function email_queue_add($p_email_data) { $t_email_data = email_queue_prepare_db($p_email_data); # email cannot be blank if (is_blank($t_email_data->email)) { error_parameters(lang_get('email')); trigger_error(ERROR_EMPTY_FIELD, ERROR); } # subject cannot be blank if (is_blank($t_email_data->subject)) { error_parameters(lang_get('subject')); trigger_error(ERROR_EMPTY_FIELD, ERROR); } # body cannot be blank if (is_blank($t_email_data->body)) { error_parameters(lang_get('body')); trigger_error(ERROR_EMPTY_FIELD, ERROR); } $t_email_table = config_get('mantis_email_table'); $c_email = $t_email_data->email; $c_subject = $t_email_data->subject; $c_body = $t_email_data->body; $c_metadata = serialize($t_email_data->metadata); $query = "INSERT INTO {$t_email_table}\r\n\t\t\t\t ( email,\r\n\t\t\t\t subject,\r\n\t\t\t\t\t body,\r\n\t\t\t\t\t submitted,\r\n\t\t\t\t\t metadata)\r\n\t\t\t\t VALUES\r\n\t\t\t\t ( '{$c_email}',\r\n\t\t\t\t '{$c_subject}',\r\n\t\t\t\t '{$c_body}',\r\n\t\t\t\t\t " . db_now() . ",\r\n\t\t\t\t\t '{$c_metadata}'\r\n\t\t\t\t\t)"; db_query($query); return db_insert_id($t_email_table); }
/** * あしあとを付ける */ function db_ashiato_insert_c_ashiato($c_member_id_to, $c_member_id_from) { // 同一人物の場合は記録しない if ($c_member_id_to == $c_member_id_from) { return false; } // 一定時間以内の連続アクセスは記録しない $wait = date('Y-m-d H:i:s', strtotime('-5 minute')); $sql = 'SELECT c_ashiato_id FROM c_ashiato WHERE r_datetime > ?' . ' AND c_member_id_to = ? AND c_member_id_from = ?'; $params = array($wait, intval($c_member_id_to), intval($c_member_id_from)); if (db_get_one($sql, $params, 'main')) { return false; } // 忍び足 if (USE_SHINOBIASHI) { if (db_member_is_shinobiashi($c_member_id_from)) { return false; } } $data = array('c_member_id_from' => intval($c_member_id_from), 'c_member_id_to' => intval($c_member_id_to), 'r_datetime' => db_now(), 'r_date' => db_now()); if (!db_insert('c_ashiato', $data)) { return false; } if ($ashiato_mail_num = db_ashiato_ashiato_mail_num4c_member_id($c_member_id_to)) { //総足あと数を取得 $ashiato_num = db_ashiato_c_ashiato_num4c_member_id($c_member_id_to); //あしあとお知らせメールを送る if ($ashiato_num == $ashiato_mail_num) { do_common_send_ashiato_mail($c_member_id_to, $c_member_id_from); } } return true; }
/** * Add to email queue * @param EmailData $p_email_data * @return int */ function email_queue_add($p_email_data) { $t_email_data = email_queue_prepare_db($p_email_data); # email cannot be blank if (is_blank($t_email_data->email)) { error_parameters(lang_get('email')); trigger_error(ERROR_EMPTY_FIELD, ERROR); } # subject cannot be blank if (is_blank($t_email_data->subject)) { error_parameters(lang_get('subject')); trigger_error(ERROR_EMPTY_FIELD, ERROR); } # body cannot be blank if (is_blank($t_email_data->body)) { error_parameters(lang_get('body')); trigger_error(ERROR_EMPTY_FIELD, ERROR); } $t_email_table = db_get_table('mantis_email_table'); $c_email = $t_email_data->email; $c_subject = $t_email_data->subject; $c_body = $t_email_data->body; $c_metadata = serialize($t_email_data->metadata); $query = "INSERT INTO {$t_email_table}\n\t\t\t\t ( email,\n\t\t\t\t subject,\n\t\t\t\t\t body,\n\t\t\t\t\t submitted,\n\t\t\t\t\t metadata)\n\t\t\t\t VALUES\n\t\t\t\t ( " . db_param() . ",\n\t\t\t\t " . db_param() . ",\n\t\t\t\t " . db_param() . ",\n\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t " . db_param() . "\n\t\t\t\t\t)"; db_query_bound($query, array($c_email, $c_subject, $c_body, db_now(), $c_metadata)); $t_id = db_insert_id($t_email_table, 'email_id'); log_event(LOG_EMAIL, "message #{$t_id} queued"); return $t_id; }
/** * log the changes * events should be logged *after* the modification * These are special case logs (new bug, deleted bugnote, etc.) * @param int $p_bug_id * @param int $p_type * @param string $p_optional * @param string $p_optional2 * @return null */ function history_log_event_special($p_bug_id, $p_type, $p_optional = '', $p_optional2 = '') { $c_bug_id = db_prepare_int($p_bug_id); $c_type = db_prepare_int($p_type); $c_optional = $p_optional; $c_optional2 = $p_optional2; $t_user_id = auth_get_current_user_id(); $t_mantis_bug_history_table = db_get_table('mantis_bug_history_table'); $query = "INSERT INTO {$t_mantis_bug_history_table}\n\t\t\t\t\t( user_id, bug_id, date_modified, type, old_value, new_value, field_name )\n\t\t\t\tVALUES\n\t\t\t\t\t( " . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ',' . db_param() . ', ' . db_param() . ')'; $result = db_query_bound($query, array($t_user_id, $c_bug_id, db_now(), $c_type, $c_optional, $c_optional2, '')); }
function history_log_event_special($p_bug_id, $p_type, $p_optional = '', $p_optional2 = '') { $c_bug_id = db_prepare_int($p_bug_id); $c_type = db_prepare_int($p_type); $c_optional = db_prepare_string($p_optional); $c_optional2 = db_prepare_string($p_optional2); $t_user_id = auth_get_current_user_id(); $t_mantis_bug_history_table = config_get('mantis_bug_history_table'); $query = "INSERT INTO {$t_mantis_bug_history_table}\n\t\t\t\t\t( user_id, bug_id, date_modified, type, old_value, new_value, field_name )\n\t\t\t\tVALUES\n\t\t\t\t\t( '{$t_user_id}', '{$c_bug_id}', " . db_now() . ", '{$c_type}', '{$c_optional}', '{$c_optional2}', '' )"; $result = db_query($query); }
/** * Add a new revision to a bug history. * @param int $p_bug_id Bug ID * @param int $p_user_id User ID * @param int $p_type Revision Type * @param string $p_value Value * @param int $p_bugnote_id Bugnote ID * @param int $p_timestamp Timestamp(int) * @return int Revision ID */ function bug_revision_add( $p_bug_id, $p_user_id, $p_type, $p_value, $p_bugnote_id=0, $p_timestamp = null ) { if ( $p_type <= REV_ANY ) { return null; } $t_bug_rev_table = db_get_table( 'bug_revision' ); $t_last = bug_revision_last( $p_bug_id, $p_type ); # Don't save a revision twice if nothing has changed if ( !is_null( $t_last ) && $p_value == $t_last['value'] ) { return $t_last['id']; } if ( $p_timestamp === null ) { $t_timestamp = db_now(); } else { $t_timestamp = $p_timestamp; } $t_query = "INSERT INTO $t_bug_rev_table ( bug_id, bugnote_id, user_id, timestamp, type, value ) VALUES ( " . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ' )'; db_query_bound( $t_query, array( $p_bug_id, $p_bugnote_id, $p_user_id, $t_timestamp, $p_type, $p_value ) ); return db_insert_id( $t_bug_rev_table ); }
require_api('config_api.php'); require_api('constant_inc.php'); require_api('database_api.php'); require_api('form_api.php'); require_api('helper_api.php'); require_api('lang_api.php'); require_api('print_api.php'); require_api('user_api.php'); form_security_validate('manage_user_prune'); auth_reauthenticate(); access_ensure_global_level(config_get('manage_user_threshold')); # Delete the users who have never logged in and are older than 1 week $t_days_old = (int) 7 * SECONDS_PER_DAY; $t_query = 'SELECT id, access_level FROM {user} WHERE ( login_count = 0 ) AND ( date_created = last_visit ) AND ' . '( protected = 0 ) AND ' . db_helper_compare_time(db_param(), '>', 'date_created', $t_days_old); $t_result = db_query($t_query, array(db_now())); if (!$t_result) { trigger_error(ERROR_GENERIC, ERROR); } $t_count = db_num_rows($t_result); if ($t_count > 0) { helper_ensure_confirmed(lang_get('confirm_account_pruning'), lang_get('prune_accounts_button')); } for ($i = 0; $i < $t_count; $i++) { $t_row = db_fetch_array($t_result); # Don't prune accounts with a higher global access level than the current user if (access_has_global_level($t_row['access_level'])) { user_delete($t_row['id']); } } form_security_purge('manage_user_prune');
/** * returns the number of bugs resolved in the last X days (default is 1 day) for the current project * * @param integer $p_num_days Anumber of days. * @return integer */ function summary_resolved_bug_count_by_date($p_num_days = 1) { $t_resolved = config_get('bug_resolved_status_threshold'); $c_time_length = (int) $p_num_days * SECONDS_PER_DAY; $t_project_id = helper_get_current_project(); $t_specific_where = helper_project_specific_where($t_project_id); if (' 1<>1' == $t_specific_where) { return 0; } $t_query = 'SELECT COUNT(DISTINCT(b.id)) FROM {bug} b LEFT JOIN {bug_history} h ON b.id = h.bug_id AND h.type = ' . NORMAL_TYPE . ' AND h.field_name = \'status\' WHERE b.status >= ' . db_param() . ' AND h.old_value < ' . db_param() . ' AND h.new_value >= ' . db_param() . ' AND ' . db_helper_compare_time(db_param(), '<=', 'date_modified', $c_time_length) . ' AND ' . $t_specific_where; $t_result = db_query($t_query, array($t_resolved, $t_resolved, $t_resolved, db_now())); return db_result($t_result, 0); }
function mci_file_add($p_id, $p_name, $p_content, $p_file_type, $p_table, $p_title = '', $p_desc = '', $p_user_id = null) { if (!file_type_check($p_name)) { return new soap_fault('Client', '', 'File type not allowed.'); } if (!file_is_name_unique($p_name, $p_id)) { return new soap_fault('Client', '', 'Duplicate filename.'); } $t_file_size = strlen($p_content); $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size')); if ($t_file_size > $t_max_file_size) { return new soap_fault('Client', '', 'File is too big.'); } if ('bug' == $p_table) { $t_project_id = bug_get_field($p_id, 'project_id'); $t_issue_id = bug_format_id($p_id); } else { $t_project_id = $p_id; $t_issue_id = 0; } # prepare variables for insertion $c_issue_id = db_prepare_int($t_issue_id); $c_project_id = db_prepare_int($t_project_id); $c_file_type = db_prepare_string($p_file_type); $c_title = db_prepare_string($p_title); $c_desc = db_prepare_string($p_desc); if ($p_user_id === null) { $c_user_id = auth_get_current_user_id(); } else { $c_user_id = (int) $p_user_id; } if ($t_project_id == ALL_PROJECTS) { $t_file_path = config_get('absolute_path_default_upload_folder'); } else { $t_file_path = project_get_field($t_project_id, 'file_path'); if ($t_file_path == '') { $t_file_path = config_get('absolute_path_default_upload_folder'); } } $c_file_path = db_prepare_string($t_file_path); $c_new_file_name = db_prepare_string($p_name); $t_file_hash = $t_issue_id; $t_disk_file_name = $t_file_path . file_generate_unique_name($t_file_hash . '-' . $p_name, $t_file_path); $c_disk_file_name = db_prepare_string($t_disk_file_name); $t_file_size = strlen($p_content); $c_file_size = db_prepare_int($t_file_size); $t_method = config_get('file_upload_method'); switch ($t_method) { case FTP: case DISK: if (!file_exists($t_file_path) || !is_dir($t_file_path) || !is_writable($t_file_path) || !is_readable($t_file_path)) { return new soap_fault('Server', '', "Upload folder '{$t_file_path}' doesn't exist."); } file_ensure_valid_upload_path($t_file_path); if (!file_exists($t_disk_file_name)) { mci_file_write_local($t_disk_file_name, $p_content); if (FTP == $t_method) { $conn_id = file_ftp_connect(); file_ftp_put($conn_id, $t_disk_file_name, $t_disk_file_name); file_ftp_disconnect($conn_id); file_delete_local($t_disk_file_name); } else { chmod($t_disk_file_name, config_get('attachments_file_permissions')); } $c_content = "''"; } break; case DATABASE: $c_content = db_prepare_binary_string($p_content); break; } $t_file_table = db_get_table($p_table . '_file'); $c_id = 'bug' == $p_table ? $c_issue_id : $c_project_id; $query = "INSERT INTO {$t_file_table}\n\t\t\t(" . $p_table . "_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content, user_id)\n\t\tVALUES\n\t\t\t({$c_id}, '{$c_title}', '{$c_desc}', '{$c_disk_file_name}', '{$c_new_file_name}', '{$c_file_path}', {$c_file_size}, '{$c_file_type}', '" . db_now() . "', {$c_content}, {$c_user_id})"; db_query($query); # get attachment id $t_attachment_id = db_insert_id($t_file_table); if ('bug' == $p_table) { # updated the last_updated date $result = bug_update_date($c_issue_id); # log new bug history_log_event_special($c_issue_id, FILE_ADDED, $c_new_file_name); } return $t_attachment_id; }
/** * Add to email queue * @param EmailData $p_email_data * @return int */ function email_queue_add( $p_email_data ) { $t_email_data = email_queue_prepare_db( $p_email_data ); # email cannot be blank if( is_blank( $t_email_data->email ) ) { error_parameters( lang_get( 'email' ) ); trigger_error( ERROR_EMPTY_FIELD, ERROR ); } # subject cannot be blank if( is_blank( $t_email_data->subject ) ) { error_parameters( lang_get( 'subject' ) ); trigger_error( ERROR_EMPTY_FIELD, ERROR ); } # body cannot be blank if( is_blank( $t_email_data->body ) ) { error_parameters( lang_get( 'body' ) ); trigger_error( ERROR_EMPTY_FIELD, ERROR ); } $t_email_table = db_get_table( 'email' ); $c_email = $t_email_data->email; $c_subject = $t_email_data->subject; $c_body = $t_email_data->body; $c_metadata = serialize( $t_email_data->metadata ); $query = "INSERT INTO $t_email_table ( email, subject, body, submitted, metadata) VALUES ( " . db_param() . ", " . db_param() . ", " . db_param() . ", " . db_param() . ", " . db_param() . " )"; db_query_bound( $query, Array( $c_email, $c_subject, $c_body, db_now(), $c_metadata ) ); return db_insert_id( $t_email_table, 'email_id' ); }
function user_update_last_visit($p_user_id) { $c_user_id = db_prepare_int($p_user_id); $t_user_table = config_get('mantis_user_table'); $query = "UPDATE {$t_user_table}\n\t\t\t\t SET last_visit= " . db_now() . "\n\t\t\t\t WHERE id='{$c_user_id}'"; db_query($query); user_clear_cache($p_user_id); # db_query() errors on failure so: return true; }
/** * Add a file to the system using the configured storage method * * @param integer $p_bug_id The bug id (should be 0 when adding project doc). * @param array $p_file The uploaded file info, as retrieved from gpc_get_file(). * @param string $p_table Either 'bug' or 'project' depending on attachment type. * @param string $p_title File title. * @param string $p_desc File description. * @param integer $p_user_id User id (defaults to current user). * @param integer $p_date_added Date added. * @param boolean $p_skip_bug_update Skip bug last modification update (useful when importing bug attachments). * @return void */ function file_add($p_bug_id, array $p_file, $p_table = 'bug', $p_title = '', $p_desc = '', $p_user_id = null, $p_date_added = 0, $p_skip_bug_update = false) { file_ensure_uploaded($p_file); $t_file_name = $p_file['name']; $t_tmp_file = $p_file['tmp_name']; if (!file_type_check($t_file_name)) { trigger_error(ERROR_FILE_NOT_ALLOWED, ERROR); } if (!file_is_name_unique($t_file_name, $p_bug_id)) { trigger_error(ERROR_FILE_DUPLICATE, ERROR); } $t_file_size = filesize($t_tmp_file); if (0 == $t_file_size) { trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR); } $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size')); if ($t_file_size > $t_max_file_size) { trigger_error(ERROR_FILE_TOO_BIG, ERROR); } if ('bug' == $p_table) { $t_project_id = bug_get_field($p_bug_id, 'project_id'); $t_id = (int) $p_bug_id; $t_bug_id = bug_format_id($p_bug_id); } else { $t_project_id = helper_get_current_project(); $t_id = $t_project_id; $t_bug_id = 0; } if ($p_user_id === null) { $p_user_id = auth_get_current_user_id(); } if ($p_date_added <= 0) { $p_date_added = db_now(); } if ($t_project_id == ALL_PROJECTS) { $t_file_path = config_get('absolute_path_default_upload_folder'); } else { $t_file_path = project_get_field($t_project_id, 'file_path'); if (is_blank($t_file_path)) { $t_file_path = config_get('absolute_path_default_upload_folder'); } } $t_unique_name = file_generate_unique_name($t_file_path); $t_method = config_get('file_upload_method'); switch ($t_method) { case DISK: file_ensure_valid_upload_path($t_file_path); $t_disk_file_name = $t_file_path . $t_unique_name; if (!file_exists($t_disk_file_name)) { if (!move_uploaded_file($t_tmp_file, $t_disk_file_name)) { trigger_error(ERROR_FILE_MOVE_FAILED, ERROR); } chmod($t_disk_file_name, config_get('attachments_file_permissions')); $c_content = ''; } else { trigger_error(ERROR_FILE_DUPLICATE, ERROR); } break; case DATABASE: $c_content = db_prepare_binary_string(fread(fopen($t_tmp_file, 'rb'), $t_file_size)); $t_file_path = ''; break; default: trigger_error(ERROR_GENERIC, ERROR); } $t_file_table = db_get_table($p_table . '_file'); $t_id_col = $p_table . '_id'; $t_query = 'INSERT INTO ' . $t_file_table . ' ( ' . $t_id_col . ', title, description, diskfile, filename, folder, filesize, file_type, date_added, user_id ) VALUES ( ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ' )'; db_query($t_query, array($t_id, $p_title, $p_desc, $t_unique_name, $t_file_name, $t_file_path, $t_file_size, $p_file['type'], $p_date_added, (int) $p_user_id)); $t_attachment_id = db_insert_id($t_file_table); if (db_is_oracle()) { db_update_blob($t_file_table, 'content', $c_content, 'diskfile=\'$t_unique_name\''); } else { $t_query = 'UPDATE ' . $t_file_table . ' SET content=' . db_param() . ' WHERE id = ' . db_param(); db_query($t_query, array($c_content, $t_attachment_id)); } if ('bug' == $p_table) { # update the last_updated date if (!$p_skip_bug_update) { bug_update_date($p_bug_id); } # log file added to bug history history_log_event_special($p_bug_id, FILE_ADDED, $t_file_name); } }
/** * Add a version to the project * @param int $p_project_id * @param string $p_version * @param int $p_released * @param string $p_description * @param int $p_date_order * @param bool $p_obsolete * @return int */ function version_add($p_project_id, $p_version, $p_released = VERSION_FUTURE, $p_description = '', $p_date_order = null, $p_obsolete = false) { $c_project_id = db_prepare_int($p_project_id); $c_released = db_prepare_int($p_released); $c_obsolete = db_prepare_bool($p_obsolete); if (null === $p_date_order) { $c_date_order = db_now(); } else { $c_date_order = $p_date_order; } version_ensure_unique($p_version, $p_project_id); $t_project_version_table = db_get_table('project_version'); $query = "INSERT INTO {$t_project_version_table}\n\t\t\t\t\t( project_id, version, date_order, description, released, obsolete )\n\t\t\t\t VALUES\n\t\t\t\t\t(" . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ' )'; db_query_bound($query, array($c_project_id, $p_version, $c_date_order, $p_description, $c_released, $c_obsolete)); # db_query errors on failure so: return db_insert_id($t_project_version_table); }
if ($t_page_count < 1) { $t_page_count = 1; } # Make sure $p_page_number isn't past the last page. if ($f_page_number > $t_page_count) { $f_page_number = $t_page_count; } # Make sure $p_page_number isn't before the first page if ($f_page_number < 1) { $f_page_number = 1; } if (0 == $c_hide_inactive) { $query = "SELECT *\n\t\t\t\tFROM {$t_user_table}\n\t\t\t\tWHERE {$t_where}\n\t\t\t\t{$t_show_disabled_cond}\n\t\t\t\tORDER BY {$c_sort} {$c_dir}"; $result = db_query_bound($query, $t_where_params, $p_per_page, $t_offset); } else { $query = "SELECT *\n\t\t\t\tFROM {$t_user_table}\n\t\t\t\tWHERE {$t_where} AND " . db_helper_compare_days("" . db_now() . "", "last_visit", "< {$days_old}") . "\n\t\t\t\t{$t_show_disabled_cond}\n\t\t\t\tORDER BY {$c_sort} {$c_dir}"; $result = db_query_bound($query, $t_where_params, $p_per_page, $t_offset); } $user_count = db_num_rows($result); ?> <br /> <table class="width100" cellspacing="1"> <tr> <td class="form-title" colspan="5"> <?php echo lang_get('manage_accounts_title'); ?> [<?php echo $total_user_count; ?> ]
/** * Add a file to the system using the configured storage method * * @param integer $p_bug_id the bug id * @param array $p_file the uploaded file info, as retrieved from gpc_get_file() */ function file_add($p_bug_id, $p_file, $p_table = 'bug', $p_title = '', $p_desc = '', $p_user_id = null) { file_ensure_uploaded($p_file); $t_file_name = $p_file['name']; $t_tmp_file = $p_file['tmp_name']; if (!file_type_check($t_file_name)) { trigger_error(ERROR_FILE_NOT_ALLOWED, ERROR); } if (!file_is_name_unique($t_file_name, $p_bug_id)) { trigger_error(ERROR_FILE_DUPLICATE, ERROR); } if ('bug' == $p_table) { $t_project_id = bug_get_field($p_bug_id, 'project_id'); $t_bug_id = bug_format_id($p_bug_id); } else { $t_project_id = helper_get_current_project(); $t_bug_id = 0; } if ($p_user_id === null) { $c_user_id = auth_get_current_user_id(); } else { $c_user_id = (int) $p_user_id; } # prepare variables for insertion $c_bug_id = db_prepare_int($p_bug_id); $c_project_id = db_prepare_int($t_project_id); $c_file_type = db_prepare_string($p_file['type']); $c_title = db_prepare_string($p_title); $c_desc = db_prepare_string($p_desc); if ($t_project_id == ALL_PROJECTS) { $t_file_path = config_get('absolute_path_default_upload_folder'); } else { $t_file_path = project_get_field($t_project_id, 'file_path'); if (is_blank($t_file_path)) { $t_file_path = config_get('absolute_path_default_upload_folder'); } } $c_file_path = db_prepare_string($t_file_path); $c_new_file_name = db_prepare_string($t_file_name); $t_file_hash = 'bug' == $p_table ? $t_bug_id : config_get('document_files_prefix') . '-' . $t_project_id; $t_unique_name = file_generate_unique_name($t_file_hash . '-' . $t_file_name, $t_file_path); $t_disk_file_name = $t_file_path . $t_unique_name; $c_unique_name = db_prepare_string($t_unique_name); $t_file_size = filesize($t_tmp_file); if (0 == $t_file_size) { trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR); } $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size')); if ($t_file_size > $t_max_file_size) { trigger_error(ERROR_FILE_TOO_BIG, ERROR); } $c_file_size = db_prepare_int($t_file_size); $t_method = config_get('file_upload_method'); switch ($t_method) { case FTP: case DISK: file_ensure_valid_upload_path($t_file_path); if (!file_exists($t_disk_file_name)) { if (FTP == $t_method) { $conn_id = file_ftp_connect(); file_ftp_put($conn_id, $t_disk_file_name, $t_tmp_file); file_ftp_disconnect($conn_id); } if (!move_uploaded_file($t_tmp_file, $t_disk_file_name)) { trigger_error(ERROR_FILE_MOVE_FAILED, ERROR); } chmod($t_disk_file_name, config_get('attachments_file_permissions')); $c_content = "''"; } else { trigger_error(ERROR_FILE_DUPLICATE, ERROR); } break; case DATABASE: $c_content = db_prepare_binary_string(fread(fopen($t_tmp_file, 'rb'), $t_file_size)); break; default: trigger_error(ERROR_GENERIC, ERROR); } $t_file_table = db_get_table('mantis_' . $p_table . '_file_table'); $c_id = 'bug' == $p_table ? $c_bug_id : $c_project_id; $query = "INSERT INTO {$t_file_table}\n\t\t\t\t\t\t(" . $p_table . "_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content, user_id)\n\t\t\t\t\t VALUES\n\t\t\t\t\t\t({$c_id}, '{$c_title}', '{$c_desc}', '{$c_unique_name}', '{$c_new_file_name}', '{$c_file_path}', {$c_file_size}, '{$c_file_type}', '" . db_now() . "', {$c_content}, {$c_user_id})"; db_query($query); if ('bug' == $p_table) { # updated the last_updated date $result = bug_update_date($p_bug_id); # log new bug history_log_event_special($p_bug_id, FILE_ADDED, $t_file_name); } }
/** * Attach a tag to a bug. * @param integer Tag ID * @param integer Bug ID * @param integer User ID */ function tag_bug_attach($p_tag_id, $p_bug_id, $p_user_id = null) { access_ensure_bug_level(config_get('tag_attach_threshold'), $p_bug_id, $p_user_id); tag_ensure_exists($p_tag_id); if (tag_bug_is_attached($p_tag_id, $p_bug_id)) { trigger_error(TAG_ALREADY_ATTACHED, ERROR); } if (null == $p_user_id) { $p_used_id = auth_get_current_user_id(); } else { user_ensure_exists($p_user_id); } $c_tag_id = db_prepare_int($p_tag_id); $c_bug_id = db_prepare_int($p_bug_id); $c_user_id = db_prepare_int($p_user_id); $t_bug_tag_table = db_get_table('bug_tag'); $query = "INSERT INTO {$t_bug_tag_table}\n\t\t\t\t\t( tag_id,\n\t\t\t\t\t bug_id,\n\t\t\t\t\t user_id,\n\t\t\t\t\t date_attached\n\t\t\t\t\t)\n\t\t\t\t\tVALUES\n\t\t\t\t\t( " . db_param() . ",\n\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t " . db_param() . "\n\t\t\t\t\t)"; db_query_bound($query, array($c_tag_id, $c_bug_id, $c_user_id, db_now())); $t_tag_name = tag_get_field($p_tag_id, 'name'); history_log_event_special($p_bug_id, TAG_ATTACHED, $t_tag_name); # updated the last_updated date bug_update_date($p_bug_id); return true; }
/** * Gets a limited set of news rows to be viewed on one page based on the criteria * defined in the configuration file. * * @param integer $p_offset Offset. * @param integer $p_project_id A project identifier. * @return array */ function news_get_limited_rows($p_offset, $p_project_id = null) { if ($p_project_id === null) { $p_project_id = helper_get_current_project(); } $c_offset = (int) $p_offset; $t_projects = current_user_get_all_accessible_subprojects($p_project_id); $t_projects[] = (int) $p_project_id; if (ALL_PROJECTS != $p_project_id) { $t_projects[] = ALL_PROJECTS; } $t_news_view_limit = config_get('news_view_limit'); $t_news_view_limit_days = config_get('news_view_limit_days') * SECONDS_PER_DAY; switch (config_get('news_limit_method')) { case 0: db_param_push(); # BY_LIMIT - Select the news posts $t_query = 'SELECT * FROM {news}'; if (1 == count($t_projects)) { $c_project_id = $t_projects[0]; $t_query .= ' WHERE project_id=' . db_param(); $t_params = array($c_project_id); } else { $t_query .= ' WHERE project_id IN (' . join($t_projects, ',') . ')'; $t_params = null; } $t_query .= ' ORDER BY announcement DESC, id DESC'; $t_result = db_query($t_query, $t_params, $t_news_view_limit, $c_offset); break; case 1: db_param_push(); # BY_DATE - Select the news posts $t_query = 'SELECT * FROM {news} WHERE ( ' . db_helper_compare_time(db_param(), '<', 'date_posted', $t_news_view_limit_days) . ' OR announcement = ' . db_param() . ' ) '; $t_params = array(db_now(), 1); if (1 == count($t_projects)) { $c_project_id = $t_projects[0]; $t_query .= ' AND project_id=' . db_param(); $t_params[] = $c_project_id; } else { $t_query .= ' AND project_id IN (' . join($t_projects, ',') . ')'; } $t_query .= ' ORDER BY announcement DESC, id DESC'; $t_result = db_query($t_query, $t_params, $t_news_view_limit, $c_offset); break; } $t_rows = array(); while ($t_row = db_fetch_array($t_result)) { array_push($t_rows, $t_row); } return $t_rows; }
} $t_index_links .= '<td>' . $t_link . '</td>'; } $t_index_links .= '</tr></table></center>'; echo $t_index_links; if ($f_prefix === 'ALL') { $t_where = '(1 = 1)'; } else { $c_prefix = db_prepare_string($f_prefix); $t_where = "(username like '{$c_prefix}%')"; } # Get the user data in $c_sort order if (0 == $c_hide) { $query = "SELECT *\n\t\t\t\tFROM {$t_user_table}\n\t\t\t\tWHERE {$t_where}\n\t\t\t\tORDER BY {$c_sort} {$c_dir}"; } else { $query = "SELECT *\n\t\t\t\tFROM {$t_user_table}\n\t\t\t\tWHERE (" . db_helper_compare_days(db_now(), "last_visit", "< '{$days_old}'") . ") AND {$t_where}\n\t\t\t\tORDER BY {$c_sort} {$c_dir}"; } $result = db_query($query); $user_count = db_num_rows($result); ?> <br /> <table class="width100" cellspacing="1"> <tr> <td class="form-title" colspan="5"> <?php echo lang_get('manage_accounts_title'); ?> [<?php echo $user_count; ?> ]
# GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Mantis. If not, see <http://www.gnu.org/licenses/>. # -------------------------------------------------------- # $Id: manage_user_prune.php,v 1.11.2.1 2007-10-13 22:33:57 giallu Exp $ # -------------------------------------------------------- require_once 'core.php'; # helper_ensure_post(); auth_reauthenticate(); access_ensure_global_level(config_get('manage_user_threshold')); $t_user_table = config_get('mantis_user_table'); # Delete the users who have never logged in and are older than 1 week $days_old = 7; $days_old = (int) $days_old; $date_calc = db_helper_compare_days(db_now(), "date_created", "> {$days_old}"); $query = "SELECT id\n\t\t\tFROM {$t_user_table}\n\t\t\tWHERE ( login_count = 0 ) AND ( date_created = last_visit ) AND {$date_calc}"; $result = db_query($query); if (!$result) { trigger_error(ERROR_GENERIC, ERROR); } $count = db_num_rows($result); if ($count > 0) { helper_ensure_confirmed(lang_get('confirm_account_pruning'), lang_get('prune_accounts_button')); } for ($i = 0; $i < $count; $i++) { $row = db_fetch_array($result); user_delete($row['id']); } $t_redirect_url = 'manage_user_page.php'; print_header_redirect($t_redirect_url);
/** * あしあとを付ける * * @param int $c_member_id_to あしあとをつけるメンバーのID * @param int $c_member_id_from あしあとをつけられるメンバーのID * @return bool */ function op_ashiato_insert_c_ashiato($c_member_id_to, $c_member_id_from) { $data = array('c_member_id_from' => intval($c_member_id_from), 'c_member_id_to' => intval($c_member_id_to), 'r_datetime' => db_now(), 'r_date' => db_now()); if (!db_insert('c_ashiato', $data)) { return false; } if ($ashiato_mail_num = OP::op_ashiato_ashiato_mail_num4c_member_id($c_member_id_to)) { //総足あと数を取得 $ashiato_num = OP::op_ashiato_c_ashiato_num4c_member_id($c_member_id_to); //あしあとお知らせメールを送る if ($ashiato_num == $ashiato_mail_num) { do_common_send_ashiato_mail($c_member_id_to, $c_member_id_from); } } return true; }
/** * Add a file to the system using the configured storage method * * @param integer $p_bug_id The bug id (should be 0 when adding project doc). * @param array $p_file The uploaded file info, as retrieved from gpc_get_file(). * @param string $p_table Either 'bug' or 'project' depending on attachment type. * @param string $p_title File title. * @param string $p_desc File description. * @param integer $p_user_id User id (defaults to current user). * @param integer $p_date_added Date added. * @param boolean $p_skip_bug_update Skip bug last modification update (useful when importing bug attachments). * @return void */ function file_add($p_bug_id, array $p_file, $p_table = 'bug', $p_title = '', $p_desc = '', $p_user_id = null, $p_date_added = 0, $p_skip_bug_update = false) { file_ensure_uploaded($p_file); $t_file_name = $p_file['name']; $t_tmp_file = $p_file['tmp_name']; if (!file_type_check($t_file_name)) { trigger_error(ERROR_FILE_NOT_ALLOWED, ERROR); } $t_org_filename = $t_file_name; $t_suffix_id = 1; while (!file_is_name_unique($t_file_name, $p_bug_id)) { $t_suffix_id++; $t_dot_index = strripos($t_org_filename, '.'); if ($t_dot_index === false) { $t_file_name = $t_org_filename . '-' . $t_suffix_id; } else { $t_extension = substr($t_org_filename, $t_dot_index, strlen($t_org_filename) - $t_dot_index); $t_file_name = substr($t_org_filename, 0, $t_dot_index) . '-' . $t_suffix_id . $t_extension; } } antispam_check(); $t_file_size = filesize($t_tmp_file); if (0 == $t_file_size) { trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR); } $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size')); if ($t_file_size > $t_max_file_size) { trigger_error(ERROR_FILE_TOO_BIG, ERROR); } if ('bug' == $p_table) { $t_project_id = bug_get_field($p_bug_id, 'project_id'); $t_id = (int) $p_bug_id; } else { $t_project_id = helper_get_current_project(); $t_id = $t_project_id; } if ($p_user_id === null) { $p_user_id = auth_get_current_user_id(); } if ($p_date_added <= 0) { $p_date_added = db_now(); } if ($t_project_id == ALL_PROJECTS) { $t_file_path = config_get('absolute_path_default_upload_folder'); } else { $t_file_path = project_get_field($t_project_id, 'file_path'); if (is_blank($t_file_path)) { $t_file_path = config_get('absolute_path_default_upload_folder'); } } $t_unique_name = file_generate_unique_name($t_file_path); $t_method = config_get('file_upload_method'); switch ($t_method) { case DISK: file_ensure_valid_upload_path($t_file_path); $t_disk_file_name = $t_file_path . $t_unique_name; if (!file_exists($t_disk_file_name)) { if (!move_uploaded_file($t_tmp_file, $t_disk_file_name)) { trigger_error(ERROR_FILE_MOVE_FAILED, ERROR); } chmod($t_disk_file_name, config_get('attachments_file_permissions')); $c_content = ''; } else { trigger_error(ERROR_FILE_DUPLICATE, ERROR); } break; case DATABASE: $c_content = db_prepare_binary_string(fread(fopen($t_tmp_file, 'rb'), $t_file_size)); $t_file_path = ''; break; default: trigger_error(ERROR_GENERIC, ERROR); } $t_file_table = db_get_table($p_table . '_file'); $t_id_col = $p_table . '_id'; $t_param = array($t_id_col => $t_id, 'title' => $p_title, 'description' => $p_desc, 'diskfile' => $t_unique_name, 'filename' => $t_file_name, 'folder' => $t_file_path, 'filesize' => $t_file_size, 'file_type' => $p_file['type'], 'date_added' => $p_date_added, 'user_id' => (int) $p_user_id); # Oracle has to update BLOBs separately if (!db_is_oracle()) { $t_param['content'] = $c_content; } $t_query_param = db_param(); for ($i = 1; $i < count($t_param); $i++) { $t_query_param .= ', ' . db_param(); } $t_query = 'INSERT INTO ' . $t_file_table . ' ( ' . implode(', ', array_keys($t_param)) . ' ) VALUES ( ' . $t_query_param . ' )'; db_query($t_query, array_values($t_param)); if (db_is_oracle()) { db_update_blob($t_file_table, 'content', $c_content, "diskfile='{$t_unique_name}'"); } if ('bug' == $p_table) { # update the last_updated date if (!$p_skip_bug_update) { bug_update_date($p_bug_id); } # log file added to bug history history_log_event_special($p_bug_id, FILE_ADDED, $t_file_name); } }
function news_get_limited_rows($p_offset, $p_project_id = null) { if ($p_project_id === null) { $p_project_id = helper_get_current_project(); } $c_offset = db_prepare_int($p_offset); $t_projects = current_user_get_all_accessible_subprojects($p_project_id); $t_projects[] = (int) $p_project_id; if (ALL_PROJECTS != $p_project_id) { $t_projects[] = ALL_PROJECTS; } $t_news_table = db_get_table('mantis_news_table'); $t_news_view_limit = config_get('news_view_limit'); $t_news_view_limit_days = config_get('news_view_limit_days') * SECONDS_PER_DAY; switch (config_get('news_limit_method')) { case 0: # BY_LIMIT - Select the news posts $query = "SELECT *\n\t\t\t\t\t\tFROM {$t_news_table}"; if (1 == count($t_projects)) { $c_project_id = $t_projects[0]; $query .= " WHERE project_id='{$c_project_id}'"; } else { $query .= ' WHERE project_id IN (' . join($t_projects, ',') . ')'; } $query .= ' ORDER BY announcement DESC, id DESC'; $result = db_query($query, $t_news_view_limit, $c_offset); break; case 1: # BY_DATE - Select the news posts $query = "SELECT *\n\t\t\t\t\t\tFROM {$t_news_table} WHERE\n\t\t\t\t\t\t( " . db_helper_compare_days(0, 'date_posted', "< {$t_news_view_limit_days}") . "\n\t\t\t\t\t\t OR announcement = " . db_param() . " ) "; $t_params = array(db_now(), 1); if (1 == count($t_projects)) { $c_project_id = $t_projects[0]; $query .= " AND project_id=" . db_param(); $t_params[] = $c_project_id; } else { $query .= ' AND project_id IN (' . join($t_projects, ',') . ')'; } $query .= " ORDER BY announcement DESC, id DESC"; $result = db_query_bound($query, $t_params, $t_news_view_limit, $c_offset); break; } # end switch $t_row_count = db_num_rows($result); $t_rows = array(); for ($i = 0; $i < $t_row_count; $i++) { $row = db_fetch_array($result); array_push($t_rows, $row); } return $t_rows; }
/** * Update the last_visited field to be now * * @param integer $p_user_id A valid user identifier. * @return boolean always true */ function user_update_last_visit($p_user_id) { $c_user_id = (int) $p_user_id; $c_value = db_now(); $t_query = 'UPDATE {user} SET last_visit=' . db_param() . ' WHERE id=' . db_param(); db_query($t_query, array($c_value, $c_user_id)); user_update_cache($c_user_id, 'last_visit', $c_value); return true; }
/** * Update the last_modified field of the bugnote * @param int $p_bugnote_id bugnote id * @return bool * @access public */ function bugnote_date_update($p_bugnote_id) { $c_bugnote_id = db_prepare_int($p_bugnote_id); $t_bugnote_table = db_get_table('mantis_bugnote_table'); $query = "UPDATE {$t_bugnote_table}\n\t\t\t\t\tSET last_modified=" . db_param() . "\n\t\t\t\t\tWHERE id=" . db_param(); db_query_bound($query, array(db_now(), $c_bugnote_id)); # db_query errors if there was a problem so: return true; }
/** * Purge all expired tokens. * @param integer Token type * @return always true. */ function token_purge_expired($p_token_type = null) { global $g_tokens_purged; $t_tokens_table = db_get_table('mantis_tokens_table'); $t_query = "DELETE FROM {$t_tokens_table} WHERE " . db_param() . " > expiry"; if (!is_null($p_token_type)) { $c_token_type = db_prepare_int($p_token_type); $t_query .= " AND type=" . db_param(); db_query_bound($t_query, array(db_now(), $c_token_type)); } else { db_query_bound($t_query, array(db_now())); } $g_tokens_purged = true; return true; }
/** * Counts the number of changes done by the specified user within specified time window. * @param integer $p_duration_in_seconds The time window in seconds. * @param [type] $p_user_id The user id or null for logged in user. * @return integer The number of changes done by user in the specified time window. */ function history_count_user_recent_events($p_duration_in_seconds, $p_user_id = null) { $t_user_id = null === $p_user_id ? auth_get_current_user_id() : $p_user_id; $t_params = array(db_now() - $p_duration_in_seconds, $t_user_id); $t_query = 'SELECT count(*) as event_count FROM {bug_history} WHERE date_modified > ' . db_param() . ' AND user_id = ' . db_param(); $t_result = db_query($t_query, $t_params); $t_row = db_fetch_array($t_result); return $t_row['event_count']; }
/** * メッセージの下書きを更新 */ function db_message_update_message_to_is_save($c_message_id, $subject, $body, $is_send = 0) { // タイトルと本文中に書いてあるURLがSNS内でありセッションパラメータを含んでいた場合は削除 $subject = db_ktai_delete_url_session_parameter($subject); $body = db_ktai_delete_url_session_parameter($body); $data = array('subject' => $subject, 'body' => $body, 'r_datetime' => db_now(), 'is_send' => (bool) $is_send); $where = array('c_message_id' => intval($c_message_id)); db_update('c_message', $data, $where); }
/** * Update the last_visited field to be now * * @param int $p_user_id User ID * @return bool always true */ function user_update_last_visit($p_user_id) { $c_user_id = (int) $p_user_id; $c_value = db_now(); $t_user_table = db_get_table('user'); $query = "UPDATE {$t_user_table}\n\t\t\t\t SET last_visit= " . db_param() . "\n\t\t\t\t WHERE id=" . db_param(); db_query_bound($query, array($c_value, $c_user_id)); user_update_cache($p_user_id, 'last_visit', $c_value); return true; }
form_security_validate( 'manage_user_prune' ); auth_reauthenticate(); access_ensure_global_level( config_get( 'manage_user_threshold' ) ); $t_user_table = db_get_table( 'user' ); # Delete the users who have never logged in and are older than 1 week $days_old = (int)7 * SECONDS_PER_DAY; $query = "SELECT id, access_level FROM $t_user_table WHERE ( login_count = 0 ) AND ( date_created = last_visit ) AND " . db_helper_compare_days( 0, "date_created", "> $days_old" ); $result = db_query_bound($query, Array( db_now() ) ); if ( !$result ) { trigger_error( ERROR_GENERIC, ERROR ); } $count = db_num_rows( $result ); if ( $count > 0 ) { helper_ensure_confirmed( lang_get( 'confirm_account_pruning' ), lang_get( 'prune_accounts_button' ) ); } for ($i=0; $i < $count; $i++) { $row = db_fetch_array( $result ); # Don't prune accounts with a higher global access level than the current user
} if (!move_uploaded_file($v_tmp_name, $t_disk_file_name)) { trigger_error(ERROR_FILE_MOVE_FAILED, ERROR); } chmod($t_disk_file_name, config_get('attachments_file_permissions')); $c_content = ''; break; case DATABASE: $c_content = db_prepare_binary_string(fread(fopen($v_tmp_name, 'rb'), $v_size)); break; default: /** @todo Such errors should be checked in the admin checks */ trigger_error(ERROR_GENERIC, ERROR); } $query = "UPDATE {$t_project_file_table}\n\t\t\tSET title=" . db_param() . ", description=" . db_param() . ", date_added=" . db_param() . ",\n\t\t\t\tfilename=" . db_param() . ", filesize=" . db_param() . ", file_type=" . db_param() . ", content=" . db_param() . "\n\t\t\t\tWHERE id=" . db_param(); $result = db_query_bound($query, array($c_title, $c_description, db_now(), $c_file_name, $c_file_size, $c_file_type, $c_content, $c_file_id)); } else { $query = "UPDATE {$t_project_file_table}\n\t\t\t\tSET title=" . db_param() . ", description=" . db_param() . "\n\t\t\t\tWHERE id=" . db_param(); $result = db_query_bound($query, array($c_title, $c_description, $c_file_id)); } if (!$result) { trigger_error(ERROR_GENERIC, ERROR); } form_security_purge('proj_doc_update'); $t_redirect_url = 'proj_doc_page.php'; html_page_top(null, $t_redirect_url); ?> <br /> <div align="center"> <?php echo lang_get('operation_successful') . '<br />';