Exemplo n.º 1
0
 /**
  * Check the return value of the user_get_id()
  */
 public function testGetValidUserId()
 {
     $this->ci->load->model('user_model');
     $userDetail = $this->ci->user_model->getUserByUsername($this->_username);
     $this->ci->session->set_userdata((array) $userDetail[0]);
     $this->assertEquals($userDetail[0]->ID, user_get_id());
 }
Exemplo n.º 2
0
</head>
<body id="page-<?php 
echo menu_get_current_area();
?>
">

<div id="hd">
    <div class="container_12 top">
    	<div class="grid_12">
    		<div class="usr">
    			<div class="wrapper">
        		<?php 
if (user_is_auth()) {
    ?>
        			Logged in as <strong><a href="/user/view/<?php 
    echo user_get_id();
    ?>
"><?php 
    echo escape(user_get_username());
    ?>
</a></strong> | 
        			<a href="/user/main">Account</a> | 
        			<a href="/user/logout">Logout</a>
        		<?php 
} else {
    ?>
        			<a href="/user/login">Login</a> or <a href="/user/register">Register</a>
        		<?php 
}
?>
    			</div>
Exemplo n.º 3
0
    function generate_auth_options($auth_options = array(), $options_extend = false, $return_link = false)
    {
        global $_CLASS, $site_file_root;
        $auth_options['groups'][0] = empty($auth_options['groups'][0]) ? array() : $auth_options['groups'][0];
        $auth_options['groups'][1] = empty($auth_options['groups'][1]) ? array() : $auth_options['groups'][1];
        $auth_options['users'] = empty($auth_options['users']) ? array() : $auth_options['users'];
        $mode = $return = false;
        $checks = array('add', 'remove', 'set');
        foreach ($checks as $check) {
            if (isset($_POST[$check])) {
                $mode = $check;
                break;
            }
        }
        if ($mode) {
            require_once $site_file_root . 'includes/functions_user.php';
            $ids = array('groups' => array(), 'users' => array());
            switch ($mode) {
                case 'add':
                    $setup['groups'] = get_variable('groups_add', 'POST', array(), 'array');
                    $setup['users'] = explode("\n", get_variable('users_add', 'POST'));
                    $submited_options = get_variable('auth_options', 'POST', array(), 'array');
                    if (count($setup['users'])) {
                        $setup['users'] = user_get_id($setup['users'], $null);
                    }
                    if (count($setup['groups'])) {
                        $sql = 'SELECT group_id
							FROM ' . GROUPS_TABLE . '
							WHERE group_id IN (' . implode(', ', array_map('intval', $setup['groups'])) . ')';
                        $result = $_CLASS['core_db']->query($sql);
                        $setup['groups'] = array();
                        while ($row = $_CLASS['core_db']->fetch_row_assoc($result)) {
                            $setup['groups'][] = $row['group_id'];
                        }
                        $_CLASS['core_db']->free_result($result);
                    }
                    foreach ($setup['groups'] as $id) {
                        $auth_options['groups'][$submited_options['core_auth_type']][$id] = array('core_status' => $submited_options['core_status']);
                    }
                    foreach ($setup['users'] as $id) {
                        $auth_options['users'][$id] = array('core_status' => $submited_options['core_status']);
                    }
                    unset($setup);
                    //print_r($auth_options); die;
                    break;
                case 'remove':
                    $ids['groups'] = array_map('intval', get_variable('groups_current', 'POST', array(), 'array'));
                    $ids['users'] = array_map('intval', get_variable('users_current', 'POST', array(), 'array'));
                    $function = $mode == 'add' ? 'array_merge' : 'array_diff';
                    // We need to tell with is only group and with is in group.
                    foreach ($ids['groups'] as $groups_id) {
                        if (isset($auth_options['groups'][1][$groups_id])) {
                            unset($auth_options['groups'][1][$groups_id]);
                        }
                        if (isset($auth_options['groups'][0][$groups_id])) {
                            unset($auth_options['groups'][0][$groups_id]);
                        }
                    }
                    foreach ($auth_options['users'] as $key => $ignore) {
                        if (in_array($key, $ids['users'])) {
                            unset($auth_options['users'][$key]);
                        }
                    }
                    break;
                case 'set':
                    break;
            }
            $return = null;
            if (!empty($auth_options['users']) || !empty($auth_options['groups'][0]) || !empty($auth_options['groups'][1])) {
                $return =& $auth_options;
            }
        }
        $group_list = $allowed_group_list = $disallowed_group_list = $allowed_user_list = $disallowed_user_list = '';
        if (!empty($auth_options['users'])) {
            $sql = 'SELECT user_id, username, user_colour
				FROM ' . USERS_TABLE . '
				WHERE user_id IN (' . implode(', ', array_keys($auth_options['users'])) . ')
					ORDER BY username';
            $result = $_CLASS['core_db']->query($sql);
            while ($row = $_CLASS['core_db']->fetch_row_assoc($result)) {
                $user_list = $auth_options['users'][$row['user_id']]['core_status'] == 1 ? 'allowed_user_list' : 'disallowed_user_list';
                ${$user_list} .= '<option ' . ($row['user_colour'] ? ' style="color: #' . $row['user_colour'] . ';"' : '') . ' value="' . $row['user_id'] . '">' . $row['username'] . '</option>';
            }
            $_CLASS['core_db']->free_result($result);
        }
        // this can be removed, when everthing else is updated
        $groups_ids = array_merge(array_keys($auth_options['groups'][0]), array_keys($auth_options['groups'][1]));
        if (!empty($groups_ids)) {
            $sql = 'SELECT group_id, group_name, group_type 
				FROM ' . GROUPS_TABLE . '
				WHERE group_id IN (' . implode(', ', $groups_ids) . ')
					ORDER BY group_type DESC, group_name';
            $result = $_CLASS['core_db']->query($sql);
            while ($row = $_CLASS['core_db']->fetch_row_assoc($result)) {
                $group_auth_type = isset($auth_options['groups'][1][$row['group_id']]['core_status']) ? 1 : 0;
                $group_list = $auth_options['groups'][$group_auth_type][$row['group_id']]['core_status'] ? 'allowed_group_list' : 'disallowed_group_list';
                ${$group_list} .= '<option' . ($group_auth_type == 1 ? ' style="color: #006699;"' : '') . ' value="' . $row['group_id'] . '">' . (isset($_CLASS['core_user']->lang['G_' . $row['group_name']]) ? $_CLASS['core_user']->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>';
            }
            $_CLASS['core_db']->free_result($result);
        }
        $sql = 'SELECT group_id, group_name, group_type 
			FROM ' . GROUPS_TABLE . (empty($groups_ids) ? '' : ' WHERE group_id NOT IN (' . implode(', ', $groups_ids) . ')') . '
					ORDER BY group_type DESC, group_name';
        $result = $_CLASS['core_db']->query($sql);
        while ($row = $_CLASS['core_db']->fetch_row_assoc($result)) {
            $group_list .= '<option value="' . $row['group_id'] . '">' . (isset($_CLASS['core_user']->lang['G_' . $row['group_name']]) ? $_CLASS['core_user']->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>';
        }
        $_CLASS['core_db']->free_result($result);
        $_CLASS['core_template']->assign(array('P_ADD_GROUPS' => $group_list, 'P_CURRENT_USERS' => $allowed_user_list, 'P_DCURRENT_USERS' => $disallowed_user_list, 'P_CURRENT_GROUPS' => $allowed_group_list, 'P_DCURRENT_GROUPS' => $disallowed_group_list));
        $_CLASS['core_template']->display('permission.html');
        return $return;
    }
Exemplo n.º 4
0
<?php

$login_errors = array();
if (isset($_POST['mail'])) {
    if (FALSE === filter_var($_POST['mail'], FILTER_VALIDATE_EMAIL)) {
        $login_errors[] = 'Email is not valid';
    }
    if (strlen($_POST['pass']) === 0) {
        $login_errors[] = 'Password is empty';
    }
    if (empty($login_errors)) {
        $user_id = user_get_id($_POST['mail'], $_POST['pass']);
        if ($user_id) {
            $_SESSION['user_id'] = $user_id;
            header('Location: index.php');
            die;
        }
    }
}
Exemplo n.º 5
0
</div>

<div class="box">
    <h2>Comments</h2>
    <div class="UserViewCommentDetailsControl" onclick="$('.UserViewCommentDetails').css('display', 'block'); $('.UserViewCommentDetailsControl').css('display', 'none');">(Show Details)</div>
    <div class="UserViewCommentDetails" onclick="$('.UserViewCommentDetails').css('display', 'none'); $('.UserViewCommentDetailsControl').css('display', 'block');">(Hide Details)</div>
<?php 
if (count($comments) == 0) {
    ?>
    <p>No comments so far</p>
<?php 
} else {
    ?>
    <?php 
    foreach ($comments as $k => $v) {
        if ($v->private && user_get_id() != $details[0]->ID) {
            continue;
        }
        ?>
    <div class="row">
        <?php 
        echo rating_image($v->rating, "small");
        ?>
&nbsp;<div class="UserViewCommentDetails">(<?php 
        echo date('d.M.Y', $v->date_made);
        ?>
)</div><strong><a href="/talk/view/<?php 
        echo $v->talk_id;
        ?>
#comment-<?php 
        echo $v->ID;
Exemplo n.º 6
0
    echo form_hidden('edit_comment');
    ?>
	<label for="comment">Comment</label>
	<?php 
    echo form_textarea(array('name' => 'comment', 'id' => 'comment', 'value' => $this->validation->comment, 'cols' => 40, 'rows' => 10));
    ?>
    <label class="checkbox">
        <?php 
    echo form_checkbox('private', '1');
    ?>
        Mark as private?
    </label>
    <div class="clear"></div>
</div>
<?php 
    if (isset($claimed[0]->userid) && $claimed[0]->userid != 0 && user_get_id() == $claimed[0]->userid) {
    } else {
        ?>
<div class="row">
	<label for="rating">Rating</label>
	<div class="rating">
	    <?php 
        echo rating_form('rating', $this->validation->rating);
        ?>
	</div>
	<div class="clear"></div>
</div>
<?php 
    }
    ?>
<div class="row row-buttons">
Exemplo n.º 7
0
# $RCSfile: login_switch_proj.php,v $ $Revision: 1.1.1.1 $
# ------------------------------------
include_once "./api/include_api.php";
$logged_in = session_getLogged_in();
$username = $_POST['uname'];
$switch_project = $_POST['login']['switch_project'];
$redirect_page = $_POST['login']['page'];
$redirect_page_get = $_POST['login']['get'];
# If user not logged in, then redirect back to the page they tried to login from
# auth_authenticate_user() will display the login forms
if (!$logged_in) {
    html_redirect($redirect_page . "?" . $redirect_page_get);
}
# Check that $switch_project is not blank and that the user has access rights to the project.
# Doing this to check access rights when loggin in from urls that contain the $_GET[project_id] variable.
if (!empty($switch_project) && user_has_rights(project_get_id($switch_project), user_get_id($username), USER)) {
    $new_project_name = $switch_project;
} else {
    error_report_show('login.php', PROJECT_SWITCH_FAILED);
}
session_set_new_project_name($new_project_name);
session_reset_project();
session_initialize();
session_setLogged_in(TRUE);
session_set_application_details($new_project_name, session_get_username());
if (isset($_POST['javascript_disabled'])) {
    session_set_javascript_enabled(false);
} else {
    session_set_javascript_enabled(true);
}
# redirect to the appropriate page
Exemplo n.º 8
0
function handle_message_list_actions(&$address_list, $remove_u, $remove_g, $add_to, $add_bcc)
{
    global $_REQUEST, $site_file_root;
    // Delete User [TO/BCC]
    if ($remove_u) {
        $remove_user_id = array_keys($_REQUEST['remove_u']);
        unset($address_list['u'][(int) $remove_user_id[0]]);
    }
    // Delete Group [TO/BCC]
    if ($remove_g) {
        $remove_group_id = array_keys($_REQUEST['remove_g']);
        unset($address_list['g'][(int) $remove_group_id[0]]);
    }
    // Add User/Group [TO]
    if ($add_to || $add_bcc) {
        $type = $add_to ? 'to' : 'bcc';
        // Add Selected Groups
        $group_list = isset($_REQUEST['group_list']) ? array_map('intval', $_REQUEST['group_list']) : array();
        if (!empty($group_list)) {
            foreach ($group_list as $group_id) {
                $address_list['g'][$group_id] = $type;
            }
        }
        // Build usernames to add
        $usernames = isset($_REQUEST['username']) ? array(request_var('username', '')) : array();
        $username_list = request_var('username_list', '');
        if ($username_list) {
            $usernames = array_merge($usernames, explode("\n", $username_list));
        }
        // Reveal the correct user_ids
        if (!empty($usernames)) {
            require_once $site_file_root . 'includes/functions_user.php';
            $user_id_ary = user_get_id($usernames, $difference);
            if (!empty($user_id_ary)) {
                foreach ($user_id_ary as $user_id) {
                    $address_list['u'][$user_id] = $type;
                }
            }
        }
        // Add Friends if specified
        $friend_list = is_array($_REQUEST['add_' . $type]) ? array_map('intval', array_keys($_REQUEST['add_' . $type])) : array();
        foreach ($friend_list as $user_id) {
            $address_list['u'][$user_id] = $type;
        }
    }
}
Exemplo n.º 9
0
function user_edit($username, $password, $first_name, $last_name, $email, $phone, $tempest_rights, $default_project, $project_prefs, $add_to_projects)
{
    $tbl_user = USER_TBL;
    $f_user_id = $tbl_user . "." . USER_ID;
    $f_username = $tbl_user . "." . USER_UNAME;
    $f_email = $tbl_user . "." . USER_EMAIL;
    $f_first_name = $tbl_user . "." . USER_FNAME;
    $f_last_name = $tbl_user . "." . USER_LNAME;
    $f_phone = $tbl_user . "." . USER_PHONE;
    $f_password = $tbl_user . "." . USER_PWORD;
    $f_tempest_admin = $tbl_user . "." . USER_ADMIN;
    $f_user_default_project = $tbl_user . "." . USER_DEFAULT_PROJECT;
    global $db;
    $user_id = user_get_id($username);
    # Update user table
    $q = "\tUPDATE {$tbl_user}\n\t\t\tSET\t{$f_username} = '{$username}',";
    if (!empty($password)) {
        if (LOGIN_METHOD == 'MD5') {
            $password = auth_process_plain_password($password);
        }
        $q .= "{$f_password} = '{$password}',";
    }
    $q .= "\t\t{$f_first_name} = '{$first_name}',\n\t\t\t\t{$f_last_name} = '{$last_name}',\n\t\t\t\t{$f_email} = '{$email}',\n\t\t\t\t{$f_phone} = '{$phone}',\n\t\t\t\t{$f_tempest_admin} = '{$tempest_rights}',\n\t\t\t\t{$f_user_default_project} = '{$default_project}'\n\t\t\tWHERE\n\t\t\t\t{$f_user_id} = {$user_id}";
    db_query($db, $q);
    $tbl_proj_user_assoc = PROJECT_USER_ASSOC_TBL;
    $f_proj_user_id = $tbl_proj_user_assoc . "." . PROJ_USER_ID;
    $f_proj_user_proj_id = $tbl_proj_user_assoc . "." . PROJ_USER_PROJ_ID;
    $f_proj_user_user_id = $tbl_proj_user_assoc . "." . PROJ_USER_USER_ID;
    $f_user_rights = $tbl_proj_user_assoc . "." . PROJ_USER_PROJECT_RIGHTS;
    $f_delete_rights = $tbl_proj_user_assoc . "." . PROJ_USER_DELETE_RIGHTS;
    $f_email_testset = $tbl_proj_user_assoc . "." . PROJ_USER_EMAIL_TESTSET;
    $f_email_discussion = $tbl_proj_user_assoc . "." . PROJ_USER_EMAIL_REQ_DISCUSSION;
    $f_email_new_bug = $tbl_proj_user_assoc . "." . PROJ_USER_EMAIL_NEW_BUG;
    $f_email_update_bug = $tbl_proj_user_assoc . "." . PROJ_USER_EMAIL_UPDATE_BUG;
    $f_email_assigned = $tbl_proj_user_assoc . "." . PROJ_USER_EMAIL_ASSIGNED_BUG;
    $f_email_bugnote = $tbl_proj_user_assoc . "." . PROJ_USER_EMAIL_BUGNOTE_BUG;
    $f_email_status = $tbl_proj_user_assoc . "." . PROJ_USER_EMAIL_STATUS_BUG;
    $f_qa_owner = $tbl_proj_user_assoc . "." . PROJ_USER_QA_OWNER;
    $f_ba_owner = $tbl_proj_user_assoc . "." . PROJ_USER_BA_OWNER;
    $tbl_project = PROJECT_TBL;
    $f_proj_id = $tbl_project . "." . PROJ_ID;
    $f_proj_name = $tbl_project . "." . PROJ_NAME;
    # update associations
    # change prefs or delete associations
    foreach ($project_prefs as $project_id => $value) {
        $project_id = project_get_id($value['project_name']);
        if ($value['remove'] == 'N') {
            $q = "\tUPDATE {$tbl_proj_user_assoc}\n\t\t\t\t\tSET\n\t\t\t\t\t\t{$f_user_rights} = '" . $value['project_rights'] . "',\n\t\t\t\t\t\t{$f_delete_rights} = '" . $value['delete_rights'] . "',\n\t\t\t\t\t\t{$f_email_testset} = '" . $value['email_testset'] . "',\n\t\t\t\t\t\t{$f_email_discussion} = '" . $value['email_discussion'] . "',\n\t\t\t\t\t\t{$f_email_new_bug} = '" . $value['email_new_bug'] . "',\n\t\t\t\t\t\t{$f_email_update_bug} = '" . $value['email_update_bug'] . "',\n\t\t\t\t\t\t{$f_email_assigned} = '" . $value['email_assigned_bug'] . "',\n\t\t\t\t\t\t{$f_email_bugnote} = '" . $value['email_bugnote_bug'] . "',\n\t\t\t\t\t\t{$f_email_status} = '" . $value['email_status_bug'] . "',\n\t\t\t\t\t\t{$f_qa_owner} = '" . $value['qa_owner'] . "',\n\t\t\t\t\t\t{$f_ba_owner} = '" . $value['ba_owner'] . "'\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t{$f_proj_user_proj_id} = {$project_id}\n\t\t\t\t\t\tAND {$f_proj_user_user_id} = {$user_id}";
        } else {
            $q = "\tDELETE FROM {$tbl_proj_user_assoc}\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t{$f_proj_user_proj_id} = {$project_id}\n\t\t\t\t\t\tAND {$f_proj_user_user_id} = {$user_id}";
        }
        db_query($db, $q);
    }
    # add associations
    foreach ($add_to_projects as $project_name) {
        $project_id = project_get_id($project_name);
        $q = "\tINSERT INTO {$tbl_proj_user_assoc}\n\t\t\t\t\t(\t{$f_proj_user_user_id},\n\t\t\t\t\t\t{$f_proj_user_proj_id},\n\t\t\t\t\t\t{$f_user_rights},\n\t\t\t\t\t\t{$f_delete_rights},\n\t\t\t\t\t\t{$f_email_testset},\n\t\t\t\t\t\t{$f_email_discussion},\n\t\t\t\t\t\t{$f_qa_owner},\n\t\t\t\t\t\t{$f_ba_owner} )\n\t\t\t\tVALUES\n\t\t\t\t\t(\t{$user_id},\n\t\t\t\t\t\t{$project_id},\n\t\t\t\t\t\t'10',\n\t\t\t\t\t\t'N',\n\t\t\t\t\t\t'N',\n\t\t\t\t\t\t'N',\n\t\t\t\t\t\t'N',\n\t\t\t\t\t\t'N' )";
        db_query($db, $q);
    }
}
Exemplo n.º 10
0
# ---------------------------------------------------------------------
include "./api/include_api.php";
include "./api/rndPass.class.php";
auth_authenticate_user();
$redirect_page = 'user_add_page.php';
$edit_page = 'user_add_page.php';
$proj_properties = session_set_properties("project_manage", $_POST);
session_validate_form_set($_POST, $edit_page);
$username = session_validate_form_get_field("username_required");
$first_name = session_validate_form_get_field("first_name_required");
$last_name = session_validate_form_get_field("last_name_required");
$email = session_validate_form_get_field("email_required");
$phone = session_validate_form_get_field("phone");
$projects = session_validate_form_get_field("user_add_to_projects_required");
# check username unique
if (user_get_id($username)) {
    error_report_show($edit_page, USERNAME_NOT_UNIQUE);
}
# check if username contains blanks
$blank = ' ';
//whitespace
if (!(strstr($username, $blank) == false)) {
    error_report_show($edit_page, USERNAME_CONTAINS_BLANK);
}
if (!preg_match("/^[a-zA-Z0-9\\.]+\$/", $username)) {
    error_report_show($edit_page, USERNAME_CONTAINS_INVALID_CHARS);
}
# check email unique
if (user_get_info_by_email($email)) {
    error_report_show($edit_page, EMAIL_NOT_UNIQUE);
}
Exemplo n.º 11
0
function bug_update_field($bug_id, $field_name, $value)
{
    global $db;
    $bug_tbl = BUG_TBL;
    $f_bug_id = BUG_ID;
    $old_value = bug_get_field_value($bug_id, $field_name);
    # get the current value
    $project_id = session_get_project_id();
    $q = "UPDATE {$bug_tbl}\n\t\t SET {$field_name} = '{$value}'\n\t\t WHERE {$f_bug_id} = '{$bug_id}'";
    db_query($db, $q);
    # update field
    # If the user has assigned a bug
    if ($field_name == BUG_ASSIGNED_TO || $field_name == BUG_ASSIGNED_TO_DEVELOPER) {
        # Only add record to monitor table and email user if assigned_to array is true
        if ($GLOBALS['default_notify_flags']['assigned_to']) {
            $user_id = user_get_id($value);
            $action = "assign_bug";
            # enter user_id in bug_monitor table and gather recipients for email
            bug_monitor_attach_user($bug_id, $user_id);
            $recipients = bug_email_collect_recipients($bug_id, $action);
            if ($recipients != '') {
                bug_email($project_id, $bug_id, $recipients, $action);
            }
        }
    }
    # If the user has updated the status
    if ($field_name == BUG_STATUS) {
        # Only add record to monitor table and email user if status array is true
        if ($GLOBALS['default_notify_flags']['status']) {
            # enter user_id in bug_monitor table and gather recipients to send email
            $action = "update_status";
            bug_monitor_attach_user($bug_id);
            $recipients = bug_email_collect_recipients($bug_id, $action);
            if ($recipients != '') {
                bug_email($project_id, $bug_id, $recipients, $action);
            }
        }
    }
    # LOG CHANGE IN HISTORY
    bug_history_log_event($bug_id, $field_name, $old_value, $value);
}