require_api('html_api.php'); require_api('lang_api.php'); require_api('print_api.php'); form_security_validate('manage_custom_field_update'); auth_reauthenticate(); access_ensure_global_level(config_get('manage_custom_fields_threshold')); $f_field_id = gpc_get_int('field_id'); $f_return = strip_tags(gpc_get_string('return', 'manage_custom_field_page.php')); $t_values['name'] = gpc_get_string('name'); $t_values['type'] = gpc_get_int('type'); $t_values['possible_values'] = gpc_get_string('possible_values'); $t_values['default_value'] = gpc_get_string('default_value'); $t_values['valid_regexp'] = gpc_get_string('valid_regexp'); $t_values['access_level_r'] = gpc_get_int('access_level_r'); $t_values['access_level_rw'] = gpc_get_int('access_level_rw'); $t_values['length_min'] = gpc_get_int('length_min'); $t_values['length_max'] = gpc_get_int('length_max'); $t_values['display_report'] = gpc_get_bool('display_report'); $t_values['display_update'] = gpc_get_bool('display_update'); $t_values['display_resolved'] = gpc_get_bool('display_resolved'); $t_values['display_closed'] = gpc_get_bool('display_closed'); $t_values['require_report'] = gpc_get_bool('require_report'); $t_values['require_update'] = gpc_get_bool('require_update'); $t_values['require_resolved'] = gpc_get_bool('require_resolved'); $t_values['require_closed'] = gpc_get_bool('require_closed'); $t_values['filter_by'] = gpc_get_bool('filter_by'); custom_field_update($f_field_id, $t_values); form_security_purge('manage_custom_field_update'); html_page_top(null, $f_return); html_operation_successful($f_return); html_page_bottom();
require_api('html_api.php'); require_api('lang_api.php'); require_api('print_api.php'); require_api('project_api.php'); require_api('user_api.php'); form_security_validate('manage_proj_user_remove'); auth_reauthenticate(); $f_project_id = gpc_get_int('project_id'); $f_user_id = gpc_get_int('user_id', 0); # We should check both since we are in the project section and an # admin might raise the first threshold and not realize they need # to raise the second access_ensure_project_level(config_get('manage_project_threshold'), $f_project_id); access_ensure_project_level(config_get('project_user_threshold'), $f_project_id); if (0 == $f_user_id) { # Confirm with the user helper_ensure_confirmed(lang_get('remove_all_users_sure_msg'), lang_get('remove_all_users_button')); project_remove_all_users($f_project_id, access_get_project_level($f_project_id)); } else { # Don't allow removal of users from the project who have a higher access level than the current user access_ensure_project_level(access_get_project_level($f_project_id, $f_user_id), $f_project_id); $t_user = user_get_row($f_user_id); # Confirm with the user helper_ensure_confirmed(lang_get('remove_user_sure_msg') . '<br/>' . lang_get('username_label') . lang_get('word_separator') . $t_user['username'], lang_get('remove_user_button')); project_remove_user($f_project_id, $f_user_id); } form_security_purge('manage_proj_user_remove'); $t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id; html_page_top(null, $t_redirect_url); html_operation_successful($t_redirect_url); html_page_bottom();
} # Update password if the two match and are not empty if (!is_blank($f_password)) { if ($f_password != $f_password_confirm) { trigger_error(ERROR_USER_CREATE_PASSWORD_MISMATCH, ERROR); } else { if (!auth_does_password_match($t_user_id, $f_password_current)) { trigger_error(ERROR_USER_CURRENT_PASSWORD_MISMATCH, ERROR); } if (!auth_does_password_match($t_user_id, $f_password)) { user_set_password($t_user_id, $f_password); $t_password_updated = true; } } } form_security_purge('account_update'); html_page_top(null, $t_redirect_url); $t_message = ''; if ($t_email_updated) { $t_message .= lang_get('email_updated'); } if ($t_password_updated) { $t_message = is_blank($t_message) ? '' : $t_message . '<br />'; $t_message .= lang_get('password_updated'); } if ($t_realname_updated) { $t_message = is_blank($t_message) ? '' : $t_message . '<br />'; $t_message .= lang_get('realname_updated'); } html_operation_successful($t_redirect_url, $t_message); html_page_bottom();
require_api('helper_api.php'); require_api('html_api.php'); require_api('lang_api.php'); require_api('print_api.php'); require_api('user_api.php'); form_security_validate('manage_user_delete'); auth_reauthenticate(); access_ensure_global_level(config_get('manage_user_threshold')); $f_user_id = gpc_get_int('user_id'); $t_user = user_get_row($f_user_id); # Ensure that the account to be deleted is of equal or lower access to the # current user. access_ensure_global_level($t_user['access_level']); # check that we are not deleting the last administrator account $t_admin_threshold = config_get_global('admin_site_threshold'); if (user_is_administrator($f_user_id) && user_count_level($t_admin_threshold) <= 1) { trigger_error(ERROR_USER_CHANGE_LAST_ADMIN, ERROR); } # If an administrator is trying to delete their own account, use # account_delete.php instead as it is handles logging out and redirection # of users who have just deleted their own accounts. if (auth_get_current_user_id() == $f_user_id) { form_security_purge('manage_user_delete'); print_header_redirect('account_delete.php?account_delete_token=' . form_security_token('account_delete'), true, false); } helper_ensure_confirmed(lang_get('delete_account_sure_msg') . '<br/>' . lang_get('username_label') . lang_get('word_separator') . $t_user['username'], lang_get('delete_account_button')); user_delete($f_user_id); form_security_purge('manage_user_delete'); html_page_top(null, 'manage_user_page.php'); html_operation_successful('manage_user_page.php'); html_page_bottom();
require_api('gpc_api.php'); require_api('html_api.php'); require_api('lang_api.php'); require_api('print_api.php'); require_api('sponsorship_api.php'); if (!config_get('enable_sponsorship')) { trigger_error(ERROR_SPONSORSHIP_NOT_ENABLED, ERROR); } form_security_validate('account_sponsor_update'); auth_ensure_user_authenticated(); $f_bug_list = gpc_get_string('buglist', ''); $t_bug_list = explode(',', $f_bug_list); foreach ($t_bug_list as $t_bug) { list($t_bug_id, $t_sponsor_id) = explode(':', $t_bug); $c_bug_id = (int) $t_bug_id; bug_ensure_exists($c_bug_id); # dies if bug doesn't exist access_ensure_bug_level(config_get('handle_sponsored_bugs_threshold'), $c_bug_id); # dies if user can't handle bug $t_bug = bug_get($c_bug_id); $t_sponsor = sponsorship_get((int) $t_sponsor_id); $t_new_payment = gpc_get_int('sponsor_' . $c_bug_id . '_' . $t_sponsor->id, $t_sponsor->paid); if ($t_new_payment != $t_sponsor->paid) { sponsorship_update_paid($t_sponsor_id, $t_new_payment); } } form_security_purge('account_sponsor_update'); $t_redirect_url = 'account_sponsor_page.php'; html_page_top(null, $t_redirect_url); html_operation_successful($t_redirect_url, lang_get('payment_updated')); html_page_bottom();
* @uses helper_api.php * @uses html_api.php * @uses lang_api.php * @uses news_api.php * @uses print_api.php */ require_once 'core.php'; require_api('access_api.php'); require_api('authentication_api.php'); require_api('config_api.php'); require_api('form_api.php'); require_api('gpc_api.php'); require_api('helper_api.php'); require_api('html_api.php'); require_api('lang_api.php'); require_api('news_api.php'); require_api('print_api.php'); news_ensure_enabled(); form_security_validate('news_add'); access_ensure_project_level(config_get('manage_news_threshold')); $f_view_state = gpc_get_int('view_state'); $f_headline = gpc_get_string('headline'); $f_announcement = gpc_get_bool('announcement'); $f_body = gpc_get_string('body'); $t_news_id = news_create(helper_get_current_project(), auth_get_current_user_id(), $f_view_state, $f_announcement, $f_headline, $f_body); form_security_purge('news_add'); $t_news_row = news_get_row($t_news_id); html_page_top(); html_operation_successful('news_menu_page.php'); print_news_entry_from_row($t_news_row); html_page_bottom();