require_once "user.inc";
require_once "../db.inc";
require_once "../cache-tools.inc";
require_once "../dream.inc";
$just_logged_in = do_login_screen();
if (user_isloggedin()) {
$name = db_scrub($_POST["name"]);
$description = db_scrub($_POST["description"]);
$submit = db_scrub($_POST["submit"]);
$ok = false;
if ($submit && !$just_logged_in) {
if ($name == "" or $description == "") {
$feedback = "Please name your policy, and give a definition.";
} else {
$db = new DB();
$ret = $db->query_errcheck("insert into pw_dyn_dreammp (name, user_id, description, private) values\n ('{$name}', '" . user_getid() . "', '{$description}', 2)");
if ($ret) {
$new_dreamid = mysql_insert_id();
$ok = true;
$feedback = "Successfully made new policy <a href=\"/policy.php?id={$new_dreamid}\">" . html_scrub($name) . "</a>. To \n select votes for your new policy, <a href=\"../search.php\">search</a> or\n <a href=\"../divisions.php\">browse</a> for divisions. On the page for\n each division you can choose how somebody supporting your policy would have voted.";
if (user_getid()) {
$db->query("update pw_dyn_user set active_policy_id = {$new_dreamid} where user_id = " . user_getid());
<?php
//
// SourceForge: Breaking Down the Barriers to Open Source Development
// Copyright 1999-2000 (c) The SourceForge Crew
// http://sourceforge.net
//
//
require_once 'pre.php';
require_once '../svn/svn_data.php';
$vFunc = new Valid_WhiteList('func', array('detailrevision', 'browse', 'info'));
$vGroupId = new Valid_UInt('group_id');
$vGroupId->required();
$there_are_specific_permissions = true;
if ($request->valid($vGroupId)) {
$pm = ProjectManager::instance();
$obj = $pm->getProject($request->get('group_id'));
$group_name = $obj->getUnixName(false);
}
if ($request->valid($vFunc) && $request->get('func') === 'detailrevision' && user_isloggedin()) {
$there_are_specific_permissions = svn_utils_is_there_specific_permission($group_name);
require './detail_revision.php';
} else {
if (user_isloggedin() && ($request->valid($vFunc) && $request->get('func') === 'browse' || $request->existAndNonEmpty('rev_id'))) {
$there_are_specific_permissions = svn_utils_is_there_specific_permission($group_name);
require './browse_revision.php';
} else {
require './svn_intro.php';
}
}
/**
* create - create a new item in the database.
*
* @para string Filename of the item.
* @param string Item filetype.
* @param string Item filesize.
* @param binary Binary item data.
* @param string Item description.
* @return id on success / false on failure.
*/
function create($filename, $filetype, $filesize, $bin_data, $description = false, &$changes)
{
global $Language;
if (!$description) {
$description = $Language->getText('global', 'none');
}
$old_value = $this->Artifact->getAttachedFileNames();
// Some browsers don't supply mime type if they don't know it
if (!$filetype) {
// Let's be on safe side?
$filetype = 'application/octet-stream';
}
//
// data validation
//
if (!$filename || !$filetype || !$filesize || !$bin_data) {
$GLOBALS['Response']->addFeedback('error', '<P>|' . $filename . '|' . $filetype . '|' . $filesize . '|' . $bin_data . '|');
$this->setError('ArtifactFile: ' . $Language->getText('tracker_common_file', 'name_requ'));
return false;
}
if (user_isloggedin()) {
$userid = user_getid();
} else {
$userid = 100;
}
$res = db_query("INSERT INTO artifact_file\n\t\t\t(artifact_id,description,bin_data,filename,filesize,filetype,adddate,submitted_by)\n\t\t\tVALUES \n\t\t\t('" . db_ei($this->Artifact->getID()) . "','" . db_es($description) . "','" . db_es($bin_data) . "','" . db_es($filename) . "',\n\t\t\t'" . db_ei($filesize) . "','" . db_es($filetype) . "','" . time() . "','" . db_ei($userid) . "')");
$id = db_insertid($res, 'artifact_file', 'id');
if (!$res || !$id) {
$this->setError('ArtifactFile: ' . db_error());
return false;
} else {
$this->clearError();
$changes['attach']['description'] = $description;
$changes['attach']['name'] = $filename;
$changes['attach']['size'] = $filesize;
if ($old_value == '') {
$new_value = $filename;
} else {
$new_value = $old_value . "," . $filename;
}
$this->Artifact->addHistory('attachment', $old_value, $new_value);
$changes['attach']['href'] = get_server_url() . "/tracker/download.php?artifact_id=" . $this->Artifact->getID() . "&id={$id}";
return $id;
}
}
function outerTabs($params)
{
global $Language, $sys_use_trove, $sys_use_snippet;
$selected_top_tab = '';
if (isset($params['selected_top_tab'])) {
$selected_top_tab = $params['selected_top_tab'];
}
$menuTree = new TreeNode();
$sthSelected = false;
$menuTree->addChild(new TreeNode(array('link' => '/', 'title' => $Language->getText('menu', 'home'))));
// We need to keep a reference on this node in order to set the
// selected value in the data. See bottom of this function.
$homeNode =& $menuTree->getChild(0);
if (user_isloggedin()) {
$selected = isset($params['selected_top_tab']) && $params['selected_top_tab'] == '/my/' || strstr(getStringFromServer('REQUEST_URI'), '/my/') || strstr(getStringFromServer('REQUEST_URI'), '/account/');
$sthSelected = $sthSelected || $selected;
$mynode = new TreeNode(array('link' => '/my/', 'title' => $Language->getText('menu', 'my_personal_page'), 'selected' => $selected));
if ($selected) {
$selected = isset($params['selected_top_tab']) && $params['selected_top_tab'] == '/my/' || (bool) strstr(getStringFromServer('REQUEST_URI'), '/my/');
$mynode->addChild(new TreeNode(array('link' => '/my/', 'title' => $Language->getText('my_index', 'my_dashboard'), 'selected' => $selected)));
$selected = (bool) strstr(getStringFromServer('REQUEST_URI'), '/account/');
$mynode->addChild(new TreeNode(array('link' => '/account/', 'title' => $Language->getText('my_index', 'account_maintenance'), 'selected' => $selected)));
}
$menuTree->addChild($mynode);
} else {
$selected = (bool) strstr(getStringFromServer('REQUEST_URI'), '/my/');
$sthSelected = $sthSelected || $selected;
$menuTree->addChild(new TreeNode(array('link' => '/my/', 'title' => $Language->getText('menu', 'my_personal_page'), 'selected' => $selected)));
}
if ($GLOBALS['sys_use_trove'] != 0 || isset($params['group']) && $params['group']) {
$selected = false;
if (isset($params['group']) && $params['group']) {
// get group info using the common result set
$pm = ProjectManager::instance();
$project = $pm->getProject($params['group']);
if ($project && is_object($project)) {
if ($project->isError()) {
die('is error');
} else {
$sthSelected = true;
$projTree = $this->project_tabs($params['toptab'], $params['group']);
$projTree->setData(array('link' => '/softwaremap/', 'title' => $Language->getText('menu', 'projectree'), 'selected' => true));
//'link'=>'/projects/'.$project->getUnixName().'/'
//,'title'=>$project->getPublicName()
//,'selected' => true));
$menuTree->addChild($projTree);
}
}
} else {
$selected = (bool) strstr(getStringFromServer('REQUEST_URI'), 'softwaremap');
$sthSelected = $sthSelected || $selected;
$menuTree->addChild(new TreeNode(array('link' => '/softwaremap/', 'title' => $Language->getText('menu', 'projectree'), 'selected' => $selected)));
}
}
if ($GLOBALS['sys_use_snippet'] != 0) {
$selected = (bool) strstr(getStringFromServer('REQUEST_URI'), '/snippet/');
$sthSelected = $sthSelected || $selected;
$menuTree->addChild(new TreeNode(array('link' => '/snippet/', 'title' => $Language->getText('menu', 'code_snippet'), 'selected' => $selected)));
}
if (user_ismember(1, 'A')) {
$selected = strpos(getStringFromServer('REQUEST_URI'), '/admin/') === 0 || $selected_top_tab === 'admin';
$sthSelected = $sthSelected || $selected;
$menuTree->addChild(new TreeNode(array('link' => '/admin/', 'title' => $Language->getText('menu', 'admin'), 'selected' => $selected)));
}
$selected = (bool) (strstr(getStringFromServer('REQUEST_URI'), '/site/') || $selected_top_tab === 'site');
$sthSelected = $sthSelected || $selected;
$menuTree->addChild(new TreeNode(array('link' => '/site/', 'title' => $Language->getText('include_layout', 'Help'), 'selected' => $selected)));
$additional_tabs = array();
include $GLOBALS['Language']->getContent('layout/extra_tabs', null, null, '.php');
foreach ($additional_tabs as $t) {
$sthSelected = $sthSelected || $t['selected'];
$menuTree->addChild(new TreeNode($t));
}
// Set selected value for 'home' link (this is the selected tab
// if no other was previously selected)
$homeNodeData =& $homeNode->getData();
$homeNodeData['selected'] = !$sthSelected;
$buildMenuVisitor = new BuildMenuVisitor();
$menuTree->accept($buildMenuVisitor);
echo $buildMenuVisitor->getHtml();
}
