/**
* action_sendmagic
*
* @access public
* @return array
*/
function action_sendmagic()
{
global $db, $baseurl;
// Check that the username exists
if (strpos(Post::val('user_name'), '@') === false) {
$user = Flyspray::getUserDetails(Flyspray::UserNameToId(Post::val('user_name')));
} else {
$user_id = $db->x->GetOne('SELECT user_id FROM {users} WHERE email_address = ?', null, Post::val('user_name'));
$user = Flyspray::getUserDetails($user_id);
}
// If the username doesn't exist, throw an error
if (!is_array($user) || !count($user)) {
return array(ERROR_RECOVER, L('usernotexist'));
}
$magic_url = md5(uniqid(mt_rand(), true));
// Insert the random "magic url" into the user's profile
$db->x->execParam('UPDATE {users}
SET magic_url = ?
WHERE user_id = ?', array($magic_url, $user['user_id']));
Notifications::send($user['user_id'], ADDRESS_USER, NOTIFY_PW_CHANGE, array($baseurl, $magic_url));
return array(SUBMIT_OK, L('magicurlsent'));
}
/**
* Creates a new user
* @param string $user_name
* @param string $password
* @param string $real_name
* @param string $jabber_id
* @param string $email
* @param integer $notify_type
* @param integer $time_zone
* @param integer $group_in
* @access public
* @return bool false if username is already taken
* @version 1.0
* @notes This function does not have any permission checks (checked elsewhere)
*/
public static function create_user($user_name, $password, $real_name, $jabber_id, $email, $notify_type, $time_zone, $group_in, $enabled, $oauth_uid = '', $oauth_provider = '', $profile_image = '')
{
global $fs, $db, $notify, $baseurl;
$user_name = Backend::clean_username($user_name);
// TODO Handle this whole create_user better concerning return false. Why did it fail?
if (empty($user_name)) {
return false;
}
// Limit length
$real_name = substr(trim($real_name), 0, 100);
// Remove doubled up spaces and control chars
$real_name = preg_replace('![\\x00-\\x1f\\s]+!u', ' ', $real_name);
// Check to see if the username is available
$sql = $db->Query('SELECT COUNT(*) FROM {users} WHERE user_name = ?', array($user_name));
if ($db->fetchOne($sql)) {
return false;
}
$auto = false;
// Autogenerate a password
if (!$password) {
$auto = true;
$password = substr(md5(uniqid(mt_rand(), true)), 0, mt_rand(8, 12));
}
// Check the emails before inserting anything to database.
$emailList = explode(';', $email);
foreach ($emailList as $mail) {
//Still need to do: check email
$count = $db->Query("SELECT COUNT(*) FROM {user_emails} WHERE email_address = ?", array($mail));
$count = $db->fetchOne($count);
if ($count > 0) {
Flyspray::show_error("Email address has alredy been taken");
return false;
}
}
$db->Query("INSERT INTO {users}\n ( user_name, user_pass, real_name, jabber_id, profile_image, magic_url,\n email_address, notify_type, account_enabled,\n tasks_perpage, register_date, time_zone, dateformat,\n dateformat_extended, oauth_uid, oauth_provider, lang_code)\n VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, 25, ?, ?, ?, ?, ?, ?, ?)", array($user_name, Flyspray::cryptPassword($password), $real_name, strtolower($jabber_id), $profile_image, '', strtolower($email), $notify_type, $enabled, time(), $time_zone, '', '', $oauth_uid, $oauth_provider, $fs->prefs['lang_code']));
// Get this user's id for the record
$uid = Flyspray::UserNameToId($user_name);
foreach ($emailList as $mail) {
if ($mail != '') {
$db->Query("INSERT INTO {user_emails}(id,email_address,oauth_uid,oauth_provider) VALUES (?,?,?,?)", array($uid, strtolower($mail), $oauth_uid, $oauth_provider));
}
}
// Now, create a new record in the users_in_groups table
$db->Query('INSERT INTO {users_in_groups} (user_id, group_id)
VALUES (?, ?)', array($uid, $group_in));
Flyspray::logEvent(0, 30, serialize(Flyspray::getUserDetails($uid)));
$varnames = array('iwatch', 'atome', 'iopened');
$toserialize = array('string' => NULL, 'type' => array(''), 'sev' => array(''), 'due' => array(''), 'dev' => NULL, 'cat' => array(''), 'status' => array('open'), 'order' => NULL, 'sort' => NULL, 'percent' => array(''), 'opened' => NULL, 'search_in_comments' => NULL, 'search_for_all' => NULL, 'reported' => array(''), 'only_primary' => NULL, 'only_watched' => NULL);
foreach ($varnames as $tmpname) {
if ($tmpname == 'iwatch') {
$tmparr = array('only_watched' => '1');
} elseif ($tmpname == 'atome') {
$tmparr = array('dev' => $uid);
} elseif ($tmpname == 'iopened') {
$tmparr = array('opened' => $uid);
}
${$tmpname} = $tmparr + $toserialize;
}
// Now give him his default searches
$db->Query('INSERT INTO {searches} (user_id, name, search_string, time)
VALUES (?, ?, ?, ?)', array($uid, L('taskswatched'), serialize($iwatch), time()));
$db->Query('INSERT INTO {searches} (user_id, name, search_string, time)
VALUES (?, ?, ?, ?)', array($uid, L('assignedtome'), serialize($atome), time()));
$db->Query('INSERT INTO {searches} (user_id, name, search_string, time)
VALUES (?, ?, ?, ?)', array($uid, L('tasksireported'), serialize($iopened), time()));
if ($jabber_id) {
Notifications::JabberRequestAuth($jabber_id);
}
// Send a user his details (his username might be altered, password auto-generated)
// dont send notifications if the user logged in using oauth
if (!$oauth_provider) {
$recipients = self::GetAdminAddresses();
$newuser = array();
// Add the right message here depending on $enabled.
if ($enabled === 0) {
$newuser[0][$email] = array('recipient' => $email, 'lang' => $fs->prefs['lang_code']);
} else {
$newuser[0][$email] = array('recipient' => $email, 'lang' => $fs->prefs['lang_code']);
}
// Notify the appropriate users
$notify->Create(NOTIFY_NEW_USER, null, array($baseurl, $user_name, $real_name, $email, $jabber_id, $password, $auto), $recipients, NOTIFY_EMAIL);
// And also the new user
$notify->Create(NOTIFY_OWN_REGISTRATION, null, array($baseurl, $user_name, $real_name, $email, $jabber_id, $password, $auto), $newuser, NOTIFY_EMAIL);
}
// If the account is created as not enabled, no matter what any
// preferences might say or how the registration was made in first
// place, it MUST be first approved by an admin. And a small
// work-around: there's no field for email, so we use reason_given
// for that purpose.
if ($enabled === 0) {
Flyspray::AdminRequest(3, 0, 0, $uid, $email);
}
return true;
}
/**
* Creates a new user
* @param string $user_name
* @param string $password
* @param string $real_name
* @param string $jabber_id
* @param string $email
* @param integer $notify_type
* @param integer $time_zone
* @param integer $group_in
* @access public
* @return mixed false if username is already taken, otherwise integer uid
* @version 1.0
* @notes This function does not have any permission checks (checked elsewhere)
*/
function create_user($user_name, $password, $real_name, $jabber_id, $email, $notify_type, $time_zone, $group_in)
{
global $fs, $db, $baseurl;
$user_name = Backend::clean_username($user_name);
// Limit lengths
$real_name = substr(trim($real_name), 0, 100);
// Remove doubled up spaces and control chars
$real_name = preg_replace('![\\x00-\\x1f\\s]+!u', ' ', $real_name);
// Check to see if the username is available
$username_exists = $db->x->GetOne('SELECT COUNT(*) FROM {users} WHERE user_name = ?', null, $user_name);
if ($username_exists) {
return false;
}
$auto = false;
// Autogenerate a password
if (!$password) {
$auto = true;
$password = substr(md5(uniqid(mt_rand(), true)), 0, mt_rand(8, 12));
}
$salt = md5(uniqid(mt_rand(), true));
$userdata = array('user_name' => $user_name, 'user_pass' => Flyspray::cryptPassword($password, $salt), 'password_salt' => $salt, 'real_name' => $real_name, 'jabber_id' => $jabber_id, 'email_address' => $email, 'notify_type' => $notify_type, 'time_zone' => $time_zone, 'register_date' => time(), 'account_enabled' => 1);
$db->x->autoExecute('{users}', $userdata);
// Get this user's id for the record
$uid = Flyspray::UserNameToId($user_name);
// Now, create a new record in the users_in_groups table
$db->x->autoExecute('{users_in_groups}', array('user_id' => $uid, 'group_id' => $group_in));
Flyspray::logEvent(0, 30, serialize(Flyspray::getUserDetails($uid)));
// Add user to project groups
$sql = $db->x->getAll('SELECT anon_group FROM {projects} WHERE anon_group != 0');
if (count($sql)) {
$stmt = $db->x->autoPrepare('{users_in_groups}', array('user_id', 'group_id'));
foreach ($sql as $row) {
$stmt->execute(array($uid, $row['anon_group']));
}
$stmt->free();
}
$varnames = array('iwatch', 'atome', 'iopened');
$toserialize = array('string' => null, 'type' => array(''), 'sev' => array(''), 'due' => array(''), 'dev' => null, 'cat' => array(''), 'status' => array('open'), 'order' => null, 'sort' => null, 'percent' => array(''), 'opened' => null, 'search_in_comments' => null, 'search_for_all' => null, 'reported' => array(''), 'only_primary' => null, 'only_watched' => null);
foreach ($varnames as $tmpname) {
if ($tmpname == 'iwatch') {
$tmparr = array('only_watched' => '1');
} elseif ($tmpname == 'atome') {
$tmparr = array('dev' => $uid);
} elseif ($tmpname == 'iopened') {
$tmparr = array('opened' => $uid);
}
${$tmpname} = $tmparr + $toserialize;
}
// Now give him his default searches
$stmt = $db->x->autoPrepare('{searches}', array('user_id', 'name', 'search_string', 'time'));
$params = array(array($uid, L('taskswatched'), serialize($iwatch), time()), array($uid, L('assignedtome'), serialize($atome), time()), array($uid, L('tasksireported'), serialize($iopened), time()));
$db->x->executeMultiple($stmt, $params);
$stmt->free();
if ($jabber_id) {
Notifications::JabberRequestAuth($jabber_id);
}
// Send a user his details (his username might be altered, password auto-generated)
if ($fs->prefs['notify_registration']) {
$admins = $db->x->GetCol('SELECT user_id
FROM {users_in_groups}
WHERE group_id = 1');
Notifications::send($admins, ADDRESS_USER, NOTIFY_NEW_USER, array($baseurl, $user_name, $real_name, $email, $jabber_id, $password, $auto));
}
return $uid;
}
Flyspray::logEvent($related_task, 16, $task['task_id']);
$_SESSION['SUCCESS'] = L('relatedremoved');
}
}
break;
// ##################
// adding a user to the notification list
// ##################
// ##################
// adding a user to the notification list
// ##################
case 'details.add_notification':
if (Req::val('user_id')) {
$userId = Req::val('user_id');
} else {
$userId = Flyspray::UserNameToId(Req::val('user_name'));
}
if (!Backend::add_notification($userId, Req::val('ids'))) {
Flyspray::show_error(L('couldnotaddusernotif'));
break;
}
// TODO: Log event in a later version.
$_SESSION['SUCCESS'] = L('notifyadded');
Flyspray::Redirect(CreateURL('details', $task['task_id']) . '#notify');
break;
// ##################
// removing a notification entry
// ##################
// ##################
// removing a notification entry
// ##################
function action_updateproject()
{
global $proj, $db, $baseurl;
if (Post::val('delete_project')) {
$url = Post::val('move_to') ? CreateURL(array('pm', 'proj' . Post::num('move_to'), 'prefs')) : $baseurl;
if (Backend::delete_project($proj->id, Post::val('move_to'))) {
return array(SUBMIT_OK, L('projectdeleted'), $url);
} else {
return array(ERROR_INPUT, L('projectnotdeleted'), $url);
}
}
if (!Post::val('project_title')) {
return array(ERROR_RECOVER, L('emptytitle'));
}
$cols = array('project_title', 'theme_style', 'lang_code', 'default_task', 'default_entry', 'intro_message', 'notify_email', 'notify_jabber', 'notify_subject', 'notify_reply', 'feed_description', 'feed_img_url', 'svn_user', 'svn_url', 'svn_password', 'mail_headers');
$args = array_map('Post_to0', $cols);
foreach (array('others_view', 'anon_open', 'send_digest', 'anon_view_tasks', 'anon_group', 'comment_closed', 'auto_assign', 'roadmap_field', 'override_user_lang') as $name) {
$cols[] = $name;
$args[] = Post::num($name);
}
foreach (array('notify_types', 'changelog_reso', 'syntax_plugins') as $name) {
$cols[] = $name;
$args[] = implode(' ', (array) Post::val($name));
}
// invalidate the cache if necessary
if (implode(' ', (array) Post::val('syntax_plugins')) != $proj->prefs['syntax_plugins']) {
$db->execParam('DELETE FROM {cache} WHERE project_id = ?', $proj->id);
}
// carefully check the project prefix...
$prefix = Post::val('project_prefix');
// already in use?
$use = $db->x->GetOne('SELECT project_id FROM {projects} WHERE project_prefix = ? AND project_id != ?', null, array($prefix, $proj->id));
if (Filters::isAlnum($prefix) && $prefix != 'FS' && !$use) {
$cols[] = 'project_prefix';
$args[] = $prefix;
} else {
return array(ERROR_RECOVER, L('badprefix'));
}
$cols[] = 'last_updated';
$args[] = time();
$cols[] = 'default_cat_owner';
$args[] = Flyspray::UserNameToId(Post::val('default_cat_owner'));
$db->x->autoExecute('{projects}', array_combine($cols, $args), MDB2_AUTOQUERY_UPDATE, sprintf('project_id = %d', $proj->id));
$db->x->execParam('UPDATE {projects} SET visible_columns = ? WHERE project_id = ?', array(trim(Post::val('visible_columns')), $proj->id));
return array(SUBMIT_OK, L('projectupdated'));
}
/**
* Tries to determine a user ID from a user name. If the
* user name does not exist, it assumes an user ID as input.
* @param mixed $user (string or int)
* @access public static
* @return integer 0 if the user does not exist
* @version 1.0
*/
function UserNameOrId($user)
{
$val = Flyspray::UserNameToId($user);
return $val ? $val : Flyspray::ValidUserId($user);
}
function action_update_category()
{
global $fs, $db, $proj, $user;
$listname = Post::val('list_name');
$listshow = Post::val('show_in_list');
$listid = Post::val('id');
$listdelete = Post::val('delete');
$listlft = Post::val('lft');
$listrgt = Post::val('rgt');
$missing = 0;
for ($i = 0; $i < count($listname); $i++) {
if ($listname[$i] != '') {
if (!isset($listshow[$i])) {
$listshow[$i] = 0;
}
$db->x->execParam('UPDATE {list_category} lc
LEFT JOIN {lists} l ON l.list_id = lc.list_id
SET category_name = ?,
show_in_list = ?, category_owner = ?,
lft = ?, rgt = ?
WHERE category_id = ? AND project_id = ?', array($listname[$i], intval($listshow[$i]), Flyspray::UserNameToId(Post::val('category_owner' . $i)), intval($listlft[$i]), intval($listrgt[$i]), intval($listid[$i]), $proj->id));
// Correct visibility for sub categories
if ($listshow[$i] == 0) {
foreach ($listname as $key => $value) {
if ($listlft[$key] > $listlft[$i] && $listrgt[$key] < $listrgt[$i]) {
$listshow[$key] = 0;
}
}
}
} else {
$missing = -SUBMIT_OK + ERROR_RECOVER;
}
}
if (is_array($listdelete) && count($listdelete)) {
$deleteids = " category_id = " . join(" OR category_id =", array_map('intval', array_keys($listdelete)));
$db->x->execParam("DELETE lc FROM {list_category} lc\n LEFT JOIN {lists} l ON lc.list_id = l.list_id\n WHERE project_id = ? AND ({$deleteids})", $proj->id);
}
return array(SUBMIT_OK + $missing, L('listupdated'));
}
/**
* Creates a new user
* @param string $user_name
* @param string $password
* @param string $real_name
* @param string $jabber_id
* @param string $email
* @param integer $notify_type
* @param integer $time_zone
* @param integer $group_in
* @access public
* @return bool false if username is already taken
* @version 1.0
* @notes This function does not have any permission checks (checked elsewhere)
*/
public static function create_user($user_name, $password, $real_name, $jabber_id, $email, $notify_type, $time_zone, $group_in)
{
global $fs, $db, $notify, $baseurl;
$user_name = Backend::clean_username($user_name);
// Limit length
$real_name = substr(trim($real_name), 0, 100);
// Remove doubled up spaces and control chars
$real_name = preg_replace('![\\x00-\\x1f\\s]+!u', ' ', $real_name);
// Check to see if the username is available
$sql = $db->Query('SELECT COUNT(*) FROM {users} WHERE user_name = ?', array($user_name));
if ($db->fetchOne($sql)) {
return false;
}
$auto = false;
// Autogenerate a password
if (!$password) {
$auto = true;
$password = substr(md5(uniqid(mt_rand(), true)), 0, mt_rand(8, 12));
}
$db->Query("INSERT INTO {users}\n ( user_name, user_pass, real_name, jabber_id, magic_url,\n email_address, notify_type, account_enabled,\n tasks_perpage, register_date, time_zone, dateformat, dateformat_extended)\n VALUES ( ?, ?, ?, ?, ?, ?, ?, 1, 25, ?, ?, ?, ?)", array($user_name, Flyspray::cryptPassword($password), $real_name, strtolower($jabber_id), '', strtolower($email), $notify_type, time(), $time_zone, '', ''));
// Get this user's id for the record
$uid = Flyspray::UserNameToId($user_name);
// Now, create a new record in the users_in_groups table
$db->Query('INSERT INTO {users_in_groups} (user_id, group_id)
VALUES (?, ?)', array($uid, $group_in));
Flyspray::logEvent(0, 30, serialize(Flyspray::getUserDetails($uid)));
$varnames = array('iwatch', 'atome', 'iopened');
$toserialize = array('string' => NULL, 'type' => array(''), 'sev' => array(''), 'due' => array(''), 'dev' => NULL, 'cat' => array(''), 'status' => array('open'), 'order' => NULL, 'sort' => NULL, 'percent' => array(''), 'opened' => NULL, 'search_in_comments' => NULL, 'search_for_all' => NULL, 'reported' => array(''), 'only_primary' => NULL, 'only_watched' => NULL);
foreach ($varnames as $tmpname) {
if ($tmpname == 'iwatch') {
$tmparr = array('only_watched' => '1');
} elseif ($tmpname == 'atome') {
$tmparr = array('dev' => $uid);
} elseif ($tmpname == 'iopened') {
$tmparr = array('opened' => $uid);
}
${$tmpname} = $tmparr + $toserialize;
}
// Now give him his default searches
$db->Query('INSERT INTO {searches} (user_id, name, search_string, time)
VALUES (?, ?, ?, ?)', array($uid, L('taskswatched'), serialize($iwatch), time()));
$db->Query('INSERT INTO {searches} (user_id, name, search_string, time)
VALUES (?, ?, ?, ?)', array($uid, L('assignedtome'), serialize($atome), time()));
$db->Query('INSERT INTO {searches} (user_id, name, search_string, time)
VALUES (?, ?, ?, ?)', array($uid, L('tasksireported'), serialize($iopened), time()));
if ($jabber_id) {
Notifications::JabberRequestAuth($jabber_id);
}
// Send a user his details (his username might be altered, password auto-generated)
if ($fs->prefs['notify_registration']) {
$sql = $db->Query('SELECT DISTINCT email_address
FROM {users} u
LEFT JOIN {users_in_groups} g ON u.user_id = g.user_id
WHERE g.group_id = 1');
$notify->Create(NOTIFY_NEW_USER, null, array($baseurl, $user_name, $real_name, $email, $jabber_id, $password, $auto), $db->FetchCol($sql), NOTIFY_EMAIL);
}
return true;
}
<?php
/*********************************************************\
| View a user's profile |
| ~~~~~~~~~~~~~~~~~~~~ |
\*********************************************************/
if (!defined('IN_FS')) {
die('Do not access this file directly.');
}
$page->assign('groups', Flyspray::ListGroups());
if ($proj->id) {
$page->assign('project_groups', Flyspray::ListGroups($proj->id));
}
$id = Flyspray::ValidUserId(Get::val('id', Get::val('uid')));
if (!$id) {
$id = Flyspray::UserNameToId(Get::val('user_name'));
}
$theuser = new User($id);
if ($theuser->isAnon()) {
Flyspray::show_error(19);
}
// Some possibly interesting information about the user
$sql = $db->Query('SELECT count(*) FROM {comments} WHERE user_id = ?', array($theuser->id));
$page->assign('comments', $db->fetchOne($sql));
$sql = $db->Query('SELECT count(*) FROM {tasks} WHERE opened_by = ?', array($theuser->id));
$page->assign('tasks', $db->fetchOne($sql));
$sql = $db->Query('SELECT count(*) FROM {assigned} WHERE user_id = ?', array($theuser->id));
$page->assign('assigned', $db->fetchOne($sql));
$page->assign('theuser', $theuser);
$page->setTitle($fs->prefs['page_title'] . L('viewprofile'));
$page->pushTpl('profile.tpl');
function action_add_notification()
{
if (Req::val('user_id')) {
$userId = Req::val('user_id');
} else {
$userId = Flyspray::UserNameToId(Req::val('user_name'));
}
if (!Backend::add_notification($userId, Req::val('ids'))) {
return array(ERROR_RECOVER, L('couldnotaddusernotif'));
}
return array(SUBMIT_OK, L('notifyadded'));
}