/** * This populates an option list with the appropriate users by access level * @todo from print_reporter_option_list * @param integer|array $p_user_id A user identifier or a list of them. * @param integer $p_project_id A project identifier. * @param integer $p_access An access level. * @return void */ function print_user_option_list($p_user_id, $p_project_id = null, $p_access = ANYBODY) { $t_current_user = auth_get_current_user_id(); if (null === $p_project_id) { $p_project_id = helper_get_current_project(); } if ($p_project_id === ALL_PROJECTS) { $t_projects = user_get_accessible_projects($t_current_user); # Get list of users having access level for all accessible projects $t_users = array(); foreach ($t_projects as $t_project_id) { $t_project_users_list = project_get_all_user_rows($t_project_id, $p_access); # Do a 'smart' merge of the project's user list, into an # associative array (to remove duplicates) foreach ($t_project_users_list as $t_id => $t_user) { $t_users[$t_id] = $t_user; } # Clear the array to release memory unset($t_project_users_list); } unset($t_projects); } else { $t_users = project_get_all_user_rows($p_project_id, $p_access); } # Add the specified user ID to the list # If we have an array of user IDs, then we've been called from a filter # so don't add anything if (!is_array($p_user_id) && $p_user_id != NO_USER && !array_key_exists($p_user_id, $t_users)) { $t_row = user_get_row($p_user_id); if ($t_row === false) { # User doesn't exist - create a dummy record for display purposes $t_name = user_get_name($p_user_id); $t_row = array('id' => $p_user_id, 'username' => $t_name, 'realname' => $t_name); } $t_users[$p_user_id] = $t_row; } $t_display = array(); $t_sort = array(); $t_show_realname = ON == config_get('show_realname'); $t_sort_by_last_name = ON == config_get('sort_by_last_name'); foreach ($t_users as $t_key => $t_user) { $t_user_name = string_attribute($t_user['username']); $t_sort_name = utf8_strtolower($t_user_name); if ($t_show_realname && $t_user['realname'] != '') { $t_user_name = string_attribute($t_user['realname']); if ($t_sort_by_last_name) { $t_sort_name_bits = explode(' ', utf8_strtolower($t_user_name), 2); $t_sort_name = (isset($t_sort_name_bits[1]) ? $t_sort_name_bits[1] . ', ' : '') . $t_sort_name_bits[0]; } else { $t_sort_name = utf8_strtolower($t_user_name); } } $t_display[] = $t_user_name; $t_sort[] = $t_sort_name; } array_multisort($t_sort, SORT_ASC, SORT_STRING, $t_users, $t_display); unset($t_sort); $t_count = count($t_users); for ($i = 0; $i < $t_count; $i++) { $t_row = $t_users[$i]; echo '<option value="' . $t_row['id'] . '" '; check_selected($p_user_id, (int) $t_row['id']); echo '>' . $t_display[$i] . '</option>'; } }
require_api('html_api.php'); require_api('lang_api.php'); require_api('print_api.php'); require_api('project_api.php'); require_api('user_api.php'); form_security_validate('manage_proj_user_remove'); auth_reauthenticate(); $f_project_id = gpc_get_int('project_id'); $f_user_id = gpc_get_int('user_id', 0); # We should check both since we are in the project section and an # admin might raise the first threshold and not realize they need # to raise the second access_ensure_project_level(config_get('manage_project_threshold'), $f_project_id); access_ensure_project_level(config_get('project_user_threshold'), $f_project_id); if (0 == $f_user_id) { # Confirm with the user helper_ensure_confirmed(lang_get('remove_all_users_sure_msg'), lang_get('remove_all_users_button')); project_remove_all_users($f_project_id, access_get_project_level($f_project_id)); } else { # Don't allow removal of users from the project who have a higher access level than the current user access_ensure_project_level(access_get_project_level($f_project_id, $f_user_id), $f_project_id); $t_user = user_get_row($f_user_id); # Confirm with the user helper_ensure_confirmed(lang_get('remove_user_sure_msg') . '<br/>' . lang_get('username_label') . lang_get('word_separator') . $t_user['username'], lang_get('remove_user_button')); project_remove_user($f_project_id, $f_user_id); } form_security_purge('manage_proj_user_remove'); $t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id; html_page_top(null, $t_redirect_url); html_operation_successful($t_redirect_url); html_page_bottom();
function user_get_field($p_user_id, $p_field_name) { if (NO_USER == $p_user_id) { trigger_error('user_get_field() for NO_USER', WARNING); return "@null@"; } $row = user_get_row($p_user_id); if (isset($row[$p_field_name])) { return $row[$p_field_name]; } else { error_parameters($p_field_name); trigger_error(ERROR_DB_FIELD_NOT_FOUND, WARNING); return ''; } }
/** * return the specified user field for the user id * * @param integer $p_user_id A valid user identifier. * @param string $p_field_name The field name to retrieve. * @return string */ function user_get_field($p_user_id, $p_field_name) { if (NO_USER == $p_user_id) { error_parameters(NO_USER); trigger_error(ERROR_USER_BY_ID_NOT_FOUND, WARNING); return '@null@'; } $t_row = user_get_row($p_user_id); if (isset($t_row[$p_field_name])) { switch ($p_field_name) { case 'access_level': return (int) $t_row[$p_field_name]; default: return $t_row[$p_field_name]; } } else { error_parameters($p_field_name); trigger_error(ERROR_DB_FIELD_NOT_FOUND, WARNING); return ''; } }
/** * Allows scripts to login using a login name or ( login name + password ) * @param string $p_username username * @param string $p_password username * @return bool indicates if authentication was successful * @access public */ function auth_attempt_script_login($p_username, $p_password = null) { global $g_script_login_cookie, $g_cache_current_user_id; $t_user_id = user_get_id_by_name($p_username); if (false === $t_user_id) { return false; } $t_user = user_get_row($t_user_id); # check for disabled account if (OFF == $t_user['enabled']) { return false; } # validate password if supplied if (null !== $p_password) { if (!auth_does_password_match($t_user_id, $p_password)) { return false; } } # ok, we're good to login now # With cases like RSS feeds and MantisConnect there is a login per operation, hence, there is no # real significance of incrementing login count. # increment login count # user_increment_login_count( $t_user_id ); # set the cookies $g_script_login_cookie = $t_user['cookie_string']; # cache user id for future reference $g_cache_current_user_id = $t_user_id; return true; }
* @link http://www.mantisbt.org */ /** * MantisBT Core API's */ require_once 'core.php'; require_once 'current_user_api.php'; $t_use_gravatar = config_get('use_gravatar', false, auth_get_current_user_id(), ALL_PROJECTS); #============ Parameters ============ # (none) #============ Permissions ============ auth_ensure_user_authenticated(); current_user_ensure_unprotected(); # extracts the user information for the currently logged in user # and prefixes it with u_ $row = user_get_row(auth_get_current_user_id()); extract($row, EXTR_PREFIX_ALL, 'u'); $t_ldap = LDAP == config_get('login_method'); # In case we're using LDAP to get the email address... this will pull out # that version instead of the one in the DB $u_email = user_get_email($u_id, $u_username); # note if we are being included by a script of a different name, if so, # this is a mandatory password change request $t_force_pw_reset = is_page_name('verify.php'); # Only show the update button if there is something to update. $t_show_update_button = false; html_page_top(lang_get('account_link')); ?> <!-- # Edit Account Form BEGIN --> <br />
/** * Allows scripts to login using a login name or ( login name + password ) * * There are multiple scenarios where this is used: * - Anonymous login (blank username supplied). * - Anonymous login with anonymous user name specified. * - Anonymous login with account not existing or disabled. * - Pre-authenticated user via some secret hash from email verify or rss feed, where username * is specified but password is null. * - Standard authentication with username and password specified. * * @param string $p_username Username. * @param string $p_password Password. * @return boolean indicates if authentication was successful * @access public */ function auth_attempt_script_login($p_username, $p_password = null) { global $g_script_login_cookie; $t_username = $p_username; $t_password = $p_password; $t_anon_allowed = config_get('allow_anonymous_login'); if ($t_anon_allowed == ON) { $t_anonymous_account = config_get('anonymous_account'); } else { $t_anonymous_account = ''; } # if no user name supplied, then attempt to login as anonymous user. if (is_blank($t_username) || strcasecmp($t_username, $t_anonymous_account) == 0) { if ($t_anon_allowed == OFF) { return false; } $t_username = $t_anonymous_account; # do not use password validation. $t_password = null; } $t_user_id = auth_get_user_id_from_login_name($t_username); if ($t_user_id === false) { $t_user_id = auth_auto_create_user($t_username, $p_password); if ($t_user_id === false) { return false; } } $t_user = user_get_row($t_user_id); # check for disabled account if (OFF == $t_user['enabled']) { return false; } # validate password if supplied if (null !== $t_password) { if (!auth_does_password_match($t_user_id, $t_password)) { return false; } } # ok, we're good to login now # With cases like RSS feeds and MantisConnect there is a login per operation, hence, there is no # real significance of incrementing login count. # increment login count # user_increment_login_count( $t_user_id ); # set the cookies $g_script_login_cookie = $t_user['cookie_string']; # cache user id for future reference current_user_set($t_user_id); return true; }
require_api('config_api.php'); require_api('constant_inc.php'); require_api('error_api.php'); require_api('gpc_api.php'); require_api('helper_api.php'); require_api('html_api.php'); require_api('lang_api.php'); require_api('print_api.php'); require_api('string_api.php'); require_api('user_api.php'); require_api('utility_api.php'); auth_ensure_user_authenticated(); # extracts the user information for the currently logged in user # and prefixes it with u_ $f_user_id = gpc_get_int('id', auth_get_current_user_id()); $row = user_get_row($f_user_id); extract($row, EXTR_PREFIX_ALL, 'u'); $t_can_manage = access_has_global_level(config_get('manage_user_threshold')) && access_has_global_level($u_access_level); $t_can_see_realname = access_has_project_level(config_get('show_user_realname_threshold')); $t_can_see_email = access_has_project_level(config_get('show_user_email_threshold')); # In case we're using LDAP to get the email address... this will pull out # that version instead of the one in the DB $u_email = user_get_email($u_id); $u_realname = user_get_realname($u_id); html_page_top(); ?> <br /> <div align="center"> <table class="width75" cellspacing="1"> <tr>
function getUserEmail($p_user_id) { $t_user = user_get_row($p_user_id); return $t_user['email']; }
# $Id: admin_manage_users_edit.php,v 1.8 2002/10/07 02:54:39 vboctor Exp $ # -------------------------------------------------------- require_once 'core' . DIRECTORY_SEPARATOR . 'api.php'; login_cookie_check(); access_ensure_check_action(ACTION_USERS_EDIT); print_html_top(); print_head_top(); print_title($g_window_title); print_css($g_css_inc_file); print_head_bottom(); print_body_top(); print_header($g_page_title); print_top_page($g_top_page_inc); print_admin_menu(); $f_user_id = gpc_get('f_user_id'); $t_user_array = user_get_row($f_user_id); extract($t_user_array, EXTR_PREFIX_ALL, 'v'); # @@@ Need to LOCALIZE text ?> <div align="center"> <div class="small-width"> <form method="post" action="<?php echo $g_admin_manage_users_update; ?> "> <input type="hidden" name="f_user_id" value="<?php echo $v_id; ?> " /> <table class="box" summary=""> <tr class="title">
public function put($request) { /** * Updates the user. * * @param $request - The Request we're responding to */ $this->user_id = User::get_mantis_id_from_url($request->url); if (!access_has_global_level(config_get('manage_user_threshold')) && auth_get_current_user_id() != $this->user_id) { throw new HTTPException(403, "Access denied to edit user {$this->user_id}'s info"); } $this->populate_from_repr($request->body); # Do some validation on the inputs (from Mantis's user_create()) $username = db_prepare_string($this->rsrc_data['username']); $realname = db_prepare_string($this->rsrc_data['realname']); $password = db_prepare_string($this->rsrc_data['password']); $email = db_prepare_string($this->rsrc_data['email']); $access_level = db_prepare_int(get_string_to_enum(config_get('access_levels_enum_string'), $this->rsrc_data['access_level'])); $protected = db_prepare_bool($this->rsrc_data['protected']); $enabled = db_prepare_bool($this->rsrc_data['enabled']); user_ensure_name_valid($username); user_ensure_realname_valid($realname); user_ensure_realname_unique($username, $realname); email_ensure_valid($email); # The cookie string is based on email and username, so if either of those changed, # we have to change the cookie string. $user_row = user_get_row($this->user_id); $username_key = array_key_exists('username', $user_row) ? 'username' : 1; $email_key = array_key_exists('email', $user_row) ? 'email' : 3; $cookie_string_key = array_key_exists('cookie_string', $user_row) ? 'cookie_string' : 13; if ($user_row[$username_key] != $username || $user_row[$email_key] != $email) { $seed = $email . $username; $cookie_string = auth_generate_unique_cookie_string($seed); } else { $cookie_string = $user_row[$cookie_string_key]; } $password_hash = auth_process_plain_password($password); $user_table = config_get('mantis_user_table'); $query = "UPDATE {$user_table}\n\t\t\t\tSET username = '******',\n\t\t\t\t realname = '{$realname}',\n\t\t\t\t email = '{$email}',\n\t\t\t\t password = '******',\n\t\t\t\t enabled = {$enabled},\n\t\t\t\t protected = {$protected},\n\t\t\t\t access_level = {$access_level},\n\t\t\t\t cookie_string = '{$cookie_string}'\n\t\t\t\tWHERE id = {$this->user_id};"; db_query($query); $resp = new Response(); $resp->status = 204; return $resp; }
function auth_attempt_script_login($p_username, $p_password = null) { global $g_script_login_cookie, $g_cache_current_user_id; $t_user_id = user_get_id_by_name($p_username); $t_user = user_get_row($t_user_id); # check for disabled account if (OFF == $t_user['enabled']) { return false; } # validate password if supplied if (null !== $p_password) { if (!auth_does_password_match($t_user_id, $p_password)) { return false; } } # ok, we're good to login now # increment login count user_increment_login_count($t_user_id); # set the cookies $g_script_login_cookie = $t_user['cookie_string']; # cache user id for future reference $g_cache_current_user_id = $t_user_id; return true; }
function user_update($p_user_id, $p_email, $p_password, $p_access_level, $p_enabled, $p_protected) { global $g_phpWN_user_table; if (empty($p_password)) { $t_user_row = user_get_row($p_user_id); $c_password = $t_user_row['password']; } else { $c_password = db_prepare_string(access_encrypt_password($p_password)); } $c_user_id = db_prepare_int($p_user_id); $c_email = db_prepare_string($p_email); $c_access_level = db_prepare_string($p_access_level); $c_enabled = db_prepare_string($p_enabled); $c_protected = db_prepare_string($p_protected); $query = "UPDATE {$g_phpWN_user_table}\r\n\t\t\t\tSET email='{$c_email}',\r\n\t\t\t\t\tpassword='******',\r\n\t\t\t\t\taccess_level={$c_access_level},\r\n\t\t\t\t\tenabled={$c_enabled},\r\n\t\t\t\t\tprotected={$c_protected}\r\n\t\t\t\tWHERE id={$c_user_id}"; return db_query($query); }