function pick_id($seq)
{
// FIXME: check $seq
$result = sql_do('SELECT nextval(\'' . $seq . '\')');
if ($result->numRows() != 1) {
append_error('Unable to fetch a fresh ID.');
return 0;
}
return $result->fetchOne();
}
function myExceptionHandler($exception)
{
append_error('Uncaught exception: ' . $exception->getMessage() . '<br/>');
//$exception->getTraceAsString());
}
function api_login($username, $password)
{
global $db, $dom, $root, $board_url, $phpEx, $option, $user, $auth;
$login = $auth->login($username, $password, false, 0, 0);
switch ($login['status']) {
case LOGIN_ERROR_PASSWORD:
append_error('login', 'Incorrect password');
return;
case LOGIN_ERROR_USERNAME:
append_error('login', 'No such user');
return;
case LOGIN_ERROR_ATTEMPTS:
append_error('login', 'Exceeded login attempt limit');
return;
case LOGIN_SUCCESS:
api_get_userinfo($user->data['user_id']);
return;
default:
append_error('login', 'Login error code: ' . $login['status']);
return;
}
}
append_error('Month cannot be empty');
}
if (empty($_GET['day'])) {
append_error('Day cannot be empty');
}
if (!errors() && mktime(0, 0, 0, $_GET['month'], $_GET['day'], $_GET['year']) > time() - 10000) {
append_error('Date should not be in the future');
}
#blabla
if (!errors()) {
// do the job
// recuperer l'idRel fraichement créé
http_redir('/project/view.php?id_rel=FIXME');
}
} else {
append_error('Malformed form, please use the correct html page');
}
}
?>
<h1>Add a new release to the project 'GraphTool'</h1>
<?php
flush_errors();
?>
<form>
<table>
<tr><th>Version name</th><td><input type="text" name="version" value="<?php
echo isset($_GET['version']) ? $_GET['version'] : "";
?>
"/></td></tr>
$mobile_value = "";
}
// verify not empty and not used mobile number
if ($mobile_value && mobile_not_used($mobile_value)) {
$secret_code = safe_rand(100000, 999999);
$_SESSION['mobile_value'] = $mobile_value;
$_SESSION['mobile_code'] = $secret_code;
// accept any +380 mobile w/o sms test
if (!empty($settings['disable_sms_test'])) {
set_test_passed('mobile');
redirect('step4.php');
}
send_mobile_code($mobile_value, $secret_code);
$mobile_code = "";
} else {
append_error("Цей номер телефону неможливо використати.");
$mobile_value = "";
}
}
} else {
/**
* get mobile number from session if present
*/
if (isset($_SESSION['mobile_value'])) {
$mobile_value = $_SESSION['mobile_value'];
}
}
if ($mobile_value) {
$mobile_readonly = ' readonly="readonly"';
}
require get_template('step3');
echo '<a href="' . REMOTE_PATH . '/user/index.php">Back to user configuration</a> || <a href="' . REMOTE_PATH . '/index.php">Back home</a>';
exit;
}
// permission du visiteur sur le projet
/*
if ($_SESSION['id'] != 34567) {
append_error('Can\'t modify project: permission denied');
http_redir('/project/view_project.php?idPrj=456789');
} */
flush_errors();
if (isset($_GET['action']) && $_GET['action'] == "Apply") {
if (!isset($_GET['description']) || !isset($_GET['homepage']) || !isset($_GET['screenshot']) || !isset($_GET['download'])) {
append_error('Invalid arguments');
} else {
if (empty($_GET['homepage'])) {
append_error('Warning: Homepage is mandatory!');
http_redir('/project/modify_project.php?idPrj=456789');
} else {
// do the job: modify the data
http_redir('/project/view_project.php?idPrj=456789');
}
}
} else {
if (isset($_GET['action']) && $_GET['action'] == "Add an admin for this project") {
?>
<h1>Project Administration: GraphTool (<?php
echo $_GET['idPrj'];
?>
)</h1>
require_once 'igoan/Category.class.php';
// permission de l'user (admin global)
$me = user_get_by_id($_SESSION['id']);
if (!$me || !$me->is_global_admin()) {
append_error_exit('Permission denied: global admin flag required');
}
/* ajout d'une categorie */
if (isset($_GET['action']) && $_GET['action'] == "Ajouter" && isset($_GET['index']) && isset($_GET['nom'])) {
append_error("inserting category " . $_GET['nom'] . " (" . $_GET['index'] . ')');
if (category_new($_GET['index'], $_GET['nom']) == -1) {
append_error('Error: parent category is full');
}
}
/* suppression d'une categorie */
if (isset($_GET['action']) && $_GET['action'] == "Effacer" && isset($_GET['idCat'])) {
append_error("deleting category " . $_GET['idCat']);
$cat = category_get_by_id($_GET['idCat']);
if ($cat) {
$cat->delete();
}
}
/* recuperation de la liste */
$all_cats = category_list_all();
$select = "<select name='idCat'>\n";
$select2 = "<select name='index'>\n";
for ($i = 0; $i < count($all_cats); $i++) {
$select .= "<option value='" . $all_cats[$i][0] . "'>" . $all_cats[$i][1] . " " . $all_cats[$i][2] . "</option>\n";
$select2 .= "<option value='" . $all_cats[$i][1] . "'>" . $all_cats[$i][1] . " " . $all_cats[$i][2] . "</option>\n";
}
?>
<h2>Gestion des catégories</h2>
http_redir('/index.php');
}
$my_branch_id = $my_prj->get_default_branch();
if ($my_branch_id) {
$my_branch = branch_get_by_id($my_branch_id);
}
// c'est possible qu'il n'y ait pas de branche :(
if ($my_branch) {
$my_rel_id = $my_branch->get_last_release();
if ($my_rel_id) {
$my_rel = release_get_by_id($my_rel_id);
}
}
$request = $my_prj;
} else {
append_error('No project requested.');
http_redir('/index.php');
}
// is the visitor an admin/maintainer ?
$isadmin = $me && $my_prj->is_admin($me->get_id_user());
$ismaint = $isadmin || $me && $my_branch->is_maintainer($me->get_id_user());
// the branches and releases to show
$releases = $my_branch ? $my_branch->list_releases() : 0;
$branches = $my_prj->list_branches();
//($my_branch && !$isadmin) ? $my_branch->get_id_branch() : -1);
// processing datas to be shown
// PAGE TITLE
$d_full_title = $my_prj->get_name_prj();
if ($my_rel) {
$d_full_title .= ' - ' . $my_rel->get_name_rel();
}
require_once 'igoan/License.class.php';
// permission de l'user (admin global)
$me = user_get_by_id($_SESSION['id']);
if (!$me || !$me->is_global_admin()) {
append_error_exit('Permission denied: global admin flag required');
}
/* ajout */
if (isset($_GET['action']) && $_GET['action'] == "Ajouter" && isset($_GET['nom']) && isset($_GET['url'])) {
append_error('inserting license: ' . $_GET['nom']);
if (license_new($_GET['nom'], $_GET['url']) == -1) {
append_error('error');
}
}
/* suppression */
if (isset($_GET['action']) && $_GET['action'] == "Effacer" && isset($_GET['idLic'])) {
append_error('deleting license: ' . $_GET['idLic']);
$lic = license_get_by_id($_GET['idLic']);
$lic->delete();
}
/* recuperation de la liste */
$list = license_list();
$select = "<select name='idLic'>\n";
while (list(, $tuple) = each($list)) {
$select .= "<option value='" . $tuple[0] . "'>" . $tuple[0] . " " . $tuple[1] . " (" . $tuple[2] . ")</option>\n";
}
?>
<h2>Gestion des licences</h2>
<?php
flush_errors();
?>
if (!$id_prj) {
append_error_exit('You have to specify a project.');
}
$prj = project_get_by_id($id_prj);
if (!$prj) {
append_error_exit('Invalid project number #' . $id_prj . '.');
}
if (!$prj->is_admin($me->get_id_user())) {
append_error_exit('Sorry, you are not an admin for this project.');
}
// ADDING A BRANCH
if (!empty($_GET['name_branch'])) {
$id_branch = branch_new($_GET['name_branch'], $prj->get_id_prj());
$branch = branch_get_by_id($id_branch);
if (!$branch) {
append_error('Unable to create a new branch');
}
if (!errors()) {
http_redir('/project/view.php?id_branch=' . $branch->get_id_branch());
}
}
?>
<?php
// OUTPUT
header_box("Igoan :: Adding a new branch to a project");
flush_errors();
?>
<div id="main">
Email: ' . $_GET['email'] . '
Your automatically generated password is \'' . $new->get_passwd() . '\'.
You have to login with your newly created account on the Igoan website
(http://www.igoan.org/user/login.php) and change your password to
activate your account.
Then you will be able to register new projects on our databases.
Best regards,
The Igoan Team.
', 'From: Igoan Registration Process <*****@*****.**>');
} else {
append_error('Unable to fetch new user informations');
}
} else {
append_error('Unable to create new user');
}
}
}
header_box('Igoan :: New User');
?>
<div id="main">
<?php
if (!errors() and isset($login)) {
?>
<h2>Registration submitted</h2>
<div class="abstract">
<p>
A mail has been sent to <em><?php
echo $_GET['email'];
?>
require_once 'igoan/Project.class.php';
require_once 'igoan/Branch.class.php';
require_once 'igoan/Release.class.php';
if (isset($_GET['id'])) {
$requested = user_get_by_id($_GET['id']);
if (!$requested) {
append_error("Error: unknow user id ({$_GET['id']})");
}
} else {
if ($_SESSION['id']) {
$requested = user_get_by_id($_SESSION['id']);
if (!$requested) {
append_error("Error: unknow user id ({$_SESSION['id']})");
}
} else {
append_error('Error: no user id given');
}
}
if (errors()) {
flush_errors_exit();
}
// MISC
$d_misc = '';
$igoan_admin = '';
$valid_account = '';
if ($requested->is_global_admin()) {
$igoan_admin = '<li>This user is an igoan admin. </li>';
}
if (!$requested->get_valid_user()) {
$valid_account = '<li>This user hasn\'t activated his account yet. </li>';
}
}
/**
* Handle form data
*/
if ($_POST) {
$ukr_citizen = post_arg('ukr_citizen');
$personal_data = post_arg('personal_data');
$captcha_res = captcha_verify();
$current_date = date('Y-m-d H:i:s');
if (!$ukr_citizen) {
append_error("Не підтверджена згода з правилами голосування.");
}
if (!$personal_data) {
append_error("Немає згоди на обробку персональних даних.");
}
if (!$captcha_res) {
append_error("Не пройдено тест на роботів!");
}
if ($current_date < $settings['open_elections_time']) {
append_error("Вибори ще не розпочались.");
}
if ($current_date > $settings['close_elections_time']) {
append_error("Вибори вже закінчились.");
}
if (empty($_ERRORS) && $ukr_citizen && $personal_data && $captcha_res) {
init_user_session();
set_test_passed('captcha');
redirect('step2.php');
}
}
require get_template('step1');
$prj = project_get_by_id($id_prj);
if (!$prj) {
sql_do('ROLLBACK');
append_error('Unable to retrieve the created project, please contact the administrator.');
}
}
// on place un admin/owner
if (!errors()) {
$prj->add_admin($me->get_id_user(), 1);
}
// on crée une branche ...
if (!errors()) {
$id_branch = branch_new('main', $prj->get_id_prj());
if (!$id_branch) {
sql_do('ROLLBACK');
append_error('Unable to create the default branch, please contact the administrator.');
}
}
// ... par défaut
if (!errors()) {
$prj->set_default_branch($id_branch);
$prj->write();
}
if (!errors()) {
sql_do('COMMIT');
http_redir('/project/view.php?id_prj=' . $id_prj);
} else {
sql_do('ROLLBACK');
}
}
header_box("Igoan :: Adding a new project");
# Igoan is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Igoan; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
// existence de la release
if (!isset($_GET['idRel']) || $_GET['idRel'] != 123460) {
append_error_exit('Bad Release ID');
}
if (isset($_GET['confirm']) && $_GET['confirm'] == 'Yes') {
// do the job
append_error('Release successfully deleted');
http_redir('/project/view_project.php?idPrj=456789');
}
?>
<h1>Release Deletion</h1>
Do you really want to delete this release 'GraphTool' version 'graphtool-0.2-pre1' ?
<form>
<input type="submit" name="confirm" value="Yes" />
<input type="hidden" name="idRel" value="123460" /></form>
<form action="/project/view_release.php">
<input type="submit" value="No" />
<input type="hidden" name="idRel" value="123460" /></form>
<br /><br/><hr />
function user_new_pseudo($name, $email)
{
$result = sql_do('SELECT id_user FROM ' . DB_PREF . '_users WHERE mail=\'' . $email . '\'');
if ($result->numRows()) {
append_error("This email address is already registered. Please choose another.");
return 0;
}
try {
$result = sql_do('INSERT INTO ' . DB_PREF . '_users (name_user,mail,date_user,valid_user) VALUES (\'' . str($name) . '\',\'' . str($email) . '\',\'' . date('Y-m-d H:i:s') . '\',0)');
} catch (DatabaseException $e) {
//append_error("Unknown error executing [$sql].");
return 0;
}
return sql_last_id();
}
// some checks before send code
if (strlen($email_value) < 6) {
$email_value = "";
}
if (strpbrk($email_value, " ,;'\"\t\n") !== false) {
$email_value = "";
}
// verify not empty and not used email then send code
if ($email_value && email_not_used($email_value)) {
$secret_code = safe_rand(100000, 999999);
$_SESSION['email_value'] = $email_value;
$_SESSION['email_code'] = $secret_code;
send_email_code($email_value, $secret_code);
$email_code = "";
} else {
append_error("Цю адресу неможливо використати.");
$email_value = "";
}
}
} else {
/**
* get code from query string if present
*/
if (isset($_SESSION['email_value'])) {
$email_value = $_SESSION['email_value'];
}
if (isset($_GET['code'])) {
$email_code = $_GET['code'];
}
}
if ($email_value) {
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Igoan; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
// est-ce que la release existe ?
if (!isset($_GET['idRel']) || $_GET['idRel'] != '123460') {
append_error('No release specified or release unknown');
flush_errors_exit();
}
// l'user concerné est-il admin du projet ?
if ($_SESSION['id'] != 34567) {
append_error('Can\'t modify project: permission denied');
http_redir('/project/view_release.php?idRel=123460');
}
if (isset($_GET['action']) && $_GET['action'] == 'Apply') {
// do the job
http_redir('/project/view_release.php?idRel=123460');
}
?>
<h1>Change release information</h1>
<form>
<table>
<tr><th>idRel</th><td>34567</td></tr>
<tr><th>Version</th><td><input type="text" name="version" value="graphtool-0.2pre1" /></td></tr>
<tr><th>Date</th><td>
require_once 'igoan/Platform.class.php';
// permission de l'user (admin global)
$me = user_get_by_id($_SESSION['id']);
if (!$me || !$me->is_global_admin()) {
append_error_exit('Permission denied: global admin flag required');
}
/* ajout */
if (isset($_GET['action']) && $_GET['action'] == "Ajouter" && isset($_GET['nom'])) {
append_error('inserting platform: ' . $_GET['nom']);
if (platform_new($_GET['nom']) == -1) {
append_error('error');
}
}
/* suppression */
if (isset($_GET['action']) && $_GET['action'] == "Effacer" && isset($_GET['idPf'])) {
append_error('deleting platform: ' . $_GET['idPf']);
$pf = platform_get_by_id($_GET['idPf']);
$pf->delete();
}
/* recuperation de la liste */
$list = platform_list();
$select = "<select name='idPf'>\n";
while (list(, $tuple) = each($list)) {
$select .= "<option value='" . $tuple[0] . "'>" . $tuple[0] . " " . $tuple[1] . "</option>\n";
}
?>
<h2>Gestion des plateformes</h2>
<?php
flush_errors();
?>
function project_new($name_prj, $shortname, $description, $homepage)
{
$result = sql_do('SELECT id_prj FROM projects WHERE shortname=\'' . str($shortname) . '\'');
if ($result->numRows()) {
append_error("Shortname '{$shortname}' already taken.");
return 0;
}
$id_prj = pick_id('projects_id_prj_seq');
try {
$result = sql_do('INSERT INTO projects (id_prj,name_prj,shortname,desc_prj,url_prj,date_prj,valid_prj) VALUES (\'' . int($id_prj) . '\',\'' . str($name_prj) . '\',\'' . str($shortname) . '\',\'' . str($description) . '\',\'' . str($homepage) . '\',\'' . date('Y-m-d H:i:s') . '\',0)');
} catch (DatabaseException $e) {
return 0;
}
return $id_prj;
}
# the Free Software Foundation in the version 2 of the License.
#
# Igoan is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Igoan; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
require_once 'igoan/User.class.php';
if (isset($_GET['login']) && isset($_GET['passwd'])) {
$me = user_get_by_password($_GET['login'], $_GET['passwd']);
if (!$me) {
append_error('Login incorrect.');
} else {
$_SESSION['id'] = $me->get_id_user();
}
if (!errors()) {
http_redir(empty($_GET['referer']) ? '/index.php' : $_GET['referer']);
}
}
header_box('Igoan :: Login');
?>
<div id="main">
<form class="admin" action="login.php">
<?php
flush_errors();
?>
require_once 'igoan/Language.class.php';
// permission de l'user (admin global)
$me = user_get_by_id($_SESSION['id']);
if (!$me || !$me->is_global_admin()) {
append_error_exit('Permission denied: global admin flag required');
}
/* ajout */
if (isset($_GET['action']) && $_GET['action'] == "Ajouter" && isset($_GET['nom'])) {
append_error('inserting language: ' . $_GET['nom']);
if (language_new($_GET['nom']) == -1) {
append_error('error');
}
}
/* suppression */
if (isset($_GET['action']) && $_GET['action'] == "Effacer" && isset($_GET['idLang'])) {
append_error('deleting language: ' . $_GET['idLang']);
$lang = language_get_by_id($_GET['idLang']);
$lang->delete();
}
/* recuperation de la liste */
$list = language_list();
$select = "<select name='idLang'>\n";
while (list(, $tuple) = each($list)) {
$select .= "<option value='" . $tuple[0] . "'>" . $tuple[0] . " " . $tuple[1] . "</option>\n";
}
?>
<h2>Gestion des langages de prog</h2>
<?php
flush_errors();
?>
<?php
require "system/__init__.php";
require_test_pass('captcha', 'step1.php');
require_test_pass('email', 'step2.php');
require_test_pass('mobile', 'step3.php');
next_if_test_pass('vote', 'step5.php');
/**
* Handle form data
*/
if ($_POST) {
$keys = array();
if (is_array($_POST['id'])) {
$keys = array_keys($_POST['id']);
}
if ($keys) {
$keys = filter_candidates($keys);
}
if (count($keys) < 1) {
append_error("Ви не обрали жодного кандидата.");
} elseif (count($keys) > get_selected_limit()) {
append_error("Ви обрали більше ніж дозволено кандидатів.");
} else {
if (safe_save_vote($keys)) {
set_test_passed('vote');
redirect('step5.php');
}
}
}
require get_template('step4');
#
require_once 'igoan/User.class.php';
if (isset($_GET['action']) && $_GET['action'] == 'Change Password' && isset($_GET['oldpass']) && isset($_GET['passwd1']) && isset($_GET['passwd2'])) {
$me = user_get_by_id($_SESSION['id']);
if (!$me) {
append_error_exit('User ID incorrect.');
}
// check the old password
if ($_GET['oldpass'] != $me->get_passwd()) {
append_error('Wrong old password.');
} else {
if ($_GET['passwd1'] != $_GET['passwd2']) {
append_error('Passwords mismatch');
} else {
if (empty($_GET['passwd1'])) {
append_error('Aha. Yes of course ...');
}
}
}
if (errors()) {
flush_errors();
} else {
// do the job
$me->set_passwd($_GET['passwd1']);
$me->write();
http_redir('/user/view.php');
}
}
?>
<h1>Changing your user password</h1>
<form>
}
} else {
if (isset($_GET['name']) && isset($_GET['email'])) {
if (empty($_GET['name'])) {
append_error('The name is mandatory.');
}
if (empty($_GET['email'])) {
append_error('The e-mail address is mandatory.');
}
if (!errors()) {
$user_id = user_new_pseudo($_GET['name'], $_GET['email']);
}
if (!errors()) {
$user = user_get_by_id($user_id);
if (!$user) {
append_error('Unable to create the pseudo-user ' . $_GET['name']);
}
}
if (!errors()) {
$rel->add_author($user->get_id());
http_redir('/project/view.php?id_rel=' . $rel->get_id_rel());
}
}
}
} else {
append_error_exit('No action specified.');
}
}
}
?>
function user_new_pseudo($name, $email)
{
$result = sql_do("SELECT id_user FROM users WHERE mail='{$email}'");
if ($result->numRows()) {
append_error("This email address is already registered. Please choose another.");
return 0;
}
$id_user = pick_id('users_id_user_seq');
try {
$result = sql_do('INSERT INTO users (id_user,name_user,mail,date_user,valid_user) VALUES (\'' . int($id_user) . '\',\'' . str($name) . '\',\'' . str($email) . '\',\'' . date('Y-m-d H:i:s') . '\',0)');
} catch (DatabaseException $e) {
//append_error("Unknown error executing [$sql].");
return 0;
}
return $id_user;
}
/**
* save vote using database abstraction layer api
*/
function save_vote_database($table = "ballot_box")
{
$db = db_connect();
$row = array();
$row['ip_addr'] = $_SESSION['ip_addr'];
$row['email'] = $_SESSION['email_value'];
$row['mobile'] = $_SESSION['mobile_value'];
$row['choice'] = implode(',', $_SESSION['vote_keys']);
if (db_row_exists($db, 'email', $row['email'])) {
append_error("Такий e-mail вже проголосував.");
}
if (db_row_exists($db, 'mobile', $row['mobile'])) {
append_error("Такий мобільний вже проголосував.");
}
if (db_insert_row($db, $row, $ballot_id) == false) {
append_error("Запис голосу не вдався.");
}
$_SESSION['ballot_id'] = $ballot_id;
}
