function testRecoverPassword() { $this->login(); $this->get($this->url . "/recoverPassword.php"); if (strpos($this->getBrowser()->getContentAsText(), "your email address") === false) { $this->fail("'your email address' not found when expected."); return 1; } if (!$this->setFieldByName("email", "simpletest@localhost")) { $this->fail("Failed to set email"); return 1; } if (!$this->clickSubmitByName("recover")) { $this->fail("clicking recover returned false"); } //fix the password so others can still login... $md5pass = md5("simpletest"); pdo_query("UPDATE " . qid("user") . " SET password='******' WHERE email='simpletest@localhost'"); add_last_sql_error("test_recoverpassword"); $this->pass("Passed"); }
public function testRecoverPassword() { $this->login(); $this->get($this->url . '/recoverPassword.php'); if (strpos($this->getBrowser()->getContentAsText(), 'your email address') === false) { $this->fail("'your email address' not found when expected."); return 1; } if (!$this->setFieldByName('email', 'simpletest@localhost')) { $this->fail('Failed to set email'); return 1; } if (!$this->clickSubmitByName('recover')) { $this->fail('clicking recover returned false'); } //fix the password so others can still login... $md5pass = md5('simpletest'); pdo_query('UPDATE ' . qid('user') . " SET password='******' WHERE email='simpletest@localhost'"); add_last_sql_error('test_recoverpassword'); $this->pass('Passed'); }
function register_user($projectid, $email, $firstName, $lastName, $repositoryCredential) { include dirname(__DIR__) . '/config/config.php'; $UserProject = new UserProject(); $UserProject->ProjectId = $projectid; // Check if the user is already registered $user = pdo_query('SELECT id FROM ' . qid('user') . " WHERE email='{$email}'"); if (pdo_num_rows($user) > 0) { // Check if the user has been registered to the project $user_array2 = pdo_fetch_array($user); $userid = $user_array2['id']; $user = pdo_query("SELECT userid FROM user2project WHERE userid='{$userid}' AND projectid='{$projectid}'"); if (pdo_num_rows($user) == 0) { // not registered // We register the user to the project pdo_query("INSERT INTO user2project (userid,projectid,role,emailtype)\n VALUES ('{$userid}','{$projectid}','0','1')"); // We add the credentials if not already added $UserProject->UserId = $userid; $UserProject->AddCredential($repositoryCredential); $UserProject->ProjectId = 0; $UserProject->AddCredential($email); // Add the email by default echo pdo_error(); return false; } return '<error>User ' . $email . ' already registered.</error>'; } // already registered // Check if the repositoryCredential exists for this project $UserProject->RepositoryCredential = $repositoryCredential; if ($UserProject->FillFromRepositoryCredential() === true) { return '<error>' . $repositoryCredential . ' was already registered for this project under a different email address</error>'; } // Register the user // Create a new password $keychars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; $length = 10; $pass = ''; $max = strlen($keychars) - 1; for ($i = 0; $i <= $length; $i++) { // random_int is available in PHP 7 and the random_compat PHP 5.x // polyfill included in the Composer package.json dependencies. $pass .= substr($keychars, random_int(0, $max), 1); } $encrypted = md5($pass); pdo_query('INSERT INTO ' . qid('user') . " (email,password,firstname,lastname,institution,admin)\n VALUES ('{$email}','{$encrypted}','{$firstName}','{$lastName}','','0')"); add_last_sql_error('register_user'); $userid = pdo_insert_id('user'); // Insert the user into the project pdo_query("INSERT INTO user2project (userid,projectid,role,emailtype)\n VALUES ('{$userid}','{$projectid}','0','1')"); add_last_sql_error('register_user'); // We add the credentials if not already added $UserProject->UserId = $userid; $UserProject->AddCredential($repositoryCredential); $UserProject->ProjectId = 0; $UserProject->AddCredential($email); // Add the email by default $currentURI = get_server_URI(); $prefix = ''; if (strlen($firstName) > 0) { $prefix = ' '; } $project = pdo_query("SELECT name FROM project WHERE id='{$projectid}'"); $project_array = pdo_fetch_array($project); $projectname = $project_array['name']; // Send the email $text = 'Hello' . $prefix . $firstName . ",\n\n"; $text .= 'You have been registered to CDash because you have CVS/SVN access to the repository for ' . $projectname . "\n"; $text .= 'To access your CDash account: ' . $currentURI . "/user.php\n"; $text .= 'Your login is: ' . $email . "\n"; $text .= 'Your password is: ' . $pass . "\n\n"; $text .= 'Generated by CDash.'; if (cdashmail("{$email}", 'CDash - ' . $projectname . ' : Subscription', "{$text}")) { echo 'Email sent to: ' . $email . '<br>'; } else { add_log("cannot send email to: {$email}", 'register_user', LOG_ERR); } return true; }
{ list($usec, $sec) = explode(' ', microtime()); return (double) $sec + (double) $usec * 100000; } srand(make_seed_recoverpass()); $password = ""; $max = strlen($keychars) - 1; for ($i = 0; $i <= $length; $i++) { $password .= substr($keychars, rand(0, $max), 1); } $currentURI = get_server_URI(); $url = $currentURI . "/user.php"; $text = "Hello,\n\n You have asked to recover your password for CDash.\n\n"; $text .= "Your new password is: " . $password . "\n"; $text .= "Please go to this page to login: "******"{$url}\n"; $text .= "\n\nGenerated by CDash"; if (cdashmail("{$email}", "CDash password recovery", $text, "From: CDash <" . $CDASH_EMAIL_FROM . ">\nReply-To: " . $CDASH_EMAIL_REPLY . "\nContent-type: text/plain; charset=utf-8\nX-Mailer: PHP/" . phpversion() . "\nMIME-Version: 1.0")) { $md5pass = md5($password); // If we can send the email we update the database pdo_query("UPDATE " . qid("user") . " SET password='******' WHERE email='{$email}'"); add_last_sql_error("recoverPassword"); $xml .= "<message>A confirmation message has been sent to your inbox.</message>"; } else { $xml .= "<warning>Cannot send recovery email</warning>"; } } } $xml .= "</cdash>"; // Now doing the xslt transition generate_XSLT($xml, "recoverPassword");
/** function to send email to site maintainers when the update * step fails */ function send_update_email($handler, $projectid) { include 'config/config.php'; include_once 'include/common.php'; require_once 'include/pdo.php'; require_once 'models/build.php'; require_once 'models/project.php'; require_once 'models/buildgroup.php'; $Project = new Project(); $Project->Id = $projectid; $Project->Fill(); // If we shouldn't sent any emails we stop if ($Project->EmailBrokenSubmission == 0) { return; } // If the handler has a buildid (it should), we use it if (isset($handler->BuildId) && $handler->BuildId > 0) { $buildid = $handler->BuildId; } else { // Get the build id $name = $handler->getBuildName(); $stamp = $handler->getBuildStamp(); $sitename = $handler->getSiteName(); $buildid = get_build_id($name, $stamp, $projectid, $sitename); } if ($buildid < 0) { return; } // Check if the group as no email $Build = new Build(); $Build->Id = $buildid; $groupid = $Build->GetGroup(); $BuildGroup = new BuildGroup(); $BuildGroup->SetId($groupid); // If we specified no email we stop here if ($BuildGroup->GetSummaryEmail() == 2) { return; } // Send out update errors to site maintainers $update_errors = check_email_update_errors($buildid); if ($update_errors['errors']) { // Find the site maintainer(s) $sitename = $handler->getSiteName(); $siteid = $handler->getSiteId(); $to_address = ''; $email_addresses = pdo_query('SELECT email FROM ' . qid('user') . ',site2user WHERE ' . qid('user') . ".id=site2user.userid AND site2user.siteid='{$siteid}'"); while ($email_addresses_array = pdo_fetch_array($email_addresses)) { if ($to_address != '') { $to_address .= ', '; } $to_address .= $email_addresses_array['email']; } if ($to_address != '') { $serverURI = get_server_URI(); // In the case of asynchronous submission, the serverURI contains /cdash // we need to remove it if ($CDASH_BASE_URL == '' && $CDASH_ASYNCHRONOUS_SUBMISSION) { $serverURI = substr($serverURI, 0, strrpos($serverURI, '/')); } // Generate the email to send $subject = 'CDash [' . $Project->Name . '] - Update Errors for ' . $sitename; $update_info = pdo_query('SELECT command,status FROM buildupdate AS u,build2update AS b2u WHERE b2u.updateid=u.id AND b2u.buildid=' . qnum($buildid)); $update_array = pdo_fetch_array($update_info); $body = "{$sitename} has encountered errors during the Update step and you have been identified as the maintainer of this site.\n\n"; $body .= "*Update Errors*\n"; $body .= 'Status: ' . $update_array['status'] . ' (' . $serverURI . '/viewUpdate.php?buildid=' . $buildid . ")\n"; if ($CDASH_TESTING_MODE) { add_log($to_address, 'TESTING: EMAIL', LOG_DEBUG); add_log($subject, 'TESTING: EMAILTITLE', LOG_DEBUG); add_log($body, 'TESTING: EMAILBODY', LOG_DEBUG); } else { if (cdashmail("{$to_address}", $subject, $body)) { add_log('email sent to: ' . $to_address, 'sendEmailExpectedBuilds'); return; } else { add_log('cannot send email to: ' . $to_address, 'sendEmailExpectedBuilds'); } } } } }
if (isset($_GET['method'])) { require __DIR__ . '/index_old.php'; exit(0); } include dirname(dirname(dirname(__DIR__))) . '/config/config.php'; require_once 'include/pdo.php'; include 'include/common.php'; include 'include/version.php'; require_once 'models/project.php'; require_once 'models/buildfailure.php'; require_once 'include/filterdataFunctions.php'; require_once 'include/index_functions.php'; @set_time_limit(0); // Check if we can connect to the database. $db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}"); if (!$db || pdo_select_db("{$CDASH_DB_NAME}", $db) === false || pdo_query('SELECT id FROM ' . qid('user') . ' LIMIT 1', $db) === false) { if ($CDASH_PRODUCTION_MODE) { $response = array(); $response['error'] = 'CDash cannot connect to the database.'; echo json_encode($response); return; } else { // redirect to the install.php script $response = array(); $response['redirect'] = get_server_URI() . '/install.php'; echo json_encode($response); return; } return; } @($projectname = $_GET['project']);
=========================================================================*/ require_once dirname(dirname(__DIR__)) . '/config/config.php'; require_once 'include/pdo.php'; require_once 'include/common.php'; $buildid = pdo_real_escape_numeric($_GET['buildid']); if (!isset($buildid) || !is_numeric($buildid)) { echo 'Not a valid buildid!'; return; } $db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}"); pdo_select_db("{$CDASH_DB_NAME}", $db); // Find the notes $note = pdo_query("SELECT * FROM buildnote WHERE buildid='{$buildid}' ORDER BY timestamp ASC"); while ($note_array = pdo_fetch_array($note)) { $userid = $note_array['userid']; $user_array = pdo_fetch_array(pdo_query('SELECT firstname,lastname FROM ' . qid('user') . " WHERE id='{$userid}'")); $timestamp = strtotime($note_array['timestamp'] . ' UTC'); switch ($note_array['status']) { case 0: echo '<b>[note] </b>'; break; case 1: echo '<b>[fix in progress] </b>'; break; case 2: echo '<b>[fixed] </b>'; break; } echo 'by <b>' . $user_array['firstname'] . ' ' . $user_array['lastname'] . '</b>' . ' (' . date('H:i:s T', $timestamp) . ')'; echo '<pre>' . substr($note_array['note'], 0, 100) . '</pre>'; // limit 100 chars
/** * Authentication function * This is called on every page load where common.php is selected, as well as when * submitting the login form. **/ function auth($SessionCachePolicy = 'private_no_expire') { include dirname(__DIR__) . '/config/config.php'; $loginid = 1231564132; if (isset($CDASH_EXTERNAL_AUTH) && $CDASH_EXTERNAL_AUTH && isset($_SERVER['REMOTE_USER'])) { $login = $_SERVER['REMOTE_USER']; return authenticate($login, null, $SessionCachePolicy, 0); // we don't remember } if (@$_GET['logout']) { // user requested logout session_name('CDash'); session_cache_limiter('nocache'); @session_start(); unset($_SESSION['cdash']); session_destroy(); // Remove the cookie if we have one $cookienames = array('CDash', str_replace('.', '_', 'CDash-' . $_SERVER['SERVER_NAME'])); // php doesn't like dot in cookie names foreach ($cookienames as $cookiename) { if (isset($_COOKIE[$cookiename])) { $cookievalue = $_COOKIE[$cookiename]; $cookieuseridkey = substr($cookievalue, 0, strlen($cookievalue) - 33); $db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}"); pdo_select_db("{$CDASH_DB_NAME}", $db); pdo_query('UPDATE ' . qid('user') . " SET cookiekey='' WHERE id=" . qnum($cookieuseridkey)); setcookie('CDash-' . $_SERVER['SERVER_NAME'], '', time() - 3600); } } echo "<script language=\"javascript\">window.location='index.php'</script>"; return 0; } if (isset($_POST['sent'])) { // arrive from login form @($login = $_POST['login']); if ($login != null) { $login = htmlspecialchars(pdo_real_escape_string($login)); } @($passwd = $_POST['passwd']); if ($passwd != null) { $passwd = htmlspecialchars(pdo_real_escape_string($passwd)); } return authenticate($login, $passwd, $SessionCachePolicy, isset($_POST['rememberme'])); } else { // arrive from session var $cookiename = str_replace('.', '_', 'CDash-' . $_SERVER['SERVER_NAME']); // php doesn't like dot in cookie names if (isset($_COOKIE[$cookiename])) { $db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}"); pdo_select_db("{$CDASH_DB_NAME}", $db); $cookievalue = $_COOKIE[$cookiename]; $cookiekey = substr($cookievalue, strlen($cookievalue) - 33); if (strlen($cookiekey) < 1) { return false; } $cookieuseridkey = substr($cookievalue, 0, strlen($cookievalue) - 33); $sql = 'SELECT email,password,id FROM ' . qid('user') . "\n WHERE cookiekey='" . pdo_real_escape_string($cookiekey) . "'"; if (!empty($cookieuseridkey)) { $sql .= " AND id='" . pdo_real_escape_string($cookieuseridkey) . "'"; } $result = pdo_query("{$sql}"); if (pdo_num_rows($result) == 1) { $user_array = pdo_fetch_array($result); session_name('CDash'); session_cache_limiter($SessionCachePolicy); session_set_cookie_params($CDASH_COOKIE_EXPIRATION_TIME); @ini_set('session.gc_maxlifetime', $CDASH_COOKIE_EXPIRATION_TIME + 600); session_start(); $sessionArray = array('login' => $user_array['email'], 'passwd' => $user_array['password'], 'ID' => session_id(), 'valid' => 1, 'loginid' => $user_array['id']); $_SESSION['cdash'] = $sessionArray; return true; } } // Return early if a session has already been started. if (session_status() != PHP_SESSION_NONE) { return; } session_name('CDash'); session_cache_limiter($SessionCachePolicy); session_set_cookie_params($CDASH_COOKIE_EXPIRATION_TIME); @ini_set('session.gc_maxlifetime', $CDASH_COOKIE_EXPIRATION_TIME + 600); session_start(); $email = @$_SESSION['cdash']['login']; if (!empty($email)) { $db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}"); pdo_select_db("{$CDASH_DB_NAME}", $db); $sql = 'SELECT id,password FROM ' . qid('user') . " WHERE email='" . pdo_real_escape_string($email) . "'"; $result = pdo_query("{$sql}"); if (pdo_num_rows($result) == 0) { pdo_free_result($result); $loginerror = 'Wrong email or password.'; return false; } $user_array = pdo_fetch_array($result); if ($user_array['password'] == $_SESSION['cdash']['passwd']) { return true; } $loginerror = 'Wrong email or password.'; return false; } } }
function echo_submission_table() { @($limit = $_REQUEST['limit']); if (!isset($limit)) { $limit = 25; } else { $limit = pdo_real_escape_numeric($limit); } $rows = pdo_all_rows_query("SELECT * FROM " . qid("submission") . " ORDER BY id DESC LIMIT " . $limit); $sep = ', '; echo "<h3>Table `submission` (most recently queued {$limit})</h3>"; echo '<pre>'; echo 'id, filename, projectid, status, attempts, filesize, filemd5sum, ' . 'lastupdated, created, started, finished' . "\n"; echo "\n"; foreach ($rows as $row) { echo $row['id'] . $sep . $row['filename'] . $sep . $row['projectid'] . $sep . $row['status'] . $sep . $row['attempts'] . $sep . $row['filesize'] . $sep . $row['filemd5sum'] . $sep . $row['lastupdated'] . $sep . $row['created'] . $sep . $row['started'] . $sep . $row['finished'] . "\n"; } echo '</pre>'; echo '<br/>'; }
/** Get the user id from the email */ function GetIdFromEmail($email) { $email = pdo_real_escape_string($email); $query = pdo_query("SELECT id FROM " . qid("user") . " WHERE email='" . trim($email) . "'"); if (!$query) { add_last_sql_error("User:GetIdFromEmail"); return false; } if (pdo_num_rows($query) == 0) { return false; } $query_array = pdo_fetch_array($query); return $query_array['id']; }
} function echo_file_contents($filename) { // Emit the contents of the named file, but only if it exists. // If it doesn't exist, emit nothing. // if (file_exists($filename)) { $contents = file_get_contents($filename); echo '<h3>contents of "' . $filename . '"</h3>'; echo '<pre>'; echo htmlentities($contents); echo '</pre>'; echo '<br/>'; } } if ($session_OK) { $userid = $_SESSION['cdash']['loginid']; $user_is_admin = pdo_get_field_value('SELECT admin FROM ' . qid('user') . " WHERE id='{$userid}'", 'admin', 0); if ($user_is_admin) { echo_svn_output('--version'); echo_svn_output('remote -v'); echo_svn_output('status'); echo_svn_output('diff'); global $CDASH_ROOT_DIR; echo_file_contents($CDASH_ROOT_DIR . '/config/config.local.php'); echo_file_contents($CDASH_ROOT_DIR . '/tests/config.test.local.php'); echo '<br/>'; } else { echo 'Admin login required to display svn info.'; } }
$response['hidenav'] = 1; @($projectid = $_GET['projectid']); if ($projectid != null) { $projectid = pdo_real_escape_numeric($projectid); } // If the projectid is not set and there is only one project we go directly to the page if (!isset($projectid)) { $project = pdo_query('SELECT id FROM project'); if (pdo_num_rows($project) == 1) { $project_array = pdo_fetch_array($project); $projectid = $project_array['id']; } } @($show = $_GET['show']); $role = 0; $user_array = pdo_fetch_array(pdo_query('SELECT admin FROM ' . qid('user') . " WHERE id='{$userid}'")); if ($projectid && is_numeric($projectid)) { $user2project = pdo_query("SELECT role FROM user2project\n WHERE userid='{$userid}' AND projectid='{$projectid}'"); if (pdo_num_rows($user2project) > 0) { $user2project_array = pdo_fetch_array($user2project); $role = $user2project_array['role']; } } if ($user_array['admin'] != 1 && $role <= 1) { $response['error'] = "You don't have the permissions to access this page"; echo json_encode($response); return; } // List the available projects that this user has admin rights to. $sql = 'SELECT id,name FROM project'; if ($user_array['admin'] != 1) {
public function testCleanup() { pdo_query('DELETE FROM ' . qid('user') . "WHERE id={$this->UserId}"); pdo_query("DELETE FROM password WHERE userid={$this->UserId}"); $this->removeLineFromConfig($this->RotationConfig); $this->removeLineFromConfig($this->UniqueConfig); }
function register_user($projectid, $email, $firstName, $lastName, $repositoryCredential) { include "cdash/config.php"; $UserProject = new UserProject(); $UserProject->ProjectId = $projectid; // Check if the user is already registered $user = pdo_query("SELECT id FROM " . qid("user") . " WHERE email='{$email}'"); if (pdo_num_rows($user) > 0) { // Check if the user has been registered to the project $user_array2 = pdo_fetch_array($user); $userid = $user_array2["id"]; $user = pdo_query("SELECT userid FROM user2project WHERE userid='{$userid}' AND projectid='{$projectid}'"); if (pdo_num_rows($user) == 0) { // We register the user to the project pdo_query("INSERT INTO user2project (userid,projectid,role,emailtype)\n VALUES ('{$userid}','{$projectid}','0','1')"); // We add the credentials if not already added $UserProject->UserId = $userid; $UserProject->AddCredential($repositoryCredential); $UserProject->ProjectId = 0; $UserProject->AddCredential($email); // Add the email by default echo pdo_error(); return false; } return "<error>User " . $email . " already registered.</error>"; } // already registered // Check if the repositoryCredential exists for this project $UserProject->RepositoryCredential = $repositoryCredential; if ($UserProject->FillFromRepositoryCredential() === true) { return "<error>" . $repositoryCredential . " was already registered for this project under a different email address</error>"; } // Register the user // Create a new password $keychars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $length = 10; srand(make_seed_recoverpass()); $pass = ""; $max = strlen($keychars) - 1; for ($i = 0; $i <= $length; $i++) { $pass .= substr($keychars, rand(0, $max), 1); } $encrypted = md5($pass); pdo_query("INSERT INTO " . qid("user") . " (email,password,firstname,lastname,institution,admin)\n VALUES ('{$email}','{$encrypted}','{$firstName}','{$lastName}','','0')"); add_last_sql_error("register_user"); $userid = pdo_insert_id("user"); // Insert the user into the project pdo_query("INSERT INTO user2project (userid,projectid,role,emailtype)\n VALUES ('{$userid}','{$projectid}','0','1')"); add_last_sql_error("register_user"); // We add the credentials if not already added $UserProject->UserId = $userid; $UserProject->AddCredential($repositoryCredential); $UserProject->ProjectId = 0; $UserProject->AddCredential($email); // Add the email by default $currentURI = get_server_URI(); $prefix = ""; if (strlen($firstName) > 0) { $prefix = " "; } $project = pdo_query("SELECT name FROM project WHERE id='{$projectid}'"); $project_array = pdo_fetch_array($project); $projectname = $project_array['name']; // Send the email $text = "Hello" . $prefix . $firstName . ",<br><br>"; $text .= "You have been registered to CDash because you have CVS/SVN access to the repository for " . $projectname . " <br>"; $text .= "To access your CDash account: " . $currentURI . "/user.php<br>"; $text .= "Your login is: " . $email . "<br>"; $text .= "Your password is: " . $pass . "<br>"; $text .= "<br>Generated by CDash."; if (@cdashmail("{$email}", "CDash - " . $projectname . " : Subscription", "{$text}", "From: {$CDASH_EMAILADMIN}\nReply-To: no-reply\nContent-type: text/plain; charset=utf-8\nX-Mailer: PHP/" . phpversion() . "\nMIME-Version: 1.0\nContent-type: text/html; charset=UTF-8")) { echo "Email sent to: " . $email . "<br>"; } return true; }
set_include_path($cdashpath . PATH_SEPARATOR . get_include_path()); require_once "cdash/config.php"; require_once "cdash/pdo.php"; require_once "cdash/common.php"; $buildid = pdo_real_escape_numeric($_GET["buildid"]); if (!isset($buildid) || !is_numeric($buildid)) { echo "Not a valid buildid!"; return; } $db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}"); pdo_select_db("{$CDASH_DB_NAME}", $db); // Find the notes $note = pdo_query("SELECT * FROM buildnote WHERE buildid='{$buildid}' ORDER BY timestamp ASC"); while ($note_array = pdo_fetch_array($note)) { $userid = $note_array["userid"]; $user_array = pdo_fetch_array(pdo_query("SELECT firstname,lastname FROM " . qid("user") . " WHERE id='{$userid}'")); $timestamp = strtotime($note_array["timestamp"] . " UTC"); switch ($note_array["status"]) { case 0: echo "<b>[note] </b>"; break; case 1: echo "<b>[fix in progress] </b>"; break; case 2: echo "<b>[fixed] </b>"; break; } echo "by <b>" . $user_array["firstname"] . " " . $user_array["lastname"] . "</b>" . " (" . date("H:i:s T", $timestamp) . ")"; echo "<pre>" . substr($note_array["note"], 0, 100) . "</pre>"; // limit 100 chars
{ // Emit the contents of the named file, but only if it exists. // If it doesn't exist, emit nothing. // if (file_exists($filename)) { $contents = file_get_contents($filename); echo '<h3>contents of "' . $filename . '"</h3>'; echo '<pre>'; echo htmlentities($contents); echo '</pre>'; echo '<br/>'; } } if ($session_OK) { $userid = $_SESSION['cdash']['loginid']; $user_is_admin = pdo_get_field_value("SELECT admin FROM " . qid("user") . " WHERE id='{$userid}'", 'admin', 0); if ($user_is_admin) { echo_svn_output('--version'); echo_svn_output('remote -v'); echo_svn_output('status'); echo_svn_output('diff'); global $CDASH_ROOT_DIR; echo_file_contents($CDASH_ROOT_DIR . '/cdash/config.local.php'); echo_file_contents($CDASH_ROOT_DIR . '/tests/config.test.local.php'); echo '<h3>phpinfo</h3>'; phpinfo(); echo '<br/>'; } else { echo 'Admin login required to display svn info.'; } }
/** Send an email to administrator of the project for users who are not registered */ function sendEmailUnregisteredUsers($projectid, $cvsauthors) { include "cdash/config.php"; require_once "models/userproject.php"; include_once "cdash/common.php"; $unregisteredusers = array(); foreach ($cvsauthors as $author) { if ($author == "Local User") { continue; } $UserProject = new UserProject(); $UserProject->RepositoryCredential = $author; $UserProject->ProjectId = $projectid; if (!$UserProject->FillFromRepositoryCredential()) { $unregisteredusers[] = $author; } } // Send the email if any if (count($unregisteredusers) > 0) { // Find the project administrators $email = ""; $emails = pdo_query("SELECT email FROM " . qid("user") . ",user2project WHERE " . qid("user") . ".id=user2project.userid\n AND user2project.projectid=" . qnum($projectid) . " AND user2project.role='2'"); while ($emails_array = pdo_fetch_array($emails)) { if ($email != "") { $email .= ", "; } $email .= $emails_array["email"]; } // Send the email if ($email != "") { $projectname = get_project_name($projectid); $serverName = $CDASH_SERVER_NAME; if (strlen($serverName) == 0) { $serverName = $_SERVER['SERVER_NAME']; } $title = "CDash [" . $projectname . "] - Unregistered users"; $body = "The following users are checking in code but are not registered for the project " . $projectname . ":\n"; foreach ($unregisteredusers as $unreg) { $body .= "* " . $unreg . "\n"; } $body .= "\n You should register these users to your project. They are currently not receiving any emails from CDash.\n"; $body .= "\n-CDash on " . $serverName . "\n"; add_log($title . " : " . $body . " : " . $email, "sendEmailUnregisteredUsers"); if (cdashmail("{$email}", $title, $body, "From: CDash <" . $CDASH_EMAIL_FROM . ">\nReply-To: " . $CDASH_EMAIL_REPLY . "\nContent-type: text/plain; charset=utf-8\nX-Mailer: PHP/" . phpversion() . "\nMIME-Version: 1.0")) { add_log("email sent to: " . $email, "sendEmailUnregisteredUsers"); return; } else { add_log("cannot send email to: " . $email, "sendEmailUnregisteredUsers"); } } } // end count() }
} else { $user = new User(); $user->Id = $userid; $user->Fill(); $user->Password = $md5pass; if ($user->Save()) { $xml .= '<error>Your password has been updated.</error>'; unset($_SESSION['cdash']['redirect']); } else { $xml .= '<error>Cannot update password.</error>'; } add_last_sql_error('editUser.php'); } } $xml .= '<user>'; $user = pdo_query('SELECT * FROM ' . qid('user') . " WHERE id='{$userid}'"); $user_array = pdo_fetch_array($user); $xml .= add_XML_value('id', $userid); $xml .= add_XML_value('firstname', $user_array['firstname']); $xml .= add_XML_value('lastname', $user_array['lastname']); $xml .= add_XML_value('email', $user_array['email']); $xml .= add_XML_value('institution', $user_array['institution']); // Update the credentials @($updatecredentials = $_POST['updatecredentials']); if ($updatecredentials) { $credentials = $_POST['credentials']; $UserProject = new UserProject(); $UserProject->ProjectId = 0; $UserProject->UserId = $userid; $credentials[] = $user_array['email']; $UserProject->UpdateCredentials($credentials);
/** Generate the subprojects dashboard */ function generate_subprojects_dashboard_XML($project_instance, $date) { $start = microtime_float(); $noforcelogin = 1; include_once "cdash/config.php"; require_once "cdash/pdo.php"; include 'login.php'; include_once "models/banner.php"; include_once "models/subproject.php"; $db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}"); if (!$db) { echo "Error connecting to CDash database server<br>\n"; return; } if (!pdo_select_db("{$CDASH_DB_NAME}", $db)) { echo "Error selecting CDash database<br>\n"; return; } $Project = $project_instance; $projectid = $project_instance->Id; $homeurl = make_cdash_url(htmlentities($Project->HomeUrl)); checkUserPolicy(@$_SESSION['cdash']['loginid'], $projectid); $xml = begin_XML_for_XSLT(); $xml .= "<title>CDash - " . $Project->Name . "</title>"; $Banner = new Banner(); $Banner->SetProjectId(0); $text = $Banner->GetText(); if ($text !== false) { $xml .= "<banner>"; $xml .= add_XML_value("text", $text); $xml .= "</banner>"; } $Banner->SetProjectId($projectid); $text = $Banner->GetText(); if ($text !== false) { $xml .= "<banner>"; $xml .= add_XML_value("text", $text); $xml .= "</banner>"; } global $CDASH_SHOW_LAST_SUBMISSION; if ($CDASH_SHOW_LAST_SUBMISSION) { $xml .= "<showlastsubmission>1</showlastsubmission>"; } list($previousdate, $currentstarttime, $nextdate) = get_dates($date, $Project->NightlyTime); $svnurl = make_cdash_url(htmlentities($Project->CvsUrl)); $homeurl = make_cdash_url(htmlentities($Project->HomeUrl)); $bugurl = make_cdash_url(htmlentities($Project->BugTrackerUrl)); $googletracker = htmlentities($Project->GoogleTracker); $docurl = make_cdash_url(htmlentities($Project->DocumentationUrl)); // Main dashboard section $xml .= "<dashboard>\n <datetime>" . date("l, F d Y H:i:s T", time()) . "</datetime>\n <date>" . $date . "</date>\n <unixtimestamp>" . $currentstarttime . "</unixtimestamp>\n <svn>" . $svnurl . "</svn>\n <bugtracker>" . $bugurl . "</bugtracker>\n <googletracker>" . $googletracker . "</googletracker>\n <documentation>" . $docurl . "</documentation>\n <logoid>" . $Project->getLogoID() . "</logoid>\n <projectid>" . $projectid . "</projectid>\n <projectname>" . $Project->Name . "</projectname>\n <projectname_encoded>" . urlencode($Project->Name) . "</projectname_encoded>\n <previousdate>" . $previousdate . "</previousdate>\n <projectpublic>" . $Project->Public . "</projectpublic>\n <nextdate>" . $nextdate . "</nextdate>"; if (empty($Project->HomeUrl)) { $xml .= "<home>index.php?project=" . urlencode($Project->Name) . "</home>"; } else { $xml .= "<home>" . $homeurl . "</home>"; } if ($CDASH_USE_LOCAL_DIRECTORY && file_exists("local/models/proProject.php")) { include_once "local/models/proProject.php"; $pro = new proProject(); $pro->ProjectId = $projectid; $xml .= "<proedition>" . $pro->GetEdition(1) . "</proedition>"; } if ($currentstarttime > time()) { $xml .= "<future>1</future>"; } else { $xml .= "<future>0</future>"; } $xml .= "</dashboard>"; // Menu definition $xml .= "<menu>"; if (!has_next_date($date, $currentstarttime)) { $xml .= add_XML_value("nonext", "1"); } $xml .= "</menu>"; $beginning_timestamp = $currentstarttime; $end_timestamp = $currentstarttime + 3600 * 24; $beginning_UTCDate = gmdate(FMT_DATETIME, $beginning_timestamp); $end_UTCDate = gmdate(FMT_DATETIME, $end_timestamp); // User if (isset($_SESSION['cdash'])) { $xml .= "<user>"; $userid = $_SESSION['cdash']['loginid']; $user2project = pdo_query("SELECT role FROM user2project WHERE userid='{$userid}' and projectid='{$projectid}'"); $user2project_array = pdo_fetch_array($user2project); $user = pdo_query("SELECT admin FROM " . qid("user") . " WHERE id='{$userid}'"); $user_array = pdo_fetch_array($user); $xml .= add_XML_value("id", $userid); $isadmin = 0; if ($user2project_array["role"] > 1 || $user_array["admin"]) { $isadmin = 1; } $xml .= add_XML_value("admin", $isadmin); $xml .= add_XML_value("projectrole", $user2project_array['role']); $xml .= "</user>"; } // Get some information about the project $xml .= "<project>"; $xml .= add_XML_value("nbuilderror", $Project->GetNumberOfErrorBuilds($beginning_UTCDate, $end_UTCDate, true)); $xml .= add_XML_value("nbuildwarning", $Project->GetNumberOfWarningBuilds($beginning_UTCDate, $end_UTCDate, true)); $xml .= add_XML_value("nbuildpass", $Project->GetNumberOfPassingBuilds($beginning_UTCDate, $end_UTCDate, true)); $xml .= add_XML_value("nconfigureerror", $Project->GetNumberOfErrorConfigures($beginning_UTCDate, $end_UTCDate, true)); $xml .= add_XML_value("nconfigurewarning", $Project->GetNumberOfWarningConfigures($beginning_UTCDate, $end_UTCDate, true)); $xml .= add_XML_value("nconfigurepass", $Project->GetNumberOfPassingConfigures($beginning_UTCDate, $end_UTCDate, true)); $xml .= add_XML_value("ntestpass", $Project->GetNumberOfPassingTests($beginning_UTCDate, $end_UTCDate, true)); $xml .= add_XML_value("ntestfail", $Project->GetNumberOfFailingTests($beginning_UTCDate, $end_UTCDate, true)); $xml .= add_XML_value("ntestnotrun", $Project->GetNumberOfNotRunTests($beginning_UTCDate, $end_UTCDate, true)); if (strlen($Project->GetLastSubmission()) == 0) { $xml .= add_XML_value("lastsubmission", "NA"); } else { $xml .= add_XML_value("lastsubmission", $Project->GetLastSubmission()); } $xml .= "</project>"; // Look for the subproject $row = 0; $subprojectids = $Project->GetSubProjects(); $subprojProp = array(); foreach ($subprojectids as $subprojectid) { $SubProject = new SubProject(); $SubProject->SetId($subprojectid); $subprojProp[$subprojectid] = array('name' => $SubProject->GetName()); } $testSubProj = new SubProject(); $result = $testSubProj->GetNumberOfErrorBuilds($beginning_UTCDate, $end_UTCDate, True); if ($result) { foreach ($result as $row) { $subprojProp[$row['subprojectid']]['nbuilderror'] = $row[1]; } } $result = $testSubProj->GetNumberOfWarningBuilds($beginning_UTCDate, $end_UTCDate, True); if ($result) { foreach ($result as $row) { $subprojProp[$row['subprojectid']]['nbuildwarning'] = $row[1]; } } $result = $testSubProj->GetNumberOfPassingBuilds($beginning_UTCDate, $end_UTCDate, True); if ($result) { foreach ($result as $row) { $subprojProp[$row['subprojectid']]['nbuildpass'] = $row[1]; } } $result = $testSubProj->GetNumberOfErrorConfigures($beginning_UTCDate, $end_UTCDate, True); if ($result) { foreach ($result as $row) { $subprojProp[$row['subprojectid']]['nconfigureerror'] = $row[1]; } } $result = $testSubProj->GetNumberOfWarningConfigures($beginning_UTCDate, $end_UTCDate, True); if ($result) { foreach ($result as $row) { $subprojProp[$row['subprojectid']]['nconfigurewarning'] = $row[1]; } } $result = $testSubProj->GetNumberOfPassingConfigures($beginning_UTCDate, $end_UTCDate, True); if ($result) { foreach ($result as $row) { $subprojProp[$row['subprojectid']]['nconfigurepass'] = $row[1]; } } $result = $testSubProj->GetNumberOfPassingTests($beginning_UTCDate, $end_UTCDate, True); if ($result) { foreach ($result as $row) { $subprojProp[$row['subprojectid']]['ntestpass'] = $row[1]; } } $result = $testSubProj->GetNumberOfFailingTests($beginning_UTCDate, $end_UTCDate, True); if ($result) { foreach ($result as $row) { $subprojProp[$row['subprojectid']]['ntestfail'] = $row[1]; } } $result = $testSubProj->GetNumberOfNotRunTests($beginning_UTCDate, $end_UTCDate, True); if ($result) { foreach ($result as $row) { $subprojProp[$row['subprojectid']]['ntestnotrun'] = $row[1]; } } $reportArray = array('nbuilderror', 'nbuildwarning', 'nbuildpass', 'nconfigureerror', 'nconfigurewarning', 'nconfigurepass', 'ntestpass', 'ntestfail', 'ntestnotrun'); foreach ($subprojectids as $subprojectid) { $SubProject = new SubProject(); $SubProject->SetId($subprojectid); $xml .= "<subproject>"; $xml .= add_XML_value("name", $SubProject->GetName()); $xml .= add_XML_value("name_encoded", urlencode($SubProject->GetName())); foreach ($reportArray as $reportnum) { $reportval = array_key_exists($reportnum, $subprojProp[$subprojectid]) ? $subprojProp[$subprojectid][$reportnum] : 0; $xml .= add_XML_value($reportnum, $reportval); } if (strlen($SubProject->GetLastSubmission()) == 0) { $xml .= add_XML_value("lastsubmission", "NA"); } else { $xml .= add_XML_value("lastsubmission", $SubProject->GetLastSubmission()); } $xml .= "</subproject>"; if ($row == 1) { $row = 0; } else { $row = 1; } } // end for each subproject $end = microtime_float(); $xml .= "<generationtime>" . round($end - $start, 3) . "</generationtime>"; $xml .= "</cdash>"; return $xml; }
$nightlytime = strtotime($project_array["nightlytime"]); $nightlyhour = gmdate("H", $nightlytime); $nightlyminute = gmdate("i", $nightlytime); $nightlysecond = gmdate("s", $nightlytime); $end_timestamp = $currenttime - 1; // minus 1 second when the nightly start time is midnight exactly $beginning_timestamp = gmmktime($nightlyhour, $nightlyminute, $nightlysecond, gmdate("m", $end_timestamp), gmdate("d", $end_timestamp), gmdate("Y", $end_timestamp)); if ($end_timestamp < $beginning_timestamp) { $beginning_timestamp = gmmktime($nightlyhour, $nightlyminute, $nightlysecond, gmdate("m", $end_timestamp - 24 * 3600), gmdate("d", $end_timestamp - 24 * 3600), gmdate("Y", $end_timestamp - 24 * 3600)); } $beginning_UTCDate = gmdate(FMT_DATETIME, $beginning_timestamp); $end_UTCDate = gmdate(FMT_DATETIME, $end_timestamp); if ($CDASH_DB_TYPE == "pgsql") { $site = pdo_query("SELECT s.id,s.name,si.processorclockfrequency,\n si.description,\n si.numberphysicalcpus,s.ip,s.latitude,s.longitude, \n " . qid('user') . ".firstname," . qid('user') . ".lastname," . qid('user') . ".id AS userid\n FROM build AS b, siteinformation AS si, site as s\n LEFT JOIN site2user ON (site2user.siteid=s.id)\n LEFT JOIN " . qid('user') . " ON (site2user.userid=" . qid('user') . ".id)\n WHERE s.id=b.siteid \n AND b.starttime<'{$end_UTCDate}' AND b.starttime>'{$beginning_UTCDate}'\n AND si.siteid=s.id\n AND b.projectid='{$projectid}' GROUP BY s.id,s.name,si.processorclockfrequency,\n si.description,\n si.numberphysicalcpus,s.ip,s.latitude,s.longitude," . qid('user') . ".firstname," . qid('user') . ".lastname," . qid('user') . ".id"); } else { $site = pdo_query("SELECT s.id,s.name,si.processorclockfrequency,\n si.description,\n si.numberphysicalcpus,s.ip,s.latitude,s.longitude, \n " . qid('user') . ".firstname," . qid('user') . ".lastname," . qid('user') . ".id AS userid\n FROM build AS b, siteinformation AS si, site as s\n LEFT JOIN site2user ON (site2user.siteid=s.id)\n LEFT JOIN " . qid('user') . " ON (site2user.userid=" . qid('user') . ".id)\n WHERE s.id=b.siteid \n AND b.starttime<'{$end_UTCDate}' AND b.starttime>'{$beginning_UTCDate}'\n AND si.siteid=s.id\n AND b.projectid='{$projectid}' GROUP BY s.id"); } echo pdo_error(); while ($site_array = pdo_fetch_array($site)) { $xml .= "<site>"; $xml .= add_XML_value("name", $site_array["name"]); $xml .= add_XML_value("id", $site_array["id"]); $xml .= add_XML_value("description", $site_array["description"]); $xml .= add_XML_value("processor_speed", getByteValueWithExtension($site_array["processorclockfrequency"] * 1024 * 1024)); $xml .= add_XML_value("numberphysicalcpus", $site_array["numberphysicalcpus"]); $xml .= add_XML_value("latitude", $site_array["latitude"]); $xml .= add_XML_value("longitude", $site_array["longitude"]); $xml .= add_XML_value("longitude", $site_array["longitude"]); $xml .= add_XML_value("maintainer_name", $site_array["firstname"] . " " . $site_array["lastname"]); $xml .= add_XML_value("maintainer_id", $site_array["userid"]); $xml .= "</site>";
include_once 'cdash/common.php'; redirect_to_https(); include "cdash/version.php"; include_once 'models/project.php'; include_once 'models/clientjobschedule.php'; include_once 'models/clientsite.php'; include_once 'models/clientjob.php'; include_once 'models/build.php'; if ($session_OK) { $userid = $_SESSION['cdash']['loginid']; $xml = begin_XML_for_XSLT(); $xml .= add_XML_value("manageclient", $CDASH_MANAGE_CLIENTS); $db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}"); pdo_select_db("{$CDASH_DB_NAME}", $db); $xml .= add_XML_value("title", "CDash - My Profile"); $user = pdo_query("SELECT * FROM " . qid("user") . " WHERE id='{$userid}'"); $user_array = pdo_fetch_array($user); $xml .= add_XML_value("user_name", $user_array["firstname"]); $xml .= add_XML_value("user_is_admin", $user_array["admin"]); if ($CDASH_USER_CREATE_PROJECTS) { $xml .= add_XML_value("user_can_create_projects", 1); } else { $xml .= add_XML_value("user_can_create_projects", 0); } // Go through the list of project the user is part of $project2user = pdo_query("SELECT user2project.projectid AS projectid,role,name,\n (SELECT count(errorlog.projectid) FROM errorlog WHERE errorlog.projectid=user2project.projectid)\n AS errors\n FROM user2project,project\n WHERE project.id=user2project.projectid\n AND userid='{$userid}' ORDER BY project.name ASC"); echo pdo_error(); $condition_list_projects = ''; $Project = new Project(); $start = gmdate(FMT_DATETIME, strtotime(date("r")) - 3600 * 24); while ($project2user_array = pdo_fetch_array($project2user)) {
require_once "cdash/pdo.php"; echo '<?xml version="1.0" encoding="UTF-8"?>'; echo "<userid>"; if (!isset($_GET['author'])) { echo "error<no-author-param/></userid>"; return; } if (strlen($_GET['author']) == 0) { echo "error<empty-author-param/></userid>"; return; } $author = htmlspecialchars(pdo_real_escape_string($_GET['author'])); // First, try the simplest query, where the author string is simply exactly // equal to the user's email: // $userid = pdo_get_field_value("SELECT id FROM " . qid("user") . " WHERE email='{$author}'", 'id', '-1'); if ($userid !== '-1') { echo $userid . "</userid>"; return; } // If no exact email match, fall back to the more complicated project-based // repository credentials lookup: // if (!isset($_GET['project'])) { echo "error<no-project-param/></userid>"; return; } if (strlen($_GET['project']) == 0) { echo "error<empty-project-param/></userid>"; return; }
if ($CDASH_DB_TYPE == 'pgsql') { $site = pdo_query('SELECT s.id,s.name,si.processorclockfrequency, si.description, si.numberphysicalcpus,s.ip,s.latitude,s.longitude, ' . qid('user') . '.firstname,' . qid('user') . '.lastname,' . qid('user') . '.id AS userid FROM build AS b, siteinformation AS si, site as s LEFT JOIN site2user ON (site2user.siteid=s.id) LEFT JOIN ' . qid('user') . ' ON (site2user.userid=' . qid('user') . ".id)\n WHERE s.id=b.siteid\n AND b.starttime<'{$end_UTCDate}' AND b.starttime>'{$beginning_UTCDate}'\n AND si.siteid=s.id\n AND b.projectid='{$projectid}' GROUP BY s.id,s.name,si.processorclockfrequency,\n si.description,\n si.numberphysicalcpus,s.ip,s.latitude,s.longitude," . qid('user') . '.firstname,' . qid('user') . '.lastname,' . qid('user') . '.id'); } else { $site = pdo_query('SELECT s.id,s.name,si.processorclockfrequency, si.description, si.numberphysicalcpus,s.ip,s.latitude,s.longitude, ' . qid('user') . '.firstname,' . qid('user') . '.lastname,' . qid('user') . '.id AS userid FROM build AS b, siteinformation AS si, site as s LEFT JOIN site2user ON (site2user.siteid=s.id) LEFT JOIN ' . qid('user') . ' ON (site2user.userid=' . qid('user') . ".id)\n WHERE s.id=b.siteid\n AND b.starttime<'{$end_UTCDate}' AND b.starttime>'{$beginning_UTCDate}'\n AND si.siteid=s.id\n AND b.projectid='{$projectid}' GROUP BY s.id"); } echo pdo_error(); while ($site_array = pdo_fetch_array($site)) { $xml .= '<site>'; $xml .= add_XML_value('name', $site_array['name']); $xml .= add_XML_value('id', $site_array['id']); $xml .= add_XML_value('description', $site_array['description']); $xml .= add_XML_value('processor_speed', getByteValueWithExtension($site_array['processorclockfrequency'] * 1024 * 1024)); $xml .= add_XML_value('numberphysicalcpus', $site_array['numberphysicalcpus']); $xml .= add_XML_value('latitude', $site_array['latitude']); $xml .= add_XML_value('longitude', $site_array['longitude']); $xml .= add_XML_value('longitude', $site_array['longitude']); $xml .= add_XML_value('maintainer_name', $site_array['firstname'] . ' ' . $site_array['lastname']); $xml .= add_XML_value('maintainer_id', $site_array['userid']); $xml .= '</site>';
/** Authentication function */ function register() { global $reg; include dirname(__DIR__) . '/config/config.php'; require_once 'include/pdo.php'; if (isset($_GET['key'])) { $key = pdo_real_escape_string($_GET['key']); $sql = 'SELECT * FROM ' . qid('usertemp') . " WHERE registrationkey='{$key}'"; $query = pdo_query($sql); if (pdo_num_rows($query) == 0) { $reg = 'The key is invalid.'; return 0; } $query_array = pdo_fetch_array($query); $email = $query_array['email']; // We copy the data from usertemp to user $user = new User(); $user->Email = $email; $user->Password = $query_array['password']; $user->FirstName = $query_array['firstname']; $user->LastName = $query_array['lastname']; $user->Institution = $query_array['institution']; if ($user->Save()) { pdo_query("DELETE FROM usertemp WHERE email='{$email}'"); return 1; } else { $reg = pdo_error(); return 0; } } elseif (isset($_POST['sent'])) { // arrive from register form $url = $_POST['url']; if ($url != 'catchbot') { $reg = 'Bots are not allowed to obtain CDash accounts!'; return 0; } $email = $_POST['email']; $passwd = $_POST['passwd']; $passwd2 = $_POST['passwd2']; if (!($passwd == $passwd2)) { $reg = 'Passwords do not match!'; return 0; } global $CDASH_MINIMUM_PASSWORD_LENGTH, $CDASH_MINIMUM_PASSWORD_COMPLEXITY, $CDASH_PASSWORD_COMPLEXITY_COUNT; $complexity = getPasswordComplexity($passwd); if ($complexity < $CDASH_MINIMUM_PASSWORD_COMPLEXITY) { if ($CDASH_PASSWORD_COMPLEXITY_COUNT > 1) { $reg = "Your password must contain at least {$CDASH_PASSWORD_COMPLEXITY_COUNT} characters from {$CDASH_MINIMUM_PASSWORD_COMPLEXITY} of the following types: uppercase, lowercase, numbers, and symbols."; } else { $reg = "Your password must contain at least {$CDASH_MINIMUM_PASSWORD_COMPLEXITY} of the following: uppercase, lowercase, numbers, and symbols."; } return 0; } if (strlen($passwd) < $CDASH_MINIMUM_PASSWORD_LENGTH) { $reg = "Your password must be at least {$CDASH_MINIMUM_PASSWORD_LENGTH} characters."; return 0; } $fname = $_POST['fname']; $lname = $_POST['lname']; $institution = $_POST['institution']; if ($email && $passwd && $passwd2 && $fname && $lname && $institution) { $db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}"); pdo_select_db("{$CDASH_DB_NAME}", $db); $passwd = md5($passwd); $email = pdo_real_escape_string($email); $sql = 'SELECT email FROM ' . qid('user') . " WHERE email='{$email}'"; if (pdo_num_rows(pdo_query($sql)) > 0) { $reg = "{$email} is already registered."; return 0; } $sql = 'SELECT email FROM ' . qid('usertemp') . " WHERE email='{$email}'"; if (pdo_num_rows(pdo_query($sql)) > 0) { $reg = "{$email} is already registered. Check your email if you haven't received the link to activate yet."; return 0; } $passwd = pdo_real_escape_string($passwd); $fname = pdo_real_escape_string($fname); $lname = pdo_real_escape_string($lname); $institution = pdo_real_escape_string($institution); if ($CDASH_REGISTRATION_EMAIL_VERIFY) { $keychars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; $length = 40; $key = ''; $max = strlen($keychars) - 1; for ($i = 0; $i < $length; $i++) { // random_int is available in PHP 7 and the random_compat PHP 5.x // polyfill included in the Composer package.json dependencies. $key .= substr($keychars, random_int(0, $max), 1); } $date = date(FMT_DATETIME); $sql = 'INSERT INTO ' . qid('usertemp') . " (email,password,firstname,lastname,institution,registrationkey,registrationdate)\n VALUES ('{$email}','{$passwd}','{$fname}','{$lname}','{$institution}','{$key}','{$date}')"; } else { $user = new User(); $user->Email = $email; $user->Password = $passwd; $user->FirstName = $fname; $user->LastName = $lname; $user->Institution = $institution; $user->Save(); } if (pdo_query($sql)) { if ($CDASH_REGISTRATION_EMAIL_VERIFY) { $currentURI = get_server_URI(); // Send the email $emailtitle = 'Welcome to CDash!'; $emailbody = 'Hello ' . $fname . ",\n\n"; $emailbody .= "Welcome to CDash! In order to validate your registration please follow this link: \n"; $emailbody .= $currentURI . '/register.php?key=' . $key . "\n"; $serverName = $CDASH_SERVER_NAME; if (strlen($serverName) == 0) { $serverName = $_SERVER['SERVER_NAME']; } $emailbody .= "\n-CDash on " . $serverName . "\n"; if (cdashmail("{$email}", $emailtitle, $emailbody)) { add_log('email sent to: ' . $email, 'Registration'); } else { add_log('cannot send email to: ' . $email, 'Registration', LOG_ERR); } $reg = "A confirmation email has been sent. Check your email (including your spam folder) to confirm your registration!\n"; $reg .= 'You need to activate your account within 24 hours.'; return 0; } return 1; } else { $reg = pdo_error(); return 0; } } else { $reg = 'Please fill in all of the required fields'; return 0; } } return 0; }
function get_dashboard_JSON($projectname, $date, &$response) { include "cdash/config.php"; require_once "cdash/pdo.php"; $projectid = get_project_id($projectname); if ($projectid == -1) { return; } $db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}"); if (!$db) { echo "Error connecting to CDash database server<br>\n"; exit(0); } if (!pdo_select_db("{$CDASH_DB_NAME}", $db)) { echo "Error selecting CDash database<br>\n"; exit(0); } $project = pdo_query("SELECT * FROM project WHERE id='{$projectid}'"); if (pdo_num_rows($project) > 0) { $project_array = pdo_fetch_array($project); } else { $project_array = array(); $project_array["cvsurl"] = "unknown"; $project_array["bugtrackerurl"] = "unknown"; $project_array["documentationurl"] = "unknown"; $project_array["homeurl"] = "unknown"; $project_array["googletracker"] = "unknown"; $project_array["name"] = $projectname; $project_array["nightlytime"] = "00:00:00"; } list($previousdate, $currentstarttime, $nextdate) = get_dates($date, $project_array["nightlytime"]); $response['datetime'] = date("l, F d Y H:i:s", time()); $response['date'] = $date; $response['unixtimestamp'] = $currentstarttime; $response['startdate'] = date("l, F d Y H:i:s", $currentstarttime); $response['svn'] = make_cdash_url(htmlentities($project_array["cvsurl"])); $response['bugtracker'] = make_cdash_url(htmlentities($project_array["bugtrackerurl"])); $response['googletracker'] = htmlentities($project_array["googletracker"]); $response['documentation'] = make_cdash_url(htmlentities($project_array["documentationurl"])); $response['projectid'] = $projectid; $response['projectname'] = $project_array["name"]; $response['projectname_encoded'] = urlencode($project_array["name"]); $response['projectpublic'] = $project_array["public"]; $response['previousdate'] = $previousdate; $response['nextdate'] = $nextdate; $response['logoid'] = getLogoID($projectid); if (empty($project_array["homeurl"])) { $response['home'] = "index.php?project=" . urlencode($project_array["name"]); } else { $response['home'] = make_cdash_url(htmlentities($project_array["homeurl"])); } if ($CDASH_USE_LOCAL_DIRECTORY && file_exists("local/models/proProject.php")) { include_once "local/models/proProject.php"; $pro = new proProject(); $pro->ProjectId = $projectid; $response['proedition'] = $pro->GetEdition(1); } $userid = 0; if (isset($_SESSION['cdash'])) { $userid = $_SESSION['cdash']['loginid']; // Is the user super administrator $userquery = pdo_query("SELECT admin FROM " . qid('user') . " WHERE id='{$userid}'"); $user_array = pdo_fetch_array($userquery); $response['admin'] = $user_array[0]; // Is the user administrator of the project $userquery = pdo_query("SELECT role FROM user2project WHERE userid=" . qnum($userid) . " AND projectid=" . qnum($projectid)); $user_array = pdo_fetch_array($userquery); $response['projectrole'] = $user_array[0]; } $response['userid'] = $userid; }
// Create a new password $keychars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$%&'; $length = 10; $password = ''; $max = strlen($keychars) - 1; for ($i = 0; $i <= $length; $i++) { // random_int is available in PHP 7 and the random_compat PHP 5.x // polyfill included in the Composer package.json dependencies. $password .= substr($keychars, random_int(0, $max), 1); } $currentURI = get_server_URI(); $url = $currentURI . '/user.php'; $text = "Hello,\n\n You have asked to recover your password for CDash.\n\n"; $text .= 'Your new password is: ' . $password . "\n"; $text .= 'Please go to this page to login: '******'CDash password recovery', $text)) { $md5pass = md5($password); // If we can send the email we update the database pdo_query('UPDATE ' . qid('user') . " SET password='******' WHERE email='{$email}'"); add_last_sql_error('recoverPassword'); $xml .= '<message>A confirmation message has been sent to your inbox.</message>'; } else { $xml .= '<warning>Cannot send recovery email</warning>'; } } } $xml .= '</cdash>'; // Now doing the xslt transition generate_XSLT($xml, 'recoverPassword');
} } else { $xml .= add_XML_value('error', 'Please fill in all of the required fields'); } } } elseif (isset($_POST['makenormaluser'])) { if ($postuserid > 1) { $update_array = pdo_fetch_array(pdo_query('SELECT firstname,lastname FROM ' . qid('user') . " WHERE id='" . $postuserid . "'")); pdo_query('UPDATE ' . qid('user') . " SET admin=0 WHERE id='" . $postuserid . "'"); $xml .= '<warning>' . $update_array['firstname'] . ' ' . $update_array['lastname'] . ' is not administrator anymore.</warning>'; } else { $xml .= '<error>Administrator should remain admin.</error>'; } } elseif (isset($_POST['makeadmin'])) { $update_array = pdo_fetch_array(pdo_query('SELECT firstname,lastname FROM ' . qid('user') . " WHERE id='" . $postuserid . "'")); pdo_query('UPDATE ' . qid('user') . " SET admin=1 WHERE id='" . $postuserid . "'"); $xml .= '<warning>' . $update_array['firstname'] . ' ' . $update_array['lastname'] . ' is now an administrator.</warning>'; } elseif (isset($_POST['removeuser'])) { $user = new User(); $user->Id = $postuserid; $user->Fill(); $name = $user->GetName(); $user->Delete(); $xml .= "<warning>{$name} has been removed.</warning>"; } if (isset($_POST['search'])) { $xml .= '<search>' . $_POST['search'] . '</search>'; } if (isset($CDASH_FULL_EMAIL_WHEN_ADDING_USER) && $CDASH_FULL_EMAIL_WHEN_ADDING_USER == 1) { $xml .= add_XML_value('fullemail', '1'); }
/** Authentication function */ function auth($SessionCachePolicy = 'private_no_expire') { include "cdash/config.php"; $loginid = 1231564132; if (isset($CDASH_EXTERNAL_AUTH) && $CDASH_EXTERNAL_AUTH && isset($_SERVER['REMOTE_USER'])) { $login = $_SERVER['REMOTE_USER']; return authenticate($login, NULL, $SessionCachePolicy, 0); // we don't remember } if (@$_GET["logout"]) { // user requested logout session_name("CDash"); session_cache_limiter('nocache'); @session_start(); unset($_SESSION['cdash']); session_destroy(); // Remove the cookie if we have one $cookienames = array("CDash", str_replace('.', '_', "CDash-" . $_SERVER['SERVER_NAME'])); // php doesn't like dot in cookie names foreach ($cookienames as $cookiename) { if (isset($_COOKIE[$cookiename])) { $cookievalue = $_COOKIE[$cookiename]; $cookieuseridkey = substr($cookievalue, 0, strlen($cookievalue) - 33); $db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}"); pdo_select_db("{$CDASH_DB_NAME}", $db); pdo_query("UPDATE " . qid("user") . " SET cookiekey='' WHERE id=" . qnum($cookieuseridkey)); setcookie("CDash-" . $_SERVER['SERVER_NAME'], "", time() - 3600); } } echo "<script language=\"javascript\">window.location='index.php'</script>"; return 0; } if (isset($_POST["sent"])) { @($login = $_POST["login"]); if ($login != NULL) { $login = htmlspecialchars(pdo_real_escape_string($login)); } @($passwd = $_POST["passwd"]); if ($passwd != NULL) { $passwd = htmlspecialchars(pdo_real_escape_string($passwd)); } @($rememberme = $_POST["rememberme"]); if ($rememberme != NULL) { $rememberme = pdo_real_escape_numeric($rememberme); } return authenticate($login, $passwd, $SessionCachePolicy, $rememberme); } else { // arrive from session var $cookiename = str_replace('.', '_', "CDash-" . $_SERVER['SERVER_NAME']); // php doesn't like dot in cookie names if (isset($_COOKIE[$cookiename])) { $db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}"); pdo_select_db("{$CDASH_DB_NAME}", $db); $cookievalue = $_COOKIE[$cookiename]; $cookiekey = substr($cookievalue, strlen($cookievalue) - 33); $cookieuseridkey = substr($cookievalue, 0, strlen($cookievalue) - 33); $sql = "SELECT email,password,id FROM " . qid("user") . "\n WHERE cookiekey='" . pdo_real_escape_string($cookiekey) . "'"; if (!empty($cookieuseridkey)) { $sql .= " AND id='" . pdo_real_escape_string($cookieuseridkey) . "'"; } $result = pdo_query("{$sql}"); if (pdo_num_rows($result) == 1) { $user_array = pdo_fetch_array($result); session_name("CDash"); session_cache_limiter($SessionCachePolicy); session_set_cookie_params($CDASH_COOKIE_EXPIRATION_TIME); @ini_set('session.gc_maxlifetime', $CDASH_COOKIE_EXPIRATION_TIME + 600); session_start(); $sessionArray = array("login" => $user_array['email'], "passwd" => $user_array['password'], "ID" => session_id(), "valid" => 1, "loginid" => $user_array['id']); $_SESSION['cdash'] = $sessionArray; return true; } } session_name("CDash"); session_cache_limiter($SessionCachePolicy); session_set_cookie_params($CDASH_COOKIE_EXPIRATION_TIME); @ini_set('session.gc_maxlifetime', $CDASH_COOKIE_EXPIRATION_TIME + 600); session_start(); $email = @$_SESSION['cdash']["login"]; if (!empty($email)) { $db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}"); pdo_select_db("{$CDASH_DB_NAME}", $db); $sql = "SELECT id,password FROM " . qid("user") . " WHERE email='" . pdo_real_escape_string($email) . "'"; $result = pdo_query("{$sql}"); if (pdo_num_rows($result) == 0) { pdo_free_result($result); $loginerror = "Wrong email or password."; return false; } $user_array = pdo_fetch_array($result); if ($user_array["password"] == $_SESSION['cdash']["passwd"]) { return true; } $loginerror = "Wrong email or password."; return false; } } }
$query = substr($query, 0, $pos) . substr($query, $pos + 1); } $result = pdo_query($query); if (!$result) { $xml .= '<db_created>0</db_created>'; die(pdo_error()); } $query = ''; } } } // Check the version of PostgreSQL $result_version = pdo_query('SELECT version()'); $version_array = pdo_fetch_array($result_version); if (strpos(strtolower($version_array[0]), 'postgresql 9.') !== false) { // For PgSQL 9.0 we need to set the bytea_output to 'escape' (it was changed to hexa) @pdo_query('ALTER DATABASE ' . $CDASH_DB_NAME . " SET bytea_output TO 'escape'"); } } pdo_query('INSERT INTO ' . qid('user') . " (email,password,firstname,lastname,institution,admin) VALUES ('" . $admin_email . "', '" . md5($admin_password) . "', 'administrator', '','Kitware Inc.', 1)"); echo pdo_error(); $xml .= '<db_created>1</db_created>'; // Set the database version setVersion(); } } } } $xml .= '</cdash>'; // Now doing the xslt transition generate_XSLT($xml, 'install');
$response['menusubtitle'] = 'Build Groups'; @($projectid = $_GET["projectid"]); if ($projectid != NULL) { $projectid = pdo_real_escape_numeric($projectid); } // If the projectid is not set and there is only one project we go directly to the page if (!isset($projectid)) { $project = pdo_query("SELECT id FROM project"); if (pdo_num_rows($project) == 1) { $project_array = pdo_fetch_array($project); $projectid = $project_array["id"]; } } @($show = $_GET["show"]); $role = 0; $user_array = pdo_fetch_array(pdo_query("SELECT admin FROM " . qid("user") . " WHERE id='{$userid}'")); if ($projectid && is_numeric($projectid)) { $user2project = pdo_query("SELECT role FROM user2project\n WHERE userid='{$userid}' AND projectid='{$projectid}'"); if (pdo_num_rows($user2project) > 0) { $user2project_array = pdo_fetch_array($user2project); $role = $user2project_array["role"]; } } if ($user_array["admin"] != 1 && $role <= 1) { $response['error'] = "You don't have the permissions to access this page"; echo json_encode($response); return; } // List the available projects that this user has admin rights to. $sql = "SELECT id,name FROM project"; if ($user_array["admin"] != 1) {