function newProductBacklog() { global $agilemantis_au; // Check if team-user name fits into MantisBT regulations if (!(utf8_strlen($this->name) < 22 && user_is_name_valid($this->name) && user_is_name_unique($this->name))) { return null; } $p_username = $this->generateTeamUser($this->name); $p_email = $this->email; $p_email = trim($p_email); $t_seed = $p_email . $p_username; $t_password = auth_generate_random_password($t_seed); if (user_is_name_unique($p_username) === true) { user_create($p_username, $t_password, $p_email, 55, false, true, 'Team-User-' . $_POST['pbl_name']); } else { $t_user_id = $this->getUserIdByName($p_username); user_set_field($t_user_id, 'email', $p_email); } $user_id = $this->getLatestUser(); $agilemantis_au->setAgileMantisUserRights($user_id, 1, 0, 0); if ($this->team == 0) { $this->team = $this->getLatestUser(); } $t_sql = "INSERT INTO gadiv_productbacklogs (name, description, user_id) VALUES ( " . db_param(0) . ", " . db_param(1) . ", " . db_param(2) . ") "; $t_params = array($this->name, $this->description, $user_id); db_query_bound($t_sql, $t_params); $this->id = db_insert_id("gadiv_productbacklogs"); $this->user_id = $user_id; return $this->id; }
/** * Reset the user's password * Take into account the 'send_reset_password' setting * - if it is ON, generate a random password and send an email * (unless the second parameter is false) * - if it is OFF, set the password to blank * Return false if the user is protected, true if the password was * successfully reset * * @param integer $p_user_id A valid user identifier. * @param boolean $p_send_email Whether to send confirmation email. * @return boolean */ function user_reset_password($p_user_id, $p_send_email = true) { $t_protected = user_get_field($p_user_id, 'protected'); # Go with random password and email it to the user if (ON == $t_protected) { return false; } # @@@ do we want to force blank password instead of random if # email notifications are turned off? # How would we indicate that we had done this with a return value? # Should we just have two functions? (user_reset_password_random() # and user_reset_password() )? if (ON == config_get('send_reset_password') && ON == config_get('enable_email_notification')) { $t_email = user_get_field($p_user_id, 'email'); if (is_blank($t_email)) { trigger_error(ERROR_LOST_PASSWORD_NO_EMAIL_SPECIFIED, ERROR); } # Create random password $t_password = auth_generate_random_password(); $t_password2 = auth_process_plain_password($t_password); user_set_field($p_user_id, 'password', $t_password2); # Send notification email if ($p_send_email) { $t_confirm_hash = auth_generate_confirm_hash($p_user_id); email_send_confirm_hash_url($p_user_id, $t_confirm_hash); } } else { # use blank password, no emailing $t_password = auth_process_plain_password(''); user_set_field($p_user_id, 'password', $t_password); # reset the failed login count because in this mode there is no emailing user_reset_failed_login_count_to_zero($p_user_id); } return true; }
/** * Authenticates an user via LDAP given the username and password. * * @param string $p_username The user name. * @param string $p_password The password. * @return true: authenticated, false: failed to authenticate. */ function ldap_authenticate_by_username( $p_username, $p_password ) { if ( ldap_simulation_is_enabled() ) { log_event( LOG_LDAP, "Authenticating via LDAP simulation" ); $t_authenticated = ldap_simulation_authenticate_by_username( $p_username, $p_password ); } else { $c_username = ldap_escape_string( $p_username ); $t_ldap_organization = config_get( 'ldap_organization' ); $t_ldap_root_dn = config_get( 'ldap_root_dn' ); $t_ldap_uid_field = config_get( 'ldap_uid_field', 'uid' ); $t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$c_username))"; $t_search_attrs = array( $t_ldap_uid_field, 'dn', ); # Bind log_event( LOG_LDAP, "Binding to LDAP server" ); $t_ds = ldap_connect_bind(); if ( $t_ds === false ) { ldap_log_error( $t_ds ); trigger_error( ERROR_LDAP_AUTH_FAILED, ERROR ); } # Search for the user id log_event( LOG_LDAP, "Searching for $t_search_filter" ); $t_sr = ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs ); if ( $t_sr === false ) { ldap_log_error( $t_ds ); ldap_unbind( $t_ds ); log_event( LOG_LDAP, "ldap search failed" ); trigger_error( ERROR_LDAP_AUTH_FAILED, ERROR ); } $t_info = @ldap_get_entries( $t_ds, $t_sr ); if ( $t_info === false ) { ldap_log_error( $t_ds ); ldap_free_result( $t_sr ); ldap_unbind( $t_ds ); trigger_error( ERROR_LDAP_AUTH_FAILED, ERROR ); } $t_authenticated = false; if ( $t_info['count'] > 0 ) { # Try to authenticate to each until we get a match for ( $i = 0; $i < $t_info['count']; $i++ ) { $t_dn = $t_info[$i]['dn']; log_event( LOG_LDAP, "Checking {$t_info[$i]['dn']}" ); # Attempt to bind with the DN and password if ( @ldap_bind( $t_ds, $t_dn, $p_password ) ) { $t_authenticated = true; break; } } } else { log_event( LOG_LDAP, "No matching entries found" ); } log_event( LOG_LDAP, "Unbinding from LDAP server" ); ldap_free_result( $t_sr ); ldap_unbind( $t_ds ); } # If user authenticated successfully then update the local DB with information # from LDAP. This will allow us to use the local data after login without # having to go back to LDAP. This will also allow fallback to DB if LDAP is down. if ( $t_authenticated ) { $t_user_id = user_get_id_by_name( $p_username ); if ( false !== $t_user_id ) { user_set_field( $t_user_id, 'password', md5( $p_password ) ); if ( ON == config_get( 'use_ldap_realname' ) ) { $t_realname = ldap_realname( $t_user_id ); user_set_field( $t_user_id, 'realname', $t_realname ); } if ( ON == config_get( 'use_ldap_email' ) ) { $t_email = ldap_email_from_username( $p_username ); user_set_field( $t_user_id, 'email', $t_email ); } } log_event( LOG_LDAP, "User '$p_username' authenticated" ); } else { log_event( LOG_LDAP, "Authentication failed" ); } return $t_authenticated; }
foreach ($a_removedRsrcBindings as $i_miteIdEntry) { $a_queries[] = "DELETE FROM " . $s_DBTable_mpsmp . " WHERE user_id = {$i_userId} AND type = '" . $s_type . "' AND " . $a_fieldNamesMiteRsrc_id[$s_type] . " = " . $i_miteIdEntry . " AND mantis_project_id = " . $i_updatedProject; } } } # get removed MITE project/services to MANTIS project bindings # and build queries to DELETE the removed bindings ################################################################################### $a_deletedProjectBindings = array_diff(array_keys($a_userMiteBindings), array_keys($a_userSelectedBindings)); foreach ($a_deletedProjectBindings as $i_removedProjectId) { $a_project = $a_userMiteBindings[$i_removedProjectId]; foreach (Mantis2mitePlugin::$a_rsrcTypes as $s_type) { # prepare array for foreach loop if (!isset($a_project[$s_type])) { $a_project[$s_type] = array(); } foreach ($a_project[$s_type] as $i_miteIdEntry) { $a_queries[] = "DELETE FROM " . $s_DBTable_mpsmp . " WHERE user_id = {$i_userId} AND type = '{$s_type}' AND " . $a_fieldNamesMiteRsrc_id[$s_type] . " = " . $i_miteIdEntry . " AND mantis_project_id = " . $i_removedProjectId; } } } # execute the database queries for ($i = 0; $i < count($a_queries); $i++) { $r_result = db_query_bound($a_queries[$i]); } # save the field for the notes pattern user_set_field($i_userId, Mantis2mitePlugin::DB_FIELD_NOTE_PATTERN, $_POST[Mantis2mitePlugin::DB_FIELD_NOTE_PATTERN]); # force re-initialization of session stored user values session_set('plugin_mite_status_session_vars', 'reinit'); $o_pluginController->initMiteObjects(); echo "<messages datetimestamp='" . gmdate('Y-m-d H:i:s') . "'>" . $s_xmlMsg . "</messages>";
*/ $r_result = $o_pluginController = null; /* * @local arrays */ $a_queries = array(); /* * @local strings */ $s_query = ''; ############ # ACTION ####### $o_pluginController = $g_plugin_cache['Mantis2mite']; $i_userId = $o_pluginController->getCurrentUserId(); $a_queries[] = "DELETE FROM " . plugin_table(Mantis2mitePlugin::DB_TABLE_PS) . " WHERE user_id = " . $i_userId; $a_queries[] = "DELETE FROM " . plugin_table(Mantis2mitePlugin::DB_TABLE_PSMP) . " WHERE user_id = " . $i_userId; $a_queries[] = "DELETE FROM " . plugin_table(Mantis2mitePlugin::DB_TABLE_TE) . " WHERE user_id = " . $i_userId; # empty all database fields in the user table which are connected to the plugin user_set_field($i_userId, Mantis2mitePlugin::DB_FIELD_CONNECT_VERIFIED, 0); user_set_field($i_userId, Mantis2mitePlugin::DB_FIELD_API_KEY, ''); user_set_field($i_userId, Mantis2mitePlugin::DB_FIELD_ACCOUNT_NAME, ''); user_set_field($i_userId, Mantis2mitePlugin::DB_FIELD_NOTE_PATTERN, ''); user_set_field($i_userId, Mantis2mitePlugin::DB_FIELD_CONNECT_LAST_UPDATED, 0); # reset session status for plugin vars session_set('plugin_mite_status_session_vars', 'init'); # execute the database queries for ($i = 0; $i < count($a_queries); $i++) { $r_result = db_query_bound($a_queries[$i]); } echo "<messages datetimestamp='" . gmdate('Y-m-d H:i:s') . "'></messages>";
$system = plugin_lang_get('edit_product_backlog_error_922600'); } else { if (empty($_POST['pbl_email']) || email_is_valid($agilemantis_pb->email) == false) { $system = plugin_lang_get('edit_product_backlog_error_923600'); } else { $isNewPBOk = !$_POST['id'] && $agilemantis_pb->isNameUnique(); // New PB with unique name? $isExistingPbOk = $_POST['id'] > 0 & ($agilemantis_pb->name != $pb_name_old && $agilemantis_pb->isNameUnique() || $agilemantis_pb->name == $pb_name_old); // PB name didn't change, Ok! if ($isNewPBOk || $isExistingPbOk) { if (!$agilemantis_pb->editProductBacklog()) { $system = plugin_lang_get('edit_product_backlog_error_982601'); } else { if ($_POST['pbl_email'] != $_POST['pbl_email_old']) { $t_team_user_id = $agilemantis_pb->getTeamUserId($agilemantis_pb->id); user_set_field($t_team_user_id, 'email', $_POST['pbl_email']); } $agilemantis_pb->updatePBCustomFieldStrings($pb_name_old, $agilemantis_pb->name); if ($_POST['project_id'] == 0 && $_POST['id'] > 0) { $fromPage = 'product_backlogs.php'; if ($_POST['pageFrom']) { $fromPage = $_POST['pageFrom']; } header("Location: " . plugin_page($fromPage)); } } } else { $system = plugin_lang_get('edit_product_backlog_error_982600'); } } }
function ERP_update_check() { $t_config_version = plugin_config_get('config_version'); if ($t_config_version === 0) { $t_username = plugin_config_get('mail_reporter', ''); if (strlen($t_username) > 0) { $t_user_id = user_get_id_by_name($t_username); if ($t_user_id !== FALSE) { $t_user_email = user_get_email($t_user_id); if ($t_user_email === 'nomail') { plugin_require_api('core/config_api.php'); # We need to allow blank emails for a sec ERP_set_temporary_overwrite('allow_blank_email', ON); user_set_email($t_user_id, ''); } } } $t_schema = plugin_config_get('schema'); $t_reset_schema = plugin_config_get('reset_schema'); if ($t_schema !== -1 && $t_reset_schema === 0) { plugin_config_set('schema', -1); plugin_config_set('reset_schema', 1); } plugin_config_set('config_version', 1); } if ($t_config_version <= 1) { $t_mail_reporter = plugin_config_get('mail_reporter', ''); if (strlen($t_mail_reporter) > 0) { $t_mail_reporter_id = user_get_id_by_name($t_mail_reporter); plugin_config_set('mail_reporter_id', $t_mail_reporter_id); } plugin_config_delete('mail_directory'); plugin_config_delete('mail_reporter'); plugin_config_delete('mail_additional'); plugin_config_delete('random_user_number'); plugin_config_delete('mail_bug_priority_default'); plugin_config_set('config_version', 2); } if ($t_config_version <= 2) { plugin_config_delete('mail_cronjob_present'); plugin_config_delete('mail_check_timer'); plugin_config_delete('mail_last_check'); plugin_config_set('config_version', 3); } if ($t_config_version <= 3) { $t_mailboxes = plugin_config_get('mailboxes', array()); $t_indexes = array('mailbox_project' => 'mailbox_project_id', 'mailbox_global_category' => 'mailbox_global_category_id'); foreach ($t_mailboxes as $t_key => $t_array) { if (isset($t_array['mailbox_hostname'])) { # Correct the hostname if it is stored in an older format $t_hostname = $t_array['mailbox_hostname']; if (!is_array($t_hostname)) { // ipv6 also uses : so we need to work around that if (substr_count($t_hostname, ':') === 1) { $t_hostname = explode(':', $t_hostname, 2); } else { $t_hostname = array($t_hostname); } $t_hostname = array('hostname' => $t_hostname[0], 'port' => isset($t_hostname[1]) ? $t_hostname[1] : ''); $t_array['mailbox_hostname'] = $t_hostname; } } $t_mailboxes[$t_key] = $this->ERP_update_indexes($t_array, $t_indexes); } plugin_config_set('mailboxes', $t_mailboxes); plugin_config_set('config_version', 4); } if ($t_config_version <= 4) { $t_mail_remove_mantis_email = plugin_config_get('mail_remove_mantis_email', -1); $t_mail_identify_reply = plugin_config_get('mail_identify_reply', $t_mail_remove_mantis_email); if ($t_mail_remove_mantis_email !== -1 && $t_mail_identify_reply !== $t_mail_remove_mantis_email) { plugin_config_set('mail_remove_mantis_email', $t_mail_identify_reply); } plugin_config_delete('mail_identify_reply'); plugin_config_set('config_version', 5); } if ($t_config_version <= 5) { plugin_config_delete('mail_parse_mime'); plugin_config_set('config_version', 6); } if ($t_config_version <= 6) { $t_mailboxes = plugin_config_get('mailboxes', array()); $t_indexes = array('mailbox_enabled' => 'enabled', 'mailbox_description' => 'description', 'mailbox_type' => 'type', 'mailbox_hostname' => 'hostname', 'mailbox_encryption' => 'encryption', 'mailbox_username' => 'username', 'mailbox_password' => 'password', 'mailbox_auth_method' => 'auth_method', 'mailbox_project_id' => 'project_id', 'mailbox_global_category_id' => 'global_category_id', 'mailbox_basefolder' => 'basefolder', 'mailbox_createfolderstructure' => 'createfolderstructure'); foreach ($t_mailboxes as $t_key => $t_array) { $t_mailboxes[$t_key] = $this->ERP_update_indexes($t_array, $t_indexes); } plugin_config_set('mailboxes', $t_mailboxes); plugin_config_set('config_version', 7); } if ($t_config_version <= 7) { $t_mailboxes = plugin_config_get('mailboxes', array()); foreach ($t_mailboxes as $t_key => $t_array) { if (isset($t_array['hostname'])) { $t_hostname = $t_array['hostname']; if (is_array($t_hostname)) { $t_array['hostname'] = $t_hostname['hostname']; $t_array['port'] = $t_hostname['port']; } $t_mailboxes[$t_key] = $t_array; } } plugin_config_set('mailboxes', $t_mailboxes); plugin_config_set('config_version', 8); } if ($t_config_version <= 8) { plugin_config_delete('mail_tmp_directory'); plugin_config_set('config_version', 9); } if ($t_config_version <= 9) { $t_mailboxes = plugin_config_get('mailboxes', array()); $t_indexes = array('type' => 'mailbox_type', 'basefolder' => 'imap_basefolder', 'createfolderstructure' => 'imap_createfolderstructure'); foreach ($t_mailboxes as $t_key => $t_array) { $t_mailboxes[$t_key] = $this->ERP_update_indexes($t_array, $t_indexes); } plugin_config_set('mailboxes', $t_mailboxes); plugin_config_set('config_version', 10); } if ($t_config_version <= 10) { plugin_config_delete('mail_rule_system'); plugin_config_set('config_version', 11); } if ($t_config_version <= 11) { $t_mailboxes = plugin_config_get('mailboxes', array()); $t_indexes = array('username' => 'erp_username', 'password' => 'erp_password'); foreach ($t_mailboxes as $t_key => $t_array) { $t_mailboxes[$t_key] = $this->ERP_update_indexes($t_array, $t_indexes); } plugin_config_set('mailboxes', $t_mailboxes); plugin_config_delete('rules'); plugin_config_delete('mail_encoding'); plugin_config_set('config_version', 12); } if ($t_config_version <= 12) { plugin_config_set('reset_schema', 1); plugin_config_set('config_version', 13); } if ($t_config_version <= 13) { plugin_config_delete('mail_fetch_max'); plugin_config_set('config_version', 14); } if ($t_config_version <= 14) { $t_mail_reporter_id = plugin_config_get('mail_reporter_id', 'Mail'); $t_report_bug_threshold = config_get_global('report_bug_threshold'); if ($t_mail_reporter_id !== 'Mail' && user_exists($t_mail_reporter_id)) { if (!access_has_global_level($t_report_bug_threshold, $t_mail_reporter_id)) { user_set_field($t_mail_reporter_id, 'access_level', $t_report_bug_threshold); } } plugin_config_set('config_version', 15); } }
# append the customer name to a project name that belongs to more than one customers if ($s_type == Mantis2mitePlugin::API_RSRC_P && count($a_miteProjectNames[$s_entryName]) > 1) { $s_entryName .= " (" . $a_miteProjectNames[$s_entryName][$i_idEntryPossiblyModified] . ")"; } $a_logs[$s_type][] = "Updated entry from name='" . $a_tmpEntryMantis['name'] . "' to name='" . $s_entryName . "' " . "on '" . $a_fieldNamesMiteRsrc_id[$s_type] . "=" . $i_idEntryPossiblyModified . "'"; $a_queries[] = sprintf(" \n\t\t\t\t\tUPDATE " . $s_DBTable_mps . " \n\t\t\t\t\tSET name = '%s', mite_updated_at = '%s'\n\t\t\t\t\tWHERE id = %d", Mantis2mitePlugin::encodeValue($s_entryName), $a_tmpEntryMite['mite_updated_at'], $a_tmpEntryMantis['id']); } } } # execute the database queries for ($i = 0; $i < count($a_queries); $i++) { $r_result = db_query_bound($a_queries[$i]); } # set connection verified flag in the database user_set_field($i_userId, Mantis2mitePlugin::DB_FIELD_CONNECT_VERIFIED, 1); # update last update value user_set_field($i_userId, Mantis2mitePlugin::DB_FIELD_CONNECT_LAST_UPDATED, Mantis2mitePlugin::mysqlDate()); # save the account name user_set_field($i_userId, Mantis2mitePlugin::DB_FIELD_ACCOUNT_NAME, Mantis2mitePlugin::encodeValue($_POST[Mantis2mitePlugin::DB_FIELD_ACCOUNT_NAME])); # save the API key user_set_field($i_userId, Mantis2mitePlugin::DB_FIELD_API_KEY, Mantis2mitePlugin::encodeValue($_POST[Mantis2mitePlugin::DB_FIELD_API_KEY])); # build xml log messages foreach ($a_logs as $s_type => $a_messages) { foreach ($a_messages as $s_message) { $s_xmlMsg .= "<message data='" . $s_type . "'>" . $s_message . "</message>"; } } # force re-initialization of session stored user values session_set('plugin_mite_status_session_vars', 'reinit'); # return xml log messages echo "<messages datetimestamp='" . date('Y-m-d H:i:s') . "'>" . $s_xmlMsg . "</messages>";