Esempio n. 1
0
 function doAction()
 {
     if (isset($_POST['logout'])) {
         unset($_SESSION['cid']);
         AuthCookie::destroyAuthentication();
         $this->result = 'unlogged';
     }
 }
Esempio n. 2
0
	function doAction (){	
		//if parameters are set
		if(!empty($this->login) or !empty($this->pass) and !isset($_POST['logout']) and !isset($_POST['reset'])){
			//check login
			$this->doLogin();
		}
		if(isset($_POST['logout'])){
			unset($_SESSION['cid']);
			AuthCookie::destroyAuthentication();
			$this->result='unlogged';
		}
		if(isset($_POST['reset'])){
			$outcome=sendResetLink($this->login);
			if($outcome) $this->result='sent';
		}
	}
 public function doAction()
 {
     if ($this->user_logged && !empty($this->userData)) {
         //user has been validated, data was by Google
         //check if user exists in db; if not, create
         $result = tryInsertUserFromOAuth($this->userData);
         if (false == $result) {
             die("error in insert");
         }
         //set stuff
         AuthCookie::setCredentials($this->userData['email'], $result['uid']);
         //$_SESSION['cid'] = $this->userdata['email'];
         $_theresAnonymousProject = isset($_SESSION['_anonym_pid']) && !empty($_SESSION['_anonym_pid']);
         $_incomingFromNewProject = isset($_SESSION['_newProject']) && !empty($_SESSION['_newProject']);
         if ($_theresAnonymousProject && $_incomingFromNewProject) {
             //update anonymous project with user credentials
             $result = updateProjectOwner($this->userData['email'], $_SESSION['_anonym_pid']);
         }
     }
     //destroy session info of last anonymous project
     unset($_SESSION['_anonym_pid']);
     unset($_SESSION['_newProject']);
 }
Esempio n. 4
0
 /**
  * @param int $issue_id
  * @param bool $redeemed_only
  * @return array
  * @access protected
  */
 public function getIncidentTypes($issue_id, $redeemed_only)
 {
     $prj_id = Issue::getProjectID($issue_id);
     AuthCookie::setProjectCookie($prj_id);
     // FIXME: $customer_id unused
     $customer_id = Issue::getCustomerID($issue_id);
     if (!CRM::hasCustomerIntegration($prj_id)) {
         // no customer integration
         throw new RemoteApiException("No customer integration for issue #{$issue_id}");
     }
     $crm = CRM::getInstance($prj_id);
     // FIXME: $all_types unused
     $all_types = $crm->getIncidentTypes();
     $contract = $crm->getContract(Issue::getContractID($issue_id));
     if (!$contract->hasPerIncident()) {
         // check if is per incident contract
         throw new RemoteApiException("Customer for issue #{$issue_id} does not have a per-incident contract");
     }
     $incidents = $contract->getIncidents();
     foreach ($incidents as $type_id => $type_details) {
         $is_redeemed = $contract->isRedeemedIncident($issue_id, $type_id);
         if ($redeemed_only && !$is_redeemed || !$redeemed_only && $is_redeemed) {
             unset($incidents[$type_id]);
         }
     }
     return $incidents;
 }
Esempio n. 5
0
 /**
  * Class constructor
  *
  * @param bool $isAuthRequired
  */
 public function __construct($isAuthRequired = false)
 {
     if (!parent::isRightVersion()) {
         header("Location: " . INIT::$HTTPHOST . INIT::$BASEURL . "badConfiguration", true, 303);
         exit;
     }
     //SESSION ENABLED
     parent::sessionStart();
     //load Template Engine
     require_once INIT::$ROOT . '/inc/PHPTAL/PHPTAL.php';
     $this->supportedBrowser = $this->isSupportedWebBrowser();
     //try to get user name from cookie if it is not present and put it in session
     if (empty($_SESSION['cid'])) {
         //log::doLog(get_class($this)." requires check for login");
         $username_from_cookie = AuthCookie::getCredentials();
         if ($username_from_cookie) {
             $_SESSION['cid'] = $username_from_cookie['username'];
             $_SESSION['uid'] = $username_from_cookie['uid'];
         }
     }
     //even if no login in required, if user data is present, pull it out
     if (!empty($_SESSION['cid'])) {
         $userSearch = new Users_UserStruct();
         $userSearch->email = $_SESSION['cid'];
         $userDao = new Users_UserDao(Database::obtain());
         $userObject = $userDao->read($userSearch);
         /**
          * @var $userObject Users_UserStruct
          */
         $userObject = $userObject[0];
         //            $this->logged_user = getUserData( $_SESSION[ 'cid' ] );
         $this->logged_user = $userObject;
     }
     if ($isAuthRequired) {
         //if auth is required, stat procedure
         $this->doAuth();
     }
 }
Esempio n. 6
0
 /**
  * NOTE: this needs to be public for PHP 5.3 compatibility
  *
  * @param ReflectionMethod $method
  * @param array $params Method parameters in already decoded into PHP types
  * @param bool $public true if method should not be protected with login/password
  * @param array $pdesc Parameter descriptions
  * @return string
  */
 public function handle($method, $params, $public, $pdesc)
 {
     // there's method to set this via $client->setAutoBase64(true);
     // but nothing at server side. where we actually need it
     $GLOBALS['XML_RPC_auto_base64'] = true;
     try {
         if (!$public) {
             list($email, $password) = $this->getAuthParams($params);
             if (!Auth::isCorrectPassword($email, $password) && !APIAuthToken::isTokenValidForEmail($password, $email)) {
                 // FIXME: role is not checked here
                 throw new RemoteApiException("Authentication failed for {$email}. Your login/password/api key is invalid or you do not have the proper role.");
             }
             AuthCookie::setAuthCookie($email);
         }
         if ($pdesc) {
             $this->decodeParams($params, $pdesc);
         }
         $res = $method->invokeArgs($this->api, $params);
     } catch (Exception $e) {
         global $XML_RPC_erruser;
         $code = $e->getCode() ?: 1;
         $res = new XML_RPC_Response(0, $XML_RPC_erruser + $code, $e->getMessage());
     }
     if (!$res instanceof XML_RPC_Response) {
         $res = new XML_RPC_Response(XML_RPC_Encode($res));
     }
     return $res;
 }
 /**
  * Method used to get the system-wide defaults.
  *
  * @return  string array of the default parameters
  */
 public static function getDefaults()
 {
     $defaults = array('host' => 'localhost', 'port' => 443, 'context' => '/cas', 'customer_id_attribute' => '', 'contact_id_attribute' => '', 'create_users' => null, 'default_role' => array());
     if (AuthCookie::hasAuthCookie()) {
         // ensure there is entry for current project
         $prj_id = Auth::getCurrentProject();
         $defaults['default_role'][$prj_id] = 0;
     }
     return $defaults;
 }
Esempio n. 8
0
/*
 * This file is part of the Eventum (Issue Tracking System) package.
 *
 * @copyright (c) Eventum Team
 * @license GNU General Public License, version 2 or later (GPL-2+)
 *
 * For the full copyright and license information,
 * please see the COPYING and AUTHORS files
 * that were distributed with this source code.
 */
require_once __DIR__ . '/../../init.php';
// handle ajax upload
// FIXME: no identity logged who added the file.
try {
    // check if logged in. if not, just give error
    if (!AuthCookie::hasAuthCookie()) {
        throw new BadFunctionCallException(ev_gettext('Must be logged in'));
    }
    if (!isset($_GET['file'])) {
        // TRANSLATORS: this is technical error and should not be displayed to end users
        throw new InvalidArgumentException(ev_gettext('No file argument'));
    }
    $file = (string) $_GET['file'];
    if (!isset($_FILES[$file])) {
        throw new InvalidArgumentException(ev_gettext('No files uploaded'));
    }
    $iaf_id = Attachment::addFiles($_FILES[$file]);
    $res = array('error' => 0, 'iaf_id' => $iaf_id);
} catch (Exception $e) {
    $code = $e->getCode();
    $res = array('error' => $code ? $code : -1, 'message' => $e->getMessage());
Esempio n. 9
0
 /**
  * Gets the current selected project from the project cookie.
  *
  * @return  integer The project ID
  */
 public static function getCurrentProject($redirect = true)
 {
     $cookie = AuthCookie::getProjectCookie();
     if (!$cookie) {
         return '';
     }
     $usr_id = self::getUserID();
     $projects = Project::getAssocList($usr_id);
     if ($usr_id == APP_SYSTEM_USER_ID) {
         return isset($cookie['prj_id']) ? (int) $cookie['prj_id'] : null;
     }
     if ($projects != null && !in_array($cookie['prj_id'], array_keys($projects))) {
         if ($redirect) {
             self::redirect('select_project.php');
         } else {
             return false;
         }
     }
     return $cookie['prj_id'];
 }
Esempio n. 10
0
 /**
  * Creates a new issue from an email if appropriate. Also returns if this message is related
  * to a previous message.
  *
  * @param   array   $info An array of info about the email account.
  * @param   string  $headers The headers of the email.
  * @param   string  $message_body The body of the message.
  * @param   string  $date The date this message was sent
  * @param   string  $from The name and email address of the sender.
  * @param   string  $subject The subject of this message.
  * @param   array   $to An array of to addresses
  * @param   array   $cc An array of cc addresses
  * @return  array   An array of information about the message
  */
 public function createIssueFromEmail($info, $headers, $message_body, $date, $from, $subject, $to, $cc)
 {
     $should_create_issue = false;
     $issue_id = '';
     $associate_email = '';
     $type = 'email';
     $parent_id = '';
     $customer_id = false;
     $contact_id = false;
     $contract_id = false;
     $severity = false;
     // we can't trust the in-reply-to from the imap c-client, so let's
     // try to manually parse that value from the full headers
     $references = Mail_Helper::getAllReferences($headers);
     $message_id = Mail_Helper::getMessageID($headers, $message_body);
     $workflow = Workflow::getIssueIDforNewEmail($info['ema_prj_id'], $info, $headers, $message_body, $date, $from, $subject, $to, $cc);
     if (is_array($workflow)) {
         if (isset($workflow['customer_id'])) {
             $customer_id = $workflow['customer_id'];
         }
         if (isset($workflow['contract_id'])) {
             $contract_id = $workflow['contract_id'];
         }
         if (isset($workflow['contact_id'])) {
             $contact_id = $workflow['contact_id'];
         }
         if (isset($workflow['severity'])) {
             $severity = $workflow['severity'];
         }
         if (isset($workflow['should_create_issue'])) {
             $should_create_issue = $workflow['should_create_issue'];
         } else {
             $should_create_issue = true;
         }
     } elseif ($workflow == 'new') {
         $should_create_issue = true;
     } elseif (is_numeric($workflow)) {
         $issue_id = $workflow;
     } else {
         $setup = Setup::get();
         if ($setup['subject_based_routing']['status'] == 'enabled') {
             // Look for issue ID in the subject line
             // look for [#XXXX] in the subject line
             if (preg_match("/\\[#(\\d+)\\]( Note| BLOCKED)*/", $subject, $matches)) {
                 $should_create_issue = false;
                 $issue_id = $matches[1];
                 if (!Issue::exists($issue_id, false)) {
                     $issue_id = '';
                 } elseif (!empty($matches[2])) {
                     $type = 'note';
                 }
             } else {
                 $should_create_issue = true;
             }
         } else {
             // - if this email is a reply:
             if (count($references) > 0) {
                 foreach ($references as $reference_msg_id) {
                     //  -> check if the replied email exists in the database:
                     if (Note::exists($reference_msg_id)) {
                         // note exists
                         // get what issue it belongs too.
                         $issue_id = Note::getIssueByMessageID($reference_msg_id);
                         $should_create_issue = false;
                         $type = 'note';
                         $parent_id = Note::getIDByMessageID($reference_msg_id);
                         break;
                     } elseif (self::exists($reference_msg_id) || Issue::getIssueByRootMessageID($reference_msg_id) != false) {
                         // email or issue exists
                         $issue_id = self::getIssueByMessageID($reference_msg_id);
                         if (empty($issue_id)) {
                             $issue_id = Issue::getIssueByRootMessageID($reference_msg_id);
                         }
                         if (empty($issue_id)) {
                             // parent email isn't associated with issue.
                             //      --> create new issue, associate current email and replied email to this issue
                             $should_create_issue = true;
                             $associate_email = $reference_msg_id;
                         } else {
                             // parent email is associated with issue:
                             //      --> associate current email with existing issue
                             $should_create_issue = false;
                         }
                         break;
                     } else {
                         //  no matching note, email or issue:
                         //    => create new issue and associate current email with it
                         $should_create_issue = true;
                     }
                 }
             } else {
                 // - if this email is not a reply:
                 //  -> create new issue and associate current email with it
                 $should_create_issue = true;
             }
         }
     }
     $sender_email = Mail_Helper::getEmailAddress($from);
     if (Misc::isError($sender_email)) {
         $sender_email = 'Error Parsing Email <>';
     }
     // only create a new issue if this email is coming from a known customer
     if ($should_create_issue && $info['ema_issue_auto_creation_options']['only_known_customers'] == 'yes' && CRM::hasCustomerIntegration($info['ema_prj_id']) && !$customer_id) {
         try {
             $crm = CRM::getInstance($info['ema_prj_id']);
             $should_create_issue = true;
         } catch (CRMException $e) {
             $should_create_issue = false;
         }
     }
     // check whether we need to create a new issue or not
     if ($info['ema_issue_auto_creation'] == 'enabled' && $should_create_issue && !Notification::isBounceMessage($sender_email)) {
         $options = Email_Account::getIssueAutoCreationOptions($info['ema_id']);
         AuthCookie::setAuthCookie(APP_SYSTEM_USER_ID);
         AuthCookie::setProjectCookie($info['ema_prj_id']);
         $issue_id = Issue::createFromEmail($info['ema_prj_id'], APP_SYSTEM_USER_ID, $from, Mime_Helper::decodeQuotedPrintable($subject), $message_body, @$options['category'], @$options['priority'], @$options['users'], $date, $message_id, $severity, $customer_id, $contact_id, $contract_id);
         // add sender to authorized repliers list if they are not a real user
         $sender_usr_id = User::getUserIDByEmail($sender_email, true);
         if (empty($sender_usr_id)) {
             Authorized_Replier::manualInsert($issue_id, $sender_email, false);
         }
         // associate any existing replied-to email with this new issue
         if (!empty($associate_email) && !empty($reference_issue_id)) {
             $reference_sup_id = self::getIDByMessageID($associate_email);
             self::associate(APP_SYSTEM_USER_ID, $issue_id, array($reference_sup_id));
         }
     }
     // need to check crm for customer association
     if (!empty($from)) {
         if (CRM::hasCustomerIntegration($info['ema_prj_id']) && !$customer_id) {
             // check for any customer contact association
             try {
                 $crm = CRM::getInstance($info['ema_prj_id']);
                 $contact = $crm->getContactByEmail($sender_email);
                 $contact_id = $contact->getContactID();
                 $contracts = $contact->getContracts(array(CRM_EXCLUDE_EXPIRED));
                 $contract = $contracts[0];
                 $customer_id = $contract->getCustomerID();
             } catch (CRMException $e) {
                 $customer_id = null;
                 $contact_id = null;
             }
         }
     }
     return array('should_create_issue' => $should_create_issue, 'associate_email' => $associate_email, 'issue_id' => $issue_id, 'customer_id' => $customer_id, 'contact_id' => $contact_id, 'type' => $type, 'parent_id' => $parent_id);
 }
Esempio n. 11
0
 /**
  * Routes a draft to the correct issue.
  *
  * @param   string $full_message The complete draft.
  * @return  mixed   true or array(ERROR_CODE, ERROR_STRING) in case of failure
  */
 public static function route_drafts($full_message)
 {
     // save the full message for logging purposes
     Draft::saveRoutedMessage($full_message);
     if (preg_match('/^(boundary=).*/m', $full_message)) {
         $pattern = "/(Content-Type: multipart\\/)(.+); ?\r?\n(boundary=)(.*)\$/im";
         $replacement = '$1$2; $3$4';
         $full_message = preg_replace($pattern, $replacement, $full_message);
     }
     // need some validation here
     if (empty($full_message)) {
         return array(self::EX_NOINPUT, ev_gettext('Error: The email message was empty.') . "\n");
     }
     // remove the reply-to: header
     if (preg_match('/^(reply-to:).*/im', $full_message)) {
         $full_message = preg_replace("/^(reply-to:).*\n/im", '', $full_message, 1);
     }
     // check if the draft interface is even supposed to be enabled
     $setup = Setup::get();
     if ($setup['draft_routing']['status'] != 'enabled') {
         return array(self::EX_CONFIG, ev_gettext('Error: The email draft interface is disabled.') . "\n");
     }
     if (empty($setup['draft_routing']['address_prefix'])) {
         return array(self::EX_CONFIG, ev_gettext('Error: Please configure the email address prefix.') . "\n");
     }
     if (empty($setup['draft_routing']['address_host'])) {
         return array(self::EX_CONFIG, ev_gettext('Error: Please configure the email address domain.') . "\n");
     }
     $structure = Mime_Helper::decode($full_message, true, false);
     // find which issue ID this email refers to
     if (isset($structure->headers['to'])) {
         $issue_id = self::getMatchingIssueIDs($structure->headers['to'], 'draft');
     }
     // validation is always a good idea
     if (empty($issue_id) and isset($structure->headers['cc'])) {
         // we need to try the Cc header as well
         $issue_id = self::getMatchingIssueIDs($structure->headers['cc'], 'draft');
     }
     if (empty($issue_id)) {
         return array(self::EX_DATAERR, ev_gettext('Error: The routed email had no associated Eventum issue ID or had an invalid recipient address.') . "\n");
     }
     $prj_id = Issue::getProjectID($issue_id);
     // check if the sender is allowed in this issue' project and if it is an internal user
     $sender_email = strtolower(Mail_Helper::getEmailAddress($structure->headers['from']));
     $sender_usr_id = User::getUserIDByEmail($sender_email, true);
     if (!empty($sender_usr_id)) {
         $sender_role = User::getRoleByUser($sender_usr_id, $prj_id);
         if ($sender_role < User::ROLE_USER) {
             return array(self::EX_NOPERM, ev_gettext("Error: The sender of this email is not allowed in the project associated with issue #{$issue_id}.") . "\n");
         }
     }
     AuthCookie::setAuthCookie(User::getUserIDByEmail($sender_email));
     AuthCookie::setProjectCookie($prj_id);
     $body = $structure->body;
     Draft::saveEmail($issue_id, @$structure->headers['to'], @$structure->headers['cc'], @$structure->headers['subject'], $body, false, false, false);
     // XXX: need to handle attachments coming from drafts as well?
     $usr_id = Auth::getUserID();
     History::add($issue_id, $usr_id, 'draft_routed', 'Draft routed from {from}', array('from' => $structure->headers['from']));
     return true;
 }