function navbar()
{
if (auth_is_user_authenticated()) {
echo '
<nav class="navbar navbar-inverse navbar-fixed-top" role="navigation">
<div class="container-fluid">
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="#">Mantis</a>
</div>
<div id="navbar" class="navbar-collapse collapse"> ';
$this->get_bug_jump_input();
echo '
<ul class="nav navbar-nav navbar-right">
<li class="dropdown">';
$this->get_account_menu();
echo '</li>';
$this->get_navbar();
$this->get_plugin_menu();
echo '
</div>
</div>
</nav>
';
}
}
function bodyBegin($p_event)
{
$classes = '';
if (plugin_config_get('skin') == 2) {
$this->theCity();
}
if (plugin_config_get('headerHeight') != '2' && plugin_config_get('showCompanyLogo')) {
if (!auth_is_user_authenticated()) {
$classes .= ' poserNoAuth';
}
if (plugin_config_get('headerHeight') == '1') {
$classes .= ' poserSmallHeader';
}
if (plugin_config_get('headerHeight') == '2') {
$classes .= ' poserTinyHeader';
}
?>
<div class="poserHeader <?php
echo $classes;
?>
">
<a href="<?php
echo plugin_config_get('companyUrl');
?>
" title="<?php
echo plugin_config_get('companyName');
?>
" target="_blank">
<?php
$imgdata = plugin_config_get('companyLogo');
if (!empty($imgdata)) {
?>
<img src="<?php
echo $imgdata;
?>
" alt="<?php
echo plugin_config_get('companyName');
?>
"/><?php
} else {
echo plugin_config_get('companyName');
}
?>
</a>
</div>
<?php
}
?>
<div class="mantisLogo <?php
echo $classes;
?>
">
<?php
}
function lang_get_default()
{
global $g_active_language;
$t_lang = false;
# Confirm that the user's language can be determined
if (auth_is_user_authenticated()) {
$t_lang = user_pref_get_language(auth_get_current_user_id());
}
# Otherwise fall back to default
if (false === $t_lang) {
$t_lang = config_get('default_language');
}
if ('auto' == $t_lang) {
$t_lang = lang_map_auto();
}
# Remember the language
$g_active_language = $t_lang;
return $t_lang;
}
function autologin()
{
if (auth_is_user_authenticated()) {
return;
}
$t_login_method = config_get('login_method');
if ($t_login_method != BASIC_AUTH) {
trigger_error("Invalid login method. ({$t_login_method})", ERROR);
}
$t_user_id = user_get_id_by_name($_SERVER['REMOTE_USER']);
if (!$t_user_id) {
trigger_error('Invalid user.', ERROR);
}
user_increment_login_count($t_user_id);
user_reset_failed_login_count_to_zero($t_user_id);
user_reset_lost_password_in_progress_count_to_zero($t_user_id);
auth_set_cookies($t_user_id, true);
auth_set_tokens($t_user_id);
}
/**
* Check that there is a user logged-in and authenticated
* If the user's account is disabled they will be logged out
* If there is no user logged in, redirect to the login page
* If parameter is given it is used as a URL to redirect to following
* successful login. If none is given, the URL of the current page is used
* @param string $p_return_page Page to redirect to following successful logon, defaults to current page.
* @access public
* @return void
*/
function auth_ensure_user_authenticated($p_return_page = '')
{
# if logged in
if (auth_is_user_authenticated()) {
# check for access enabled
# This also makes sure the cookie is valid
if (OFF == current_user_get_field('enabled')) {
print_header_redirect('logout_page.php');
}
} else {
# not logged in
if (is_blank($p_return_page)) {
if (!isset($_SERVER['REQUEST_URI'])) {
$_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING'];
}
$p_return_page = $_SERVER['REQUEST_URI'];
}
$p_return_page = string_url($p_return_page);
print_header_redirect('login_page.php?return=' . $p_return_page);
}
}
/**
* Check the current user's access against the given value and return true
* if the user's access is equal to or higher, false otherwise.
* This function looks up the bug's project and performs an access check
* against that project
* @param int $p_access_level integer representing access level
* @param int $p_bug_id integer representing bug id to check access against
* @param int|null $p_user_id integer representing user id, defaults to null to use current user
* @return bool whether user has access level specified
* @access public
*/
function access_has_bug_level($p_access_level, $p_bug_id, $p_user_id = null)
{
if ($p_user_id === null) {
$p_user_id = auth_get_current_user_id();
}
# Deal with not logged in silently in this case
# @@@ we may be able to remove this and just error
# and once we default to anon login, we can remove it for sure
if (empty($p_user_id) && !auth_is_user_authenticated()) {
return false;
}
$t_project_id = bug_get_field($p_bug_id, 'project_id');
$t_bug_is_user_reporter = bug_is_user_reporter($p_bug_id, $p_user_id);
$t_access_level = access_get_project_level($t_project_id, $p_user_id);
# check limit_Reporter (Issue #4769)
# reporters can view just issues they reported
$t_limit_reporters = config_get('limit_reporters', null, $p_user_id, $t_project_id);
if ($t_limit_reporters && !$t_bug_is_user_reporter) {
# Here we only need to check that the current user has an access level
# higher than the lowest needed to report issues (report_bug_threshold).
# To improve performance, esp. when processing for several projects, we
# build a static array holding that threshold for each project
static $s_thresholds = array();
if (!isset($s_thresholds[$t_project_id])) {
$t_report_bug_threshold = config_get('report_bug_threshold', null, $p_user_id, $t_project_id);
if (!is_array($t_report_bug_threshold)) {
$s_thresholds[$t_project_id] = $t_report_bug_threshold + 1;
} else {
if (empty($t_report_bug_threshold)) {
$s_thresholds[$t_project_id] = NOBODY;
} else {
sort($t_report_bug_threshold);
$s_thresholds[$t_project_id] = $t_report_bug_threshold[0] + 1;
}
}
}
if (!access_compare_level($t_access_level, $s_thresholds[$t_project_id])) {
return false;
}
}
# If the bug is private and the user is not the reporter, then
# they must also have higher access than private_bug_threshold
if (!$t_bug_is_user_reporter && bug_get_field($p_bug_id, 'view_state') == VS_PRIVATE) {
$t_private_bug_threshold = config_get('private_bug_threshold', null, $p_user_id, $t_project_id);
return access_compare_level($t_access_level, $t_private_bug_threshold) && access_compare_level($t_access_level, $p_access_level);
}
return access_compare_level($t_access_level, $p_access_level);
}
/**
* MantisBT Core API's
*/
require_once 'core.php';
require_once 'email_api.php';
form_security_validate('signup');
$f_username = strip_tags(gpc_get_string('username'));
$f_email = strip_tags(gpc_get_string('email'));
$f_captcha = gpc_get_string('captcha', '');
$f_username = trim($f_username);
$f_email = email_append_domain(trim($f_email));
$f_captcha = utf8_strtolower(trim($f_captcha));
# Retrieve captcha key now, as session might get cleared by logout
$t_form_key = session_get_int(CAPTCHA_KEY, null);
# force logout on the current user if already authenticated
if (auth_is_user_authenticated()) {
auth_logout();
}
# Check to see if signup is allowed
if (OFF == config_get_global('allow_signup')) {
print_header_redirect('login_page.php');
exit;
}
if (ON == config_get('signup_use_captcha') && get_gd_version() > 0 && helper_call_custom_function('auth_can_change_password', array())) {
# captcha image requires GD library and related option to ON
$t_key = utf8_strtolower(utf8_substr(md5(config_get('password_confirm_hash_magic_string') . $t_form_key), 1, 5));
if ($t_key != $f_captcha) {
trigger_error(ERROR_SIGNUP_NOT_MATCHING_CAPTCHA, ERROR);
}
# Clear captcha cache
session_delete(CAPTCHA_IMG);
/**
* Cache collapse API data from the database for the current user.
* If the collapse cookie has been set, grab the changes and resave
* the token, or touch it otherwise.
*/
function collapse_cache_token()
{
global $g_collapse_cache_token;
if (!auth_is_user_authenticated() || current_user_is_anonymous()) {
$g_collapse_cache_token = array();
return;
}
if (isset($g_collapse_cache_token)) {
return;
}
$t_user_id = auth_get_current_user_id();
$t_token = token_get_value(TOKEN_COLLAPSE);
if (!is_null($t_token)) {
$t_data = unserialize($t_token);
} else {
$t_data = array();
}
$g_collapse_cache_token = $t_data;
$t_cookie = gpc_get_cookie('MANTIS_collapse_settings', '');
if (false !== $t_cookie && !is_blank($t_cookie)) {
$t_update = false;
$t_data = explode('|', $t_cookie);
foreach ($t_data as $t_pair) {
$t_pair = explode(',', $t_pair);
if (false !== $t_pair && count($t_pair) == 2) {
$g_collapse_cache_token[$t_pair[0]] = true == $t_pair[1];
$t_update = true;
}
}
if ($t_update) {
$t_token = serialize($g_collapse_cache_token);
token_set(TOKEN_COLLAPSE, $t_token, TOKEN_EXPIRY_COLLAPSE);
} else {
token_touch(TOKEN_COLLAPSE);
}
gpc_clear_cookie('MANTIS_collapse_settings');
}
}
/**
* return the user's preferences in a UserPreferences object
* @param int $p_user_id
* @param int $p_project_id
* @return UserPreferences
*/
function user_pref_get( $p_user_id, $p_project_id = ALL_PROJECTS ) {
static $t_vars;
global $g_cache_current_user_pref;
if ( isset( $g_cache_current_user_pref[(int)$p_project_id] ) &&
auth_is_user_authenticated() &&
auth_get_current_user_id() == $p_user_id ) {
return $g_cache_current_user_pref[(int)$p_project_id];
}
$t_prefs = new UserPreferences( $p_user_id, $p_project_id );
$row = user_pref_cache_row( $p_user_id, $p_project_id, false );
# If the user has no preferences for the given project
if( false === $row ) {
if( ALL_PROJECTS != $p_project_id ) {
# Try to get the prefs for ALL_PROJECTS (the defaults)
$row = user_pref_cache_row( $p_user_id, ALL_PROJECTS, false );
}
# If $row is still false (the user doesn't have default preferences)
if( false === $row ) {
# We use an empty array
$row = array();
}
}
if ($t_vars == null ) {
$t_vars = getClassProperties( 'UserPreferences', 'protected');
}
$t_row_keys = array_keys( $row );
# Check each variable in the class
foreach( $t_vars as $var => $val ) {
# If we got a field from the DB with the same name
if( in_array( $var, $t_row_keys, true ) ) {
# Store that value in the object
$t_prefs->$var = $row[$var];
}
}
if ( auth_is_user_authenticated() && auth_get_current_user_id() == $p_user_id ) {
$g_cache_current_user_pref[ (int)$p_project_id ] = $t_prefs;
}
return $t_prefs;
}
function helper_show_queries()
{
# Check is authenticated before checking access level, otherwise user gets
# redirected to login_page.php. See #8461.
return ON == config_get('show_queries_count') && auth_is_user_authenticated() && access_has_global_level(config_get('show_queries_threshold'));
}
require_api('utility_api.php');
require_css('login.css');
$f_error = gpc_get_bool('error');
$f_cookie_error = gpc_get_bool('cookie_error');
$f_return = string_sanitize_url(gpc_get_string('return', ''));
$f_username = gpc_get_string('username', '');
$f_perm_login = gpc_get_bool('perm_login', false);
$f_secure_session = gpc_get_bool('secure_session', false);
$f_secure_session_cookie = gpc_get_cookie(config_get_global('cookie_prefix') . '_secure_session', null);
# Set username to blank if invalid to prevent possible XSS exploits
if (!user_is_name_valid($f_username)) {
$f_username = '';
}
$t_session_validation = ON == config_get_global('session_validation');
# If user is already authenticated and not anonymous
if (auth_is_user_authenticated() && !current_user_is_anonymous()) {
# If return URL is specified redirect to it; otherwise use default page
if (!is_blank($f_return)) {
print_header_redirect($f_return, false, false, true);
} else {
print_header_redirect(config_get('default_home_page'));
}
}
# Check for automatic logon methods where we want the logon to just be handled by login.php
if (auth_automatic_logon_bypass_form()) {
$t_uri = 'login.php';
if (ON == config_get('allow_anonymous_login')) {
$t_uri = 'login_anon.php';
}
if (!is_blank($f_return)) {
$t_uri .= '?return=' . string_url($f_return);
/**
* Returns true if the specified configuration option exists (Either a
* value or default can be found), false otherwise
*
* @param string $p_option Configuration option.
* @param integer $p_user A user identifier.
* @param integer $p_project A project identifier.
* @return boolean
*/
function config_is_set($p_option, $p_user = null, $p_project = null)
{
global $g_cache_config, $g_cache_filled;
if (!$g_cache_filled) {
config_get($p_option, -1, $p_user, $p_project);
}
# prepare the user's list
$t_users = array(ALL_USERS);
if (null === $p_user && auth_is_user_authenticated()) {
$t_users[] = auth_get_current_user_id();
} else {
if (!in_array($p_user, $t_users)) {
$t_users[] = $p_user;
}
}
$t_users[] = ALL_USERS;
# prepare the projects list
$t_projects = array(ALL_PROJECTS);
if (null === $p_project && auth_is_user_authenticated()) {
$t_selected_project = helper_get_current_project();
if (ALL_PROJECTS != $t_selected_project) {
$t_projects[] = $t_selected_project;
}
} else {
if (!in_array($p_project, $t_projects)) {
$t_projects[] = $p_project;
}
}
$t_found = false;
reset($t_users);
while ((list(, $t_user) = each($t_users)) && !$t_found) {
reset($t_projects);
while ((list(, $t_project) = each($t_projects)) && !$t_found) {
if (isset($g_cache_config[$p_option][$t_user][$t_project])) {
$t_found = true;
}
}
}
if ($t_found) {
return true;
}
return isset($GLOBALS['g_' . $p_option]);
}
function log_print_to_page()
{
if (config_get_global('log_destination') === 'page' && auth_is_user_authenticated() && access_has_global_level(config_get('show_log_threshold'))) {
global $g_log_events, $g_log_levels;
echo "\n\n<!--Mantis Debug Log Output-->";
echo "<hr />\n";
echo "<table id=\"log-event-list\">\n";
echo "\t<thead>\n";
echo "\t\t<tr>\n";
echo "\t\t\t<th>" . lang_get('log_page_number') . "</th>\n";
echo "\t\t\t<th>" . lang_get('log_page_time') . "</th>\n";
echo "\t\t\t<th>" . lang_get('log_page_caller') . "</th>\n";
echo "\t\t\t<th>" . lang_get('log_page_event') . "</th>\n";
echo "\t\t</tr>\n";
echo "\t</thead>\n";
echo "\t<tbody>\n";
$t_unique_queries_count = 0;
$t_total_query_execution_time = 0;
$t_unique_queries = array();
$t_total_queries_count = 0;
$t_total_event_count = count($g_log_events);
if ($t_total_event_count == 0) {
echo "\t</tbody>\n\t</table>\n";
echo "<!--END Mantis Debug Log Output-->\n\n";
return;
}
for ($i = 0; $i < $t_total_event_count; $i++) {
if ($g_log_events[$i][1] == LOG_DATABASE) {
if (!in_array($g_log_events[$i][2][0], $t_unique_queries)) {
$t_unique_queries_count++;
$g_log_events[$i][2][2] = false;
array_push($t_unique_queries, $g_log_events[$i][2][0]);
} else {
$g_log_events[$i][2][2] = true;
}
$t_total_query_execution_time += $g_log_events[$i][2][1];
}
}
$t_count = array();
foreach ($g_log_events as $t_log_event) {
$t_level = $g_log_levels[$t_log_event[1]];
$t_count[$t_log_event[1]]++;
switch ($t_log_event[1]) {
case LOG_DATABASE:
$t_total_queries_count++;
$t_query_duplicate_class = '';
if ($t_log_event[2][2]) {
$t_query_duplicate_class = ' class="duplicate-query"';
}
echo "\t\t<tr{$t_query_duplicate_class}><td>" . $t_level . '-' . $t_count[$t_log_event[1]] . "</td><td>" . $t_log_event[2][1] . "</td><td>" . string_html_specialchars($t_log_event[3]) . "</td><td>" . string_html_specialchars($t_log_event[2][0]) . "</td></tr>\n";
break;
default:
echo "\t\t<tr><td>" . $t_level . '-' . $t_count[$t_log_event[1]] . "</td><td>" . $t_log_event[2][1] . "</td><td>" . string_html_specialchars($t_log_event[3]) . "</td><td>" . string_html_specialchars($t_log_event[2][0]) . "</td></tr>\n";
}
}
# output any summary data
if ($t_unique_queries_count != 0) {
$t_unique_queries_executed = sprintf(lang_get('unique_queries_executed'), $t_unique_queries_count);
echo "\t\t<tr><td>" . $g_log_levels[LOG_DATABASE] . '</td><td colspan="3">' . $t_unique_queries_executed . "</td></tr>\n";
}
if ($t_total_queries_count != 0) {
$t_total_queries_executed = sprintf(lang_get('total_queries_executed'), $t_total_queries_count);
echo "\t\t<tr><td>" . $g_log_levels[LOG_DATABASE] . '</td><td colspan="3">' . $t_total_queries_executed . "</td></tr>\n";
}
if ($t_total_query_execution_time != 0) {
$t_total_query_time = sprintf(lang_get('total_query_execution_time'), $t_total_query_execution_time);
echo "\t\t<tr><td>" . $g_log_levels[LOG_DATABASE] . '</td><td colspan="3">' . $t_total_query_time . "</td></tr>\n";
}
echo "\t</tbody>\n\t</table>\n";
}
echo "<!--END Mantis Debug Log Output-->\n\n";
}
function print_menu()
{
if (auth_is_user_authenticated()) {
$t_protected = current_user_get_field('protected');
$t_current_project = helper_get_current_project();
print '<table class="width100" cellspacing="0">';
print '<tr>';
print '<td class="menu">';
$t_menu_options = array();
# Main Page
$t_menu_options[] = '<a href="main_page.php">' . lang_get('main_link') . '</a>';
# My View
$t_menu_options[] = '<a href="my_view_page.php">' . lang_get('my_view_link') . '</a>';
# View Bugs
$t_menu_options[] = '<a href="view_all_bug_page.php">' . lang_get('view_bugs_link') . '</a>';
# Report Bugs
if (access_has_project_level(config_get('report_bug_threshold'))) {
$t_menu_options[] = string_get_bug_report_link();
}
# Changelog Page
if (access_has_project_level(config_get('view_changelog_threshold'))) {
$t_menu_options[] = '<a href="changelog_page.php">' . lang_get('changelog_link') . '</a>';
}
# Roadmap Page
if (access_has_project_level(config_get('roadmap_view_threshold'))) {
$t_menu_options[] = '<a href="roadmap_page.php">' . lang_get('roadmap_link') . '</a>';
}
# Summary Page
if (access_has_project_level(config_get('view_summary_threshold'))) {
$t_menu_options[] = '<a href="summary_page.php">' . lang_get('summary_link') . '</a>';
}
# Project Documentation Page
if (ON == config_get('enable_project_documentation')) {
$t_menu_options[] = '<a href="proj_doc_page.php">' . lang_get('docs_link') . '</a>';
}
# Project Wiki
if (wiki_is_enabled()) {
$t_menu_options[] = '<a href="wiki.php?type=project&id=' . $t_current_project . '">' . lang_get('wiki') . '</a>';
}
# Manage Users (admins) or Manage Project (managers) or Manage Custom Fields
$t_show_access = min(config_get('manage_user_threshold'), config_get('manage_project_threshold'), config_get('manage_custom_fields_threshold'));
if (access_has_global_level($t_show_access) || access_has_any_project($t_show_access)) {
$t_current_project = helper_get_current_project();
if (access_has_global_level(config_get('manage_user_threshold'))) {
$t_link = 'manage_user_page.php';
} else {
if (access_has_project_level(config_get('manage_project_threshold'), $t_current_project) && $t_current_project != ALL_PROJECTS) {
$t_link = 'manage_proj_edit_page.php?project_id=' . $t_current_project;
} else {
$t_link = 'manage_proj_page.php';
}
}
$t_menu_options[] = "<a href=\"{$t_link}\">" . lang_get('manage_link') . '</a>';
}
# News Page
if (access_has_project_level(config_get('manage_news_threshold'))) {
# Admin can edit news for All Projects (site-wide)
if (ALL_PROJECTS != helper_get_current_project() || access_has_project_level(ADMINISTRATOR)) {
$t_menu_options[] = '<a href="news_menu_page.php">' . lang_get('edit_news_link') . '</a>';
} else {
$t_menu_options[] = '<a href="login_select_proj_page.php">' . lang_get('edit_news_link') . '</a>';
}
}
# Account Page (only show accounts that are NOT protected)
if (OFF == $t_protected) {
$t_menu_options[] = '<a href="account_page.php">' . lang_get('account_link') . '</a>';
}
# Add custom options
$t_custom_options = prepare_custom_menu_options('main_menu_custom_options');
$t_menu_options = array_merge($t_menu_options, $t_custom_options);
if (config_get('time_tracking_enabled') && config_get('time_tracking_with_billing')) {
$t_menu_options[] = '<a href="billing_page.php">' . lang_get('time_tracking_billing_link') . '</a>';
}
# Logout (no if anonymously logged in)
if (!current_user_is_anonymous()) {
$t_menu_options[] = '<a href="logout_page.php">' . lang_get('logout_link') . '</a>';
}
print implode($t_menu_options, ' | ');
print '</td>';
print '<td class="menu right nowrap">';
print '<form method="post" action="jump_to_bug.php">';
if (ON == config_get('use_javascript')) {
$t_bug_label = lang_get('issue_id');
print "<input type=\"text\" name=\"bug_id\" size=\"10\" class=\"small\" value=\"{$t_bug_label}\" onfocus=\"if (this.value == '{$t_bug_label}') this.value = ''\" onblur=\"if (this.value == '') this.value = '{$t_bug_label}'\" /> ";
} else {
print "<input type=\"text\" name=\"bug_id\" size=\"10\" class=\"small\" /> ";
}
print '<input type="submit" class="button-small" value="' . lang_get('jump') . '" /> ';
print '</form>';
print '</td>';
print '</tr>';
print '</table>';
}
}
function current_user_is_anonymous()
{
if (auth_is_user_authenticated()) {
return ON == config_get('allow_anonymous_login') && current_user_get_field('username') == config_get('anonymous_account');
} else {
return false;
}
}
/**
* returns a boolean indicating whether SQL queries executed should be shown or not.
* @return bool
*/
function helper_log_to_page()
{
# Check is authenticated before checking access level, otherwise user gets
# redirected to login_page.php. See #8461.
return config_get_global('log_destination') === 'page' && auth_is_user_authenticated() && access_has_global_level(config_get('show_log_threshold'));
}
/**
* Print the main menu
* @return null
*/
function print_menu()
{
if (auth_is_user_authenticated()) {
$t_protected = current_user_get_field('protected');
$t_current_project = helper_get_current_project();
$t_menu_options = array();
# Main Page
$t_menu_options[] = '<a href="' . helper_mantis_url('main_page.php') . '">' . lang_get('main_link') . '</a>';
# Plugin / Event added options
$t_event_menu_options = event_signal('EVENT_MENU_MAIN_FRONT');
foreach ($t_event_menu_options as $t_plugin => $t_plugin_menu_options) {
foreach ($t_plugin_menu_options as $t_callback => $t_callback_menu_options) {
if (is_array($t_callback_menu_options)) {
$t_menu_options = array_merge($t_menu_options, $t_callback_menu_options);
} else {
if (!is_null($t_callback_menu_options)) {
$t_menu_options[] = $t_callback_menu_options;
}
}
}
}
# My View
$t_menu_options[] = '<a href="' . helper_mantis_url('my_view_page.php">') . lang_get('my_view_link') . '</a>';
# View Bugs
$t_menu_options[] = '<a href="' . helper_mantis_url('view_all_bug_page.php">') . lang_get('view_bugs_link') . '</a>';
# Report Bugs
if (access_has_project_level(config_get('report_bug_threshold'))) {
$t_menu_options[] = string_get_bug_report_link();
}
# Changelog Page
if (access_has_project_level(config_get('view_changelog_threshold'))) {
$t_menu_options[] = '<a href="' . helper_mantis_url('changelog_page.php">') . lang_get('changelog_link') . '</a>';
}
# Roadmap Page
if (access_has_project_level(config_get('roadmap_view_threshold'))) {
$t_menu_options[] = '<a href="' . helper_mantis_url('roadmap_page.php">') . lang_get('roadmap_link') . '</a>';
}
# Summary Page
if (access_has_project_level(config_get('view_summary_threshold'))) {
$t_menu_options[] = '<a href="' . helper_mantis_url('summary_page.php">') . lang_get('summary_link') . '</a>';
}
# Project Documentation Page
if (ON == config_get('enable_project_documentation')) {
$t_menu_options[] = '<a href="' . helper_mantis_url('proj_doc_page.php">') . lang_get('docs_link') . '</a>';
}
# Project Wiki
if (config_get_global('wiki_enable') == ON) {
$t_menu_options[] = '<a href="' . helper_mantis_url('wiki.php?type=project&id=') . $t_current_project . '">' . lang_get('wiki') . '</a>';
}
# Plugin / Event added options
$t_event_menu_options = event_signal('EVENT_MENU_MAIN');
foreach ($t_event_menu_options as $t_plugin => $t_plugin_menu_options) {
foreach ($t_plugin_menu_options as $t_callback => $t_callback_menu_options) {
if (is_array($t_callback_menu_options)) {
$t_menu_options = array_merge($t_menu_options, $t_callback_menu_options);
} else {
if (!is_null($t_callback_menu_options)) {
$t_menu_options[] = $t_callback_menu_options;
}
}
}
}
# Manage Users (admins) or Manage Project (managers) or Manage Custom Fields
if (access_has_global_level(config_get('manage_site_threshold'))) {
$t_link = helper_mantis_url('manage_overview_page.php');
$t_menu_options[] = '<a class="manage-menu-link" href="' . $t_link . '">' . lang_get('manage_link') . '</a>';
} else {
$t_show_access = min(config_get('manage_user_threshold'), config_get('manage_project_threshold'), config_get('manage_custom_fields_threshold'));
if (access_has_global_level($t_show_access) || access_has_any_project($t_show_access)) {
$t_current_project = helper_get_current_project();
if (access_has_global_level(config_get('manage_user_threshold'))) {
$t_link = helper_mantis_url('manage_user_page.php');
} else {
if (access_has_project_level(config_get('manage_project_threshold'), $t_current_project) && $t_current_project != ALL_PROJECTS) {
$t_link = helper_mantis_url('manage_proj_edit_page.php?project_id=') . $t_current_project;
} else {
$t_link = helper_mantis_url('manage_proj_page.php');
}
}
$t_menu_options[] = "<a href=\"{$t_link}\">" . lang_get('manage_link') . '</a>';
}
}
# News Page
if (news_is_enabled() && access_has_project_level(config_get('manage_news_threshold'))) {
# Admin can edit news for All Projects (site-wide)
if (ALL_PROJECTS != helper_get_current_project() || current_user_is_administrator()) {
$t_menu_options[] = '<a href="' . helper_mantis_url('news_menu_page.php">') . lang_get('edit_news_link') . '</a>';
} else {
$t_menu_options[] = '<a href="' . helper_mantis_url('login_select_proj_page.php">') . lang_get('edit_news_link') . '</a>';
}
}
# Account Page (only show accounts that are NOT protected)
if (OFF == $t_protected) {
$t_menu_options[] = '<a class="account-menu-link" href="' . helper_mantis_url('account_page.php">') . lang_get('account_link') . '</a>';
}
# Add custom options
$t_custom_options = prepare_custom_menu_options('main_menu_custom_options');
$t_menu_options = array_merge($t_menu_options, $t_custom_options);
# Time Tracking / Billing
if (config_get('time_tracking_enabled') && access_has_global_level(config_get('time_tracking_reporting_threshold'))) {
$t_menu_options[] = '<a href="' . helper_mantis_url('billing_page.php">') . lang_get('time_tracking_billing_link') . '</a>';
}
# Logout (no if anonymously logged in)
if (!current_user_is_anonymous()) {
$t_menu_options[] = '<a id="logout-link" href="' . helper_mantis_url('logout_page.php">') . lang_get('logout_link') . '</a>';
}
echo '<form method="post" action="' . helper_mantis_url('jump_to_bug.php" class="bug-jump-form">');
echo '<fieldset class="bug-jump">';
# CSRF protection not required here - form does not result in modifications
$t_bug_label = lang_get('issue_id');
echo '<input type="hidden" name="bug_label" value="', $t_bug_label, '" />';
echo '<input type="text" name="bug_id" size="10" class="small" /> ';
echo '<input type="submit" class="button-small" value="' . lang_get('jump') . '" /> ';
echo '</fieldset>';
echo '</form>';
echo '<div class="main-menu">';
echo '<div>';
echo '<ul class="menu">';
echo '<li>';
echo implode($t_menu_options, "</li>\n<li>");
echo '</li>';
echo '</ul>';
echo '</div>';
echo '</div>';
}
}
function string_get_bug_page($p_action, $p_user_id = null)
{
if (null === $p_user_id) {
if (auth_is_user_authenticated()) {
$p_user_id = auth_get_current_user_id();
}
}
$g_show_action = config_get('show_' . $p_action);
switch ($g_show_action) {
case BOTH:
if (null !== $p_user_id && ON == user_pref_get_pref($p_user_id, 'advanced_' . $p_action)) {
return 'bug_' . $p_action . '_advanced_page.php';
} else {
return 'bug_' . $p_action . '_page.php';
}
case SIMPLE_ONLY:
return 'bug_' . $p_action . '_page.php';
case ADVANCED_ONLY:
return 'bug_' . $p_action . '_advanced_page.php';
}
}
/**
* Check the current user's access against the given value and return true
* if the user's access is equal to or higher, false otherwise.
* This function looks up the bug's project and performs an access check
* against that project
* @param int $p_access_level integer representing access level
* @param int $p_bug_id integer representing bug id to check access against
* @param int|null $p_user_id integer representing user id, defaults to null to use current user
* @return bool whether user has access level specified
* @access public
*/
function access_has_bug_level($p_access_level, $p_bug_id, $p_user_id = null)
{
if ($p_user_id === null) {
$p_user_id = auth_get_current_user_id();
}
# Deal with not logged in silently in this case
# @@@ we may be able to remove this and just error
# and once we default to anon login, we can remove it for sure
if (empty($p_user_id) && !auth_is_user_authenticated()) {
return false;
}
$t_project_id = bug_get_field($p_bug_id, 'project_id');
# check limit_Reporter (Issue #4769)
# reporters can view just issues they reported
$t_limit_reporters = config_get('limit_reporters');
if (ON === $t_limit_reporters && !bug_is_user_reporter($p_bug_id, $p_user_id) && !access_has_project_level(REPORTER + 1, $t_project_id, $p_user_id)) {
return false;
}
# If the bug is private and the user is not the reporter, then
# they must also have higher access than private_bug_threshold
if (VS_PRIVATE == bug_get_field($p_bug_id, 'view_state') && !bug_is_user_reporter($p_bug_id, $p_user_id)) {
$t_access_level = access_get_project_level($t_project_id, $p_user_id);
return access_compare_level($t_access_level, config_get('private_bug_threshold')) && access_compare_level($t_access_level, $p_access_level);
}
return access_has_project_level($p_access_level, $t_project_id, $p_user_id);
}
* should only be known internally to the server.
*/
/**
* @todo Modify to run sections only on certain pages.
* eg. status colors are only necessary on a few pages.(my view, view all bugs, bug view, etc. )
* other pages may need to include dynamic css styles as well
*/
$t_referer_page = array_key_exists('HTTP_REFERER', $_SERVER) ? basename(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_PATH)) : basename(__FILE__);
switch ($t_referer_page) {
case 'login_page.php':
case 'signup_page.php':
case 'lost_pwd_page.php':
case 'account_update.php':
# We don't need custom status colors on login page, and this is
# actually causing an error since we're not authenticated yet.
exit;
}
$t_status_string = config_get('status_enum_string');
$t_statuses = MantisEnum::getAssocArrayIndexedByValues($t_status_string);
$t_colors = config_get('status_colors');
$t_color_count = count($t_colors);
$t_color_width = $t_color_count > 0 ? round(100 / $t_color_count) : 0;
$t_status_percents = auth_is_user_authenticated() ? get_percentage_by_status() : array();
foreach ($t_statuses as $t_id => $t_label) {
if (array_key_exists($t_label, $t_colors)) {
echo ".{$t_label}-color { background-color: {$t_colors[$t_label]}; width: {$t_color_width}%; }\n";
}
if (array_key_exists($t_id, $t_status_percents)) {
echo ".{$t_label}-percentage { width: {$t_status_percents[$t_id]}%; }\n";
}
}
