function testUser()
{
$this->startCodeCoverage();
$user = new User();
$user->Id = "non_numeric";
if (!($user->SetPassword("blah") === false)) {
$this->fail("User::SetPassword didn't return false for non-numeric user id");
return 1;
}
if (!($user->IsAdmin() === false)) {
$this->fail("User::IsAdmin didn't return false for non-numeric user id");
return 1;
}
$user->Id = "";
$user->Email = "";
if (!($user->GetName() === false)) {
$this->fail("User::GetName didn't return false when given no user id");
return 1;
}
if (!($user->IsAdmin() === false)) {
$this->fail("User::Exists didn't return false for no user id and no email");
return 1;
}
$user->Email = "simpletest@localhost";
if ($user->Exists() === false) {
$this->fail("User::Exists returned false even though user exists");
return 1;
}
$id = $user->GetIdFromEmail("simpletest@localhost");
if ($id === false) {
$this->fail("User::GetIdFromEmail returned false for a valid user");
return 1;
}
$user->Id = $id;
$user->Admin = "1";
$user->FirstName = "administrator";
$user->Institution = "Kitware Inc.";
if ($user->Exists() != true) {
$this->fail("User::Exists failed given a valid user id");
return 1;
}
$user->Password = md5("simpletest");
// Coverage for update save
$user->Save();
// Coverage for SetPassword
$user->SetPassword(md5("simpletest"));
$this->stopCodeCoverage();
return 0;
}
public function testUser()
{
$this->startCodeCoverage();
$user = new User();
$user->Id = 'non_numeric';
if (!($user->SetPassword('blah') === false)) {
$this->fail("User::SetPassword didn't return false for non-numeric user id");
return 1;
}
if (!($user->IsAdmin() === false)) {
$this->fail("User::IsAdmin didn't return false for non-numeric user id");
return 1;
}
$user->Id = '';
$user->Email = '';
if (!($user->GetName() === false)) {
$this->fail("User::GetName didn't return false when given no user id");
return 1;
}
if (!($user->IsAdmin() === false)) {
$this->fail("User::Exists didn't return false for no user id and no email");
return 1;
}
$user->Email = 'simpletest@localhost';
if ($user->Exists() === false) {
$this->fail('User::Exists returned false even though user exists');
return 1;
}
$id = $user->GetIdFromEmail('simpletest@localhost');
if ($id === false) {
$this->fail('User::GetIdFromEmail returned false for a valid user');
return 1;
}
$user->Id = $id;
$user->Admin = '1';
$user->FirstName = 'administrator';
$user->Institution = 'Kitware Inc.';
if ($user->Exists() != true) {
$this->fail('User::Exists failed given a valid user id');
return 1;
}
$user->Password = md5('simpletest');
// Coverage for update save
$user->Save();
// Coverage for SetPassword
$user->SetPassword(md5('simpletest'));
$this->stopCodeCoverage();
return 0;
}
/**
* Get the list of Chronicles visible to the specified user for the specified group.
* @param int $groupId
* @param User $user
* @return Query The results Query
*/
public function getVisibleForGroup($groupId, $user)
{
$chronicles = $this->findByGroupId((int) $groupId);
if (!$user->IsAdmin()) {
$chronicles->where(['OR' => [['published' => true], ['created_by' => (int) $user->id]]]);
}
return $chronicles;
}
if (pdo_num_rows($project) > 0) {
$project_array = pdo_fetch_array($project);
$projectname = $project_array["name"];
}
$Project->Id = $projectid;
$role = $Project->GetUserRole($userid);
} else {
$projectname = 'Global';
}
$xml = begin_XML_for_XSLT();
$xml .= "<title>Feed - " . $projectname . "</title>";
$xml .= get_cdash_dashboard_xml(get_project_name($projectid), $date);
$sql = '';
if ($date) {
$sql = "AND date>'" . $date . "'";
}
// Get the errors
$query = pdo_query("SELECT * FROM feed WHERE projectid=" . qnum($projectid) . " ORDER BY id DESC");
while ($query_array = pdo_fetch_array($query)) {
$xml .= "<feeditem>";
$xml .= add_XML_value("date", $query_array["date"]);
$xml .= add_XML_value("buildid", $query_array["buildid"]);
$xml .= add_XML_value("type", $query_array["type"]);
$xml .= add_XML_value("description", $query_array["description"]);
$xml .= "</feeditem>";
}
$xml .= add_XML_value("admin", $User->IsAdmin());
$xml .= add_XML_value("role", $role);
$xml .= "</cdash>";
// Now doing the xslt transition
generate_XSLT($xml, "viewFeed");
function valid_user(&$response, $Project = null)
{
// Make sure we have a logged in user.
global $session_OK;
if (!$session_OK) {
$response['requirelogin'] = 1;
http_response_code(401);
return false;
}
if (!isset($_SESSION['cdash']) || !isset($_SESSION['cdash']['loginid'])) {
$response['requirelogin'] = 1;
http_response_code(401);
return false;
}
global $userid;
$userid = $_SESSION['cdash']['loginid'];
if (!isset($userid) || !is_numeric($userid)) {
$response['requirelogin'] = 1;
http_response_code(401);
return false;
}
// Make sure this user has the necessary permissions.
$User = new User();
$User->Id = $userid;
if (is_null($Project) && !(isset($_SESSION['cdash']['user_can_create_project']) && $_SESSION['cdash']['user_can_create_project'] == 1) && !$User->IsAdmin()) {
// User does not have permission to create a new project.
$response['error'] = 'You do not have permission to access this page.';
http_response_code(403);
return false;
} elseif (!is_null($Project) && (!$User->IsAdmin() && $Project->GetUserRole($userid) <= 1)) {
// User does not have permission to edit this project.
$response['error'] = 'You do not have permission to access this page.';
http_response_code(403);
return false;
}
return true;
}
if (count($projectids) == 1) {
$projectid = $projectids[0];
}
}
// If the projectid is set, make sure that it's valid
$Project->Id = $projectid;
if (!is_null($projectid) && $projectid > 0 && !$Project->Exists()) {
$response['error'] = 'This project does not exist.';
echo json_encode($response);
return;
}
$User = new User();
$User->Id = $userid;
$role = $Project->GetUserRole($userid);
// If we are editing a project make sure we have the right to do so
if (!is_null($projectid) && !(isset($_SESSION['cdash']['user_can_create_project']) && $_SESSION['cdash']['user_can_create_project'] == 1) && !$User->IsAdmin()) {
$response['error'] = 'You do not have permission to access this page.';
echo json_encode($response);
return;
} elseif (!is_null($projectid) && (!$User->IsAdmin() && $role <= 1)) {
$response['error'] = 'You do not have permission to access this page.';
echo json_encode($response);
return;
}
$response = begin_JSON_response();
if ($projectid > 0) {
get_dashboard_JSON($Project->GetName(), null, $response);
}
$response['hidenav'] = 1;
$menu = array();
$menu['back'] = 'user.php';
if (empty($projectid)) {
$projectid = 0;
}
$Project = new Project();
// If the projectid is not set and there is only one project we go directly to the page
if (isset($edit) && !isset($projectid)) {
$projectids = $Project->GetIds();
if (count($projectids) == 1) {
$projectid = $projectids[0];
}
}
$User = new User();
$User->Id = $userid;
$Project->Id = $projectid;
$role = $Project->GetUserRole($userid);
if ($User->IsAdmin() === FALSE && $role <= 1) {
echo "You don't have the permissions to access this page";
return;
}
// If user is admin then we can add a banner for all projects
if ($User->IsAdmin() == true) {
$xml .= "<availableproject>";
$xml .= add_XML_value("id", "0");
$xml .= add_XML_value("name", "All");
if ($projectid == 0) {
$xml .= add_XML_value("selected", "1");
}
$xml .= "</availableproject>";
}
$sql = "SELECT id,name FROM project";
if ($User->IsAdmin() == false) {
/**
*
* @access public
* @param Comment $comment
* @param User $user
* @return bool
*/
public static function Remove($comment, $user)
{
try {
if ($user->user_id == $comment->user_id || $user->IsAdmin()) {
$cmd = sprintf("DELETE FROM zi_comments WHERE comment_id=%d;", $comment->comment_id);
if (!Database::Query($cmd, false)) {
throw new IdeaException("can't remove comment - database problem");
}
} else {
throw new IdeaException("can't remove comment - user is not an owner of the comment ");
}
} catch (Exception $e) {
Debug::Log($e, WARNING);
return false;
}
return true;
}
return;
}
if ($edit) {
$xml .= "<edit>1</edit>";
} else {
$xml .= "<edit>0</edit>";
}
$project = pdo_query("SELECT id,name,public,emailbrokensubmission FROM project WHERE id='{$projectid}'");
$project_array = pdo_fetch_array($project);
$Project = new Project();
$User = new User();
$User->Id = $userid;
$Project->Id = $projectid;
$role = $Project->GetUserRole($userid);
// Check if the project is public
if (!$project_array['public'] && ($User->IsAdmin() === FALSE && $role < 0)) {
echo "You don't have the permissions to access this page";
return;
}
// Check if the user is not already in the database
$user2project = pdo_query("SELECT role,emailtype,emailcategory,emailmissingsites,emailsuccess\n FROM user2project WHERE userid='{$userid}' AND projectid='{$projectid}'");
if (pdo_num_rows($user2project) > 0) {
$user2project_array = pdo_fetch_array($user2project);
$xml .= add_XML_value("role", $user2project_array["role"]);
$xml .= add_XML_value("emailtype", $user2project_array["emailtype"]);
$xml .= add_XML_value("emailmissingsites", $user2project_array["emailmissingsites"]);
$xml .= add_XML_value("emailsuccess", $user2project_array["emailsuccess"]);
$emailcategory = $user2project_array["emailcategory"];
$xml .= add_XML_value("emailcategory_update", check_email_category("update", $emailcategory));
$xml .= add_XML_value("emailcategory_configure", check_email_category("configure", $emailcategory));
$xml .= add_XML_value("emailcategory_warning", check_email_category("warning", $emailcategory));
require_once 'models/constants.php';
require_once 'models/user.php';
require_once 'models/userproject.php';
if ($session_OK) {
if (!$CDASH_MANAGE_CLIENTS) {
echo 'CDash has not been setup to allow client management';
return;
}
$userid = $_SESSION['cdash']['loginid'];
$User = new User();
$User->Id = $userid;
/* If we should remove a job */
if (isset($_GET['removeschedule'])) {
$ClientJobSchedule = new ClientJobSchedule();
$ClientJobSchedule->Id = pdo_real_escape_numeric($_GET['removeschedule']);
if (!$User->IsAdmin() && $ClientJobSchedule->GetOwner() != $userid) {
echo 'You cannot access this job';
return;
}
$ClientJobSchedule->Remove();
echo "<script language=\"javascript\">window.location='user.php'</script>";
}
if (!isset($_GET['projectid']) && !isset($_GET['scheduleid'])) {
echo 'Projectid or Schedule id not set';
return;
}
if (isset($_GET['projectid'])) {
$projectid = pdo_real_escape_numeric($_GET['projectid']);
} else {
$scheduleid = pdo_real_escape_numeric($_GET['scheduleid']);
$ClientJobSchedule = new ClientJobSchedule();
<?php
/*
* Page that Permits to an Admin to create a new User
*/
//TODO think about a new system to create users, password, etc..
include_once dirname(__FILE__) . "/classes/User.php";
include_once dirname(__FILE__) . "/functions/functions.php";
session_start();
if (!isset($_SESSION['USERNAME'])) {
redirect("login.php", 301);
} else {
//TODO check session duration
try {
$user = new User($_SESSION['USERNAME']);
if (!$user->IsAdmin()) {
//TODO Reporting through logger
throw new Exception("You have not admin permissions, this abuse will be reported");
} else {
if (isset($_POST['USERNAME']) && isset($_POST['PWD']) && isset($_POST['PWDR'])) {
if ($_POST['USERNAME'] == "" || $_POST['PWD'] == "" || $_POST['PWDR'] == "") {
throw new Exception("Fields cannot be empty");
}
if ($_POST['PWD'] != $_POST['PWDR']) {
throw new Exception("Two passwords are different");
}
$username = clearInput($_POST['USERNAME']);
$usernameN = strip_tags($username);
if ($usernameN != $username) {
throw new Exception("Inserted Username is not valid");
}
if (pdo_num_rows($project) > 0) {
$project_array = pdo_fetch_array($project);
$projectname = $project_array['name'];
}
$Project->Id = $projectid;
$role = $Project->GetUserRole($userid);
} else {
$projectname = 'Global';
}
$xml = begin_XML_for_XSLT();
$xml .= '<title>Feed - ' . $projectname . '</title>';
$xml .= get_cdash_dashboard_xml(get_project_name($projectid), $date);
$sql = '';
if ($date) {
$sql = "AND date>'" . $date . "'";
}
// Get the errors
$query = pdo_query('SELECT * FROM feed WHERE projectid=' . qnum($projectid) . ' ORDER BY id DESC');
while ($query_array = pdo_fetch_array($query)) {
$xml .= '<feeditem>';
$xml .= add_XML_value('date', $query_array['date']);
$xml .= add_XML_value('buildid', $query_array['buildid']);
$xml .= add_XML_value('type', $query_array['type']);
$xml .= add_XML_value('description', $query_array['description']);
$xml .= '</feeditem>';
}
$xml .= add_XML_value('admin', $User->IsAdmin());
$xml .= add_XML_value('role', $role);
$xml .= '</cdash>';
// Now doing the xslt transition
generate_XSLT($xml, 'viewFeed');
<?php
include_once '../globals.php';
if (!isset($_SESSION)) {
session_start();
}
$currentUser = new User($_SESSION['username'], $_SESSION['firstname'], $_SESSION['name'], $_SESSION['is_admin'], $_SESSION['user_id']);
if (!$currentUser->IsAdmin()) {
header("location: ../index.php");
} else {
?>
<!DOCTYPE html>
<html ng-app="management-system">
<head>
<title>Didier Alessandroni - Apiculteur</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<!-- Bootstrap -->
<link href="<?php
echo $include_path;
?>
includes/css/bootstrap.min.css" rel="stylesheet">
<link href="<?php
echo $include_path;
?>
includes/css/bootstrap-responsive.min.css" rel="stylesheet">
<link href="<?php
echo $include_path;
?>
/**
*
* @access public
* @static
* @param Idea $idea
* @param User $user
* @return bool
*/
public static function Remove($idea, $user)
{
try {
if ($user->user_id == $idea->user_id || $user->IsAdmin()) {
$cmd = sprintf("DELETE FROM zi_ideas WHERE idea_id=%d;", $idea->idea_id);
if (!Database::Query($cmd, false)) {
throw new IdeaException("can't remove idea - database problem");
}
$cmd = sprintf("DELETE FROM zi_comments WHERE idea_id=%d;", $idea->idea_id);
if (!Database::Query($cmd, false)) {
throw new IdeaException("can't remove idea comments - database problem");
}
$cmd = sprintf("DELETE FROM zi_rates WHERE idea_id=%d;", $idea->idea_id);
if (!Database::Query($cmd, false)) {
throw new IdeaException("can't remove idea rates - database problem");
}
} else {
throw new IdeaException("can't remove idea - user is not a owner of the idea ");
}
} catch (Exception $e) {
Debug::Log($e, WARNING);
return false;
}
return true;
}
$User->Id = $userid;
$Project = new Project();
$role = 0;
if ($projectid) {
$project = pdo_query("SELECT name FROM project WHERE id='{$projectid}'");
if (pdo_num_rows($project) > 0) {
$project_array = pdo_fetch_array($project);
$projectname = $project_array["name"];
}
$Project->Id = $projectid;
$role = $Project->GetUserRole($userid);
} else {
$projectname = 'Global';
}
// If we should delete the log
if (($User->IsAdmin() || $role > 1) && isset($_POST["deletelogs"])) {
$ErrorLog = new ErrorLog();
$ErrorLog->Clean(0, $projectid);
} else {
if (isset($_POST["deletelogs"])) {
echo "You don't have the privileges to delete these logs.";
exit;
}
}
$xml = begin_XML_for_XSLT();
$xml .= "<title>Error Log - " . $projectname . "</title>";
if ($buildid) {
$xml .= get_cdash_dashboard_xml(get_project_name($projectid), $date);
// Get the errors
$query = pdo_query("SELECT resourcetype,date,resourceid,description,type,buildid,projectid\n FROM errorlog WHERE projectid=" . qnum($projectid) . " AND buildid=" . qnum($buildid) . " ORDER BY date DESC");
} else {
$rest_json = file_get_contents("php://input");
$_POST = json_decode($rest_json, true);
@($projectid = $_POST['projectid']);
}
if (!isset($projectid)) {
echo_error('projectid not specified.');
return;
}
$projectid = pdo_real_escape_numeric($projectid);
// Make sure the user has access to this page.
$Project = new Project();
$User = new User();
$User->Id = $userid;
$Project->Id = $projectid;
$role = $Project->GetUserRole($userid);
if ($User->IsAdmin() === FALSE && $role <= 1) {
echo_error("You ({$userid}) don't have the permissions to access this page ({$projectid})");
return;
}
// Route based on what type of request this is.
$method = $_SERVER['REQUEST_METHOD'];
switch ($method) {
case 'DELETE':
rest_delete();
break;
case 'POST':
rest_post();
break;
case 'PUT':
rest_put();
break;
echo "Used: " . number_format($fs[1] / pow(2, 20), 1) . "GB - ";
echo "Free: " . number_format($fs[2] / pow(2, 20), 1) . "GB";
echo "</div>";
}
}
}
?>
<a href="index.php">BACK</a>
</section>
<section class="toolsMenu">
<ul class="scripts">
<!-- TODO define Tools Menu -->
<li><a href="passwd.php">Change Password</a></li>
<?php
if ($user->IsAdmin()) {
?>
<li><a href="adduser.php">Add User</a></li>
<li><a href="moduser.php">Modify User</a></li>
<?php
}
?>
</ul>
</section>
<footer>
<ul>
<li class="footerTab">
<a onclick="showTools(this)">TOOLS</a>
</li>
<li class="footerTab">
$rest_json = file_get_contents('php://input');
$_POST = json_decode($rest_json, true);
@($projectid = $_POST['projectid']);
}
if (!isset($projectid)) {
echo_error('projectid not specified.');
return;
}
$projectid = pdo_real_escape_numeric($projectid);
// Make sure the user has access to this page.
$Project = new Project();
$User = new User();
$User->Id = $userid;
$Project->Id = $projectid;
$role = $Project->GetUserRole($userid);
if ($User->IsAdmin() === false && $role <= 1) {
echo_error("You ({$userid}) don't have the permissions to access this page ({$projectid})");
return;
}
// Route based on what type of request this is.
$method = $_SERVER['REQUEST_METHOD'];
switch ($method) {
case 'DELETE':
rest_delete();
break;
case 'POST':
rest_post();
break;
case 'PUT':
rest_put();
break;
}
@($db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}"));
pdo_select_db("{$CDASH_DB_NAME}", $db);
@($userid = $_SESSION['cdash']['loginid']);
// Checks
if (!isset($userid) || !is_numeric($userid)) {
$response['requirelogin'] = 1;
echo json_encode($response);
return;
}
// List the available projects that this user has admin rights to.
@($projectid = $_GET['projectid']);
$User = new User();
$User->Id = $userid;
$sql = 'SELECT id,name FROM project';
if ($User->IsAdmin() == false) {
$sql .= " WHERE id IN (SELECT projectid AS id FROM user2project WHERE userid='{$userid}' AND role>0)";
}
$projects = pdo_query($sql);
$availableprojects = array();
while ($project_array = pdo_fetch_array($projects)) {
$availableproject = array();
$availableproject['id'] = $project_array['id'];
$availableproject['name'] = $project_array['name'];
if ($project_array['id'] == $projectid) {
$availableproject['selected'] = '1';
}
$availableprojects[] = $availableproject;
}
$response['availableprojects'] = $availableprojects;
if (!isset($projectid) || $projectid < 1) {
