/**
* This populates an option list with the appropriate users by access level
* @todo from print_reporter_option_list
* @param integer|array $p_user_id A user identifier or a list of them.
* @param integer $p_project_id A project identifier.
* @param integer $p_access An access level.
* @return void
*/
function print_user_option_list($p_user_id, $p_project_id = null, $p_access = ANYBODY)
{
$t_current_user = auth_get_current_user_id();
if (null === $p_project_id) {
$p_project_id = helper_get_current_project();
}
if ($p_project_id === ALL_PROJECTS) {
$t_projects = user_get_accessible_projects($t_current_user);
# Get list of users having access level for all accessible projects
$t_users = array();
foreach ($t_projects as $t_project_id) {
$t_project_users_list = project_get_all_user_rows($t_project_id, $p_access);
# Do a 'smart' merge of the project's user list, into an
# associative array (to remove duplicates)
foreach ($t_project_users_list as $t_id => $t_user) {
$t_users[$t_id] = $t_user;
}
# Clear the array to release memory
unset($t_project_users_list);
}
unset($t_projects);
} else {
$t_users = project_get_all_user_rows($p_project_id, $p_access);
}
# Add the specified user ID to the list
# If we have an array of user IDs, then we've been called from a filter
# so don't add anything
if (!is_array($p_user_id) && $p_user_id != NO_USER && !array_key_exists($p_user_id, $t_users)) {
$t_row = user_get_row($p_user_id);
if ($t_row === false) {
# User doesn't exist - create a dummy record for display purposes
$t_name = user_get_name($p_user_id);
$t_row = array('id' => $p_user_id, 'username' => $t_name, 'realname' => $t_name);
}
$t_users[$p_user_id] = $t_row;
}
$t_display = array();
$t_sort = array();
$t_show_realname = ON == config_get('show_realname');
$t_sort_by_last_name = ON == config_get('sort_by_last_name');
foreach ($t_users as $t_key => $t_user) {
$t_user_name = string_attribute($t_user['username']);
$t_sort_name = utf8_strtolower($t_user_name);
if ($t_show_realname && $t_user['realname'] != '') {
$t_user_name = string_attribute($t_user['realname']);
if ($t_sort_by_last_name) {
$t_sort_name_bits = explode(' ', utf8_strtolower($t_user_name), 2);
$t_sort_name = (isset($t_sort_name_bits[1]) ? $t_sort_name_bits[1] . ', ' : '') . $t_sort_name_bits[0];
} else {
$t_sort_name = utf8_strtolower($t_user_name);
}
}
$t_display[] = $t_user_name;
$t_sort[] = $t_sort_name;
}
array_multisort($t_sort, SORT_ASC, SORT_STRING, $t_users, $t_display);
unset($t_sort);
$t_count = count($t_users);
for ($i = 0; $i < $t_count; $i++) {
$t_row = $t_users[$i];
echo '<option value="' . $t_row['id'] . '" ';
check_selected($p_user_id, (int) $t_row['id']);
echo '>' . $t_display[$i] . '</option>';
}
}
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('project_api.php');
require_api('user_api.php');
form_security_validate('manage_proj_user_remove');
auth_reauthenticate();
$f_project_id = gpc_get_int('project_id');
$f_user_id = gpc_get_int('user_id', 0);
# We should check both since we are in the project section and an
# admin might raise the first threshold and not realize they need
# to raise the second
access_ensure_project_level(config_get('manage_project_threshold'), $f_project_id);
access_ensure_project_level(config_get('project_user_threshold'), $f_project_id);
if (0 == $f_user_id) {
# Confirm with the user
helper_ensure_confirmed(lang_get('remove_all_users_sure_msg'), lang_get('remove_all_users_button'));
project_remove_all_users($f_project_id, access_get_project_level($f_project_id));
} else {
# Don't allow removal of users from the project who have a higher access level than the current user
access_ensure_project_level(access_get_project_level($f_project_id, $f_user_id), $f_project_id);
$t_user = user_get_row($f_user_id);
# Confirm with the user
helper_ensure_confirmed(lang_get('remove_user_sure_msg') . '<br/>' . lang_get('username_label') . lang_get('word_separator') . $t_user['username'], lang_get('remove_user_button'));
project_remove_user($f_project_id, $f_user_id);
}
form_security_purge('manage_proj_user_remove');
$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id;
html_page_top(null, $t_redirect_url);
html_operation_successful($t_redirect_url);
html_page_bottom();
function user_get_field($p_user_id, $p_field_name)
{
if (NO_USER == $p_user_id) {
trigger_error('user_get_field() for NO_USER', WARNING);
return "@null@";
}
$row = user_get_row($p_user_id);
if (isset($row[$p_field_name])) {
return $row[$p_field_name];
} else {
error_parameters($p_field_name);
trigger_error(ERROR_DB_FIELD_NOT_FOUND, WARNING);
return '';
}
}
/**
* return the specified user field for the user id
*
* @param integer $p_user_id A valid user identifier.
* @param string $p_field_name The field name to retrieve.
* @return string
*/
function user_get_field($p_user_id, $p_field_name)
{
if (NO_USER == $p_user_id) {
error_parameters(NO_USER);
trigger_error(ERROR_USER_BY_ID_NOT_FOUND, WARNING);
return '@null@';
}
$t_row = user_get_row($p_user_id);
if (isset($t_row[$p_field_name])) {
switch ($p_field_name) {
case 'access_level':
return (int) $t_row[$p_field_name];
default:
return $t_row[$p_field_name];
}
} else {
error_parameters($p_field_name);
trigger_error(ERROR_DB_FIELD_NOT_FOUND, WARNING);
return '';
}
}
/**
* Allows scripts to login using a login name or ( login name + password )
* @param string $p_username username
* @param string $p_password username
* @return bool indicates if authentication was successful
* @access public
*/
function auth_attempt_script_login($p_username, $p_password = null)
{
global $g_script_login_cookie, $g_cache_current_user_id;
$t_user_id = user_get_id_by_name($p_username);
if (false === $t_user_id) {
return false;
}
$t_user = user_get_row($t_user_id);
# check for disabled account
if (OFF == $t_user['enabled']) {
return false;
}
# validate password if supplied
if (null !== $p_password) {
if (!auth_does_password_match($t_user_id, $p_password)) {
return false;
}
}
# ok, we're good to login now
# With cases like RSS feeds and MantisConnect there is a login per operation, hence, there is no
# real significance of incrementing login count.
# increment login count
# user_increment_login_count( $t_user_id );
# set the cookies
$g_script_login_cookie = $t_user['cookie_string'];
# cache user id for future reference
$g_cache_current_user_id = $t_user_id;
return true;
}
* @link http://www.mantisbt.org
*/
/**
* MantisBT Core API's
*/
require_once 'core.php';
require_once 'current_user_api.php';
$t_use_gravatar = config_get('use_gravatar', false, auth_get_current_user_id(), ALL_PROJECTS);
#============ Parameters ============
# (none)
#============ Permissions ============
auth_ensure_user_authenticated();
current_user_ensure_unprotected();
# extracts the user information for the currently logged in user
# and prefixes it with u_
$row = user_get_row(auth_get_current_user_id());
extract($row, EXTR_PREFIX_ALL, 'u');
$t_ldap = LDAP == config_get('login_method');
# In case we're using LDAP to get the email address... this will pull out
# that version instead of the one in the DB
$u_email = user_get_email($u_id, $u_username);
# note if we are being included by a script of a different name, if so,
# this is a mandatory password change request
$t_force_pw_reset = is_page_name('verify.php');
# Only show the update button if there is something to update.
$t_show_update_button = false;
html_page_top(lang_get('account_link'));
?>
<!-- # Edit Account Form BEGIN -->
<br />
/**
* Allows scripts to login using a login name or ( login name + password )
*
* There are multiple scenarios where this is used:
* - Anonymous login (blank username supplied).
* - Anonymous login with anonymous user name specified.
* - Anonymous login with account not existing or disabled.
* - Pre-authenticated user via some secret hash from email verify or rss feed, where username
* is specified but password is null.
* - Standard authentication with username and password specified.
*
* @param string $p_username Username.
* @param string $p_password Password.
* @return boolean indicates if authentication was successful
* @access public
*/
function auth_attempt_script_login($p_username, $p_password = null)
{
global $g_script_login_cookie;
$t_username = $p_username;
$t_password = $p_password;
$t_anon_allowed = config_get('allow_anonymous_login');
if ($t_anon_allowed == ON) {
$t_anonymous_account = config_get('anonymous_account');
} else {
$t_anonymous_account = '';
}
# if no user name supplied, then attempt to login as anonymous user.
if (is_blank($t_username) || strcasecmp($t_username, $t_anonymous_account) == 0) {
if ($t_anon_allowed == OFF) {
return false;
}
$t_username = $t_anonymous_account;
# do not use password validation.
$t_password = null;
}
$t_user_id = auth_get_user_id_from_login_name($t_username);
if ($t_user_id === false) {
$t_user_id = auth_auto_create_user($t_username, $p_password);
if ($t_user_id === false) {
return false;
}
}
$t_user = user_get_row($t_user_id);
# check for disabled account
if (OFF == $t_user['enabled']) {
return false;
}
# validate password if supplied
if (null !== $t_password) {
if (!auth_does_password_match($t_user_id, $t_password)) {
return false;
}
}
# ok, we're good to login now
# With cases like RSS feeds and MantisConnect there is a login per operation, hence, there is no
# real significance of incrementing login count.
# increment login count
# user_increment_login_count( $t_user_id );
# set the cookies
$g_script_login_cookie = $t_user['cookie_string'];
# cache user id for future reference
current_user_set($t_user_id);
return true;
}
require_api('config_api.php');
require_api('constant_inc.php');
require_api('error_api.php');
require_api('gpc_api.php');
require_api('helper_api.php');
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('string_api.php');
require_api('user_api.php');
require_api('utility_api.php');
auth_ensure_user_authenticated();
# extracts the user information for the currently logged in user
# and prefixes it with u_
$f_user_id = gpc_get_int('id', auth_get_current_user_id());
$row = user_get_row($f_user_id);
extract($row, EXTR_PREFIX_ALL, 'u');
$t_can_manage = access_has_global_level(config_get('manage_user_threshold')) && access_has_global_level($u_access_level);
$t_can_see_realname = access_has_project_level(config_get('show_user_realname_threshold'));
$t_can_see_email = access_has_project_level(config_get('show_user_email_threshold'));
# In case we're using LDAP to get the email address... this will pull out
# that version instead of the one in the DB
$u_email = user_get_email($u_id);
$u_realname = user_get_realname($u_id);
html_page_top();
?>
<br />
<div align="center">
<table class="width75" cellspacing="1">
<tr>
function getUserEmail($p_user_id)
{
$t_user = user_get_row($p_user_id);
return $t_user['email'];
}
# $Id: admin_manage_users_edit.php,v 1.8 2002/10/07 02:54:39 vboctor Exp $
# --------------------------------------------------------
require_once 'core' . DIRECTORY_SEPARATOR . 'api.php';
login_cookie_check();
access_ensure_check_action(ACTION_USERS_EDIT);
print_html_top();
print_head_top();
print_title($g_window_title);
print_css($g_css_inc_file);
print_head_bottom();
print_body_top();
print_header($g_page_title);
print_top_page($g_top_page_inc);
print_admin_menu();
$f_user_id = gpc_get('f_user_id');
$t_user_array = user_get_row($f_user_id);
extract($t_user_array, EXTR_PREFIX_ALL, 'v');
# @@@ Need to LOCALIZE text
?>
<div align="center">
<div class="small-width">
<form method="post" action="<?php
echo $g_admin_manage_users_update;
?>
">
<input type="hidden" name="f_user_id" value="<?php
echo $v_id;
?>
" />
<table class="box" summary="">
<tr class="title">
public function put($request)
{
/**
* Updates the user.
*
* @param $request - The Request we're responding to
*/
$this->user_id = User::get_mantis_id_from_url($request->url);
if (!access_has_global_level(config_get('manage_user_threshold')) && auth_get_current_user_id() != $this->user_id) {
throw new HTTPException(403, "Access denied to edit user {$this->user_id}'s info");
}
$this->populate_from_repr($request->body);
# Do some validation on the inputs (from Mantis's user_create())
$username = db_prepare_string($this->rsrc_data['username']);
$realname = db_prepare_string($this->rsrc_data['realname']);
$password = db_prepare_string($this->rsrc_data['password']);
$email = db_prepare_string($this->rsrc_data['email']);
$access_level = db_prepare_int(get_string_to_enum(config_get('access_levels_enum_string'), $this->rsrc_data['access_level']));
$protected = db_prepare_bool($this->rsrc_data['protected']);
$enabled = db_prepare_bool($this->rsrc_data['enabled']);
user_ensure_name_valid($username);
user_ensure_realname_valid($realname);
user_ensure_realname_unique($username, $realname);
email_ensure_valid($email);
# The cookie string is based on email and username, so if either of those changed,
# we have to change the cookie string.
$user_row = user_get_row($this->user_id);
$username_key = array_key_exists('username', $user_row) ? 'username' : 1;
$email_key = array_key_exists('email', $user_row) ? 'email' : 3;
$cookie_string_key = array_key_exists('cookie_string', $user_row) ? 'cookie_string' : 13;
if ($user_row[$username_key] != $username || $user_row[$email_key] != $email) {
$seed = $email . $username;
$cookie_string = auth_generate_unique_cookie_string($seed);
} else {
$cookie_string = $user_row[$cookie_string_key];
}
$password_hash = auth_process_plain_password($password);
$user_table = config_get('mantis_user_table');
$query = "UPDATE {$user_table}\n\t\t\t\tSET username = '******',\n\t\t\t\t realname = '{$realname}',\n\t\t\t\t email = '{$email}',\n\t\t\t\t password = '******',\n\t\t\t\t enabled = {$enabled},\n\t\t\t\t protected = {$protected},\n\t\t\t\t access_level = {$access_level},\n\t\t\t\t cookie_string = '{$cookie_string}'\n\t\t\t\tWHERE id = {$this->user_id};";
db_query($query);
$resp = new Response();
$resp->status = 204;
return $resp;
}
function auth_attempt_script_login($p_username, $p_password = null)
{
global $g_script_login_cookie, $g_cache_current_user_id;
$t_user_id = user_get_id_by_name($p_username);
$t_user = user_get_row($t_user_id);
# check for disabled account
if (OFF == $t_user['enabled']) {
return false;
}
# validate password if supplied
if (null !== $p_password) {
if (!auth_does_password_match($t_user_id, $p_password)) {
return false;
}
}
# ok, we're good to login now
# increment login count
user_increment_login_count($t_user_id);
# set the cookies
$g_script_login_cookie = $t_user['cookie_string'];
# cache user id for future reference
$g_cache_current_user_id = $t_user_id;
return true;
}
function user_update($p_user_id, $p_email, $p_password, $p_access_level, $p_enabled, $p_protected)
{
global $g_phpWN_user_table;
if (empty($p_password)) {
$t_user_row = user_get_row($p_user_id);
$c_password = $t_user_row['password'];
} else {
$c_password = db_prepare_string(access_encrypt_password($p_password));
}
$c_user_id = db_prepare_int($p_user_id);
$c_email = db_prepare_string($p_email);
$c_access_level = db_prepare_string($p_access_level);
$c_enabled = db_prepare_string($p_enabled);
$c_protected = db_prepare_string($p_protected);
$query = "UPDATE {$g_phpWN_user_table}\r\n\t\t\t\tSET email='{$c_email}',\r\n\t\t\t\t\tpassword='******',\r\n\t\t\t\t\taccess_level={$c_access_level},\r\n\t\t\t\t\tenabled={$c_enabled},\r\n\t\t\t\t\tprotected={$c_protected}\r\n\t\t\t\tWHERE id={$c_user_id}";
return db_query($query);
}