Пример #1
0
function addIssue($dbHandler, $argsObj, $itsObj)
{
    $opOK = false;
    $msg = '';
    $resultsCfg = config_get('results');
    $tcaseMgr = new testcase($dbHandler);
    $dummy = $tcaseMgr->tree_manager->get_node_hierarchy_info($argsObj->tcversion_id);
    $auditSign = $tcaseMgr->getAuditSignature((object) array('id' => $dummy['parent_id']));
    $exec = current($tcaseMgr->getExecution($argsObj->exec_id, $argsObj->tcversion_id));
    $dummy = $exec['status'];
    if (isset($resultsCfg['code_status'][$exec['status']])) {
        $dummy = $resultsCfg['code_status'][$exec['status']];
    }
    $exec['statusVerbose'] = sprintf(lang_get('issue_exec_result'), $dummy);
    unset($tcaseMgr);
    $signature = sprintf(lang_get('issue_generated_description'), $argsObj->exec_id, $exec['tester_login'], $exec['testplan_name']);
    if ($exec['platform_id'] > 0) {
        $signature .= sprintf(lang_get('issue_platform'), $exec['platform_name']);
    }
    $signature .= sprintf(lang_get('issue_build') . lang_get('execution_ts_iso'), $exec['build_name'], $exec['execution_ts']) . "\n" . $exec['statusVerbose'] . "\n\n" . $exec['execution_notes'];
    $rs = $itsObj->addIssue($auditSign . ' - ' . sprintf(lang_get('execution_ts_iso'), $exec['execution_ts']), $signature);
    if ($rs['status_ok']) {
        $msg = $rs['msg'];
        $opOK = true;
        if (write_execution_bug($dbHandler, $argsObj->exec_id, $rs['id'])) {
            logAuditEvent(TLS("audit_executionbug_added", $rs['id']), "CREATE", $argsObj->exec_id, "executions");
        }
    } else {
        $msg = $rs['msg'];
    }
    return array($opOK, $msg);
}
Пример #2
0
/** 
 * authorization function verifies login & password and set user session data 
 * return map
 *
 */
function doAuthorize(&$db, $login, $pwd)
{
    $result = array('status' => tl::ERROR, 'msg' => null);
    $_SESSION['locale'] = TL_DEFAULT_LOCALE;
    if (!is_null($pwd) && !is_null($login)) {
        $user = new tlUser();
        $user->login = $login;
        $login_exists = $user->readFromDB($db, tlUser::USER_O_SEARCH_BYLOGIN) >= tl::OK;
        if ($login_exists) {
            $password_check = auth_does_password_match($user, $pwd);
            if ($password_check->status_ok && $user->isActive) {
                // 20051007 MHT Solved  0000024 Session confusion
                // Disallow two sessions within one browser
                if (isset($_SESSION['currentUser']) && !is_null($_SESSION['currentUser'])) {
                    $result['msg'] = lang_get('login_msg_session_exists1') . ' <a style="color:white;" href="logout.php">' . lang_get('logout_link') . '</a>' . lang_get('login_msg_session_exists2');
                } else {
                    //Setting user's session information
                    $_SESSION['currentUser'] = $user;
                    $_SESSION['lastActivity'] = time();
                    global $g_tlLogger;
                    $g_tlLogger->endTransaction();
                    $g_tlLogger->startTransaction();
                    setUserSession($db, $user->login, $user->dbID, $user->globalRoleID, $user->emailAddress, $user->locale, null);
                    $result['status'] = tl::OK;
                }
            } else {
                logAuditEvent(TLS("audit_login_failed", $login, $_SERVER['REMOTE_ADDR']), "LOGIN_FAILED", $user->dbID, "users");
            }
        }
    }
    return $result;
}
Пример #3
0
function doOperation(&$dbHandler, $argsObj, $operation)
{
    $rights = implode("','", array_keys($argsObj->grant));
    $op = new stdClass();
    $op->role = new tlRole();
    $op->role->rights = tlRight::getAll($dbHandler, "WHERE description IN ('{$rights}')");
    $op->role->name = $argsObj->rolename;
    $op->role->description = $argsObj->notes;
    $op->role->dbID = $argsObj->roleid;
    $op->userFeedback = null;
    $op->template = 'rolesEdit.tpl';
    $result = $op->role->writeToDB($dbHandler);
    if ($result >= tl::OK) {
        $auditCfg = null;
        switch ($operation) {
            case 'doCreate':
                $auditCfg['msg'] = "audit_role_created";
                $auditCfg['activity'] = "CREATE";
                break;
            case 'doUpdate':
                $auditCfg['msg'] = "audit_role_saved";
                $auditCfg['activity'] = "SAVE";
                break;
        }
        logAuditEvent(TLS($auditCfg['msg'], $argsObj->rolename), $auditCfg['activity'], $op->role->dbID, "roles");
        $op->template = null;
    } else {
        $op->userFeedback = getRoleErrorMessage($result);
    }
    return $op;
}
Пример #4
0
/** 
 * authorization function verifies login & password and set user session data 
 * return map
 *
 */
function doAuthorize(&$db, $login, $pwd)
{
    $result = array('status' => tl::ERROR, 'msg' => null);
    $_SESSION['locale'] = TL_DEFAULT_LOCALE;
    if (!is_null($pwd) && !is_null($login)) {
        $user = new tlUser();
        $user->login = $login;
        $login_exists = $user->readFromDB($db, tlUser::USER_O_SEARCH_BYLOGIN) >= tl::OK;
        if ($login_exists) {
            $check = auth_does_password_match($user, $pwd);
            if (!$check->status_ok) {
                $result = array('status' => tl::ERROR, 'msg' => $check->msg);
            }
            if ($check->status_ok && $user->isActive) {
                // Need to do set COOKIE following Mantis model
                $auth_cookie_name = config_get('auth_cookie');
                $expireOnBrowserClose = false;
                setcookie($auth_cookie_name, $user->getSecurityCookie(), $expireOnBrowserClose, '/');
                // Disallow two sessions within one browser
                if (isset($_SESSION['currentUser']) && !is_null($_SESSION['currentUser'])) {
                    $result['msg'] = lang_get('login_msg_session_exists1') . ' <a style="color:white;" href="logout.php">' . lang_get('logout_link') . '</a>' . lang_get('login_msg_session_exists2');
                } else {
                    // Setting user's session information
                    $_SESSION['currentUser'] = $user;
                    $_SESSION['lastActivity'] = time();
                    $user->setUserSession($db);
                    global $g_tlLogger;
                    $g_tlLogger->endTransaction();
                    $g_tlLogger->startTransaction();
                    // setUserSession($db,$user->login, $user->dbID,$user->globalRoleID,$user->emailAddress, $user->locale,null);
                    $result['status'] = tl::OK;
                }
            } else {
                logAuditEvent(TLS("audit_login_failed", $login, $_SERVER['REMOTE_ADDR']), "LOGIN_FAILED", $user->dbID, "users");
            }
        }
    }
    return $result;
}
Пример #5
0
 case 'doLogin':
 case 'ajaxlogin':
     doSessionStart();
     unset($_SESSION['basehref']);
     setPaths();
     $op = doAuthorize($db, $args->login, $args->pwd);
     if ($op['status'] < tl::OK) {
         $gui->note = is_null($op['msg']) ? lang_get('bad_user_passwd') : $op['msg'];
         if ($args->action == 'ajaxlogin') {
             echo json_encode(array('success' => false, 'reason' => $gui->note));
         } else {
             $doRender = true;
         }
     } else {
         $args->currentUser = $_SESSION['currentUser'];
         logAuditEvent(TLS("audit_login_succeeded", $args->login, $_SERVER['REMOTE_ADDR']), "LOGIN", $args->currentUser->dbID, "users");
         if ($args->action == 'ajaxlogin') {
             echo json_encode(array('success' => true));
         } else {
             redirect($_SESSION['basehref'] . "index.php" . ($args->preqURI ? "?reqURI=" . urlencode($args->preqURI) : ""));
         }
     }
     break;
 case 'ajaxcheck':
     doSessionStart();
     unset($_SESSION['basehref']);
     setPaths();
     $validSession = checkSessionValid($db, false);
     // Send a json reply, include localized strings for use in js to display a login form.
     echo json_encode(array('validSession' => $validSession, 'username_label' => lang_get('login_name'), 'password_label' => lang_get('password'), 'login_label' => lang_get('btn_login')));
     break;
Пример #6
0
    } else {
        $user = new tlUser();
        $rx = $user->checkPasswordQuality($args->password);
        if ($rx['status_ok'] >= tl::OK) {
            $result = $user->setPassword($args->password);
            if ($result >= tl::OK) {
                $user->login = $args->login;
                $user->emailAddress = $args->email;
                $user->firstName = $args->firstName;
                $user->lastName = $args->lastName;
                $result = $user->writeToDB($db);
                $cfg = config_get('notifications');
                if ($cfg->userSignUp->enabled) {
                    notifyGlobalAdmins($db, $user);
                }
                logAuditEvent(TLS("audit_users_self_signup", $args->login), "CREATE", $user->dbID, "users");
                redirect(TL_BASE_HREF . "login.php?note=first");
                exit;
            } else {
                $message = getUserErrorMessage($result);
            }
        } else {
            $message = $rx['msg'];
        }
    }
}
$smarty = new TLSmarty();
$gui = $args;
// we get info about THE DEFAULT AUTHENTICATION METHOD
$gui->external_password_mgmt = tlUser::isPasswordMgtExternal();
$gui->message = $message;
function doDelete(&$argsObj, &$cfieldMgr)
{
    $op = new stdClass();
    $op->user_feedback = '';
    $op->cf = null;
    $op->template = null;
    $op->operation_descr = '';
    $cf = $cfieldMgr->get_by_id($argsObj->cfield_id);
    if ($cf) {
        $cf = $cf[$argsObj->cfield_id];
        if ($cfieldMgr->delete($argsObj->cfield_id)) {
            logAuditEvent(TLS("audit_cfield_deleted", $cf['name']), "DELETE", $argsObj->cfield_id, "custom_fields");
        }
    }
    return $op;
}
        $user = new tlUser(intval($userID));
        $user->readFromDB($db);
        if (tlUser::isPasswordMgtExternal($user->authentication, $user->authentication)) {
            $gui->external_password_mgmt = 1;
            $gui->password_mgmt_feedback = sprintf(lang_get('password_mgmt_feedback'), trim($args->login));
        }
    }
}
if (!$gui->external_password_mgmt && $userID) {
    echo __LINE__;
    $result = resetPassword($db, $userID);
    $gui->note = $result['msg'];
    if ($result['status'] >= tl::OK) {
        $user = new tlUser($userID);
        if ($user->readFromDB($db) >= tl::OK) {
            logAuditEvent(TLS("audit_pwd_reset_requested", $user->login), "PWD_RESET", $userID, "users");
        }
        redirect(TL_BASE_HREF . "login.php?note=lost");
        exit;
    } else {
        if ($result['status'] == tlUser::E_EMAILLENGTH) {
            $gui->note = lang_get('mail_empty_address');
        } else {
            if ($note != "") {
                $gui->note = getUserErrorMessage($result['status']);
            }
        }
    }
}
$smarty = new TLSmarty();
$smarty->assign('gui', $gui);
Пример #9
0
 /**
  * Deletes all testplan related role assignments for a given testplan
  *
  * @param int $id the testplan id
  * @return tl::OK  on success, tl::FALSE else
  **/
 function deleteUserRoles($id)
 {
     $debugMsg = 'Class:' . __CLASS__ . ' - Method: ' . __FUNCTION__;
     $status = tl::ERROR;
     $sql = " /* {$debugMsg} */ DELETE FROM {$this->tables['user_testplan_roles']} " . " WHERE testplan_id = {$id}";
     if ($this->db->exec_query($sql)) {
         $testPlan = $this->get_by_id($id);
         if ($testPlan) {
             logAuditEvent(TLS("audit_all_user_roles_removed_testplan", $testPlan['name']), "ASSIGN", $id, "testplans");
         }
         $status = tl::OK;
     }
     return $status;
 }
Пример #10
0
function generateAPIKey(&$argsObj, &$user)
{
    $op = new stdClass();
    $op->status = tl::OK;
    $op->user_feedback = null;
    if ($user) {
        $APIKey = new APIKey();
        if ($APIKey->addKeyForUser($argsObj->userID) < tl::OK) {
            logAuditEvent(TLS("audit_user_apikey_set", $user->login), "CREATE", $user->login, "users");
            $op->user_feedback = lang_get('result_apikey_create_ok');
        }
    }
    return $op;
}
Пример #11
0
 /**
  * set value of location attribute for one or multiple custom fields.
  *
  * 
  */
 function setDisplayLocation($tproject_id, $field_id_location)
 {
     $tproject_info = $this->tree_manager->get_node_hierarchy_info($tproject_id);
     foreach ($field_id_location as $field_id => $location) {
         $sql = "UPDATE {$this->tables['cfield_testprojects']}  " . " SET location=" . intval($location) . " WHERE testproject_id={$tproject_id} AND field_id={$field_id} ";
         $this->db->exec_query($sql);
     }
     if ($tproject_info) {
         logAuditEvent(TLS("audit_cfield_location_changed", $tproject_info['name']), "SAVE", $tproject_id, "testprojects");
     }
 }
 * @filesource  attachmentdelete.php
 * Deletes an attachment by a given id
 */
require_once '../../config.inc.php';
require_once '../functions/common.php';
require_once '../functions/attachments.inc.php';
testlinkInitPage($db, false, false, "checkRights");
$args = init_args();
$deleteDone = false;
if ($args->id) {
    $attachmentRepository = tlAttachmentRepository::create($db);
    $attachmentInfo = $attachmentRepository->getAttachmentInfo($args->id);
    if ($attachmentInfo && checkAttachmentID($db, $args->id, $attachmentInfo)) {
        $deleteDone = $attachmentRepository->deleteAttachment($args->id, $attachmentInfo);
        if ($deleteDone) {
            logAuditEvent(TLS("audit_attachment_deleted", $attachmentInfo['title']), "DELETE", $args->id, "attachments");
        }
    }
}
$smarty = new TLSmarty();
$smarty->assign('bDeleted', $deleteDone);
$smarty->display('attachmentdelete.tpl');
/**
 * @return object returns the arguments for the page
 */
function init_args()
{
    //the id (attachments.id) of the attachment to be deleted
    $iParams = array("id" => array(tlInputParameter::INT_N));
    $args = new stdClass();
    G_PARAMS($iParams, $args);
 /** 
  * Deletes item from inventory on db
  *  
  * @param int $itemID
  * @return integer returns tl::OK on success, tl:ERROR else
  */
 public function deleteInventory($itemID)
 {
     $auditData = $this->getAuditData();
     $auditData = current($auditData);
     $this->inventoryId = $itemID;
     // check existence / get name of the record
     $recordset = $this->readDB($this->inventoryId);
     if (!is_null($recordset)) {
         $this->name = $recordset[0]['name'];
         $result = $this->deleteFromDB();
         if ($result == tl::OK) {
             logAuditEvent(TLS("audit_inventory_deleted", $this->name, $auditData['tproject_name']), "DELETE", $this->name, "inventory");
             $this->userFeedback = langGetFormated('inventory_delete_success', $this->name);
         } else {
             $this->userFeedback = langGetFormated('inventory_delete_fails', $this->name);
             tLog('Internal error: The device "' . $this->name . '" was not deleted.', 'ERROR');
         }
     } else {
         $this->userFeedback = lang_get('inventory_no_device') . ' ID=' . $this->inventoryId;
         tLog('Internal error: The device "' . $this->name . '" was not deleted.', 'ERROR');
     }
     return $result;
 }
Пример #14
0
/**
 * 
 *
 */
function checkUserRightsFor(&$db, $pfn, $onFailureGoToLogin = false)
{
    $script = basename($_SERVER['PHP_SELF']);
    $currentUser = $_SESSION['currentUser'];
    $doExit = false;
    $action = null;
    $m2call = $pfn;
    $arguments = null;
    if (is_object($pfn)) {
        $m2call = $pfn->method;
        $arguments = $pfn->args;
    }
    if (!$m2call($db, $currentUser, $arguments, $action)) {
        if (!$action) {
            $action = "any";
        }
        logAuditEvent(TLS("audit_security_user_right_missing", $currentUser->login, $script, $action), $action, $currentUser->dbID, "users");
        $doExit = true;
    }
    if ($doExit) {
        $myURL = $_SESSION['basehref'];
        if ($onFailureGoToLogin) {
            unset($_SESSION['currentUser']);
            redirect($myURL . "login.php");
        } else {
            redirect($myURL, "top.location");
        }
        exit;
    }
}
require_once 'exttable.class.php';
require_once "users.inc.php";
testlinkInitPage($db, false, false, "checkRights");
$smarty = new TLSmarty();
$templateCfg = templateConfiguration();
list($args, $gui) = initEnv($db);
switch ($args->operation) {
    case 'disable':
        // user cannot disable => inactivate itself
        if ($args->user_id != $args->currentUserID) {
            $user = new tlUser($args->user_id);
            $gui->result = $user->readFromDB($db);
            if ($gui->result >= tl::OK) {
                $gui->result = $user->setActive($db, 0);
                if ($gui->result >= tl::OK) {
                    logAuditEvent(TLS("audit_user_disabled", $user->login), "DISABLE", $args->user_id, "users");
                    $gui->user_feedback = sprintf(lang_get('user_disabled'), $user->login);
                }
            }
        }
        if ($gui->result != tl::OK) {
            $gui->user_feedback = lang_get('error_user_not_disabled');
        }
        break;
    default:
        break;
}
$gui->matrix = $users = getAllUsersForGrid($db);
$gui->images = $smarty->getImages();
$gui->tableSet[] = buildMatrix($gui, $args);
$highlight = initialize_tabsmenu();
Пример #16
0
 function unassign_from_tcase($req_id, $testcase_id)
 {
     $output = 0;
     $sql = " DELETE FROM {$this->tables['req_coverage']} " . " WHERE req_id={$req_id} " . " AND testcase_id={$testcase_id}";
     $result = $this->db->exec_query($sql);
     if ($result && $this->db->affected_rows() == 1) {
         $tcInfo = $this->tree_mgr->get_node_hierarchy_info($testcase_id);
         $reqInfo = $this->tree_mgr->get_node_hierarchy_info($req_id);
         if ($tcInfo && $reqInfo) {
             logAuditEvent(TLS("audit_req_assignment_removed_tc", $reqInfo['name'], $tcInfo['name']), "ASSIGN", $this->object_table);
         }
         $output = 1;
     }
     return $output;
 }
Пример #17
0
function checkUserRightsFor(&$db, $pfn)
{
    $script = basename($_SERVER['PHP_SELF']);
    $currentUser = $_SESSION['currentUser'];
    $bExit = false;
    $action = null;
    if (!$pfn($db, $currentUser, $action)) {
        if (!$action) {
            $action = "any";
        }
        logAuditEvent(TLS("audit_security_user_right_missing", $currentUser->login, $script, $action), $action, $currentUser->dbID, "users");
        $bExit = true;
    }
    if ($bExit) {
        $myURL = $_SESSION['basehref'];
        redirect($myURL, "top.location");
        exit;
    }
}
Пример #18
0
 /**
  * Inserts a testproject related role for a given user
  *
  * @param integer $userID the id of the user
  * @param integer $tproject_id
  * @param integer $roleID the role id
  * 
  * @return integer tl::OK on success, tl::ERROR else
  **/
 function addUserRole($userID, $tproject_id, $roleID)
 {
     $query = "INSERT INTO {$this->tables['user_testproject_roles']} " . "(user_id,testproject_id,role_id) VALUES ({$userID},{$tproject_id},{$roleID})";
     if ($this->db->exec_query($query)) {
         $testProject = $this->get_by_id($tproject_id);
         $role = tlRole::getByID($this->db, $roleID, tlRole::TLOBJ_O_GET_DETAIL_MINIMUM);
         $user = tlUser::getByID($this->db, $userID, tlUser::TLOBJ_O_GET_DETAIL_MINIMUM);
         if ($user && $testProject && $role) {
             logAuditEvent(TLS("audit_users_roles_added_testproject", $user->getDisplayName(), $testProject['name'], $role->name), "ASSIGN", $tproject_id, "testprojects");
         }
         return tl::OK;
     }
     return tl::ERROR;
 }
 function doDelete(&$argsObj, $basehref)
 {
     $dummy = $this->milestone_mgr->get_by_id($argsObj->id);
     $milestone = $dummy[$argsObj->id];
     $this->milestone_mgr->delete($argsObj->id);
     logAuditEvent(TLS("audit_milestone_deleted", $milestone['testplan_name'], $milestone['name']), "DELETE", $argsObj->id, "milestones");
     $obj = new stdClass();
     $obj->template = $basehref . $this->viewAction . "?tproject_id=" . $argsObj->tproject_id . "&tplan_id=" . $argsObj->tplan_id;
     $obj->user_feedback = sprintf(lang_get('milestone_deleted'), $milestone['name']);
     $obj->main_descr = null;
     $obj->title = lang_get('delete_milestone');
     return $obj;
 }
 /**
  * Deletes all testplan related role assignments for a given testplan
  *
  * @param int $id the testplan id
  * @return tl::OK  on success, tl::FALSE else
  **/
 function deleteUserRoles($id, $users = null, $opt = null)
 {
     $my['opt'] = array('auditlog' => true);
     $my['opt'] = array_merge($my['opt'], (array) $opt);
     $debugMsg = 'Class:' . __CLASS__ . ' - Method: ' . __FUNCTION__;
     $status = tl::ERROR;
     $sql = " /* {$debugMsg} */ DELETE FROM {$this->tables['user_testplan_roles']} " . " WHERE testplan_id = " . intval($id);
     if (!is_null($users)) {
         $sql .= " AND user_id IN(" . implode(',', $users) . ")";
     }
     if ($this->db->exec_query($sql) && $my['opt']['auditlog']) {
         $testPlan = $this->get_by_id($id);
         if ($testPlan) {
             if (is_null($users)) {
                 logAuditEvent(TLS("audit_all_user_roles_removed_testplan", $testPlan['name']), "ASSIGN", $id, "testplans");
             } else {
                 // TBD
             }
         }
         $status = tl::OK;
     }
     return $status;
 }
Пример #21
0
function deleteRole(&$db, $roleID)
{
    $userFeedback = '';
    $role = new tlRole($roleID);
    $role->readFromDb($db);
    if ($role->deleteFromDB($db) < tl::OK) {
        $userFeedback = lang_get("error_role_deletion");
    } else {
        logAuditEvent(TLS("audit_role_deleted", $role->getDisplayName()), "DELETE", $roleID, "roles");
    }
    return $userFeedback;
}
Пример #22
0
    require_once TL_ABS_PATH . 'lib' . DIRECTORY_SEPARATOR . 'bugtracking' . DIRECTORY_SEPARATOR . 'int_bugtracking.php';
}
require_once 'exec.inc.php';
testlinkInitPage($db);
$templateCfg = templateConfiguration();
$args = init_args($g_bugInterface);
checkRights($db, $_SESSION['currentUser'], $args);
$msg = "";
if ($args->bug_id != "") {
    $msg = lang_get("error_wrong_BugID_format");
    if ($g_bugInterface->checkBugID($args->bug_id)) {
        $msg = lang_get("error_bug_does_not_exist_on_bts");
        if ($g_bugInterface->checkBugID_existence($args->bug_id)) {
            if (write_execution_bug($db, $args->exec_id, $args->bug_id)) {
                $msg = lang_get("bug_added");
                logAuditEvent(TLS("audit_executionbug_added", $args->bug_id), "CREATE", $args->exec_id, "executions");
            }
        }
    }
}
$smarty = new TLSmarty();
$smarty->assign('bugIDMaxLength', $g_bugInterface->getBugIDMaxLength());
$smarty->assign('bts_url', $g_bugInterface->getEnterBugURL());
$smarty->assign('msg', $msg);
$smarty->assign('gui', $gui);
$smarty->display($templateCfg->template_dir . $templateCfg->default_template);
/**
 * 
 * @return object returns the arguments of the page
 */
function init_args($bugInterface)
/**
 *
 */
function deleteAttachment(&$dbHandler, $fileID, $checkOnSession = true)
{
    $repo = tlAttachmentRepository::create($dbHandler);
    $info = $repo->getAttachmentInfo($fileID);
    if ($info) {
        $doIt = true;
        if ($checkOnSession) {
            $doIt = checkAttachmentID($dbHandler, $fileID, $info);
        }
        if ($doIt) {
            if ($repo->deleteAttachment($fileID, $info)) {
                logAuditEvent(TLS("audit_attachment_deleted", $info['title']), "DELETE", $fileID, "attachments");
            }
        }
    }
}
Пример #24
0
/**
 * 
 */
function createNewPassword(&$dbHandler, &$argsObj, &$userObj, $newPasswordSendMethod)
{
    $op = new stdClass();
    $op->user_feedback = '';
    $op->new_password = '';
    // Try to validate mail configuration
    //
    // From Zend Documentation
    // You may find you also want to match IP addresses, Local hostnames, or a combination of all allowed types.
    // This can be done by passing a parameter to Zend_Validate_Hostname when you instantiate it.
    // The paramter should be an integer which determines what types of hostnames are allowed.
    // You are encouraged to use the Zend_Validate_Hostname constants to do this.
    // The Zend_Validate_Hostname constants are: ALLOW_DNS to allow only DNS hostnames, ALLOW_IP to allow IP addresses,
    // ALLOW_LOCAL to allow local network names, and ALLOW_ALL to allow all three types.
    //
    $validator = new Zend_Validate_Hostname(Zend_Validate_Hostname::ALLOW_ALL);
    $smtp_host = config_get('smtp_host');
    $password_on_screen = $newPasswordSendMethod == 'display_on_screen';
    if ($validator->isValid($smtp_host) || $password_on_screen) {
        $dummy = resetPassword($dbHandler, $argsObj->user_id, $newPasswordSendMethod);
        $op->user_feedback = $dummy['msg'];
        $op->status = $dummy['status'];
        $op->new_password = $dummy['password'];
        if ($op->status >= tl::OK) {
            logAuditEvent(TLS("audit_pwd_reset_requested", $userObj->login), "PWD_RESET", $argsObj->user_id, "users");
            $op->user_feedback = lang_get('password_reseted');
            if ($password_on_screen) {
                $op->user_feedback = lang_get('password_set') . $dummy['password'];
            }
        } else {
            $op->user_feedback = sprintf(lang_get('password_cannot_be_reseted_reason'), $op->user_feedback);
        }
    } else {
        $op->status = tl::ERROR;
        $op->user_feedback = lang_get('password_cannot_be_reseted_invalid_smtp_hostname');
    }
    return $op;
}
Пример #25
0
/**
 * 
 * @param stdClassObject $argsObj
 * @param hash $op
 */
function authorizePostProcessing($argsObj, $op)
{
    $note = null;
    $renderLoginScreen = false;
    if ($op['status'] == tl::OK) {
        // Login successful, redirect to destination
        logAuditEvent(TLS("audit_login_succeeded", $argsObj->login, $_SERVER['REMOTE_ADDR']), "LOGIN", $_SESSION['currentUser']->dbID, "users");
        if ($argsObj->action == 'ajaxlogin') {
            echo json_encode(array('success' => true));
        } else {
            // If destination param is set redirect to given page ...
            if (!empty($argsObj->destination) && preg_match("/linkto.php/", $argsObj->destination)) {
                redirect($argsObj->destination);
            } else {
                // ... or show main page
                redirect($_SESSION['basehref'] . "index.php?caller=login" . ($argsObj->preqURI ? "&reqURI=" . urlencode($argsObj->preqURI) : ""));
            }
            exit;
            // hmm seems is useless
        }
    } else {
        $note = is_null($op['msg']) ? lang_get('bad_user_passwd') : $op['msg'];
        if ($argsObj->action == 'ajaxlogin') {
            echo json_encode(array('success' => false, 'reason' => $note));
        } else {
            $renderLoginScreen = true;
        }
    }
    return array($renderLoginScreen, $note);
}
Пример #26
0
function doDelete($argsObj, &$tprojectMgr, $sessionTprojectID)
{
    $ope_status = $tprojectMgr->delete($argsObj->tprojectID);
    $op = new stdClass();
    $op->status_ok = $ope_status['status_ok'];
    $op->reloadType = 'none';
    if ($ope_status['status_ok']) {
        $op->reloadType = 'reloadNavBar';
        $op->msg = sprintf(lang_get('test_project_deleted'), $argsObj->tprojectName);
        logAuditEvent(TLS("audit_testproject_deleted", $argsObj->tprojectName), "DELETE", $argsObj->tprojectID, "testprojects");
    } else {
        $op->msg = lang_get('info_product_not_deleted_check_log') . ' ' . $ope_status['msg'];
    }
    return $op;
}
Пример #27
0
function doUpdate(&$argsObj, &$buildMgr, &$tplanMgr, $dateFormat)
{
    $op = new stdClass();
    $op->operation_descr = '';
    $op->user_feedback = '';
    $op->template = "buildEdit.tpl";
    $op->notes = $argsObj->notes;
    $op->status_ok = 0;
    $op->buttonCfg = null;
    $oldObjData = $buildMgr->get_by_id($argsObj->build_id);
    $oldname = $oldObjData['name'];
    $check = crossChecks($argsObj, $tplanMgr, $dateFormat);
    if ($check->status_ok) {
        $user_feedback = lang_get("cannot_update_build");
        if ($buildMgr->update($argsObj->build_id, $argsObj->build_name, $argsObj->notes, $argsObj->is_active, $argsObj->is_open, $argsObj->release_date)) {
            if ($argsObj->closed_on_date == '') {
                $argsObj->closed_on_date = mktime(0, 0, 0, date("m"), date("d"), date("Y"));
            }
            if ($argsObj->is_open == 1) {
                $targetDate = null;
            } else {
                $targetDate = date("Y-m-d", $argsObj->closed_on_date);
            }
            $buildMgr->setClosedOnDate($argsObj->build_id, $targetDate);
            $op->user_feedback = '';
            $op->notes = '';
            $op->template = null;
            $op->status_ok = 1;
            logAuditEvent(TLS("audit_build_saved", $argsObj->tproject_name, $argsObj->tplan_name, $argsObj->build_name), "SAVE", $argsObj->build_id, "builds");
        }
    }
    if (!$op->status_ok) {
        $op->operation_descr = lang_get('title_build_edit') . TITLE_SEP_TYPE3 . $oldname;
        $op->buttonCfg = new stdClass();
        $op->buttonCfg->name = "do_update";
        $op->buttonCfg->value = lang_get('btn_save');
        $op->user_feedback = $check->user_feedback;
    }
    return $op;
}
Пример #28
0
/** 
 * for SSL Cliente Certificate we can not check password but
 * 1. login exists
 * 2. SSL context exist
 *
 * return map
 *
 */
function doSSOClientCertificate(&$dbHandler, $apache_mod_ssl_env, $authCfg = null)
{
    global $g_tlLogger;
    $result = array('status' => tl::ERROR, 'msg' => null);
    if (!isset($apache_mod_ssl_env['SSL_PROTOCOL'])) {
        return $result;
    }
    // With this we trust SSL is enabled => go ahead with login control
    $authCfg = is_null($authCfg) ? config_get('authentication') : $authCfg;
    $login = $apache_mod_ssl_env[$authCfg['SSO_uid_field']];
    if (!is_null($login)) {
        $user = new tlUser();
        $user->login = $login;
        $login_exists = $user->readFromDB($dbHandler, tlUser::USER_O_SEARCH_BYLOGIN) >= tl::OK;
        if ($login_exists && $user->isActive) {
            // Need to do set COOKIE following Mantis model
            $auth_cookie_name = config_get('auth_cookie');
            $expireOnBrowserClose = false;
            setcookie($auth_cookie_name, $user->getSecurityCookie(), $expireOnBrowserClose, '/');
            // Disallow two sessions within one browser
            if (isset($_SESSION['currentUser']) && !is_null($_SESSION['currentUser'])) {
                $result['msg'] = lang_get('login_msg_session_exists1') . ' <a style="color:white;" href="logout.php">' . lang_get('logout_link') . '</a>' . lang_get('login_msg_session_exists2');
            } else {
                // Setting user's session information
                $_SESSION['currentUser'] = $user;
                $_SESSION['lastActivity'] = time();
                $g_tlLogger->endTransaction();
                $g_tlLogger->startTransaction();
                setUserSession($dbHandler, $user->login, $user->dbID, $user->globalRoleID, $user->emailAddress, $user->locale, null);
                $result['status'] = tl::OK;
            }
        } else {
            logAuditEvent(TLS("audit_login_failed", $login, $_SERVER['REMOTE_ADDR']), "LOGIN_FAILED", $user->dbID, "users");
        }
    }
    return $result;
}
Пример #29
0
 function deleteKeywords($tcID, $kwID = null, $audit = self::AUDIT_ON)
 {
     $sql = " DELETE FROM {$this->tables['testcase_keywords']}  WHERE testcase_id = {$tcID} ";
     if (!is_null($kwID)) {
         if (is_array($kwID)) {
             $sql .= " AND keyword_id IN (" . implode(',', $kwID) . ")";
             $key4log = $kwID;
         } else {
             $sql .= " AND keyword_id = {$kwID}";
             $key4log = array($kwID);
         }
     } else {
         $key4log = array_keys((array) $this->get_keywords_map($tcID));
     }
     $result = $this->db->exec_query($sql);
     if ($result) {
         $tcInfo = $this->tree_manager->get_node_hierarchy_info($tcID);
         if ($tcInfo && $key4log) {
             foreach ($key4log as $key2get) {
                 $keyword = tlKeyword::getByID($this->db, $key2get);
                 if ($keyword && $audit == self::AUDIT_ON) {
                     logAuditEvent(TLS("audit_keyword_assignment_removed_tc", $keyword->name, $tcInfo['name']), "ASSIGN", $tcID, "nodes_hierarchy");
                 }
             }
         }
     }
     return $result;
 }
         $gui->notes = $of->CreateHTML();
     }
     break;
 case 'do_create':
     $template = 'planEdit.tpl';
     $status_ok = false;
     $of->Value = $args->notes;
     $gui->testplan_name = $args->testplan_name;
     $gui->is_active = $args->active == 'on' ? 1 : 0;
     $gui->is_public = $args->is_public == 'on' ? 1 : 0;
     if (!$name_exists) {
         $new_tplan_id = $tplan_mgr->create($args->testplan_name, $args->notes, $args->tproject_id, $args->active, $args->is_public);
         if ($new_tplan_id == 0) {
             $gui->user_feedback = $db->error_msg();
         } else {
             logAuditEvent(TLS("audit_testplan_created", $args->tproject_name, $args->testplan_name), "CREATED", $new_tplan_id, "testplans");
             $cf_map = $tplan_mgr->get_linked_cfields_at_design($new_tplan_id, $args->tproject_id);
             $tplan_mgr->cfield_mgr->design_values_to_db($_REQUEST, $new_tplan_id, $cf_map);
             $status_ok = true;
             $template = null;
             $gui->user_feedback = '';
             // Operations Order is CRITIC
             if ($args->copy) {
                 $options = array('items2copy' => $args->copy_options, 'copy_assigned_to' => $args->copy_assigned_to, 'tcversion_type' => $args->tcversion_type);
                 $tplan_mgr->copy_as($args->source_tplanid, $new_tplan_id, $args->testplan_name, $args->tproject_id, $args->user_id, $options);
             }
             if (!$args->is_public) {
                 // does user have an SPECIFIC role on TestPlan ?
                 // if answer is yes => do nothing
                 if (!tlUser::hasRoleOnTestPlan($db, $args->user_id, $new_tplan_id)) {
                     $effectiveRole = $args->user->getEffectiveRole($db, $args->tproject_id, null);