/** * Update project hierarchy * @param int $p_child_id Child project ID * @param int $p_parent_id Parent project ID * @param bool $p_inherit_parent Whether or not the child project inherits from the parent project * @return null */ function project_hierarchy_update($p_child_id, $p_parent_id, $p_inherit_parent = true) { $t_project_hierarchy_table = db_get_table('project_hierarchy'); $c_child_id = db_prepare_int($p_child_id); $c_parent_id = db_prepare_int($p_parent_id); $c_inherit_parent = db_prepare_bool($p_inherit_parent); $query = "UPDATE {$t_project_hierarchy_table}\n\t\t\t\t\tSET inherit_parent=" . db_param() . ' WHERE child_id=' . db_param() . ' AND parent_id=' . db_param(); db_query_bound($query, array($c_inherit_parent, $c_child_id, $c_parent_id)); }
function news_update($p_news_id, $p_project_id, $p_view_state, $p_announcement, $p_headline, $p_body) { $c_news_id = db_prepare_int($p_news_id); $c_project_id = db_prepare_int($p_project_id); $c_view_state = db_prepare_int($p_view_state); $c_announcement = db_prepare_bool($p_announcement); if (is_blank($p_headline)) { error_parameters(lang_get('headline')); trigger_error(ERROR_EMPTY_FIELD, ERROR); } if (is_blank($p_body)) { error_parameters(lang_get('body')); trigger_error(ERROR_EMPTY_FIELD, ERROR); } $t_news_table = db_get_table('mantis_news_table'); # Update entry $query = "UPDATE {$t_news_table}\n\t\t\t\t SET view_state=" . db_param() . ",\n\t\t\t\t\tannouncement=" . db_param() . ",\n\t\t\t\t\theadline=" . db_param() . ",\n\t\t\t\t\tbody=" . db_param() . ",\n\t\t\t\t\tproject_id=" . db_param() . ",\n\t\t\t\t\tlast_modified= " . db_param() . "\n\t\t\t\t WHERE id=" . db_param(); db_query_bound($query, array($c_view_state, $c_announcement, $p_headline, $p_body, $c_project_id, db_now(), $c_news_id)); # db_query errors on failure so: return true; }
function bugnote_add($p_bug_id, $p_bugnote_text, $p_private = false, $p_type = 0, $p_attr = '', $p_user_id = null) { $c_bug_id = db_prepare_int($p_bug_id); $c_bugnote_text = db_prepare_string($p_bugnote_text); $c_private = db_prepare_bool($p_private); $c_type = db_prepare_int($p_type); $c_attr = db_prepare_string($p_attr); $t_bugnote_text_table = config_get('mantis_bugnote_text_table'); $t_bugnote_table = config_get('mantis_bugnote_table'); # insert bugnote text $query = "INSERT INTO {$t_bugnote_text_table}\n\t\t \t\t( note )\n\t\t \t VALUES\n\t\t \t\t( '{$c_bugnote_text}' )"; db_query($query); # retrieve bugnote text id number $t_bugnote_text_id = db_insert_id($t_bugnote_text_table); # get user information if ($p_user_id === null) { $c_user_id = auth_get_current_user_id(); } else { $c_user_id = db_prepare_int($p_user_id); } # Check for private bugnotes. # @@@ VB: Should we allow users to report private bugnotes, and possibly see only their own private ones if ($p_private && access_has_bug_level(config_get('private_bugnote_threshold'), $p_bug_id, $c_user_id)) { $t_view_state = VS_PRIVATE; } else { $t_view_state = VS_PUBLIC; } # insert bugnote info $query = "INSERT INTO {$t_bugnote_table}\n\t\t \t\t(bug_id, reporter_id, bugnote_text_id, view_state, date_submitted, last_modified, note_type, note_attr )\n\t\t \t VALUES\n\t\t \t\t('{$c_bug_id}', '{$c_user_id}','{$t_bugnote_text_id}', '{$t_view_state}', " . db_now() . "," . db_now() . ", '{$c_type}', '{$c_attr}')"; db_query($query); # get bugnote id $t_bugnote_id = db_insert_id($t_bugnote_table); # update bug last updated bug_update_date($p_bug_id); # log new bug history_log_event_special($p_bug_id, BUGNOTE_ADDED, bugnote_format_id($t_bugnote_id)); return $t_bugnote_id; }
function news_update($p_news_id, $p_project_id, $p_view_state, $p_announcement, $p_headline, $p_body) { $c_news_id = db_prepare_int($p_news_id); $c_project_id = db_prepare_int($p_project_id); $c_view_state = db_prepare_int($p_view_state); $c_announcement = db_prepare_bool($p_announcement); $c_headline = db_prepare_string($p_headline); $c_body = db_prepare_string($p_body); if (is_blank($c_headline)) { error_parameters(lang_get('headline')); trigger_error(ERROR_EMPTY_FIELD, ERROR); } if (is_blank($c_body)) { error_parameters(lang_get('body')); trigger_error(ERROR_EMPTY_FIELD, ERROR); } $t_news_table = config_get('mantis_news_table'); # Update entry $query = "UPDATE {$t_news_table}\r\n\t\t\t\t SET view_state='{$c_view_state}',\r\n\t\t\t\t\tannouncement='{$c_announcement}',\r\n\t\t\t\t\theadline='{$c_headline}',\r\n\t\t\t\t\tbody='{$c_body}',\r\n\t\t\t\t\tproject_id='{$c_project_id}',\r\n\t\t\t\t\tlast_modified= " . db_now() . "\r\n\t\t\t\t WHERE id='{$c_news_id}'"; db_query($query); # db_query() errors on failure so: return true; }
/** * Return all versions for the specified project * @param int $p_project_id project id * @param int $p_released include released * @param bool $p_obsolete include obsolete * @param bool $p_inherit inherit versions * @return array Array of version rows (in array format) */ function version_get_all_rows($p_project_id, $p_released = null, $p_obsolete = false, $p_inherit = null) { global $g_cache_versions, $g_cache_versions_project; if ($p_inherit === null) { $t_inherit = ON == config_get('subprojects_inherit_versions'); } else { $t_inherit = $p_inherit; } if ($t_inherit) { $t_project_ids = project_hierarchy_inheritance($p_project_id); } else { $t_project_ids[] = $p_project_id; } $t_is_cached = true; foreach ($t_project_ids as $t_project_id) { if (!isset($g_cache_versions_project[$t_project_id])) { $t_is_cached = false; break; } } if ($t_is_cached) { $t_versions = array(); foreach ($t_project_ids as $t_project_id) { if (!empty($g_cache_versions_project[$t_project_id])) { foreach ($g_cache_versions_project[$t_project_id] as $t_id) { $t_versions[] = version_cache_row($t_id); } } } return $t_versions; } $t_project_version_table = db_get_table('project_version'); $t_project_where = version_get_project_where_clause($p_project_id, $p_inherit); $query = "SELECT *\n\t\t\t\t FROM {$t_project_version_table}\n\t\t\t\t WHERE {$t_project_where}"; $query_params = array(); if ($p_released !== null) { $c_released = db_prepare_int($p_released); $query .= " AND released = " . db_param(); $query_params[] = $c_released; } if ($p_obsolete !== null) { $c_obsolete = db_prepare_bool($p_obsolete); $query .= " AND obsolete = " . db_param(); $query_params[] = $c_obsolete; } $query .= " ORDER BY date_order DESC"; $t_result = db_query_bound($query, $query_params); $t_rows = array(); while ($t_row = db_fetch_array($t_result)) { $g_cache_versions[(int) $t_row['id']] = $t_row; $t_rows[] = $t_row; } return $t_rows; }
function filter_db_get_available_queries($p_project_id = null, $p_user_id = null) { $t_filters_table = config_get('mantis_filters_table'); $t_overall_query_arr = array(); if (null === $p_project_id) { $t_project_id = helper_get_current_project(); } else { $t_project_id = db_prepare_int($p_project_id); } if (null === $p_user_id) { $t_user_id = auth_get_current_user_id(); } else { $t_user_id = db_prepare_int($p_user_id); } # If the user doesn't have access rights to stored queries, just return if (!access_has_project_level(config_get('stored_query_use_threshold'))) { return $t_overall_query_arr; } # Get the list of available queries. By sorting such that public queries are # first, we can override any query that has the same name as a private query # with that private one $query = "SELECT * FROM {$t_filters_table}\r\n\t\t\t\t\tWHERE (project_id='{$t_project_id}'\r\n\t\t\t\t\tOR project_id='0')\r\n\t\t\t\t\tAND name!=''\r\n\t\t\t\t\tORDER BY is_public DESC, name ASC"; $result = db_query($query); $query_count = db_num_rows($result); for ($i = 0; $i < $query_count; $i++) { $row = db_fetch_array($result); if ($row['user_id'] == $t_user_id || db_prepare_bool($row['is_public'])) { $t_overall_query_arr[$row['id']] = $row['name']; } } $t_overall_query_arr = array_unique($t_overall_query_arr); asort($t_overall_query_arr); return $t_overall_query_arr; }
/** * Update a project * @param integer $p_project_id The project identifier being updated. * @param string $p_name The project name. * @param string $p_description A description of the project. * @param integer $p_status The current status of the project. * @param integer $p_view_state The view state of the project - public or private. * @param string $p_file_path The attachment file path for the project, if not storing in the database. * @param boolean $p_enabled Whether the project is enabled. * @param boolean $p_inherit_global Whether the project inherits global categories. * @return void */ function project_update($p_project_id, $p_name, $p_description, $p_status, $p_view_state, $p_file_path, $p_enabled, $p_inherit_global) { $p_project_id = (int) $p_project_id; $c_enabled = db_prepare_bool($p_enabled); $c_inherit_global = db_prepare_bool($p_inherit_global); if (is_blank($p_name)) { trigger_error(ERROR_PROJECT_NAME_INVALID, ERROR); } $t_old_name = project_get_field($p_project_id, 'name'); # If project is becoming private, save current user's access level # so we can add them to the project afterwards so they don't lock # themselves out $t_old_view_state = project_get_field($p_project_id, 'view_state'); $t_is_becoming_private = VS_PRIVATE == $p_view_state && VS_PRIVATE != $t_old_view_state; if ($t_is_becoming_private) { $t_user_id = auth_get_current_user_id(); $t_access_level = user_get_access_level($t_user_id, $p_project_id); $t_manage_project_threshold = config_get('manage_project_threshold'); } if (strcasecmp($p_name, $t_old_name) != 0) { project_ensure_name_unique($p_name); } if (DATABASE !== config_get('file_upload_method', null, null, $p_project_id)) { $p_file_path = validate_project_file_path($p_file_path); } $t_query = 'UPDATE {project} SET name=' . db_param() . ', status=' . db_param() . ', enabled=' . db_param() . ', view_state=' . db_param() . ', file_path=' . db_param() . ', description=' . db_param() . ', inherit_global=' . db_param() . ' WHERE id=' . db_param(); db_query($t_query, array($p_name, (int) $p_status, $c_enabled, (int) $p_view_state, $p_file_path, $p_description, $c_inherit_global, $p_project_id)); project_clear_cache($p_project_id); # User just locked themselves out of the project by making it private, # so we add them to the project with their previous access level if ($t_is_becoming_private && !access_has_project_level($t_manage_project_threshold, $p_project_id)) { project_add_user($p_project_id, $t_user_id, $t_access_level); } }
function user_create($p_username, $p_password, $p_email = '', $p_access_level = null, $p_protected = false, $p_enabled = true, $p_realname = '', $p_admin_name = '', $p_role = null, $p_agency = null, $p_unit_department = null) { if (null === $p_access_level) { $p_access_level = config_get('default_new_account_access_level'); } #added if (null === $p_role) { $p_role = config_get('default_new_account_role'); } ## #added if (null === $p_agency) { $p_agency = config_get('default_new_account_agency'); } ## #added if (null === $p_unit_department) { $p_unit_department = config_get('default_new_account_unit_department'); } ## $t_password = auth_process_plain_password($p_password); $c_access_level = db_prepare_int($p_access_level); #added $c_role = db_prepare_int($p_role); $c_agency = db_prepare_int($p_agency); $c_unit_department = db_prepare_int($p_unit_department); ## $c_protected = db_prepare_bool($p_protected); $c_enabled = db_prepare_bool($p_enabled); user_ensure_name_valid($p_username); user_ensure_name_unique($p_username); user_ensure_realname_valid($p_realname); user_ensure_realname_unique($p_username, $p_realname); email_ensure_valid($p_email); $t_seed = $p_email . $p_username; $t_cookie_string = auth_generate_unique_cookie_string($t_seed); $t_user_table = db_get_table('mantis_user_table'); #modification effectuée le 10/08/2012## ############################################################################################## /*$query = "INSERT INTO $t_user_table ( username, email, password, date_created, last_visit, enabled, access_level, login_count, cookie_string, realname ) VALUES ( " . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ", " . db_param() . ',' . db_param() . ',' . db_param() . ',' . db_param() . ', ' . db_param() . ')'; db_query_bound( $query, Array( $p_username, $p_email, $t_password, db_now(), db_now(), $c_enabled, $c_access_level, 0, $t_cookie_string, $p_realname ) ); */ $query = "INSERT INTO {$t_user_table}\n\t\t\t\t ( username, email, password, date_created, last_visit,\n\t\t\t\t enabled, access_level, login_count, cookie_string, realname, role, agency, unit_department)\n\t\t\t\t VALUES\n\t\t\t\t ( " . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ",\n\t\t\t\t " . db_param() . ',' . db_param() . ',' . db_param() . ',' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ')'; db_query_bound($query, array($p_username, $p_email, $t_password, db_now(), db_now(), $c_enabled, $c_access_level, 0, $t_cookie_string, $p_realname, $p_role, $p_agency, $p_unit_department)); ############################################################################################## ##end## # Create preferences for the user $t_user_id = db_insert_id($t_user_table); # Users are added with protected set to FALSE in order to be able to update # preferences. Now set the real value of protected. if ($c_protected) { user_set_field($t_user_id, 'protected', 1); } # Send notification email if (!is_blank($p_email)) { $t_confirm_hash = auth_generate_confirm_hash($t_user_id); email_signup($t_user_id, $p_password, $t_confirm_hash, $p_admin_name); } return $t_cookie_string; }
function user_create($p_username, $p_password, $p_email = '', $p_access_level = null, $p_protected = false, $p_enabled = true, $p_realname = '') { if (null === $p_access_level) { $p_access_level = config_get('default_new_account_access_level'); } $t_password = auth_process_plain_password($p_password); $c_username = db_prepare_string($p_username); $c_realname = db_prepare_string($p_realname); $c_password = db_prepare_string($t_password); $c_email = db_prepare_string($p_email); $c_access_level = db_prepare_int($p_access_level); $c_protected = db_prepare_bool($p_protected); $c_enabled = db_prepare_bool($p_enabled); user_ensure_name_valid($p_username); user_ensure_name_unique($p_username); user_ensure_realname_valid($p_realname); user_ensure_realname_unique($p_username, $p_realname); email_ensure_valid($p_email); $t_seed = $p_email . $p_username; $t_cookie_string = auth_generate_unique_cookie_string($t_seed); $t_user_table = config_get('mantis_user_table'); $query = "INSERT INTO {$t_user_table}\n\t\t\t\t ( username, email, password, date_created, last_visit,\n\t\t\t\t enabled, access_level, login_count, cookie_string, realname )\n\t\t\t\t VALUES\n\t\t\t\t ( '{$c_username}', '{$c_email}', '{$c_password}', " . db_now() . "," . db_now() . ",\n\t\t\t\t {$c_enabled}, {$c_access_level}, 0, '{$t_cookie_string}', '{$c_realname}')"; db_query($query); # Create preferences for the user $t_user_id = db_insert_id($t_user_table); user_pref_set_default($t_user_id); # Users are added with protected set to FALSE in order to be able to update # preferences. Now set the real value of protected. if ($c_protected) { user_set_field($t_user_id, 'protected', 1); } # Send notification email if (!is_blank($p_email)) { $t_confirm_hash = auth_generate_confirm_hash($t_user_id); email_signup($t_user_id, $p_password, $t_confirm_hash); } return $t_cookie_string; }
function project_update($p_project_id, $p_name, $p_description, $p_status, $p_view_state, $p_file_path, $p_enabled, $p_inherit_global) { $p_project_id = (int) $p_project_id; $c_enabled = db_prepare_bool($p_enabled); $c_inherit_global = db_prepare_bool($p_inherit_global); if (is_blank($p_name)) { trigger_error(ERROR_PROJECT_NAME_INVALID, ERROR); } $t_old_name = project_get_field($p_project_id, 'name'); if (strcasecmp($p_name, $t_old_name) != 0) { project_ensure_name_unique($p_name); } if (DATABASE !== config_get('file_upload_method', null, null, $p_project_id)) { $p_file_path = validate_project_file_path($p_file_path); } $t_project_table = db_get_table('project'); $query = "UPDATE {$t_project_table}\n\t\t\t\t SET name=" . db_param() . ",\n\t\t\t\t\tstatus=" . db_param() . ",\n\t\t\t\t\tenabled=" . db_param() . ",\n\t\t\t\t\tview_state=" . db_param() . ",\n\t\t\t\t\tfile_path=" . db_param() . ",\n\t\t\t\t\tdescription=" . db_param() . ",\n\t\t\t\t\tinherit_global=" . db_param() . "\n\t\t\t\t WHERE id=" . db_param(); db_query_bound($query, array($p_name, (int) $p_status, $c_enabled, (int) $p_view_state, $p_file_path, $p_description, $c_inherit_global, $p_project_id)); project_clear_cache($p_project_id); # db_query errors on failure so: return true; }
/** * Return an array of ids of custom fields bound to the specified project * * The ids will be sorted based on the sequence number associated with the binding * @param integer $p_project_id A project identifier. * @return array * @access public */ function custom_field_get_linked_ids($p_project_id = ALL_PROJECTS) { global $g_cache_cf_linked; if (!isset($g_cache_cf_linked[$p_project_id])) { db_param_push(); if (ALL_PROJECTS == $p_project_id) { $t_user_id = auth_get_current_user_id(); # Select only the ids of custom fields in projects the user has access to # - all custom fields in public projects, # - those in private projects where the user is listed # - in private projects where the user is implicitly listed $t_query = 'SELECT DISTINCT cft.id FROM {custom_field} cft JOIN {custom_field_project} cfpt ON cfpt.field_id = cft.id JOIN {project} pt ON pt.id = cfpt.project_id AND pt.enabled = ' . db_prepare_bool(true) . ' LEFT JOIN {project_user_list} pult ON pult.project_id = cfpt.project_id AND pult.user_id = ' . db_param() . ' , {user} ut WHERE ut.id = ' . db_param() . ' AND ( pt.view_state = ' . VS_PUBLIC . ' OR pult.user_id = ut.id '; $t_params = array($t_user_id, $t_user_id); # Add private access clause and related parameter $t_private_access = config_get('private_project_threshold'); if (is_array($t_private_access)) { if (1 == count($t_private_access)) { $t_access_clause = '= ' . db_param(); $t_params[] = array_shift($t_private_access); } else { $t_access_clause = 'IN ('; foreach ($t_private_access as $t_elem) { $t_access_clause .= db_param() . ','; $t_params[] = $t_elem; } $t_access_clause = rtrim($t_access_clause, ',') . ')'; } } else { $t_access_clause = '>=' . db_param(); $t_params[] = $t_private_access; } $t_query .= 'OR ( pult.user_id IS NULL AND ut.access_level ' . $t_access_clause . ' ) )'; } else { if (is_array($p_project_id)) { if (1 == count($p_project_id)) { $t_project_clause = '= ' . db_param(); $t_params[] = array_shift($p_project_id); } else { $t_project_clause = 'IN ('; foreach ($p_project_id as $t_project) { $t_project_clause .= db_param() . ','; $t_params[] = $t_project; } $t_project_clause = rtrim($t_project_clause, ',') . ')'; } } else { $t_project_clause = '= ' . db_param(); $t_params[] = $p_project_id; } $t_query = 'SELECT cft.id FROM {custom_field} cft JOIN {custom_field_project} cfpt ON cfpt.field_id = cft.id WHERE cfpt.project_id ' . $t_project_clause . ' ORDER BY sequence ASC, name ASC'; } $t_result = db_query($t_query, $t_params); $t_ids = array(); while ($t_row = db_fetch_array($t_result)) { array_push($t_ids, $t_row['id']); } custom_field_cache_array_rows($t_ids); $g_cache_cf_linked[$p_project_id] = $t_ids; } else { $t_ids = $g_cache_cf_linked[$p_project_id]; } return $t_ids; }
/** * Note: any changes made in this function should be reflected in * mci_filter_db_get_available_queries()) * @param integer $p_project_id A valid project identifier. * @param integer $p_user_id A valid user identifier. * @return mixed */ function filter_db_get_available_queries($p_project_id = null, $p_user_id = null) { $t_overall_query_arr = array(); if (null === $p_project_id) { $t_project_id = helper_get_current_project(); } else { $t_project_id = (int) $p_project_id; } if (null === $p_user_id) { $t_user_id = auth_get_current_user_id(); } else { $t_user_id = (int) $p_user_id; } # If the user doesn't have access rights to stored queries, just return if (!access_has_project_level(config_get('stored_query_use_threshold'))) { return $t_overall_query_arr; } # Get the list of available queries. By sorting such that public queries are # first, we can override any query that has the same name as a private query # with that private one $t_query = 'SELECT * FROM {filters} WHERE (project_id=' . db_param() . ' OR project_id=0) AND name!=\'\' AND (is_public = ' . db_param() . ' OR user_id = ' . db_param() . ') ORDER BY is_public DESC, name ASC'; $t_result = db_query($t_query, array($t_project_id, db_prepare_bool(true), $t_user_id)); while ($t_row = db_fetch_array($t_result)) { $t_overall_query_arr[$t_row['id']] = $t_row['name']; } $t_overall_query_arr = array_unique($t_overall_query_arr); asort($t_overall_query_arr); return $t_overall_query_arr; }
/** * Return an array of ids of custom fields bound to the specified project * * The ids will be sorted based on the sequence number associated with the binding * @param int $p_project_id project id * @return array * @access public */ function custom_field_get_linked_ids($p_project_id = ALL_PROJECTS) { global $g_cache_cf_linked, $g_cache_custom_field; if (!isset($g_cache_cf_linked[$p_project_id])) { $t_custom_field_table = db_get_table('custom_field'); $t_custom_field_project_table = db_get_table('custom_field_project'); if (ALL_PROJECTS == $p_project_id) { $t_project_user_list_table = db_get_table('project_user_list'); $t_project_table = db_get_table('project'); $t_user_table = db_get_table('user'); $t_user_id = auth_get_current_user_id(); # Select only the ids of custom fields in projects the user has access to # - all custom fields in public projects, # - those in private projects where the user is listed # - in private projects where the user is implicitly listed $t_query = "\n\t\t\t\tSELECT DISTINCT cft.id\n\t\t\t\tFROM {$t_custom_field_table} cft\n\t\t\t\t\tJOIN {$t_custom_field_project_table} cfpt ON cfpt.field_id = cft.id\n\t\t\t\t\tJOIN {$t_project_table} pt\n\t\t\t\t\t\tON pt.id = cfpt.project_id AND pt.enabled = " . db_prepare_bool(true) . "\n\t\t\t\t\tLEFT JOIN {$t_project_user_list_table} pult\n\t\t\t\t\t\tON pult.project_id = cfpt.project_id AND pult.user_id = " . db_param() . "\n\t\t\t\t\t, {$t_user_table} ut\n\t\t\t\tWHERE ut.id = " . db_param() . "\n\t\t\t\t\tAND ( pt.view_state = " . VS_PUBLIC . "\n\t\t\t\t\t\tOR pult.user_id = ut.id\n\t\t\t\t\t\t"; $t_params = array($t_user_id, $t_user_id); # Add private access clause and related parameter $t_private_access = config_get('private_project_threshold'); if (is_array($t_private_access)) { if (1 == count($t_private_access)) { $t_access_clause = '= ' . db_param(); $t_params[] = array_shift($t_private_access); } else { $t_access_clause = 'IN ('; foreach ($t_private_access as $t_elem) { $t_access_clause .= db_param() . ','; $t_params[] = $t_elem; } $t_access_clause = rtrim($t_access_clause, ',') . ')'; } } else { $t_access_clause = '>=' . db_param(); $t_params[] = $t_private_access; } $t_query .= "OR ( pult.user_id IS NULL AND ut.access_level {$t_access_clause} ) )"; } else { if (is_array($p_project_id)) { if (1 == count($p_project_id)) { $t_project_clause = '= ' . db_param(); $t_params[] = array_shift($p_project_id); } else { $t_project_clause = 'IN ('; foreach ($p_project_id as $t_project) { $t_project_clause .= db_param() . ','; $t_params[] = $t_project; } $t_project_clause = rtrim($t_project_clause, ',') . ')'; } } else { $t_project_clause = '= ' . db_param(); $t_params[] = $p_project_id; } $t_query = "\n\t\t\t\tSELECT cft.id\n\t\t\t\tFROM {$t_custom_field_table} cft\n\t\t\t\t\tJOIN {$t_custom_field_project_table} cfpt ON cfpt.field_id = cft.id\n\t\t\t\tWHERE cfpt.project_id {$t_project_clause}\n\t\t\t\tORDER BY sequence ASC, name ASC"; } $result = db_query_bound($t_query, $t_params); $t_row_count = db_num_rows($result); $t_ids = array(); for ($i = 0; $i < $t_row_count; $i++) { $row = db_fetch_array($result); array_push($t_ids, $row['id']); } custom_field_cache_array_rows($t_ids); $g_cache_cf_linked[$p_project_id] = $t_ids; } else { $t_ids = $g_cache_cf_linked[$p_project_id]; } return $t_ids; }
/** * Create a user. * returns false if error, the generated cookie string if valid * * @param string $p_username A valid username. * @param string $p_password The password to set for the user. * @param string $p_email The Email Address of the user. * @param integer $p_access_level The global access level for the user. * @param boolean $p_protected Whether the account is protected from modifications (default false). * @param boolean $p_enabled Whether the account is enabled. * @param string $p_realname The realname of the user. * @param string $p_admin_name The name of the administrator creating the account. * @return string Cookie String */ function user_create($p_username, $p_password, $p_email = '', $p_access_level = null, $p_protected = false, $p_enabled = true, $p_realname = '', $p_admin_name = '') { if (null === $p_access_level) { $p_access_level = config_get('default_new_account_access_level'); } $t_password = auth_process_plain_password($p_password); $c_enabled = db_prepare_bool($p_enabled); user_ensure_name_valid($p_username); user_ensure_name_unique($p_username); user_ensure_realname_unique($p_username, $p_realname); email_ensure_valid($p_email); $t_cookie_string = auth_generate_unique_cookie_string(); $t_query = 'INSERT INTO {user} ( username, email, password, date_created, last_visit, enabled, access_level, login_count, cookie_string, realname ) VALUES ( ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ',' . db_param() . ',' . db_param() . ',' . db_param() . ', ' . db_param() . ')'; db_query($t_query, array($p_username, $p_email, $t_password, db_now(), db_now(), $c_enabled, (int) $p_access_level, 0, $t_cookie_string, $p_realname)); # Create preferences for the user $t_user_id = db_insert_id(db_get_table('user')); # Users are added with protected set to FALSE in order to be able to update # preferences. Now set the real value of protected. if ($p_protected) { user_set_field($t_user_id, 'protected', db_prepare_bool($p_protected)); } # Send notification email if (!is_blank($p_email)) { $t_confirm_hash = auth_generate_confirm_hash($t_user_id); email_signup($t_user_id, $p_password, $t_confirm_hash, $p_admin_name); } return $t_cookie_string; }
function user_pref_update($p_user_id, $p_project_id, $p_prefs) { $c_user_id = db_prepare_int($p_user_id); $c_project_id = db_prepare_int($p_project_id); user_ensure_unprotected($p_user_id); $t_user_pref_table = config_get('mantis_user_pref_table'); $t_vars = get_object_vars($p_prefs); $t_pairs = array(); foreach ($t_vars as $var => $val) { if (is_bool($p_prefs->{$var})) { array_push($t_pairs, "{$var} = " . db_prepare_bool($p_prefs->Get($var))); } else { if (is_int($p_prefs->{$var})) { array_push($t_pairs, "{$var} = " . db_prepare_int($p_prefs->Get($var))); } else { array_push($t_pairs, "{$var} = '" . db_prepare_string($p_prefs->Get($var)) . '\''); } } } $t_pairs_string = implode(', ', $t_pairs); $query = "UPDATE {$t_user_pref_table}\r\n\t\t\t\t SET {$t_pairs_string}\r\n\t\t\t\t WHERE user_id={$c_user_id} AND project_id={$c_project_id}"; db_query($query); user_pref_clear_cache($p_user_id, $p_project_id); # db_query() errors on failure so: return true; }
/** * Return a copy of the version structure with all the variables prepared for database insertion * @param VersionData $p_version_info A version data structure. * @return VersionData */ function version_prepare_db(VersionData $p_version_info) { $p_version_info->id = (int) $p_version_info->id; $p_version_info->project_id = (int) $p_version_info->project_id; $p_version_info->released = db_prepare_bool($p_version_info->released); $p_version_info->obsolete = db_prepare_bool($p_version_info->obsolete); return $p_version_info; }
$t_where = db_helper_compare_days("" . db_now() . "", "date_created", "<= {$days_old}"); } else { $c_prefix = db_prepare_string($f_filter); $t_where = "(UPPER(username) LIKE '{$c_prefix}%')"; } } } $p_per_page = 50; $t_offset = ($f_page_number - 1) * $p_per_page; $total_user_count = 0; # Get the user data in $c_sort order $result = ''; if (1 == $c_show_disabled) { $t_show_disabled_cond = ''; } else { $t_show_disabled_cond = ' AND enabled = ' . db_prepare_bool(true); } if (0 == $c_hide_inactive) { $query = "SELECT count(*) as usercnt\n\t\t\t\tFROM {$t_user_table}\n\t\t\t\tWHERE {$t_where}\n\t\t\t\t{$t_show_disabled_cond}"; $result = db_query_bound($query, $t_where_params); $row = db_fetch_array($result); $total_user_count = $row['usercnt']; } else { $query = "SELECT count(*) as usercnt\n\t\t\t\tFROM {$t_user_table}\n\t\t\t\tWHERE {$t_where} AND " . db_helper_compare_days("" . db_now() . "", "last_visit", "< {$days_old}") . $t_show_disabled_cond; $result = db_query_bound($query, $t_where_params); $row = db_fetch_array($result); $total_user_count = $row['usercnt']; } $t_page_count = ceil($total_user_count / $p_per_page); if ($t_page_count < 1) { $t_page_count = 1;
function bugnote_add($p_bug_id, $p_bugnote_text, $p_time_tracking = '0:00', $p_private = false, $p_type = 0, $p_attr = '', $p_user_id = null, $p_send_email = TRUE) { $c_bug_id = db_prepare_int($p_bug_id); $c_bugnote_text = db_prepare_string($p_bugnote_text); $c_time_tracking = db_prepare_time($p_time_tracking); $c_private = db_prepare_bool($p_private); $c_type = db_prepare_int($p_type); $c_attr = db_prepare_string($p_attr); $t_bugnote_text_table = config_get('mantis_bugnote_text_table'); $t_bugnote_table = config_get('mantis_bugnote_table'); $t_time_tracking_enabled = config_get('time_tracking_enabled'); $t_time_tracking_without_note = config_get('time_tracking_without_note'); if (ON == $t_time_tracking_enabled && $c_time_tracking > 0) { if (is_blank($p_bugnote_text) && OFF == $t_time_tracking_without_note) { error_parameters(lang_get('bugnote')); trigger_error(ERROR_EMPTY_FIELD, ERROR); } $c_type = TIME_TRACKING; } else { if (is_blank($p_bugnote_text)) { return false; } } # insert bugnote text $query = "INSERT INTO {$t_bugnote_text_table}\r\n\t\t \t\t( note )\r\n\t\t \t VALUES\r\n\t\t \t\t( '{$c_bugnote_text}' )"; db_query($query); # retrieve bugnote text id number $t_bugnote_text_id = db_insert_id($t_bugnote_text_table); # get user information if ($p_user_id === null) { $c_user_id = auth_get_current_user_id(); } else { $c_user_id = db_prepare_int($p_user_id); } # Check for private bugnotes. # @@@ VB: Should we allow users to report private bugnotes, and possibly see only their own private ones if ($p_private && access_has_bug_level(config_get('private_bugnote_threshold'), $p_bug_id, $c_user_id)) { $t_view_state = VS_PRIVATE; } else { $t_view_state = VS_PUBLIC; } # insert bugnote info $query = "INSERT INTO {$t_bugnote_table}\r\n\t\t\t\t\t(bug_id, reporter_id, bugnote_text_id, view_state, date_submitted, last_modified, note_type, note_attr, time_tracking )\r\n\t\t \t VALUES\r\n\t\t\t\t\t('{$c_bug_id}', '{$c_user_id}','{$t_bugnote_text_id}', '{$t_view_state}', " . db_now() . "," . db_now() . ", '{$c_type}', '{$c_attr}', '{$c_time_tracking}' )"; db_query($query); # get bugnote id $t_bugnote_id = db_insert_id($t_bugnote_table); # update bug last updated bug_update_date($p_bug_id); # log new bug history_log_event_special($p_bug_id, BUGNOTE_ADDED, bugnote_format_id($t_bugnote_id)); # only send email if the text is not blank, otherwise, it is just recording of time without a comment. if ($p_send_email && !is_blank($p_bugnote_text)) { email_bugnote_add($p_bug_id); } return $t_bugnote_id; }
/** * Return all versions for the specified project, including subprojects * @param int $p_project_id * @param int $p_released * @param bool $p_obsolete * @return array */ function version_get_all_rows_with_subs($p_project_id, $p_released = null, $p_obsolete = false) { $t_project_where = helper_project_specific_where($p_project_id); $t_param_count = 0; $t_query_params = array(); if ($p_released === null) { $t_released_where = ''; } else { $c_released = db_prepare_int($p_released); $t_released_where = "AND ( released = " . db_param($t_param_count++) . " )"; $t_query_params[] = $c_released; } if ($p_obsolete === null) { $t_obsolete_where = ''; } else { $c_obsolete = db_prepare_bool($p_obsolete); $t_obsolete_where = "AND ( obsolete = " . db_param($t_param_count++) . " )"; $t_query_params[] = $c_obsolete; } $t_project_version_table = db_get_table('project_version'); $query = "SELECT *\n\t\t\t\t FROM {$t_project_version_table}\n\t\t\t\t WHERE {$t_project_where} {$t_released_where} {$t_obsolete_where}\n\t\t\t\t ORDER BY date_order DESC"; $result = db_query_bound($query, $t_query_params); $count = db_num_rows($result); $rows = array(); for ($i = 0; $i < $count; $i++) { $row = db_fetch_array($result); $rows[] = $row; } return $rows; }
function project_update($p_project_id, $p_name, $p_description, $p_status, $p_view_state, $p_file_path, $p_enabled) { # Make sure file path has trailing slash $p_file_path = terminate_directory_path($p_file_path); $c_project_id = db_prepare_int($p_project_id); $c_name = db_prepare_string($p_name); $c_description = db_prepare_string($p_description); $c_status = db_prepare_int($p_status); $c_view_state = db_prepare_int($p_view_state); $c_file_path = db_prepare_string($p_file_path); $c_enabled = db_prepare_bool($p_enabled); if (is_blank($p_name)) { trigger_error(ERROR_PROJECT_NAME_INVALID, ERROR); } $t_old_name = project_get_field($p_project_id, 'name'); if (strcasecmp($p_name, $t_old_name) != 0) { project_ensure_name_unique($p_name); } if (!is_blank($p_file_path)) { file_ensure_valid_upload_path($p_file_path); } $t_project_table = config_get('mantis_project_table'); $query = "UPDATE {$t_project_table}\r\n\t\t\t\t SET name='{$c_name}',\r\n\t\t\t\t\tstatus='{$c_status}',\r\n\t\t\t\t\tenabled='{$c_enabled}',\r\n\t\t\t\t\tview_state='{$c_view_state}',\r\n\t\t\t\t\tfile_path='{$c_file_path}',\r\n\t\t\t\t\tdescription='{$c_description}'\r\n\t\t\t\t WHERE id='{$c_project_id}'"; db_query($query); project_clear_cache($p_project_id); # db_query errors on failure so: return true; }
/** * Basically this is a copy of core/filter_api.php#filter_db_get_available_queries(). * The only difference is that the result of this function is not an array of filter * names but an array of filter structures. */ function mci_filter_db_get_available_queries($p_project_id = null, $p_user_id = null) { $t_filters_table = db_get_table('filters'); $t_overall_query_arr = array(); if (null === $p_project_id) { $t_project_id = helper_get_current_project(); } else { $t_project_id = db_prepare_int($p_project_id); } if (null === $p_user_id) { $t_user_id = auth_get_current_user_id(); } else { $t_user_id = db_prepare_int($p_user_id); } # If the user doesn't have access rights to stored queries, just return if (!access_has_project_level(config_get('stored_query_use_threshold'))) { return $t_overall_query_arr; } # Get the list of available queries. By sorting such that public queries are # first, we can override any query that has the same name as a private query # with that private one $query = "SELECT * FROM {$t_filters_table}\n\t\t\t\t\tWHERE (project_id=" . db_param() . "\n\t\t\t\t\t\tOR project_id=0)\n\t\t\t\t\tAND name!=''\n\t\t\t\t\tAND (is_public = " . db_prepare_bool(true) . "\n\t\t\t\t\t\tOR user_id = " . db_param() . ")\n\t\t\t\t\tORDER BY is_public DESC, name ASC"; $result = db_query_bound($query, array($t_project_id, $t_user_id)); $query_count = db_num_rows($result); for ($i = 0; $i < $query_count; $i++) { $row = db_fetch_array($result); $t_filter_detail = explode('#', $row['filter_string'], 2); if (!isset($t_filter_detail[1])) { continue; } $t_filter = unserialize($t_filter_detail[1]); $t_filter = filter_ensure_valid_filter($t_filter); $row['url'] = filter_get_url($t_filter); $t_overall_query_arr[$row['name']] = $row; } return array_values($t_overall_query_arr); }
/** * Update the field definition * return true on success, false on failure * @param int $p_field_id custom field id * @param array custom field definition * @return bool * @access public */ function custom_field_update( $p_field_id, $p_def_array ) { $c_field_id = db_prepare_int( $p_field_id ); $c_name = db_prepare_string( trim( $p_def_array['name'] ) ); $c_type = db_prepare_int( $p_def_array['type'] ); $c_possible_values = db_prepare_string( $p_def_array['possible_values'] ); $c_default_value = db_prepare_string( $p_def_array['default_value'] ); $c_valid_regexp = db_prepare_string( $p_def_array['valid_regexp'] ); $c_access_level_r = db_prepare_int( $p_def_array['access_level_r'] ); $c_access_level_rw = db_prepare_int( $p_def_array['access_level_rw'] ); $c_length_min = db_prepare_int( $p_def_array['length_min'] ); $c_length_max = db_prepare_int( $p_def_array['length_max'] ); $c_filter_by = db_prepare_bool( $p_def_array['filter_by'] ); $c_display_report = db_prepare_bool( $p_def_array['display_report'] ); $c_display_update = db_prepare_bool( $p_def_array['display_update'] ); $c_display_resolved = db_prepare_bool( $p_def_array['display_resolved'] ); $c_display_closed = db_prepare_bool( $p_def_array['display_closed'] ); $c_require_report = db_prepare_bool( $p_def_array['require_report'] ); $c_require_update = db_prepare_bool( $p_def_array['require_update'] ); $c_require_resolved = db_prepare_bool( $p_def_array['require_resolved'] ); $c_require_closed = db_prepare_bool( $p_def_array['require_closed'] ); if( is_blank( $c_name ) ) { error_parameters( 'name' ); trigger_error( ERROR_EMPTY_FIELD, ERROR ); } if(( $c_access_level_rw < $c_access_level_r ) || ( $c_length_min < 0 ) || (( $c_length_max != 0 ) && ( $c_length_min > $c_length_max ) ) ) { trigger_error( ERROR_CUSTOM_FIELD_INVALID_DEFINITION, ERROR ); } if( !custom_field_is_name_unique( $c_name, $c_field_id ) ) { trigger_error( ERROR_CUSTOM_FIELD_NAME_NOT_UNIQUE, ERROR ); } $t_update_something = false; $t_mantis_custom_field_table = db_get_table( 'custom_field' ); $query = "UPDATE $t_mantis_custom_field_table SET "; if( array_key_exists( 'name', $p_def_array ) ) { if( !$t_update_something ) { $t_update_something = true; } else { $query .= ', '; } $query .= "name='$c_name'"; } if( array_key_exists( 'type', $p_def_array ) ) { if( !$t_update_something ) { $t_update_something = true; } else { $query .= ', '; } $query .= "type='$c_type'"; } if( array_key_exists( 'possible_values', $p_def_array ) ) { if( !$t_update_something ) { $t_update_something = true; } else { $query .= ', '; } $query .= "possible_values='$c_possible_values'"; } if( array_key_exists( 'default_value', $p_def_array ) ) { if( !$t_update_something ) { $t_update_something = true; } else { $query .= ', '; } $query .= "default_value='$c_default_value'"; } if( array_key_exists( 'valid_regexp', $p_def_array ) ) { if( !$t_update_something ) { $t_update_something = true; } else { $query .= ', '; } $query .= "valid_regexp='$c_valid_regexp'"; } if( array_key_exists( 'access_level_r', $p_def_array ) ) { if( !$t_update_something ) { $t_update_something = true; } else { $query .= ', '; } $query .= "access_level_r='$c_access_level_r'"; } if( array_key_exists( 'access_level_rw', $p_def_array ) ) { if( !$t_update_something ) { $t_update_something = true; } else { $query .= ', '; } $query .= "access_level_rw='$c_access_level_rw'"; } if( array_key_exists( 'length_min', $p_def_array ) ) { if( !$t_update_something ) { $t_update_something = true; } else { $query .= ', '; } $query .= "length_min='$c_length_min'"; } if( array_key_exists( 'length_max', $p_def_array ) ) { if( !$t_update_something ) { $t_update_something = true; } else { $query .= ', '; } $query .= "length_max='$c_length_max'"; } if( array_key_exists( 'filter_by', $p_def_array ) ) { if( !$t_update_something ) { $t_update_something = true; } else { $query .= ', '; } $query .= "filter_by='$c_filter_by'"; } if( array_key_exists( 'display_report', $p_def_array ) ) { if( !$t_update_something ) { $t_update_something = true; } else { $query .= ', '; } $query .= "display_report='$c_display_report'"; } if( array_key_exists( 'display_update', $p_def_array ) ) { if( !$t_update_something ) { $t_update_something = true; } else { $query .= ', '; } $query .= "display_update='$c_display_update'"; } if( array_key_exists( 'display_resolved', $p_def_array ) ) { if( !$t_update_something ) { $t_update_something = true; } else { $query .= ', '; } $query .= "display_resolved='$c_display_resolved'"; } if( array_key_exists( 'display_closed', $p_def_array ) ) { if( !$t_update_something ) { $t_update_something = true; } else { $query .= ', '; } $query .= "display_closed='$c_display_closed'"; } if( array_key_exists( 'require_report', $p_def_array ) ) { if( !$t_update_something ) { $t_update_something = true; } else { $query .= ', '; } $query .= "require_report='$c_require_report'"; } if( array_key_exists( 'require_update', $p_def_array ) ) { if( !$t_update_something ) { $t_update_something = true; } else { $query .= ', '; } $query .= "require_update='$c_require_update'"; } if( array_key_exists( 'require_resolved', $p_def_array ) ) { if( !$t_update_something ) { $t_update_something = true; } else { $query .= ', '; } $query .= "require_resolved='$c_require_resolved'"; } if( array_key_exists( 'require_closed', $p_def_array ) ) { if( !$t_update_something ) { $t_update_something = true; } else { $query .= ', '; } $query .= "require_closed='$c_require_closed'"; } $query .= " WHERE id='$c_field_id'"; if( $t_update_something ) { db_query( $query ); custom_field_clear_cache( $p_field_id ); } else { return false; # there is nothing to update... } # db_query errors on failure so: return true; }
$f_username = trim($f_username); $t_old_username = user_get_field($f_user_id, 'username'); # check that the username is unique if (0 != strcasecmp($t_old_username, $f_username) && false == user_is_name_unique($f_username)) { trigger_error(ERROR_USER_NAME_NOT_UNIQUE, ERROR); } user_ensure_name_valid($f_username); user_ensure_realname_valid($f_realname); user_ensure_realname_unique($f_username, $f_realname); $f_email = email_append_domain($f_email); email_ensure_valid($f_email); $c_email = db_prepare_string($f_email); $c_username = db_prepare_string($f_username); $c_realname = db_prepare_string($f_realname); $c_protected = db_prepare_bool($f_protected); $c_enabled = db_prepare_bool($f_enabled); $c_user_id = db_prepare_int($f_user_id); $c_access_level = db_prepare_int($f_access_level); $t_user_table = config_get('mantis_user_table'); $t_old_protected = user_get_field($f_user_id, 'protected'); # check that we are not downgrading the last administrator $t_old_access = user_get_field($f_user_id, 'access_level'); if (ADMINISTRATOR == $t_old_access && $t_old_access != $f_access_level && 1 >= user_count_level(ADMINISTRATOR)) { trigger_error(ERROR_USER_CHANGE_LAST_ADMIN, ERROR); } # Project specific access rights override global levels, hence, for users who are changed # to be administrators, we have to remove project specific rights. if ($c_access_level >= ADMINISTRATOR && !user_is_administrator($c_user_id)) { user_delete_project_specific_access_levels($c_user_id); } # if the user is already protected and the admin is not removing the
/** * Add a bugnote to a bug * return the ID of the new bugnote * @param int $p_bug_id bug id * @param string $p_bugnote_text bugnote text * @param string $p_time_tracking hh:mm string * @param bool $p_private whether bugnote is private * @param int $p_type bugnote type * @param string $p_attr * @param int $p_user_id user id * @param bool $p_send_email generate email? * @param int $p_date_submitted date submitted (defaults to now()) * @param int $p_last_modified last modification date (defaults to now()) * @param bool $p_skip_bug_update skip bug last modification update (useful when importing bugs/bugnotes) * @return false|int false or indicating bugnote id added * @access public */ function bugnote_add($p_bug_id, $p_bugnote_text, $p_time_tracking = '0:00', $p_private = false, $p_type = 0, $p_attr = '', $p_user_id = null, $p_send_email = TRUE, $p_date_submitted = 0, $p_last_modified = 0, $p_skip_bug_update = FALSE) { $c_bug_id = db_prepare_int($p_bug_id); $c_time_tracking = helper_duration_to_minutes($p_time_tracking); $c_private = db_prepare_bool($p_private); $c_type = db_prepare_int($p_type); $c_date_submitted = $p_date_submitted <= 0 ? db_now() : db_prepare_int($p_date_submitted); $c_last_modified = $p_last_modified <= 0 ? db_now() : db_prepare_int($p_last_modified); $t_bugnote_text_table = db_get_table('bugnote_text'); $t_bugnote_table = db_get_table('bugnote'); $t_time_tracking_enabled = config_get('time_tracking_enabled'); $t_time_tracking_without_note = config_get('time_tracking_without_note'); if (ON == $t_time_tracking_enabled && $c_time_tracking > 0) { if (is_blank($p_bugnote_text) && OFF == $t_time_tracking_without_note) { error_parameters(lang_get('bugnote')); trigger_error(ERROR_EMPTY_FIELD, ERROR); } $c_type = TIME_TRACKING; } else { if (is_blank($p_bugnote_text)) { return false; } } $t_bugnote_text = $p_bugnote_text; # Event integration $t_bugnote_text = event_signal('EVENT_BUGNOTE_DATA', $t_bugnote_text, $c_bug_id); # insert bugnote text $query = 'INSERT INTO ' . $t_bugnote_text_table . ' ( note ) VALUES ( ' . db_param() . ' )'; db_query_bound($query, array($t_bugnote_text)); # retrieve bugnote text id number $t_bugnote_text_id = db_insert_id($t_bugnote_text_table); # get user information if ($p_user_id === null) { $c_user_id = auth_get_current_user_id(); } else { $c_user_id = db_prepare_int($p_user_id); } # Check for private bugnotes. if ($c_private && access_has_bug_level(config_get('set_view_status_threshold'), $p_bug_id, $c_user_id)) { $t_view_state = VS_PRIVATE; } else { $t_view_state = VS_PUBLIC; } # insert bugnote info $query = "INSERT INTO {$t_bugnote_table}\n\t\t\t\t(bug_id, reporter_id, bugnote_text_id, view_state, date_submitted, last_modified, note_type, note_attr, time_tracking )\n\t\t\tVALUES\n\t\t\t\t(" . db_param() . ', ' . db_param() . ',' . db_param() . ', ' . db_param() . ', ' . db_param() . ',' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ' )'; db_query_bound($query, array($c_bug_id, $c_user_id, $t_bugnote_text_id, $t_view_state, $c_date_submitted, $c_last_modified, $c_type, $p_attr, $c_time_tracking)); # get bugnote id $t_bugnote_id = db_insert_id($t_bugnote_table); # update bug last updated if (!$p_skip_bug_update) { bug_update_date($p_bug_id); } # log new bug history_log_event_special($p_bug_id, BUGNOTE_ADDED, bugnote_format_id($t_bugnote_id)); # Event integration event_signal('EVENT_BUGNOTE_ADD', array($p_bug_id, $t_bugnote_id)); # only send email if the text is not blank, otherwise, it is just recording of time without a comment. if (TRUE == $p_send_email && !is_blank($t_bugnote_text)) { email_bugnote_add($p_bug_id); } return $t_bugnote_id; }
function custom_field_update($p_field_id, $p_def_array) { if (string_contains_scripting_chars($p_def_array['name'])) { trigger_error(ERROR_CUSTOM_FIELD_INVALID_DEFINITION, ERROR); } $c_field_id = db_prepare_int($p_field_id); $c_name = db_prepare_string(trim($p_def_array['name'])); $c_type = db_prepare_int($p_def_array['type']); $c_possible_values = db_prepare_string($p_def_array['possible_values']); $c_default_value = db_prepare_string($p_def_array['default_value']); $c_valid_regexp = db_prepare_string($p_def_array['valid_regexp']); $c_access_level_r = db_prepare_int($p_def_array['access_level_r']); $c_access_level_rw = db_prepare_int($p_def_array['access_level_rw']); $c_length_min = db_prepare_int($p_def_array['length_min']); $c_length_max = db_prepare_int($p_def_array['length_max']); $c_advanced = db_prepare_bool($p_def_array['advanced']); $c_display_report = db_prepare_bool($p_def_array['display_report']); $c_display_update = db_prepare_bool($p_def_array['display_update']); $c_display_resolved = db_prepare_bool($p_def_array['display_resolved']); $c_display_closed = db_prepare_bool($p_def_array['display_closed']); $c_require_report = db_prepare_bool($p_def_array['require_report']); $c_require_update = db_prepare_bool($p_def_array['require_update']); $c_require_resolved = db_prepare_bool($p_def_array['require_resolved']); $c_require_closed = db_prepare_bool($p_def_array['require_closed']); if (is_blank($c_name)) { error_parameters('name'); trigger_error(ERROR_EMPTY_FIELD, ERROR); } if ($c_access_level_rw < $c_access_level_r || $c_length_min < 0 || $c_length_max != 0 && $c_length_min > $c_length_max) { trigger_error(ERROR_CUSTOM_FIELD_INVALID_DEFINITION, ERROR); } if ($c_advanced == true && ($c_require_report == true || $c_require_update)) { trigger_error(ERROR_CUSTOM_FIELD_INVALID_DEFINITION, ERROR); } if (!custom_field_is_name_unique($c_name, $c_field_id)) { trigger_error(ERROR_CUSTOM_FIELD_NAME_NOT_UNIQUE, ERROR); } $t_update_something = false; $t_mantis_custom_field_table = config_get('mantis_custom_field_table'); $query = "UPDATE {$t_mantis_custom_field_table}\r\n\t\t\t\t SET "; if (array_key_exists('name', $p_def_array)) { if (!$t_update_something) { $t_update_something = true; } else { $query .= ', '; } $query .= "name='{$c_name}'"; } if (array_key_exists('type', $p_def_array)) { if (!$t_update_something) { $t_update_something = true; } else { $query .= ', '; } $query .= "type='{$c_type}'"; } if (array_key_exists('possible_values', $p_def_array)) { if (!$t_update_something) { $t_update_something = true; } else { $query .= ', '; } $query .= "possible_values='{$c_possible_values}'"; } if (array_key_exists('default_value', $p_def_array)) { if (!$t_update_something) { $t_update_something = true; } else { $query .= ', '; } $query .= "default_value='{$c_default_value}'"; } if (array_key_exists('valid_regexp', $p_def_array)) { if (!$t_update_something) { $t_update_something = true; } else { $query .= ', '; } $query .= "valid_regexp='{$c_valid_regexp}'"; } if (array_key_exists('access_level_r', $p_def_array)) { if (!$t_update_something) { $t_update_something = true; } else { $query .= ', '; } $query .= "access_level_r='{$c_access_level_r}'"; } if (array_key_exists('access_level_rw', $p_def_array)) { if (!$t_update_something) { $t_update_something = true; } else { $query .= ', '; } $query .= "access_level_rw='{$c_access_level_rw}'"; } if (array_key_exists('length_min', $p_def_array)) { if (!$t_update_something) { $t_update_something = true; } else { $query .= ', '; } $query .= "length_min='{$c_length_min}'"; } if (array_key_exists('length_max', $p_def_array)) { if (!$t_update_something) { $t_update_something = true; } else { $query .= ', '; } $query .= "length_max='{$c_length_max}'"; } if (array_key_exists('advanced', $p_def_array)) { if (!$t_update_something) { $t_update_something = true; } else { $query .= ', '; } $query .= "advanced='{$c_advanced}'"; } if (array_key_exists('display_report', $p_def_array)) { if (!$t_update_something) { $t_update_something = true; } else { $query .= ', '; } $query .= "display_report='{$c_display_report}'"; } if (array_key_exists('display_update', $p_def_array)) { if (!$t_update_something) { $t_update_something = true; } else { $query .= ', '; } $query .= "display_update='{$c_display_update}'"; } if (array_key_exists('display_resolved', $p_def_array)) { if (!$t_update_something) { $t_update_something = true; } else { $query .= ', '; } $query .= "display_resolved='{$c_display_resolved}'"; } if (array_key_exists('display_closed', $p_def_array)) { if (!$t_update_something) { $t_update_something = true; } else { $query .= ', '; } $query .= "display_closed='{$c_display_closed}'"; } if (array_key_exists('require_report', $p_def_array)) { if (!$t_update_something) { $t_update_something = true; } else { $query .= ', '; } $query .= "require_report='{$c_require_report}'"; } if (array_key_exists('require_update', $p_def_array)) { if (!$t_update_something) { $t_update_something = true; } else { $query .= ', '; } $query .= "require_update='{$c_require_update}'"; } if (array_key_exists('require_resolved', $p_def_array)) { if (!$t_update_something) { $t_update_something = true; } else { $query .= ', '; } $query .= "require_resolved='{$c_require_resolved}'"; } if (array_key_exists('require_closed', $p_def_array)) { if (!$t_update_something) { $t_update_something = true; } else { $query .= ', '; } $query .= "require_closed='{$c_require_closed}'"; } $query .= " WHERE id='{$c_field_id}'"; if ($t_update_something) { db_query($query); custom_field_clear_cache($p_field_id); } else { return false; # there is nothing to update... } # db_query() errors on failure so: return true; }
public function put($request) { /** * Updates the user. * * @param $request - The Request we're responding to */ $this->user_id = User::get_mantis_id_from_url($request->url); if (!access_has_global_level(config_get('manage_user_threshold')) && auth_get_current_user_id() != $this->user_id) { throw new HTTPException(403, "Access denied to edit user {$this->user_id}'s info"); } $this->populate_from_repr($request->body); # Do some validation on the inputs (from Mantis's user_create()) $username = db_prepare_string($this->rsrc_data['username']); $realname = db_prepare_string($this->rsrc_data['realname']); $password = db_prepare_string($this->rsrc_data['password']); $email = db_prepare_string($this->rsrc_data['email']); $access_level = db_prepare_int(get_string_to_enum(config_get('access_levels_enum_string'), $this->rsrc_data['access_level'])); $protected = db_prepare_bool($this->rsrc_data['protected']); $enabled = db_prepare_bool($this->rsrc_data['enabled']); user_ensure_name_valid($username); user_ensure_realname_valid($realname); user_ensure_realname_unique($username, $realname); email_ensure_valid($email); # The cookie string is based on email and username, so if either of those changed, # we have to change the cookie string. $user_row = user_get_row($this->user_id); $username_key = array_key_exists('username', $user_row) ? 'username' : 1; $email_key = array_key_exists('email', $user_row) ? 'email' : 3; $cookie_string_key = array_key_exists('cookie_string', $user_row) ? 'cookie_string' : 13; if ($user_row[$username_key] != $username || $user_row[$email_key] != $email) { $seed = $email . $username; $cookie_string = auth_generate_unique_cookie_string($seed); } else { $cookie_string = $user_row[$cookie_string_key]; } $password_hash = auth_process_plain_password($password); $user_table = config_get('mantis_user_table'); $query = "UPDATE {$user_table}\n\t\t\t\tSET username = '******',\n\t\t\t\t realname = '{$realname}',\n\t\t\t\t email = '{$email}',\n\t\t\t\t password = '******',\n\t\t\t\t enabled = {$enabled},\n\t\t\t\t protected = {$protected},\n\t\t\t\t access_level = {$access_level},\n\t\t\t\t cookie_string = '{$cookie_string}'\n\t\t\t\tWHERE id = {$this->user_id};"; db_query($query); $resp = new Response(); $resp->status = 204; return $resp; }