function navbar() { if (auth_is_user_authenticated()) { echo ' <nav class="navbar navbar-inverse navbar-fixed-top" role="navigation"> <div class="container-fluid"> <div class="navbar-header"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="navbar-brand" href="#">Mantis</a> </div> <div id="navbar" class="navbar-collapse collapse"> '; $this->get_bug_jump_input(); echo ' <ul class="nav navbar-nav navbar-right"> <li class="dropdown">'; $this->get_account_menu(); echo '</li>'; $this->get_navbar(); $this->get_plugin_menu(); echo ' </div> </div> </nav> '; } }
function bodyBegin($p_event) { $classes = ''; if (plugin_config_get('skin') == 2) { $this->theCity(); } if (plugin_config_get('headerHeight') != '2' && plugin_config_get('showCompanyLogo')) { if (!auth_is_user_authenticated()) { $classes .= ' poserNoAuth'; } if (plugin_config_get('headerHeight') == '1') { $classes .= ' poserSmallHeader'; } if (plugin_config_get('headerHeight') == '2') { $classes .= ' poserTinyHeader'; } ?> <div class="poserHeader <?php echo $classes; ?> "> <a href="<?php echo plugin_config_get('companyUrl'); ?> " title="<?php echo plugin_config_get('companyName'); ?> " target="_blank"> <?php $imgdata = plugin_config_get('companyLogo'); if (!empty($imgdata)) { ?> <img src="<?php echo $imgdata; ?> " alt="<?php echo plugin_config_get('companyName'); ?> "/><?php } else { echo plugin_config_get('companyName'); } ?> </a> </div> <?php } ?> <div class="mantisLogo <?php echo $classes; ?> "> <?php }
function lang_get_default() { global $g_active_language; $t_lang = false; # Confirm that the user's language can be determined if (auth_is_user_authenticated()) { $t_lang = user_pref_get_language(auth_get_current_user_id()); } # Otherwise fall back to default if (false === $t_lang) { $t_lang = config_get('default_language'); } if ('auto' == $t_lang) { $t_lang = lang_map_auto(); } # Remember the language $g_active_language = $t_lang; return $t_lang; }
function autologin() { if (auth_is_user_authenticated()) { return; } $t_login_method = config_get('login_method'); if ($t_login_method != BASIC_AUTH) { trigger_error("Invalid login method. ({$t_login_method})", ERROR); } $t_user_id = user_get_id_by_name($_SERVER['REMOTE_USER']); if (!$t_user_id) { trigger_error('Invalid user.', ERROR); } user_increment_login_count($t_user_id); user_reset_failed_login_count_to_zero($t_user_id); user_reset_lost_password_in_progress_count_to_zero($t_user_id); auth_set_cookies($t_user_id, true); auth_set_tokens($t_user_id); }
/** * Check that there is a user logged-in and authenticated * If the user's account is disabled they will be logged out * If there is no user logged in, redirect to the login page * If parameter is given it is used as a URL to redirect to following * successful login. If none is given, the URL of the current page is used * @param string $p_return_page Page to redirect to following successful logon, defaults to current page. * @access public * @return void */ function auth_ensure_user_authenticated($p_return_page = '') { # if logged in if (auth_is_user_authenticated()) { # check for access enabled # This also makes sure the cookie is valid if (OFF == current_user_get_field('enabled')) { print_header_redirect('logout_page.php'); } } else { # not logged in if (is_blank($p_return_page)) { if (!isset($_SERVER['REQUEST_URI'])) { $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING']; } $p_return_page = $_SERVER['REQUEST_URI']; } $p_return_page = string_url($p_return_page); print_header_redirect('login_page.php?return=' . $p_return_page); } }
/** * Check the current user's access against the given value and return true * if the user's access is equal to or higher, false otherwise. * This function looks up the bug's project and performs an access check * against that project * @param int $p_access_level integer representing access level * @param int $p_bug_id integer representing bug id to check access against * @param int|null $p_user_id integer representing user id, defaults to null to use current user * @return bool whether user has access level specified * @access public */ function access_has_bug_level($p_access_level, $p_bug_id, $p_user_id = null) { if ($p_user_id === null) { $p_user_id = auth_get_current_user_id(); } # Deal with not logged in silently in this case # @@@ we may be able to remove this and just error # and once we default to anon login, we can remove it for sure if (empty($p_user_id) && !auth_is_user_authenticated()) { return false; } $t_project_id = bug_get_field($p_bug_id, 'project_id'); $t_bug_is_user_reporter = bug_is_user_reporter($p_bug_id, $p_user_id); $t_access_level = access_get_project_level($t_project_id, $p_user_id); # check limit_Reporter (Issue #4769) # reporters can view just issues they reported $t_limit_reporters = config_get('limit_reporters', null, $p_user_id, $t_project_id); if ($t_limit_reporters && !$t_bug_is_user_reporter) { # Here we only need to check that the current user has an access level # higher than the lowest needed to report issues (report_bug_threshold). # To improve performance, esp. when processing for several projects, we # build a static array holding that threshold for each project static $s_thresholds = array(); if (!isset($s_thresholds[$t_project_id])) { $t_report_bug_threshold = config_get('report_bug_threshold', null, $p_user_id, $t_project_id); if (!is_array($t_report_bug_threshold)) { $s_thresholds[$t_project_id] = $t_report_bug_threshold + 1; } else { if (empty($t_report_bug_threshold)) { $s_thresholds[$t_project_id] = NOBODY; } else { sort($t_report_bug_threshold); $s_thresholds[$t_project_id] = $t_report_bug_threshold[0] + 1; } } } if (!access_compare_level($t_access_level, $s_thresholds[$t_project_id])) { return false; } } # If the bug is private and the user is not the reporter, then # they must also have higher access than private_bug_threshold if (!$t_bug_is_user_reporter && bug_get_field($p_bug_id, 'view_state') == VS_PRIVATE) { $t_private_bug_threshold = config_get('private_bug_threshold', null, $p_user_id, $t_project_id); return access_compare_level($t_access_level, $t_private_bug_threshold) && access_compare_level($t_access_level, $p_access_level); } return access_compare_level($t_access_level, $p_access_level); }
/** * MantisBT Core API's */ require_once 'core.php'; require_once 'email_api.php'; form_security_validate('signup'); $f_username = strip_tags(gpc_get_string('username')); $f_email = strip_tags(gpc_get_string('email')); $f_captcha = gpc_get_string('captcha', ''); $f_username = trim($f_username); $f_email = email_append_domain(trim($f_email)); $f_captcha = utf8_strtolower(trim($f_captcha)); # Retrieve captcha key now, as session might get cleared by logout $t_form_key = session_get_int(CAPTCHA_KEY, null); # force logout on the current user if already authenticated if (auth_is_user_authenticated()) { auth_logout(); } # Check to see if signup is allowed if (OFF == config_get_global('allow_signup')) { print_header_redirect('login_page.php'); exit; } if (ON == config_get('signup_use_captcha') && get_gd_version() > 0 && helper_call_custom_function('auth_can_change_password', array())) { # captcha image requires GD library and related option to ON $t_key = utf8_strtolower(utf8_substr(md5(config_get('password_confirm_hash_magic_string') . $t_form_key), 1, 5)); if ($t_key != $f_captcha) { trigger_error(ERROR_SIGNUP_NOT_MATCHING_CAPTCHA, ERROR); } # Clear captcha cache session_delete(CAPTCHA_IMG);
/** * Cache collapse API data from the database for the current user. * If the collapse cookie has been set, grab the changes and resave * the token, or touch it otherwise. */ function collapse_cache_token() { global $g_collapse_cache_token; if (!auth_is_user_authenticated() || current_user_is_anonymous()) { $g_collapse_cache_token = array(); return; } if (isset($g_collapse_cache_token)) { return; } $t_user_id = auth_get_current_user_id(); $t_token = token_get_value(TOKEN_COLLAPSE); if (!is_null($t_token)) { $t_data = unserialize($t_token); } else { $t_data = array(); } $g_collapse_cache_token = $t_data; $t_cookie = gpc_get_cookie('MANTIS_collapse_settings', ''); if (false !== $t_cookie && !is_blank($t_cookie)) { $t_update = false; $t_data = explode('|', $t_cookie); foreach ($t_data as $t_pair) { $t_pair = explode(',', $t_pair); if (false !== $t_pair && count($t_pair) == 2) { $g_collapse_cache_token[$t_pair[0]] = true == $t_pair[1]; $t_update = true; } } if ($t_update) { $t_token = serialize($g_collapse_cache_token); token_set(TOKEN_COLLAPSE, $t_token, TOKEN_EXPIRY_COLLAPSE); } else { token_touch(TOKEN_COLLAPSE); } gpc_clear_cookie('MANTIS_collapse_settings'); } }
/** * return the user's preferences in a UserPreferences object * @param int $p_user_id * @param int $p_project_id * @return UserPreferences */ function user_pref_get( $p_user_id, $p_project_id = ALL_PROJECTS ) { static $t_vars; global $g_cache_current_user_pref; if ( isset( $g_cache_current_user_pref[(int)$p_project_id] ) && auth_is_user_authenticated() && auth_get_current_user_id() == $p_user_id ) { return $g_cache_current_user_pref[(int)$p_project_id]; } $t_prefs = new UserPreferences( $p_user_id, $p_project_id ); $row = user_pref_cache_row( $p_user_id, $p_project_id, false ); # If the user has no preferences for the given project if( false === $row ) { if( ALL_PROJECTS != $p_project_id ) { # Try to get the prefs for ALL_PROJECTS (the defaults) $row = user_pref_cache_row( $p_user_id, ALL_PROJECTS, false ); } # If $row is still false (the user doesn't have default preferences) if( false === $row ) { # We use an empty array $row = array(); } } if ($t_vars == null ) { $t_vars = getClassProperties( 'UserPreferences', 'protected'); } $t_row_keys = array_keys( $row ); # Check each variable in the class foreach( $t_vars as $var => $val ) { # If we got a field from the DB with the same name if( in_array( $var, $t_row_keys, true ) ) { # Store that value in the object $t_prefs->$var = $row[$var]; } } if ( auth_is_user_authenticated() && auth_get_current_user_id() == $p_user_id ) { $g_cache_current_user_pref[ (int)$p_project_id ] = $t_prefs; } return $t_prefs; }
function helper_show_queries() { # Check is authenticated before checking access level, otherwise user gets # redirected to login_page.php. See #8461. return ON == config_get('show_queries_count') && auth_is_user_authenticated() && access_has_global_level(config_get('show_queries_threshold')); }
require_api('utility_api.php'); require_css('login.css'); $f_error = gpc_get_bool('error'); $f_cookie_error = gpc_get_bool('cookie_error'); $f_return = string_sanitize_url(gpc_get_string('return', '')); $f_username = gpc_get_string('username', ''); $f_perm_login = gpc_get_bool('perm_login', false); $f_secure_session = gpc_get_bool('secure_session', false); $f_secure_session_cookie = gpc_get_cookie(config_get_global('cookie_prefix') . '_secure_session', null); # Set username to blank if invalid to prevent possible XSS exploits if (!user_is_name_valid($f_username)) { $f_username = ''; } $t_session_validation = ON == config_get_global('session_validation'); # If user is already authenticated and not anonymous if (auth_is_user_authenticated() && !current_user_is_anonymous()) { # If return URL is specified redirect to it; otherwise use default page if (!is_blank($f_return)) { print_header_redirect($f_return, false, false, true); } else { print_header_redirect(config_get('default_home_page')); } } # Check for automatic logon methods where we want the logon to just be handled by login.php if (auth_automatic_logon_bypass_form()) { $t_uri = 'login.php'; if (ON == config_get('allow_anonymous_login')) { $t_uri = 'login_anon.php'; } if (!is_blank($f_return)) { $t_uri .= '?return=' . string_url($f_return);
/** * Returns true if the specified configuration option exists (Either a * value or default can be found), false otherwise * * @param string $p_option Configuration option. * @param integer $p_user A user identifier. * @param integer $p_project A project identifier. * @return boolean */ function config_is_set($p_option, $p_user = null, $p_project = null) { global $g_cache_config, $g_cache_filled; if (!$g_cache_filled) { config_get($p_option, -1, $p_user, $p_project); } # prepare the user's list $t_users = array(ALL_USERS); if (null === $p_user && auth_is_user_authenticated()) { $t_users[] = auth_get_current_user_id(); } else { if (!in_array($p_user, $t_users)) { $t_users[] = $p_user; } } $t_users[] = ALL_USERS; # prepare the projects list $t_projects = array(ALL_PROJECTS); if (null === $p_project && auth_is_user_authenticated()) { $t_selected_project = helper_get_current_project(); if (ALL_PROJECTS != $t_selected_project) { $t_projects[] = $t_selected_project; } } else { if (!in_array($p_project, $t_projects)) { $t_projects[] = $p_project; } } $t_found = false; reset($t_users); while ((list(, $t_user) = each($t_users)) && !$t_found) { reset($t_projects); while ((list(, $t_project) = each($t_projects)) && !$t_found) { if (isset($g_cache_config[$p_option][$t_user][$t_project])) { $t_found = true; } } } if ($t_found) { return true; } return isset($GLOBALS['g_' . $p_option]); }
function log_print_to_page() { if (config_get_global('log_destination') === 'page' && auth_is_user_authenticated() && access_has_global_level(config_get('show_log_threshold'))) { global $g_log_events, $g_log_levels; echo "\n\n<!--Mantis Debug Log Output-->"; echo "<hr />\n"; echo "<table id=\"log-event-list\">\n"; echo "\t<thead>\n"; echo "\t\t<tr>\n"; echo "\t\t\t<th>" . lang_get('log_page_number') . "</th>\n"; echo "\t\t\t<th>" . lang_get('log_page_time') . "</th>\n"; echo "\t\t\t<th>" . lang_get('log_page_caller') . "</th>\n"; echo "\t\t\t<th>" . lang_get('log_page_event') . "</th>\n"; echo "\t\t</tr>\n"; echo "\t</thead>\n"; echo "\t<tbody>\n"; $t_unique_queries_count = 0; $t_total_query_execution_time = 0; $t_unique_queries = array(); $t_total_queries_count = 0; $t_total_event_count = count($g_log_events); if ($t_total_event_count == 0) { echo "\t</tbody>\n\t</table>\n"; echo "<!--END Mantis Debug Log Output-->\n\n"; return; } for ($i = 0; $i < $t_total_event_count; $i++) { if ($g_log_events[$i][1] == LOG_DATABASE) { if (!in_array($g_log_events[$i][2][0], $t_unique_queries)) { $t_unique_queries_count++; $g_log_events[$i][2][2] = false; array_push($t_unique_queries, $g_log_events[$i][2][0]); } else { $g_log_events[$i][2][2] = true; } $t_total_query_execution_time += $g_log_events[$i][2][1]; } } $t_count = array(); foreach ($g_log_events as $t_log_event) { $t_level = $g_log_levels[$t_log_event[1]]; $t_count[$t_log_event[1]]++; switch ($t_log_event[1]) { case LOG_DATABASE: $t_total_queries_count++; $t_query_duplicate_class = ''; if ($t_log_event[2][2]) { $t_query_duplicate_class = ' class="duplicate-query"'; } echo "\t\t<tr{$t_query_duplicate_class}><td>" . $t_level . '-' . $t_count[$t_log_event[1]] . "</td><td>" . $t_log_event[2][1] . "</td><td>" . string_html_specialchars($t_log_event[3]) . "</td><td>" . string_html_specialchars($t_log_event[2][0]) . "</td></tr>\n"; break; default: echo "\t\t<tr><td>" . $t_level . '-' . $t_count[$t_log_event[1]] . "</td><td>" . $t_log_event[2][1] . "</td><td>" . string_html_specialchars($t_log_event[3]) . "</td><td>" . string_html_specialchars($t_log_event[2][0]) . "</td></tr>\n"; } } # output any summary data if ($t_unique_queries_count != 0) { $t_unique_queries_executed = sprintf(lang_get('unique_queries_executed'), $t_unique_queries_count); echo "\t\t<tr><td>" . $g_log_levels[LOG_DATABASE] . '</td><td colspan="3">' . $t_unique_queries_executed . "</td></tr>\n"; } if ($t_total_queries_count != 0) { $t_total_queries_executed = sprintf(lang_get('total_queries_executed'), $t_total_queries_count); echo "\t\t<tr><td>" . $g_log_levels[LOG_DATABASE] . '</td><td colspan="3">' . $t_total_queries_executed . "</td></tr>\n"; } if ($t_total_query_execution_time != 0) { $t_total_query_time = sprintf(lang_get('total_query_execution_time'), $t_total_query_execution_time); echo "\t\t<tr><td>" . $g_log_levels[LOG_DATABASE] . '</td><td colspan="3">' . $t_total_query_time . "</td></tr>\n"; } echo "\t</tbody>\n\t</table>\n"; } echo "<!--END Mantis Debug Log Output-->\n\n"; }
function print_menu() { if (auth_is_user_authenticated()) { $t_protected = current_user_get_field('protected'); $t_current_project = helper_get_current_project(); print '<table class="width100" cellspacing="0">'; print '<tr>'; print '<td class="menu">'; $t_menu_options = array(); # Main Page $t_menu_options[] = '<a href="main_page.php">' . lang_get('main_link') . '</a>'; # My View $t_menu_options[] = '<a href="my_view_page.php">' . lang_get('my_view_link') . '</a>'; # View Bugs $t_menu_options[] = '<a href="view_all_bug_page.php">' . lang_get('view_bugs_link') . '</a>'; # Report Bugs if (access_has_project_level(config_get('report_bug_threshold'))) { $t_menu_options[] = string_get_bug_report_link(); } # Changelog Page if (access_has_project_level(config_get('view_changelog_threshold'))) { $t_menu_options[] = '<a href="changelog_page.php">' . lang_get('changelog_link') . '</a>'; } # Roadmap Page if (access_has_project_level(config_get('roadmap_view_threshold'))) { $t_menu_options[] = '<a href="roadmap_page.php">' . lang_get('roadmap_link') . '</a>'; } # Summary Page if (access_has_project_level(config_get('view_summary_threshold'))) { $t_menu_options[] = '<a href="summary_page.php">' . lang_get('summary_link') . '</a>'; } # Project Documentation Page if (ON == config_get('enable_project_documentation')) { $t_menu_options[] = '<a href="proj_doc_page.php">' . lang_get('docs_link') . '</a>'; } # Project Wiki if (wiki_is_enabled()) { $t_menu_options[] = '<a href="wiki.php?type=project&id=' . $t_current_project . '">' . lang_get('wiki') . '</a>'; } # Manage Users (admins) or Manage Project (managers) or Manage Custom Fields $t_show_access = min(config_get('manage_user_threshold'), config_get('manage_project_threshold'), config_get('manage_custom_fields_threshold')); if (access_has_global_level($t_show_access) || access_has_any_project($t_show_access)) { $t_current_project = helper_get_current_project(); if (access_has_global_level(config_get('manage_user_threshold'))) { $t_link = 'manage_user_page.php'; } else { if (access_has_project_level(config_get('manage_project_threshold'), $t_current_project) && $t_current_project != ALL_PROJECTS) { $t_link = 'manage_proj_edit_page.php?project_id=' . $t_current_project; } else { $t_link = 'manage_proj_page.php'; } } $t_menu_options[] = "<a href=\"{$t_link}\">" . lang_get('manage_link') . '</a>'; } # News Page if (access_has_project_level(config_get('manage_news_threshold'))) { # Admin can edit news for All Projects (site-wide) if (ALL_PROJECTS != helper_get_current_project() || access_has_project_level(ADMINISTRATOR)) { $t_menu_options[] = '<a href="news_menu_page.php">' . lang_get('edit_news_link') . '</a>'; } else { $t_menu_options[] = '<a href="login_select_proj_page.php">' . lang_get('edit_news_link') . '</a>'; } } # Account Page (only show accounts that are NOT protected) if (OFF == $t_protected) { $t_menu_options[] = '<a href="account_page.php">' . lang_get('account_link') . '</a>'; } # Add custom options $t_custom_options = prepare_custom_menu_options('main_menu_custom_options'); $t_menu_options = array_merge($t_menu_options, $t_custom_options); if (config_get('time_tracking_enabled') && config_get('time_tracking_with_billing')) { $t_menu_options[] = '<a href="billing_page.php">' . lang_get('time_tracking_billing_link') . '</a>'; } # Logout (no if anonymously logged in) if (!current_user_is_anonymous()) { $t_menu_options[] = '<a href="logout_page.php">' . lang_get('logout_link') . '</a>'; } print implode($t_menu_options, ' | '); print '</td>'; print '<td class="menu right nowrap">'; print '<form method="post" action="jump_to_bug.php">'; if (ON == config_get('use_javascript')) { $t_bug_label = lang_get('issue_id'); print "<input type=\"text\" name=\"bug_id\" size=\"10\" class=\"small\" value=\"{$t_bug_label}\" onfocus=\"if (this.value == '{$t_bug_label}') this.value = ''\" onblur=\"if (this.value == '') this.value = '{$t_bug_label}'\" /> "; } else { print "<input type=\"text\" name=\"bug_id\" size=\"10\" class=\"small\" /> "; } print '<input type="submit" class="button-small" value="' . lang_get('jump') . '" /> '; print '</form>'; print '</td>'; print '</tr>'; print '</table>'; } }
function current_user_is_anonymous() { if (auth_is_user_authenticated()) { return ON == config_get('allow_anonymous_login') && current_user_get_field('username') == config_get('anonymous_account'); } else { return false; } }
/** * returns a boolean indicating whether SQL queries executed should be shown or not. * @return bool */ function helper_log_to_page() { # Check is authenticated before checking access level, otherwise user gets # redirected to login_page.php. See #8461. return config_get_global('log_destination') === 'page' && auth_is_user_authenticated() && access_has_global_level(config_get('show_log_threshold')); }
/** * Print the main menu * @return null */ function print_menu() { if (auth_is_user_authenticated()) { $t_protected = current_user_get_field('protected'); $t_current_project = helper_get_current_project(); $t_menu_options = array(); # Main Page $t_menu_options[] = '<a href="' . helper_mantis_url('main_page.php') . '">' . lang_get('main_link') . '</a>'; # Plugin / Event added options $t_event_menu_options = event_signal('EVENT_MENU_MAIN_FRONT'); foreach ($t_event_menu_options as $t_plugin => $t_plugin_menu_options) { foreach ($t_plugin_menu_options as $t_callback => $t_callback_menu_options) { if (is_array($t_callback_menu_options)) { $t_menu_options = array_merge($t_menu_options, $t_callback_menu_options); } else { if (!is_null($t_callback_menu_options)) { $t_menu_options[] = $t_callback_menu_options; } } } } # My View $t_menu_options[] = '<a href="' . helper_mantis_url('my_view_page.php">') . lang_get('my_view_link') . '</a>'; # View Bugs $t_menu_options[] = '<a href="' . helper_mantis_url('view_all_bug_page.php">') . lang_get('view_bugs_link') . '</a>'; # Report Bugs if (access_has_project_level(config_get('report_bug_threshold'))) { $t_menu_options[] = string_get_bug_report_link(); } # Changelog Page if (access_has_project_level(config_get('view_changelog_threshold'))) { $t_menu_options[] = '<a href="' . helper_mantis_url('changelog_page.php">') . lang_get('changelog_link') . '</a>'; } # Roadmap Page if (access_has_project_level(config_get('roadmap_view_threshold'))) { $t_menu_options[] = '<a href="' . helper_mantis_url('roadmap_page.php">') . lang_get('roadmap_link') . '</a>'; } # Summary Page if (access_has_project_level(config_get('view_summary_threshold'))) { $t_menu_options[] = '<a href="' . helper_mantis_url('summary_page.php">') . lang_get('summary_link') . '</a>'; } # Project Documentation Page if (ON == config_get('enable_project_documentation')) { $t_menu_options[] = '<a href="' . helper_mantis_url('proj_doc_page.php">') . lang_get('docs_link') . '</a>'; } # Project Wiki if (config_get_global('wiki_enable') == ON) { $t_menu_options[] = '<a href="' . helper_mantis_url('wiki.php?type=project&id=') . $t_current_project . '">' . lang_get('wiki') . '</a>'; } # Plugin / Event added options $t_event_menu_options = event_signal('EVENT_MENU_MAIN'); foreach ($t_event_menu_options as $t_plugin => $t_plugin_menu_options) { foreach ($t_plugin_menu_options as $t_callback => $t_callback_menu_options) { if (is_array($t_callback_menu_options)) { $t_menu_options = array_merge($t_menu_options, $t_callback_menu_options); } else { if (!is_null($t_callback_menu_options)) { $t_menu_options[] = $t_callback_menu_options; } } } } # Manage Users (admins) or Manage Project (managers) or Manage Custom Fields if (access_has_global_level(config_get('manage_site_threshold'))) { $t_link = helper_mantis_url('manage_overview_page.php'); $t_menu_options[] = '<a class="manage-menu-link" href="' . $t_link . '">' . lang_get('manage_link') . '</a>'; } else { $t_show_access = min(config_get('manage_user_threshold'), config_get('manage_project_threshold'), config_get('manage_custom_fields_threshold')); if (access_has_global_level($t_show_access) || access_has_any_project($t_show_access)) { $t_current_project = helper_get_current_project(); if (access_has_global_level(config_get('manage_user_threshold'))) { $t_link = helper_mantis_url('manage_user_page.php'); } else { if (access_has_project_level(config_get('manage_project_threshold'), $t_current_project) && $t_current_project != ALL_PROJECTS) { $t_link = helper_mantis_url('manage_proj_edit_page.php?project_id=') . $t_current_project; } else { $t_link = helper_mantis_url('manage_proj_page.php'); } } $t_menu_options[] = "<a href=\"{$t_link}\">" . lang_get('manage_link') . '</a>'; } } # News Page if (news_is_enabled() && access_has_project_level(config_get('manage_news_threshold'))) { # Admin can edit news for All Projects (site-wide) if (ALL_PROJECTS != helper_get_current_project() || current_user_is_administrator()) { $t_menu_options[] = '<a href="' . helper_mantis_url('news_menu_page.php">') . lang_get('edit_news_link') . '</a>'; } else { $t_menu_options[] = '<a href="' . helper_mantis_url('login_select_proj_page.php">') . lang_get('edit_news_link') . '</a>'; } } # Account Page (only show accounts that are NOT protected) if (OFF == $t_protected) { $t_menu_options[] = '<a class="account-menu-link" href="' . helper_mantis_url('account_page.php">') . lang_get('account_link') . '</a>'; } # Add custom options $t_custom_options = prepare_custom_menu_options('main_menu_custom_options'); $t_menu_options = array_merge($t_menu_options, $t_custom_options); # Time Tracking / Billing if (config_get('time_tracking_enabled') && access_has_global_level(config_get('time_tracking_reporting_threshold'))) { $t_menu_options[] = '<a href="' . helper_mantis_url('billing_page.php">') . lang_get('time_tracking_billing_link') . '</a>'; } # Logout (no if anonymously logged in) if (!current_user_is_anonymous()) { $t_menu_options[] = '<a id="logout-link" href="' . helper_mantis_url('logout_page.php">') . lang_get('logout_link') . '</a>'; } echo '<form method="post" action="' . helper_mantis_url('jump_to_bug.php" class="bug-jump-form">'); echo '<fieldset class="bug-jump">'; # CSRF protection not required here - form does not result in modifications $t_bug_label = lang_get('issue_id'); echo '<input type="hidden" name="bug_label" value="', $t_bug_label, '" />'; echo '<input type="text" name="bug_id" size="10" class="small" /> '; echo '<input type="submit" class="button-small" value="' . lang_get('jump') . '" /> '; echo '</fieldset>'; echo '</form>'; echo '<div class="main-menu">'; echo '<div>'; echo '<ul class="menu">'; echo '<li>'; echo implode($t_menu_options, "</li>\n<li>"); echo '</li>'; echo '</ul>'; echo '</div>'; echo '</div>'; } }
function string_get_bug_page($p_action, $p_user_id = null) { if (null === $p_user_id) { if (auth_is_user_authenticated()) { $p_user_id = auth_get_current_user_id(); } } $g_show_action = config_get('show_' . $p_action); switch ($g_show_action) { case BOTH: if (null !== $p_user_id && ON == user_pref_get_pref($p_user_id, 'advanced_' . $p_action)) { return 'bug_' . $p_action . '_advanced_page.php'; } else { return 'bug_' . $p_action . '_page.php'; } case SIMPLE_ONLY: return 'bug_' . $p_action . '_page.php'; case ADVANCED_ONLY: return 'bug_' . $p_action . '_advanced_page.php'; } }
/** * Check the current user's access against the given value and return true * if the user's access is equal to or higher, false otherwise. * This function looks up the bug's project and performs an access check * against that project * @param int $p_access_level integer representing access level * @param int $p_bug_id integer representing bug id to check access against * @param int|null $p_user_id integer representing user id, defaults to null to use current user * @return bool whether user has access level specified * @access public */ function access_has_bug_level($p_access_level, $p_bug_id, $p_user_id = null) { if ($p_user_id === null) { $p_user_id = auth_get_current_user_id(); } # Deal with not logged in silently in this case # @@@ we may be able to remove this and just error # and once we default to anon login, we can remove it for sure if (empty($p_user_id) && !auth_is_user_authenticated()) { return false; } $t_project_id = bug_get_field($p_bug_id, 'project_id'); # check limit_Reporter (Issue #4769) # reporters can view just issues they reported $t_limit_reporters = config_get('limit_reporters'); if (ON === $t_limit_reporters && !bug_is_user_reporter($p_bug_id, $p_user_id) && !access_has_project_level(REPORTER + 1, $t_project_id, $p_user_id)) { return false; } # If the bug is private and the user is not the reporter, then # they must also have higher access than private_bug_threshold if (VS_PRIVATE == bug_get_field($p_bug_id, 'view_state') && !bug_is_user_reporter($p_bug_id, $p_user_id)) { $t_access_level = access_get_project_level($t_project_id, $p_user_id); return access_compare_level($t_access_level, config_get('private_bug_threshold')) && access_compare_level($t_access_level, $p_access_level); } return access_has_project_level($p_access_level, $t_project_id, $p_user_id); }
* should only be known internally to the server. */ /** * @todo Modify to run sections only on certain pages. * eg. status colors are only necessary on a few pages.(my view, view all bugs, bug view, etc. ) * other pages may need to include dynamic css styles as well */ $t_referer_page = array_key_exists('HTTP_REFERER', $_SERVER) ? basename(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_PATH)) : basename(__FILE__); switch ($t_referer_page) { case 'login_page.php': case 'signup_page.php': case 'lost_pwd_page.php': case 'account_update.php': # We don't need custom status colors on login page, and this is # actually causing an error since we're not authenticated yet. exit; } $t_status_string = config_get('status_enum_string'); $t_statuses = MantisEnum::getAssocArrayIndexedByValues($t_status_string); $t_colors = config_get('status_colors'); $t_color_count = count($t_colors); $t_color_width = $t_color_count > 0 ? round(100 / $t_color_count) : 0; $t_status_percents = auth_is_user_authenticated() ? get_percentage_by_status() : array(); foreach ($t_statuses as $t_id => $t_label) { if (array_key_exists($t_label, $t_colors)) { echo ".{$t_label}-color { background-color: {$t_colors[$t_label]}; width: {$t_color_width}%; }\n"; } if (array_key_exists($t_id, $t_status_percents)) { echo ".{$t_label}-percentage { width: {$t_status_percents[$t_id]}%; }\n"; } }