예제 #1
0
파일: print_api.php 프로젝트: gtn/mantisbt
/**
 * This populates an option list with the appropriate users by access level
 * @todo from print_reporter_option_list
 * @param integer|array $p_user_id    A user identifier or a list of them.
 * @param integer       $p_project_id A project identifier.
 * @param integer       $p_access     An access level.
 * @return void
 */
function print_user_option_list($p_user_id, $p_project_id = null, $p_access = ANYBODY)
{
    $t_current_user = auth_get_current_user_id();
    if (null === $p_project_id) {
        $p_project_id = helper_get_current_project();
    }
    if ($p_project_id === ALL_PROJECTS) {
        $t_projects = user_get_accessible_projects($t_current_user);
        # Get list of users having access level for all accessible projects
        $t_users = array();
        foreach ($t_projects as $t_project_id) {
            $t_project_users_list = project_get_all_user_rows($t_project_id, $p_access);
            # Do a 'smart' merge of the project's user list, into an
            # associative array (to remove duplicates)
            foreach ($t_project_users_list as $t_id => $t_user) {
                $t_users[$t_id] = $t_user;
            }
            # Clear the array to release memory
            unset($t_project_users_list);
        }
        unset($t_projects);
    } else {
        $t_users = project_get_all_user_rows($p_project_id, $p_access);
    }
    # Add the specified user ID to the list
    # If we have an array of user IDs, then we've been called from a filter
    # so don't add anything
    if (!is_array($p_user_id) && $p_user_id != NO_USER && !array_key_exists($p_user_id, $t_users)) {
        $t_row = user_get_row($p_user_id);
        if ($t_row === false) {
            # User doesn't exist - create a dummy record for display purposes
            $t_name = user_get_name($p_user_id);
            $t_row = array('id' => $p_user_id, 'username' => $t_name, 'realname' => $t_name);
        }
        $t_users[$p_user_id] = $t_row;
    }
    $t_display = array();
    $t_sort = array();
    $t_show_realname = ON == config_get('show_realname');
    $t_sort_by_last_name = ON == config_get('sort_by_last_name');
    foreach ($t_users as $t_key => $t_user) {
        $t_user_name = string_attribute($t_user['username']);
        $t_sort_name = utf8_strtolower($t_user_name);
        if ($t_show_realname && $t_user['realname'] != '') {
            $t_user_name = string_attribute($t_user['realname']);
            if ($t_sort_by_last_name) {
                $t_sort_name_bits = explode(' ', utf8_strtolower($t_user_name), 2);
                $t_sort_name = (isset($t_sort_name_bits[1]) ? $t_sort_name_bits[1] . ', ' : '') . $t_sort_name_bits[0];
            } else {
                $t_sort_name = utf8_strtolower($t_user_name);
            }
        }
        $t_display[] = $t_user_name;
        $t_sort[] = $t_sort_name;
    }
    array_multisort($t_sort, SORT_ASC, SORT_STRING, $t_users, $t_display);
    unset($t_sort);
    $t_count = count($t_users);
    for ($i = 0; $i < $t_count; $i++) {
        $t_row = $t_users[$i];
        echo '<option value="' . $t_row['id'] . '" ';
        check_selected($p_user_id, (int) $t_row['id']);
        echo '>' . $t_display[$i] . '</option>';
    }
}
예제 #2
0
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('project_api.php');
require_api('user_api.php');
form_security_validate('manage_proj_user_remove');
auth_reauthenticate();
$f_project_id = gpc_get_int('project_id');
$f_user_id = gpc_get_int('user_id', 0);
# We should check both since we are in the project section and an
#  admin might raise the first threshold and not realize they need
#  to raise the second
access_ensure_project_level(config_get('manage_project_threshold'), $f_project_id);
access_ensure_project_level(config_get('project_user_threshold'), $f_project_id);
if (0 == $f_user_id) {
    # Confirm with the user
    helper_ensure_confirmed(lang_get('remove_all_users_sure_msg'), lang_get('remove_all_users_button'));
    project_remove_all_users($f_project_id, access_get_project_level($f_project_id));
} else {
    # Don't allow removal of users from the project who have a higher access level than the current user
    access_ensure_project_level(access_get_project_level($f_project_id, $f_user_id), $f_project_id);
    $t_user = user_get_row($f_user_id);
    # Confirm with the user
    helper_ensure_confirmed(lang_get('remove_user_sure_msg') . '<br/>' . lang_get('username_label') . lang_get('word_separator') . $t_user['username'], lang_get('remove_user_button'));
    project_remove_user($f_project_id, $f_user_id);
}
form_security_purge('manage_proj_user_remove');
$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id;
html_page_top(null, $t_redirect_url);
html_operation_successful($t_redirect_url);
html_page_bottom();
예제 #3
0
function user_get_field($p_user_id, $p_field_name)
{
    if (NO_USER == $p_user_id) {
        trigger_error('user_get_field() for NO_USER', WARNING);
        return "@null@";
    }
    $row = user_get_row($p_user_id);
    if (isset($row[$p_field_name])) {
        return $row[$p_field_name];
    } else {
        error_parameters($p_field_name);
        trigger_error(ERROR_DB_FIELD_NOT_FOUND, WARNING);
        return '';
    }
}
예제 #4
0
/**
 * return the specified user field for the user id
 *
 * @param integer $p_user_id    A valid user identifier.
 * @param string  $p_field_name The field name to retrieve.
 * @return string
 */
function user_get_field($p_user_id, $p_field_name)
{
    if (NO_USER == $p_user_id) {
        error_parameters(NO_USER);
        trigger_error(ERROR_USER_BY_ID_NOT_FOUND, WARNING);
        return '@null@';
    }
    $t_row = user_get_row($p_user_id);
    if (isset($t_row[$p_field_name])) {
        switch ($p_field_name) {
            case 'access_level':
                return (int) $t_row[$p_field_name];
            default:
                return $t_row[$p_field_name];
        }
    } else {
        error_parameters($p_field_name);
        trigger_error(ERROR_DB_FIELD_NOT_FOUND, WARNING);
        return '';
    }
}
예제 #5
0
/**
 * Allows scripts to login using a login name or ( login name + password )
 * @param string $p_username username
 * @param string $p_password username
 * @return bool indicates if authentication was successful
 * @access public
 */
function auth_attempt_script_login($p_username, $p_password = null)
{
    global $g_script_login_cookie, $g_cache_current_user_id;
    $t_user_id = user_get_id_by_name($p_username);
    if (false === $t_user_id) {
        return false;
    }
    $t_user = user_get_row($t_user_id);
    # check for disabled account
    if (OFF == $t_user['enabled']) {
        return false;
    }
    # validate password if supplied
    if (null !== $p_password) {
        if (!auth_does_password_match($t_user_id, $p_password)) {
            return false;
        }
    }
    # ok, we're good to login now
    # With cases like RSS feeds and MantisConnect there is a login per operation, hence, there is no
    # real significance of incrementing login count.
    # increment login count
    # user_increment_login_count( $t_user_id );
    # set the cookies
    $g_script_login_cookie = $t_user['cookie_string'];
    # cache user id for future reference
    $g_cache_current_user_id = $t_user_id;
    return true;
}
예제 #6
0
 * @link http://www.mantisbt.org
 */
/**
 * MantisBT Core API's
 */
require_once 'core.php';
require_once 'current_user_api.php';
$t_use_gravatar = config_get('use_gravatar', false, auth_get_current_user_id(), ALL_PROJECTS);
#============ Parameters ============
# (none)
#============ Permissions ============
auth_ensure_user_authenticated();
current_user_ensure_unprotected();
# extracts the user information for the currently logged in user
# and prefixes it with u_
$row = user_get_row(auth_get_current_user_id());
extract($row, EXTR_PREFIX_ALL, 'u');
$t_ldap = LDAP == config_get('login_method');
# In case we're using LDAP to get the email address... this will pull out
#  that version instead of the one in the DB
$u_email = user_get_email($u_id, $u_username);
# note if we are being included by a script of a different name, if so,
#  this is a mandatory password change request
$t_force_pw_reset = is_page_name('verify.php');
# Only show the update button if there is something to update.
$t_show_update_button = false;
html_page_top(lang_get('account_link'));
?>

<!-- # Edit Account Form BEGIN -->
<br />
예제 #7
0
/**
 * Allows scripts to login using a login name or ( login name + password )
 *
 * There are multiple scenarios where this is used:
 * - Anonymous login (blank username supplied).
 * - Anonymous login with anonymous user name specified.
 * - Anonymous login with account not existing or disabled.
 * - Pre-authenticated user via some secret hash from email verify or rss feed, where username
 *   is specified but password is null.
 * - Standard authentication with username and password specified.
 *
 * @param string $p_username Username.
 * @param string $p_password Password.
 * @return boolean indicates if authentication was successful
 * @access public
 */
function auth_attempt_script_login($p_username, $p_password = null)
{
    global $g_script_login_cookie;
    $t_username = $p_username;
    $t_password = $p_password;
    $t_anon_allowed = config_get('allow_anonymous_login');
    if ($t_anon_allowed == ON) {
        $t_anonymous_account = config_get('anonymous_account');
    } else {
        $t_anonymous_account = '';
    }
    # if no user name supplied, then attempt to login as anonymous user.
    if (is_blank($t_username) || strcasecmp($t_username, $t_anonymous_account) == 0) {
        if ($t_anon_allowed == OFF) {
            return false;
        }
        $t_username = $t_anonymous_account;
        # do not use password validation.
        $t_password = null;
    }
    $t_user_id = auth_get_user_id_from_login_name($t_username);
    if ($t_user_id === false) {
        $t_user_id = auth_auto_create_user($t_username, $p_password);
        if ($t_user_id === false) {
            return false;
        }
    }
    $t_user = user_get_row($t_user_id);
    # check for disabled account
    if (OFF == $t_user['enabled']) {
        return false;
    }
    # validate password if supplied
    if (null !== $t_password) {
        if (!auth_does_password_match($t_user_id, $t_password)) {
            return false;
        }
    }
    # ok, we're good to login now
    # With cases like RSS feeds and MantisConnect there is a login per operation, hence, there is no
    # real significance of incrementing login count.
    # increment login count
    # user_increment_login_count( $t_user_id );
    # set the cookies
    $g_script_login_cookie = $t_user['cookie_string'];
    # cache user id for future reference
    current_user_set($t_user_id);
    return true;
}
예제 #8
0
require_api('config_api.php');
require_api('constant_inc.php');
require_api('error_api.php');
require_api('gpc_api.php');
require_api('helper_api.php');
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('string_api.php');
require_api('user_api.php');
require_api('utility_api.php');
auth_ensure_user_authenticated();
# extracts the user information for the currently logged in user
# and prefixes it with u_
$f_user_id = gpc_get_int('id', auth_get_current_user_id());
$row = user_get_row($f_user_id);
extract($row, EXTR_PREFIX_ALL, 'u');
$t_can_manage = access_has_global_level(config_get('manage_user_threshold')) && access_has_global_level($u_access_level);
$t_can_see_realname = access_has_project_level(config_get('show_user_realname_threshold'));
$t_can_see_email = access_has_project_level(config_get('show_user_email_threshold'));
# In case we're using LDAP to get the email address... this will pull out
#  that version instead of the one in the DB
$u_email = user_get_email($u_id);
$u_realname = user_get_realname($u_id);
html_page_top();
?>

<br />
<div align="center">
<table class="width75" cellspacing="1">
	<tr>
예제 #9
0
 function getUserEmail($p_user_id)
 {
     $t_user = user_get_row($p_user_id);
     return $t_user['email'];
 }
# $Id: admin_manage_users_edit.php,v 1.8 2002/10/07 02:54:39 vboctor Exp $
# --------------------------------------------------------
require_once 'core' . DIRECTORY_SEPARATOR . 'api.php';
login_cookie_check();
access_ensure_check_action(ACTION_USERS_EDIT);
print_html_top();
print_head_top();
print_title($g_window_title);
print_css($g_css_inc_file);
print_head_bottom();
print_body_top();
print_header($g_page_title);
print_top_page($g_top_page_inc);
print_admin_menu();
$f_user_id = gpc_get('f_user_id');
$t_user_array = user_get_row($f_user_id);
extract($t_user_array, EXTR_PREFIX_ALL, 'v');
# @@@ Need to LOCALIZE text
?>
<div align="center">
<div class="small-width">
<form method="post" action="<?php 
echo $g_admin_manage_users_update;
?>
">
<input type="hidden" name="f_user_id" value="<?php 
echo $v_id;
?>
" />
<table class="box" summary="">
<tr class="title">
예제 #11
0
 public function put($request)
 {
     /**
      * 	Updates the user.
      *
      *      @param $request - The Request we're responding to
      */
     $this->user_id = User::get_mantis_id_from_url($request->url);
     if (!access_has_global_level(config_get('manage_user_threshold')) && auth_get_current_user_id() != $this->user_id) {
         throw new HTTPException(403, "Access denied to edit user {$this->user_id}'s info");
     }
     $this->populate_from_repr($request->body);
     # Do some validation on the inputs (from Mantis's user_create())
     $username = db_prepare_string($this->rsrc_data['username']);
     $realname = db_prepare_string($this->rsrc_data['realname']);
     $password = db_prepare_string($this->rsrc_data['password']);
     $email = db_prepare_string($this->rsrc_data['email']);
     $access_level = db_prepare_int(get_string_to_enum(config_get('access_levels_enum_string'), $this->rsrc_data['access_level']));
     $protected = db_prepare_bool($this->rsrc_data['protected']);
     $enabled = db_prepare_bool($this->rsrc_data['enabled']);
     user_ensure_name_valid($username);
     user_ensure_realname_valid($realname);
     user_ensure_realname_unique($username, $realname);
     email_ensure_valid($email);
     # The cookie string is based on email and username, so if either of those changed,
     # we have to change the cookie string.
     $user_row = user_get_row($this->user_id);
     $username_key = array_key_exists('username', $user_row) ? 'username' : 1;
     $email_key = array_key_exists('email', $user_row) ? 'email' : 3;
     $cookie_string_key = array_key_exists('cookie_string', $user_row) ? 'cookie_string' : 13;
     if ($user_row[$username_key] != $username || $user_row[$email_key] != $email) {
         $seed = $email . $username;
         $cookie_string = auth_generate_unique_cookie_string($seed);
     } else {
         $cookie_string = $user_row[$cookie_string_key];
     }
     $password_hash = auth_process_plain_password($password);
     $user_table = config_get('mantis_user_table');
     $query = "UPDATE  {$user_table}\n\t\t\t\tSET username = '******',\n\t\t\t\t    realname = '{$realname}',\n\t\t\t\t    email = '{$email}',\n\t\t\t\t    password = '******',\n\t\t\t\t    enabled = {$enabled},\n\t\t\t\t    protected = {$protected},\n\t\t\t\t    access_level = {$access_level},\n\t\t\t\t    cookie_string = '{$cookie_string}'\n\t\t\t\tWHERE id = {$this->user_id};";
     db_query($query);
     $resp = new Response();
     $resp->status = 204;
     return $resp;
 }
예제 #12
0
function auth_attempt_script_login($p_username, $p_password = null)
{
    global $g_script_login_cookie, $g_cache_current_user_id;
    $t_user_id = user_get_id_by_name($p_username);
    $t_user = user_get_row($t_user_id);
    # check for disabled account
    if (OFF == $t_user['enabled']) {
        return false;
    }
    # validate password if supplied
    if (null !== $p_password) {
        if (!auth_does_password_match($t_user_id, $p_password)) {
            return false;
        }
    }
    # ok, we're good to login now
    # increment login count
    user_increment_login_count($t_user_id);
    # set the cookies
    $g_script_login_cookie = $t_user['cookie_string'];
    # cache user id for future reference
    $g_cache_current_user_id = $t_user_id;
    return true;
}
예제 #13
0
function user_update($p_user_id, $p_email, $p_password, $p_access_level, $p_enabled, $p_protected)
{
    global $g_phpWN_user_table;
    if (empty($p_password)) {
        $t_user_row = user_get_row($p_user_id);
        $c_password = $t_user_row['password'];
    } else {
        $c_password = db_prepare_string(access_encrypt_password($p_password));
    }
    $c_user_id = db_prepare_int($p_user_id);
    $c_email = db_prepare_string($p_email);
    $c_access_level = db_prepare_string($p_access_level);
    $c_enabled = db_prepare_string($p_enabled);
    $c_protected = db_prepare_string($p_protected);
    $query = "UPDATE {$g_phpWN_user_table}\r\n\t\t\t\tSET email='{$c_email}',\r\n\t\t\t\t\tpassword='******',\r\n\t\t\t\t\taccess_level={$c_access_level},\r\n\t\t\t\t\tenabled={$c_enabled},\r\n\t\t\t\t\tprotected={$c_protected}\r\n\t\t\t\tWHERE id={$c_user_id}";
    return db_query($query);
}