/** * */ function setUpEnvForRemoteAccess(&$dbHandler, $apikey, $rightsCheck = null, $opt = null) { $my = array('opt' => array('setPaths' => false, 'clearSession' => false)); $my['opt'] = array_merge($my['opt'], (array) $opt); if ($my['opt']['clearSession']) { $_SESSION = null; } doSessionStart($my['opt']['setPaths']); if (isset($_SESSION['locale']) && !is_null($_SESSION['locale'])) { setDateTimeFormats($_SESSION['locale']); } doDBConnect($dbHandler); $user = tlUser::getByAPIKey($dbHandler, $apikey); if (count($user) == 1) { $_SESSION['lastActivity'] = time(); $userObj = new tlUser(key($user)); $userObj->readFromDB($dbHandler); $_SESSION['currentUser'] = $userObj; $_SESSION['userID'] = $userObj->dbID; $_SESSION['locale'] = $userObj->locale; // if user do this: // 1. login to test link // 2. get direct link and open in new tab or new window while still logged // 3. logout // If user refresh tab / window open on (2), because on (3) we destroyed // session we have loose basehref, and we are not able to recreate it. // Without basehref we are not able to get CSS, JS, etc. // In this situation we destroy session, this way user is forced to login // again in one of two ways // a. using the direct link // b. using traditional login // In both way we assure that behaivour will be OK. // if (!isset($_SESSION['basehref'])) { session_unset(); session_destroy(); if (property_exists($rightsCheck, 'redirect_target') && !is_null($rightsCheck->redirect_target)) { redirect($rightsCheck->redirect_target); } else { // best guess for all features that live on ./lib/results/ redirect("../../login.php?note=logout"); } exit; } if (!is_null($rightsCheck)) { checkUserRightsFor($dbHandler, $rightsCheck, true); } } }
/** * */ function init_args() { $_REQUEST = strings_stripSlashes($_REQUEST); $args = new stdClass(); try { // ATTENTION - give a look to $tlCfg->reports_list $typeSize = 30; $iParams = array("apikey" => array(tlInputParameter::STRING_N, 32, 64), "tproject_id" => array(tlInputParameter::INT_N), "tplan_id" => array(tlInputParameter::INT_N), "level" => array(tlInputParameter::STRING_N, 0, 16), "type" => array(tlInputParameter::STRING_N, 0, $typeSize)); } catch (Exception $e) { echo $e->getMessage(); exit; } R_PARAMS($iParams, $args); $args->light = 'red'; $opt = array('setPaths' => true, 'clearSession' => true); if (strlen($args->apikey) == 32) { setUpEnvForRemoteAccess($dbHandler, $args->apikey, null, $opt); $user = tlUser::getByAPIKey($dbHandler, $args->apikey); $args->light = count($user) == 1 ? 'green' : 'red'; } else { $kerberos = new stdClass(); $kerberos->args = $args; $kerberos->method = null; if (setUpEnvForAnonymousAccess($dbHandler, $args->apikey, $kerberos, $opt)) { $args->light = 'green'; } } return $args; }
/** * */ function init_args(&$dbHandler) { $_REQUEST = strings_stripSlashes($_REQUEST); $args = new stdClass(); try { // ATTENTION - give a look to $tlCfg->reports_list // format domain: see reports.cfg.php FORMAT_* $typeSize = 30; $iParams = array("apikey" => array(tlInputParameter::STRING_N, 32, 64), "tproject_id" => array(tlInputParameter::INT_N), "tplan_id" => array(tlInputParameter::INT_N), "level" => array(tlInputParameter::STRING_N, 0, 16), "type" => array(tlInputParameter::STRING_N, 0, $typeSize), 'id' => array(tlInputParameter::INT_N), 'format' => array(tlInputParameter::STRING_N, 0, 1)); } catch (Exception $e) { echo $e->getMessage(); exit; } R_PARAMS($iParams, $args); // new dBug($args); $args->format = intval($args->format); $args->format = $args->format <= 0 ? FORMAT_HTML : $args->format; $args->envCheckMode = $args->type == 'file' ? 'hippie' : 'paranoic'; $args->light = 'red'; $opt = array('setPaths' => true, 'clearSession' => true); if (strlen($args->apikey) == 32) { $args->debug = 'USER-APIKEY'; setUpEnvForRemoteAccess($dbHandler, $args->apikey, null, $opt); $user = tlUser::getByAPIKey($dbHandler, $args->apikey); $args->light = count($user) == 1 ? 'green' : 'red'; } else { if ($args->type == 'exec') { $tex = DB_TABLE_PREFIX . 'executions'; $sql = "SELECT testplan_id FROM {$tex} WHERE id=" . intval($args->id); $rs = $dbHandler->get_recordset($sql); if (is_null($rs)) { die; } $rs = $rs[0]; $tpl = DB_TABLE_PREFIX . 'testplans'; $sql = "SELECT api_key FROM {$tpl} WHERE id=" . intval($rs['testplan_id']); $rs = $dbHandler->get_recordset($sql); if (is_null($rs)) { die; } $rs = $rs[0]; $args->apikey = $rs['api_key']; $args->envCheckMode = 'hippie'; } $args->debug = 'OBJECT-APIKEY'; $kerberos = new stdClass(); $kerberos->args = $args; $kerberos->method = null; if (setUpEnvForAnonymousAccess($dbHandler, $args->apikey, $kerberos, $opt)) { $args->light = 'green'; } } return $args; }