<?php require_once 'bookmark_fns.php'; session_start(); do_html_header('Adding Bug'); try { check_valid_user(); if (!filled_out($_POST)) { throw new Exception('Please fill out all fields'); } $form_vars = array('project' => $_POST['project'], 'project_version' => $_POST['project_version'], 'title' => $_POST['title'], 'description' => $_POST['description']); // Make the form input safe for db entry foreach ($form_vars as $key => $value) { $value = addslashes(htmlspecialchars(strip_tags($value))); } add_bug($form_vars); echo 'Bug Added.'; //Get the bugs the user has access to if ($bug_array = $get_user_bugs($_SESSION['valid_user'])) { display_user_bugs($bug_array); } } catch (Exception $e) { echo $e->getMessage(); } display_user_menu(); do_html_footer();
function get_parser() { $conf = configurations(); if (!$_GET) { return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'listprojects'); } if (isset($_GET['mod'])) { if (is_array(myfilter($_GET['mod'], 'mod'))) { trigger_error('potential attack using mod'); return deconnect(); } else { $mod = $_GET['mod']; } } else { $mod = null; } switch ($_GET['action']) { case 'adduser': if (admin(true)) { if ($_POST['usr_email'] && $_POST['username']) { return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'adduser', add_user(myfilter($_POST['usr_email'], 'email'), myfilter($_POST['username'], 'user'), myfilter($_POST['lvl'], 'lvl'))); } return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'adduser'); } break; case 'listusers': if (admin(true)) { $list_users = list_users(array(null)); return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'listusers', $list_users); } break; case 'deco': return deconnect(); break; case 'modpass': if ($_POST['oldpass'] && $_POST['password1'] && $_POST['password2']) { $pass = array(myfilter($_POST['oldpass'], 'password'), myfilter($_POST['password1'], 'password'), myfilter($_POST['password2'], 'password')); if (is_string($pass[0]) && is_string($pass[1]) && is_string($pass[2])) { $change = change_password($_SESSION['db_data']['_id'], $pass); return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'changepass', $change); } } return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'changepass', null); break; case 'resetpass': if (isset($_GET['user_id']) && isset($_GET['resetcode']) && !is_array($_GET['user_id']) && !is_array($_GET['resetcode'])) { return reset_password($_GET['user_id'], $_GET['resetcode']); } elseif (isset($_GET['user_id']) && !is_array($_GET['user_id']) && admin(true)) { return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'edit_user', reset_password($_GET['user_id'])); } break; case 'edituser': if (isset($_GET['user_id'])) { if (user(true) && $_GET['user_id'] == $_SESSION['db_data']['_id']) { return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'edit_user', change_user_data($_SESSION['db_data'])); } if (admin(true) && !is_array($_GET['user_id'])) { return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'edit_user', change_user_data(check_user(array('_id' => new MongoID(myfilter($_GET['user_id'], '_id')))))); } } break; case 'changemail': if (isset($_GET['user_id']) && isset($_GET['code'])) { $db = check_user(array('_id' => new MongoID(myfilter($_GET['user_id'], '_id')))); if ($db['mail_change_id'] == $_GET['code']) { return change_email_user(array('email' => $db['new_mail'], 'new_mail' => null, 'mail_change_id' => null), myfilter($_GET['user_id'], '_id'), 'postmail'); } } break; case 'deluser': if (admin(true) && !is_array($_GET['user_id'])) { return delete_user(myfilter($_GET['user_id'], '_id')); } break; case 'addproject': if (admin(true)) { return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'add_project', addproject()); } break; case 'project': if (isset($_GET['project_id'])) { if (!is_array(myfilter($_GET['project_id'], '_id'))) { $_SESSION['currentprojet'] = myfilter($_GET['project_id'], '_id'); return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'project', check_projects_mod($mod)); } } break; case 'getfile': if (isset($_GET['file']) && isset($_GET['key']) && isset($_GET['id']) && isset($_GET['os']) && isset($_GET['arch'])) { if (!is_array(myfilter($_GET['file'], 'sha1')) && !is_array(myfilter($_GET['key'], 'timestamp')) && !is_array(myfilter($_GET['id'], '_id')) && !is_array($_GET['os']) && !is_array($_GET['arch'])) { return down_file(myfilter($_GET['file'], 'sha1'), myfilter($_GET['key'], 'timestamp'), base64_decode(urldecode($_GET['os'])), base64_decode(urldecode($_GET['arch'])), myfilter($_GET['id'], '_id')); } } break; case 'addfile': if (admin(true) && isset($_GET['id'])) { if (!is_array(myfilter($_GET['id'], '_id'))) { return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'add_file', addfile(myfilter($_GET['id'], '_id'))); } } break; case 'deletefile': if (admin(true) && isset($_GET['id']) && isset($_GET['key'])) { if (!is_array(myfilter($_GET['id'], '_id')) && !is_array(myfilter($_GET['key'], 'timestamp'))) { return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'project', delete_file(myfilter($_GET['id'], '_id'), myfilter($_GET['key'], 'timestamp'))); } } break; case 'usersetting': if (isset($_GET['user_id'])) { if (user(true) && $_GET['user_id'] == $_SESSION['db_data']['_id']) { return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'setting', change_user_setting($_SESSION['db_data']['_id'])); } } break; case 'bug': if (isset($_GET['id'])) { if (!is_array(myfilter($_GET['id'], '_id'))) { return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'bug', check_bug($mod)); } } break; case 'submitbug': if (isset($_GET['id'])) { if (user(true) && in_array($_GET['id'], $_SESSION['db_data']['projects'])) { $_SESSION['idbug'] = $_GET['id']; return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'submitbug', add_bug($_POST, $_GET['id'])); } if (admin(true) || vip(true)) { if (!is_array(myfilter($_GET['id'], '_id'))) { $_SESSION['idbug'] = $_GET['id']; return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'submitbug', add_bug($_POST, $_GET['id'])); } } } break; case 'listprojects': return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'listprojects', $mod); break; case 'editbug': if (strlen($_POST['status']) && isset($_GET['id']) && admin(true)) { if (!is_array($_POST['status']) && !is_array(myfilter($_GET['id'], '_id'))) { if (in_array($_POST['status'], $conf['bugs']['Open']) || in_array($_POST['status'], $conf['bugs']['Closed'])) { return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'bug', edit_bug($_POST['status'])); } } } break; case 'resetpassmail': if (strlen($_POST['usr_email'])) { return echo_front_page(reset_password_mail(myfilter($_POST['usr_email'], 'email'))); } break; case 'editproject': if (isset($_GET['id']) && admin(true)) { if (!is_array(myfilter($_GET['id'], '_id'))) { return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'edit_project', edit_project($_POST)); } } break; } return echo_front_page(); }
require_once 'model/user/get-users.php'; $simpleProjet = get_simple_projet($_GET['projet']); $statuts = get_statuts(); $groups = get_groups($_SESSION['team_ID']); $users = get_users($_SESSION['team_ID']); include_once 'view/bug/add-bug.php'; } else { require_once 'model/bug/add-bug.php'; $form = $_POST; $form['author_ID'] = $_SESSION['user_ID']; $form['created'] = date('Y-m-d'); $form['projet_ID'] = $_GET['projet']; if (!isset($form['bug_user_ID']) || $form['bug_user_ID'] == 0) { $form['bug_user_ID'] = NULL; } if (!isset($form['bug_group_ID']) || $form['bug_group_ID'] == 0) { $form['bug_group_ID'] = NULL; } $add = add_bug($form); if ($add) { header('Location: ?module=bug&projet=' . $_GET['projet'] . 'notif=add'); } else { header('Location: ?module=bug&projet=' . $_GET['projet'] . '¬if=notadd'); } } } else { header('Location: ?module=home'); } } else { header('Location: ?module=auth'); }