require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
form_security_validate('manage_custom_field_update');
auth_reauthenticate();
access_ensure_global_level(config_get('manage_custom_fields_threshold'));
$f_field_id = gpc_get_int('field_id');
$f_return = strip_tags(gpc_get_string('return', 'manage_custom_field_page.php'));
$t_values['name'] = gpc_get_string('name');
$t_values['type'] = gpc_get_int('type');
$t_values['possible_values'] = gpc_get_string('possible_values');
$t_values['default_value'] = gpc_get_string('default_value');
$t_values['valid_regexp'] = gpc_get_string('valid_regexp');
$t_values['access_level_r'] = gpc_get_int('access_level_r');
$t_values['access_level_rw'] = gpc_get_int('access_level_rw');
$t_values['length_min'] = gpc_get_int('length_min');
$t_values['length_max'] = gpc_get_int('length_max');
$t_values['display_report'] = gpc_get_bool('display_report');
$t_values['display_update'] = gpc_get_bool('display_update');
$t_values['display_resolved'] = gpc_get_bool('display_resolved');
$t_values['display_closed'] = gpc_get_bool('display_closed');
$t_values['require_report'] = gpc_get_bool('require_report');
$t_values['require_update'] = gpc_get_bool('require_update');
$t_values['require_resolved'] = gpc_get_bool('require_resolved');
$t_values['require_closed'] = gpc_get_bool('require_closed');
$t_values['filter_by'] = gpc_get_bool('filter_by');
custom_field_update($f_field_id, $t_values);
form_security_purge('manage_custom_field_update');
html_page_top(null, $f_return);
html_operation_successful($f_return);
html_page_bottom();
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('project_api.php');
require_api('user_api.php');
form_security_validate('manage_proj_user_remove');
auth_reauthenticate();
$f_project_id = gpc_get_int('project_id');
$f_user_id = gpc_get_int('user_id', 0);
# We should check both since we are in the project section and an
# admin might raise the first threshold and not realize they need
# to raise the second
access_ensure_project_level(config_get('manage_project_threshold'), $f_project_id);
access_ensure_project_level(config_get('project_user_threshold'), $f_project_id);
if (0 == $f_user_id) {
# Confirm with the user
helper_ensure_confirmed(lang_get('remove_all_users_sure_msg'), lang_get('remove_all_users_button'));
project_remove_all_users($f_project_id, access_get_project_level($f_project_id));
} else {
# Don't allow removal of users from the project who have a higher access level than the current user
access_ensure_project_level(access_get_project_level($f_project_id, $f_user_id), $f_project_id);
$t_user = user_get_row($f_user_id);
# Confirm with the user
helper_ensure_confirmed(lang_get('remove_user_sure_msg') . '<br/>' . lang_get('username_label') . lang_get('word_separator') . $t_user['username'], lang_get('remove_user_button'));
project_remove_user($f_project_id, $f_user_id);
}
form_security_purge('manage_proj_user_remove');
$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id;
html_page_top(null, $t_redirect_url);
html_operation_successful($t_redirect_url);
html_page_bottom();
}
# Update password if the two match and are not empty
if (!is_blank($f_password)) {
if ($f_password != $f_password_confirm) {
trigger_error(ERROR_USER_CREATE_PASSWORD_MISMATCH, ERROR);
} else {
if (!auth_does_password_match($t_user_id, $f_password_current)) {
trigger_error(ERROR_USER_CURRENT_PASSWORD_MISMATCH, ERROR);
}
if (!auth_does_password_match($t_user_id, $f_password)) {
user_set_password($t_user_id, $f_password);
$t_password_updated = true;
}
}
}
form_security_purge('account_update');
html_page_top(null, $t_redirect_url);
$t_message = '';
if ($t_email_updated) {
$t_message .= lang_get('email_updated');
}
if ($t_password_updated) {
$t_message = is_blank($t_message) ? '' : $t_message . '<br />';
$t_message .= lang_get('password_updated');
}
if ($t_realname_updated) {
$t_message = is_blank($t_message) ? '' : $t_message . '<br />';
$t_message .= lang_get('realname_updated');
}
html_operation_successful($t_redirect_url, $t_message);
html_page_bottom();
require_api('helper_api.php');
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('user_api.php');
form_security_validate('manage_user_delete');
auth_reauthenticate();
access_ensure_global_level(config_get('manage_user_threshold'));
$f_user_id = gpc_get_int('user_id');
$t_user = user_get_row($f_user_id);
# Ensure that the account to be deleted is of equal or lower access to the
# current user.
access_ensure_global_level($t_user['access_level']);
# check that we are not deleting the last administrator account
$t_admin_threshold = config_get_global('admin_site_threshold');
if (user_is_administrator($f_user_id) && user_count_level($t_admin_threshold) <= 1) {
trigger_error(ERROR_USER_CHANGE_LAST_ADMIN, ERROR);
}
# If an administrator is trying to delete their own account, use
# account_delete.php instead as it is handles logging out and redirection
# of users who have just deleted their own accounts.
if (auth_get_current_user_id() == $f_user_id) {
form_security_purge('manage_user_delete');
print_header_redirect('account_delete.php?account_delete_token=' . form_security_token('account_delete'), true, false);
}
helper_ensure_confirmed(lang_get('delete_account_sure_msg') . '<br/>' . lang_get('username_label') . lang_get('word_separator') . $t_user['username'], lang_get('delete_account_button'));
user_delete($f_user_id);
form_security_purge('manage_user_delete');
html_page_top(null, 'manage_user_page.php');
html_operation_successful('manage_user_page.php');
html_page_bottom();
require_api('gpc_api.php');
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('sponsorship_api.php');
if (!config_get('enable_sponsorship')) {
trigger_error(ERROR_SPONSORSHIP_NOT_ENABLED, ERROR);
}
form_security_validate('account_sponsor_update');
auth_ensure_user_authenticated();
$f_bug_list = gpc_get_string('buglist', '');
$t_bug_list = explode(',', $f_bug_list);
foreach ($t_bug_list as $t_bug) {
list($t_bug_id, $t_sponsor_id) = explode(':', $t_bug);
$c_bug_id = (int) $t_bug_id;
bug_ensure_exists($c_bug_id);
# dies if bug doesn't exist
access_ensure_bug_level(config_get('handle_sponsored_bugs_threshold'), $c_bug_id);
# dies if user can't handle bug
$t_bug = bug_get($c_bug_id);
$t_sponsor = sponsorship_get((int) $t_sponsor_id);
$t_new_payment = gpc_get_int('sponsor_' . $c_bug_id . '_' . $t_sponsor->id, $t_sponsor->paid);
if ($t_new_payment != $t_sponsor->paid) {
sponsorship_update_paid($t_sponsor_id, $t_new_payment);
}
}
form_security_purge('account_sponsor_update');
$t_redirect_url = 'account_sponsor_page.php';
html_page_top(null, $t_redirect_url);
html_operation_successful($t_redirect_url, lang_get('payment_updated'));
html_page_bottom();
* @uses helper_api.php
* @uses html_api.php
* @uses lang_api.php
* @uses news_api.php
* @uses print_api.php
*/
require_once 'core.php';
require_api('access_api.php');
require_api('authentication_api.php');
require_api('config_api.php');
require_api('form_api.php');
require_api('gpc_api.php');
require_api('helper_api.php');
require_api('html_api.php');
require_api('lang_api.php');
require_api('news_api.php');
require_api('print_api.php');
news_ensure_enabled();
form_security_validate('news_add');
access_ensure_project_level(config_get('manage_news_threshold'));
$f_view_state = gpc_get_int('view_state');
$f_headline = gpc_get_string('headline');
$f_announcement = gpc_get_bool('announcement');
$f_body = gpc_get_string('body');
$t_news_id = news_create(helper_get_current_project(), auth_get_current_user_id(), $f_view_state, $f_announcement, $f_headline, $f_body);
form_security_purge('news_add');
$t_news_row = news_get_row($t_news_id);
html_page_top();
html_operation_successful('news_menu_page.php');
print_news_entry_from_row($t_news_row);
html_page_bottom();
