$project = !empty($_GET['project']) ? $_GET['project'] : false;
$pseudo_pkgs = get_pseudo_packages($project, false);
// false == no read-only packages included
// Authenticate
bugs_authenticate($user, $pw, $logged_in, $user_flags);
$is_trusted_developer = $user_flags & BUGS_TRUSTED_DEV;
$is_security_developer = $user_flags & BUGS_SECURITY_DEV;
require "{$ROOT_DIR}/include/php_versions.php";
// captcha is not necessary if the user is logged in
if (!$logged_in) {
require_once 'Text/CAPTCHA/Numeral.php';
$numeralCaptcha = new Text_CAPTCHA_Numeral();
}
// Handle input
if (isset($_POST['in'])) {
$errors = incoming_details_are_valid($_POST['in'], 1, $logged_in);
// Check if session answer is set, then compare it with the post captcha value.
// If it's not the same, then it's an incorrect password.
if (!$logged_in) {
if (!isset($_SESSION['answer'])) {
$errors[] = 'Please enable cookies so the Captcha system can work';
} elseif ($_POST['captcha'] != $_SESSION['answer']) {
$errors[] = 'Incorrect Captcha';
}
if (is_spam($_POST['in']['ldesc']) || is_spam($_POST['in']['expres']) || is_spam($_POST['in']['repcode'])) {
$errors[] = 'Spam detected';
}
}
// Set auto-generated password when not supplied or logged in
if ($logged_in || $_POST['in']['passwd'] == '') {
$_POST['in']['passwd'] = uniqid();
if (isset($auth_user) && $auth_user->registered) {
if (auth_check('pear.voter') && !auth_check('pear.dev') && !auth_check('pear.bug')) {
// auto-grant bug tracker karma if it isn't present
require_once 'Damblan/Karma.php';
$karma = new Damblan_Karma($dbh);
$karma->grant($auth_user->user, 'pear.bug');
}
if (isset($_SESSION['answer'])) {
unset($_SESSION['answer']);
}
if (isset($_POST['in'])) {
$_POST['in']['email'] = $auth_user->email;
}
}
if (isset($_POST['in'])) {
$errors = incoming_details_are_valid($_POST['in'], 1, isset($auth_user) && $auth_user->registered);
/**
* Check if session answer is set, then compare
* it with the post captcha value. If it's not
* the same, then it's an incorrect password.
*/
if (isset($_SESSION['answer']) && strlen(trim($_SESSION['answer'])) > 0) {
if ($_POST['captcha'] != $_SESSION['answer']) {
$errors[] = 'Incorrect Captcha';
}
}
// try to verify the user
if (isset($auth_user)) {
$_POST['in']['handle'] = $auth_user->handle;
}
if (!$errors) {
$reason = str_replace('@svn@', 'pear-core', $reason);
$ncomment = "{$reason}\n\n{$ncomment}";
break;
default:
$reason = str_replace('@svn@', $bug['package_name'], $reason);
$ncomment = "{$reason}\n\n{$ncomment}";
break;
}
} else {
$ncomment = "{$reason}\n\n{$ncomment}";
}
}
}
}
$from = $auth_user->email;
if (!$errors && !($errors = incoming_details_are_valid($_POST['in']))) {
$query = 'UPDATE bugdb SET';
// Update email only if it's passed
if ($bug['email'] != $_POST['in']['email'] && !empty($_POST['in']['email'])) {
$query .= " email='{$_POST['in']['email']}',";
}
// Changing the package to 'Security related' should mark the bug as private automatically
if ($bug['bug_type'] != $_POST['in']['bug_type']) {
if ($_POST['in']['bug_type'] == 'Security' && $_POST['in']['status'] != 'Closed') {
$is_private = $_POST['in']['private'] = 'Y';
}
}
if ($logged_in != 'developer') {
// don't reset assigned status
$_POST['in']['assign'] = $bug['assign'];
}
