/** * Given an id, this method returns the user. * When calling this method make sure that the caller has the right to retrieve * information about the target user. */ function mci_user_get($p_username, $p_password, $p_user_id) { $t_user_data = array(); // if user doesn't exist, then mci_account_get_array_by_id() will throw. $t_user_data['account_data'] = mci_account_get_array_by_id($p_user_id); $t_user_data['access_level'] = access_get_global_level($p_user_id); $t_user_data['timezone'] = user_pref_get_pref($p_user_id, 'timezone'); return $t_user_data; }
/** * Triggers an error if the current user is suspected to be a spammer. * This should be run before actions like adding issues or issue notes. If the * user is determined to demonstrate spammy behavior, this method will trigger an * error and exit the script. */ function antispam_check() { if (OFF == config_get_global('allow_signup')) { return; } if (access_get_global_level() > config_get('default_new_account_access_level')) { return; } $t_antispam_max_event_count = config_get('antispam_max_event_count'); if ($t_antispam_max_event_count == 0) { return; } # Make sure user has at least one more event to add before exceeding the limit, which will happen # after this method returns. $t_antispam_time_window_in_seconds = config_get('antispam_time_window_in_seconds'); if (history_count_user_recent_events($t_antispam_time_window_in_seconds) < $t_antispam_max_event_count) { return; } error_parameters($t_antispam_max_event_count, $t_antispam_time_window_in_seconds); trigger_error(ERROR_SPAM_SUSPECTED, ERROR); }
/** * This function checks the project access level first (for the current project * if none is specified) and if the user is not listed, it falls back on the * user's global access level. * @param int $p_project_id integer representing project id to check access against * @param int|null $p_user_id integer representing user id, defaults to null to use current user * @return int access level user has to given project * @access public */ function access_get_project_level($p_project_id = null, $p_user_id = null) { if (null === $p_user_id) { $p_user_id = auth_get_current_user_id(); } # Deal with not logged in silently in this case /** @todo we may be able to remove this and just error and once we default to anon login, we can remove it for sure */ if (empty($p_user_id) && !auth_is_user_authenticated()) { return ANYBODY; } if (null === $p_project_id) { $p_project_id = helper_get_current_project(); } $t_global_access_level = access_get_global_level($p_user_id); if (ALL_PROJECTS == $p_project_id || user_is_administrator($p_user_id)) { return $t_global_access_level; } else { $t_project_access_level = access_get_local_level($p_user_id, $p_project_id); $t_project_view_state = project_get_field($p_project_id, 'view_state'); # Try to use the project access level. # If the user is not listed in the project, then try to fall back # to the global access level if (false === $t_project_access_level) { # If the project is private and the user isn't listed, then they # must have the private_project_threshold access level to get in. if (VS_PRIVATE == $t_project_view_state) { if (access_compare_level($t_global_access_level, config_get('private_project_threshold', null, null, ALL_PROJECTS))) { return $t_global_access_level; } else { return ANYBODY; } } else { # project access not set, but the project is public return $t_global_access_level; } } else { # project specific access was set return $t_project_access_level; } } }
require_api('project_api.php'); require_api('project_hierarchy_api.php'); form_security_validate('manage_proj_create'); auth_reauthenticate(); access_ensure_global_level(config_get('create_project_threshold')); $f_name = gpc_get_string('name'); $f_description = gpc_get_string('description'); $f_view_state = gpc_get_int('view_state'); $f_status = gpc_get_int('status'); $f_file_path = gpc_get_string('file_path', ''); $f_inherit_global = gpc_get_bool('inherit_global', 0); $f_inherit_parent = gpc_get_bool('inherit_parent', 0); $f_parent_id = gpc_get_int('parent_id', 0); if (0 != $f_parent_id) { project_ensure_exists($f_parent_id); } $t_project_id = project_create(strip_tags($f_name), $f_description, $f_status, $f_view_state, $f_file_path, true, $f_inherit_global); if ($f_view_state == VS_PRIVATE && false === current_user_is_administrator()) { $t_access_level = access_get_global_level(); $t_current_user_id = auth_get_current_user_id(); project_add_user($t_project_id, $t_current_user_id, $t_access_level); } if (0 != $f_parent_id) { project_hierarchy_add($t_project_id, $f_parent_id, $f_inherit_parent); } event_signal('EVENT_MANAGE_PROJECT_CREATE', array($t_project_id)); form_security_purge('manage_proj_create'); $t_redirect_url = 'manage_proj_page.php'; html_page_top(null, $t_redirect_url); html_operation_successful($t_redirect_url); html_page_bottom();
<?php require "worklog_api.php"; access_ensure_global_level(plugin_config_get('worklog_view_threshold')); html_page_top1(); html_page_top2(); # Select the faq posts $minimum_level = access_get_global_level(); $t_where_clausole = "view_access <= {$minimum_level}"; if (!isset($_POST['f_all_user']) || !isset($_GET['f_all_user'])) { //allow show all youser $t_where_clausole .= " and poster_id = " . current_user_get_field("id"); } else { if (!isset($_POST['f_user_id'])) { //show by userId $t_where_clausole .= " and poster_id = " . gpc_get_int("poster_id"); } } $p_project_id = helper_get_current_project(); if ($p_project_id != 0) { //pk remove filter by project $t_where_clausole .= " and ((project_id='" . $p_project_id . "' OR project_id=0)"; $t_project_ids = project_hierarchy_get_subprojects($p_project_id); foreach ($t_project_ids as $value) { $t_where_clausole .= " or project_id='" . $value . "'"; } $t_where_clausole .= ")"; } $f_search = $_POST["f_search"]; if (!isset($f_search)) { $f_search = "";