 * prepares the name of the user given the id.  also makes it an email link.
 * @param int $p_user_id
 * @return string
function prepare_user_name($p_user_id)
    # Catch a user_id of NO_USER (like when a handler hasn't been assigned)
    if (NO_USER == $p_user_id) {
        return '';
    $t_username = user_get_name($p_user_id);
    if (user_exists($p_user_id) && user_get_field($p_user_id, 'enabled')) {
        $t_username = string_display_line($t_username);
        // WK/BFE: Original-Zeile auskommentiert: , LB/BFE 2015
        //		return '<a href="' . string_sanitize_url( 'view_user_page.php?id=' . $p_user_id, true ) . '">' . $t_username . '</a>';
        // ersetzt durch: (Link auf view_user_page nur wenn globale Rolle mindestens $g_manage_user_threshold
        if (user_is_administrator(auth_get_current_user_id())) {
            return '<a href="' . string_sanitize_url('view_user_page.php?id=' . $p_user_id, true) . '">' . $t_username . '</a>';
        } else {
            return $t_username;
        // WK/BFE: Ende der Modifikation
    } else {
        $t_result = '<font STYLE="text-decoration: line-through">';
        $t_result .= string_display_line($t_username);
        $t_result .= '</font>';
        return $t_result;
Exemplo n.º 2
function user_delete($username_to_delete)
    if (!$username_to_delete) {
    if (($username_to_delete == $_SERVER['USER'] || user_is_administrator()) && user_is_valid($_SERVER['USERINFO_ARRAY']['username'], $_SERVER['USERINFO_ARRAY']['userpass'])) {
        $userdir = "{$_SERVER['PWUSERS_DIR']}/{$username_to_delete}";
        exec("rm -fR {$userdir}", $delresults);
        exec("grep -rli {$username_to_delete} {$_SERVER['PWUSERS_DIR']}/*/watchedlist.txt", $watchedlists);
        foreach ($watchedlists as $watched) {
            $data = file_get_contents($watched);
            if (strstr($data, "!{$planowner}")) {
                preg_match("|(!{$planowner}.*!)|", $data, $matches);
                $remove = $matches[0];
            } else {
                $remove = "\n{$planowner}\n";
            // remove whatever we found
            $data = str_replace($remove, '', $data);
            // break down multiple linebreaks so the list doesn't look weird in the edit view
            $data = str_replace("\n\n", "\n", $data);
            file_put_contents($watched, $data);
    } else {
        output("Error deleting {$username_to_delete}", "\n\t<div class='alert'>\n\tYou can't delete {$username_to_delete}. Talk to an\n\t<a href='mailto:help@planwatch.org'>admin</a>.\n\tClick <a href='{$_SERVER['WEB_ROOT']}/'>here</a> to go back to the main page.\n\t</div>\n\t");
    if ($username_to_delete == $user) {
        logout("{$username_to_delete} has been deleted.");
    } else {
 * @param $types
function print_document_selection($types)
    $project_id = gpc_get_int('project_id', helper_get_current_project());
    $specmanagement_database_api = new specmanagement_database_api();
    echo '<select name="version_id">';
    foreach ($types as $type) {
        $type_string = string_html_specialchars($type);
        $type_id = $specmanagement_database_api->get_type_id($type);
        $version_id_array = get_version_ids($type_id, $project_id);
        foreach ($version_id_array as $version_id) {
            $version_spec_project_id = version_get_field($version_id, 'project_id');
            if (project_includes_user($version_spec_project_id, auth_get_current_user_id()) || user_is_administrator(auth_get_current_user_id())) {
                $version_string = version_full_name($version_id);
                echo '<option value="' . $version_id . '">';
                echo $type_string . " - " . $version_string;
                echo '</option>';
    echo '</select>';
 function menu()
     if (plugin_config_get('show_menu')) {
         require_once __DIR__ . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'wmApi.php';
         $projectId = helper_get_current_project();
         $userId = auth_get_current_user_id();
         $userAccessLevel = user_get_access_level($userId, $projectId);
         $whiteboardPlugins = wmApi::getWhiteboardPlugins();
         $showMenu = false;
         foreach ($whiteboardPlugins as $whiteboardPlugin) {
             $pluginAccessLevel = $whiteboardPlugin[2];
             if (user_is_administrator($userId) || $userAccessLevel >= $pluginAccessLevel) {
                 $showMenu = true;
         if ($showMenu) {
             return '<a href="' . plugin_page('whiteboard_menu') . '">' . plugin_lang_get('menu_title') . '</a>';
     return null;
function users_get_list()
    $list = array();
    if (user_is_administrator()) {
        $list_fn = "{$_SERVER['FILE_ROOT']}/stats/userlist_all.txt";
    } else {
        $list_fn = "{$_SERVER['FILE_ROOT']}/stats/userlist_public.txt";
    if (file_exists($list_fn) && @filemtime($list_fn) > time() - 3600 * 12) {
        $list = @file($list_fn);
    } else {
        exec("ls -d {$_SERVER['PWUSERS_DIR']}/" . "*" . "/", $ulist);
        foreach ($ulist as $listuser) {
            parse_str(user_read_info(basename($listuser)), $tempuser);
            if ($tempuser['rlpref'] == 1) {
                $list[] = basename($listuser);
            if (is_dir("{$_SERVER['PWUSERS_DIR']}/" . basename($listuser))) {
                $list_all[] = basename($listuser);
        file_put_contents("{$_SERVER['FILE_ROOT']}/stats/userlist.txt", implode("\n", $list));
        file_put_contents("{$_SERVER['FILE_ROOT']}/stats/userlist_all.txt", implode("\n", $list_all));
        if (user_is_administrator()) {
            $list = $list_all;
    return $list;
Exemplo n.º 6

access_ensure_global_level( config_get( 'manage_user_threshold' ) );

$f_user_id	= gpc_get_int( 'user_id' );

$t_user = user_get_row( $f_user_id );

# Ensure that the account to be deleted is of equal or lower access to the
# current user.
access_ensure_global_level( $t_user['access_level'] );

# check that we are not deleting the last administrator account
$t_admin_threshold = config_get_global( 'admin_site_threshold' );
if ( user_is_administrator( $f_user_id ) &&
	 user_count_level( $t_admin_threshold ) <= 1 ) {

# If an administrator is trying to delete their own account, use
# account_delete.php instead as it is handles logging out and redirection
# of users who have just deleted their own accounts.
if ( auth_get_current_user_id() == $f_user_id ) {
	form_security_purge( 'manage_user_delete' );
	print_header_redirect( 'account_delete.php?account_delete_token=' . form_security_token( 'account_delete' ), true, false );

helper_ensure_confirmed( lang_get( 'delete_account_sure_msg' ) .
	'<br/>' . lang_get( 'username_label' ) . lang_get( 'word_separator' ) . $t_user['username'],
	lang_get( 'delete_account_button' ) );
Exemplo n.º 7
 *  Check if the current user has permissions to delete the stored query
 * @param $p_filter_id
 * @return bool
function filter_db_can_delete_filter($p_filter_id)
    $t_filters_table = db_get_table('filters');
    $c_filter_id = db_prepare_int($p_filter_id);
    $t_user_id = auth_get_current_user_id();
    # Administrators can delete any filter
    if (user_is_administrator($t_user_id)) {
        return true;
    $query = "SELECT id\n\t\t\t\t  FROM {$t_filters_table}\n\t\t\t\t  WHERE id=" . db_param() . "\n\t\t\t\t  AND user_id=" . db_param() . "\n\t\t\t\t  AND project_id!=" . db_param();
    $result = db_query_bound($query, array($c_filter_id, $t_user_id, -1));
    if (db_num_rows($result) > 0) {
        return true;
    return false;
Exemplo n.º 8
function plan_write_journaling($edit, $plandata, $private, $nolinebreaks = FALSE, $writer = FALSE)
    include_once 'plan_read.php';
    include_once 'snoop.php';
    include_once 'spiel.php';
    include_once 'send.php';
    $planowner = $writer;
    // make sure all the timecodes are the same
    $time = time();
    // find the character encoding of the plan entry, convert it to something
    // more universal
    mb_detect_order("UTF-8, UTF-8, Windows-1252");
    if (mb_detect_encoding($plandata) == "Windows-1252") {
        $plandata = mb_convert_encoding($plandata, UTF - 8, Windows - 1252);
    // make sure no one can post an update to someone else's plan
    // this will need to be smarter if we ever implement group plans
    // but probably we won't, so no biggie.
    if ($planowner != $_SERVER['USER'] && !user_is_administrator()) {
        $planowner = $_SERVER['USER'];
    $plan_dir = "{$_SERVER['PWUSERS_DIR']}/{$planowner}/plan";
    // Find the old snoops. We have to masquerade briefly as 'cacheuser' to do
    // this without leaving a spurious snitch or getting private entries.
    // We remain 'cacheuser' until after snoop_add() below.
    $_SERVER['USER'] = '******';
    // find old snoops, for later clearing
    $old_snoop_array = snoop_find(plan_read_local($planowner, $_SERVER['USERINFO_ARRAY']['defaultdays'] + 3 . 'd'), $planowner);
    // delete the (now-invalid) cache files
    // leave a reminder to plan_read_local to ignore linebreaks.
    if ($nolinebreaks) {
        $plandata .= "<!--nolinebreaks-->";
    if ($_POST['title']) {
        $plandata .= "<!--title {$_POST['title']} -->";
    if ($_POST['tags']) {
        $plandata .= "<!--tags {$_POST['tags']} -->";
    // if we weren't editing an existing (already-posted) entry, set the filename for the current time.
    if (!$_POST['edit'] || $_POST['edit'] == $_POST['draft_edit']) {
        $_POST['edit'] = ".{$time}";
    $plan_fn = "{$plan_dir}/plan{$_POST['edit']}.txt{$_POST['private']}";
    if (!file_exists($plan_fn)) {
        file_put_contents("{$_SERVER['PWUSERS_DIR']}/{$planowner}/stats/lastupdate", $time);
    if ($_FILES['attached_file']['tmp_name']) {
        rename("{$_FILES['attached_file']['tmp_name']}", "{$_SERVER['USER_ROOT']}/files/{$_FILES['attached_file']['name']}");
        if (strstr($_FILES['attached_file']['name'], 'jpg') || strstr($_FILES['attached_file']['name'], 'gif') || strstr($_FILES['attached_file']['name'], 'png')) {
            $plandata .= "<img src='/userfiles/view/{$writer}/{$_FILES['attached_file']['name']}' />";
        } else {
            $plandata .= "\n<a href='/userfiles/view/{$writer}/{$_FILES['attached_file']['name']}'>{$_FILES['attached_file']['name']}</a>";
    //	else trigger_error("No Files Uploaded");
    $plandata .= $_POST['markdown'];
    $plandata .= $_POST['nofeed'];
    // save old headers and footers.
    if (strstr($plan_fn, 'header') || strstr($plan_fn, 'footer')) {
        exec("mv {$plan_fn} {$plan_fn}.{$time}");
    // write the update to disk.
    file_put_contents($plan_fn, $plandata);
    // new feature: SPIEL
    // here's the part where spiels are found
    // TODO(v4.5): replace spiel syntax with hashtags
    if (!$private && !$edit) {
        spiel_find($plandata, $planowner, $time);
    // here's the part where sends are found
    if (!$private && !$edit) {
        send_find($plandata, $planowner, $time);
    if (file_exists($plan_fn)) {
        if ($private && file_exists("{$plan_dir}/plan{$edit}.txt")) {
            exec("mv {$plan_dir}/plan{$edit}.txt {$plan_dir}/rem.plan{$edit}.txt");
        if (!$private && file_exists("{$plan_dir}/plan{$edit}.txt.p")) {
            exec("mv {$plan_dir}/plan{$edit}.txt.p {$plan_dir}/rem.plan{$edit}.txt.p");
        if ($_POST['draft_edit'] && file_exists("{$plan_dir}/draft{$_POST['draft_edit']}.txt")) {
        // clean up old drafts
        if ($drafts = files_list("{$plan_dir}/", "draft*.txt")) {
            foreach ($drafts as $draft) {
                if (filemtime("{$plan_dir}/{$draft}") < time() - 7 * 24 * 3600) {
    @chmod($plan_fn, 0755);
    // clean old snoops and add new ones
    $new_snoop_array = snoop_find(plan_read_local($planowner), $planowner);
    $snoops_to_remove = array_unique(array_diff($old_snoop_array, $new_snoop_array));
    $snoops_to_set = array_unique(array_diff($new_snoop_array, $old_snoop_array));
    $remove_status = snoop_clean($snoops_to_remove, $planowner);
    $add_status = snoop_add($snoops_to_set, $planowner);
    $_SERVER['USER'] = $_SERVER['USERINFO_ARRAY']['username'];
    // done masquerading
    // report the good news if we wrote the post to disk.
    if (file_exists($plan_fn)) {
        if ($_SERVER['AJAX_POST']) {
            return $plandata;
        if (!$_SERVER['BLOGPOST']) {
            if ($_COOKIE[$_SERVER['AUTH_COOKIE']]) {
                if ($_SERVER['AJAX_POST']) {
                    return $plandata;
                } else {
            } elseif (user_is_valid($_SERVER['USERINFO_ARRAY']['username'], $_SERVER['USERINFO_ARRAY']['userpass'])) {
                if ($_POST['mailpost']) {
                    echo "posted";
                } else {
                    // If the writer's cookie expired while updating, log her back in.
                    login($_SERVER['USERINFO_ARRAY']['username'], $_SERVER['USERINFO_ARRAY']['userpass'], 0, "/read/{$planowner}");
        } else {
            return ".{$time}";
    } else {
        if ($_SERVER['BLOGPOST']) {
            return FALSE;
        } else {
            output('Error Updating', "<div class='alert'>There was an error writing {$_SERVER['USER']}'s plan entry to {$plan_fn} {$edit}. <a href='{$_SERVER['WEB_ROOT']}/feature'>File a bug</a> so we know about this problem. Here's your plan text for safekeeping:<br /><br />{$plandata}</div>", '', ' had an error');
Exemplo n.º 9
  * print menu entrys for each plugin
 public static function printWhiteboardMenu()
     $projectId = helper_get_current_project();
     $userId = auth_get_current_user_id();
     $userAccessLevel = user_get_access_level($userId, $projectId);
     $whiteboardPlugins = self::getWhiteboardPlugins();
     $whiteboardPluginCount = count($whiteboardPlugins);
     echo '<div class="table">';
     for ($index = 0; $index < $whiteboardPluginCount; $index++) {
         $whiteboardPlugin = $whiteboardPlugins[$index];
         $plugin = $whiteboardPlugin[1];
         $pluginAccessLevel = $whiteboardPlugin[2];
         $pluginShowMenu = $whiteboardPlugin[3];
         if ((user_is_administrator($userId) || $userAccessLevel >= $pluginAccessLevel) && $pluginShowMenu == 1) {
             if ($index > 0) {
                 echo '<div class="item">&nbsp;|&nbsp;</div>';
             $pluginLink = $whiteboardPlugin[4];
             echo '<div class="item"><a href="' . $pluginLink . '">' . plugin_lang_get('menu_title', $plugin) . '</a></div>';
     echo '</div>';
Exemplo n.º 10
    if (print_test_row('check mssql textsize in php.ini...', ini_get('mssql.textlimit') != 4096, ini_get('mssql.textlimit'))) {
        print_test_warn_row('check mssql textsize in php.ini...', ini_get('mssql.textsize') == 2147483647, ini_get('mssql.textsize'));
print_test_row('check variables_order includes GPCS', stristr(ini_get('variables_order'), 'G') && stristr(ini_get('variables_order'), 'P') && stristr(ini_get('variables_order'), 'C') && stristr(ini_get('variables_order'), 'S'), ini_get('variables_order'));
print_test_row('check mail configuration: send_reset_password = ON requires allow_blank_email = OFF', OFF == config_get_global('send_reset_password') || OFF == config_get_global('allow_blank_email'));
print_test_row('check mail configuration: send_reset_password = ON requires enable_email_notification = ON', OFF == config_get_global('send_reset_password') || ON == config_get_global('enable_email_notification'));
print_test_row('check mail configuration: allow_signup = ON requires enable_email_notification = ON', OFF == config_get_global('allow_signup') || ON == config_get_global('enable_email_notification'));
print_test_row('check mail configuration: allow_signup = ON requires send_reset_password = ON', OFF == config_get_global('allow_signup') || ON == config_get_global('send_reset_password'));
print_test_row('check language configuration: fallback_language is not \'auto\'', 'auto' != config_get_global('fallback_language'));
print_test_row('check configuration: allow_anonymous_login = ON requires anonymous_account to be set', OFF == config_get_global('allow_anonymous_login') || strlen(config_get_global('anonymous_account')) > 0);
$t_anon_user = false;
print_test_row('check configuration: anonymous_account is a valid username if set', strlen(config_get_global('anonymous_account')) > 0 ? ($t_anon_user = user_get_id_by_name(config_get_global('anonymous_account'))) !== false : TRUE);
print_test_row('check configuration: anonymous_account should not be an administrator', $t_anon_user ? !user_is_administrator($t_anon_user) : TRUE);
print_test_row('$g_bug_link_tag is not empty ("' . config_get_global('bug_link_tag') . '")', '' != config_get_global('bug_link_tag'));
print_test_row('$g_bugnote_link_tag is not empty ("' . config_get_global('bugnote_link_tag') . '")', '' != config_get_global('bugnote_link_tag'));
print_test_row('filters: dhtml_filters = ON requires use_javascript = ON', OFF == config_get_global('dhtml_filters') || ON == config_get_global('use_javascript'));
print_test_row('Phpmailer sendmail configuration requires escapeshellcmd. Please use a different phpmailer method if this is blocked.', PHPMAILER_METHOD_SENDMAIL != config_get('phpMailer_method') || PHPMAILER_METHOD_SENDMAIL == config_get('phpMailer_method') && function_exists('escapeshellcmd'));
print_test_row('Phpmailer sendmail configuration requires escapeshellarg. Please use a different phpmailer method if this is blocked.', PHPMAILER_METHOD_SENDMAIL != config_get('phpMailer_method') || PHPMAILER_METHOD_SENDMAIL == config_get('phpMailer_method') && function_exists('escapeshellarg'));
if (plugin_is_installed('MantisGraph')) {
    print_test_row('checking gd is enabled, and version 2...', get_gd_version() == 2);
    if (plugin_config_get('eczlibrary', ON) == OFF) {
        $t_jpgraph_path = config_get('absolute_path') . 'library' . DIRECTORY_SEPARATOR . 'jpgraph' . DIRECTORY_SEPARATOR;
        if (!file_exists($t_jpgraph_path . 'jpgraph.php')) {
            print_test_row('checking we can find jpgraph class files...', false);
        } else {
            require_once $t_jpgraph_path . 'jpgraph.php';
Exemplo n.º 11
 * Check if the current user has permissions to delete the stored query
 * @param integer $p_filter_id Filter id.
 * @return boolean
function filter_db_can_delete_filter($p_filter_id)
    $c_filter_id = (int) $p_filter_id;
    $t_user_id = auth_get_current_user_id();
    # Administrators can delete any filter
    if (user_is_administrator($t_user_id)) {
        return true;
    $t_query = 'SELECT id
				  FROM {filters}
				  WHERE id=' . db_param() . '
				  AND user_id=' . db_param() . '
				  AND project_id!=' . db_param();
    $t_result = db_query($t_query, array($c_filter_id, $t_user_id, -1));
    if (db_result($t_result) > 0) {
        return true;
    return false;
Exemplo n.º 12
$c_username = db_prepare_string($f_username);
$c_realname = db_prepare_string($f_realname);
$c_protected = db_prepare_bool($f_protected);
$c_enabled = db_prepare_bool($f_enabled);
$c_user_id = db_prepare_int($f_user_id);
$c_access_level = db_prepare_int($f_access_level);
$t_user_table = config_get('mantis_user_table');
$t_old_protected = user_get_field($f_user_id, 'protected');
# check that we are not downgrading the last administrator
$t_old_access = user_get_field($f_user_id, 'access_level');
if (ADMINISTRATOR == $t_old_access && $t_old_access != $f_access_level && 1 >= user_count_level(ADMINISTRATOR)) {
# Project specific access rights override global levels, hence, for users who are changed
# to be administrators, we have to remove project specific rights.
if ($c_access_level >= ADMINISTRATOR && !user_is_administrator($c_user_id)) {
# if the user is already protected and the admin is not removing the
#  protected flag then don't update the access level and enabled flag.
#  If the user was unprotected or the protected flag is being turned off
#  then proceed with a full update.
if ($f_protected && $t_old_protected) {
    $query = "UPDATE {$t_user_table}\n\t    \t\tSET username='******', email='{$c_email}',\n\t    \t\t\tprotected='{$c_protected}', realname='{$c_realname}'\n\t    \t\tWHERE id='{$c_user_id}'";
} else {
    $query = "UPDATE {$t_user_table}\n\t    \t\tSET username='******', email='{$c_email}',\n\t    \t\t\taccess_level='{$c_access_level}', enabled='{$c_enabled}',\n\t    \t\t\tprotected='{$c_protected}', realname='{$c_realname}'\n\t    \t\tWHERE id='{$c_user_id}'";
$result = db_query($query);
$t_redirect_url = 'manage_user_page.php';
if ($result) {
Exemplo n.º 13
 * Returns true if the currently logged in user is has a role of administrator
 * or higher, false otherwise
 * @return true: administrator; false: otherwise.
 * @access public
function current_user_is_administrator()
    return user_is_administrator(auth_get_current_user_id());
Exemplo n.º 14
 function is_admin_user($p_user_id)
     return user_is_administrator($p_user_id);
Exemplo n.º 15
function output_build_reader_toolbar_mobile($content)
    if ($_SERVER['URL_ARRAY'][3] == 'bio') {
        $is_bio = TRUE;
    } elseif ($_SERVER['URL_ARRAY'][1] == 'send') {
        $is_send = TRUE;
    } elseif (in_array('archives', $_SERVER['URL_ARRAY'])) {
        $is_archives = TRUE;
    } else {
        $is_plan = TRUE;
    $planwatchlist = file_get_contents("{$_SERVER['USER_ROOT']}/watchedlist.txt");
    if ($is_send) {
    if (user_is_valid($_SERVER['USERINFO_ARRAY']['username'], $_SERVER['USERINFO_ARRAY']['userpass']) && $_SERVER['PLANOWNER'] && !strstr($content, '<h1>Plan Read Failed</h1>')) {
        profile('reader_toolbar', 'begin');
        if ($is_plan || $is_bio || $is_archives || $is_send && $_SERVER['URL_ARRAY'][2]) {
            // bio
            if ((file_exists("{$_SERVER['PWUSERS_DIR']}/{$_SERVER['PLANOWNER']}/bio.txt") || (strpos($_SERVER['PLANOWNER_REAL_LOCATION'], 'diaryland') || strpos($_SERVER['PLANOWNER_REAL_LOCATION'], 'livejournal'))) && !$is_bio) {
                $readertoolbar[] = "<a href='{$_SERVER['WEB_ROOT']}/read/{$_SERVER['PLANOWNER_REAL_LOCATION']}/bio'>bio</a>";
            // send
            if ((strpos($_SERVER['PLANOWNER_REAL_LOCATION'], 'planworld.net') || strpos($_SERVER['PLANOWNER_REAL_LOCATION'], 'amherst.edu') || plan_is_local($_SERVER['PLANOWNER'])) && $_SERVER['PLANOWNER'] != $_SERVER['USER'] && !$is_send) {
                $send_files = files_list("{$_SERVER['USER_ROOT']}/sends", files_encode_safe_name("{$_SERVER['PLANOWNER']}") . "*");
                if (is_array($send_files)) {
                    $lastsend = formattime(filemtime("{$_SERVER['USER_ROOT']}/sends/" . end($send_files)));
                    if (strstr(end($send_files), '.new')) {
                        $lastsend .= " <b>NEW</b>";
                    $lastsend = "({$lastsend})";
                $readertoolbar[] = "<a href='{$_SERVER['WEB_ROOT']}/send/{$_SERVER['PLANOWNER_REAL_LOCATION']}/'>send</a>";
            // planread
            if ($is_send || $is_bio) {
                $readertoolbar[] = "<a href='{$_SERVER['WEB_ROOT']}/read/{$_SERVER['PLANOWNER_REAL_LOCATION']}/'>plan</a>";
            // archives
            if (plan_has_archives($_SERVER['PLANOWNER_REAL_LOCATION'])) {
                if (!$is_archives) {
                    $readertoolbar[] = "<a href='{$_SERVER['WEB_ROOT']}/read/{$_SERVER['PLANOWNER']}/archives' >archives</a>";
                } else {
                    $readertoolbar[] = "<a href='{$_SERVER['WEB_ROOT']}/read/{$_SERVER['PLANOWNER']}' >plan</a>";
            // If the reader isn't watching the writer, offer the option
            if (!stristr($planwatchlist, $_SERVER['PLANOWNER']) && $is_plan) {
                $readertoolbar[] = "<span id='watch_link'><a href=\"javascript:loadXMLDoc('{$_SERVER['WEB_ROOT']}/lists/add_ajax/watched/!{$_SERVER['PLANOWNER_REAL_LOCATION']}:{$_SERVER['PLANOWNER_DISPLAY_NAME']}!',null,'planwatch');void(null);\" title='add {$_SERVER['PLANOWNER_DISPLAY_NAME']} to your watched list' >watch</a></span>";
            // if writer isn't a blog or the same as reader, offer the option of
            // blocking, unblocking, allowing, or disallowing access to reader's plan
            if ($_SERVER['PLANOWNER'] != $_SERVER['USER'] && !strpos($_SERVER['PLANOWNER'], '://')) {
                // offer administrators a link to masquerade as writer
                // this is so it's easy to follow up on plan-reported bugs
                if (user_is_administrator() && file_exists("{$_SERVER['PWUSERS_DIR']}/{$_SERVER['PLANOWNER']}/userinfo.dat")) {
                    $readertoolbar[] = "<a href='{$_SERVER['WEB_ROOT']}/masq/on/{$_SERVER['PLANOWNER']}'>masq</a>";
                if ($is_plan) {
                    $readertoolbar[] = "<a href='/lists/unread/{$_SERVER['PLANOWNER']}'>unread</a>";
                if ($is_send) {
                    $readertoolbar[] = "<a href='/send/{$_SERVER['PLANOWNER']}/unread'>unread</a>";
            // make the links into a string for output.
            $readertoolbar = "<li class='toolbutton'>" . implode("</li><li class='toolbutton'>", $readertoolbar) . "</li>\n";
            $readertoolbar = str_replace("<li class='toolbutton'></li>", "", $readertoolbar);
            if (($lasttime = plan_get_last_update($_SERVER['PLANOWNER'])) && $is_plan) {
                $readertoolbar = "<li class='plan_data_block'>Last Update: " . formattime($lasttime) . "</li>" . $readertoolbar;
            if ($lastlogin = plan_get_last_login($_SERVER['PLANOWNER'])) {
                if ($lastlogin > 1) {
                    $readertoolbar = "<li class='plan_data_block' id='lastaction'>Last Action: " . formattime($lastlogin) . "</li>" . $readertoolbar;
        profile('reader_toolbar', 'end');
    return $readertoolbar;
Exemplo n.º 16
<?php if( !$t_ldap ) { ?>
<div class="important-msg">
	if ( ( ON == config_get( 'send_reset_password' ) ) && ( ON == config_get( 'enable_email_notification' ) ) ) {
		echo lang_get( 'reset_password_msg' );
	} else {
		echo lang_get( 'reset_password_msg2' );
<?php } ?>

<!-- PROJECT ACCESS (if permissions allow) and user is not ADMINISTRATOR -->
<?php if ( access_has_global_level( config_get( 'manage_user_threshold' ) ) &&
    !user_is_administrator( $t_user_id ) ) {
<div class="form-container">
	<h2><?php echo lang_get( 'add_user_title' ) ?></h2>
	<div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>">
		<span class="display-label"><span><?php echo lang_get( 'assigned_projects_label' ) ?></span></span>
		<div class="input"><?php print_project_user_list( $t_user['id'] ) ?></div>
		<span class="label-style"></span>
	<form id="manage-user-project-add-form" method="post" action="manage_user_proj_add.php">
			<?php echo form_security_field( 'manage_user_proj_add' ) ?>
			<input type="hidden" name="user_id" value="<?php echo $t_user['id'] ?>" />
			<div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>">
				<label for="add-user-project-id"><span><?php echo lang_get( 'unassigned_projects_label' ) ?></span></label>
				<span class="select">
Exemplo n.º 17
function displayfeature($featurename = '')
    if (file_exists("{$_SERVER['FILE_ROOT']}/features/{$featurename}")) {
        parse_str(file_get_contents("{$_SERVER['FILE_ROOT']}/features/{$featurename}", 'r'));
        $real = 1;
    if (!$response) {
        $response = 'none yet';
    $content .= stripslashes("\n\t<h1>{$title}</h1>\n\tStatus:\t<b>{$status}</b><br />\n\tPriority: <b>{$priority}</b><br />\n\tTime Noticed: <b>{$time_noticed}</b><br />\n\tSubmitted by: <b>{$submitter}</b><br />\n\tIP: <b>{$ip}</b><br /><br />\n\tBrowser Used: <b>{$user_agent}</b><br /><br />\n\n\t<b>Description:</b><br />\n\t" . nl2br($note) . "\n\t<br /><br />\n\n\t<b>Response:</b><br />\n\t" . nl2br($response) . "\n\t<br /><br />\n");
    if (user_is_administrator() || $_SERVER['USER'] == $submitter) {
        $content .= "\t[ <a href='{$_SERVER['WEB_ROOT']}/feature/edit/{$featurename}'>edit</a> ]";
    if ($real) {
        return $content;
    } else {
        return "<div class='alert'>We can't find a feature request or bug report by the name <i>{$featurename}</i>.</div>";
Exemplo n.º 18
function menus_populate($button, $content = FALSE)
    switch ($button) {
        case "view":
            $links .= "<li>\n<!--\nTHE VIEW MENUBOX\n-->\n\n\t\t<i>read your own plan. you know, in case you forgot.</i></li>\n\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/view'>view your plan</a></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/read/{$_SERVER['USER']}/bio'>view your bio</a></li>\n";
            if (plan_has_archives($_SERVER['USER'])) {
                $links .= "<li><a href='{$_SERVER['WEB_ROOT']}/read/{$_SERVER['USER']}/archives'>view your archives</a></li>\n";
            if (plan_is_journaling($_SERVER['USER'])) {
                $links .= "<li><hr /><a href='{$_SERVER['WEB_ROOT']}/view/all_hidden'>view your hidden entries</a></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/view/all_private'>view your private entries</a></li>\n";
        case "write":
            $links .= "\n<!--\nTHE WRITE MENUBOX\n-->\n\n\t\t<li><i>write a plan update. you know you want to.</i></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/write'>update your plan</a></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/write/bio'>edit your bio</a></li>\n";
            if (user_is_administrator()) {
                $links .= "<li><a href='{$_SERVER['WEB_ROOT']}/write/system'>update the system plan</a></li>\n";
            $links .= "<li><hr/>\n</li>\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/write/css'>change plan styles</a></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/write/header'>change plan header</a></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/write/footer'>change plan footer</a></li>\n";
            if (plan_is_journaling($_SERVER['USER'])) {
                $links .= "<li><a href='{$_SERVER['WEB_ROOT']}/write/divider'>change your divider</a></li>\n";
            $links .= "<li><hr/></li>\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/send'>write a send</a></li>\n";
            if ($content && plan_is_journaling($_SERVER['USER']) && strstr($_SERVER['REQUEST_URI'], "/read/{$_SERVER['USER']}")) {
                preg_match_all('|entry_content_([0-9]+)|', $content, $matches);
                $matches = $matches[1];
                if (is_array($matches)) {
                    $links .= "<li><hr/>edit recent entries...</li>\n";
                    foreach ($matches as $match) {
                        $links .= "<li><a href='{$_SERVER['WEB_ROOT']}/write/.{$match}'>" . formattime($match) . "</a></li>\n";
        case "snitch":
            $links .= "\n<!--\nTHE SNITCH MENUBOX\n-->\n\n\t\t<li><i>snitch and other s-words.</i></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/snitch'>snitch</a></li>\n";
            $links .= "<li><hr/>\n</li>\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/snoop'>snoop</a></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/send'>send</a></li>\n";
        case "tools":
            $links .= "\n<!--\nTHE TOOLS MENUBOX\n-->\n";
            $links .= "<li><i>tools to maintain and customize your account</i></li>";
            $links .= "\n\t\t\t<li><a href='{$_SERVER['WEB_ROOT']}/feature/' title='report a bug or request a feature'>report a bug</a><br/><hr/></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/slogans/add' title='add your own pw.o slogan to the random selection'>add a new slogan</a><br/>\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/smileys/add' title='upload a new smiley for people to use on their plans'>add a new smiley</a><br/>\n\t\t\t<hr/></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/lists/edit/allowed' title='change who can read your private entries'>edit your allowed list</a><br/>\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/lists/edit/blocked' title='change who is prevented from reading you'>edit your blocked list</a><br/>\n\t\t\t<hr/>\n</li>" . "<li><a href='{$_SERVER['WEB_ROOT']}/prefs/styles'>customize colors</a></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/prefs/fonts'>customize fonts</a></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/prefs/custom_css' title='add custom css'>customize css</a></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/prefs/skin' title='pick a skin'>pick a skin</a></li>\n" . "<li><hr/></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/prefs/userinfo'>user settings</a></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/prefs/interface'>interface prefs</a></li>\n";
            //			."<li>skin preview:<br/> <!--SKIN_SELECTOR--></li>\n"
        case "<!--TIME-->":
            $links .= "<!--LOADTIME-->";
        case "watched":
            $links .= "\n\t\t\t<li><a href='{$_SERVER['WEB_ROOT']}/lists/edit/watched' title='edit your watched list'>edit</a></li>\n\t\t\t<li class='listheader'>move\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/lists/move/watched/top'>top</a>\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/lists/move/watched/left'>left</a>\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/lists/move/watched/right'>right</a></li>\n\t\t\t<!--<b>move AJAX</b>\n\t\t\t<li><a href=\"javascript:list_move('top');void(null);\">top</a></li>\n\t\t\t<li><a href=\"javascript:list_move('left');void(null);\">left</a></li>\n\t\t\t<li><a href=\"javascript:list_move('right');void(null);\">right</a></li>\n\t\t\t-->\n\t\t\t<li class='listheader'>sort\n\t\t\t<a href=\"javascript:loadXMLDoc('{$_SERVER['WEB_ROOT']}/lists/resort/name/ajax','','planwatch');void(null);\" title='sort alphabetically by name'>abc</a>\n\t\t\t<a href=\"javascript:loadXMLDoc('{$_SERVER['WEB_ROOT']}/lists/resort/time/ajax','','planwatch');void(null);\" title='sort by date and time'>321</a>\n\t\t\t<a href=\"javascript:loadXMLDoc('{$_SERVER['WEB_ROOT']}/lists/resort/inorder/ajax','','planwatch');void(null);\" title='do not sort, use in the order listed'>zfq</a></li>\n\t\t\t<li class='listheader'>status\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/lists/planwatch_mark_all_read' title='mark all plans as read'>update</a>\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/lists/planwatch_mark_all_unread' title='mark all plans as unread'>reset</a></li>\n\t\t\t<!--<li><b>lists</b></li>\n\t\t\t<li><a href='{$_SERVER['WEB_ROOT']}/lists/advertised_users' title='advertised users'>advertised users</a> </li>\n\t\t\t<li><a href='{$_SERVER['WEB_ROOT']}/lists/registered_users' title='registered users'>registered users</a></li>-->\n";
    return $links;
Exemplo n.º 19
function filter_get_bug_rows(&$p_page_number, &$p_per_page, &$p_page_count, &$p_bug_count, $p_custom_filter = null, $p_project_id = null, $p_user_id = null, $p_show_sticky = null)
    $t_bug_table = config_get('mantis_bug_table');
    $t_bug_text_table = config_get('mantis_bug_text_table');
    $t_bugnote_table = config_get('mantis_bugnote_table');
    $t_custom_field_string_table = config_get('mantis_custom_field_string_table');
    $t_bugnote_text_table = config_get('mantis_bugnote_text_table');
    $t_project_table = config_get('mantis_project_table');
    $t_bug_monitor_table = config_get('mantis_bug_monitor_table');
    $t_limit_reporters = config_get('limit_reporters');
    $t_bug_relationship_table = config_get('mantis_bug_relationship_table');
    $t_report_bug_threshold = config_get('report_bug_threshold');
    $t_current_user_id = auth_get_current_user_id();
    if (null === $p_user_id) {
        $t_user_id = $t_current_user_id;
    } else {
        $t_user_id = $p_user_id;
    $c_user_id = db_prepare_int($t_user_id);
    if (null === $p_project_id) {
        $t_project_id = helper_get_current_project();
    } else {
        $t_project_id = $p_project_id;
    if ($p_custom_filter === null) {
        # Prefer current_user_get_bug_filter() over user_get_filter() when applicable since it supports
        # cookies set by previous version of the code.
        if ($t_user_id == $t_current_user_id) {
            $t_filter = current_user_get_bug_filter();
        } else {
            $t_filter = user_get_bug_filter($t_user_id, $t_project_id);
    } else {
        $t_filter = $p_custom_filter;
    $t_filter = filter_ensure_valid_filter($t_filter);
    if (false === $t_filter) {
        return false;
        # signify a need to create a cookie
        #@@@ error instead?
    $t_where_clauses = array("{$t_project_table}.enabled = 1", "{$t_project_table}.id = {$t_bug_table}.project_id");
    $t_select_clauses = array("{$t_bug_table}.*");
    $t_join_clauses = array();
    $t_from_clauses = array();
    if (ALL_PROJECTS == $t_project_id) {
        if (!user_is_administrator($t_user_id)) {
            $t_topprojects = $t_projects = user_get_accessible_projects($t_user_id);
            foreach ($t_topprojects as $t_project) {
                $t_projects = array_merge($t_projects, user_get_all_accessible_subprojects($t_user_id, $t_project));
            $t_projects = array_unique($t_projects);
            if (0 == count($t_projects)) {
                return array();
                # no accessible projects, return an empty array
            } else {
                if (1 == count($t_projects)) {
                    $t_project = $t_projects[0];
                    array_push($t_where_clauses, "( {$t_bug_table}.project_id={$t_project} )");
                } else {
                    array_push($t_where_clauses, "( {$t_bug_table}.project_id in (" . implode(', ', $t_projects) . ") )");
    } else {
        access_ensure_project_level(VIEWER, $t_project_id, $t_user_id);
        $t_projects = user_get_all_accessible_subprojects($t_user_id, $t_project_id);
        $t_projects[] = $t_project_id;
        $t_projects = array_unique($t_projects);
        if (1 == count($t_projects)) {
            $t_project = $t_projects[0];
            array_push($t_where_clauses, "( {$t_bug_table}.project_id={$t_project} )");
        } else {
            array_push($t_where_clauses, "( {$t_bug_table}.project_id in (" . implode(', ', $t_projects) . ") )");
    # private bug selection
    if (!access_has_project_level(config_get('private_bug_threshold'), $t_project_id, $t_user_id)) {
        $t_public = VS_PUBLIC;
        $t_private = VS_PRIVATE;
        switch ($t_filter['view_state']) {
            case VS_PUBLIC:
                array_push($t_where_clauses, "({$t_bug_table}.view_state='{$t_public}')");
            case VS_PRIVATE:
                array_push($t_where_clauses, "({$t_bug_table}.view_state='{$t_private}' AND {$t_bug_table}.reporter_id='{$t_user_id}')");
            case META_FILTER_ANY:
                array_push($t_where_clauses, "({$t_bug_table}.view_state='{$t_public}' OR {$t_bug_table}.reporter_id='{$t_user_id}')");
    } else {
        $t_view_state = db_prepare_int($t_filter['view_state']);
        if ($t_filter['view_state'] !== META_FILTER_ANY && !is_blank($t_filter['view_state'])) {
            array_push($t_where_clauses, "({$t_bug_table}.view_state='{$t_view_state}')");
    # reporter
    $t_any_found = false;
    foreach ($t_filter['reporter_id'] as $t_filter_member) {
        if (META_FILTER_ANY === $t_filter_member || 0 === $t_filter_member) {
            $t_any_found = true;
    if (count($t_filter['reporter_id']) == 0) {
        $t_any_found = true;
    if (!$t_any_found) {
        $t_clauses = array();
        foreach ($t_filter['reporter_id'] as $t_filter_member) {
            if (META_FILTER_NONE == $t_filter_member) {
                array_push($t_clauses, "0");
            } else {
                $c_reporter_id = db_prepare_int($t_filter_member);
                if (META_FILTER_MYSELF == $c_reporter_id) {
                    array_push($t_clauses, $c_user_id);
                } else {
                    array_push($t_clauses, $c_reporter_id);
        if (1 < count($t_clauses)) {
            array_push($t_where_clauses, "( {$t_bug_table}.reporter_id in (" . implode(', ', $t_clauses) . ") )");
        } else {
            array_push($t_where_clauses, "( {$t_bug_table}.reporter_id={$t_clauses['0']} )");
    # limit reporter
    # @@@ thraxisp - access_has_project_level checks greater than or equal to,
    #   this assumed that there aren't any holes above REPORTER where the limit would apply
    if (ON === $t_limit_reporters && !access_has_project_level(REPORTER + 1, $t_project_id, $t_user_id)) {
        $c_reporter_id = $c_user_id;
        array_push($t_where_clauses, "({$t_bug_table}.reporter_id='{$c_reporter_id}')");
    # handler
    $t_any_found = false;
    foreach ($t_filter['handler_id'] as $t_filter_member) {
        if (META_FILTER_ANY === $t_filter_member || 0 === $t_filter_member) {
            $t_any_found = true;
    if (count($t_filter['handler_id']) == 0) {
        $t_any_found = true;
    if (!$t_any_found) {
        $t_clauses = array();
        foreach ($t_filter['handler_id'] as $t_filter_member) {
            if (META_FILTER_NONE == $t_filter_member) {
                array_push($t_clauses, 0);
            } else {
                $c_handler_id = db_prepare_int($t_filter_member);
                if (META_FILTER_MYSELF == $c_handler_id) {
                    array_push($t_clauses, $c_user_id);
                } else {
                    array_push($t_clauses, $c_handler_id);
        if (1 < count($t_clauses)) {
            array_push($t_where_clauses, "( {$t_bug_table}.handler_id in (" . implode(', ', $t_clauses) . ") )");
        } else {
            array_push($t_where_clauses, "( {$t_bug_table}.handler_id={$t_clauses['0']} )");
    # category
    $t_any_found = false;
    foreach ($t_filter['show_category'] as $t_filter_member) {
        if (META_FILTER_ANY == $t_filter_member && is_numeric($t_filter_member)) {
            $t_any_found = true;
    if (count($t_filter['show_category']) == 0) {
        $t_any_found = true;
    if (!$t_any_found) {
        $t_clauses = array();
        foreach ($t_filter['show_category'] as $t_filter_member) {
            $t_filter_member = stripslashes($t_filter_member);
            if (META_FILTER_NONE == $t_filter_member) {
                array_push($t_clauses, "''");
            } else {
                $c_show_category = db_prepare_string($t_filter_member);
                array_push($t_clauses, "'{$c_show_category}'");
        if (1 < count($t_clauses)) {
            array_push($t_where_clauses, "( {$t_bug_table}.category in (" . implode(', ', $t_clauses) . ") )");
        } else {
            array_push($t_where_clauses, "( {$t_bug_table}.category={$t_clauses['0']} )");
    # severity
    $t_any_found = false;
    foreach ($t_filter['show_severity'] as $t_filter_member) {
        if (META_FILTER_ANY == $t_filter_member || 0 === $t_filter_member) {
            $t_any_found = true;
    if (count($t_filter['show_severity']) == 0) {
        $t_any_found = true;
    if (!$t_any_found) {
        $t_clauses = array();
        foreach ($t_filter['show_severity'] as $t_filter_member) {
            $c_show_severity = db_prepare_int($t_filter_member);
            array_push($t_clauses, $c_show_severity);
        if (1 < count($t_clauses)) {
            array_push($t_where_clauses, "( {$t_bug_table}.severity in (" . implode(', ', $t_clauses) . ") )");
        } else {
            array_push($t_where_clauses, "( {$t_bug_table}.severity={$t_clauses['0']} )");
    # show / hide status
    # take a list of all available statuses then remove the ones that we want hidden, then make sure
    # the ones we want shown are still available
    $t_status_arr = explode_enum_string(config_get('status_enum_string'));
    $t_available_statuses = array();
    $t_desired_statuses = array();
    foreach ($t_status_arr as $t_this_status) {
        $t_this_status_arr = explode_enum_arr($t_this_status);
        $t_available_statuses[] = $t_this_status_arr[0];
    if ('simple' == $t_filter['_view_type']) {
        # simple filtering: if showing any, restrict by the hide status value, otherwise ignore the hide
        $t_any_found = false;
        $t_this_status = $t_filter['show_status'][0];
        $t_this_hide_status = $t_filter['hide_status'][0];
        if (META_FILTER_ANY == $t_this_status || is_blank($t_this_status) || 0 === $t_this_status) {
            $t_any_found = true;
        if ($t_any_found) {
            foreach ($t_available_statuses as $t_this_available_status) {
                if ($t_this_hide_status > $t_this_available_status) {
                    $t_desired_statuses[] = $t_this_available_status;
        } else {
            $t_desired_statuses[] = $t_this_status;
    } else {
        # advanced filtering: ignore the hide
        $t_any_found = false;
        foreach ($t_filter['show_status'] as $t_this_status) {
            $t_desired_statuses[] = $t_this_status;
            if (META_FILTER_ANY == $t_this_status || is_blank($t_this_status) || 0 === $t_this_status) {
                $t_any_found = true;
        if ($t_any_found) {
            $t_desired_statuses = array();
    if (count($t_desired_statuses) > 0) {
        $t_clauses = array();
        foreach ($t_desired_statuses as $t_filter_member) {
            $c_show_status = db_prepare_int($t_filter_member);
            array_push($t_clauses, $c_show_status);
        if (1 < count($t_clauses)) {
            array_push($t_where_clauses, "( {$t_bug_table}.status in (" . implode(', ', $t_clauses) . ") )");
        } else {
            array_push($t_where_clauses, "( {$t_bug_table}.status={$t_clauses['0']} )");
    # resolution
    $t_any_found = false;
    foreach ($t_filter['show_resolution'] as $t_filter_member) {
        if (META_FILTER_ANY == $t_filter_member) {
            $t_any_found = true;
    if (count($t_filter['show_resolution']) == 0) {
        $t_any_found = true;
    if (!$t_any_found) {
        $t_clauses = array();
        foreach ($t_filter['show_resolution'] as $t_filter_member) {
            $c_show_resolution = db_prepare_int($t_filter_member);
            array_push($t_clauses, $c_show_resolution);
        if (1 < count($t_clauses)) {
            array_push($t_where_clauses, "( {$t_bug_table}.resolution in (" . implode(', ', $t_clauses) . ") )");
        } else {
            array_push($t_where_clauses, "( {$t_bug_table}.resolution={$t_clauses['0']} )");
    # priority
    $t_any_found = false;
    foreach ($t_filter['show_priority'] as $t_filter_member) {
        if (META_FILTER_ANY == $t_filter_member || 0 === $t_filter_member) {
            $t_any_found = true;
    if (count($t_filter['show_priority']) == 0) {
        $t_any_found = true;
    if (!$t_any_found) {
        $t_clauses = array();
        foreach ($t_filter['show_priority'] as $t_filter_member) {
            $c_show_priority = db_prepare_int($t_filter_member);
            array_push($t_clauses, $c_show_priority);
        if (1 < count($t_clauses)) {
            array_push($t_where_clauses, "( {$t_bug_table}.priority in (" . implode(', ', $t_clauses) . ") )");
        } else {
            array_push($t_where_clauses, "( {$t_bug_table}.priority={$t_clauses['0']} )");
    # product build
    $t_any_found = false;
    foreach ($t_filter['show_build'] as $t_filter_member) {
        if (META_FILTER_ANY == $t_filter_member && is_numeric($t_filter_member)) {
            $t_any_found = true;
    if (count($t_filter['show_build']) == 0) {
        $t_any_found = true;
    if (!$t_any_found) {
        $t_clauses = array();
        foreach ($t_filter['show_build'] as $t_filter_member) {
            $t_filter_member = stripslashes($t_filter_member);
            if (META_FILTER_NONE == $t_filter_member) {
                array_push($t_clauses, "''");
            } else {
                $c_show_build = db_prepare_string($t_filter_member);
                array_push($t_clauses, "'{$c_show_build}'");
        if (1 < count($t_clauses)) {
            array_push($t_where_clauses, "( {$t_bug_table}.build in (" . implode(', ', $t_clauses) . ") )");
        } else {
            array_push($t_where_clauses, "( {$t_bug_table}.build={$t_clauses['0']} )");
    # product version
    $t_any_found = false;
    foreach ($t_filter['show_version'] as $t_filter_member) {
        if (META_FILTER_ANY == $t_filter_member && is_numeric($t_filter_member)) {
            $t_any_found = true;
    if (count($t_filter['show_version']) == 0) {
        $t_any_found = true;
    if (!$t_any_found) {
        $t_clauses = array();
        foreach ($t_filter['show_version'] as $t_filter_member) {
            $t_filter_member = stripslashes($t_filter_member);
            if (META_FILTER_NONE == $t_filter_member) {
                array_push($t_clauses, "''");
            } else {
                $c_show_version = db_prepare_string($t_filter_member);
                array_push($t_clauses, "'{$c_show_version}'");
        if (1 < count($t_clauses)) {
            array_push($t_where_clauses, "( {$t_bug_table}.version in (" . implode(', ', $t_clauses) . ") )");
        } else {
            array_push($t_where_clauses, "( {$t_bug_table}.version={$t_clauses['0']} )");
    # profile
    $t_any_found = false;
    foreach ($t_filter['show_profile'] as $t_filter_member) {
        if (META_FILTER_ANY == $t_filter_member && is_numeric($t_filter_member)) {
            $t_any_found = true;
    if (count($t_filter['show_profile']) == 0) {
        $t_any_found = true;
    if (!$t_any_found) {
        $t_clauses = array();
        foreach ($t_filter['show_profile'] as $t_filter_member) {
            $t_filter_member = stripslashes($t_filter_member);
            if (META_FILTER_NONE == $t_filter_member) {
                array_push($t_clauses, "0");
            } else {
                $c_show_profile = db_prepare_int($t_filter_member);
                array_push($t_clauses, "{$c_show_profile}");
        if (1 < count($t_clauses)) {
            array_push($t_where_clauses, "( {$t_bug_table}.profile_id in (" . implode(', ', $t_clauses) . ") )");
        } else {
            array_push($t_where_clauses, "( {$t_bug_table}.profile_id={$t_clauses['0']} )");
    # date filter
    if ('on' == $t_filter['do_filter_by_date'] && is_numeric($t_filter['start_month']) && is_numeric($t_filter['start_day']) && is_numeric($t_filter['start_year']) && is_numeric($t_filter['end_month']) && is_numeric($t_filter['end_day']) && is_numeric($t_filter['end_year'])) {
        $t_start_string = db_prepare_string($t_filter['start_year'] . "-" . $t_filter['start_month'] . "-" . $t_filter['start_day'] . " 00:00:00");
        $t_end_string = db_prepare_string($t_filter['end_year'] . "-" . $t_filter['end_month'] . "-" . $t_filter['end_day'] . " 23:59:59");
        array_push($t_where_clauses, "({$t_bug_table}.date_submitted BETWEEN '{$t_start_string}' AND '{$t_end_string}' )");
    # fixed in version
    $t_any_found = false;
    foreach ($t_filter['fixed_in_version'] as $t_filter_member) {
        if (META_FILTER_ANY == $t_filter_member && is_numeric($t_filter_member)) {
            $t_any_found = true;
    if (count($t_filter['fixed_in_version']) == 0) {
        $t_any_found = true;
    if (!$t_any_found) {
        $t_clauses = array();
        foreach ($t_filter['fixed_in_version'] as $t_filter_member) {
            $t_filter_member = stripslashes($t_filter_member);
            if (META_FILTER_NONE == $t_filter_member) {
                array_push($t_clauses, "''");
            } else {
                $c_fixed_in_version = db_prepare_string($t_filter_member);
                array_push($t_clauses, "'{$c_fixed_in_version}'");
        if (1 < count($t_clauses)) {
            array_push($t_where_clauses, "( {$t_bug_table}.fixed_in_version in (" . implode(', ', $t_clauses) . ") )");
        } else {
            array_push($t_where_clauses, "( {$t_bug_table}.fixed_in_version={$t_clauses['0']} )");
    # users monitoring a bug
    $t_any_found = false;
    foreach ($t_filter['user_monitor'] as $t_filter_member) {
        if (META_FILTER_ANY == $t_filter_member || 0 === $t_filter_member) {
            $t_any_found = true;
    if (count($t_filter['user_monitor']) == 0) {
        $t_any_found = true;
    if (!$t_any_found) {
        $t_clauses = array();
        $t_table_name = 'user_monitor';
        array_push($t_from_clauses, $t_bug_monitor_table);
        array_push($t_join_clauses, "LEFT JOIN {$t_bug_monitor_table} {$t_table_name} ON {$t_table_name}.bug_id = {$t_bug_table}.id");
        foreach ($t_filter['user_monitor'] as $t_filter_member) {
            $c_user_monitor = db_prepare_int($t_filter_member);
            if (META_FILTER_MYSELF == $c_user_monitor) {
                array_push($t_clauses, $c_user_id);
            } else {
                array_push($t_clauses, $c_user_monitor);
        if (1 < count($t_clauses)) {
            array_push($t_where_clauses, "( {$t_table_name}.user_id in (" . implode(', ', $t_clauses) . ") )");
        } else {
            array_push($t_where_clauses, "( {$t_table_name}.user_id={$t_clauses['0']} )");
    # bug relationship
    $t_any_found = false;
    $c_rel_type = $t_filter['relationship_type'];
    $c_rel_bug = $t_filter['relationship_bug'];
    if (-1 == $c_rel_type || 0 == $c_rel_bug) {
        $t_any_found = true;
    if (!$t_any_found) {
        # use the complementary type
        $c_rel_type = relationship_get_complementary_type($c_rel_type);
        $t_clauses = array();
        $t_table_name = 'relationship';
        array_push($t_from_clauses, $t_bug_relationship_table);
        array_push($t_join_clauses, "LEFT JOIN {$t_bug_relationship_table} {$t_table_name} ON {$t_table_name}.destination_bug_id = {$t_bug_table}.id");
        // get reverse relationships
        if ($c_rel_type == 1) {
            array_push($t_join_clauses, "LEFT JOIN {$t_bug_relationship_table} {$t_table_name}" . "2 ON {$t_table_name}" . "2.source_bug_id = {$t_bug_table}.id");
        array_push($t_clauses, "({$t_table_name}.relationship_type='{$c_rel_type}' AND {$t_table_name}.source_bug_id='{$c_rel_bug}')");
        // get reverse relationships
        if ($c_rel_type == 1) {
            array_push($t_clauses, "({$t_table_name}" . "2.relationship_type='{$c_rel_type}' AND {$t_table_name}" . "2.destination_bug_id='{$c_rel_bug}')");
        array_push($t_where_clauses, '(' . implode(' OR ', $t_clauses) . ')');
    # custom field filters
    if (ON == config_get('filter_by_custom_fields')) {
        # custom field filtering
        $t_custom_fields = custom_field_get_linked_ids($t_project_id);
        foreach ($t_custom_fields as $t_cfid) {
            $t_first_time = true;
            $t_custom_where_clause = '';
            # Ignore all custom filters that are not set, or that are set to '' or "any"
            $t_any_found = false;
            foreach ($t_filter['custom_fields'][$t_cfid] as $t_filter_member) {
                if (META_FILTER_ANY == $t_filter_member && is_numeric($t_filter_member)) {
                    $t_any_found = true;
            if (!isset($t_filter['custom_fields'][$t_cfid])) {
                $t_any_found = true;
            if (!$t_any_found) {
                $t_def = custom_field_get_definition($t_cfid);
                $t_table_name = $t_custom_field_string_table . '_' . $t_cfid;
                # We need to filter each joined table or the result query will explode in dimensions
                # Each custom field will result in a exponential growth like Number_of_Issues^Number_of_Custom_Fields
                # and only after this process ends (if it is able to) the result query will be filtered
                # by the WHERE clause and by the DISTINCT clause
                $t_cf_join_clause = "LEFT JOIN {$t_custom_field_string_table} {$t_table_name} ON {$t_table_name}.bug_id = {$t_bug_table}.id AND {$t_table_name}.field_id = {$t_cfid} ";
                if ($t_def['type'] == CUSTOM_FIELD_TYPE_DATE) {
                    switch ($t_filter['custom_fields'][$t_cfid][0]) {
                        case CUSTOM_FIELD_DATE_ANY:
                        case CUSTOM_FIELD_DATE_NONE:
                            array_push($t_join_clauses, $t_cf_join_clause);
                            $t_custom_where_clause = '(( ' . $t_table_name . '.bug_id is null) OR ( ' . $t_table_name . '.value = 0)';
                        case CUSTOM_FIELD_DATE_BEFORE:
                            array_push($t_join_clauses, $t_cf_join_clause);
                            $t_custom_where_clause = '(( ' . $t_table_name . '.value != 0 AND (' . $t_table_name . '.value+0) < ' . $t_filter['custom_fields'][$t_cfid][2] . ')';
                        case CUSTOM_FIELD_DATE_AFTER:
                            array_push($t_join_clauses, $t_cf_join_clause);
                            $t_custom_where_clause = '(( ' . $t_table_name . '.field_id = ' . $t_cfid . ' AND (' . $t_table_name . '.value+0) > ' . ($t_filter['custom_fields'][$t_cfid][1] + 1) . ')';
                            array_push($t_join_clauses, $t_cf_join_clause);
                            $t_custom_where_clause = '(( ' . $t_table_name . '.field_id = ' . $t_cfid . ' AND (' . $t_table_name . '.value+0) BETWEEN ' . $t_filter['custom_fields'][$t_cfid][1] . ' AND ' . $t_filter['custom_fields'][$t_cfid][2] . ')';
                } else {
                    array_push($t_join_clauses, $t_cf_join_clause);
                    foreach ($t_filter['custom_fields'][$t_cfid] as $t_filter_member) {
                        $t_filter_member = stripslashes($t_filter_member);
                        if (META_FILTER_NONE === $t_filter_member) {
                            # coerce filter value if selecting META_FILTER_NONE
                            $t_filter_member = '';
                        if ($t_first_time) {
                            $t_first_time = false;
                            $t_custom_where_clause = '(';
                        } else {
                            $t_custom_where_clause .= ' OR ';
                        $t_custom_where_clause .= "{$t_table_name}.value ";
                        switch ($t_def['type']) {
                            case CUSTOM_FIELD_TYPE_MULTILIST:
                            case CUSTOM_FIELD_TYPE_CHECKBOX:
                                $t_custom_where_clause .= "LIKE '%|";
                                $t_custom_where_clause_closing = "|%'";
                                $t_custom_where_clause .= "= '";
                                $t_custom_where_clause_closing = "'";
                        $t_custom_where_clause .= db_prepare_string($t_filter_member);
                        $t_custom_where_clause .= $t_custom_where_clause_closing;
                if (!is_blank($t_custom_where_clause)) {
                    array_push($t_where_clauses, $t_custom_where_clause . ')');
    $t_textsearch_where_clause = '';
    $t_textsearch_wherejoin_clause = '';
    # Simple Text Search - Thanks to Alan Knowles
    if (!is_blank($t_filter['search'])) {
        $c_search = db_prepare_string($t_filter['search']);
        $c_search_int = db_prepare_int($t_filter['search']);
        $t_textsearch_where_clause = "((summary LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bug_text_table}.description LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bug_text_table}.steps_to_reproduce LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bug_text_table}.additional_information LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bug_table}.id = '{$c_search_int}'))";
        $t_textsearch_wherejoin_clause = "((summary LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bug_text_table}.description LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bug_text_table}.steps_to_reproduce LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bug_text_table}.additional_information LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bug_table}.id LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bugnote_text_table}.note LIKE '%{$c_search}%'))";
        array_push($t_where_clauses, "({$t_bug_text_table}.id = {$t_bug_table}.bug_text_id)");
        $t_from_clauses = array($t_bug_text_table, $t_project_table, $t_bug_table);
    } else {
        $t_from_clauses = array($t_project_table, $t_bug_table);
    $t_select = implode(', ', array_unique($t_select_clauses));
    $t_from = 'FROM ' . implode(', ', array_unique($t_from_clauses));
    $t_join = implode(' ', $t_join_clauses);
    if (count($t_where_clauses) > 0) {
        $t_where = 'WHERE ' . implode(' AND ', $t_where_clauses);
    } else {
        $t_where = '';
    # Possibly do two passes. First time, grab the IDs of issues that match the filters. Second time, grab the IDs of issues that
    # have bugnotes that match the text search if necessary.
    $t_id_array = array();
    for ($i = 0; $i < 2; $i++) {
        $t_id_where = $t_where;
        $t_id_join = $t_join;
        if ($i == 0) {
            if (!is_blank($t_id_where) && !is_blank($t_textsearch_where_clause)) {
                $t_id_where = $t_id_where . ' AND ' . $t_textsearch_where_clause;
        } else {
            if (!is_blank($t_textsearch_wherejoin_clause)) {
                $t_id_where = $t_id_where . ' AND ' . $t_textsearch_wherejoin_clause;
                $t_id_join = $t_id_join . " INNER JOIN {$t_bugnote_table} ON {$t_bugnote_table}.bug_id = {$t_bug_table}.id";
                $t_id_join = $t_id_join . " INNER JOIN {$t_bugnote_text_table} ON {$t_bugnote_text_table}.id = {$t_bugnote_table}.bugnote_text_id";
        $query = "SELECT DISTINCT {$t_bug_table}.id AS id\n\t\t\t\t\t\t{$t_from}\n\t\t\t\t\t\t{$t_id_join}\n\t\t\t\t\t\t{$t_id_where}";
        if ($i == 0 || !is_blank($t_textsearch_wherejoin_clause)) {
            $result = db_query($query);
            $row_count = db_num_rows($result);
            for ($j = 0; $j < $row_count; $j++) {
                $row = db_fetch_array($result);
                $t_id_array[] = db_prepare_int($row['id']);
    $t_id_array = array_unique($t_id_array);
    if (count($t_id_array) > 0) {
        $t_where = "WHERE {$t_bug_table}.id in (" . implode(", ", $t_id_array) . ")";
    } else {
        $t_where = "WHERE 1 != 1";
    $t_from = 'FROM ' . $t_bug_table;
    # Get the total number of bugs that meet the criteria.
    $bug_count = count($t_id_array);
    # write the value back in case the caller wants to know
    $p_bug_count = $bug_count;
    if (null === $p_per_page) {
        $p_per_page = (int) $t_filter['per_page'];
    } else {
        if (-1 == $p_per_page) {
            $p_per_page = $bug_count;
    # Guard against silly values of $f_per_page.
    if (0 == $p_per_page) {
        $p_per_page = 1;
    $p_per_page = (int) abs($p_per_page);
    # Use $bug_count and $p_per_page to determine how many pages
    # to split this list up into.
    # For the sake of consistency have at least one page, even if it
    # is empty.
    $t_page_count = ceil($bug_count / $p_per_page);
    if ($t_page_count < 1) {
        $t_page_count = 1;
    # write the value back in case the caller wants to know
    $p_page_count = $t_page_count;
    # Make sure $p_page_number isn't past the last page.
    if ($p_page_number > $t_page_count) {
        $p_page_number = $t_page_count;
    # Make sure $p_page_number isn't before the first page
    if ($p_page_number < 1) {
        $p_page_number = 1;
    # Now add the rest of the criteria i.e. sorting, limit.
    # if sort is blank then default the sort and direction.  This is to fix the
    # symptoms of #3953.  Note that even if the main problem is fixed, we may
    # have to keep this code for a while to handle filters saved with this blank field.
    if (is_blank($t_filter['sort'])) {
        $t_filter['sort'] = 'last_updated';
        $t_filter['dir'] = 'DESC';
    $t_order_array = array();
    $t_sort_fields = split(',', $t_filter['sort']);
    $t_dir_fields = split(',', $t_filter['dir']);
    if ('on' == $t_filter['sticky_issues'] && NULL !== $p_show_sticky) {
        $t_order_array[] = "sticky DESC";
    for ($i = 0; $i < count($t_sort_fields); $i++) {
        $c_sort = db_prepare_string($t_sort_fields[$i]);
        if (!in_array($t_sort_fields[$i], array_slice($t_sort_fields, $i + 1))) {
            # if sorting by a custom field
            if (strpos($c_sort, 'custom_') === 0) {
                $t_custom_field = substr($c_sort, strlen('custom_'));
                $t_custom_field_id = custom_field_get_id_from_name($t_custom_field);
                $t_join .= " LEFT JOIN {$t_custom_field_string_table} ON ( ( {$t_custom_field_string_table}.bug_id = {$t_bug_table}.id ) AND ( {$t_custom_field_string_table}.field_id = {$t_custom_field_id} ) )";
                $c_sort = "{$t_custom_field_string_table}.value";
                $t_select_clauses[] = "{$t_custom_field_string_table}.value";
            if ('DESC' == $t_dir_fields[$i]) {
                $c_dir = 'DESC';
            } else {
                $c_dir = 'ASC';
            $t_order_array[] = "{$c_sort} {$c_dir}";
    # add basic sorting if necessary
    if (!in_array('last_updated', $t_sort_fields)) {
        $t_order_array[] = 'last_updated DESC';
    if (!in_array('date_submitted', $t_sort_fields)) {
        $t_order_array[] = 'date_submitted DESC';
    $t_order = " ORDER BY " . implode(', ', $t_order_array);
    $t_select = implode(', ', array_unique($t_select_clauses));
    $query2 = "SELECT DISTINCT {$t_select}\n\t\t\t\t\t{$t_from}\n\t\t\t\t\t{$t_join}\n\t\t\t\t\t{$t_where}\n\t\t\t\t\t{$t_order}";
    # Figure out the offset into the db query
    # for example page number 1, per page 5:
    #     t_offset = 0
    # for example page number 2, per page 5:
    #     t_offset = 5
    $c_per_page = db_prepare_int($p_per_page);
    $c_page_number = db_prepare_int($p_page_number);
    $t_offset = ($c_page_number - 1) * $c_per_page;
    # perform query
    $result2 = db_query($query2, $c_per_page, $t_offset);
    $row_count = db_num_rows($result2);
    $rows = array();
    for ($i = 0; $i < $row_count; $i++) {
        $row = db_fetch_array($result2);
        $row['date_submitted'] = db_unixtimestamp($row['date_submitted']);
        $row['last_updated'] = db_unixtimestamp($row['last_updated']);
        array_push($rows, $row);
    return $rows;
Exemplo n.º 20


runs regularly (2 minute intervals) from a cron job
to get plan times for all relevant plans
header("Content-type: text/plain");
$_SERVER['PWUSERS_DIR'] = "/home/planwatc/pwusers";
$_SERVER['FILE_ROOT'] = "/home/planwatc/public_html";
// limited security -- other users on our host could get a reg. users list, but
// that's a minor risk. it would be nice to make this a bit better, though.
// TODO:(v4.1) adjust the server's cron job to use system's fingerprint
if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR'] && !user_is_administrator()) {
$debug = $_GET['debug'];
echo "DEBUG: {$debug}\n\n\n";
// MAIL_SUBMIT =================================================================
turned off until it gets fixed
TODO:(v4.5) fix mail submission. maybe get a gmail POP account for this?
TODO:(v5) add SMS to mail gateway if there's any user interest http://
if (!file_exists($lastmail_fn) || (@fileatime($lastmail_fn) < time() - 600))
echo "<b>checking for email plan posts...</b>\n";
Exemplo n.º 21
$c_enabled = db_prepare_bool($f_enabled);
$c_user_id = db_prepare_int($f_user_id);
$c_access_level = db_prepare_int($f_access_level);
$t_user_table = db_get_table('user');
$t_old_protected = $t_user['protected'];
# Ensure that users aren't escalating privileges of accounts beyond their
# own global access level.
# check that we are not downgrading the last administrator
$t_admin_threshold = config_get_global('admin_site_threshold');
if (user_is_administrator($f_user_id) && $f_access_level < $t_admin_threshold && user_count_level($t_admin_threshold) <= 1) {
# Project specific access rights override global levels, hence, for users who are changed
# to be administrators, we have to remove project specific rights.
if ($f_access_level >= $t_admin_threshold && !user_is_administrator($f_user_id)) {
# if the user is already protected and the admin is not removing the
#  protected flag then don't update the access level and enabled flag.
#  If the user was unprotected or the protected flag is being turned off
#  then proceed with a full update.
$query_params = array();
if ($f_protected && $t_old_protected) {
    $query = "UPDATE {$t_user_table}\n\t\t\tSET username="******", email=" . db_param() . ",\n\t\t\t\tprotected=" . db_param() . ", realname=" . db_param() . "\n\t\t\tWHERE id=" . db_param();
    $query_params = array($c_username, $c_email, $c_protected, $c_realname, $c_user_id);
} else {
    $query = "UPDATE {$t_user_table}\n\t\t\tSET username="******", email=" . db_param() . ",\n\t\t\t\taccess_level=" . db_param() . ", enabled=" . db_param() . ",\n\t\t\t\tprotected=" . db_param() . ", realname=" . db_param() . "\n\t\t\tWHERE id=" . db_param();
    $query_params = array($c_username, $c_email, $c_access_level, $c_enabled, $c_protected, $c_realname, $c_user_id);
$result = db_query_bound($query, $query_params);
Exemplo n.º 22
 * @uses check_api.php
 * @uses config_api.php
 * @uses user_api.php
if (!defined('CHECK_ANONYMOUS_INC_ALLOW')) {
 * MantisBT Check API
require_once 'check_api.php';
check_print_section_header_row('Anonymous access');
$t_anonymous_access_enabled = config_get_global('allow_anonymous_login');
check_print_info_row('Anonymous access is enabled', $t_anonymous_access_enabled ? 'Yes' : 'No');
if (!$t_anonymous_access_enabled) {
$t_anonymous_account = config_get_global('anonymous_account');
check_print_test_row('anonymous_account configuration option is specified', $t_anonymous_account !== '', array(true => 'The account currently being used for anonymous access is: ' . htmlentities($t_anonymous_account), false => 'The anonymous_account configuration option must specify the username of an account to use for anonymous logins.'));
if ($t_anonymous_account === '') {
$t_anonymous_user_id = user_get_id_by_name($t_anonymous_account);
check_print_test_row('anonymous_account is a valid user account', $t_anonymous_user_id !== false, array(false => 'You need to specify a valid user account to use with the anonymous_account configuration options.'));
check_print_test_row('anonymous_account user has the enabled flag set', user_is_enabled($t_anonymous_user_id), array(false => 'The anonymous user account must be enabled before it can be used.'));
check_print_test_row('anonymous_account user has the protected flag set', user_get_field($t_anonymous_user_id, 'protected'), array(false => 'The anonymous user account needs to have the protected flag set to prevent anonymous users modifying the account.'));
check_print_test_row('anonymous_account user does not have administrator permissions', !user_is_administrator($t_anonymous_user_id), array(true => 'The anonymous user account currently has an access level of: ' . htmlentities(get_enum_element('access_levels', user_get_access_level($t_anonymous_user_id))), false => 'The anonymous user account should not have administrator level permissions.'));
Exemplo n.º 23

$t_anonymous_user_id = user_get_id_by_name( $t_anonymous_account );
	'anonymous_account is a valid user account',
	$t_anonymous_user_id !== false,
	array( false => 'You need to specify a valid user account to use with the anonymous_account configuration options.' )

	'anonymous_account user has the enabled flag set',
	user_is_enabled( $t_anonymous_user_id ),
	array( false => 'The anonymous user account must be enabled before it can be used.' )

	'anonymous_account user has the protected flag set',
	user_get_field( $t_anonymous_user_id, 'protected' ),
	array( false => 'The anonymous user account needs to have the protected flag set to prevent anonymous users modifying the account.' )

	'anonymous_account user does not have administrator permissions',
	!user_is_administrator( $t_anonymous_user_id ),
		true => 'The anonymous user account currently has an access level of: ' . htmlentities( get_enum_element( 'access_levels', user_get_access_level( $t_anonymous_user_id ) ) ),
		false => 'The anonymous user account should not have administrator level permissions.'
Exemplo n.º 24
// URL Authentication
// used by people who are doing looks from different users than their
// logged in users (this includes basically josh and johnnie)
$urlarray = explode('/', $_SERVER['REQUEST_URI']);
$urlarray_count = count($urlarray);
// if we haven't found a fingerprint so far, we check for a fingerprint in the url
if (user_verify_fingerprint($urlarray[$urlarray_count - 1])) {
} elseif (user_verify_fingerprint(user_get_fingerprint($urlarray[$urlarray_count - 2], $urlarray[$urlarray_count - 1]))) {
} else {
    if (user_verify_fingerprint($_COOKIE[$_SERVER['AUTH_COOKIE']])) {
        if (user_is_administrator() && user_verify_fingerprint($_COOKIE['mau'])) {
            // MASQUERADING IS ON
            $_SERVER['MASQUERADE'] = TRUE;
        } else {
            $_SERVER['MASQUERADE'] = FALSE;
    } elseif (user_verify_fingerprint($sid)) {
        $_SERVER["SESSION_ID"] = $sid;
    } elseif (user_verify_fingerprint($_POST[$_SERVER['AUTH_COOKIE']])) {
        // this is so the write form can't expire even if the user leaves it
        // up past cookie expiry.
// Cookie Updates
Exemplo n.º 25
        if (ON == config_get('send_reset_password') && ON == config_get('enable_email_notification')) {
            echo lang_get('reset_password_msg');
        } else {
            echo lang_get('reset_password_msg2');

<!-- PROJECT ACCESS (if permissions allow) and user is not ADMINISTRATOR -->
if (access_has_global_level(config_get('manage_user_threshold')) && !user_is_administrator($t_user_id)) {
<br />
<div align="center">
<table class="width75" cellspacing="1">
<!-- Title -->
	<td class="form-title" colspan="2">
    echo lang_get('add_user_title');

<!-- Assigned Projects -->
<tr <?php 
Exemplo n.º 26
function filter_get_bug_rows(&$p_page_number, &$p_per_page, &$p_page_count, &$p_bug_count, $p_custom_filter = null, $p_project_id = null, $p_user_id = null, $p_show_sticky = null)
    $t_bug_table = config_get('mantis_bug_table');
    $t_bug_text_table = config_get('mantis_bug_text_table');
    $t_bugnote_table = config_get('mantis_bugnote_table');
    $t_custom_field_string_table = config_get('mantis_custom_field_string_table');
    $t_bugnote_text_table = config_get('mantis_bugnote_text_table');
    $t_project_table = config_get('mantis_project_table');
    $t_bug_monitor_table = config_get('mantis_bug_monitor_table');
    $t_limit_reporters = config_get('limit_reporters');
    $t_bug_relationship_table = config_get('mantis_bug_relationship_table');
    $t_report_bug_threshold = config_get('report_bug_threshold');
    $t_current_user_id = auth_get_current_user_id();
    if (null === $p_user_id) {
        $t_user_id = $t_current_user_id;
    } else {
        $t_user_id = $p_user_id;
    $c_user_id = db_prepare_int($t_user_id);
    if (null === $p_project_id) {
        # @@@ If project_id is not specified, then use the project id(s) in the filter if set, otherwise, use current project.
        $t_project_id = helper_get_current_project();
    } else {
        $t_project_id = $p_project_id;
    if ($p_custom_filter === null) {
        # Prefer current_user_get_bug_filter() over user_get_filter() when applicable since it supports
        # cookies set by previous version of the code.
        if ($t_user_id == $t_current_user_id) {
            $t_filter = current_user_get_bug_filter();
        } else {
            $t_filter = user_get_bug_filter($t_user_id, $t_project_id);
    } else {
        $t_filter = $p_custom_filter;
    $t_filter = filter_ensure_valid_filter($t_filter);
    if (false === $t_filter) {
        return false;
        # signify a need to create a cookie
        #@@@ error instead?
    $t_view_type = $t_filter['_view_type'];
    $t_where_clauses = array("{$t_project_table}.enabled = 1", "{$t_project_table}.id = {$t_bug_table}.project_id");
    $t_select_clauses = array("{$t_bug_table}.*");
    $t_join_clauses = array();
    $t_from_clauses = array();
    // normalize the project filtering into an array $t_project_ids
    if ('simple' == $t_view_type) {
        log_event(LOG_FILTERING, 'FILTERING: Simple Filter');
        $t_project_ids = array($t_project_id);
        $t_include_sub_projects = true;
    } else {
        log_event(LOG_FILTERING, 'FILTERING: Advanced Filter');
        if (!is_array($t_filter['project_id'])) {
            $t_project_ids = array(db_prepare_int($t_filter['project_id']));
        } else {
            $t_project_ids = array_map('db_prepare_int', $t_filter['project_id']);
        $t_include_sub_projects = count($t_project_ids) == 1 && $t_project_ids[0] == META_FILTER_CURRENT;
    log_event(LOG_FILTERING, 'FILTERING: project_ids = ' . implode(',', $t_project_ids));
    log_event(LOG_FILTERING, 'FILTERING: include sub-projects = ' . ($t_include_sub_projects ? '1' : '0'));
    // if the array has ALL_PROJECTS, then reset the array to only contain ALL_PROJECTS.
    // replace META_FILTER_CURRENT with the actualy current project id.
    $t_all_projects_found = false;
    $t_new_project_ids = array();
    foreach ($t_project_ids as $t_pid) {
        if ($t_pid == META_FILTER_CURRENT) {
            $t_pid = $t_project_id;
        if ($t_pid == ALL_PROJECTS) {
            $t_all_projects_found = true;
            log_event(LOG_FILTERING, 'FILTERING: all projects selected');
        // filter out inaccessible projects.
        if (!access_has_project_level(VIEWER, $t_pid, $t_user_id)) {
        $t_new_project_ids[] = $t_pid;
    $t_projects_query_required = true;
    if ($t_all_projects_found) {
        if (user_is_administrator($t_user_id)) {
            log_event(LOG_FILTERING, 'FILTERING: all projects + administrator, hence no project filter.');
            $t_projects_query_required = false;
        } else {
            $t_project_ids = user_get_accessible_projects($t_user_id);
    } else {
        $t_project_ids = $t_new_project_ids;
    if ($t_projects_query_required) {
        // expand project ids to include sub-projects
        if ($t_include_sub_projects) {
            $t_top_project_ids = $t_project_ids;
            foreach ($t_top_project_ids as $t_pid) {
                log_event(LOG_FILTERING, 'FILTERING: Getting sub-projects for project id ' . $t_pid);
                $t_project_ids = array_merge($t_project_ids, user_get_all_accessible_subprojects($t_user_id, $t_pid));
            $t_project_ids = array_unique($t_project_ids);
        // if no projects are accessible, then return an empty array.
        if (count($t_project_ids) == 0) {
            log_event(LOG_FILTERING, 'FILTERING: no accessible projects');
            return array();
        log_event(LOG_FILTERING, 'FILTERING: project_ids after including sub-projects = ' . implode(',', $t_project_ids));
        // this array is to be populated with project ids for which we only want to show public issues.  This is due to the limited
        // access of the current user.
        $t_public_only_project_ids = array();
        // this array is populated with project ids that the current user has full access to.
        $t_private_and_public_project_ids = array();
        $t_access_required_to_view_private_bugs = config_get('private_bug_threshold');
        foreach ($t_project_ids as $t_pid) {
            if (access_has_project_level($t_access_required_to_view_private_bugs, $t_pid, $t_user_id)) {
                $t_private_and_public_project_ids[] = $t_pid;
            } else {
                $t_public_only_project_ids[] = $t_pid;
        log_event(LOG_FILTERING, 'FILTERING: project_ids (with public/private access) = ' . implode(',', $t_private_and_public_project_ids));
        log_event(LOG_FILTERING, 'FILTERING: project_ids (with public access) = ' . implode(',', $t_public_only_project_ids));
        $t_count_private_and_public_project_ids = count($t_private_and_public_project_ids);
        if ($t_count_private_and_public_project_ids == 1) {
            $t_private_and_public_query = "( {$t_bug_table}.project_id = " . $t_private_and_public_project_ids[0] . " )";
        } else {
            if ($t_count_private_and_public_project_ids > 1) {
                $t_private_and_public_query = "( {$t_bug_table}.project_id in (" . implode(', ', $t_private_and_public_project_ids) . ") )";
            } else {
                $t_private_and_public_query = null;
        $t_count_public_only_project_ids = count($t_public_only_project_ids);
        $t_public_view_state_check = "( ( {$t_bug_table}.view_state = " . VS_PUBLIC . " ) OR ( {$t_bug_table}.reporter_id = {$t_user_id} ) )";
        if ($t_count_public_only_project_ids == 1) {
            $t_public_only_query = "( ( {$t_bug_table}.project_id = " . $t_public_only_project_ids[0] . " ) AND {$t_public_view_state_check} )";
        } else {
            if ($t_count_public_only_project_ids > 1) {
                $t_public_only_query = "( ( {$t_bug_table}.project_id in (" . implode(', ', $t_public_only_project_ids) . ") ) AND {$t_public_view_state_check} )";
            } else {
                $t_public_only_query = null;
        // both queries can't be null, so we either have one of them or both.
        if ($t_private_and_public_query === null) {
            $t_project_query = $t_public_only_query;
        } else {
            if ($t_public_only_query === null) {
                $t_project_query = $t_private_and_public_query;
            } else {
                $t_project_query = "( {$t_public_only_query} OR {$t_private_and_public_query} )";
        log_event(LOG_FILTERING, 'FILTERING: project query = ' . $t_project_query);
        array_push($t_where_clauses, $t_project_query);
    # view state
    $t_view_state = db_prepare_int($t_filter['view_state']);
    if ($t_filter['view_state'] !== META_FILTER_ANY && !is_blank($t_filter['view_state'])) {
        $t_view_state_query = "({$t_bug_table}.view_state='{$t_view_state}')";
        log_event(LOG_FILTERING, 'FILTERING: view_state query = ' . $t_view_state_query);
        array_push($t_where_clauses, $t_view_state_query);
    } else {
        log_event(LOG_FILTERING, 'FILTERING: no view_state query');
    # reporter
    $t_any_found = false;
    foreach ($t_filter['reporter_id'] as $t_filter_member) {
        if (META_FILTER_ANY === $t_filter_member || 0 === $t_filter_member) {
            $t_any_found = true;
    if (count($t_filter['reporter_id']) == 0) {
        $t_any_found = true;
    if (!$t_any_found) {
        $t_clauses = array();
        foreach ($t_filter['reporter_id'] as $t_filter_member) {
            if (META_FILTER_NONE == $t_filter_member) {
                array_push($t_clauses, "0");
            } else {
                $c_reporter_id = db_prepare_int($t_filter_member);
                if (META_FILTER_MYSELF == $c_reporter_id) {
                    array_push($t_clauses, $c_user_id);
                } else {
                    array_push($t_clauses, $c_reporter_id);
        if (1 < count($t_clauses)) {
            $t_reporter_query = "( {$t_bug_table}.reporter_id in (" . implode(', ', $t_clauses) . ") )";
        } else {
            $t_reporter_query = "( {$t_bug_table}.reporter_id={$t_clauses['0']} )";
        log_event(LOG_FILTERING, 'FILTERING: reporter query = ' . $t_reporter_query);
        array_push($t_where_clauses, $t_reporter_query);
    } else {
        log_event(LOG_FILTERING, 'FILTERING: no reporter query');
    # limit reporter
    # @@@ thraxisp - access_has_project_level checks greater than or equal to,
    #   this assumed that there aren't any holes above REPORTER where the limit would apply
    if (ON === $t_limit_reporters && !access_has_project_level(REPORTER + 1, $t_project_id, $t_user_id)) {
        $c_reporter_id = $c_user_id;
        array_push($t_where_clauses, "({$t_bug_table}.reporter_id='{$c_reporter_id}')");
    # handler
    $t_any_found = false;
    foreach ($t_filter['handler_id'] as $t_filter_member) {
        if (META_FILTER_ANY === $t_filter_member || 0 === $t_filter_member) {
            $t_any_found = true;
    if (count($t_filter['handler_id']) == 0) {
        $t_any_found = true;
    if (!$t_any_found) {
        $t_clauses = array();
        foreach ($t_filter['handler_id'] as $t_filter_member) {
            if (META_FILTER_NONE == $t_filter_member) {
                array_push($t_clauses, 0);
            } else {
                $c_handler_id = db_prepare_int($t_filter_member);
                if (META_FILTER_MYSELF == $c_handler_id) {
                    array_push($t_clauses, $c_user_id);
                } else {
                    array_push($t_clauses, $c_handler_id);
        if (1 < count($t_clauses)) {
            $t_handler_query = "( {$t_bug_table}.handler_id in (" . implode(', ', $t_clauses) . ") )";
        } else {
            $t_handler_query = "( {$t_bug_table}.handler_id={$t_clauses['0']} )";
        log_event(LOG_FILTERING, 'FILTERING: handler query = ' . $t_handler_query);
        array_push($t_where_clauses, $t_handler_query);
    } else {
        log_event(LOG_FILTERING, 'FILTERING: no handler query');
    # category
    if (!_filter_is_any($t_filter['show_category'])) {
        $t_clauses = array();
        foreach ($t_filter['show_category'] as $t_filter_member) {
            $t_filter_member = stripslashes($t_filter_member);
            if (META_FILTER_NONE == $t_filter_member) {
                array_push($t_clauses, "''");
            } else {
                $c_show_category = db_prepare_string($t_filter_member);
                array_push($t_clauses, "'{$c_show_category}'");
        if (1 < count($t_clauses)) {
            array_push($t_where_clauses, "( {$t_bug_table}.category in (" . implode(', ', $t_clauses) . ") )");
        } else {
            array_push($t_where_clauses, "( {$t_bug_table}.category={$t_clauses['0']} )");
    # severity
    $t_any_found = false;
    foreach ($t_filter['show_severity'] as $t_filter_member) {
        if (META_FILTER_ANY == $t_filter_member || 0 === $t_filter_member) {
            $t_any_found = true;
    if (count($t_filter['show_severity']) == 0) {
        $t_any_found = true;
    if (!$t_any_found) {
        $t_clauses = array();
        foreach ($t_filter['show_severity'] as $t_filter_member) {
            $c_show_severity = db_prepare_int($t_filter_member);
            array_push($t_clauses, $c_show_severity);
        if (1 < count($t_clauses)) {
            array_push($t_where_clauses, "( {$t_bug_table}.severity in (" . implode(', ', $t_clauses) . ") )");
        } else {
            array_push($t_where_clauses, "( {$t_bug_table}.severity={$t_clauses['0']} )");
    # show / hide status
    # take a list of all available statuses then remove the ones that we want hidden, then make sure
    # the ones we want shown are still available
    $t_status_arr = explode_enum_string(config_get('status_enum_string'));
    $t_available_statuses = array();
    $t_desired_statuses = array();
    foreach ($t_status_arr as $t_this_status) {
        $t_this_status_arr = explode_enum_arr($t_this_status);
        $t_available_statuses[] = $t_this_status_arr[0];
    if ('simple' == $t_filter['_view_type']) {
        # simple filtering: if showing any, restrict by the hide status value, otherwise ignore the hide
        $t_any_found = false;
        $t_this_status = $t_filter['show_status'][0];
        $t_this_hide_status = $t_filter['hide_status'][0];
        if (META_FILTER_ANY == $t_this_status || is_blank($t_this_status) || 0 === $t_this_status) {
            $t_any_found = true;
        if ($t_any_found) {
            foreach ($t_available_statuses as $t_this_available_status) {
                if ($t_this_hide_status > $t_this_available_status) {
                    $t_desired_statuses[] = $t_this_available_status;
        } else {
            $t_desired_statuses[] = $t_this_status;
    } else {
        # advanced filtering: ignore the hide
        $t_any_found = false;
        foreach ($t_filter['show_status'] as $t_this_status) {
            $t_desired_statuses[] = $t_this_status;
            if (META_FILTER_ANY == $t_this_status || is_blank($t_this_status) || 0 === $t_this_status) {
                $t_any_found = true;
        if ($t_any_found) {
            $t_desired_statuses = array();
    if (count($t_desired_statuses) > 0) {
        $t_clauses = array();
        foreach ($t_desired_statuses as $t_filter_member) {
            $c_show_status = db_prepare_int($t_filter_member);
            array_push($t_clauses, $c_show_status);
        if (1 < count($t_clauses)) {
            array_push($t_where_clauses, "( {$t_bug_table}.status in (" . implode(', ', $t_clauses) . ") )");
        } else {
            array_push($t_where_clauses, "( {$t_bug_table}.status={$t_clauses['0']} )");
    # resolution
    $t_any_found = false;
    foreach ($t_filter['show_resolution'] as $t_filter_member) {
        if (META_FILTER_ANY == $t_filter_member) {
            $t_any_found = true;
    if (count($t_filter['show_resolution']) == 0) {
        $t_any_found = true;
    if (!$t_any_found) {
        $t_clauses = array();
        foreach ($t_filter['show_resolution'] as $t_filter_member) {
            $c_show_resolution = db_prepare_int($t_filter_member);
            array_push($t_clauses, $c_show_resolution);
        if (1 < count($t_clauses)) {
            array_push($t_where_clauses, "( {$t_bug_table}.resolution in (" . implode(', ', $t_clauses) . ") )");
        } else {
            array_push($t_where_clauses, "( {$t_bug_table}.resolution={$t_clauses['0']} )");
    # priority
    $t_any_found = false;
    foreach ($t_filter['show_priority'] as $t_filter_member) {
        if (META_FILTER_ANY == $t_filter_member || 0 === $t_filter_member) {
            $t_any_found = true;
    if (count($t_filter['show_priority']) == 0) {
        $t_any_found = true;
    if (!$t_any_found) {
        $t_clauses = array();
        foreach ($t_filter['show_priority'] as $t_filter_member) {
            $c_show_priority = db_prepare_int($t_filter_member);
            array_push($t_clauses, $c_show_priority);
        if (1 < count($t_clauses)) {
            array_push($t_where_clauses, "( {$t_bug_table}.priority in (" . implode(', ', $t_clauses) . ") )");
        } else {
            array_push($t_where_clauses, "( {$t_bug_table}.priority={$t_clauses['0']} )");
    # product build
    $t_any_found = false;
    foreach ($t_filter['show_build'] as $t_filter_member) {
        if (META_FILTER_ANY == $t_filter_member && is_numeric($t_filter_member)) {
            $t_any_found = true;
    if (count($t_filter['show_build']) == 0) {
        $t_any_found = true;
    if (!$t_any_found) {
        $t_clauses = array();
        foreach ($t_filter['show_build'] as $t_filter_member) {
            $t_filter_member = stripslashes($t_filter_member);
            if (META_FILTER_NONE == $t_filter_member) {
                array_push($t_clauses, "''");
            } else {
                $c_show_build = db_prepare_string($t_filter_member);
                array_push($t_clauses, "'{$c_show_build}'");
        if (1 < count($t_clauses)) {
            array_push($t_where_clauses, "( {$t_bug_table}.build in (" . implode(', ', $t_clauses) . ") )");
        } else {
            array_push($t_where_clauses, "( {$t_bug_table}.build={$t_clauses['0']} )");
    # product version
    if (!_filter_is_any($t_filter['show_version'])) {
        $t_clauses = array();
        foreach ($t_filter['show_version'] as $t_filter_member) {
            $t_filter_member = stripslashes($t_filter_member);
            if (META_FILTER_NONE == $t_filter_member) {
                array_push($t_clauses, "''");
            } else {
                $c_show_version = db_prepare_string($t_filter_member);
                array_push($t_clauses, "'{$c_show_version}'");
        if (1 < count($t_clauses)) {
            array_push($t_where_clauses, "( {$t_bug_table}.version in (" . implode(', ', $t_clauses) . ") )");
        } else {
            array_push($t_where_clauses, "( {$t_bug_table}.version={$t_clauses['0']} )");
    # profile
    if (!_filter_is_any($t_filter['show_profile'])) {
        $t_clauses = array();
        foreach ($t_filter['show_profile'] as $t_filter_member) {
            $t_filter_member = stripslashes($t_filter_member);
            if (META_FILTER_NONE == $t_filter_member) {
                array_push($t_clauses, "0");
            } else {
                $c_show_profile = db_prepare_int($t_filter_member);
                array_push($t_clauses, "{$c_show_profile}");
        if (1 < count($t_clauses)) {
            array_push($t_where_clauses, "( {$t_bug_table}.profile_id in (" . implode(', ', $t_clauses) . ") )");
        } else {
            array_push($t_where_clauses, "( {$t_bug_table}.profile_id={$t_clauses['0']} )");
    # platform
    if (!_filter_is_any($t_filter['platform'])) {
        $t_clauses = array();
        foreach ($t_filter['platform'] as $t_filter_member) {
            $t_filter_member = stripslashes($t_filter_member);
            if (META_FILTER_NONE == $t_filter_member) {
                array_push($t_clauses, '');
            } else {
                $c_platform = db_prepare_string($t_filter_member);
                array_push($t_clauses, "'{$c_platform}'");
        if (1 < count($t_clauses)) {
            array_push($t_where_clauses, "( {$t_bug_table}.platform in (" . implode(', ', $t_clauses) . ") )");
        } else {
            array_push($t_where_clauses, "( {$t_bug_table}.platform = {$t_clauses['0']} )");
    # os
    if (!_filter_is_any($t_filter['os'])) {
        $t_clauses = array();
        foreach ($t_filter['os'] as $t_filter_member) {
            $t_filter_member = stripslashes($t_filter_member);
            if (META_FILTER_NONE == $t_filter_member) {
                array_push($t_clauses, '');
            } else {
                $c_os = db_prepare_string($t_filter_member);
                array_push($t_clauses, "'{$c_os}'");
        if (1 < count($t_clauses)) {
            array_push($t_where_clauses, "( {$t_bug_table}.os in (" . implode(', ', $t_clauses) . ") )");
        } else {
            array_push($t_where_clauses, "( {$t_bug_table}.os = {$t_clauses['0']} )");
    # os_build
    if (!_filter_is_any($t_filter['os_build'])) {
        $t_clauses = array();
        foreach ($t_filter['os_build'] as $t_filter_member) {
            $t_filter_member = stripslashes($t_filter_member);
            if (META_FILTER_NONE == $t_filter_member) {
                array_push($t_clauses, '');
            } else {
                $c_os_build = db_prepare_string($t_filter_member);
                array_push($t_clauses, "'{$c_os_build}'");
        if (1 < count($t_clauses)) {
            array_push($t_where_clauses, "( {$t_bug_table}.os_build in (" . implode(', ', $t_clauses) . ") )");
        } else {
            array_push($t_where_clauses, "( {$t_bug_table}.os_build = {$t_clauses['0']} )");
    # date filter
    if ('on' == $t_filter['do_filter_by_date'] && is_numeric($t_filter['start_month']) && is_numeric($t_filter['start_day']) && is_numeric($t_filter['start_year']) && is_numeric($t_filter['end_month']) && is_numeric($t_filter['end_day']) && is_numeric($t_filter['end_year'])) {
        $t_start_string = db_prepare_string($t_filter['start_year'] . "-" . $t_filter['start_month'] . "-" . $t_filter['start_day'] . " 00:00:00");
        $t_end_string = db_prepare_string($t_filter['end_year'] . "-" . $t_filter['end_month'] . "-" . $t_filter['end_day'] . " 23:59:59");
        array_push($t_where_clauses, "({$t_bug_table}.date_submitted BETWEEN '{$t_start_string}' AND '{$t_end_string}' )");
    # fixed in version
    if (!_filter_is_any($t_filter['fixed_in_version'])) {
        $t_clauses = array();
        foreach ($t_filter['fixed_in_version'] as $t_filter_member) {
            $t_filter_member = stripslashes($t_filter_member);
            if (META_FILTER_NONE == $t_filter_member) {
                array_push($t_clauses, "''");
            } else {
                $c_fixed_in_version = db_prepare_string($t_filter_member);
                array_push($t_clauses, "'{$c_fixed_in_version}'");
        if (1 < count($t_clauses)) {
            array_push($t_where_clauses, "( {$t_bug_table}.fixed_in_version in (" . implode(', ', $t_clauses) . ") )");
        } else {
            array_push($t_where_clauses, "( {$t_bug_table}.fixed_in_version={$t_clauses['0']} )");
    # target version
    if (!_filter_is_any($t_filter['target_version'])) {
        $t_clauses = array();
        foreach ($t_filter['target_version'] as $t_filter_member) {
            $t_filter_member = stripslashes($t_filter_member);
            if (META_FILTER_NONE == $t_filter_member) {
                array_push($t_clauses, "''");
            } else {
                $c_target_version = db_prepare_string($t_filter_member);
                array_push($t_clauses, "'{$c_target_version}'");
        #echo var_dump( $t_clauses ); exit;
        if (1 < count($t_clauses)) {
            array_push($t_where_clauses, "( {$t_bug_table}.target_version in (" . implode(', ', $t_clauses) . ") )");
        } else {
            array_push($t_where_clauses, "( {$t_bug_table}.target_version={$t_clauses['0']} )");
    # users monitoring a bug
    $t_any_found = false;
    foreach ($t_filter['user_monitor'] as $t_filter_member) {
        if (META_FILTER_ANY == $t_filter_member || 0 === $t_filter_member) {
            $t_any_found = true;
    if (count($t_filter['user_monitor']) == 0) {
        $t_any_found = true;
    if (!$t_any_found) {
        $t_clauses = array();
        $t_table_name = 'user_monitor';
        array_push($t_from_clauses, $t_bug_monitor_table);
        array_push($t_join_clauses, "LEFT JOIN {$t_bug_monitor_table} {$t_table_name} ON {$t_table_name}.bug_id = {$t_bug_table}.id");
        foreach ($t_filter['user_monitor'] as $t_filter_member) {
            $c_user_monitor = db_prepare_int($t_filter_member);
            if (META_FILTER_MYSELF == $c_user_monitor) {
                array_push($t_clauses, $c_user_id);
            } else {
                array_push($t_clauses, $c_user_monitor);
        if (1 < count($t_clauses)) {
            array_push($t_where_clauses, "( {$t_table_name}.user_id in (" . implode(', ', $t_clauses) . ") )");
        } else {
            array_push($t_where_clauses, "( {$t_table_name}.user_id={$t_clauses['0']} )");
    # bug relationship
    $t_any_found = false;
    $c_rel_type = $t_filter['relationship_type'];
    $c_rel_bug = $t_filter['relationship_bug'];
    if (-1 == $c_rel_type || 0 == $c_rel_bug) {
        $t_any_found = true;
    if (!$t_any_found) {
        # use the complementary type
        $t_comp_type = relationship_get_complementary_type($c_rel_type);
        $t_clauses = array();
        $t_table_name = 'relationship';
        array_push($t_from_clauses, $t_bug_relationship_table);
        array_push($t_join_clauses, "LEFT JOIN {$t_bug_relationship_table} {$t_table_name} ON {$t_table_name}.destination_bug_id = {$t_bug_table}.id");
        array_push($t_join_clauses, "LEFT JOIN {$t_bug_relationship_table} {$t_table_name}2 ON {$t_table_name}2.source_bug_id = {$t_bug_table}.id");
        // get reverse relationships
        array_push($t_clauses, "({$t_table_name}.relationship_type='{$t_comp_type}' AND {$t_table_name}.source_bug_id='{$c_rel_bug}')");
        array_push($t_clauses, "({$t_table_name}" . "2.relationship_type='{$c_rel_type}' AND {$t_table_name}" . "2.destination_bug_id='{$c_rel_bug}')");
        array_push($t_where_clauses, '(' . implode(' OR ', $t_clauses) . ')');
    # tags
    $c_tag_string = trim($t_filter['tag_string']);
    if (!is_blank($c_tag_string)) {
        $t_tags = tag_parse_filters($c_tag_string);
        if (count($t_tags)) {
            $t_tags_all = array();
            $t_tags_any = array();
            $t_tags_none = array();
            foreach ($t_tags as $t_tag_row) {
                switch ($t_tag_row['filter']) {
                    case 1:
                        $t_tags_all[] = $t_tag_row;
                    case 0:
                        $t_tags_any[] = $t_tag_row;
                    case -1:
                        $t_tags_none[] = $t_tag_row;
            if (0 < $t_filter['tag_select'] && tag_exists($t_filter['tag_select'])) {
                $t_tags_any[] = tag_get($t_filter['tag_select']);
            $t_bug_tag_table = config_get('mantis_bug_tag_table');
            if (count($t_tags_all)) {
                $t_clauses = array();
                foreach ($t_tags_all as $t_tag_row) {
                    array_push($t_clauses, "{$t_bug_table}.id IN ( SELECT bug_id FROM {$t_bug_tag_table} WHERE {$t_bug_tag_table}.tag_id = {$t_tag_row['id']} )");
                array_push($t_where_clauses, '(' . implode(' AND ', $t_clauses) . ')');
            if (count($t_tags_any)) {
                $t_clauses = array();
                foreach ($t_tags_any as $t_tag_row) {
                    array_push($t_clauses, "{$t_bug_tag_table}.tag_id = {$t_tag_row['id']}");
                array_push($t_where_clauses, "{$t_bug_table}.id IN ( SELECT bug_id FROM {$t_bug_tag_table} WHERE ( " . implode(' OR ', $t_clauses) . ') )');
            if (count($t_tags_none)) {
                $t_clauses = array();
                foreach ($t_tags_none as $t_tag_row) {
                    array_push($t_clauses, "{$t_bug_tag_table}.tag_id = {$t_tag_row['id']}");
                array_push($t_where_clauses, "{$t_bug_table}.id NOT IN ( SELECT bug_id FROM {$t_bug_tag_table} WHERE ( " . implode(' OR ', $t_clauses) . ') )');
    # custom field filters
    if (ON == config_get('filter_by_custom_fields')) {
        # custom field filtering
        # @@@ At the moment this gets the linked fields relating to the current project
        #     It should get the ones relating to the project in the filter or all projects
        #     if multiple projects.
        $t_custom_fields = custom_field_get_linked_ids($t_project_id);
        foreach ($t_custom_fields as $t_cfid) {
            $t_custom_where_clause = '';
            # Ignore all custom filters that are not set, or that are set to '' or "any"
            $t_any_found = false;
            foreach ($t_filter['custom_fields'][$t_cfid] as $t_filter_member) {
                if (META_FILTER_ANY == $t_filter_member && is_numeric($t_filter_member)) {
                    $t_any_found = true;
            if (!isset($t_filter['custom_fields'][$t_cfid])) {
                $t_any_found = true;
            if (!$t_any_found) {
                $t_def = custom_field_get_definition($t_cfid);
                $t_table_name = $t_custom_field_string_table . '_' . $t_cfid;
                # We need to filter each joined table or the result query will explode in dimensions
                # Each custom field will result in a exponential growth like Number_of_Issues^Number_of_Custom_Fields
                # and only after this process ends (if it is able to) the result query will be filtered
                # by the WHERE clause and by the DISTINCT clause
                $t_cf_join_clause = "LEFT JOIN {$t_custom_field_string_table} {$t_table_name} ON {$t_table_name}.bug_id = {$t_bug_table}.id AND {$t_table_name}.field_id = {$t_cfid} ";
                if ($t_def['type'] == CUSTOM_FIELD_TYPE_DATE) {
                    switch ($t_filter['custom_fields'][$t_cfid][0]) {
                        case CUSTOM_FIELD_DATE_ANY:
                        case CUSTOM_FIELD_DATE_NONE:
                            array_push($t_join_clauses, $t_cf_join_clause);
                            $t_custom_where_clause = '(( ' . $t_table_name . '.bug_id is null) OR ( ' . $t_table_name . '.value = 0)';
                        case CUSTOM_FIELD_DATE_BEFORE:
                            array_push($t_join_clauses, $t_cf_join_clause);
                            $t_custom_where_clause = '(( ' . $t_table_name . '.value != 0 AND (' . $t_table_name . '.value+0) < ' . $t_filter['custom_fields'][$t_cfid][2] . ')';
                        case CUSTOM_FIELD_DATE_AFTER:
                            array_push($t_join_clauses, $t_cf_join_clause);
                            $t_custom_where_clause = '( (' . $t_table_name . '.value+0) > ' . ($t_filter['custom_fields'][$t_cfid][1] + 1);
                            array_push($t_join_clauses, $t_cf_join_clause);
                            $t_custom_where_clause = '( (' . $t_table_name . '.value+0) BETWEEN ' . $t_filter['custom_fields'][$t_cfid][1] . ' AND ' . $t_filter['custom_fields'][$t_cfid][2];
                } else {
                    array_push($t_join_clauses, $t_cf_join_clause);
                    $t_filter_array = array();
                    foreach ($t_filter['custom_fields'][$t_cfid] as $t_filter_member) {
                        $t_filter_member = stripslashes($t_filter_member);
                        if (META_FILTER_NONE == $t_filter_member) {
                            # coerce filter value if selecting META_FILTER_NONE so it will match empty fields
                            $t_filter_member = '';
                            # but also add those _not_ present in the custom field string table
                            array_push($t_filter_array, "{$t_bug_table}.id NOT IN (SELECT bug_id FROM {$t_custom_field_string_table} WHERE field_id={$t_cfid})");
                        switch ($t_def['type']) {
                            case CUSTOM_FIELD_TYPE_MULTILIST:
                            case CUSTOM_FIELD_TYPE_CHECKBOX:
                                array_push($t_filter_array, db_helper_like("{$t_table_name}.value", '%|' . db_prepare_string($t_filter_member) . '|%'));
                                array_push($t_filter_array, "{$t_table_name}.value = '" . db_prepare_string($t_filter_member) . "'");
                    $t_custom_where_clause .= '(' . implode(' OR ', $t_filter_array);
                if (!is_blank($t_custom_where_clause)) {
                    array_push($t_where_clauses, $t_custom_where_clause . ')');
    $t_textsearch_where_clause = '';
    $t_textsearch_wherejoin_clause = '';
    # Simple Text Search - Thanks to Alan Knowles
    if (!is_blank($t_filter['search'])) {
        $c_search = db_prepare_string($t_filter['search']);
        $c_search_int = db_prepare_int($t_filter['search']);
        $t_textsearch_where_clause = '(' . db_helper_like('summary', "%{$c_search}%") . ' OR ' . db_helper_like("{$t_bug_text_table}.description", "%{$c_search}%") . ' OR ' . db_helper_like("{$t_bug_text_table}.steps_to_reproduce", "%{$c_search}%") . ' OR ' . db_helper_like("{$t_bug_text_table}.additional_information", "%{$c_search}%") . " OR ( {$t_bug_table}.id = '{$c_search_int}' ) )";
        $t_textsearch_wherejoin_clause = '(' . db_helper_like('summary', "%{$c_search}%") . ' OR ' . db_helper_like("{$t_bug_text_table}.description", "%{$c_search}%") . ' OR ' . db_helper_like("{$t_bug_text_table}.steps_to_reproduce", "%{$c_search}%") . ' OR ' . db_helper_like("{$t_bug_text_table}.additional_information", "%{$c_search}%") . ' OR ' . db_helper_like("{$t_bug_table}.id", "%{$c_search}%") . ' OR ' . db_helper_like("{$t_bugnote_text_table}.note", "%{$c_search}%") . ' )';
        array_push($t_where_clauses, "({$t_bug_text_table}.id = {$t_bug_table}.bug_text_id)");
        $t_from_clauses = array($t_bug_text_table, $t_project_table, $t_bug_table);
    } else {
        $t_from_clauses = array($t_project_table, $t_bug_table);
    $t_select = implode(', ', array_unique($t_select_clauses));
    $t_from = 'FROM ' . implode(', ', array_unique($t_from_clauses));
    $t_join = implode(' ', $t_join_clauses);
    if (count($t_where_clauses) > 0) {
        $t_where = 'WHERE ' . implode(' AND ', $t_where_clauses);
    } else {
        $t_where = '';
    # Possibly do two passes. First time, grab the IDs of issues that match the filters. Second time, grab the IDs of issues that
    # have bugnotes that match the text search if necessary.
    $t_id_array = array();
    for ($i = 0; $i < 2; $i++) {
        $t_id_where = $t_where;
        $t_id_join = $t_join;
        if ($i == 0) {
            if (!is_blank($t_id_where) && !is_blank($t_textsearch_where_clause)) {
                $t_id_where = $t_id_where . ' AND ' . $t_textsearch_where_clause;
        } else {
            if (!is_blank($t_textsearch_wherejoin_clause)) {
                $t_id_where = $t_id_where . ' AND ' . $t_textsearch_wherejoin_clause;
                $t_id_join = $t_id_join . " INNER JOIN {$t_bugnote_table} ON {$t_bugnote_table}.bug_id = {$t_bug_table}.id";
                $t_id_join = $t_id_join . " INNER JOIN {$t_bugnote_text_table} ON {$t_bugnote_text_table}.id = {$t_bugnote_table}.bugnote_text_id";
        $query = "SELECT DISTINCT {$t_bug_table}.id AS id\r\n\t\t\t\t\t\t{$t_from}\r\n\t\t\t\t\t\t{$t_id_join}\r\n\t\t\t\t\t\t{$t_id_where}";
        if ($i == 0 || !is_blank($t_textsearch_wherejoin_clause)) {
            $result = db_query($query);
            $row_count = db_num_rows($result);
            for ($j = 0; $j < $row_count; $j++) {
                $row = db_fetch_array($result);
                $t_id_array[] = db_prepare_int($row['id']);
    $t_id_array = array_unique($t_id_array);
    # Get the total number of bugs that meet the criteria.
    $bug_count = count($t_id_array);
    $rows = array();
    if ($bug_count > 0) {
        $t_where = "WHERE {$t_bug_table}.id in (" . implode(", ", $t_id_array) . ")";
    } else {
        return $rows;
    $t_from = 'FROM ' . $t_bug_table;
    # write the value back in case the caller wants to know
    $p_bug_count = $bug_count;
    if (null === $p_per_page) {
        $p_per_page = (int) $t_filter['per_page'];
    } else {
        if (-1 == $p_per_page) {
            $p_per_page = $bug_count;
    # Guard against silly values of $f_per_page.
    if (0 == $p_per_page) {
        $p_per_page = $bug_count;
        // 0 - means show all
    $p_per_page = (int) abs($p_per_page);
    # Use $bug_count and $p_per_page to determine how many pages
    # to split this list up into.
    # For the sake of consistency have at least one page, even if it
    # is empty.
    $t_page_count = ceil($bug_count / $p_per_page);
    if ($t_page_count < 1) {
        $t_page_count = 1;
    # write the value back in case the caller wants to know
    $p_page_count = $t_page_count;
    # Make sure $p_page_number isn't past the last page.
    if ($p_page_number > $t_page_count) {
        $p_page_number = $t_page_count;
    # Make sure $p_page_number isn't before the first page
    if ($p_page_number < 1) {
        $p_page_number = 1;
    # Now add the rest of the criteria i.e. sorting, limit.
    # if sort is blank then default the sort and direction.  This is to fix the
    # symptoms of #3953.  Note that even if the main problem is fixed, we may
    # have to keep this code for a while to handle filters saved with this blank field.
    if (is_blank($t_filter['sort'])) {
        $t_filter['sort'] = 'last_updated';
        $t_filter['dir'] = 'DESC';
    $t_order_array = array();
    $t_sort_fields = split(',', $t_filter['sort']);
    $t_dir_fields = split(',', $t_filter['dir']);
    if ('on' == $t_filter['sticky_issues'] && NULL !== $p_show_sticky) {
        $t_order_array[] = "sticky DESC";
    $t_join = '';
    for ($i = 0; $i < count($t_sort_fields); $i++) {
        $c_sort = db_prepare_string($t_sort_fields[$i]);
        if (!in_array($t_sort_fields[$i], array_slice($t_sort_fields, $i + 1))) {
            # if sorting by a custom field
            if (strpos($c_sort, 'custom_') === 0) {
                $t_custom_field = substr($c_sort, strlen('custom_'));
                $t_custom_field_id = custom_field_get_id_from_name($t_custom_field);
                $t_join .= " LEFT JOIN {$t_custom_field_string_table} ON ( ( {$t_custom_field_string_table}.bug_id = {$t_bug_table}.id ) AND ( {$t_custom_field_string_table}.field_id = {$t_custom_field_id} ) )";
                $c_sort = "{$t_custom_field_string_table}.value";
                $t_select_clauses[] = "{$t_custom_field_string_table}.value";
            if ('DESC' == $t_dir_fields[$i]) {
                $c_dir = 'DESC';
            } else {
                $c_dir = 'ASC';
            $t_order_array[] = "{$c_sort} {$c_dir}";
    # add basic sorting if necessary
    if (!in_array('last_updated', $t_sort_fields)) {
        $t_order_array[] = 'last_updated DESC';
    if (!in_array('date_submitted', $t_sort_fields)) {
        $t_order_array[] = 'date_submitted DESC';
    $t_order = " ORDER BY " . implode(', ', $t_order_array);
    $t_select = implode(', ', array_unique($t_select_clauses));
    $query2 = "SELECT DISTINCT {$t_select}\r\n\t\t\t\t\t{$t_from}\r\n\t\t\t\t\t{$t_join}\r\n\t\t\t\t\t{$t_where}\r\n\t\t\t\t\t{$t_order}";
    # Figure out the offset into the db query
    # for example page number 1, per page 5:
    #     t_offset = 0
    # for example page number 2, per page 5:
    #     t_offset = 5
    $c_per_page = db_prepare_int($p_per_page);
    $c_page_number = db_prepare_int($p_page_number);
    $t_offset = ($c_page_number - 1) * $c_per_page;
    # perform query
    $result2 = db_query($query2, $c_per_page, $t_offset);
    $row_count = db_num_rows($result2);
    $t_id_array_lastmod = array();
    for ($i = 0; $i < $row_count; $i++) {
        $row = db_fetch_array($result2);
        $t_id_array_lastmod[] = db_prepare_int($row['id']);
        $row['date_submitted'] = db_unixtimestamp($row['date_submitted']);
        $row['last_updated'] = db_unixtimestamp($row['last_updated']);
        array_push($rows, $row);
    $t_id_array_lastmod = array_unique($t_id_array_lastmod);
    // paulr: it should be impossible for t_id_array_lastmod to be array():
    // that would imply that $t_id_array is null which aborts this function early
    //if ( count( $t_id_array_lastmod ) > 0 ) {
    $t_where = "WHERE {$t_bugnote_table}.bug_id in (" . implode(", ", $t_id_array_lastmod) . ")";
    $query3 = "SELECT DISTINCT bug_id,MAX(last_modified) as last_modified, COUNT(last_modified) as count FROM {$t_bugnote_table} {$t_where} GROUP BY bug_id";
    # perform query
    $result3 = db_query($query3);
    $row_count = db_num_rows($result3);
    for ($i = 0; $i < $row_count; $i++) {
        $row = db_fetch_array($result3);
        $t_stats[$row['bug_id']] = $row;
    foreach ($rows as $row) {
        if (!isset($t_stats[$row['id']])) {
            bug_cache_database_result($row, false);
        } else {
            bug_cache_database_result($row, $t_stats[$row['id']]);
    return $rows;
Exemplo n.º 27
 * return the user's access level
 * account for private project and the project user lists
 * @param integer $p_user_id    A valid user identifier.
 * @param integer $p_project_id A valid project identifier.
 * @return integer
function user_get_access_level($p_user_id, $p_project_id = ALL_PROJECTS)
    $t_access_level = user_get_field($p_user_id, 'access_level');
    if (user_is_administrator($p_user_id)) {
        return $t_access_level;
    $t_project_access_level = project_get_local_user_access_level($p_project_id, $p_user_id);
    if (false === $t_project_access_level) {
        return $t_access_level;
    } else {
        return $t_project_access_level;
Exemplo n.º 28
if ($_POST['action'] == 'sendmessage') {
    include_once 'send.php';
    send_find($_POST['message'], $user, $_POST['recipient']);
if ($_POST['action'] == 'login') {
    login($_POST['user'], $_POST['pass'], $_POST['remember']);
if ($_GET['action'] == 'login_ajax') {
    login($_GET['user'], $_GET['pass'], $_GET['remember'], "/watched/{$_GET['user']}");
if ($_POST['data'] && $_POST['filename'] && user_is_administrator()) {
    file_put_contents($_POST['filename'], stripslashes($_POST['data']));
//if ($_SERVER['USER']=='jwdavidson') print_r($_POST['action']);
if ($_POST['action'] == 'snitch_archive') {
//if ($_SERVER['USER']=='jwdavidson') print_r($_POST);
if ($_POST['action'] == 'write_css') {
    file_put_contents("{$_SERVER['USER_ROOT']}/user_css.txt", '$extra_css="' . $_POST['css_data'] . '";');
Exemplo n.º 29
 * This function checks the project access level first (for the current project
 * if none is specified) and if the user is not listed, it falls back on the
 * user's global access level.
 * @param int $p_project_id integer representing project id to check access against
 * @param int|null $p_user_id integer representing user id, defaults to null to use current user
 * @return int access level user has to given project
 * @access public
function access_get_project_level($p_project_id = null, $p_user_id = null)
    if (null === $p_user_id) {
        $p_user_id = auth_get_current_user_id();
    # Deal with not logged in silently in this case
    /** @todo we may be able to remove this and just error and once we default to anon login, we can remove it for sure */
    if (empty($p_user_id) && !auth_is_user_authenticated()) {
        return ANYBODY;
    if (null === $p_project_id) {
        $p_project_id = helper_get_current_project();
    $t_global_access_level = access_get_global_level($p_user_id);
    if (ALL_PROJECTS == $p_project_id || user_is_administrator($p_user_id)) {
        return $t_global_access_level;
    } else {
        $t_project_access_level = access_get_local_level($p_user_id, $p_project_id);
        $t_project_view_state = project_get_field($p_project_id, 'view_state');
        # Try to use the project access level.
        # If the user is not listed in the project, then try to fall back
        #  to the global access level
        if (false === $t_project_access_level) {
            # If the project is private and the user isn't listed, then they
            # must have the private_project_threshold access level to get in.
            if (VS_PRIVATE == $t_project_view_state) {
                if (access_compare_level($t_global_access_level, config_get('private_project_threshold', null, null, ALL_PROJECTS))) {
                    return $t_global_access_level;
                } else {
                    return ANYBODY;
            } else {
                # project access not set, but the project is public
                return $t_global_access_level;
        } else {
            # project specific access was set
            return $t_project_access_level;
Exemplo n.º 30
$f_user_id = gpc_get_int('user_id');
$t_user = user_get_row($f_user_id);
# Ensure that the account to be deleted is of equal or lower access to the
# current user.
# check that we are not deleting the last administrator account
$t_admin_threshold = config_get_global('admin_site_threshold');
if (user_is_administrator($f_user_id) && user_count_level($t_admin_threshold) <= 1) {
# If an administrator is trying to delete their own account, use
# account_delete.php instead as it is handles logging out and redirection
# of users who have just deleted their own accounts.
if (auth_get_current_user_id() == $f_user_id) {
    print_header_redirect('account_delete.php?account_delete_token=' . form_security_token('account_delete'), true, false);
helper_ensure_confirmed(lang_get('delete_account_sure_msg') . '<br/>' . lang_get('username_label') . lang_get('word_separator') . $t_user['username'], lang_get('delete_account_button'));
html_page_top(null, 'manage_user_page.php');