public function loginCallback() { $attributes = phpCAS::getAttributes(); $this->updateLocalUserFromBackend($attributes); $usr_id = User::getUserIDByEmail($attributes['mail'], true); $user = User::getDetails($usr_id); Auth::createLoginCookie(APP_COOKIE, $user['usr_email'], true); }
/** * Checks whether the provided password match against the email * address provided. * * @param string $login The email address to check for * @param string $password The password of the user to check for * @return boolean */ public function verifyPassword($login, $password) { $usr_id = User::getUserIDByEmail($login, true); $user = User::getDetails($usr_id); if ($user['usr_password'] == Auth::hashPassword($password)) { self::resetFailedLogins($usr_id); return true; } else { self::incrementFailedLogins($usr_id); return false; } }
/** * Method used to set auth cookie in user's browser. * * @param int|string $user User Id or User email. * @param boolean $permanent Set to false to make session cookie (Expires when browser is closed) */ public static function setAuthCookie($user, $permanent = true) { if (!$user) { throw new LogicException('Need usr_id or email'); } if (is_numeric($user)) { $user_details = User::getDetails($user); $email = $user_details['usr_email']; } else { $email = $user; } $cookie = self::generateAuthCookie($email, $permanent); Auth::setCookie(APP_COOKIE, $cookie, $permanent ? APP_COOKIE_EXPIRE : null); $_COOKIE[APP_COOKIE] = $cookie; }
/** * Checks whether the provided password match against the email * address provided. * * @param string $login The email address to check for * @param string $password The password of the user to check for * @return boolean */ public function verifyPassword($login, $password) { $usr_id = User::getUserIDByEmail($login, true); $user = User::getDetails($usr_id); $hash = $user['usr_password']; if (!AuthPassword::verify($password, $hash)) { self::incrementFailedLogins($usr_id); return false; } self::resetFailedLogins($usr_id); // check if hash needs rehashing, // old md5 or more secure default if (AuthPassword::needs_rehash($hash)) { self::updatePassword($usr_id, $password); } return true; }
/** * Collects details of a user from the database system * Returns a Null array if user doesn't exist; */ public function checkUserDetails($username, $password) { // Set the state and tell plugins. $this->setState('CHECKING_USER_DETAILS'); $this->notifyObservers(); //Include the User Library include "lib/User.php"; //Setup user class $user = new User(); //Encrypt the password $password = $user->encryptPass($password); $data = $user->getDetails($username); //If the user doesn't exist return false, incorrect details if (empty($data)) { //Return false return false; } else { if ($password == $data[1]) { //The details are correct return true; } } }
// +----------------------------------------------------------------------+ // | Authors: João Prado Maia <*****@*****.**> | // +----------------------------------------------------------------------+ // // @(#) $Id: s.forgot_password.php 1.8 03/12/12 19:09:43-00:00 jpradomaia $ // include_once "config.inc.php"; include_once APP_INC_PATH . "class.template.php"; include_once APP_INC_PATH . "class.user.php"; include_once APP_INC_PATH . "class.mail.php"; include_once APP_INC_PATH . "db_access.php"; $tpl = new Template_API(); $tpl->setTemplate("forgot_password.tpl.html"); if (@$HTTP_POST_VARS["cat"] == "reset_password") { if (empty($HTTP_POST_VARS["email"])) { $tpl->assign("result", 4); } $usr_id = User::getUserIDByEmail($HTTP_POST_VARS["email"]); if (empty($usr_id)) { $tpl->assign("result", 5); } else { $info = User::getDetails($usr_id); if (!User::isActiveStatus($info["usr_status"])) { $tpl->assign("result", 3); } else { User::sendPasswordConfirmationEmail($usr_id); $tpl->assign("result", 1); } } } $tpl->displayTemplate();
$tpl->displayTemplate(); exit; } if (@$_POST['cat'] == 'new') { $res = User::insertFromPost(); Misc::mapMessages($res, array(1 => array(ev_gettext('Thank you, the user was added successfully.'), Misc::MSG_INFO), -1 => array(ev_gettext('An error occurred while trying to add the new user.'), Misc::MSG_ERROR))); } elseif (@$_POST['cat'] == 'update') { $res = User::updateFromPost(); Misc::mapMessages($res, array(1 => array(ev_gettext('Thank you, the user was updated successfully.'), Misc::MSG_INFO), -1 => array(ev_gettext('An error occurred while trying to update the user information.'), Misc::MSG_ERROR))); } elseif (@$_POST['cat'] == 'change_status') { User::changeStatus($_POST['items'], $_POST['status']); } $project_roles = array(); $project_list = Project::getAll(); if (@$_GET['cat'] == 'edit') { $info = User::getDetails($_GET['id']); $tpl->assign('info', $info); } foreach ($project_list as $prj_id => $prj_title) { $excluded_roles = array('Customer'); if (@$info['roles'][$prj_id]['pru_role'] == User::getRoleID('Customer')) { if (count($excluded_roles) == 1) { $excluded_roles = false; } else { $excluded_roles = array('administrator'); } if (@$info['roles'][$prj_id]['pru_role'] == User::getRoleID('administrator')) { $excluded_roles = false; } } $project_roles[$prj_id] = $user_roles = array(0 => 'No Access') + User::getRoles($excluded_roles);
/** * Creates a fake cookie so processes not run from a browser can access current user and project * * @param integer $usr_id The ID of the user. * @param bool|int $prj_id The ID of the project. */ public static function createFakeCookie($usr_id, $prj_id = false) { $user_details = User::getDetails($usr_id); $time = time(); $cookie = array('email' => $user_details['usr_email'], 'login_time' => $time, 'hash' => md5(self::privateKey() . $time . $user_details['usr_email'])); $_COOKIE[APP_COOKIE] = base64_encode(serialize($cookie)); if ($prj_id) { $cookie = array('prj_id' => $prj_id, 'remember' => false); } $_COOKIE[APP_PROJECT_COOKIE] = base64_encode(serialize($cookie)); }
/** * Method used to get the list of issues to be displayed in the grid layout. * * @param array $options The search parameters * @return string The where clause */ public static function buildWhereClause($options) { $usr_id = Auth::getUserID(); $prj_id = Auth::getCurrentProject(); $role_id = User::getRoleByUser($usr_id, $prj_id); $usr_details = User::getDetails($usr_id); $stmt = ' AND iss_usr_id = usr_id'; if ($role_id == User::getRoleID('Customer')) { $crm = CRM::getInstance($prj_id); $contact = $crm->getContact($usr_details['usr_customer_contact_id']); $stmt .= " AND iss_customer_contract_id IN('" . implode("','", $contact->getContractIDS()) . "')"; $stmt .= " AND iss_customer_id ='" . Auth::getCurrentCustomerID() . "'"; } elseif ($role_id == User::getRoleID('Reporter') && Project::getSegregateReporters($prj_id)) { $stmt .= " AND (\n iss_usr_id = {$usr_id} OR\n iur_usr_id = {$usr_id}\n )"; } if (!empty($usr_details['usr_par_code'])) { // restrict partners $stmt .= " AND ipa_par_code = '" . Misc::escapeString($usr_details['usr_par_code']) . "'"; } if (!empty($options['users'])) { $stmt .= " AND (\n"; if (stristr($options['users'], 'grp') !== false) { $chunks = explode(':', $options['users']); $stmt .= 'iss_grp_id = ' . Misc::escapeInteger($chunks[1]); } else { if ($options['users'] == '-1') { $stmt .= 'isu_usr_id IS NULL'; } elseif ($options['users'] == '-2') { $stmt .= 'isu_usr_id IS NULL OR isu_usr_id=' . $usr_id; } elseif ($options['users'] == '-3') { $stmt .= 'isu_usr_id = ' . $usr_id . ' OR iss_grp_id = ' . User::getGroupID($usr_id); } elseif ($options['users'] == '-4') { $stmt .= 'isu_usr_id IS NULL OR isu_usr_id = ' . $usr_id . ' OR iss_grp_id = ' . User::getGroupID($usr_id); } else { $stmt .= 'isu_usr_id =' . Misc::escapeInteger($options['users']); } } $stmt .= ')'; } if (!empty($options['reporter'])) { $stmt .= ' AND iss_usr_id = ' . Misc::escapeInteger($options['reporter']); } if (!empty($options['show_authorized_issues'])) { $stmt .= " AND (iur_usr_id={$usr_id})"; } if (!empty($options['show_notification_list_issues'])) { $stmt .= " AND (sub_usr_id={$usr_id})"; } if (!empty($options['keywords'])) { $stmt .= " AND (\n"; if ($options['search_type'] == 'all_text' && APP_ENABLE_FULLTEXT) { $stmt .= 'iss_id IN(' . implode(', ', self::getFullTextIssues($options)) . ')'; } elseif ($options['search_type'] == 'customer' && CRM::hasCustomerIntegration($prj_id)) { // check if the user is trying to search by customer name / email $crm = CRM::getInstance($prj_id); $customer_ids = $crm->getCustomerIDsByString($options['keywords'], true); if (count($customer_ids) > 0) { $stmt .= ' iss_customer_id IN (' . implode(', ', $customer_ids) . ')'; } else { // no results, kill query $stmt .= ' iss_customer_id = -1'; } } else { $stmt .= '(' . Misc::prepareBooleanSearch('iss_summary', $options['keywords']); $stmt .= ' OR ' . Misc::prepareBooleanSearch('iss_description', $options['keywords']) . ')'; } $stmt .= "\n) "; } if (!empty($options['customer_id'])) { $stmt .= " AND iss_customer_id='" . Misc::escapeString($options['customer_id']) . "'"; } if (!empty($options['priority'])) { $stmt .= ' AND iss_pri_id=' . Misc::escapeInteger($options['priority']); } if (!empty($options['status'])) { $stmt .= ' AND iss_sta_id=' . Misc::escapeInteger($options['status']); } if (!empty($options['category'])) { if (!is_array($options['category'])) { $options['category'] = array($options['category']); } $stmt .= ' AND iss_prc_id IN(' . implode(', ', Misc::escapeInteger($options['category'])) . ')'; } if (!empty($options['hide_closed'])) { $stmt .= ' AND sta_is_closed=0'; } if (!empty($options['release'])) { $stmt .= ' AND iss_pre_id = ' . Misc::escapeInteger($options['release']); } if (!empty($options['product'])) { $stmt .= ' AND ipv_pro_id = ' . Misc::escapeInteger($options['product']); } // now for the date fields $date_fields = array('created_date', 'updated_date', 'last_response_date', 'first_response_date', 'closed_date'); foreach ($date_fields as $field_name) { if (!empty($options[$field_name])) { switch ($options[$field_name]['filter_type']) { case 'greater': $stmt .= " AND iss_{$field_name} >= '" . Misc::escapeString($options[$field_name]['start']) . "'"; break; case 'less': $stmt .= " AND iss_{$field_name} <= '" . Misc::escapeString($options[$field_name]['start']) . "'"; break; case 'between': $stmt .= " AND iss_{$field_name} BETWEEN '" . Misc::escapeString($options[$field_name]['start']) . "' AND '" . Misc::escapeString($options[$field_name]['end']) . "'"; break; case 'null': $stmt .= " AND iss_{$field_name} IS NULL"; break; case 'in_past': if (strlen($options[$field_name]['time_period']) == 0) { $options[$field_name]['time_period'] = 0; } $stmt .= " AND (UNIX_TIMESTAMP('" . Date_Helper::getCurrentDateGMT() . "') - UNIX_TIMESTAMP(iss_{$field_name})) <= (" . Misc::escapeInteger($options[$field_name]['time_period']) . '*3600)'; break; } } } // custom fields if (is_array($options['custom_field']) && count($options['custom_field']) > 0) { foreach ($options['custom_field'] as $fld_id => $search_value) { if (empty($search_value)) { continue; } $field = Custom_Field::getDetails($fld_id); $fld_db_name = Custom_Field::getDBValueFieldNameByType($field['fld_type']); if ($field['fld_type'] == 'date' && (empty($search_value['Year']) || empty($search_value['Month']) || empty($search_value['Day']))) { continue; } if ($field['fld_type'] == 'integer' && empty($search_value['value'])) { continue; } if ($field['fld_type'] == 'multiple') { $search_value = Misc::escapeString($search_value); foreach ($search_value as $cfo_id) { $cfo_id = Misc::escapeString($cfo_id); $stmt .= " AND\n cf" . $fld_id . '_' . $cfo_id . '.icf_iss_id = iss_id'; $stmt .= " AND\n cf" . $fld_id . '_' . $cfo_id . ".icf_fld_id = {$fld_id}"; $stmt .= " AND\n cf" . $fld_id . '_' . $cfo_id . '.' . $fld_db_name . " = '{$cfo_id}'"; } } elseif ($field['fld_type'] == 'date') { if (empty($search_value['Year']) || empty($search_value['Month']) || empty($search_value['Day'])) { continue; } $search_value = $search_value['Year'] . '-' . $search_value['Month'] . '-' . $search_value['Day']; $stmt .= " AND\n (iss_id = cf" . $fld_id . '.icf_iss_id AND cf' . $fld_id . '.' . $fld_db_name . " = '" . Misc::escapeString($search_value) . "')"; } elseif ($field['fld_type'] == 'integer') { $value = $search_value['value']; switch ($search_value['filter_type']) { case 'ge': $cmp = '>='; break; case 'le': $cmp = '<='; break; case 'gt': $cmp = '>'; break; case 'lt': $cmp = '<'; break; default: $cmp = '='; break; } $stmt .= " AND\n (iss_id = cf" . $fld_id . '.icf_iss_id'; $stmt .= " AND\n cf" . $fld_id . ".icf_fld_id = {$fld_id}"; $stmt .= ' AND cf' . $fld_id . '.' . $fld_db_name . $cmp . Misc::escapeString($value) . ')'; } else { $stmt .= " AND\n (iss_id = cf" . $fld_id . '.icf_iss_id'; $stmt .= " AND\n cf" . $fld_id . ".icf_fld_id = {$fld_id}"; if ($field['fld_type'] == 'combo') { $stmt .= ' AND cf' . $fld_id . '.' . $fld_db_name . " IN('" . implode("', '", Misc::escapeString($search_value)) . "')"; } else { $stmt .= ' AND cf' . $fld_id . '.' . $fld_db_name . " LIKE '%" . Misc::escapeString($search_value) . "%'"; } $stmt .= ')'; } } } // clear cached full-text values if we are not searching fulltext anymore if (APP_ENABLE_FULLTEXT && @$options['search_type'] != 'all_text') { Session::set('fulltext_string', ''); Session::set('fulltext_issues', ''); } return $stmt; }
/** * Method used to send a confirmation email to the user that is associated * to the email address. * * @access public * @param string $usr_id The user ID * @return void */ function sendPasswordConfirmationEmail($usr_id) { $info = User::getDetails($usr_id); // send confirmation email to user $hash = md5($info["usr_full_name"] . md5($info["usr_email"]) . $GLOBALS["private_key"]); $msg = "Hello,\n\n"; $msg .= "We just received a request to create a new random password for your account in our issue tracking system. "; $msg .= "For security reasons we need you to confirm this request so we can finish the password creation process.\n\n"; $msg .= "If this is not a real request from you, or if you don't need a new password anymore, "; $msg .= "please disregard this email.\n\n"; $msg .= "However, if you would like to confirm this request, please do so by visiting the URL below:\n\n"; $msg .= APP_BASE_URL . "confirm.php?cat=password&email=" . $info["usr_email"] . "&hash=" . $hash . "\n\n"; $setup = Setup::load(); $mail = new Mail_API(); // need to make this message MIME based $mail->setTextBody($msg); $mail->send($setup["smtp"]["from"], $info["usr_email"], APP_SHORT_NAME . ": New Password - Confirmation Required"); }
Misc::setMessage(ev_gettext('Note: Project automatically switched to "%1$s" from "%2$s".', Auth::getCurrentProjectName(), Project::getName($iss_prj_id))); } $tpl->assign('issue', $details); $tpl->assign('extra_title', ev_gettext('Update Issue #%1$s', $issue_id)); // in the case of a customer user, also need to check if that customer has access to this issue if ($role_id == User::getRoleID('customer') && (empty($details) || User::getCustomerID($usr_id) != $details['iss_customer_id']) || !Issue::canAccess($issue_id, $usr_id) || !($role_id > User::getRoleID('Reporter')) || !Issue::canUpdate($issue_id, $usr_id)) { $tpl->setTemplate('base_full.tpl.html'); Misc::setMessage(ev_gettext('Sorry, you do not have the required privileges to update this issue.'), Misc::MSG_ERROR); $tpl->displayTemplate(); exit; } if (Issue_Lock::acquire($issue_id, $usr_id)) { $issue_lock = false; } else { $issue_lock = Issue_Lock::getInfo($issue_id); $issue_lock['locker'] = User::getDetails($issue_lock['usr_id']); $issue_lock['expires_formatted_time'] = Date_Helper::getFormattedDate($issue_lock['expires']); } $tpl->assign('issue_lock', $issue_lock); $new_prj_id = Issue::getProjectID($issue_id); $cancel_update = isset($_POST['cancel']); if ($cancel_update) { // be sure not to unlock somebody else's lock if (!$issue_lock) { Issue_Lock::release($issue_id); Misc::setMessage(ev_gettext('Cancelled Issue #%1$s update.', $issue_id), Misc::MSG_INFO); } Auth::redirect(APP_RELATIVE_URL . 'view.php?id=' . $issue_id); exit; } elseif (@$_POST['cat'] == 'update') { if ($issue_lock) {
// special handling when someone tries to 'reply' to an issue if ($cat == 'reply') { $details = Issue::getReplyDetails($_GET['issue_id']); if ($details != '') { $header = Misc::formatReplyPreamble($details['created_date_ts'], $details['reporter']); $details['seb_body'] = $header . Misc::formatReply($details['description']); $details['sup_from'] = Mail_Helper::getFormattedName($details['reporter'], $details['reporter_email']); $tpl->assign(array('email' => $details, 'parent_email_id' => 0, 'extra_title' => 'Issue #' . $_GET['issue_id'] . ': Reply')); } } if (!empty($issue_id)) { // list the available statuses $tpl->assign('statuses', Status::getAssocStatusList($prj_id, false)); $tpl->assign('current_issue_status', Issue::getStatusID($issue_id)); // set if the current user is allowed to send emails on this issue or not $sender_details = User::getDetails($usr_id); $tpl->assign('can_send_email', Support::isAllowedToEmail($issue_id, $sender_details['usr_email'])); $tpl->assign('subscribers', Notification::getSubscribers($issue_id, 'emails')); } if (!empty($_GET['ema_id']) || !empty($_POST['ema_id'])) { $ema_id = isset($_GET['ema_id']) ? (int) $_GET['ema_id'] : (isset($_POST['ema_id']) ? (int) $_POST['ema_id'] : null); $tpl->assign('ema_id', $ema_id); } $user_prefs = Prefs::get($usr_id); // list of users to display in the lookup field in the To: and Cc: fields $t = Project::getAddressBook($prj_id, $issue_id); $tpl->assign(array('from' => User::getFromHeader($usr_id), 'assoc_users' => $t, 'assoc_emails' => array_keys($t), 'canned_responses' => Email_Response::getAssocList($prj_id), 'js_canned_responses' => Email_Response::getAssocListBodies($prj_id), 'current_user_prefs' => $user_prefs, 'issue_access' => Access::getIssueAccessArray($issue_id, $usr_id), 'max_attachment_size' => Attachment::getMaxAttachmentSize(), 'max_attachment_bytes' => Attachment::getMaxAttachmentSize(true))); // don't add signature if it already exists. Note: This won't handle multiple user duplicate sigs. if (@(!empty($draft['emd_body'])) && $user_prefs['auto_append_email_sig'] == 1 && strpos($draft['emd_body'], $user_prefs['email_signature']) !== false) { $tpl->assign('body_has_sig_already', 1); }
/** * Collects User details through available library */ public function getUserDetails() { $this->setState('GETTING_USER_DETAIL'); //Get the username request $username = $this->getActiveRequest(); //Include the User Library include_once "core/lib/User.php"; //Setup user class $u = new User(); //Get the user data $data = $u->getDetails($username); //Convert Data into View required strings [showEditForm($user, $fullname, $email, $level1, $level2)] $form = array(); //Set Name $form[0] = $username; //Set Full Name $form[1] = $data[0]; //Set Email $form[2] = $data[3]; //Set Option 1 (Allows for case of external change eg. more than just administrator and editor - possibly a hacked 'contributor' mode.) $form[3] = $data[2]; //If Administrator if ($data[2] == "administrator") { //Show Administrator as first option $form[4] = "editor"; } else { //Show Administrator as first option $form[4] = "administrator"; } //Return form data return $form; }
/** * Method used to send the account details of an user. * * @access public * @param integer $usr_id The user ID * @return void */ function notifyAccountDetails($usr_id) { $info = User::getDetails($usr_id); $info["projects"] = Project::getAssocList($usr_id, true, true); // open text template $tpl = new Template_API(); $tpl->setTemplate('notifications/account_details.tpl.text'); $tpl->bulkAssign(array("app_title" => Misc::getToolCaption(), "user" => $info)); $text_message = $tpl->getTemplateContents(); // send email (use PEAR's classes) $mail = new Mail_API(); $mail->setTextBody($text_message); $setup = $mail->getSMTPSettings(); $mail->send($setup["from"], $mail->getFormattedName($info["usr_full_name"], $info["usr_email"]), APP_SHORT_NAME . ": Your User Account Details"); }
/** * Method used to send the account details of an user. * * @param integer $usr_id The user ID * @return void */ public function notifyAccountDetails($usr_id) { $info = User::getDetails($usr_id); $info['projects'] = Project::getAssocList($usr_id, true, true); // open text template $tpl = new Template_Helper(); $tpl->setTemplate('notifications/account_details.tpl.text'); $tpl->assign(array('app_title' => Misc::getToolCaption(), 'user' => $info)); Language::set(User::getLang($usr_id)); $text_message = $tpl->getTemplateContents(); // send email (use PEAR's classes) $mail = new Mail_Helper(); $mail->setTextBody($text_message); $setup = $mail->getSMTPSettings(); $to = $mail->getFormattedName($info['usr_full_name'], $info['usr_email']); // TRANSLATORS: %s = APP_SHORT_NAME $subject = ev_gettext('%s: Your User Account Details', APP_SHORT_NAME); $mail->send($setup['from'], $to, $subject); Language::restore(); }
/** * Method to determine if user can access a particular issue * * @param integer $issue_id The ID of the issue. * @param integer $usr_id The ID of the user * @return boolean If the user can access the issue */ public static function canAccessIssue($issue_id, $usr_id) { static $access; if (empty($issue_id)) { return false; } if (isset($access[$issue_id . '-' . $usr_id])) { return $access[$issue_id . '-' . $usr_id]; } $details = Issue::getDetails($issue_id); if (empty($details)) { return true; } $usr_details = User::getDetails($usr_id); $usr_role = User::getRoleByUser($usr_id, $details['iss_prj_id']); $prj_id = $details['iss_prj_id']; $can_access_contract = false; if (CRM::hasCustomerIntegration($prj_id)) { $crm = CRM::getInstance($prj_id); try { if (!empty($usr_details['usr_customer_contact_id']) && !empty($details['iss_customer_contract_id'])) { $contact = $crm->getContact($usr_details['usr_customer_contact_id']); $can_access_contract = $contact->canAccessContract($crm->getContract($details['iss_customer_contract_id'])); } } catch (CRMException $e) { // TODOCRM: Log exception? } } if (empty($usr_role)) { // check if they are even allowed to access the project $return = false; } elseif (CRM::hasCustomerIntegration($details['iss_prj_id']) && $usr_role == User::getRoleID('Customer') && $can_access_contract === false) { // check customer permissions $return = false; } elseif (!empty($usr_details['usr_par_code']) && !Partner::isPartnerEnabledForIssue($usr_details['usr_par_code'], $issue_id)) { // check if the user is a partner $return = false; } elseif ($details['iss_private'] == 1) { // check if the issue is even private // check role, reporter, assignment and group if ($usr_role > User::getRoleID('Developer')) { $return = true; } elseif ($details['iss_usr_id'] == $usr_id) { $return = true; } elseif (Issue::isAssignedToUser($issue_id, $usr_id)) { $return = true; } elseif (!empty($details['iss_grp_id']) && !empty($usr_details['usr_grp_id']) && $details['iss_grp_id'] == $usr_details['usr_grp_id']) { $return = true; } elseif (Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id)) { $return = true; } else { $return = false; } } elseif (Auth::getCurrentRole() == User::getRoleID('Reporter') && Project::getSegregateReporters($prj_id) && $details['iss_usr_id'] != $usr_id && !Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id)) { return false; } else { $return = true; } $access[$issue_id . '-' . $usr_id] = $return; return $return; }
/** * Method to determine if user can access a particular issue * * @access public * @param integer $issue_id The ID of the issue. * @param integer $usr_id The ID of the user * @return boolean If the user can access the issue */ function canAccess($issue_id, $usr_id) { static $access; if (empty($issue_id)) { return true; } if (isset($access[$issue_id . "-" . $usr_id])) { return $access[$issue_id . "-" . $usr_id]; } $details = Issue::getDetails($issue_id); if (empty($details)) { return true; } $usr_details = User::getDetails($usr_id); $usr_role = User::getRoleByUser($usr_id, $details['iss_prj_id']); $prj_id = Issue::getProjectID($issue_id); // check customer permissions if (Customer::hasCustomerIntegration($details['iss_prj_id']) && $usr_role == User::getRoleID("Customer") && $details['iss_customer_id'] != $usr_details['usr_customer_id']) { $return = false; } elseif ($details['iss_private'] == 1) { // check if the issue is even private // check role, reporter, assigment and group if (User::getRoleByUser($usr_id, $details['iss_prj_id']) > User::getRoleID("Developer")) { $return = true; } elseif ($details['iss_usr_id'] == $usr_id) { $return = true; } elseif (Issue::isAssignedToUser($issue_id, $usr_id)) { $return = true; } elseif (!empty($details['iss_grp_id']) && !empty($usr_details['usr_grp_id']) && $details['iss_grp_id'] == $usr_details['usr_grp_id']) { $return = true; } elseif (Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id)) { $return = true; } else { $return = false; } } elseif (Auth::getCurrentRole() <= User::getRoleID("Standard User") && Project::getSegregateReporters($prj_id) && $details['iss_usr_id'] != $usr_id && !Issue::isAssignedToUser($issue_id, $usr_id) && !Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id)) { return false; } else { $return = true; } $access[$issue_id . "-" . $usr_id] = $return; return $return; }
/** * Processes the template and assign common variables automatically. * @return $this */ private function processTemplate() { $core = array('rel_url' => APP_RELATIVE_URL, 'base_url' => APP_BASE_URL, 'app_title' => APP_NAME, 'app_version' => APP_VERSION, 'app_setup' => Setup::load(), 'messages' => Misc::getMessages(), 'roles' => User::getAssocRoleIDs(), 'auth_backend' => APP_AUTH_BACKEND, 'current_url' => $_SERVER['PHP_SELF']); // If VCS version is present "Eventum 2.3.3-148-g78b3368", link ref to github $vcsVersion = self::getVcsVersion(); if ($vcsVersion) { $link = "https://github.com/eventum/eventum/commit/{$vcsVersion}"; $core['application_version_link'] = $link; // append VCS version if not yet there if (!preg_match('/-g[0-9a-f]+$/', APP_VERSION)) { $core['app_version'] = "v{$core['app_version']}-g{$vcsVersion}"; } } $usr_id = Auth::getUserID(); if ($usr_id) { $core['user'] = User::getDetails($usr_id); $prj_id = Auth::getCurrentProject(); $setup = Setup::load(); if (!empty($prj_id)) { $role_id = User::getRoleByUser($usr_id, $prj_id); $has_crm = CRM::hasCustomerIntegration($prj_id); $core = $core + array('project_id' => $prj_id, 'project_name' => Auth::getCurrentProjectName(), 'has_crm' => $has_crm, 'current_role' => $role_id, 'current_role_name' => User::getRole($role_id), 'feature_access' => Access::getFeatureAccessArray($usr_id)); if ($has_crm) { $crm = CRM::getInstance($prj_id); $core['crm_template_path'] = $crm->getTemplatePath(); if ($role_id == User::getRoleID('Customer')) { try { $contact = $crm->getContact($core['user']['usr_customer_contact_id']); $core['allowed_customers'] = $contact->getCustomers(); $core['current_customer'] = $crm->getCustomer(Auth::getCurrentCustomerID(false)); } catch (CRMException $e) { } } } } $info = User::getDetails($usr_id); $raw_projects = Project::getAssocList(Auth::getUserID(), false, true); $active_projects = array(); foreach ($raw_projects as $prj_id => $prj_info) { if ($prj_info['status'] == 'archived') { $prj_info['prj_title'] .= ' ' . ev_gettext('(archived)'); } $active_projects[$prj_id] = $prj_info['prj_title']; } $core = $core + array('active_projects' => $active_projects, 'current_full_name' => $info['usr_full_name'], 'current_email' => $info['usr_email'], 'current_user_id' => $usr_id, 'current_user_datetime' => Date_Helper::getISO8601date('now', '', true), 'is_current_user_clocked_in' => User::isCLockedIn($usr_id), 'is_anon_user' => Auth::isAnonUser(), 'is_current_user_partner' => !empty($info['usr_par_code']), 'roles' => User::getAssocRoleIDs(), 'current_user_prefs' => Prefs::get(Auth::getUserID())); $this->assign('current_full_name', $core['user']['usr_full_name']); $this->assign('current_email', $core['user']['usr_email']); $this->assign('current_user_id', $usr_id); $this->assign('handle_clock_in', $setup['handle_clock_in'] == 'enabled'); $this->assign('is_current_user_clocked_in', User::isClockedIn($usr_id)); $this->assign('roles', User::getAssocRoleIDs()); } $this->assign('core', $core); return $this; }
/** * Returns the data used by the weekly report. * * @access public * @param string $usr_id The ID of the user this report is for. * @param string The start date of this report. * @param string The end date of this report. * @param boolean If closed issues should be separated from other issues. * @return array An array of data containing all the elements of the weekly report. */ function getWeeklyReport($usr_id, $start, $end, $separate_closed = false) { $usr_id = Misc::escapeInteger($usr_id); // figure out timezone $user_prefs = Prefs::get($usr_id); $tz = @$user_prefs["timezone"]; $start_dt = new Date(); $end_dt = new Date(); // set timezone to that of user. $start_dt->setTZById($tz); $end_dt->setTZById($tz); // set the dates in the users time zone $start_dt->setDate($start . " 00:00:00"); $end_dt->setDate($end . " 23:59:59"); // convert time to GMT $start_dt->toUTC(); $end_dt->toUTC(); $start_ts = $start_dt->getDate(); $end_ts = $end_dt->getDate(); $time_tracking = Time_Tracking::getSummaryByUser($usr_id, $start_ts, $end_ts); // replace spaces in index with _ and calculate total time $total_time = 0; foreach ($time_tracking as $category => $data) { unset($time_tracking[$category]); $time_tracking[str_replace(" ", "_", $category)] = $data; $total_time += $data["total_time"]; } // get count of issues assigned in week of report. $stmt = "SELECT\n COUNT(*)\n FROM\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "issue,\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "issue_user,\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "status\n WHERE\n iss_id = isu_iss_id AND\n iss_sta_id = sta_id AND\n isu_usr_id = {$usr_id} AND\n isu_assigned_date BETWEEN '{$start_ts}' AND '{$end_ts}'"; $newly_assigned = $GLOBALS["db_api"]->dbh->getOne($stmt); if (PEAR::isError($newly_assigned)) { Error_Handler::logError(array($newly_assigned->getMessage(), $newly_assigned->getDebugInfo()), __FILE__, __LINE__); } $email_count = array("associated" => Support::getSentEmailCountByUser($usr_id, $start_ts, $end_ts, true), "other" => Support::getSentEmailCountByUser($usr_id, $start_ts, $end_ts, false)); $data = array("start" => str_replace('-', '.', $start), "end" => str_replace('-', '.', $end), "user" => User::getDetails($usr_id), "group_name" => Group::getName(User::getGroupID($usr_id)), "issues" => History::getTouchedIssuesByUser($usr_id, $start_ts, $end_ts, $separate_closed), "status_counts" => History::getTouchedIssueCountByStatus($usr_id, $start_ts, $end_ts), "new_assigned_count" => $newly_assigned, "time_tracking" => $time_tracking, "email_count" => $email_count, "phone_count" => Phone_Support::getCountByUser($usr_id, $start_ts, $end_ts), "note_count" => Note::getCountByUser($usr_id, $start_ts, $end_ts), "total_time" => Misc::getFormattedTime($total_time, false)); return $data; }
public static function getExternalID($usr_id) { $details = User::getDetails($usr_id); return $details['usr_external_id']; }
public function verifyPassword($login, $password) { // check if this is an ldap or internal $usr_id = self::getUserIDByLogin($login); $local_user_info = User::getDetails($usr_id); if (empty($local_user_info['usr_external_id'])) { return Auth::getFallBackAuthBackend()->verifyPassword($login, $password); } $user_info = $this->validatePassword($local_user_info['usr_external_id'], $password); return $user_info != null; }
/** * Method used to get the previous and next issues that are available * according to the current search parameters. * * @param integer $issue_id The issue ID * @param array $options The search parameters * @return array The list of issues */ public static function getSides($issue_id, $options) { $usr_id = Auth::getUserID(); $role_id = Auth::getCurrentRole(); $usr_details = User::getDetails($usr_id); $stmt = 'SELECT iss_id, ' . self::getLastActionFields() . ' FROM ( {{%issue}}, {{%user}}'; // join custom fields if we are searching by custom fields if (is_array($options['custom_field']) && count($options['custom_field']) > 0) { foreach ($options['custom_field'] as $fld_id => $search_value) { if (empty($search_value)) { continue; } $field = Custom_Field::getDetails($fld_id); if ($field['fld_type'] == 'date' && (empty($search_value['Year']) || empty($search_value['Month']) || empty($search_value['Day']))) { continue; } if ($field['fld_type'] == 'integer' && empty($search_value['value'])) { continue; } if ($field['fld_type'] == 'multiple') { $search_value = Misc::escapeString($search_value); foreach ($search_value as $cfo_id) { $stmt .= ",\n {{%issue_custom_field}} as cf" . $fld_id . '_' . $cfo_id . "\n"; } } else { $stmt .= ",\n {{%issue_custom_field}} as cf" . $fld_id . "\n"; } } } $stmt .= ')'; // check for the custom fields we want to sort by if (strstr($options['sort_by'], 'custom_field') !== false) { $fld_id = str_replace('custom_field_', '', $options['sort_by']); $stmt .= "\n LEFT JOIN {{%issue_custom_field}} as cf_sort\n ON\n (cf_sort.icf_iss_id = iss_id AND cf_sort.icf_fld_id = {$fld_id}) \n"; } if (!empty($options['users']) || @$options['sort_by'] == 'isu_usr_id') { $stmt .= ' LEFT JOIN {{%issue_user}} ON isu_iss_id=iss_id'; } if (!empty($options['show_authorized_issues']) || $role_id == User::ROLE_REPORTER && Project::getSegregateReporters(Auth::getCurrentProject())) { $stmt .= ' LEFT JOIN {{%issue_user_replier}} ON iur_iss_id=iss_id'; } if (!empty($options['show_notification_list_issues'])) { $stmt .= ' LEFT JOIN {{%subscription}} ON sub_iss_id=iss_id'; } if (!empty($options['product'])) { $stmt .= ' LEFT JOIN {{%issue_product_version}} ON ipv_iss_id=iss_id'; } if (@$options['sort_by'] == 'pre_scheduled_date') { $stmt .= ' LEFT JOIN {{%project_release}} ON iss_pre_id = pre_id'; } if (@$options['sort_by'] == 'prc_title') { $stmt .= ' LEFT JOIN {{%project_category}} ON iss_prc_id = prc_id'; } if (!empty($usr_details['usr_par_code'])) { // restrict partners $stmt .= ' LEFT JOIN {{%issue_partner}} ON ipa_iss_id=iss_id'; } $stmt .= ' LEFT JOIN {{%status}} ON iss_sta_id=sta_id LEFT JOIN {{%project_priority}} ON iss_pri_id=pri_id LEFT JOIN {{%project_severity}} ON iss_sev_id=sev_id WHERE iss_prj_id=' . Auth::getCurrentProject(); $stmt .= Search::buildWhereClause($options); if (strstr($options['sort_by'], 'custom_field') !== false) { $fld_details = Custom_Field::getDetails($fld_id); $sort_by = 'cf_sort.' . Custom_Field::getDBValueFieldNameByType($fld_details['fld_type']); } else { $sort_by = Misc::escapeString($options['sort_by']); } $stmt .= ' GROUP BY iss_id ORDER BY ' . $sort_by . ' ' . Misc::escapeString($options['sort_order']) . ', iss_id DESC'; try { $res = DB_Helper::getInstance()->getColumn($stmt); } catch (DbException $e) { return ''; } $index = array_search($issue_id, $res); if (!empty($res[$index + 1])) { $next = $res[$index + 1]; } if (!empty($res[$index - 1])) { $previous = $res[$index - 1]; } return array('next' => @$next, 'previous' => @$previous); }
$tpl->assign("show_setup_links", true); $excluded_roles = array('customer'); } else { $excluded_roles = array('customer', 'administrator'); } if (@$HTTP_POST_VARS["cat"] == "new") { $tpl->assign("result", User::insert()); } elseif (@$HTTP_POST_VARS["cat"] == "update") { $tpl->assign("result", User::update()); } elseif (@$HTTP_POST_VARS["cat"] == "change_status") { User::changeStatus(); } $project_roles = array(); $project_list = Project::getAll(); if (@$HTTP_GET_VARS["cat"] == "edit") { $info = User::getDetails($HTTP_GET_VARS["id"]); $tpl->assign("info", $info); } foreach ($project_list as $prj_id => $prj_title) { if (@$info['roles'][$prj_id]['pru_role'] == User::getRoleID('Customer')) { if (count($excluded_roles) == 1) { $excluded_roles = false; } else { $excluded_roles = array('administrator'); } } if (@$info['roles'][$prj_id]['pru_role'] == User::getRoleID("administrator")) { $excluded_roles = false; } $project_roles[$prj_id] = $user_roles = array(0 => "No Access") + User::getRoles($excluded_roles); }
/** * Returns the data used by the weekly report. * * @param string $usr_id The ID of the user this report is for. * @param int $prj_id The project id * @param string|DateTime $start The start date of this report. * @param string|DateTime $end The end date of this report. * @param array $options extra options for report: * - $separate_closed If closed issues should be separated from other issues. * - $ignore_statuses If issue status changes should be ignored in report. * - $separate_not_assigned_to_user Separate Issues Not Assigned to User * - $show_per_issue Add time spent on issue to issues * - $separate_no_time Separate No time spent issues * @return array An array of data containing all the elements of the weekly report. */ public static function getWeeklyReport($usr_id, $prj_id, $start, $end, $options = array()) { // figure out timezone $user_prefs = Prefs::get($usr_id); $tz = $user_prefs['timezone']; // if start or end is string, convert assume min and max date are specified if (!$start instanceof DateTime) { $start = Date_Helper::getDateTime($start, $tz)->setTime(0, 0, 0); } if (!$end instanceof DateTime) { $end = Date_Helper::getDateTime($end, $tz)->setTime(23, 59, 59); } $start_ts = Date_Helper::getSqlDateTime($start); $end_ts = Date_Helper::getSqlDateTime($end); $time_tracking = Time_Tracking::getSummaryByUser($usr_id, $prj_id, $start_ts, $end_ts); // replace spaces in index with _ and calculate total time $total_time = 0; foreach ($time_tracking as $category => $data) { unset($time_tracking[$category]); $time_tracking[str_replace(' ', '_', $category)] = $data; $total_time += $data['total_time']; } // get count of issues assigned in week of report. $stmt = 'SELECT COUNT(*) FROM {{%issue}}, {{%issue_user}}, {{%status}} WHERE iss_id = isu_iss_id AND iss_sta_id = sta_id AND isu_usr_id = ? AND iss_prj_id = ? AND isu_assigned_date BETWEEN ? AND ?'; $params = array($usr_id, Auth::getCurrentProject(), $start_ts, $end_ts); try { $newly_assigned = DB_Helper::getInstance()->getOne($stmt, $params); } catch (DbException $e) { $newly_assigned = null; } $email_count = array('associated' => Support::getSentEmailCountByUser($usr_id, $start_ts, $end_ts, true), 'other' => Support::getSentEmailCountByUser($usr_id, $start_ts, $end_ts, false)); $htt_exclude = array(); if (!empty($options['ignore_statuses'])) { $htt_exclude[] = 'status_changed'; $htt_exclude[] = 'status_auto_changed'; $htt_exclude[] = 'remote_status_change'; } $issue_list = History::getTouchedIssuesByUser($usr_id, $prj_id, $start_ts, $end_ts, $htt_exclude); $issues = array('no_time' => array(), 'not_mine' => array(), 'closed' => array(), 'other' => array()); // organize issues into categories if ($issue_list) { if (!empty($options['show_per_issue']) || !empty($options['separate_no_time'])) { Time_Tracking::fillTimeSpentByIssueAndTime($issue_list, $usr_id, $start_ts, $end_ts); } foreach ($issue_list as $row) { if (!empty($row['iss_customer_id']) && CRM::hasCustomerIntegration($row['iss_prj_id'])) { $row['customer_name'] = CRM::getCustomerName($row['iss_prj_id'], $row['iss_customer_id']); } else { $row['customer_name'] = null; } if (!empty($options['separate_closed']) && $row['sta_is_closed'] == 1) { $issues['closed'][] = $row; } elseif (!empty($options['separate_not_assigned_to_user']) && !Issue::isAssignedToUser($row['iss_id'], $usr_id)) { $issues['not_mine'][] = $row; } elseif (!empty($options['separate_no_time']) && empty($row['it_spent'])) { $issues['no_time'][] = $row; } else { $issues['other'][] = $row; } } $sort_function = function ($a, $b) { return strcasecmp($a['customer_name'], $b['customer_name']); }; usort($issues['closed'], $sort_function); usort($issues['other'], $sort_function); } return array('start' => $start_ts, 'end' => $end_ts, 'user' => User::getDetails($usr_id), 'group_name' => Group::getName(User::getGroupID($usr_id)), 'issues' => $issues, 'status_counts' => History::getTouchedIssueCountByStatus($usr_id, $prj_id, $start_ts, $end_ts), 'new_assigned_count' => $newly_assigned, 'time_tracking' => $time_tracking, 'email_count' => $email_count, 'phone_count' => Phone_Support::getCountByUser($usr_id, $start_ts, $end_ts), 'note_count' => Note::getCountByUser($usr_id, $start_ts, $end_ts), 'total_time' => Misc::getFormattedTime($total_time, false)); }
/** * If the partner can edit the issue. * * @param integer $issue_id * @param integer $usr_id * @return bool */ public static function canUpdateIssue($issue_id, $usr_id) { $usr_details = User::getDetails($usr_id); if (!empty($usr_details['usr_par_code'])) { $backend = self::getBackend($usr_details['usr_par_code']); return $backend->canUpdateIssue($issue_id, $usr_id); } return null; }
/** * Creates a fake cookie so processes not run from a browser can access current user and project * * @param integer $usr_id The ID of the user. * @param integer $prj_id The ID of the project. */ function createFakeCookie($usr_id, $project = false) { global $HTTP_COOKIE_VARS; include_once APP_INC_PATH . "private_key.php"; $user_details = User::getDetails($usr_id); $time = time(); $cookie = array("email" => $user_details['usr_email'], "login_time" => $time, "hash" => md5($GLOBALS["private_key"] . md5($time) . $user_details['usr_email']), "autologin" => 0); $HTTP_COOKIE_VARS[APP_COOKIE] = base64_encode(serialize($cookie)); if ($project) { $cookie = array("prj_id" => $project, "remember" => false); } $HTTP_COOKIE_VARS[APP_PROJECT_COOKIE] = base64_encode(serialize($cookie)); }
$res = null; if ($cat == 'update_account') { $preferences = $_POST; // if the user is trying to upload a new signature, override any changes to the textarea if (!empty($_FILES['file_signature']['name'])) { $preferences['email_signature'] = file_get_contents($_FILES['file_signature']['tmp_name']); } $res = Prefs::set($usr_id, $preferences); User::updateSMS($usr_id, @$_POST['sms_email']); } elseif ($cat == 'update_name') { $res = User::updateFullName($usr_id); } elseif ($cat == 'update_email') { $res = User::updateEmail($usr_id); } elseif ($cat == 'update_password') { $res = Auth::updatePassword($usr_id, $_POST['new_password'], $_POST['confirm_password']); } if ($res == 1) { Misc::setMessage(ev_gettext('Your information has been updated')); } elseif ($res == -1) { Misc::setMessage(ev_gettext('Sorry, there was an error updating your information'), Misc::MSG_ERROR); } $prefs = Prefs::get($usr_id); $prefs['sms_email'] = User::getSMS($usr_id); $tpl->assign('user_prefs', $prefs); $tpl->assign('user_info', User::getDetails($usr_id)); $tpl->assign('assigned_projects', Project::getAssocList($usr_id, false, true)); $tpl->assign('zones', Date_Helper::getTimezoneList()); $tpl->assign('avail_langs', Language::getAvailableLanguages()); $tpl->assign('current_locale', User::getLang($usr_id, true)); $tpl->assign(array('can_update_name' => Auth::canUserUpdateName($usr_id), 'can_update_email' => Auth::canUserUpdateEmail($usr_id), 'can_update_password' => Auth::canUserUpdatePassword($usr_id))); $tpl->displayTemplate();